Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+560: Estonia reminds the world that cyberspace is a front in the war. (CyberWire) As Russia and Ukraine exchange drone strikes (with Russia's targeting civilian marketplaces and grain facilities), Russia looks for lend-lease from North Korea. Estonia reminds the democratic world that cyberspace remains a front in a hybrid war that's not confined to Ukraine.
Russia redeploys more troops to hold back Ukrainian breakthrough (The Telegraph) Russia has begun redeploying more reserve forces to hold back Ukraine’s forces as they try to consolidate a breakthrough in the south.
Russia-Ukraine war: List of key events, day 561 (Al Jazeera) As the war enters its 561st day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 561 of the invasion (the Guardian) At least 17 people killed in Russian rocket attack on market in Kostiantynivka; Antony Blinken announces new US aid during Kyiv trip
Russian missile strike on Ukrainian market kills 17 as Blinken announces new $1B aid package (AP News) A Russian missile tore through an outdoor market in eastern Ukraine, killing 17 people and wounding dozens. The attack unfolded Wednesday as U.S.
Seventeen dead as Russian rocket hits market in bloodiest civilian strike since April (The Telegraph) Volodymyr Zelensky condemns 'utter inhumanity' of the attack on Kostiantynivka in east Ukraine
Ukraine live briefing: Blinken announces more than $1 billion in aid; Russian missile hits market in eastern Ukraine (Washington Post) Secretary of State Antony Blinken pledged more than $1 billion in additional military and humanitarian aid to Ukraine on Wednesday during a visit to Kyiv, in a show of support for Ukraine amid a slow-moving counteroffensive to retake territory in the country’s southeast.
Russia Again Strikes Ukrainian Port Infrastructure; Drones Downed Near Moscow (RadioFreeEurope/RadioLiberty) Ukrainian port infrastructure was damaged in another Russian drone attack early on September 7, as Russia said drones were downed near Moscow and two other regions.
Breakthrough. Bridgehead. Salient. Glimmers Of Progress, And Hope, In Ukraine's Advances (RadioFreeEurope/RadioLiberty) It's been three months since Ukraine launched its biggest counteroffensive of the 18-month Russian invasion. Advances have been grueling and slogging, and for some Western officials, frustratingly slow. But Ukrainian forces may now be on the verge of a small, but notable battlefield breakthrough.
Despite Taking Casualties, Ukraine's Bloodied Troops Fight On Near Bakhmut
(RadioFreeEurope/RadioLiberty) Members of Ukraine's 3rd Separate Assault Brigade engage their Russian enemies near the destroyed eastern city of Bakhmut.
NATO member Romania says it has found drone pieces from Russian attacks in Ukraine on its territory (AP News) Romania’s defense minister says that pieces, apparently of a drone from Russia’s recent attacks on Ukraine’s port on the Danube River, have been found on the territory of his country.
Romania finds suspected Russian drone fragments on its territory (Washington Post) Suspected fragments of a Russian drone have been found on the territory of Romania, officials from the NATO country said on Wednesday, following days of denials that one may have fallen within its borders during Moscow’s bombardment of neighboring Ukraine.
Polish support for Ukraine brings lessons, but also risks (Defense One) Warsaw is learning just what is killing its donated field guns, and battling Russian spy rings back home.
Russia covers nuclear bombers with tyres (The Telegraph) Experts say low-tech tactic is attempt to make planes less visible in night-time raids
DOD Announces $175M in Additional Security Assistance for Ukraine (U.S. Department of Defense) The Defense Department announced an additional security assistance package valued at up to $175 million to help Ukraine counter Russia's unprovoked invasion.
Estonian PM: cyberspace is Ukraine war frontline (Euromaidan Press) Estonian Prime Minister Kaja Kallas declares cyberspace a critical “frontline” in the Ukraine-Russia war, calling for global collaboration to counter cyber threats and affirming that democratic values, aided by technology, must be upheld.
Cyberwar and Conventional Warfare in Ukraine (19FortyFive) In effect, Ukraine is a testing ground for Russia’s cyber weapons deployed alongside the destructive conventional war.
