Dateline Kyiv, Moscow, London, Berlin, and New York: Diplomacy and sanctions in the Ukrainian crisis.
Cyberthreats and the threat of sanctions over Ukraine (The CyberWire) Assessing capabilities and intentions in Russia's hybrid war against Ukraine.
Shuckworm Continues Cyber-Espionage Attacks Against Ukraine (Symantec Enterprise) Symantec investigation uncovers selection of files used in ongoing attacks.
Germany's spy chief says Moscow has yet to make final decision on attacking Ukraine (Reuters) Russia is prepared to attack Ukraine but has not yet decided whether to do so, the head of Germany's foreign intelligence service (BND) said amid escalating tensions between Moscow and Kyiv.
The Russia-Ukraine Crisis Need Not Spiral Into War (Defense One) Small diplomatic steps are pointing the way toward compromise.
Russia has what it needs for 'horrific' invasion of Ukraine, DoD leaders say (Breaking Defense) “While we don't believe that President Putin has made a final decision to use these forces against Ukraine, he clearly now has that capability," Defense Secretary Lloyd Austin said.
Russian invasion of Ukraine could redefine cyber warfare (POLITICO) As Russian troops mass on the Ukrainian border, experts outline the worst-case scenario for cyberattacks and counterstrikes.
Eastern European tensions foreshadow increased cyberattacks (JD Supra) Given the deteriorating security situation in Eastern Europe and the potential for widespread cyber disruptions should hostilities break out, we urge...
Past Cyber Operations Against Ukraine and What May Be Next (CrowdStrike) This blog evaluates past cyber operations of adversaries related to Russia against Ukrainian interests, and forecasts future operations within the region.
Recent Hacks in Ukraine Meant to 'Spread Chaos,' Minister Says (Bloomberg) Attacks against government websites still under investigation. Breaches coincided with buildup of Russian troops at border.
Ukraine continues to contend with cyber-attacks (Cyber Security Hub) Cyber-attacks remain as tensions between Russia and Ukraine heighten
Ukrainian cyberdefense in need of upgrades as tensions rise (The Record by Recorded Future) Ukraine's cyberdefenses leave systems vulnerable to known exploits already in use by cybercriminals, experts told The Record.
Security experts doubt Ukraine readiness against Russian cyber attack (NPR) Ukrainian officials prepare civil defense in the event of a Russian invasion or hybrid warfare.
Russian Hybrid Threats Report: Kremlin pushes claims about Ukrainian offensive, ‘junk’ weapons from West (Atlantic Council) The Council's Digital Forensic Research Lab is tracking the latest from Russian troop movements to social media conspiracy theories to Duma debates.
China’s ‘Wolf Warriors’ Are Having a Field Day With the Russia-Ukraine Crisis (Foreign Policy) Beijing’s social media pugilists are taking the opportunity to troll the U.S. and Europe.
U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks (Data Matters Privacy Blog) On January 11, 2022, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) recently released a joint... Read More
Russia could cyberattack Ukraine — again — and disrupt the entire world (WRVO Public Media) Security analysts are concerned that Russia could launch cyberattacks against Ukraine, as it did in 2017. That could compromise government agencies, banks, and energy infrastructure.
Security agency warns of increased cyber attack risk in the Czech Republic (Expats) Plus: Czech team jets off to Beijing Winter Olympics, ex-minister's eye-popping Insta spend revealed, and PPF to buy-out remaining O2 shares.
UK firms warned over possible Russian cyber-attacks amid Ukraine crisis (the Guardian) GCHQ guidance urges companies to bolster cybersecurity resilience in case of malicious incidents
UK to bring in measures to allow for tougher sanctions on Russia, says Truss (the Guardian) Foreign secretary announces legislation in bid to dissuade Putin from launching Ukraine invasion
Britain says ‘nothing is off the table’ on Russia sanctions amid escalating threat to Ukraine (Washington Post) Britain’s foreign secretary said Sunday the United Kingdom would “widen” its sanctions on the Kremlin to include “companies involved in propping up the Russian state.” as Washington and its allies intensified their efforts to deter a possible military invasion of Ukraine.
