Dateline Moscow, Kyiv, London, and Washington: More fire, and more cyber, too (but less maneuver).
Ukraine at D+47: Industroyer resurfaces in Ukraine. (The CyberWire) A maneuver hiatus won't affect fire, as Russian atrocities are widely expected to continue as Moscow regroups and refocuses. Ukraine alleges Russian use of chemical agents against Mariupol. Hacktivists count coup against Russian organizations. GRU resumes disruptive cyberattacks against Ukrainian infrastructure.
Ukraine Live Updates: Fears Grow That Russia Will Escalate to Use of Chemical Weapons (New York Times) Britain and Australia said they were investigating reports that Russia had already used them. Ukraine’s military is preparing for a major assault in the east.
Russia-Ukraine latest news: Vladimir Putin vows ‘clear and noble’ aims of Russian invasion will be achieved (The Telegraph) Vladimir Putin has vowed that Russia will achieve what he described as the "clear and noble" aims of its invasion of Ukraine, in his first trip outside Moscow since the war began.
Russia’s war in Ukraine is about to enter a new phase (Task & Purpose) This isn't over.
Russia’s Reset (New York Times) A violent weekend in Ukraine shows how Russia’s goals are shifting.
Russia will not pause military operation in Ukraine for peace talks (Reuters) Russia will not pause its military operation in Ukraine for subsequent rounds of peace talks, Russian Foreign Minister Sergei Lavrov said on Monday.
Russia says it hits Ukraine air defenses before eastern push (Military Times) Russia claimed that it destroyed several air defense systems in Ukraine over the weekend, in what appeared to be a renewed push to gain air superiority.
Putin can't "erase" Ukraine war failures with new general, Psaki says (Newsweek) General Alexander Dvornikov has reportedly been appointed as Russia's new top commander in the conflict, seven weeks after Ukraine was invaded.
‘Intimidating’ Russian soldiers tear down Ukraine flag in occupied Kherson (The Telegraph) The symbolic trampling of Ukrainian identity came as locals tell the Telegraph of an increasing level of repression and criminality
Ukraine War: US 'deeply concerned' at report of Mariupol chemical attack (BBC News) Ukrainian forces in Mariupol say a Russian drone dropped a chemical substance on the city overnight.
Ukraine president warns of ‘new stage of terror’ as west probes chemical weapons claims (the Guardian) Volodymyr Zelenskiy taking chemical weapons threat ‘seriously’ as Mariupol mayor says thousands have died in devastated port city
Ukraine accuses Russia of chemical weapons attack in Mariupol (The Hill) Ukrainian forces and officials have accused Russia of dropping chemical weapons on the port city of Mariupol, causing troops and civilians alike to develop respiratory illnesses. “Russian oc…
Preparing for the Unthinkable in Ukraine (Foreign Affairs) America and Europe must be ready for Russian biological or chemical attacks.
Mariupol mayor says siege has killed more than 10K civilians (AP NEWS) The mayor of the Ukrainian port city of Mariupol said Monday that more than 10,000 civilians have died in the Russian siege of his city, and that the death toll could surpass 20,000, with corpses that were “carpeted through the streets.”
Chechen leader Ramzan Kadyrov warns Russia will 'take Kyiv' in new offensive (The Telegraph) Warlord says that Russian forces will launch attacks on cities across Ukraine after they 'fully liberate' the Donbas region
Sen. Peters: Russian target of civilians is war crime (WOODTV.com) With Pentagon officials warning of an intensified offensive in Ukraine, U.S. Sen. Gary Peters, D-Mich., says the immediate future of the Russian invasion of that country is going to continue to be …
Ukraine’s Zelensky Calls for More Military Aid Ahead of Battles in Eastern Regions (Wall Street Journal) The Ukrainian president launched a fresh appeal for help as his country prepares to step up the fight for its eastern regions, while France sent a police unit from its armed forces to Ukraine to investigate potential war crimes.
Slovakia could sell howitzers to Ukraine and repair its tanks, vehicles (Defense News) Slovak Defence Minister Jaroslav Naď has announced his country is in talks with the Ukrainian government over a potential sale of Zuzana 155 mm self-propelled howitzers.
