Improved security and increased team productivity are just some of the benefits of adding a password manager to your security tech stack. Download 1Password’s latest guide to learn what to look for when evaluating a password manager so you can choose one that best suits your needs.
We're always looking for ways to improve the CyberWire, now N2K Cyber Network, to give you an intelligence-driven news experience that saves you time and keeps you in the know on the latest developments in cybersecurity. Please share your feedback in our 2023 Audience Survey and you will have a chance to win a $100 Amazon gift card. Take the survey.
PowerDrop, a new malicious PowerShell script, was discovered by researchers at Adlumin to have infected machines at an unspecified US aerospace defense contractor. The malware uses a combination of Windows PowerShell script and Windows Management Instrumentation (WMI) to create a new remote access trojan (RAT). “The usage of PowerShell for remote access is not new, nor is WMI-based persistence of PowerShell scripts or ICMP triggering and tunneling, but what is novel about this malware is that another code like it hasn’t surfaced before, and it straddles the line between a basic “off-the-shelf-threat” and the advanced tactics used by Advanced Persistent Threat (APTs) Groups,” researchers write. Though attribution remains inconclusive, Adlumin assesses that based on the target and living off the land tactics, it is likely that the threat actors are operating on behalf of a nation state. Mark Sangster, Vice President of Strategy at Adlumin, said, “While the core DNA of the threat is not particularly sophisticated, its ability to obfuscate suspicious activity and evade detection by endpoint defenses smacks of more sophisticated threat actors. The fact it targeted an aerospace contractor only confirms the likelihood of nation-state aggressors.” As of this writing it’s unknown whether this incident is part of a larger campaign targeting multiple organizations.
Register now for Mandiant’s mWISE security conference.
CERT-UA warned Monday of a Russian cyber campaign that prospects government and media targets for the purpose of collection. It uses LONEPAGE malware, a PowerShell script, to stage information stealers and keyloggers in its targets. The campaign, which has been active in the second half of last year, is consistent with recent Russian cyber operations in that its goal is espionage as opposed to either influence or sabotage.
The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.
With 84% of organizations experiencing an identity-related breach, identity is the new battlefield. As the pioneers of privileged access management, we started by protecting the most privileged users and most critical data. With intelligent privilege controls, today we’re applying the same levels of security and protection to every identity – both human and machine. CyberArk offers the most advanced identity security platform in the world, surrounding every identity with a powerful force field of continuous protection.
The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) have released a Joint Guide to Securing Remote Access Software. The guide centers around detecting and preventing the use of legitimate remote access software and common exploits that could be used against an organization.
One of the particular concerns about this software is that it is used in normal IT tasks. This allows the remote access tools to be exploited by threat actors who typically remain undetected by antivirus tools, or by endpoint detection and response (EDR) defenses. Abusing remote access software doesn’t require a threat actor to create a new capability. “Remote access software enables cyber threat actors to avoid using or developing custom malware, such as remote access trojans (RATs). The way remote access products are legitimately used by network administrators is similar to how malicious RATs are used by threat actors,” CISA explained in the guide.
The guide recommends, among other things, that organizations create a baseline of their normal activity and begin monitoring for unusual spikes that could indicate a compromise. For prevention and mitigation of this threat, the guide strongly encourages organizations to implement zero-trust solutions whenever and wherever possible. Adding safeguards that prevent users from accessing a large number of machines in a short amount of time can also mitigate risk. “Use safeguards for mass scripting and a script approval process. For example, if an account attempts to push commands to 10 or more devices within an hour, retrigger security protocols, such as multifactor authentication (MFA), to ensure the source is legitimate.” For further mitigation strategies please see the Joint Guide.
For an account of a recent case of such exploitation, see CyberWire Pro.
Your prospects are demanding SOC 2 and you're not closing deals without it. Scytale's security compliance automation platform helps companies get compliant and stay compliant with frameworks like SOC 2, ISO 27001, HIPAA, GDPR and PCI-DSS without breaking a sweat.