U.S. and U.K. Work on Russian Sanctions Revamp: Ukraine Update (Bloomberg) U.S. lawmakers are close to finalizing the language for a sanctions bill, while the U.K. is looking for ways to target oligarch wealth held in the London property market, according to its foreign secretary. Russia further boosted troop levels on the Ukrainian border this weekend, according to the Pentagon.
Deal on Russia sanctions bill possible this week - U.S. senators (Reuters) U.S. senators are very close to reaching a deal on legislation to sanction Russia over its actions on Ukraine, including some measures that may take effect before any invasion, two leading senators said on Sunday.
Senate Nears Completion of Measures Targeting Russian Economy in Event of Ukraine Invasion (Wall Street Journal) The legislation under negotiation among members of the Senate Foreign Relations Committee and others would target major Russian banks, hit Russians’ savings and pensions and limit the market for Russia’s sovereign debt.
Russia Sanctions Bill Moves Closer in Senate Ahead of Briefings (Bloomberg) Lawmakers to hear U.S. military, intelligence leaders Thursday. Most severe sanctions only if Russia invades, Menendez says.
Top Democratic and Republican senators are working on plan to deter Putin (CNN) Foreign Relations Committee Chairman Sen. Bob Menendez (D-NJ) and Ranking Member Sen. Jim Risch (R-ID) join CNN's Dana Bash to talk about their committee's bipartisan support to defend Ukraine from a potential Russian invasion.
Russia bans more European Union officials (Frontline) Russia has expanded a list of E.U. officials prohibited from entering the country amid worsening tensions over Ukraine.
Russian Foreign Minister to Speak With Blinken: Ukraine Update (Bloomberg) Russian Foreign Minister Sergei Lavrov and U.S. Secretary of State Antony Blinken will speak by phone Tuesday, as diplomatic efforts to reduce tensions over Ukraine continue.
Why Germany isn't sending weapons to Ukraine (BBC News) Germany's refusal to arm Ukraine has puzzled and angered some allies. Here's what's behind it.
UN panel to confront Russia as US considers vote on the ‘mother of all’ sanctions (New York Post) The US ambassador to the United Nations said the Security Council would confront Russia over its military threat against Ukraine.
Russia, US, Ukraine to square off at UN Security Council (Military Times) U.S. Ambassador Linda Thomas-Greenfield said Russia’s actions pose “a clear threat to international peace and security and the U.N. Charter.”
US pledges to put Russia on defensive at UN Security Council (AP NEWS) The U.S. worked Sunday to ramp up diplomatic and financial pressure on Russia over Ukraine, promising to put Moscow on the defensive at the U.N. Security Council as lawmakers on Capitol Hill said they were nearing agreement on “the mother of all sanctions.”
US targets Russian disinformation in bid to defend Ukraine (Yahoo) The Biden administration has increasingly focused on calling out Russian disinformation and propaganda, making it a central pillar of its strategy to confront Moscow and help defend Ukraine in the face of Russia's war tactics.The strategy reflects a shift for Washington as it seeks to challenge Russian efforts head-on following years of hard-learned lessons where Moscow moved to sow confusion and stir strife in Europe, the Middle East and the...
Russia will hit US with cyberattack if sanctioned, cyber expert warns: ‘We are already in warfare state’ (Fox News) A top cybersecurity official Saturday warned that the U.S. is "already in a warfare state" with Russia and said it should prepare for cyberattacks coming out of Moscow.
Invading Ukraine backfired on Putin once. Why is he threatening to do it again? (Washington Post) Russia has only pushed its neighbor to embrace the West more — exactly what Putin says he’s afraid of
In Eastern Ukraine’s Largest City, Pro-Russia Sympathies Wither as War Looms (Wall Street Journal) While Kharkiv may have been a relatively easy target for Russia in the past, sentiment in the industrial city of 1.4 million has since shifted dramatically against the Kremlin.
Pro-Moscow separatists once marched in this Ukraine border city. Now it’s standing against Russia. (Washington Post) The helicopter cut through the gray sky, following the path of the razor-wire fence below it. Lt. Col. Uiry Trubachov, of Ukraine’s Border Guard Service, squinted up at the chopper.
The Hard-Line Russian Advisers Who Have Putin’s Ear (New York Times) Three reactionary security officials dedicated to “traditional values” and restoring Soviet glory will figure prominently in the decision whether to invade Ukraine.
