Dateline Moscow, Kyiv, London, Washington: provocation and preparation.
Who are you gonna believe, me or your lyin' satellites? (The CyberWire) Russian forces near Ukraine appear to have been augmented, and NATO governments see no signs of the withdrawal Moscow said was in progress. Recent cyber operations seem to have been more information warfare than sabotage.
Ukraine accuses Russia of cyber-attack on two banks and its defence ministry (the Guardian) Kremlin denies it was behind the attack, which Ukraine’s deputy prime minister said was the largest of its type ever seen
Ukraine points finger of suspicion at Russia over massive cyberattack (Reuters) Ukraine on Wednesday said Russia was likely behind the largest cyberattacks of their kind on the country, which downed the web portal of the defence ministry and disrupted banking and terminal services at large state-owned lenders.
US warily eyes another front in Ukraine-Russia conflict: Cyberspace (The Christian Science Monitor) Russia has never launched a cyberattack that utilizes its full range of capabilities. Tensions in Ukraine are worrying the U.S. about escalation.
Cybersecurity 'is an important element' in Russia-Ukraine conflict: CrowdStrike CEO (Yahoo Finance) Crowdstrike CEO George Kurtz joins Yahoo Finance Live to discuss international ransomware threats and how data leaks could impact the Russia-Ukraine conflict.
Cyberattacks On Ukraine Could Be Prelude To More Aggression, Experts Say (Forbes) Ukrainian officials say the attacks were “psychological” and didn’t cause damage or steal money. Experts say it could be a signal for more hacks—or worse.
Ukraine crisis: Russian cyberattacks could affect organisations around the world, so take action now (ZDNet) Mandiant warns that the history of Russian cyber aggression could lead to attacks that spread far beyond Ukraine - but if organisations have a robust cybersecurity strategy in place, there's no need to panic.
GCHQ steps in as Kremlin attempts to sow cyber panic in Ukraine (The Telegraph) Mykhailo Fedorov, Ukraine’s deputy prime minister, blames Russia for largest cyber attack in the country’s history
U.S. says Russia moving toward "imminent invasion" of Ukraine amid "false-flag" concerns over shelling claims in Donbas (CBS News) U.S. envoy to U.N. says "evidence on the ground" is mounting amid concern that claims of shelling in rebel-held region could be Russian "false-flag" pretext building.
Ukraine crisis: Joe Biden accuses Russia of running ‘false flag operation’ to justify invasion – live (the Guardian) US president says threat of Russian invasion ‘very high’, after Ukraine government source says shelling ‘looks like provocation’
Russia-Ukraine crisis: Kindergarten shelled by 'pro-Russian troops' raising fear of false flag attack (Telegraph) Multiple shelling incidents have been recorded along the line of contact between Ukrainian forces and Russian-backed rebels in eastern Ukraine on Thursday, the Organisation for Security and Cooperation in Europe said.
Ukraine crisis: Joe Biden accuses Russia of running ‘false flag operation’ to justify invasion – live (the Guardian) US president says threat of Russian invasion ‘very high’, after Ukraine government source says shelling ‘looks like provocation’
U.S. says war appears imminent after shelling on Ukraine front line (Reuters) U.S. President Joe Biden said on Thursday there was now "every indication" that Russia was planning to go into Ukraine, including signs Moscow was preparing a "false flag" operation to justify it.
Ukrainian military intel says Russian troop buildup continues but is insufficient for full-scale invasion (CNN) US President Biden called for a diplomatic solution to the Russia-Ukraine crisis in a White House speech this week and cautioned Russia against invading. Follow here for the latest news updates.
Russia 'likely' to launch 'limited' military attack against Ukraine, says Estonian intelligence (Reuters) Russia is continuing to move troops to the Ukrainian border and will likely launch a "limited" military attack against the country, the head of the Estonian Foreign Intelligence Service said on Wednesday.
