Chinese cyberespionage against Iran. Threats to industrial systems. CISA updates. Notes on the hybrid war.

Summary

By the CyberWire staff

At a glance.

Chinese cyberespionage reported against Iran.
DNV recovering from ransomware.
Other attacks against industrial systems.
CISA adds to its Known Exploited Vulnerability Catalog.
CISA releases four ICS advisories.
A side-effect of Russia's war: a drop in paycard fraud.
The persistence of nuisance-level hacktivism.

Chinese cyberespionage reported against Iran.

Palo Alto Networks’ Unit 42 has published a report describing “Playful Taurus” (also known as APT15 or Vixen Panda), a Chinese threat actor known for carrying out cyberespionage campaigns against government and diplomatic entities around the world. In this case, Playful Taurus is targeting government entities in Iran with a new version of its Turian malware. The threat actor appears to have compromised the networks of at least four Iranian government organizations, including Iran’s Ministry of Foreign Affairs. The new version of the threat actor’s malware includes “some additional obfuscation and a modified network protocol.” For more on Playful Taurus, see CyberWire Pro.

Ready to make the switch to 1Password? It’s easy!

Bank logins. Confidential project files. Your grandma's super-secret shortbread recipe. Everything your team or business stores in 1Password is protected by our industry-leading encryption models – because security isn't just a feature. It's our foundation. And with dedicated onboarding and customer success teams at your disposal, switching is easier than you think.

DNV recovering from ransomware.

According to the LoadStar, the ship classification society DNV has disclosed that its ShipManager fleet management software was hit by a ransomware attack on January 7th. DNV says approximately one thousand vessels belonging to seventy of its customers have been affected:

"DNV experts have shut down ShipManager’s IT servers in response to the incident. All users can still use the onboard, offline functionalities of the ShipManager software."

"There are no indications that any other software or data by DNV is affected. The server outage does not impact any other DNV services. DNV experts are working closely with global IT security partners to investigate the incident and to ensure operations are online as soon as possible. DNV is in dialogue with the Norwegian police about the incident. DNV is communicating daily with all 70 affected customers to update them on findings of the ongoing forensic investigations. In total around 1000 vessels are affected.

"We apologize for the disruption and inconvenience this incident may have caused."

TradeWinds reports that as of January 17th, DNV was still working to bring ShipManager back online. For more on the ShipManager incident, see CyberWire Pro.

Doing Threat Intel is Really Difficult - Try a Managed Intel Service

Why are you struggling with interpreting threat intel by yourself? Engage Nisos to achieve better risk insights and outcomes. Rely on the experts with a managed service that gives you the people, process, and technology to control costs while improving your defenses. Nisos leverages automation efficiency and analyst expertise that eliminates noise, identifies risks, and prioritizes your company-specific threats. We help you respond to threats faster and more effectively through assessments, monitoring, and investigations.

Other attacks against industrial systems.

Nozomi Networks has released its OT/IoT Security Report for the second half of 2022, highlighting disruptive attacks against the transportation and manufacturing industries.

The researchers describe a cyberattack that hit rail technology manufacturer Continental in November. The attackers stole more than forty terabytes of data, which they threatened to publish on the dark web unless the company paid a $50 million ransom. Continental refused to pay the ransom, stating that “it would only help fund continued attacks on the security of critical infrastructure such as utilities and hospitals, educational institutions and the economy.”

Nozomi notes that “attacks against rail systems have been growing in frequency, making this sector an attractive target to all threat actor types at play (i.e. nation-state, hacktivists, cybercriminals).”

Nozomi also outlines wiper attacks against three Iranian steel companies: the Mobarakeh Steel Company, (MSC), Khouzestan Steel Company (KSC) and Hormozgan Steel Company (HOSCO). These attacks were claimed by the hacktivist group Gonjeshke Darandehat (also known as Predatory Sparrow), though the BBC cites experts who suspect the attacks may have been carried out by a state-sponsored actors.

CISA adds to its Known Exploited Vulnerability Catalog.

CISA, the US Cybersecurity and Infrastructure Security Agency, has added CVE-2022-44877 to its Known Exploited Vulnerability Catalog. "CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter." Federal civilian Executive agencies have until February 7th to "apply updates per vendor instructions."

CISA releases four ICS advisories.

