Dateline Moscow, Kyiv, and Washington: Negotiations resume as Ukraine's cities remain under attack.
Ukraine at D+21: War crimes on the ground, information operations in cyberspace. (The CyberWire) Russia's ground assault remains stalled as it doubles down on the bombardment of cities. Hacktivist seek to penetrate Russian Internet censorship.
Russia getting bogged down in Ukraine, Western nations say (Reuters) Russian forces in Ukraine are blasting cities and killing civilians but no longer making progress on the ground, Western countries said on Thursday, as a war Moscow was thought to have hoped to win within days entered its fourth week.
Russia-Ukraine war: what we know on day 22 of the invasion (the Guardian) Death toll rises in Chernihiv, Kyiv and Mariupol. Plus, Ukraine refugee exodus continues
Russia’s invasion of Ukraine: List of key events from day 22 (Al Jazeera) As the Russia-Ukraine war enters its 22nd day, we take a look at the main developments.
Live: More Than 7,000 Russian Troops Have Been Killed, According To U.S. Intelligence Estimates (Forbes) Follow real-time updates on Russia's invasion of Ukraine.
Top Marine General Praises Ukrainian Forces as 'Very Well Trained, Very Well Led' (Military.com) The Marine Corps' top officer had high praise for Ukrainian forces Wednesday as he discussed the invasion of the country by Russia.
Zelensky thanks U.S. for ‘leadership that has united the democratic world’ (Washington Post) Ukrainian President Volodymyr Zelensky thanked President Biden and the United States in a video address posted to Telegram early Thursday local time, saying he is “grateful for the leadership that has united the democratic world.”
After a Fumbled Start, Russian Forces Hit Harder in Ukraine (New York Times) After days of miscalculation about Ukraine’s resolve to fight, Russian forces are turning toward an old pattern of opening fire on cities and mounting sieges.
Russia Is Destroying Kharkiv (New York Times) Residents describe what has been lost after three weeks of attacks.
As Russian Troop Deaths Climb, Morale Becomes an Issue, Officials Say (New York Times) More than 7,000 Russian troops have been killed in less than three weeks of fighting, according to conservative U.S. estimates.
Russia-Ukraine war: Key things to know about the conflict (AP NEWS) Ukrainian President Volodymyr Zelenskyy invoked Pearl Harbor and 9/11 during a rare and urgent appeal Wednesday to the U.S.
Japan spots four Russian amphibious transports sailing from Far East (Reuters) Japan's military said on Thursday that it had spotted four large Russian amphibious warfare ships sailing close to its islands as they traveled west, possibly towards Europe.
Russia says Ukraine talks progressing as onslaught continues (AP NEWS) Russia's military forces battered Ukraine's capital region and other major cities in a bid to crush the resistance that has frustrated any hopes the Kremlin had for a lightning victory, while the two countries projected optimism for another round of scheduled talks Wednesday.
Russia and Ukraine ‘draw up 15-point peace plan’ (The Telegraph) Reported treaty would allow Kyiv to keep a standing army, but prevent it from ever joining Nato
Is Vladimir Putin stringing the West along with Russian talk of peace in Ukraine? (The Telegraph) Russian president is reinforcing his invading army, while Kremlin talks of Ukrainian neutrality as a possible compromise
Russia's Crimea envoy hopes for 'new Ukrainian government' to meet demands (Newsweek) The Kremlin's envoy said Russia would be successful in its conflict, and "and after that, probably, with a new Ukrainian government, we will talk about this question."
As Russia Digs In, What’s the Risk of Nuclear War? ‘It’s Not Zero.’ (New York Times) A series of shifts in Russian statements about using nuclear weapons has led some analysts to believe that the Kremlin sees a nuclear exchange as a viable strategy.
Zelenskyy tells US Congress, ‘We need you right now’ (Military Times) Ukrainian President Volodymyr Zelenskyy cited Pearl Harbor and 9/11 on Wednesday as he appealed to Congress to help more, but acknowledged the no-fly zone he has sought may not happen.
Here's everything the US is sending to Ukraine's military (TheHill) President Biden on Wednesday announced $800 million in new lethal aid for Ukraine, bolstering U.S.
