Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+475: Ukraine's slow advance. (CyberWire) Ukraine grinds out a slow advance, Russia hits apartment blocks, and the hybrid war continues in cyberspace.
Russia-Ukraine war: List of key events, day 476 (Al Jazeera) As the war enters it 476th day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 476 of the invasion (the Guardian) At least three killed in Russian strike on port city of Odesa; visit of UN nuclear chief to Zaporizhzhia plant reportedly delayed
Russia refuses to give security guarantees to UN rescue teams aiding Ukrainian flood victims (Washington Examiner) Russia is blocking international aid workers from reaching Ukrainian civilians threatened by the destruction of Kakhovka Dam, according to United Nations officials.
Russia steps up aerial strikes on Ukraine, killing at least 6 amid Kyiv counteroffensive (AP NEWS) Ukrainian officials say Russian forces fired cruise missiles at the southern city of Odesa overnight and shelling has destroyed homes in the eastern Donetsk region. At least six people were reported killed and more than a dozen injured in the overnight strikes.
Russian missile attack on Zelenskyy’s hometown kills at least 10; dozens wounded (AP NEWS) Russian missiles hit civilian buildings in a central Ukrainian city overnight, killing at least 10 people, regional officials said Tuesday as rescuers searched for at least one person still believed to be trapped under the rubble. Kryvyi Rih mayor Oleksandr Vilkul said that the death toll had risen to at least 10. He said that one person is still believed to be trapped under the rubble and 28 were wounded. The strike involving cruise missiles hit a five-story residential building, which was engulfed in fire, Gov. Serhiy Lysak of the Dnipropetrovsk region wrote on Telegram.
‘Not a Hollywood movie.’ Russia mounts strong fightback to Ukraine counteroffensive (POLITICO) In occupied Ukraine, gains are measured in meters.
Ukraine’s failed Mala Tokmachka assault lays bare counteroffensive challenges (the Guardian) Russia has had 12 months to prepare defensive positions supported by Moscow’s superior air power
Ukrainian Regions Targeted Again By Deadly Russian Missile Strikes (RadioFreeEurope/RadioLiberty) Russian missile strikes killed at least six people overnight in the southern port city of Odesa and in the eastern region of Donetsk, the Ukrainian military and regional officials said early on June 14.
Putin lets slip that Russia has lost 54 tanks in a week (The Telegraph) President claims Ukraine suffered ‘catastrophic’ losses during counter-offensive and teases idea of a second assault on Kyiv
Leader of Belarus says he wouldn't hesitate to use Russian nuclear weapons to repel aggression (AP NEWS) Belarus' authoritarian leader says his country has already received some of Russia's tactical nuclear weapons, emphasizing that he wouldn't hesitate to order their use in the event of an aggression against his country. Earlier this year, Russian President Vladimir Putin announced the planned deployment of the short-range nuclear weapons to Moscow’s neighbor and ally Belarus, in a move widely seen as a warning to the West. Putin has stressed that Russia will retain control of the weapons, but Tuesday's statement by Belarusian President Alexander Lukashenko contradicted him. Speaking on Russian state TV, Lukashenko claimed some of those weapons had already arrived in Belarus even though Putin said they would be deployed next month.
UN nuclear chief says large Ukraine atomic power plant held by Russia faces 'dangerous situation' (AP NEWS) The largest nuclear power plant in Europe faces “a relatively dangerous situation” after a dam burst in Ukraine and as Kyiv launches a counteroffensive to retake ground occupied by Russia. That's according to comments by the head of the United Nations nuclear watchdog on Tuesday. Rafael Mariano Grossi spoke to journalists in Kyiv just before leaving on a trip to the Zaporizhzhia nuclear power plant. That plant has been repeatedly in the crossfire since Russia launched its war on Ukraine in February 2022 and seized the facility shortly after.
Dumb and cheap: When facing electronic warfare in Ukraine, small drones' quantity is quality - Breaking Defense (Breaking Defense) With Ukraine losing up to 10,000 drones a month, mostly to Russian electronic warfare, it’s tempting to invest in anti-EW protection – but, experts agreed, it’s probably more cost-effective to accept high losses and just buy more bare-bones drones.
