Dateline
Ukraine at D+265: A missile campaign punctuates diplomacy. (CyberWire) A Ukrainian air defense missile falls into Poland in the midst of a widespread series of Russian missile strikes aimed at disabling Ukraine's power grid. Ukraine offers the "G19" the benefits of its experience in cyber defense.
Russia-Ukraine War: Explosion in Poland Kills Two Near Border With Ukraine (New York Times) Poland indicates that a Russian-made missile was to blame for the explosion, while the Kremlin denies involvement.
Russia-Ukraine war live: missile strike in Poland likely an accident by Ukraine air defence, says Warsaw (the Guardian) Polish president says no sign that incident was part of an intentional attack; Nato says Russia ‘bears responsibility’ for Polish missile incident
Poland, NATO say missile strike wasn't a Russian attack (AP NEWS) NATO member Poland and the head of the military alliance both said Wednesday there is “no indication” that a missile that came down in Polish farmland, killing two people, was an intentional attack, and that air defenses in neighboring Ukraine likely launched the Soviet-era projectile to fend off a Russian assault that savaged its power grid.
Ukraine-Russia war latest: Polish president says missile strike was likely Ukrainian and not 'intentional attack' (The Telegraph) A missile that hit Poland on Tuesday was most likely Ukrainian and was not an “intentional attack”, the president of Poland said.
Polish president says missile that hit village was probably 'old' S-300 rocket (Reuters) The missile that caused an explosion in a Polish village near the Ukrainian border was probably an S-300, the Polish president said on Wednesday.
Biden: 'Unlikely' missile that hit Poland fired from Russia (AP NEWS) President Joe Biden said Wednesday it was “unlikely” that a missile that killed two in NATO-ally Poland was fired from Russia, but he pledged support for Poland's investigation into what it had called a “Russian-made” missile.
Biden Tells Allies Polish Blast Caused by Ukrainian Defenses (Bloomberg) President says explosion ultimately sparked by Russian strikes. Ambassadors of NATO members meet in Brussels on Wednesday.
Ukraine Latest: Poland Says Russian-Made Missile Hit Village (Bloomberg) Poland said late Tuesday that a Russian-made missile had hit a village near the country’s border with Ukraine, killing two people. NATO said it would hold an emergency meeting of its ambassadors on Wednesday to discuss the events in Poland. Polish President Andrzej Duda told reporters in Warsaw that it wasn’t clear who launched the missile.
Two dead in Poland as Ukraine war spills into NATO territory (Washington Post) The Polish government said a Russian-made missile fell into the village of Przewodów, about five miles from the Ukrainian border.
Missiles Reportedly Land in Poland as Russia Pummels Ukraine (Foreign Policy) The explosion on NATO soil is the first such incident this year.
Russian missile hits Nato member Poland, leaving two dead (The Telegraph) Poland steps up military readiness and Nato prepares for talks after Russia blamed for strike
Минобороны России назвало провокацией заявления о падении "российских" ракет в Польше (TACC) В ведомстве подчеркнули, что российские средства поражения не наносили удары вблизи украинско-польской госграницы
Remarks by President Biden on the Explosion and Loss of Life in Eastern Poland (The White House) Grand Hyatt HotelBali, Indonesia 9:53 A.M. CIT THE PRESIDENT: Thanks for being here. I -- as you saw, I just met with the leaders of NATO and the G7 and
UK, Canada stress importance of full probe into Poland missile strike (Reuters) British Prime Minister Rishi Sunak and Canadian Prime Minister Justin Trudeau spoke to Ukrainian President Volodymyr Zelenskiy to stress the importance of a full investigation into a missile strike on Poland, Sunak's office said on Wednesday.
NATO says Poland blast likely caused by Ukrainian missile, but Moscow bears responsibility (Reuters) NATO's secretary-general said Tuesday's blast in Poland was likely caused by a Ukrainian air defence missile but that Russia was ultimately responsible because it started the war.