Biden says U.S. to give Ukraine drones, anti-aircraft systems (Reuters) U.S. President Joe Biden on Wednesday said the United States was offering an additional $800 million in security assistance to Ukraine to combat Russia's invasion, with the new package including drones and anti-aircraft systems.
Opinion: Why the West must boost military assistance to Ukraine (Washington Post) Ukrainians will ultimately defeat Vladimir Putin’s army. Ukraine will be sovereign and free once again. Only two questions are unanswered: How long will it take? And how many Ukrainians will have to die before Putin’s soldiers finally leave?
‘Not brain science:’ Here’s how the Ukraine fighter swap could work (Defense News) While the politics surrounding the transfer of Polish MiG-29s to Ukraine are complicated, experts say the technical and logistical difficulties involved can be surmounted and should not stand in the way of getting a deal done.
Officials in Mariupol struggle to account for the dead. (New York Times) The coastal city, a battleground for weeks, is under an increasingly relentless Russian assault that is taking an unspeakable toll.
Hundreds feared trapped in Ukraine theater hit by airstrike (AP NEWS) Ukrainian authorities struggled to determine the fate of hundreds of civilians who had been sheltering in a theater smashed by a Russian airstrike in the besieged city of Mariupol as officials said Russian artillery Thursday destroyed more civilian buildings in another frontline city.
Survivors 'emerging alive' as rubble is cleared from bombed theatre in Mariupol (The Telegraph) There were fears of hundreds dead after Russia attacked a building that had reportedly been sheltering at least 1,000 women and children
Zelenskiy compares Mariupol to Leningrad siege as Russia launches fresh strikes on Kyiv (the Guardian) President speaks of world war two atrocity by German forces as residential tower block in Kyiv is hit
'Why? Why? Why?' Ukraine's Mariupol descends into despair (AP NEWS) In the more than two weeks since Russia’s war began, two AP journalists have been the only international media present in Mariupol, chronicling its fall into chaos and despair.
Ukraine health facilities ‘stretched to breaking point’, warns WHO (UN News) The World Health Organisation (WHO) warned on Monday that it is working “day and night” to keep medical supply chains open and preserve the health system in Ukraine, where, it says, medical facilities are stretched to breaking point.
Poll: Experts Oppose No-Fly Zone Over Ukraine (Foreign Policy) IR scholars overwhelmingly say involving U.S. air power risks uncontrollable escalation. Biden and his advisors agree.
Russia-Ukraine latest news: Joe Biden brands Vladimir Putin 'a war criminal'
(The Telegraph) US President Joe Biden said that Vladimir Putin is "a war criminal" for launching Russia's invasion of Ukraine, in the sharpest condemnation yet by a US official of Putin’s actions.
Joe Biden calling Putin a "war criminal" is "unforgivable," Russia says (Newsweek) "We consider unacceptable and unforgivable such rhetoric of the head of state, whose bombs killed hundreds of thousands of people...," a Kremlin spokesman said.
Песков назвал слова Байдена о Путине недопустимыми и напомнил о жертвах американских бомб (ТАСС) Байден ранее, отвечая на соответствующий вопрос журналиста, сказал, что считает Путина "военным преступником"
Is Vladimir Putin a war criminal, and who decides? (the Guardian) Biden has called Putin a war criminal for the assault on Ukraine. What are the paths to justice?
Congress backs more military aid for Ukraine, but how much remains unclear (Military Times) President Joe Biden announced $800 million in additional aid for Ukraine, but some lawmakers want even more.
Biden Ramps Up Military Aid to Ukraine, Including Armed Drones (Bloomberg) Zelenskiy asks U.S. to expand economic consequences for Russia. New arms package to include ‘Switchblade’ portable drones.
Pentagon dials up size, scope of Ukrainian military aid (Washington Post) ‘Kamikaze’ drones are among the expected deliveries, as the U.S. also searches for ways to improve Ukrainian air defenses
Is Biden Getting Sucked Into Putin’s War? (Foreign Policy) The Ukrainian president’s powerful appeal to Congress could change Washington’s careful calculus.
Tony Blair launches veiled attack on Joe Biden as he criticises 'strange tactic' of promising not to fight Russia (The Telegraph) The former prime minister said Vladimir Putin, the Russian president, is using Nato’s 'desire not to provoke escalation'
UN court orders Russia to cease hostilities in Ukraine (AP NEWS) The United Nations’ highest court on Wednesday ordered Russia to stop hostilities in Ukraine, granting measures requested by Kyiv although many are skeptical that Russia will comply.
