Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+489: An influence contest, post-mutiny. (CyberWire) The Russian National Guard looks like the organizational winner to emerge from the Wagner Group's mutiny. Moscow's influence operations will continue to portray Russia as united, stable, patriotic, and beset from abroad. Privateers and front groups operate in cyberspace on Russia's behalf.
Russia-Ukraine war: List of key events, day 490 (Al Jazeera) As the war enters it 490th day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 490 of the invasion (the Guardian) At least ten killed after Russian strike hits restaurant in Kramatorsk; Ukraine reforms domestic weapons production with appointment of Herman Smetanin
Ukraine recaptures territory held by Russia since 2014 (The Telegraph) It marks the first time since Moscow’s invasion last year that Kyiv has retaken land seized in the initial Donbas invasion eight years ago
Ukraine faces mines and manpower challenges in offensive’s early weeks (Washington Post) Military commanders are working to penetrate Russia’s ‘initial security zone’ before sending the bulk of their forces into battle, U.S. assessments show
Russian Missiles Hit Crowded Kramatorsk City Center; Emergency Services On Site (RadioFreeEurope/RadioLiberty) Two Russian missiles struck a crowded area in the eastern Ukrainian city of Kramatorsk on June 27, the governor of the Donetsk region said, and emergency services were at the scene determining the number of casualties.
‘I was ordering pizza in a bar, half an hour later it was blown to pieces’ (The Telegraph) Kremlin distracts from Wagner humiliation with apparent ‘missile terror campaign’ against civilians near occupied Donbas
UN says Russian forces have tortured and executed civilians in Ukraine (the Guardian) Report details widespread and systematic torture with summary executions of more than 70 people
Ukraine-Russia war: Russia paid $1 billion to Wagner group in one year, says Putin (The Telegraph) Vladimir Putin has said the Wagner militia has been entirely supported by the Russian state since it joined the war.
U.S. intel expected a more violent rebellion in Russia (CNN) The U.S. intelligence community says it believed the uprising in Russia this weekend would have been more violent. CNN’s Natasha Bertrand reports.
Prigozhin arrives in Belarus as Lukashenko takes credit for rescuing Russia from coup (The Telegraph) Wagner fighters expected to be given safe passage to Belarus to train country’s army as its president said he ‘could do with such a unit’
After Putin speech on deal with mercenaries, Russia confronts divisions (Washington Post) As Russian President Vladimir Putin extolled the nation’s “unity and patriotism” and attempted to project a military consolidated behind him after a failed mutiny by Wagner mercenaries, Russians on Tuesday continued to confront jarring questions about divisions in the security forces and how the president allowed the country to reach a risk of civil war.
Russia-Ukraine War: Putin, Projecting Control, Tries to Contain Fallout From Mutiny (New York Times) As President Vladimir V. Putin emphasized Russian unity after a brief uprising, the Kremlin’s spokesman said a New York Times report that a top general knew of the revolt beforehand was “gossip.”
Russia-Ukraine War: Lukashenko Says That During Revolt, Putin Suggested Killing Mercenary Chief (New York Times) President Aleksandr G. Lukashenko of Belarus said that he had argued against the move, and confirmed that Yevgeny V. Prigozhin, the head of the Wagner mercenary group, had arrived in the country, Belarusian state media reported.
Russian General Knew About Mercenary Chief’s Rebellion Plans, U.S. Officials Say (New York Times) Yevgeny Prigozhin, the head of Wagner, may have believed he had support in Russia’s military.
A Wagner ex-convict returned home from war. Then he killed again. (Military Times) Some convicts recruited by Russia’s private military contractor Wagner to fight in the war in Ukraine are coming home and committing new crimes.
Putin, Prigozhin and the Danger of Disorder (New York Times) The events playing out in Russia feel like the trailer for the next James Bond movie: Vladimir Putin’s ex-chef/ex-cyber-hacker/recent mercenary army leader, Yevgeny V. Prigozhin, goes rogue.
Opinion: The Wagner mutiny shows Ukraine can win (CNN) Both President Vladimir Putin, and Russia itself, have been shown to be far weaker than they would like to pretend to be, writes Keir Giles. “What the Wagner showdown demonstrates is that now is the time to redouble support to Ukraine.”