Mick Ryan assesses Ukraine’s counter-offensive (The Economist) The retired Australian major-general on the likeliest outcome of the fighting
Sir Richard Barrons on the broader security considerations around Ukraine’s counter-offensive (The Economist) It is one act in a global drama pitting democracies against autocracies, says the former British general
Putin’s fallen generals reveal Russia’s fatal flaws (The Telegraph) Despite waging war for over a year, Moscow is unable to fix its command structure, with disastrous results
Beyond the counteroffensive: 84% of Ukrainians are ready for a long war (Atlantic Council) 84% of Ukrainians reject any compromise with Russia and are ready for a long war if necessary in order to fully de-occupy their country. Most simply see no middle ground between genocide and national survival, writes Peter Dickinson.
Ukraine's counteroffensive will likely create new reintegration challenges (Atlantic Council) If Ukraine's summer counteroffensive is successful, Kyiv will be faced with the significant challenge of reintegrating communities that have lived under Russian occupation for extended periods, writes Lesia Dubenko.
Russia’s failing Ukraine invasion is exposing Putin’s many weaknesses (Atlantic Council) Vladimir Putin’s disastrous invasion of Ukraine is exposing all of his personal weaknesses as a ruler and casting an unforgiving light on the extensive damage he has done to Russia, writes Anders Åslund.
NATO chief: Ukraine can expect security guarantees, not membership invitation, at summit (USA TODAY) Ukraine can expect new security guarantees but not a formal invitation for NATO membership at an upcoming, secretary general Jens Stoltenberg said.
Official Says NATO Discussions to Focus on Ukraine Support (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III is traveling to Europe to attend the Ukraine Defense Contact Group and the NATO defense ministerial meetings.
US sending more Stryker, Bradley vehicles to Ukraine as counteroffensive underway (Breaking Defense) Twenty-five more combat vehicles and an unspecified amount of munitions have been earmarked for Ukraine.
Biden Administration Announces Additional Security Assistance for Ukraine (U.S. Department of Defense) The Department of Defense announced additional security assistance to meet Ukraine's critical security and defense needs.
DOD Announces New Round of Aid for Ukraine (U.S. Department of Defense) The Defense Department announced an additional security assistance package aimed at providing key capabilities to aid Ukraine's effort to regain territory and defend against Russia's unprovoked war of
Pro-Russian hackers step up attacks against Swiss targets, authorities say (Reuters) A pro-Russian hacking group had intensified its cyberattacks against Switzerland, authorities said on Tuesday, with hackers claiming to have taken down several major websites including the one for Geneva Airport.
Swiss websites hit by DDoS attack ahead of Zelenskiy video address (Reuters) Swiss authorities said that several government websites were targeted in a distributed denial-of-service (DDoS) attack on Monday that was claimed by pro-Russian hackers.
Swiss government and Federal Railways hit by cyberattacks (SWI swissinfo.ch) Swiss federal government websites and the online portal of the Swiss Federal Railways have been victims of malicious online attacks.
France Accuses Russia of Online Disinformation Campaign (Bloomberg) French authorities say several European countries targeted. Campaign was detected in advance, protective measures taken.
France Says Uncovers Major Disinformation Campaign By Russia (AFP via Barron's) France on Tuesday said it had uncovered a major disinformation campaign waged by Russia, involving the posting of false news items hostile to Ukraine made to look like they had been published by prominent French news organisations.
COSMICENERGY Malware May be Artifact of Russian Emergency Response Exercises (Security Boulevard) Malware intended to disrupt electric power by remote terminal units (RTUs) and other IEC 104 devices and may be related to Russian emergency response
Ukraine called off Nord Stream sabotage after CIA tip-off (The Telegraph) US spy network warned Kyiv off attack as Nato exercise was taking place in Baltic Sea
Bean counters: how Russia’s wealthy profited from exit of western brands (the Guardian) Buyers of Starbucks operations say they paid £4.7m for assets, despite 2021 revenues ten times that figure
Attacks, Threats, and Vulnerabilities
RDP honeypot targeted 3.5 million times in brute-force attacks (BleepingComputer) Remote desktop connections are so powerful a magnet for hackers that an exposed connection can average more than 37,000 times every day from various IP addresses.
Unveiling the Balada injector: a malware epidemic in WordPress (Cybernews) Learn the shocking truth behind the Balada Injector campaign and find out how to protect your organization from this relentless viral invasion.
Mandiant more confident Chinese hackers were behind VMWare hypervisor malware campaign (SC Media) A previous assessment gave only a low confidence assessment that the activity had a "nexus" to China, but a Mandiant researcher told SC Media they have since discovered a number of additional links.
Mandiant: New VMware ESXi zero-day used by Chinese APT | TechTarget (Security) Mandiant discovered a new flaw in software management app VMware Tools that enables an attacker to bypass authentication on a compromised ESXi instance.
