Dateline Moscow, Kyiv, London, Washington: Ukrainian resistance and Russian privateering.
Ukraine at D+62: Moscow's privateering rises. (The CyberWire) Ukrainian resistance stiffens, with delivery of air defense and artillery systems, and with a new willingness to strike targets inside Russia. Russian cyber activity is marked by increased privateering.
Russia’s invasion of Ukraine: List of key events on day 63 (Al Jazeera) As the Russia-Ukraine war enters its 63rd day, we take a look at the main developments.
Britain says Ukraine controls majority of its airspace (Reuters) Ukraine retains control over the majority of its airspace, Britain's defence ministry said on Wednesday, adding that Russia has failed to effectively destroy the country's air force or suppress its air defences.
Putin agrees to UN, Red Cross help to evacuate civilians from Mariupol steel plant -U.N. (Reuters) Russian President Vladimir Putin agreed "in principle" to U.N. and International Committee for the Red Cross (ICRC) involvement in the evacuation of civilians from a besieged steel plant in Ukraine's southern city of Mariupol, the United Nations said on Tuesday.
Ukraine says Moscow is forcibly taking civilians to Russia (AP NEWS) Ukraine accused Moscow on Thursday of forcibly taking hundreds of thousands of civilians from shattered Ukrainian cities to Russia, where some may be used as “hostages” to pressure Kyiv to give up.
In Ukrainian Villages, Fears Grow for Men Taken to Russia (Wall Street Journal) Russian forces stayed only ten days in the tiny village of Velykyi Bobryk, but when they left they took six local men with them. Now their families are trying to find out what happened to their loved ones.
Latest strikes on Russia hint daring Ukraine is not intimidated by the Kremlin (The Telegraph) Attacks behind enemy lines renew focus on Kyiv’s missile capability and possible covert operations campaign inside Russia
Explosions as Ukraine drone spotted 140 miles into Russia's territory (Newsweek) Residents in Russia reported blasts as the prospect of the Ukraine war spilling over the border became more likely.
West gearing up to help Ukraine for ‘long haul’, says US defence secretary (the Guardian) Lloyd Austin meets with defence ministers as Russia accuses west of engaging in ‘proxy war’
U.S., allies promise to keep backing Ukraine in its war with Russia (Washington Post) The United States’ top defense officials on Tuesday urged more nations to provide more weaponry, at a faster pace, to Ukraine as it prepares for the next phase of its defense against Russian aggressors.
US urges more arms for Ukraine amid fears of expanding war (AP NEWS) The U.S. pressed its allies Tuesday to move “heaven and earth” to keep Kyiv well-supplied with weapons as Russian forces rained fire on eastern and southern Ukraine amid growing new fears the war could spill over the country's borders.
Russia is openly talking about World War 3 for the first time (Newsweek) Russia's foreign minister, Sergei Lavrov, said "there can be no winners in a nuclear war."
Ukraine-Russia latest news: Boris Johnson plays down fears of nuclear warfare
(The Telegraph) Boris Johnson has said he does not share concerns that Vladimir Putin will use tactical nuclear weapons in Ukraine as he suffers more losses.
Britain backs Ukraine using Western weapons to hit targets in Russia (The Telegraph) Armed Forces minister shrugs off warning of third world war by saying it is acceptable for Kyiv to strike targets beyond its border
Poland confirms T-72 tank delivery to Ukraine, with Challenger 2 tanks to fill gap (Defense News) Poland’s prime minister has confirmed the country supplied its Soviet-designed T-72 tanks to Ukraine to support the fight against Russia, which invaded Ukraine Feb. 24.
U.S. intel helped Ukraine shoot down Russian plane carrying troops (NBC News) Ukrainian forces have used specific coordinates shared by the U.S. to direct fire on Russian positions and aircraft, current and former officials tell NBC News.
