Dateline Moscow and Kyiv: Heavy Russian strikes against civilian targets, more NATO aid for Ukraine.
Ukraine at D+327: Russian missiles strike civilian dwellings. (CyberWire) Many civilians were killed in Russian strikes over the Orthodox New Year this weekend. Kinetic attacks on Ukrainian infrastructure threaten connectivity.
Russia-Ukraine war: List of key events, day 328 (Al Jazeera) As the Russia-Ukraine war enters its 328th day, we take a look at the main developments.
NATO spy planes heading to Romania to monitor Russian activity (Defense News) Along with a small drone fleet in Italy, the planes are among the few military assets that NATO owns as an alliance.
Ukraine strike deaths hit 40; Russia seen preparing long war (AP NEWS) Ukrainian emergency crews on Monday sifted through what was left of a Dnipro apartment building destroyed by a Russian missile, placing bodies from one of the war's deadliest single attacks in months in black bags and gingerly carrying them across steep piles of rubble.
Ukraine live briefing: Death toll rises to 29 in Dnipro apartment building attack; Kyiv renews calls for defense systems (Washington Post) The death toll of a weekend missile attack on an apartment building has risen to 29, Ukrainian President Volodymyr Zelensky reported. Rescue workers continued to sift through the massive pile of rubble outside the damaged building, and emergency personnel and rescue dogs searched for survivors inside the remains of the building and in the wreckage outside.
The Russian missile that wiped out an apartment block was designed to sink aircraft carriers and can't be shot down by Ukraine, says its airforce (Business Insider) The Russian missile that caused dozens of casualties at an apartment block in Dnipro can carry a 2,000-pound warhead, said the Ukraine Air Force.
When Russia bombs a building full of people, this is the aftermath (Washington Post) Two hours after a Russian missile slammed into a Ukrainian apartment complex on Saturday, shocking the city that has served as a relatively safe haven for the war’s displaced, rescue workers digging through rubble spotted a sudden movement from above.
Death Toll Rises After Russian Strike Destroys Apartment Block (New York Times) Rescue workers were still digging through the rubble of a residential building in the central Ukrainian city of Dnipro on Sunday, a day after a Russian missile attack.
Pictured: Miraculous rescue of woman pulled from building torn open by Russian missile (The Telegraph) Anastasia Shvets sheltered in the bathroom of her Dnipro apartment as Cold War missiles designed to sink an aircraft carrier rained down
Ukraine live briefing: Dnipro missile attack kills at least 5 at apartment block, officials say; Kyiv also hit (Washington Post) Dozens of first responders scrambled through a huge pile of rubble in the wreckage of an apartment block Saturday, searching for survivors in the aftermath of an attack that killed at least five people. Ukrainian officials blamed a Russian missile strike. Ukrainian President Volodymyr Zelensky shared a video of the destruction and vowed to find and punish “everyone involved” in the strike.
Russia-Ukraine War: Death Toll in Apartment Strike Rises to 40 (New York Times) Russia’s attack on an apartment complex in Dnipro on Saturday is one of the deadliest for civilians away from the front line since the war began.
Russian Strikes Sap Ukraine Mobile Network of Vital Power (Wall Street Journal) Telecom operators and internet providers are scouring suppliers for better batteries and generators.
IAEA plans "continuous presence" at all Ukraine nuclear power plants "to help prevent a nuclear accident" amid Russia's war (CBS News) The atomic watchdog agency's boss will visit Ukraine soon, but implementing the plan may be difficult, especially at the Russian-occupied Zaporizhzhia plant.
Kremlin: There's no rift with Prigozhin and his Wagner mercenaries (The Telegraph) The man known as 'Putin's chef' has once again boasted of his soldiers' superiority over the Russian army
Ukraine Signals It Will Stay on the Offensive, Despite Talk of a Lull (New York Times) Many analysts and diplomats have suggested there could be a pause in major combat, and even peace talks, over the winter, but after pushing the Russians out of Kherson, Ukraine has no desire to stop.
For Families and Detainees in Russian-Occupied Areas, a Grim Wait (New York Times) After Russia’s retreat from Kherson city, Ukrainians in other occupied areas of the south had expectations of quickly regaining their freedom. But those hopes have been dashed.
UK to supply tanks; Russian missiles hit across Ukraine (AP NEWS) U.K. Prime Minister Rishi Sunak on Saturday promised to provide tanks and artillery systems to Ukraine, amid renewed missile attacks by Moscow targeting multiple Ukrainian cities for the first time in nearly two weeks.
