Dateline Moscow, Kyiv, Paris, Tallinn, Berlin, and Washington: Cyberespionage courtesy of Actinium.
Collection courtesy of Actinium. (The CyberWire) Russian cyberespionage continues in the Ukraine, while observers debate the tactical situation on the ground.
Microsoft discloses new details on Russian hacker group Gamaredon (VentureBeat) Russian hacker group Gamaredon has used numerous techniques to evade detection during its cyberattacks in Ukraine, Microsoft researchers said.
Microsoft Uncovers New Details of Russian Hacking Campaign Targeting Ukraine (The Hacker News) Microsoft shared more details on tactics and techniques that Russia-based Gamaredon hacking group used to facilitate cyberespionage attacks.
ACTINIUM targets Ukrainian organizations (Microsoft Security Blog) The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs.
Ukraine accuses Russian hackers of cyber attack (Telegraph) Cybersecurity report includes screen shot of one such attempt, which shows an email, embedded with malicious code
Ukraine Considers International Cyber Help (Wall Street Journal) Ukraine has requested technology from officials in other countries to secure its networks against potential Russian cyberattacks. The country is also seeking support from other nations in tracing the origins of a Jan. 14 attack on 90 Ukrainian websites.
Top White House official warns Russian invasion of Ukraine could be preceded by cyber attacks (The Telegraph) Anne Neuberger, the deputy national security adviser for cyber, has been dispatched to Europe to warn allies about Russian cyberweapons
Hungary Blocks Ukraine from NATO Cyber Defense Center (KyivPost) Hungary erected another obstacle to Ukraine’s cooperation efforts with NATO by blocking Kyiv from joining…
Lessons from Ukraine: managing state-sponsored cyber attacks (teiss) There are always unintended consequences to serious cyber-threats. The unfortunate truth of today’s threat landscape is that you must be on a constant war-footing to keep your organisation safe.
Federal security agencies warn of potential Russian-sponsored cyberattacks (Journal of Accountancy) A joint cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency, the FBI, and the NSA urges businesses and other organizations, to step up their cybersecurity mitigation and detection efforts.
Ukraine foreign minister urges people to ignore 'apocalyptic predictions' (Reuters) Ukrainian Foreign Minister Dmytro Kuleba on Sunday urged people to ignore "apocalyptic predictions" about an imminent Russian invasion, saying his country was strong and had unprecedented international support.
Russia and Ukraine: On the Brink of War (FDD) Vladimir Putin is threatening to erase the sovereignty, independence, and self-determination of Ukraine.
What We’ve Already Learned From the Russia-Ukraine Crisis (World Politics Review) Several months of crisis on the Russia-Ukraine border has already answered important questions that had been hovering over the trans-Atlantic alliance for much of the past 15 years. It’s worth taking stock of them now because the crisis could yet unfold in ways that serve to overshadow or obscure them.
Russia could seize Kyiv in days and cause 50,000 civilian casualties in Ukraine, U.S. assessments find (Washington Post) Up to 5 million people likely to flee if Russia invades
As U.S. predicts Russia could seize Kyiv in days, diplomatic efforts set to intensify this week (Washington Post) Russia dismisses the new U.S. intelligence assessments that a full-scale Russian invasion could leave as many as 50,000 civilians dead or injured as ‘scaremongering’
Leaders meet around the globe hoping to calm Ukraine crisis (AP NEWS) International efforts to defuse the standoff over Ukraine intensified Monday, with French President Emmanuel Macron set to hold talks in Moscow and German Chancellor Olaf Scholz in Washington to coordinate policies as fears of a Russian invasion mount.
France says will recognize Russian security concerns in talks on Ukraine (CGTN) France hinted it will recognize Russia's security concerns without forsaking support for Ukraine's sovereignty when President Emmanuel Macron meets Vladimir Putin in Moscow on Monday as Europe pushes to defuse a crisis in eastern Europe.
French President Macron to meet Putin in Moscow next week and will also travel to Ukraine (LBC) French President Emmanuel Macron will meet Russian leader Vladimir Putin in Moscow on Feb. 7 and the leader of Ukraine on Feb. 8 to discuss the Ukraine situation, as Western world leaders try and avoid a major conflict with Russia over Ukraine.
