Dateline Moscow and Kyiv: Drone strikes concentrate on electrical power.
Ukraine at D+237: Targeting civilians. (CyberWire) Russian missile strikes are assessed as deliberate attacks against civilians, The tactic appears to mirror the approach General Surovikin took during the Russian intervention in Syria. Skirmishing continues in cyberspace.
Russia-Ukraine war latest: Putin imposes martial law on annexed Ukrainian territories (The Telegraph) Vladimir Putin has imposed martial law on the four regions of Ukraine that the Kremlin annexed last month.
Russia tightens Ukraine energy squeeze; launches evacuation (AP NEWS) Russian missile strikes and shelling of energy utilities left more Ukrainian villages, towns and parts of two cities without power on Wednesday, authorities said, tightening an energy squeeze that threatens misery for millions in winter.
The front-line Ukraine city where it is Russia making the gains (The Telegraph) The mercenary Wagner group has spearheaded a relentless advance in Bakhmut, turning a former tourist destination into a wasteland
Ukraine war: Blackouts in 1,162 towns and villages after Russia strikes (BBC News) The capital Kyiv and other cities are hit again, and officials say rolling power cuts are possible.
Putin's blackout blitz: Russia aims to freeze Ukrainians into surrender (Atlantic Council) Russia is seeking to plunge Ukraine into darkness ahead of the winter heating season by destroying the country's energy infrastructure. Ukraine's partners must step in to make sure Ukrainians are not frozen into surrender.
Russia Gives Ukraine Nuclear Plant Workers Ultimatum to Pick a Side (Wall Street Journal) Technicians maintaining the Russian-occupied Zaporizhzhia nuclear plant have been given until Thursday to pick sides in the struggle for control of the complex.
Russia’s new Ukraine commander signals civilian removals from ‘tense’ Kherson (the Guardian) Sergei Surovikin says Russia’s defence of occupied southern city ‘not easy’ as Ukraine introduces local news blackout
I saw Putin's new commander up close in Syria. Worse is to come (The Telegraph) With Russia’s conventional war machine failing, Putin is deploying his unconventional playbook which kept Assad in power
Estonian defense minister: New Russian commander behind increased civilian attacks in Ukraine (Breaking Defense) Hanno Pevkur told Breaking Defense the Ukraine situation appears to be at an inflection point that could tip the balance of the conflict.
‘Undeniable need for accountability’ in Ukraine as violations mount (UN News) The Independent Commission of Inquiry on Ukraine, presented its first detailed written report to the UN General Assembly on Tuesday, which concludes that there are reasonable grounds to believe “an array” of war crimes, violations of international human rights and humanitarian law have been committed.
Russia 'running out of long-range missiles' (The Telegraph) Moscow turns to drones as Western official says 'barrage of precision weapons' on Ukraine is becoming 'unsustainable'
Financial toll on Ukraine of downing drones ‘vastly exceeds Russian costs’ (the Guardian) Analysis reveals cost of shooting down cheap drones, but experts say deployment is sign of Moscow’s weakness
UK and US hold urgent talks over Russia's use of Iranian kamikaze drones (The Telegraph) The Defence Secretary has flown to Washington to discuss the Kremlin's 'terrorising' air strikes in Ukraine
Readout of Secretary of Defense Lloyd J. Austin III's Meeting With U.K. Secretary of State (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III reaffirmed the U.S. - U.K. defense relationship during a meeting with the British secretary of state for defense.
U.S. industry cranks up HIMARS production as Ukraine war intensifies (POLITICO) The rocket launchers have had on outsized effect against Russian forces Ukraine.
Iran Sends Drone Trainers to Crimea to Aid Russian Military (New York Times) The trainers from Iran’s paramilitary wing have been deployed to help Russia overcome mechanical problems with the fleet.
As Iranian munitions kill in Ukraine, pressure builds for Israel to reassess its Russian balancing act (Breaking Defense) Israeli defense sources told Breaking Defense that the cooperation between Iran and Russia in Ukraine may have changed the calculus on Israel's sideline stance.
How the World Will Know If Russia Is Preparing to Launch a Nuke (WIRED) While tensions over a possible nuclear attack on Ukraine remain high, experts say surveillance will likely catch Russia if it plans to do the unthinkable.