Countries From Three Seas Initiative Condemn Russian Aggression, Vow To Support Ukraine (RadioFreeEurope/RadioLiberty) European Union member states from Central and Eastern Europe have called on Russia to withdraw its forces from Ukraine unconditionally and promised to provide support to Kyiv “for as long as it takes” to repel Moscow’s unprovoked full-scale invasion.
Polish support for Ukraine brings lessons, but also risks (Defense One) Warsaw is learning just what is killing its donated field guns, and battling Russian spy rings back home.
U.S. lawmakers visiting The Hague say Putin is committing genocide in Ukraine (PBS NewsHour) The committee's chairman, Rep. Michael McCaul, a Texas Republican, says Putin "tried to erase a culture, a people and a religion, and that is the definition of genocide."
What Russia's Refusal to Restore the Ukraine Grain Deal Means for Its Ties With Turkey | RANE (Stratfor) If high food prices continue to harm its political popularity at home, Ankara may become more confrontational with Moscow over its blockade of Ukrainian wheat exports.
Ukraine counteroffensive analysis: West needs to help Kyiv 'outrange' Russians, protect own artillery (Breaking Defense) A new RUSI analysis calls on international partners to “ensure” the proposed artillery park is developed, while also working to cut down an existing supply of 17 artillery systems, operated by Ukraine, to focus on “maintaining a more limited range of guns at greater scale.”
US considering long-range fires for Ukraine, State Dept. official says (Defense News) The official noted the Biden administration is "closely considering" sending long-range capabilities to Ukraine.
A look at the uranium-based ammo the US is sending to Ukraine (AP News) A Kremlin spokesman says the U.S. decision to supply depleted uranium ammunition to Ukraine is “very bad news.”
Depleted uranium munitions: what are they and what risks do they pose? (the Guardian) The US says it will start delivering the controversial weapons to Ukraine soon; Russia denounced the decision as ‘an indicator of inhumanity’
Ukrainians Embrace Cluster Munitions, but Are They Helping? (New York Times) The weapons, banned by most countries over human rights concerns, are “not a magic wand,” but some Ukrainian troops say they are making a difference in fighting Russian forces.
What Were the Russians Doing in Chornobyl? (The Atlantic) Shortly after invading Ukraine, Russian forces took over the site of the world’s most devastating nuclear accident. Not for the first time, Chornobyl became a strategic nightmare.
Moldova Kicked Out Most Of Russia's Diplomats, But The Embassy In Chisinau Still Has Close Ties To Spies (RadioFreeEurope/RadioLiberty) In August, Moldova kicked out 45 Russian diplomats and embassy staff, citing fears of Moscow's efforts to "destabilize" the country. But among the diplomats remaining in Chisinau, a new investigation by RFE/RL has found that many of them are linked to Russian intelligence agencies.
Attacks, Threats, and Vulnerabilities
Active North Korean campaign targeting security researchers (Google) Threat Analysis Group shares findings on a new campaign by North Korean actors targeting security researchers.
China, North Korea pursue new targets while honing cyber capabilities (Microsoft On the Issues) Today, the Microsoft Threat Analysis Center is issuing a new report on digital threats emanating from East Asia as part of an ongoing series documenting influence operations and cyber activity, identifying specific sectors and regions at heightened risk.
How China-linked accounts are using AI on social media (Washington Post) Beijing is getting savvy on AI-boosted influence operations, research find
Hacker Group Disguised as Marketing Company to Attack Enterprise Targets (IT Security News) In a recent development, NSFOCUS Security Labs has detected a fresh APT34 phishing attack. During this operation, APT34, believed to originate from Iran and also known as OilRig or Helix Kitten, assumed the identity of a marketing services company named Ganjavi Global Marketing Services (GGMS). They meticulously targeted enterprises, employing a variant of the SideTwist
Mac users targeted in new malvertising campaign delivering Atomic Stealer (Malwarebytes) While malvertising delivering infostealers has largely been a Windows problem, Mac users are getting targeted as well.
