Dateline
Ukraine at D+267: Defense-in-depth and an operational pause. (CyberWire) Russia prepares defenses-in-depth east of the Dnipro. Cyberspace has remained relatively quiet.
Russia-Ukraine war: List of key events, day 268 (Al Jazeera) As the Russia-Ukraine war enters its 268th day, we take a look at the main developments.
Russia-Ukraine war live: remains of explosives found at Nord Stream pipeline blast site; death toll of latest Russian strikes rises (the Guardian) Swedish prosecutor does not name suspects but confirms sabotage; official confirms more bodies found
Russia Launches Fresh Missile Strikes on Ukraine (Wall Street Journal) A barrage of missiles targeting the capital Kyiv and other cities killed at least 15 people, days after the Kremlin’s military carried out some of the heaviest bombing of the war.
Russia pummels Ukraine with missiles and drone strikes, injuring civilians (Washington Post) Russia launched missile and drone strikes across Ukraine on Thursday — its second major barrage this week — injuring scores of civilians and damaging critical infrastructure in the country’s south and east, Ukrainian officials said.
Horrifying footage shows morning commuters rocked by Russian missile strike in Dnipro (The Telegraph) At least 14 people injured, according to reports, as Russia launches spate of serious attacks on Ukrainian cities
Ukraine-Russia war latest: Russia rains down missiles across Ukraine (The Telegraph) Terrifying video footage shows the moment commuters were shaken on their way to work as missiles rained down on the city of Dnipro on Thursday.
Ukrainians endure power outages amid Russian strikes on infrastructure (ABC News) Ukrainians are being urged to save electricity as winter approaches.
'Ukrainian missile malfunctioned' before killing two in Poland (The Telegraph) Warsaw said evidence so far suggests it was a self-destruct system that failed to work properly, not a Russian missile as initially feared
Zelenskiy Softens Stance on Rocket Origin After Biden Comment (Bloomberg) Ukrainian leader says not 100% on source of blast in Poland. NATO leaders say Ukrainian anti-air missile was likely cause.
Poland will not invite Ukraine to co-host missile strike investigation (Defense News) The incident has prompted rare disagreement between Ukraine and its backers.
Blinken denies missile incident shows communication rift with Ukraine (Washington Post) Ukrainian and Western officials have disagreed about who fired a missile that landed inside Poland
Deaths in Poland Are a Warning for Everyone (Foreign Policy) Errant missiles from Ukraine are a reminder that wars can always escalate accidentally.
Estonia’s Defense Minister: ‘The border separating Russia from Estonia and other countries is the border of civilization’ (EL PAÍS English Edition) Hanno Pevkur wants to see more international support for Kyiv, which is fighting for ‘the free world,’ despite the impact from the energy crisis
Erdoğan confident Russia-Ukraine grain deal will continue (the Guardian) Turkish president raises hopes over pact to allow exports via Black Sea, bringing relief to world’s poorest countries
Pentagon says Moscow's deliberate targeting of Ukrainian energy grids is a war crime (CNBC) NATO Secretary-General Jens Stoltenberg said there was no indication the missile that struck the Polish border village was deliberate.
How to save Ukraine’s energy infrastructure (The Hill) Photos of Kyiv draped in darkness have become a shareable illustration of winter in Ukraine this year: dark, cold, dangerous. Ukraine’s energy infrastructure is under attack from Russia, which has …
Ukraine’s 15,000-Mile Lifeline (New York Times) How the country’s vast rail system has helped it withstand an invasion.
Kherson euphoria highlights the folly of a premature peace with Putin (Atlantic Council) Footage of the euphoric scenes in liberated Kherson should be compulsory viewing for anyone who still believes in the possibility of a negotiated settlement between Ukraine and Russia, argues Peter Dickinson.
Ukrainian victory can deal a decisive blow to Russian imperialism (Atlantic Council) Vladimir Putin's invasion of Ukraine is an attempt to drag the world back to an era of imperial aggression. The best way to make sure he fails is to provide Ukraine with the arms and financial support it needs to win the war.
Russia’s Missing Peacemakers (Foreign Affairs) The country’s elites are struggling to break with Putin.
