Dateline Moscow, Kyiv, Instabul, Washington: Negotiations resume, as do doxing and DDoS.
Ukraine at D+33: Negotiations resume as nuisance hacking rises. (The CyberWire) Russia is concentrating on the Donbas as Ukraine stops advances elsewhere and negotiations resume in Instanbul. Nuisance-level hacking from both sides rises, with Russian DDoS and Ukrainian doxing.
Russia says it will scale back near Kyiv as talks progress (AP NEWS) Russia’s military said Tuesday it would “fundamentally" cut back operations near Ukraine’s capital and a northern city, as talks brought a possible deal to end a grinding and brutal war into view .
Roman Abramovich attends start of Ukraine-Russia talks (the Guardian) Istanbul meeting begins ‘with no handshake’ as Kremlin dismisses reports billionaire was poisoned at previous negotiations
Kremlin says Russia-Ukraine talks could start in Turkey on Tuesday (TDPel Media) The Kremlin stated that peace talks between Russia and Ukraine might begin in Turkey on Tuesday, and that it was critical that they take place face to
Zelensky offers Putin route out of Ukraine war: "It's a Compromise" (Newsweek) "Return to where it all began, and there we will try to solve the issue of Donbas, the complex issue of Donbas," Zelensky called on Russian troops in Ukraine.
Live updates: Zelenskyy: 7 dead in southern Ukraine strike (Washington Post) Ukrainian President Volodymyr Zelenskyy says seven people were killed in a missile strike on the regional government headquarters in the southern city of Mykolayiv.
Ukrainian forces retake the town of Irpin as Russians driven back (The Telegraph) Oleksandr Markushyn, Irpin’s mayor, uses social media to declare that soldiers will soon ‘liberate Bucha, Hostomel, Vorzel’
After Russian forces pull back, a shattered town breathes (AP NEWS) The bodies of two Russian soldiers lie abandoned in the woods.
Russia shifts focus to try to grind Ukraine's army in east (AP NEWS) With its aspirations for a quick victory dashed by a stiff Ukrainian resistance, Russia has increasingly focused on grinding down Ukraine's military in the east in the hope of forcing Kyiv into surrendering part of the country's territory to possibly end the war.
Ukraine Claims Some Battle Successes as Russia Focuses on Another Front (New York Times) With the fighting raging and sputtering attempts at diplomacy continuing, diplomacy between the two sides was continuing, with talks planned in Istanbul on Tuesday.
Ukraine claims to retake Kyiv suburb from Russian control (Al Jazeera) Irpin’s mayor says the situation is still dangerous after weeks of Russian onslaught.
High risks at low altitude: Ukraine’s pilots reveal tactics giving them the edge in the skies (The Telegraph) ‘We are trained to do some crazy s---’, says MiG pilot, whose daredevil ploy is to fly ‘faster and lower’ than Russians know how to handle
Will Ukraine Win the War Against Russia? (Newsweek) Ukrainian troops have shown resistance, bolstered by Moscow's military struggles. Newsweek asked six experts if Kyiv could ultimately prevail.
Wladimir and Vitali Klitschko exclusive: 'This is genocide - we know every day could be our last' (The Telegraph) Klitschko brothers stand defiant in face of onslaught on Ukraine but hope unity will be the key to peace
Ukraine refugees near 4 million. Will exodus slowdown last? (AP NEWS) A slowdown for good or a temporary lull during the storm of war? While the number of refugees who have flooded out of Ukraine nears 4 million, fewer people have crossed the border in recent days.
Kyiv will investigate video that appears to show Ukrainian forces shooting Russian prisoners of war (Washington Post) The camera moves over a scene of misery. Men in Russian military uniforms lie bloody on the ground, stunned, with mangled legs. More men, their hands trussed behind their backs, step from a teal van, kneel to the ground and are shot behind the kneecap at point-blank range, screaming in pain. The muzzle of a gun, in the hand of a man who appears to be a Ukrainian soldier, emits a bright flash.
Will Ukraine be the next Chechnya? (Al Jazeera) Al Jazeera speaks to Chechen dissident Tumso Abdurakhmanov on the parallels between the Ukraine and Chechnya conflicts.