The US Cybersecurity and Infrastructure Security Agency (CISA) on January 17th released four industrial control system (ICS) advisories, affecting GE Proficy Historian, Mitsubishi Electric MELSEC iQ-F, iQ-R Series, Siemens SINEC INS, and Contec CONPROSYS HMI System (CHS) (Update A).

A side-effect of Russia's war: a drop in paycard fraud.

In the course of surveying paycard fraud during 2022, Recorded Future's Insikt Group noticed a 62% drop in stolen cards being hawked or dumped on the dark web. That drop, Infosecurity Magazine points out, coincides with Russia's invasion of Ukraine. The drop came in two waves. The first was occasioned by an unexpected crackdown on (some) cybercriminal gangs in January of 2022. “The governing theory is that Russia sought to signal its intent to cooperate with the West against cybercrime should the West acquiesce to Russian demands regarding Ukraine,” Recorded Future says. Any expectation of Western good will was soon seen to be a false light. The second wave took place after the invasion proper, and once it became clear that the war Russia had unleashed was going to be far more protracted than anyone expected. “After April, slack carding demand and depressed volumes of ‘fresh’ records were likely a result of Russia’s war," the report continues. "It is highly likely that the war has significantly impacted Russian and Ukrainian threat actors’ ability to engage in card fraud as a result of mobilization, refugee and voluntary migration, energy instability, inconsistent internet connectivity and deteriorated server infrastructure. Russian-occupied areas of the Donbas region of Ukraine were long suspected to have hosted cyber-criminal server infrastructure.” Thus there were issues with respect to criminal infrastructure. Not mentioned is another possibly contributing cause: the mobilization of gangs as cyber auxiliaries of the Russian intelligence and security services. This sector of the criminal underground economy is likely to continue to see a downturn as long as the war continues.

The persistence of nuisance-level hacktivism.

Russian threat actors allegedly disrupted a Ukrainian news conference yesterday, Axios reports. "We just faced a cyberattack on our information platform committed by Russia," Media Center Ukraine, the service convening the event said. "We understand they don't like to hear the truth about this war, but we're not to be stopped, we are online, we are broadcasting." The news conference was set to include an interview with Yurii Shchyhol, Head of State Service for Special Communications and Information Protection, who was to offer an overview of Russian cyber operations during its war against Ukraine. The delay was brief; the interview has since been posted by Ukrinform.

The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.

Notes.

Today's issue includes events affecting Armenia, Azerbaijan, the Bahamas, Denmark, Estonia, the Faroe Islands, Finland, Germany, Greenland, Iceland, Iran, Democratic People's Republic of Korea, Malaysia, NATO/OTAN, Norway, Russia, Serbia, Sweden, Ukraine, the United Kingdom, and the United States.

Dateline Moscow and Kyiv: Doubling down on the special military operation.

Ukraine at D+328: Russia takes Soledar, announces military expansion. (CyberWire) Russia has announced a reorganization and expansion of its military, and framed it as a response to the West's "proxy war."

Russia-Ukraine war: List of key events, day 329 (Al Jazeera) As the Russia-Ukraine war enters its 329th day, we take a look at the main developments.

Ukraine-Russia war latest: Ukraine 'can't rule out' sabotage in helicopter crash (The Telegraph) Ukraine's security service said it could not rule out human error or deliberate sabotage after one of Ukraine's most powerful ministers was killed in a catastrophic helicopter crash, writes Roland Oliphant.

Ukraine's interior ministry leadership killed in helicopter crash (BBC News) Ukraine's interior minister, his deputy, and another official are among 14 killed in the crash.

Russia’s war in Ukraine has killed ‘more than 9,000 civilians’ (Al Jazeera) Presidential aide announces grim toll at the WEF in Davos as Ukraine’s first lady appeals for support.

‘My hands were boiled and my fingernails were pulled out by the Russians. I was a living corpse’ (The Telegraph) Ukrainian woman recalls horror of treatment by her captors in Kherson as part of the Kremlin’s brutal campaign of torture

Calls for special tribunal for Russia’s ‘war crimes’ in Ukraine (Al Jazeeera) European Commission chief von der Leyen says the war in Ukraine is ‘a fight of democracy against autocracy’.