Russia-Ukraine war live: UK to send tanks to Ukraine as Russian missiles hit multiple cities – as it happened (the Guardian) UK says it will send Challenger 2 tanks and more artillery support defence of Ukraine
Britain Says It Will Give Ukraine Tanks, Breaching a Western Taboo (New York Times) Western countries have balked at giving Ukraine tanks and other powerful weapons. As increased spring fighting looms, that seems to be changing.
Russia-Ukraine war latest: 'British tanks will burn,' threatens Kremlin (The Telegraph) UK tanks being sent to Ukraine will "burn" on the battlefield, the Kremlin threatened on Monday.
James Cleverly urges Washington to go ‘further and faster’ with Ukraine (The Telegraph) Foreign Secretary will tell allies in US capital that they must give Ukrainian forces ‘the tools to win the war’
U.S. begins expanded training of Ukrainian forces for large-scale combat (Washington Post) ‘We want the Ukrainians to have a capability to successfully defend their country,’ Gen. Mark A. Milley said in an interview
Expanded US training for Ukraine forces begins in Germany (AP NEWS) The U.S. military's new, expanded combat training of Ukrainian forces began in Germany on Sunday, with a goal of getting a battalion of about 500 troops back on the battlefield to fight the Russians in the next five to eight weeks, said Gen.
Did anyone say ‘war fatigue’ about Ukraine? (Defense News) It is up to the Ukrainians to say if they are willing to bear the risks of escalation rather than for the West to decide for them.
Russia shells Ukraine twice in a day, striking infrastructure and civilian homes (Meduza) In Kyiv there was an air raid alert in the morning on January 14. Presidential adviser Kyrylo Tymoshenko reported missile strikes on the capital’s critical infrastructure.
Russia-Ukraine War: Russia Says It Has Taken Besieged Town as Kyiv Denies the Claim (New York Times) There have been conflicting reports for days about who controls the small eastern town of Soledar, which has taken on outsize attention as Moscow seeks a victory.
Ukraine liberated Kherson city. Now, Russia is destroying it. (Washington Post) Four charred baby cribs were all that was left in the maternity ward’s bomb shelter.
Ukrainian forces 'withdraw' from Soledar as Putin claims victory (The Telegraph) Ukrainan forces are reportedly withdrawing from Soledar after Russia captured the city in their first major breakthrough in the war in six months.
Bloody Bakhmut siege poses risks for Ukraine (Washington Post) Kyiv must balance its defense of the city, weighted with symbolism, with preparations for a counteroffensive
Why Russia Wants To Capture The Small Mining Town of Soledar (Time) The battle for the small salt-mining town has emerged as a critical step in Moscow's war aims
Russia's humiliating U-turn as Wagner mercenaries take credit for capture of Soledar (The Telegraph) Kremlin had claimed its 'brave paratroopers' had seized town but was forced to backtrack
Sudden Surge In Russian Navy Ships And Submarines In Black Sea (Naval News) Ukrainian forces will be monitoring a sudden movement of Russian warships and submarines out of their base of Novorossiysk. The naval base, near the Kerch Bridge, is further from Ukrainian controlled coast than the famous base at Sevastopol. Yet the unusual movement may be important.
All of Russia's Black Sea Fleet warships disappear from the port of Novorossiysk (PravdaReport) It appears that the Russian Army is preparing for a new major strike on Ukrainian military facilities
Russia may announce another wave of mobilization in coming days--Ukraine Intel (Euromaidan Press) According to the military intelligence of Ukraine, Russia is preparing for another mobilization and is trying to create an army of two million.
Putin supports increasing maximum conscription age to 30, ‘as an idea’ (Meduza) Russian President Vladimir Putin has voiced support for the Defense Ministry’s proposal to increase maximum conscription age in Russia to 30, said the Kremlin spokesman Dmitry Peskov:
Russia’s Wagner Group 'recruits Serbian nationalists' to fight in Ukraine (The Telegraph) US warns Belgrade to clamp down on 'illegal activity' by Kremlin-linked group
Putin's latest move reveals the Kremlin’s internal dysfunction (The Telegraph) Russian leader should beware of constantly changing generals - it might come back to haunt him
Could Russia’s Reliance on Belarus be its Soft Underbelly? (Royal United Services Institute) Alongside Ukraine, Belarus has for centuries been a significant part of Russia’s own history, both as part of an ancestral empire and – in Russia’s perception – as an extension of Russia’s own security space. The political and defence ties between Belarus and Russia have gained new prominence as a result of the war in Ukraine. But a nuanced understanding of this relationship suggests that Russia’s dependence on Belarus for logistical support and training could become a weakness.
‘We don’t want to leave Russia, but…’ How Tatarstan lost the last major vestige of its sovereignty: its presidency (Meduza) Story by Andrey Pertsev. Translation by Sam Breazeale.
