Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+525: Ukraine's deliberate mineclearing, and Russia's continuing war against grain. (CyberWire) Ukraine's offensive continues to work through Russian obstacles while relying on heavy artillery fire to reduce defending Russian units. Both the FSB and SVR shift offensive cyber tactics.
Ukraine Situation Report: Kyiv Changes Counteroffensive Tactics (The Drive) Ukraine is reverting to wearing down the Russians with artillery instead of plunging into minefields under fire, according to a new report.
Ukrainian Troops Trained by the West Stumble in Battle (New York Times) Ukraine’s army has for now set aside U.S. fighting methods and reverted to tactics it knows best.
The Ukrainian Counteroffensive Is Not an Action Movie (The Atlantic) The summer of drones and trenches drags on, but hopeful signs are emerging.
Ukrainian counteroffensive’s slow going offers reality check but could yet pay off (the Guardian) Hopes of a rapid breakthrough proved over-optimistic in the face of entrenched defences but Russian forces are suffering major damage
Ukraine war: Drones target Odesa grain stores near Romania border (BBC News) A grain silo was damaged and fires broke out in Ukraine's Danube port of Izmail.
Nervous NATO nations are beefing up security due to Wagner fighters across their borders in Belarus (AP News) NATO allies located along the alliance’s eastern front are growing increasingly worried about the presence of Russia-linked Wagner group mercenaries in Belarus.
Putin is using food as a weapon – but his cynical attempts to drum up forced allies will fail | Josep Borrell (the Guardian) By reneging on the Black Sea grain deal, Russia has driven up food prices around the world, says Josep Borrell, the EU’s high representative for foreign affairs and security policy
Vladimir Putin aiming for ‘global catastrophe’, says Volodymyr Zelenskiy (the Guardian) Russian drone attacks hit Ukrainian port, halting loading of ships for food exports and triggering spike in grain prices
How Wars Don’t End (Foreign Affairs) Ukraine, Russia, and the lessons of World War I.
Unraveling Russian Multi-Sector DDoS Attacks Across Spain (Radware) After weeklong campaigns targeting websites in Ukraine, Poland and Lithuania, the pro-Russia patriotic hacktivist group NoName057(16) has put Spain in its crosshairs.
Pro-Russian Hackers Claim Cyberattacks on Italian Banks (MarketWatch) Pro-Russian hackers said they targeted the website of an Italian bank on Wednesday, adding to attacks from Tuesday against at least six other...
Pro-Russian hackers claim attacks on Italian banks (Record) A pro-Russian hacking group has claimed responsibility for cyberattacks on Italian banks, businesses, and government agencies which flooded networks and disrupted services.
Russia-based hackers building new attack infrastructure to stay ahead of public reporting (Record) A Russia-based hacking group implicated in previous attacks on governments is shifting its tactics due to increased public reporting by security researchers and tech giants like Microsoft and Google.
Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures (The Hacker News) BlueCharlie, a Russian adversary associated with Russia's Federal Security Service, has resurfaced with 94 new domains.
Midnight Blizzard conducts targeted social engineering over Microsoft Teams (Microsoft Security) Microsoft Threat Intelligence has identified highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chats by the threat actor that Microsoft tracks as Midnight Blizzard (previously tracked as NOBELIUM).
Russian hacking group targets Microsoft Teams users (Computing) The credential phishing attacks have affected fewer than 40 unique global organisations since late May, according to Microsoft
Microsoft Catches Russian Government Hackers Phishing with Teams Chat App (SecurityWeek) Microsoft says a Russian government-linked hacking group is using its Microsoft Teams chat app to phish for credentials at targets.
New Russian-backed Mac malware found on dark web...by ChatGPT (Neowin) A cybersecurity team found a new Mac malware on the Dark Web forum using ChatGPT prompts. It prices up to $60,000 and can gain full access to a target's machine. Apple didn't immediately respond.
