Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+518: Ukraine attacks toward the Sea of Azov. (CyberWire) Ukraine's counteroffensive enters a new phase. Russian cyber operations continue to support strategic as opposed to tactical objectives.
Russia-Ukraine war at a glance: what we know on day 519 of the invasion (the Guardian) Security guard at Odesa port killed after Russian strike; Zelenskiy visits Dnipro in southeastern Ukraine
Russia-Ukraine war: List of key events, day 519 (Al Jazeera) These are the main developments as the Russian invasion of Ukraine enters its 519th day.
Kyiv launches a major push against Russian forces, officials and analysts say (AP News) Ukraine has launched a major push to dislodge Russian forces from the country's southeast as part of its weekslong counteroffensive, committing thousands of troops to the battle.
Ukraine launches main thrust of its counter-offensive against Russia (The Telegraph) Kyiv’s forces are backed by thousands of troops and Western arms as US official says: ‘This is the big test’
U.S. Says Main Thrust of Ukraine’s Counteroffensive Has Begun (New York Times) Artillery duels flared along the southern front, as troops trained and equipped by the West pressed forward.
Ukraine launches new push, claims gains against Russians in south (Washington Post) Ukrainian forces have launched a new push in their counteroffensive against Russian invaders and made advances south of Orikhiv in the country’s Zaporizhzhia region, officials said Wednesday.
Ukraine steps up counteroffensive with new push south and around Bakhmut (the Guardian) Ukrainian official says every type of weapon in use, including US cluster munitions, as troops push forward
The next stage of the counteroffensive appears to be taking shape. (New York Times) Ukrainian forces trying to punch through Russian lines are facing perhaps their biggest test of the war as, according to two Pentagon officials, Kyiv begins the main thrust of its counteroffensive, pouring the bulk of their Western-trained reserves into the fight to sever Moscow’s hold on the south.
Russia Bombards Southern Ukraine, Trying to Keep Kyiv’s Advance at Bay (New York Times) Moscow launched airstrikes and artillery barrages in the south, where U.S. officials said Ukraine had begun the main thrust of its counteroffensive.
How Ukrainian DIY Drones Are Taking Out Russian Tanks (Wall Street Journal) Since the Ukrainian counteroffensive began, there’s been a dramatic increase in Ukraine’s use of cheap FPV, or first-person-view drones, to execute kamikaze-sty
Putin is about to declare war on the whole world (The Telegraph) A Black Sea blockade against Ukraine would affect everyone on Earth
Bluffing or not, Putin’s declared deployment of nuclear weapons to Belarus raises tensions (AP News) Sometime this summer, if President Vladimir Putin can be believed, Russia moved some of its short-range nuclear weapons into Belarus, closer to Ukraine and onto the doorstep of NATO’s members in Central and Eastern Europe.
Images Show More Military Equipment Gathered At 'Wagner Camp' In Belarus (RadioFreeEurope/RadioLiberty) Military equipment and vehicles believed to belong to the private Wagner mercenary group continue to move to a site in the village of Tsel in eastern Belarus that is believed to be a site where troops from Yevgeny Prigozhin's company have settled after its aborted mutiny in Russia last month.
Ukraine's SBU Claims Responsibility For October Crimea Bridge Blast (RadioFreeEurope/RadioLiberty) Ukraine's Security Service (SBU) claimed responsibility for the first time on July 26 for an explosion that badly damaged the bridge linking the Russian-occupied Crimean Peninsula with Russia in October 2022.
Spectre of hyperinflation hangs over Putin as Russian economy crumbles (The Telegraph) Pressure builds on multiple fronts as rouble plunges, wages surge, and borrowing peaks
NATO investigates alleged data theft by SiegedSec hackers (BleepingComputer) NATO has confirmed that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by a hacking group known as SiegedSec.
NATO investigating apparent breach of unclassified information sharing platform (CyberScoop) SiegedSec, a group known for politically motivated hacks and leaks, posted a link to the files in a Telegram channel.
SiegedSec Compromise NATO (Cyberint) As part of their campaign against the West, SiegedSec announced of their successful attack on NATO and leaking some valuable documents.
Exclusive Interview: Anonymous Sudan, Cyber Warriors or Russian Puppets? (Intel Cocktail) In the fast-paced world of the cyber underground, Russia-linked Anonymous Sudan has emerged as a formidable attacker, claiming responsibility for a staggering 63% of the total identified DDoS attacks attributed to the pro-Russian KillNet collective in 2023 (Mandiant). Of particular interest is their focus on targeting US and European organizations, which has generated both intrigue and skepticism regarding their true intentions and identity.