Western nations adapt their Ukraine help as war enters new phase (Defense News) The U.S. and allies are gearing up to send heavier weapons to Ukraine in anticipation of Russia focusing its efforts on the eastern part of the country.
NATO holds Baltic war games as region uneasily watches Ukraine (Washington Post) NATO and Russia have each been holding military exercises in the Baltic region as fighting continues in Ukraine, amid fears in Estonia, Latvia and Lithuania that a future regional conflict could directly involve them.
I Commanded U.S. Army Europe. Here's What I Saw in the Russian and Ukrainian Armies. (The Bulwark) The two armies at war today couldn’t be more different.
Russia’s Ukraine Propaganda Has Turned Fully Genocidal (Foreign Policy) Egged on by the language of annihilation and extermination, Russian soldiers have become willing executioners.
Breaking precedent, White House uses declassified intelligence in info war against Russia (WLUK) The White House has carefully released information from the U. S. intelligence community since before Russia’s plans to invade Ukraine were set into motion as it seeks to knock the Kremlin off balance and win the information war. The strategy to release declassified intelligence breaks with recent precedent and has set off a new effort to beat down Russian disinformation. As Russian troops built up forces along Ukraine’s border, U. S.
Industroyer2: Industroyer reloaded | WeLiveSecurity (WeLiveSecurity) ESET researchers have responded to a cyber-incident that affected an energy provider in Ukraine and involved ICS-capable malware called Industroyer2.
CERT-UA warns of large-scale cyber attack on energy sector (Interfax-Ukraine) The Ukrainian Government Computer Emergency Response Team CERT-UA, operating under the State Service for Special Communications and Information Protection, reported on a cyber attack by the Sandworm group (UAC-0082) on Ukrainian energy facilities using Industroyer2 and CaddyWiper malware, the State Service for Special Communications reported on its Telegram channel on Tuesday.
Кібератака групи Sandworm (UAC-0082) на об’єкти енергетики України з використанням шкідливих програм INDUSTROYER2 та CADDYWIPER (CERT-UA#4435) (CERT-UA) Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державного центру кіберзахисту Державної служби спеціального зв’язку та захисту інформації України.
Russia's space programme hit by western cyber attack (The Telegraph) A group linked to the cyber hackers Anonymous have admitted to stealing files from the Russian space agency, Roscosmos
Anonymous Hits 3 Russian Entities, Leaks 400 GB Worth of Emails (HackRead) Follow us on Twitter @HackRead - Facebook @ /HackRead
Don’t Underestimate Ukraine’s Volunteer Hackers (Foreign Policy) Kyiv’s “IT army” could undermine Russia’s war narratives.
Cyber attack puts City firms on high alert to bolster defences (The Telegraph) Experts warn a combination of 'ignorance and arrogance' makes City executives vulnerable to attacks
Security Expert: FBI, Microsoft Strikes Against Hackers Are Harbinger Of More Pre-Emptive Actions (CRN) Ntirety CISO James Morrison believes that the FBI and Microsoft’s aggressive actions are a harbinger of more pre-emptive strikes to come.
Robert Peacock: Lessons from Ukraine on cyberattacks (TribLIVE.com) In 2014, as Russia launched a proxy war in Eastern Ukraine and annexed Crimea, and in the years that followed, Russian hackers hammered Ukraine. The cyberattacks went so far as to knock out the power grid in parts of the country in 2015. Russian hackers stepped up their efforts against
What the DDoS attack on Finland means for enterprises (VentureBeat) Late last week, Finland’s Ministry of Defense and Foreign Ministry websites were put out of action by a series of distributed denial-of-service (DDoS) attacks. It remains unclear at this time if Russia was behind the attacks.
Experts Say Viasat Cyber Attack Exposed Ground Terminal, Satellite Supply Chain Vulnerabilities (Via Satellite) Space systems face growing security threats, as evidenced by Viasat’s recent security incident. On April 6 in Paris, speakers at CySat, a European event
Ukraine Charitable Donation Scams Are Misusing the Name of a Legitimate Charity (Trend Micro News) Recently, we reported on the concerning rise in fake charity scams in the aftermath of the conflict in Ukraine. Unfortunately, there is no low cybercriminals will not stoop to in order to make a quick buck — and taking advantage of people’s empathy and generosity has long been a favored tactic.
