Dateline Moscow, Kyiv, and Langley: Cyberespionage in the hybrid war.
Ukraine at D+69: Cyberespionage, and assessments of Russia's battlefield performance. (The CyberWire) Russia continues to search for a remedy for tactical underperformance. The window of relative immunity Russian artillery has enjoyed is expected to begin closing this week, as Ukraine fields NATO-delivered howitzers and counterbattery radars. Cyber operations on both sides continue to concentrate on espionage.
Hybrid warfare considered: a US perspective. (The CyberWire) At the Joint Service Academy Cybersecurity Summit (JSAC), hosted by Palo Alto Networks on April 20th, US military leaders discussed the role of cyber operations in hybrid warfare, particularly as it relates to Russia’s war in Ukraine. Here's what we heard from the experts.
Russia’s invasion of Ukraine: List of key events, day 70 (Al Jazeera) As the Russia-Ukraine war enters its 70th day, we take a look at the main developments.
Ukraine Latest: Kremlin Says Putin and Macron Discussed Mariupol (Bloomberg) President Volodymyr Zelenskiy said Ukraine’s forces aren’t retreating and are even gaining some ground. But Russia also expanded the reach of its missile strikes, targeting Ukraine’s westernmost region.
Why is Ukraine’s Donbas region a target for Russian forces? (Washington Post) Russia is planning to formally claim wide new sections of Ukrainian territory in the southern and eastern parts of the country, a senior U.S. official said Monday.
Watch: Drone destroys Russian Raptor boats off Snake Island (The Telegraph) Unmanned craft obliterates two Russian vessels in the Black Sea as reports show a quarter of Moscow's forces are now 'combat ineffective'
Russia showing clear 'casualty aversion', as troops forced to retreat from Kharkiv (The Telegraph) Ukrainian counter-offensive pushed Russian forces 25 miles east of Ukraine's second largest city, according to US officials
What Putin's general was doing in Ukraine, according to top secret report (Newsweek) The number of Russian soldiers' deaths is so high that the movement of body bags off the battlefield is taking place under a veil of secrecy and at night.
Russian troops held me captive at gunpoint for two weeks in Ukraine. Here’s what I learned. (Breaking Defense) On March 4, Breaking Defense correspondent Reuben Johnson was captured by Russian soldiers outside of Kyiv and taken prisoner. This is the story of what happened next.
Fossil fuels are the Achilles’ heel of warfare. Just ask Russia. (Defense News) Fossil fuels aren’t just a vulnerability on the battlefield; they’re also a strategic straitjacket.
Russian TV Claims U.S. 'At War in Ukraine' After Pelosi-Led Trip (Newsweek) Russian state media pointed to tweets from Rep. Jason Crow as "confirmation that the United States is at war in Ukraine."
Remarks by President Biden on the Security Assistance to Ukraine (The White House) Lockheed Martin Pike County OperationsTroy, Alabama 2:03 P.M. CDT THE PRESIDENT: I tell you what, Linda: If I were CEO of this company, I’d be
Vladimir Putin’s military cupboard is bare (The Telegraph) With the Donbas offensive running out of steam, and increasing resentment at home, the Russian president has no good options remaining
Opinion Russia is losing on the electronic battlefield (Washington Post) Among Russia’s most costly mistakes when it invaded Ukraine was the expectation that it would dominate the electronic warfare part of the battle. Instead, Russia has stumbled and lost its way in the little-known realm of intercepting and jamming communications, an increasingly essential element of military success.
Russia Botched Its Early War Propaganda Campaign, but Now It’s Doubling Down (Foreign Policy) How Putin’s “zampolits” and the Russian Orthodox Church are spearheading a new agitprop campaign to boost troops’ morale.
Why Vladimir Putin’s propaganda ‘nonsense’ failed to catch on in Ukraine (The Telegraph) Russian president’s rampant disinformation campaign after 2014 backfired because he went about it the wrong way, says expert
Watch: Nuclear torpedo strike could engulf Britain with giant radioactive tsunami, Russian TV warns (The Telegraph) Propagandist blames Liz Truss for escalating tensions and says Vladimir Putin could turn UK into a ‘radioactive desert’
Russian TV shows simulation of Britain and Ireland wiped out by a nuke (Washington Post) One of Russia’s top propagandists threatened Britain with annihilation by nuclear strike twice on his Sunday prime-time show — once by air and once by sea — ramping up the war of words against Britain over its vow to oust Russian forces from Ukraine.