Not OK on VK: An Analysis of In-Platform Censorship on Russia’s VKontakte (The Citizen Lab) This report examines the accessibility of certain types of content on VK (an abbreviation for “VKontakte”), a Russian social networking service, in Canada, Ukraine, and Russia. Among these countries, we found that Russia had the most limited access to VK social media content, due to the blocking of 94,942 videos, 1,569 community accounts, and 787 personal accounts in the country.
Russia’s Online Censorship Has Soared 30-Fold During Ukraine War (New York Times) A report from Citizen Lab laid out how much online censorship has increased on one of Russia’s biggest social media sites.
Russian court jails cyber security executive for 14 years in treason case (Reuters) A Russian court on Wednesday convicted a top cyber security executive of treason and jailed him for 14 years in a case that state news agency TASS said centred on allegations he had passed classified information to foreign spies.
Ukraine Says Another Ex-Lawmaker Is Suspected Of High Treason (RadioFreeEurope/RadioLiberty) Ukraine's State Bureau of Investigations (DBR) says former lawmaker Vadym Rabinovych, who is currently out the country, is suspected of high treason.
EU To Hit Belarus With 'Restrictive Measures' For Involvement In Ukraine War (RadioFreeEurope/RadioLiberty) Ambassadors from the European Union's 27 member states have agreed to adopt "restrictive measures" against Belarus over its assistance to Russia in Moscow's war against Ukraine.
Russia And Belarus Not Among 203 Countries Invited To Paris Olympics (RadioFreeEurope/RadioLiberty) The International Olympic Committee (IOC) has formally invited 203 countries to compete in the 2024 Paris Games, notably excluding Russia and Belarus from the list.
Kremlin Says Less Than One-Third Of African Leaders Invited To St. Petersburg Summit To Attend (RadioFreeEurope/RadioLiberty) The Kremlin says less than one-third of the presidents invited will attend the Russia-Africa summit in St. Petersburg on July 27-28.
Putin's Russia-Africa Summit Isn't Going as Planned (Time) The second-ever summit kicks off Thursday with a slimmed down guest list amid tensions over grain security.
North Korean leader Kim Jong Un meets with Russian defense minister to discuss military cooperation (AP News) North Korean state media say leader Kim Jong Un has met with Russian Defense Minister Sergei Shoigu for discussions on military issues and the regional security environment.
Angry Russia refuses to speak at UN meeting on its attacks on Ukraine's key port city of Odesa (AP News) In an escalation of Russia’s anger at Ukraine and its Western backers, Russia refused to speak at a U.N.
'A City Of Dreams': Russian-Born Artist Describes Life Under Bombardment In Ukraine's Odesa (RadioFreeEurope/RadioLiberty) A Russian-born poet, designer, and artist who has lived in the Ukrainian Black Sea port city of Odesa since 2015 describes how the war has enraged a city that was once favorably inclined toward Russia. “Now there are no people like that,” she said.
Biden orders U.S. to share evidence of Russian war crimes with international court (POLITICO) The decision is a shift in U.S. policy toward the International Criminal Court and goes against the Pentagon’s recommendation.
US begins sharing Russian war-crimes evidence with Hague court (the Guardian) Quiet decision ends dispute within Biden administration over ICC cooperation after Pentagon had been accused of obstruction
Moldova expels 45 Russian diplomats and embassy staff, citing years of ‘hostile actions’ (the Guardian) The country’s foreign minister alluded to media reports of alleged spying equipment installed on the roof of Russia’s embassy in Chișinău
Attacks, Threats, and Vulnerabilities
CISA warns govt agencies to patch Ivanti bug exploited in attacks (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. federal agencies today to secure their systems against a maximum severity authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM), formerly MobileIron Core.
Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique (The Hacker News) Financially motivated hackers behind Casbaneiro banking malware are evolving their tactics to avoid detection
Tomcat Under Attack: Exploring Mirai Malware and Beyond (Aquasec) Tomcat Vulnerability explore some of the techniques used by the Mirai botnet to exploit a single attack directed at one of our Apache Tomcat honeypots.
Researchers say more than 900,000 MikroTik routers vulnerable to hackers (Record) More than 900,000 MikroTik routers are vulnerable to an issue that the company quietly patched late last week, according to researchers.
Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking (The Hacker News) Critical Privilege Escalation Vulnerability in MikroTik RouterOS Poses a Severe Threat to Over Half a Million Devices
Akira ransomware compromised at least 63 victims since March, report says (Record) Researchers at Arctic Wolf say Akira ransomware has hit dozens of organizations since it was first identified. The company found some new signs that the operation has links to the Conti cybercrime gang, too.
Mandiant finds no evidence of data or cryptocurrency theft in JumpCloud attack (Cybersecurity Dive) The incident response firm only has insights into one of a handful of downstream victims, but the research suggests the damage may be limited.
Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets (The Hacker News) A new malware family called Realst is targeting Apple macOS systems, including macOS 14 Sonoma! Written in Rust programming language.
CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services (TechCrunch) The Canadian provider of heart monitoring technologies says its servers and systems have been downed by an ongoing cybersecurity incident.
CardioComm Solutions Responds to Cyber Security Incident (Investors Observer) CardioComm Solutions Responds to Cyber Security Incident
Gun owner data breach: Info of prominent Aucklanders, company directors, lawyers leaked (NZ Herald) The email contained the names and address of a number of prominent Auckland gun owners.
GameOverlay Vulnerability Impacts 40% of Ubuntu Workloads (Wiz Blog) Wiz Research discovers CVE-2023-2640 & CVE-2023-32629, 2 privilege escalation vulnerabilities in Ubuntu's OverlayFS module impacting 40% of cloud workloads.
Cyberattack on University of West Scotland claimed by Rhysida ransomware gang (Tech Monitor) Attack on University of West Scotland claimed by Rhysida ransomware gang. The gang is demanding at least 20 Bitcoin...
Massive data breach may have exposed personal information of MSU students, employees (WKAR Public Media) Some personal information belonging to Michigan State University students and employees may have been exposed through a wide-ranging data breach.
What to know about MSU’s third-party data breach (The State News) Students received an email from Michigan State University administration on Monday informing them of a data breach which may have led to unauthorized access of MSU community members’ personal data.
Latest MOVEit Data Breach Victim Tally: 455 Organizations (Bank Info Security) More details about victims of the Clop crime group's zero-day attacks on users of the widely used MOVEit file transfer software continue to come to light.
School Accreditation Organization Data Breach Exposed Sensitive Information on Students, Parents, and Teachers Online (Website Planet) Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet a non-password protected database that contained 680k records. Upon further investigation, it was identified that these records were related to educational institutions. Documents inside the database suggested that it belonged to the Southern Association of Independent Schools, Inc (SAIS).
Uncovering the Rite Aid Data Breach: What You Need to Know (LegalScoops) In this post, we will delve into the Rite Aid data breach, exploring its cause, exposed files, and the company’s response. We will also discuss the efforts
KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (Dark Reading) KnowBe4 releases Q2 2023 global phishing report and finds HR related email subjects utilized as a phishing strategy and make up 50% of top email subjects.
Someone could steal your medical records and bill you for their care (NPR) Consumers should know that medical identity theft can happen, whether from a large-scale breach or theft of an individual's data. The result could be thousands of dollars in medical bills.
Who and What is Behind the Malware Proxy Service SocksEscort? (KrebsOnSecurity) Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service…
Hibernating Qakbot: A Comprehensive Study and In-depth Campaign Analysis (Zscaler) In the ever-evolving landscape of cyber threats, banking trojans continue to pose a significant risk to organizations worldwide. Among them, Qakbot, also known as QBot or Pinkslipbot, stands out as a highly sophisticated and persistent malware active since 2007, targeting businesses across different countries.
Rezilion Uncovers High-Risk Vulnerabilities Missing From CISA KEV Catalog (Dark Reading) Rezilion, an automated software supply chain security platform, today announced a new report, "CVSS, EPSS, KEV: The New Acronyms - And The Intelligence - You Need For Effective Vulnerability Management," detailing the critical importance of the Exploitability Probability Prediction Score (EPSS) for enhancing patch prioritization and effective vulnerability management.
Meta’s Threads Isn’t Labeling Propaganda Accounts From Russia, China State Media (Wall Street Journal) Accounts from state-backed media have garnered hundreds of thousands of followers on Meta’s new microblogging service.