US assesses Putin may increase efforts to interfere with US elections (CNN) The United States believes Russian President Vladimir Putin may be willing to take more aggressive action against the US, including dialing up his attempts to interfere with American elections in response to its support for Ukraine, according to four sources familiar with recent US intelligence assessments.
Austrian chancellor has ‘tough’ conversation with Putin (Washington Post) Austrian Chancellor Karl Nehammer described a “direct” and “tough” conversation with Vladimir Putin on Monday, the first time a Western leader has met with the Russian president since Moscow launched its invasion in Ukraine.
Hubris and isolation led Vladimir Putin to misjudge Ukraine (Washington Post) More than six weeks into his war against Ukraine, Russian President Vladimir Putin is feeling the sting of failure.
Could the Siloviki Challenge Putin? (Foreign Affairs) What it would take for Kremlin insiders to stage a coup.
A Shadow War Against Putin (Foreign Affairs) To get Russia to concede in Ukraine, the West should foment unrest and weaken Vladimir Putin's regime from within.
Analysis: War, economy could weaken Putin's place as leader (AP NEWS) With the Russian military in retreat from around Kyiv and facing condemnation for brutal tactics, harsh political repression at home and the economy buffeted by Western sanctions, adversaries and allies alike are raising the same question about President Vladimir Putin: Can he hold onto power?
Biden Asks India to ‘Do More’ to Stop Russia and Help Ukraine (Defense One) In a virtual meeting, the president pushed India’s Modi to cut Russian energy purchases, while the White House kept a diplomatically polite facade.
U.S. Hunt for Russian Oligarchs' Huge Fortunes Faces Barriers Offshore (Washington Post) Their moves during the past decade to hide billions of dollars could thwart sanctions imposed over Putin’s invasion of Ukraine
Huawei Suspends New Orders, Furloughs Russia Staff Amid Sanctions Threat (The Moscow Times) The United States has warned China not to help Russia evade sanctions.
Société Générale Sells Russian Bank to Oligarch Vladimir Potanin (Wall Street Journal) The French banking giant said it would exit Russia, sell its operations to metals billionaire Vladimir Potanin and take a more than $3 billion hit to its income.
Russian Railways Ruled in Default Over Missed Bond Payment (Bloomberg) CDS panel said Monday a failure-to-pay credit event occurred. Russian companies miss deadlines amid payment complications.
'Catastrophic' war will shrink Ukraine's economy by 45% and Russia's by 11% this year, World Bank predicts (Business Insider) "Ukraine needs massive financial support immediately as it struggles to keep its economy going," the World Bank said.
Ukraine appeals for financial support to ensure country’s ‘survival’ (Financial Times) Finance minister seeks immediate aid from allies to plug deficit amounting to several billion dollars a month
Attacks, Threats, and Vulnerabilities
Malware Campaigns Targeting African Banking Sector (HP Wolf Security) The top motivation behind cybercrime is financial enrichment and the financial services industry is an attractive target for cybercriminals.
Cynerio Discovers and Discloses JekyllBot:5, a Series of Critical Zero-Day Vulnerabilities Allowing Attackers to Remotely Control Hospital Robots (Cynerio) JekyllBot:5 is a set of 5 vulnerabilities found by Cynerio that enable remote control of Aethon TUG smart autonomous mobile robots and their online console.
F5 investigating reports of NGINX zero day (The Record by Recorded Future) Application security giant F5 said it is investigating an alleged zero-day vulnerability affecting the NGINX Web Server.
Panasonic’s Canadian operations hit by cyberattack (TechCrunch) The Conti ransomware group has claimed responsibility and begun publishing the company's stolen files.
Panasonic hit by second cyberattack in less than six months (SiliconANGLE) Panasonic hit by second cyberattack in less than six months - SiliconANGLE
Luxury fashion house Zegna confirms August ransomware attack (BleepingComputer) The Italian luxury fashion company Ermenegildo Zegna has disclosed a ransomware incident from August 2021 that has resulted in an extensive IT systems outage.
BlackCat ransomware group claims attack on Florida International University (The Record by Recorded Future) The ALPHV ransomware group has struck again, making Florida International University their latest victim.
Cash App data breach could have affected over 8 million users (KMOV) Block, Inc. says a former employee downloaded data without permission in December 2021.
