New cyberespionage techniques in the wild. Developments in the C2C markets. A hacktivist auxiliary is unhappy with Telegram.

Summary

By the CyberWire staff

At a glance.

Phishing with Facebook Messenger accounts.
Redfly cyberespionage targets a national grid.
The exploit trade in the C2C underground market.
Phishing attack exploits Baidu link.
A repojacking vulnerability.
A hacktivist auxiliary looks to its own interests.
Data resilience in the construction industry. Security implications of generative AI.

Iranian cyberespionage activity uses a new backdoor.

ESET reports that the APT they track as Ballistic Bobcat (in other threat actor bestiaries APT35/APT42, Charming Kitten, TA453, or PHOSPHORUS) is currently active against targets in Brazil, Israel, and the United Arab Emirates. The group is using a novel backdoor, tracked as "Sponsor," which uses configuration files stored on disk. "These files," ESET writes, "are discreetly deployed by batch files and deliberately designed to appear innocuous, thereby attempting to evade detection by scanning engines." Ballistic Bobcat carefully scans for known, unpatched vulnerabilities in target systems and exploits those for initial access. The APT's usual target list includes "education, government, and healthcare organizations, as well as human rights activists and journalists."

Earn your cybersecurity master’s from an NSA-recognized institution.

Further your career and secure your future with an advanced degree from the George Washington University — choose from 100% online master’s in cybersecurity analytics or in cybersecurity policy & compliance. Designed by D.C. experts and taught by cybersecurity leaders, these programs integrate computer science and engineering courses to give you the well-rounded expertise you need for leadership roles and professional advancement. Discover how you can get a world-class education made for working professionals.

Phishing with Facebook Messenger accounts.

Guardio Labs is tracking a widespread phishing campaign that’s targeted millions of business accounts on Facebook Messenger, compromising about 1 in 70 of the targeted accounts. The campaign uses phony business inquiries to distribute “a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a multi-stage process full of simple yet effective obfuscation methods.” The threat actor behind the campaign appears to be a cybercriminal group based in Vietnam. The researchers note, “The threat actors hold an army of bots and fake Facebook accounts as well as a listing of millions of business accounts, pages, and managers — sending away over +100k phishing messages a week to Facebook users around the world.” For more on the incident, see CyberWire Pro.

Why AI Is at Risk for Supply Chain Attacks and How You Can Address It.

As companies rush AI applications to market, pre-built open source binaries such as Python wheels have become widely adopted, even as they pose an increasing risk for supply chain attacks.

This webinar covers:

What are pre-built binaries and Python wheels
The state of open source software supply chain risks
How organizations can ensure secure, scalable use of open source for AI, even in the cloud

Redfly cyberespionage targets a national grid.

Symantec (a Broadcom company) warns that the Redfly threat actor “used the ShadowPad Trojan to compromise a national grid in an Asian country for as long as six months earlier this year.” The attack began in February, and the objective appears to be espionage.

Symantec notes, “The frequency at which [critical national infrastructure] organizations are being attacked appears to have increased over the past year and is now a source of concern. Threat actors maintaining a long-term, persistent presence on a national grid presents a clear risk of attacks designed to disrupt power supplies and other vital services in nation-states during times of increased political tension. While Symantec has not seen any disruptive activity by Redfly, the fact that such attacks have occurred in other regions means they are not outside the bounds of possibility.”

Fortra Discusses Developing the Framework for a Culture of Security Awareness.

From gaining buy-in to staying engaged during leadership churn, Fortra walks you through the ins-and-outs of bringing a culture of cybersecurity to your company. With over two decades of security awareness training expertise, we know the pitfalls and can prepare you for persistent success. Learn from our experience how to:

Communicate a cybersecurity framework
Increase engagement
Plan for leadership turnover
Leverage safety net technology
And more

Read Now.

The exploit trade in the C2C underground market.

Flashpoint has published a report looking at the demand for vulnerability exploits in criminal markets. The prices of the exploits vary, with some being sold for tens of thousands of dollars. In one case, a Cloudflare web application firewall (WAF) bypass zero-day was combined with a new exploit for a patched Magento flaw and offered for $30,000.