Joint Statement of NATO and G7 Leaders on the Margins of the G20 Summit in Bali (The White House) Today, the Leaders of Canada, the European Commission, the European Council, France, Germany, Italy, Japan, the Netherlands, Spain, the
After Moscow blamed for explosions in Poland, all eyes on NATO (Breaking Defense) A US intelligence official reportedly blamed the blasts on Russia, though the Pentagon said it could not corroborate that report and was investigating. Analysts cautiously downplayed the potential for escalation.
Nato's options after Russian missile hits Poland: from sit-down talks to a full-blown military response (The Telegraph) Invoking the collective defence doctrine of Article 5 one possibility, but it needn't mean WWIII, analysts caution
Why are NATO Articles 4 and 5 being discussed after the blast in Poland? (Washington Post) Two people were killed in explosions Tuesday in the Polish town of Przewodow on the border with Ukraine, according to a Polish official. The incident came amid a day of heavy Russian strikes on Ukrainian territory, but it was unclear where the reported strike in Poland came from, or whether it was deliberate.
G-7, NATO leaders weigh response to Poland missile strike (Nikkei Asia) Russia denies responsibility; Biden says may not have been fired by Moscow
Ukraine-Russia war: Xi Jinping 'calls for respect of Ukraine's territorial integrity' (The Telegraph) Russia is now engaged in a defensive operation in Ukraine following its withdrawal from the southern city of Kherson, a Western official said on Tuesday.
Russian missiles plunge Ukraine into darkness hours after Zelensky’s G20 speech (The Telegraph) More than 100 missiles destroy electricity systems across several cities in apparent retaliation against Ukrainian president’s address
Ukraine live briefing: Barrage of strikes hit targets across country; Zelensky outlines peace conditions to G-20 (Washington Post) Ukrainian officials said Russia launched a new wave of strikes Tuesday on targets across the country, including in the capital, Kyiv, where Mayor Vitali Klitschko reported that two residential buildings were hit. Footage posted to Telegram by an adviser to Ukrainian President Volodymyr Zelensky showed what appeared to be a building engulfed in flames.
CIA director met Zelensky in Kyiv as Russian missiles targeted capital (Washington Post) CIA Director William J. Burns was in the U.S. Embassy and was not hurt in the assault, which occurred a day after he met with his Russian counterpart in Turkey
Ukraine needs urgent help to counter Putin’s energy infrastructure attacks (Atlantic Council) Ukraine urgently needs international support in order to counter Moscow's campaign of airstrikes against the country's energy infrastructure and prevent Putin from freezing Ukrainians into submission this winter.
The West has declared total victory over a humiliated Putin far too soon (The Telegraph) The G20 will show that the idea the whole world is united against Russia is little more than a delusion
G20 leaders declaration denounces ‘Russian aggression’ in Ukraine (Al Jazeera) International law must be upheld, the communique says, adding the threat of the use of nuclear weapons was inadmissible.
Russia sees its role on the global stage diminished by Ukraine war (Washington Post) From the U.N. climate negotiations at this beach resort on the Red Sea to the Group of 20 meetings on the shores of Bali, Russian diplomats found themselves on the outside looking in at key global gatherings this week — shunned and excluded over Vladimir Putin’s war in Ukraine.
In G-20 talks, China objects to calling Russian invasion of Ukraine a ‘war’ (Washington Post) China joined Russia to oppose using “war” to describe Vladimir Putin’s invasion of Ukraine in a joint communique at the Group of 20 summit in Indonesia, attempting to undercut an effort by the United States and allies to condemn the conflict in the strongest terms possible.
How Ukrainians are using pirated movies to bring war's reality to Russian viewers (The Record by Recorded Future) The group Torrents of Truth is uploading footage about the Ukraine War into pirated versions of movies and tv shows.
Russia-Ukraine war prompts EU proposal of coordinated cyber defenses (SC Media) Cyberattacks amid the ongoing war between Russia and Ukraine have pushed the European Commission to propose a new cybersecurity policy urging member states to "significantly increase" collaborative modern military cyber defense capabilities, as well as bolster its ties with NATO, reports The Record, a news site by cybersecurity firm Recorded Future.