Save hundreds of hours with streamlined compliance and dedicated support, remain compliant all year round with automated monitoring and alerts, and most importantly, boost sales by providing proof of information security to your customers.
Researchers at Varonis discovered “an easily exploitable UI bug (CVE-2023-28299) in Microsoft Visual Studio extension installer that allows an attacker to spoof an extension signature and effectively impersonate any publisher.” The flaw can be exploited by opening the VSIX file as a ZIP file and adding newline characters to the extension name, which will hide the “Digital Signature: None” warning in the installation prompt. The threat actor can then add a phony digital signature label at the beginning of the file name. Microsoft fixed this flaw in April, and users are advised to ensure Visual Studio is up-to-date.
The International Legal Technology Association (ILTA) in partnership with the Conversant Group has released a joint research report detailing the disconnects between cybersecurity and legal personnel and practices. The survey benchmarks the cyber practices of law firms worldwide. Law firms are said to be an ideal target for malicious actors, between the storage of extremely sensitive business, civil or criminal, and personal data of clients, and the potential financial payoff for the hackers. Due to the sensitive nature of the data that can be lifted, law firms are said to be significantly more inclined to give in to the demands of a threat actor. As of the end of 2021, the report shares that almost a third of law firms saw a breach, and 36% reported the past presence of malware.
A surprisingly low number of law firms (15.5%) saw gaps in their cybersecurity protections, despite being a common target (and the research showing a significantly more elevated number than that). About three quarters of those surveyed believed they had a leg up on others in their industry in terms of cyber protections, though the researchers have found this to be unlikely. 65% of respondents also note the presence of lateral movement defenses, though the researchers have found the presence of only two offerings in the market that include later movement defenses, meaning that the understanding by the firms of what true “lateral movement defenses” are may be murky at best. (There may be some overconfidence here, counselors.)
Today's issue includes events affecting China, the European Union, Israel, NATO/OTAN, Russia, Ukraine, the United Kingdom, and the United States.
Ukraine at D+468: Dniepr Valley flooded. (CyberWire) Ukraine evacuates thousands downstream of the breached Nova Kakhovka dam. Increased fighting is reported along the front, as Ukraine probes Russian lines, advancing in some places five to ten kilometers.
Russia-Ukraine war: List of key events, day 469 (Al Jazeera) As the war enters its 469th day, these are the main developments.
Opinion D-Day dawns for Ukraine (Washington Post) It was bracing that Ukraine launched its counteroffensive against Russian invaders as we celebrate the anniversary of the 1944 D-Day landings this week. This assault could turn the tide of the battle for Ukraine, just as the Allied assault on the Normandy beaches altered the trajectory of World War II.
Exclusive: Ukraine has cultivated sabotage agents inside Russia and is giving them drones to stage attacks, sources say (CNN Politics) Ukraine has cultivated a network of agents and sympathizers inside Russia working to carry out acts of sabotage against Russian targets and has begun providing them with drones to stage attacks, multiple people familiar with US intelligence on the matter told CNN.
Ukraine’s summer counteroffensive is a key moment but long-term resolve remains crucial (Atlantic Council) Ukraine's summer counteroffensive is an important moment in the war with Russia but it is critical to maintain a sense of perspective and underline the need for long-term Western backing, writes Tennyson Dearing.
Ukraine war: Wagner boss rubbishes Russian claims of Ukrainian casualties (BBC News) Moscow says it inflicted 3,700 casualties on Kyiv on Monday, but Yevgeny Prigozhin calls the claim "absurd".
Three questions (and expert answers) about the dam collapse in Ukraine (Atlantic Council) Atlantic Council experts answer pressing questions about the broken Nova Kakhovka dam in southern Ukraine, including what it means for the ongoing war and if damaging it amounts to a war crime.
Ukraine and Russia accuse each other of blowing up key dam (NBC News) Coverage on the Nova Kakhovka dam attack.
After The Flood: What We Know About The Destroyed Ukrainian Dam And Its Consequences (RadioFreeEurope/RadioLiberty) The collapse of the Nova Kakhovka dam sent torrents of water flooding through Ukraine’s southern Dnieper River basin, prompting evacuations and inundating thousands of hectares of land. Among other consequences, it could cause the biggest environmental disaster of Russia’s full-scale invasion.