Intelligence Community is Rapidly Delivering Commercial Satellite Imagery to Ukraine, NGA Official Says (Via Satellite) AURORA, Colo.—Advances in commercial satellite imagery collection and dissemination have enabled the U.S. intelligence community to provide commercial
Breakaway Moldova republic explosions raise fears of new Ukraine War front (Newsweek) The spate of explosions comes days after Russian Major General Rustam Minnekayev spoke of creating an "exit" to the breakaway Moldovan territory.
Moldova Feels the Shock Waves of Putin’s War (Foreign Policy) Russia is now talking about driving toward Moldova’s border as part of its plan to redraw the map of the Black Sea region.
What is Transnistria, and will Russia advance toward Moldova? (Washington Post) Two months into the invasion of Ukraine, a Russian military commander suggested on April 22 that Moscow aims to establish a corridor through southern Ukraine to Transnistria, a breakaway republic in eastern Moldova.
Russia hints at Moldova invasion, as unexplained attacks create 'hotbed of tension' (The Telegraph) Ukraine suggests Moscow could have staged ‘false flag’ incidents to justify extending its invasion into Transnistria
No time to waste with aid, U.S. defense secretary says (Washington Post) The United States’ top defense officials made an urgent case for sending more weapons to Ukraine on Tuesday, telling officials from more than 40 countries that the coming weeks of war will be “crucial.”
U.S. general says ‘time is not on Ukraine’s side’; Putin to meet U.N. chief (Washington Post) Defense Secretary Lloyd Austin told a gathering of military leaders from 40 NATO and non-NATO countries that Russian President Vladimir Putin “never imagined that the world would rally behind Ukraine so swiftly and surely” — as the United States pledged military aid, Poland announced it would send tanks, and Germany planned to send armored antiaircraft vehicles.
‘Putin never imagined’ global rally of Ukraine support, defense secretary says (Washington Post) Defense Secretary Lloyd Austin told a gathering of military leaders in Germany that Ukraine’s “resistance has brought inspiration to the free world and even greater resolve to NATO” — and that Russian President Vladimir Putin “never imagined that the world would rally behind Ukraine so swiftly and surely.”
Putin gets what he didn't want: Ukraine army closer to West (AP NEWS) The longer Ukraine's army fends off the invading Russians , the more it absorbs the advantages of Western weaponry and training — exactly the transformation President Vladimir Putin wanted to prevent by invading in the first place.
Pro-Russia hackers were inside Ukraine government networks long before the ground war started (Fast Company) A new report from cybersecurity company Trellix says Russian actors planted malicious code in the networks even before Russian troops began assembling at the Ukrainian border last year.
Hacktivists' activity drives DDoS volumes to all-time high (TechRadar) Previous all-time high was beaten by a mile
DDoS attacks were at all-time high in Q1 2022 due to war in Ukraine (TechRepublic) Kaspersky found that January and February were a hotbed of cyberattacks for a number of different targeted countries.
Trellix Threat Labs Research Report April 2022 (Trellix) The fourth quarter of 2021 saw the world shift out of a two-year pandemic during which bad actors leveraged work from anywhere opportunities and Log4Shell was an unwanted holiday guest. During the first quarter of 2022, the focus on threats shifted to campaigns weaponizing cyberthreats against Ukrainian infrastructure in the Eurasia region conflict. Our latest Trellix Threat Labs Research Report includes our findings from Q4 2021, our identification of a multi-stage espionage attack on high-ranking government officials, and our recent analysis of cyberattacks targeting Ukraine and the newly identified HermeticWiper during Q1.
Chinese drone-maker DJI quits Russia and Ukraine (Register) First Middle Kingdom company to take a stance says it doesn't want anyone weaponizing its flying machines
Why Xi Is Trapped in Ukraine (Foreign Policy) Now, it is Russia, not China, sitting in the geopolitical driver’s seat.
Russia to Cut Gas to Poland and Bulgaria, Making Energy a Weapon (Bloomberg) Focus now turns to how other European capitals will respond. Moscow demands gas be paid for in rubles after new decree.
