Drata’s compliance automation platform was built to be customized. With 75+ deep integrations, continuous control monitoring, and custom controls and frameworks, you can achieve your unique compliance goals at any growth stage and in any security environment. Our Risk Management Solution can help you establish a security-first posture with minimal manual work. Take a look yourself and see why Drata is G2’s #1 Leader for cloud compliance.
The CyberWire is honoring Veterans Day with 15% off annual subscriptions of CyberWire Pro by using code VET2022. Veterans and service members can reach out to us directly at support@thecyberwire.com for an additional discount. Also, check out the special Veterans Day episode of CSO Perspectives along with the rest of the CyberWire Pro podcast lineup, plus exclusive briefings, articles, and events. Subscribe to CyberWire Pro here.
Reuters reports that that US midterm elections proceeded without unusual difficulty. A review of voting the morning after election showed little evidence of cyberattacks and even less evidence of disruption. The FBI's assessment last week of the dropping effect of distributed denial-of-service (DDoS) operations seems to have been borne out. WAPT reported some intermittent DDoS incidents late yesterday that had a minor impact on the Mississippi Secretary of State's public website, but these had no effect on voting and were in any case quickly remediated.
One county, Champaign County in downstate Illinois, reported outages and computer "performance issues," but said, NBC Chicago reports, that the issues were quickly remediated without significant effect on voting. The tabulation machine outage in Maricopa County, Arizona, seems to have been a malfunction (A senior CISA official said yesterday evening that the agency had quickly investigated the Maricopa incident and found “no indication of malfeasance.") To put Champaign and Maricopa Counties into proper perspective, consider that there are well over three-thousand counties in the United States.
Counting the votes and certifying the results will take time. That's not unusual; it's part of the normal process. For more on the cybersecurity of the US midterms, see CyberWire Pro.
Somebody once said, “if it ain’t broke, don’t fix it.” That somebody didn’t work in cybersecurity. And that somebody didn't work at Raytheon, Intelligence & Space. Here we break the definition of cyber defense: Hiring the sharpest minds, actively hunting threats, and designing one-of-a-kind-never-been-done-before solutions. That’s how we shake up the future and uncover new thinking to protect our customer's most vital infrastructure and our way of life.
The US Cybersecurity and Infrastructure Agency (CISA) yesterday added seven new entries to its Known Exploited Vulnerabilities Catalog. They include four issues in Microsoft products: CVE-2022-41091 (a Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability), CVE-2022-41073 (a Microsoft Windows Print Spooler Privilege Escalation Vulnerability), CVE-2022-41125 (a Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability), and CVE-2022-41128 (a Microsoft Windows Scripting Languages Remote Code Execution Vulnerability). The other three entries were for Samsung products: CVE-2021-25337 (a Samsung Mobile Devices Improper Access Control Vulnerability), CVE-2021-25369 (a Samsung Mobile Devices Improper Access Control Vulnerability), and CVE-2021-25370 (a amsung Mobile Devices Memory Corruption Vulnerability).
In accordance with Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, US Federal civilian Executive agencies have until November 29th to review their systems and "Apply updates per vendor instructions."
From passwords to phishing, business email compromise to social engineering, Aware Force delivers timely cybersecurity content all year long. Aware Force videos, quizzes, phishing exercises, and cyber news are branded and tailored for your organization. Your organization’s employees and senior leadership will be blown away! Plus, we deliver monthly readership metrics that can help with cyber insurance and compliance. Get 2023 Aware Force pricing here.
Microsoft yesterday released fixes to address sixty-eight issues in its products. By the SANS Institute's tally, "of these, 10 are critical, 1 was previously disclosed, and 4 are already being exploited."
BlackBerry looks at the war against Ukraine and draws some lessons for communications security. They're old lessons, the kind that every war re-teaches (BlackBerry opens with a quotation from the Roman historian Suetonius describing Caesar's use of substitution ciphers), but they're worth reviewing nonetheless. The central lesson is that one should expect one's communications to be intercepted. Whether the opposition can read them in time to use them depends upon the effectiveness (and the general use) of your encryption. BlackBerry points out that businesses as well as armies should keep this in mind.