Russia’s Iranian-Made UAVs: A Technical Profile (Royal United Services Institute) The precision of Iranian-made suicide UAVs, combined with their cheapness, has turned them into a potent weapon on the battlefields of Ukraine.
Wartime Putinism (Foreign Affairs) What the disaster in Ukraine has done to the Kremlin—and to Russia.
How Putin’s Lies Are Driving the War in Ukraine (Foreign Affairs) A Conversation With Timothy Snyder
Russia’s Messaging Around the ‘Ceasefire’: A Sign of What is to Come? (Royal United Services Institute) The Kremlin’s choreography around the proposal for a Christmas ‘ceasefire’ in Ukraine suggests that it may be trying to construct a public narrative over peace negotiations.
Russia 'builds nuclear warheads for indestructible Poseidon super torpedo' (The Telegraph) Production has reportedly begun for Russia's new nuclear torpedoes, according to state media, which Putin has touted as virtually unbeatable
Delivering Tanks to Ukraine Could Be a Gamechanger in Europe (World Politics Review) France announced this week it is sending tanks to Ukraine, with the US, UK and Germany considering following suit.
Germany’s defense minister resigns after string of blunders (Washington Post) German Defense Minister Christine Lambrecht resigned Monday after a series of missteps that cast doubt on her ability to lead her country’s response to the war on Ukraine.
Why Japan Finally Got Tough on Russia (World Politics Review) After Japan’s decision to openly oppose Moscow’s invasion of Ukraine, relations with Russia have soured, and likely won't thaw anytime soon.
German defense chief reportedly set to quit ahead of key Ukraine tank decision (POLITICO) Lambrecht’s leadership style has come under fire, especially for failing to implement an increase in military spending pledged by Chancellor Scholz.
Pentagon Balks at Sending Ukraine Long-Range Bombs (Foreign Policy) It’s not fear of escalation. It’s fear of being too late.
Phishing scam invites Russian Telegram users to check ‘conscription lists’ to see if they’ll be drafted in February (Meduza) Russian Telegram users were targeted by a mass mailing of malicious messages inviting them to view a list of people allegedly pre-registered for enlisting in the Russian army on February 1–3, 2023. This was reported by In2Security, a Russian Telegram channel covering information security.
Ukraine calls for ‘Cyber United Nations’ amid Russian attacks (POLITICO) A top cyber official proposed the idea as Moscow targets Ukraine's infrastructure.
Laying the foundations for a settlement in Ukraine (Responsible Statecraft) Kyiv is in a strong position to negotiate. The US must convince both sides that the time to begin talks is now.
Duma speaker suggests confiscating property of ‘scoundrels’ who went abroad and criticize war (Meduza) Duma Speaker Vyacheslav Volodin wrote on his Telegram channel that Russians who have left the country, criticize the war, and criticize the Russian government, should have their property confiscated.
How Muscle Works in Moscow (Foreign Policy) Understanding “krysha,” the word that explains why Russian life is all about having the right kind of protection.
‘This will last a long time, but we know the outcome’: Kyiv’s year of defiance (the Guardian) rom doctors to cocktail bar staff, the people of the Ukrainian capital tell how small, everyday acts have become their symbols of resistance
Russia’s Crime and Punishment (Foreign Affairs) How to prosecute the illegal war in Ukraine.
Freeze—Don’t Seize—Russian Assets (Foreign Policy) Permanently confiscating Russian assets is tempting—but expropriating them without evidence of a crime would endanger Western companies.
Russians say they can download software from Intel again (Register) And Windows updates from Microsoft, too
Renewed Armenia-Azerbaijan Conflict Underlines Russia’s Waning Influence (New York Times) Russia helped end a 2020 war and its troops policed the cease-fire. But with a new crisis in the Caucasus heating up, Moscow, distracted and weakened by Ukraine, has not intervened.
Wagner mercenary dodges rifle fire and tracker dogs in high-stakes escape into Norway (The Telegraph) Andrei Medvedev says he scaled two barbed wire fences and crossed the frozen Pasvik River after escaping from the brutal military group
Former Wagner Group commander who fled to Norway feared for his life (the Guardian) Andrey Medvedev told the Guardian he had seen summary executions of mercenary group’s Russian fighters
Russian sergeant kills own troops with grenade (The Telegraph) A Russian army sergeant has detonated an anti-personnel fragmentation grenade in a military base in Russia's Belgorod region, killing at least three other soldiers.
Ukraine-Russia war latest: Russian troops accidentally blew up tank of Wagner mercenaries (The Telegraph) Russian troops accidentally blew up a tank of Wagner mercenaries in friendly fire, according to an intercepted phone call from the front lines, writes Nataliya Vasilyeva.