Nearly half of those held in Russia's detention centers in Kherson were tortured, rights report finds (CNN) Nearly half of Ukrainians held in Russian detention centers in Kherson were subjected to widespread torture including sexual violence, according to a report published Wednesday.
Russia ‘systematically’ forcing Ukrainians to accept citizenship, US report finds (the Guardian) Ukrainians in occupied territories who refuse Russian passports face threats, intimidation and possible detention or deportation, Yale study says
Baltic nations agree to disconnect from Russian power grid (The Kyiv Independent) The operators of the electricity systems of Lithuania, Latvia, and Estonia signed an agreement on Aug. 2 to disconnect from the Russian power system and synchronously connect to the European grid, the Lithuanian Energy Ministry announced.
Attacks, Threats, and Vulnerabilities
U.S. and International Cybersecurity Partners Warn Organizations of Routinely Exploited Vulnerabilities (Cybersecurity and Infrastructure Security Agency) Joint advisory urges organizations to implement secure by design practices and prioritize patching known exploited vulnerabilities to reduce risk of compromise
EXCLUSIVE: Hacking tool Flipper Zero is being tracked by intelligence agencies, who fear white nationalists may deploy it against power grid (The Daily Dot) The NYPS is keeping tabs on the Flipper Zero hacking tool and has expressed concern over its potential use by extremists.
New hVNC macOS Malware Advertised on Hacker Forum (SecurityWeek) A new macOS-targeting hVNC malware family is being advertised on a prominent Russian cybercrime forum for $60,000.
The Massive macOS Threats Trending in the Dark Web. (Guardz.com) The recent reveal of ShadowVault malware in our blog post decidedly piqued the interest of the cybersecurity news community. Keeping up-to-date with the
CryptoRom Scammers Add AI Chat Tool, Like ChatGPT, and Fake Hacks on Crypto Accounts to Their Toolset, Sophos Finds (Sophos) Scammers Also Snuck 7 New Fake Apps Into the Apple and Google Play Stores
No Honour Amongst Thieves: A New OpenBullet Malware Campaign (Kasada) An investigation into a new OpenBullet malware campaign used to exploit trusted criminal networks.
Over 640 Citrix servers backdoored with web shells in ongoing attacks (BleepingComputer) Hundreds of Citrix Netscaler ADC and Gateway servers have already been breached and backdoored in a series of attacks targeting a critical remote code execution (RCE) vulnerability tracked as CVE-2023-3519.
Hackers already installed web shells on 581 Citrix servers in CVE-2023-3519 attacks (Security Affairs) Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Security researchers from the non-profit organization Shadowserver Foundation reported that hundreds of Citrix Netscaler ADC and Gateway servers have already been compromised as part of an ongoing campaign exploiting the critical remote code execution (RCE) vulnerability CVE-2023-3519. […]
NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts (Unit 42) The infostealer NodeStealer was observed in a phishing campaign targeting Facebook business pages. We analyze the two variants delivered and their capabilities.
New variants found of malware that targets Facebook business accounts (Record) NodeStealer has two new versions intended to breach Facebook business accounts and some cryptocurrency wallets, according to Unit 42. Researchers suspect the hackers are based in Vietnam.
Retail chain Hot Topic discloses wave of credential-stuffing attacks (BleepingComputer) American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in exposing sensitive information to hackers.
“PhishForce” — Vulnerability Uncovered in Salesforce’s Email Services Exploited for Phishing… (Medium) Guardio’s Email Protection has detected a sophisticated email phishing campaign exploiting a 0-day vulnerability in Salesforce’s legitimate email services and SMTP servers.
Guardio Uncovers Zero-Day Vulnerability in Salesforce's Email Services (Dark Reading) Guardio, a cybersecurity company leveraging cutting-edge machine learning and proprietary algorithms to deliver top-tier security solutions for both consumers and SMBs, is releasing today a report detailing their research team’s discovery of a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers.