NATO chief cites continuing Russian threat to Ukraine despite pullback claims (Washington Post) NATO Secretary General Jens Stoltenberg said Wednesday that Russia continues to threaten Ukraine with troops and weapons massed near the country’s borders, as Ukrainians marked a “day of unity” to confront Moscow’s aggression.
Western Officials Dispute Russian Claim of Pullback From Ukraine Border (New York Times) Russia maintained it was continuing to pull troops back from positions near Ukraine, but the United States and Britain said the military buildup was continuing.
U.S. Says Russia Moved 7,000 New Troops Near Ukraine—Despite Claims Of De-Escalation (Forbes) Russia’s recent claim that its military forces have started pulling back from the Ukrainian border appears to be false, a senior Biden Administration official alleged Wednesday, as Russia has added up to 7,000 new troops to the region in recent days.
US says Russia has added 7,000 troops near Ukraine, amid warning of fake withdrawal (The Telegraph) There is a difference between what Russia says and what it does, says chief US diplomat
U.S. says Russian claim of pullback around Ukraine is ‘false,’ accuses Moscow of adding troops instead (Washington Post) Western officials say Russia is showing no sign of pulling back its forces from the border with Ukraine — and that the Kremlin, contrary to President Vladimir Putin’s public statements, has instead recently added thousands more troops to the gathered ranks in preparation for a possible attack.
Ukraine crisis: Russia has deployed 7,000 more troops to border, US official claims – live (the Guardian) Multiple reports contradict Moscow’s claim of partial drawdown; Nato secretary general sees ‘no sign of de-escalation on the ground’
Russia added 7k troops near Ukraine border, says US official (Military Times) Russian President Vladimir Putin has denied allegations Russia intends to invade Ukraine.
German defence minister sees no sign of Russian withdrawal, 'just words' (Reuters) Germany has seen no sign that Russia has withdrawn troops from the Ukraine border area, and Moscow must do so urgently to de-escalate the situation or else face harsh consequences, German Defence Minister Christine Lambrecht said on Thursday.
Ukraine shows unity as West sees no sign of Russian pullback (The Leader) Ukrainian President Volodymyr Zelensky declared Wednesday a ‘Day of National Unity’.
Russia-Ukraine situation ‘extremely volatile’, Joly says as cyberattacks raise concern (Global News) Canada's foreign affairs minister says the threat of a Russian invasion of Ukraine remains high amid a series of cyberattacks Tuesday.
Russia would talk about security with the West under its terms - Prensa Latina (Prensa Latina - Latin American News Agency) Moscow, Feb 16 (Prensa Latina) Russian Foreign Minister Sergey Lavrov today expressed his country's willingness to talk with the West on certain security issues, without affecting its key demands such as the non-expansion of NATO to the East.
Moscow creating 'new normal' to contest sovereignty in Europe, says Nato (The Telegraph) Russia is creating a "new normal" by using military force to contest the principle of sovereignty in Europe, Jens Stoltenberg has said.
The Less Said About NATO and Ukraine, the Better (Foreign Affairs) Neither membership nor neutrality is the answer.
US and UK trying to fend off Russian invasion by making intelligence public (the Guardian) Washington and London holding regular briefings and hoping to rob Putin of element of surprise
What Nato is doing to prevent a Russia-Ukraine war and what it could do if there is an invasion (The Telegraph) Nato’s repeated warnings against an invasion do not seem to have had much of an impact on Russia
Russia Crisis Military Assessment: Ukraine invasion could happen with less than 12 hours’ notice (Atlantic Council) Russia has essentially completed preparations for a large-scale offensive operation and could likely execute a further invasion quickly, according to our military experts
Why Putin won’t invade Ukraine (Atlantic Council) By conflating three vital Russian national-security interests into four demands, the Russian leader created internal contradictions and conflicts that would make a military intervention in Ukraine disastrous.