Bowing to Putin’s nuclear blackmail will make nuclear war more likely (Atlantic Council) Giving in to Putin’s nuclear blackmail would not end the war in Ukraine. What it would do is set a disastrous precedent that makes a future nuclear war far more likely while encouraging uncontrolled nuclear proliferation.
Four non-nuclear ways Putin could escalate the Ukraine war (The Hill) Russian President Vladimir Putin set off nuclear alarms last month with his bellicose rhetoric while announcing a series of moves to ramp up his war on Ukraine. However, military expert…
Most Ukrainians want to keep fighting until Russia is driven out, poll finds (Washington Post) Seventy percent of Ukrainians are determined to keep fighting until their country wins the war against Russia, according to a Gallup poll conducted in early September, amid counteroffensives that retook swaths of land in the country’s south and east.
Ukraine has a Russia problem not a Putin problem (Atlantic Council) Ukraine appears poised to defeat Putin's invasion but Russia will continue to pose an existential threat to Ukrainian statehood until Russians learn to accept that Ukraine is a sovereign and independent nation.
Ukraine Isn’t Munich—or Vietnam or Berlin (Foreign Policy) Historical analogies can harm more than help in understanding crises.
Ukraine Is the World’s Foreign-Policy Rorschach Test (Foreign Policy) There are two basic ways to think about the war—and the world.
First pictures of Nord Stream pipeline show 50m hole after 'powerful explosions' (The Telegraph) A massive tear and twisted metal can be seen in video footage, with much of the stretch of pipe either missing or buried under the seabed
Russians Against Putin: NRA Claims Massive Hack of Russian Government Contractors’ Computers - Kyiv Post - Ukraine's Global Voice (Kyiv Post) The National Republican Army (NRA) of Russia is seeking the overthrow of Vladimir Putin’s regime. On Oct. 17… - Oct. 18, 2022. By Jason Jay Smart
Cyberattack disrupts Bulgarian government websites over ‘betrayal to Russia’ (The Record by Recorded Future) Pro-Russian hackers were behind a “large-scale” cyberattack on Bulgarian government websites on Saturday, according to Bulgaria’s Prosecutor-General Ivan Geshev.
Pentagon eyes locking in Starlink funding for Ukraine (POLITICO) Elon Musk's satellite communications service could be paid for using the Ukraine Security Assistance Initiative.
Bundesinnenministerium stellt BSI-Präsident Arne Schönbohm frei (Spiegel) Das Innenministerium hat den Chef des Bundesamts für Sicherheit in der Informationstechnik mit sofortiger Wirkung freigestellt und leitet ein Disziplinarverfahren gegen ihn ein, wie der SPIEGEL aus Sicherheitskreisen erfuhr.
Germany fires cybersecurity chief after reports of possible Russia ties (Reuters) Germany's interior ministry fired the country's cybersecurity chief on Tuesday and launched an investigation into his conduct after media allegations that he may have come into contact with Russian security circles through a consultancy he co-founded.
German Cybersecurity Chief Sacked Over Alleged Russia Ties (SecurityWeek) Arne Schoenbohm, head of Germany's Federal Cyber Security Authority, was fired after being accused of having ties to Russian intelligence services.
German cyber chief suspended following allegation he associated with Russian intelligence (The Record by Recorded Future) The head of Germany’s federal cybersecurity office has been suspended, a spokesperson confirmed on Tuesday, following accusations that he had associated with a business connected to the Russian intelligence services.
Biden to release 15M barrels from oil reserve, more possible (AP NEWS) President Joe Biden will announce the release of 15 million barrels of oil from the U.S. strategic reserve Wednesday as part of a response to recent production cuts announced by OPEC+ nations , and he will say more oil sales are possible this winter, as his administration rushes to be seen as pulling out all the stops ahead of next month’s midterm elections.
Attacks, Threats, and Vulnerabilities
Dallas Air Traffic Rerouted as FAA Probes Faulty GPS Signals (Bloomberg) Pilots, controllers using older technology to navigate. ‘Very unusual’ air navigation glitch, says flight-track expert.