Ukraine war latest: Ukrainian dam destroyed in blow to counter-offensive (The Telegraph) A Ukrainian dam has been destroyed in a major blow to the counter-offensive.
Ukrainian dam destroyed in blow to counter-offensive (The Telegraph) Russia blamed for explosion that has unleashed wave of water, hindering troop movements and threatening nuclear power plant
Dam Busting: Russia Accused of Using Water as a Weapon, Thwarting Ukrainian Counter-Offensive in Kherson Region (The New York Sun) ‘From a tactical point of view,’ Kyiv ‘can forget about an offensive in Kherson,’ one Russian observer says after the destruction of a major dam across…
Collapse of major dam in southern Ukraine triggers emergency as Moscow and Kyiv trade blame (AP NEWS) The wall of a major dam in a part of southern Ukraine that Moscow controls collapsed Tuesday after a reported explosion, sending water gushing downriver and prompting dire warnings of ecological disaster as both sides in the war ordered residents to evacuate.
Dam breach could be Ukraine’s ‘worst ecological disaster since Chornobyl’ (the Guardian) Former minister makes grave warning as scientists wait for water to subside before assessing impact
Mass Evacuations Follow Breach Of Ukrainian Dam (RadioFreeEurope/RadioLiberty) Following the breach of the Nova Kakhovka dam in the Russian-occupied area of Ukraine's Kherson region, residents were urged to evacuate amid a warning that rising water levels would reach "critical levels" within hours.
Ukraine-Russia war latest: Britain warns of more flooding from dam break as thousands trapped (The Telegraph) Tens of thousands of people remain stranded in the area along the Dnipro river, Volodymr Zelensky has said, as British intelligence warned that the Kakhovka dam will see further flooding over the next few days.
What to know about the explosion at Ukraine’s Kakhovka dam (Washington Post) A major dam and a hydroelectric power plant close to the front lines in the south of Ukraine were damaged in a blast early Tuesday.
In destroying Ukraine's dams, Putin is following in Stalin's footsteps (The Telegraph) Their destruction not only disrupts troop movements, but can play a pivotal psychological role in a conflict
Ukrainian dam destroyed in blow to counter-offensive (The Telegraph) Russia blamed for explosion that has unleashed wave of water, hindering troop movements and threatening nuclear power plant
Putin’s wickedness knows no bounds (The Telegraph) Much of the world will see the destruction of the Nova Kakhovka dam as a war crime
Opinion The key to ending the war in Ukraine? Attacking Crimea. (Washington Post) In the coming weeks and months, Ukrainian forces have a real chance at achieving victory on the battlefield. The path to victory is anything but straightforward. But one way or another, it likely passes through Crimea.
Russia warns supplying Ukraine with US-built F-16 fighter jets would escalate conflict (The Hill) Russian officials warned that supplying Ukraine with U.S.-made F-16 fighter jets would escalate the war as it stretches into its 15th month.
U.S. had intelligence of detailed Ukrainian plan to attack Nord Stream pipeline (Washington Post) THE DISCORD LEAKS | The CIA learned last June, via a European spy agency, that a six-person team of Ukrainian special operations forces intended to sabotage the Russia-to-Germany natural gas project
Russia’s Strategic Failure in Ukraine (U.S. Department of State) Last week, when I was in Helsinki, Finland, I delivered a speech about the strategic failure of Russia’s war in Ukraine and about our continued efforts to support Ukraine’s defense of its territory, sovereignty, and democracy in pursuit of a just and lasting peace. Read the highlights below.
Is China preparing for a post-Putin Russia? (Atlantic Council) Xi Jinping and Vladimir Putin have famously proclaimed a "friendship without limits" but the Chinese leader may be looking to a post-Putin Russia and cultivating ties with Putin's PM Mikhail Mishustin, writes Anders Åslund.
How the West Can Secure Ukraine’s Future (Foreign Affairs) Kyiv needs a binding commitment before NATO membership.