Will a special Ukraine tribunal really happen? (Yahoo) Could Russian President Vladimir Putin one day stand in the dock in The Hague?While the ICC could charge Russian soldiers and commanders on the ground, Baerbock said it was "important that the Russian leadership cannot claim immunity."

Ukrainian adviser quits after claims over Russian missile that killed dozens (the Guardian) Oleksiy Arestovych said rocket that hit Dnipro building detonated after being downed by Ukraine forces

Russia to Boost Troops in West, Expanding Army to 1.5 Million People (Military.com) New structures in the regions around Moscow, St. Petersburg and Karelia on the border with Finland will be created under the program, Defense Minister Sergei Shoigu told commanders.

Russia to make 'major changes' to armed forces from 2023 to 2026 (Reuters) Russia said on Tuesday that it would make "major changes" to its armed forces from 2023 to 2026, promising to shake up its military structure after months of setbacks on the battlefield in Ukraine.

Moscow Details Plan to Boost Military as Ukraine Warns of Fresh Russian Offensive (Wall Street Journal) Russia provided a timetable for the troop increase it outlined in December as Ukraine warned that Moscow may be preparing an offensive.

Putin's comments underline growing Russian concern over jet, tank production (Breaking Defense) Experienced observers of Russia’s defense sector point out that the US-led sanctions have a disproportionate effect on aerospace production, more so than any other sector.

Putin’s new top commander in Ukraine has revenge in his sights (The Telegraph) After half a century in the military, General Valery Gerasimov has been handed his toughest task yet

Serbia slams Russia’s Wagner group for Ukraine recruitment bid (Al Jazeera) Serbian President Vucic denounces Russian websites and social media groups for calling on volunteers to join the war.

A Tale of Two Failed Armies (Military.com) Russia's most recent debacle, the latest in a long string caused by tactical incompetence in the Ukraine, highlights the lack of leadership, training and combat discipline that plagues the Russian army from top down.

Renewed Armenia-Azerbaijan Conflict Underlines Russia’s Waning Influence (New York Times) Russia helped end a 2020 war and its troops policed the cease-fire. But with a new crisis in the Caucasus heating up, Moscow, distracted and weakened by Ukraine, has not intervened.

'We need to send' Putin a message: UK minister on why tanks are now going to Ukraine (Breaking Defense) The decision to send the Challenger 2 tanks to Kyiv was influenced by an understanding that Ukraine now “needs the ability to push back hard in the East and the South [of the country],” said James Cleverly, UK foreign secretary.

Ben Wallace makes thinly veiled criticism of Germany’s reluctance to send battle tanks to Ukraine (The Telegraph) Defence Secretary joins call for Leopard IIs to be sent to the front line, as he announces new British military aid for Kyiv

Germany to appoint regional official as defense minister (Defense News) The defense minister-designate, Boris Pistorius, is a member of the Social Democratic Party, and has served as interior minister of Lower Saxony state.

Germany won’t act alone in sending tanks to Ukraine, says Olaf Scholz (The Telegraph) Comments come after economy minister says Germany likely to approve export declarations only if US sends battle tanks first

Ukraine finally getting Western tanks (Task & Purpose) The British are giving Ukraine Western-made main battle tanks.

US, Ukraine top military chiefs meet in person for 1st time (AP NEWS) The top U.S. military officer, Army Gen. Mark Milley, traveled to a site near the Ukraine-Poland border on Tuesday and talked with his Ukrainian counterpart face to face for the first time — a meeting underscoring the growing ties between the two militaries and coming at a critical time as Russia's war with Ukraine nears the one-year mark.

Top U.S. general meets Ukrainian counterpart near edge of war zone (Washington Post) It was the first in-person meeting between Gen. Mark Milley and Gen. Valery Zaluzhny. Milley shared his impressions of a Ukrainian unit training with U.S. troops, aides said.

Secretary of Defense, Chairman of the Joint Chiefs Travel to Germany for Ukraine Defense Contact Group Meetings (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III will travel to Ramstein Air Base, Germany, to conduct an in-person meeting of the Ukraine Defense Contact Group on January 20.

Ukrainian troops arrive at Fort Sill to train on Patriot missile system, Pentagon says (Stars and Stripes) Roughly 100 Ukrainian troops have arrived in the United States to begin training on how to operate and maintain the Patriot missile system to help Ukraine fight off Russian aerial attacks.

