Dateline Moscow and Kyiv: Drone strikes hit military targets in Russian rear areas; Russia continues to strike civilians.
Ukraine at D+286: Phish or cut bait. (CyberWire) Russian and Chinese intelligence services make use of war-themed phishbait as Russian security organs work to shutter evasive and persistent independent access to information. And the Kremlin needs a primer on jus in bello, specifically on the difference between terrorism and attacks against legitimate military targets.
Ukraine Russia news latest: Russia building defensive lines inside its own borders, MoD says (The Telegraph) Russia has begun extending defensive positions along its border with Ukraine, including inside its Belgorod region, according to the British Ministry of Defence (MoD).
Ukraine leader defiant as drone strikes hit Russia again (Military Times) Drones struck inside Russia’s border with Ukraine Tuesday in the second day of attacks.
Putin meets with top security officials after more Ukrainian drones hit Russia (The Telegraph) Explosions on Tuesday struck an oil storage tank near Kursk and a large military fuel depot in the Bryansk region
Explosions at Russian Air Bases May Change Several Nations’ Calculations (Defense One) Moscow says Ukraine converted old Soviet drones into long-range weapons that struck hundreds of miles inside Russian territory.
In Ukraine, a new approach to modern conflict is emerging (The Hill) Armed with smartphones and internet access, Ukrainian civilians and NGOs have documented and shared Russian war crimes and troop positions, sometimes in real time.
Ukrainian civilians facing test of survival: UN (Al Jazeera) UN humanitarian chief tells Security Council Russian attacks on infrastructure have created a ‘new level of need’.
Former NATO Supreme Allied Commander says Russia will ‘carpet bomb’ Ukraine (We Are The Mighty) Retired Admiral James Stavridis is sounding a new alarm for the West: Russia is going to carpet bomb Ukraine unless we do something about it.
Russian nationals fighting for Ukraine vow to resist Moscow's forces 'until the end' (CNN) A soldier in a Ukrainian uniform morosely contemplates the ruins of an Orthodox monastery in Ukraine's eastern Donetsk region. He is one of a number of Russian nationals fighting with Ukraine against Moscow's forces.
Ukraine war latest: Russian deserter fleeing Ukraine opens fire on police with machine gun
(The Telegraph) A Russian deserter opened fire on police in the southern Russian town of Novoshakhtinks, wounding one officer.
Ukraine war: Zelensky visits troops near 'most difficult' front line (BBC News) Ukraine's president says the defence of the eastern Donetsk region is crucial to protect the entire nation.
How Ukraine’s proposed special tribunal for Russian aggression would work (Atlantic Council) A special tribunal on Russian aggression would raise questions around jurisdiction, legal details, and the role of the US. Here's how they can be addressed.
Russia must stop being an empire if it is wishes to prosper as a nation (Atlantic Council) Post-Soviet Russia never shed the imperial identity inherited from the Soviet and Czarist past but Putin's disastrous invasion of Ukraine could now set the stage for the emergence of a post-imperial Russian identity.
Go Slow on Crimea (Foreign Affairs) Ukraine should not rush to retake the peninsula.
Ukraine war revives EU wish to bring Balkans into its fold (France 24) European Union leaders vowed on Tuesday to strengthen ties with the Western Balkans, a drive reinvigorated by Russia's war on Ukraine.
Sweden getting into the NATO groove by aiding Ukraine, boosting budget (Defense News) Would-be member Stockholm joins the rest of the alliance in scrambling for weapons and ammunition.
Hungary blocks EU’s £15.5bn Ukraine aid package (The Telegraph) Veto sets up a showdown between Viktor Orban, the Hungarian prime minister, and other EU leaders at next week’s European Council summit
Taking lessons from Ukraine, British Army upgrades its radios (Breaking Defense) The £90 million ($103 million) contract includes the delivery of more than 1,300 AN/PRC-163 handheld and AN/PRC-167 manpack software defined radios to the British military.