Finland expels nine Russian diplomats over 'intelligence' work (Reuters) Finland will expel nine diplomats at the Russian embassy in Helsinki, accusing them of working on intelligence missions, the Finnish president's office said on Tuesday.
Ukraine Warns Against Cyberespionage Campaign (Gov Info Security) Ukrainian cyber defenders say they've identified a cyberespionage campaign active since mid-2022 that gained unauthorized access to "several dozen"
What It Takes to Join NATO, a Club Refreshed by Putin (Bloomberg) If Russia’s invasion of Ukraine was supposed to weaken the North Atlantic Treaty Organization and stop its eastward expansion — one rationalization offered by President Vladimir Putin — it backfired.
Opinion | The Eyes of the World Are Upon Ukraine (New York Times) The moral equivalent of D-Day is happening right now.
An Update on the Steps We are Taking to Protect MOVEit Customers (Ipswitch) We will continue to be as transparent as possible regarding the recently discovered vulnerability within MOVEit Transfer and MOVEit Cloud.
MoveIt hack: What action can data-breach victims take? (BBC News) Experts give advice to the more than 100,000 warned their personal data is in the hands of cyber-criminals.
Behind the Screen: Three Vulnerabilities in RenderDoc (Qualys Security Blog) The Qualys Threat Research Unit (TRU) has discovered three vulnerabilities in RenderDoc. This blog will delve into the details of these three newly discovered vulnerabilities found within RenderDoc'
PowerDrop: A New Insidious PowerShell Script for Command and Control Attacks Targets U.S. Aerospace Defense Industry (Adlumin SaaS Security) The Adlumin Threat Research discovered a new malicious PowerShell script called PowerDrop, targeting the U.S. aerospace industry.
New 'PowerDrop' PowerShell malware targets U.S. aerospace industry (BleepingComputer) A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry.
US Aerospace Contractor Hacked With 'PowerDrop' Backdoor (Dark Reading) Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.
New PowerDrop Malware Targeting U.S. Aerospace Industry (The Hacker News) PowerDrop, the malware designed to fly under the radar, has infiltrated the U.S. aerospace industry.
North Korean Attackers Target Google Account Credentials (Decipher) The North Korean Kimsuky group has targeted think tanks, academic institutions and news media organizations in order to steal their credentials and gather intelligence.
Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now (Naked Security) Chrome 0-day patched now, Edge patch coming soon.
Sextortionists are making AI nudes from your social media images (BleepingComputer) The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake content to perform sextortion attacks.
Malicious Actors Manipulating Photos and Videos to Create Explicit Content and Sextortion Schemes (IC3) The FBI is warning the public of malicious actors creating synthetic content (commonly referred to as "deepfakes"a) by manipulating benign photographs or videos to target victims.
7 tips for spotting a fake mobile app (WeLiveSecurity) Here are 7 common signs that a mobile app is sketchy and 7 tips for staying safe from mobile security threats in the future.
Expert weighs in on what's ahead following Augusta cyber-attack (WFXG) Augusta commissioners held their first regular meeting Tuesday for the first time since mid-May. City leaders say they’re working to get the network back to full capacity after a cyber-attack.
Google Patches Third Chrome Zero-Day of 2023 (SecurityWeek) Google has released a Chrome 114 security update that patches CVE-2023-3079, the third zero-day vulnerability patched in the browser in 2023.
Google Addresses Latest Zero-Day Affecting Chrome (Flashpoint) Google has addressed another zero-day vulnerability affecting Google Chrome, the third reported in the browser so far this year
Apple Unveils Upcoming Privacy and Security Features (SecurityWeek) Apple on Monday detailed new privacy and security features rolling out to both desktop and mobile users.
CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released two Industrial Control Systems (ICS) advisories on June 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft ICSA-23-157-02 Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series
Vulnerability and Threat Trends Report 2023 | Skybox Security (Skybox Security) Read the latest about emerging threats and vulnerabilities and how to proactively reduce cyber risks.