Chinese hackers used VMware ESXi zero-day to backdoor VMs (BleepingComputer) VMware patched today a VMware ESXi zero-day vulnerability exploited by a Chinese-sponsored hacking group to backdoor Windows and Linux virtual machines and steal data.
Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day (SecurityWeek) Mandiant has observed a Chinese cyberespionage group exploiting a VMware ESXi zero-day vulnerability for privilege escalation.
U.S. and International Partners Release Comprehensive Cyber Advisory on LockBit Ransomware (Cybersecurity and Infrastructure Security Agency) Joint Advisory Helps Organizations Around the World Better Understand and Protect Against this Global Ransomware Threat
Understanding Ransomware Threat Actors: LockBit (Joint Cybersecurity Advisory) In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023.
Top cybersecurity official warns of sabotage from Chinese hackers (The Hill) A top U.S. cyber official warned Monday that Chinese hackers are likely to disrupt U.S. critical infrastructure, including pipelines and railways, if a conflict were to occur between the two nation…
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant - Stairwell (Stairwell) This report by Stairwell on ChamelDoH is the first in a series detailing the capabilities and detection of various tools used by ChamelGang.
Generative AI Enables Bad Actors to Create More Sophisticated Attacks (Abnormal) New real-life attacks stopped by Abnormal show how attackers are using ChatGPT and similar tools to create more realistic and convincing email attacks.
State-owned bank in South Africa confirms ‘Akira’ ransomware attack (Record) The Development Bank of Southern Africa said Monday that it was hit with a ransomware attack, adding that servers, logfiles and documents were encrypted by the Akira gang last month.
Covid database: India's health ministry denies major breach (BBC News) An investigation has been ordered into an alleged leak of confidential information.
HWL Ebsworth data breach: Hackers claim huge data leak (Law Society Journal) The cybercriminals responsible for the recent HWL Ebsworth data breach claim to have leaked information including Tasmanian Government data
India's Largest Tech Retailer Suffered a Massive Data Breach, Affecting Employees and Customers (Website Planet) Recently, security researcher Jeremiah Fowler discovered and reported to WebsitePlanet a non-password protected database containing over 8 million
Studies show ransomware has already caused patient deaths (Security | TechTarget) Several studies have shown that cyber attacks such as ransomware have already led to patient deaths at hospitals.
1 in 3 Recent Job Seekers Have Been Tricked Into Applying for a Fake Job Scam (Password Manager) Fake job scams, in which scammers “hire” job seekers in order to gain access to their personal information, are on the rise. Reported numbers for fake job scams nearly tripled between 2020 and 2021 as job seekers became more desperate during the pandemic and most communication moved online.
AWS outage takes down sites and apps (Computing) Customers started experiencing errors and latencies with multiple AWS services Tuesday evening
Security Patches, Mitigations, and Software Updates
Two XSS Vulnerabilities in Azure with Embedded postMessage IFrames (Orca Security) In this blog post, we will describe two vulnerabilities Orca found in Azure Bastion and Azure Container Registry—that allow Cross-Site Scripting (XSS) attacks.
Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks (SecurityWeek) Patch Tuesday: Microsoft ships updates to over at least 70 documented vulnerabilities affecting the Windows ecosystem.
Patch Tuesday fixes 4 critical RCE bugs, and a bunch of Office holes (Naked Security) No zero-days this month, if you ignore the Edge RCE hole patched last week
Patch Tuesday: Critical Flaws in Adobe Commerce Software (SecurityWeek) Adobe ships urgent fixes for at least a dozen flaws that expose Adobe Commerce users to code execution attacks.
CISA Releases Four Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released four Industrial Control Systems (ICS) advisories on June 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Trends
Download the 2023 State of Cyber Defense Report (Kroll) Global survey of 1000 senior information security leaders highlights lack of trust as biggest cybersecurity challenge. Explore results and download report free.
HP Wolf Security Threat Insights Report Q1 2023 (HP Wolf Security) Don’t let cyber threats get the best of you. Read the HP Wolf Security Threat Insights Report for Q4 2022 to learn more about cyber threats and cyber security.