The World’s Most Dangerous Man (Foreign Affairs) Putin’s unconstrained power over Russia’s nuclear arsenal.
White House mocks Russia for sanctioning the wrong Joe Biden (The Telegraph) Hillary Clinton calls Kremlin sanction a 'Lifetime Achievement Award' while Jen Psaki said she has 'no plans for a holiday in Russia anyway'
Outmatched in military might, Ukraine has excelled in the information war (Washington Post) When President Volodymyr Zelensky, speaking to U.S. lawmakers on Wednesday, aired a video documenting the human toll of Russia’s assault on Ukraine, the images were so graphic they prompted an apology from a cable news anchor for having failed to warn viewers about what they were going to see.
In a Chilling Threat, Putin Vows to Rid Russia of ‘Traitors’ (Bloomberg) Vladimir Putin warned he would cleanse Russia of the “scum and traitors” he accuses of working covertly for the U.S. and its allies.
How the West is breaking through Russia’s propaganda wall (Washington Post) A scrum of international ‘information warriors’ is racing to pierce the Kremlin’s propaganda bubble by broadcasting on shortwave radio, texting Russian strangers and sifting through military data leaks
Facebook removes "deepfake" of Ukrainian President Zelenskyy (The Verge) Facebook banned deepfakes over two years ago.
Deepfake video of Zelenskyy could be 'tip of the iceberg' in info war, experts warn (NPR.org) A fake video of the Ukrainian president claiming defeat spread on social media on Wednesday.
‘Game of Whac-a-Mole’: why Russian disinformation is still running amok on social media (the Guardian) Social media companies’ response amid war in Ukraine has been haphazard and confusing, experts say
Major Ukrainian Internet Provider Triolan Suffers Severe Cyber Attacks and Infrastructure Destruction During Russian Invasion (CPO Magazine) Major Ukrainian internet service provider Triolan experienced cyber attacks causing severe internet outages during the Russian invasion of Ukraine. The Internet provider reported a major outage coinciding with the start of the Russian invasion on February 24 and again on March 9
Traffic interception and MitM attacks among security risks of Russian TLS certs (CSO Online) Russia's launch of a domestic TLS Certificate Authority to bypass Western sanctions and replace revoked and expired certificates amid the invasion of Ukraine poses significant security threats.
The Russia-Ukraine War And The Revival Of Hacktivism (Digital Shadows) The international reaction to the Russian invasion of Ukraine has manifested in a few distinct ways, as outlined in our previous reporting. This includes humanitarian efforts, wide-ranging sanctions, and businesses halting operations in Russia. Another notable response is the resurgence of hacktivism. A variety of hacktivist attacks have been conducted, with a significant number, unsurprisingly,
US has 'significant' cyber vulnerabilities, but a sweeping Russian cyberattack is unlikely (CNN) In the winter of 2015, computer hackers working for the Russian government attacked Ukraine's power grid and switched off the lights and heat to more than 200,000 consumers.
Exclusive: FBI warns of increased cyber-threats against Northeast Ohio businesses (WEWS) The FBI is warning businesses and critical infrastructure to be on high alert for cyber-threats and cyber-attacks in Northeast Ohio.
Russia is About to Hack Your Energy Source. You Could Lose Power. (TheStreet) Companies can protect themselves from hackers who are focused on targeting the refineries, pipelines and power grids in the U.S. from operating.
Law enforcement warn of immediate Russian hacking threat via MFA (Computing) The federal agencies are urging organisations to immediately apply recommended mitigations to secure their machines
Germany's BSI warns against Kaspersky AV over spying concerns (CSO Online) The warning renews global concerns about using Russian-made software as the country continues its assault on Ukraine.
EU: No evidence of Kaspersky spying despite 'confirmed malicious' classification | ZDNet (ZDNet) European Commission "not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products."
Kaspersky statement regarding the BSI warning (Kaspersky) Kaspersky releases an official statement in response to the warning issued by the German Federal Office for Information Security agency (BSI) on March 15, 2022
Collateral Damage — on Cybersecurity (Kaspersky) Eugene’s open letter in response to the warning against the use of Kaspersky products by the German Federal Office for Information Security (BSI).