Ukrainian civilians vanish and languish in Russian-run jails (AP NEWS) Alina Kapatsyna often dreams about getting a phone call from her mother. In those visions, her mother tells her that she’s coming home. Men in military uniforms took 45-year-old Vita Hannych away from her house in eastern Ukraine in April.
Attacks, Threats, and Vulnerabilities
North Korean Hacking Group Tied to $100M Harmony Hack Moves 41,000 Ether Over Weekend (CoinDesk) Crypto exchange Huobi blocked funds tied to hack on Monday morning.
Hackers exploit Cacti critical bug to install malware, open reverse shells (BleepingComputer) More than 1,600 instances of the Cacti device monitoring tool reachable over the internet are vulnerable to a critical security issue that hackers have already started to exploit.
Hackers are using this old trick to dodge security protections (ZDNET) CVE-2015-2291 is a years-old security vulnerability - but cyber criminals are still able to take advantage of unpatched systems to compromise networks.
DHL Phishing Attack. Simply Delivered. (ArmorBlox) This blog examines a credential phishing attack that impersonated the brand DHL in an attempt to steal victims' login credentials. The email attack bypassed Microsoft Office 365 Email Security and EOP and had the potential to land in the inboxes of over 100,000 end users.
How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services (Orca Security) In this blog, we will describe how we found 4 different SSRF vulnerabilities and were able to take advantage of these flaws in some of the Azure Services.
Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident (The Hacker News) DevOps platform CircleCI recently fell victim to a breach after an employee's laptop was hacked. Attacker used malware to steal 2FA-backed credentials
CircleCI's hack caused by malware stealing engineer's 2FA-backed session (BleepingComputer) Hackers breached CircleCi in December after an engineer became infected with information-stealing malware that stole the employee's 2FA-backed SSO session, allowing access to the company's internal systems.
CircleCI says hackers stole encryption keys and customers' source code (Yahoo) CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers' data was stolen in a data breach last month.
NortonLifeLock warns that hackers breached Password Manager accounts (BleepingComputer) Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.
Norton LifeLock says thousands of customer accounts breached (TechCrunch) The cybersecurity company said the credential stuffing attack may have allowed intruders access to customer-saved passwords.
NortonLifeLock notifies thousands of users about compromised Password Manager accounts (Computing) Attackers used login details obtained from third-party platforms
Twitter API appears to be down, breaking Tweetbot and third-party clients (9to5Google) Twitter clients are broken left and right as the API unexpectedly went down on January 11, even bringing down Tweetbot.
Musk’s Twitter Intentionally Suspended Tweetbot, Third-Party Apps, Messages Show (The Information) The mysterious outage of Tweetbot and other third-party Twitter clients that began Thursday night was an intentional suspension, according to internal messages viewed by The Information. The suspension cut off the ability of people to use Twitter on outside apps, forcing them to go to Twitter’s ...
Another BIG DATA BREACH, over 2.5 billion Google Chrome users' details at risk (MSN) If they are not managed appropriately, these linkages could likewise be utilised to expose vulnerabilities.
1.7 TB of data stolen from digital intelligence firm Cellebrite leaked online (Security Affairs) 1.7 TB of data stolen from Cellebrite, a digital intelligence company that provides tools for law enforcement, were leaked online. The Israeli mobile forensics firm Cellebrite is one of the leading companies in the world in the field of digital forensics, it works with law enforcement and intelligence agencies worldwide. One of the most popular services provided […]
Entire software suite of Israeli security firm Cellebrite leaks online (CyberSecurity Connect) In a case of who watches the watchers (who secures the security companies, perhaps?), Cellebrite’s suite of surveillance software has been posted online in its entirety.
ODIN Intelligence website is defaced as hackers claim breach (TechCrunch) Hackers claim to have breached the company, which provides technology, tools, and data to law enforcement.
How cyber-attack on Royal Mail has left firms in limbo (BBC News) Small businesses tell the BBC they are facing delays and losing money as overseas post is stopped.
Royal Mail urging customers not to post items overseas after cyber attack (The Independent) The company did not provide any updates on Monday on when the incident is likely to be resolved and shipping would resume.
How did hackers bring Royal Mail to a halt? (Proactiveinvestors UK) International Distribution Services PLC (IDS), the owner of Royal Mail, suffered a ransomware attack this week on its online systems used for...
Russian cyberattack: Royal Mail scrambles to find a solution (Times) Royal Mail has a team of more than 100 trying to find a “work around” to continue sending items overseas after a cyberattack from a Russian group continued to w
LockBit cartel suspected of Royal Mail cyber attack (Computer Weekly) The still-developing cyber incident at Royal Mail may be the work of the infamous LockBit ransomware operation.