‘Call that a good day’ — An American is live-tweeting his part in the war in Ukraine (Task & Purpose) A popular Twitter account from a man claiming to be a U.S. Army veteran offers a snapshot of the front lines in Russia's invasion of Ukraine
No compromises with the Kremlin: Why we must denazify Putin’s Russia (Atlantic Council) Russian President Vladimir Putin claims to be engaged in a crusade to "denazify" democratic Ukraine, but in reality it is his own increasingly authoritarian regime that is in urgent need of "denazification," writes Kateryna Zarembo.
Navy electronic attack aircraft heading to Germany amid Ukraine war (Navy Times) Six EA-18G Growlers, with 240 air crew and maintainers, will head to Spangdahlem, Germany, as part of 14,000 troops the U.S. has committed to reassure NATO.
Pentagon may need more budget funding to help Ukraine (Military Times) Pentagon leaders said the budget was finalized before the invasion so it has no specific money for the war.
Internet Provider to Ukrainian Military Hit With Major Cyberattack (Wall Street Journal) Attack fuels fears that Russia, with ground war stalling, could launch destructive cyber campaign.
Ukrainian telecom company's internet service disrupted by 'powerful' cyberattack (Reuters) Ukraine's state-owned telecommunications company Ukrtelecom experienced a disruption in internet service on Monday after a "powerful" cyberattack, according to Ukrainian government officials and company representatives.
‘Most Severe’ Cyberattack Since Russian Invasion Crashes Ukraine Internet Provider (Forbes) An attack on the former national telecoms company Ukrtelecom—one of the largest telecom providers in the country—has been called the most significant in the war to date.
Ukraine internet connections crippled after massive cyberattack (Computing) A massive cyber attack hit Ukraine's state-owned telecommunications company Ukrtelecom on Monday, resulting in the country's most severe Internet disruption since Russia invaded in late February.
Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure (Security Affairs) Ukrtelecom, a major mobile service and internet provider in Ukraine, foiled a “massive” cyberattack that hit its infrastructure. On March 29, 2022, a massive cyber attack caused a major internet disruption across Ukraine on national provider Ukrtelecom. According to global internet monitor service NetBlock, real-time network data showed connectivity collapsed to 13% of pre-war levels. […]
Traffic at major Ukrainian internet service provider Ukrtelecom disrupted (The Record by Recorded Future) Web traffic from major Ukrainian internet service provider Ukrtelecom was disrupted Monday.
GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon (Security Affairs) Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” This second archive […]
Secret World of Pro-Russia Hacking Group Exposed in Leak (Wall Street Journal) A Ukrainian researcher revealed the operations of Trickbot, one of the most powerful cybercriminal enterprises with its Conti ransomware, after the group defended Russia; chats range from hospital attack plan to hackers grousing about vacation.
Names and addresses of 620 FSB officers published in data breach (Times) The names and addresses of 620 people who are said to be FSB officers were published yesterday in what Kyiv said was a huge data breach of the Russian security
Russian spies unmasked in embarrassing blow for Vladimir Putin (The Telegraph) Ukraine releases identities of more than 600 alleged FSB agents, some of whom could possibly be operating in Britain
Confirmed: Anonymous Hacks Central Bank of Russia; Leaks 28GB of Data (HackRead) One of the Anonymous affiliate groups going by the Twitter handle of @Thblckrbbtworld has leaked 28GB worth of Central Bank of Russia data in support of Ukraine.
Anonymous is working on a huge data dump that will blow Russia away (Security Affairs) The Anonymous collective hacked the Russian construction company Rostproekt and announced that a leak that will Blow Russia Away. Anonymous continues its offensive against Russia, the collective announced the hack of the Russian construction company Rostproekt and announced a leak that will blow Russia away. Link to the stolen data from the company have been […]
While Twitter suspends Anonymous accounts, the group hacked VGTRK Russian Television and Radio (Security Affairs) While Twitter suspends some Anonymous accounts, the collective hacked All-Russia State Television and Radio Broadcasting Company (VGTRK). On Friday, Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia. The group plans to distribute the stolen documents to various points on the internet […]
The Ghost of the Soviet Union Still Haunts the Internet (Wired) The empire collapsed 30 years ago, but its .su domain lives on—and is now attracting people who oppose an independent Ukraine.
