Facing a costly and time-consuming app modernization project? Don't worry, you're not alone. Join industry leaders from Fortune 500 organizations like Kroger, to secure your apps on any cloud with any IDP no matter how complex your environment is. We call this Identity Orchestration. The best part? You’ll eliminate the need to refactor apps and say goodbye to legacy tech debt. Try it for free today to experience no-code identity modernization.
We're always looking for ways to improve the CyberWire, now N2K Cyber Network, to give you an intelligence-driven news experience that saves you time and keeps you in the know on the latest developments in cybersecurity. Please share your feedback in our 2023 Audience Survey and you will have a chance to win a $100 Amazon gift card. Take the survey.
AT&T reports a new fileless remote access trojan (RAT), SeroXen. “Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making it accessible.” This RAT seems to live up to its hype. AT&T says it’s performing well at evading detections, and that it effectively combines open source projects like Quasar RAT, r77-rootkit, and the command line NirCmd. SeroXen’s progenitor is the Quasar RAT, released in 2014 as xRAT, which has been used by the Gaza Cybergang group and MenuPass Group (APT10) since 2017. AT&T writes that SeroXen was first observed on a Twitter account in 2022: ”The person advertising the RAT appeared to be an English-speaking teenager. The same Twitter handle published a review of the RAT on YouTube. The video approached the review from an attacking/Red Team point of view, encouraging people to buy the tool because it is worth the money. [The reviewers] were claiming to be a reseller of the tool.” AT&T’s Alien Lab regards the SeroXen RAT as elusive, hard to detect, and worth keeping an eye on.
With 84% of organizations experiencing an identity-related breach, identity is the new battlefield. As the pioneers of privileged access management, we started by protecting the most privileged users and most critical data. With intelligent privilege controls, today we’re applying the same levels of security and protection to every identity – both human and machine. CyberArk offers the most advanced identity security platform in the world, surrounding every identity with a powerful force field of continuous protection.
Citing research by CloudSek, Hacker News reports that another new remote access Trojan (RAT), DogeRAT, has been observed targeting Indian android users. The malware seems to have been created in June of 2022, shortly after which it was advertised on its Indian developer’s Telegram page. DogeRat, like its namesake cryptocurrency, is regarded as a cheap ($30 for a monthly subscription) and effective money-making scheme. It exploits consumers by masquerading as legitimate premium applications like Netflix, OpenAI’s ChatGPT, or YouTube Premium. “Once installed on a victim's device, the malware gains unauthorized access to sensitive data, including contacts, messages, and banking credentials," CloudSek reports, adding “The malware can also be used to take control of the victim's device and perform malicious actions, such as sending spam messages, making unauthorized payments, modifying files, viewing call records, and even taking photos via both the front and rear cameras of the infected device.” Experts recommend not downloading free versions of premium services from social media pages: they’re too often malicious. (And, like the one mentioned above, they often cost more than the premium services they impersonate.)
Register now for Mandiant’s mWISE security conference.
Unmaintained and incorrectly deactivated Salesforce sites remain accessible online, and so unfortunately accessible to threat actors, Varonis reported today. If the host header is manipulated, malicious actors may be able to gain access to personally identifiable information (PII) and sensitive business information. The Salesforce sites allow for collaboration among customers and partners within an organization’s Salesforce implementation. However, these “ghost sites,” as Varonis has aptly labeled them, are often merely set aside when they’re no longer in use, not fully deactivated as sound practice would dictate. This means that the security measures implemented on the sites are often not up to par with current cybersecurity protections.
On top of a lack of updates to the ghost sites’ security measures, they also remain untested against newer vulnerabilities that appear after the site is no longer actively used. Many companies only modify the DNS records of their Salesforce site to direct to an alternative, but researchers say that companies often “do not remove the custom domain in Salesforce, nor do they deactivate the site. Instead, the site continues to exist, pulling data and becoming a ghost site.” Since the ghost site remains accessible in Salesforce, a change to the host header tricks Salesforce into believing the actor is connecting to the original site, and grants access to the malicious actor. Varonis advises full deactivation of unused Salesforce sites to prevent such attacks from lifting sensitive data that may be left exposed otherwise.
Your prospects are demanding SOC 2 and you're not closing deals without it. Scytale's security compliance automation platform helps companies get compliant and stay compliant with frameworks like SOC 2, ISO 27001, HIPAA, GDPR and PCI-DSS without breaking a sweat.
Save hundreds of hours with streamlined compliance and dedicated support, remain compliant all year round with automated monitoring and alerts, and most importantly, boost sales by providing proof of information security to your customers.