Russia cuts off gas to Poland, Bulgaria, stoking tensions with E.U. over Ukraine (Washington Post) Russia’s state-controlled gas company, Gazprom, said Wednesday it had shut off the supply of natural gas to Poland and Bulgaria, a move that marks a significant escalation in the economic tension between Moscow and the West over the war in Ukraine.
Who’s to Blame for the Global Hunger Crisis? (Foreign Policy) Moscow and Washington battle at the U.N. to assign responsibility for a looming food crisis that threatens millions with starvation.
Why Russia’s Economy Is Holding On (Foreign Policy) With oil exports strong in April, Putin avoids economic ruin while hammering Ukraine.
Attacks, Threats, and Vulnerabilities
Conti Ransomware Activity Surges Despite Exposure of Group's Operations (SecurityWeek) Conti ransomware activity has surged despite the recent exposure of the group’s operations.
Iran's Rocket Kitten likely behind VMware exploitation (Register) We hope you've patched that 9.8/10 severity bug
Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets (Symantec) Espionage group focuses on obtaining classified or sensitive intellectual property that has civilian and military applications.
A "Naver"-ending game of Lazarus APT (Zscaler) Technical details of several attack chains used over the last year in a Lazarus Group APT campaign targeting South Korean users.
Russia-linked hackers claim to have breached Coca-Cola Company (CyberNews) Stormous ransomware claims it stole 161 GB of data from the multinational company.
Stormous ransomware gang claims to have hacked Coca-Cola (Security Affairs) The Stormous ransomware gang claims to have hacked the multinational beverage corporation Coca-Cola Company. The Stormous ransomware gang announced with a post on its leak site to have hacked the multinational beverage corporation Coca-Cola Company. The extortion group announced to have hacked some servers of the company and stole 161GB. The group recently launched a poll asking members […]
Coca Cola is investigating reports of data breach (Mail Online) Stormous posted on its website Monday that it had hacked Coca-Cola's servers and retrieved 161 gigabytes of data, including financial data and passwords.
German Wind Turbine Firm Hit by 'Targeted, Professional Cyberattack' (SecurityWeek) German wind turbine giant Deutsche Windtechnik discloses disruptive ransomware compromise.
RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign (Bitdefender Labs) At the start of the year, Bitdefender noticed a RIG Exploit Kit campaign using CVE-2021-26411 [https://nvd.
Emotet botnet tests new techniques after global crackdown (Cybersecurity Dive) The once prolific botnet, returning from "spring break," is preparing a new high-volume campaign, Proofpoint researchers said.
Emotet tests new tricks to thwart enhanced security (ComputerWeekly.com) The operators of the Emotet botnet seem to be trying to find a way to get around recent changes made by Microsoft to better protect its users.
Is Emotet trojan testing new email attack tactics using OneDrive URLs? (SC Magazine) Proofpoint researchers say the Emotet botnet's use of low volume attacks via Microsoft OneDrive URLs may be the first round of larger campaigns to come.
4-Hour Time-to-Ransom Seen in Quantum Attack as Accelerated Ransomware Increasingly Common (SecurityWeek) Quantum ransomware deployed less than 4 hours after initial breach as accelerated ransomware attacks become more common
Meteoric attack deploys Quantum ransomware in mere hours (Help Net Security) A group using the Quantum Locker ransomware is hitting targets in a blitzkrieg-like manner and manages to deploy it in under four hours.
Tractor-Trailer Brake Controllers Vulnerable to Remote Hacker Attacks (SecurityWeek) Researchers discovered that the brake controllers found on many tractor-trailers in North America are susceptible to remote hacker attacks.
Lapsus$: The script kiddies are alright (The Record by Recorded Future) A new cyber extortion team has burst on the scene turning low-tech operations into high impact heists. But they have a weakness – we explain. Plus, a hacking story from a different era.