U.S. approves potential sale $3.75 billion of M1A1 Abrams tanks to Poland (Reuters) The U.S. State Department has approved a potential sale of 116 General Dynamics made M1A1 Abrams tanks, other vehicles and munitions to Poland in a deal valued at up to $3.75 billion, the Pentagon said on Tuesday.
Readout of Deputy Secretary of Defense Dr. Kathleen H. Hicks' Meeting With U.K. Permanent (U.S. Department of Defense) Deputy Secretary of Defense Kathleen H. Hicks met with the United Kingdom's Permanent Undersecretary of Defense David Williams to discuss a range of bilateral issues.
Ukraine calls on western allies to boycott Russian culture (the Guardian) Minister defends step in ‘civilisational battle’ but says it would not amount to ‘cancelling Tchaikovsky’
Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets (BlackBerry) APT group Mustang Panda now appears to have Europe and Asia Pacific targets in its sights. The BlackBerry Research and Intelligence team recently unearthed evidence that the group may be using global interest in the Russian-Ukraine war to deliver PlugX malware via phishing lure to unsuspecting users.
Russian hacking group spoofed Microsoft login page of US military supplier: report (The Record by Recorded Future) A well-known hacking group with ties to Russia spoofed the Microsoft login page of a U.S. military weapons and hardware supplier as a phishing lure.
Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations (Recorded Future) A recent spear phishing attempt uncovers a Russia-aligned cyber espionage campaign targeting government, intelligence, and military industries.
Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier (The Hacker News) Russia state-sponsored hacking group has been linked to cyberattacks on U.S. military weapons and hardware supplier Global Ordnance.
How one Russian group exposed the soft underbelly of federal cyber defenses (Federal News Network) The Office of Management and Budget asked agencies to submit data about how they are protecting their domains from distributed denial of service attacks after a Russian-based group claimed…
Massive DDoS attack takes Russia’s second-largest bank VTB offline (BleepingComputer) Russia's second-largest financial institution VTB Bank says it is facing the worse cyberattack in its history after its website and mobile apps were taken offline due to an ongoing DDoS (distributed denial of service) attack.
Inside the Face-Off Between Russia and a Small Internet Access Firm (New York Times) The cat-and-mouse experience of Proton, a Swiss company, shows what it’s like to be targeted by Russian censors — and what it takes to fight back.
NATO Readies for Cyber War: Simulation Shows Unified Front Against Attack (MSSP Alert) Cyber Coalition 2022 is based on a realistic scenario where a powerful threat actor tries to compromise a NATO mission.
Russia’s Ukraine invasion is fueling an energy crisis in neighboring Moldova (Atlantic Council) Russia's invasion of Ukraine is helping to fuel an energy crisis in neighboring Moldova where an over-reliance on Kremlin energy imports has long served to make the country vulnerable to Russian political pressure.
Readout of Vice President Harris’s Meeting with President Sandu of Moldova | The White House (The White House) Vice President Kamala Harris today met President Maia Sandu of Moldova at the White House. The Vice President welcomed Moldova’s progress on its reform
US doubling its UK gas exports in deal to end dependence on Russia (The Telegraph) Rishi Sunak says the national supply can 'never again be manipulated by the whims of a failing regime'
West must look at reopening Russian airspace, says former BA boss (The Telegraph) Select airlines have continued to fly over Russia since Putin's invasion of Ukraine
Attacks, Threats, and Vulnerabilities
Apiiro’s AI engine detected a software supply chain attack in PyPI (Apiiro | Cloud-Native Application Security) The Apiiro AI engine discovered a malicious Python package that is currently presented on the python PyPI package management portal.
Exclusive: UK lawmakers warned of cyber-attacks and possible harassment from Iranian operatives (CNN) British lawmakers have been warned to be on alert for cyber-attacks and possible harassment from Iranian operatives, according to correspondence sent to lawmakers in both the upper and lower chambers last month.