Russian network 'hijacked' Twitter traffic (iTnews) BGP insecurity on display again.
Why Russia's cyber apocalypse has failed to materialise (The Telegraph) The absence of Russian hacking in Ukraine war exposes its limitations, according to experts
Russia’s space weapons may be the next frontier in the Ukraine conflict (Atlantic Council) Here’s a look at Russia’s possible range of space weapons and how the West can respond, both to blunt attacks and hold Moscow accountable.
Facebook Posts About Homeland Security Memos and 'Hacked' Cellphones Are Misleading (Snopes.com) "Don't know if this is true but better safe than sorry," one Facebook user posted.
How to Avoid Tripping Over Russia’s Ransomware Threat (Modern War Institute) In Aesop’s fable, “The Astrologer,” a man looks up toward the stars for signs about the future. While focusing his gaze upward, however, he trips and falls in a hole on the ground in front of him. While stargazing, he failed to account for the realities of his present environment. Similarly, Western analysts have focused […]
Abramovich Suffered Suspected Poisoning During Ukraine Talks (Bloomberg) Ukrainian negotiators also affected by red eyes, peeling skin. Russian billionaire has been helping set up peace talks.
Roman Abramovich ‘poisoned’ at Ukraine peace negotiations (The Telegraph) Russian oligarch, along with two Ukrainian negotiators, reportedly suffered peeling skin and temporary blindness after March 3 talks
U.S. Official Doubts Roman Abramovich Was Poisoned, Report Claims (Forbes) Abramovich and Ukrainian negotiators reportedly suffered peeling skin on their faces and eye irritation following peace talks earlier this month.
Ukraine war latest: Russia says it will 'drastically reduce' attacks around Kyiv (BBC News) The announcement came after apparent progress between negotiators in peace talks in Turkey.
Zelensky steps up criticism of West, demanding weapons and sanctions (Washington Post) The Ukrainian president’s comments come after Biden completed what was seen as a successful trip to Europe in shoring up allies against Russia
Volodymyr Zelensky in his own words (The Economist) The transcript from his meeting with our journalists
Biden Says Putin Remark Showed Outrage, Not Change in Policy (Bloomberg) President says Russian leader ‘shouldn’t remain in power’. ‘I don’t care what he thinks,’ Biden says of Putin reaction.
‘I Make No Apologies’: Biden Says His Putin Comments Were an Expression of Moral Outrage (New York Times) President Biden said his words, delivered in a speech over the weekend in Warsaw, were not a call for regime change in Russia.
Joe Biden denies calling for regime change in Russia after saying Vladimir Putin ‘cannot remain in power’ (The Telegraph) US president walks back comments after backlash from international allies and members of his administration
Vladimir Putin's fate is out of our hands (The Telegraph) Biden's gaffe exposes the fantasies and dangers of regime change talk
By doubling down on Putin, Xi is gambling his own power (Atlantic Council) If Europe’s biggest conflict since World War II produces Putin’s military withdrawal, failure, or political ouster, it has all the ingredients to pose the biggest threat yet to Xi’s leadership.
How the West Can Weaken Putin (Foreign Affairs) Encourage defections among soldiers and diplomats.
Putin’s Ukraine War Is Hollowing Out Russia’s Tech Future (Bloomberg) Thousands of IT professionals are fleeing the country, creating a brain drain that may never be reversed.
We were leaked the Panama Papers. Here’s how to bring down Putin’s cronies (the Guardian) The jurisdictions that help kleptocrats live in luxury on stolen assets must stop shielding corrupt elites
Russia compares sanctions to war as UK says Putin preparing to send 1,000 mercenaries to Ukraine (the Guardian) Putin spokesman accuses Nato of backing Russia into a corner as UK warns Moscow’s stalled offensive means mercenaries are expected to head to Ukraine
ZTE whistleblower: Chinese companies will sell to Russia (Register) Just look at Ericsson and ISIS, Ashley Yablon says
Russia Built Parallel Payments System That Escaped Western Sanctions (Wall Street Journal) Rocked by sanctions following its annexation of Crimea, Russia built its own payments network, Mir, ultimately taking the sting out of exits by Visa and Mastercard.