Update on cyber activity in Eastern Europe (Google) An update on cyber activity in eastern Europe.
Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say (CyberScoop) Multiple ongoing hacking efforts are either connected to or using the Russian military assault to target a wide range of entities.
Google: Nation-state phishing campaigns expanding to target Eastern Europe orgs (The Record by Recorded Future) Wide-ranging phishing campaigns targeting Eastern European countries are continuing to expand, according to a new report from Google’s Threat Analysis Group (TAG).
How the Ukraine conflict is reshaping the dark web (New Statesman) As the war drags on, cracks are forming in the digital underworld
Ukraine’s Online Volunteers Go After Russian Targets (Foreign Policy) Kyiv says it doesn’t endorse cyberattacks—but it’s thankful for them.
SolarWinds hackers set up phony media outlets to trick targets (CyberScoop) New infrastructure, old tricks.
SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse (Recorded Future) Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. This report profiles the unique infrastructure used by Russian state-sponsored threat activity group NOBELIUM. The activity was identified through a combination of large-scale automated network traffic analytics and analysis […]
German Finance Watchdog Sees 'Very Big' Risk of Cyberattacks (SecurityWeek) Germany's financial regulator BaFin warned of the "very big" risk of cyberattacks targeting the financial sector, a threat it said had become "more likely" since Russia's war on Ukraine.
CIA instructs Russians on how to share secrets with the spy agency (Washington Post) The U.S. government is also tracking a surge in interest among Russians trying to skirt state censors online
Boris Johnson: We will make Ukraine so strong that no country will attack it again (The Telegraph) Prime MInister tells MPs in Kyiv ‘Ukraine will win' as he becomes first world leader to address its parliament since Russian invasion
Britain pledges anti-ship missiles, cargo drones for Ukraine’s defense (Defense News) In a virtual address to the Ukrainian Parliament, Johnson said a further £300 million ($375 million) in arms would be provided to Kyiv.
US, Japan defense chiefs to meet on Russia crisis (Defense News) Lloyd Austin will host his Japanese counterpart Wednesday for face-to-face talks about the Russian invasion of Ukraine, as the war’s ripple effect creates fresh tensions between Tokyo and Moscow.
Pope's Ukraine diplomacy a political and spiritual tightrope (AP NEWS) His appeals for an Orthodox Easter truce in Ukraine went unheeded. His planned meeting with the head of the Russian Orthodox Church was canceled. A proposed visit to Moscow ?
Pope Says NATO Might Have Provoked Russian Invasion of Ukraine (Wall Street Journal) Pope Francis said that the “barking of NATO at the door of Russia” might have led to the invasion of Ukraine and that he didn't know whether other countries should supply Ukraine with more arms. The pope at the same time deplored the brutality of the war and criticized the leader of the Russi
EU proposes Russian oil ban to make Putin 'pay high price' for Ukraine (Reuters) The European Union's chief executive on Wednesday proposed a phased oil embargo on Russia, sanctions on its top bank and a ban on Russian broadcasters from European airwaves in its toughest measures yet to punish Moscow for its war in Ukraine.
EU Proposes Ban on Russian Oil Imports, Sending Prices Higher (Wall Street Journal) The European Union proposed a ban on Russian crude within six months and is set to impose sanctions on Russian military officials accused of war crimes.
Germany warns a Russian oil ban will harm Europe's economy, even as it backs an embargo (Markets Insider) EU member states are currently debating a ban on Russian oil imports, which could cut off vital funding for the Kremlin.
Europe Scrambles for Energy Before Cutting Itself Off From Russia (Wall Street Journal) The region is racing to stock up on oil and natural gas before tighter sanctions are imposed on Russian energy, amid a dash to reorganize global energy supplies.
Russia beats final deadline to avoid debt default (BBC News) Russia has drawn on US dollar reserves in order to make payments to international investors.
Russia swerves default as Putin forced into dollar U-turn (The Telegraph) Vladimir Putin has been forced to raid Russia’s dollar reserves to pay creditors in a U-turn that has staved off the country’s first international default since the Bolshevik revolution.
Russia Has Just Over a Day to Pay Two Foreign Bonds and Dodge Default (Bloomberg) Sanctions have complicated Russia’s dealings with creditors. 30-day grace period on two debt payments runs out on May 4.