On the Edge of a Polish Forest, Where Some of Putin’s Darkest Fears Lurk (New York Times) A U.S. missile facility in Poland is at the heart of an issue animating the Kremlin’s calculations over whether to go to war against Ukraine.
'Putin’s behaviour is explainable, but that doesn’t justify it': Sherelle Jacobs responds to readers (The Telegraph) Each week in Write to Reply a Telegraph columnist will reply to the best comments and letters written in response to their latest piece
Beijing Weighs How Far to Go in Backing Putin on Ukraine (Wall Street Journal) Behind closed doors, China’s top leaders have debated how to respond to the Russia-Ukraine crisis without hurting China’s own interests.
Chinese Support for a Russian Attack on Ukraine Cannot Be Cost-Free (Foreign Policy) Beijing backing Moscow should trigger a rethink of China-European relations.
France and Germany ‘pushing Ukraine to use unpopular peace deal’ to avert war (The Telegraph) Emmanuel Macron and Olaf Scholz said to have urged Kyiv to invoke Minsk accords that ended Russia-Ukraine conflict in 2015
Vladimir Putin could drag out Ukraine crisis for months, says Liz Truss (The Telegraph) Foreign Secretary sceptical about Russia's claims of withdrawal from the border
The Russia-Ukraine Crisis Is a Negotiation Over Deterrence and Compellence (World Politics Review) While the concepts of deterrence and coercive diplomacy are necessary to understand the current tensions in Europe between Russia, Ukraine, the U.S. and NATO, those tensions must be seen through a broader and more holistic lens, because the crisis is the result of interlocking, multisided and dynamic factors at play.
Putin Cannot Erase Ukraine (Foreign Affairs) No Russian invasion can undo Ukrainian nationhood.
Harris heads to Munich for high-stakes diplomatic trip (CNN) Vice President Kamala Harris is on her way to Munich for her latest high-stakes foreign trip as she leads the US delegation to the Munich Security Conference in Germany.
Russians ridicule western media on ‘day of no invasion’ (the Guardian) Officials and pundits mock predictions that Russia would invade, as livestream of Kyiv shows light traffic
Wars in Europe rarely start on a Wednesday, scoffs Kremlin (The Telegraph) Russian officials have openly mocked the West for fearing that an invasion of Ukraine would begin on Feb 16
Putin has seriously wounded Ukraine's economy without firing a single shot (Atlantic Council) Even without physically invading Ukraine, Vladimir Putin is already causing the country great economic losses. The West cannot stand by and watch this happen, explains Anders Åslund.
London braces for sanctions to hit its Russian cash cow (The Telegraph) Kremlin-led Gazprom, a lucrative source of business for the Square Mile, is a likely target for financial penalties
Evacuating noncombatants from Ukraine will be a mess. The West needs to ditch the blame game this time. (Atlantic Council) In a further invasion of Ukraine, Putin would be to blame for any chaos that follows.
Attacks, Threats, and Vulnerabilities
Red Cross says ‘state-sponsored’ hackers exploited unpatched vulnerability (TechCrunch) The attackers exploited a known but unpatched vulnerability in third-party software.
Red Cross reveals actors exploited unpatched Zoho security flaw in January breach (SC Magazine) Last month, the Red Cross revealed a hack compromised the data of 515,000 vulnerable people. An update shows the sophisticated, highly targeted hack exploited an unpatched Zoho ManageEngine ADSelfService security flaw.
Red Cross blames hack on Zoho vulnerability, suspects APT attack (The Record by Recorded Future) The Red Cross suspects that a recent hack of sensitive migrant data was the work of a state-sponsored hacking group.
Red Cross Hack Linked to Iranian Influence Operation? (KrebsOnSecurity) A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by…
The Elite Hackers of the FSB (BR) For almost two decades, hackers with Snake have been forcing their way into government networks. Who they work for, though, has always been a matter of pure speculation. But reporters with the German public broadcasters BR and WDR have discovered some clues, and they lead to Russia.