SafeBreach Uncovers Fully Undetectable Powershell Backdoor | New Research (SafeBreach) See how this tool—created by a sophisticated and seemingly unknown threat actor—uses the unique approach of disguising itself as part of a Windows update.
Stealthy Windows PowerShell backdoor discovered by researchers (Computing) 'Fully undetectable' backdoor cannot be discovered by any security tool on VirusTotal and seems to have been developed by a skilled actor
CVE-2022-42889 Detail (National Vulnerability Database) This vulnerability has been modified and is currently undergoing reanalysis. Please check back soon to view the updated vulnerability summary.
CVE-2022-42889: Don’t panic, do patch (Contrast Security) CVE-2022-42889 looks similar to Log4Shell, but Contrast found it’s not nearly as exploitable, given that very few use the library's interpolator function.
FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer (Orca Security) The Orca Research Pod has discovered FabriXss a vulnerability in Azure Service Fabric Explorer that allows attackers to gain full Administrator permissions.
Lifespire Services, Inc. Reports Data Breach with HHS-OCR Affecting 15,375 Individuals (JD Supra) On October 14, 2022, Lifespire Services, Inc. filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil...
Hong Kong gov’t orgs targeted for over a year with Spyder Loader malware: report (The Record by Recorded Future) Government organizations in Hong Kong were targeted with malware as part of an intelligence-gathering campaign that lasted for more than a year.
Fresh Phish: A New Social Security Phishing Scam Preys Upon Our Biggest Worries (INKY) Americans have plenty to worry about these days, and at the top of the list is money, government, and the future – creating a perfect storm of anxiety for phishers. Learn more about this phishing scheme.
Critical RCE Vulnerability Discovered in Popular Cobalt Strike Hacking Software (The Hacker News) A critical remote code execution vulnerability has been discovered in the Cobalt Strike attack framework.
HelpSystems Patch Falls Short, RCE Vulnerability in Cobalt Strike Remains (Infosecurity Magazine) Certain components in Java Swing will interpret text as HTML content if it starts with <html>
Cars face cyber threats too (Washington Post) Europol smashes an alleged car-hacking operation, but that's not the only cyberthreat to vehicles
Kingfisher confirms its IT systems were breached (Cybernews) Kingfisher Insurance said that some of the company’s IT systems were accessed by an unauthorized third party.
Group threatens to sell Medibank customer data after 'cyber incident' (9News) Medibank said it has received messages from a group wishing to negotiate with the provider "regarding thei...
Vulnerability Summary for the Week of October 10, 2022 | CISA (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Hitachi Energy APM Edge (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: Transformer Asset Performance Management (APM) Edge Vulnerability: Reliance on Uncontrolled Component 2.
Advantech R-SeeNet (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an unauthorized attacker remotely deleting files on the system or allowing remote code execution.
Trends
Internet freedoms are in decline, report (Computing) The Balkanisation of the web is picking up pace along with state surveillance, finds report by Freedom House
New Research: 57% of federal cybersecurity leaders report experiencing multiple data breaches over the past two years (Zettaset) Zettaset findings confirm federal cybersecurity leaders lack proper data protection tools to secure confidential citizen information SAN FRANCISCO –
A look at Password Health Scores around the world in 2022 (Dashlane Blog) Learn how cybersecurity intersects with your daily life and how your Dashlane Business account goes beyond security at work.
Annual Survey Report: The Business Cost of Phishing (Ironscales) Businesses are spending too much time and money on phishing. Learn how much from this annual report surveying 252 IT and security pros across 20 industries
Ransomware In Q3 2022 (Digital Shadows) Ransomware activity decreased in the third quarter of 2022 (Q3 2022), as actors regrouped and refocused after a busy start to the year. Despite this, attacks on high-profile targets—as well as potentially politically motivated attacks—kept our eyes on ransomware this quarter. New tools and techniques emerged, while older tools resurfaced or were repurposed by ransomware
Menlo Security: Most Consumers are Confident in Ability to Identify Threats, but Fail to Implement Basic Precautions (Business Wire) The FBI is trying to contact you. Your Microsoft device has a virus (but you own a MacBook). There’s a warrant out for your arrest for tax evasion (th
Marketplace
Cyber M&A Expected to Remain Robust Into 2023 (Wall Street Journal) Acquirers seek to offer corporate security chiefs broader suites of cyber services rather than one-off products.