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.
Today's issue includes events affecting Albania, Australia, Canada, China, the European Union, Iran, Ireland, Israel, the Netherlands, Russia, Ukraine, the United Kingdom, and the United States.
Ukraine at D+258: Russia retreats from Kherson. (CyberWire) Russian Defense Minister Shoigu has taken the advice of his battlefield commander and ordered Russian forces to withdraw from Kherson and its environs, retreating to more defensible positions east of the Dnipro River. What Ukrainian forces had warily regarded as a possible ruse now clearly seems to be a genuine retreat.
Russia-Ukraine war live: Russia orders troops to pull out from west bank of Dnipro river at Kherson (the Guardian) Russian defence minister Sergei Shoigu has ordered his troops to withdraw from the west bank of the Dnipro river
Russia-Ukraine War: Russia Says It’s Withdrawing From Kherson City, a Blow to Putin’s War Effort (New York Times) The city was the only regional capital to fall to Russian forces since they invaded Ukraine in February. A Russian retreat would be a major victory for Kyiv’s forces.
Russia-Ukraine war: List of key events, day 259 (Al Jazeera) As the Russia-Ukraine war enters its 259th day, we take a look at the main developments.
"Stalemate then Breakthrough" – Ukrainian Officer Assesses Current Situation (Kyiv Post) In an exclusive interview with Kyiv Post, Victor Tregubov ...
Russia’s war is now focused and defensive. Ukraine must prepare for a tough winter | Frank Ledwidge (the Guardian) Western-supplied artillery will make Russian troops a sitting target for the Ukrainians, says former military officer Frank Ledwidge
Russian marines blame ‘selfish’ generals for botched attack that killed hundreds of their men (The Telegraph) Battalion of 300 mobilised soldiers was wiped out in an offensive actioned without proper planning
‘Hundreds’ of Russians killed daily as Donetsk is ‘littered with bodies’ (The Telegraph) Many of those killed in eastern Ukraine appear to be civilians mobilised into the army in recent weeks
‘Our leaders may not know when to stop’: boozy confessions of Putin's Little Green Men (The Telegraph) Mark Galeotti’s book Putin’s Wars shows how Russia's army modernised after the chaotic 1990s – but it’s still rife with corruption
Aerial War Over Ukraine Heats Up as Russia Pounds Cities (New York Times) Ukraine, beefing up its air defenses, says Russia has bought ballistic missiles from Iran to replace the precision weapons it is firing at services vital to civilians.
Putin may take ‘catastrophic action’ in Ukraine while Washington mulls the midterms (The Hill) Russia recently reaffirmed its nuclear doctrine by issuing a 345-word statement on its Foreign Ministry website. Western analysts seized on the phrase “a nuclear war cannot be won and must never be…
Ukraine’s Zelensky Sets Conditions for ‘Genuine’ Peace Talks With Russia (Wall Street Journal) Ukrainian President Volodymyr Zelensky said he was open to negotiations with Russia if they are focused on safeguarding Ukraine’s territorial integrity, involve compensation from Moscow to Kyiv and bring to justice perpetrators of war crimes.
Communications Security: Lessons Learned From Ukraine (BlackBerry) The war in Ukraine is teaching us lessons about communications security — lessons that apply to both the battlefield and today’s business world. To consider where secure corporate and government communications go next, download our infographic or watch my complete session from the BlackBerry Security Summit.
Fear and Propaganda: Russian Tactics in Captured Lands (Kyiv Post) The first Ukrainian woman emerged from the evacuation bus shaking with sobs so violent she could barely… - Nov. 09, 2022. By AFP
Welcome to the missile graveyard that holds clues to Vladimir Putin’s war crimes (The Telegraph) Ukrainian inspectors in Kharkiv are scouring spent munitions in the hope of one day bringing the Russian leader to justice
Can Ukraine Survive the Winter? (Foreign Affairs) What the country needs to hold out.