Airliners ‘stolen’ by Putin to cost plane leasing behemoth $304m (The Telegraph) Aircraft leasing companies write down the value of aircraft in Russia as Kremlin puts jets out of reach of foreign owners
How Russia’s New Certificate Authority Could Change the Internet in America (CPO Magazine) Sanctions against Russia are piling up by the day, with countries banning ships, freezing assets and seizing yachts from oligarchs. One particular sanction, the refusal to renew web certificates, has led to Russia creating its own certificate authority (CA).
Attacks, Threats, and Vulnerabilities
Pentagon finds hundreds of cyber vulnerabilities among contractors (Defense News) The campaign launched in April 2021 with 14 participating companies and 141 publicly accessible assets to probe. Interest quickly ballooned; 41 companies and nearly 350 assets were eventually admitted.
Researchers tie ransomware families to North Korean cyber-army (The Record by Recorded Future) The North Korean army is trying its hand at ransomware, according to a new report from Trellix.
The Hermit Kingdom’s Ransomware Play (Trellix) Based on our research, combined intelligence, and observations of the smaller targeted ransomware attacks, Trellix attributes the ransomware families to DPRK affiliated hackers.
New espionage group is targeting corporate M&A (TechCrunch) In some cases, the advanced persistent threat group went undetected in victims' networks for as long as 18 months.
Cyberespionage Group Targeting M&A, Corporate Transactions Personnel (SecurityWeek) Mandiant warns that a new threat actor is using backdoors to remain undetected for "an order of magnitude longer than the average dwell time of 21 days in 2021."
UNC3524: Eye Spy on Your Email (Mandiant) We introduce UNC3524, a newly discovered suspected espionage threat actor targeting corporate emails.
Experts discover a Chinese-APT cyber espionage operation targeting US organizations (VentureBeat) Cybereason researchers uncover an ongoing Chinese cyber espionage operation targeting organizations across the US, Europe and Asia.
Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (Cybereason Nocturnus) Cybersecurity often focuses on malware campaigns or the latest zero-day exploit. Surveys and reports reveal the average cost of a data breach or how much it typically costs to recover from a ransomware attack. Those are the attacks that make noise and capture attention, though. The attacks that fly under the radar are often more insidious and much more costly.
Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques (Cybereason) In 2021, the Cybereason Nocturnus Incident Response Team investigated multiple intrusions targeting technology and manufacturing companies located in Asia, Europe and North America. Based on the findings of our investigation, it appears that the goal behind these intrusions was to steal sensitive intellectual property for cyber espionage purposes.
Chinese hackers cast wide net for trade secrets in US, Europe and Asia, researchers say (CNN) Chinese government-linked hackers have tried to steal sensitive data from some three dozen manufacturing and technology firms in the US, Europe and Asia, security researchers said Wednesday, in findings that shed new light on Beijing's alleged use of hacking to buttress its powerhouse economy.
Phishers exploit Google’s SMTP Relay service to deliver spoofed emails (Help Net Security) Phishers are ramping up attacks in which they exploit a flaw in Google’s SMTP Relay service to send malicious emails spoofing popular brands.
Armis Discovers "TLStorm 2.0," Five Critical Vulnerabilities in Network Switches, Organizations Around the World at Risk (Armis) Vulnerabilities found in widely-used network switches could allow attackers to bypass security features such as network segmentation to gain access to critical systems.
Unpatched DNS bug affects millions of routers and IoT devices (BleepingComputer) A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk.
New DNS Spoofing Threat Puts Millions of Devices at Risk (eSecurityPlanet) A critical vulnerability in popular C standard libraries could lead to DNS spoofing attacks. Here's how to protect yourself.
Millions of IoT devices and routers could have a mega security flaw (TechRadar) Unpatched bug could allow for DNS poisoning on products from more than 200 vendors
CMS-based sites under attack: The latest threats and trends (Help Net Security) The ongoing trends related to threats targeting websites based on popular CMS platforms such as WordPress, Joomla, Drupal and Magento.
Analyzing BlackByte Ransomware's Go-Based Variants (Zscaler) In this post, Zscaler ThreatLabz analyzes two variants of the Go-based implementation of BlackByte ransomware. Read more.
Smart Office Buildings Can Help Sniff Out Viruses but Are Vulnerable to Hacks (Wall Street Journal) Such buildings promise to cut carbon emissions and lead to healthier, happier workplaces. But they also raise privacy and cybersecurity concerns.