Are Cybersecurity Vendors Pushing Snake Oil? (SecurityWeek) A survey found that 91% of cybersecurity and IT leaders have difficulty in selecting cybersecurity vendors due to unclear marketing about their specific offerings.
Banco Santander and Forgepoint Capital announce strategic alliance to advance cybersecurity investment and innovation globally (Santander) The bank and US venture capital firm to create a new management company to invest in emerging cybersecurity companies mainly in Europe and Latin America. Santander is expected to invest up to €300 million in the initiatives related to this partnership.
Bolster Closes $15 Million Financing Round to Help More Global Companies Detect and Remediate Digital Threats in Minutes, Not Months (PR Newswire) Bolster, Inc., the automated digital risk protection company, today announced $15 million in funding led by Cervin, Liberty Global Ventures,...
This Cybersecurity Startup Emerged from Stealth with a $7.5 Million Seed Round to Advance Browser Security Solutions (Entrepreneur) The co-founder and CEO of LayerX discusses how his company's security platform is taking browser security to the next level.
Consortium led by Smartfin acquires leading cybersecurity software provider Hex-Rays - Smartfin (Smartfin) Hex-Rays, a Belgian cybersecurity company that develops advanced reverse engineering software solutions, has been acquired by a consortium of investors led by Smartfin, a leading European venture capital and private equity investor, and including co-investors SFPIM and SRIW. Ilfak Guilfanov, the founder of Hex-Rays and architect of the technology platform, also reinvests a substantial amount in the new structure.
CounterCraft Awarded $26 Million Contract from U.S. Government to Support Advanced Cyber Operations (PR Newswire) CounterCraft has been awarded a sole-source contract from the U.S. government, with a ceiling of more than $26MM, allowing the entire U.S....
Illumio Awarded DoD ESI Purchase Agreement to Accelerate Risk Reduction with Zero Trust Segmentation (GlobeNewswire News Room) The Illumio Zero Trust Segmentation Platform stops attacks from spreading across the hybrid attack surface to increase agencies’ cyber resilience...
TikTok's top hacker enjoys account takeovers (Cybernews) Yusuf, a 23-year-old bug bounty hunter from Kurdistan, Iraq, is one of TikTok's top contributors. Hacking big tech companies started as a hobby, Yusuf told Cybernews.
Censornet | Censornet Awarded Technology Provider Of The Year At 2022 British Business Awards (RealWire) Censornet, the UK-based leader in integrated cloud security, has been awarded ‘Technology Provider of the Year’ at the 2022 British Business Awards.
Nuvolo Recognized for Its Commitment to Information Security Management (Yahoo Finance) Nuvolo, the world's fastest-growing workplace software company, today announced that it has successfully completed four security assessments for its integrated workplace management software. The assessments were completed by A-LIGN, an independent, third-party assessment organization (3PAO), to assess and report on its security measures, which found Nuvolo in compliance with nationally and internationally recognized standards. These include:
Axonius Hires Nick Degnan as New Global SVP of Sales (PR Newswire) Axonius, the leader in cybersecurity asset management and SaaS management, today announced the appointment of Nick Degnan as Senior Vice...
Surefire Cyber Expands Depth of its Board of Directors with the Appointment of Industry Leader, Cyndi Gula (Yahoo Finance) Cyber response firm Surefire Cyber announces today the appointment of industry leader and entrepreneur, Cyndi Gula, to the company's Board of Directors.
GuidePoint Security Names Secure Code Warrior as the Latest Partner to Join the Company’s Federal Emerging Cyber Vendor Program (Business Wire) GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that Secure
Products, Services, and Solutions
SecureAuth's Arculix Wins “Authentication Solution of the Year” Award in 6th Annual CyberSecurity Breakthrough’s Awards Program (SecureAuth) Next-Gen Access and Authentication Platform – Arculix – is Recognized for its Outstanding Passwordless, Continuous Authentication and Risk Analytics IRVINE, Calif., Oct. 18, 2022 – SecureAuth, a leader in access management and authentication, today announced that its SecureAuth Arculix™ next-generation authentication platform has been selected as winner of the “Authentication Solution of the Year” award […]
Axis' Atmos Platform Named Best SASE Solution Winner at 2022 CISO Choice Awards (PR Newswire) Axis announced today that its Atmos Security Service Edge (SSE) platform has been named Best SASE Solution in the prestigious 2022 CISO Choice...
