Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+454: Anti-Putin partisans, and trouble at KillNet. (CyberWire) Skirmishing continues around Bakhmut. Russia claims to have ejected anti-Putin Russian partisans from Belgorod. Russian cyberespionage rises, hacktivist auxiliaries show signs of decline, and criminal gangs revert to the criminal mean.
Russia-Ukraine war at a glance: what we know on day 455 of the invasion (the Guardian) Russian prime minister is in China to sign bilateral agreements; Belgorod governor says nine remain in hospital after cross-border incursion
Fighting Appears to End In Russia's Belgorod After Cross-Border Incursion (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy visited troops on the front line in the eastern Donetsk region as fighting appeared to cease around Russia's Belgorod region a day after armed fighters from inside Ukraine launched one of the largest cross-border incursions since the start of the war.
Anti-Putin militias mount cross-border incursion in western Russia (Washington Post) Russian officials said Tuesday that a counterterrorism operation has expelled saboteurs from the Belgorod region, which borders Ukraine, after militias made up of Russians fighting on Ukraine’s side in the war mounted an attack on a border post and targeted a building of the Federal Security Service, or FSB.
Russia fights alleged incursion from Ukraine for second day (Military Times) Russia accuses Ukraine of attacking a border town for a second day. Kyiv blames Russian partisans.
Ukraine: The Latest - Russian city of Belgorod 'breached in a hugely embarrassing way' (The Telegraph) Every weekday the Telegraph's top journalists analyse the Russian invasion of Ukraine from all angles and tell you what you need to know
Russia 'deeply concerned' as citizens evacuated from nine Belgorod villages (The Telegraph) Two anti-Kremlin groups used US-made tactical vehicles to storm a Russian border region, according to reports.
As Russia Claims Victory in Bakhmut, Ukraine Sees Opportunity Amid Ruins (New York Times) Military analysts say that if Moscow continues to send reinforcements to defend the city, that could weaken Russian forces’ ability to hold off a broader counteroffensive that Ukraine has been planning.
Russian elites are looking to escape "sinking ship," former ambassador says (Newsweek) "The fissures in Russian elite society have become apparent," John Herbst, the former U.S. ambassador to Ukraine, told Newsweek.
Russia-Ukraine war live: Prigozhin says Wagner lost 20,000 troops in Bakhmut; Ukraine joining Nato during war ‘not on agenda’ (the Guardian) Russian mercenary army lost about 20% of recruits, says group’s chief; ‘issue is what happens when war ends,’ says Stoltenberg
British Defense Minister In Kyiv For Talks On Weapons Deliveries (RadioFreeEurope/RadioLiberty) British Defense Minister Ben Wallace met with his Ukrainian counterpart, Oleksiy Reznikov, during a surprise visit to Kyiv on May 24, Ukraine's Defense Ministry announced.
F-16s for Ukraine: Why Kyiv would still face big hurdles in using the US-made fighter jets (CNN) Ukraine’s quest for US-made F-16 fighter jets received a big boost over the weekend when US President Joe Biden gave his backing for Kyiv’s pilots to be trained to fly them.
Biden shift on F-16s for Ukraine came after months of internal debate (Military Times) Over the past three months, Biden officials shifted toward the view that it was time to provide the aircraft for Ukraine's long-term security.
In Ukraine, USAID Created a Blueprint for Digital Citizenship. Now They’re Exporting It (Defense One) USAID aid will help as Putin attempts to “win an information war in the Global South,” Samantha Power says.
Arms Flow 30% Faster to Ukraine as US Relearns Cold-War Skills (Defense One) Logisticians are honing techniques invented to keep the Soviet Union from seizing Europe.
Readout of Secretary of Defense Lloyd J. Austin III's Call With Ukrainian Minister of Defe (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke with Ukrainian Minister of Defense Oleksii Reznikov in advance of the virtual Ukraine Defense Contact Group meeting, which will focus on sustaining
Assistant Secretary of Defense for Strategy, Plans, and Capabilities Dr. Mara Karlin's Virtual Remarks at the Black Sea and Balkans Forum (U.S. Department of Defense) The assistant secretary of defense for strategy, plans and capabilities delivered virtual remarks to attendees of the Black Sea and Balkans Forum.