Vladimir Putin is now losing the energy war (The Telegraph) The Kremlin’s dastardly attempt to blackmail the West into turning its back on Ukraine has backfired
It’s time to send fighter jets to Ukraine (The Telegraph) At such a critical moment, combat planes could make the difference between victory and defeat for the West
Made to take on Russia, Swedish Gripen fighter jets should go to Ukraine: Report (Breaking Defense) The recommendation from RUSI reopens debate around Western fighter jets being sent to Ukraine, with the Swedish aircraft being tipped to provide exceptional operation value, especially against Russian long-range missile strikes.
Ukraine Calls for More Anti-Drone Gear as Air-Defense Missiles Arrive (Defense One) NASAMS are now operational in Ukraine, but a new potential threat looms.
Here are the US weapons Ukraine would need to sink Russia's Black Sea Fleet (Task & Purpose) There would be difficulties with providing Ukraine with anti-ship weapons, such as Harpoon and Naval Strike Missiles.
Ongoing Pentagon push to arm Ukraine will have three-star general leading from Germany (Stars and Stripes) A three-star general will lead a new Army headquarters in Germany that will include about 300 U.S. service members responsible for coordinating security assistance for Ukraine, a senior U.S. military official said.
Russia flew €140m in cash and captured Western weapons to Iran in return for deadly drones, source claims (Sky News) A Russian military aircraft secretly transported the cash and three models of munition - a British NLAW anti-tank missile, a US Javelin anti-tank missile and a Stinger anti-aircraft missile - to an airport in Tehran in August, the source told Sky News.
Russia hands captured British anti-tank missile to Iran in exchange for drones (The Telegraph) The Kremlin gave Tehran over £120m in cash along with state-of-the-art weaponry seized from Ukrainian troops
Row brews in Iran over use of its drones in Ukraine war by Russia (the Guardian) Conservative cleric and a newspaper editor openly critical of government’s stance on weapons it supplied to Moscow
Dual-Use Goods Are Fueling Russia’s War on Ukraine (Foreign Policy) Russia’s advanced military systems are dependent on components from the West.
Army Special Ops Is Changing Psyops Training to Reflect Ukraine War (Defense One) Even as some operators chafe at rules that keep them out of the fight, they are keenly interested in how Ukrainians are applying their U.S. training.
NATO, Nazis, Satanists: Putin is running out of excuses for his imperial war (Atlantic Council) Vladimir Putin has blamed his invasion on everything from NATO expansion to Nazis and Satanists. In reality, he is waging an old-fashioned war of imperial expansion with the end goal of extinguishing Ukrainian statehood.
Putin’s Stalin Phase (Foreign Affairs) Isolated, paranoid, and ever more like the Soviet dictator.
How Putin Came to Fear ‘Color Revolutions’ (Foreign Policy) A new graphic novel reexamines the Russian leader’s biography—with lessons for the present.
Why Putin has hated Ukraine for decades – and losing the war could boost his supporters (The Telegraph) Putin's clique would readily isolate Russia to protect their power, writes Owen Matthews in Overreach, a brilliant study of the Ukraine war
Ukraine war: Meet the Georgian Legion joining the fight against Russia's invasion (Sky News) The Georgian Legion have been fighting and training soldiers in Ukraine since 2014, since the annexation of Crimea, with one aim, the destruction of Vladimir Putin.
Pentagon: Xi and Putin ‘edging toward an alliance’ (Defense News) Relationship is not a 'superficial partnership,' says DoD policy chief.
How the midterms could impact the Russia-Ukraine war (The Hill) The midterm elections, which are largely being fought over inflation, crime and other domestic issues, could have a huge impact on America’s role in the Russia-Ukraine war. House Minority Lea…
Ireland Is Europe’s Weakest Link (Foreign Policy) Dublin’s lack of an effective military could have a wider geopolitical fallout.
Europe Should Welcome Russian Draft Dodgers, not Turn Them Back (World Politics Review) Arguments for barring Russian draft dodgers and defectors from entering Europe amid Putin's war in Ukraine don’t stand up to scrutiny.