The Identity Defined Security Alliance (IDSA) released its 2023 Trends in Identity Security report (conducted by Dimensional Research). The report discusses identity security and its place in cyber, and how it impacts security challenges and outcomes. Identity security remains a major cybersecurity focal point: 90% of those surveyed reported an identity-related breach within the last year. 17% of respondents say digital identity security is their top priority, 44% place it in their top three, and 25% put it in their top five. 93% of respondents report being targeted by phishing attacks in the last twelve months, with 57% reporting that employees clicked on a phishing email without realizing it. Shared passwords between work and personal accounts were said (by 37% of the respondents) to be a factor in identity-based attacks. The cost of breach recovery, alongside distraction from business operations, and a damaged reputation, were cited as the top business impacts from identity security breaches, at 39%, 33%, and 25%, respectively.
A global survey by Jumio found that 52% of its respondents who were aware of generative AI and deepfakes believed that they could detect a deepfake video. Junio alleges that this is an example of overconfidence with the consumer as deepfakes have reached a level of sophistication which would prevent an unaided human from detecting them. “Jumio data also shows a steady uptick in the use of increasingly sophisticated deepfakes across the globe and across industries, with a heavier presence in the payments and crypto sectors.” Jumio suspects that training will find it difficult to keep pace with the growing quality of AI-created media.
Trend Micro describes the recent activity of Void Rabisu, "a malicious actor believed to be associated with the RomCom backdoor." It's a Russian or at least a Russophone gang, and until the last few months its activities and motivations have generally been assumed to be straightforwardly criminal, motivated by financial gain and on the lookout for the main chance. Also known as "Tropical Scorpius," Void Rabisu has been associated with the Cuba ransomware operation (closely linked with Russian intelligence services), and since late 2022 the gang's targeting has increasingly matched Russian state interests. Trend Micro writes, "Void Rabisu’s associated RomCom backdoor was reported to have been used in attacks against the Ukrainian government and military: In a campaign in December 2022, a fake version of the Ukrainian army’s DELTA situational awareness website was used to lure targets into installing the RomCom backdoor." The target selection is that of an intelligence service; the TTPs are those of a criminal gang. "Normally, this kind of brazen attack would be thought to be the work of a nation state-sponsored actor, but in this case, the indicators clearly pointed towards Void Rabisu, and some of the tactics, techniques, and procedures (TTPs) used were typically associated with cybercrime." Trend Micro thinks that Void Rabisu's targeting has been connected to Russian strategic goals since October of 2022. The group's evolution shows the continued blurring of lines between hacktivists, intelligence services, and criminal gangs. Of those three, in Russia's case, the intelligence services are clearly in the saddle.
The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.
Today's issue includes events affecting Belarus, Belgium, Brunei, China, Estonia, the European Union, Ireland, NATO/OTAN, Russia, Thailand, Ukraine, the United Kingdom, and the United States.
Ukraine at D+461: More cross-border operations. (CyberWire) Drones hit Russian targets, although Russian strikes against Ukraine remain far more common. In cyberspace, the lines separating hacktivists from criminals from intelligence services continue to blur.
Russia-Ukraine war at a glance: what we know on day 462 of the invasion (the Guardian) Drones strike at oil refineries within Russia; Medvedev calls UK an ‘eternal enemy’ which is de facto at war with Russia
Ukraine war comes to Moscow as drones strike both capitals (Reuters) Ukrainian drones struck wealthy districts of Moscow on Tuesday, Russia said in what one politician called the most dangerous attack on the capital since World War Two, while Kyiv was also hit from the air for the third time in 24 hours.
‘One of the blasts shook our house’: Russians wake up to war at home (the Guardian) Drone attack and explosions in Moscow region seen as ‘logical next step’ by some as Ukraine retaliates
Russia says drones damage Moscow buildings in pre-dawn attack, blames Ukraine (AP NEWS) Russian air defenses stopped eight drones converging on Moscow, officials said Tuesday, in an attack that authorities blamed on Ukraine, while Russia pursued its relentless bombardment of Kyiv with a third assault on the city in 24 hours.
Russia-Ukraine war latest: Drone attack hits Moscow's wealthy neighbourhoods (The Telegraph) The suspected Ukrainian drone attack on Moscow on Monday morning appeared to have targeted wealthier neighbourhoods and the suburbs dotted with official government residences and mansions of Russian tycoons, Nataliya Vasilyeva reports.
Who was behind Moscow drone attacks and what do they mean for Ukraine war? (the Guardian) Latest attacks on Russian capital may be tactic by Kyiv to bring invasion closer to wealthy Muscovites
Moscow drone attack exposes Russia's vulnerabilities, fuels criticism of military (AP NEWS) A drone attack on Moscow has exposed breaches in Russia’s air defenses and underlined the Russian capital’s vulnerability amid expectations of a massive Ukrainian counteroffensive. Tuesday's strikes that lightly damaged three apartment buildings angered Russian hawks, who criticized Russian President Vladimir Putin and the military brass for failing to protect Moscow. Ukrainian authorities rejoiced over Tuesday’s attack but customarily avoided claiming responsibility. The raid followed a May 3 drone strike on the Kremlin that lightly damaged the roof of a building serving as one of Putin’s official residences. Previously, drones came down near Moscow in what Russian authorities described as botched Ukrainian attempts to attack the city.