Hackers exploited Salesforce zero-day in Facebook phishing attack (BleepingComputer) Hackers exploited a zero-day vulnerability in Salesforce's email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable Facebook accounts.
Hackers exploit Salesforce email zero-day for Facebook phishing campaign (Computing) Guardio Labs researchers have uncovered a sophisticated phishing campaign that took advantage of a zero-day in Salesforce email services and SMTP servers, enabling malicious actors to specifically target Facebook users.
Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign (The Hacker News) Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
Attempted Cyber Attack on NSF’s NOIRLab (NOIRLab) Astronomical observations at the International Gemini Observatory suspended
Marine industry giant Brunswick Corporation lost $85 million in cyberattack, CEO confirms (Record) A cybersecurity incident will cost the Brunswick Corporation as much as $85 million, the company’s CEO told investors.
Russia-linked cybercriminals target school for children with learning difficulties (Record) The LockBit ransomware group, potentially the world’s most prolific cybercrime organization, is attempting to extort a school for children with special educational needs.
CMS: MOVEit-related Maximus breach impacts up to 612K Medicare recipients (SC Media) Up to 612,000 Medicare beneficiaries were noted by the Centers for Medicare and Medicaid Services to potentially have had their data compromised following the hack of federal contractor Maximus involving the widespread exploitation of a vulnerability in the MOVEit Transfer file transfer app, according to FedScoop.
The Chattanooga Heart Institute Notice of Data Security Incident (Chattanooga Heart Institute) The Chattanooga Heart Institute takes the protection and proper use of Protected Health Information (“PHI”) very seriously. This notice explains a recent data security incident involving some PHI, our response to the incident, and steps individuals can take to protect personal information.
DeFi Lenders Seek to Minimize Contagion From Curve Founder's Debt After Hack (Bloomberg) A drop in CRV’s price exposed liquidation risks on DeFi loans. DeFi lenders are proposing to freeze certain lending markets.
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Updates for Firefox and Firefox ESR (Cybersecurity and Infrastructure Security Agency CISA) Mozilla has released security updates to address vulnerabilities for Firefox 116, Firefox ESR 115.1, and Firefox ESR 102.14. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Firefox fixes a flurry of flaws in the first of two releases this month (Naked Security) No zero-days, but some interesting patches with their very own “teachable moments”.
Ivanti Patches Second Zero Day in Mobile Management Software (Decipher) The actively exploited flaw in Ivanti Endpoint Manager Mobile can be used in conjunction with another zero day addressed last week.
Trends
Threat Spotlight: Reported ransomware attacks double as AI tactics take hold (Barracuda) In 2023, artificial intelligence and generative AI have dominated headlines, and their impact is starting to make its mark on ransomware attacks ― for example with AI-enhanced phishing attacks to gain access to target networks and AI-powered automation for greater reach.
Scam Victims Still Face Alarming 72.5% Unrecovered Losses, Reaching $483.5M (Bankless Times) Investors lost $667M to crypto scans in H1'23. Shockingly, the low recovery rate leaves $483.5M potentially gone forever.
Since 2018, ransomware attacks on the manufacturing industry cost the world economy $46bn in downtime alone (Comparitech) From 2018 to July 2023, 478 manufacturing companies suffered a confirmed ransomware attack, losing an estimated $46.2 billion in downtime alone. When a manufacturing company is hit with a ransomware attack, it can significantly impact its production lines, meaning customer orders cannot be fulfilled and day-to-day operations come to a standstill. To look at how […]
SynSaber and ICS Advisory Project Identify Vulnerability Trends Within The Critical Infrastructure Sector (PR Newswire) SynSaber, an industrial asset and network monitoring company dedicated to protecting OT and IT systems and defending critical infrastructure,...
CSA: Cloud trends survey report (Expel) This survey report from CSA sheds light on the latest trends in cloud security including the role security plays in enabling innovation.