Russian hackers have obtained sensitive defense information technology by targeting US contractors, according to CISA (The Verge) The FBI, NSA, and CISA warned that Russian state-sponsored intrusions will continue.
Russian hackers raided defense contractors for two years, stole sensitive info (Breaking Defense) "Given the sensitivity of information widely available on unclassified [cleared contractor] networks, the FBI, NSA, and CISA anticipate that Russian state-sponsored cyber actors will continue to target CDCs for U.S. defense information in the near future."
US says Russian state hackers breached defense contractors (BleepingComputer) Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors (CDCs) since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities.
U.S. warns defense contractors about possible Russian cyber attacks (Reuters) U.S. agencies on Wednesday warned U.S.-cleared defense contractors (CDCs) about possible cyberattacks by Russian state-sponsored actors.
US says Russian hackers breached multiple DOD contractors (The Record by Recorded Future) The US government said today that Russian state-sponsored threat actors have targeted and breached multiple defense contractors between January 2020 and February 2022.
Russian State-Sponsored Actors Target Cleared Defense Contractor Networks (CISA) CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) highlighting regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. These CDCs support contracts for the U.S. Department of Defense and Intelligence Community. The CSA provides incident response and remediation recommendations as well as mitigations to reduce the risk of compromise.
Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology (CISA) Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools.
NSA, FBI, CISA Release Advisory on Protecting Cleared Defense Contractor Networks Against (National Security Agency/Central Security Service) The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) published a joint Cybersecurity
FBI sees increase in use of virtual meeting platforms for BEC scams (The Record by Recorded Future) The US Federal Bureau of Investigation said today that it had seen an increase in the use of virtual meeting platforms as a way to trick organizations into sending payments to the wrong accounts as part of a type of attack known as BEC scams.
Internet Crime Complaint Center (IC3) | Business Email Compromise: Virtual Meeting Platforms (IC3) Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.
Hackers Attach Malicious .exe Files to Teams Conversations (Avanan) Hackers are attaching malicious files to Teams conversations.
‘Ice phishing’ on the blockchain (Microsoft Security Blog) Our recent analysis of a phishing attack connected to the blockchain reaffirms the durability of threats like social engineering, as well as the need for security fundamentals to be built into related future systems and frameworks.
A Modern Ninja: Evasive Trickbot Attacks Customers of 60 High-Profile Companies (Check Point Research) Research by: Aliaksandr Trafimchuk, Raman Ladutska This research comes as a follow-up to our previous article on Trickbot, “When Old Friends Meet Again: Why Emotet Chose Trickbot For Rebirth” where we provided an overview of the Trickbot infrastructure after its takedown. Check Point Research (CPR) now sheds some light on the technical details of key... Click to Read More
Imperva Mitigates Massive Bot Attack of 400 Million Requests (Imperva) Imperva Advanced Bot Protection detected and stopped the largest bot attack in Imperva history. The web scraping attack targeted a global job listing site with operations in six countries. The attacker used a large-scale botnet, generating no less than 400 million bot requests from nearly 400,000 unique IP addresses over four days with the intent […]
An Origin Story: Darkode (The Record by Recorded Future) For years, the largest English-language dark web market in the world was a site called Darkode. It sold pre-packaged hacking kits and leased huge armies of zombie computers, known as botnets. One of its founders was a young guy from Kentucky named Ryan Green. Dina Temple-Raston, host of the new Click Here podcast and senior correspondent at The Record, talked to Green about Darkode’s origins and the important role dark web marketplaces continue to play in cybercrime. The interview was edited for clarity.
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software (The Hacker News) A new high-severity remote code execution vulnerability (CVE-2021-44521) has been reported in Apache Cassandra NoSQL database software.
BlackCat (ALPHV) claims Swissport ransomware attack, leaks data (BleepingComputer) The BlackCat ransomware group, aka ALPHV, has claimed responsibility for the recent cyber attack on cargo and hospitality services giant Swissport that caused flight delays and service disruptions.