Ransomware Diaries: Undercover with the Leader of LockBit (The Record from Recorded Future News) A new report from a researcher who infiltrated the Lockbit ransomware group provides an insider's view of the most dangerous ransomware gang in the world. Click Here and The Record were given an early look at it.
Guardian refuses to say if it paid ransom after hackers stole staff details (The Telegraph) Ransomware attack forces company to shut its offices for more than a month
Canada's largest alcohol retailer's site hacked to steal credit cards (BleepingComputer) The Liquor Control Board of Ontario (LCBO), a Canadian government enterprise and the country's largest beverage alcohol retailer, revealed that unknown attackers had breached its website to inject malicious code designed to steal customer and credit card information at check-out.
Website of Canadian Liquor Distributor LCBO Infected With Web Skimmer (SecurityWeek) Canadian liquor distributor LCBO says online store’s user data was stolen following a web skimmer infection.
Cyber attack on private company stoping recorders offices from updating real estate records (KCRG) "It's been eventful because we've had a system-wide outage."
Halifax Register of Deeds office still affected by December cyberattack (The Daily Herald) The Halifax County Register of Deeds office provided an update from a cyberattack that occurred in late December.
A mole map interrupted as cyberattack barrage continues (NZ Herald) Patient angry year-on-year comparisons no longer possible. Provider 'hopeful' of return.
US school district cyber attack victims fear account thefts (The Star) Now, officials believe the victims' stolen information lies within the hackers' website inside the so-called dark web.
QEH departments being reconnected to internet after cyber attack (Barbados Today) The Queen Elizabeth Hospital says several departments are being be reconnected to the internet following a cyber attack in December. The hospital annouced the major milestone in its efforts to restore connectivity on Saturday. “Between Saturday, January 14, and Monday, January 16, 2023, Medical Records, Pharmacy, Laboratory, Radiology, Procurement and a portion of the Finance […]
Security Patches, Mitigations, and Software Updates
Buggy Microsoft Defender ASR rule deletes Windows app shortcuts (BleepingComputer) Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they would no longer launch the linked apps.
Amazon S3 now encrypts data by default (TechTarget Storage) Changes to Amazon S3 buckets increase data security with at-rest encryption.
Trends
Ransomware has now become a problem for everyone, and not just tech (ZDNET) Ransomware attacks have rumbled on for years and show no signs of slowing down. It's time we faced the threat head on.
Cyber immunity a key IT security theme in 2023 (IT-Online) Threat landscape insights and predictions for 2023 show that the META region will remain a target for increased cybercriminal activity. Today’s hyper-connected world requires to reconsider the way we approach cybersecurity. This is why Kaspersky has spent several years developing the methodology of creating cyber immune IT products – those with ‘innate’ protection against cyberthreats. […]
Hi-Tech Crime Trends 2022/2023 (Group-IB) Benefit from Group-IB’s flagship cybersecurity report and explore the current threat landscape trends and forecasts
State Of Software Security (Veracode) Veracode presents volume 9 of the State of Software Security (SOSS) report, our comprehensive review of application testing data.
Marketplace
Private-Equity Firms Tighten Focus on Cyber Defenses at Portfolio Companies (Wall Street Journal) Some investors now require extensive controls before any deals happen.
College Park's IonQ acquires Toronto startup to speed growth in quantum computing (Washington Business Journal) College Park quantum computing company IonQ Inc. (NYSE: IONQ) has acquired a Toronto software startup in a deal its CEO says will accelerate its growth by allowing quantum computers to better communicate with one another. The deal for Entangled Networks Ltd., announced Wednesday, is the first ever for IonQ, which was founded by a couple of university professors in 2015 and went public in 2021 via a merger with a special purpose acquisition company.
SpiderOak raises $16.4 million to protect space mission systems (Help Net Security) SpiderOak has raised $16.4M in Series C round led by Empyrean Technology Solutions to protect space mission systems.
Crisis24 acquires Topo.ai to enhance global risk intelligence capabilities (Help Net Security) Crisis24 acquires Topo.ai to further strengthen its support operations, and offer a one-stop shop solution with plug and play capabilities.
Gula-backed Second Front Raises $2 Million from U.K.’s Gallos Technologies (citybiz) Second Front Systems, a public-benefit company that enables delivery of mission-critical SaaS solutions to government and military, has closed on... Read More
Stu Sjouwerman on What Vista Equity's Buy Means for KnowBe4 (Gov Info Security) Vista Equity Partners' specialization in enterprise software and bench of subject-matter experts should help KnowBe4 reach $1 billion in ARR, says CEO Stu
Devo CEO Predicts Two Top Security Companies to Merge in 2023 (SDxCentral) Devo Technology CEO Marc van Zadelhoff forecasts a large merger among the top 20 security companies in 2023.