Zelensky offers G20 leaders to use Ukrainian experience in cyber defense (Ukrinform) President of Ukraine Volodymyr Zelensky offered participants of the G20 summit, apart from representatives of the Russian Federation, to use Ukrainian experience in cyber defense. — Ukrinform.
Cyber Norms in the Context of Armed Conflict (Lawfare) United Nations norms related to nation-state cyberspace operations clearly apply during peacetime, but recent events in Ukraine and Russia raise challenges regarding those norms’ applicability in armed conflict.
Odesa rejects Catherine the Great as Putin’s invasion makes Russia toxic (Atlantic Council) Work is underway to dismantle a controversial monument to Russian Empress Catherine the Great in Ukrainian Black Sea port city Odesa as Vladimir Putin's invasion forces Ukrainians to rethink historic ties with Russia.
US has intelligence Russia may have factored midterms into timing of Kherson announcement: report (The Hill) New intelligence indicates Russia may have factored the U.S. midterm elections into its recent withdrawal of troops from occupied Kherson in Ukraine, CNN reports. According to CNN, Russian official…
WSJ News Exclusive | Ukrainian Analysis Identifies Western Supply Chain Behind Iran’s Drones (Wall Street Journal) Russia’s use of unmanned aircraft provided by Tehran and assembled with foreign-made parts demonstrates the limits of international sanctions.
EU launches military training mission for Ukraine’s armed forces (Al Jazeera) Up to 15,000 Ukrainian soldiers will be trained in different European member states as a part of the assistance mission.
White House requests $38 billion more in Ukraine aid (Defense News) If Congress passes the request, it would bring the Ukraine aid total to more than $100 billion since March amid growing House Republican resistance.
Britain to significantly ramp up production of artillery shells after handing thousands to Ukraine (The Telegraph) Britain has sent at least 16,000 artillery rounds to Ukraine since the start of the war
Russia’s Road to Economic Ruin (Foreign Affairs) The long-term costs of the Ukraine war will be staggering.
Attacks, Threats, and Vulnerabilities
SandStrike spyware spreads through VPN — Kaspersky (Backend News) Sandstrike, a a previously unknown Android espionage campaign, has been spreading spyware to a Persian-speaking religion minority, Baháʼí. According to cybersecurity solutions company Kaspersky, Sandstrike distributes the spyware using virtual private network (VPN).
Dtrack expands its operations to Europe and Latin America (Securelist) In recent campaigns DTrack targets organizations in Europe and Latin America, and uses more delivery stages.
North Korean hackers target European orgs with updated malware (BleepingComputer) North Korean hackers are using a new version of the DTrack backdoor to attack organizations in Europe and Latin America.
Chinese hackers target government agencies and defense orgs (BleepingComputer) The Chinese espionage APT (advanced persistent threat), tracked as 'Billbug' (aka Thrip, or Lotus Blossom), is currently running a 2022 campaign targeting government agencies and defense organizations in multiple Asian countries.
Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots (Mitiga) A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.
Official Army app had Russian code, might have harvested user data (Army Times) At least a thousand people downloaded the app, which delivered updates for troops at the National Training Center.
New RapperBot Campaign – We Know What You Bruting for this Time (Fortinet Blog) FortiGuard Labs provides an analysis on RapperBot focusing on comparing samples for different campaigns, including one aiming to launch Distributed Denial of Service (DDoS) attacks. Read our blog t…
WASP Attack on Python — Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of Victims (Medium) In early November, several malicious packages were reported by Phylum and CheckPoint. We link these two reports to the same attacker with…
Log4Shell-like code execution hole in popular Backstage dev tool (Naked Security) Good old “string templating”, also known as “string interpolation”, in the spotlight again…
OopSec – The Mistakes Made by Top APTs (SafeBreach) Gain insights into the inner workings of cybercriminals from SafeBreach Labs’ research into the stupid mistakes prominent APT groups have made.
MFA Fatigue attacks are putting your organization at risk (BleepingComputer) A common threat targeting businesses is MFA fatigue attacks—a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts. This article includes some measures you can implement to prevent these types of attacks.