Risk and Vulnerability Assessments (Cybersecurity and Infrastructure Security Agency CISA) CISA analyzes and maps, to the MITRE ATT&CK® framework, the findings from the Risk and Vulnerability Assessments (RVA) we conduct each fiscal year (FY). These analyses include:
CISA Analysis: Fiscal Year 2022 Risk and Vulnerability Assessments (Cybersecurity and Infrastructure Security Agency CISA) The Cybersecurity and Infrastructure Security Agency (CISA) conducts Risk and Vulnerability Assessments (RVAs) for the federal civilian executive branch (FCEB); high priority private and public sector critical infrastructure operators; and select state, local, tribal, and territorial (SLTT) stakeholders. Concurrently, the United States Coast Guard (USCG) conducts RVAs on maritime critical infrastructure operated by SLTT and private-sector organizations.
CISA: Valid Accounts and Phishing Still Effective for Initial Access (Decipher) A new CISA analysis of risk and vulnerability assessments at government agencies shows that the use of valid credentials and spear phishing are still the most effective initial access vectors.
CISA: Most cyberattacks on gov’ts, critical infrastructure involve valid credentials (Record) More than half of all cyberattacks on government agencies, critical infrastructure organizations and state-level government bodies involved the use of valid accounts, according to a new report from the Cybersecurity and Infrastructure Security Agency (CISA).
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-38606 Apple Multiple Products Kernel Unspecified Vulnerability
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-37580 Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability
Trends
New Research Shows Over Half of Companies Lack a Cohesive Generative AI Strategy, Despite Proven Business Impact (Business Wire) Early adopters of generative AI are saving time, increasing revenue, and improving their customer and employee experience—but short-sighted deployments can open up risks
RSA ID IQ Report Reveals What You Don’t Know Will Breach You (Business Wire) 9 in 10 respondents believe AI has a role in improving identity security; three quarters trust technology for their security and privacy more than their partner, closest friend, or financial advisor
Marketplace
Cyclops Emerges from Stealth with $6.4M in Funding to Offer a Contextual Cybersecurity Search Platform (PR Newswire) Cyclops, a contextual cybersecurity search platform, today announced its emergence from stealth with $6.4M in seed funding. The funding round...
Seattle cybersecurity startup Protect AI raises $35M for machine learning code protection (Fagen Wasanni Technologies) Seattle-based cybersecurity startup Protect AI has secured $35 million in funding to accelerate the development and deployment of its platform aimed at bolstering machine learning code security.
Cyber security skills in the UK labour market 2023 (DSIT) This is a summary of research into the UK cyber security labour market, carried out on behalf of the Department for Science, Innovation and Technology (DSIT). In February 2023, the parts of the thenDepartment for Digital, Culture, Media and Sport (DCMS) responsible for cyber security policy moved to DSIT.
Tackling the labor shortage in cybersecurity (The Hill) Tatyana Bolton’s passion for national security and defending her country drew her into cybersecurity, and she says the U.S. needs more who follow that path: The industry is facing a critical labor …
Absolute’s Journey Forward and the Power of Resilience (LinkedIn) As I reflect on our journey at Absolute over the last five years, I am incredibly proud of our team, the innovation and solutions we’ve delivered to our customers and the growth and scale we’ve achieved. As a career technologist, I’ve found that many organizations believe they have powerful security
Mobilicom Expands into New Geographic Markets for its Cybersecure Drone & Robotics Solutions (GlobeNewswire News Room) First purchase orders for sales into Korea, Brazil, and Canada bring Mobilicom’s design wins to a total of 48 as of June 30, 2023 Shoham, Israel, July...
Salt Security Appoints Ori Bach as Executive Vice President of Product (PR Newswire) Salt Security, the leading API security company, today announced the appointment of Ori Bach to the Salt senior leadership team as executive...
ColorTokens Welcomes Agnidipta Sarkar as Vice President CISO Advisory (PR Newswire) ColorTokens Inc., a leading Unified Zero Trust Platform provider, announced today that Agnidipta Sarkar has started as Vice President, CISO...
Island Appoints Respected Industry Leader Steve Tchejeyan as President (Island) Island today announced the addition of Steve Tchejeyan to its executive team as President.
Products, Services, and Solutions
DoControl Automates Time Intensive Process of Bulk Remediation in Google Shared Drives (PR Newswire) DoControl, the leading SaaS Security Platform (SSP), today announced a new patent pending bulk remediation capability, which supports Google...
ATP Gov and Telos Join Forces to Strengthen and Secure Global Satellite Communications (Telos Corporation) ATP Gov, a leading provider of information technology solutions for the federal government, alongside Telos Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, celebrate a new delivery order with the U.S. Air Force to provide global satellite communications solutions...