Prigozhin’s Loss Is Ukraine’s Gain (The Atlantic) Without Russia’s single most effective fighting force, Putin will have to rely wholly on the country’s weakened military.
Biden Administration Announces Additional Security Assistance for Ukraine (U.S. Department of Defense) The DOD announced additional security assistance to meet Ukraine's critical security and defense needs. The package, valued at up to $500 million, includes key capabilities to support Ukraine's
Pentagon Announces $500M in Security Assistance for Ukraine (U.S. Department of Defense) The Defense Department announced an additional security assistance package of up to $500 million to provide key capabilities to support Ukraine's counteroffensive operations.
Putin’s weakness has been revealed. Here’s how Russia’s neighbors are reacting. (Atlantic Council) After Prigozhin’s mutiny, leaders and elites across Eurasia will now be closely tuned in to Moscow for further signs of weakness.
NATO will defend members from threat of Wagner forces in Belarus (Al Jazeera) Secretary-General Jens Stoltenberg says military alliance will protect members from threats by either ‘Moscow or Minsk’.
With an eye on Ukraine, head of British Army says 'mass is still indispensable' (Breaking Defense) "We should treat many of these lessons with caution; one wonders what shape we would be in if, in the first few days after the Russian invasion, we had sold off our armor to invest in [Turkish made Bayraktar] TB2 or one-way attack drones," said Gen. Patrick Sanders, British Army Chief of the General Staff.
Ryder Says Wagner Security Situation Purely an Internal Russian Matter (U.S. Department of Defense) The Wagner Group situation is purely an internal Russian problem, but one that U.S. leaders must monitor, Pentagon Press Secretary Air Force Brig. Gen. Pat Ryder said.
The rise and fall of the Conti ransomware group (Global Initiative) On 25 February 2022, a message appeared on a darknet website run by the cybercriminal syndicate known as Conti. The message pledged allegiance and support for the full-scale Russian invasion of Ukraine, announced by Russian President Vladimir Putin the day before. This short and simple show of support for Russia was the beginning of the end of one of the most prolific ransomware groups in recent years.
The Trickbot/Conti Crypters: Where Are They Now? (Security Intelligence) Despite its shutdown, operators from the Conti syndicate remain active and collaborative in new factions. IBM Security X-force shares the intel.
Ukraine war made Switzerland hub for Chinese, Russian spies: Swiss intelligence (South China Morning Post) Switzerland is home to several international organisations, and the country’s intelligence service said the threat to Switzerland posed by foreign espionage remains high.
Swiss intelligence warns of fallout in cyberspace as West clamps down on spies (Record) The efforts by governments in Europe and elsewhere to degrade Russia's human intelligence networks could have blowback in other areas, Swiss intelligence is warning.
Ukraine Cracks Down on Investment Scams, Raids Call Centers (Gov Info Security) Ukrainian cyber police raided and closed more than a dozen fraudulent call centers last week, saying the operations were running fake investment scams that involved
Six years on from NotPetya: an analysis from Tom Gol, CTO for research at Armis (IT Security Guru) Six years have passed since the infamous NotPetya cyber attack sent shockwaves through the cybersecurity landscape. Initially disguised as ransomware, NotPetya
Attacks, Threats, and Vulnerabilities
Rezilion Report Finds World's Most Popular Generative AI Projects Present High Security Risk (Rezilion) A new report from Rezilion finds the world's most popular generative AI projects present a high security risk.
Submarine Cables at Growing Risk of Cyber-Attacks (Infosecurity Magazine) A report from Recorded Future highlights how digital cable management systems are vulnerable to nation-state attacks
Sharks, earthquakes and cyberattacks: The threats to undersea cables (Washington Post) It’s getting awfully risky below the sea for communication cables, researchers warn
New Fast-Developing ThirdEye Infostealer Pries Open System Information (Fortinet Blog) FortiGuard Labs recently came across files that look suspicious, even during a cursory review. Our subsequent investigation confirmed that the files are malicious and revealed there is more to them…
JokerSpy macOS malware used to attack Japanese crypto exchange (AppleInsider) A new and strange macOS malware called "JokerSpy" has been identified, with its first known backdoor creation hitting a crypto exchange.