Mapping the Ransomware Payment Ecosystem: A Comprehensive Visualization of the Process and Participants (Institute for Security and Technology) Central to our ability to mitigate the threat of ransomware is the development of a common understanding of the actors, stakeholders, processes, and information, both required for and produced during the ransomware payment process. Yet, when we began this work, such a picture did not exist. We undertook this effort to fill that gap.
Specops Research Reveals Top Passwords Contributing to RDP Port Attack (PRWeb) Specops Software, a leading provider of password management and user authentication solutions, today released new research analyzing the top passwords used in
Cryptomining, DDoS attacks launched by novel KmsdBot malware (SC Media) Numerous security firms, gaming companies, and luxury car manufacturers have been targeted by the new KmsdBot malware, which uses the Secure Shell cryptographic protocol to facilitate cryptocurrency mining and distributed denial-of-service attacks.
Checkmk: Remote Code Execution by Chaining Multiple Bugs (3/3) (SonarSource) This last article of the series determines how an attacker can chain two further vulnerabilities to fully take over a Checkmk server.
World Cup apps pose a data security and privacy nightmare (Register) Unless you're fine with Qatar snoops remotely accessing your phone
World Cup Brings Two Million Visitors and an Epic Culture Clash to Qatar (Wall Street Journal) Unaccustomed to Western tourists, wealthy Muslim monarchy hopes to set aside controversies as rowdy fans flood in; the alcohol question.
French agency warns World Cup fans to get burner phones for Qatar apps (POLITICO) Avoid naughty pictures and scrub your phone to keep clear of state snoopers, French regulator says.
Whoosh confirms data breach after hackers sell 7.2M user records (BleepingComputer) The Russian scooter-sharing service Whoosh has confirmed a data breach after hackers started to sell a database containing the details of 7.2 million customers on a hacking forum.
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info (Hot for Security) As the biggest sales event of the year looms large, online crooks are starting to target eager consumers looking to save big on Black Friday.
Expert sheds light on cyberattack after MI schools hit with ransomware (WLNS 6 News) School leaders in Jackson and Hillsdale County said staff are working around the clock to investigate a ransomware attack that locked the district accounts. Officials …
Dallas Central Appraisal District Systems Still Down a Week After Ransomware Attack (Dallas Observer) The Dallas Central Appraisal District is still working to get all of its systems back online after a ransomware attack last week.
Cyber attack disrupts operations at Maple Leaf Foods, Canada's largest processed meat producer (teiss) Maple Leaf Foods, Canada’s largest processed meats and poultry food producer, suffered a cyber attack last week that caused a systems outage and disruption to operations.
Singpass outage on Tuesday due to system component malfunction, not cyber attack: GovTech (The Straits Times) The problem started to surface at around 11.30am and stretched across lunch hour.
Read more at straitstimes.com.
November 15 CISA KEV Breakdown | Microsoft MotW Bypass (Nucleus Security) In this Breakdown, Nucleus experts explore the one vulnerability added to the KEV on November 15, 2022.
Vulnerability Summary for the Week of November 7, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Trends
State-Backed APT Group Activity Continuing Apace (Infosecurity Magazine) The report outlines recent APT group activity from Russia, China, Iran and North Korea
44% of Financial Institutions Believe Their Own IT Teams Are the Main Risk to Cloud Security (Netwrix) Only 30% of respondents from other industries are as concerned about the risks associated with their IT staff.
The Emergence of the Zero Trust Consumer: 92% of Consumers Believe Online Security Threats Will Continue to Outpace Security Technology (Business Wire) A new survey report from Daon, the Digital Identity Trust company, shows 92% of consumers believe that cybersecurity threats will continue to outpace
Medibank customers whose healthcare data has been compromised are being contacted from today, CEO says (ABC) Medibank’s boss says the company will begin directly communicating with nearly half a million customers whose health data is believed to have been stolen, weeks after it first became aware hackers had breached its customer database.