China begins damage control campaign to cleanse pro-Russia reputation (Newsweek) Beijing is maintaining its "pro-Russia neutrality" at the highest levels of government, but is also trying to distance itself from the worst of Moscow's depredations in Ukraine.
China insists it won't help sustain Russia's war against Ukraine (Newsweek) China has issued a string of denials this week after U.S. officials suggested Beijing could supply Moscow with material aid.
Putin’s Friends in Latin America Are Abandoning Him (World Politics Review) Over the past decade or so, the Kremlin has endeavored to woo Latin America, with the purpose of building a beachhead in a region geographically close to the United States. But three weeks into the Ukraine war, there is little evidence these efforts have yielded any significant benefits for Russia.
Russia is risking the creation of a “splinternet”—and it could be irreversible (MIT Technology Review) If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us.
Slack has started disconnecting customers in Russia (Axios) Accounts of sanctioned companies are being suspended without notice.
Ukraine's Zelenskyy Signs Virtual Assets Bill Into Law, Legalizing Crypto (CoinDesk) Ukraine has received $100 million in crypto donations during its war with Russia.
Russia is on the verge of a huge debt default that could ripple through financial markets. Here's what to expect. (Markets Insider) Russia is teetering on the brink of its first foreign-currency bond default since 1918, when the country was convulsed by communist revolution.
Russia says it made a payment to avoid default (CNN) Russia says it has ordered the $117 million in interest payments it owes Wednesday to be sent to investors, attempting to avoid its first international default in more than a century. But it's not out of the woods yet.
Citigroup Sits Between Russia and a Possible Bond Default (Wall Street Journal) Confusion over whether foreign bondholders will receive payments puts the spotlight on the bank, which acts as the paying agent for the two dollar-denominated bonds issued by Russia.
Chechen leader challenges 'effeminate' Elon Musk to train at fight club if he wants to take on Putin (The Telegraph) Ramzan Kadyrov's comments come after Musk challenged Vladimir Putin to 'single combat' to settle the Ukraine conflict
Attacks, Threats, and Vulnerabilities
The Workaday Life of the World’s Most Dangerous Ransomware Gang (Wired) A Ukrainian researcher leaked 60,000 messages from inside the Conti ransomware group. This is what they reveal.
Kubernetes an Achilles Heel in Defense Against Ransomware Attacks (Business Wire) Veritas Technologies, a leader in multi-cloud data management, today announced the results of a new study revealing that the majority of organizations
The Email Bait … and Phish: Instagram Phishing Attack (Armorblox) This blog examines an attack impersonating Instagram, the most prominent photo, video sharing and social networking platform. The email attack had a social engineered payload, spoofing the design of a legitimate email related to e-signature
Phony Instagram ‘Support Staff’ Emails Hit Insurance Company (Threatpost) The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.”
This sneaky type of phishing is growing fast because hackers are seeing big paydays (ZDNet) Researchers warn about an increase in conversation hijacking emails, where hackers abuse accounts of people you trust to send you phishing links and malware.
The Attack of the Chameleon Phishing Page (Trustwave) Recently, we encountered an interesting phishing webpage that caught our interest because it acts like a chameleon by changing and blending its color based on its environment. In addition, the site adapts its background page and logo depending on user input to trick its victims into giving away their email credentials.
Cyberattacks are on the rise as hackers use Russia-Ukraine war as a distraction, CrowdStrike CEO says (CNBC) Online hackers have been more active since Russian forces invaded neighboring Ukraine in late February, according to CrowdStrike CEO George Kurtz.
Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters (The Hacker News) A new unpatched RCE vulnerability in the dompdf project affects HTML to PDF converters.
New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers (The Hacker News) A new infinite loop vulnerability (CVE-2022-0778) in OpenSSL could allow attackers to crash remote servers by passing a malformed certificate.
Using CAPTCHA Forms to Bypass Filters (Avanan) Threat actors are using CAPTCHA forms to get through filters.
Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system (Naked Security) “Install this moneymaking app” – this one is so special that it isn’t available on Google Play or the App Store!
Emotet's tax-season phishing is back with new tricks (CyberScoop) Researchers at Cofense say the operators behind the Emotet botnet "have upped their game" for 2022's tax season.
