Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+455: Prigozhin speaks. (CyberWire) Wagner Group capo Prigozhin criticizes the Ministry of Defense and the Russian regulars for what he sees as their record of timidity and their policy of half measures.
Russia-Ukraine war at a glance: what we know on day 456 of the invasion (the Guardian) Russia has replaced its Wagner private military units with regular soldiers in the outskirts of Bakhmut; US intelligence officials believe Ukraine responsible for drone attack on Kremlin
Zelenskiy Blasts Russia's 'Terrorizing' Drone Attack As Allies Set To Discuss Military Aid (RadioFreeEurope/RadioLiberty) U.S. Defense Secretary Lloyd Austin is to hold a virtual meeting of the Ukraine Defense Contact Group amid calls by President Volodymyr Zelenskiy for allies to speed delivery of promised F-16 fighter jets to beef up his country's air defense.
Head of Russian private army Wagner says more than 20,000 of his troops died in Bakhmut battle (AP NEWS) The head of the Russian private army Wagner says his force lost more than 20,000 soldiers in the drawn-out battle for Bakhmut. The figure was in stark contrast with claims from Moscow that it lost just over 6,000 troops in the war.
Wagner chief warns of revolution and says 20,000 fighters killed in Bakhmut (the Guardian) Yevgeny Prigozhin says children of Russian elite ‘shook their arses’ in sun while sons of poor returned in coffins
Get serious or you could face a revolution, Wagner chief warns Russia’s elite (The Telegraph) Yevgeny Prigozhin said there are only so many deaths that the Russian people will take before rebelling
Wagner Chief’s Feud With Russian Military Cracks Putin’s Image of Control
(Wall Street Journal) Yevgeny Prigozhin’s public criticism of Moscow’s generals and defense minister reveals strains in the leadership structure the Russian president built.
Wagner group boss says its forces have begun leaving Bakhmut (the Guardian) Yevgeny Prigozhin announces ruined Ukrainian city will be handed over to Russian military by 1 June
The social media soldiers accused of invading Russia for 'likes' (The Telegraph) One is a failed actor, one was in a metal band but they all have a Russian far-Right history and are well known on social media
Ukraine live briefing: U.S. distances itself after Humvees seen in Belgorod (Washington Post) The United States is trying to distance itself from an incident in the Russian region of Belgorod where two heavily damaged U.S.-made Humvees were seen in a video verified by The Washington Post on the Russian side of a border station.
Ukrainians Were Likely Behind Kremlin Drone Attack, U.S. Officials Say (New York Times) American spy agencies do not know exactly who carried out the attack this month, but suggest it was part of a series of covert operations orchestrated by Ukraine’s security services.
Opening Remarks by Secretary of Defense Lloyd J. Austin III at the 12th Ukraine Defense Contact Group (As Delivered) (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III delivered remarks at the 12th Ukraine Defense Contact Group meeting.
Ukraine defense group to meet Thursday, discuss F-16 training for Ukrainians (Stars and Stripes) Training Ukrainians to fly F-16 fighter jets and more military aid to help a planned counterattack against Russian forces will be part of the discussions this week of the Ukraine Defense Contact Group, the Pentagon said.
How Can Ukraine Use the F-16? Retired USAF Generals and F-16 Pilots Explain. (Air & Space Forces Magazine) There is no debate the F-16 will be a quantum leap for Ukraine over the Soviet-era planes in its inventory, retired Air Force generals say.
Zelensky hands out awards to employees of Ukraine's cyber watchdog (Ukrinform) Ukrainian President Volodymyr Zelensky has attended events to mark the Day of Ukraine's State Service for Special Communications and Information Protection (SSSCIP). — Ukrinform.
The Plot Against Russia (Foreign Affairs) How Putin revived Stalinist anti-Americanism to justify a botched war.