ILTA and Conversant Group Release First Cybersecurity Benchmarking Survey of the Legal Industry (PR Newswire) Law firms store some of the most sensitive information available regarding material business transactions, intellectual property, Personally...
The 2 BIG Exceptions to Financially Motivated Cybercrime (Cimcor) While money is the number one motivator behind cybercrime, there are two exceptions where the end goal isn't to turn a profit. One exception is...
Survey sees cyber resilience declining in smaller UK businesses (Continuity Central) Small and medium sized businesses (SMEs) in the UK have seen cyber resilience decline in the last year, according to new research from Censornet. Over half (51 percent) of SMEs believe their cyber security requires development to be future-proofed, up from 40.5 percent the previous year.
Cybersecurity Marketing Strategies: How to Influence Purchasing Behaviour in a Tough Economic Climate (CCgroup) Exploring the impact of the economic climate and industry skills gap on the cybersecurity buying landscape, identifying the top investment solutions, key factors driving purchase decisions, and the most effective channels and content for generating vendor awareness and driving selection.
Outpost24 acquires external attack surface management provider Sweepatic | Outpost24 blog (Outpost24) Outpost24, a leading cybersecurity risk management platform, today announced the acquisition of Sweepatic.
Backed by $15 million Series B Funding, Blumira Launches Easy XDR Platform for Small & Medium Business (PR Newswire) Blumira, a leading provider of detection and response technology, announced the launch of its XDR platform to provide enterprise-level security...
M&T Bank Corp Invests $202,000 in CyberArk Software Ltd. (NASDAQ:CYBR) (MarketBeat) M&T Bank Corp bought a new stake in shares of CyberArk Software Ltd. (NASDAQ:CYBR - Get Rating) in the fourth quarter, according to the company in its most recent Form 13F filing with the Securities and Exchange Commission (SEC). The institutional investor bought 1,581 shares of the technology com
Deep Instinct Appoints Two New Executives to Drive Demand for Prevention-first Cybersecurity (Business Wire) Jim Ortbals will support channel programs while Ryan Vaupel will lead operations
DTEX Systems Appoints Dave Salverson as Chief Financial Officer to Help Lead the Next Stage of Company Growth (Business Wire) Former Hazelcast and Shape Security Finance and Operations Executive Brings More Than 25 Years of High-Growth Leadership Amid Rising Demand for Human-Centric Insider Risk Management Solutions
AttackIQ to Deliver Breach and Attack Simulation Solutions to Government Agencies Through Four Inc.’s GSA Schedule (Business Wire) GSA Approval Provides Government Agencies with the Ability to Purchase Leading Continuous Security Validation Solutions
Upstream Security Joins BlackBerry IVY Partner Ecosystem to Protect Software-Defined Vehicles from Cyber Threats (BlackBerry) BlackBerry Limited (NYSE: BB; TSX: BB) today announced a partnership with leading automotive cybersecurity platform, Upstream Security to enable automakers to strengthen the overall security posture of their vehicles, by leveraging the rich telemetry data and edge compute capabilities from BlackBerry IVY.
NowSecure Launches Major Update to NowSecure Academy Online Training with New Role-Based Learning Paths and Certifications (News Direct) Free to start, new mobile app security and developer-focused learning paths designed for individuals and teams to level up their skills and build high quality, secure mobile apps faster
Lacework’s new CIEM uses ML to fish out high-risk identities (CSO Online) The new CIEM will merge with existing threat detection capabilities to consolidate Lacework’s cloud security offering.
Lumen Technologies Partners with KnowBe4 to Address Growing Need for Cybersecurity Awareness in APAC Organisations (Taiwan News) Lumen Technologies Partners with KnowBe4 to Address Growing Need for Cybersecurity Awareness in APAC Organisations | 2023-06-07 13:55:00
Netskope Intelligent SSE Selected by Transdev to Secure and Connect its Hybrid Workforce (Dark Reading) Implementation is part of Transdev's Cloud-First approach to better manage technological obsolescence.