Proofpoint’s 2023 Human Factor Report: Threat Actors Scale and Commoditize Uncommon Tools and Techniques (Proofpoint) New research provides an in-depth analysis of the modern attack chain and today’s biggest threats
Study Finds 64% of Enterprises Are Tired of Playing Defense and Are Going on the Attack (Yahoo Finance) Report from Bishop Fox finds a surge in Red Team deployment, with 56% increasing investment over the next 12-24 months
Lookout Study Reveals Rising Complexity Is Putting Data at Risk: Why the Financial Services Industry Needs to Rethink Security (Business Wire) Financial services organizations face a critical data security gap, with only 13% maintaining complete visibility into data access and usage.
More than a third of UK organisations believe inadequate software supply chain security is the biggest security risk to their business, reveals new Aqua Security study (Aqua) Aqua Security announced the results of a new study which reveals that the software supply chain has become a top security concern.
Marketplace
Kodem comes out of stealth with $25M to tackle application security (TechCrunch) The funding includes both a Series A of $18 million led by Greylock with a seed of $7 million co-led by TPY Capital and Greylock.
odix and AKITA Announce Merger Creating a Holistic Approach for Zero-Trust Security (Newswire) The companies recognize a powerful synergy and unite to deliver comprehensive security solutions for businesses of all sizes.
Cyber insurance: What is it and does my company need it? (WeLiveSecurity) Cyber insurance is not a 'get out of jail free card' for companies, but it can help insulate them from the financial impact of serious cyber-incidents.
SureCloud welcomes Tom Obermaier as Chief Executive Officer (SureCloud) SureCloud is confident that under Mr. Tom Obermaier, the company will continue to thrive, innovate, and provide unmatched solutions to our customers.
Cloudera CEO to Depart (The Information) Rob Bearden, the CEO of Cloudera, told employees in a virtual town hall meeting on Tuesday that he is stepping down, according to someone with direct knowledge. Bearden said in the meeting that it was his decision to leave the company, and that he had not been fired or forced to leave, the ...
Skybox Security Appoints Cybersecurity Veteran Jay Zimmet as Chief Revenue Officer (Business Wire) Industry Veteran to Drive Skybox Growth and Adoption of Its Continuous Exposure Management Solutions
Zero Trust Network Access Provider Cyolo Strengthens Senior Leadership Team with Industry Veteran Jason Schaaf (Cyolo) Jason Schaaf joins Zero Trust Network Access (ZTNA) provider Cyolo as Chief Revenue Officer (CRO), bringing with him 20+ years’ experience in technology sales.
Rubrik Appoints Enterprise SaaS Veteran Andres Botero as Chief Marketing Officer (Rubrik) Rubrik today announced the appointment of Andres Botero as the company’s Chief Marketing Officer (CMO), where he will drive Rubrik’s go-to-market strategies and growth initiatives.
Veeam Welcomes Kacy Hassack as Chief People and Culture Officer (Veeam Software) Veeam Welcomes Kacy Hassack as Chief People and Culture Officer
Next Announces John Stringer as Head of Product and Promotes Chris Denbigh-White to Chief Security Officer (Business Wire) Data Protection Leader Expands Leadership Team to Drive Business and Innovation
Trustle Appoints Marc Boroditsky to Board of Directors (Business Wire) Boroditsky joins existing board members Rick Grinnell and Emiliano Berenbaum, bringing over 30 years of experience scaling high-performance revenue organizations at global software companies
Marene Allison, Former Johnson & Johnson Vice President and CISO Joins Nozomi Networks Board of Advisors (GlobeNewswire News Room) Nozomi Networks Inc., the leader in OT and critical infrastructure security, today announced Marene...
Flashpoint National Security Solutions Announces New Advisory Board (Business Wire) Advisory board will support the continued expansion of Flashpoint’s public sector presence and drive mission success for national security customers
Products, Services, and Solutions
Mend.io Launches AppSec Risk Assessment Program to Aid Understanding and Prioritization of Application Risk (Mend) Mend.io, a leader in application security, announced the launch of a new AppSec Risk Assessment program to help organizations understand and prioritize their application risk.
Expanding our Security AI ecosystem at Security Summit 2023 (Google Cloud Blog) Organizations large and small are realizing that digital transformation requires a ground-up approach to modernize security.
Eviden launches “AIsaac Cyber Mesh”, strengthened by AWS, for reinforced cyber resilience (Atos) Eviden, an Atos business, a leader in digital, cloud, big data and security, today announces AIsaac Cyber Mesh, a next generation of cybersecurity detection and response, reinforced by Amazon Web Services (AWS) Security Data Lake and powered by generative AI technologies. AIsaac Cyber Mesh offers an advanced end-to-end detection, response, and recovery solution, built on a cybersecurity mesh-enabled architecture[1] using generative AI and predictive analytics
Threat Intelligence Solutions (Cybersixgill) Cybersixgill's cyber threat intelligence provides businesses with continuous monitoring, prioritized real-time alerts and deep and dark web threat intelligence.
