Dateline Moscow and Kyiv: a kinetic assault against Ukrainian civil infrastructure.
Ukraine at D+266: Missile strikes and aggrieved amour propre. (CyberWire) Russia's bombardment of Ukrainian cities and infrastructure resumes (but against a general background of combat failure).
Ukraine-Russia war latest: Russia rains down missiles across Ukraine (The Telegraph) Terrifying video footage shows the moment commuters were shaken on their way to work as missiles rained down on the city of Dnipro on Thursday.
Russia-Ukraine war live: two killed in Zaporizhzhia in new Russian strikes; world leaders welcome grain deal extension (the Guardian) Kyiv and Dnipro air defence systems working to shoot down incoming rockets; UN chief among leaders welcoming extension of Black Sea grain deal
Russia-Ukraine war: List of key events, day 267 (Al Jazeera) As the Russia-Ukraine war enters its 267th day, we take a look at the main developments.
Russia launches new Ukraine barrage as grain deal extended (AP NEWS) Russian airstrikes inflicted more damage on Ukraine on Thursday, with the latest barrage smashing into energy infrastructure, apartment buildings and an industrial site. At least four people were killed and more than a dozen others wounded in drone and missile strikes around the country, authorities said.
Russia under fire over Ukraine missile attacks, Poland deaths (Al Jazeera) At UN Security Council, US and allies say Russia to blame for Poland ‘tragedy’ because it chose to invade Ukraine.
The hunt for who struck Poland and the clues they left behind (The Telegraph) Images from the crash site suggested the missile was fired by a Soviet-era S-300 air defence system produced in the 1970s
In a tranquil Polish village, terrified residents thought Russia had come to attack (The Telegraph) Children watched missile that would leave two dead exploding in Przewodow, just metres from their school
Pentagon says Poland blast likely caused by Ukrainian missile (Defense News) Defense Secretary Lloyd Austin became the latest U.S. official to back Poland’s preliminary conclusion.
Russia Demands an Apology for Poland Missile Panic (The Daily Beast) Two people were killed when a Russian-made missile struck a farm in what NATO has deemed an accident. Russia is now portraying itself as the victim.
Barrage of Russian missiles causes blackouts across Ukraine (Al Jazeera) Ukraine’s energy minister says the wave of attacks was the biggest bombardment of power facilities in war so far.
Inside Kherson's torture chambers where Russians electrocuted anyone who went against them (The Telegraph) Ukraine has said it has discovered at least 60 bodies with signs of torture so far in the newly liberated region
Russia Sanctions Disrupting Putin’s Military Efforts, Treasury Official Says (Wall Street Journal) Among the steps the U.S. Treasury is taking to make sure its use of sanctions are effective is the hiring of a new sanctions economist, according to Undersecretary Brian Nelson.
Russia's economy has finally fallen into recession, 8 months after it invaded Ukraine (Business Insider) Russia's GDP contracted by 4% year-on-year in the third quarter of 2022, after a 4.1% on-year decline in the second quarter.
Ukraine Contact Group Is Key to Helping Ukraine's Defense (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III convened the seventh Ukraine Defense Contact Group meeting, telling the assembled international partners that their efforts have made a difference in helping
Secretary of Defense Lloyd J. Austin III and Army General Mark A. Milley, Chairman, Joint (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III and Chairman of the Joint Chiefs of Staff General Mark A. Milley held a press conference following the Ukrainian Defense Contact Group meeting.
Talking With Russia Is Tempting—and Wrong (Foreign Policy) Why it’s still too soon for negotiations to end the war in Ukraine.
WSJ News Exclusive | Ukrainian Analysis Identifies Western Supply Chain Behind Iran’s Drones (Wall Street Journal) Russia’s use of unmanned aircraft provided by Tehran and assembled with foreign-made parts demonstrates the limits of international sanctions.
US, allies pledge more air defense weapons for Ukraine after Russia launches largest missile assault of war (Stars and Stripes) Russia’s barrage of dozens of missiles into Ukrainian territory Tuesday marked its largest air assault on Ukraine since launching its unprovoked invasion of the country in February, the top U.S. general said.