Radiflow’s CIARA 4.0 Delivers Actionable Insights to Simplify the Management of OT Cyber Risk at Industrial Facilities (EEJournal) Tel Aviv, Israel, June 6, 2023 – Radiflow, creators of the award-winning OT cybersecurity platform, CIARA, announced the general availability of CIARA 4.0. This release introduces a leading benchma…
New Integration between Join and Egnyte Centralizes Document Management and Ensures Compliance for the AEC Industry (Construction Dive) Construction industry news, trends and jobs for building professionals who want mobile-friendly content.
BlackBerry and Upstream Security join forces to protect software-defined vehicles (IT Security News) BlackBerry announced a partnership with Upstream Security to enable automakers to strengthen the overall security posture of their vehicles, by leveraging the rich telemetry data and edge compute capabilities from BlackBerry IVY. Upstream’s cloud-native Vehicle Detection and Response (V-XDR) platform identifies automotive cybersecurity threats, anomalies and operational insights and is used by many of the
Kaspersky Releases Tool to Detect Zero-Click iOS Attacks (Infosecurity Magazine) Fallout from Operation Triangulation continues
Commvault Redefines Data Protection with New Security Capabilities and Ecosystem Integrations to Combat Increasingly Sophisticated Cyber Threats (Commvault) Latest Innovations Automatically and Intelligently Spot and Engage Cyberthreats, Minimizing Production Data Risks and Eliminating Costly Interruptions Within Five Minutes –
Sentra Launches ChatDLP Anonymizer Browser Extension to Avoid Sensitive Data Leaks in Public Language Models (PR Newswire) Sentra, the cloud data security leader, today announced Sentra ChatDLP Anonymizer, a new feature that redacts Personal Identifiable Information...
Snyk Announces Next Big Leap in DevSecOps With Ability of Enterprises to Now Secure Their Software Supply Chains at Scale (GlobeNewswire News Room) Company Accelerates Developer-First Innovation with Acquisition of Enso Security, Unveiling of New Application Security Posture Management Solution and...
AU10TIX Unveils Identity Verification Suite to Elevate Customer Experience % (AU10TIX) Forward-thinking Identity Management Portfolio Brings Clarity and User-Friendliness to Complex Market; Also Includes Serial Fraud Monitor and Reusable Digital ID
Island Sets a New Standard for Password Management and Security; Easy for Users, Secure for Enterprises (Business Wire) Breakthrough approach vastly simplifies enterprise-wide adoption of password best practices while creating new protections around their use within corporate applications
Fortinet Expands Global Secure SD-WAN and SASE Presence with New MSSP Partnerships (Fortinet) Fortinet Secure Networking Solutions Enable Seamless Transition from Managed SD-WAN to SASE, ZTNA, and SD-Branch Services, Creating New Revenue Streams for MSSPs
Tines Launches Cases to Optimize Automation and Improve Operational Efficiency Across the Enterprise (PR Newswire) Tines, the no-code automation platform for security teams, today launched Cases, a powerful and intuitive new solution for case management....
Nile and Palo Alto Networks Partner to Strengthen Enterprise Campus Security (PR Newswire) Nile, a global leader in enterprise Network as a Service (NaaS), today announced a new integration with Palo Alto Networks, the global leader...
Velotix Releases Modular Architecture for its Data Security Platform | (Velotix) Velotix Releases Modular Architecture for its Data Security Platform to Achieve Maximum Data Utilization with ...
CISA and Partners Release Joint Guide to Securing Remote Access Software (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA, Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) released the Guide to Securing Remote Access Software.
NSA and Co-Authors Recommend Best Practices to Secure Remote Access Software (National Security Agency/Central Security Service) Legitimate remote access software is being used by cyber actors to access victims’ systems, blend in with regular network activities, and evade detection.
Guide to Securing Remote Access Software (Cybersecurity and Infrastructure Security Agency CISA) This document, the Guide to Securing Remote Access Software, provides organizations with a remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations.
Army 'on the cusp of greatness' with its critical EW programs (Breaking Defense) The Army is progressing in its EW portfolio "after a few solid years of investment, lots of support from the Army and from [the Defense Department]," Kenneth Strayer said.