Sumo Logic Delivers App to Manage Cloud Spend (GlobeNewswire News Room) New Sumo Logic App for AWS Cost Explorer helps maximize cloud resources and performance...
GitGuardian Extends Code Security Platform Adding Infrastructure-as-Code Scanning for Security Misconfigurations (GitGuardian Blog) GitGuardian, the enterprise-ready automated secrets detection and remediation platform, is expanding its capabilities to new security verticals. GitGuardian is now building a comprehensive platform to help development and security teams write, maintain, and run secure code anywhere.
New Integrations with Microsoft Security Solutions Expand Kudelski Security Managed Detection and Response (MDR) Offerings (Kudelski Security) The addition of Microsoft Sentinel and Microsoft Defender XDR Portfolio offers clients alternatives to expand security monitoring, increase visibility, and...
Radiflow and Allied Telesis Partner to Enhance Threat Containment & Prevention for OT/ ICS Environments (Allied Telesis) Radiflow and Allied Telesis security partnership enhance critical response and remediation capabilities by reducing attack surface following an OT network breach.
Murre - the lightweight K8s metrics monitoring tool (Groundcover) Meet Murre. Murre is an on-demand, scaleable source of container resource metrics for Kubernetes. Murre fetchs CPU & memory resource metrics directly from the kubelet on each K8s Node and enriches the resources with the relevant K8s requests and limits from each PodSpec.
CybSafe’s new behavioural risk platform challenges the security awareness and training status quo (CybSafe) CybSafe’s new behavioural risk platform challenges the security awareness and training status quo. Read more...
Mandiant and SentinelOne Integrate, Enriching XDR with Threat Intelligence (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced an integration with Mandiant to improve threat detection, triage,
New RSA® Innovation Enhances Mobile Security (Business Wire) RSA Mobile Lock detects critical threats to a mobile device and can restrict the user’s ability to authenticate until the threat is resolved.
Cado Security Continues its Innovation with Launch of Cado varc Volatile Artifact Collector Tool (Cado Security | Cloud Investigation) Cado Security, the cloud investigation and response automation company, today announced the launch of its new open source community tool, Cado varc. The new volatile artifact collector tool allows security analysts to collect a snapshot of volatile data, adding critical context to incident investigations. By enabling security professionals to drastically simplify the collection and analysis of volatile data, they gain enhanced visibility to identify root cause and respond to incidents faster.
GroupSense Delivers New Ransomware Negotiation Training Service (GroupSense) In our latest offering, GroupSense will offer Ransomware Negotiation Training to law firms and legal professionals.
Technologies, Techniques, and Standards
Secret Double Octopus Study Finds 87% Believe Next-Gen Passwordless Solutions Will Become the Leading Approach to Secure Workforce Identities within Five Years (Business Wire) Secret Double Octopus (SDO), in partnership with Dimensional Research, announced today the results of their global annual study focusing on the state
Only 1 in 4 Election Websites Uses the .gov Domain. That’s a Problem — and an Opportunity (Center for Democracy and Technology) This post is authored by William T. Adler and researchers James Doyle, Mac Milin Kiran, Meg Leta Jones, and Paul Ohm of Georgetown University’s Foo Law Lab. The authors thank CISA official Cameron Dixon for helpful guidance on this project. Ahead of the U.S. midterms, election misinformation appears to be thriving online. As always, local […]
Research and Development
The Computer Scientist Who Boosts Privacy With Entropy (Quanta Magazine) Harry Halpin wants our internet conversations to be more private. He’s helped create a new kind of network that might make it possible.
Legislation, Policy, and Regulation
Singapore offers cyber agency support on Optus hack (The Sydney Morning Herald) A government regulatory agency has been embroiled in a hack on an IT services firm owned by Optus’ parent company Singtel.