What is APT42 attack that spread via WhatsApp and targets high-profile activists and others (The Times of India) Iran government-backed hackers have targeted several high-profile activists, journalists, researchers, academics, diplomats, and politicians working o.
After AIIMS, Around 6000 Attempts Made To Hack ICMR Website, Data Secured (India.com) Days after AIIMS and Safdarjung Hospital, hackers tried to attack ICMR website over 6000 times but were not successful.
ICMR website is safe, cyber attack was prevented, says report (Business Today) A govt official told PTI that hackers apparently from Hong Kong tried to attack the website of the ICMR around 6,000 times in a span of 24 hours on November 30
Ransomware Attack | After AIIMS, ICMR Faces Cyber Attack | Ransomware Attack Solution (YouTube) Ransomware Attack | After AIIMS, ICMR Faces Cyber Attack | Ransomware Attack Solution | English News#BreakingNews | After AIIMS, ICMR faces cyber attack. ICM...
AIIMS cyber attack raises red flags in national security (Hindustan Times) The government has been informed that China was testing the resilience of the Indian system as part of hybrid warfare when Indian Air Force attacked Balakot on February 26, 2019 as a retaliation for the Pulwama terror strike by the Pakistan- based Jaish-e-Mohammed terror group.
Anatomizing CryptosLabs: a scam syndicate targeting French-speaking Europe for years (Group-IB) Group-IB, one of the global leaders in cybersecurity, uncovered an investment scam ring fooling users in France, Belgium, and Luxembourg into voluntarily transferring money to fraudsters.
Analysis of an Intrusion Campaign Targeting Telco and BPO Companies (CrowdStrike) CrowdStrike Services analyzes a recent intrusion campaign targeting telecom and business process outsourcing companies and shares how to defend against this attack.
'Scattered Spider' Cybercrime Group Targets Mobile Carriers via Telecom, BPO Firms (SecurityWeek) A threat actor tracked as ‘Scattered Spider’ is targeting telecom and BPO companies to gain access to mobile carrier networks and perform SIM swapping.
Black Basta Ransomware Group Actively Targeting U.S. Companies (Nuspire) The Black Basta ransomware group is actively targeting U.S.-based companies using QakBot malware.
Antwerp's city services down after hackers attack digital partner (BleepingComputer) The city of Antwerp, Belgium, is working to restore its digital services that were disrupted last night by a cyberattack on its digital provider.
Cyberpion Discovers 148,000 Critical Vulnerabilities Across Fortune 500 Organizations (PR Newswire) Cyberpion, a cybersecurity leader in external attack surface management (EASM), revealed today its analysis of public and internet-facing...
College Students Could Fall Victim to These Targeted Online Scams (Wall Street Journal) They include ‘help’ with student-loan forgiveness, fake scholarship applications and online-textbook hoaxes.
Rackspace Technology Hosted Exchange Environment Update (Rackspace Technology) ransomware incident affecting its Hosted Exchange environment, which is causing service disruptions for the company’s Hosted Exchange customers. Alongside the Rackspace Technology internal security team, the company has engaged a leading cyber defense firm to investigate. Immediately upon detecting the incident, the company took proactive measures to isolate the Hosted Exchange environment to contain the incident.
Rackspace: Ransomware attack to blame for ongoing outage (Computing) Texas-based cloud computing giant Rackspace has confirmed that it has been the target of a ransomware attack that affected several Hosted Exchange customers and prevented them from accessing their email accounts.
UK privacy watchdog reveals more than two dozen data breach incidents (The Record by Recorded Future) The UK's data protection regulator published the details of more than two dozen data protection incidents in which it reprimanded organizations.
Global Online Retailer Leaked 1.1 Billion Records Online Including Customer Data (Website Planet) Global Online Retailer Leaked 1.1 Billion Records Online Including Customer Data
Security researcher Jeremiah Fowler together with the Website
Multiple government departments in New Zealand affected by ransomware attack on IT provider (The Record by Recorded Future) A ransomware attack on a widely used managed service provider in New Zealand, is feared to have disrupted dozens of organizations.