Tech Giants Duped Into Giving Up Data Used to Sexually Extort Minors (Bloomberg) Alphabet, Apple among firms that complied with fake requests. Attackers using pilfered data to harass and sexually extort.
Hackers Are Sexually Extorting Kids With Stolen Data: Report (Gizmodo) Criminals have been tricking tech giants into sending them sensitive user data, then using it to sexually blackmail users, a new report claims.
Bored Ape Yacht Club says its Instagram was hacked to funnel users to NFT phishing sites (The Record by Recorded Future) Bored Ape Yacht Club said its Instagram account was hacked on Monday by cybercriminals who used the access to share fraudulent phishing sites and steal NFTs.
New Scam Utilizing AI-Generated Images to Represent Fake Law Firm (HackRead) It may seem like a story straight out of a Hollywood script, but it is indeed true that scammers are using AI-generated images to scam people. According to Ben Dickson of TechTalks, he received an email from a law firm’s attorney, which turned out to be fake, and surprisingly, the sender didn’t even exist.
American Dental Association hit by new Black Basta ransomware (BleepingComputer) The American Dental Association (ADA) was hit by a weekend cyberattack, causing them to shut down portions of their network while investigating the attack.
North Dakota-Based Healthcare Billing Services Group Hacked (SecurityWeek) A cyber attack on North Dakota-based Adaptive Health Integrations that provides software and billing services for doctors and healthcare professionals affected more than a half-million customers.
Over half-million people affected by security breach on ND company (The Mighty 790 KFGO) Federal investigators said a cyber attack on a North Dakota-based company that p...
Tenet Health investigating cybersecurity incident, IT outage (SC Magazine) In a newly posted release, Tenet Healthcare is currently investigating a “cybersecurity incident,” which prompted the security team to pull impacted IT systems and apps offline.
Below the surface: Group-IB identified 308,000 exposed databases in 2021 (Group-IB) Group-IB, one of the global cybersecurity leaders, carried out a deep dive into exposed digital assets discovered in 2021. During the research, Group-IB’s Attack Surface Management team analyzed instances hosting internet-facing databases. The findings showed that in the second half of 2021, the number of public-facing databases increased by 16% to 165,600 with most of them stored on the servers in the US. The number of databases exposed to the open web has been growing every quarter to reach its peak of 91,200 in Q1 2022. Group-IB Attack Surface Management continuously scans the entire IPv4 and identifies external-facing assets, hosting for example, exposed databases, malware or phishing panels, and JS-sniffers. Corporate digital assets that are not properly managed undermine security investment and increase the attack surface, Group-IB experts warn. The consequences of an exposed database range from a data breach to a subsequent follow-up attack on the employees or customers whose information was left unsecured.
What is jackware? Ransomware’s vicious cousin (PropertyCasualty360) While ransomware is all about data and money, jackware practitioners allegedly just want to watch the world burn.
The trouble with BEC: How to stop the costliest internet scam (WeLiveSecurity) BEC fraud generated more losses for victims than any other type of cybercrime in 2021. It’s long past time that organizations got a handle on these scams.
‘Bossware is coming for almost every worker’: the software you might not realize is watching you (the Guardian) Computer monitoring software is helping companies spy on their employees to measure their productivity – often without their consent
CISA adds 7 vulnerabilities to list of bugs exploited in attacks (BleepingComputer) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins.
Vulnerability Summary for the Week of April 18, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Mitsubishi Electric MELSEC and MELIPC Series (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC and MELIPC Series
Vulnerabilities: Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, Improper Input Validation
Hitachi Energy System Data Manager (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: System Data Manager – SDM600 Vulnerabilities: Integer Overflow or Wraparound, Reachable Assertion, Type Confusion, Uncontrolled Recursion, Observable Discrepancy 2.
Trends
Email Threat Review March 2022 (Hornetsecurity) Hornetsecurity Security Lab presents an overview of the email-based threats observed in March 2022.