Where's Putin? Leader leaves bad news on Ukraine to others (AP NEWS) When Russia's top military brass announced in a televised appearance that they were pulling troops out of the key city of Kherson in southern Ukraine, one man missing from the room was President Vladimir Putin.
To Avoid Answering Hard Questions at Home, Putin Will Keep Fighting in Ukraine (Wilson Center) April 2013: Almost ten years ago, in Amsterdam, while on a working visit, Vladimir Putin was asked about the homophobic legislation recently introduced in the Russian parliament, the so-called “gay propaganda law,” which would ban the “promotion of nontraditional sexual values”—that is, homosexuality—among Russian children. Putin argued that he cared about social peace. “I can hardly imagine gay marriage being allowed in Chechnya,” he said. “Can you imagine that? It would end up in murder.”
The War Has Helped Ukraine Rein in the Oligarchs (Wilson Center) On February 24, 2022, the Russian invasion of Ukraine profoundly changed the political regime and social order in the country. However, the commitment of President Zelensky’s administration to deoligarchization not only survived the start of the large-scale war, it increased—in part because of wartime policies.
With Slovakian deal, Germany expands three-way 'Ringtausch' dance to arm Ukraine (Breaking Defense) Under the Ringtausch program, Germany has sent newer equipment to Slovakia, Greece, Slovenia and the Czech Republic, with those countries shifting older gear to Ukraine.
In Ukraine War, Physical Security Trumping Cybersecurity, DoD Official Says (Defense Daily) After Russia failed early in its war against Ukraine to accomplish some strategic objectives through offensive cyberattacks, its turn to physical attacks
Official: Russian cyberattacks against Ukraine fell flat (SC Media) The U.S. Department of Defense has been found by the Government Accountability Office to be at risk of having inadequate visibility of cyber threats due to incomplete information on most of its cyber incident reports, reports The Record, a news site by cybersecurity firm Recorded Future.
he Kyiv company MacPaw will finance the operational activities of the Come Back Alive foundation (Mezha) The official account of the Come Back Alive foundation announced that the Kyiv software company MacPaw will monthly provide the fund with $30,000 for operating activities.
MH17: Three guilty as court finds Russia-controlled group downed airliner (BBC News) A Dutch trial finds a missile supplied by Russia killed 298 people on board MH17 over Ukraine in 2014.
Dutch court convicts three of murder in MH17 jet downing over Ukraine (Washington Post) A Dutch court on Thursday convicted two Russians and a Ukrainian of murder in the downing of a Malaysia Airlines flight over eastern Ukraine in 2014, an attack that killed all 298 passengers and crew on board.
Russian opposition leader Navalny sent to tiny one-man cell (AP NEWS) Imprisoned Russian opposition leader Alexei Navalny has been transferred to a one-man cell, according to a post Thursday on his social media account. Navalny was placed in solitary confinement, also called a “punishment cell,” on Nov.
What is behind claim Joe Biden 'laundered' billions in Ukraine aid via FTX? (Newsweek) Rumors spread on social media claim money was washed between Ukraine, FTX, and the Democratic party. Newsweek Fact Check looked into the narrative.
Russian soldier seeking asylum in Madrid denounces ‘criminal’ Ukraine war (the Guardian) Exclusive: Nikita Chibrin claims he did not fire weapon once while deployed to Ukraine for more than four months
Attacks, Threats, and Vulnerabilities
CISA Alert AA22-321A – #StopRansomware: Hive Ransomware. (CyberWire) The FBI, CISA, and the Department of Health and Human Services are releasing this alert to disseminate known Hive Ransomware Group indicators of compromise and TTPs identified through FBI investigations
#StopRansomware: Hive Ransomware (CISA) Actions to Take Today to Mitigate Cyber Threats from Ransomware: • Prioritize remediating known exploited vulnerabilities. • Enable and enforce multifactor authentication with strong passwords • Close unused ports and remove any application not deemed necessary for day-to-day operations.
Vanuatu: Hackers strand Pacific island government for over a week (BBC News) Vanuatu - an island courted by the US and China - has been stranded offline for over a week.