How to Break the Cycle of Conflict With Russia (Foreign Affairs) Seeking consensus isn’t appeasement—it’s pragmatism.
Six reasons Russia is at odds with Ukraine’s Zelensky (Washington Post) When a television comedian named Volodymyr Zelensky catapulted into Ukraine presidency in 2019, one big promise was to make peace with Russia.
The View From Ukraine (The Power Vertical) More than 100,000 Russian troops continue to encircle Ukraine and as Moscow begins shipping supplies of blood and plasma to the front, war fears are very much in the air.
Russia demands security guarantees but what Putin really wants is Ukraine (Atlantic Council) Russian President Vladimir Putin claims to seek security guarantees and an end to NATO expansion but the crisis he has recently engineered is really all about reasserting Kremlin control over Ukraine, says Iulian Romanyshyn.
Vladimir Putin caught between choosing expensive Ukraine war or humiliating retreat (Newsweek) Whether Putin's refrain that he does not want war is genuine or not, he will have to decide soon on the fate of his 130,000 troops massed by the border.
False-Flag Invasions Are a Russian Specialty (Foreign Policy) Ukraine wouldn’t be the first place that Russia’s military started a war by faking an attack.
Russian bombers fly over Belarus amid Ukraine tensions (Military Times) The flight followed several similar patrols over Belarus, which borders Ukraine to the north.
Russian Hybrid Threats Report: Missile battalion confirmed in Belarus (Atlantic Council) The Council’s Digital Forensic Research Lab tracks the latest Russian military movements and other developments in the Kremlin's hybrid war against Ukraine.
Russia at 70 percent of Ukraine military buildup, officials say (Military Times) There is growing concern about the Russian military buildup near Ukraine.
Wetlands and radioactive soil: How Ukraine’s geography could influence a Russian invasion (Washington Post) As military analysts warn of a possible Russian invasion of Ukraine, they also are keeping an eye on the weather. Temperatures, cloud cover or even the radioactivity in the soil could determine when and where Russian troops make a possible move.
Record Covid cases in Russia and Ukraine complicate military plans (the Guardian) Spread of Omicron variant cited as another factor that could determine whether Moscow launches offensive
The West can hurt Russia in 3 critical ways, Ukraine's former president says (CNBC) Ukraine and its allies in the West need to act to weaken Russia in order to deter it from launching any kind of attack on Ukraine, its former president said.
China Can’t Carry the Russian Economy (Foreign Policy) Putin’s courting of Beijing has paid more diplomatic than economic dividends.
Biden rattles his sabre at Putin … but it’s Xi he really wants to scare (the Guardian) Tub-thumping talk of all-out war in Ukraine seems overblown but the White House knows the fledgling Sino-Russian axis is a real threat, in Taiwan and elsewhere
Foreign Direct Product Rule: Is Russia the next Huawei? (Atlantic Council) In response to Russia activity in Ukraine the US is considering deploying a Russia-focused Foreign Direct Product Rule (FDPR). If such a rule is implemented, it could cripple Russia's ability to source critical items produced from US-origin technology.
Senators worry Russia will invade Ukraine before they finalize sanctions bill (POLITICO) “I’m concerned that Mr. Putin’s timetable is different than ours. And he may well move before we can get this done,” said Sen. John Cornyn.
U.S. troops begin to arrive in Poland amid Ukraine tension (Military Times) The airborne infantry troops of the 82nd Airborne Division arrived at the Rzeszow-Jasionka airport on a U.S. Army Boeing C-17 Globemaster plane.
What weapons will Poland send to Ukraine – and is an alliance next? (Breaking Defense) With a shared border, Poland has a great interest in Ukraine's ability to withstand a Russian invasion. How far that interest will go is the question.
Germany's Olaf Scholz arrives at White House under pressure on Putin's pipeline (Newsweek) Berlin's move to not send weapons to Ukraine has been raising some questions about Germany's commitment to opposing Russia's aggression.