Mandiant: no "reasonable confidence" about zero-day attacks by Western states (iTWire) Security firm Mandiant says it has not mentioned any zero-day exploit usage by Western government agencies in a report about incidents in 2021 because it did not find any exploits which it could identify with reasonable confidence as coming from these sources. The report, issued on 21 April, named a...
Online identity verification helps to keep children safe online (Veriff) This is a blog about parents views on keeping their children safe online
Attackers remain persistent and indiscriminate as multi-vector DDoS attacks continue to rise (Help Net Security) 2021 was another record year for DDoS attacks, as Comcast Business identified and helped defend 24,845 multi-vector attacks.
Marketplace
Enveil Secures $25 Million in Series B Funding (Yahoo Finance) WASHINGTON, April 27, 2022--Enveil, the pioneering Privacy Enhancing Technology company protecting Data in Use, today announced that it has closed $25 million in Series B funding. The oversubscribed round was led by USAA with contributions from existing investors which include Mastercard, Capital One Ventures, C5 Capital, DataTribe, In-Q-Tel, Cyber Mentor Fund, Bloomberg Beta, GC&H, and 1843 Capital. Building on an over 300% increase in revenue achieved since closing its Series A funding, Enveil
Tenable Agrees to Acquire Bit Discovery (Tenable®) Tenable Holdings, Inc. (“Tenable”) (Nasdaq: TENB), the Cyber Exposure company, today announced that it has signed an agreement to acquire Bit Discovery, Inc. (“Bit Discovery”), a leader in external attack surface management (EASM). Combining Tenable’s market-leading Cyber Exposure solutions with Bit Discovery’s EASM capabilities will provide customers with a differentiated 360-degree view of the modern attack surface – both inside out and outside in – to identify and eliminate areas of known and unknown security risk.
SonarSource, the Leading Platform for Clean Code, Raises $412 Million in New Investment (Business Wire) SonarSource today announced it has raised $412 million from new and existing investors, at a valuation of $4.7 billion.
Riverbed Unveils Transformational Strategy to Deliver Unified Observability to Customers Globally and Accelerate Growth Opportunities in $19 Billion Market (Yahoo Finance) Riverbed today launched a broad strategy to bring industry-leading unified observability to customers worldwide and accelerate growth.
Cybersecurity M&A Activity to Continue; Growth Funding to be More Conservative (SecurityWeek) According to Progress Partners’ Market Report: Cybersecurity Q1 2022, M&A activity leapt from $27.5 billion in 2020 to $70.4 billion in 2021. By the end of Q1 2022, it had already reached almost $27 billion.
thatDot Announces Strategic Investment from CrowdStrike Falcon Fund | thatDot (thatDot) With the strategic investment from CrowdStrike, thatDot plans to accelerate development of Quine streaming graph and accelerate community adoption.
Global Cyber Alliance Receives $7.5M Grant from Craig Newmark Philanthropies to Lead Cybersecurity Solutions Initiative (Global Cyber Alliance) Grant will fund efforts to create new and curate existing tools that reduce cyber risk and expand the GCA team
Israel's Spyware Sector Will Survive the NSO Pegasus Scandal (World Politics Review) The controversy over the international trade in digital surveillance tools peaked last year, when several Israeli firms were accused of selling sophisticated spyware to authoritarian states. But given its importance for Israel’s economy and security, the cybersecurity sector will continue to enjoy strong government backing.
Elon Musk buys Twitter (Platformer) What employees are saying. PLUS: Musk's key decisions
How Elon Musk will change Twitter, according to those close to him (Newsweek) Ross Gerber, an investor in Tesla and Twitter, has backed Musk to be "successful" in improving the social media site following the $44bn takeover.
Twitter Locks Down Product Changes After Agreeing to Musk Bid (Bloomberg) Twitter Inc. locked down changes to its social networking platform through Friday after accepting a $44 billion bid from billionaire Elon Musk, making it harder for employees to make unauthorized changes, according to people familiar with the matter.