Filipino hacker group behind cyberattacks vs news sites —NUJP (GMA News Online) A Filipino hacker group was behind the recent cyberattacks on various media websites in the country, the National Union of Journalists of the Philippines (NUJP) said on Wednesday.
Microsoft Defender tags Office updates as ransomware activity (BleepingComputer) Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems.
APS said no data compromised in cyberattack (Albuquerque Journal) Albuquerque Public Schools on Wednesday said no data was “compromised” during a cyberattack that closed schools across the district for two days earlier this year, and a district spokeswoman said the FBI and others were advising school officials not to discuss the incident in more detail. “At this time, we have completed the investigation and […]
Rehab Group falls victim to cyber attack (The Irish Times) Disability services provider notifies Data Protection Commissioner (DPC) of attack
N.J. town working to restore operations after cyber breach (nj.com) Officials in East Windsor released little info about the breach, which they said was first noticed a week ago.
Security Patches, Mitigations, and Software Updates
CISA Adds 14 Windows Vulnerabilities to 'Must-Patch' List (SecurityWeek) CISA on Tuesday announced that it has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog.
High-Severity DoS Vulnerability Patched in OpenSSL (SecurityWeek) A high-severity DoS vulnerability tracked as CVE-2022-0778 has been patched in OpenSSL.
Severe Vulnerability Patched in CRI-O Container Engine for Kubernetes (SecurityWeek) A severe vulnerability affecting the CRI-O container engine for Kubernetes could be exploited to escape the container and gain root access to the host, CrowdStrike reports.
Google Patches Critical Vulnerability With Chrome 99 Update (SecurityWeek) A Chrome 99 update released by Google patches a critical vulnerability discovered by one of the company’s own researchers.
High-Severity Vulnerabilities Patched in Omron PLC Programming Software (SecurityWeek) Several high-severity vulnerabilities that can be exploited for arbitrary code execution have been patched in Omron’s CX-Programmer PLC programming software.
Trends
Menlo Security report reveals less than three in 10 organizations are equipped to combat the growing wave of web-based cyber threats (Menlo Security) Report finds that 62 percent of IT decision makers have suffered a browser-based attack in the past 12 months Mountain View, CA, March 16, 2022 – Web malware (47 percent) and ransomware (42 percent) now top the list of security threats that organizations are most concerned about. Yet despite the growing risks, less than a...
Positive Technologies Finds an Average of 31,000 Security Vulnerabilities Are Present in Each Organization (Positive Technologies) A new vulnerability management user guide offers results from 2021 vulnerability management scans, and explains what factors influence the criticality of vulnerabilities, why it is necessary to quickly eliminate trending vulnerabilities, details mistakes companies often make in identifying threats, and offers steps for optimizing the process of prioritizing vulnerabilities.
Number Of Fijians Falling For Online Scams Up (Fiji Sun) He said the three prevalent scams in Fiji were romance scam, loan or investment scam and multi-level marketing or the illegal pyramid selling scheme. He added that 60 per cent or 80 people were victims of the romance scam.
...
State of SRE Report: 2022 Edition | Dynatrace (Dynatrace) We asked 450 SREs across a range of industries to share their unfiltered perspective into how site reliability engineering (SRE) is evolving as a discipline.
Marketplace
Cybersecurity M&A Roundup for March 1-15, 2022 (SecurityWeek) Twenty-two cybersecurity M&A deals have been announced in the first half of March 2022.
With Defense Department Connections, Shield Capital Raises $120M To Invest In National And Commercial Security (Crunchbase News) Shield Capital raised $120 million for its first fund, which it plans to invest in tech related to commercial and national security, the firm announced this week.
Booz Allen Hamilton acquires EverWatch to accelerate analytics capabilities for clients (Help Net Security) Booz Allen announced a definitive agreement to acquire EverWatch, a provider of advanced solutions for defense and intelligence.
Hackuity Emerges From Stealth With $13 Million in Funding (SecurityWeek) Risk-based vulnerability management platform Hackuity this week emerged from stealth mode with a €12 million (roughly $13.2 million) investment.
Todyl Raises $28 Million in Funding and Launches Todyl Security Platform with Integration of SIEM, EDR/NGAV, and MXDR into Existing SASE Platform (GlobeNewswire News Room) Investment supports further development of Todyl’s comprehensive, unified security and networking platform...