Thousands of Popular Websites Leaking Secrets (SecurityWeek) Truffle Security has discovered thousands of popular websites leaking their secrets, including .git directories and AWS and GitHub keys.
Apache Superset Part II: RCE, Credential Harvesting and More (Horizon3.ai) Apache Superset is a popular open source data exploration and visualization tool. In a previous post, we disclosed a vulnerability, CVE-2023-27524, affecting thousands of Superset servers on the Internet, that enables unauthorized attackers to gain admin access to these servers. We also alluded to methods that an attacker, logged in as an admin, could use […]
Silverfort and Osterman Research Report Exposes Critical Gaps in Identity Threat Protection (Silverfort) Inaugural State of Identity Security report finds that 83% of organizations experienced an identity-related breach Boston & Tel Aviv, Sept. 6, 2023 — Silverfort, the Unified Identity Protection Platform leader, today announced its identity protection annual research report titled, The State of Identity Security: Insights into Critical Protection Gaps. Conducted by Osterman Research, the report finds...
The State of the Identity Attack Surface: Insights into Critical Protection Gaps (Osterman Research (commissioned by Silverfort)) This survey discloses a critical gap in organizations’ ability to protect themselves against identity threats—with 83% already having experienced a breach involving compromised credentials. Account takeover, lateral movement, and ransomware spread are a prominent cyber risk.
Using HTTP request smuggling to hijack a user’s session – exploit walkthrough (Outpost24) A pen tester’s walkthrough of a real-world exploit development for session hijacking using the HTTP request smuggling attack technique.
Results of Major Technical Investigations for Storm-0558 Key Acquisition (Microsoft Security Response Center) On July 11, 2023, Microsoft published a blog post which details how the China-Based threat actor, Storm-0558, used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA and Outlook.com. Upon identifying that the threat actor had acquired the consumer key, Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our technical investigation has concluded. As part of our commitment to transparency and trust, we are releasing our investigation findings.
Hackers stole Microsoft signing key from Windows crash dump (BleepingComputer) Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer's corporate account.
China’s Microsoft Email Cloud Hack Began With a 2021 Computer Crash (Wall Street Journal) The cryptographic key that hackers used to access to Microsoft’s cloud was stored by mistake on the company’s corporate network for more than two years.
Mystery solved? Microsoft thinks it knows how Chinese hackers stole its signing key (CyberScoop) A "crash dump" file containing a highly sensitive signing key is believed to have been at the center of an explosive Chinese hacking campaign.
A Rube Goldberg chain of failures led to breach of Microsoft-hosted government emails (The Verge) Microsoft says issues that allowed the breach are fixed.
The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s Signing Key (WIRED) After leaving many questions unanswered, Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable cryptographic key.
Code Vulnerabilities Put Proton Mails at Risk (SonarSource) The Sonar Research team discovered critical code vulnerabilities in Proton Mail, Skiff and Tutanota. This post covers the technical details of the XSS vulnerability in Proton Mail.
If You’ve Got a New Car, It’s a Data Privacy Nightmare (Gizmodo) Bad news: your car is a spy. Every major car brand failed a recent privacy and security test from Mozilla. You’re probably driving around in a "privacy nightmare" that may collect information as sensitive as your race, health status, and sexual activity.
Check-Out With Extra Charges - Vulnerabilities in Hotel Booking Engine Explained (Bitdefender) Booking engines – they make the worlds of travel and hospitality spin around. Estimated at over $US 500 billion, this market moves fast.
Deep Dive into Supply Chain Compromise: Hospitality's Hidden Risks (Bitdefender) In today's hospitality industry, vacation rental software has shifted from a luxury to a must-have for hotels, resorts, and smaller businesses, simplifying booking, guest interactions, and property management.
Rags to riches: Group-IB uncovers potential $280k fake investment scam with global reach (Group-IB) Group-IB, a global cybersecurity leader headquartered in Singapore, in coordination with the UAE Cybersecurity Council has today published a new research blog outlining a new fake investment scam that is targeting users across the globe. In total, experts from Group-IB’s Digital Risk Protection team uncovered almost 900 unique scam pages leveraged by the cybercriminals behind this still-ongoing scheme.