Russia To Shut Swedish Consulate, Expel Five Diplomats (RadioFreeEurope/RadioLiberty) Moscow said on May 25 that it was expelling five Swedish diplomats and closing Russia's general consulate in Gothenburg and Sweden's diplomatic mission in St. Petersburg.
WHO members vote to move Moscow office and urge Russia to stop attacks on hospitals (the Guardian) Member states vote to relocate the office to Denmark by the end of the year, in response to health impacts of Ukraine conflict
Russia Cancels Air Show For The First Time In Decades (RadioFreeEurope/RadioLiberty) Russia has postponed an international air show indefinitely for the first time in three decades, Russian media reported on May 25, citing sources in the aviation industry.
Russian Indicted in U.S. Lobbies for Freedom Through a Prisoner Swap (Wall Street Journal) Bitcoin exchange operator Alexander Vinnik, facing money-laundering charges, is pushing to be part of any deal that could free Wall Street Journal reporter Evan Gershkovich.
Attacks, Threats, and Vulnerabilities
Researchers say they found spyware used in war for the first time (TechCrunch) Digital rights researchers accuse Azerbaijan of using spyware made by NSO Group in the context of the war against Armenia.
Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII (SentinelOne) Over the first quarter of 2023, SentinelLabs observed a campaign targeting users of Portuguese financial institutions conducted by a Brazilian threat group.
NSA and Partners Identify China State-Sponsored Cyber Actor Using Built-in Network Tools When Targeting U.S. Critical Infrastructure Sectors (National Security Agency/Central Security Service) The National Security Agency (NSA) and partners have identified indicators of compromise (IOCs) associated with a People’s Republic of China (PRC) state-sponsored cyber actor using living off the land
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (US Department of Defense) The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon.
U.S. and International Partners Release Advisory Warning of PRC State-Sponsored Cyber Activity (Cybersecurity and Infrastructure Security Agency) Advisory Includes Technical Information to Help Organizations Search for Malicious Activity on their Networks
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.
Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters) A state-sponsored Chinese hacking group has been spying on a range of US critical infrastructure organizations, Western intelligence agencies and Microsoft said.
China Accuses US, Its Allies Of "Disinformation" Over Cyber Attack Claims (NDTV) China accused the United States and its allies of waging a "disinformation campaign" Thursday, after Washington, its Western partners and Microsoft said state-sponsored Chinese hackers had infiltrated critical US infrastructure networks.
China-backed hackers spying on US critical infrastructure, says Five Eyes (the Guardian) Targets include US military facilities on Guam that would be key in an Asia-Pacific conflict, say Microsoft and western spy agencies
U.S. says Chinese hackers breached gear in Guam, key to Pacific defense (Washington Post) The hacks might be an effort to disrupt military communications in the event of a conflict
Australia joins intelligence partners to blame China for US infrastructure cyber attack (ABC) Australia has joined the United States and other Five Eyes cyber agencies to identify China as the culprit behind recent cyber attacks targeting "critical infrastructure" in the US.
Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations (Secureworks) Learn how the U.S. National Security Agency (NSA) issued a joint cybersecurity advisory highlighting a cluster of activity it attributes to a People’s Republic of China (PRC) state-sponsored threat group.
Chinese hackers breach US critical infrastructure in stealthy attacks (BleepingComputer) Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021.
Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure (SecurityWeek) Microsoft says Chinese government hackers are stealing data from critical infrastructure organizations in a campaign called "Volt Typhoon".
Chinese state-backed hacking group compromised US critical infrastructure orgs (Record) A Chinese state-sponsored hacking group gained access to critical infrastructure organizations in Guam and other parts of the U.S., Microsoft warned on Wednesday.
Microsoft warns that China hackers attacked U.S. infrastructure (CNBC) The state backed group, "Volt Typhoon," is working to disrupt communications in case of a future crisis, Microsoft said.
Chinese malware targeting critical infrastructure, Microsoft and U.S. government warn (CBS News) A Chinese-sponsored hacking campaign is targeting critical infrastructure in Guam and other locations in the U.S., Microsoft researches found.