Forgepoint Capital Reports Record Growth & Adds Diverse Talent to Bolster Early-Stage Venture Capital Fund (Forgepoint Capital) Forgepoint Capital, the world’s most active early-stage venture capital fund focused on cybersecurity, today announced the firm achieved record growth in 2021 and added a diverse set of seasoned executives across its organization to support the continued global growth of both the firm and its portfolio. Forgepoint now has the largest dedicated team in cybersecurity venture capital, including 11 investment professionals, 35 active cybersecurity portfolio companies, 70+ Advisory Council members, and $770M in assets under management (AUM), with over $500M deployed to date.
U.S. Dept. of Defense awards Verizon nearly $1 billion in new business (Verizon) Verizon lands close to $1 billion in new business to provide network modernization and technology services across multiple U.S. Dept. of Defense sites.
Avocado Bolsters C-Suite with Application Security Innovator, Thought Leader (Business Wire) Avocado Systems, a leader in application security and compliance, has appointed Joseph Feiman as Chief Strategy Officer.
Invicti Security Appoints Steven Fitz as Chief Revenue Officer (PR Newswire) Invicti Security™ today announced Steven Fitz has joined the company as Chief Revenue Officer. Fitz brings more than 25 years of experience...
Netlify Expands Leadership Team to Advance Development of the Modern Web (Netlify) A powerful serverless platform with an intuitive git-based workflow. Automated deployments, shareable previews, and much more. Get started for free!
Platform9 Appoints Vishwa Kapadia as Chief People Officer (PR Newswire) Platform9, the world's #1 open distributed cloud service, today announced the appointment of Vishwa Kapadia as its Chief People Officer. In...
Invicti Security appoints Steven Fitz as CRO (Help Net Security) Invicti Security announced Steven Fitz has joined the company as CRO to lead Invicti towards ambitious revenue goals in 2022.
Columbus cybersecurity-for-IoT startup adds EVP and CTO (Columbus Business Journal) Finite State Inc., which automates the search for security vulnerabilities in the embedded chips and firmware driving millions of wireless devices, has added technology and sales leaders to help lead its next stage of growth.
Bill.com Announces Technology Industry Veteran Rinki Sethi as Vice President and Chief Information Security Officer (Bill.com) Bill.com brings smart AP and AR automation and new bill payment capabilities to your business. Harness intelligent technology to help streamline your payments process.
Products, Services, and Solutions
Ingram Micro Partners with Datadobi to Offer Unstructured Data Management Solution in the Nordics (Datadobi) Ingram Micro has signed a partnership agreement with Datadobi, the global leader in vendor-neutral unstructured data management software, to distribute its solutions in the Nordics region. The partnership will enable joint customers to solve the challenge of managing, migrating, and protecting enterprise data.
Constella Intelligence Launches Phishing and Botnet Protection With Real-Time Breach Alerting (PR Newswire) Constella Intelligence ("Constella"), a leading global Digital Risk Protection and Identity Threat Intelligence company, today announced the...
Nok Nok Labs Unveils S3 Authentication Suite - Version 8.0.1 (PR Newswire) Nok Nok Labs (Nok Nok™), with the most scalable passwordless platform for transitioning to modern identity and customer authentication, today...
Progress Introduces Enhanced IT Infrastructure Observability and Security with Latest Release of WhatsUp Gold (GlobeNewswire News Room) WhatsUp Gold 2022 leverages the powerful capabilities of Progress Flowmon to help organizations improve the visibility, security and reliability of their...
CSC Unveils 3D Domain Monitoring Solution on DomainSec Platform (CSC) CSC, a world leader in business, legal, tax, and domain security, today unveiled its powerful new 3D Domain Monitoring solution as part of their DomainSec platform.
GM Sectec and SecurityScorecard Bolster Design Partnership to Accelerate Global Adoption of Cybersecurity Ratings (Security Scorecard) GM Sectec, a global leader in cyber defense laser-focused on the payments space, and SecurityScorecard, the global leader in security ratings, today announced a design partnership to accelerate the worldwide expansion and adoption of security ratings in more than 55 countries around the world.
