Dateline
Ukraine at D+34: Disinformation in word and deed. (The CyberWire) Apparently intensified artillery strikes count as "scaling back." Ukraine dismantles Russian bot farms. Cyber gangs are suffering from sanctions.
On the front line outside Kyiv, Ukrainian forces claim to retake territory (Washington Post) The soldiers lined up in the dusty trenches, each taking a position at a firing port where small windows carved into the dirt revealed a view of the field beyond. Most held assault rifles. One leaned an RPG launcher against a wall near his leg.
Relief for Kyiv? Russia vows to scale back near the capital (AP NEWS) Russia announced Tuesday it will significantly scale back military operations near Ukraine’s capital and a northern city, as the outlines of a possible deal to end the grinding war came into view at the latest round of talks.
Putin on the fritz? U.S. not buying Russia's deescalation talk. (POLITICO) ‘The Russians really f---ed this up,’ one official said as the U.S. takes assessment of the latest turn in the Ukraine conflict.
Putin's Plan B—Russia changes strategy to avoid losing Ukraine war (Newsweek) "Putin has zero interest at this stage in seeking a negotiated peace—he still wants to control the country," a former U.S. ambassador to Ukraine told Newsweek.
Russia Signals Redefined Goals in Ukraine War as Its Advances Stall (New York Times) The Russian Defense Ministry suggested its forces would concentrate on securing the eastern part of Ukraine, where Kremlin-backed separatists have long been fighting.
Russia in retreat: Putin appears to admit defeat in the Battle for Kyiv (Atlantic Council) Kremlin officials have announced plans to withdraw troops from the Kyiv region in what is widely being seen as a major setback for Putin's war and tacit recognition of Russia’s failure to seize the Ukrainian capital.
Russians give up on conquest of Kyiv (The Telegraph) Vladimir Putin to withdraw troops and turn military focus to overwhelming the Donbas as Ukraine offers neutrality deal
Kyiv, Chernihiv accuse Russia of attacks despite promise to reduce strikes (Washington Post) Ukrainian authorities said Wednesday that attacks continued overnight around Chernihiv and Kyiv, despite Russia’s pledge during Tuesday’s peace talks in Turkey to “drastically reduce” attacks in both areas. Kyiv officials accused Russia of continued missile attacks and shelling, including on residential areas, while the governor of Chernihiv alleged Wednesday that Russian forces “spent the whole night striking” the city, damaging several buildings.
Russia bombs Ukraine cities, despite pledge to pull back from Kyiv (Reuters) Russian forces bombarded a besieged city in northern Ukraine on Wednesday, a day after promising to scale down operations there, and Kyiv and its Western allies dismissed a pullback near the capital as a ploy to regroup by invaders taking heavy losses.
Ukraine troops prefer Russians withdraw city 'in body bags': Kyiv official (Newsweek) Signs have emerged that Moscow may be setting its focus on the eastern breakaway republics as its largely-stalled forces turn back their advance on Kyiv.
Biden skeptical of Russia’s pledge to ‘drastically reduce’ assault (Washington Post) President Biden and top U.S. officials said Tuesday that they were skeptical of Russia’s vow to curtail its military assault on Ukraine’s capital, Kyiv, and the northern city of Chernihiv, ending the day with a note of caution after hours of peace talks between the two sides appeared to make some headway and Moscow said it would “drastically reduce” its attacks in the two key regions.
Russia shells areas in Ukraine where it vowed to scale back (AP NEWS) Russian forces pounded areas around Ukraine's capital and another city overnight, regional leaders said Wednesday, just hours after Moscow pledged to scale back military operations in those places.
Russia-Ukraine Talks Edge Forward But Fail to Secure Cease-Fire (Bloomberg) Stocks jump on signs of optimism but many hurdles remain. Ukraine calls for security guarantees akin to NATO’s Article 5.
Ukraine offers neutrality in talks with Russia. What does that mean? (Washington Post) An important aspect of the ongoing negotiations between Russia and Ukraine is that the latter adopt a “neutral state” status in exchange for a potential halt in Russian aggression.
What the Baltic presidents want the West to do now against Russia (Atlantic Council) Estonian President Alar Karis, Latvian President Egils Levits, and Lithuanian President Gitanas Nausėda, proposed a number of options to counter Russian aggression at an Atlantic Council Front Page event Tuesday.