Putin wants the West to defeat the purpose of its own sanctions (Quartz) Putin is insisting that the US, the UK and the EU pay for their Russian gas purchases with rubles—a strategy to force the West to dilute the effects of its own sanctions on Moscow.
Prepare to switch to rubles for natural gas exports by March 31, Vladimir Putin tells Gazprom and Russia's central bank (Markets Insider) Analysts have said Putin is trying to shore up the ruble and to make life more complicated for Western countries that have sanctioned Russia.
Germany: G7 rejects Russia's demand to pay for gas in rubles (AP NEWS) The Group of Seven major economies agreed Monday to reject Moscow’s demand to pay for Russian natural gas exports in rubles .
FCC deems Russian antivirus software Kaspersky a national security threat (Fast Company) Kaspersky is the first Russian firm to join the list of risky entities, which is so far dominated by Chinese firms.
Should You Buy Kaspersky Security Products? (PCMag UK) Founded in Russia by a Russian national, with a headquarters division in Moscow—that doesn't mean Kaspersky is in Putin’s pocket. But with multiple governments and even hacker groups shunning the company, we can no longer recommend Kaspersky products.
How Corporate Boycotts Could Backfire (Foreign Policy) Activists seeking to shame companies doing business in Russia should be consistent in their moralism—and consider the consequences if Chinese consumers decide to punish the…
Cargill Dodges Russian Missiles But Vows To Keep Feeding Both Sides Of The Ukraine War (Forbes) The biggest privately held company in the U.S. has been operating in the area for decades and says food should never be used as a weapon.
The world wants to help Ukraine. Cybercriminals are using the tragedy to rip people off. (Grid News) Experts predict that scammers will only intensify their efforts to profit from the Ukraine crisis as it continues.
Crypto Scams Surge Amid Ukraine War (The Street Crypto) There's been a glut of crypto scams during the war.
Attacks, Threats, and Vulnerabilities
Mapping DPRK Cyber Threat Groups to Government Organizations (Mandiant) Mandiant believes North Korea's cyber capability supports political and national security priorities, as well as financial goals.
Microsoft Exchange targeted for IcedID reply-chain hijacking attacks (BleepingComputer) The distribution of the IcedID malware has returned to notable numbers thanks to a new campaign that hijacks existing email conversations threads and injects payloads that are hard to spot as malicious.
New Conversation Hijacking Campaign Delivering IcedID (Intezer) Intezer's research team has detected a new campaign which initiates attacks using conversation hijacking to deliver IcedID.
Spoofed Invoice Used to Drop IcedID (Fortinet Blog) FortiGuard Labs discovered a spearphishing email for a Ukrainian fuel company with an attached invoice—seemingly from another fuel provider—that contains the IcedID Trojan. Read to learn more about…
Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware (The Hacker News) Hackers exploit unpatched Microsoft Exchange servers to hijack email reply chains, tricking victims into installing IceID malware.
A Beautiful Factory for Malicious Packages (Checkmarx) In the past month, Checkmarx SCS research team has been tracking the malicious activity of RED-LILI, which marks a significant milestone in the development of software supply-chain attacks. After gathering enough clues, the team has reconstructed this threat actor’s steps in building an end-to-end system for creating NPM users and publishing packages.
Checkmarx Finds Threat Actor 'Fully Automating' NPM Supply Chain Attacks (SecurityWeek) Threat hunters at Checkmarx raise an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious packages" into the NPM ecosystem.
RED-LILI continues to launch NPM attacks on Azure developers (SC Magazine) Checkmarx says the threat actor is still actively pursuing supply chain attacks and continues to publish malicious packages.
Under the hood of Wslink’s multilayered virtual machine (WeLiveSecurity) ESET researchers describe thes structure of the virtual machine used in samples of Wslink and suggest an approach to see through its obfuscation techniques.