Cloudflare Announces New Security Tools for Email, Applications, APIs (SecurityWeek) Cloudflare this week announced new WAF, email security and API security tools, many of them available at no extra charge.
Anomali releases Resilience Partner Program to meet growing demand for cybersecurity services (Help Net Security) Anomali launched the Anomali Resilience Partner Program to offer a broader range of products and services to their customers.
BlackBerry Strengthens Software Supply Chain with Corporate-Wide OpenChain ISO/IEC 5230:2020 Conformance (BlackBerry) BlackBerry Limited (NYSE: BB; TSX: BB) ) today announced that it is the first company based in North America to adopt and conform to OpenChain ISO / IEC 5230:2020 across its entire product portfolio. OpenChain is the International Standard for open-source license compliance and is designed to build trust in the supply chain. BlackBerry saw the need to lead in this space to adopt a higher standard for its software supply chain.
GroupSense and CynergisTek Strategic Partnership Aimed at Helping Healthcare Organizations (GroupSense) CynergisTek is partnering with GroupSense to provide enhanced and proactive cyber reconnaissance services and incident response services.
Qonsent and Encantos Team Up to Definitively Solve Data Privacy Issues for Children (Qonsent) Leaders in consumer-first data privacy and online education for children make headway where legislation like the Children’s Online Privacy Protection Act has failed
SpecterOps BloodHound Enterprise Now Supports Attack Path Management for Microsoft Azure (SpecterOps) Support for Azure Active Directory and more enables organizations to defend against Attack Paths in on-premises, cloud and hybrid environments Seattle, WA – March 17, 2022 – SpecterOps, a provider of adversary-focused cybersecurity solutions, today announced it has added support for Microsoft Azure to BloodHound Enterprise (BHE), the industry’s leading Attack
Cloudflare Partnership Brings Integrated Zero Trust Security to Devices, Applications and Networks (CrowdStrike) Cloudflare, Inc. today announced it is expanding its partnership with CrowdStrike to integrate its Zero Trust platform with CrowdStrike Falcon Zero Trust Assessment (ZTA).
Technologies, Techniques, and Standards
Changing the Paradigm of Control System Cybersecurity (Computer) Current cybersecurity protection relies on network monitoring. Changing the paradigm to monitor process sensors makes it practical to develop workable control system cybersecurity engineering solutions while simultaneously addressing reliability, safety, resilience, and productivity concerns.
2022 Purple Knight Report (Semperis) We protect the world’s largest and most complex environments from cyberattacks, data breaches, and operational errors. Learn more on our 2022 Purple Knight Report page.
Design and Innovation
Instagram’s promised parental controls arrive in the US (The Verge) Plus, new supervision features for VR headsets.
Meta adds basic parental supervision tools to its VR headset (TechCrunch) Despite releasing its first virtual reality headsets in May 2019, Meta is only now adding parental supervision tools to its Meta Quest VR headset.
Academia
UNG creating NSA compliance curriculum (University of North Georgia) The University of North Georgia (UNG) has received a $232,000 contract from the National Security Agency (NSA) to develop a graduate and undergraduate compliance curriculum that UNG will then teach and that the agency can make available to other government entities.
Legislation, Policy, and Regulation
Senators Ask DHS About Efforts to Protect US Against Russian Cyberattacks (SecurityWeek) A bipartisan group of 22 United States senators sent a letter to the DHS over the weekend to inquire about its efforts to protect the US against Russian cyber and disinformation threats.
Collins, King Request Information From Biden Administration on Efforts to Protect the United States from Russian Cyberthreats (U.S. Senator Susan Collins of Maine) U.S. Senators Susan Collins and Angus King, members of the Senate Intelligence...
ICYMI: Rosen Leads Bipartisan Letter to Homeland Security Secretary Requesting Information on Efforts to Protect the United States from Russian Cyber Threats
(Senator Jacky Rosen) This week, U.S. Senator Jacky Rosen (D-NV), a member of the Homeland Security and Governmental Affairs Committee, and Mike Rounds (R-SD), Ranking Member of the Armed Services Subcommittee on Cybersecurity, led a bipartisan group of 22 senators in a letter to Secretary of Homeland Security Alejandro Mayorkas requesting information on efforts to protect against Russian cyber and disinformation threats. The letter references past Russian cyber operations – such as the SolarWinds attack – as evidence of their history of engaging in malicious cyber activities that target the United States.