Belarus dictator under pressure to join Vladimir Putin’s failing Ukraine War (Atlantic Council) Belarus dictator Alyaksandr Lukashenka is coming under increasing pressure to join Vladimir Putin's Ukraine War but there is no guarantee that unenthusiastic Belarusian troops will follow orders to invade.
Russian War Report: Additional units from Georgian breakaway regions join Russian offensive (Atlantic Council) Soldiers from the Georgian breakaway region of Abkhazia are confirmed to be providing military support for Russian forces in Ukraine.
Does video show Russian prisoners being shot? (BBC News) Ukrainian authorities investigate a video apparently showing Russian PoWs being shot in the legs.
Once the Children Got Hungry, ‘the Fire Was Gone From Their Eyes’ (New York Times) Residents of Mariupol, Ukraine, described how Russian forces use hunger as a weapon of war in a monthlong siege of the southern port. “No roof, no food and no water,” survivors texted relatives who escaped.
Reports of sexual violence involving Russian soldiers are multiplying, Ukrainian officials say. (New York Times) A Ukrainian woman’s account of being repeatedly raped was published in The Times of London, and a member of Ukraine’s Parliament said there were “many more” such assaults.
Russia has killed civilians in Ukraine. Kyiv’s defense tactics add to the danger. (Washington Post) The suspected Russian missile hit the tall apartment building, engulfing it in flames and smoke. It killed at least four people, including elderly residents, and shattered the lives of a close-knit community. For lawmaker Oleksii Goncharenko, the tragedy was yet another example of potential Russian war crimes.
Russia Has Fired 'Multiple' Hypersonic Missiles Into Ukraine, US General Confirms (Defense One) The stunt, likely meant to intimidate Ukraine and allies, has not had the effect Moscow intended.
The drone operators who halted Russian convoy headed for Kyiv (the Guardian) Special IT force of 30 soldiers on quad bikes is vital part of Ukraine’s defence, but forced to crowdfund for supplies
How Ukraine’s Internet is still working despite Russian bombs and cyberattacks (Washington Post) Constant work by telecom workers, wrong predictions are among reasons.
With War Next Door, EU is Warned on Cybersecurity Gaps (SecurityWeek) As Russia’s invasion of Ukraine accelerates European Union defense cooperation, a watchdog said that EU institutions face cybersecurity vulnerabilities
Russia accuses U.S. of massive 'cyber aggression' (Reuters) Russia accused the United States on Tuesday of leading a massive campaign of "cyber aggression" behind hundreds of thousands of malicious attacks a day while Russia has troops in Ukraine.
“Your rubles will only be good for lighting a fire”: Cybercriminals reel from impact of sanctions (Digital Shadows) Since Russia’s invasion of Ukraine in February, the Digital Shadows Photon team has been following multiple aspects of the tragic conflict and its impact on the cybersphere. We’ve explored threat actors’ initial responses to the war, shared advice on how to plan a cyber response to the events, and investigated the revival of hacktivism as
Sanctions Hitting Russian Cyber-Criminals Hard (Infosecurity Magazine) Carders, social media phishers and others feeling the pinch
Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards (BleepingComputer) The Ukrainian Security Service (SSU) has announced that since the start of the war with Russia, it has discovered and shut down five bot farms with over 100,000 fake social media accounts spreading fake news.
Russia’s Lies About Bioweapons in Ukraine Make the World Less Safe (Wired) Ukraine’s research labs are vital to global health. Disinformation aimed at their work puts everyone in danger.
Why the world is so worried about Russia’s ‘tactical’ nuclear weapons (Washington Post) The war in Ukraine has led to a resurgence of fears about the use of nukes.
Ukraine to negotiators: Don’t eat or drink at Russia talks amid poison concern (Washington Post) Ukraine warned its negotiators not to eat, drink or even touch anything as they headed into talks with Russia in Istanbul on Tuesday, following allegations that Russian oligarch Roman Abramovich and others may have been poisoned during previous talks.
Europeans expel dozens of Russian envoys to combat espionage (AP NEWS) In what appeared to be a coordinated action to tackle Russian espionage, at least four European allies expelled dozens of Russian diplomats on Tuesday. The expulsions come as relations between Russia and the West have plunged into a deep freeze following Moscow’s invasion of Ukraine.