Germany prepares to beef up Lithuania force to show solidarity in Ukraine crisis (the Guardian) Olaf Scholz will fly to Washington as part of diplomatic effort to convince Nato he can be relied upon
Europe Won’t Make Up for Shortfalls of Russian Gas Easily (World Politics Review) The Russia-Ukraine crisis has raised alarm in Europe about the potential for major disruptions in its energy market, which is highly dependent on Russian gas. Although the EU and U.S. are currently seeking alternative suppliers to prepare for such an eventuality, none of them are in a position to offer an immediate solution.
Targeted Sanctions Are Trendy, but Not Very Effective (World Politics Review) Targeted sanctions can change bad behavior when they are tied to clear objectives and a measurable period of performance, and when the pressure exerted is both substantial and strategic. Unfortunately, these conditions are not present in the deluge of new sanctions imposed by the U.S. and its allies this week.
Attacks, Threats, and Vulnerabilities
The MY2022 app is a required download for Olympians that's pretty fishy (Android Central) To attend or participate in the 2022 Winter Olympics, you need to install the MY2022 app. Unfortunately, it's also riddled with big red flags regarding security and privacy. Here's what we found.
Beijing Winter Olympics athletes have every reason to worry about their cybersecurity (Quartz) Experts are warning of cybersecurity risks to athletes and spectators attending the Beijing Winter Olympics.
North Korea dey tiff Crypto to fund dia Missile Programme - UN (BBC News Pidgin) North Korea cyber attackers tiff $50m between 2020 and di middle of 2021.
BlackCat (ALPHV) ransomware linked to BlackMatter, DarkSide gangs (BleepingComputer) The Black Cat ransomware gang, also known as ALPHV, has confirmed they are former members of the notorious BlackMatter/DarkSide ransomware operation.
BlackCat confirms BlackMatter roots, but makes an ask of the researcher community (SC Magazine) A spokesman for the ransomware group most commonly called BlackCat confirmed its lineage as part of the Dark Side/BlackMatter family in an interview with a threat analyst at Recorded Future, and asked that the group be referred to by its advertised name of ALPHV. The connection to Dark Side had been suspected since at least the beginning of the year.
An ALPHV (BlackCat) representative discusses the group’s plans for a ransomware ‘meta-universe’ (The Record by Recorded Future) Late last year, cybersecurity researchers began to notice a ransomware strain called ALPHV that stood out for being particularly sophisticated and coded in the Rust programming language—a first for ransomware used in real-world attacks.
FBI issues alert for LockBit 2.0 ransomware group, enlists public for help (SC Magazine) The FBI’s Cyber Division on Friday issued a flash alert on how organizations can tell if they’re victims of affiliates of the LockBit ransomware-as-a-service.
FBI shares Lockbit ransomware technical details, defense tips (BleepingComputer) The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with Lockbit ransomware attacks in a new flash alert published this Friday.
Indicators of Compromise Associated with LockBit 2.0 Ransomware (FBI) LockBit 2.0 operates as an affiliate-based Ransomware-as-a-Service (RaaS) and employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. LockBit 2.0 ransomware compromises victim networks through a variety of techniques, including, but not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits.
Germany Ransomware Attack Tied to Colonial Pipeline Hackers (Time) The attacks come amid heightened tensions in the region as Russian troops are massed on the Ukrainian border
Law enforcement action push ransomware gangs to surgical attacks (BleepingComputer) The numerous law enforcement operations leading to the arrests and takedown of ransomware operations in 2021 have forced threat actors to narrow their targeting scope and maximize the efficiency of their operations.
Airport services firm Swissport reports ransomware incident (ZDNet) Swissport said part of its IT infrastructure was hit with a ransomware attack on Thursday.
Suspected Chinese hackers hit News Corp with 'persistent cyberattack' (CNN) News Corp suffered a "persistent cyberattack" in January, the company said Friday, and investigators believe Chinese spies may be responsible.
Rupert Murdoch's News Corp hacked in cyber attack believed to be linked to China (Sky News) Investigators believe the cyber attack was linked to China and affected a limited number of individuals working for outlets including News UK - publisher of The Times and The Sun - and the Wall Street Journal and the New York Post.