Investigation underway into cyber attack which hit thousands of coronial and health files (RNZ) Access to 14,500 coronial files and about 4000 post mortem reports from around the country has been affected.
Macmillan Reports Data Breach Leaking Consumers’ Social Security Numbers (JD Supra) On December 5, 2022, Macmillan reported a data breach with the Texas Attorney General after an unauthorized party was able to bypass its data security...
Trends
Cyberspace in space: The out of-this-world challenges ahead (ZDNET) New horizons bring new security threats that will have to be tackled.
State of Data Engineering Survey Reveals Data Security and Access Blindspots (Business Wire) Immuta today announced the findings of its third annual State of Data Engineering Survey, which highlights the top data engineering challenges and bli
Cisco releases its annual Security Outcomes Report (Cisco) The latest edition of Cisco’s annual Security Outcomes Report identifies the top seven success factors that boost enterprise security resilience.
State-actor cybersecurity threats in 2023 (TechHQ) We spoke to a threat monitoring expert about the greatest state-actor cybersecurity threats we're likely to encounter in 2023.
Five Cybersecurity Trends that Will Affect Organizations in 2023 (Netwrix) Cybercrime is a business: Professional attackers will increasingly target users and supply chains in order to infiltrate organizations
Charted: Ransomware gangs' bullseye on U.S. companies (Axios) Ransomware gangs targeted 433 U.S. organizations between January and June this year: Report.
Technology trends, changes and the impact they have on cybersecurity (Armis) Another extraordinary year is coming to an end. Let’s have a look at the cyber risks to expect in this new digital society and industry.
A CISO's Prediction (Armis) We find ourselves at the familiar time of year where CISOs are assessing their challenges and priorities for the foreseeable future. Sorting out which cybersecurity initiatives need the most attention can be overwhelming.
Top 5 trends in IoT Cyber (Armis) The top 5 trends that we see in IoT cybersecurity from 2022.
5 healthcare cybersecurity predictions for 2023 (Armis) Get prepared to the growing importance of cybersecurity in healthcare. Explore our top predictions for 2023 and take steps to minimize cyber risks.
Top 5 trends in OT and ICS Security for 2023 (Armis) The top 5 trends in OT security are being driven by cyber threats and digital transformation, causing us to reevaluate the securing of industrial environments.
Six Public Sector Cybersecurity Predictions for 2023 (Armis) 2022 saw important strides made in public safety cybersecurity. But are protections improving fast enough?
Marketplace
Cyber will be the biggest risk code for Lloyd’s in 2023 (Strategic Risk Europe) CFC's chief underwriting officer says cyber insurance has 'had to grow up', but balancing regulation and value propositions is tricky
New Corvus Insurance Data Reveals Ransomware and Fraudulent Funds Transfer Represent More Than Half of All Claims (Business Wire) Corvus Insurance, the leading provider of Smart Cyber Insurance® products powered by AI-driven risk data, today released findings from its third Corvu
With collaboration app for security teams, Balance Theory raises $3 million (Venture Beat) Collaboration apps are a staple of the remote working era, but they’re also open to compromise. It only takes one hacker to gain access to an employee’s login credentials to access workspaces full of confidential information and materials.
AlgoSec Acquires Prevasio To Disrupt Agentless Cloud Security Market (Dark Reading) AlgoSec, a global cybersecurity leader in securing application connectivity, announced today that it has acquired Prevasio, a SaaS cloud-native application protection platform (CNAPP) that includes an agentless cloud security posture management (CSPM) platform, anti-malware scan, vulnerability assessment and dynamic analysis for containers.
Drata's Valuation Rises to $2 Billion with $200 Million Series C Funding (PR Newswire) Drata, a continuous security and compliance automation platform, today announced $200 million in Series C funding co-led by ICONIQ Growth and...
Intellicene Brand Launches After Completion of Acquisition by Volaris Group (Dark Reading) Global security technology provider with 20+ years of experience embraces the next evolution of its business with refreshed brand and invigorated leadership.