Orthodox Church of Ukraine to allow Christmas on December 25 as rift with Moscow deepens (CNN) A branch of Ukraine's Orthodox church has announced that it will allow its churches to celebrate Christmas on December 25, rather than January 7, as is traditional in Orthodox congregations.
How Albania Ended Up in Iran’s Cyber Crosshairs (Foreign Policy) Eager to stand out as a steadfast U.S. ally, Tirana often entangles itself in geopolitical issues far from its shores.
U.S. cyber agency says no credible threat to midterm vote despite websites going down (Reuters) The top American cybersecurity agency said on Tuesday it was helping to fix problems with some state websites that were hit by cyberattacks during the U.S. midterm election, but it saw no credible threats aimed at disrupting the voting infrastructure.
Amid intense scrutiny, Americans vote with no major hitches (AP NEWS) The final day of voting in the 2022 midterms unfolded Tuesday without major disruptions or widespread problems, a relatively trouble-free end to the first nationwide election since a campaign of conspiracy theories and false claims began eroding public confidence in the way ballots are cast and counted.
Mississippi election websites knocked out by DDoS attack (The Record by Recorded Future) Several Mississippi state websites were knocked offline during today’s midterm election, in what was the most significant digital disruption of the day, though more could be on the way as ballots are counted.
Cyberattack launched against Mississippi secretary of state's website (WAPT) A cyberattack was launched Tuesday against the Mississippi secretary of state's website.
Champaign County Reports Connectivity Issues on Election Day; Cyber Attack Believed to Be the Cause (NBC Chicago) Champaign County officials reported connectivity issues and computer servicer performance problems on Election Day, possibly due to cyber attacks as the county says it has been targeted repeatedly in the last month.
Misinformation floods the midterms, at times urging violence (Washington Post) Popular online personalities set the table for fraud claims by sowing suspicion about mechanical problems and the time it takes to count ballots
Borderlands: Cyberattack disrupts Mexico's transportation system (FreightWaves) This week in Borderlands: A cyberattack disrupts Mexico’s transportation systems; Heniff Transportation acquires a Texas tanker carrier; Bendix expands in Mexico and the CBP seizes $24 million in drugs the border.
Deloitte India employee caught running a global hacking gang (Candid.Technology) An undercover team of reporters have discovered multiple Indian hackers targeting prominent foriegn personalities.
Exposed: the global hacking network that targets VIPs (Sunday Times) An Indian gang accessed the files of journalists, politicians and critics of the Qatar World Cup
Medibank warns hacker may release more data (CRN Australia) After announcing non-payment of ransom.
‘A criminal act’: Suspected Medibank hackers post stolen data (The Sydney Morning Herald) Medibank confirms the release appears to contain data stolen from the insurer, including hundreds of names, addresses, birthdates, Medicare details and some health claims information.
Five things to do if you’re affected by the Medibank hack (The Sydney Morning Herald) The stolen data ranges from basic personal information to details of medical procedures and claims, all of which could be leveraged by criminals for further attacks. Here are some ways to protect yourself.
New Research Says a Third of Australians Victims of Data Breaches (VOA) Major health insurer says it won’t pay a ransom after huge cyber attack
Hackers post Hereford schoolchildren's records on dark web (Hereford Times) CONFIDENTIAL details about youngsters have been leaked onto the so-called dark web after a Hereford school's data security was breached by computer…
Sobeys suffers major system outage after possible cybersecurity attack (blogTO) A major Canadian grocery retailer's operations have ground to a halt since Friday after what is being described as "a cybersecurity incident.&...
Ransomware attacks on hospitals take toll on patients (NBC News) Ransomware has become one of the toughest problems in cybersecurity and a threat to industries around the world. But it can be especially damaging when it hits hospital chains, causing trickle-down damage for patient care across the country.
CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA) CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
Microsoft November 2022 Patch Tuesday (SANS Institute) This month we got patches for 68 vulnerabilities. Of these, 10 are critical, 1 was previously disclosed, and 4 are already being exploited, according to Microsoft.