News Corp cyber-attack: firm says it believes hack linked to China (the Guardian) Hacking of emails at Murdoch company raises fears for safety of journalists’ confidential sources
Mandiant: News Corp Cyberattack Likely Tied to China (Channel Futures) News Corp was targeted by a cyberattack believed to gather intelligence to benefit China. It publishes the Wall Street Journal and New York Post.
Data stolen from journalists after News Corp hacked (Irvine Times) Chinese intelligence-gathering is said to be behind the operation, according to cyber security experts.
EXCLUSIVE iPhone flaw exploited by second Israeli spy firm-sources (Reuters) A flaw in Apple's software exploited by Israeli surveillance firm NSO Group to break into iPhones in 2021 was simultaneously abused by a competing company, according to five people familiar with the matter.
Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware (The Hacker News) After NSO, another Israeli company, QuaDream, has been caught weaponizing iPhone bugs to deploy a spyware called Reign, similar to Pegasus.
NSO Group's Pegasus Spyware and Phantom Encryption Cracker Trigger Fresh Concerns (MSSP Alert) Are some U.S. agencies drawn to NSO's Pegasus spyware & Phantom encryption cracking software? Here's why MSSPs should pay attention.
One American Hacker Suddenly Took Down North Korea’s Internet—All Of It (Forbes) Here's how a single U.S. hacker looking for revenge 'hacked back' and took down Kim Jong-un's North Korean internet connectivity.
Phishing kits that bypass MFA protection are growing in popularity (Help Net Security) Increased MFA use has pushed developers of phishing kits to come up with ways to bypass that added account protection measure.
The Real Harm of Crisis Text Line's Data Sharing (Wired) People who need help have access to a growing number of advice and care tools—some helpful, some harmful. Consumer protections need updating.
Wormhole cryptotrading company turns over $340,000,000 to criminals (Naked Security) It was the best of blockchains, it was the worst of blockchains… as Charles Dickens might have said.
Wormhole Rescue Shows Crypto World Can Move Fast and Fix Things (Bloomberg) Jump Crypto rescues project after hacker snags $320 million. Wormhole-like bridges are of ‘paramount importance’ to crypto.
Increasing Adoption of Phishing Kits Puts MFA at Risk (Gov Info Security) Researchers report that because of increased use of multifactor authentication, attackers are developing phishing kits that steal tokens and bypass this trusted
Health Sites Let Ads Track Visitors Without Telling Them (Wired) Privacy policies didn't tell the whole story about third-party tools gathering personal information from the sites of medical and genetic-testing companies.
LockBit ransomware gang claims PayBito crypto exchange as new victim (HackRead) LockBit ransomware operators claim that they stole the PayBito database that contains 100,000 customers’ information including email addresses and “weak” password hashes.
KP cyber-attack won't be the last, as top consumer brands fall short when it comes to cybersecurity, says GlobalData (GlobalData) Following today’s news (Thursday 3 February) that KP Snacks will limit the size of orders to retailers after a ransomware attack; George Henry, Consumer Analyst...
Nation-State Cyber-Attack Tools Enter Black Market, With Rise In Ransomware As A Service (IndiaTimes) Cyber-attacks are on the rise globally, accelerated further after the pandemic forced the world into a remote workforce and a digitized ecosystem. In India, cyber-attacks have doubled in the past three years
How the growing Russian ransomware threat is costing companies dear (the Guardian) With KP Snacks the latest cyber-attack victim, firms must learn to defend themselves against a mounting menace
Kaspersky finds 33 vulnerabilities in the patient data transfer for wearables (Back End News) Kaspersky experts have discovered that the most commonly used protocol for transferring data from wearable devices used for remote patient monitoring contained 33 vulnerabilities, including 19 “cri…
Segway’s Online Store Infected With a Credit Card Skimmer Used in a Large-Scale Magecart Attack Campaign (CPO Magazine) Segway’s online store (store.segway.com) suffered a Magecart attack that potentially allowed attackers to access customers’ credit card information.
Breach of state database may expose personal information (AP NEWS) The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system.