Ransom attack cripples Vanuatu government systems, forces staff to use pen and paper (The Sydney Morning Herald) Australia is helping Vanuatu’s government rebuild its entire IT network after a cyberattack hobbled its systems, forcing departments offline and causing havoc throughout the civil service.
Emotet’s Vacation is Over: No Rest for the Wicked (Deep Instinct) Emotet is a prolific malware botnet that originally functioned as a banking trojan when it emerged in 2014. It was spread via spam campaigns, imitating financial statements, transfers, and payment invoices. Emotet is propagated mostly via Office email attachments containing a macro. If enabled, it downloads a malicious PE file (Emotet) which is then executed.
Hundreds Infected With 'Wasp' Stealer in Ongoing Supply Chain Attack (SecurityWeek) A threat actor has infected hundreds of victims in an ongoing supply chain attack relying on malicious Python packages.
Previously unidentified ARCrypter ransomware expands worldwide (BleepingComputer) A previously unknown 'ARCrypter' ransomware that compromised key organizations in Latin America is now expanding its attacks worldwide.
Black Friday Scams Are Beginning (Avanan) Black Friday scams are beginning in earnest.
Spacecraft Vulnerable to Failure, Thanks to Aerospace Networking Bug (Dark Reading) A single device with malicious code can foil a networking protocol used by spacecraft, aircraft, and industrial control systems, resulting in unpredictable operations and possible failures.
PCSPOOF: Compromising the Safety of Time-Triggered Ethernet (University of Michigan, EECS) Designers are increasingly using mixed-criticality networks in embedded systems to reduce size, weight, power, and cost. Perhaps the most successful of these technologies is Time Triggered Ethernet (TTE), which lets critical time-triggered (TT) traffic and non-critical best-effort (BE) traffic share the same switches and cabling.
Black Friday and retail season – watch out for PayPal “money request” scams (Naked Security) Don’t let a keen eye for bargains lead you into risky online behaviour…
WSJ News Exclusive | Meta Employees, Security Guards Fired for Hijacking User Accounts (Wall Street Journal) Facebook’s parent has fired or disciplined more than two dozen employees and contractors over the last year whom it accused of improperly taking over user accounts.
Suffolk Police data breach sees sexual assault victim data posted online (Tech Monitor) Suffolk Police has apologised for a data breach and is investigating how information on victims of serious crime was made publicly available.
Middletown Valley Bank Reports Data Breach Following Unauthorized Access to Computer Network (JD Supra) On November 14, 2022, Middletown Valley Bank reported a data breach with the Montana Attorney General after the company discovered that an...
Highly Sophisticated Phishing Scams Are Abusing Holiday Sentiment (Akamai) Akamai Security Research has observed a new and highly sophisticated phishing kit that is mimicking several large retail brands ahead of the holiday season.
Phishing kit impersonates well-known brands to target US shoppers (BleepingComputer) A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween.
Cybercrime is being commercialized to mimic corporations (Cybernews) Ransomware operators have adopted best business practices, from bug bounties to career pages, from a subscription model to opportunities for entry-level newcomers.
More Than Half of Black Friday Spam Emails Are Scams (Infosecurity Magazine) New research analyzes email scam techniques in the build-up to this year's Black Friday
Suffolk County, N.Y., Hack Shows Ransomware Threat to Municipalities (Wall Street Journal) Aging technology and valuable data create lucrative opportunities for hackers, and severe problems for residents.
Security Patches, Mitigations, and Software Updates
Red Lion Crimson (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Controls Equipment: Crimson Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain user credential hashes.
Cradlepoint IBR600 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Cradlepoint Equipment: IBR600 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code and native system commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Cradlepoint IBR600 are affected:
Trends
Ransomware incidents now make up majority of British government’s crisis management COBRA meetings (The Record by Recorded Future) Ransomware incidents in the United Kingdom are now so impactful that the majority of the British government’s recent crisis management COBRA meetings have been convened in response to them rather than other emergencies.
Oomnitza Survey Reveals Over a Quarter of Enterprises Lose More than 10% of Their Technology Assets When Offboarding Workers (GlobeNewswire News Room) With Half of Senior IT Professionals Doubting Their Current Capabilities, New Research Confirms the Need to Enhance Automated Offboarding Processes...