Twitter, Musk Deal Includes $1 Billion Termination Agreement (Bloomberg) Twitter Inc. will be required to pay a termination fee of $1 billion under certain circumstances if it ends an agreement to be acquired by Elon Musk for $44 billion, according to a filing on Tuesday. Musk will also be subjected to the same fee if he ends the deal.
Twitter’s Legal Team Has Been An Aggressive Defender Of Free Speech; Will That Continue Under Musk? (Techdirt) For all the talk of how Elon Musk wanted to buy Twitter to make it more supportive of free speech, there remain a ton of questions about what it will actually mean in practice. I’ve explained…
Twitter workers face a reality they’ve long feared: Elon Musk as owner (Washington Post) Employees reacted with shock and dismay on Monday as Musk’s $44 billion takeover bid went through
Microsoft $15 billion security unit gives investors reason for hope (Verve times) Satya Nadella, chief executive officer of Microsoft Corp. Grant Hindsley | Bloomberg | Getty Images In January 2021, Microsoft CEO Satya Nadella revealed the size of the software company’s security business for the first time. The number was big. Nadella told analysts on an earnings call that the operation had reached $10 billion in annual […]
Microsoft's $15 Billion cybersecurity business is growing fast (OnMSFT.com) Last year, Microsoft disclosed how much their software company’s security business was worth which was totaling $10 billion in annual revenue and was “up more
Palo Alto Networks Stock: New Generation Cybersecurity (SeekingAlpha) Palo Alto Networks outpaced the overall cybersecurity sector in the past 5 years. See why I think PANW stock is a great investment option for the growth-oriented investor.
Why CrowdStrike Stock Was Falling Today (The Motley Fool) A broad sell-off in tech stocks hammered the cybersecurity company.
Red River Recognized as the 2021 Americas Connected Security Partner of the Year by Juniper Networks (Yahoo) CLAREMONT, N.H. & CHANTILLY, Va., April 25, 2022--Juniper Networks Names Red River 2021 Americas Connected Security Partner of the Year
RackTop Systems Expands Channel Partner Program (Business Wire) RackTop Systems, a leading provider of cyberstorage solutions which actively defend against ransomware and insider threats, today announced the expans
ZeroFox Expands Canadian Presence, Delivering Over 60% Year-Over-Year Increase in Impersonation and Malicious Content Takedowns for Canadian Customers (Yahoo Finance) Expansion includes new partnerships to deliver external cybersecurity solutions to Canadian enterprisesWASHINGTON, April 27, 2022 (GLOBE NEWSWIRE) -- ZeroFox, a leading external cybersecurity provider, today announces new disruption research and expanded partnerships to serve Canadian enterprises. A new partnership with Quick Intelligence will extend critical threat intelligence, digital risk protection and adversary disruption services to Canadian enterprises, building on ZeroFox’s existing Can
Blackpoint Cyber Welcomes J. Chris Wilkerson, VP of Blackpoint RISK & Head of Insurance (Business Wire) Blackpoint Cyber, a leading technology-focused cybersecurity company, announced a key expansion in its cyber insurance leadership team. The company ap
LastPass Appoints Karim Toubba Chief Executive Officer (GlobeNewswire News Room) Security Industry Veteran Brings Proven Record of Innovation and Growth to LastPass...
Eric Jackson joins Fusion Risk Management as CPO (Help Net Security) Fusion Risk Management announced it has appointed Eric Jackson as Chief Product Officer (CPO) drive product strategy and innovation.
Titania | Titania Strengthens Leadership and Innovation with Appointment of New Vice President of Engineering (RealWire) New appointment signifies growth and commitment to lead in development of software that automates accurate network configuration assessments and delivers continuous risk and remediation prioritized assurances
SafeBreach Welcomes Mor Lakritz As Chief Financial Officer (PR Newswire) SafeBreach, the pioneer in breach and attack simulation (BAS), today announced the addition of industry veteran Mor Lakritz to its executive...