James Cleverly backs Ukraine's right to attack Russia after Moscow’s ‘Beverly Hills’ hit by drones (The Telegraph) At least 13 drones crashed across the Russian capital, with the Kremlin lashing out at what it described as a 'terrorist attack'
Surprise mass drone strike spells trouble in the air for Vladimir Putin (The Telegraph) Attacks from the skies not only put Moscow in danger but could force Russia to take vital air defences away from the front line
Ukraine war: Russia pounds Kyiv with missiles in daytime attack (The Telegraph) Russia fired 11 missiles at Kyiv and the surrounding region on Monday morning in an unusual daytime attack on the capital, Ukraine's armed forces chief said.
Who are the pro-Ukrainian militias raiding Russia’s Belgorod region? (The Economist) They have links to Ukrainian military intelligence and, in some cases, to the far right
Ukrainian generals have one last offer for Russian soldiers in their country: Surrender now (ABC) Ukraine has long been warning of a spring counteroffensive and despite next week marking a new season, Kyiv has a deadly warning for those Russian soldiers inside its border.
Russia’s new reality: Less Peter the Great, more Putin the Pariah (Atlantic Council) The invasion of Ukraine has left Russia greatly diminished on the world stage and earned Putin a place in infamy alongside history’s greatest criminals. Instead of emulating Peter the Great, he has become Putin the Pariah, writes Peter Dickinson.
What happens when Belarus loses its dictator? (The Economist) Alexander Lukashenko’s death would trigger a tussle for succession
Fate of Belarus and Ukraine intertwined, says Sviatlana Tsikhanouskaya (euronews) The Belarussian opposition leader will take part in a conference on Central and Eastern Europe's security in Bratislava. She is calling on the EU to maintain sanctions on Belarus and has said the course of the war in Ukraine and her country's fate were linked.
WSJ News Exclusive | Ukraine and Allies Plan Peace Summit Without Russia (Wall Street Journal) Kyiv and its backers are organizing a gathering of global leaders with the intent of garnering support for Ukraine’s terms for ending the war.
NATO intel chief: Russia’s war on Ukraine and a hybrid war aimed at us (Marine Corps Times) The speed, scale and intensity of Russian hybrid activities has increased in recent years, notes David Cattler.
NATO foreign ministers debate Ukraine’s status (Deutsche Welle) NATO members have agreed in principle that Ukraine will join the alliance once the war with Russia is over. But what can NATO offer Kyiv right now? A meeting of foreign ministers in Oslo may offer answers.
Estonia Will Ask For a Clearer Path for Ukraine to Join NATO (Defense One) In Europe, defense ministers and military experts worry that the world is not learning the lessons from Ukraine quickly enough.
Macron to call for European ‘strategic awakening’ after Ukraine invasion (the Guardian) In speech in Bratislava, French president will warn of steady erosion of European strategic stability
New US aid package for Ukraine will total about $300 million (Military Times) U.S. officials say a military aid package for Ukraine that is expected to be announced this week will include additional munitions for drones.
Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals (Trend Micro) Void Rabisu, a malicious actor believed to be associated with the RomCom backdoor, was thought to be driven by financial gain because of its ransomware attacks. But in this blog entry, we discuss how the use of the RomCom backdoor in recent attacks shows how Void Rabisu's motives seem to have changed since at least October 2022.
ZOV – Calling (Air Force Language and Culture Center) It's been a month and a half since I returned from the war in Ukraine. Yes, I know you can't say this word "war," it was banned. But still I will say “war."
Russian-Speaking Airmen Translate Rare Account of Ukraine War Through Invader’s Eyes (Air & Space Forces Magazine) Five Russian-speaking Airmen from the Air Force LEAP program translated a Russian paratrooper's experience in the 2022 invasion of Ukraine.
Team Putin Spars Over Baffling Russian ‘Victory Plan’ in War (The Daily Beast) The Kremlin’s communication problems are triggering awkward moments and fiery clashes between Russian state television’s biggest stars.
Write algorithms, wage EW, share data: Lessons from Ukraine war (Breaking Defense) "The loss rate for Ukrainian UAVs at the moment is about 10,000 UAVs a month," Jack Watling, a senior research fellow at the Royal United Services Institute, said. "That's the level of equipment that both sides are going through."
Ukraine’s Diia platform sets the global gold standard for e-government (Atlantic Council) Ukraine's Diia app is widely seen as the world's first next-generation e-government platform, and is credited with implementing what many see as a more human-centric government service model, writes Anatoly Motkin.