Prominent cryptocurrency exchange infected with previously unseen Mac malware (Ars Technica) It's not yet clear how the full-featured JokerSpy backdoor gets installed.
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution (Security Joes) Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically focused on process injection techniques utilized by attackers to deceive robust security products integrated into the security stack, such as EDRs and XDRs. Throughout the blog post, we will delve into various process injection techniques e
New Mockingjay Process Injection Technique Could Let Malware Evade Detection (The Hacker News) Brace yourself for the new Mockingjay process injection technique! This advanced method enables hackers to execute malicious code undetected.
New Mockingjay process injection technique evades EDR detection (BleepingComputer) A new process injection technique named 'Mockingjay' could allow threat actors to bypass EDR (Endpoint Detection and Response) and other security products to stealthily execute malicious code on compromised systems.
Hackers Hiding DcRAT Malware in Fake OnlyFans Content (HackRead) DcRAT malware includes a ransomware plugin that encrypts non-system files, rendering them inaccessible without the decryption key, which threat actors will likely hold for ransom.
LetMeSpy app website compromised, personal info exposed (Register) Just as America's Supremes set a high bar for cyberstalking
Outlook for the web outage impacts users across America (BleepingComputer) Microsoft is investigating an ongoing issue preventing some customers from accessing their Exchange Online mailbox through Outlook on the web.
Virbac Says It Experienced a Cyber Attack on Several Sites (Bloomberg Law) Virbac says it was the target of a cyber attack on several of its sites worldwide during the night of June 19-20.
Schneider Electric and Siemens Energy are two more victims of a MOVEit attack (Security Affairs) Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy. The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including the industrial giants Schneider Electric and Siemens Energy. Both Schneider Electric and Siemens Energy provide […]
Schneider Electric Probing MOVEit Claim By Cybercrime Group (CRN) Schneider Electric and Cognizant are among the companies that have been listed on the Clop darkweb site as victims of the MOVEit hacking campaign.
Siemens and UCLA say data compromised in MOVEit data breach (Reuters) Siemens Energy and the University of California, Los Angeles (UCLA) said on Tuesday they were among victims of the MOVEit hack that has affected scores of corporations, governments and other institutions in recent weeks.
UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks (Dark Reading) Cl0p ransomware group uses its Dark Web leak site to identify five new victims of MOVEit cyberattacks.
Do you use Genworth Financial? You could be one of millions impacted by this data breach. (Delaware News Journal) If you are insured by Genworth Financial, you could be one of millions impacted by a May data breach suffered by the company's third-party vendor.
Identifying CISA BOD 23-02 Internet-Exposed Networked Management Interfaces with Censys (Censys) On June 13, CISA released BOD 23-02 with the objective of mitigating the risks associated with remotely accessible management interfaces that might allow configuration or control of federal agency networks from the public internet.
Hundreds of devices found violating new CISA federal agency directive (BleepingComputer) Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive.
Vulnerability Summary for the Week of June 19, 2023 (Cybersecurity and Infrastructure Security Agency CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
CISA Releases One Industrial Control Systems Advisory (Cybersecurity and Infrastructure Security Agency CISA) CISA released one Industrial Control Systems (ICS) advisory on June 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-178-01 Hitachi Energy_FOXMAN-UN and UNEM Products
Meta is rolling out new parental control tools for Instagram and Messenger (TechCrunch) Meta announced new parental control tools across Instagram, Facebook, and Messenger including new parental supervision hub in Messenger.
Trends
There’s no winning the cyber war — but that’s OK (The Hill) We need to move past panic over cyber threats and accept that cyber incidents are endemic.
Zscaler 2023 Ransomware Report Shows a Nearly 40% Increase in Global Ransomware Attacks (GlobeNewswire News Room) Annual ThreatLabz Ransomware Report Tracks Trends and Impacts of Ransomware Attacks Including Encryption-less Extortion and Growth of...
WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends (GlobeNewswire News Room) Key findings from the research also show three of the four new malware threats on this quarter’s top-ten list originated in China and Russia,...
Kaspersky SMB threat report 2023 (SecureList) This report contains statistics on cybersecurity threats to small and medium-sized businesses in 2023, and examples of cyberattacks on SMBs.