From Rags to Riches: The illusion of quick wealth in investment scams (Group-IB) Group-IB Digital Risk Protection uncovers malicious campaign leveraging almost 900 scam pages with potential financial damage estimated at $280,000 over four-month span
New BLISTER Malware Update Fuelling Stealthy Network Infiltration (IT Security News) An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control (C2) framework called Mythic. “New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers exposure within VM/sandbox environments,” Elastic Security Labs researchers Salim Bitam and Daniel
New BLISTER Malware Update Fuelling Stealthy Network Infiltration (The Hacker News) New BLISTER update spotted! It's now part of SocGholish attacks, spreading an open-source C2 framework called Mythic.
Ransomware Group Claims Responsibility for Data Breach (Robots.net) Stay updated with the latest news as a ransomware group claims responsibility for a massive data breach, exposing sensitive information. Find out more about this significant security incident.
Ransomware gang claims credit for Sabre data breach | TechCrunch (TechCrunch) The Dunghill Leak group claimed it has stolen 1.3 terabytes from the travel booking giant, including employee data and passports.
Grand Valley State University warns students of data breach that could affect personal data (WZZM13.com) Grand Valley State University announced that some students may have had their personal data compromised after a third-party vendor experienced a data breach.
University of Michigan requires password resets after cyberattack (BleepingComputer) The University of Michigan (UMICH) warned staff and students on Tuesday that they're required to reset their account passwords after a recent cyberattack.
Highgate Wood School closed following cyber attack (BBC News) The school's 1,500 pupils have been unable to return after the summer holiday due to the attack.
A week into a cyber-security breach, system issues at Prevea Health and HSHS hospitals continue (WFRV Local 5 - Green Bay, Appleton) Prevea Health and HSHS hospitals have been experiencing a system-wide outage of clinical and administrative systems since Sunday, August 27. The Prevea healthcare pro…
Pizza Hut Australia leaks one million customers' details, claims ShinyHunters hacking group (Bitdefender) The ShinyHunters hacking group has claimed that in the last couple of months it has stolen more than 30 million customer order records from Pizza Hut Australia, alongside information on more than one million customers.
Planet Home Lending, LLC Notifies Consumers of Recent Data Breach (JD Supra) On August 31, 2023, Planet Home Lending, LLC (”Planet”) filed a notice of data breach with the Attorney General of Montana after discovering that...
Data Breach at Apparel Giant Forever 21 Impacts Over 500,000 Individuals (CPO Magazine) Apparel giant Forever 21 has confirmed a data breach that impacted over 500,000 current and former employees.
Generative AI’s Biggest Security Flaw Is Not Easy to Fix (WIRED) Chatbots like Open AI’s ChatGPT and Google’s Bard are vulnerable to indirect prompt injection attacks. Security researchers say the holes can be plugged—sort of.
Cyber-Criminals Only Have to Be Right Once? Not Quite (Infosecurity Magazine) Adenike Cosgrove says we can turn the tables on cyber-criminals and force them to be right time and again
CISA Adds One Known Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-33246 Apache RocketMQ Command Execution Vulnerability
Trends
Cyber Threat Intelligence Index: 2023 Midyear (Flashpoint) Data, insights, and analysis on the most impactful events and threats of 2023 so far—from ransomware and vulnerabilities to data breaches and insider threat.
When humans are the weak link in critical infrastructure cybersecurity (Security) When humans are the weak link in critical infrastructure cybersecurity
2023 Hospitality Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies (Trustwave) The Trustwave report, 2023 Hospitality Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies, explores the specific threats and risks that hospitality organizations face, along with practical insights and mitigations to strengthen their defenses.
Marketplace
Israel's ThetaRay raises $57 million in private round (Reuters) Israel's ThetaRay said on Tuesday it raised $57 million in a private funding round led by global fintech platform Portage.
Cyber Company IronNet Furloughs Workers, Explores Bankruptcy (Wall Street Journal) Company founded by former Pentagon brass says it will ‘substantially curtail’ operations in the absence of new funds.