FBI releases SIAS RFI (Intelligence Community News) On January 13, the United States Department of Justice (DOJ), Federal Bureau of Investigation (FBI) posted a request for information (RFI) for its Solutions for Intelligence Analysis Services (SIAS) requirement. Submissions must be received no later than 12:00 p.m. Central on January 26.
U.S. Marshals to Host Industry Day for Physical Electronic Security Systems (ESS) Services (Hstoday) Services include all necessary personnel management, supervision, administrative, and technical support.
New Year, New Cybersecurity Conferences - 10 you won't want to miss (Salt | Secure Communications) Attending cybersecurity conferences is one of the best methods to stay up to date and ahead of current and future cutting-edge technologies and cyber protection tactics. As a company we attend many industry conferences throughout the year so we thought we’d put together a list of some of our favourites and some recommendations for 2023 […]
Akamai CEO Tom Leighton Is Scooping Up Stock (Barron's) Akamai co-founder and CEO Tom Leighton has bought more than $500,000 of stock since the beginning of December.
MSAB announces the appointment of Adam Firman as Tech Evangelist (MSAB) MSAB announces the appointment of Adam Firman as Tech Evangelist MSAB, a world leader in mobile forensics, today announces the appointment of Adam Firman as Tech Evangelist. With an impressive track record of working in Law Enforcement with multiple digital forensics solutions for 15 years and as a tech sales representative within MSAB for three […]
Sabika Ishaq promoted to CISO (Grant Thornton Luxembourg) Sabika Ishaq has been promoted to Chief Information Security Officer (CISO) of Grant Thornton Luxembourg. She is leading the internal security program as of the start of this year. With more than 15 years of experience in a number of different fields including the United Nations, she joined Grant Thornton in 2021.
FTI Consulting Adds Three Senior Managing Directors in Australia (GlobeNewswire News Room) Wouter Veugelen Joins the Cybersecurity Practice Hayden White Joins the Corporate Finance & Restructuring Segment Michael Khoury Joins the...
Dan Yerushalmi Appointed CEO of AU10TIX (PR Newswire) AU10TIX, the global technology leader in identity verification and identity management automation, today announced the appointment of Dan...
Products, Services, and Solutions
Actions Integrations are now GA (Okta) Drag-and-drop extensibility for your identity flow
Onapsis and Wipro help enterprises secure their SAP applications (Help Net Security) Onapsis has formed a strategic collaboration with Wipro to drive digital transformation and business growth for customers.
SentinelOne Selected by CISA’s Joint Cyber Defense Collaborative to Strengthen U.S. and International Cybersecurity Capabilities (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced its membership in the Joint Cyber Defense Collaborative (JCDC) to
Cybersecurity Firm Polygraph Explains Why Advertisers Need To Use A Click Fraud Detection Service (GlobeNewswire News Room) Advertisers will benefit in multiple ways if they choose to protect their advertising budgets from click fraud criminals....
Devo Announces AI-powered Solution to Augment Analysts with Alert Investigation and Threat Hunting (GlobeNewswire News Room) Devo DeepTrace fundamentally changes the way organizations discover and thwart their adversaries while protecting the business...
TDengine Releases Simple And Secure Data Sharing For Enterprises (TDengine) TDengine delivers simple and secure data distribution with fine-grained access control for internal and external stakeholders.
Accellera’s Security Annotation for Electronic Design Integration Standard 1.0 Moves Toward IEEE Standardization (GlobeNewswire News Room) New IEEE P3164 Working Group to address security concerns for IP providers...
NS1 Introduces New Solution for Deep DNS Observability (GlobeNewswire News Room) DNS Insights by NS1 Enables Rapid Network Troubleshooting and Optimization at Scale...
Varonis Introduces Least Privilege Automation for Microsoft 365, Google Drive, and Box (GlobeNewswire News Room) Effortlessly eliminate cloud data exposure with the industry's first fully autonomous remediation engine...
Cloud 9: Top Cloud Penetration Testing Tools (Bishop Fox) Here are nine of our favorite cloud pen testing tools use by our pen testers in 2022 and additional resources for enhancing your cloud pen testing skills.
Our Top Favorite Fuzzer crowdsourcing pen testing tools (Bishop Fox) Learn which 9 crowdsourcing pen testing fuzzing tools are our penetration testers' favorites to add to your security toolbox.
