Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+532: A kinetic war of attrition, a cyber war for influence. (CyberWire) Lessons from Ukraine's response to Russia's hybrid war: cultivating resilience, assessing cyber phases of the war, and investigating potential cyber war crimes.
Russia-Ukraine war: List of key events, day 533 (Al Jazeera) These are the main developments as the Russian invasion of Ukraine enters its 533rd day.
Russia-Ukraine war at a glance: what we know on day 533 of the invasion (the Guardian) Russia says it downed 11 Ukrainian drones near Crimea overnight; fuel depot in Ukraine’s western Rivne region struck by Russia
Back in the Trenches (Foreign Affairs) New technology hasn’t revolutionized warfare in Ukraine.
Russia Destroys Drones Near Moscow, as Attacks Far From the Front Line Intensify (New York Times) It was the 12th time in the past three weeks that Russian officials had reported intercepting such aerial attacks in the heart of the capital.
Ukraine captures Russian prisoners in daring special forces river raid (The Telegraph) Troops reportedly crossed the Dnipro river under cover of darkness after Moscow withdrew experienced fighters from the area
Ukrainian forces cross Dnipro River in bid to breach southern frontline (the Guardian) Up to seven boats landed east of Kherson city and broke through defensive lines, say Russian military bloggers
Ukraine-Russia war: Moscow builds up forces in West against 'anti-Russian' Poland (The Telegraph) Russia is building up its forces at its western border after claiming Poland had become the “main instrument of the United States’ anti-Russian policy”.
Poland plans to send up to 10,000 soldiers to border with Belarus (Reuters) Poland is planning to move up to 10,000 additional troops to the border with Belarus to support the Border Guard, Defense Minister Mariusz Blaszczak said on Thursday.
Latvia Boosts Border Security With Belarus As Tensions Grow (RadioFreeEurope/RadioLiberty) Latvia has been beefing up its security measures along the Belarusian border since the arrival of the Wagner mercenary group fighters. Riga has also accused Minsk of helping migrants enter Latvia illegally.
Satellite images reveal Russia is running out of tanks (The Telegraph) More than a third of the Soviet-era vehicles held at its largest known military storage facility have gone since the start of the invasion
Opinion Putin chokes on the Ukrainian ‘porcupine’ (Washington Post) As the Ukrainian military grinds forward in a costly summer offensive that hasn’t yet produced a breakthrough, there’s a palpable frustration in Kyiv and in Washington. Maybe it’s a useful moment to recall one of Ukraine’s hidden strengths. Biden administration officials called it the “porcupine strategy.”
Turning food into a weapon: how Russia resorted to one of the oldest forms of warfare (the Guardian) With Russia blockading Ukraine’s eastern ports, an alternative route to the west is possible but faces serious problems
Serhii Plokhy interview: ‘Putin wants control of Ukraine – but he is prepared to go for plan B’ (Telegraph) The celebrated historian and professor of Ukrainian history has studied the parallels between the 1930s and the years leading up to 2022
Deal struck to get Leopard tanks to Ukraine from private Belgian broker (Washington Post) Dozens of Leopard 1 tanks could be overhauled and sent to Ukraine after an unidentified buyer purchased the German-made fighting vehicles from a private Belgian dealer.
Prominent U.S. Senator Calls On Kyrgyzstan To Uphold International Sanctions Against Russia (RadioFreeEurope/RadioLiberty) U.S. Senator Bob Menendez (Democrat-New Jersey) has called on Kyrgyzstan to uphold international sanctions against Russia for its unprovoked war against Ukraine and urged the Central Asian country to stop its violations of human rights.
U.S. Expands Sanctions Targeting Belarusian State Entities On Anniversary Of 'Fraudulent' Election (RadioFreeEurope/RadioLiberty) The United States issued new sanctions against several Belarusian entities and individuals on August 9, the third anniversary of the 2020 presidential election that kept authoritarian ruler Alyaksandr Lukashenka in power.
MoustachedBouncer: Espionage against foreign diplomats in Belarus (We Live Security) A group titled MoustachedBouncer committing espionage against foreign embassies in Belarus has been identified by ESET Research.
Belarus hackers target foreign diplomats with help of local ISPs, researchers say (TechCrunch) A hacking group with links to Belarus may targeted diplomats in the country with the likely help of telecom providers.