Latest Healthcare Data Breaches Impact Providers, Business Associates (Health IT Security) The latest string of reported healthcare data breaches reached small and large healthcare providers and business associates, impacting thousands of individuals.
The Tricky Aftermath of Source Code Leaks (Wired) Lapsus$ hackers leaked Microsoft’s Bing and Cortana source code. How bad is that, really?
Atlassian says ongoing outage might last two more weeks (BleepingComputer) Software development and collaboration tool maker Atlassian estimates it might take two more weeks to restore all customer instances impacted by a week-long ongoing outage affecting its cloud services.
CISA warns orgs of WatchGuard bug exploited by Russian state hackers (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances.
CISA Adds Eight Known Exploited Vulnerabilities to Catalog (CISA) CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.
Vulnerability Summary for the Week of April 4, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Raspberry Pi Removes Default User to Improve Security (SecurityWeek) In an attempt to improve security, the latest Raspberry Pi OS release no longer creates a default “pi” account, requiring users to set up custom accounts instead.
Defense Against Cloud Threats: IAM Unit 42 Cloud Threat Research (Unit42) Research highlights and recommendations for defense against cloud threats from Unit 42’s Cloud Threat Report: IAM the First Line of Defense
Substack Rolls out Two-Factor Authentication for Users (Substack) More than four years after launching, Substack finally adopts what is considered a security best standard.
Trends
2022 SaaS Security Survey Report (Adaptive Shield) The explosion in the number and variety of SaaS apps used by enterprises has created both opportunities and challenges. Many recent breaches and data leaks have been tied back to misconfigurations in the cloud, especially in the SaaS stack.
Study: Digital Transformation Drives Rapid Growth in Machine Identities (Business Wire) Venafi®, the inventor and leading provider of machine identity management, today announced the findings of a global study of 1,000 CIOs, which shows t
CyberArk Report: Massive Growth of Digital Identities Is Driving Rise in Cybersecurity Debt (Business Wire) A new global report released today by CyberArk (NASDAQ: CYBR) shows that 79% of senior security professionals state that cybersecurity has taken a bac
Cybereason Report: Complex RansomOps Fuel Explosion in 2021 Ransomware Economy (Cybereason) Cybereason, the XDR company, today published a new report, titled RansomOps: Inside Complex Ransomware Operations and the Ransomware Economy, which examines how ransomware attacks have evolved from a cottage industry less than 10 years ago into a multi-billion dollar business today. With increasing sophistication behind RansomOps attacks, ransomware syndicates are reaping the benefits with record profits, making it open season on public and private sector organizations of all sizes.
[Analyst Report] 2022 Open Source Security and Analysis Report (Synopsys) The 2022 Open Source Security and Risk Analysis (OSSRA) report exposes vulnerabilities and license conflicts found in more than 1,500 codebases across 17 industries. Download this report to learn about how developers and consumers can monitor the risks of open source development and use at Synopsys.com.
Industry Research Reveals Ransomware Readiness is Essential to Mitigation, Yet Significant Gaps Exist within Most Organizations (Zerto) Skill Shortages and a Dependence on Internal Resources for Response Posture Puts Many at Risk
ConnectWise Releases Results of 2022 MSP Threat Report, Predicts Continued Financial Losses from Ransomware Attacks on MSP Industry (GlobeNewswire News Room) Third annual report analyzes 2021 MSP security trends; Issues predictions and recommendations for 2022...
Vulnerability and Threat Trends Report 2022 (Skybox Security) Record breaking vulnerabilities, rising OT security risks, and increasing exploits demand a new approach to vulnerability management
Intel Study: Secure Systems Start with Hardware (Intel) Organizations are looking to vendors and solutions that prioritize security innovation in today’s rapidly evolving threat landscape.
How has working in cybersecurity changed? (Silicon Republic) Zalando’s Conor Murray shares his experience of the cybersecurity industry and gives some advice to those starting out in their tech careers.
Marketplace
Critical Start Secures Over $215 Million Strategic Growth Investment from Vista Equity Partners to Expand Cybersecurity Protection for the Modern Enterprise (PR Newswire) Critical Start (or "the Company"), a leading provider of Managed Detection and Response (MDR) cybersecurity solutions, today announced an over...