CRITICALSTART® Research Reveals 66% of Cybersecurity Leaders Lack a High Degree of Confidence in the Effectiveness of Their Current Cyber Risk Mitigation Strategies (PR Newswire) Today, Critical Start, a leading provider of Managed Detection and Response (MDR) cybersecurity solutions, unveiled its 2023 Cyber Risk...
Keeper Security Survey Finds 91% of IT leaders Are Better Protected With Privileged Access Management, but Seek Affordable Solutions Amid Economic Downturn (PR Newswire) Keeper Security, the leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets,...
Marketplace
Silk Security raises $12.5 million in Seed with backing from Shlomo Kramer and Mickey Boodaei (CTech) The startup’s platform enables security and operations stakeholders to collaboratively align finding risk with fixing risk - enhancing enterprise security and compliance posture, and centralizing visibility into risk resolution status
HackerOne lays off 12% workforce as 'one-time event' (TechCrunch) The bug bounty and pen-testing platform is laying off staff as the global economic slowdown continues to impact tech startups.
Hotel Engine adds Patrick Morley, former CEO of Carbon Black, to Board of Directors (GlobeNewswire News Room) Hotel Engine, the leading trip management platform, today announced the appointment of Patrick...
Former U.S. Department of Defense Official Mike Madsen Joins Strider Technologies as Vice President of National Security Solutions - Strider Intel (Strider) Strider today announced that former Defense Innovation Unit (DIU) Deputy Director Mike Madsen is joining the company as Vice President of National Security Solutions. Most recently, Madsen served as acting Director of the Defense Innovation Unit within the U.S. Department of Defense (DoD). He spent the previous four years as Deputy Director from 2018-2022.
Resecurity Appoints Maj Gen Richard Lake USMC (Ret) as a Senior Advisor (PR Newswire) Resecurity Appoints Maj Gen Richard Lake USMC (Ret) as a Senior Advisor
authID Announces Ed Sellitto as Incoming Chief Financial Officer (GlobeNewswire News Room) Experienced Corporate Finance and Revenue Optimization Executive to Join authID ...
QuSecure Expands its Board of Directors with Cisco Distinguished Engineer (Business Wire) QuSecure™, Inc., a leader in post-quantum cryptography (PQC), today announced it has named Cisco Distinguished Architect Craig Hill as an independent director to its Board of Directors.
Products, Services, and Solutions
Guardsquare’s Award-Winning Mobile Application Security Testing is Now Available for iOS (Guardsquare) Guardsquare, the mobile application security provider, today announced that the company’s award-winning Mobile Application Security Testing (MAST) product, AppSweep, is now available for iOS. Built for developers and mobile application-specific, AppSweep allows users to scan Android and iOS apps to identify security risks.
Coveo Wins 2023 Cyber Security Award for Most Innovative Digital Experience Cloud-Native AI Platform (GlobeNewswire News Room) Award reinforces Coveo’s leadership in enterprise-grade security and privacy amidst global generative AI security concerns...
Drata Selected as KnowBe4's Exclusive GRC Partner and Preferred Compliance Automation Platform for KnowBe4 customers (PR Newswire) Drata, a continuous security and compliance automation platform, today announced it has been selected by KnowBe4 as the company's exclusive GRC...
PrivacyHawk Launches the Privacy Score, the First Free, Fast and Easy Way for Individuals to Learn Their Privacy and Personal Data Risk Like a Credit Score (Business Wire) The Privacy Score uniquely enables users to immediately understand their privacy and data risk and monitor progress in securing personal data based on their digital footprint
Cigent® to Power Lenovo ThinkShield Data Defense Providing Enhanced Da (PRWeb) Cigent is collaborating with Lenovo to offer Lenovo ThinkShield Data Defense™, software that runs on Lenovo commercial PCs providing the latest in advance
Zimperium Supercharges its Mobile-First Security Platform with No-code Application Shielding (PR Newswire) Continuing its commitment to protecting all mobile endpoints and mobile apps from a single platform, Zimperium today announced the expansion of...