Russians blamed for shock cyber attack hitting millions of UK voters (The Independent) Moscow-linked hackers ‘top of the suspects list by a mile’, says ex-MI6 boss
Russia Tipped As Prime Suspect Over Huge Cyber Attack On UK Electoral Commission (Forbes) Russia is believed to be behind a cyber attack on the UK's Electoral Commission which saw the data of 40 million voters exposed for two years.
Hacked UK voter data could be used to target disinformation, warn experts (the Guardian) Data from Electoral Commission breach could allow rogue actors to create AI-generated messages in effort to manipulate elections
Pro-Russian hackers claim attacks on French, Dutch websites (Record) A pro-Russian hacking group NoName057(16) claimed responsibility for cyberattacks on government and public services websites in France and the Netherlands.
The Power of Resilience (Cybersecurity and Infrastructure Security Agency CISA) We must prepare now for future attacks that we know may be coming. The question is: Will we be ready?
Victor Zhora on cataloging cyberwar crime evidence against Russian hackers targeting Ukraine (CyberScoop) The Ukrainian cybersecurity official discusses charging Russian operatives with war crimes for digital assaults on civilians.
Zhora: Russia's cyber 'war crimes' will outlast invasion (Register) International laws needed 'to bring accountability' govt chief tells The Reg
Regulators fear Russia could access Yandex taxi data from Europe, Central Asia (Record) News that the Russian security service could potentially get access to data from the Yandex taxi service has raised alarms among users and regulators in Europe and Central Asia.
Corporate Data Transfers to Russia Likely Violate EU Privacy Rules, Regulator Warns (Wall Street Journal) Finnish and Norwegian privacy regulators ordered ride-hailing service Yango to stop sending data to Russia, setting the ground for other companies to potentially face similar scrutiny.
Leaked Yandex Code Breaks Open the Creepy Black Box of Online Advertising (WIRED) As the international tech giant moves toward Russian ownership, the leak raises concerns about the volume of data it has on its users.
U.S. Broadens Sanctions Against Belarus (Wall Street Journal) The U.S. Treasury targeted the country’s flagship airline, three other companies and a government office involved in suppressing a major news site.
Putin profits off global reliance on Russian nuclear fuel (AP News) The U.S. and its European allies are importing vast amounts of nuclear compounds and products from Russia, providing Moscow with hundreds of millions of dollars in badly needed revenue as it wages war on Ukraine.
Attacks, Threats, and Vulnerabilities
Xurum: New Magento Campaign Discovered (Akamai) Akamai researchers have discovered an ongoing server-side template injection (CVE-2022-24086) campaign that is exploiting digital commerce websites. This campaign targets Magento 2 shops, and we have dubbed it Xurum in reference to the domain name of the attacker’s command and control (C2) server.
Mac systems turned into proxy exit nodes by AdLoad (ATT Cybersecurity) AdLoad malware is still infecting Mac systems years after its first appearance in 2017. AdLoad, a package bundler, has been observed delivering a wide range of payloads throughout its existence. During AT&T Alien Labs’ investigation of its most recent payload, it was discovered that the most common component dropped by AdLoad during the past year has been a proxy application turning MacOS AdLoad victims into a giant, residential proxy botnet.
Popular NuGet Package “Moq” Silently Exfiltrates User Data to Cloud Service (Medium) The highly popular NuGet package Moq with total downloads of 475M+, released on August 8th new versions 4.20.0 and 4.20.1with a new…
Popular open source project Moq criticized for quietly collecting data (BleepingComputer) Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Moq's 4.20.0 release from this week included another project, SponsorLink, which caused an uproar among open source software consumers, who likened the move to a breach of trust.
Fireblocks Researchers Uncover Vulnerabilities Impacting Dozens of Major Wallet Providers (Fireblocks) The findings revealed major differences among MPC wallet providers, with industry leaders Coinbase WaaS and Zengo coming out on top.
New BitForge cryptocurrency wallet flaws lets hackers steal crypto (BleepingComputer) Multiple zero-day vulnerabilities named 'BitForge' in the implementation of widely used cryptographic protocols like GG-18, GG-20, and Lindell 17 affected popular cryptocurrency wallet providers, including Coinbase, ZenGo, Binance, and many more.