Olha fought in Bakhmut and witnessed the full cruelty of Wagner commanders who forced their own troops into minefields at gunpoint (ABC) In Ukraine, they call her Witch, but the origins of Olha Bihar's call sign remain almost as secretive as the start date of Ukraine's long-awaited counteroffensive.
The American military veterans who’ve fallen in Ukraine (Washington Post) On Memorial Day, families and friends reckon with the meaning of service under one flag — and sacrifice under another
Jury to decide if Maryland doctors conspired to pass medical information to Russia (Baltimore Sun) A jury began deliberating Tuesday afternoon in the case of two Maryland doctors accused of providing confidential medical records to someone posing as a Russian agent.
SeroXen RAT for sale (AT&T Cybersecurity) SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making it accessible.
Dark Pink back with a bang: 5 new organizations in 3 countries added to victim list (Group-IB) Group-IB, a global cybersecurity leader headquartered in Singapore, has today published a new update into the APT (advanced persistent threat) group codenamed Dark Pink, revealing that a total of 13 organizations in 9 countries have now fallen victim to this malicious actor.
RomCom malware spread via Google Ads for ChatGPT, GIMP, more (BleepingComputer) A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers.
Supply Chain Risk from Gigabyte App Center Backdoor (Eclypsium) Recently, the Eclypsium platform began detecting suspected backdoor-like behavior within Gigabyte systems in the wild. These detections were driven by heuristic detection methods, which play an important role in detecting new, previously-unknown supply chain threats, where legitimate third-party technology products or updates have been compromised. Our follow-up analysis discovered that firmware in Gigabyte systems is […]
Ghost Sites: Stealing Data From Deactivated Salesforce Communities (Varonis) Varonis Threat Labs discovered improperly deactivated Salesforce 'ghost' Sites that are easily found, accessible, and exploitable by attackers.
Sneaky DogeRAT Trojan Poses as Popular Apps, Targets Indian Android Users (The Hacker News) Attention, Android users in India! Beware of DogeRAT malware! It hijacks devices, steals data, spams, makes unauthorized payments, and modifies files.
The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name (Mend) Mend.io research discovered a threat actor takeover of the name ‘gemnasium-gitlab-service', a retired Ruby gem with more than two million downloads. Existing projects that haven't updated their dependencies might unwittingly pull in this new version, assuming it's a continuation of the original. Given that the new gem is now controlled by an unknown entity, it could be altered to include malicious code or to perform undesirable actions.
Critical Barracuda 0-day was used to backdoor networks for 8 months (Ars Technica) Attackers then went on to steal data from infected systems.
Barracuda Networks zero-day has been exploited for 7 months to steal data (Computing) Customers urged to ensure email security gateway appliances are up-to-date, halt the use of compromised and refresh all credentials
Attackers hacked Barracuda ESG appliances via zero-day since October 2022 (Help Net Security) The exploitation of Barracuda ESG appliances via zero-day flaw (CVE-2023-2868) lead to malware deployment and data exfiltration.
RaidForums user data leaked online a year after DOJ takedown (TechCrunch) A database containing the details of almost 500,000 RaidForums users has leaked online. Prosecutors seized the hacking forum in 2022.
RaidForums leak: Details of nearly half-a-million hackers posted online (Computing) RaidForums admin and two of his collaborators were arrested last year as part of Operation TOURNIQUET
Who is Blackbyte? A look at Augusta's cyber attack (WFXG) FOX54 was the first to tell you a known ransomware attacker group had claimed responsibility for the city's cybersecurity issues. We've since learned about the group, which is known as Blackbyte.
One of the Largest Online Tire Retailers Exposed Over a Million Customer Records Online (Website Planet) Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained over a million
Nearly 9 million people affected by data breach from cyberattack on dental insurer (Record) A ransomware attack on a major dental insurance provider leaked the personal information of nearly nine million people across the United States, according to documents filed with state regulators.
UK-based Capita Updates on Cyber Attack Incidents (Tekedia) British outsourcing company Capita, which reportedly experienced two cyber-attacks in March and May this year, has noticed some issues due to the data breaches. The company which runs services for local councils, the NHS, the military, and several others experienced the first hacking incident on the 31st of March which caused a significant IT outage. The company initially described the hack as a cyber incident primarily impacting access to internal applications and reported that no data appeared to have been stolen. Shortly after, a ransomware group subsequently claimed credit for the attack, and Capita belatedly confirmed that sensitive data had…
“You Got Owned” Email Scam & What You Should Do (Trend Micro News) Have you received an email titled “Got You, You Got Owned?” Don’t follow any instructions because the “You Got Owned” email is a SCAM!
Telesign Trust Index a call to action for any enterprise that’s discounting cybersecurity (VentureBeat) Telesign Trust Index on cybersecurity shows digital fraud is jeopardizing consumer trust that brands will protect their privacy.