Contrast Security Eliminates Vulnerabilities and Prevents Exploits with Runtime Security for Applications and APIs at Black Hat 2023 (Contrast Security) Contrast further differentiates from traditional AppSec tools with new security observability capability that improves security visibility of an organization’s most critical applications and APIs.
Lineaje Unveils Generative AI Solution to Advance Software Supply Chain Management (Business Wire) BOMbots, powered by Lineaje AI, remediate common pain points in the software supply chain, leading to reduced costs and increased productivity
The first risk-ranking solution to meet OWASP standards for API security (Wib) Wib announce launch of its a high-definition API risk management module that enables organizations to manage API risks with greater certainty
SafeBreach and Recorded Future: Operationalizing Threat Intelligence with Breach and Attack Simulation (Security Boulevard) Combining threat intelligence with breach and attack simulation provides the context needed to identify and remediate threats quickly. The post SafeBreach and Recorded Future: Operationalizing Threat Intelligence with Breach and Attack Simulation appeared first on SafeBreach.
Menlo Security™ Redefines Browser Security with Industry-First AI-Powered Phishing and Ransomware Protection (Business Wire) HEAT Shield and HEAT Visibility, powered by Menlo Security’s Isolation Core™, prevent attacks from infiltrating enterprise networks and provide rich, actionable intelligence to mitigate highly evasive threats
Dell Technologies Expands AI Offerings to Accelerate Secure Generative AI Initiatives (PR Newswire) News summary Dell Generative AI Solutions include a new suite of Dell products and services, in collaboration with NVIDIA, to help businesses...
VMware Carbon Black Launches Threat Detection and Response for Modern Applications (VMware News and Stories) New Cloud Native Detection and Response capabilities provide security teams with real‑time, unified visibility and context into containers and Kubernetes environments
LogicMonitor Partners With Carahsoft to Deliver Digital Transformation Solutions to the Public Sector (Business Wire) Powerful Digital Transformation Solutions Now Available on Carahsoft’s NCPA and OMNIA Partners Contracts
Aware Transforms Experience Management with the Industry's Most Accurate Spanish Language NLP Models (PR Newswire) Aware, the AI Data Platform delivering contextual intelligence to power Experience Management, today announced the release of new Spanish...
CISO Global Bolsters Its Security Management Platform Argo To Improve Real-Time Security Decision Making for Enterprises (CISO Global) CISO Global (NASDAQ: CISO), an industry leader as a managed cybersecurity and compliance provider, has strengthened its security management platform Argo to increase the effectiveness of security teams who now can access real-time data across tool sets to make better informed decisions. The platform is able to aggregate data […]
CardinalOps Recognized in 2023 Gartner® Hype Cycle™ Report for Security Operations and in 2023 Gartner Hype Cycle Report for Workload and Network Security (PR Newswire) CardinalOps, the detection posture management company, announced today that it was mentioned as a Sample Vendor in the Gartner Hype Cycle for...
Vaultree Announces New Integration with Tableau (Business Wire) Vaultree accelerates industry leadership with breakthrough in end-to-end encrypted data analytics and secure business intelligence
Fortinet Expands Its Secure Networking Portfolio to Further Drive the Convergence of Networking and Security (Fortinet) Introducing new FortiGate 90G, accelerated by SP5 ASIC and FortiGuard AI-Powered Security Services
Fortinet Announces New SD-WAN Services to Further Simplify Operations and Enhance Digital Experience (Fortinet) New Underlay and Overlay Services make SD-WAN deployments more seamless than ever before, even for resource-constrained organizations
TrustCloud Launches TrustHQ for Slack, to enable Slack-first Trust Workflows for GRC and Sales teams (TrustCloud) TrustHQ™ turns Slack into the central hub for employees, GRC and sales teams to prioritize, track and complete critical internal and customer-facing
Radiant Logic Recognized as a Representative Vendor in 2023 Gartner® Market Guide for Identity Governance and Administration (Business Wire) Radiant Logic’s Inclusion in Gartner Market Guide for IGA Hot Off the Heels of Brainwave GRC Acquisition
Veritas Technologies Partners with the Joint Cyber Defense Collaborative to Strengthen National and International Cyber Resiliency (Veritas) Veritas will provide critical expertise into protecting data from threats such as ransomware
Telos Corporation’s Xacta Platform Prioritized by FedRAMP JAB to Pursue FedRAMP High (GlobeNewswire News Room) Telos Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions...