Cash-Strapped IronNet Faces Bankruptcy Options (SecurityWeek) IronNet signaled grave financial distress in an SEC filing that warns it has run out of money and will furlough a majority of its workforce.
Once more, Proact named one of Sweden's 10 best companies for young people (News Powered by Cision) Proact has, for two consecutive years, been ranked as one of the top 10 IT employers for young
Logpoint appoints Michael Haldbo as Chief Financial Officer (Logpoint) Experienced financial executive Michael Haldbo joins Logpoint to protect and support the business and ensure its successful transformation into a European cybersecurity powerhouse.
FTI Consulting Adds Three Senior Cybersecurity Experts, Including Former NCFTA New York Leader (GlobeNewswire News Room) WASHINGTON, Sept. 07, 2023 (GLOBE NEWSWIRE) -- FTI Consulting, Inc. (NYSE: FCN) today announced the appointments of Nikole Davenport as a Senior Managing...
Sectigo Appoints Rita Parvaneh as Chief Financial Officer (GlobeNewswire News Room) Sectigo®, a global leader in automated Certificate Lifecycle Management (CLM), and digital certificates,...
Products, Services, and Solutions
NetRise Added to Department of Homeland Security Continuous Diagnostics and Mitigation Approved Products List (Netrise) NetRise has been accepted for the Approved Product List (APL) through the Continuous Diagnostics and Mitigation (CDM) Program.
CybeReady Provides Cybersecurity Awareness Month Kits as CISOs Defend Against AI Driven Attacks (Global Security Mag Online) CybeReady Provides Cybersecurity Awareness Month Kits as CISOs Defend Against AI Driven Attacks. In Preparation for Cybersecurity Awareness Month in October, Company Equips CISOs with Training…
Contrast Security Partners with IMQ Minded Security to Modernize AppSec Practices in Italy (Contrast Security) Code security leader signs first Italian channel partner to solve the challenges of current AppSec programs with its leading Secure Code Platform.
NETSCOUT Introduces RAN Analytics for Carrier Aggregation (Business Wire) Smart Data Enables Intelligent Automation and RAN Optimization Amid Increasing 5G Network Complexity
Genetec Helps Organizations Move Seamlessly from Incident Response to Investigations (GlobeNewswire News Room) New integration facilitates the exchange of information and reports between Genetec Mission Control digital decision management system and Clearance...
CyberSaint launches Remediation Suite to optimize resource allocation and decision-making (Help Net Security) CyberSaint Remediation Suite centralizes assessments, financial analysis, recommendations, and tracking for enterprise-wide risk reduction.
PRESS RELEASE: SSH Communications Security Launches Secure Collaboration 2024 for Secure Human-to-Human Interaction (GlobeNewswire News Room) SSH Communications Security extends SSH Zero Trust Suite to a modern, real-time, secure, and audited (who did what when?)...
SecurityHQ Signs Strategic Partnership with Al-Futtaim Engineering & Technologies (Global Security Mag Online) SecurityHQ announced its enhanced collaboration with Al-Futtaim Engineering & Technologies, part of the Al-Futtaim Group, one of most respected corporations in the Gulf region.
Aware Premiers Powerful New AwareID® Functionality and Introduces Developer Hub to Further Simplify Businesses' Adoption of Biometric Technology (GlobeNewswire News Room) New Release Focuses Platform on Optimized User Experience and Superior Backend Support; Requires Little to No App-Specific Knowledge or Experience on the...
OPSWAT Partners with BlackBerry to Strengthen MetaDefender Cybersecurity Solutions (PR Newswire) OPSWAT, a leading provider of advanced cybersecurity solutions and critical infrastructure protection today announced a collaboration with...
Uptycs’ Unified CNAPP and XDR Platform Earns Analyst Accolades as a Driving Force for Security Operations Excellence (GlobeNewswire News Room) Recognized by Esteemed Analyst Firms for Innovation in Cloud and Endpoint Security and Compliance...