Readout of Secretary of Defense Lloyd J. Austin III's Meeting With the Czech Republic Minister of Defence Jana Černochová (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III met with the Czech Republic's minister of defense at the Pentagon where the leaders signed the Defense Cooperation Agreement to further strengthen our defense
U.S., Czech Defense Leaders Sign Security Agreement (U.S. Department of Defense) The agreement between the U.S. and the Czech Republic is meant to further strengthen defense ties, enhance NATO operations, advance transatlantic security and protect the nations' shared interests and
Ireland’s cyber security agency has been providing ‘non-lethal aid’ to Ukraine (The Irish Times) Cyber chief says assistance has been given in 'significant volumes' and 'helping Ukraine helps us better protect the people of Ireland'
Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (The Hacker News) Ukraine's state bodies under cyber attack! CERT-UA warns of an espionage campaign targeting ministries.
Moscow Court Extends Pretrial Detention For U.S. Journalist Held On Spying Charges (RadioFreeEurope/RadioLiberty) A court in Moscow has extended the pretrial detention of Evan Gershkovich, a U.S. reporter for The Wall Street Journal, arrested in Russia in March on spying charges that he, his newspaper, and the U.S. government have strongly denied.
Why Isn’t the Pentagon Helping the International Court Prosecute Putin? (Defense One) DOD’s concerns about “reciprocity” should not constrain U.S. efforts to help Ukraine pursue justice.
Attacks, Threats, and Vulnerabilities
Exclusive: Chinese hackers attacked Kenyan government as debt strains grew (Reuters) Chinese hackers targeted Kenya's government in a widespread series of digital intrusions against key ministries and institutions, according to three sources, cybersecurity research reports and Reuters' analysis.
Updates to Legion: A Cloud Credential Harvester and SMTP Hijacker (Cado Security) Cado Labs have encountered an updated version of a cloud-focused hacktool named Legion with some additional functionality.
Meet the GoldenJackal APT group. Don’t expect any howls (SecureList) GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.
GoldenJackal: New Threat Group Targeting Middle Eastern and South Asian Governments (The Hacker News) A new cyber threat, GoldenJackal, is targeting government and diplomatic entities in the Middle East and South Asia.
GoldenJackal state hackers silently attacking govts since 2019 (BleepingComputer) A relatively unknown advanced persistent threat (APT) group named 'GoldenJackal' has been targeting government and diplomatic entities in Asia since 2019 for espionage.
Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit (SentinelOne) North Korean APT group focuses on file reconnaissance and information exfiltration with latest variant of RandomQuery malware.
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (The Hacker News) Kimsuky, the North Korean APT group, is back in action! They're using a new custom malware called RandomQuery to conduct reconnaissance.
YouTube Pirated Software Videos Deliver Triple Threat: Vidar Stealer, Laplas Clipper, XMRig Miner (Fortinet Blog) The FortiGuard Labs team investigates a threat campaign targeting YouTube viewers. Get a view of its entire attack chain along with the malware components that make up this campaign. …
SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft (Dark Reading) Secure email gateways and end users alike are being fooled by a cyberattack campaign that's enjoying skyrocketing volumes against businesses in every industry, globally.
PyPI open-source code repository deals with manic malware maelstrom (Naked Security) Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future…
Manage WORM Compliant Storage with a Data Governance Plan (Datadobi) StorageMAP can solve WORM storage retention risks by identifying files that have exceeded their retention period and helping you act on them.
The Most Prolific Ransomware Families: 2023 Edition (DomainTools) We’ll discuss the events that forced the most prolific ransomware families to evolve, the top targeted industries, and influences on RaaS.
Blog - What if we had the SockPuppet vulnerability in iOS 16? (Apple Security Research) The next post in our XNU memory safety series examines how our hardened kernel allocator performs in the real world against a previously patched but powerful UAF software vulnerability. In this detailed analysis, we find out what might happen if SockPuppet were to meet kalloc_type in iOS 16.
Misconfiguration Expose Okta Master Passwords - Authomize (Authomize) Misconfiguration Expose Okta Master Passwords
Suspected Iranian hackers target Israeli shipping and logistics companies (Record) Israel-based cybersecurity company ClearSky says it's possible the "watering hole" attacks were by the Iranian nation-state hacker group Tortoiseshell, also called TA456 and Imperial Kitten.
Augusta confirms cyber crime on city computers, says unrelated to other recent outage (Augusta Chronicle) Augusta Mayor Garnett Johnson confirmed Tuesday that part of the city's recent computer issues were caused by unauthorized access.