Cyware Announced as Launch Partner for Wiz Integration (WIN) Platform (Business Wire) Technology Partnership Enables Mutual Customers to Reduce Cloud Risk and Automate Response to Prevent Cloud Security Risks from Being Exploited
Vulcan Cyber is a Launch Partner for Wiz Integrations (WIN) Platform (PR Newswire) Vulcan Cyber, developers of the cyber risk management platform for all attack surfaces, today announced the launch of the Vulcan Connector for...
Armis Chosen as Launch Partner for Wiz Integration (WIN) Platform (Armis) Technology Integration will Enable Mutual Customers to Reduce Cloud Risk and Increase Asset Visibility & Security
Contrast Security Joins the Wiz Integrations (WIN) Platform as a Launch Partner (Contrast Security) Technology partnership enables mutual customers to reduce cloud risk with enhanced visibility into application security.
RegScale Selected as Launch Partner for Wiz Integration (WIN) Platform - RegScale (RegScale) RegScale real-time GRC announces a partnership with leading cloud security provider Wiz as the company unveils Wiz Integration (WIN).
SentinelOne® Supercharges Cloud Security with Enhanced Wiz Integration (Business Wire) Company introduces real-time threat hunting with Singularity™ Skylight, enabling companies to leverage its market-leading security data lake and cloud workload protection platform to better manage risks
How CyberArk Built a Tenant Management Service for its SaaS Offering (Amazon Web Services) A tenant management service manages the tenant’s provisioning and lifecycle, and tenant management is usually one of the first services SaaS providers build for their SaaS control plane, as the tenant onboarding experience must be simple and fast. Learn how CyberArk built a serverless, simple, and scalable tenant management service. Its primary responsibility is adding new tenants and provisioning multiple CyberArk products to the tenants according to the customer’s subscription.
Lacework Expands its Relationship with AWS to Deliver Enhanced Cloud Detection and Response for the Enterprise (PR Newswire) Lacework, a data-driven cloud security company, today announced it is expanding its relationship with Amazon Web Services (AWS) to provide...
Tanium Named Winner in 2023 Cloud Security Awards | Tanium (Tanium) Tanium has been named a winner for “Best Security Solution in Risk Identification” in the 2023 The Cloud Security Awards.
Amazon Inspector announces the general availability of Code Scans for AWS Lambda function (Amazon Web Services, Inc.) Amazon Inspector now supports code scanning of Lambda functions, expanding the existing capability to scan Lambda functions and associated layers for software vulnerabilities in application package dependencies.
Amazon Detective extends finding groups to Amazon Inspector (Amazon Web Services, Inc.) Amazon Detective has expanded finding groups to include Amazon Inspector network reachability and software vulnerability findings alongside Amazon GuardDuty findings.
Amazon CodeGuru Security is now available in preview (Amazon Web Services, Inc.) Today, AWS announces the preview release of Amazon CodeGuru Security, a static application security testing (SAST) tool that uses Machine Learning to help you identify code vulnerabilities and provide guidance you can use as part of remediation.
Announcing AWS Config now supports recording exclusions by resource type | Amazon Web Services (Amazon Web Services) AWS Config is a service that tracks configuration changes of AWS resources in your AWS account. AWS Config uses the configuration recorder to detect these changes and then captures them as configuration items. The configuration recorder is created and started in each Region where you set up AWS Config. By default, the configuration recorder records […]
Announcing AWS CloudTrail Lake Dashboards – Visualize and Analyze CloudTrail data | Amazon Web Services (Amazon Web Services) In January 2022, AWS announced general availability of AWS CloudTrail Lake, a managed audit and security lake that allows you to aggregate, immutably store and query activity logs for auditing, security investigation and operational troubleshooting. Since launch, thousands of customers have adopted this feature. We are excited to announce that CloudTrail Lake dashboards are now […]
Amazon EC2 Instance Connect supports SSH and RDP connectivity without public IP address (Amazon Web Services, Inc.) With EC2 Instance Connect Endpoint (EIC Endpoint), customers now have SSH and RDP connectivity to their EC2 instances without using public IP addresses.