This AI Company Releases Deepfakes Into the Wild. Can It Control Them? (WIRED) UK unicorn Synthesia offers clients a menu of digital avatars, from suited execs to Santa Claus. But it has struggled to stop them being used to spread misinformation.
Zoom is entangled in an AI privacy mess (ZDNET) The popular video conferencing platform's recent privacy and AI policy changes have exploded in the company's face. Here's what to know.
OX Security research: When an organization is at risk for dependency confusion attacks, 73% of its assets are vulnerable (PR Newswire) New research from OX Security has found that almost all applications with more than 1B users are currently using dependencies which are...
Why Shellshock Remains a Cybersecurity Threat After 9 Years (Dark Reading) Nearly a decade after it was disclosed, the Shellshock vulnerability still plagues organizations. Learn how to protect yourself.
“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping (The Citizen Lab) In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Intel 'Downfall' bug exposes keys, passwords and other confidential data (Computing) A security flaw affecting a range of Intel processors could enable malicious actors to steal encryption keys, passwords and private data, a senior researcher at Google has warned.
Michigan State University Announces Third Party Data Breach That Could Affect MSU Community (Michigan Department of Attorney General) Michigan State University Announces Third Party Data Breach That Could Affect MSU Community
Michigan State University data breach linked to global ransomware attack (Lansing State Journal) Michigan State University previously disclosed the breach in a notice to students and others.
Neo-Nazis Blackmail Power Grid in Bid to Free Bumbling Robbery Suspects (The Daily Beast) “Release our men,” the threat said. “Failure to do so will result in more attacks on infrastructure.”
EXCLUSIVE: 'Release our men': Far-right used power grid threats to try and blackmail government into freeing neo-Nazi bank robbery suspects (The Daily Dot) A suspected white supremacist threatened to attack the power grid unless two men with far-right ties were released from custody.
Israeli hospital redirects new patients following ransomware attack (Record) An Israeli hospital near the city of Tel Aviv was hacked on Tuesday by a group of unknown cybercriminals, prompting it to stop admitting new patients and redirecting people to nearby hospitals.
LockBit Ransomware Group Threatens to Publish Stolen Cancer Patient Data (HIPAA Journal) The LockBit ransomware group has added Varian Medical Systems to its data leak site and has threatened to publish the data of cancer patients if the ransom is not paid.
LockBit threatens to leak cancer patient medical data (Tech Monitor) The ransomware gang has allegedly hacked Varian Medical Systems, a specialist provider of software for oncology departments.
US Hospitals Under Increasing Threat of Ransomware (Check Point Blog) According to Check Point Research (CPR): on average, 1 in 29 healthcare organizations in the United States were impacted by ransomware over the
'A five-alarm fire': Public schools have become a prime target of ransomware gangs that traumatize students by dumping their private records online (Fortune) At least 48 districts have been hit by ransomware attacks this year — already three more than in all of 2022, according to the cybersecurity firm Emsisoft.
Hackers Rig Casino Card-Shuffling Machines for ‘Full Control’ Cheating (WIRED) Security researchers accessed an internal camera inside the Deckmate 2 shuffler to learn the exact deck order—and the hand of every player at a poker table.
Bank OZK Announces Third-Party Data Breach Stemming from Vendor’s Use of MOVEit (JD Supra) On August 7, 2023, Bank OZK filed a notice of data breach with the Attorney General of Massachusetts after discovering that one of the company’s...
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38180 Microsoft .NET Core and Visual Studio Denial of Service Vulnerability
Security Patches, Mitigations, and Software Updates
Intel Responds to 'Downfall' Attack with Firmware Updates, Urges Mitigation (HackRead) New Intel Processor Vulnerability “Downfall” Discovered: Threats to Data Security Amplify
ICS Patch Tuesday: Siemens Fixes 7 Vulnerabilities in Ruggedcom Products (SecurityWeek) ICS Patch Tuesday: Siemens releases a dozen advisories covering over 30 vulnerabilities, but Schneider Electric only published one advisory.
Trends
3 in 5 travel-themed spam emails are scams, Bitdefender Antispam Lab warns (Bitdefender) 2023 began with consumers showing strong demand for travel despite economic headwinds that may strain vacation budgets this year.