Expel Quarterly Threat Report - Q1 2023 (Expel) Our report surfaces the most significant data we’re seeing in our threat detection and response efforts and offers resilience recommendations to protect your organization.
Gaming Cyber Threats: Risks & Impacts (Imperva) Discover the rise of cyber threats in gaming. Uncover common attacks, their effects on companies and users, and why this industry is a target for hackers.
Why Are Manufacturers So Prone to Cyber Attacks? (Design News) The focus on uptime over security leaves manufacturers vulnerable to ransomware and other cybercrimes.
Human Error Fuels Industrial APT Attacks, Kaspersky Reports (Infosecurity Magazine) OT network admins grant access to employees or contractors without sufficient security measures
Your cybersecurity team called, they said it's time for a change (CyberWire) The cybersecurity industry as we know it needs help. The threat landscape is continuing to evolve, with attacks becoming increasingly frequent and complex by the day. This means defenders need to be at the top of their game
BIO-key International, Inc. Receives Notice of Non-Compliance from Nasdaq (GlobeNewswire News Room) BIO-key International, Inc. (Nasdaq: BKYI), an innovative provider of workforce and customer identity and...
Impact on Fortinet after cybersecurity incident will be minimal, says Goldman Sachs By Investing.com (Investing.com) Impact on Fortinet after cybersecurity incident will be minimal, says Goldman Sachs
Decoding SentinelOne's AI Edge: Next Big Leap In Cybersecurity (NYSE:S) (Seeking Alpha) SentinelOne demonstrates strong growth with a 92% YoY revenue increase in Q4 2022. Click here to learn more about S stock and its prospects in AI & cybersecurity.
SolarWinds Transforms Brand to Signify Ongoing Evolution, Portfolio Expansion, and Customer Empowerment (Business Wire) Refreshed version of iconic SolarWinds logo and vibrant new brand color palette honor company’s historic success while highlighting future vision
CrowdStrike adds generative AI assistant to security tools (Axios) CrowdStrike is the next major cybersecurity firm bringing generative AI into its product stack. Driving the news: CrowdStrike — a publicly traded company that provides a mix of cloud security tools, endpoint security, and incident response and threat intelligence products — rolled out its own generative AI assistant for customers Tuesday.
Booz Allen dinged for management plan in lost $2.5B NSA contract (Washington Technology) The National Security Agency liked CACI International's bid for the FocusedFox cyber and intelligence contract for more reasons than just price.
GAO Rejects 2nd Protest Over CACI's $2.5B NSA Contract (Law360) The Government Accountability Office has rejected Booz Allen Hamilton's protest over a $2.49 billion National Security Agency contract for analyst services awarded to CACI Inc.-Federal, saying that Booz Allen failed to timely challenge the agency's alleged failure to follow a rule requiring discussions with bidders.
Introducing The Daily Record’s 2023 Cybersecurity Power List (Maryland Daily Record) Those chosen for The Daily Record's first Cybersecurity Power List are at the cutting edge of technological advances to protect our digital assets.
Lantronix Announces CEO Transition and Continuity Plan (GlobeNewswire News Room) Lantronix Inc. (NASDAQ: LTRX), a global provider of secure turnkey solutions for the Industrial Internet...
Stephen Lee Hired as New Chief Sales Officer at Avalon (Avalon) Avalon, which offers technology-based services like digital forensics, cybersecurity, and eDiscovery, as well as business-critical document services, announced today that proven sales leader and legal outsourcing industry veteran Stephen Lee will serve as the company’s new chief sales officer.
High Wire Appoints Seasoned Tech Executive, Curtis Smith, as Chief Financial Officer (GlobeNewswire News Room) High Wire Networks, Inc. (OTCQB: HWNI), a leading global provider of managed cybersecurity and technology...
MISI Welcomes Veteran Technology Industry Leader Gregg Smith as CEO (Business Wire) USCYBERCOM’s successful Industry Days event held May 22-23 at MISI’s DreamPort facility highlighted the importance of collaboration between the private cybersecurity industry, academia and government
Bishop Fox Adds Cybersecurity Product and Engineering Veteran as Chief Product Officer (GlobeNewswire News Room) Kevin Tonkin joins as company’s first CPO to lead expansion of industry-leading Cosmos ASM and pen testing platform...
Ripjar Announces Integration With Amazon Security Lake (Ripjar) Ripjar’s Labyrinth for Threat Investigations software is now available on AWS to aid cybersecurity detection efforts LONDON, 31 May 2023: Ripjar, the
CyberCX recognised for leading managed security services (CyberCX) CyberCX, a leading provider of cyber security and cloud services, has been recognised for its world-class managed Security Operations Centre services. Security Operations Centres are an organisation’s first line of defence against the rapidly evolving threat landscape.