Technologies, Techniques, and Standards
US to Launch Third Iteration of 'Hack the Pentagon' Bug Bounty Program (Infosecurity Magazine) Cybersecurity researchers will try and find vulnerabilities in the government's FRCS network
Data Security: This Time, it's Personal (Security Boulevard) Security teams struggle to keep pace with data proliferation across their cloud environments. The cloud provides obvious business advantages, but the
The 8 Top BYOD Security Risks (and How to Mitigate Them) (Cimcor) How can you maintain information security concerning your BYOD policies? Consider—and counter—these eight top BYOD security risks. Without proper measures, you will…
Cybersecurity: A Guide for Greenhouse Cybersecurity (Greenhouse Grower) As you assess your plans for 2023, make sure protecting your business from cyberattacks is one of them.
Design and Innovation
Does Generative AI help or harm our world? It’s up to us! (World Economic Forum) Generative AI is a disruptor technology, with the potential to improve our lives drastically, but also carries potential for abuse and global harm. This is how we should react.
Research and Development
Quantum computers: How scientists can shield against cyber attacks (Interesting Engineering) Quantum computers threaten our whole cybersecurity infrastructure: here’s how scientists can bulletproof it.
Researchers have created a new and potentially dangerous encryption-breaking quantum algorithm (TechSpot) Tsinghua University professor Long Guili and his team claim to have developed a new, qubit-saving factorization algorithm that could spell trouble for cryptographic security standards in the...
The ‘quantum encryption apocalypse’ might just be Y2K 2.0 (IT Brew) The tech to keep data safe in a quantum world exists today, experts say—but implementing it will be a major logistical challenge.
Cosmic-ray muons used to create cryptography system (Physics World) New scheme encodes and decodes messages using the random arrival of subatomic particles
Academia
Auburn Banned TikTok, and Students Can’t Stop Talking About It (New York Times) The school’s prohibition brings a geopolitical fight front and center for TikTok’s biggest fans: young Americans.
Nine Universities Receive $29 Million In NSF Grants To Prepare More Cybersecurity Workers (Forbes) The National Science Foundation (NSF) has selected nine universities to receive more than $29 million in total funding as part of its CyberCorps® Scholarship for Service program, a major agency initiative to strengthen the security of America’s cyber space.
EC-Council Announces 2022 Academia Award Winning Cybersecurity Instructors (PR Newswire) EC-Council announced today its 2022 Academia award winning instructors of the year. The five honored instructors include a diverse group of...
Cyber-security hacking tournament held at RIT this weekend (WHAM) The brightest student minds in cyber-security will be spending this weekend on the campus of RIT.The top 15 collegiate teams are completing in what is called et
What Education is Required to Become a Cybersecurity Specialist? - The Enlightened Mindset (The Enlightened Mindset) Learn about the educational requirements to become a cybersecurity specialist, including types of degrees, certifications, and skills needed. Understand the potential benefits and challenges of pursuing a career in cybersecurity, and the impact of continuing education.
LastPass breach affects Virginia Tech security posture (Security Magazine) Virginia Tech IT security leaders advised LastPass users to change their passwords to protect against data breaches and paused their LastPass rollout.
Legislation, Policy, and Regulation
Iran sought a surveillance project with ‘unprecedented’ reach (Washington Post) Inside the negotiations of a sweeping government surveillance program in Iran
Five Eyes alliance meets to discuss zero-trust cyber security (Cybersecurity Connect) The Pentagon has hosted a meeting of the Five Eyes security alliance to discuss zero trust cybersecurity. The US invited representatives from Australia, Canada, New Zealand, and the UK to Fort Meade i
Happy NIS Year, Everyone! A New Common Cybersecurity Framework for the European Union (The National Law Review) The European Parliament and Council dropped an early Christmas present on all stakeholders in the digital environment and critical infrastructure that may feel to some like a bit of coal in the stocki
Campaign to Renew US Spy Powers Faces Bitter Battle in Congress (Bloomberg Law) The US intelligence community faces a hard battle to renew foreign surveillance powers that have enabled authorities to repeatedly access private information about Americans despite constitutional protections.
NSA asks congress to reauthorize warrantless data collection (Register) Also: That Pokemon is actually a RAT, Uncle Sam fails a password audit
NY lawmakers vow to tackle cyber hack attacks against hospitals, schools (New York Post) State lawmakers have promised to help prevent cyber ransomware attacks after the computer systems of a Brooklyn hospital system and Suffolk County government were disabled by hackers last year.
NY lawmakers vow to tackle cyber hack attacks against hospitals, schools (DataBreaches.net) New York state lawmakers have promised to make helping local governments, schools and hospitals protect against cyber ransomware attacks a top priority during the 2023 legislative session.