Is Defending Ukraine Vital to U.S. Security? (Foreign Policy) As Putin prepares to invade, Washington and its allies still appear undecided on whether Kyiv is worth fighting for.
For NATO members in Russia's shadow, U.S. is doing too little too late (Newsweek) Allies in Eastern Europe worried the U.S. wasn't taking the Russian threat seriously enough. Then Biden held his disastrous press conference.
PM Ciuca, French Defense Minister Parly discuss NATO's eastern flank security, security cooperation (Act Media) Prime Minister Nicolae Ciuca discussed on Thursday with visiting French Defense Minister Florence Parly, with the two high officials reviewing NATO's east...
Biden-Zelenskiy call dispute plays into Putin's hands (Newsweek) Conflicting reports of the presidential call risk encouraging Russian aggression and undermining Western unity.
Experts react: The view from European capitals as consensus emerges against Russia (Atlantic Council) Which EU member states will rise to the challenge from Russia? The Atlantic Council's Europe Center experts weigh in with views from across the continent.
NATO chief on Russia crisis: We’re ready for anything (Atlantic Council) NATO Secretary General Jens Stoltenberg believes the Alliance is fully prepared for the Kremlin's next move.
NATO concerned over Europe's energy security amid standoff with Russia (Reuters) Europe needs to diversify its energy supplies, the head of NATO said on Sunday, as Britain warned it was "highly likely" that Russia, the continent's biggest natural gas supplier, was looking to invade Ukraine.
Joint Statement by President Biden and President von der Leyen on U.S.-EU Cooperation on Energy Security (The White House) We are jointly committed to Europe’s energy security and sustainability and to accelerating the global transition to clean energy. We also share the
Biden to talk Ukraine energy shock, Iran with Qatar's emir -U.S. officials (Reuters) President Joe Biden and Qatar's emir, Sheikh Tamim bin Hamad al-Thani, will huddle on Monday to discuss a broad agenda including energy security in the aftermath of a potential Russian invasion of Ukraine, U.S. officials said.
The Russia-Ukraine Crisis Could Determine the Future of Sovereignty (World Politics Review) The current crisis at the Ukraine-Russia border highlights the enduring importance of state sovereignty as an ordering principle in world politics. Global stability now depends on whether the United States and European Union are able to reaffirm and defend this bedrock principle against a Russian attempt to dismiss it.
Attacks, Threats, and Vulnerabilities
FirstWatch reports sudden, sharp increase in cyberattacks against public safety (EMS1) Taigman calls on departments to immediately alert IT staff to check the integrity of their data, software and networks
Privacy slalom: Human rights, media orgs offer OPSEC warning to Winter Olympics attendees (The Daily Swig) Behind the spectacle of Beijing 2022, visitors’ digital freedoms may be left out in the cold
Lazarus APT Uses Windows Update to Spew Malware (Threatpost) The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.
Windows Update used by North Korean hackers to bypass security software (Windows Central) The well-known cybercrime group known as Lazarus used Windows Update and GitHub as part of an attack campaign.
BlackCat ransomware targeting US, European retail, construction and transportation orgs (ZDNet) Palo Alto said that as of December 2021, BlackCat has the 7th largest number of victims listed on their leak site among ransomware groups that Unit 42 tracks.
Who Wrote the ALPHV/BlackCat Ransomware Strain? (KrebsOnSecurity) In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we'll explore some of the…
Attackers connect rogue devices to organizations' network with stolen Office 365 credentials (Help Net Security) Attackers are using stolen Office 365 credentials and trying to connect rogue Windows devices to the victim organizations' network.
Finland warns of Facebook accounts hijacked via Messenger phishing (BleepingComputer) Finland's National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats.
Malicious hybrid cloud campaign uses 0Auth apps to target C-level executives (SC Magazine) Proofpoint researchers say after the attackers take over accounts, organizations face data leakage, continued phishing, lateral movement, brand abuse and malware threats.
OiVaVoii – An Active Malicious Hybrid Cloud Threats Campaign (Proofpoint) Beginning January 18, 2022, Proofpoint researchers observed a new malicious hybrid cloud campaign named OiVaVoii. This campaign uses hijacked Office 365 tenants and a sophisticated combination of cleverly-crafted lures, malicious OAuth apps and targeted phishing threats.