Washington state agency discloses data breach impacting hundreds of thousands of licensed professionals (The Record by Recorded Future) The Washington Department of Licensing (DOL) said in a press release late Friday night that it suffered a security breach of its IT system and that the personal data of hundreds of thousands of licensed professionals may have been exposed.
Cyber thieves target local, county governments as launch pad for bigger attacks (The Detroit News) A hack of Webster Township in Washtenaw County was one of 77 U.S. ransomware attacks in 2021 that were confirmed by cybersecurity firm Emsisoft
Gloucester City Council cyber attack disrupts university consultation (BBC News) A deadline for comments on the plans has been extended after hackers hit Gloucester City Council.
Pollution data permanently lost because of cyber attack (The Ferret) Information on thousands of environmental checks and pollution breaches over 15 months has been permanently lost because of a cyber attack.
Security Patches, Mitigations, and Software Updates
Microsoft temporarily disables MSIX protocol handler following malware abuse (The Record by Recorded Future) Microsoft has temporarily disabled the MSIX protocol handler in Windows installations after the Emotet gang has abused it over the past three months to deploy malware on user systems.
February 2022 Patch Tuesday forecast: A rough start for 2022 (Help Net Security) Todd Schell from Ivanti offers his February 2022 Patch Tuesday forecast, and illustrates what we can expect next Tuesday.
Cisco patches 15 vulnerabilities in its SMB RV Series routers (SC Magazine) The recent advisory offers free patches for small businesses looking to protect themselves against arbitrary code execution, privilege escalation, and denial of service attacks.
Trends
NSA rounds up the year in cyber (FCW) The National Security Agency's Cybersecurity Collaboration Center helped mitigate major vulnerabilities in 2021 while serving as a critical hub for industry and government officials to collaborate on cyber initiatives in an unclassified setting, according to a new report.
Out-of-Control Cybercrime Will Cause More Real-World Harm (Wired) Ransomware and online attacks can cause deadly real-world harm. Governments need to raise their game in response.
Data Breach Report: 2021 Year End (Risk Based Security) Today we released our 2021 Year End Data Breach QuickView Report, revealing that 4,145 publicly disclosed breaches had exposed over 22 billion records last year.
Bots Are Overrunning Crypto Networks Like Solana as They Hunt for Profits (Bloomberg) After conquering the Ethereum ecosystem, crypto trading bots are roaming — and causing havoc on — younger blockchains.
Cryptocurrency has Become a Leading Threat for Cyber-Attacks on Young Adults (Stanford Arts Review) With the growing popularity of cryptocurrency, cyber criminals are taking this as an advantage to trick young adults into their potential cyber-attacks
Foreign hackers up their game, your agency may not be prepared (Federal News Network) The so-called insider threat remains a potent one for cybersecurity practitioners. But old fashioned outside hackers have been raising their capabilities. Now they're the biggest threat to governments…
Marketplace
Is slew of small cybersecurity exits a sign of things to come? (CTECH) “2022 will be a sobering year in which the leading companies will be separated from those that can’t keep up with the pace of growth,” said Yair Snir, Vice President, Managing Director at Dell Technologies Capital
Has the cybersecurity bubble burst? (Globes) In October Check Point CEO Gil Shwed warned of a bubble in the cybersecurity sector, recent market falls seem to have vindicated his cautious approach.
SecurityScorecard Acquires LIFARS; Empowers Organizations with a Complete View of Cyber Risk and an Accelerated Path to Cyber Resilience (SecurityScorecard) SecurityScorecard , the global leader in cybersecurity ratings, announced today that it has acquired LIFARS ™, a global leader in digital forensics, incident response and cyber resiliency services. SecurityScorecard is the first cybersecurity ratings company to offer digital forensics and…
HackerOne Raises $49M Series E to Drive Growth of Hacker-Powered Security Platform (Crowdrund Insider) HackerOne, a hacker-powered security platform, has raised $49 million dollars in a Series E funding round. The funding, led by investment firm GP Bullhound, brings total investment to date to nearly $160 million.