Five Eyes and Microsoft accuse China US infrastructure raids (Register) Defeating Volt Typhoon will be hard, because the attacks look like legit Windows admin activity
Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target? (New York Times) The code, which Microsoft said was installed by a Chinese government hacking group, set off alarms because Guam would be a centerpiece of any U.S. military response to a move against Taiwan.
China Hacks US Critical Networks in Guam, Raising Cyberwar Fears (WIRED) Researchers say the state-sponsored espionage operation may also lay the groundwork for disruptive cyberattacks.
Agrius Deploys Moneybird in Targeted Attacks Against Israeli Organizations (Check Point Research) Key Points Introduction While responding to a ransomware attack against an Israeli organization, the Check Point Incident Response Team (CPIRT) and CPR identified a new strain of ransomware called Moneybird. Although the payload itself was unique, the TTPs demonstrated in the attack had clear overlaps with a threat actor known as Agrius. The data was […]
Fata Morgana: Watering hole attack on shipping and logistics websites (ClearSky) ClearSky Cyber Security has detected a watering hole attack on at least eight Israeli websites. The attack is highly likely to be orchestrated by a nation-state actor from Iran, with a low confidence specific attribution to Tortoiseshell (also called TA456 or Imperial Kitten).
Iran-linked hackers Agrius deploying new ransomware against Israeli orgs (Record) An Iran-linked advanced persistent threat group is using new ransomware while targeting a familiar adversary in the Middle East, researchers have found.
Iran suspect in cyberattack targeting Israeli shipping, financial firms (Al-Monitor) Iran has increased its cyberattacks against Israel in the past year, according to several observers.
Iranian Hackers Set Sights On Israeli Shipping & Logistics Firms (Information Security Buzz) Based on a research by Tel Aviv-based cybersecurity firm ClearSky, several Israeli shipping and logistics websites were hacked to collect customer data. The business has “low confidence” that the Iranian hackers outfit Tortoiseshell (also known as TA456 and Imperial Kitten) is responsible for these attacks. The malicious actor first appeared in the wild in July of 2018.
Hackers target 1.5M WordPress sites with cookie consent plugin exploit (BleepingComputer) Ongoing attacks are targeting an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in a WordPress cookie consent plugin named Beautiful Cookie Consent Banner with more than 40,000 active installs.
Operation "Total Exchange": New PowerExchange Backdoor Discovered in the UAE (Fortinet Blog) FortiGuard Labs investigates a custom, targeted Powershell-based backdoor that targets a victim’s Microsoft exchange server and a novel IIS web shell that harvests credentials. Learn more.…
Microsoft Encrypted Restricted Permission Messages Deliver Phishing (Trustwave) Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and .rpmsg encrypted emails to deliver the phishing message.
Fresh Phish: ChatGPT Impersonation Fuels a Clever Phishing Scam (INKY) Have you signed up for ChatGPT yet? It’s quite possible, especially considering the new controversial language generator reached 1 billion users in March 2023. With that amount of interest, it’s no wonder cybercriminals have begun impersonating the brand in a sophisticated personalized phishing campaign.
Legion Malware Upgraded to Target SSH Servers and AWS Credentials (The Hacker News) Legion malware evolves with expanded capabilities. Latest version exploits SSH servers and gains access to DynamoDB and CloudWatch credentials.
Credential harvesting tool Legion targets additional cloud services (CSO Online) Threat actors now use Legion to steal AWS-specific credentials from web servers to enable email and SMS spam campaigns.
The Magic Link Attack (Avanan) Magic links are being used by hackers to redirect end-users.
Salt Security Uncovers API Security Flaws in Expo Framework, Risking Account Takeover, Credit Card, and PII Exposure on Hundreds of Online Services - Issues have been Remediated (PR Newswire) Salt Security, the leading API security company, today released new threat research from Salt Labs that details several critical security flaws...