U.S. private equity giant Thoma Bravo is acquiring SailPoint for $6.9 billion (CNBC) Thoma Bravo's deal to take the company private highlights the growing demand for enterprise security software.
SailPoint Stock Surges After $6.9 Billion Thoma Bravo Buyout (Barron's) Cybersecurity company SailPoint agrees to a $6.9 billion buyout from private-equity group Thoma Bravo.
Kaseya acquires Datto in $6.2bn deal (CRN) Insight Partners leads equity consortium in all-cash transaction
Datto, SailPoint acquired for more than $6B each amid growing cyber consolidation (Cybersecurity Dive) Buyers Kaseya and Thoma Bravo join the feeding frenzy a month after Google’s $5.4 billion deal to buy Mandiant.
SailPoint acquisition could lead to other cyber security deals, Wedbush says (NYSE:SAIL) (SeekingAlpha) Private equity firm Thoma Bravo's Monday announcement that it was acquiring cyber security firm SailPoint Technologies (SAIL) for $65.25 per share in cash is an event that could lead...
Netenrich Announces Channel Momentum and Key Milestones in Q1 2022 (PR Newswire) Netenrich, a leading security and operations analytics company known for its Resolution Intelligence® SaaS platform, today provided a recap of...
SecZetta Continues Growth Trajectory with Strong FY2022 (Business Wire) SecZetta, the leading provider of third-party identity risk solutions, today announced its fiscal 2022 year-end business results, ending January 31, 2
Rapid7 rallies after Wolfe Research initiates Bull rating
(NASDAQ:RPD) (SeekingAlpha) Wolfe Research started off coverage on cyber security firm Rapid7 (RPD) +6.9% with an Outperform rating. The brokerage sets a price target of $122, suggesting a potential upside of 16%...
This Cybersecurity Stock Could Just Be Getting Started (The Motley Fool) CrowdStrike's Q4 results and forward guidance showcase why the company could be set up for years of long-term growth.
Accenture partners with Palantir, launches innovation center (Consulting) Accenture has deepened its partnership with Palantir, a leading data analytics software firm, with the creation of a new innovation center.
Council Post: Cyber Insurance: There’s More Than Meets The Eye (Forbes) Cyber insurance policies drive best security practices industry-wide, standardizing and reducing the ambiguity surrounding security controls.
Netacea | Netacea Receives Top Score in Bot Detection Criterion in 2022 Analyst Report (RealWire) Agentless bot management provider ranked among top players in Analyst Report
Manchester, 12th April, 2022 – Netacea, the bot detection and mitigation specialist, today announced it has received the highest score in the Bot Detection criterion in The Forrester Wave™: Bot Management, Q2 2022 report
Aryaka Satisfies European Customer Demand with Paris Services PoP (ResponseSource Press Release Wire) Cloud-First managed SD-WAN and SASE pioneer also announces additional channel partners coupled with new Aryaka Accelerate Global Partner Program London, April 12, 2022 -Aryaka®, the leader in fully ...
Renowned ‘Ethical Hacking’ Company TrustedSec Opens New Corporate Headquarters (PRWeb) TrustedSec, a globally renowned “ethical hacking” company that advises Fortune 500s and governments, is hosting a grand opening ceremony with city officials
SAIC Announces Scott Gould as New Member of Company's Strategic Advisory Board (SAIC) Former United States Deputy Secretary of Veterans Affairs to bring valuable experience in the federal healthcare market
Crypto.com Hires Financial Crimes Expert From Western Union (Wall Street Journal) Crypto.com has hired a former Washington regulator and federal prosecutor to oversee its efforts to ensure the fast-growing online cryptocurrency platform isn’t used for crimes such as terrorism financing and fraud.