Certiverse and Akylade Join Forces to Launch Next Generation of Cybersecurity Certifications (GlobeNewswire News Room) Certiverse, the award-winning, all-in-one exam development and delivery platform, is excited to announce its...
AttackIQ Launches New Products that Democratize Testing for Everyone (AttackIQ) Company’s diverse product suite empowers organizations of all sizes to unlock the power of automated testing.
Keyfactor Joins the National Cybersecurity Center of Excellence’s Migration to Post-Quantum Cryptography Building Block Consortium (Business Wire) Company to lend depth of post-quantum cryptography experience to facilitate awareness and action in protecting modern public-key cryptographic systems
ID.me and Sterling Extend Exclusive Partnership through 2028, Continuing Their Focus on Expanding Identity Verification Solutions (ID.me Network) ID.me, the market leading digital identity and credentials network, and Sterling Check Corp. (NASDAQ: STER) (“Sterling”), the largest provider of identity and background services, today announced an extension to their exclusive agreement through July 2028. The agreement was initially established in January 2021. This […]
Sophos Named Customers’ Choice for Managed Detection and Response (MDR) in the Inaugural Gartner® Voice of the Customer Peer Insights™ Report (Yahoo Finance) More Than 250 Customers Rated Sophos MDR, Making Sophos the Most Reviewed Vendor in the Report
Coalfire Unveils Groundbreaking Offensive Security Platform Hexeon™ (PR Newswire) Cybersecurity pioneer Coalfire announced today the launch of Hexeon, a comprehensive offensive security SaaS solution designed to continuously...
Dasera Releases Mesa Verde, its All-Terrain, AI-Powered Data Security & Governance Platform to Connect Anything, Anywhere (Business Wire) Comprehensive AI-Driven Data Security Solution Offers Seamless Integration and Robust Protection Across All Digital Landscapes
Eclypsium Collaborates with Lenovo on Digital Supply Chain Assurance (Eclypsium) Portland, OR – August 3, 2023 – Eclypsium®, the supply chain security company protecting critical hardware, firmware, and software, today announced its collaboration with Lenovo to support ThinkShield, the global technology company’s portfolio of cybersecurity solutions. The new offering, ThinkShield Firmware Defense, provides customers with scalable zero trust for every device, continuous monitoring, vulnerability and […]
Technologies, Techniques, and Standards
NSA Releases Guide to Harden Cisco Next Generation Firewalls (National Security Agency/Central Security Service) The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR) “Cisco Firepower Hardening Guide,” to assist network and system administrators with configuring these next
Cisco Firepower Hardening Guide (US National Security Agency) The Cisco Firepower device, now known as Cisco Secure Firewall [1], is a Next-Generation Firewall (NGFW) that blocks updated threats, malware, and application layer exploitation techniques. This cybersecurity technical report (CTR) is a guide of best practices for network and system administrators who are using Cisco Firepower Threat Defense (FTD). This report provides configurations that will assist network and system administrators in tailoring and inspecting network traffic, as well as hardening the device along with its provided default policies and rulesets.
How America Can Protect Elections from Hackers and Conspiracy Theories (The Messenger) Kim Wyman helped the federal government defend voting from cyber threats. As she heads to the private sector, she explains what worries her about 2024.
ARCYBER Needs Computer Architectures for Contested Environments (AFCEA International) Provable architectures beneficial for zero trust so far lack maturity.