Ukraine Has the Edge Against Russia as Winter Descends, US Defense Secretary Says (Military.com) As winter comes to eastern Europe, Ukrainian forces backed by the U.S. and its allies have the upper hand on Russia and its invasion force, Defense Secretary Lloyd Austin said Wednesday.
Ukraine Won’t Ignite a Nuclear Scramble (Foreign Affairs) Why Russia’s war might boost nonproliferation.
Milley tried to speak with Russian counterpart on Tuesday but was ‘unsuccessful’ (The Hill) Joint Chiefs of Staff Chairman Gen. Mark Milley attempted to speak with his Russian counterpart on Tuesday following a missile-caused explosion in Poland but was unable to get through, the top mili…
DoD must 'think very differently' about armed conflict, cyber in light of Ukraine war: Official (Breaking Defense) Pentagon cyber official Mieke Eoyang said cyber ops have been dwarfed by physical destruction, and that Russia "underperformed" in cyberspace.
Russia’s cyber forces ‘underperformed expectations’ in Ukraine: senior US official (The Hill) A senior cyber official at the Department of Defense said on Wednesday that Russian forces “underperformed expectations” in both the cyber and military space, as the West fears the Kremlin would un…
Russian companies face difficulties finding cybersecurity specialists (iTWire) As Russia continues to get blamed for the recent spate of cybersecurity incidents that have compromised the data integrity of major corporations in the West including Australia, Russian companies are finding it increasingly difficult to find cybersecurity personnel for their own security needs. A ne...
CRDF Global becomes Platform for Cyber Defense Assistance Collaborative (CDAC) for Ukraine (PR Newswire) Prior to the February Russian expanded military invasion of Ukraine, cyber attacks on Ukrainian public and private institutions accelerated in...
Ukraine Won’t Ignite a Nuclear Scramble (Foreign Affairs) Why Russia’s war might boost nonproliferation.
Putin’s Top TV Puppet Threatens 7 Countries With Air Strikes After Poland Blast (The Daily Beast) Russian state TV star Vladimir Solovyov delivered a menacing tirade on Wednesday, claiming certain countries should think twice if they believed “the war wouldn’t come to them.”
Attacks, Threats, and Vulnerabilities
CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. (CyberWire) From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch organization where CISA observed suspected advanced persistent threat activity.
CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network (CISA) Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware Horizon server.
Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester (CISA) From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence.
Iranian hackers use Log4Shell to mine crypto on federal computer system (CyberScoop) Iranian hackers utilized a flaw in the ubiquitous open-source software library Log4j to breach a U.S. federal agency.
US govt: Iranian hackers breached federal agency using Log4Shell exploit (BleepingComputer) The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware.
US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4j (SecurityWeek) Iranian government-sponsored APT actors hacked into at least one Federal Civilian Executive Branch (FCEB) organization with an exploit for a Log4j vulnerability in an unpatched VMware Horizon server.
Iranian government-linked hackers got into Merit Systems Protection Board’s network (Washington Post) Iranian government-affiliated hackers infiltrated the systems of the U.S. Merit Systems Protection Board earlier this year, according to people familiar with the incident. The people, like others interviewed for this story, spoke on the condition of anonymity due to the matter’s sensitivity.
Iranian hackers compromise US government network in cryptocurrency generating scheme, officials say (CNN) Iranian government-sponsored hackers compromised the network of an unnamed US federal government agency starting in February, stealing passwords on the network and installing software to generate cryptocurrency, US officials said Wednesday.
Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs (Security Affairs) North Korea-linked Lazarus APT is using a new version of the DTrack backdoor in attacks aimed at organizations in Europe and Latin America. North Korea-linked APT Lazarus is using a new version of the DTrack backdoor to attack organizations in Europe and Latin America, Kaspersky researchers warn. DTrack is a modular backdoor used by the […]
ARCrypter Ransomware Expands Its Operations From Latin America to the World (BlackBerry) Between Aug. and Oct. 2022, Chile's government computer systems and Invima, The Colombia National Food and Drug Surveillance Institute, were attacked by a previously unseen ransomware variant. Based on the unique strings identified during our threat hunting efforts, BlackBerry has named this unknown ransomware variant “ARCrypter.”