Sumo Logic Provides Cloud-Native Log Analytics for Samsung Electronics Bixby Virtual AI Assistant (GlobeNewswire News Room) Sumo Logic, the SaaS analytics platform to enable reliable and secure cloud-native applications,...
Aqua Security Delivers the Industry’s Most Comprehensive Cloud Native Security Data to AWS Security Lake (GlobeNewswire News Room) Rich data helps companies quickly detect, prioritize and mitigate cloud security risks throughout the entire software development lifecycle...
BackBox Releases Cisco CIS Benchmark Automation Templates (BackBox Software) These out-of-the-box automations deliver complete Level 1 and Level 2 CIS Benchmark compliance for Cisco network and security devices.
Centripetal Extends Innovative CleanINTERNET® Technology to the Cloud (Business Wire) With 12 years of patented development and IP innovation, Centripetal expands internationally with the opening of its European Cyber Intelligence Centre of Excellence in Ireland and the UK
Sift Accelerates Customer Time-to-Value with Rapid Deployment Capabilities and Vibrant Peer Community (GlobeNewswire News Room) With Starter Workflows and Access to “Sifters” Community, Customers Can Start Protecting Their Business From Fraud in Days, While Jumpstarting Growth...
Ping Identity Launches PingOne Protect: a New Way to Protect Against Identity Fraud (News Release Archive) Holistic detection prevents account takeover while reducing authentication fatigue DENVER, May 30, 2023 /PRNewswire/ -- Ping Identity, the intelligent identity solution for the enterprise,...
Rezilion Releases New Smart Fix Capability, Delivering Intelligent Guidance for Patching (Rezilion) Rezilion's Smart Fix feature offers critical guidance for patching so users can understand the most strategic upgrade to fix vulnerabilities.
SecuX and Trend Micro Collaborate to Launch Cold Wallet (Yahoo Finance) SecuX, a blockchain security and cryptocurrency hardware wallet company, has announced its collaboration with Trend Micro (TYO: 4704; TSE: 4704), a global cybersecurity leader, launching W20 Trend Micro edition cold wallet pre-loaded with Trend Micro ChainSafer blockchain reputation service. The W20 offers users comprehensive protection covering Web2 and Web3, enhancing authentication, anti-counterfeiting, and anti-fraud capabilities.
Centripetal Extends Innovative CleanINTERNET® Technology to the Cloud (Business Wire) With 12 years of patented development and IP innovation, Centripetal expands internationally with the opening of its European Cyber Intelligence Centre of Excellence in Ireland and the UK
Russian Security Firm Kaspersky Updates Partner Program - ChannelE2E: Technology News for MSPs & Channel Partners (ChannelE2E) Russian security software firm Kaspersky has announced a new update to its partner program, including new specializations.
Checkmarx Announces First GenAI-powered AppSec Platform, Empowering Developers and AppSec Teams to Find and Fix Vulnerabilities Faster (PR Newswire) Checkmarx, the global leader in application security solutions, announced its new AI Query Builders and AI Guided Remediation to help...
Data Theorem’s Leading AppSec Solution Wins 2023 Fortress Cyber Security Award for Application Security (Business Wire) Data Theorem’s API Secure Recognized for Uniquely Providing Agentless API Protection Capabilities with No Requirement for an Inline Network Proxy
Salt Security Attains AWS Security Competency Status (PR Newswire) Salt Security, the leading API security company, today announced that it has achieved Amazon Web Services (AWS) Security Competency status in...
Socure Achieves Industry Leading Accuracy in Verifying the Identities of Gen Z Consumers (Business Wire) Socure can now verify more than 70% of 18-year-olds opening their first accounts, far surpassing any other provider in the market
Cowbell and Skyward Specialty enter strategic partnership to expand cyber & Tech & EO coverage (PR Newswire) Cowbell, a leading provider of cyber insurance for small and medium-sized enterprises (SMEs), and Skyward Specialty Insurance Group Inc.™...
Intelligence agencies confronting challenges with multi-cloud environments (DefenseScoop) Intelligence agencies are confronting unique challenges associated with operating in multi- and hybrid-cloud constructs, according to senior officials.
CrowdStrike Introduces Charlotte AI, Generative AI Security Analyst - CrowdStrike (CrowdStrike) CrowdStrike announces a new generative AI security analyst to help users improve their ability to stop breaches. Learn more.
CyTaka CEO Unveils Artificial Intelligence Technologies that Could Help Train Hackers in the Field of Cyber (Benzinga) Doron Amir explains why it is so important to join the race to develop the quantum computer Tel Aviv, Israel --News Direct-- Doron Amir, CEO of CyTaka (the World Cyber...
How Generative AI Will Remake Cybersecurity (eSecurity Planet) In March, Microsoft announced its Security Copilot service. The software giant built the technology on cutting-edge generative AI – such as large language models (LLMs) – that power applications like ChatGPT.