TikTok Tries to Win Allies in the U.S. With More Transparency (Wall Street Journal) The Chinese-owned video-sharing app has revealed details of a complex, $1.5 billion plan to reorganize the company’s U.S. operations.
Litigation, Investigation, and Law Enforcement
Israel's Cognyte won tender to sell intercept spyware to Myanmar before coup -documents (Reuters) Israel's Cognyte Software Ltd won a tender to sell intercept spyware to a Myanmar state-backed telecommunications firm a month before the Asian nation's February 2021 military coup, according to documents reviewed by Reuters.
Senate eyes executive session on cyberattack angle in air traffic fiasco (CNN) The Senate may hold a closed-door executive session with the Cybercrime Investigation and Coordinating Center to discuss the cyberattack angle in the air traffic management system shutdown on New Year's Day.
Lawmaker asks CISA to investigate air travel cyber risks following FAA system outage (FCW) New questions have been raised about national air travel safety following the FAA’s ground stop earlier this week.
Multi-million investment scammers busted in four-country Europol raid (Naked Security) 216 questioned, 15 arrested, 4 fake call centres searched, millions seized…
Europol Busts Crypto Fraud Call Centers (HackRead | Latest Cyber Crime - InfoSec- Tech - Hacking News) Follow us on Twitter @HackRead - Facebook @ /HackRead
French CNIL fined Tiktok $5.4 Million for violating cookie laws (Security Affairs) French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l’informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5 million (about $5.4 million) for violating cookie consent rules. French data protection watchdog claims that users are not able to refuse cookies, as easily […]
TikTok slapped with $5.4 million fine over cookie opt-out feature (BleepingComputer) France's data protection authority (CNIL) has fined TikTok UK and TikTok Ireland €5,000,000 for making it difficult for users of the platform to refuse cookies and for not sufficiently informing them about their purpose.
Cyber Whistleblowing Is Putting Security Chiefs in the Hot Seat (Tanium) A 2022 law may spawn a new generation of security whistleblowers. Greater transparency and accountability can stem that tide.
More classified documents found at Biden’s Wilmington home, White House says (Washington Post) In effort to show cooperation with Justice Department, Biden’s personal lawyer released new details about the timeline of events regarding the finding of classified documents, now under investigation by a special counsel.
Here's what we know about the classified documents found at Biden's home and office (NPR) The fast-moving revelations have placed the president under the investigation of a special counsel and ignited Republican criticism. The White House said on Saturday that more documents were found.
Questions answered about tracking classified documents (ABC News) The most sensitive classified documents are serialized, whereas less-sensitive files are not
Most often, missing or mishandled documents are discovered in one of two ways
Keeping the Wrong Secrets (Foreign Affairs) How Washington misses the real security threat.
Opinion | Biden’s Classified Document Stash (Wall Street Journal) A sauce for the gander moment that makes charging Trump much harder.
The Document That Separates Biden and Trump (Bloomberg) The former president’s disregard for the Constitution is a far worse offense than almost anything that could be done with classified information.
Sam Bankman-Fried's secret 'backdoor' discovered, FTX lawyer says (Business Insider) "All this has left a shortfall in value to repay customers and creditors," Andrew Dietderich told the court, with $5 billion recovered so far.
Sam Bankman-Fried's secret 'backdoor' discovered, FTX lawyer says (Business Insider) "All this has left a shortfall in value to repay customers and creditors," Andrew Dietderich told the court, with $5 billion recovered so far.
Silicon Valley firm sues spy agency over software contract (Federal News Network) Percipient.AI alleges NGA and prime contractor CACI are ignoring a law requiring agencies to buy commercially available products.
Twitter Sued for Data Leak, Denies It's at Fault (TheWrap) More than 200 million users' information was compromised in the alleged 2021-2022 incident
Three Australian law firms join forces to litigate Medibank (Business News Australia) Three Australian law firms have partnered up to launch a landmark data breach complaint against private health insurer Medibank (ASX: MPL), which could be forced to provide compensation payments to 9.7 million current and former customers impacted by a cyberattack in 2021. Law firms Maurice Blackburn Lawyers, Bannister
Brazilians are turning to Instagram to identify far-right rioters (MIT Technology Review) An account dedicated to unmasking insurrectionists has named and tagged dozens of alleged attackers.
New details link George Santos to cousin of sanctioned Russian oligarch (Washington Post) The New York congressman once claimed Andrew Intrater’s company was his “client,” while another Intrater company allegedly made a deposit with a firm where Santos worked
Didi Wins Approval to Restart New User Registration for Ride-Hailing Service (Wall Street Journal) Didi Global said it obtained approval from the Chinese cybersecurity regulator to resume new user registration for its ride-hailing service.