Notorious Emotet botnet returns after a few months off (Register) And it's been sending out hundreds of thousands of malicious emails a day
Updated RapperBot malware targets game servers in DDoS attacks (BleepingComputer) The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS (Distributed Denial of Service) attacks against game servers.
Twitter has a massive dark web problem (Cybersixgill News) New research from Cybersixgill shows how scammers sell bots, spam tools, and fake Twitter accounts on underground forums and the dark web.
Magento stores targeted in massive surge of TrojanOrders attacks (BleepingComputer) At least seven hacking groups are behind a massive surge in 'TrojanOrders' attacks targeting Magento 2 websites, exploiting a vulnerability that allows the threat actors to compromise vulnerable servers.
A Comprehensive Look at Emotet’s Fall 2022 Return (Proofpoint) Emotet returned to the email threat landscape in early November for the first time since July 2022. It is once again one of the most high-volume actors observed by Proofpoint, distributing hundreds of thousands of emails per day.
Venus Ransomware | Zeoticus Spin-off Shows Sophistication Isn’t Necessary for Success (SentinelOne) Learn about the uptick in activity of this recent ransomware variant that has been encrypting victims worldwide, with the latest IoCS, TTPs and analysis.
Quantum computers in use today are vulnerable to eavesdropping hackers (New Scientist) Companies such as IBM offer timeshare access to prototype quantum computers, but researchers have shown that they can access other users’ data on these machines
Instagram Email Attack: Capture and Share your User Credentials (Armorblox) This blog examines a credential phishing attack, which impersonated the brand Instagram. The email attack spoofed a legitimate email communication from Instagram, and bypassed Microsoft Exchange and Secure Email Gateway solutions.
Don’t download Qatar World Cup apps, EU data authorities warn (POLITICO) Two World Cup apps pose serious privacy and security risks, European privacy regulators say.
Germany says nein to Qatari World Cup spyware, err, apps (Register) Norway, France also sound data privacy alarms
Cyber attack on major hospital system could affect 20 million Americans (Fox News) CommonSpirit Health is continuing to investigate a ransomware attack that forced the health system to shut down of its computer systems last month as a cautionary measure.
Sierra College Files Notice of Data Breach Following Ransomware Attack (JD Supra) On November 9, 2022, Sierra College reported a data breach with the Montana Attorney General after the school was the recent target of a ransomware...
Ransomware attack closes schools in two Michigan counties for third consecutive day (Sturgis Journal) Jackson County ISD\u00a0said that schools would\u00a0remain closed on Wednesday – following a ransomware attack impacting schools in Jackson and Hillsdale.
Jackson, Hillsdale schools reopening Thursday, Nov. 17, following ransomware attack (MIchigan Live) Schools are reopening after a cyber attack shut them down for 3 days.
Why hackers target pediatric health records (Becker's Hospital Review) Stoddard Manikin, chief information security officer at Children's Healthcare of Atlanta, said hackers are targeting children's hospitals to use data from pediatric health records to apply for loans, BankInfoSecurity reported Nov. 15.
Telehealth Sites Put Addiction Patient Data at Risk (WIRED) New research found pervasive use of tracking tech on substance-abuse-focused health care websites, potentially endangering users in a post-Roe world.
Medibank cyberattack caused by high-level credential compromise (Tech Monitor) Medibank was hacked using high-level credentials, explained Mike Wilkins, the company's chairman of the board.
Security Patches, Mitigations, and Software Updates
Firefox fixes fullscreen fakery flaw – get the update now! (Naked Security) What’s so bad about a web page going fullscreen without warning you first?
Mozilla Releases Security Updates for Multiple Products (CISA) Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks.
Samba Releases Security Updates (CISA) The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Samba security announcement CVE-2022-42898 and apply the necessary updates.