New Relic Launches Interactive Application Security Testing (New Relic) Patented deterministic technique delivers near zero false positives and proof-of-exploit and accelerates security testing, enabling dev, ops, and security teams to ship secure code faster
HYPR Introduces HYPR Adapt, Designed to Combat Identity Cyber Attacks, and Reveals Study Determining 324% Customer ROI (GlobeNewswire News Room) New product extends HYPR’s passwordless authentication portfolio proven to deliver 324% ROI...
authID Empowers ABM To Deploy Passwordless Authentication for Shared Devices Across the Enterprise (GlobeNewswire News Room) Passwordless authentication secured and simplified with authID’s facial biometric, multi-factor authentication DENVER, CO, July 27, 2023 (GLOBE...
Coalfire Collaborates with MITRE Engenuity on Threat-Informed Defense (PR Newswire) Global cybersecurity leader Coalfire today became a benefactor of MITRE Engenuity Center for Threat-Informed Defense, supporting MITRE Caldera™...
Forcepoint collaborates with AWS to launch new data center in Dubai (ACE Times) Center will provide access to scalable and resilient cloud services to help businesses accelerate digital transformation
N2WS Advances AWS Workload Protection: Empowering Business Continuity and Enterprise Security (PR Newswire) In a significant move toward enhancing business continuity and data security for enterprises, N2WS has launched the latest version of N2WS...
SentinelOne® Launches Cloud Data Security Product Line (Business Wire) Company unveils high-speed malware detection products for leading cloud and network storage providers Amazon S3 and NetApp, enabling customers to revolutionize protection as threats evolve
10 Free Purple Team Security Tools to Check Out (Dark Reading) Check out this curated list of cool tools and platforms for both offensive security experts and defenders, all of which will be released or demoed at Black Hat USA 2023.
BreachRx Transforms the Way Businesses Comply with Cybersecurity, Privacy, and Data Breach Laws with Launch of New Automated Analysis Platform (Business Wire) Cyber RegScout™ helps legal and compliance professionals eliminate manual processes, drive more organizational value, and dramatically reduce regulatory risk
AuditBoard Unveils New IT Risk Management Solution (AuditBoard) The latest extension to AuditBoard’s modern connected risk platform enables IT risk and security leaders to better manage their threat landscape, quantify risks, and improve cyber resilience.
Uptycs Continues Momentum in Helping Customers Achieve Security Operations Excellence with AWS (GlobeNewswire News Room) Uptycs joins AWS Public Sector Partner Program, plus integrates with AWS Control Tower to accelerate multi-account governance and automate positive...
HAProxy Extends Competitive Advantage in G2 Summer 2023 Grid® Reports (GlobeNewswire News Room) Technology leadership and customer satisfaction drive top rankings in load balancing and security, with solutions available to demo at Black Hat USA...
SeeMetrics Launches Cybersecurity Performance Boards (SeeMetrics) SeeMetrics, the leading Cybersecurity Performance Management (CPM) platform that’s revolutionizing how security leaders measure, track, and improve security performance, today announced the launch of its new Cybersecurity Performance Boards.
SafeGuard Cyber Welcomes Aliant to its Illuminate Partner Program for MSSPs (Business Wire) Client Risk Consulting Managed Service Provider Joins SafeGuard Cyber’s Channel Program to Provide LATAM Customers with Enhanced Compliance-as-a-Service Programs
FortMesa partners with Gradient to enhance value through billing and alert integration (FortMesa) FortMesa Launches a Gradient Integration for Enhanced Billing and Alert Capabilities
Technologies, Techniques, and Standards
Third Party Risk Management Health Industry Recommended Practices (Health3PT) There should be no debate that third parties pose risk to the healthcare industry with the potential to compromise privacy and safety.
CVSS, EPSS, KEV: The New Acronyms - And The Intelligence - You Need For Effective Vulnerability Management (Rezillion) Managing the risk from various types of vulnerabilities is a challenge. The goal of a vulnerability management program is to reduce an organization’s overall risk exposure by enabling the identification, prioritization, and remediation of vulnerabilities.
Research and Development
Illinois Tech Assistant Professor Receives Award for Using Insights from Human Immune System to Strengthen AI (IIT News) Inspired by antigen-generating B cells, Ren Wang aims to make AI systems more robust and address the ‘black box’ problem
Academia
The Education Sector Reports the Highest Rate of Ransomware Attacks, Sophos Survey Finds (GlobeNewswire News Room) While the Sector Reports One of the Highest Rates of Ransom Payments, Doing So Significantly Increased Recovery Costs and Time ...
The State of Ransomware in Education 2023 (Sophos News) The realities of ransomware attacks facing education providers in 2023, including the frequency, root causes of attacks, and data recovery costs.