Products, Services, and Solutions
Telecom breach and attack simulation(BAS) platform : ACE (SecurityGen) ACE is a telecom cybersecurity platform for network breach detection and network attack protection. This breach and attack simulation platform enables 5G network security, signalling security, gtp security, ss7 attack, ddos attack prevention etc.
Fidelis Cybersecurity Active XDR Platform Expands to Open XDR (Business Wire) Fidelis Cybersecurity, the industry innovator in Active eXtended Detection and Response (XDR) solutions trusted by Fortune 100 firms and government or
Forcepoint Brings Personalized Automation at Scale to DLP (Newspatrolling) Simplifying incident management and bringing light to the exponential growth of dark data Today Forcepoint is delivering greater personalization and automation to DLP policy enforcement while also directly addressing the huge data growth problems organizations of all sizes are facing. Personalized automation with Forcepoint DLP is enabling tremendous efficiency gains in managing security incidents. To
Sequitur Labs Collaborates with Lenovo to Protect AI Models at the Edge (Yahoo) Sequitur Labs’ EmSPARK Security Suite to be incorporated into Lenovo ThinkEdge offerings
Inmarsat Debuts New Cyber Maritime Offering for Fleet Xpress (Via Satellite) Inmarsat is launching a new service designed to provide greater cyber protection to its maritime customers. The product, Fleet Secure Unified Threat
BluBracket Joins Forces with Snyk to Secure Software Supply Chains from Source Code Risks (PR Newswire) BluBracket, the leader in code security, announced today that it's joining Snyk's Technical Alliance Partnership Program as a founding member...
Telos Corporation Announces Xacta CMMC Offering in Microsoft Azure Marketplace (Telos Corporation) Telos® Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, announced today its new Xacta® 360 Lite for Cybersecurity Maturity Model Certification (CMMC) Virtual Machine Infrastructure (VMI) offering to automate and streamline the activities required for CMMC assessment.... Read more
Cynerio and Securonix Announce Partnership for Advanced Medical Device (PRWeb) Cynerio, the leading provider of healthcare IoT cybersecurity, today announced a new partnership with Securonix, a leader in Next-Gen SIEM, to provide hospitals an
SoftBank Corp. Selects Aryaka for its International SD-WAN Service, SD-CORE(aryaka) (Business Wire) Aryaka®, the leader in fully managed SD-WAN and SASE, today announced SoftBank Corp. (TOKYO: 9434, “SoftBank”) has selected Aryaka’s technology for it
Technologies, Techniques, and Standards
NIST Requests Public Comment on Draft Guidance for 5G Cybersecurity (NIST) As wireless networks transition to 5G technology, they could enable a host of new capabilities — but they also will place new cybersecurity demands on industry.
Control system cyber incidents in electric and other sectors are frequent, often impactful, but not reported (Control Global) The electric and nuclear industries have required “incident” disclosures for more than 20 years. The other infrastructures either have no incident disclosure requirements or only recently started, such as TSA for pipelines and EPA for water. Given the significant number of documented control system cyber incidents in the other sectors, the electric industry control system cyber security disclosure concerns discussed below apply to all other sectors.
Design and Innovation
NSA and GCHQ innovators inducted into Cryptologic Hall of Honor (National Security Agency/Central Security Service) Partnership, collaboration, and creative innovation was a common thread for the latest pioneers recently inducted into the Cryptologic Hall of Honor at the National Security Agency (NSA). Clifford
Academia
General Nakasone meets with U.S. Air Force Academy cadets to award the NSA Cyber Exercise (National Security Agency/Central Security Service) Earlier this month, The U.S. Air Force Academy was announced as the National Security Agency
JROTC gets new cybersecurity program (Rocketcitynow.com) Only 11 high schools in the U.S, including one in Alabama, were selected for the pilot program.