'Purple Fox' Hackers Spotted Using New Variant of FatalRAT in Recent Malware Attacks (The Hacker News) The 'Purple Fox' hacker group has been using a new variant of FatalRAT in recent malware distribution campaigns.
Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability (The Hacker News) Muhstik Botnet malware targets Redis servers using a recently discovered vulnerability in the database system.
School of Hard Knocks: Job Fraud Threats Target University Students (Proofpoint) Threat actors use the promise of easy money working from home to collect personal data, steal money, or convince victims to unwillingly participate in illegal activities, such as money laundering.
UK MoD's Capita-run recruitment portal support offline (Register) Info of those signing up to be soldiers leaked, as sources finger Capita-run system
Lapsus$ found a spreadsheet of passwords as they breached Okta, documents show (TechCrunch) The documents provide the most detailed account so far of how the Lapsus$ hackers targeted Okta's network.
This is Mandiant’s timeline for the Okta Lapsus$ breach, according to a researcher (VentureBeat) A security researcher has posted a purported Mandiant timeline for the Lapsus$ breach of third-party Okta support provider Sitel in January.
Lapsus$ hackers exploited Okta supplier's security lapses (iTnews) Allegedly found spreadsheet with login credentials.
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA (Ars Technica) Not all MFA is created equal, as script kiddies and elite hackers have shown recently.
Lapsus$, Microsoft and Okta: Cybergeddon or cyber non-events? (Gulf Business) The business typically seeks efficiency while those who worry about availability need redundancy.
5 old social engineering tricks employees still fall for, and 4 new gotchas (CSO Online) Despite all the training and warnings, people still fall for these simple social engineering scams. What's worse, cybercriminals continue to come up with new ones.
My own phone number is now spam texting me (The Verge) Spam feels more invasive and alarming when it’s from you.
Ransomware now encrypts so fast it ‘will burn the house down’ (GCN) A new study found that ransomware can encrypt 54 GB in 43 minutes, an extremely limited window of mitigation, especially considering it takes about three days for compromises to be detected.
An Empirically Comparative Analysis of Ransomware Binaries (Splunk) A lot has been written on ransomware, but many organizations continue to react tactically to these attacks instead of with mindful intent.
Cybercriminals bring the USB back, with a vengeance (ITP.net) The flexibility of USB has ensured it has maintained its position in the tech stack. Accordingly, attackers will seek ways to engineer their malware, physically and socially, to take advantage of that universal accessibility
'Among Us' cyber attack takes servers down for several days (NME) "We have a sabotage going on lol," shared the game's developer.
Social Engineering Attacks Resulted in Compromise of Morgan Stanley Client Accounts (IT Security News) This article has been indexed from CySecurity News - Latest Information Security and Hacking Incidents Morgan Stanley's wealth and asset management division, Morgan Stanley Wealth Management, says that social engineering attacks have compromised some of its customers' accounts. Vishing (also known as voice phishing) is a social engineering attack in which scammers impersonate a
Data of 820,000 NYC students compromised in hack of online grading system: Education Dept. (New York Daily News) Furious city Education Department officials are accusing Illuminate Education, the California-based company behind the popular Skedula and PupilPath platforms, of misrepresenting its cybersecurity measures by certifying that it encrypts all student data when in fact the company left some of it unencrypted.
TransUnion says at least three million people affected by data breach (TimesLIVE) Credit bureau TransUnion SA has confirmed that at least three million consumers are affected by a data breach orchestrated by a “criminal third party” which gained access to a server “through misuse of an authorised client’s credentials”.
Ransomware group claims responsibility for cyber-attack on metro healthcare organization (KFOR) A ransomware group called Suncrypt is claiming responsibility for a cyber-attack against the OKC Indian Clinic, a metro nonprofit healthcare organization.
Avon Commissioners' Zoom meeting disrupted by hackers (Star News Group) Borough officials postponed an Avon Commissioner's meeting that began at 5 p.m. on Monday but was abruptly ended due a hacking incident.