G20: Experts deliberate on cyber security exercise for banking sector (Devdiscourse) The G20 International Conference on "Cyber Security Exercise for the Banking Sector" under India's G20 Presidency was held in Mumbai.
Cyber Yankee prepares DoD, government, and business for potential cyber threats (DVIDS) Started in 2015, Cyber Yankee is the premier regional cyber training event for defense, state and federal agencies, and key utility companies to rehearse prevention and response best practices. And, unlike other cyber-focused training events which focus entirely on threats against the DoD’s information Network (DODIN), Cyber Yankee is the only military exercise which focuses on critical infrastructure and key resources that directly affect the American people.
More cyber security future proofing is needed says Basingstoke-based Censornet (The Business Magazine) Cyber Security needs future proofing for half of British businesses, says Basingstoke-based Censornet in its latest 2023 SME Cyber Report. Small and medium sized businesses (SMEs) in the UK have seen...
Security leaders implement third-party security measures (Security Magazine) IT professionals and navigating the threat landscape were analyzed in a recent report by Ironscales and Enterprise Security Group (ESG).
What security leaders can learn from Smashing Pumpkins hacker attack (Security Magazine) While stealing music from a band might not be equal to obtaining and releasing customer personal information, there are still lessons to learn from this incident.
Mark Zuckerberg Is the Hero AI Needs (The Information) From Silicon Valley to Washington, America has suddenly woken up to the risks of artificial intelligence. While Congress is just beginning conversations over how to regulate AI, the technology is advancing at an astonishing pace. Rather than indulge the fantasy that regulation will establish a “ ...
Apple Ghosts the Generative AI Revolution (WIRED) Apple unveiled the Vision Pro headset and a number of AI-powered features yesterday, but largely ignored generative AI applications embraced by Google and Microsoft.
Don’t Want Students to Rely on ChatGPT? Have Them Use It (WIRED) It’s easy to forget how little students and educators understand generative AI’s flaws. Once they actually try it out, they’ll see that it can’t replace them.
Ground Rules for the Age of AI Warfare (Foreign Affairs) How to keep autonomous weapons from stumbling into conflict.
The Coming Fight Over American Surveillance (Foreign Affairs) What’s at stake as Congress considers FISA reform.
Examining the US Data Privacy Landscape in the First Half of 2023 | National Law Journal (National Law Journal) The U.S. is taking a serious step toward a national data privacy standard this year. As businesses navigate new legislation and future compliance obligations, having a strong understanding of the legal landscape around protecting personal data and a willingness to implement a comprehensive data privacy compliance strategy will be crucial.
Gov. DeSantis signs data privacy bill (CBS News) The new law is meant to give people more control over data collected by technology companies
With 'big tech' in DeSantis’ crosshairs, Florida becomes 10th state with data privacy law (Record) The governor, a presidential candidate, touted the law's focus on how large companies collect and use personal data. But privacy experts note that the law doesn't apply to wide swaths of the online economy.
Cyber Command, NSA prepare for a new set of leaders (Axios) The U.S. Cyber Command is set to get a new group of leaders as the threat landscape becomes more complex and difficult to navigate.
Federal Cyber Oversight of Critical Infrastructure is Failing, Report Warns (Wall Street Journal) The system for managing cyber risk among U.S. critical infrastructure sectors is outdated, cumbersome, and risks damaging private-sector cooperation, the successor group to a Congressional commission said in a report released Wednesday.
White House quiet on national cyber director choice, senator says (Axios) The White House has not shared much of anything with lawmakers about who the administration thinks should be the next national cyber director, a top cyber-minded senator told Axios.
Another Resolution by DOJ Pursuant to its Civil Cyber-Fraud Initiative Highlights Continued Efforts to Hold Companies Accountable for Ensuring Data are Secured (JD Supra) We previously wrote about the United States Department of Justice’s (“DOJ”) Civil Cyber-Fraud Initiative (“CCFI”), which “aims to hold accountable...
Expert explains how to protect your data after Mercer University hit with lawsuit due to data breach (WMAZ) Information that was potentially swiped include financial account and Social Security numbers, the lawsuit reads.