Pentagon Sends U.S. Arms Stored in Israel to Ukraine (New York Times) Israeli officials had initially expressed concerns that the move could damage its relations with Russia.

Western Aid to Ukraine Is Still Not Enough (The Atlantic) Any result other than a victory for Kyiv will make the world a more dangerous place for all of us.

Congress Must Create a Strategic Power Equipment Reserve (Foreign Policy) A backup supply of electrical grid equipment is needed to defend against grid attacks at home and make Ukraine more resilient in the face of…

Why Has the West Stepped Up on Humanitarian Aid to Ukraine? (World Politics Review) What drives the disproportionate amount of humanitarian aid going to Ukraine and Ukrainian refugees compared to crises outside Europe?

Estonia buys 12 more howitzers amid ‘lessons from Ukraine’ (Defense News) The deal increases the country's number of South Korean-made K9 Thunder weapons to 36.

Nordic states to develop common cybersecurity strategy (Defense News) Norway is taking the lead to develop a defense-focused common cybersecurity strategy for the Nordic region.

Russia's Ukraine War Drives 62% Slump in Stolen Cards (Infosecurity Magazine) Mobilization, migration and infrastructure issues hit fraudsters hard

Russian hackers allegedly tried to disrupt a Ukrainian press briefing about cyberattacks (Axios) The livestream of the press conference was slow and patchy as the group responded to a Russian cyberattack.

Russia’s Fifth Column in Ukraine Is Alive and Well (Foreign Policy) A year after the invasion, Ukraine is riddled with Russian collaborators and sympathizers.

Resisting Russia one artwork at a time (Atlantic Council) “Women at War,” a new US exhibition featuring a variety of works by twelve female Ukrainian artists, is a symbol of defiance to the Kremlin’s latest attempt to expunge Ukraine’s heritage.

Attacks, Threats, and Vulnerabilities

Chinese Playful Taurus Activity in Iran (Unit 42) Chinese APT Playful Taurus is using a new backdoor named Turian. Analysis suggests several Iranian government networks have likely been compromised.

Mitigating the North Korean Cybersecurity Threat (Security Boulevard) Cybersecurity firm Kaspersky recently published an analysis that detailed how a North Korean threat actor, which it called the BlueNoroff group, is

Armed Force foils four hacking attempts on national defence network, says cyber D-G (Malay Mail ) The Malaysian Armed Forces (ATM) identified four possible attempts to hack into the national defence communication network recently. ATM Cyber and...

Hackers turn to Google search ads to push info-stealing malware (BleepingComputer) Hackers are setting up fake websites for popular free and open-source software to promote malicious downloads through advertisements in Google search results.

Cybersecurity Experts Cast Doubt on Hackers' ICS Ransomware Claims (SecurityWeek) Hacktivists have made bold claims about conducting the first ever ransomware attack on an ICS RTU device, but experts have questioned their claims.

A royal mess in the U.K. points to the risks of cyberattacks on mail delivery (Washington Post) U.K. Royal Mail incident demonstrates how harmful cyberattacks can be on the industry

Serious Security: Unravelling the LifeLock “hacked passwords” story (Naked Security) Four straight-talking tips to improve your online security, whether you’re a LifeLock customer or not.

Nissan North America data breach caused by vendor-exposed database (BleepingComputer) Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information.

Privacy, Identity Theft and Data Security Breaches (Office of the Maine AG: Consumer Protection) Type of Organization: Other Commercial Entity Name: Nissan North America, Inc. Street Address: One Nissan Way City: Franklin State, or Country if outside the US: Tennessee Zip Code: 37067

DNV says up to 1,000 ships affected by ransomware attack (Computing) The cyberattack on ShipManager platform forced the company to shut down the software's IT servers

Ransomware attack on maritime software impacts 1,000 ships (The Record from Recorded Future News) About 1,000 vessels were affected by a ransomware attack affecting a major software supplier for ships and offshore structures.

Vice Society ransomware gang claims attack on one of Germany’s largest universities (The Record from Recorded Future News) The Vice Society ransomware group said it was responsible for a November attack against one of Germany’s largest universities.

CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

Security Patches, Mitigations, and Software Updates

Git patches two critical remote code execution security flaws (BleepingComputer) Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses.