4 Reasons Why Putin’s War Has Changed Big Tech Forever (Foreign Policy) The conflict has permanently upended how the major platforms do business.
Sanctioning Russia created a financial world war (Quartz) Quartz is a guide to the new global economy for people in business who are excited by change. We cover business, economics, markets, finance, technology, science, design, and fashion.
Putin’s ruble ploy confirms that energy exports are his lifeline (Atlantic Council) Western allies can only 'reduce the ruble to rubble' by dramatically reducing oil and gas imports.
Russia Built Parallel Payments System That Escaped Western Sanctions (Wall Street Journal) Rocked by sanctions following its annexation of Crimea, Russia built its own payments network, Mir, ultimately taking the sting out of exits by Visa and Mastercard.
Poland to end Russian oil imports; Germany warns on gas (AP NEWS) Poland announced steps Wednesday to end all Russian oil imports by year's end, while Germany issued a warning about natural gas levels and called on people to conserve, new signs of how Russia's war in Ukraine has escalated tensions about securing energy supplies to power Europe.
Leadership at War (Foreign Affairs) How Putin and Zelensky have defined the Ukrainian conflict.
History is rhyming in Ukraine (TheHill) I am sadly reminded of my CIA experiences, as Moscow’s whole approach is textbook 1980s KGB and Soviet military standard issue.
Did The Cold War Ever Really End? (The Cipher Brief) From the optic of the United States intelligence community, the Cold War didn't end in the 1990s with the Fall of Communism.
Russia-Ukraine latest news: Russian forces hit Red Cross building in besieged city of Mariupol
(The Telegraph) Russian forces have hit a Red Cross facility in the besieged southern city of Mariupol, Ukraine said today.
Ukraine war will make China more cautious on Taiwan, advisers say (Reuters) Russia's poor performance in its Ukraine war will make China more cautious about attacking Taiwan as Beijing is watching the conflict to learn military lessons, Taiwan's government on Wednesday cited a meeting of senior advisers as saying.
Attacks, Threats, and Vulnerabilities
Cyber Actors Target US Election Officials with InvoiceThemed Phishing Campaign to Harvest Credentials (IC3) The FBI is warning US election and other state and local government officials about invoicethemed phishing emails that could be used to harvest officials’ login credentials.
VMware vCenter Server Vulnerability Can Facilitate Attacks on Many Organizations (SecurityWeek) VMware has patched a new vCenter Server vulnerability that can be chained with other flaws to attack many organizations.
Verblecon: Sophisticated New Loader Used in Low-level Attacks (Symantec) Indications the attacker may not realize the potential capabilities of the malware they are using.
Sophos Warns of Attacks Exploiting Recent Firewall Vulnerability (SecurityWeek) Sophos on Monday raised the alarm about a recently patched Sophos Firewall vulnerability being exploited in attacks.
Probing the Activities of Cloud-Based Cryptocurrency-Mining Groups (Trend Micro) Our research into cloud-based cryptocurrency mining sheds light on the malicious actor groups involved in this space, their ongoing battle for cloud resources, and the actual extent of the impact of their attacks.
Cloud Systems Are the New Battleground for Crypto Mining Threat Actors (Yahoo Finance) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced a new report revealing a fierce, hour-by-hour battle for resources among malicious cryptocurrency mining groups.
Painless Steal: The Malware of Choice for Initial Access Brokers (Cybersixgill.com) The services of initial access brokers are in high demand within the booming underground economy. But how are these markets gaining access to stock their supply?
Verizon customers spammed with phony texts that link to Russian propaganda (The Week) Verizon customers have been receiving suspicious spam texts in recent days that appear to be coming from their own phone numbers, USA Today reported Tuesday.
Leaked forensic details of Okta breach reveal finer details of Lapsus$ operation (TechCentral.ie) Elements of cyber security company Mandiant’s report into the Sitel breach that led to the compromise of identity platform Okta earlier in March has been leaked online, revealing the finer details of Lapsus$’ operation. Sitel retained Mandiant shortly after discovering the breach and a timeline of events was illustrated by a collection of logs included [&hellip
Hackers are getting faster at exploiting zero-day flaws. That's going to be a problem for everyone (ZDNet) Crooks are getting faster at figuring out how to use flaws in software, and more of the exploits affect the many, rather than just the few.