SEC Proposes Sweeping Cybersecurity Disclosure Framework (Cooley) On March 9, 2022, the Securities and Exchange Commission announced that it proposed rules that would expressly mandate cybersecurity disclosures by public companies.
Fearing More Cyberattacks, Congress Requires Key Businesses to Report Digital Breaches (Wall Street Journal) New law applies to hacking and ransomware attacks but leaves important details unclear
Cyber breach reporting to be required by law for better cyber defense (PWC) Prompt, consistent and mandatory reporting on cyber breaches is a great step forward. But additional legislation may be required to make sure the ultimate goals can be achieved.
Critical US Companies Legally Required To Report Cyber Attacks (Tech.co) As part of a sweeping effort to bolster the US's cyber security, it's now mandatory for some companies to report cyber attacks to CISA.
Biden Executive Order on Cryptocurrencies and Other Digital Assets Emphasizes Innovation andRegulation (Cooley) On March 9, 2022, President Joe Biden issued an executive order outlining a “whole-of-government” approach to examining a broad range of potential risks associated with the dramatic growth in digital assets, including cryptocurrencies.
I Scoured Congress’ 2,741-Page Spending Bill: Here's All The IT & Cyber In It (Nextgov.com) A thorough overview of the IT funding provided in Congress’s 2,741-page spending bill.
U.S. bars ex-spies from becoming 'mercenaries,' following Reuters series (Reuters) A new law bans the United States' former spies from hiring themselves out to foreign governments right after they stop working for Washington.
FCC Revokes Authorization of More Chinese Telecom Providers (CNET) The agency continues its efforts to secure US networks by banning companies with ties to the Chinese government amid concerns over espionage.
Purifying water of cybersecurity threats (Digital Journal) Lack of standards and regulation presents opportunities for hackers looking to disrupt their delicate Operational Technology (OT) and Industrial Control Systems (ICS).
Fleet Cyber Command will soon get a new deputy commander (FedScoop) Fleet Cyber Command/10th Fleet will soon get a new deputy commander, according to a Pentagon announcement. Rear Adm. Michael Bernacchi Jr., who is currently the director for plans and policy at U.S. Space Command, will take over as the deputy commander for the Navy’s main cyber and space arm. Fleet Cyber Command is also “dual-hatted” […]
Litigation, Investigation, and Law Enforcement
Chinese plot to smear US Congress hopeful unveiled (BBC News) The US government says agents of Chinese secret police went to "outrageous" lengths to spy on US soil.
Five people charged with acting as Chinese government agents to spy on and harass U.S. residents critical of Beijing (Washington Post) Federal prosecutors in Brooklyn have charged five people with acting on behalf of the Chinese secret police to stalk, spy on and harass U.S. residents critical of Beijing, officials announced Wednesday.
U.S. Olympian Alysa Liu, father targeted in Chinese spy case (AP NEWS) U.S. Olympic figure skater Alysa Liu and her father Arthur Liu – a former political refugee – were among those targeted in a spying operation that the Justice Department alleges was ordered by the Chinese government, the elder Liu said late Wednesday.
FTC Takes Action Against CafePress for Data Breach Cover Up (Federal Trade Commission) The Federal Trade Commission today took action against online customized merchandise platform CafePress over allegations that it failed to secure consumers’ sensitive personal data and covered up a
NS8 co-founder pleads guilty to defrauding investors of over $123 million (The Record by Recorded Future) The co-founder and former chief executive of the cyberfraud prevention company NS8 today pleaded guilty in Manhattan federal court of using fraudulent financial data to obtain tens of millions of dollars in investments.
NortonLifeLock's $8.6 bln Avast deal hits snag as UK raises concerns (Reuters) NortonLifeLock's $8.6 billion purchase of Avast hit a snag on Wednesday after Britain's anti-trust regulator said it would launch a deeper investigation into the proposed cybersecurity merger following competition concerns.
Avast Merger Raises Competition Concerns (Infosecurity Magazine) UK government finds NortonLifeLock purchase of Avast could reduce competition
NASA urged to address insider cybersecurity threats (Computing) A vast majority of NASA IT systems are unclassified, including many that contain high-value assets and critical infrastructure