GE Digital Proficy Historian (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Digital Equipment: Proficy Historian Vulnerabilities: Authentication Bypass using an Alternate Path or Channel, Unrestricted Upload of File with Dangerous Type, Improper Access Control, Weak Encoding for Password 2.

Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F and iQ-R Series products Vulnerability: Predictable Seed in Pseudo-Random Number Generator (PRNG) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access the WEB server function by guessing the random numbers used for authentication.

Siemens SINEC INS (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.

Contec CONPROSYS HMI System (CHS) Update A (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Contec Equipment: CONPROSYS HMI System (CHS) --------- Begin Update A part 1 of 5 ---------

Trends

Geopolitical Instability Raises Threat of ‘Catastrophic Cyberattack in Next Two Years’ (World Economic Forum) Cybersecurity is increasingly influencing how and where businesses invest with half re-evaluating the countries they do business in

Identifying the major business risks for 2023 (Allianz Risk Barometer) The most important corporate concerns for the year ahead, ranked by 2,712 risk management experts from a record 94 countries and territories.

Annual Payment Fraud Intelligence Report: 2022 (Recorded Future) Recorded Future's Insikt Group® details the top trends and metrics of the payment card fraud landscape in 2022 and provides insights into what to expect in 2023.

Malware Monthly - December 2022 (Sonatype) Sonatype's Malware Monthly brings you the latest information on malicious and suspicious packages discovered in software registries.

Risk managers worldwide say cyber is the biggest business risk today (PropertyCasualty360) Around one-third of risk management experts say cyber is the biggest risk. Business interruption followed closely behind.

77 per cent of business managers believe their organizations are likely to experience a data breach in the next three years according to survey (Adastra) Getting the most out of your business. State-of-the-art technologies that drive your business success. Use our know-how to your benefit.

Marketplace

Castellum, Inc. Announces Signing of Non-Binding LOI for East Coast Government Contractor (GlobeNewswire News Room) Castellum, Inc. (NYSE-American: CTM), a cybersecurity, electronic warfare, data analytics, software, and...

Microsoft Prepares to Lay Off Thousands of Employees, Including in Azure-Related Units (The Information) Microsoft is preparing to lay off as many as thousands of staff in multiple divisions starting as soon as Wednesday, according to a person with knowledge of the situation. The percentage of staff that would be impacted couldn’t be learned. Sky News earlier reported that 5% of the enterprise ...

Microsoft to cut 11,000 jobs across departments, report (Computing) The lay-offs come at a time when Microsoft’s revenue is expected to decline

Rubrik Surpasses $500 Million in Subscription ARR; Appoints Former Palo Alto Networks Chairman & CEO Mark McLaughlin to Board of Directors (Rubrik) Rubrik has surpassed $500 million in software subscription annual recurring revenue (ARR). Additionally, the company achieved a net dollar retention rate of greater than 140 percent, a testament to Rubrik’s ability to retain customers and expand within its customer base.

RegScale Closes First Year with Tremendous Growth as Organizations Realize the Promise of the Regulatory Operations Movement (PR Newswire) RegScale, a real-time Governance Risk and Compliance (GRC) software company, today announced it had exceeded key corporate expectations in its...

ThreatLocker Launches EMEA Headquarters in Dublin (PCR) US company ThreatLocker® Inc., has announced the opening of a new Dublin headquarters and the creati

Cloudflare Announces Phil Winslow as VP of Strategic Finance, Treasury, and Investor Relations (Cloudflare) Cloudflare, Inc. (NYSE: NET), the security, performance, and reliability company helping to build a better Internet, today announced the appointment of Phil Winslow as Vice President of Strategic Finance, Treasury, and Investor Relations. Winslow previously covered Cloudflare as a financial analyst at Credit Suisse, where he was the global head of the software team, and at Wells Fargo.

Dashlane Names Donald Hasson As Chief Product Officer (Dashlane Blog) Dashlane welcomes Donald Hasson as Chief Product Officer. Hasson brings nearly 20 years of experience in product management and more.

Oort Stacks Go-to-Market Leadership Team Following Series A Investment (Business Wire) Oort, a leader in identity threat detection and response (ITDR), is expanding its go-to-market team to meet rising demand for identity security. Follo

Dr. Lisa Porter Joins Fortress Information Security Board of Directors (Fortress Information Security) Fortress, the supply chain cyber security leader for critical infrastructure, today appointed Dr. Lisa Porter to the company's board of directors.