CISA Warns of Attacks on UPS Devices (Decipher) CISA is warning enterprises about ongoing attacks against Internet-connected UPS devices and encouraging them to change default credentials and enforce MFA.
CISA warns of attacks targeting Internet-connected UPS devices (BleepingComputer) In a joint advisory with the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. organizations today to secure Internet-connected UPS devices from ongoing attacks.
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors (Threatpost) Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.
$620 million in crypto stolen from Axie Infinity's Ronin bridge (BleepingComputer) A hacker has stolen almost $620 million in Ethereum and USDC tokens from Axie Infinity's Ronin network bridge, making it possibly the largest crypto hack in history.
A hacker stole $625 million from the blockchain behind NFT game Axie Infinity (The Verge) The theft was discovered nearly a week later.
Axie Infinity’s Ronin Network Suffers $625M Exploit (CoinDesk) It may be the largest exploit in DeFi history.
A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages (The Hacker News) Researchers uncover an ongoing large-scale supply-chain attack which exploits dependency confusion attacks against the NPM package repository.
The Biggest Cryptocurrency Heists of All Time (Comparitech) A look at the biggest cryptocurrency heists, be they from an exchange, smart contract or a business - including amounts, methods, reparations & consequences
Bitdefender Uncovers Serious Flaws In Wyze Security Cameras (Forbes) Connected security cameras with streaming video and two-way audio are a great way to keep tabs on what happens at you’re home when you’re not there. They can also be a great way for hackers to spy on and terrorize victims.
Three vulnerabilities found in Wyze Cam devices allow for outside access (The Record by Recorded Future) Several vulnerabilities have been found in popular Wyze Cam devices that give threat actors widespread access to camera feeds and SD cards, according to a new report from cybersecurity firm Bitdefender.
Hackers send almost 4,000 fake job offer emails every day: report (The Record by Recorded Future) Cybersecurity firm Proofpoint released a new report Tuesday about fake job emails being sent by threat actors, noting that they are seeing nearly 4,000 similar phishing emails each day.
Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests” (KrebsOnSecurity) There is a terrifying and highly effective "method" that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments…
BREAKING: Russian Aviation Authority Suffers Cyberattack (Mentour Pilot) According to Russian sources, Rosaviatsia, the country’s Federal air transport agency, fell victim to a cyberattack and lost 65 TB of data!
Bradley Airport Website Suffers Cyber Attack (NBC Connecticut) Someone cyber attacked Bradley International Airport’s website Tuesday, according to the Connecticut Airport Authority. The distributed denial of service (DDoS) attack was an external attempt to crash the website, a CAA spokesperson said. The CAA, which operates Bradley Airport, said it is actively monitoring the cyber attack, but that the website remains live and there is no data breach. The…
Bradley International Airport website hit by cyber attack; no data breach has been reported (masslive) The cyberattack was in the form of a distributed denial of service (DDoS).
Security Patches, Mitigations, and Software Updates
Zlib data compressor fixes 17-year-old security bug – patch, errrm, now (Naked Security) This code is venerable! Surely all the bugs must be out by now?
Critical Vulnerabilities Found in Microsoft Defender for IoT (SecurityWeek) Researchers at endpoint security firm SentinelOne on Monday published detailed information on a couple of critical remote code execution vulnerabilities discovered in Microsoft Defender for IoT.
In detail: Bugs patched in Microsoft Azure Defender for IoT (Register) SQL injection, race condition, bad cryptographic check pave way for infrastructure network takeovers
Google releases emergency security update for Chrome users after second 0-day of 2022 discovered (The Record by Recorded Future) Google has released an urgent update for a 0-day vulnerability found on March 23 affecting Chrome.
Philips e-Alert (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Philips Equipment: e-Alert Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an unauthorized actor to remotely shutdown the system, if on the healthcare facilities network.
Rockwell Automation ISaGRAF (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ISaGRAF Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to pass local file data to a remote web server, leading to loss of confidentiality.
Omron CX-Position (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Omron Equipment: CX-Position Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of Operations Within the Bounds of a Memory Buffer, Use After Free, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities when parsing an NCI file could allow code execution.