Rise in phishing and smishing attempts (IT-Online) FNB has issued a warning to consumers about an increase in phishing and smishing attempts on unwary customers. Phishing is a type of cybercrime in which people are duped into providing sensitive information such as login credentials, passwords, PINs, card details, or ID numbers by using deceptive techniques such as fake emails and websites. Smishing […]
STUDY: Despite 84% of Businesses Claiming to Prioritize Third-Party Risk Management, More Than 40% Of Companies Have Insufficient Visibility Over Their Digital Supply Chain (GlobeNewswire News Room) New report shows only 13% of businesses continuously monitor the security risks of their third parties and critical vendors...
Gigamon 2023 Hybrid Cloud Security Survey Reveals Nearly One Third of Security Breaches are Going Undetected by IT and Security Professionals (Gigamon) Annual survey shines a spotlight on global misconceptions around the extent of hybrid cloud blind spots, despite 93 percent predicting cloud security attacks are on the rise.
Digital Banking Fraud Trends in APAC - 2023 (BioCatch) Download this report to gain insight into the rapidly changing threat landscape in the APAC region, and arm your business with the knowledge and solutions to anticipate and counter fraudsters.
DDoS Statistical Report for 2022 (Nexusguard) Nexusguard’s DDoS Statistical Report for 2022 Indicates Global Shift in Attack Landscape
The Pros & Cons of Vendor Consolidation – Shawn Surber – BSW #310 (SC Media) In a tight economy, security budgets have been under scrutiny. Vendor consolidation strategies are real, but what are the pros and cons of this strategy? Shawn Surber from Tanium joins us to discuss how vendor consolidation is playing out and what to look for. It’s not just an expense exerc...
Marketplace
HashiCorp Acquires BluBracket to Expand its Secrets Management Capabilities (GlobeNewswire News Room) BluBracket’s code security product will complement and expand HashiCorp Vault...
Socure Acquires Berbix for Approximately $70 Million in Cash and Stock (Socure) Socure Acquires Berbix for Approximately $70 Million in Cash and Stock, Together Delivering the Fastest, Most Accurate ID Verification Solution Worldwide
Cybersecurity startup Cyera secures $100 million Series B at $500 million valuation (CTech) The Israeli company’s data security platform learns an enterprise’s unique data and business purpose, ans uses large language models to automatically discover, classify, and secure sensitive data
Booz Allen Snags a Spot on $2.6B IRS EDOS Contract (WashingtonExec) Richard Crowe, Booz Allen Hamilton Booz Allen Hamilton won a spot on the Internal Revenue Service Enterprise Development, Operations Services contract, a bl ...
SandboxAQ Awarded DISA OTA for Quantum Capabilities; Jen Sovada Quoted (Executive Gov) Looking for the latest Government Contracting News? Read about SandboxAQ Awarded DISA OTA for Quantum Capabilities; Jen Sovada Quoted.
Carahsoft, Coalfire, and Google Public Sector Partner on FedRAMP® Accelerator to Enable SaaS Providers Selling into the Federal Government (PR Newswire) Cybersecurity pioneer Coalfire, IT solutions provider Carahsoft Technology Corp., and Google Public Sector have entered into a partnership to...
OPSWAT NetWall and MetaDefender Kiosk Accepted into Emerson DeltaV Alliance Program (PR Newswire) /PRNewswire/ -- OPSWAT, a global leader in critical infrastructure protection (CIP) cybersecurity solutions, is proud to announce that its NetWall and...
Still hiring: Big Tech layoffs give other sectors an opening (Maryland Daily Record) The recent mass layoffs at tech companies came as a shock. Now thousands of workers are being courted by employers whose names aren’t typically synonymous with tech work.