Dig Discovers Vulnerability in GCP CloudSQL Leads to Data Exposure (Dig) The Dig research team reveals recently discovered critical vulnerability in GCP CloudSQL service that lead to internal container access and data exposure
How Cyber Threat Actors Use Physical Checks to Commit Fraud (BlueVoyant) BlueVoyant has observed a significant spike in the trade of compromised and fraudulent checks on the deep and dark web in the past year.
Philly Inquirer disputes Cuba ransomware gang's leak claims (Register) Now that's a Rocky relationship
Ransomware gang pulls Philadelphia Inquirer listing after victim questions documents (Record) The Cuba ransomware group had posted documents allegedly hacked from the newspaper, but the company cast doubt on whether the trove of information was authentic.
NT government breaches privacy of 50,000 public health patients (ABC) A data "incident" report, obtained by the ABC through freedom of information, reveals the NT Government breached the privacy of thousands of public health patients.
Apria Healthcare Discloses Major Data Breach Impacting 1.8M Users (HackRead) The breach spanned two periods: from 5th April to 7th May 2019, and from 27th August to 10th October 2021.
Emerson Firm Announces Investigation of Data Breach at Apria Healthcare LLC (GlobeNewswire News Room) Emerson Firm, PLLC (“Emerson”) announces an investigation of the data breach at Apria Healthcare, LLC...
Thomas Hardye School in Dorchester hit by cyberattack (Computing) Hackers have sent a ransom demand payable on the Dark Web
Personal Information, Banking Records of Nearly 40,000 Marines, Sailors Involved in Data Breach (NBC 7 San Diego) U.S. Marine Corps officials are investigating after the personal information of approximately 39,000 personnel including Marines, sailors and civilians working within the Department of Defense was involved in a data breach discovered May 12. The Marine Corps said the breach occurred when an unencrypted email was sent from within Camp Pendleton-based Combat Logistics Regiment 17, part of the 1st Marine…
Vulnerability Summary for the Week of May 15, 2023 (Cybersecurity and Infrastructure Security Agency CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Free VPN Data Breach Exposed 360 Million Records Online. Why Using the Right VPN Matters! (vpnMentor) Cybersecurity security researcher Jeremiah Fowler discovered and reported to vpnMentor a non-password protected database containing over 360 million records related to a VPN data
Backup Repositories Targeted in 93% of Ransomware Attacks (Infosecurity Magazine) Organizations now acknowledge that having clean and recoverable backups is a critical element of a good business continuity plan
Security Patches, Mitigations, and Software Updates
Ericsson Sensitive Data Exposure via Trace.axd (Checkmarx) Ericsson Sensitive Data Exposure via Trace.axd
GitLab 'strongly recommends' patching max severity flaw ASAP (BleepingComputer) GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825.
Trends
Customer Identity Trends Report 2023 (Okta) Delivering great customer experiences is easier said than done. Download Okta's 2023 Customer Identity Trends Report to learn about customer attitudes toward convenience, privacy, and security.
New report reveals a 121% surge in cybercriminals using legitimate websites to obfuscate malicious payloads (GlobeNewswire News Room) 71% of malicious payloads sent from compromised accounts were HTML smuggling attacks51% increase in attacks sent from compromised accountsAdvanced phishing...
Group-IB: the use of phishing kits surges by 25% in 2022 as they become more evasive and advanced (Group-IB) Group-IB, a global cybersecurity leader headquartered in Singapore, has recorded a 25% increase in the use of phishing kits in 2022.