Trends
Since 2018, ransomware attacks on healthcare organizations have cost the world economy $92bn in downtime alone (Comparitech) Since 2018, there have been 500 publicly-confirmed ransomware attacks on healthcare organizations around the world. These have crippled nearly 13,000 separate facilities and have impacted almost 49 million patient records. In total, we estimate the cost of these attacks exceeds US$92 billion in downtime alone. Ransomware attacks have the potential to cause widespread disruption to […]
Map of worldwide ransomware attacks (updated daily) - Comparitech (Comparitech) Each dot represents the location of a ransomware attack, with the color of the dot indicating the sector affected (healthcare, education, government, and business). This map updates daily and pinpoints the locations of each ransomware attack in the world, from 2018 to the present day. Where available, it includes the ransom amount, whether or not […]
Cymulate Survey Finds Consolidation is Happening but Only 20% Cite Cost as the Reason (Cymulate) Cymulate announced the results of a global survey examining the influence of ongoing uncertainties in cybersecurity and cyber resilience.
Arctic Wolf Survey Reveals Executives’ Lack Transparency and Accountability Around Cyber Incidents Amid Economic Uncertainty and Geopolitical Unrest (Arctic Wolf) A quarter of enterprise organizations have downsized their IT and security teams in last year EDEN PRAIRIE, MN – November 16, 2022 – Arctic Wolf®, a leader in security operations, today published findings from a recent global survey it commissioned of over 900 senior IT and cybersecurity decision-makers at enterprise organizations across the globe. After a ... Arctic Wolf Survey Reveals Executives’ Lack Transparency and Accountability Around Cyber Incidents Amid Economic Uncertainty and Geopolitical Unrest
Nokia warns 5G security ‘breaches are the rule, not the exception’ (Cybersecurity Dive) A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.
DigiCert Survey Highlights Importance of Digital Trust in Business Outcomes, Customer Loyalty (PR Newswire) DigiCert, Inc., a leading global provider of digital trust, today released its 2022 State of Digital Trust Survey that finds that almost half...
2022 State of Digital Trust Survey Report (DigiCert) The DigiCert 2022 State of Digital Trust survey explores where enterprises, employees and consumers around the world have embraced digital trust. Download the report now!
KnowBe4's Team of Cybersecurity Experts Release Top Five Predictions for 2023 (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced its 2023...
E-book: 2023 Trends & Predictions for Security Teams (Detectify) E-book on trends and predictions that AppSec and Product Security Teams can expect in 2023
Global Data Protection Index Report (Dell Technologies) From cyber threats to public cloud breaches, the 2021 Global Data Protection Index details the top data protection risks worldwide.
Marketplace
BoostSecurity Exits Stealth with $12M in Seed Funding to Build Trust into the Software Supply Chain (Boost Security) Serial entrepreneurs and industry veterans build developer-first automation platform to empower developers to secure software supply chains and ship secure code, at DevOps velocity
ArmorCode Secures $14 Million Series A Investment to Scale AppSecOps Platform (PR Newswire) ArmorCode, the leader in AppSecOps, today announced it secured a $14 million Series A investment led by Ballistic Ventures, the venture capital...
10,000 Google Employees Could Be Rated as Low Performers (The Information) As layoffs spread across Silicon Valley, Google has stood out by not cutting employees so far. But as outside pressure builds on the company to improve the productivity of its workers, a new performance management system could help managers push out thousands of underperforming employees ...
Should the IT channel be targeting casualties of Big Tech layoffs? (CRN) Resellers and MSPs are still hiring. So should they be targeting staff impacted by layoffs at Twitter, Meta and tech-related giants?
Why the Crypto Collapse Matters (New York Times) The failure of the cryptocurrency exchange FTX put the entire industry under scrutiny.
Crypto Lending Seizes Up as FTX Contagion Spreads (The Information) FTX’s bankruptcy is causing the financing plumbing of the crypto industry to seize up, and the fallout is quickly spreading to other high-profile companies, including Genesis and Gemini. At the center of the meltdown is a business known as crypto lending, where firms lure customer deposits of ...
Special Report: FTX's Bankman-Fried begged for a rescue even as he revealed huge holes in firm's books (Reuters) As customers withdrew billions of dollars from crypto exchange FTX one frantic Sunday this month, founder Sam Bankman-Fried worked the phones in a futile bid to raise $7 billion in emergency funds.