Leading Certificate Authority Completes Another Successful Year of Growth (AccessWire) GlobalSign closes out 2022 with continued digital signature success, IoT recognition, increased service provider activity BOSTON, MA / ACCESSWIRE / December 6, 2022 / GlobalSign (https://www.globalsign.com/en), a global Certificate Authority (CA) and leading provider of digital signing, identity and security solutions for the IoT, today announced the company's top achievements during 2022. Accolades: Frost & Sullivan recognized GlobalSign
DOD Contributes to Registered Cybersecurity Apprenticeship Program (U.S. Department of Defense) Since partnering with the Labor Department to establish the first federal cybersecurity apprenticeship program in January 2022, DOD has identified and developed standards for 15 critical cybersecurity
French vendor Hackuity opens its doors in the UK (CRN) The group plans to triple its customer base in 2023 following its UK debut
Crypto and AI-Focused Sequoia Partner Is Leaving the Firm (The Information) Sequoia Capital partner Divya Gupta is leaving the firm just weeks after the storied venture capital firm apologized to limited partners about its $214 million investment in the now-bankrupt crypto exchange FTX. Gupta worked on seed- and early-stage investments in cryptocurrency and artificial ...
ThreatConnect CEO Balaji Yelamanchili Joins TrueFort Board of Directors (Business Wire) Balaji brings decades of experience to TrueFort as an operating executive and investor for high growth companies including Symantec and Oracle.
Sophos appoints new SVP of sales for EMEA (IT PRO) Gerard Allison joins from Exclusive Networks and will look to accelerate growth in the region
Admiral Mike Rogers Joins Quantum Xchange’s Board of Directors (Business Wire) Admiral Mike Rogers joins Quantum Xchange's Board of Directors to advise the company's go-to-market strategy and continued innovations.
Michael Brown Joins Strider Technologies' Board of Directors - Strider | Prevent intellectual property theft and supply chain vulnerabilities (Strider) Brown brings decades of experience as Director of DoD’s Defense Innovation Unit and CEO of Symantec to fast-growing strategic intelligence firm Salt Lake City, December 7, 2022 — Strider Technologies, Inc. (“Strider”), the leading provider of Strategic Intelligence, today announced that former Department of Defense (DoD) official and corporate chief executive Michael Brown is joining […]
Products, Services, and Solutions
Cradlepoint Announces Availability of Zero Trust Network Access Solution for 5G and Hybrid Networks (GlobeNewswire News Room) Providing organizations with an easier way to identify, assign and manage user-to-application access using a fully integrated ZTNA solution...
ConductorOne Releases Baton, First and Only Open Source Toolkit for Auditing Infrastructure Access (PR Newswire) ConductorOne, Inc. announced the open sourcing of their identity connectors under the Apache 2.0 license in a project called Baton. Each...
Secret Double Octopus Enables Phishing-Resistant Passwordless MFA for Password-Centric Environments (Business Wire) Secret Double Octopus (SDO) today announced the release of new phishing-resistant passwordless MFA capabilities for customers with password-centric di
Clear Skye: A Platform-First Approach is the Key to Modern Identity Management, According to a New Enterprise Strategy Group White Paper (Business Wire) Deploying identity natively on a business platform empowers enterprises to simplify operations, increase efficiency, and improve user experience.
Midco launches rock-solid in-home wireless powered by Plume HomePass and OpenSync (PR Newswire) Midco® is enhancing the home internet experience by introducing Midco Wi-Fi powered by Plume HomePass®. This next-gen Wi-Fi service is fueled...
Tufin Release R22-2 Accelerates Digital Transformation with Enhanced Multi-Cloud Connectivity Management and More Flexible Access Change Automation (Business Wire) Tufin R-22-2 delivers industry-first Fortinet SD-WAN support and expands automation and compliance monitoring across major cloud platforms.