Ep 07 - Swindled (Media Watch) A fake guest fools Southern Cross Austereo by pretending to be a victim of the con artist featured in the documentary The Tinder Swindler.
Vulnerability Summary for the Week of March 21, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
CISA warns orgs to patch actively exploited Chrome, Redis bugs (BleepingComputer) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies to patch a Google Chome zero-day and a critical Redis vulnerability actively exploited in the wild within the next three weeks.
Trends
Energy Sector Cyber Risks (LookingGlass Cyber Solutions Inc.) This energy sector report provides a snapshot of the vulnerabilities and exposures seen across the sector, with mappings to Russian actors.
Sector Cyber Profile: Financial Services (LookingGlass Cyber Solutions Inc.) This financial services sector report provides a snapshot of the vulnerabilities, exposures, and infections currently seen across the sector.
Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report (Rapid7) Rapid7’s 2021 Vulnerability Intelligence Report provides a landscape view and expert analysis of critical vulnerabilities and threats.
Malware detections surge from "COVID Bounce" (CSO Online) A year after pandemic peak, malicious threats to businesses and consumers rose above pre-virus levels, especially for mobile devices.
Small vs Large Practices: Who's Better at Healthcare Data Security? (Software Advice) We polled small and large medical practices to learn about their experiences with data breaches, the precautions they’re taking, and what worries them most.
Security's Life Cycle Isn't the Developers' Life Cycle (Dark Reading) Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.
Marketplace
Steven Mnuchin's fund buys major stake in security startup Zimperium for $525 million (Reuters) Liberty Strategic Capital, a Washington D.C.-based private equity fund founded by former U.S. Treasury Secretary Steven Mnuchin, has acquired a controlling stake in enterprise security firm Zimperium for $525 million, both told Reuters on Monday.
Glilot Capital raises $220 million for fourth Seed fund (Ctech) Since its inception in 2011, Glilot Capital has carried out 12 exits, including CyberX, LightCyber and IntSights. The fund’s portfolio comprises dozens of active companies, including At-Bay, CardinalOps, Cider Security, Cyolo, Ermetic, Lightlytics, Lightrun and Upstream
Spyware Vendor FinFisher Claims Insolvency Amid Investigation (Bloomberg) Munich firm accused of helping governments hack activists. Inquiry into alleged export controls violations ongoing.
Huawei 'more united' in face of U.S. pressure, says repatriated CFO (Reuters) U.S. pressure on Huawei Technologies (HWT.UL) has served to strengthen the resolve of the Chinese telecoms giant, finance chief Meng Wanzhou said on Monday after its first set of results since her return from nearly three years' detention in Canada.
Abu Dhabi officially gives cyber offence industry a makeover (Intelligence Online) After several months under the radar, the existence of D14 spin-off CPX, revealed by Intelligence Online is now official. CPX, still part of D14 and Group 42, promises a fresh start for Emirati
Lookout Honored With 5-Star Rating in CRN® 2022 Partner Program Guide (PR Newswire) Lookout, Inc., a leading provider of endpoint-to-cloud security, today announced it has been honored by CRN®, a brand of The Channel Company,...
Securonix Recognized by CRN in Distinguished 2022 Partner Program Guide for Second Year in a Row (Yahoo Finance) Securonix, Inc., a leader in Next-Gen SIEM and XDR has been recognized by CRN®, a brand of The Channel Company, in its 2022 Partner Program Guide. CRN’s annual Partner Program Guide is the ultimate list of the most notable partner programs from industry-leading technology vendors that provide innovative products and services through the IT channel.
Illumio Receives 5-Star Rating in CRN 2022 Partner Program Guide (GlobeNewswire News Room) Company’s Global Partner Program Recognized for Enhanced Offerings Designed to Strengthen Cyber Resilience with Zero Trust Segmentation...
ESET Honored by CRN with 5-Star Rating in 2022 Partner Program Guide (PR Newswire) ESET, a global leader in digital security, today announced that it has been recognized with a a prestigious 5-star rating by CRN®, a brand of...
Cyber start-up Axonius hires new leader to drive Asian expansion, underpinned by channel (Channel Asia) Axonius, a fast-growing cyber security asset and SaaS management start-up, has appointed KY Wong as vice president of sales for Asia Pacific.