ZeroFox CEO James Foster: IDX deal will be incrementally valuable to company, clients (AlphaStreet) The widespread digitalization, which accelerated during the COVID-19 pandemic, has underscored the need for effective technologies to protect digital assets. ZeroFox is a leading provider of cybersecurity solutions that identify, manage and mitigate threats. Among its many innovatiave solutions, the Maryland-based technology firm's patented SaaS technology effectively protects content shared on social media platforms. In […]
Atos' M&A prospects hang in the balance of French government (Reuters) The French government holds the final keys to any move to buy the BDS cybersecurity division of France's Atos (ATOS.PA), industry sources and analysts said, after French defence company Thales was reported to be devising a break-up plan.
Vaultree Joins the Global Cyber Alliance as a Partner (Vaultree) Partnership Enables Encryption-as-a-Service Provider to Extend Value to Worldwide Cybersecurity Community
‘We don’t want these kinds of people’: NSO employees pay the price for Pegasus spyware scandal (Haaretz) Some cybersecurity execs refuse to hire ex-NSO workers, who they claim lack a moral backbone and could expose their clients to risks. Are they a minority?
GETTR fired IT and cybersecurity teams amid financial problems, former employees say (Washington Examiner) Social media upstart GETTR fired over a dozen staff members late last year, including two key executives and its entire IT and cybersecurity teams, amid rapid growth and what former employees said were funding problems.
RevBits Endpoint Security Maintains its ICSA Labs Certification (PR Newswire) RevBits announces that it has maintained its ICSA Labs Advanced Threat Defense (an Independent Division of Verizon) certification, reported in...
Amazon Breaks Record for One-Day Gain in Market Cap (Wall Street Journal) The jump followed the plunge in Facebook parent Meta’s shares, highlighting the divergence in fortunes among giant tech stocks.
Cyber Security Insurance Market Is Expected to Boom: Northrop Grumman Corporation, CACI International, NetCentrics (Digital Journal) Cyber security insurance, also known as cyber liability insurance or cyber insurance, is a contract that a company can take out to reduce the financial
Fortinet, Check Point CEOs spar over firewall performance (CRN Australia) Rival compared a brand-new firewall to a two-year-old model.
Trend Micro becomes first global cybersecurity giant to launch MEA HQ and local cloud data lake in Saudi Arabia (Saudigazette) Trend Micro becomes first global cybersecurity giant to launch MEA HQ and local cloud data lake in Saudi Arabia
Zscaler Establishes Government Arm in Virginia; Peter Amirkhan Quoted (ExecutiveBiz) Cloud security company Zscaler has created a government-focused subsidiary with the intent to help federal customers implement strategies for the adoption of cybersecurity technologies and zero trust frameworks.The Zscaler U.S. Government Solutions business is headquartered in McLean, Virginia, and will accommodate 75 employees to support agencies and their systems integration partners, the company said Friday.Peter
Why the balance of power in tech is shifting toward workers (MIT Technology Review) A record number of tech worker unions formed in the US last year. They’re part of a global effort.
Arlene Wube Wins Washington Business Journal Diversity in Business Award (Arlo Solutions) Arlene Wube, President and COO of Arlo Solutions, was listed as a Washington Business Journal Diversity in Business Awards Honoree. The Diversity in Business Awards recognize the Washington region’s top business leaders of color in the Greater Washington area based on demonstrated success over the past 12 to 18 months. Nominations are judged based on professional accomplishments, community leadership and philanthropy, as well as awards and milestones.
Mike Lynch steps down as Darktrace adviser as he fights extradition to U.S. -Telegraph (Reuters) British tech tycoon Mike Lynch has resigned as an adviser to Darktrace PLC , a British cyber security firm, the Telegraph reported on Friday.
Noetic Cyber expands its leadership team with 3 key executive hires (Help Net Security) Noetic Cyber announced it has expanded its leadership team with three key new hires to meet the growing market demand for CAASM solutions.
Baidam Solutions adds four new hires as part of First Nations initiative (CRN Australia) As it looks to solidify capabilities for government and enterprise customers.