Ransomware Activity Doubles in Transportation and Shipping Industry (Business Wire) Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released The Threat Report: Fall 2022 from it
HR-related phishing emails more likely to be clicked (HR Reporter) Employers told to prioritize security awareness amid increased cyber threats
Holiday, Weekend Ransomware Attacks Continue to Hit Companies Hard (Cybereason) As the holidays approach, security leaders wanting to give their teams some much deserved extra time off may get caught in a bind. After all, ransomware actors love to wreak havoc when organizations’ human defenses are trying to sleep in heavenly peace.
New Research from Smart Communications and OneSpan Details Key Trends in Embedded Lending and Customer Experience (GlobeNewswire News Room) STUDY: 93 percent of executives believe embedded lending is a “survival factor” in an increasingly competitive lending market...
Marketplace
Cloudbrink emerges from stealth with $25 million backing to transform the hybrid workplace (PR Newswire) Cloudbrink today announced $25 million in venture funding led by Highland and The Fabric co-creation studio to launch the industry's first...
CACI's $2.4B NSA win faces challenges (Washington Technology) The National Security Agency will take another look at bids after a pair of protests.
WSJ News Exclusive | FTX Founder Sam Bankman-Fried Attempts to Raise Fresh Cash Despite Bankruptcy (Wall Street Journal) The cryptocurrency exchange filed for bankruptcy last week, but Sam Bankman-Fried still thinks he can raise enough money to make users whole, people familiar with the matter said.
FTX's New Leadership Is in Touch With Regulators, May Have Over 1M Creditors, New Filings Say (CoinDesk) FTX filed its first substantive look at the exchange's bankruptcy process days after declaring bank
New York Times Runs Softball Article on FTX's Sam Bankman-Fried (Gizmodo) The Times paints a picture of a troubled businessman who made bad investments, rather than an industry built like a house of cards.
Flight to safety? Crypto-friendly banks could capitalize on FTX meltdown. (American Banker) The fall of a major cryptocurrency exchange and subsequent drop in digital currency prices represent an opportunity to some bankers, who say investors and businesses will turn to regulated companies for crypto help.
Who is billionaire FTX co-founder Gary Wang and why is he still committing code? (The Block) Sources paint a picture of a quiet man who liked to get lost in coding. "If there's a back door in the infrastructure it's hard to think wouldn't know,” said one.
A former Facebook security chief told Elon Musk on Twitter to stop firing engineers for correcting Musk's 'clear misstatements' (Business Insider) Elon Musk has fired several Twitter engineers who have publicly disagreed with him in the last few days. A former Facebook exec advised Musk to stop.
The Sacrificial CISO heralds a new age for cybersecurity (Computing) There are many different types of CISO, with many different backgrounds and reporting in to many different business lines. One thing they have in common is their wide, strategic view they of the business - or at least, it should be.
ShiftLeft Appoints Cybersecurity Veterans Gary Davis as Chief Revenue Officer (ex-McAfee/Intel) and Chris Hatter (ex-Nielsen) as Chief Information Security Officer (ShiftLeft) Cybersecurity Veterans Gary Davis as Chief Revenue Officer (ex-McAfee/Intel) and Chris Hatter (ex-Nielsen) as Chief Information Security Officer join the ShiftLeft executive team.
Cyara Accelerates Growth With Senior Global Appointments (Business Wire) Cyara, provider of the leading Automated Customer Experience (CX) Assurance Platform, has appointed Max Lipovetsky to the role of VP Products and Russ
Former CACI Exec Barbara Graham Joins GDIT as VP, General Manager of Navy, Marine Corps Accounts (GovCon Wire) Looking for the latest GovCon News? Check out our story: Barbara Graham Joins GDIT as VP, General Manager of Navy, Marine Corps Accounts. Click to read more!
OneSpan Appoints M. Samy Ibrahim As Chief Revenue Officer to Fuel Next Stage of Growth (OneSpan) Ibrahim promoted to drive sales expansion and profitable revenue growth
Products, Services, and Solutions
Google Workspace makes the government agencies more resilient (Google Cloud Blog) Google offers Continuity of Operations via Google Workspace for its collaboration and continuity needs, ensuring continued effective and secure work in the event of an attack.