US intelligence research agency examines cyber psychology to outwit criminal hackers (CyberScoop) An Intelligence Advanced Research Projects Activity project looks to study hackers' psychological weaknesses and exploit them.
The U.S. Department of Homeland Security Provides Award to Scribe Security through their 'Software Supply Chain Visibility Tools' Topic Call (PR Newswire) Scribe Security, a software supply chain security provider, announced today it has been chosen by the Department of Homeland Security (DHS)...
In the News | After a Cyber Attack: Dos and Don'ts for Higher Ed IT (ManagedMethods) Guest article by Charlie Sanders covers practical tips for IT teams in higher education institutions for responding to a cyber attack.
Spying for Human Rights (Foreign Affairs) Why documenting abuses should be part of the intelligence community’s job.
Third-party risks are a first priority for central banks (Central Banking) Cyber and concentration risks crystallise co-operation between critical infrastructure providers
Cabinet approves Irish involvement in cyber-threat network (BreakingNews.ie) Micheal Martin also secured approval for three other European Defence Agency projects relating to the procurement of Defence Forces equipment.
On tech, the EU doesn’t speak for Europe (POLITICO) When it comes to technology, the countries making the rules aren’t those leading the field.
International Cybersecurity Cooperation Looks Great on Paper, but Needs Work on Implementation (Global Americans) Cyber policymakers in the United States can take several steps to improve international cyber training coordination.
China warns of artificial intelligence risks, calls for beefed-up national security measures (AP NEWS) China has warned of the risks posed by advances in artificial intelligence while calling for heightened national security measures. The statement issued after a meeting Tuesday chaired by Communist Party leader and President Xi Jinping underscores the tension between the government’s determination to seize global leadership in cutting-edge technology and concerns about the possible social and political harms of such technologies. It followed a warning by scientists and tech industry leaders in the U.S., including high-level executives at Microsoft and Google, about the perils AI poses to humankind. The official Xinhua News Agency said Xi urged “dedicated efforts to safeguard political security and improve the security governance of internet data and artificial intelligence.”
A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn (New York Times) Leaders from OpenAI, Google DeepMind, Anthropic and other A.I. labs warn that future systems could be as deadly as pandemics and nuclear weapons.
Section 702 data led to State Department warnings about North Korean IT scams, official says (CyberScoop) State's intelligence division joins a chorus of Washington officials pushing to renew a controversial surveillance tool.
Debt ceiling agreement seeks to claw back IT funds from GSA, CISA (FedScoop) The Fiscal Responsibility Act of 2023 in its current form would also rescind some unobligated funds made available to the Justice Department CIO.
33 arrested as global money laundering service is shut down | Europol (Europol) With the support of Europol and Eurojust, money-laundering specialists from the Italian Guardia di Finanza uncovered a network of electronics companies located around the globe and seized EUR 18.5 million in assets. The intricate structure used companies in countries such as China, Türkiye, and the United States of America, amongst others. This complex web of companies allowed organised crime to...
Trump White House Aides Subpoenaed in Firing of Election Security Expert (New York Times) The special counsel is scrutinizing the dismissal of Christopher Krebs, who contradicted baseless claims by the former president that the 2020 election was marred by fraud.
Digital Health and Connected Device Companies Be on Alert: FTC Continues to Focus on Consumer Health Information in Recent Enforcement Action (cyber/data/privacy insights) In the post-Roe era, the federal government and state governments continue to focus on consumer digital health privacy. On May 17, 2023, the Federal Trade Commission (FTC) announced a settlement with Easy Healthcare Corporation (ECH) related to its Premom Ovulation Tracker mobile application. The se
A Q&A with Wazawaka: The FBI’s cyber Most Wanted says new designation won’t affect his work (Record) Mikhail Pavlovich Matveev, aka Wazawaka, tells the Click Here podcast team that the U.S. cybercrime case against him is exaggerated, and that he wants to help train young Russians in cybersecurity skills.
Jack Teixeira: What Went Wrong (ClearanceJobs) Your source for Security Clearance news and security-cleared job opportunities. Read "Jack Teixeira: What Went Wrong ". %
Sam Bankman-Fried Could Have Some Charges Dropped if Bahamas Objects (Wall Street Journal) The Justice Department said it would drop some of the criminal charges against FTX founder Sam Bankman-Fried if the Bahamas says they violate the terms of his extradition to the U.S.
Ex-Coinbase Manager Settles SEC’s Crypto Insider-Trading Claims (Wall Street Journal) The deal ends a lawsuit closely watched for its focus on which digital assets are securities.
For a complete running list of events, please visit the Event Tracker.