Hitachi Energy LinkOne WebView (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: LinkOne WebView Vulnerabilities: Cross-site Scripting, Use of a Password System for Primary Authentication, Configuration, Exposure of Sensitive Information to an Unauthorized Actor 2.
Modbus Tools Modbus Slave (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity/public exploits are available Vendor: Modbus Tools Equipment: Modbus Slave Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the application when inputting a registration key.
Delta Electronics DIAEnergie (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Path Traversal, Incorrect Default Permissions, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution, causing a user to carry out an action unintentionally.
Trends
Authentication Failures Result in the Loss of Customers - New Ponemon Institute Report Finds (PR Newswire) A new report conducted by the Ponemon Institute, the preeminent research center dedicated to privacy, data protection, and information security...
Canada the target of 'thousands' of cyberattacks every day, CSIS reveals (National Post) Federal reports have listed state-sponsored cyber attackers as the greatest strategic threat to Canada, with China, Russia, North Korea and Iran the four…
Tessian | One in Four Employees Who Made Cybersecurity Mistakes Lost Their Jobs, According to New Data (RealWire) Second edition of Tessian’s ‘Psychology of Human Error’ report reveals that people are falling for more advanced phishing scams – and the business stakes for mistakes are much higher
Marketplace
Cloaked Snags $25M Funding to Tackle Data-Sharing Privacy (SecurityWeek) A Boston startup has raised $25 million in early-stage funding to tackle the erosion of privacy in today’s data sharing ecosystems.
Cyera launches from stealth with $60M to identify, secure, and remediate cloud data security risks (PR Newswire) Backed by Sequoia, Accel, and Cyberstarts, Cyera is building the security layer for the data plane in the cloud and enabling enterprises to identify and reduce...
Ex-Trump Treasury Secretary's PE Firm Buys Mobile Security Company Zimperium for $525M (SecurityWeek) Mobile security firm Zimperium will be acquired for roughly $525 million by Liberty Strategic Capital, the private equity firm founded by Steven Mnuchin, former Treasury Secretary under President Donald Trump
A Palo Alto Networks Exec Emerges With Her Own Cybersecurity Startup, Just As The Wartime Stakes Are Rising (Forbes) Cybersecurity companies are increasingly under a spotlight in an era ushered in by the Ukraine war. This is one company, led by a woman founder.
Egnyte Ranked No. 1 in Spring 2022 G2 Reports for Data Security and Data Governance (Egnyte) Egnyte Ranked No. 1 in Spring 2022 G2 Reports for Data Security and Data Governance The Company Also Named Leader Across Data-Centric Security, Encryption Key Management, and Cloud Content Collaboration Categories
Radware Enhances Digital Transformation of South American Conglomerate in a Million Dollar Deal Expansion (GlobeNewswire News Room) Increases scalability and cost effectiveness with integrated web application protection and delivery...
ISRAEL : Paragon, NSO's successor as new star of cyber infiltration, takes on new investors (Intelligence Online) Paragon Solutions is the rising star of Israeli cyber-intelligence. Backed by Ehud Schneoron, the ex-commander of Unit 8200, Israel's answer to the NSA, the company has recently been consolidating
Trellix CPO Tackles FireEye, McAfee XDR Integration (SDxCentral) Trellix last week announced the appointment of Aparna Rayasam as its new CPO to lead XDR product innovation and oversee Trellix Threat Labs.
SonicWall Posts Record-Breaking Year as Channel Partners Thrive with Unparallel Product Demand (Yahoo Finance) SonicWall today announced that 2021 was its best year on record. Propelled by the delivery of high-demand products, including the evolution of its Generation 7 next-generation firewalls and a laser focus on its customers, SonicWall delivered record levels of sales and profitability in 2021.