Panasonic Warns That IoT Malware Attack Cycles Are Accelerating (WIRED) The legacy electronics manufacturer is creating IoT honeypots with its products to catch real-world threats and patch vulnerabilities in-house.
Data exfiltration is now the go-to cyber extortion strategy (Help Net Security) Ransomware groups increasingly target the exfiltration of files, which has become the primary source of extortion, according to Akamai.
Marketplace
Kivera Enters US Market with $3.5M Seed Funding (Business Wire) Company’s novel preventative Cloud Security Protection Platform (CSPP) to mitigate cloud misconfiguration risks
Rootly Raises $12M to Help Enterprise IT Teams Resolve Incidents 80 Percent Faster (StreetInsider.com) Founded by early Instacart employees, Rootly helps IT teams make incident response their superpower; deal signed the day after the collapse of SVB
Falls Church cyber company HushMesh just raised $5.2M to develop 'the Mesh' (Technical.ly) The NoVa startup is developing a new strategy for automated encryption key management to help create a more secure web environment.
Norwegian cyber security startup raises €3.25M to help companies counter new AI security threats (Arctic Startup) Oslo-based startup Pistachio, formerly known as CYBR, has clinched a substantial €3.25 million in funding led by Signals Venture Capital.
CISOExecNet partners with Squadra to accelerate US expansion (Medium) CISOExecNet, a peer-to-peer organization for information security professionals, announced a strategic partnership with Squadra Ventures, a venture capital firm that invests in early-stage cyber and national security companies.
Okta enters Indian market, says will create hundreds of cloud and cybersecurity jobs (The New Indian Express) A recent report by Avendus Capital says that India is expected to increase its cybersecurity spending by 18% between 2020 and 2025.
Okta Enters the Indian Market with New Offices and Innovation Center, Expanding Asia Pacific Investment (CIO News) Bengaluru, India, August 9, 2023 Okta, the leading independent identity provider, today announced the opening of a new office in India as part of its ongoing
UK cybersecurity giant NCC Group is making more layoffs (TechCrunch) The cybersecurity giant is making further layoffs, months after it cut its workforce by 7%.
Rapid7 to cut 18% of workforce, shutter certain offices (Cybernews) The cybersecurity firm had been the subject of speculation about pursuing a possible sale.
Rapid7 to lay off 18% of its workforce (Computing) Despite double-digit growth in its most recent fiscal quarter, security vendor Rapid7 will lay off about 18% of its workforce – about 470 employees, with significant cuts to sales and engineering – as well as permanently close some office locations and invest in managed service providers (MSPs).
Harrogate smart energy tech firm Chameleon Technology opens new offices (Yahoo News) Harrogate-based smart energy technology business Chameleon Technology has opened its new offices in a bid to advance its capabilities for the development, production and innovation of smart meter technology.
Versa Networks Recognized as a Sample Vendor for Universal ZTNA in Gartner® Hype Cycle™ Report (Versa Networks) By 2026, 10% of large enterprises will have a comprehensive, mature and measurable zero trust program in place, up from less than 1% in 2023, as predicted by Gartner®.
Why cybersecurity is a blue-collar job (Help Net Security) To expand the talent pool, the cybersecurity industry should explore unconventional avenues to identify skilled individuals they can hire.
Edgio Strengthens Global SOC and Security Leadership with Addition of Veteran Security Expert, Tom Gorup (Business Wire) Appointment Reinforces Edgio’s Commitment and Investment in its Security Managed Services, Incident Response, and Threat Intelligence Offerings
Tesserent Snares Former EY, Microsoft and Virgin Leads (Australian Cybersecurity Magazine) Tesserent has announced that Silas Barnes has been appointed Senior Partner Offensive Security Services, Kelly Taylor assumes the role of Director of Partners and Alliance and E-Yang Tang takes responsibility as Senior Partner for Security Architecture, Engineering, Analytics and Alliances.
Cellebrite Appoints Thomas E. Hogan as Executive Chairman of the Board (GlobeNewswire News Room) Seasoned Technology Leader to Partner with CEO Yossi Carmil to Further Company Growth and Strategic Priorities TYSONS CORNER, Va. and PETAH TIKVA, Israel,...