Quorum Cyber Expands North American Team With Paul Vasquez As Vice President of Alliances & Partnerships (Yahoo Finance) Vasquez brings over 20 years of business development and partnerships experience to expand the company's North American cyber security market share. With a wealth of expertise helping technology companies develop their partnerships with Microsoft, his previous roles include Senior Director for Strategic Alliances and Channels at Epiq, where he built their Microsoft partnership from the ground up—winning several Microsoft partner awards. In addition, Vasquez served as Director of Business Develop
Products, Services, and Solutions
KnowBe4 Kicks Off Ransomware Awareness Month With Resource Kit (KnowBe4) KnowBe4 Kicks Off Ransomware Awareness Month With Resource Kit
FiVerity Empowers Community Banks and Credit Unions with Free Access t (PRWeb) FiVerity, the leading provider of Anti-Fraud Collaboration solutions, today announced new platform features designed to help the financial industry fight back against
Rapid7 Expands Relationship with AWS To Include InsightIDR Support for AWS AppFabric (GlobeNewswire News Room) Rapid7’s support of AWS AppFabric continues its commitment to extending monitoring, detection, and response for the cloud...
Cynet 360 Mobile Empowers Organizations to Protect Mobile Devices From Cybersecurity Attacks (Cynet) Discover Cynet 360 Mobile, the all-in-one mobile threat protection solution that safeguards Chrome OS, Android, and iOS devices against security and privacy threats. Gain persistent on-device protection, detect risky applications, and defend against mobile malware, phishing, and network-based attacks.
DoControl Extends its Technology Alliance Program With 12 Business-Critical SaaS Applications (PR Newswire) DoControl, the leader in the SaaS Security Platform (SSP) market, continues to distinguish itself through the success of its Technology...
Onapsis Partners with SNOPUD to Secure Critical SAP Applications, Strengthening its Leadership in the Utilities Sector (Business Wire) Onapsis will help SNOPUD deliver uninterrupted services to 373,000 energy customers and 23,000 water customers
Floor & Decor Ensures Comprehensive and Efficient Security with Contrast Security (Contrast Security) Floor & Decor Ensures Comprehensive and Efficient Security with Contrast Security
Tanium partners with Microsoft to provide comprehensive endpoint visibility and management in real time (Gov Insider) Converged endpoint management provider Tanium has partnered with Microsoft to help cybersecurity professionals better leverage real-time data for more proactive cybersecurity management.
Asimily Announces Partnership and Integration with HANDLE Global to Provide Cybersecurity and Threat Risk Insights for Healthcare Capital Cycle Management (GlobeNewswire News Room) Asimily, a leading Internet of Things (IoT) and Internet of Medical Things (IoMT) risk management...
Cato Networks Revolutionizes Network Security with Real-Time, Machine Learning-Powered Protection (PR Newswire) Cato Networks, provider of the world's leading single-vendor SASE platform, introduced today real-time, deep learning algorithms for threat...
Kazakhtelecom deploys A10 Networks solutions (TelecomLead) Kazakhtelecom has partnered with A10 Networks to ensure a secure and consistent experience for customers in Kazakhstan
ThriveDX Launches Cybersecurity Training Academy (MSSP Alert) ThriveDX has created the Cyber Academy to help organizations educate their employees about a wide range of cybersecurity topics.
ThriveDX, CyberProof Partner to Quickly Fill Cybersecurity Positions (Fast Mode) ThriveDX, the leader in cybersecurity and digital skills training, announced the successful launch of the Cyber Academy to place cybersecurity analysts at its partner CyberProof, a UST company and leader in the cybersecurity industry providing enterprises with expert managed detection and response services.
Bishop Fox Expands Social Engineering Adversarial Emulation Services (GlobeNewswire News Room) New and Expanded Red Team Offerings Overcome “Security Awareness” Gap and Improve Protection Against Multistage, Advanced Attack Methods...
SonicWall Introduces Monthly Firewall Security Services Bundles for MSSPs, MSPs (PR Newswire) SonicWall, a 100% channel cybersecurity leader, today announced the availability of monthly firewall security services bundles for Managed...
Rubrik and Microsoft Announce Generative AI-Powered Cyber Recovery and Remediation (GlobeNewswire News Room) Rubrik Security Cloud, Microsoft Sentinel, and Azure OpenAI Service integration demonstrates how organizations can strengthen their cyber resilience and...
data.world Announces Data Governance and Data Catalog Integrations with Snowflake’s Snowpark (GlobeNewswire News Room) The data catalog platform delivers catalog and governance capabilities for data-intensive applications...