Aryaka is Recognized for the Third Year in a Row in 2022 Gartner Peer Insights™ ‘Voice of the Customer’: WAN Edge Infrastructure (Business Wire) Aryaka®, the leader in fully managed SD-WAN and SASE, today announced the company has been recognized for the third year running in the Gartner Peer I
Gartner Analyst Joins Black Kite as New Cyber Risk Evangelist (Business Wire) Black Kite, the leader in third-party cyber risk intelligence, today announced former Gartner analyst Jeffrey Wheatman has joined the company as Senio
Expansion of BackBox Continues As Network Automation Becomes Essential (BackBox Software) Leading provider of network automation announces additions to leadership team and new global headquarters following 63% employee growth rate and 40% growth in recurring revenue in the last year DALLAS & TEL AVIV, Israel–(BUSINESS WIRE)–Throughout release, name of EMEA Regional Sales Director should read: Thierry Guenoun. BackBox, a leading provider in network automation, security and ... Expansion of BackBox Continues As Network Automation Becomes Essential
Products, Services, and Solutions
Sift Adding Keyless to Sift Connect App Gallery to Bring Businesses Unmatched Account Security While Reducing User Friction (GlobeNewswire News Room) Newly acquired biometrics pioneer will enable seamless step-up authentication and eliminate credential-based account takeover...
Medigate by Claroty, The AbedGraham Group, and SCC Launch Strategic Partnership to Bring Patient Safety Analytics to IoT Security (PR Newswire) Medigate by Claroty, healthcare's leading clinical device data security and integration platform, today announced a strategic partnership with...
TeleSign Launches New Engagement Solution for U.S. Healthcare Providers (GlobeNewswire News Room) TeleSign for Healthcare enables providers to manage appointments with ease, communicate confidently and confidentially, and safeguard PHI...
Enhanced Capabilities for Microsoft 365 Defender Released (Critical Start) These latest enhancements allow customers to leverage Microsoft 365 Defender and MDR to not only identify but also immediately respond to breaches stemming from user account-based attacks. Plano, Texas – March 29, 2022 – Today, CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, introduced industry unique capabilities around Managed Detection and Response […]
Vulcan Cyber Joins Microsoft Intelligent Security Association, Integrates Microsoft Defender for Endpoint Threat and Vulnerability Management into Cyber Risk Management Platform (PR Newswire) Vulcan Cyber®, developers of the cyber risk management platform for infrastructure, application, and cloud security, today announced the...
CIRQ Announces ISO 27001 Certification of ThreatModeler Software (News Direct) CIRQ Announces ISO 27001 Certification of ThreatModeler Software
Contrast Security Partners With Red Hat OpenShift To Introduce Cloud-Native CI/CD Automation (Yahoo Finance) Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, today announced its partnership with Red Hat to enable OpenShift users to deploy secure, containerized applications by integrating within native continuous integration and continuous delivery (CI/CD) pipelines. These integrations empower OpenShift users to retain the scalability of the OpenShift Container Platform, while adding automated security testing as a routine part of the software de
Swimlane and 1898 & Co. Partner to Help Essential Infrastructure (Swimlane) Swimlane , the leader in low-code security automation, today announced a strategic partnership with 1898 & Co. , a preeminent business, technology and cybersecurity consulting firm, to deliver a low-code security automation solution to the operational…
Anchore to Contribute Grype Open Source Vulnerability Data to | CSA (CSA) Contribution of Grype vulnerability data will advance software vulnerability intelligence and empower users of the Global Security Database to create secure software
Ostendio Continues to Transform the Data Security Industry with the Launch of MyVCM 3.0 (Yahoo) Ostendio, a leading SaaS-based integrated risk management platform provider, announced the launch of MyVCM 3.0, the latest release of its award-winning risk management platform. MyVCM 3.0 includes an updated, user-friendly interface and offers new features, such as customizable reports and dashboards and streamlined assessment capabilities to help customers increase collaboration capabilities with vendors, MSPs, and auditors during complex data security audits such as SOC 2, FedRAMP, and ISO 270
EC-Council, World Leader in Cybersecurity Education, Unveils New Entry-Level Cybersecurity Technician Certification (EC-Council) The Certified Cybersecurity Technician (C|CT) is the world’s only baseline cybersecurity program to offer 85 hands-on labs and a live cyber range.
Niagara Networks And Allegro Packets Enhance The Partnership To Empower In-Depth Network Visibility And Performance Monitoring (Yahoo) Niagara Networks, the Open Visibility Platform pioneer, today announced that Niagara Networks Next-Generation visibility platforms enhance deep network visibility and agility by embedding the functions of the Allegro Packets' network performance and troubleshooting tool. Allegro Packets' Network Multimeter solution embedded inside the Open Visibility Platform enables the network operation teams with comprehensive network analysis that can be quickly performed across the entire range of network i
Technologies, Techniques, and Standards
Why Bullying Employees Into Compliance Won't Work (SecurityWeek) Security leaders need to understand that people working from home require more than technological support to improve security
Defending the data center: The time to act is now (WeLiveSecurity) Cyberattacks against data centers may ultimately be everyone's problem – how prepared are their operators for the heightened risk of cyber-assaults?