Fintech Industry Veterans Sharda Caro Del Castillo and Scott Schenkel Join Forter’s Board of Directors (Business Wire) Leaders Will Provide Cross-Functional Strategy and Operational Expertise
Products, Services, and Solutions
SecurityScorecard Expands Palo Alto Networks Cortex XSOAR Marketplace… (SecurityScorecard) SecurityScorecard Premium Pack for the Cortex XSOAR Marketplace enables organizations to continuously monitor their cybersecurity posture NEW YORK -- April 11, 2022 -- SecurityScorecard , the global leader in cybersecurity ratings, today announced that the SecurityScorecard Premium Pack is now…
Librestream Becomes First Remote Collaboration Solution to Achieve IUT Status in FIPS 140-3 Validation Process, Further Cementing its Leadership Position Among Highly Regulated Industries (Librestream) Librestream, the #1-rated remote technology platform for the industrial deskless workforce, has become the first remote-collaboration solution to pursue
Fortinet announces release of FortiOS 7.2 (Manufacturing Today) Fortinet’s latest upgrades to its flagship operating system and foundation of its security fabric FortiOS 7.2 unveiled
Dell Technologies Helps Businesses in Ireland Securely and Sustainably Retire IT Equipment (Irish Tech News) Dell Technologies announces the expansion of its Asset Recovery Services with new availability in Ireland. The service supports any brand of laptop, desktop, server, peripheral or accessory, helping customers receive value from existing IT assets and implement sustainable recycling and recovery services at scale.
Verint Announces Compliance Recording for Zoom, Streamlining Compliance Review and Analysis for Regulated Industries (Business Wire) Verint Announces Compliance Recording for Zoom, Streamlining Compliance Review and Analysis for Regulated Industries
Globalgig selects Thales to enable global, immediate and resilient connectivity for massive IoT deployments (Thales Group) Thales announces a new partnership with Globalgig, the Global Connectivity Service Provider, for the world’s first deployment of Thales Adaptive Connect, an innovative solution that supports the smart connection of massive fleets of IoT devices. Based on eSIM (embedded SIM) technology, Thales Adaptive Connect effectively enables IoT devices to connect and use the most appropriate subscription as soon as powered up in the field.
Owl Cyber Defense Announces NCDSMO Baseline Listing for New Version of Voice and Video Cross Domain Solution - V2CDS (GlobeNewswire News Room) Industry’s Only Approved Voice and Video CDS Augmented for New Era of Highly Secure, Cost-Effective Collaboration...
iboss Simplifies How Customers Apply Zero Trust Protection to Company (PRWeb) iboss, the leading Zero Trust Edge cloud security provider, today announces a new Zero Trust Policy Manager (ZTPM) which enables organizations of all types and sizes
Axis Security Unveils Atmos, The World’s Most Elegant Security Service Edge Platform (Axis Security) Atmos harmonizes secure access for the workplace. SAN MATEO, CA, April 12, 2022 – Axis Security set a new standard for securing the modern workplace today with the launch of Atmos. Short for “Atmosphere,” Atmos is the modern alternative to legacy hub and spoke network architectures, and Security Service Edge (SSE) platforms that have datacenter-based...
FIDO Alliance Empowers New Wave of Authentication Experts with FIDO Certified Professional Testing Program (PR Newswire) FIDO Alliance today announced that testing is now available for individuals seeking to become FIDO Certified Professionals. Experts in online...
Technologies, Techniques, and Standards
Craig Newmark Philanthropies Pledges $50 Million to Cyber Civil Defense (Global Cyber Alliance) Grants will fund efforts to protect and defend digital lives of Americans at risk of cyber attack
Exclusive: Newmark invests in cyber defense (Axios) Craig Newmark Philanthropies announced plans to spend more than $50 million on grants to educate Americans about, and protect them from, cybersecurity threats, Axios' Scott Rosenberg reports.
Cybersecurity Leaders Launch Operational Technology Cybersecurity Coalition (PR Newswire) Today, a diverse group of cybersecurity leaders joined together to launch the Operational Technology Cybersecurity Coalition (OT Cyber...
ThreatLocker: Zero Trust Focuses on Control to Keep Cyber Threats Out (Channel Futures) Achieving controls is no longer archaic or difficult.
Fighting Back Against Ransomware Endpoint Threats (Security Boulevard) As 2022 rolls on, the latest threat intelligence data from WatchGuard makes it clear that endpoint devices are a ripe target for cyberattacks. “In this
How to achieve better cybersecurity assurances and improve cyber hygiene (Help Net Security) How can your business reduce the risk of a successful cyber attack, improve cyber hygiene and create a defendable network?
Creating a Security Culture Where People Can Admit Mistakes (Dark Reading) In cybersecurity, user error is the symptom, not the disease. A healthy culture acknowledges and addresses the underlying causes of lapses.