BullWall Server Intrusion Protection Brings MFA Behind the Firewall To Protect Servers and Thwart Breach Attempts (Business Wire) Protects RDP Sessions – The Entry Point for 50% of All Ransomware Deployments -- With MFA That Detects and Prevents Unauthorized Users and Halts Breach Progression, Strengthens Cybersecurity Insurance Eligibility.
BIO-key International Joins AWS ISV Accelerate Program to Elevate Biometric Security Solutions on AWS (GlobeNewswire News Room) BIO-key and AWS Work Together to Support Seamless Integration of Biometric Authentication Solutions...
Eagle Eye Networks Launches V3 of its Video API Platform (Business Wire) V3 of API platform streamlines cloud video surveillance application development and AI integrations
ZeroEyes Earns Top Information Security Designation: SOC 2 Type 2 (PR Newswire) ZeroEyes, the creators of the only AI-based gun detection video analytics platform that holds the US Department of Homeland Security SAFETY Act...
Kanguru and Cigent launch Self-Encrypting, Secure SSD storage to stop ransomware and data theft (PR Newswire) Kanguru, the leader in encrypted data storage drives, and Cigent® Technology, Inc., the leader in zero trust data protections, today...
SSH Communications Security Launches Secure Collaboration 2024 for Secure Human-to-Human Interaction (SSH) SSH Communications Security extends SSH Zero Trust Suite to a modern, real-time, secure, and audited human-to-human communications platform.
Orca Security Delivers First AI-Driven Cloud Asset Search to Further Enable Cloud Security Democratization (Business Wire) Groundbreaking New Capabilities Make Understanding All Risks in the Cloud Estate as Simple and Intuitive as Asking a Question
US Signal establishes SD-WAN pact with Cato Networks (Lightwave) US Signal, a data center and cloud provider, has partnered with SASE provider Cato Networks to provide SD-WAN services to its business customers. The collaboration with Cato gives US Signal distribution rights for Cato’s Secure Access Service Edge (SASE) Cloud throughout North America.
Technologies, Techniques, and Standards
MITRE and CISA release Caldera for OT attack emulation (Security Affairs) CISA and MITRE released a Caldera extension for OT that allows the emulation of attacks on operational technology systems
MITRE Caldera for OT now available as extension to open-source platform (Help Net Security) MITRE Caldera for OT empowers security teams with new tools to help ensure the safe and secure function of critical infrastructure.
Cybersecurity Builds Trust in Critical Infrastructure (Dark Reading) Improving an energy company's resistance to cyberattack does more than protect vital resources — it enhances trust from customers and investors.
Cybersecurity investments boost profitability, resilience: White House (Cybersecurity Dive) Expenditures on resilience will help companies reduce downtime, Acting National Cyber Director Kemba Walden said at the Billington Cybersecurity Summit.
Server Patching Best Practices for Enterprise Patch Management (Park Place Technologies) Malicious cyberattacks continue to make headlines. It seems like there is a massive new breach every month or so. The truth is that cyberattacks can
Design and Innovation
Building for the AI Attack Era (Darktrace Blog) At Darktrace, we saw that AI could address an existential threat – defending people, businesses and nations from a world of constantly evolving threats. This threat is only poised to grow as AI is increasingly used by attackers. That’s why we became one of the first to apply AI to cyber security and built a completely AI native technology platform aimed at freeing the world of cyber disruption.
Research and Development
UWF engineering students develop software to improve military intelligence gathering (University of West Florida Newsroom) Students in the UWF Dr. Muhammad Harunur Rashid Department of Electrical and Computer Engineering are working with the Air Force Research Laboratory to improve battlefield intelligence gathering by creating a machine-learning algorithm. As part of their capstone project, seniors Nathan Harris and Bradley Edgar, are analyzing and training an algorithm to automatically identify military equipment […]
Academia
Rapid7 and USF Collaborate on Cyber Training Initiative With $1.5 Million Grant From Office of Naval Research and National Science Foundation (GlobeNewswire News Room) Rapid7 threat data, dedicated personnel will facilitate research that explores real-world scenarios and challenges to ready tomorrow’s cyber operators...