Axiad Releases Certificate-Based Authentication (CBA) for IAM to Amplify Protection for Organizations with Existing Identity Security Systems (Axiad) Axiad Cloud Extends Functionality of Identity Access Management (IAM) Systems to Deliver Phishing-Resistant, Multi-Factor Authentication...
Allot NetworkSecure Selected by Verizon to Provide Network-based Cybersecurity Protection to their SMB Customers (GlobeNewswire News Room) Hod Hasharon, Israel, Nov. 15, 2022 (GLOBE NEWSWIRE) -- Allot Ltd. (NASDAQ: ALLT) (TASE: ALLT), a leading global provider of innovative network...
Egnyte Strengthens Secure File Sharing Platform, Providing Customers with Enhanced User Experience (PRWeb) gnyte, the secure platform for content collaboration and governance, announced several product enhancements that will improve the overall user exp
SentinelOne Integrates with Ping Identity for Autonomous Response to Security Threats (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced a Singularity XDR platform expansion with Ping Identity, enabling
Okta Introduces Okta for US Military, a Purpose-Built Identity Environment for the U.S. Department of Defense (Business Wire) Okta, Inc. (NASDAQ: OKTA), a leading independent identity provider, today announced Okta for US Military – a new IL4 identity environment built exclus
LookingGlass Cyber Renews and Expands Support for Critical U.S. Federal Agency (GlobeNewswire News Room) Expanded Partnership Provides Timely Cyber Threat Intelligence and Attack Surface Insights to Essential Missions...
Bishop Fox turns to penetration testing to secure the attack surface (VentureBeat) Bishop Fox announces it has raised $46 million in growth funding for a solution designed to continuously monitor the attack surface.
Your supply chain is probably a mess, Microsoft says it has the answer (ZDNET) Microsoft's new supply chain platform and center aim to give enterprises better visibility into supply chain disruptions.
GuidePoint Security Names Keeper Security as the Newest Member of the Company’s Federal Emerging Cyber Vendor Program (Business Wire) GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that Keeper
SecureAuth Announces Arculix Universal Authentication Fabric™ to Strengthen Passwordless Continuous Authentication (SecureAuth) SecureAuth, a leader in access management and authentication, today announced its Arculix Universal Authentication FabricTM to further strengthen the technology to enable organizations for passwordless continuous authentication. Arculix Universal Authentication FabricTM is a technology framework that delivers authentication driven by artificial intelligence (AI) and machine learning (ML) behavioral […]
Technologies, Techniques, and Standards
Why is CBA Hot Right Now? - Axiad (Axiad) Why is certificate-based authentication (CBA) so popular? Let's look at CBA cybersecurity and why so many solutions are using it.
SCIFs Are Spy-proof Places for America's Top Secrets (HowStuffWorks) SCIFs are spy-proof, highly secure facilities designed for viewing and working with sensitive national security secrets. We talk to a former general counsel for the NSA to find out how they work.
Design and Innovation
Confidential computing critical for cloud security, Google and Intel say (Cybersecurity Dive) Confidential computing aims to isolate and encrypt data in use. The technology is young, but it could deliver significant gains for cloud security.
IBM raises cybersecurity red flag, warns against quantum computing threats (Business World) Governments need to invest in cybersecurity that can defend against the future threat of bad actors using quantum computers that are exponentially faster than ordinary machines, a cryptography expert said.
Academia
US Advises Academic Researchers on Stopping Chinese Spying (Bloomberg) Beijing has long denied allegations about intellectual property theft
Report: K-12 Orgs Concerned about Security Budget, Threats (CIS) We provide an overview of the MS-ISAC K-12 Report including where K-12 organizations stand in terms of their cybersecurity resources.
‘Data-Rich, Resources-Poor’: CIS Report Targets Gaps in K-12 Cyber (GovTech) K-12 schools, with their wealth of data and limited resources, are tempting targets to ransomware criminals and hacktivists, says a new report. Nonprofits offer free support, but some say the federal government must do more.