Legislation, Policy, and Regulation
African Countries Call On Ghana’s Cyber Security Authority (CSA) For Collaboration And Support (Peacefmonline.com - Ghana news) African Countries Call On Ghana’s Cyber Security Authority (CSA) For Collaboration And Support
DISA Prioritizes Secret Network for Zero Trust (SIGNAL) The agency will double down on SIPRNET security.
Thunderdome going global? DISA says still room for industry, allies in zero-trust initiative (Breaking Defense) "As far as reaching out to kind of the multinational world and the federal space, we haven't yet, but that's something that's kind of on the roadmap for us to get to," Drew Malloy, technical director for DISA’s cyber development directorate, said.
NSA quietly re-awarded its Wild and Stormy cloud contract (Federal News Network) Microsoft lost the 10-year top secret cloud contract competition for a second time, but decided not to protest.
Pentagon shifting Project Maven, marquee artificial intelligence initiative, to NGA (Federal News Network) Project Maven has been run out of the office of the secretary of defense since its inception in 2017.
NIST, CISA, OMB Make Progress on Biden’s Cybersecurity Executive Order (GovCon Wire) Looking for the latest GovCon News? Check out our story: NIST, CISA, OMB Make Progress on Biden’s Cybersecurity Executive Order. Click to read more!
The latest changes to US state data privacy laws (Avast) The latest data privacy laws passed in Utah and Virginia provide consumers with the right to access and delete some of their personal data and opt out of data collection under certain circumstances.
New York mulling move to add crypto fraud to penal code (The Record by Recorded Future) A New York state senator introduced a new bill that would add four different cryptocurrency-related crimes to the fraud section of the state’s penal code.
Biden nominates new Cyber Command No. 2, Navy cyber chief (The Record by Recorded Future) President Joe Biden has nominated the head of the Air Force’s digital warfighting branch to be the next deputy of U.S. Cyber Command, Defense Secretary Lloyd Austin announced Tuesday.
Litigation, Investigation, and Law Enforcement
U.S. offers $10 mln reward for information on Russian intelligence officers -State Dept (Reuters) The United States on Tuesday offered a reward of up to $10 million for information on six people it described as Russian military intelligence officers who had conducted cyber attacks affecting critical U.S. infrastructure.
US offering $10 million for info on Russian military hackers accused of NotPetya attacks (The Record by Recorded Future) The State Department's announcement is based on charges filed in 2020 by the Justice Department against the six GRU members.
Rewards for Justice – Reward Offer for Information on Russian Military Intelligence Officers Conducting Malicious Activity Against U.S. Critical Infrastructure - United States Department of State (United States Department of State) The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber […]
Ward Hadaway blackmailed after cyber attack (Law Gazette) Top-100 firm held to ransom for up to $6m (£4.75m) in bitcoin, High Court hears.
Illinois Privacy Law Extends To Info From Photos, Judge Rules (Law360) An Illinois federal judge said the state's biometric privacy law doesn't exclude photograph-derived facial information from its reach, as he refused to end litigation against biometric software maker Onfido Inc.
Amazon Downplayed Privacy Litigation Risks, Investors Say (Law360) Amazon's top brass has misled investors as to the e-commerce giant's compliance with the Illinois Biometric Information Privacy Act as well as the substantial litigation risks associated with its lackluster compliance, according to a stockholder derivative suit filed Tuesday in Washington federal court.
Spanish intelligence did spy on Catalan separatists with court approval: report (The Local es) Spain's intelligence service CNI had court approval to spy on Catalan separatist figures, El País newspaper said Tuesday citing sources close to the agency.
NSO Is Everywhere And Still Lying About What It Can And Can’t Do To Control Misuse Of Its Exploits (Techdirt) An in-depth report on Israeli malware manufacturer NSO Group has (again) exposed the company’s lies about its activities (and the activities of its customers). Here’s what NSO said to C…