Products, Services, and Solutions
IRONSCALES Announces GPT-powered PST and ADE Capabilities (IRONSCALES) Enterprise email security leader, IRONSCALES, to unveil suite of new Generative AI capabilities at Black Hat 2023 USA Conference, August 9-10 in Las Vegas
EY launches Intelligent Extended Detection Response solution, supported by Secureworks®, to help organizations combat cyber threats (EY) The EY organization today announced the EY Intelligent Extended Detection & Response (IXDR) solution, in collaboration with cybersecurity leader Secureworks (NASDAQ: SCWX).
Detectify Improves Attack Surface Risk Visibility With New IP Addresses View (Detectify) Best-in-Class EASM Player Launches Platform Enhancements for Asset Discovery and Regulatory Compliance
Bionic Announces Integration with ServiceNow for Industry Leading Application Security Posture Management (PR Newswire) Company also launches Bionic Events and upgraded dashboard capabilities to help customers discover, scan, and inventory enterprise-grade cloud applications
Bionic + ServiceNow Integration Extends CMDB to Applications (Bionic) Announcing a new Bionic + SeviceNow integration to extend CMDBs to apps, Bionic Events, and a reimagined ASPM dashboard.
LastPass Announces Availability of FIDO2 Authenticators for Passwordless Login (Business Wire) FIDO2 compatibility increases security, usability, and choice for all LastPass customers
Conceal Unveils SherpaAI Engine to Counter Novel Threats, Phishing, and Credential Theft Vectors at the Browser (Business Wire) Conceal, the pioneer in defending against web-based attacks, today introduced the ConcealSherpaAI engine, the first secure browser extension powered by AI to identify potentially harmful webpages autonomously.
NetSPI Debuts ML/AI Penetration Testing, a Holistic Approach to Securing Machine Learning Models and LLM Implementations (PR Newswire) NetSPI, the global leader in offensive security, today debuted its ML/AI Pentesting solution to bring a more holistic and proactive approach to...
KnowBe4's New PhishER Plus Uses Crowdsourced Human Intelligence and AI to Help Thwart Phishing Attacks (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced the launch of its...
Epic Machines launches Zscaler Managed Security Services for Small Business (PR Newswire) Breeches still happen to companies with the right technology to stop them. The problem is that these technologies are often not properly...
Synopsys Partners with NowSecure and Secure Code Warrior to Expand Industry-Leading Application Security Testing Solutions Portfolio (Design And Reuse) Agreements Provide Enterprises with Enhanced Mobile Application Security Testing Capabilities, Access to Thousands of Agile Secure Code Learning Experiences for Developers
HashiCorp Cloud Infrastructure Automation and Security Products Now Available on Carahsoft GSA Schedule (Carahsoft) HashiCorp, Inc. and Carahsoft Technology Corp today announced that Carahsoft has added HashiCorp Terraform and Vault to its GSA Schedule, making HashiCorp’s solutions available to the Public Sector through Carahsoft and its reseller partners.
SentinelOne enhances vulnerability management through Singularity Ranger Insights (Help Net Security) SentinelOne introduces Singularity Ranger Insights, unifying continuous threat identification, prioritization, and risk management.
Technologies, Techniques, and Standards
Adopting guidance from the US National Cybersecurity Strategy to secure the Internet of Things (Microsoft Security) The recently published United States National Cybersecurity Strategy warns that many popular Internet of Things (IoT) devices are not sufficiently secure to protect against many of today’s common cybersecurity threats.
A Clever Honeypot Tricked Hackers Into Revealing Their Secrets (WIRED) Security researchers set up a remote machine and recorded every move cybercriminals made—including their login details.
Compliance With SEC Cybersecurity Rules Will Require Resources, Training (PLANSPONSOR) The new disclosure requirements for public companies will will not be easy to meet without added time and focus.
Environmental Regulations, OT & the Maritime Industry's New Challenges (Dark Reading) Stringent efficiency measures in new environmental regulations create an unintended consequence for the shipping industry: increased cybersecurity risks in operational technology systems.
Are capture-the-flag participants obligated to report zero days? (CSO Online) As this year's Hacker Summer Camp gets underway with dozens of CTF events, the obligations for players to report zero-day bugs they discover are murky.