November Patch Tuesday Updates | 2022 (Syxsense Inc) Microsoft releases 64 fixes this month including 15 Critical, one Public Aware and 6 Weaponised Threats
Microsoft Fixes Six Actively Exploited Flaws (Decipher) Microsoft did not give further details about the exploitation efforts against the flaws disclosed on Tuesday.
Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks (BleepingComputer) Microsoft has released security updates to address two high-severity Microsoft Exchange zero-day vulnerabilities collectively known as ProxyNotShell and exploited in the wild.
Microsoft Scrambles to Thwart New Zero-Day Attacks (SecurityWeek) Microsoft rushed out patches to cover vulnerabilities that were already exploited as zero-day in the wild, including a pair of belated fixes for exploited Microsoft Exchange Server flaws.
Microsoft patches security flaws under active exploit (Register) Plus: Fixes from Intel, AMD, Citrix and more
ICS Patch Tuesday: Siemens Addresses Critical Vulnerabilities (SecurityWeek) Siemens and Schneider Electric have released their Patch Tuesday security advisories for November 2022.
Council Post: The Necessity Of Cybersecurity In The Nonprofit Sector (Forbes) While network security is important, it is only part of a comprehensive approach to information security. Every organization has different security needs, and there is no one-size-fits-all approach to security.
Q3 2022 Threat Landscape: Insider Threat, The Trojan Horse (Kroll) In Q3 2022, Kroll saw insider threat peak to its highest quarterly level to date, accounting for nearly 35% of all unauthorized access threat incidents. Find out more in Kroll’s Threat Landscape report.
State of Infrastructure Access and Security Report 2022 (Teleport) Over the past three years, organizations across the world have experienced fundamental changes in how they build and run applications, access their infrastructure, and communicate within and across teams. While these changes have been underway for years, the Covid-19 pandemic dramatically accelerated their pace.
Security "sampling" puts US federal agencies at risk (Help Net Security) Titania launched a report that uncovers the impact of exploitable misconfigurations on the security of networks in the US federal government.
Just 25% of business are insured against cyber attacks. Here’s why (CRN Australia) Insurers must develop robust and reliable risk-based models as soon as possible.
Phishing Campaigns Abusing Web3 Platforms Increases 482% in 2022 (Cofense) The term “Web3” refers to a set of technologies intended to decentralize common internet and computing activity. Proponents of decentralization tout the
VMware owners approve $61bn Broadcom merger (CRN) In all 99.61 per cent of the company’s shares — some 352 million — were cast in favour of the deal, with 681,000 opposed, in a vote decided on Friday
Sydney "venture catalyst" Lakeba partners with Microsoft to scale and secure businesses (CRN Australia) Also aims to improve DoxAI digital marketplace.
NortonLifeLock, Avast debut new ‘Gen’ identity (ComputerWeekly.com) The combined NortonLifeLock and Avast consumer cyber business, Gen, says it will serve over 500 million customers worldwide.
Cato Networks Reaches $100 Million ARR in Just Five Years to Become Fastest Growing Enterprise Network Security Startup (PR Newswire) Cato Networks, provider of the world's leading single-vendor SASE platform, announced today that annual recurring revenue (ARR) grew from $1...
Cato Networks achieves Centaur status after reaching $100 million in ARR (CTech) The cybersecurity unicorn grew from $1 million to $100 million in revenue in just five years and said its SASE Cloud has been adopted by over 1,500 enterprise customers
Facebook Parent Meta Announces Layoffs to 11,000 Staff (Wall Street Journal) Meta Platforms said it would cut 13% of staff, embarking on the company’s first broad restructuring to cope with a slumping digital-ad market and falling stock price.
Meta fires 11,000 people (Computing) Facebook parent Meta has committed firing more than 11,000 employees as it faces an economic downturn, dwindling investment and scepticism about its metaverse efforts.
Meta confirms 11,000 layoffs, amounting to 13% of its workforce (TechCrunch) Meta has confirmed a massive round of layoffs, amounting to 11,000 employees or 13% of its total workforce.