Transport for NSW struck by cyber attack (ZDNet) An unauthorised third-party accessed a 'small number' of user accounts in its online Authorised Inspection Scheme application.
Cyberattack Causes Disruptions at Car Rental Giant Sixt (SecurityWeek) Sixt, a major car rental company that operates in more than 110 countries, has been targeted in a cyberattack that caused some temporary disruptions.
Ransomware Attack Closes Kellogg Community College | Inside Higher Ed (Inside Higher Education) Kellogg Community College canceled classes Monday after a ransomware attack over the weekend. The attack is causing continued technology problems, according to an alert that appeared on the college’s website Sunday. All five Kellogg campuses, located in Michigan, will remain closed while the matter is under investigation, though administrators hope to reopen them later this week.
Class cancelled at Kellogg Community College following ransomware attack (WXMI) Classes and campuses are closed until further notice as the school investigates.
Illuminate Education Data Breach Impacted At Least 24 Districts, 18 Charter Schools in NY; Investigation Launched (THE Journal) At least 24 school districts and 18 charter schools in New York — totaling “at least” a million students in the state of New York alone — were impacted by the breach of private student data that occurred during a January cyberattack on Illuminate Education’s systems, and the New York State Education Department has launched an investigation into the data breach, a NYSED official told THE Journal.
Plainfield cyber attack: What's been recovered and what's still lost, thanks to hackers? (Yahoo) Plainfield police can again access state and national law enforcement data - such as warrants and stolen vehicle information - after a cyber attack.
Mimecast Reports ‘Major Power Outage’ In US Data Center (CRN) Mimecast email customers have been hit by disruptions that the email management provider linked to a major power outage in one of its data centers.
Security Patches, Mitigations, and Software Updates
HPE, Extreme Networks working to address five vulnerabilities in widely used network switches (The Record by Recorded Future) The two companies' widely used Aruba and Avaya network switches have vulnerabilities in NanoSSL, a popular library for the TLS protocol.
Firefox hits 100*, fixes bugs… but no new zero-days this month (Naked Security) Despite concerns that some websites might break when Chromium and then Firefox reached version 100, the web still seems to be intact.
Yokogawa CENTUM and ProSafe-RS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: CENTUM and ProSafe-RS Vulnerabilities: OS Command Injection, Improper Authentication, NULL Pointer Dereference, Improper Input Validation, Resource Management Errors 2.
Trends
What’s behind the record‑high number of zero days? | WeLiveSecurity (WeLiveSecurity) As cybercriminals and state-backed groups are increasing their activity, companies need to get better at mitigating threats from unknown vulnerabilities.
Deepfakes Are a Growing Threat to Cybersecurity and Society: Europol (SecurityWeek) Deepfake production technology is currently improving faster than deepfake detection technology. The threat is to both society and corporations.
Modern Bank Heists 5.0: The Escalation from Dwell to Destruction (VMware News and Stories) Modern Bank Heists 5.0 findings should serve as a warning to the financial sector that attackers are moving from dwell to destruction.
Despite spending more on cyber security, companies don’t feel protected (ITWeb) Nearly three quarters of SA's top 100 corporates do not feel fully protected, a study finds.
Tigera Releases The State of Cloud-Native Security Report, Revealing Key Challenges and Opportunities that Accompany the Rapid Adoption of Cloud-Native Applications (PR Newswire) Tigera, cloud-native application protection platform (CNAPP) provider and creator of Project Calico, today released the findings of its first...
IBM study reveals changing sentiments around AI ethics (SecurityBrief Asia) 80% of respondents pointed to a non-technical executive, such as a CEO, as the primary 'champion' for AI ethics, a sharp uptick from 15% in 2018.
Marketplace
Devo Acquires AI-Powered Security Automation Innovator to Deliver the “Autonomous SOC” (Devo) Devo has acquired the threat hunting pioneer Kognos. The acquisition will deliver on what Devo calls the “autonomous SOC.”
Traceable AI Snags $60M for API Security Tech (SecurityWeek) Traceable AI, a startup building technology to reduce attack surfaces in APIs, has banked a new $60 million funding round that values the company at $450 million.
Mosyle Launches World’s First Apple Unified Platform for Business, Closes $196 Million Series B Funding Round (Business Wire) Mosyle today launched the world's first Apple Unified Platform for Business and announced it has closed a $196 million Series B funding round.
Elon Musk Plans to Take Twitter Public a Few Years After Buyout (Wall Street Journal) Tesla CEO Elon Musk says he could stage an initial public offering for the social-media company within three years of its acquisition.