Ransomware driving professionalization of cyber crime (News Powered by Cision) WithSecure report highlights a security incident involving five different groups as evidence of an
Account Compromise, Financial Theft, and Supply Chain Attacks: Analyzing the Small and Medium Business APT Phishing Landscape in 2023 | Proofpoint US (Proofpoint) Small and medium-sized businesses (SMBs) are increasingly being targeted by Advanced persistent threat (APT) actors globally. Proofpoint researchers have identified three main trends of attacks targeting SMBs between 2022 and 2023, including the use of compromised SMB infrastructure in phishing campaigns; regional SMB targeting by state-aligned actors for financial theft; and vulnerable regional managed services providers (regional MSPs) being targeted via phishing and thereby introducing the threat of SMB supply chain attacks.
More APTs Eye Managed Service Providers in Supply Chain Attacks (Decipher) Overall, threat actors aligned with Russian, Iranian and North Korean state interests have increasingly targeted small and medium-sized businesses.
Researchers Spot APTs Targeting Small Business MSPs (SecurityWeek) Proofpoint warns that APT actors linked to Russia, Iran and North Korea are increasingly targeting small- and medium-sized businesses.
Marketplace
Why aren't venture capitalists flocking to fund cybersecurity startups? (TechCrunch) Cybersecurity companies are enjoying stellar growth and multiples, but VCs are still hesitant to invest in these startups. What's going on?
Ransomware is being excluded from cyber insurance policies (Security) According to a recent report, some cyber insurance policies aren't covering ransomware attacks as the volume of attacks continues to rise.
Agile Defense acquires XOR Security (Intelligence Community News) Agile Defense, an end-to-end provider of large-scale, digital transformations solutions to the Department of Defense (DoD) and other national security customers, announced today that it has acquired Falls Church, VA-based XOR Security.
High Wire Launches Cybersecurity Job Training Program for Military Service Members and Veterans in Partnership with U.S. Department of Defense (GlobeNewswire News Room) High Wire Networks, Inc. (OTCQB: HWNI), a leading global provider of managed cybersecurity and technology...
Five reasons why a career in cybersecurity is worth pursuing (SecurityBrief Australia) The demand for cybersecurity professionals has increased exponentially, and the trend is expected to continue as the world becomes more digital.
Sectigo Announces Executive Appointment of Christopher Bray as Senior Vice President of Partner and eCommerce Sales Channels (GlobeNewswire News Room) Former Symantec, McAfee Exec Hired to Scale Sectigo’s Partner Programme and eCommerce Offering...
Darktrace Appoints Chris Kozup as Chief Marketing Officer (PR Newswire) Industry veteran brings more than 20 years of experience leading high performance marketing teams for enterprise technology companies including...
Jon Bates Promoted to Chief Executive Officer at Avalon (Avalon) Avalon, which offers technology-based services like digital forensics, cybersecurity and eDiscovery as well as document services, announced today that former chief operating officer Jon Bates has been promoted to chief executive officer.
Products, Services, and Solutions
Corvus Insurance Unveils Corvus Signal™, a Cyber Risk Prevention Solution Shown to Reduce Cyber Breaches (Business Wire) Policyholders who engaged with Corvus Signal in the past three years saw a nearly 20% lower frequency and cost of cyber breaches
ThreatBlockr Announces Milestone of Blocking One Billion Threats Per Day (ThreatBlockr) The company also doubles down on support for higher education institutions as the industry continues to face rising threats
KnowBe4 and TDI Collaborate To Enhance Cyber Performance, Risk and Compliance Capabilities (KnowBe4) KnowBe4 and TDI Collaborate To Enhance Cyber Performance,Risk and Compliance Capabilities
Coro Named One Of Top 5 Security Solutions (Coro Cybersecurity) We are thrilled to announce that we’ve been recognized as a finalist for Best SME Security Solution in the 2023 SC Awards.
NordLayer launches a new and one-of-the-kind Browser Extension (GlobeNewswire News Room) The NordLayer team is happy to announce that from now on, people can access their business resources via a...
BIO-key Unveils PortalGuard® Feature Enhancements Including Support for MacOS Multi-Factor Authentication (MFA) for Enterprise (GlobeNewswire News Room) PortalGuard adds core capabilities, innovating secure access across diverse and difficult use cases...