WSJ News Exclusive | Meta’s Mark Zuckerberg Says He Is Accountable as Company Preps for Mass Layoffs (Wall Street Journal) Meta Platforms will begin laying off employees on Wednesday morning, CEO Mark Zuckerberg told hundreds of executives.
Elon Musk Sells Almost $4 Billion of Tesla Stock After Twitter Takeover (Wall Street Journal) The sale this month of 19.5 million shares came after the billionaire completed his $44 billion purchase of Twitter.
After Twitter Staff Cuts, Survivors Face ‘Radio Silence’ (WIRED) The long-suffering staffers who remain at the company are scrambling to regroup and adapt to a new management style.
Who’s Rising at Twitter as Musk Overhauls Executive Ranks (The Information) Twitter’s chief marketing officer, Leslie Berland, became at least the ninth senior executive to depart the company since Elon Musk took control last week, in what appears to be a virtual clean sweep of the senior management. The departures put the spotlight on the Twitter staffers who are ...
Bugcrowd Names David Gerry Chief Executive Officer (PR Newswire) Bugcrowd, the leader in crowdsourced cybersecurity, today announced the appointment of Dave Gerry as Chief Executive Officer (CEO). As CEO,...
New Bugcrowd CEO To Channel: ‘We’re Open For Business’ (CRN) Bugcrowd has tapped its chief operating operating officer, Dave Gerry, as its new CEO.
Acalvio Appoints Former Google VP, CISO and Cybersecurity Expert Gerhard Eschelbeck to its Board of Directors (Business Wire) Acalvio Technologies, a leader in cyber deception technology, today announced the appointment of Gerhard Eschelbeck to its board of directors. One of
Winston & Strawn Adds eDiscovery and Information Governance Partner Bobby Malhotra to Los Angeles Office (PR Newswire) Winston & Strawn LLP announced today the addition of Partner Bobby Malhotra in the Los Angeles office. Bobby joins the Litigation Department;...
Rezilion Expands Dynamic SBOM Capability to Support Windows Environments (Rezilion) Rezilion announces the expansion of its Dynamic Software Bill of Materials (SBOM) capability to support Windows environments.
Coalition Introduces New APIs to Power Executive Risks Insurance (PR Newswire) Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, today announced newly available...
SnykLaunch Fall 2022 Helps Companies Successfully Drive DevSecOps (GlobeNewswire News Room) Snyk’s Developer Security Platform Now Secures the Cloud from Code Through Runtime, Enhanced With New Supply Chain Security Capabilities...
Mimecast Partners With Okta to Safeguard Enterprises from Insider Threat Attacks (Mimecast) Flexible API Integration Automates Response Action to Mitigate Damage of Compromised Account Activity; Companies Will Demo Integration at Oktane22
Palo Alto Networks Partners with Zoom to Deliver Exceptional User Experience for Zoom Meetings (PR Newswire) Today at Zoomtopia, Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, announced a commitment with Zoom Video Communications,...
IGEL and VMware Simplify Secure Access to Windows 365 Cloud PC (IGEL) IGEL, provider of the managed endpoint operating system for secure access to any digital workspace, today announced from VMware Explore Europe that it natively supports VMware Horizon Cloud for Windows 365 Cloud PC. As an…
Armis Partners with NextGen Cyber Talent (Armis) Helping develop the next generation of cybersecurity professionals with resources behind cultivating talent
Fortanix Launches DSM Explorer, a Comprehensive “Free Tier” Version of its Industry-Leading Data Security Manager (DSM) SaaS (Business Wire) Fortanix® Inc., the data-first multicloud security company and the pioneer of Confidential Computing, today announced it has launched a
VMware unveils VMware Carbon Black XDR (VMware News and Stories) VMware unveils VMware Carbon Black XDR, significantly improving threat detection and prevention across endpoints and networks.
Theta Lake Delivers Free Patented Technology For Organizations to Better Monitor and Manage Zoom Security Settings (Business Wire) Theta Lake today announced Meetings Risk Manager (MRM), its sixth Zoom-certified module in the Zoom App Marketplace.