Cuba ransomware claims cyberattack on Philadelphia Inquirer (BleepingComputer) The Cuba ransomware gang has claimed responsibility for this month's cyberattack on The Philadelphia Inquirer, which temporarily disrupted the newspaper's distribution and disrupted some business operations.
Arms maker Rheinmetall confirms BlackBasta ransomware attack (BleepingComputer) German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business.
German arms manufacturer Rheinmetall suffered Black Basta ransomware attack (Security Affairs) The German automotive and arms manufacturer Rheinmetall announced it was victim of a Black Basta ransomware attack that took place last month. Rheinmetall is a German automotive and arms manufacturer that is listed on the Frankfurt stock exchange. The company this week announced it was victim of a ransomware attack conducted by the Black Basta ransomware group. The incident took place […]
Canadian Nurses Association hit by cyber attack (IT World Canada) The Canadian Nurses Association says it has suffered a cybersecurity incident, but isn't commenting on a report that the attack was ransomware. "We can confirm having experienced an IT security incident on April 3, 2023 which impacted some of our systems," Alexandre Bourassa, the association's public affairs lead, said in an email to IT World
Health insurer says patients’ information was stolen in ransomware attack (Record) Patient data at Harvard Pilgrim Health Care was copied and taken during a period from late March to mid-April, according to the system's parent organization, Point32Health.
Harvard Pilgrim says customers' information compromised in cyber attack (CBS News) Harvard Pilgrim said they are not aware of misuse of information, but they are offering free credit monitoring to members.
Marine unit accidentally emails out 39,000 bank accounts, other personal info (Task & Purpose) There are no indications that any of the personal information was forwarded outside official government channels.
The timeline: Records show the immediate aftermath of the cyber attack on Rochester Public Schools (Rochester Post Bulletin) Although the district initially shut everything on its network down, it soon after restored email access to the district's top administration.
4 Reasons Why Not to Use WhatsApp for Secure Communications (Salt | Secure Communications) Don’t settle for just using WhatsApp for secure communications. Check out these 4 reasons why you should consider a WhatsApp replacement. WhatsApp is a communications app that is widely utilised for personal use, however using WhatsApp for business could include risks related to productivity, compliance, improper management of workflows, tracking, data administration, and, lastly, company […]
Security Patches, Mitigations, and Software Updates
CISA Releases Four Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released four Industrial Control Systems (ICS) advisories on May 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
AT&T resolves issue that would allow account takeover through ZIP code and phone number (Record) AT&T recently fixed a vulnerability that would have allowed anyone to take over someone’s account on ATT.com just by knowing their phone number and ZIP code.
GitLab Critical Security Release: 16.0.1 (GitLab) Learn more about GitLab Critical Security Release: 16.0.1 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Addigy Finds Apple Rapid Security Response (RSR) Updates Not Being Applied in 25 Percent of Managed macOS Devices (ACCESSWIRE News Room) Customer Inspections Uncover a Quarter of macOS Devices Won't Accept MDM Updates; Addigy Rolls out Watchdog Utility to Ensure All Machines Enable Patches
Trends
2023 spear-phishing trends (Barracuda) Key findings about the impact of attacks and the challenges of threat detection and response
Fortinet Global Report Finds 75% of OT Organizations Experienced at Least One Intrusion in the Last Year (Fortinet) 95% of Organizations Expect OT Cybersecurity Responsibility to Shift from Directors and Managers to CISOs in the Next 12 Months
2023 State of Operational Technology and Cybersecurity Report (Fortinet) In nearly all organizations surveyed, CISOs are now or will soon be responsible for OT cybersecurity. Also noteworthy, more OT cybersecurity professionals now come from IT security leadership rather than the operations team.
NCC Group Monthly Threat Pulse – April 2023: Ransomware threat remains at high level (NCC Group) The volume of ransomware attacks remained at record highs with 352 attacks in April, the second-highest month on record, according to the latest analysis...
Most Organizations Expect Ransomware Attack Within a Year, Many Grossly Underestimate Recovery Times (Business Wire) Webinar on June 15, 2023, Details New Findings From Researchers With Cybersecurity Insiders and BullWall.
Netwrix Report: Enterprises Suffer More Ransomware and Other Malware Attacks Than Smaller Organizations (Netwrix) Attackers primarily target on-premises IT infrastructures.
2023 Security Trends Report: Additional Findings for the Enterprise Sector (Netwrix) Enterprises (over 1,000 employees) are moving to the cloud faster than smaller organizations.