New Survey Reveals Majority of Organizations Still Using Phishable Multifactor Methods for Customer Authentication (Benzinga) Nok Nok and Enterprise Strategy Group today released the findings of a comprehensive survey on the state of passwords.
Research and Development
Hopr.co Granted Second Patent for Secure Communications Technology (Business Wire) Company granted patent on first office action from the USPTO, validating Hopr’s continued commitment to innovation and technological advancements in cybersecurity
Legislation, Policy, and Regulation
China to Curb Kids’ Mobile Use in Blow to Tencent, ByteDance (Bloomberg) Aims to prevent kids from spending too much time on phones. Beijing has pursued campaigns to alleviate burden on minors.
Cybersecurity in International Trade Agreements (CR2) What cybersecurity elements have been incorporated? How have agreements developed over time to address cybersecurity risks?
Crypto Regulatory Affairs: Stablecoins Act Passed in US House of Representatives | Elliptic (Elliptic Connect) The major bill provides a regulatory framework for asset-backed stablecoins issued by US entities, while prioritizing technological innovation along with consumer protection. Read more.
Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (US Securities and Exchange Commission) The Securities and Exchange Commission (“Commission”) is adopting new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934.
Biden’s Cybersecurity Executive Order fuels seismic changes in software development practices, Sonatype research reveals (GlobeNewswire News Room) 92% of large enterprises now maintain an SBOM or plan to implement in the next year, as Log4j and threat landscape prompt evolution in cybersecurity...
Litigation, Investigation, and Law Enforcement
US House panel opens probe into suspected Chinese hacking of Commerce, State emails (Reuters) The U.S. House of Representatives Oversight Committee said on Wednesday it is opening an investigation into China's suspected involvement in recent breaches of Commerce and State department email systems.
Congressional scrutiny of Microsoft hack picks up steam (Washington Post) Alleged Chinese hack is drawing attention from the Hill
Microsoft…The Truth Is Even Worse Than You Think (Amit Yoran, via LinkedIn) Last week, Senator Ron Wyden sent a letter to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice and the Federal Trade Commission (FTC) asking that they hold Microsoft accountable for a repeated pattern of negligent cybersecurity practices, which has enabled Chinese espionage against the United States government. According to data from Google Project Zero, Microsoft products have accounted for an aggregate 42.5% of all zero days discovered since 2014.
SEC Tells Some Wall Street Brokers to Clean Up Their Anti-Money-Laundering Controls (Wall Street Journal) The regulator issued a risk alert citing flaws in certain broker-dealers’ efforts to combat the flow of dirty money.
Feds investigating Air Force contractor for network breach, theft (Military Times) The employee at Arnold Air Force Base allegedly stole nearly $90,000 in military and state government radio equipment software, federal investigators say.
Kenya suspends Worldcoin's crypto project over safety concerns (Reuters) Kenya's interior ministry said on Wednesday that it had suspended the local activities of cryptocurrency project Worldcoin while government agencies assess potential risks to public safety.
I Looked Into Sam Altman’s Orb and All I Got Was This Lousy Crypto (WIRED) Tools for Humanity has an iris-scanning Orb that decides whether you're human or a robot—and then gives you crypto. But is Worldcoin worth the price?
Utah law requiring age verification for porn sites remains in effect after judge tosses lawsuit (AP News) A Utah law requiring adult websites to verify the age of their users will remain in effect after a federal judge dismissed a lawsuit challenging its constitutionality.
U.S. prosecutors worry Binance charges could cause run on exchange | Semafor (Semafor) The fate of customers after FTX went bankrupt is weighing on the Justice Department, which is considering an indictment against Binance.
Fired for Offensive Facebook Remarks, Court Officers Sue Former Bosses, Challenging 'Zero-Tolerance' Policy (New York Law Journal) The two fired officers posted content that their former bosses viewed as racist and misogynist, and that was anti-tolerant of gay and transgender people and same-sex marriages.