‘I Don’t Really Have a Business Plan’: How Elon Musk Wings It (New York Times) To a degree unseen in any other mogul, the world’s richest man acts on impulse and the belief that he is absolutely right.
Twitter’s Board Gave Up (Bloomberg) Also iron mining, Bitcoin mining and not granite mining.
Mayer Brown continues expansion of LA office and data privacy capabilities with Arsen Kourinian (Mayer Brown) Leading data privacy lawyer Arsen Kourinian has joined Mayer Brown as a partner in the Cybersecurity & Data Privacy practice in Los Angeles, continuing the firm’s West Coast expansion. Mr. Kourinian advises a global clientele of multinational corporations on compliance with data privacy laws in the United States, European Union, United Kingdom, Africa, Middle East and Asia. He is also a trusted member of the cybersecurity community, and receives briefings from the Federal Bureau of Investigation regarding cyber threats to the private sector. He joins from Perkins Coie.
Tetrate Names Finance Veteran Paul Machle as CFO (Business Wire) Tetrate, the enterprise service mesh company driving zero trust architecture and reducing the complexity of modern hybrid cloud, announced today the a
NinjaOne Hires Former Connectwise, Liongard CRO As Chief Channel Advisor To Support Channel-First Growth Strategy (NinjaOne) Ninja is featured and contributes articles to many of the top publications in the IT industry. Visit our press page to read the latest articles and press releases featuring Ninja.
Former Google official named California company's chief people officer (HCA Magazine) Brendan Castle will lead talent acquisition, learning and development, DEI efforts
Styra Expands Board of Directors with Former Auth0 CRO Dave Wilner (Business Wire) Styra, Inc., the creators and maintainers of Open Policy Agent (OPA) and leader of cloud-native authorization, announced today that Dave Wilner, forme
Centre for Information Policy Leadership Appoints Natascha Gerlach as Director of EU Privacy and Data Policy to Advance Its EU Data and Digital Policy Agenda (Hunton Andrews Kurth LLP) Hunton Andrews Kurth LLP helps businesses around the world navigate complex legal challenges in the energy, financial services, real estate investment and finance, retail and consumer products, and technology sectors and beyond. The firm has offices in the United States, Europe, Asia and the Middle East.
Products, Services, and Solutions
CyberWire launches CISA Cybersecurity Alerts: A first-of-its-kind public service audio feed for urgent threat advisories. (The CyberWire) The CyberWire today announced the launch of its new podcast, CISA Cybersecurity Alerts, a first-of-its-kind public service audio feed for urgent cybersecurity advisories. The alerts, produced by the Cybersecurity and Infrastructure Security Agency (CISA) with other government organizations, and adapted to audio by the CyberWire, provide urgent information about cyber threats, vulnerabilities, and exploits.
Variscite Enables Over-the-Air Updates to Enhance IoT and Edge Security (Yahoo Finance) TEL AVIV, Israel, May 03, 2022--Variscite Enables Over-the-Air Updates to Enhance IoT and Edge Security - Simplifies securing edge devices built on Variscite SoMs
Ordr Integrates With Cisco's Flagship Catalyst 9000 Series Switches To Simplify Deployments and Accelerate Cisco ISE and SDA Initiatives (PR Newswire) Ordr, the leader in connected device security, announced the availability of the Ordr Sensor as a hosted application on the Cisco Catalyst 9000...
Syxsense Enterprise Unifies Endpoint Security and IT Management for Real-Time Vulnerability Monitoring and Remediation (PRLog) Syxsense Enterprise Unifies Endpoint Security and IT Management for Real-Time Vulnerability Monitoring and Remediation. IT Teams can now manage, detect, and secure all endpoints with 100% visibility across desktop, laptop, server, and mobile devices - PR12915693
Extend application connectivity visibility into the multicloud with AlgoSec A32.20 (AlgoSec) AlgoSec, the application connectivity and security policy company, announced today the release of its latest product version A32.20. […]
ESET Offers SMBs 20% Off Advanced Cybersecurity for National Small Business Week (PR Newswire) ESET, a global leader in digital security, today announced a special promotion to celebrate National Small Business Week. To ensure that small...
Telefónica Tech partners with Proofpoint to provide Advanced Corporate Email Protection Services (Telefónica) The new service, Clean Email Enterprise, is cloud-based and integrates managed security solutions to provide unparalleled protection against email-born threats such as ransomware, Business Email Compromise and impersonation attacks.