OT cybersecurity tool unveiled by Honeywell (SC Media) SecurityWeek reports that Honeywell has unveiled the new on-premises Cyber Insights solution within its Forge cybersecurity product that enables improved threat and vulnerability identification in operational technology systems by using vulnerability, threat, and compliance data gathered from Honeywell offerings and other third-party security systems.
Claroty Expands Partner Base with 15 New MSSPs, Including IBM, Rockwell, NTT Data (MSSP Alert) Claroty has bolstered its Focus partner program, adding more than 15 new managed security service provider (MSSPs) members.
Keeper Security Launches Multi-Cloud Password Rotation, Enabling Organizations to Update Privileged Credentials Automatically (PR Newswire) Keeper Security, the leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets,...
NordPass introduces advanced File Attachments functionality (GlobeNewswire News Room) On Wednesday, NordPass announced that its password manager now offers new features. NordPass Premium users can...
TrustCloud™ Expands Audit Partner Network, Making it Easier for Companies to Attain Certifications and Win Enterprise Deals | TrustCloud (TrustCloud) Insight Assurance joins Trusted Partner Network with Prescient, Schellman, DDS and more, to provide premium services at favorable rates for companies
Black Ink Tech and Incode Partner to Make Everywhere Identity a Reality (PR Newswire) Black Ink Technologies Corp, a digital pioneer connecting physical objects, services, and events to a permanent graded data record through...
VulnCheck Launches XDB: The Most Comprehensive Hub of Exploits for Modern Security Teams (Business Wire) Largest real-time collection of exploits hosted on git repositories helps researchers, offensive teams and detection engineers solve the vulnerability prioritization challenge and bolster security
Technologies, Techniques, and Standards
New CISA Zero Trust Maturity Model Brings Attention to Encryption-in-Use Solutions (Globe Newswire) CISA now recommends encrypting data in use as part of an optimal data security strategy
Broad coalition of advocacy groups urges Slack to protect users' messages from eavesdropping (CyberScoop) Tech, civil liberties and reproductive justice groups want the company to offer end-to-end encryption so users' messages remain private.
Recourse following data breaches – what can companies do? (Clyde & Co) Businesses face significant financial impact due to data breaches. These can include remediation and IT forensics investigation costs, notification costs to affected individuals, legal fees arising from regulatory investigations and fines, reputational damage, and business interruption losses. Given such financial ramifications, there is a growing trend in Singapore for organisations to consider recovering such expenses from third parties who may have potentially caused the underlying data breaches. One example of this is the recent judgment in Razer (Asia-Pacific) Pte Ltd v Capgemini Singapore Pte Ltd [2022] SGHC 310.
Design and Innovation
IBM wants to build a 100,000-qubit quantum computer (MIT Technology Review) The company wants to make large-scale quantum computers a reality within just 10 years.
Cybersecurity Chiefs Navigate AI Risks and Potential Rewards (Wall Street Journal) For now, the long-term benefits of generative AI are unclear and the risks are manageable, security leaders say.
AI in cybersecurity: Yesterday’s promise, today’s reality (MIT Technology Review) Why AI will drive more speed and accuracy in security and give defenders an edge.
How Microsoft Swallowed Its Pride to Make a Massive Bet on OpenAI (The Information) Satya Nadella didn’t want to hear it. Last December, Peter Lee, who oversees Microsoft’s sprawling research efforts, was briefing Nadella, Microsoft’s CEO, and his deputies about a series of tests Microsoft had conducted of GPT-4, the then-unreleased new artificial intelligence large-language ...
Research and Development
Space Force Will Look At How to Hack Targets From Space (Defense One) “We're laying the groundwork for starting to figure that,” said the leader of Space Operations Command.
Academia
Cybersecurity research aims for impact at Virginia Tech (Virginia Tech) The Commonwealth Cyber Initiative in Southwest Virginia is investing in researchers working at the intersection of data, autonomy, and security. Proposals for the next round of Cybersecurity Research grants are due June 9.