Inside the S.B.F. Blast Radius (Puck) The fate of Sam Bankman-Fried is being closely tracked at the highest levels of the Democratic Party, and by the dozens of allied political groups that are either racing to distance themselves from his surname or to find their next check.
Why The Theory That Sam Bankman-Fried Laundered Ukraine Aid Makes No Sense (Forbes) Former crypto billionaire Sam Bankman-Fried had plenty of reasons to spend nearly $40 million on the 2022 midterms. Ukraine likely had little to do with it.
FTX’s Collapse Leaves Employees Sick With Anger (Wall Street Journal) What started as a dream job turned into a nightmare for employees of the crypto exchange that imploded in spectacular fashion last week.
'Three quarters' of retail Bitcoin investors are in the red (Register) Little fish lured into the market help whales cash out
I never wanted to be a chief executive and will find a new boss to run Twitter, Elon Musk tells Delaware court (The Telegraph) Tesla boss' testimony comes as he tells Twitter staff to work 'hardcore' hours or quit
Cybersecurity: A profession for all age groups (Deccan Herald) The increase in cyber crimes has led to more jobs in the security field, writes Uma Pendyala
Defense, Intelligence, and Cybersecurity Expert Teresa Shea Joins Cigent Board of Directors (Cigent Technology Inc.) Teresa Shea, a renowned defense, intelligence, and cybersecurity expert, joined the Cigent® Technology, Inc. Board of Directors. Cigent offers a new approach to data security for organizations of all sizes to stop ransomware and data theft, as well as achieve compliance.
Barracuda strengthens channel leadership team with appointment of Jason Beal as VP Worldwide Partner Ecosystems (PR Newswire) Barracuda, a trusted partner and leading provider of cloud-first security solutions today announced Jason Beal as its new Vice President,...
Pathlock Expands Leadership Team with Appointment of CRO to Fuel Next Stage of Growth (PR Newswire) Pathlock, the leading provider of application security and controls automation for critical business applications, today announced the...
Lacework Appoints Andrew Casey as Chief Financial Officer (PR Newswire) Lacework®, the data-driven cloud security company, today announced the appointment of industry veteran Andrew Casey as Chief Financial Officer....
Former MongoDB and TripActions CMO Meagen Eisenberg joins Lacework as Chief Marketing Officer (PR Newswire) Lacework®, the data-driven cloud security company, today announced Meagen Eisenberg as Chief Marketing Officer (CMO). A veteran technology...
Products, Services, and Solutions
SecurityBridge Releases New One-Click SAP Security Patch Automation (Yahoo Finance) SAP security provider SecurityBridge—now operating in the U.S.— today announced its new SecurityBridge Patch Management function for its SAP Security Platform.
Tufin Simplifies Cloud-Native Segmentation Policy Management and Accelerates Vulnerability Triage with Microsoft Defender for Cloud Integration (Business Wire) Tufin announces Tufin Enterprise, which includes the company's popular SecureCloud SaaS solution.
Palo Alto Networks Cortex Xpanse to Supercharge Cyber Defenses for Department of Defense (Palo Alto Networks) Nine-figure deal to provide next generation Internet Operations Management capability SANTA CLARA, Calif., Nov. 16, 2022 /PRNewswire/ -- Teaming to make the world safer and more connected, Palo...
Onapsis Unveils New and Enhanced Capabilities to Streamline ERP Security for Customers (Onapsis) New features and platform updates offer a better approach to help businesses better navigate the growing enterprise resource planning (ERP) threat landscape
ThreatModeler Launches ThreatModeler Community to Provide Leading Platform for Practitioner Best Practices Conversations (News Direct) ThreatModeler Community offers an array of important resources to enterprises leveraging threat modeling for advanced security and compliance
Resecurity® announces partnership with Saudi Cybersecurity Company (Cyber KSA) at Blackhat MEA 2022 (PR Newswire) Resecurity, Inc. (USA), a Los Angeles based cyber security company protecting Fortune 500 companies globally, has partnered with Saudi...