Products, Services, and Solutions
CRN® Lists Zerto in Its 2022 Partner Program Guide (Zerto) Zerto, a Hewlett Packard Enterprise company, has been recognized by CRN®, a brand of The Channel Company, in its 2022 Partner Program Guide. CRN’s annual Partner Program Guide is the ultimate list of the most notable partner programs from industry-leading technology vendors that provide innovative products and services through the IT channel.
New deployment option: the Fastly Next-Gen WAF is now the only WAF compatible with Arm at scale (Fastly) The Fastly Next-Gen WAF is now the only WAF on the market to be Arm compatible at scale in any environment, allowing you to deploy our security solution in environments using Arm-based processors on NGINX-native web servers.
Very Good Security (VGS) Extends VGS Payment Optimization with Network Tokens (Business Wire) Very Good Security (VGS), the modern standard for secure storage, exchange, and optimization of the world’s payment data, today announced that the VGS
IBM launches service to help orgs secure hybrid cloud (IT Brief New Zealand) IBM has launched a cloud service designed to perform key management across hybrid, multicloud environments, helping enterprises mitigate risk.
ZeroFox Partners with Cyware to Deliver Integrated Threat Intelligence and Alert Enrichment (GlobeNewswire News Room) ZeroFox’s and Cyware’s collective customers will benefit from the integration of ZeroFox’s threat intelligence feed and Cyware’s Cyber Fusion Center...
Technologies, Techniques, and Standards
Mitigating Attacks Against Uninterruptible Power Supply Devices (CISA Insights) The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy are aware of threat actors gaining access to a variety of internet-connected uninterruptible power supply (UPS) devices, often through unchanged default usernames and passwords.
Design and Innovation
Microsoft Security Chief Issues Call to Arms to Protect Metaverse (Bloomberg) Hackers will target users with things like faked avatars of people they trust, Bell says
That smiling LinkedIn profile face might be a computer-generated fake (NPR) Stanford researchers uncovered more than 1,000 of these LinkedIn profiles. A technology that has been used to promote misinformation online has now entered the corporate world.
Academia
Q&A: How the National Security Agency is Building the Next Generation of Cyber Stars (Ed Tech) Ashley Greeley, K–12 project lead for GenCyber, is bringing cybersecurity career pathways and professional development to schools across the country.
NSU joins U.S. Cyber Command Academic Engagement Network (Nachitoches Times) Northwestern State University has been accepted into the United States Cyber Command Academic Engagement Network (AEN). The goal of AEN is to foster relationships between cutting edge academic institutions and the entire U.S. Cyber commend enterprise, which includes the USCYBERCOM Headquarters, Cyber National Mission Force, Joint Force Headquarters-Department of Defense Information Networks, Air…
NSA recognizes NRCC security program (Southwest Times) New River Community College graduates specializing in cyber security will receive a National Security Agency (NSA) letter along with their diplomas that may make they more competitive in the cyber security field. NSA designated NRCC a National Center for Academic Excellence in Cyber Defense (CAE-CD) following a multi-year, peer-review process, in which NRCC showcased its “robust and active” cyber security program.
UofSC announces partnership to strengthen cyber security workforce in S.C. (University of South Carolina) The University of South Carolina announces a new partnership with Check Point Software Technologies, a global leader in Cyber Security Solutions. As a part of the ongoing cyber initiatives in South Carolina, the partnership will focus on providing UofSC students with innovative and collaborative learning opportunities that will prepare them for careers in the cyber security industry.
GMU National Security Institute Names New Advisory Board Members, Visiting Fellows (ExecutiveGov) The National Security Institute at George Mason University’s Antonin Scalia Law School has announced the appointment to its advisory board of new members who held leadership roles at intelligence and federal agencies and technology sector.
Legislation, Policy, and Regulation
Data portability in the EU: An obscure data subject right (IAPP) Contrary to the well-known access right, data portability allows data subjects to obtain and reuse their personal data, at least in theory.