Millions of Unsecured Member Details Discovered at Internet Society (Clario) This data exposure report covers the recent discovery of exposed personal details belonging to members of the Internet Society.
Retired Baltimore County teachers say cyber attack still impacting pension payments (WBFF) Several retired Baltimore County Public Schools teachers say the November 2020 ransomware attack on the district is impacting their retirement benefits. “It never occurred to me that my insurance and the money I get every month in my pension check would be affected by that at all,” said Cynthia North, a retired BCPS educator. Three former BCPS teachers recently sat down with FOX45 News to explain how they’ve spent months attempting to resolve the issue on their own.
Security Patches, Mitigations, and Software Updates
VMWare fixes holes that could allow virtual machine escapes (Naked Security) Hats off to VMWare for not using weasel words: “When should you act?” Immediately…
Top Attack Vectors: January 2022 (Expel) We’re often asked about the biggest threats we see across the incidents we investigate for our customers. Where should security teams focus their efforts and budgets?
The Rise of the Intelligent Bot Revolution (Arkose Labs) Although businesses invested more in bot mitigation solutions, sophisticated orchestration of attacks will become the new norm over the next three years.
Ransomware has Pushed Backup to the Breaking Point (Security Boulevard) Increasingly, when ransomware successfully infiltrates and encrypts a large company’s data, they pay the ransom, which comes as a surprise to many. For
Confluera Cloud Research Finds Cybersecurity Concern as Biggest Obstacle to Cloud and Multi-Cloud Adoption (PR Newswire) Confluera, the leading provider of next-generation cloud cyber attack detection and response, today released the findings of their latest...
Kryptowire Receives Growth Investment from USVP and Crosslink Capital (PR Newswire) Kryptowire Inc., a mobile security and privacy solutions company, today announced a growth investment led by US Venture Partners (USVP), with...
DevOps-as-a-Service Pioneer DuploCloud Raises $15 Million Series A, Experiences 270% Year-over-Year Revenue Growth (GlobeNewswire News Room) Funds Will Be Used to Scale Product Development, Enhance Global Footprint, and Grow Marketing and Sales...
Akamai buys Philly’s Linode for $900 million to supercharge its cloud computing services (Philadelphia Inquirer) Linode, which competes with industry giants such as Amazon Web Services and Microsoft Azure, is one of the city’s more successful software startups of the past 20 years.
Snyk Acquires Fugue, Enters Cloud Security Market (GlobeNewswire News Room) Extends Snyk Developer Security Platform by Enabling Developer First Cloud Security Posture Management...
Britain sees record investment in 10-billion-pound cyber sector (Reuters) British cyber security firms raised more than 1 billion pounds ($1.36 billion) in 84 deals last year, as foreign investors tapped into growth in capabilities such as network security and threat monitoring, government data showed on Thursday.
Global Digital Security Company ESET Launches New Brand Identity and Tagline: Progress. Protected. (PR Newswire) ESET, a global leader in digital security, today announced its new branding with the tagline "Progress. Protected." For more than 30 years,...
IDX Snags Three Wins in 2022 Cybersecurity Excellence Awards (PR Newswire) Today, IDX, a leading privacy platform and data breach response provider, announced its recognition in the esteemed 2022 Cybersecurity...
2021 Momentum Generated Strong Demand for Zerto Ransomware Recovery Capabilities (Zerto) With an increase in customer requirements, Zerto provides new “Get Out of Ransomware Jail” offer for 2022
Inside the launch of new cybersecurity giant Trellix (PR Week) The rebranded company combined the McAfee Enterprise and FireEye businesses.
Code42 Delivers Three Consecutive Years of Triple-Digit Growth Across its Insider Risk Management Business (Business Wire) Code42 Delivers Three Consecutive Years of Triple-Digit Growth Across its Insider Risk Management Business
NINJIO Taps B2B Sales Leader Andrew Hahn As New Chief Sales Officer (CIO Dive) News, voices and jobs for CIOs. Optimized for your mobile phone.