Design and Innovation
Exclusive: IBM researchers easily trick ChatGPT into hacking (Axios) Tricking generative AI to help conduct scams and cyberattacks doesn't require much coding expertise, new research shared exclusively with Axios warns.
Artificial Not-So-Intelligence: IBM ‘hypnotises’ AI bots into telling users to rob banks, maim others (Firstpost) A team of researchers at IBM were able to hypnotise some of the most popular AI bots and make them say all sorts of things. It made the chatbots tell people that it was ethical to run red lights, rob banks and maim others
Microsoft AI Red Team building future of safer AI (Microsoft Security) An essential part of shipping software securely is red teaming. It broadly refers to the practice of emulating real-world adversaries and their tools, tactics, and procedures to identify risks, uncover blind spots, validate assumptions, and improve the overall security posture of systems.
IBM to launch Meta's Llama 2 on watsonx AI platform for businesses (Reuters) International Business Machines said on Wednesday it would host Meta Platforms' artificial intelligence language program on its own enterprise AI platform, watsonx.
Google’s AI ambassador walks a fine line between hype and doom (Washington Post) James Manyika signed a statement warning that artificial intelligence could pose an existential threat to humanity. Like much of Silicon Valley, he’s forging ahead anyhow.
Research and Development
DARPA Launches Two-Year Contest to Build AI Tools to Fix Vulnerabilities (Dark Reading) A challenge will be offered to teams to build tools using AI in order to solve open source's vulnerability challenges.
White House Offers Prize Money for Hacker-Thwarting AI (Security Week) The White House launched an Artificial Intelligence Cyber Challenge competition for creating new AI systems that can defend critical software from hackers.
Hackers to compete for nearly $20 million in prizes by using A.I. for cybersecurity, Biden administration announces (CNBC) The AI Cyber Challenge will offer nearly $20 million in prizes and includes collaboration from leading AI companies Anthropic, Google, Microsoft and OpenAI.
Academia
Fortinet Announces Free Security Awareness Curriculum for K-12 Students Tied to White House’s Cyber Education and Workforce Initiatives (Fortinet) Fortinet curriculum designed by teachers for teachers to provide K-12 students in the U.S. with resources to gain cyber skills, developing the cybersecurity workforce of the future
Legislation, Policy, and Regulation
Brazil’s Cyber Strategy Under Lula: Not a Priority, but Progress Is Possible (Carnegie Endowment for International Peace) The administration of Brazilian President Luiz Inácio Lula da Silva has proposed an ambitious agenda to reform domestic cyber governance, but it is unlikely to depart significantly from Brazil’s established positions on global cyber diplomacy.
India greenlights privacy law as opposition members opt to stay absent | TechCrunch (TechCrunch) The upper house of India's parliament greenlit the long-delayed data protection, facing no resistance as opposition leaders opted out of participation.
President Biden Signs Executive Order on Addressing United States Investments In Certain National Security Technologies And Products In Countries Of Concern (The White House) The Biden-Harris Administration is committed to keeping America safe and defending America’s national security by protecting technologies that are critical to the next generation of military innovation. Today, President Joe Biden signed an Executive Order on Addressing United States Investments In Certain National Security Technologies And Products In Countries Of Concernthat authorizes the Secretary of…
Executive Order on Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.) (NEA), and section 301 of title 3, United States Code, I, JOSEPH…
FACT SHEET: President Biden Issues Executive Order Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern; Treasury Department Issues Advance Notice of Proposed Rulemaking to Enhance Transparency and Clarity and Solicit Comments on Scope of New Program (U.S. Department of the Treasury Office of Public Affairs) On August 9, 2023, President Biden issued an Executive Order (E.O.) to address the national security threat to the United States posed by countries of concern that seek to develop and exploit sensitive or advanced technologies and products critical for military, intelligence, surveillance, or cyber-enabled capabilities.
Treasury Seeks Public Comment on Implementation of Executive Order Addressing U.S. Investments in Certain National Security Technologies and Products in Countries of Concern (U.S. Department of the Treasury) The U.S. Department of the Treasury (Treasury) today issued an Advance Notice of Proposed Rulemaking (ANPRM) seeking public comment related to the implementation of the Executive Order of August 9, “Addressing United States Investments in Certain National Security Technologies and Products in Countries of Concern” (the E.O.).