Thales Collaborates With AWS To Support Digital Sovereignty For Cloud Customers Via CipherTrust Cloud Key Manager Integration (Security Informed) Thales announced the launch of its CipherTrust Cloud Key Manager integration with the AWS External Key Store, a feature of the AWS Key Management Service announced at AWS re: Invent 2022.
Ontop to Deploy ThetaRay AI-Powered AML Tech to Enable the Future of Work (Business Wire) Ontop to Deploy ThetaRay AI-Powered AML Tech to Enable the Future of Work
Piiano Equips Developers to Stop Sensitive Data Breaches (GlobeNewswire News Room) Data protection company Piiano officially launches a vault for sensitive customer data, the first among a suite of privacy tools for developers...
Kintent® Launches World's First Free, Self-Service SOC 2 and NIST-CSF Readiness for Startups (PR Newswire) Kintent®, the only unified compliance, risk, and security questionnaire automation solution to accelerate sales, today announced the launch of...
Beyond Identity Launches Joint Integration With Zscaler to Accelerate Enterprise Zero Trust Security Strategies (Business Wire) Beyond Identity, the leading provider of phishing-resistant multi-factor authentication (MFA), has expanded its integration offerings to include cloud
Raytheon Intelligence & Space to provide managed security services to Georgia Technology Authority (Raytheon Intelligence & Space) Raytheon Intelligence & Space, a Raytheon Technologies business, has been selected by the Georgia Technology Authority, or GTA, to provide managed cybersecurity services to GTA and its constituent agencies.
DTEX Systems Launches Enhanced Global Partner Program to Meet Increasing Worldwide Demand for Human-Centric Insider Threat Intelligence and Security Solutions (Business Wire) DTEX Systems launches Global Partner Program to empower and support partners with human-centric insider threat intelligence & security solutions.
Swedish Grocery Chain Selects Omada for SaaS-Based IGA (PR Newswire) Omada A/S ("Omada"), a global leader of Identity Governance and Administration (IGA), announced today that Coop, a Swedish grocery retailer,...
Technologies, Techniques, and Standards
Want to detect Cobalt Strike? Look to process memory (Register) Security analysts have tools to spot hard-to-find threat, Unit 42 says
Three Ways to Improve Defense Readiness Using MITRE D3FEND (SecurityWeek) The MITRE D3FEND framework is only as effective as the planning that goes into making sure it is properly aligned with the top threats facing the organization.
Security Outcomes Report, Volume 3 (Cisco) Read our latest Security Outcomes Report to see what more than 4700 security and IT pros are doing to achieve security resilience.
How to secure application identities at developmental speed (Register) We discuss the top emerging DevSecOps trends with CyberArk
"Patchwork of solutions" leaving firms susceptible to cyber-attacks (Digit) New research has found that cyber-attacks aimed at employees are the main cause of avoidable cybersecurity incidents.
A Security Automation Playbook for 2023 | Focal Point (Tanium) Amid today’s cybertalent shortage, security leaders must consider how machines can better assist humans, rather than the other way around.
Hybrid workers are still causing major security headaches (TechRadar) Hybrid workers are still interacting with phishing emails, report warns
US Navy Participates in Australian Cyber Skills Challenge (DVIDS) Three U.S. Navy teams participated in the Australian Defence Force (ADF) Cyber Skills Challenge (CSC), which was held in Canberra, Australia, Nov. 28 – Dec. 2.
Design and Innovation
Tony Fadell Is Trying to Build the iPod of Crypto (WIRED) The product guru made Ledger’s new hardware wallet—a tiny vault for digital cash—flashy and fun. Plus, with this gadget you’ll never get FTX’d.