Meta’s Clegg Promoted as Zuckerberg Steps Back From Policy (Bloomberg) Clegg appointed president of global affairs, reporting to CEO. Zuckerberg, Sandberg will focus on their areas of expertise.
Accenture Federal Names Michael Scruggs Applied Intelligence Lead; Senior Managing Director Vanessa Godshalk Quoted (Executive Gov) Accenture’s federal arm has chosen Michael Scruggs, a former SAIC exec, as its applied intelligence lead. The Arlington, Virginia-based company said Wednesday that Scruggs will be tasked with developing procedures and strategies for predictive analytics and machine learning.
Tim Bandos Joins Comodo as Executive VP of SOC Services (Acrofan) Comodo Security Solutions is pleased to announce that Tim Bandos has joined the organization as Executive Vice President of SOC Services, bringing years of industry expertise that will strengthen Comodo’s threat detection and incident response services.Prior to joining Comodo, Bandos was CISO and VP of Managed Security Services at Digital Guardian, where he successfully developed and led the..
Deep Instinct Adds Veteran Channel Executives to Growing Global Team (Deep Instinct) AVP of Americas Channels, AVP of Global MSSP Programs, and Director of Global Distribution Push Company’s Channel Outreach to New Heights
Products, Services, and Solutions
Industry-First Laminar Cloud Data Security Platform Now Generally Available (Business Wire) Laminar, a public cloud data security provider, announces the general availability of the Laminar Cloud Data Security Platform
MITRE Engenuity Center for Threat-Informed Defense Unveils New Affiliate Program (PR Newswire) MITRE Engenuity, MITRE's tech foundation for public good, and its Center for Threat-Informed Defense today announced the launch of an affiliate...
Claroty Announces Partnership with TD SYNNEX - Claroty (Claroty) The Claroty Platform and Medigate by Claroty now available in TD SYNNEX’s portfolio; marks TD SYNNEX’s expansion into industrial and healthcare IoT security
JFrog Unveils New DevSecOps Contextual Analysis Capabilities (Business Wire) JFrog's new advanced contextual analysis security capabilities provide an automated solution for find, replace, & prioritizing hazardous CVEs.
Datadobi Awarded NCPA Contract with Climb Channel Solutions (Business Wire) Datadobi announces NCPA members can purchase Datadobi’s software suite through the cooperative via its distribution partner Climb Channel Solutions
SentinelOne Launches DataSet, a Revolutionary Live Enterprise Data Platform (Bloomberg) Company Leverages Cybersecurity Data Expertise to Help Enterprises Ingest, Store, and Understand Real Time Data at Scale – Beyond Cybersecurity Use Cases
IGI CyberLabs and SOCSoter Integrate Platforms to Streamline Continuous Monitoring Solutions for SMBs (Yahoo) The Nodeware® Vulnerability Management Solution is now integrated in the SOCSoter platform to bring customers front line security and managed alerts
Israel's Ministry of Defense Selects Anjuna Security Software to Lockdown Sensitive Data in Public Clouds (Anjuna) Israel's Ministry of Defense Selects Anjuna Security Software to Lockdown Sensitive Data in Public Clouds
Sysdig and Snyk Announce Partnership to Enable End-to-End Container Security (Business Wire) Sysdig and Synk announce a partnership to deliver end-to-end container security.
Bfore.ai Partners With Quad9 To Provide Predictive DNS Cybersecurity P (PRWeb) Bfore.ai and Quad9 today announced their partnership to augment protective DNS with PreCrime cybersecurity protection. The in
Etisalat Digital's cybersecurity arm Help AG partners with CyberArk (Gulf Business) With new CyberArk identity security offerings, Help AG will expand its portfolio to help clients further reduce cybersecurity risk in UAE and Saudi Arabia.