AWS Security Hub launches a new capability for automating actions to update findings (Amazon Web Services) If you’ve had discussions with a security organization recently, there’s a high probability that the word automation has come up. As organizations scale and consume the benefits the cloud has to offer, it’s important to factor in and understand how the additional cloud footprint will affect operations. Automation is a key enabler for efficient operations […]
New – Amazon S3 Dual-Layer Server-Side Encryption with Keys Stored in AWS Key Management Service (DSSE-KMS) (Amazon Web Services) Today, we are launching Amazon S3 dual-layer server-side encryption with keys stored in AWS Key Management Service (DSSE-KMS), a new encryption option in Amazon S3 that applies two layers of encryption to objects when they are uploaded to an Amazon Simple Storage Service (Amazon S3) bucket. DSSE-KMS is designed to meet National Security Agency CNSSP […]
New – Move Payment Processing to the Cloud with AWS Payment Cryptography (Amazon Web Services) Cryptography is everywhere in our daily lives. If you’re reading this blog, you’re using HTTPS, an extension of HTTP that uses encryption to secure communications. On AWS, multiple services and capabilities help you manage keys and encryption, such as: AWS Key Management Service (AWS KMS), which you can use to create and protect keys to […]
Simplify How You Manage Authorization in Your Applications with Amazon Verified Permissions – Now Generally Available (Amazon Web Services) When developing a new application or integrating an existing one into a new environment, user authentication and authorization require significant effort to be correctly implemented. In the past, you would have built your own authentication system, but today you can use an external identity provider like Amazon Cognito. Yet, authorization logic is typically implemented in […]
AWS Cyber Insurance Partners (Amazon Web Services, Inc.) Cyber insurance has become the norm, often mandated by quickly emerging regulations and a key factor for addressing business’ risk from the always evolving threat landscape. In developing insurance policy pricing, insurers assess various factors for evaluating an organization’s risk including security posture.
Achieve Faster Growth and Scale with AWS Built-in Partner Solutions (Amazon Web Services) AWS built-in partner solutions integrate automatically with AWS foundational services to simplify and streamline the deployment experience. Available in AWS Marketplace, AWS built-in partner solutions are designed to automate, configure, and scale across multi-account environments following AWS best practices. This helps customers achieve business goals for faster growth and scale, all while increasing security posture by leveraging cloud foundational domains.
Announcing the AWS Global Partner Security Initiative (Amazon Web Services, Inc.) Today, AWS announces the AWS Global Security Initiative which provides Global System Integrators (GSI) partners the opportunity to jointly develop innovative and transformational security and compliance services with AWS, delivering on the promise of actionable security data leveraging the power of Generative AI.
Deloitte announces new managed end-to-end enterprise cloud security and compliance offering with AWS: ConvergeSECURITY (PR Newswire) Deloitte, a leader in global cyber services, today announces it is working with Amazon Web Services (AWS) to deliver ConvergeSECURITY, a cloud...
IBM Security Announces Expanded AWS Integrations to Help Simplify Cloud Security (IBM Newsroom) IBM Security is announcing expanded integrations w/AWS intended to help customers simplify & enhance cloud security by bringing together native AWS Cloud Foundational Services w/IBM Security QRadar Log Insights & IBM Security QRadar SIEM.
MontyCloud Announces AWS Built-in Solution (EIN Presswire) MontyCloud announces an AWS built-in solution that automatically installs, configures, and integrates with native AWS Cloud Foundational Services
Laminar Announces AWS Built-in Solution for Data Security (Business Wire) Laminar is the first start-up security partner to deliver an AWS built-in co-build solution
Rezilion Launches Breakthrough Agentless Runtime Monitoring Solution for Vulnerability Management (Rezilion) Rezilion announces the release of its Agentless Runtime Monitoring solution which monitors exploitable attack surfaces in runtime.
Zscaler Extends the Power of the Zero Trust Exchange™ Platform with Breakthrough Cybersecurity Innovations to Identify, Mitigate, and Manage Large-Scale Attacks (GlobeNewswire News Room) These New Services Transform Secure Branch Connectivity, Provide Continuous Monitoring and Threat Detection for Identity-Based Attacks, Quantify Holistic...
Zscaler Unveils Suite of Cyber Solutions Designed to Harness the Full Potential of Generative AI (GlobeNewswire News Room) Industry’s Largest Cloud Security Data Lake Enables New AI-Powered Security Controls to Detect Millions of New Attacks While Safeguarding Sensitive Data...