Software AG Government Solutions Partners with DH2i to Deliver Certified FedRAMP Solutions for Secure Federal Government Cloud - DH2I (DH2I) Government IT Solutions Leader Deploys DH2i’s DxEnterprise Clustering Software to Achieve Near-Zero Downtime for Its SQL Server Availability Group Kubernetes Cluster FORT COLLINS, CO – November 8, 2022 – DH2i® the leading provider of always-secure and always-on IT infrastructure solutions, and Software AG Government Solutions, today announced they have entered into a partnership. A trusted...
Aqua Security Offers Only Enterprise-Grade Software Supply Chain Solution to Meet Executive Order 14028 (Aqua) Aqua Security is the only enterprise-grade vendor providing software supply chain security attestation to meet the requirements of Executive Order (EO) 14028.
Adaptive Shield Announces 100 SaaS App Integrations for Comprehensive SaaS Security (Business Wire) Adaptive Shield, the leading SaaS Security Posture Management (SSPM) company, today announced it is the first and only SSPM platform to cover 100 SaaS
Data Theorem and AlphaSOC Partner to Offer Industry-First Cloud Extended Detection and Response Combined with Cloud Infrastructure Entitlement Management (Business Wire) Data Theorem, Inc., a leading provider of modern application security, and AlphaSOC, Inc., the Security Analytics Company, today announced their new p
Lacework Extends CNAPP Capabilities with Attack Path Analysis and Agentless Workload Scanning (PR Newswire) Lacework®, the data-driven cloud security company, today announced new cloud-native application protection platform (CNAPP) capabilities for...
Scanning the internet for fun and profit (NCSC) Ian Levy explains how the NCSC's new internet scanning capability will help us understand the UK's vulnerability to cyber attack.
UK government is scanning British internet space for zero-day threat (TechCrunch) The U.K.’s National Cyber Security Centre has launched a new program that will continually scan every internet-connected device hosted in the United Kingdom for vulnerabilities to help the government respond to zero-day threats.
Pentagon to unveil zero-trust cyber strategy (C4ISRNet) Zero trust is often likened to “never trust, always verify.” Or, as Pentagon CIO John Sherman put it: “You truly trust no one or no thing.”
Living Security & CybSafe Propose the First Human Risk Management Maturity Model (PR Newswire) Living Security and CybSafe, today announced a new Human Risk Management Maturity Model, to serve as a standard across the cybersecurity...
CISA expanding cybersecurity education program nationwide (The Record by Recorded Future) CISA is planning to expand a no-cost, virtual environment for K-12 students to learn cybersecurity skills nationwide after the program’s success in Louisiana.
Dutch MEP says illegal spyware ‘a grave threat to democracy’ (the Guardian) European Commission wears ‘velvet gloves’ when dealing with spyware used on citizens, says chief of inquiry on hacking software such as Pegasus
MEPs probing Pegasus spyware scandal: EU, member states ‘are practicing omertà’ (Times of Israel) The European Parliament’s inquiry committee investigating the use of surveillance spyware by the bloc’s governments says the EU’s executive arm and member countries are failing to properly tackle a surveillance scandal that has targeted opposition politicians and journalists.
Four questions with France’s military cyber mission lead (Defense News) France foresees its future military force as heavily relying on systems of systems, whose networks are interconnected across the battlefield.
Cyber capability fund for Australian police boosted to $51m (CRN Australia) Spending to include software procurement and training.
Tech giants and business warm to Labor’s privacy bill but point to flaws in drafting (the Guardian) Business Council of Australia warns of ‘unintended drafting error’ in privacy bill
AIIA calls on Government to reconsider data breach penalties as part of Privacy Act review (CRN Australia) After harsher punishments proposed.
Tech groups call bill to increase data breach penalties 'overreach' (IAPP) Tech groups called Australian privacy legislation that increases data breach penalties to $50 million or more "overreach" by targeting overseas customers.