PlexTrac Adds Cybersecurity Powerhouse to Board of Directors (GlobeNewswire News Room) Stuart (Stu) Solomon Brings a Wealth of Knowledge and Experience to Aid in PlexTrac's Rapid Growth...

Veteran Cybersecurity Experts Daniel Bernard and Raj Rajamani Join CrowdStrike (CrowdStrike) CrowdStrike today announced that two key executives have joined its leadership team to continue driving momentum across the company’s channel and small business segments, and to scale what is widely recognized by the market as the industry’s most innovative modern security platform.

CrowdStrike Poaches Two Execs From Rival SentinelOne (CRN) CrowdStrike announced that it has hired two executives, CMO Daniel Bernard and CPO Raj Rajamani, from rival EDR vendor SentinelOne.

Products, Services, and Solutions

Configit Introduces Cloud-Based Configuration Lifecycle Management Platform (PR Newswire) Configit today announced that Configit Ace®, the market's leading Configuration Lifecycle Management (CLM) platform, is now available as a...

DigiCert introduces DigiCert® Trust Lifecycle Manager, sets new bar for unified management of digital trust (Digicert) DigiCert, Inc., a leading global provider of digital trust, today announced the release of DigiCert® Trust Lifecycle Manager, a comprehensive digital trust solution unifying CA-agnostic certificate management.

NS1 Introduces New Solution for Deep DNS Observability (NS1) DNS Insights by NS1 Enables Rapid Network Troubleshooting and Optimization at Scale

Quest Software Announces General Availability of SharePlex 11, Enabling Database Replication Across PostgreSQL and Snowflake Environments -- UPDATE (GlobeNewswire News Room) Database replication software enables resilient database architectures, interoperability between data platforms and database migrations in complex IT...

JDE Selects Orange Business Services for Future-Proof and Scalable Connectivity Infrastructure to Support Global Business Expansion (Business Wire) Jacobs Douwe Egberts (JDE), a global coffee company, has deployed Orange Business Services secure end-to-end connectivity solutions for more than 120

1522+ NAS (ioSafe) Our flagship fireproof and waterproof five-bay 1522+ NAS device is perfect for organizations that need high-speed access to their data. The 1522+ can hold up to 70TB (expandable to 210TB) of networked storage and data protection.

Celebrus CX Vault Now Available Across Platforms, Including Mobile App (PRWeb) Today, Celebrus released an upgrade to the world’s first no-party data technology. Celebrus CX Vault is now available across pla

Keeper Connection Manager Adds New, Next-Gen Features for Zero-Trust Network Access (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections,...

Radware Expands Relationship with One of Africa’s Leading Banking Groups and Top 10 Most Valuable Banking Brands (GlobeNewswire News Room) Delivers comprehensive cloud application security services and solutions...

Aqua Security Named Best Cloud Native Security Solution (GlobeNewswire News Room) Techstrong Recognizes the Aqua Platform for Its CNAPP Innovation and Market Leadership...

Forcepoint Focused on Data Security as ‘Core’ to SASE (SDxCentral) One of the vendor’s top goals this year is to help businesses understand the benefits of a “data-first approach to SASE."

Technologies, Techniques, and Standards

Forum-hosted Cybercrime Initiative to Boost Coordination between Private Sector and Law Enforcement (World Economic Forum) The Cybercrime Atlas Initiative brings together global businesses, law enforcement agencies and cybercrime investigators to fight cyberthreats

CISA Updates Best Practices for Mapping to MITRE ATT&CK® (CISA) Today, CISA updated Best Practices for MITRE ATT&CK® Mapping.

Best Practices for MITRE ATT&CK® Mapping (CISA) For CISA, understanding adversary behavior is often the first step in protecting networks and data. The success network defenders have in detecting and mitigating cyberattacks depends on this understanding. The MITRE ATT&CK® framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Network defenders use the ATT&CK knowledge base as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Addressing the Trust Deficit in Critical Infrastructure (Security Scorecard) Despite a decade or more of increased focus on cybersecurity in boardrooms, legislatures, and the media, cyber resilience is getting worse, not better. Increasing cyberattacks and highly publicized breaches have undermined the public’s trust in the resilience of our societies, prompting business leaders and lawmakers worldwide to seek solutions for a mounting trust deficit.