Email servers and satellites are likely to become prime targets in 2023, which could increase the intensity of Cyberattacks: Report (Asiana Times) Kaspersky on Wednesday predicted that advanced persistent threats (APTs) are likely to be a major cybersecurity threat in its vision for the future.
Don’t Let the Grinch Steal your Holiday Cheer: Holiday Scams to Watch Out For (Armorblox) Holiday cheer can be exploited by cybercriminals and scammers looking to steal money, sensitive data, or just pull the wool over our eyes through deals that are too good to be true. Familiarize yourself with these four real-life examples of targeted threats that were seen by the Armorblox Research Team in the recent past, and take advantage of the holiday season.
The festive season sees online scams soar, finds Bitdefender (SecurityBrief Australia) Bitdefender looked at global spam volumes from October 26 to November 9, uncovering spam campaigns and phishing scams.
Aussies Warned To Stay Cyber Safe Ahead of Record Black Friday and Cyber Monday Sales (Tech Business News) Aussies warned to stay cyber safe ahead of record Black Friday and Cyber Monday with new research from Prooftpoint. (25%) retailers.
Marketplace
Cybersecurity M&A Roundup for November 1-15, 2022 (SecurityWeek) Twenty-one cybersecurity-related merger and acquisition (M&A) deals were announced in the first half of November 2022.
OpsHelm Emerges Out of Stealth to Automate Security Remediation, Make Certain Classes of Security Threats Impossible (PR Newswire) OpsHelm announced today that it's coming out of stealth to release its automated security remediation product, helping businesses build more...
Palo Alto Networks Signs Definitive Agreement to Acquire Cider Security (PR Newswire) Palo Alto Networks® (NASDAQ: PANW), the global cybersecurity leader, announced that it has signed a definitive agreement to acquire Cider...
Netpoleon and Cofense target New Zealand cyber security market (Reseller News) Network and security distributor Netpoleon and phishing protection provider Cofense are extending their Asia-Pac partnership to New Zealand.
Dragos Named Among Fastest-Growing Companies in North America for the Second Consecutive Year by the 2022 Deloitte Technology Fast 500™ (Business Wire) Dragos, Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, today announced it wa
Elon goes hardcore (Platformer) After demanding the remaining Twitter employees pledge their loyalty, Musk's product priorities are coming into focus
Twitter ‘closes offices’ after Elon Musk’s loyalty oath sparks wave of resignations (the Guardian) The tech company is struggling to retain workers after Musk demanded employees sign a pledge to work ‘long hours at high intensity’
Former Twitter employees fear the platform might only last weeks (MIT Technology Review) An ultimatum by Elon Musk demanding "extremely hardcore" working culture appears to have backfired. Insiders fear this could spell the end without drastic changes.
Hundreds of employees say no to being part of Elon Musk’s ‘extremely hardcore’ Twitter (The Verge) “It will be extremely hard for Twitter to recover from here”
Musk’s ‘Hardcore’ Ultimatum Sparks Exodus, Leaving Twitter at Risk (Bloomberg) Musk aims to retain workers, softening work from home policy. Offices to be shut immediately, reopening Monday, memo says.
Hundreds said to have opted to leave Twitter over Musk ultimatum (Washington Post) The number of likely departures prompted Musk to ease his return-to-office edict and managers to meet to decide which engineers to ask back
Twitter Employees Worry Its Infrastructure Is Hanging by a Thread (The Information) Inside what’s left of the technical teams that keep Twitter running, there’s an unlikely new source of anxiety: the FIFA World Cup. The soccer competition, which begins in Qatar this Sunday, is one of the most-watched media events on the globe, and like most sport events of its kind it is ...
Briefing: Twitter Finds a New Head of Trust and Safety (The Information) Twitter executive Ella Irwin will take over as the head of trust and safety, replacing Yoel Roth, a well-known executive who resigned in the wake of Elon Musk’s $44 billion acquisition, according to a source familiar with the move.