Cradlepoint Survey Reveals the Power of Connectivity in Boosting U.S. Business Growth (GlobeNewswire News Room) Responses show cellular connectivity improvements are paramount in addressing the digital divide, supporting sustainability efforts and driving enterprise...
2023 Ransomware Trends Report (Veeam) The 2023 Ransomware Trends Report is a global analysis of the impact ransomware attacks have on IT organizations today. Read the report to learn if ransomware attacks are increasing, if cyber insurance is helping, and how backups can serve as your best line of defense against ransomware attacks
Marketplace
Memcyco Raises $10M To Deliver Real-Time Brandjacking Protection (Yahoo Finance) The company’s solution increases customer digital trust, improves brand reputation, and reduces financial impact
State Dept. issues XDR RFI (Intelligence Community News) On May 23, the U.S. Department of State issued the Extended Detection and Response (XDR) request for information (RFI). Responses are due by 3:00 p.m. Eastern on June 2.
1 big thing: Chris Inglis maps out life in the private sector (Axios) The first U.S. national cyber director is returning to Paladin Capital Group as a strategic adviser, the venture capital firm first shared with Axios.
Global Cyber Alliance Appoints 23 Strategic Advisors and 12 Ambassadors Adding to Its Current Network (Global Cyber Alliance) The nonprofit grows in diversity and talent with highly skilled representatives from like-minded public and private organizations all over the world.
Technology Pioneer Vikram Verma Joins SecureAuth as Chairman of the Board of Directors (SecureAuth) Seasoned Board Member Brings 30 Years of Executive Experience to Passwordless Continuous Authentication Leader IRVINE, Calif. – May 24, 2023 – SecureAuth, a leader in next-gen authentication and access management, today announced that Vikram “Vik” Verma has joined the company as Chairman of the Board of Directors. With a distinguished 30-year executive career, Verma will […]
AJ Singh joins Chorus Intelligence as Head of Sales for North America (Yahoo Finance) Chorus Intelligence welcomes AJ Singh as the Head of Sales for North America (NA). Singh's 20-year history within law enforcement and cybersecurity is a great match for this newly created role. The growing NA team has been focused on building relationships with law enforcement at the Local, State, and Federal level in order to understand their needs and to ensure that the Chorus Intelligence Suite (CIS) delivers investigative value.
Rubrik appoints former Zscaler executive as vice president for UK&I (channelpro) Toby Keech will work to expand Rubrik’s data security presence across the region and help customers better secure their data
Exabeam Names Pravin Vazirani to Board of Directors (Business Wire) Exabeam, a global cybersecurity leader and creator of New-Scale SIEM™ for advancing security operations, announced today that Pravin Vazirani, Managing Director and Co-Head of Technology Investing in the credit division of the asset management firm Blue Owl Capital, will join its Board of Directors
Products, Services, and Solutions
Cohesity Announces Partnership with Google Cloud to Help Organizations Unlock the Power of Generative AI and Data (Business Wire) Cohesity Unveils Cohesity Turing -- an Expanding Set of AI Capabilities that Powers Deep AI-Driven Insights for Customers Across Industries and Geographies
Dell Technologies Project Fort Zero to Transform Security (Dell) Project Fort Zero will deliver an end-to-end, validated Zero Trust solution to help organizations minimize the risk of cyberattacks.
AvePoint Fuels the Future of Secure Project Collaboration as a Microsoft Syntex Repository Services Launch Partner (GlobeNewswire News Room) AvePoint expands its ability to manage information and maximize IT investment with AvePoint Confide, built on Microsoft Syntex repository services, in...
Elastic Unveils the Elasticsearch Relevance Engine for Artificial Intelligence (Business Wire) Organizations can unlock the power of generative AI for proprietary enterprise data, today
Sonar and HashiCorp Partner to Deliver Clean Terraform Code & Good Vibes (Sonar Source) Learn about the Sonar - HashiCorp partnership and the SonarCloud Terraform Cloud integration.
Karamba Security Announces Production Agreement to Secure One Million Trucks (GlobeNewswire News Room) Karamba Security, a world leader in automotive product security, today announced the signing of a...
NordLocker introduces easier secure sharing option (GlobeNewswire News Room) NordLocker has launched a new feature that allows users to securely share a password-protected locker, otherwise...
Keeper Security Launches Multi-Cloud Password Rotation, Enabling Organizations to Update Privileged Credentials Automatically (PR Newswire) Keeper Security, the leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets,...