Identity Defined Security Alliance Opens Identity Management Awards Submissions and Identity Management Day Champion Program (GlobeNewswire News Room) Established to educate and engage business leaders and IT decision makers about the importance of managing and securing digital identities, Identity...

Academia

Alstom sign a MOU for better cyber-security (Global Railway Review) Alstom have signed a MOU with the Rochester Institute of Technology’s ESL Global Cybersecurity Institute to strengthen rail cyber-security.

RIT and Alstom Signaling collaborate to advance transportation cybersecurity (RIT) RIT and Alstom are coming together to help advance cybersecurity education, development, and research in the transportation industry. Through a new collaboration, the French mobility technology company will provide RIT students with educational, research, and career opportunities. Alstom has also been named theme-sponsor for RIT’s next Global Collegiate Penetration Testing Competition (CPTC) in 2023-2024.

Legislation, Policy, and Regulation

China proposes UN treaty criminalizes ‘dissemination of false information’ (The Record from Recorded Future News) China has proposed that a new international convention on cybercrime should criminalize the “dissemination of false information."

Rishi Sunak forced to back down over Online Safety Bill after Tory rebellion (The Telegraph) Social media bosses who fail to protect children from harmful content will face jail now the Government has conceded to rebel MPs

Wikipedia criticises 'harsh' new Online Safety Bill plans (BBC News) The legislation shouldn't treat community-run sites like big tech firms its foundation says.

When It Comes to Cybersecurity, the Biden Administration Is About to Get Much More Aggressive (Slate Magazine) A new policy allows U.S. agencies to preemptively hack into the networks of criminals and foreign governments.

Washington prepares to weigh whether a FISA surveillance program should continue (Axios) Lawmakers face a December 2023 deadline to reauthorize a warrantless surveillance program.

Marine Corps Activates Marine Corps Information Command (United States Marine Corps Flagship) The United States Marine Corps continues operationalizing the Marine Corps’ seventh warfighting function, information, by activating a service retained, two-star command poised to synchronize,

State legislators aren't waiting for Congress to regulate children's online privacy (CyberScoop) More states are following California's lead in regulating children's privacy. But experts say the laws raise many tough questions.

Litigation, Investigation, and Law Enforcement

As school districts sue social media companies, experts are divided on what comes next (Chalkbeat) “If the plaintiffs tell their story to the judge and are successful, the consequences could be a radical reshaping of the internet,” one expert said.

FTX says $415 million of crypto was hacked (NBC News) FTX’s new CEO, John Ray, said in a statement that it has taken a “Herculean investigative effort from our team to uncover this preliminary information.”

What the Jan. 6 probe found out about social media, but didn’t report (Washington Post) The House committee investigating the riot avoided detailed discussion in its report for fear of offending Republicans and tech companies, sources say

Fake ‘general’ scammed seniors in online romance scheme (Army Times) Prosecutors say women from across the country were cheated out of about $1.6 million by someone often pretending to be an Army general.

Texas Man Admits Role in Scamming Seniors in Rhode Island and Elsewhere in Online Romance Scams (US Attorney for the District of Rhode Island) Fola Alabi, aka Folayemi Alabi, 52, of Richmond, Texas, pleaded guilty in federal court in Providence to charges of conspiracy and money laundering, admitting to a federal judge that he created companies and opened bank accounts that were used to launder more than $1.6 million in proceeds bilked from seniors in at least eleven states, including Rhode Island, in online romance scams, announced United States Attorney Zachary A. Cunha.

The Hidden History of the World’s Top Offshore Cryptocurrency Tax Haven (Foreign Policy) The Bahamas represents how global capitalism can go very right, and very wrong, at exactly the same time.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

SecureWorld Charlotte (Charlotte, North Carolina, USA, Mar 2, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

SecureWorld Boston (Boston, Massachussetts, USA, Mar 22 - 23, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 12-18 CPE credits through 30+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

SecureWorld Healthcare Virtual Conference (Virtual, Apr 12, 2023) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 5 CPE credits learning from nationally recognized industry leaders. The agenda offers 15+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.