Legislation, Policy, and Regulation
Iran is using its cyber capabilities to kidnap its foes in the real world (Atlantic Council) This new form of transnational repression by Iran has alarmed security professionals and governments worldwide.
5th Anniversary of the GDPR: Still a benchmark in the EU digital landscape? (European Data Protection Supervisor) On the occasion of the 5th anniversary of the entry into application of the General Data Protection Regulation, the European Data Protection Supervisor, the German Federal Commissioner for Data Protection and Freedom of Information, and the Bavarian Data Protection Commissioner organise the high-...
EU: Commission publishes statement ahead of 5th anniversary of GDPR (DataGuidance) On May 24, 2023, the European Commission published a statement ahead of the fifth anniversary of the General Data Protection Regulation (GDPR). The Commission highlighted that it announced in its 2023 Work Programme that it would propose a legislative initiative to improve cooperation between data protection authorities when enforcing the GDPR, which will establish targeted harmonization of key aspects of the administrative procedures that are applied in cross-border cases.
GDPR: 5 years later (Loyens Loeff) Loyens & Loeff and IBJ will discuss the (r)evolution in data protection law since the GDPR became effective on 25 May 2018.
China unveils revised commercial cryptography regulations (Xinhua) China unveils revised commercial cryptography regulations-
Tugendhat criticises Facebook encryption plan (Computing) Security minister urges the company to implement strong safety measures to prevent a significant risk to child safety
White House unveils efforts to guide federal research of AI (Federal Times) The U.S. government and private sector in recent months have begun more publicly weighing the possibilities and perils of artificial intelligence.
Why the military moves faster than government on AI (Federal Times) A Q&A with a former member of the National Security Commission on Artificial Intelligence about how agencies can get around talent and budget constraints.
Biden’s pick to lead NSA and Cyber Command inherits key issues (Washington Post) Reviewing the record of the outgoing NSA and Cyber Command director, and evaluating the nominee to replace him
US Army revamps program executive offices to sharpen cyber focus (C4ISRNet) No jobs are expected to be cut, and contracts should flow as normal, according to three U.S. Army program executive officers.
Comprehensive FAQs on the CCPA (Fisher Phillips) The California Consumer Privacy Act (CCPA) has created compliance challenges across the country for businesses – but they often stem from the fact that businesses are confused about some of the law’s…
Litigation, Investigation, and Law Enforcement
America’s nuclear secrets are vulnerable to fraudsters and spies, watchdog report says (NBC News) The Government Accountability Office says the Energy Department has for years failed to act on recommendations pointing to gaping holes in its efforts to create an insider threat program.
Pegasus spyware reaches into Mexican president’s inner circle (Washington Post) Mexico’s security forces have been among the world’s most aggressive in using cutting-edge surveillance technology to eavesdrop on the phones of opposition politicians, journalists and human rights activists.
Lawsuits by Moderators of Violent Online Content Pose Threat to Big Tech (Wall Street Journal) Court cases in Kenya could widen legal risks as they cast fresh light on the industry’s far-flung, outsourced workforce.
Revealed: the contentious tool US immigration uses to get your data from tech firms (the Guardian) Documents show Ice has sent Google, Meta and Twitter at least 500 administrative subpoenas for information on their users
U.S. Charges Russian In Ransomware Scheme Worth Up To $200 Million (Globe Echo) Image Source: Pixabay The U.S. Department of Justice (DOJ) has indicted a Russian man for his alleged participation in several ransomware schemes. According to a press release from the Justice Department, the individual, identified as Russian national Mikhail Pavlovich Matveev, has carried out cyberattacks on victims across the United States, including on law enforcement agencies […]
Studies show ransomware has already caused patient deaths (Security | TechTarget) Several studies have shown that cyber attacks such as ransomware have already led to patient deaths at hospitals.