Aryaka Bolsters Team with Seasoned Execs as Growth Accelerates (Yahoo Finance) Aryaka Bolsters Team with Seasoned Execs as it Prepares for Continued Future Growth
Strategic Cyber Operations Expert Rejoins Booz Allen (Booz Allen Hamilton) Raynor Dahlquist has rejoined the firm as a senior vice president within the national security business
Products, Services, and Solutions
New infosec products of the week: February 4, 2022 (Help Net Security) The featured infosec products this week are from: Cato Networks, Cymulate, Gretel, Juniper Networks, Mandiant, Ping Identity, Qualys, ShiftLeft, and Tenable.
Castalot™ Dice to Create Modern Passwords (Loistava) Today we're truly excited to announce the launch of our first crowdfunding pre-campaign for our first product: CASTALOT™ Dice.
"Digital Garlic" Scares Away Hackers (Loistava) Time Management for Hackers | Attackers don’t bother brute-forcing passwords that are long or passwords that contain special characters.
Tenable launches suite of new product features to deliver full lifecycle cloud-native security (Security Infowatch) Our newest Tenable.cs product features are designed to enable organizations to stay agile while reducing risk
Intel claims its CPUs have fewer new security bugs than AMD (TechRadar) Most of its GPU bugs also come from AMD tech, Intel says
Fortinet releases children’s book to increase cyber awareness | Loop Jamaica (Loop News) Cybersecurity solutions company Fortinet has released a book designed to increase cyber awareness amongst children in Latin America and the Caribbean.
The book, “Cyber Safe: A Dog’s Guide to Internet Security”, is available to download for f
Cyware Announces New Advisory Feeds to Give Cyber Teams Access to Added Threat Intelligence (Business Wire) Cyware, today announced ‘Advisory Feeds,’ a new capability in its Cyware’s Situational Awareness Platform (CSAP).
Technologies, Techniques, and Standards
GlobalPlatform MCU Protection Profile simplify IoT security & certification (GlobalPlatform) The standard for secure digital services and devices
Microsoft says MFA adoption remains low, only 22% among enterprise customers (The Record by Recorded Future) Despite years of promotional efforts to get users to enable stronger authentication mechanisms, Microsoft said this week that only 22% of all its Azure Active Directory (AD) customers used a multi-factor authentication solution to secure their accounts last year.
Strong authentication protects against phishing. So why aren't more people using it? (ZDNet) Microsoft calls on customers to enable multi-factor authentication as it blocks billions of phishing email and password attacks.
Talk to the board, not just IT, about ransomware (Cybersecurity Dive) The spread of fast-moving cyberattacks accelerates the need for rapid, clear communication between end-users, security teams and the board.
Strong security starts with the strengthening of the weakest link: passwords (Help Net Security) In this interview, Darren Siegel, a cyber security expert at Specops Software, talks about password security challenges.
Research and Development
America races to avert the "Quantum Apocalypse" (Newsweek) A quantum shutdown "could be the most catastrophic disaster we've experienced," the Director of Hudson Institute's Quantum Alliance Initiative told Newsweek.
The race to understand the exhilarating, dangerous world of language AI (MIT Technology Review) Hundreds of scientists around the world are working together to understand one of the most powerful emerging technologies before it’s too late.
Academia
CIBO gets update on Montreat cybersecurity program (Mountain Xpress) Folks at the 650-student Montreat College may soon find themselves rubbing elbows with the top minds at the National Security Agency as a result of the college’s elite cybersecurity program, according to Paul Maurer, president of the college. During a Feb. 4 meeting of the Council of Independent Business Owners, Maurer told attendees that the…
NPS joins USCYBERCOM Academic Engagement Network (EurekAlert!) The U.S. Cyber Command (USCYBERCOM) has selected the Naval Postgraduate School (NPS) to join its Academic Engagement Network (AEN), an alliance of 84 public and private academic institutions collaborating to support and enhance four USCYBERCOM lines of effort: future workforce, applied cyber research, applied analytics and strategic issues.
Verizon opens new 5G labs at Caltech and Penn State (TechRepublic) Researchers will use the high-speed connections to develop autonomous systems and manufacturing use cases for industry 4.0.
Legislation, Policy, and Regulation
The Kremlin’s Quest for Biometric Data (CEPA) Russia’s government has directly intervened to seize control of biometric data belonging to Russian citizens, and is refusing to detail how it will be used.