SecureWorld Philadelphia (King of Prussia, Pennsylvania, USA, Apr 19 - 20, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 12-18 CPE credits through 30+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

SecureWorld Kansas City (Kansas City, Kansas, USA, May 3, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

SecureWorld Financial Services Virtual Conference (Virtual, May 17, 2023) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 5 CPE credits learning from nationally recognized industry leaders. The agenda offers 15+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.

SecureWorld Houston (Houston, Texas, USA, May 18, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

SecureWorld Atlanta (Atlanta, Georgia, USA, May 24, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

SecureWorld Chicago (Rosemont, Illinois, USA, Jun 8, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

SecureWorld Eastern Virtual Conference (Virtual, Jun 14, 2023) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 5 CPE credits learning from nationally recognized industry leaders. The agenda offers 15+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.

SecureWorld Government Virtual Conference (Virtual, Jun 21, 2023) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 5 CPE credits learning from nationally recognized industry leaders. The agenda offers 15+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.

Global Cybersecurity Competition and Conference (IC3) (San Diego, California, USA, Jul 31 - Aug 4, 2023) The United States will host the 2023 International Cybersecurity Championship and Conference (IC3). This global event will be held July 31-August 4, 2023 in San Diego, California, and will be organized by PlayCyber®. Combining the International Cybersecurity Challenge (ICC) with an industry conference and hands-on expo, this inaugural event will bring together business, education, and government, and showcase top cybersecurity talent worldwide.

SecureWorld Manufacturing Virtual Conference (Virtual, Aug 23, 2023) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 5 CPE credits learning from nationally recognized industry leaders. The agenda offers 15+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.

Events

Insider Threat Program Development - Management Training Course (Laurel, Maryland, USA, Jan 30 - 31, 2023) The training course will be taught at the Johns Hopkins University Applied Physics Laboratory, in Laurel, Maryland. This highly sought after and very comprehensive 2 day training course will ensure the Insider Threat Program (ITP) Manager/ Senior Official (Insider Threat Analyst, FSO, CSO, CISO, Etc.), and others who support the ITP (Human Resources, IT, Network Security, Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group. Our student satisfaction levels are in the exceptional range. Over 900+ individuals have attended this training course and received ITP Manager Certificates.

CybertechGlobal Tel Aviv (Tel Aviv, Israel, Jan 30 - Feb 1, 2023) Cyber is all around us—it is one of the most trending topics in the tech and business arenas. It is a whole-encompassing industry that is not only about threats, but also covers the scope of digitalization and opportunities in the realm of innovation. From Tel Aviv and Rome, to Tokyo, Singapore, Panama, and more, Cybertech is the cyber industry’s foremost B2B networking platform conducting industry-related events all around the globe. Our conferences and exhibitions serve as the go-to place to make business happen and learn all about the latest technological innovations, challenges, and solutions to combating threats within the global cyber arena. Cybertech events feature top executives, government officials, leading decision-makers from a wide range of sectors including critical infrastructure, insurance, retail, health and government, defense, R&D, manufacturing, automotive, and more! Multinational corporations, startups, private and corporate investors, venture capital firms, experts, and clients—come and meet all the key players from the cyber industry and be immersed in everything there is to offer. Cyber. We live it. Breathe it. All at the forefront of global innovation.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Feb 6 - 10, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.

Chicago Cybersecurity Conference (Chicago, and virtual, Illinois, USA, Feb 8, 2023) FutureCon Events brings high-level Cyber Security Training discovering cutting-edge security approaches, managing risk in the ever-changing threat of the cybersecurity workforce. Join us as we talk with a panel of C-level executives who have effectively mitigated the risk of Cyber Attacks. Educating C-suite executives and CISOs (chief information security officers) on the global cybercrime epidemic, and how to build Cyber Resilient organizations. Gain the latest knowledge you need to enable applications while keeping your computing environment secure from advanced Cyber Threats. Demo the newest technology, and interact with the world’s security leaders and gain other pressing topics of interest to the information security community. The FutureCon community will keep you updated on the future of the Cyberworld and allow you to interact with your peers and the world’s security leaders.

Tech Days (Barcleona (and virtual), Spain, Feb 13 - 15, 2023) The PKI and cryptography landscape is in a state of constant evolution. Emergence of post-quantum cryptography, new PKI and IoT use cases, and rapid growth of machine identities are all serious challenges. At Tech Days 2023, we say “Game On.”

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.