DuckDuckGo has opened up its App Tracking Protection beta (The Verge) The free feature blocks third-party trackers within Android apps.
Noname Security Launches Recon to Protect APIs and Critical Assets from Cyber Attacks (Noname Security) Noname Recon is the latest addition to the API Security Platform. With Recon, customers are now able to simulate an attacker performing reconnaissance on an organization’s domains.
Fly Direct Secure Web Gateway (dope.security) No stopovers. No outages. Eliminate the datacenter and perform all security checks directly on the endpoint, providing stronger privacy, reliability, and performance speeds up to 4x faster.
AWS Identity and Access Management now supports multiple multi-factor authentication (MFA) devices (Amazon Web Services, Inc.) AWS Identity and Access Management (IAM) now supports multiple multi-factor authentication (MFA) devices for root account users and IAM users in your AWS accounts. This provides additional flexibility and resiliency in your security strategy by enabling more than one authentication device per user. You can choose from one or more types of hardware and virtual devices supported by IAM.
Detectify Launches New Custom Policies Overview for Improved External Attack Surface Management (Cision) Detectify, the External Attack Surface Management platform powered by elite ethical hackers, today announced Custom Policies Overview, a new tool allowing organizations to quickly and easily enforce custom security policies across the entire attack surface, improving security postures at the speed of business.
Keyfactor Introduces New Workflow Builder and Native EJBCA Integration to Simplify PKI and Certificate Management at Scale (Business Wire) Keyfactor announces platform update that includes native EJBCA Integration and new workflow and automation features.
Dell Technologies Strengthens Cyber Resiliency with Multicloud Data Protection and Security Innovations (Dell Technologies) Read recent press releases and blog posts about events and activities at Dell Technologies.
Data Theorem Announces New Partnership with AppOmni to Enhance Overall Application Security Posture Management (Business Wire) Data Theorem, Inc., a leading provider of modern application security, today announced a new partnership with AppOmni, the leader in SaaS security. As
GroupSense Announces Partnership with Colley Intelligence (GroupSense) GroupSense is excited to announce its new partnership with Colley Intelligence, strengthening its offerings to GroupSense's client base.
Revelstoke Upgrades Next Level SOAR Platform with Augmented Automation, Case Management, and User Interface Capabilities - Revelstoke SOAR | Security Orchestration Automation & Response (Revelstoke SOAR | Security Orchestration Automation & Response) Revelstoke, the next-level Security Orchestration Automation and Response (SOAR) platform, today announces several new product upgrades to include sub-workflow, case management, and indicators of compromise (IOC) automation. Revelstoke offers Chief Information Security Officers (CISOs) and security analysts the only SOAR solution […]
Technologies, Techniques, and Standards
Contractors’ Reluctance to Work With Pentagon on Cybersecurity Is Leaving Vulnerabilities, DOD Official Says (Defense One) Just 1% of defense firms use DOD’s free network-security services, acting principal deputy CIO says.
Gov't Adds Open Source Security to Software Supply Chain (Security Boulevard) The federal government is stepping up to protect the software supply chain. Last year, president Biden signed an executive order to improve national
Just Published: PCI Mobile Payments on COTS (PCI Security Standards Council) The PCI Security Standards Council (PCI SSC) has published a new standard designed to support the evolution of mobile payment acceptance solutions.
PCI SSC Publishes New Standard for Mobile Payment Solutions (PCI Security Standards Council) The PCI Mobile Payments on COTS (MPoC) Standard Provides Flexibility in Mobile Payments Acceptance and Mobile Payment Acceptance Solutions Development
A Reckoning: The Massive Implications of Losing Network Visibility & Control (Netography) The security industry has – at its own peril – neglected some of the fundamentals of security and that has only benefited attackers.