Education Sector Has Highest Ransomware Victim Count (Infosecurity Magazine) Extortionists know their targets have low tolerance for outages
‘Nobody is immune from it’: After data breaches, local officials take cybersecurity awareness class at USF (WFLA) After data breaches at three different Tampa Bay hospitals and the Hillsborough County Supervisor of Elections, local school and election officials were among the students in cybersecurity classes …
FBI hosts simulated cyber forensics camp for Huntsville students (WHNT) The InfraGard Huntsville Member Alliance will host a Cyber Forensics Camp, which will allow kids a hands-on experience as they investigate a mock situation involving the Malpasset Hydro-Electric Da…
Legislation, Policy, and Regulation
Russia and China use BRICS summit to lament US “hegemony” in cyberspace (Cybernews) The governments of China and Russia have a track record of limiting their citizens’ access to certain information. That’s why their complaints that the US is using the internet for “neo-colonial ambitions” sound especially far-fetched.
TSA updates, renews cybersecurity requirements for pipeline owners, operators (Transportation Security Administration) The Transportation Security Administration (TSA) announced an update to its Security Directive regarding oil and natural gas pipeline cybersecurity.
Memorandum to Covered Pipeline Owners / Operators (Transportation Security Administration) Renewal with revisions to the Security Directive (SD) Pipeline 2021-02 series...
FISMA reform bill moves forward in Senate, while CMMC goes to White House review (Federal News Network) Two big ticket federal cybersecurity initiatives took big steps forward this week, but their ultimate outcomes remain less than certain
Improving the Quality of Cybersecurity Risk Management Disclosures (U.S. Securities and Exchange Commission) Today, the Commission is voting to adopt a rule that will require public companies to enhance and standardize their disclosures on cybersecurity risk management, strategy, and governance, as well as incident reporting. I am pleased to support this rule because it will strengthen the quality, consistency, and timeliness of cybersecurity-related disclosures to investors.
Statement on Cybersecurity Adopting Release (U.S. Securities and Exchange Commission) Congress established the core framework of our rulemaking process in 1946, when the Administrative Procedure Act passed unanimously into law.
SEC proposes AI crackdown for Wall Street firms (Washington Post) The financial regulator will develop rules banning online brokerages such as Robinhood from using AI against their customers’ interests
The SEC has a big, new cyber rule for public companies (Washington Post) The SEC wants publicly traded companies to report major cyber incidents within four days
Apps Like Robinhood Make Trading Fun, but SEC Fears It Is Costing Investors (Wall Street Journal) Regulators want to impose new guardrails on the way retail investment firms use advanced analytics to encourage customers to trade.
US SEC proposes AI rules for money managers (Computing) Proposed rules cover use of analytical, technological and computational functions, correlation matrices, algorithms, models or similar methods or processes
SEC's breach disclosure rule raises concerns about tipping off hackers to flawed systems (CyberScoop) New rules require publicly traded companies to disclose cybersecurity breaches within four days of them being deemed material.
CISA to establish network of regional election advisers for 2024 (Record) The 10 advisers will support election officials working in their respective areas in an effort to “build even stronger connective tissue" between state and local officials and CISA, Director Jen Easterly said.
Head of US cybersecurity agency sees progress on election security, with more work needed for 2024 (New Bern Sun Journal) The head of the nation’s cybersecurity agency says efforts to protect the nation’s election systems have grown exponentially since the 2016 presidential election, but more is needed to defend the
White House’s pick for national cyber director is met with praise, questions (Washington Post) Support and questions arise over Harry Coker getting the national cyber director nod
Litigation, Investigation, and Law Enforcement
Exclusive: Senators want details on China's latest hack of Microsoft email (Newsweek) Latest hack underlines questions about Microsoft's security, as worries grow about the government's increasing reliance on a single software vendor.
Prince Harry's phone hacking claim against Sun publisher thrown out by judge (The Telegraph) Only part of the Duke of Sussex's lawsuit will now go to trial at the High Court, which is due to begin in January next year
Twitter Scammers Stole $1,000 From My Friend—So I Hunted Them Down (WIRED) After scammers duped a friend with a hacked Twitter account and a “deal” on a MacBook, I enlisted the help of a fellow threat researcher to trace the criminals’ offline identities.
Who Is Arion Kurtaj, the Hacker Who Leaked GTA 6? (Sportsmanor) GTA 6 is one of the most awaited game releases of the century, while the game is around the corner a hacker is trying to leak the game.