Commvault adds Intelligent Data Services features to fortify ransomware security (ITWeb) The enhancements to Commvault's Intelligent Data Services help to harden infrastructure against attack and improve recoverability.
Mandiant Ransomware Defense Validation helps prevent specific ransomware attacks (Help Net Security) Mandiant released Ransomware Defense Validation within the Mandiant Advantage platform to evaluate security effectiveness for enterprises.
F5 Strengthens Protection of the Digital World with F5 Distributed Cloud Services (Data Storage Asean) At its annual Agility conference, F5 announced a major expansion of its application security and delivery portfolio with F5&reg; Distributed Cloud Services that provide security, multi-cloud networkin
Proofpoint hands NZ distribution to Duo (Reseller News) Sektor-owned distributor Duo has scored a deal with Proofpoint, supplying its full suite of products to the New Zealand market.
ReliaQuest Expands GreyMatter Platform with support for Risk Scenarios and MITRE ATT&CK v10 (Business Wire) ReliaQuest, the leader in Open XDR-as-a-Service, today announced the expansion of its GreyMatter platform with support for MITRE ATT&CK v10 and Ri
Ostendio Launches Security Audit Guarantee (Yahoo Finance) Ostendio, a leading integrated risk management platform provider, announced the first industry audit guarantee for data security audits. Customers using the Ostendio MyVCM platform and working with Ostendio Professional Services to prepare for complex audits such as SOC 2, FedRAMP, and ISO 27001, will be guaranteed to pass their audits the first time. This groundbreaking offer demonstrates the confidence Ostendio has with the MyVCM platform and the ability of its Professional Services experts to
Deepwatch MDR Essentials Now Generally Available for Mid-Sized Enterprises (Business Wire) Deepwatch, the leader in advanced managed detection and response (MDR) security, announces the general availability of its managed detection and respo
Technologies, Techniques, and Standards
Coalition of US crypto firms unveils travel rule compliance platform, TRUST (The Block) The so-called Travel Rule Universal Solution Technology, or "TRUST," allows crypto firms to securely collect and transmit customer data.
Energy Department looks to build cyber threat detection platform for electric grid (Federal News Network) The agency is continuing to work on ways to boost the security of the electric grid after kicking off a largescale initiative last year.
5 ways to stop your staff ignoring cybersecurity advice (SC Media UK) Today’s workforce has grown dangerously indifferent to security warnings, warns Adenike Cosgrove, cybersecurity strategist at Proofpoint. But with determination, companies can reverse the dynamic, she says…
Password Spraying: How to Spot and Avoid These Attacks (MarketScreener) The humble password turned 60 in 2021, but it's nowhere near retirement. In fact, it's still the source of many headaches. One of them, password spraying, has become such a common threat that...
Law Firm Cybersecurity Questions to Ask Your Attorney Shared (PRWeb) A NYC area legal technology and cybersecurity expert discusses three law firm cybersecurity questions business leaders should ask their attorneys in a new
Design and Innovation
Our Quest: Advancing Product Labels to Help Consumers Consider Cybersecurity (NIST) For many decades, consumers have relied on labels to help them make decisions about which products to buy.
Researcher 'reverses' redaction, extracts words from pixelated image (BleepingComputer) A researcher has demonstrated how he was able to successfully recover text that had been redacted using the pixelation technique. Further, the researcher has released a GitHub tool that can be used by anyone to reconstruct text from obscure, pixelated images.
This amazing technology can retrieve pixelated words from redacted documents (TechRadar) New open source tool makes using pixelation to redact images a thing of the past
Research and Development
Attivo Networks® Awarded U.S. Department of Defense SBIR Contract for Unique Approach to Ransomware Mitigation (Business Wire) Attivo Networks® Awarded U.S. Department of Defense SBIR Contract for Unique Approach to Ransomware Mitigation.