Defense Ministry said to freeze export licenses for Israeli ‘cyberattack’ tech (Times of Israel) According to TV report, ministry conducting in-depth review into spyware's usage amid widespread accusations of abuse around the world
FCC gets $5.6 billion in requests to access $1.9 billion pot for ripping out Huawei and ZTE (ZDNet) US Federal Communications Commission has received 181 applications from small carriers to access its funding.
The cost of ripping and replacing Chinese cellular equipment has ballooned by billions (The Verge) The carriers’ applications are still being reviewed.
The Coast Guard Needs Stronger Policy to Prevent Maritime Cyber-Attacks (Naval Institute Proceedings) The Coast Guard needs better tools to effectively prevent and respond to the escalating cyber threat.
Thousands of Pentagon contractors could buckle under cybersecurity push (Medium) The Biden administration is forging ahead with a scaled-back plan to regulate cybersecurity in the vast and complicated defense industry…
Litigation, Investigation, and Law Enforcement
Pegasus snooping controversy rocks Indian parliament as opposition cries foul (RFI) Revelations about India’s alleged purchase of Israeli Pegasus spyware rocked parliament this week as main opposition parties cornered Prime Minister Narendra Modi’s government, accused it of misleadi…
Israel announces state inquiry into spreading NSO scandal (Reuters) Israel announced it was setting up a state commission of inquiry on Monday after a newspaper reported illicit use by police of powerful spyware against confidants of former Prime Minister Benjamin Netanyahu and a slew of other public figures.
Police use Israel's NSO to target politicians, businessmen, journalists - report (Jerusalem Post) A new report added a slew of businessmen, protest leaders and politicians to the list of alleged police wiretapping targets.
Shaked says unaware of police misusing spyware while she was Justice Minister (Times of Israel) Ayelet Shaked says she was unaware of police allegedly misusing spyware while she was serving as Justice Minister between 2015 and 2019.
Netanyahu used NSO's Pegasus for diplomacy. Now he blames it for his downfall (Haaretz) Netanyahu rode Pegasus all the way to the Abraham Accords, his most important contribution to Israeli foreign policy. Now he believes that the NSO software cost him his power
Israel's Mossad suspected of high-level Iran penetration (BBC News) The spy agency is said to have worked its way high up into Iran's security services.
What did the FBI really want NSO’s Pegasus for? (Haaretz) In Israel or in Djibouti, in the U.S. or in the EU, the reports about NSO fail to reveal the real problem with the notorious spyware
Commissioner welcomes Full Federal Court ruling on Facebook appeal (Office of the Australian Information Commissioner) The full bench of the Federal Court today rejected Facebook Inc’s appeal to set aside an earlier ruling by Justice Thawley of the Federal Court granting the Australian Information Commissioner leave to serve legal documents on the US-based entity.
China's Expanded Data Clampdown Rankles US Lawyers (Law360) Two recent Chinese information security laws have extended the country's notoriously tight grip on data to a much wider swath of materials than ever before, a development that experts say is bound to compound difficulties for U.S. litigants aiming to pry discovery from multinational companies with a presence in the nation.
U.S. Authorities Charge 6 Indian Call Centers Scamming Thousands of Americans (The Hacker News) The United States has indicted 6 India-based call centers and their directors for involvement defrauding thousands of American consumers.
Multiple India-based call centers and their directors indicted for perpetuating phone scams affecting thousands of Americans (US Attorney for the Northern District of Georgia) A superseding indictment has been unsealed against multiple Indian-based call centers and their directors charging that each of them conspired with the previously–indicted VoIP provider E Sampark, and its Director, Guarav Gupta, to forward tens of millions of scam calls to American consumers. The call centers and their directors place the initial scam calls, and the VoIP provider forwards those calls into this country, whereupon the call centers speak to —and attempt to defraud — the American-based victims.
Nintendo Hacker Gary Bowser Could Be Imprisoned For Up To Five Years (IGN) US government officials want Nintendo hacker Gary Bowser to face a five-year jail sentence for his role in creating and selling devices that hosted pirated games.