Biden orders greater restrictions on emerging technology transactions with China (Nextgov.com) The new executive order updating the sanctions regime between U.S. citizens and China is a “national security action,” according to an administration official.
Biden issues an executive order restricting US investments in Chinese technology (AP News) President Joe Biden has signed an executive order to block and regulate high-tech U.S.-based investments going toward China.
Agencies to get more than a dozen new cyber acquisition regs in the coming years (Federal News Network) The Federal Acquisition Regulations Council is close to finalizing rules for threat hunting, secure software development and securing unclassified information systems.
Governor Hochul Announces Nation-Leading Cybersecurity Strategy (Governor Kathy Hochul) Governor Hochul announced New York’s first-ever statewide cybersecurity strategy aimed at protecting the State’s digital infrastructure from today’s cyber threats.
Gov. Hochul announces new cybersecurity strategy (WAMC) New York Governor Kathy Hochul announced a new strategy to bolster the state’s cybersecurity Wednesday.
Hochul outlines cybersecurity for New York as threats mount (New York Daily News) New York State on Wednesday unveiled a new statewide cybersecurity coordination plan, addressing a concern of local and federal officials that has only intensified since Russia’s invasion of Ukraine thrust the U.S. into a new Cold War.
Litigation, Investigation, and Law Enforcement
Countering North Korea, Russia means following the cryptocurrency (Federal News Network) Two of the most troublesome regimes in the world – those of North Korea and Russia – differ in many respects. But they have one thing in common, namely the use of cryptocurrencies to help finance…
Closing ranks on West African organized crime: more than EUR 2 million seized in Operation Jackal (INTERPOL) Tackling the global footprint of Black Axe and similar West Africa-based organized crime groups
Interpol Shuts Down African Cybercrime Group, Seizes $2 Million (Dark Reading) Operation Jackal involved law enforcement agencies in 21 countries and yielded more than 100 arrests.
IRS confirms takedown of bulletproof hosting provider Lolek (Record) The website of the Lolek Hosted service recently showed a seizure notice citing U.S. and Polish authorities. An IRS spokesperson confirmed that the notice was official.
PSNI: How did the police data breach happen? (BBC News) The names of police officers and staff have been published online, but how did it happen?
PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (The Telegraph) The rank, name and unit of all staff were mistakenly published online on Tuesday in response to a freedom of information request
'Monumental' data breach exposes names of entire Northern Ireland police force (CNN) A “monumental” data breach has exposed the names and rank of all 10,000 serving police officers in Northern Ireland, with the body representing the force warning of “incalculable damage” should it end up in the wrong hands.
Police chief 'deeply sorry' for 'industrial scale' data breach (BBC News) PSNI Chief Constable Simon Byrne says police cannot verify claims that dissident republicans have officers’ data.
Major Police Breach Endangers Safety of Officers & Civilians (Dark Reading) A mistake snowballs into a serious political issue as the safety of police officers in Northern Ireland is compromised in an accidental data leak.
Northern Ireland police service need to be held to account over data breach, says Information Commissioner (Channel 4 News) We spoke to the Information Commissioner John Edwards and discussed the data breach at the Northern Ireland police service and also on the Electoral Register. We asked him what his office was now investigating at the PSNI.
Another PSNI data breach as documents containing hundreds of staff details stolen last month in Co Antrim (Belfast Telegraph) A police issued laptop and documents including a spreadsheet of over 200 serving officers and staff is understood to have been stolen in the Co Antrim area.
PSNI could face a compensation bill of £100m as a result of serious data breach (Belfast Telegraph) The PSNI could face paying out as much as £100m in compensation to officers and staff following a massive data breach, a solicitor has warned.
The All-American Myth of the TikTok Spy (WIRED) The TikTok hearings made clear that the American imagination of foreign espionage has become Chinese. Who stands to benefit? Data-hungry companies and the surveillance state.
‘Multiple’ FBI Offices Were Involved in Discredited Scheme To Target ‘Extremist’ Catholics, Report Says, Contradicting FBI Director’s Testimony (The New York Sun) The FBI director testified that the plot to target ‘radical-traditionalist Catholics’ was ‘a single product by a single field office.’ It turns out at…