SureMDM vulnerability could lead to supply chain compromise (Immersive Labs) Researchers at Immersive Labs have disclosed a number of vulnerabilities in 42 Gears’ SureMDM device management solution. When combined, these could allow attackers to perform a supply chain compromise against any organization using the platform.
Log4j Exploitations Have Slowed, But Attack Vectors Remain (Gov Info Security) Attack scans and attempts related to the Log4j flaw may have declined, but some security experts believe the attack vectors will continue to pose a problem up to
Log4j Exploit Targets Vulnerable Unifi Network Application (Ubiquiti) (Morphisec) Morphisec Labs has identified that Unifi Network applications (Ubiquiti) are now being targeted by the Log4j exploit in the wild. Read the blog for details.
Kaspersky stopped more than 30,000 attempts to use the Log4Shell exploit in January (TechRepublic) The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.
The Cookies Parasite (PerimeterX) See how hackers can overcome multifactor authentication (MFA) to take over your users’ accounts. Learn how to detect and analyze these attacks.
Concerns as cybercriminals unleash SMS-based Android malware (The Guardian Nigeria News) Nigerian Communications Commission (NCC) has alerted Nigerians on a new high-risk Short Messaging Service-based malware, TangleBot
Singapore smishing scams are a wakeup call for the financial sector (Tech Wire Asia) Scams in Singapore may still happen and educating the public on how to deal with such threats may be the best solution to deal with it.
Hackers have stolen $80 million in cryptocurrency from the Qubit DeFi platform (The Verge) The exploit let them deposit 0 ETH and withdraw $80 million.
Qubit Finance platform hacked for $80 million worth of cryptocurrency (The Record by Recorded Future) A threat actor has used an exploit to steal approximately $80 million from Qubit Finance, a decentralized finance (DeFi) platform that allows users to loan and speculate on cryptocurrency price variations.
Australian Red Cross clients potentially caught up in international cyber attack (iTnews) Database of International Committee of the Red Cross breached.
Ransomware attack took down R2 trillion investment company for five days (My Broadband) Curo Fund Services has restored its systems following a ransomware attack on 19 January.
Energy Sector Still Needs to Shut the Barn Door (Dark Reading) One third of the companies studied haven't fixed their credential management — the same issue that led to the Colonial Pipeline hack last May.
Cyberattacks increasingly hobble pandemic-weary US schools (AP NEWS) For teachers at a middle school in New Mexico's largest city, the first inkling of a widespread tech problem came during an early morning staff call. On the video, there were shout-outs for a new custodian for his hard work, and the typical announcements from administrators and the union rep.
Russian hackers may have private information after Gloucester Council cyber attack (Stroud News and Journal) People’s private information may be in the hands of Russian hackers due to the cyber attack which has affected online services at Gloucester City…
Security Patches, Mitigations, and Software Updates
Xerox Quietly Patched Device-Bricking Flaw Affecting Some Printers (SecurityWeek) Xerox patched a device-bricking vulnerability in certain printer models more than a year and a half ago, but said nothing until this week, when information on the bug became public.
Apple Finally Removing Python 2 in macOS 12.3 (MacRumors) Apple will no longer bundle Python 2.7 with macOS 12.3, according to developer release notes for the upcoming software update. Python 2 has not been...
Almost 25% of Organizations Still Not Adhering to Security Compliance Mandates, According to 2022 IBM i Marketplace Survey (HelpSystems) Survey Reveals Major Increase in Upgrades to IBM i 7.4, Renewed Concern about Cybersecurity, and Soft Adherence to Data Privacy Regulations
Cyber security longitudinal survey: wave 1 (GOV.UK) The Cyber Security Longitudinal Survey (CSLS) aims to better understand cyber security policies and processes within medium and large businesses and high-income charities, and to explore the links over time between these policies and processes and the likelihood and impact of a cyber incident.
Can Data Breaches Be GOOD For Some Corporate Brands? (Forbes) Smaller data breaches can actually boost a brand.