US reissues sanctions on Tornado Cash, tying it to North Korea's nuclear weapons program (The Record by Recorded Future) The Treasury Department reissued sanctions on the Tornado Cash cryptocurrency mixer on Tuesday for helping North Korean hackers launder stolen funds.
House, Senate changes could slow legislative momentum for cybersecurity (Washington Post) The remade legislative map for cybersecurity
Senior Army, industry leaders discuss evolution of cyber operations, information advantage (DVIDS) The U.S. Army’s top Cyber, Intelligence and Signal officers joined a U.S. senator, the Army’s chief civilian cyber advisor and a cyber company executive recently to discuss information advantage and the future of Army cyber.
MITRE’s Response to the ONCD RFI on a National Cyber Workforce Strategy (MITRE) MITRE’s data-driven responses to a White House inquiry requesting input into the development of a national cybyer workforce strategy.
China planted spies in Canadian parliament (The Telegraph) Justin Trudeau accuses Beijing of 'aggressive games' amid reports of agents placed in MPs' offices to influence policy
US States Announce $16M Settlement With Experian, T-Mobile Over Data Breaches (SecurityWeek) 40 US states have announced reaching a $16 million settlement with Experian and T-Mobile over data breaches suffered in 2012 and 2015.
Experian, T-Mobile fined $16m for spilling 18m people's data (Register) Two breaches: one in 2012, another in 2015 – saw 18m folks' records stolen
40 States Obtain $16M Settlements with Experian, T-Mobile Over Data Breaches (Insurance Journal) A coalition of 40 state attorneys general has obtained two multistate settlements for $12.67 million with credit data firm Experian concerning data
For a complete running list of events, please visit the Event Tracker.
2022 Maryland STEM Festival (Various locations, Maryland, USA, Oct 14 - Nov 13, 2022) The 2022 Maryland STEM Festival will continue its mission to encourage all students, regardless of age, background, and experience to take a greater interest in STEM with the hope that they will pursue a STEM career. The month-long Festival will take place October 14 - November 13, all across Maryland. This year's theme is Cyberscurity and Information Technology. There will be over 300 in-person and virtual STEM-focused events, bringing together thousands of STEM-curious students of all ages for STEM talks, career discussions, hands-on learning, plus comedy shows, music performances, trivia nights and other activities. The Festival is currently seeking partners to participate in events and sponsors to fund this critical mission. The Festival needs your help as it works toward ensuring a diverse, STEM workforce that is critical to Maryland's economic success.
Oktane22 (San Francisco, California, USA, Nov 8 - 10, 2022) Come to Oktane and learn why having an Identity First strategy is imperative in enabling organizations like yours to be more agile and more secure. All while building more meaningful connections with your customers and employees along the way.
IT Nation Connect 2022 (Orlando and virtual, Florida, USA, Nov 9 - 11, 2022) IT Nation Connect is the premier thought-leadership conference for TSPs designed to promote education, inspiration, and networking in the community. We create a fun environment for attendees to learn and grow through collaborative and genuine peer interaction. You're sure to leave the conference with inspiration and concrete steps for their businesses.
Converge (Austin, Texas, USA, Nov 14 - 17, 2022) Join thousands of global IT and Security professionals for four-days of engaging keynotes, informative breakout sessions and technical Hands-On Labs. Learn how Tanium is converging IT, Compliance, Security and Risk to bring teams together with a single platform and shared source of truth for complete visibility, control and trust to IT decision making. Optimize your cybersecurity readiness, develop new skills and gain new best practices for how to overcome IT and security challenges and achieve success with Tanium.
Cyber Security for Critical Assets Summit (São Paulo, Brazil, Nov 15 - 16, 2022) #CS4CA LATAM is an exclusive platform promoting in-depth cyber security knowledge and collaboration among IT and OT security leaders from Latin America’s critical industries, including Oil & Gas, Chemical, Utilities, Information & Communication Technologies, Healthcare, and Transportation. Senior cyber security professionals share first-hand insights through real-life case studies, panel debates, and keynote presentations while bringing forth urgent topics to be discussed over roundtables and networking breaks.