Optus data breach: regulatory changes announced, but legislative reform still needed (CRN Australia) Regulatory move could be game changer.
Iran Shifts Tactics to Use Covert Police, Tech to Crack Down on Protests (Wall Street Journal) Authorities are using plainclothes security officers, digital surveillance and drones as protesters move away from big gatherings in favor of pop-up demonstrations and other displays of resistance.
UK anti-fraud efforts have failed and need ‘wholesale change,’ lawmakers say (The Record by Recorded Future) In a report, the House of Commons Justice Committee detailed how law enforcement agencies and other stakeholders have failed to stop digital crimes.
FCC Makes It Impossible For Huawei & ZTE To Return To The US (Android Headlines) The Federal Communications Commission (FCC) is about to impose a new ban on Huawei and ZTE over their dubious relations with the Chinese government. The
Tech Help From China Not Worth Cyber Risk, DHS Head Warns (Law360) The head of the U.S. Department of Homeland Security on Tuesday warned against nations accepting "cut-rate" telecom services and other technical assistance from China, telling an audience in Singapore that the help "is not worth" the massive privacy and data security risks that come along with it.
Republicans press Biden administration on use of Chinese comms equipment near US military installations | CNN Politics (CNN) Top Republicans on the House Oversight Committee are pressing the Biden administration on the use of Chinese-made telecommunications equipment near sensitive US military installations, in a signal of what the powerful committee may pursue if the GOP claims the House in November.
Section 230’s Fate Belongs With Congress—Not the US Supreme Court (WIRED) A case heading to SCOTUS claims platforms should be held responsible for their algorithmic recommendations. A history of the statute suggests otherwise.
U.S. to issue new cybersecurity requirements for critical aviation systems (Military & Aerospace Electronics) Several U.S. airport websites earlier this week were hit with apparently coordinated denial-of-service attacks, David Shepardson reports for Reuters.
After Recent Russian Cyberattacks Target U.S. Airports, Rosen Sends Letter to Biden Administration Requesting Additional Information (Jacky Rosen, US Senator for Nevada) Senator Rosen Continues Leading The Call To Bolster America’s Cybersecurity Posture To Protect Against Russian Retaliation
Security Directive 1580/82-2022-01: Rail Cybersecurity Mitigation Actions and Testing (TSA) The Transportation Security Administration (TSA) is issuing this Security Directive due to the ongoing cybersecurity threat to surface transportation…
Intelligence agencies must transform acquisition (Federal News Network) Reforms are needed to enhance efficiency, focus on outcomes, and procure innovative technology.
Biden intelligence adviser previously vetted deals for Israeli NSO Group (the Guardian) Jeremy Bash served on committee advising on sales of company’s Pegasus spyware to foreign agencies
Retired U.S. Generals, Admirals Take Top Jobs with Saudi Crown Prince (Washington Post) Hundreds of veterans have taken lucrative foreign jobs that U.S. officials approved — but fought to keep secret.
Litigation, Investigation, and Law Enforcement
Mexican opposition lawmaker says he was target of Pegasus spyware (Reuters) Mexican opposition congressman Agustin Basave Alanis said on Tuesday his phone was infected by Pegasus, the fourth alleged case of the controversial spyware being deployed under President Andres Manuel Lopez Obrador, who had vowed to stop using it.
New York Fines EyeMed $4.5 Million for Customer Data Breach (Bloomberg Law) EyeMed Vision Care LLC must pay a $4.5 million penalty to New York for an email data breach that exposed customer information in violation of the state’s cybersecurity regulation.
New York Fines EyeMed $4.5M After Consumer Data Breach (Law360) New York's Department of Financial Services said Tuesday that EyeMed Vision Care LLC will pay $4.5 million to end a probe into whether it breached state cybersecurity rules before a 2020 hack that exposed hundreds of thousands of consumers' personal data.
Jury rejects Fortinet trademark claims against rival cyber firm Fortanix (Reuters) A jury in San Francisco federal court said on Monday that cybersecurity company Fortinet Inc had failed to prove during a nearly two-week trial that data-security provider Fortanix Inc infringes its trademark.