Infinidat Expands Support for Hybrid Cloud Storage Deployments with InfuzeOS™ Cloud Edition, Enhances Cyber Storage Resilience with InfiniSafe® Cyber Detection (GlobeNewswire News Room) Infinidat, a leading provider of enterprise storage solutions, today announced the launch of two...
Mandiant Managed Defense Expands to Support CrowdStrike and SentinelOne (Mandiant) Announcing general availability of Mandiant Managed Defense for CrowdStrike and SentinelOne.
Cohesity Expands Industry's Only Data Security Alliance and Announces New Integrations with Cybersecurity Leaders (Business Wire) Integrations Between Security and Data Management Leaders Can Improve Detection, Protection, and Recovery for Thousands of Companies Globally
NETSCOUT Introduces Mobile Security for 4G/5G Networks (Business Wire) Market leading mobile and DDoS technologies now combined to provide unparalleled Visibility Without Borders and protection
Bitwarden Launches Passwordless.dev Toolkit to Simplify Passkey Implementation for Developers (Business Wire) With the rising demand for passwordless logins, Bitwarden Passwordless.dev accelerates delivery of passwordless authentication, making passkey deployment easy for developers to build and implement FIDO authentication so users can sign in with a passkey.
Cowbell Bolsters Underwriting Leadership Ahead of the UK and Tech E&O Expansion (PR Newswire) Cowbell, the leading provider of cyber insurance for small and medium-sized enterprises (SMEs), announced it is bolstering its underwriting...
Sonar and HashiCorp Partner to Deliver Clean Terraform Code & Good Vibes (Sonar Source) Learn about the Sonar - HashiCorp partnership and the SonarCloud Terraform Cloud integration.
Announcing the launch of GUAC v0.1 (Google Security Blog) Today, we are announcing the launch of the v0.1 version of Graph for Understanding Artifact Composition (GUAC). Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain.
Technologies, Techniques, and Standards
CISA, FBI, NSA, MS-ISAC Publish Updated #StopRansomware Guide (Cybersecurity and Infrastructure Security Agency) Updated guide developed through the Joint Ransomware Task Force provides best practices and resources to help organizations reduce the risk of ransomware incidents.
CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF) | CISA (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020.
CISA Updates Zero Trust Maurity Model to Align with White House Directives (CISA) CISA's updated guidance provides more technical depth across the five pillars of zero trust and adds a new maturity stage.
New CISA Zero Trust Maturity Model Brings Attention to Encryption-in-Use Solutions (Globe Newswire) CISA now recommends encrypting data in use as part of an optimal data security strategy
What Security Professionals Need to Know About Aggregate Cyber Risk (Dark Reading) Widespread cyber incidents will happen, but unlike for natural disasters, specific security controls can help prevent a catastrophe.
A New Look for Risk in Awareness Training (Dark Reading) Changes in the way risk is viewed are leading to changes in the way training is conducted.
Cyber Experts Illuminate Human Core of Maintaining Security at the Tactical Edge - GovCon Wire (GovCon Wire) Looking for the latest GovCon News? Check out our story: Cyber Experts Illuminate Human Core of Maintaining Security at the Tactical Edge. Click to read more!
Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data (CRN) When a cyber insurance provider pays a ransom after a ransomware attack, it significantly increases the cost of recovery, new data from cybersecurity vendor Sophos shows.
Design and Innovation
Microsoft Build brings AI tools to the forefront for developers (The Official Microsoft Blog) You only need two simple letters to accurately convey the major shift in the technology space this year: A and I. Beyond those letters, however, is a complex, evolving and exciting way in which we work, communicate and collaborate. As you will see, artificial intelligence is a common thread as we embark on Microsoft Build,...
Google Search ads will soon automatically adapt to queries using generative AI (TechCrunch) Google is going to start using generative AI to boost Search ads relevance based on the context of a query, the company announced today.
CrowdStrike Advances the Use of AI to Predict Adversarial Attack Patterns (CrowdStrike) CrowdStrike is announcing five new AI-powered IOA models, designed to combat advanced adversary tradecraft and sophisticated tradecraft.
Palo Alto Networks CEO calls generative AI a boon for customer satisfaction and company efficiency (CNBC) Palo Alto Networks' CEO Nikesh Arora lauded generative AI in the cybersecurity space, telling CNBC's Jim Cramer the technology will maximize efficiency.