Is this the end of crypto? (The Economist) The collapse of FTX has dealt a catastrophic blow to crypto’s reputation and aspirations
Security in the digital economy is still in sight (Washington Post) Bad news for a major cryptocurrency exchange isn’t all bad for a digitized economy
How FTX Peddled Risky Derivatives—and Let Its Own Traders Run Wild (The Information) Since the stunning FTX collapse, investors in the company have been pushing the narrative that this was a business that looked rock-solid from the outside—so solid, they couldn’t possibly have predicted its downfall. But from day one, FTX offered deeply risky products that fell well outside the ...
New CEO Says FTX Suffered 'Complete Failure of Corporate Controls' (Wall Street Journal) FTX suffered a "complete failure of corporate controls" according to the company's new chief executive who was appointed as part of the crypto exchange's bankruptcy process.
In a filing to federal bankruptcy court, John J. Ray, who [has helped oversee some of the biggest bankruptcies ever](https://
New FTX CEO Unwound Enron and Other Major Corporate Failures (Wall Street Journal) The executive tapped to lead FTX through the biggest cryptocurrency bankruptcy in history has helped recover billions of dollars for creditors of Enron, Nortel Networks and others.
Congress took millions from FTX. Now lawmakers face a crypto reckoning. (Washington Post) The stunning collapse of the world’s third-largest exchange has forced politicians to grapple with the costs of legislative inaction
Here Are the Wildest Parts of the New FTX Bankruptcy Filing (Bloomberg) “Never in my career have I seen such a complete failure of corporate controls...”
The Man Who Helped Sam Bankman-Fried Raise Billions (The Information) Disgraced FTX founder Sam Bankman-Fried was known as a prolific venture fundraiser. But he didn’t work alone, leaning on a key lieutenant, Ramnik Arora, to iron out the details once his boss convinced Silicon Valley investors to sink nearly $2 billion into the once red-hot crypto exchange. ...
Amazon CEO Andy Jassy says layoffs will continue into next year (CNBC) Amazon will continue to lay off employees in the coming year, CEO Andy Jassy wrote in a memo to workers on Thursday.
Amazon is looking to trim head count through a voluntary buyout program (CNBC) Amazon sent out "voluntary severance" offers to some employees this week as it looks for ways to rein in costs beyond the massive layoffs already announced.
Amazon CEO Andy Jassy Says Layoffs Will Extend Into Next Year (Wall Street Journal) The company’s chief executive said the job cuts have been the “most difficult decision” he has made.
NCSC’s Ian Levy to join Amazon as senior executive (The Record by Recorded Future) Dr. Ian Levy, the outgoing technical director at the U.K.’s National Cyber Security Centre, will reportedly be joining Amazon in a senior executive role.
The Metaverse is 'a grand folly' say CIOs and Zuckerberg's actions are 'terrifying' (Computing) With criticism coming from IT leaders, investors and the public, is the Metaverse a solution looking for a problem?
Celebrating Neurodiversity: How Companies Can Create Safe Spaces Using Employee Resource Groups (DomainTools) In this blog post, Ian Campbell discusses what it means to be neurodivergent and how organizations can create safe spaces in the form of Employee Resource Groups.
What Makes a Good Cybersecurity Professional? (ISACA) A shift into a cyber career can be part of an impactful journey into helping protect the world around us.
Rite-Solutions Receives Three Navy Contracts Worth $68 Million (Seapower) Middletown, R.I. — Rite-Solutions was recently awarded three contracts by the Naval Undersea Warfare Center Division Newport (NUWCDIVNPT), Naval Information Warfare Systems Command (NAVWAR) and Naval Surface Warfare Center Dahlgren Division (NSWCDD), the company said in a release. Over the...
ConnectWise Named a Winner for 2022 CRN Tech Innovator Award for ConnectWise RMM (GlobeNewswire News Room) TAMPA, Fla., Nov. 16, 2022 (GLOBE NEWSWIRE) -- ConnectWise, the world’s leading software company dedicated to the success of IT solution providers...
ConnectWise wins two awards at the 37th Annual Cannata Report Awards and Charities Gala (GlobeNewswire News Room) The 2022 Frank Awards honor excellence and innovation in the office technology and services industry...