Budget of the U.S. Government: Fiscal Year 2023 (Office of Management and Budget) Budget of the United States Government, Fiscal Year 2023 contains the Budget Message of the President, information on the President’s priorities, and summary tables.
Statement by Secretary Mayorkas on the President’s Fiscal Year 2023 Budget (US Department of Homeland Security) The Biden-Harris Administration today submitted to Congress the President’s Budget for Fiscal Year 2023. The President’s Budget details his vision to expand on the historic progress our country has made over the last year and delivers the agenda he laid out in his State of the Union address—to build a better America, reduce the deficit, reduce costs for families, and grow the economy from the bottom up and middle out. The President's Fiscal Year 2023 Budget for the Department of Homeland Security (DHS) is $97.3 billion, an increase of $6.5 billion from the Fiscal Year 2022 President’s Budget.
The White House wants 11 percent more cybersecurity funding (Washington Post) Biden requests billions in funding for federal cybersecurity
White House 2023 budget request prioritizes more staff for CISA, funding for zero trust security measures (Federal News Network) The budget request outlines a “strategic shift” in federal cybersecurity efforts after incidents like SolarWinds and Log4j.
Pentagon seeks $11.2 billion for cyber in FY23 budget request (C4ISRNet) The Department of Defense's larger ask and continued emphasis on cyberspace come amid a torrent of concerns expressed by lawmakers and other officials, as well as Russia’s ongoing assault on Ukraine.
Biden budget pivots to deficit concerns while boosting military, domestic programs (Washington Post) White House introduces $5.8 trillion budget plan that includes significant reduction to national deficit relative to current trajectory
6 Takeaways On Cybersecurity Policy from the President’s FY 2023 Budget (Nextgov.com) The administration expects CISA to grow by just under 300 full-time employees over the next year, for example.
‘Sophisticated’ Cyber Adversaries Countered in Biden Budget (Bloomberg Law) Citing a strategic shift toward protecting federal infrastructure against hacks, President Joe Biden on Monday asked Congress to boost funding for the Cybersecurity and Infrastructure Security Agency.
US national cyber director argues for a new social contract to bolster cybersecurity (NYU School of Law) On March 21, Chris Inglis, the inaugural national cyber director of the United States, joined Professor Samuel Rascoff for a discussion hosted by the NYU Center for Cybersecurity.
A Call For a National Approach to Cybersecurity (RealClearMarkets) History has proven that adequate measures need to be in place to address emerging threats facing the United States.
Rubio Pushes for Action Against China’s ZTE After Probation Ends (U.S. Senator for Florida, Marco Rubio) U.S. Senator Marco Rubio (R-FL) sent a letter to U.S. Department of Commerce Secretary Gina Raimondo and Attorney General Merrick Garland calling for legal actions against ZTE, a Chinese tech company partially owned by the Chinese Communist Party. ZTE has faced repeated legal repercussions for violating U.S. trade sanctions, and its telecommunications products are banned through the enactment of Rubio's Secure Equipment Act (P.L. 117-55).
Navy dramatically increases funding for secretive Project Overmatch (C4ISRNet) The Navy is seeking $195 million for the effort in fiscal year 2023, a 63% increase over the $73 million the service received for the effort in fiscal 2022.
DoD Cyber College Presenting Prestigious Grace Hopper Award to Jen Easterly (U.S. Department of Defense) Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency, has been selected to receive the prestigious Admiral Grace Hopper Award.
Litigation, Investigation, and Law Enforcement
German Authorities Seize Spyware Firm FinFisher's Accounts (SecurityWeek) German authorities have seized accounts belonging to the spyware company FinFisher amid an investigation into whether it broke export laws by selling its products to authoritarian governments.
NortonLifeLock's Avast acquisition referred for in depth investigation by Competition and Markets Authority (CRN) The deal was first announced in August last year when NortonLifeLock claimed it would create an ‘industry leading’ consumer cybersecurity business
Netskope Files Declaratory Judgment IP Suit Over Cloud Tech (Law360) Cloud security company Netskope has launched a suit in California federal court seeking a declaration that it does not infringe software maker Fortinet's six patents covering cybersecurity technology.