WISeKey and FOSSA Systems Successfully Launched New WISeSat-Ready Satellites with SpaceX Falcon 9 on the Transporter-8 Mission (GlobeNewswire News Room) WISeKey and FOSSA Systems Successfully Launched New WISeSat-Ready Satellites with SpaceX Falcon 9 on the Transporter-8 Mission ...
Apptio Launches Multi-cloud FinOps Innovation for Advanced Cloud Spend Planning and Optimization, Savings Automation, and Kubernetes Integration (PR Newswire) Apptio, the leading technology spend and value management company, today launched new FinOps capabilities to its Cloudability product family,...
Medigate by Claroty and Siemens Healthineers Collaborate in End-to-End Cybersecurity (PR Newswire) Claroty, the cyber-physical systems protection company, today announced its strategic relationship with medical technology company Siemens...
Aware Unveils Aware IQ, the AI-Powered Contextual Intelligence Platform (PR Newswire) Today, Aware announced the launch of Aware IQ, an artificial intelligence data platform, purpose-built to understand the unique human context...
Mulligan Funding Deploys Calico Cloud to Achieve SOC 2 Compliance (PR Newswire) Tigera, provider of the industry's only active security platform for containers and Kubernetes, today announced that Mulligan Funding, a...
Deloitte announces new managed end-to-end enterprise cloud security and compliance offering with AWS: ConvergeSECURITY (PR Newswire) Deloitte, a leader in global cyber services, today announces it is working with Amazon Web Services (AWS) to deliver ConvergeSECURITY, a cloud...
NETSCOUT Launches New Visibility Without Borders Platform (Business Wire) Offers Unrivaled Deep Packet Inspection At Scale to Realize the Full Benefits of Digital Transformation on a Single Platform
Dig Security Announced as Launch Partner for Wiz Integrations (WIN) (PR Newswire) Dig, the cloud data security leader today announces its partnership with leading cloud security provider, Wiz, as the company unveils Wiz...
Technologies, Techniques, and Standards
Resilient Communications Put to the Test at Technology Readiness Experimentation 2023 (U.S. Department of Defense) The Defense Department announced that the Office of the Undersecretary of Defense for Research and Engineering and the Indiana National Guard successfully executed the first joint Technology Readiness
Nuclear security agency still in early stages of weapons cybersecurity, watchdog says (FedScoop) U.S. Government Accountability Office finds nuclear security agency and its contractors still in early stages of identifying operational technologies and nuclear weapons IT systems.
LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack (Cybersecurity Dive) Karim Toubba is ready to talk nearly a year after LastPass suffered a cyberattack that became one of the biggest security blunders of 2022.
Design and Innovation
X9 Launches Effort to Create Post-Quantum Cryptography Assessment Guidelines; Participants Sought (Yahoo Finance) ANNAPOLIS, Md., June 13, 2023--X9 is developing Post-Quantum Cryptography (PQC) assessment guidelines, objectives and assessment criteria. Join the effort! More at https://x9.org/
Plagiarism Engine: Google’s Content-Swiping AI Could Break the Internet (Tom's Hardware) The Search Generative Experience seems more like a text-copying experience.
Blink Copilot Brings Generative AI to Security Automation (BleepingComputer) Blink Copilot - a true no-code platform for automating security and IT operations workflows. It is now possible for any security professional to generate automated workflows by just typing a prompt.
Salesforce moves forward with secure, private generative AI | TechTarget (Customer Experience) Salesforce has long used AI in its CRM and CX cloud platforms. Now it is moving into generative AI with a focus on data security and safety.
Microsoft’s Tom Burt on geopolitics and cybersecurity in the age of AI - Microsoft Stories Asia (Microsoft Stories Asia) Microsoft's Tom Burt discusses evolving cybersecurity threats across Asia in the age of AI during his visit to IISS Shangri-La Dialogue 2023.
Research and Development
Concentric AI Granted Foundational Patent for Revolutionizing Data Security with Semantic Intelligence (usiness Wire) Company’s Newly Patented Method Furthers its Market Lead by Enabling its DSPM Solution to Understand Context and Content of Every Data Record for Strengthened Security Posture
Legislation, Policy, and Regulation
Estonian formin: We need more cyber diplomats to ensure security in cyberspace (Baltic Times) TALLINN – In his speech at the Tallinn Summer School of Cyber Diplomacy, which brings together diplomats, researchers and experts fr...