Reality check: What will generative AI really do for cybersecurity? (CyberScoop) Cybersecurity professionals are eyeing generative AI’s defensive potential with a mix of skepticism and excitement.
Research and Development
DoControl's SaaS Security Platform Receives Patent (PR Newswire) DoControl, the automated Software-as-a-Service (SaaS) security company, today announced the issuance of US Patent No. 11,606,395. The patent,...
Surgeon General Warns That Social Media May Harm Children and Adolescents (New York Times) The report by Dr. Vivek Murthy cited a “profound risk of harm” to adolescent mental health and urged families to set limits and governments to set tougher standards for use.
Legislation, Policy, and Regulation
TikTok's lead privacy regulator in Europe takes heat from MEPs (TechCrunch) MEPs in the European Parliament took the opportunity of a rare in-person appearance by Ireland's data protection commissioner to criticize the bloc's lead privacy regulator for most of Big Tech over how long it's taking to investigate TikTok.
Two-Thirds of IT Leaders Say GDPR Has Reduced Consumer Trust (Infosecurity Magazine) Increased awareness of data privacy issues has reduced trust in organizations, according to the survey
Biden Administration Developing National AI Strategy (Wall Street Journal) The White House is seeking public input on rules for new artificial intelligence tools such as ChatGPT.
Analysis | The food and agriculture industry gets a new center to share cybersecurity information (Washington Post) Cybersecurity experts say the sector’s lack of its own ISAC has been a dangerous security gap.
How US farmland became a battleground in the fight against China (The Hill) Chinese investors own about .03 percent of America’s farmland, according to federal data. But their land purchasing is becoming a major issue as politicians at the state and federal level ramp…
Spies can’t work from home — and that’s hurting recruitment in Germany (Washington Post) Would-be spies face many challenges — from mastering the difficult technical or linguistic skills that intelligence agencies seek, to the new life of secrecy that awaits them if they are accepted.
Biden picks Air Force general to lead NSA and Cyber Command (CNN Politics) President Joe Biden has nominated an Air Force general to head the nation’s powerful electronic spying agency and the US military command that conducts offensive cyber operations – a crucial position as the US continues to battle Russia, China and other foes in cyberspace.
Timothy Haugh nominated as next Cyber Command chief (DefenseScoop) Lt. Gen. Timothy Haugh has been nominated as the next leader of U.S. Cyber Command, an Air Force official confirmed to DefenseScoop.
Biden nominates Lt. Gen. Timothy Haugh for top position at NSA, Cyber Command (Record) President Joe Biden has tapped Air Force Lt. Gen. Timothy Haugh to serve as the new chief of U.S. Cyber Command and the National Security Agency, two sources familiar with the decision told The Record.
New Jersey Gets More Serious About Cyber Incident Reporting (Technology Solutions That Drive Government) In an effort to improve state response, agencies are now required to report cyber incidents within 72 hours.
How Pennsylvania Politics Are Shaking Up The State’s Crypto Scene (Forbes) New state bill brought by prominent Democrat would impose a moratorium on new crypto mining operations, modeled after New York state law.
Litigation, Investigation, and Law Enforcement
US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (BleepingComputer) The Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions today against four entities and one individual for their involvement in illicit IT worker schemes and cyberattacks generating revenue to finance North Korea's weapons development programs.
Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto (WIRED) And it's happening in plain sight.
Emails, Chat Logs, Code and a Notebook: The Mountain of FTX Evidence (New York Times) Prosecutors investigating Sam Bankman-Fried, the cryptocurrency exchange’s founder, have accumulated more than six million pages of documents and other records.
How Meta got caught in tensions between the US and EU (CNN Business) Facebook-parent Meta has perhaps become the most high-profile casualty of a long-running privacy dispute between Europe and the United States — but it may not be the last.
Nearly 50 state AGs sue company that allegedly facilitated billions of spam calls (CNBC) Avid Telecom allegedly facilitated more than 7.5 billion calls to numbers on the National Do Not Call Registry, state AGs allege.
IT employee impersonates ransomware gang to extort employer (BleepingComputer) A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized computer access with criminal intent and blackmailing his employer.
Trial starts for Maryland doctors accused of leaking medical records to Russia (Baltimore Sun) According to federal prosecutors, two Maryland doctors plotted to assist an American adversary by abusing their positions as medical professionals.
Predators Exploit AI Tools to Generate Images of Child Abuse (Bloomberg) Child exploitation forums weaponize new tech, experts advise. Fake, disturbing images appear more frequently online.