For a complete running list of events, please visit the Event Tracker.
Authenticate 2023 (Carlsbad, California, USA, Oct 16 - 18, 2023) It’s time to modernize your authentication! Organizations around the globe are embracing a new way to authenticate with FIDO standards, moving past passwords and legacy forms of multifactor authentication to provide users with passkeys for phishing-resistant sign-ins. Their results? Strong security, lessened data breach risk, improved user experiences, faster sign-in rates, and reduced costs. Join these industry leaders as they come together at Authenticate 2023, and get the latest tools and insights to get your organization on the path to strong, modern passwordless authentication. Hosted by the FIDO Alliance, Authenticate is the industry’s only conference dedicated to all aspects of user authentication – including a focus on FIDO-based sign-ins. It is the place for CISOs, business leaders, product managers, security strategists and identity architects to get all of the education, tools and best practices to roll out modern authentication across web, enterprise and government applications.
35th Annual FIRST Conference (Montréal, Québec, Canada, Jun 4 - 9, 2023) FIRST is an international non-profit association of Computer Security and Incident Response Teams (“CSIRTs”), Product Security and Incident Response Teams (“PSIRTs”), and independent security researchers from the public, private, and academic sectors. Membership comprises of over 600 teams with representation from over 100 nations. The annual conference provides a forum for sharing goals, ideas, and information on how to improve global cyber security. FIRST is a front-line enabler in the global response community, providing access to the best practices, tools, and trusted communication with its member teams. Named one of the Top 19 Information Security Conferences of 2020 by TripWire, the FIRST annual conference promotes worldwide coordination and cooperation among computer security and incident response teams (CSIRTs). The conference provides a forum for sharing goals, ideas, and information on how to improve computer security on a global scale.
IT Nation Secure 2023 (Orlando, Florida, USA, Jun 5 - 7, 2023) Network with peers to solve cybersecurity business challenges. Join us June 5-7 in Orlando to see how IT Nation Secure can help you transform your cybersecurity services, make meaningful connections, and ultimately protect your business and customers.
Techno Security & Digital Forensics Conference (Wilmington, North Carolina, USA, Jun 5 - 8, 2023) Techno Security & Digital Forensics Conference provides a unique education experience that blends the digital forensics and cybersecurity industries for collaboration between government and private sectors. The 2023 East edition of Techno Security & Digital Forensics Conference will feature educational sessions, industry-leading speakers, and sponsors/exhibits over four days of networking among cybersecurity and digital forensics industry professionals. Learn about new tools and techniques, discuss important case studies, and share insight on future trends and the current state of the industry. Educational sessions cover a wide range of topics within the following primary tracks from which CPE credits can be earned: Audit/Risk Management, eDiscovery (New!), Forensics, Information Security, Investigations, Magnet Forensics Lab, Cellebrite Lab, and Sponsor Demos. In addition to educational sessions, sponsoring/exhibiting companies will be on hand to introduce and demonstrate the latest products and services in the industry. Learn from industry experts, connect with leading suppliers, explore the latest tools, and network with cybersecurity and digital forensics professionals.
Telecom Threat Intelligence Summit 2023 (Virtual, Jun 6 - 7, 2023) An event dedicated to improving cyber security outcomes for the telecom sector and its customers through better use of cyber threat intelligence. TTIS 2023 serves as a forum for advancing best practise as regards threat intelligence sharing between telcos in different countries as well as within their domestic markets; between telcos and other leading actors in the ICT ecosystem; between telcos and their customers; and between different groups and departments within the telco organisation.
ENISA AI Cybersecurity Conference (Brussels, Belgium, Jun 7, 2023) The AI Cybersecurity conference aims at discussing key aspects of cybersecurity in AI systems as well as challenges associated with implementation and supervision of secure and trustworthy AI. This conference will provide an opportunity to bring the AI cybersecurity community together and share experiences, challenges and good practices; discuss developments, initiatives and challenges related to implementing of cybersecurity in AI; and raise awareness on the need to promote cooperation between different stakeholders for effective AI cybersecurity.