EU votes to proceed with AI Act which could ban much facial recognition usage (Computing) For many use cases facial recognition will be categorised 'unacceptable', along with social scoring and cognitive behavioural manipulation, and outlawed, as per the current draft
How Europe is leading the world in the push to regulate AI (AP NEWS) Authorities worldwide are racing to rein in artificial intelligence, including in the European Union, where groundbreaking legislation is set to pass a key hurdle. European Parliament lawmakers are due to vote Wednesday on the proposal, along with controversial facial recognition amendments. It's part of a yearslong effort by Brussels to draw up guardrails for artificial intelligence.
The EU is leading the way on AI laws. The US is still playing catch-up (the Guardian) Everyone accepts that AI is dangerous. Agreeing on what to do about it is a different story
Citing cybersecurity investigations, officials ask Congress to renew surveillance powers (Washington Post) Cybersecurity takes center stage in Section 702 push
Senators say Biden administration isn’t close on overhauling surveillance law (Record) Officials from the Department of Justice and the FBI heard criticism from both sides of the aisle at a hearing on Section 702 of the Foreign Intelligence Surveillance Act.
Spy Tool Helped FBI Solve Pipeline Hack, Other Major Crimes, U.S. Officials Say (Wall Street Journal) Intelligence gleaned through a surveillance program helped U.S. investigators solve a 2021 cyberattack that prompted the shut down of the largest conduit of fuel on the East Coast.
FBI announces new curbs on controversial surveillance program as Congress considers whether to renew it (CNN) Senior Biden administration officials on Tuesday announced new disciplinary measures to prevent further FBI abuses under a controversial surveillance program that will expire at year’s end unless Congress renews it.
New bill would give CISA greater cyber outreach responsibilities (Nextgov.com) The Cybersecurity Awareness Act would direct the agency to launch a new public-private campaign promoting cyber best practices across small businesses and underserved communities.
SEC wants four months to potentially respond to Coinbase's request for rulemaking (The Block) The Securities and Exchange Commission (SEC) said it anticipates needing four months to potentially respond to Coinbase's request for rulemaking.
Brig. Gen. Reid Novotny: CYBERCOM Working to Make Coast Guard Part of Cyber Mission Force; Priorities Not Likely to Shift Post-Nakasone (GovConWire) The United States now regularly and publicly participates in cyber warfare. However, 20 years ago — even as recently as a decade ago — this was highly classified information, not permitted in the Title 10 or Title 50 spaces. It has only been in recent years that such practices have become more normalized and widely accepted in national and international contexts.
Texas Legislature Passes Data Privacy and Security Act (SHRM) On May 29, H.B. 4, also known as the Texas Data Privacy and Security Act, passed in the Texas legislature. The bill will now land on the desk of Gov. Greg Abbott for signature.
Litigation, Investigation, and Law Enforcement
Trump will face judge in historic court appearance over charges he mishandled classified documents (AP NEWS) Donald Trump is making his first court appearance in a historical criminal case charging the former president with hoarding top secret government documents, boastfully displaying them to visitors and trying to hide them from investigators who demanded them back.
Trump’s Own NSA Director Urged Harsh Penalties For Mishandled Confidential Docs (Yahoo News) Exposed classified intel “may result in the destruction of intelligence-gathering efforts used to protect this nation,” Michael Rogers warned in 2018.
Israel's Law Committee approves judge-led probe into NSO spyware (The Jerusalem Post) The meetings came in response to revelations that evidence obtained using spyware was used in a Haifa double murder case.
Dutch authorities can use hacked encrypted messaging services as evidence: Supreme Court (NL Times) The Dutch authorities can use information from seized encrypted messaging services as evidence, the Supreme Court ruled on Tuesday about messages intercepted from EncroChat and SkyECC. Several courts asked the Supreme Court to rule on the matter due to defense attorneys’ concerns.
Gozi banking malware “IT chief” finally jailed after more than 10 years (Naked Security) Gozi threesome from way back in the late 2000s and early 2010s now all charged, convicted and sentenced. The DOJ got there in the end…
Google forced to postpone Bard chatbot’s EU launch over privacy concerns (POLITICO) The Irish privacy watchdog said the tech giant has given insufficient information about how it will respect the EU’s data privacy rules.
1 in 5 children’s Google Play Apps breach Children’s Online Privacy Protection Act rules (Comparitech) According to data collected by our researchers, 1 in 5 children’s apps available on Google Play don’t adhere to COPPA rules. COPPA, imposed by the Federal Trade Commission (FTC), enforces a number of requirements on operators of websites or online services that are aimed at under 13s. It also applies to operators of other websites […]