Design and Innovation
OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default (Naked Security) Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?
The Art Exhibition That Fools Facial Recognition Systems (SecurityWeek) The most boring art exhibition in the world, containing 100 copies of the Mona Lisa, has been launched online to highlight the weaknesses in facial recognition systems.
Academia
Infoblox Partnership with TELACU Education Foundation to Grow Minority Representation in Cybersecurity announces the successful completion of a pilot program to introduce minority students to the world of cybersecurity (PR Newswire) Infoblox, the leader in cloud-first networking and security services and the TELACU Education Foundation have announced the successful...
Legislation, Policy, and Regulation
Italy's new rules on 5G deals risk delays, industry lobby warns (Reuters) New rules to oversee the build-up of fifth generation mobile networks in Italy risk creating red tape delays for telecoms firms as they strive to upgrade their grids, a document from the country's industry lobby showed on Monday.
Cross-Border Data Transfers: PIPL vs. GDPR vs. CCPA (cyber/data/privacy insights) Multinational companies often encounter questions regarding if and when they can transfer personal information[1] across borders. The People’s Republic of China’s Personal Information Protection Law (PIPL) adds new considerations for these inquiries[2], such as:
Can employers in the China store t
Lawmakers ask Energy Department to take point on sector digital security (The Record by Recorded Future) A bipartisan group of House and Senate lawmakers late last week urged the head of the U.S. Energy Department to take the lead in shaping the energy sector’s cybersecurity.
Lawmakers Want to Improve Cybersecurity Info Sharing Between DHS, Congress (SecurityWeek) A proposed bill aims to improve the sharing of cybersecurity information between the DHS and Congress.
Industrial Cyber Firms Form Lobbying Coalition as Biden Ramps Up Regulation (Wall Street Journal) Group will advocate for standardized rules to protect industrial systems from hackers
Open-source Leader Advocates Strong FCC Enforcement of Routing Security (Nextgov.com) Reply comments are now due in 30 days to the Federal Communications Commission.
Crypto Industry Helps Write, and Pass, Its Own Agenda in State Capitols (New York Times) In the absence of federal regulations, crypto lobbyists and executives are going state by state to get favorable rules enacted. Many lawmakers have been willing partners.
Arizona Expands Regulator Data Breach Notification Obligations (The National Law Review) Arizona recently amended its breach notice law to change the regulator notification requirements. Starting this summer, depending on the scope of the incident, the Arizona Department of Home
Colorado Appoints New CISO to Lead Office of IT Cyber Efforts (GovTech) Newly minted Colorado Chief Information Security Officer Ray Yepes will officially assume the role later this month. He replaces former CISO Deborah Blyth, who left state service last August.
Litigation, Investigation, and Law Enforcement
One of the world’s biggest hacker forums taken down | Europol (Europol) Launched in 2015, RaidForums was considered one of the world’s biggest hacking forums with a community of over half a million users. This marketplace had made a name for itself by selling access to high-profile database leaks belonging to a number of US corporations across different industries. These contained information for millions of credit cards, bank account numbers and routing...
Federal prosecutors going after alleged Russian hacker mistakenly turn over unrelated case documents, lawyer says (CyberScoop) The material includes information on non-related people and phone records, and Russian businessmen possibly associated with the Trump administration, according to a court document.
NSO Turns to US Supreme Court for Immunity in WhatsApp Suit (SecurityWeek) NSO Group said it should be recognized as a foreign government agent and be entitled to immunity under U.S. law limiting lawsuits against foreign countries
Hounding scammers with litigation (Google) Google is taking legal action against an actor who was operating fraudulent websites and using Google products as a part of their puppy fraud scheme.
Google sues alleged scam site operator who ran fake basset hound puppy mill (The Record by Recorded Future) Google filed a lawsuit against Nche Noel Ntse, a Cameroonian national accused of running scam websites for selling puppies.
US extradites man accused of unwittingly distributing FBI’s honeypot phones (The Record by Recorded Future) The US extradited last month a man from the Netherlands who is accused of working for Anom — the encrypted communications platform used by global organized criminals that was the subject of a lengthy undercover FBI investigation dubbed “Operation Trojan Shield.”