ThetaRay provides transaction monitoring to Qolo (Paypers) Israel-based <a href='https://www.thetaray.com/' target='_blank'>ThetaRay</a> has partnered with omnichannel money movement platform <a href='https://qolo.io/' target='_blank'>Qolo</a> to detect and prevent financial crimes across the latter’s ...
eMazzanti Promotes Scalable, Secure and Affordable Information Governa (PRWeb) eMazzanti Technologies, a NYC area information governance expert and MSP promotes scalable, secure, and affordable information governance in a new article on th
BAE NetReveal risk scoring enhanced by new alliance with Dun & Bradstreet (Finextra Research) BAE Systems Digital Intelligence, a leading global provider of anti-money laundering (AML) and counter-fraud solutions, today announced a new alliance with Dun & Bradstreet, a leading global provider of business decisioning data and analytics, designed to help NetReveal clients to accelerate and enhance compliance and customer onboarding.
1Password Releases Feature-Packed Update with 1Password 8 for Mac (PR Newswire) 1Password, the leader in human-centric security and privacy, today announced that 1Password 8 for Mac is now available. Featuring a sleeker and...
Kocho Unveils New Managed XDR Service (Kocho) Find out how Kocho's new Managed Extended Detection and Response (XDR) service will enable organisations to detect and prevent threats, fast.
SecurID Receives FedRAMP Approval (SecurID) SecurID announced that it has received FedRAMP approval for government use.
Data Theorem Launches Industry’s First Software Supply Chain Attack Surface Management Product to Identify Third-Party Assets and AppSec Violations (Yahoo Finance) Data Theorem, Inc., a leading provider of modern application security, today launched Supply Chain Secure, the industry’s first attack surface management (ASM) product to address software supply chain security threats across the application full-stack of APIs, cloud services, SDKs, and open source software. Data Theorem uniquely identifies third-party vulnerabilities across the application software stack with continuous runtime analysis and dynamic inventory disc
Keeper Security Announces Keeper Connection Manager: Privileged Access to Remote Infrastructure with Zero-Trust and Zero-Knowledge Security (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software announces the launch of Keeper Connection...
Zuul Announces Inclusion in Distech Controls’ Digital Partner Program (Business Wire) Zuul to collaborate with Distech Controls’ System Integrators to deliver intelligent and innovative building IIoT cybersecurity solutions to customers
New York Department of Financial Services Establishes First-of-its-Kind Use Case with SecurityScorecard to Modernize Regulatory Oversight (SecurityScorecard) New York DFS Leverages Cybersecurity Ratings to Take a Risk-Based Approach Toward Supervision and Continuously Monitor Regulated Entities New York, May 4 , 2022 – SecurityScorecard , the global leader in cybersecurity ratings, is now working with the New York State Department of Financial Services…
BRIDGING THE NEEDS OF SECURITY AND DEVELOPMENT TEAMS, VERACODE UNVEILS NEXT-GENERATION SOFTWARE SECURITY PLATFORM | Veracode (Veracode) Veracode, a leading global provider of application security testing (AST) solutions, today announced its Continuous Software Security Platform, which seamlessly embeds application security into the software development lifecycle (SDLC). The platform streamlines workflows by bringing together development and security teams to provide a broad understanding of risk, remediation guidance, and progress at every stage of the development process.
Technologies, Techniques, and Standards
Lithuania, US wrap up joint cyber defense operation (Baltic Times) Lithuania and the United States have wrapped up a "hunt forward" joint cyber defense operation aimed at boosting inter...
Improve Your Customer Authentication Strategy With More Secure One-Time Passwords (Neustar) Organizations Must Be Proactive With OTP Fraud Prevention Techniques
10 most common MFA excuses, and how to answer them (ARN) CISOs often meet resistance to multi-factor authentication from users, management, and even IT. Here's how to counter their complaints.
Possible Cyberwarfare? Here’s How to Stay Armed. (The National Law Review) On March 18, 2022, President Biden issued a&nbsp;letter&nbsp;to California Gov. Gavin Newsom (the &ldquo;March 18th&nbsp;letter&rdquo;) requesting that he secure California&rsquo;s computer systems an
Allowing too many exceptions leaves you wide open to infection (Avast) Adding too many exceptions can be dangerous. Even if you’ve gotten away virus-free so far, that doesn’t mean your luck is going to hold.