NSF Awards $120,036 to NDSU for Cybersecurity Education and Training (Kevin Cramer) U.S. Senator Kevin Cramer (R-ND) announced the National Science Foundation (NSF) awarded a total of $120,036 to North Dakota State University (NDSU) to support cybersecurity education and training for Criminal Justice professionals.
Legislation, Policy, and Regulation
AI Can Be an Extraordinary Force for Good—if It’s Contained (WIRED) No one has a plan for regulating AI yet. These are the questions that leaders must ask to contain the coming wave.
Costa Rica Takes Bold and Decisive Stance on Cybersecurity (TIA Online) The Telecommunications Industry Association—the trusted industry association for the connected world— today announced its support for the recent actions by the Costa Rican government to enhance its…
China Bans iPhone Use for Government Officials at Work (Wall Street Journal) Restrictions are the latest step in Beijing’s campaign to reduce reliance on overseas technology
How China Demands Tech Firms Reveal Hackable Flaws in Their Products (WIRED) Some foreign companies may be complying—potentially offering China’s spies hints for hacking their customers.
AUKUS partnership success hinges on export controls for sensitive tech, officials say (Nextgov.com) The trilateral Australia-U.K.-U.S. partnership is intended to share more emerging technologies, which officials say demands synchronicity in export control standards.
Britain Admits Defeat in Controversial Fight to Break Encryption (WIRED) The UK government has admitted that the technology needed to securely scan encrypted messages sent on Signal and WhatsApp doesn’t exist, weakening its controversial Online Safety Bill.
US lawmaker calls for ending Huawei, SMIC exports after chip breakthrough (Reuters) The U.S. Commerce Department should end all technology exports to Huawei and China's top semiconductor firm following the discovery of new chips in Huawei phones that may violate trade restrictions, the chair of the House of Representatives' committee on China said on Wednesday.
Intelligence community to meet with civil liberties groups on controversial surveillance tool (CyberScoop) The clock is running down on reauthorization of Section 702 of the Foreign Intelligence Surveillance Act set to sunset later this year.
Why a Twitter whistleblower is joining the Biden administration (MSNBC.com) Peiter Zatko's expertise in social media companies and national security could be a boon for the U.S. government.
CISA plans new 'secure-by-design' guidance (Nextgov.com) The nation’s cyber defense agency is continuing to drive a major effort to shift security responsibilities from users to software providers.
Easterly: CISA wrapping up cyber incident reporting rule (Record) The cyber agency's director says a closely watched regulation mandated under the fiscal 2022 spending bill is coming sooner rather than later.
America’s Digital Achilles’ Heel (Foreign Affairs) The United States’ reliance on sensitive technology leaves it vulnerable to attacks.
Top Biden Cyber Official Accused of Workplace Misconduct at NSA in 2014 — and Again at White House Last Year (The Intercept) Anne Neuberger was accused of workplace misconduct at the NSA in 2014 and, as a top Biden cybersecurity official, again last year at the White House.
California’s Gavin Newsom Signs New Executive Order on AI Risks (Bloomberg) Gavin Newsom touted Silicon Valley’s AI dominance, but warns of a “Pandora’s box.”
Litigation, Investigation, and Law Enforcement
FOIA Suit Reveals 'Widespread' Use Of Fake Profiles By DHS (Law360) The U.S. Department of Homeland Security regularly uses fake social media profiles to collect information on people, according to internal documents obtained by the New York University School of Law's Brennan Center for Justice, which said the operations threaten privacy rights.
EU Challenges Apple, Microsoft in New Push to Rein in Big Tech Dominance (Bloomberg) Tech firms set to challenge EU in digital antitrust clampdown. Apple’s App Store, Google Search, Amazon marketplace on list.
UK pulls back from clash with Big Tech over private messaging | Financial TimesFinancial Times (Financial Times) Ministers will not immediately enforce online safety bill powers to scan apps after WhatsApp threatened shutdown
Verizon calls its own foul in how it managed GSA’s cybersecurity (Federal News Network) DOJ and the General Services Administration’s inspector general says Verizon’s cyber protections fell short of requirements outlined in the Trusted Internet Connections initiative from October 2017 to…