Act Surgically, Not Indiscriminately: Craft Precision Responses to Breaches (Marketscreener) It's now widely understood that, no matter how many technological safeguards organizations put in place - web security, endpoint security, CASB, you name it - everyone must plan for breaches, not just prevention. As you plan, remember: context is king. You must quickly understand where the breach came from, how it arrived, what methodologies it leveraged, and who it affects. Why? Because you need a precision response, not a sledgehammer.
How to protect your family online following the massive NYC student data breach (Chalkbeat New York) The information of 820,000 current and former students was accessed by a "malicious actor." We asked experts for tips on what parents should do next — here’s what they said.
MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks (The Last Watchdog) Log4j is the latest, greatest vulnerability to demonstrate just how tenuous the security of modern networks has become. Related: The exposures created by API profileration Log4j, aka Log4Shell, blasted a surgical light on the multiplying tiers of attack vectors arising from enterprises’ deepening reliance on open-source software. This is all part of corporations plunging into […]
Design and Innovation
Researchers Used a Decommissioned Satellite to Broadcast Hacker TV (Wired) What happens when an old satellite is no longer in use but can still broadcast? Hacker shenanigans, that's what.
Research and Development
Does Social Media Make Teens Unhappy? It May Depend on Their Age. (New York Times) A large study in Britain found two specific windows of adolescence when some teenagers are most sensitive to social media.
Academia
BYU wins regional cyber defense competition (KSTU) Brigham Young University was named champion of the 2022 Rocky Mountain Collegiate Cyber Defense Competition, and will now advance to the national competition for the fourth time.
Legislation, Policy, and Regulation
US Senate approves US$52 billion chip bill (CRN Australia) Subsidies for semiconductor chip manufacturing after months of discussions.
US Proposes Healthcare Cybersecurity Act (Infosecurity Magazine) Bipartisan proposal aims to protect America’s healthcare and public health sector
Cassidy, Rosen Introduce Bill to Improve Cybersecurity in Medical Industry (U.S. Senator Bill Cassidy of Louisiana) The Official U.S. Senate website of Senator Bill Cassidy of Louisiana
Bipartisan Bill Proposed to Strengthen Healthcare and Public Health Sector Cybersecurity (HIPAA Journal) A new bill has been proposed by a bipartisan pair of senators that aims to improve the cybersecurity of the healthcare and public health (HPH) sector, in A new bill has been proposed by a bipartisan pair of senators to improve healthcare cybersecurity in light of increased threat of Russian cyberattacks.
AHA voices support for health care cybersecurity bill (American Hospital Association | AHA News) AHA this week voiced support for the Healthcare Cybersecurity Act (S.3904), legislation that would improve collaboration and coordination between the Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services.
Russia draws up law to force taxi firms to share data with FSB -document (Reuters) Russia's transport ministry has drawn up a law that would oblige taxi companies to share data with the Federal Security Service (FSB), a document seen by Reuters showed on Tuesday, raising concerns about the data privacy of passengers.
Litigation, Investigation, and Law Enforcement
NSO says Israeli police got 'weaker' variant of Pegasus phone hacking tool (Reuters) The chief of Israeli spyware firm NSO Group said on Tuesday it had sold the country's police a variant of the Pegasus hacking tool that can access local cellphones, but which he described as being "weaker" than the export version.
NYC officials call for investigation after data of 820,000 students compromised in hack (The Record by Recorded Future) New York City’s mayor and several education officials said they are outraged after a digital education platform used by dozens of city schools disclosed that hackers gained access to the personal information of 820,000 current and former students during a January breach.
Verizon blames "bad actors" for the spam text you got from your own number (The Verge) Verizon says it’s working to block the messages.
New York State squashed 'uptick' in Russian cyber traffic, CIO says (StateScoop) New York CIO Angelo Riddick said the Empire State is investing in new cybersecurity precautions and sharing with its local governments.