Legislation, Policy, and Regulation
Can Cyber Sovereignty Rein In Cyber Anarchy? – Analysis (Eurasia Review) By Anubha Gupta In 1983 at Camp David, President Ronald Reagan watched the then new Hollywood thriller WarGames in which a teenager hacks into the North American Aerospace Defence Command causing W…
India removes ban on VLC media player after cybersecurity concerns addressed (The Record by Recorded Future) India has removed its controversial ban on VLC media player after the company went through an appeals process.
China’s Cyber Capabilities ‘Pose a Serious Threat’ to US, Advisory Panel Warns (Nextgov.com) The panel’s report also called for the Biden administration to consider revoking China’s status as a favored trading partner if a congressional review finds that Beijing is not complying with its commitments.
TikTok poses national security concerns, FBI director (Computing) The Chinese app can be used as a weapon against the US, he warns
The US’s New Tool for Deterrence Isn’t Ready (Defense One) The “SOF, space, and cyber triad” is meant to serve as an integrated deterrent, much like the nuclear triad.
Hillicon Valley — DHS focused on private sector, foreign partnerships (The Hill) During a House hearing on worldwide threats, Homeland Security Secretary Alejandro Mayorkas told lawmakers that improving partnership with the private sector and foreign agencies is “vital…
DHS stalls on plan for responding to cyber catastrophe (Washington Post) There’s not a peep from DHS about a plan for a cyber doomsday, despite nearly two years to develop it
Deadline looms for plan to restart economy in case of major cyberattack (FCW) Lawmakers have been urging the Biden administration to develop a strategy first mandated in the Fiscal 2021 NDAA.
Lawmakers press Biden officials on cyber reporting rules as threats from nations, ransomware evolve (SC Media) The future of CISA and breach-reporting requirements floated at House Homeland Security Committee as FBI, DHS directors update members on malicious activity in the national security environment.
DHS Chief Appears to Back Status Quo Approach for Securing Critical Infrastructure (Nextgov.com) The Biden administration is looking to Congress for help with ‘filling gaps in statutory authorities’ for improving U.S. cybersecurity.
FACT SHEET: Biden-Harris Administration Accomplishes Cybersecurity Apprenticeship Sprint | The White House (The White House) Cybersecurity becomes more essential to our economy and our critical infrastructure – like financial institutions, personal data, and even our elections –
Biden administration completes cyber apprenticeship sprint (The Record by Recorded Future) The Biden administration on Tuesday wrapped a 120-day cybersecurity apprenticeship sprint, part of a larger effort to fill a long-standing workforce shortage.
Litigation, Investigation, and Law Enforcement
Two enormous cyberattacks convince Australia to 'hack the hackers' (Washington Post) Australia has had enough. But going on offense against cyberspace tormentors has some downsides.
Twitter Turmoil Sparks ‘Close’ Privacy Scrutiny in EU (Bloomberg) Company’s main privacy watchdog met with Dublin team Monday. Regulator says Twitter named Monteiro as acting data chief.
European Commission starts investigating Broadcom-VMware merger (Company) Regulators' initial decision expected on 20th December
Breaches of personal data at DOD have doubled since 2015 (FCW) A recent oversight report detailed that the Defense Department experienced nearly 1,900 breaches of personally identifiable information in 2021 and may need a better system for informing affected individuals.
VCs Consider Suing Bankman-Fried (The Information) Venture capitalists who collectively plowed billions of dollars into FTX are discussing whether to sue Sam Bankman-Fried for alleged fraud, two people familiar with the matter said. A lawsuit would be aimed at recovering money to offset what shareholders have likely lost now that FTX has filed ...
Top Zeus Botnet Suspect “Tank” Arrested in Geneva (KrebsOnSecurity) Vyacheslav “Tank” Penchukov, the accused 40-year-old Ukrainian leader of a prolific cybercriminal group that stole tens of millions of dollars from small to mid-sized businesses in the United States and Europe, has been arrested in Switzerland, according to multiple sources.
Arrest of Ukrainian in Cybercrime Case Shows Patience Pays (Bank Info Security) The arrest of a Ukrainian national long wanted on cybercrime charges in the U.S. shows that with much patience, law enforcement can nab suspects. A key member of