Embry-Riddle Joins Elite U.S. Cyber Command Network (Embry-Riddle Newsroom) Embry-Riddle Joins Elite U.S. Cyber Command Network
Marshall Joins U.S. Cyber Command (The Parthenon) Recently, Marshall University has joined the U.S. Cyber Command (USCYBERCOM) which, according to John Sammons, will give students and staff many opportunities in the field of cyber. Sammons has served as a member of Marshall University staff since 2008, and now he is the Chair of the Department of Cyber Forensics Security along with being...
Rowan College at Burlington County Honored for Academic Excellence in Cyber Defense (TAPinto) MOUNT LAUREL, NJ — In 1999, the National Security Agency launched the Center of Academic Excellence in Information Assurance Education (CAE-IAE) program. Under this program, colleges could earn a...
Legislation, Policy, and Regulation
Boris Johnson announces £25m partnership with Australia (Mail Online) Boris Johnson spoke to Australian prime minister Scott Morrison (pictured) yesterday to strengthen the two nations' ties following a Free Trade Agreement signed last December.
EU Privacy Watchdog Calls for Ban of NSO Group's Spyware (GovInfoSecurity) In a preliminary report, the EU Data Protection Supervisor has urged EU officials to ban the use and deployment of military-grade surveillance products, citing
The heated debate over cryptocurrency mining in Ukraine (The Record by Recorded Future) And, for now at least, there’s no sign of cryptocurrency mining cooling down in Ukraine.
Senators unveil children’s online safety bill after months of pressure on Silicon Valley (Washington Post) The bill would require companies to provide parents and minors with new controls and create new obligations for platforms to address self-harm, eating disorders and other content that might harm children and teen
The Senate's big online safety bill for kids is finally here (Protocol) Sens. Richard Blumenthal and Marsha Blackburn introduced the Kids Online Safety Act.
New York Passes Two Laws Protecting Employee Privacy (cyber/data/privacy insights) The city and state governments of New York each recently passed laws to protect employee privacy – one law addressing use of automated decision-making tools in job interviews and promotions, and the other addressing electronic monitoring of employee communications.
Automated decision tools i
Justice Department Announces First Director of National Cryptocurrency Enforcement Team (US Department of Justice) The Justice Department today announced the selection and appointment of Eun Young Choi to serve as the first Director of the National Cryptocurrency Enforcement Team (NCET).
Litigation, Investigation, and Law Enforcement
More Polish opposition figures found to have been targeted by Pegasus spyware (the Guardian) Analysis by Amnesty International linked them to Pegasus Project leak of more than 50,000 phone numbers
Chinese MI6 informant gave information to MPs about Huawei threat (the Guardian) Wang Yam sent committee warnings about Britain’s involvement with telecommunications firm
Spyware dealer who sold WhatsApp-hacking tech pleads guilty (TechCrunch) Prosecutors say the dealer sold hacking tools to the Mexican government and private customers.
Mexican Businessman Pleads Guilty in U.S. to Brokering Hacking Tools (SecurityWeek) A Mexican businessman has admitted in a United States federal court to conspiring to sell and use interception devices and hacking services from companies in Italy, Israel, and elsewhere.
How a Saudi woman's iPhone revealed hacking around the world (Reuters) A single activist helped turn the tide against NSO Group, one of the world’s most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world.
WSJ News Exclusive | Justice Department Targets ‘Spoofing’ and ‘Scalping’ in Short Seller Investigation (Wall Street Journal) Federal prosecutors are investigating whether short sellers conspired to drive down stock prices by sharing damaging research reports ahead of time and engaging in illegal trading tactics, people familiar with the matter said.
Calif. AG Sets Sights On Loyalty Programs' Privacy Pitfalls (Law360) Retailers, hotels and others that offer customer loyalty programs are facing mounting pressure to comply with a unique requirement in California to be upfront about how they're profiting from the personal data they collect, with the state's attorney general making the issue a priority as a key liability safety net is set to fall.