Women in Cybersecurity at Infosecurity Europe 2023 (London, UK, Jun 21, 2023) Infosecurity Magazine is excited to be hosting the seventh annual Women in Cybersecurity networking event at Infosecurity Europe on Wednesday 21 June 2023 Men still outnumber women in cybersecurity by three to one and overall representation of women in the sector is hovering at around 24%, according to (ISC)2’s Women in Cybersecurity report. That’s why it continues to be important to champion the achievements of women in our sector, build bridges with allies in the information security world and empower women both at the start of their careers and progressing up the ladder. Hosted by Infosecurity Magazine Editor, Beth Maundrill, this exclusive event will consist of networking, an exciting keynote presentation and a panel discussion featuring some of the industry’s most inspiring women.
2023 International Cybersecurity Championship and Conference (IC3) (San Diego, California, USA, Jul 31 - Aug 4, 2023) The International Cybersecurity Championship and Conference (IC3) event is designed to attract top talent and raise global awareness of the power of games to upskill the cybersecurity industry. Through its exciting, competition-based forum, the IC3 helps individuals further their cybersecurity education and skills. IC3 is designed with three primary components. The first is a speaker session showcasing top leaders in Cybersecurity Games and Exercises from around the world. The second is the hands-on expo of cyber games, immersive training, and exercises. Finally, the program includes the 2023 International Cybersecurity Challenge (ICC), a championship tournament featuring global teams (25 years and younger).
Women4Cyber Conference “Hacking Gender Barriers” (Madrid, Spain, Sep 26 - 27, 2023) The Women4Cyber Conference “Hacking Gender Barriers” will take place in September 2023 in Madrid. It will be the very first conference in Europe organised by Women4Cyber bringing women and men together to collaborate on building diversity in our field.
OT Cybersecurity Summit—Scotland (Aberdeen, Scotland, UK, May 29 - Jun 1, 2023) This brand new event will focus on how you can protect your fortress with the ISA 62443 series of standards and related training courses. Cybersecurity is a hot topic as supply chain risk emerges as a top concern in the energy sector. A cyber breach at any level in a supply chain has the potential to take down the whole operation. Regulators in the North Sea are asking contractors detailed questions about OT Cybersecurity, especially on operations classified as critical infrastructure. This increased scrutiny has resulted in more detailed contractual requirements. Insurance companies are also looking for specific details before writing a cybersecurity policy. ISA has established a series of industrial cybersecurity standards that serve as your roadmap to improve security and protect your operations with strategies such as zero-trust architecture and OPC/protocols.
US Cyber Open® Kick-Off Event (Virtual, Jun 1, 2023) US Cyber Open Kick-Off Event. SEASON III WHAT ARE THE US CYBER GAMES ALL ABOUT? -Why should I get into a career in cybersecurity? -What's the key to making the US Cyber Team? -Who are the coaches for Season III? Learn about these and more during our Season III Kick-Off event.
35th Annual FIRST Conference (Montréal, Québec, Canada, Jun 4 - 9, 2023) FIRST is an international non-profit association of Computer Security and Incident Response Teams (“CSIRTs”), Product Security and Incident Response Teams (“PSIRTs”), and independent security researchers from the public, private, and academic sectors. Membership comprises of over 600 teams with representation from over 100 nations. The annual conference provides a forum for sharing goals, ideas, and information on how to improve global cyber security. FIRST is a front-line enabler in the global response community, providing access to the best practices, tools, and trusted communication with its member teams. Named one of the Top 19 Information Security Conferences of 2020 by TripWire, the FIRST annual conference promotes worldwide coordination and cooperation among computer security and incident response teams (CSIRTs). The conference provides a forum for sharing goals, ideas, and information on how to improve computer security on a global scale.
IT Nation Secure 2023 (Orlando, Florida, USA, Jun 5 - 7, 2023) Network with peers to solve cybersecurity business challenges. Join us June 5-7 in Orlando to see how IT Nation Secure can help you transform your cybersecurity services, make meaningful connections, and ultimately protect your business and customers.
Techno Security & Digital Forensics Conference (Wilmington, North Carolina, USA, Jun 5 - 8, 2023) Techno Security & Digital Forensics Conference provides a unique education experience that blends the digital forensics and cybersecurity industries for collaboration between government and private sectors. The 2023 East edition of Techno Security & Digital Forensics Conference will feature educational sessions, industry-leading speakers, and sponsors/exhibits over four days of networking among cybersecurity and digital forensics industry professionals. Learn about new tools and techniques, discuss important case studies, and share insight on future trends and the current state of the industry. Educational sessions cover a wide range of topics within the following primary tracks from which CPE credits can be earned: Audit/Risk Management, eDiscovery (New!), Forensics, Information Security, Investigations, Magnet Forensics Lab, Cellebrite Lab, and Sponsor Demos. In addition to educational sessions, sponsoring/exhibiting companies will be on hand to introduce and demonstrate the latest products and services in the industry. Learn from industry experts, connect with leading suppliers, explore the latest tools, and network with cybersecurity and digital forensics professionals.