CAF Names Vanita Pandey its Chief Marketing Officer, Expanding its Executive Leadership Team (Business Wire) CAF names Vanita Pandey its Chief Marketing Officer, expanding its executive leadership team
Products, Services, and Solutions
Passkeys & 1Password: The future of passwordless (1Password Blog) The passwordless future is rapidly approaching. Soon, 1Password will help you sign in using passkeys, and we’re excited to share a sneak peek with you today.
BCU Adopts BioCatch to Bolster Fraud Detection (PR Newswire) Baxter Credit Union (BCU), a purpose-driven organization that empowers people to discover financial freedom, today announced a partnership with...
Cyera and Wiz Partner to Strengthen Cloud Security with Data Security Posture Management (PR Newswire) Cyera, the data security company, can now seamlessly integrate with Wiz to provide prioritized attack surface minimization and automated...
BlastWave Enables Secure Access to Cloud Applications with the Latest BlastShield Release (BlastWave) BlastWave’s new BlastShield SaaS Proxy Agent and access logging features expand zero-trust network access (ZTNA) capabilities for secure remote access, site-to-site communications, and cloud application access
OpenSSF Adopts Microsoft-Built Supply Chain Security Framework (SecurityWeek) OpenSSF has announced the adoption of S2C2F, a Microsoft-built framework defining how open source software can be securely consumed.
Detectify Launches New Custom Policies Overview for Improved External Attack Surface Management (PR Newswire) Detectify, the External Attack Surface Management platform powered by elite ethical hackers, today announced Custom Policies Overview, a new...
Tufin Enterprise simplifies cloud segmentation planning and management (Help Net Security) Tufin releases Tufin Enterprise, which includes Tufin’s SecureCloud SaaS solution to simplify cloud segmentation planning and management.
Tufin Appoints e92plus as a UK Distributor to Support Channel Growth (Business Wire) Tufin has appointed e92plus to help build its channel presence in the UK.
ESET rolls out new consumer offerings to improve home security (BleepingComputer) ESET's newest consumer product release has taken a comprehensive approach to security to guard against a full range of threats. While cyberthreats and hackers continue to evolve, ESET is always a step ahead. Here is a look at the new product updates:
Introducing ReversingLabs Cloud Deep Scan, Protection for Your Cloud File Shares (ReversingLabs) ReversingLabs newest solution, Cloud Deep Scan, can help organizations quickly identify threats in their AWS file shares and storage. We break down our new service for you here.
Technologies, Techniques, and Standards
FDA’s Cybersecurity Modernization Action Plan (U.S. Food and Drug Administration) CMAP will leverage Artificial Intelligence and Machine Learning technologies to enhance cyber detection and response capabilities.
HackerOne encourages customers to adopt standard policy to protect hackers from legal problems (The Daily Swig) ‘Short, broad, easily-understood safe harbor statement’ offered
Why companies can no longer hide keys under the doormat (Help Net Security) Recent breakthroughs have been able to eliminate the encryption gap and maintain full protection for private keys.
Industrial control system security needs ICS threat intelligence (SearchSecurity) Industrial control systems are under constant attack from threat actors. Learn why ICS threat intelligence is a key weapon when protecting these systems.
Design and Innovation
Security and privacy: The 8 next big things, from more secure biometric data to quantum-safe cryptography (Fast Company) Security testing of AI algorithms, quantum-resistant cryptographic algorithms, and more.
IBM Prepares For Quantum Computing Inflection Point (Forbes) At IBM's 2022 Quantum Summit the company revealed several Quantum roadmap milestones and set down a new challenge. During these Summits, IBM updates the industry on its on-going efforts to make quantum computing a key part of the future of computing and sets goals for future developments.
Facebook Takes Sexuality, Address, Politics, Religion Off Your Profile (Gizmodo) The update to the world's biggest social network will prevent you from broadcasting certain details in your bio, a farewell to the early days of social media.
Academia
KnowBe4 Partners With #GirlsClub for Third Consecutive Year to Offer Scholarships for Sales Leadership Training Program (Yahoo) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has partnered with #GirlsClub for the third consecutive year to provide a scholarship for their sales-focused leadership training program.
Legislation, Policy, and Regulation
U.K. Government Seeks Further Easing of Data Protection Rules (Wall Street Journal) Straying too far from the European Union’s General Data Protection Regulation, however, could jeopardize a data deal with the bloc.