Coveo's AI Platform Earns Coveted ISO 27001 Certification: Setting the Standard for Security and Trust (GlobeNewswire News Room) Coveo’s market-leading AI Platform, the Coveo Relevance Cloud™, continues demonstrating strength in security by achieving global security standard with ISO...
Corvus Insurance adds Generative AI Enhancements to Underwriting Platform to Improve Quoting Speed and Efficiency (Business Wire) Generative AI drives advanced Automation features within Corvus Risk Navigator™, eliminating routine manual tasks to reduce workload, accelerate growth, and increase book value
OTORIO Transforms OT Security with Advanced Attack Graph Analysis (OTORIO) OTORIOs CDT and patent-protected attack graphs provide dynamic visual network topology & advanced risk assessment for the OT security market.
Technologies, Techniques, and Standards
CISA Finalizes SCuBA Architecture, Visibility Reference Framework (Meritalk) The Cybersecurity and Infrastructure Security Agency (CISA) released the first series of final security guidance resources under its Secure Cloud Business Applications (SCuBA) project today.
CISA issues updated cloud security resources for federal agencies (FedScoop) The agency says the new documentation will help government departments implement cloud cybersecurity best practices.
CISA Looking for Input on Modernizing EINSTEIN Program (Meritalk) The General Services Administration (GSA) has issued a Request for Information (RFI) on behalf of the Cybersecurity and Infrastructure Security Agency (CISA), which is seeking technical input from industry on detecting and responding to threats within Federal civilian agency networks as CISA moves to modernize “legacy capabilities” under its EINSTEIN program.
CISA Eyes C-SCRM Training Resources, Information Hub (Meritalk) The Cybersecurity and Infrastructure Security Agency (CISA) plans to release a training program to help Federal agencies better understand and operationalize cyber supply chain risk management (C-SCRM), CISA’s C-SCRM Project Management Office Lead said today.
FPF Launches Cybersecurity and Data Privacy Expert Working Group (Future of Privacy Forum) As the world becomes more ingrained and dependent on digital systems, the need to explore the challenges posed by emerging technologies and develop ethical norms and workable best practices grows. Today, FPF launched its Privacy and Cybersecurity Expert Working Group and announced the Inaugural Advisory Committee to lead FPF’s exploration of the intersection of privacy and security.
How Application Allowlisting Combats Ransomware Attacks (Security Intelligence) By identifying attackers at the application and process level, allowlisting is a critical tool in your anti-ransomware defenses.
Virginia Cyber Brigade Leads Cyber Shield 2023 (National Guard) In the early 2000s, the Defense Department and the National Guard Bureau realized that cyber threats were on the rise and would only become more prominent in the United States and
Design and Innovation
Tackling the 'human factor' to transform cyber security behaviours (NCSC) ThinkCyber's CEO Tim Ward reflects on the challenges that startups face when developing innovative products.
Meet the Humans Trying to Keep Us Safe From AI (WIRED) As artificial intelligence explodes, the field is expanding beyond the usual suspects—and the usual motivations.
AI ethics toolkit updated to include more assessment components (ZDNET) The second iteration of the Veritas Toolkit includes assessment methodologies for accountability and transparency, to guide financial institutions on the 'responsible' use of artificial intelligence.
Are GPT-Based Models the Right Fit for AI-Powered Cybersecurity? (Infosecurity Magazine) Many cybersecurity vendors are integrating general-purpose large language models into their solutions. However, some experts argue that these are not the best AI algorithms for security
Research and Development
Venn Secures Patent for First Technology to Make MDM for Laptops a Reality (Venn) Venn Delivers the First Purpose-Built Patented Technology for Secure BYO-PC for the Modern Global Remote Workforce
Academia
School cyber teams go back to the drawing board (Axios) School IT leaders are revisiting their cybersecurity strategies after trying — and sometimes failing — to fend off a wave of ransomware attacks this past school year.
Center for Cyber Defense Education Honored (UNCW News) The National Security Agency’s National Centers of Academic Excellence in Cybersecurity program directors recently recognized UNCW for the outreach efforts of CCDE faculty and staff.
Legislation, Policy, and Regulation
MPs call for sanctions on foreign aggressors targeting Canada with disinformation (CBC News) MPs are urging the Liberal government to levy sanctions against individuals and organizations that target Canadians with disinformation.