Cory Doctorow interviewed about cyberpunk and surveillance capitalism in The New Yorker | Boing Boing (Boing Boing) Our Boing Boing partner Cory Doctorow—activist and author of Chokepoint Capitalism, Attack Surface, and, of course, Little Brother, among other books—is interviewed in The New Yorker! The freewheel…
Research and Development
Zapata Computing Earns Two New Patents for Post-Quantum Cybersecurity Threat Intelligence (Business Wire) Zapata Computing, the leading enterprise quantum software company, today announced that the company has earned two new patents for post-quantum cybers
Academia
These are the top 10 colleges for cybersecurity education (University Business) Carnegie Mellon University, DePaul University and Embry-Riddle Aeronautical University rank among the top three best institutions.
Legislation, Policy, and Regulation
Swiss Government Wants to Implement Mandatory Duty to Report Cyber-Attacks (Infosecurity Magazine) The move would shed light on hackers and sound the alarm more widely on cyber-threats in the country.
WSJ News Exclusive | Meta’s Targeted Ad Model Faces Restrictions in Europe (Wall Street Journal) European Union privacy regulators say Facebook and Instagram shouldn’t use their terms of service to require users to accept ads based on their digital activity.
UK's GDPR replacement is an "unworkable headline-grabber" (Computing) The UK’s proposed domestic answer to the EU’s GDPR, the Data Reform Bill, is an expensive, cumbersome red herring in its current form, and unlikely to differ from the EU regulation in any significant way.
WSJ News Exclusive | TikTok National-Security Deal Faces More Delays as Worry Grows Over Risks (Wall Street Journal) Officials and executives had hoped for a year-end deal to address national-security concerns over the popular social-media platform.
Don’t use Chinese X-ray machines on EU’s borders, MEPs say (POLITICO) The complaint seeks to bar Nuctech’s equipment along the EU’s outer borders.
Readout from CISA's Fifth Cybersecurity Advisory Committee Meeting (Cybersecurity and Infrastructure Security Agency) Today, the Cybersecurity and Infrastructure Security Agency (CISA) held its fifth Cybersecurity Advisory Committee (CSAC) meeting where Director Easterly led a discussion with committee members on the CSAC’s strategic focus for 2023.
Official Says Integrated Deterrence Requires Shared Sacrifices (U.S. Department of Defense) Integrated deterrence is important in three documents released in 2022: the National Defense Strategy, the Nuclear Posture Review and the Missile Defense Review, the assistant secretary of defense for
A timeline of federal guidance on software supply chain security (ReversingLabs) Check out this timeline that lists the major policy items released by the federal government related to software security
Maryland bars state employees from using Kaspersky, TikTok, Huawei (SC Media) In an emergency cybersecurity directive issued Tuesday, the state flagged technologies from eight companies and prohibited state government employees from using them for official business.
Litigation, Investigation, and Law Enforcement
IDF cybersecurity failures could lead to stolen identities, warns state comptroller (Times of Israel) In sweeping report, Matanya Englman finds lapses in securing soldiers' dental records and fingerprints, as well as in education, transportation and Tax Authority systems
International police operation takes down iSpoof (Avast) iSpoof collected more than $120M from victims across Europe, Australia, Ukraine, Canada, and the United States.
Suspects arrested for hacking US networks to steal employee data (BleepingComputer) Four men suspected of hacking into US networks to steal employee data for identity theft and the filing of fraudulent US tax returns have been arrested in London, UK, and Malmo, Sweden, at the request of the U.S. law enforcement authorities.
Pegasus spyware: Dissident launches lawsuit against NSO Group and Bahrain (Middle East Eye) Yusuf al-Jamri, whose phone was allegedly targetted in 2019, is 'determined' to hold the company and kingdom accountable
DHS Funds Surveillance Technology in US Cities, Report Says (Bloomberg) Equipment used to detect gunshots, identify crime hotspots. Critics say tools disproportionately used in minority areas.
The Confessions of S.B.F. (Puck) An occasionally chilling conversation with Sam Bankman-Fried about accountability, naivety, family, prison, politics, and the strategy embedded in his walk of shame.
Council Post: The U.S. Government Is Now Your Company’s ‘Mudge’ (Forbes) When companies do basic application security and run good tools, meeting these new transparency strictures will be easy.