Trellix Sees Advanced Persistent Threat Actors and Ransomware Groups Focus on Financial Services in Third Quarter of 2021 (Business Wire) Today, Trellix released its Advanced Threat Research Report: January 2022, examining cybercriminal behavior and activity related to cyber threats in t
Allianz report warns Nigerian firms, others against cyber risks (The Guardian Nigeria News) The 11th Allianz Survey, also known as the Allianz Risk Barometer 2022, says cyber, political risks and violence are key threats
FTC: Americans lost $770 million from social media fraud surge (BleepingComputer) Americans are increasingly targeted by scammers on social media, according to tens of thousands of reports received by the US Federal Trade Commission (FTC) in 2021.
More than two in five charities hit by cyber attacks last year, research finds (Third Sector) The proportion of charities that said they have experienced a cyber attack rose by 13 percentage points last year, new research indicates.
Network Security Firm Portnox Raises $22 Million in Series A Funding (SecurityWeek) Network and endpoint security firm Portnox has raised $22 million in a Series A funding round.
Crypto Custody Firm Fireblocks Raises $550M at $8B Valuation (CoinDesk) The Series E round was co-led by D1 Capital Partners and Spark Capital, and included Alphabet’s independent growth fund, CapitalG.
Crypto infrastructure company Fireblocks nearly quadruples valuation to $8B in six months (TechCrunch) Crypto custody platform Fireblocks is quite possibly “the most successful and least-known company in the blockchain space,” as described by its co-founder and CEO Michael Shaulov in an interview with TechCrunch. The company announced today that it is now the highest-valued digital asset infrastruct…
PQShield raises $20m to further its quantum cryptography (Embedded) PQShield said it is pioneering the development and commercial roll-out of advanced, quantum-ready cryptographic solutions for hardware, software and communications, compatible with existing infrastructure and ready for companies to deploy now.
UK privacy startup Pimloc redacts faces from video and images (Computing) Surveillance cameras have a security value, but the extraneous data they capture will inevitably be abused
Godspeed Capital Acquires Savli Group, Inc. (Business Wire) Godspeed Capital Management LP (“Godspeed Capital”), a lower middle-market Defense & Government services, solutions, and technology focused privat
Elliott and Vista Near Deal to Buy Citrix Systems (Wall Street Journal) Elliott Management and Vista Equity Partners are near an agreement to pay $104 a share, or roughly $13 billion, for the software company, according to people familiar with the matter.
Vulnerabilities in Swiss E-Voting System Earn Researchers Big Bounties (SecurityWeek) Researchers have already earned tens of thousands of euros for vulnerabilities found in Switzerland’s new e-voting system as part of a recently launched bug bounty program.
U.S. bans lead to a decline of over 81% in Huawei's phone shipments during 2021 (Phone Arena) Despite new foldables including the Mate X2 and the P50 Pocket, Huawei's 2021 handset shipments declined over 81% last year.
Why Tech Investors Should Be Watching Palo Alto Networks (The Motley Fool) A few good reasons to buy this cybersecurity stock.
Okta Names Interim CFO Brett Tighe As New Finance Chief (Nasdaq) Okta, Inc. (OKTA), an identity and access management solutions provider, said on Friday that Brett Tighe, Okta's interim finance chief, has been appointed to the role of CFO, with immediate effect.
LifeOmic Hires Peter Liebert as Chief Information Security Officer (KPCNews) LifeOmic, a software company that leverages the cloud, machine learning and mobile devices to offer disruptive solutions to the healthcare industry, employers and individuals,
BREAKING: Ex-Manhattan DA To Head Baker McKenzie Cyber Practice (Law360) Former Manhattan District Attorney Cy Vance Jr. joined Baker McKenzie on Monday as a New York partner and global chair of the BigLaw shop's cyber and data security practice after more than a decade in public office, the firm said.
Top Government Technologist Joins OODA Advisory Board (PR Newswire) /PRNewswire/ -- OODA LLC is honored to announce that Dawn Meyerriecks has joined the OODA Advisory Board where she will provide expert insight into emerging...
Products, Services, and Solutions
Quantum Star Technologies Launches AI-based Malware Detection Software, Promises Unmatched "Zero-Day" Detection (Yahoo Finance) Quantum Star Technologies, an AI-based cybersecurity company, today unveiled its exclusive malware detection technology, Starpoint.