Technical.ly looks at what city got for $10M ransomware recovery spend (Baltimore Brew) An information request yields new details on Baltimore’s hefty expenditure after the crippling 2019 malware attack.
Research and Development
Meta has built a massive new language AI—and it’s giving it away for free (MIT Technology Review) Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3
Academia
WVU students prepare for cyberspace attacks with Operation Locked Shields (WVU Today) Armed with keyboards, ones and zeros, a squad of West Virginia University students were among the 2,000 participants who competed in Operation Locked Shields, an international cyber defense exercise run by NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. The teams, which included members of the West Virginia and North Carolina National Guard, took orders from the Department of Defense and the Defense Information Systems Agency during the April 19-21 exercises.
Legislation, Policy, and Regulation
China Cracked Down on Big Tech Companies. Now It Needs Them (Bloomberg) Alibaba, JD.com, and Meituan have the distribution networks to supply cities in Covid lockdowns.
UK to abandon plans to give watchdog powers to regulate big tech, report (Computing) Plans to grant CMA new statutory powers likely to be ditched
Buying down risk in the cyber ecosystem: Arguments for the national cybersecurity strategy (Atlantic Council) The private sector has enormous influence over the cybersecurity ecosystem. Security investments stemming from enterprise and prioritizing a more resilient environment over reacting to emerging incidents can have massive impact at scale.
The development of warfare cyberspace in the United States, part 7 (Modern Diplomacy) As part of its 5G plan, in March 2022 the US Department of Defense awarded a three-year, 10 million dollar contract to Cubic Nuvotronics, a wholly-owned subsidiary of US-based Cubic Corporation. Under the contract, Cubic Nuvotronics will develop an ultra-high-performance, small, lightweight, low-power, dual-band wireless network communications transceiver (WNCT) for military applications. The simultaneous dual-band […]
U.S. Army Cyber Command welcomes new commanding general (US Army) Lt. Gen. Maria B. Barrett assumed command of U.S. Army Cyber Command (ARCYBER) in a ceremony at Fort Gordon, Ga., May 3, 2022.Barrett succeeds Lt. Gen....
Litigation, Investigation, and Law Enforcement
Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’ (the Guardian) Data leak reveals scale of potential surveillance by NSO Group client believed to be Morocco
Spain govt says it has nothing to hide in spyware scandals (AP NEWS) Spain’s government said Tuesday it had nothing to hide amid mounting unease over national security controversies involving Pegasus spyware, including the hacking of the prime minister's cellphone and spying on Catalan separatists by unknown agents.
Spanish government on defensive over spyware claims (France 24) Spain's fragile coalition government was on the defensive Tuesday over its announcement that the mobile phones of the premier and defence minister were tapped using Pegasus spyware.
Spanish Govt. Hacked by NSO Pegasus Spyware (or was it?) (Security Boulevard) The prime minister and the defense minister of Spain were infected with Pegasus. The notorious spyware, sold by NSO Group “only to governments,” caused large amounts of data to be exfiltrated.
SEC Nearly Doubles Size of Enforcement’s Crypto Assets and Cyber Unit (U.S. Security and Exchange Commission) The Securities and Exchange Commission today announced the allocation of 20 additional positions to the unit responsible for protecting investors in crypto markets and from cyber-related threats. The newly renamed Crypto Assets and Cyber Unit (formerly known as the Cyber Unit) in the Division of Enforcement will grow to 50 dedicated positions.
SEC to Hire More Crypto Cops to Fight Digital Frauds (Wall Street Journal) Agency to add 20 staffers to help tighten scrutiny of unregulated $1.7 trillion cryptocurrency market
Jury Awards Columbia University $185 Million in NortonLifeLock Patent Trial (Wall Street Journal) A federal judge has the discretion to triple the amount awarded in her final ruling after a jury found the company had willfully infringed on patents held by Columbia.
DHS watchdog says Trump's agency appears to have altered report on Russian interference in 2020 election in part because of politics (CNN) Former President Donald Trump's Department of Homeland Security delayed and altered an intelligence report related to Russian interference in the 2020 election, making changes that "appear to be based in part on political considerations," according to a newly released watchdog report.
Cops ignored call to nearby robbery, preferring to hunt Pokémon (Graham Cluley) A police car's digital in-car video system uncovered that two Los Angeles officers ignored calls to provide assistance at a department store robbery because they were too enthralled in catching…