Aspen Institute Launches Group to Address Pressing Global Cybersecurity Challenges (Aspen Institute) AEuropean Parliament Member, Singapore’s Cyber Security Agency CEO, Rapid7 President & CEO to chair collective of approximately 40 international leaders across government, industry, and civil society
America Needs a Bold New Cyber Strategy (CEPA) The US will publish its long-awaited cybersecurity strategy before the end of the year. Here’s what it should do.
Biden set to approve expansive authorities for Pentagon to carry out cyber operations (CyberScoop) The State Department fought hard to win back the cyber authorities that it lost under the Trump administration but did not prevail.
Wray tells lawmakers that FBI conducts cyber offensive operations (FOX 4 Kansas City WDAF-TV) FBI Director Christopher Wray told Senate lawmakers on Thursday that his agency has been conducting offensive cyber operations against state and non-state cyber actors. Wray said offensive operatio…
Vinod Khosla Wants More Crypto Regulation—Now (The Information) Last week should have been all about the midterm elections, and yet the attention of the technology, banking and retail worlds were instead all riveted by the sudden collapse of FTX. I hope the U.S. Securities and Exchange Commission was paying attention as well. If it spurs action, this ...
How to prevent the next FTX (Atlantic Council) There are steps that policymakers and the industry can take now to build transparency and trust—thereby protecting consumers and avoiding a repeat of this disaster.
CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain (CISA) Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series - Recommended Practices Guide for Customers.
Securing the Software Supply Chain: Recommended Practices for Customers (Enduring Security Framework) Cyberattacks are conducted in cyberspace and targets an enterprise's use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling...
NSA backs SBOM requirements in latest secure software advisory (Federal News Network) New guidance from lead cybersecurity agencies identifies Software Bills of Materials as a critical factor in ensuring security during the software acquisition process.
Secret Service’s Zero Trust Plan Must Account for OMB Guidance, Watchdog Says (Nextgov.com) The Secret Service’s plan for adopting a zero trust architecture model across the agency’s systems has not been updated since the Office of Management and Budget released new guidance in January.
NSA opens an innovative workplace for critical missions focused on the future (National Security Agency/Central Security Service) The Morrison Center at the National Security Agency (NSA) Fort Meade East Campus is beginning to welcome its first occupants — signifying a new age in NSA’s world-class defense operations. Serving as
Texas signals potential changes to cybersecurity policies - StateScoop (StateScoop) A report from the Texas Department of Information Resources includes numerous recommendations it will make to the state legislature.
Attorney General Josh Stein Leads Bipartisan Coalition Calling for Stronger Online Data Protections - NCDOJ (NCDOJ) For Immediate Release: Thursday, November 17, 2022 Contact: Nazneen Ahmed 919-716-0060 (RALEIGH) Attorney General Josh Stein and the Attorneys General of Connecticut, Illinois, Massachusetts, New Jersey, and Oregon today led a bipartisan group of 33 attorneys general calling on the Federal Trade Commission (FTC) to consider stronger surveillance and data security protections to prevent misconduct […]
Litigation, Investigation, and Law Enforcement
FBI director ‘very concerned’ by reports of secret Chinese police stations in US (the Guardian) Christopher Wray says the FBI is investigating the existence of stations in New York, which could violate sovereignty
Biden administration says Mohammed bin Salman should be granted sovereign immunity in Khashoggi civil case (the Guardian) Court filing says Saudi crown prince’s promotion to the role of prime minister meant that he was ‘the sitting head of government and, accordingly, immune’
Hillicon Valley — Democrats request Twitter investigation (The Hill) Senate Democrats, concerned with the way Elon Musk is running Twitter, are urging the Federal Trade Commission (FTC) to investigate the social media platform. Meanwhile, we’ll take a look at …
Google Wins Russian Botnet Hack Suit And Atty Sanctions (Law360) A New York federal judge entered a default judgment for Google in its suit against two Russian nationals who allegedly created a botnet to infiltrate more than a million computers and steal users' account information, sanctioning the men and their attorney for their "scheme" to mislead the court and resist discovery.