The Swimlane Automation Platform Then, Now, and a Hint of What’s Next (Swimlane) In October 2021, low-code security automation made its debut with Swimlane Cloud. The Swimlane platform unlocks automation beyond the SOC to serve as a system of record for the entire security organization, integrating any set of security tools with existing people and processes for a faster and…
SailPoint Launches New AWS Region in Japan to Support Increased Demand for Identity Security (Business Wire) SailPoint today announced its new Amazon Web Services (AWS) region in Tokyo. This is the seventh region for the company.
New infosec products of the week: January 28, 2022 (Help Net Security) The featured infosec products this week are from: Borderless Security, Deepfence, LiveAction, MetricStream, Panorays, Pentera, and Samsung.
Technologies, Techniques, and Standards
Battling Bugs: UK Government Pitches 'Scanning Made Easy' (Bank Info Security) Britain's National Cyber Security Center has launched a trial vulnerability management project called Scanning Made Easy, designed to empower small and midsize
What Is a Human Firewall? Can It Protect You Against Cyberattacks? (MUO) Bringing the human factor into cybersecurity, a human firewall can help mitigate today's most common security breaches.
Defending against killware: The cyber threat with physical consequences (Security Magazine) Killware attacks, cyberattacks intended to cause physical damage and harm, is a grave concern for security professionals in the healthcare and critical infrastructure sectors. Here’s how to defend against it.
Reducing the blast radius of credential theft (Help Net Security) Aside from unsophisticated “smash and grab” style data thefts and ransomware attacks, the initial identity theft is only the beginning.
Security experts say you no longer need a VPN — here's why (Tom's Guide) Are VPNs still necessary for security and privacy? Maybe not always
Design and Innovation
This company says it’s developing a system that can recognize your face from just your DNA (MIT Technology Review) Though it almost certainly won’t work, it is a telling sign of where the field is heading
Web-Tracking 'Cookies' Meant to Protect Privacy: Inventor (SecurityWeek) The data-tracking "cookies" at the heart of concerns over online privacy were meant to shield people, rather than serve as cyber snoops, their inventor says.
Research and Development
Researchers use GPU fingerprinting to track users online (BleepingComputer) A team of researchers from French, Israeli, and Australian universities has explored the possibility of using people's GPUs to create unique fingerprints and use them for persistent web tracking.
DARPA's 'ROCkN' laser-based clocks will know what time it really is, to the sub-picosecond (Breaking Defense) Optical clocks in labs today "fill out a huge room, a big room with a very complex, very sophisticated apparatus that takes multiple PhDs to run," Tatjana Curcic, who manages DARPA's Robust Optical Clock Network project, told Breaking Defense.
Bloomsburg University selected for new Academic Engagement Network (The Daily Item) Bloomsburg University of Pennsylvania and its Department of Mathematics and Digital Sciences has been selected by the U.S. Cyber Command (CYBERCOM) as one of 84 colleges and
Legislation, Policy, and Regulation
ISIS Isn’t Back. It Never Went Away (World Politics Review) Although the Islamic State’s prison break attempt in Hasaka, Syria, was ultimately unsuccessful, the assault took a week to turn back, with at least 100 reported fatalities. The incident has sparked concern that the jihadist group, degraded but never destroyed, could be on the brink of a dramatic escalation.
Too little, too late? Britain’s quest for cyber security (Politics.co.uk) Last week the government launched its inaugural Cyber Security Strategy to little fanfare. Wrongly perceived as a somewhat dry and technical topic, this watershed moment for Britain’s digital defences was undoubtedly overshadowed by ongoing questions surrounding the prime minister’s alleged breach of Covid guidelines. Yet far after Boris Johnson’s rumoured birthday cake ambush is consigned... Read more »
Uproar in Israel Over Police Snooping Renews Privacy Debate (Wall Street Journal) A firestorm has broken out over whether tools developed by NSO Group, which has been blacklisted in the U.S., have been used to illegally monitor Israelis.
The Battle for the World’s Most Powerful Cyberweapon (New York Times) A Times investigation reveals how Israel reaped diplomatic gains around the world from NSO’s Pegasus spyware — a tool America itself purchased but is now trying to ban.
F.B.I. Secretly Bought Israeli Spyware and Explored Hacking U.S. Phones (New York Times) Israel used the NSO Group’s software as a tool of diplomacy. The F.B.I. wanted it for domestic surveillance. Then everything soured. Here are highlights of a New York Times Magazine investigation.