Cyber security: Are you talking to the right employees? (Global Banking & Finance Review) Typically we focus on senior staff, new joiners, HR, finance and customer-facing roles. But perhaps we should shift our attention to a new employee profile Businesses are constantly at risk, and traditionally certain employees have been earmarked as having the potential for greater […]
Report Reveals Top Lessons Learned from SolarWinds, Twitter and RSA Security Breaches (Access Wire) Report unveils insights from five cybersecurity leaders who have guided teams through severe incidents MIAMI, FL / ACCESSWIRE / November 16, 2022 / Despite heightened cybersecurity threat awareness, small businesses and corporate behemoths alike are still falling victim to attacks.Lumu, the creator of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real-time, today released a report
Design and Innovation
Intel unveils real-time deepfake detector, claims 96% accuracy rate (VentureBeat) Intel claims FakeCatcher has a 96% accuracy rate at detecting deepfakes and works by analyzing the subtle ‘blood flow’ in video pixels.
Beginning 2023 Google plans to rollout the initial Privacy Sandbox Beta (Security Affairs) Google announced it will roll out the Privacy Sandbox system for Android in beta to a limited number of Android 13 devices in early 2023. Google announced it will roll out the Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. The Privacy Sandbox aims at creating technologies to […]
Research and Development
CardinalOps Recognized for Contributing Security Research to MITRE ATT&CK v12 (PR Newswire) CardinalOps, the AI-powered detection engineering company, today announced that its security research team contributed to the development of...
Academia
Cecil College Cybersecurity Club hacks competition at 2022 Blue Hen CTF competition (Cecil Daily) The Cecil College Cybersecurity Club recently faced off against teams from all across the globe in a Capture the Flag competition hosted by the University of Delaware
Legislation, Policy, and Regulation
China’s Plans for Cyberspace Are All About Domestic Control (The National Interest) Underneath China’s talk of a “shared future” and “community” in cyberspace lies a familiar desire for control over discourse.
Australian public wants to build cyber resilience, say researchers (Techxplore) Illegal cyber attacks on thousands of citizens' personal data in Australia has heightened awareness of the hazards of insecure digital systems—and Flinders University researchers say consumers want to play a more active role in building more resilient systems to reduce risks caused by hacking, online deception, bots and other threats.
A new cyber taskforce will supposedly 'hack the hackers' behind the Medibank breach. It could put a target on Australia's back (The Conversation) Beyond neutralising the cybercriminals behind the Medibank breach, the taskforce will also seek out and attack other potential threats.
TikTok Is the Canary in the U.S.-China Coal Mine (The Information) With U.S.-China relations at their lowest point in decades, President Joe Biden went into his meeting Monday with China’s top leader, General Secretary Xi Jinping, looking to “build a floor for the relationship.” The long-delayed meeting looked like it could prove to be a turning point in ...
'No guns, no guards, no gates.' NSA opens up to outsiders in fight for cybersecurity (CyberScoop) The National Security Agency's Cybersecurity Collaboration Center is trying to improve threat-sharing with private sector partners.
Litigation, Investigation, and Law Enforcement
Sweden’s Espionage Scandal Raises Hard Questions on Spy Recruitment (Foreign Policy) Intelligence agencies debate whether foreign-born citizens are more targeted.
Chinese Intelligence Officer Who Oversaw Spy Ring That Included a US Soldier Sentenced (Military.com) The Justice Department announced a Chinese intelligence officer, convicted last year of running a spy ring that included a U.S. Army reservist, has been sentenced to 20 years in prison.
Police dismantle pirated TV streaming network with 500,000 users (BleepingComputer) The Spanish police have dismantled a network of pirated streaming sites that illegally distributed content from 2,600 TV channels and 23,000 movies and series to roughly 500,000 users.
WSJ News Exclusive | Meta Employees, Security Guards Fired for Hijacking User Accounts (Wall Street Journal) Facebook’s parent has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts.
Cyber Law Continues Evolving Amid High-Profile Incidents (GovTech) Joe Swanson — the vice president of CTRL, the new privacy and cybersecurity compliance consultancy at Tampa-based law firm Carlton Fields — weighs in on the changing nature of digital threats.
Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police (BleepingComputer) Vyacheslav Igorevich Penchukov, also known as Tank and one of the leaders of the notorious JabberZeus cybercrime gang, was arrested in Geneva last month.