Israel helped UAE fend off major cyberattack, Emirati cyber chief says (The Jerusalem Post) Israel's cyber chief called on top international cyber officials to work together to stop Iranian and Hezbollah hackers “from their attacks on the world.”
An encryption exodus looms over UK’s Online Safety Bill (TechCrunch) The backlash against the encryption-busting Online Safety Bill continues to grow, suggesting the United Kingdom could soon face a looming exodus of secure messaging apps.
Apple joins opposition to encrypted message app scanning (BBC News) WhatsApp and iMessage could be forced to scan for child abuse images under the Online Safety Bill.
Online Safety Bill: Apple voices concerns about message scanning (Computing) The tech giant becomes the latest to add its voice to those concerned that weakening encryption will ultimately prove damaging to everyone.
Apple says proposed UK law “poses a serious threat” to end-to-end encryption (The Verge) It’s urging lawmakers to amend the Online Safety Bill.
WSJ News Exclusive | U.S. Considers New Curbs on AI Chip Exports to China (Wall Street Journal) Restrictions come amid concerns that China could use AI chips from Nvidia and others for weapon development and hacking.
Administration Cybersecurity Priorities for the FY 2025 Budget (The White House) This memorandum outlines the Administration’s cross-agency cybersecurity investment priorities for formulating fiscal year (FY) 2025 Budget submissions to the Office of Management and Budget (OMB), consistent with spring guidance.
White House directs agencies to prioritize ‘secure by design’ in 2025 budgets (Federal News Network) The budget guidance hews closely to the National Cyber Strategy, directing agencies to continue to focus their resources on “zero trust” architectures.
Twenty-Five Years of White House Cyber Policies (Lawfare) Twenty-five years ago, on May 22, 1998, the Clinton administration published the White House’s first-ever national cyber policy: Presidential Decision 63 (PDD 63). On March 2, 2023, the Biden administration published the latest White House cyber strategy, the National Cybersecurity Strategy (NCS).
Why Cyber Funding Flows for Rural Water Systems (Dark Reading) The $7.5 million in new funds from the Cybersecurity for Rural Water Systems Act of 2023 is not just a drop in the bucket for crucially important rural water systems.
Washington State’s My Health My Data Act FAQ, Part Two – Requirements (cyber/data/privacy insights) In Part Two of our FAQ series on Washington state’s My Health My Data (MHMD) Act, we answer questions related to some of the act’s substantive requirements. As we explained in our previous FAQ, given the MHMD’s breadth – both to which entities and data it applies – regulated entities should be mindf
Litigation, Investigation, and Law Enforcement
Tracking atrocities in Sudan: 'The world has become significantly less anonymous for war criminals' (Record) Technology is allowing third-party observers to document human rights abuses in near real time thanks to, among other things, low-orbit satellites. Researcher Nathaniel Raymond talks with the Click Here podcast team about documenting the violence in Sudan and predicting attacks before they happen.
Supreme Court guts protections for cyberstalking victims (Fast Company) Critics say the 7-2 decision will protect stalkers who are merely delusional about the consequences of their actions.
Sequoia Made a Fortune Investing in the U.S. and China. Then It Had to Pick One. (Wall Street Journal) Scrutiny from Washington aggravated tensions within the venture-capital firm, fueling its decision to break up
SolarWinds CISO and CFO are focus of SEC’s Orion investigation (SC Media) The company at the center of a major 2020 breach says if the SEC takes action against the two senior executives they could be forced to step down.
SEC notice to SolarWinds CISO and CFO roils cybersecurity industry (CSO Online) US SEC staff have recommended legal action against individual SolarWinds employees, in an unusual move that is causing a stir among cybersecurity professionals.
A 3-year probe of encrypted phones led to the seizure of hundreds of tons of drugs, prosecutors say (AP News) International prosecutors say that investigations triggered by the cracking of encrypted phones three years ago have so far led to more than 6,500 arrests worldwide and the seizure of hundreds of tons of drugs.
EncroChat probe nets 6,500+ arrests and €740m in funds (Register) Eurocop op cracking crims' chat app causes clink time and cash confiscation