Biden Administration expands public-private cyber partnership to water sector (Security Systems News) The Biden-Harris Administration announced on Jan. 27, 2022, that it will extend the Industrial Control Systems (ICS) Cybersecurity Initiative to the water sector.
FAA clears Verizon and AT&T to turn on more 5G cell towers (Federal News Network) Concern about new high-speed wireless service interfering with airplanes appears to be easing…
FAA must step up now on 5G (TheHill) Having served in the post-911 White House, I can appreciate the challenges.
How the FTC Is Reshaping the Antitrust Argument Against Tech Giants (Wall Street Journal) Federal Trade Commission chief Lina Khan has developed an innovative way to frame the issue of Silicon Valley behemoths’ market power. Whether she has the tools to see it through remains to be seen.
DoD must focus on skilled cyber defenders, not just new tech, warns weapons tester (C4ISRNet) DOT&E recommends the department refocus cybersecurity efforts on people rather than technology alone.
Security agency director urges governors to teach cybersecurity basics (UPI) The Cybersecurity and Infrastructure Security Agency is encouraging investments in cybersecurity education for Americans of all ages, including public officials and their staffs.
Litigation, Investigation, and Law Enforcement
Finland says it found NSO's Pegasus spyware on diplomats' phones (The Record by Recorded Future) The Finnish government said today that the telephones of some of its foreign diplomats were infected last year with Pegasus, a spyware strain developed by Israeli surveillance vendor NSO Group.
NSO chief rejects ‘hypocritical’ criticism of spyware firm: ‘I sleep soundly at night’ (Times of Israel) The CEO of NSO Group pushes back on criticism of his embattled cyber tech firm amid mounting allegations its Pegasus spyware program was misused in Israel and across the globe.
Huawei Files Lawsuit Against Sweden in International Court of Arbitration - Reports (Sputnik International) MOSCOW (Sputnik) - China's Huawei has filed a lawsuit against Sweden in the International Court of Arbitration after the Swedish Post and Telecom Authority (PTS) denied the company access to the development of a 5G network infrastructure...
‘Controller,’ ‘Processor’ and ‘Transfer’: Some GDPR Concepts Re-Explained (cyber/data/privacy insights) Many companies are still struggling with some basic concepts of the General Data Protection Regulation, such as “controller,” “processor” and “transfer” of personal data. The European Data Protection Board (EDPB) has tried to shed some light on these concepts in its guide...
Mike Lynch Loses $5 Billion Court Fight With HP Over Autonomy (Bloomberg) Lynch faces prospect of extradition to U.S. on fraud charges. Tycoon says he plans to appeal civil judgment on dishonesty.
U.K. Approves Extradition of Tech Tycoon Mike Lynch to U.S. (Bloomberg) Autonomy CEO battling against facing criminal charges in U.S. London judge ruled he was ‘well aware’ of company fraud.
Special master selects experts to analyze Maricopa County routers, Splunk logs (KTAR) Three computer experts were selected by a special master to analyze Maricopa County routers and Splunk logs as part of the audit of 2020 election results.
IBM to Double-Down on Partnership with CISA via JCDC to Fight Cybercrime (Executive Gov) IBM has announced it will perpetuate its relationship with the Cybersecurity and Infrastructure Security Agency (CISA) by working as an alliance partner in the Joint Cyber Defense Collaborative (JCDC).
Cyber Ninjas CEO participates in contentious deposition, says he's not ready to turn over audit records (Arizona Republic) Doug Logan says he will not turn over records from the review of Maricopa County's 2020 election until he has a \
US healthcare company EyeMed reaches settlement following 2020 data breach (The Daily Swig) Vision benefits provider agrees to $600,000
Farmers Telephone Cooperative Data Breach Prompts Investigation into Class Action Lawsuit (Digital Journal) Console & Associates, P.C. Investigates Possible Data Breach Lawsuit Against Farmers Telephone Cooperative (FTC) Following Recent Data Security Event
Chief executive too fearful to speak out about cyberattack because of threat of legal claims (FutureScot) Chief executive of Scottish firm too fearful to speak out about cyberattack in case it leaves her exposed to risk of compensation claims