In another instance, threat actors offered an exploit for a patched vulnerability affecting the Microsoft Windows Print Spooler service. The researchers note, “CVE-2023-21822 has not been reported as being exploited in the wild. Flashpoint analysts observed a threat actor selling an exploit targeting CVE-2023-21822 on February 16. The threat actor set the price of the exploit at $8,000 USD for the compiled binary, and USD $13,000 for the source code. Flashpoint observed on March 31 that a notable threat actor displayed interest in purchasing the exploit.”

(Added, 12:30 PM ET, September 13th, 2023.) ShareFile, one of the companies mentioned by other outlets in connection with Flashpoint's report, sent us a description of how they saw the incident unfold. "A fix for CVE-2023-24489 was released on May 11, 2023 with Version 5.11.24 (one month before the security bulletin was issued)," ShareFile wrote. "Customer patching was proactively handled and, by June 13, over 83% of these customers had patched their environments, before the incident was made public. Also, by June 13, all unpatched SZC hosts were blocked from connecting to the ShareFile cloud control plane, making unpatched SZC hosts unusable with ShareFile. On Aug. 16, CISA added the CVE to their known exploited vulnerability catalog; while there was a spike to 75 attacks following this, this died down immediately given that the issue has been addressed." The company also outlined the scope and effect of the incident, as found by its own investigation. "When this vulnerability was discovered, we worked with and notified impacted customers in advance of the announced CVE to update to the latest version of our software to assure the safety of their data. Our control plane is no longer connected to any ShareFile StorageZones Controller (SZC) that is not patched. The incident affected less than 3% of our install base (2800 customers). There is no known data theft from this incident."

SlashNext Complete™ AI Security for Email, Mobile and Browser

At SlashNext, we know the demands of a changing and growing threat landscape increase the need to protect people where they work in real time. That’s why SlashNext Complete delivers zero-hour protection for how people work today across email, mobile, and browser apps. With SlashNext’s generative AI to defend against advanced business email compromise, smishing, spear phishing, executive impersonation, and financial fraud, your people are always protected anywhere they work. Request a demo today.

Phishing attack exploits Baidu link.

Vade describes a phishing campaign that abused Chinese search engine Baidu’s link redirect feature. The phishing links lead to a spoofed Microsoft 365 login page hosted by Cloudflare. Vade states, “As usual, the attackers protect their webpage by using cover and redirection mechanisms. Many email filters are likely to treat a Baidu domain as safe and pass the phishing email to the intended victim’s mailbox. Additionally, the use of multiple intermediary pages is designed to intercept and prevent the analysis from reaching the destination phishing page. Since these pages don’t contain fields or links, they encourage filters to view them as safe.”

A repojacking vulnerability.

Checkmarx discovered a vulnerability “that could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations” in order to conduct repojacking attacks. GitHub has since fixed the flaw.

Checkmarx states, “Successful exploitation enables the takeover of popular code packages in several package managers, including ‘Packagist,’ ‘Go,’ ‘Swift,’ and more. We have identified over 4,000 packages in those package managers using renamed usernames and are at risk of being vulnerable to this technique in case a new bypass is found. Of these packages at risk, hundreds of them have garnered over 1,000 stars on GitHub.”

A hacktivist auxiliary looks to its own interests.

Anonymous Sudan, which, despite the name, is Russian operated, retaliated against Telegraph for its suspension of the group's main account, SecurityWeek reports. SOCRadar describes the distributed denial-of-service (DDoS) attack, which they assess as having largely failed. Telegram hasn't said why it banned Anonymous Sudan, but it seems to have done so for hacktivist auxiliary's organization and use of bot accounts.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

Data resilience in the construction industry.

A report by Dodge Construction Network and Egnyte looks at cyber threats facing the construction industry, finding that 59% of organizations in the construction industry experienced a cyber incident within the last two years.

The researchers add, “The majority (72%) of architects, engineers and contractors rate themselves as having a moderate or higher degree of preparation for an attack that would cause them to lose access to documents. However, 77% say they cannot go more than five days without access to documents before they experience serious schedule impacts on their projects, and the average duration of a successful ransomware attack is considerably longer than five days, potentially leaving many firms more vulnerable than they realize.”

Security implications of generative AI.

Sonatype has issued a report looking at the ways in which generative AI tools are impacting DevOps and DevSecOps. DevOps and SecOps employees cited increased productivity and faster software development as two of the top benefits of generative AI.

Many respondents, however, believe these tools will lead to the introduction of more code vulnerabilities: “More than three-quarters of DevOps leads say the use of generative AI will result in more vulnerabilities in open source code. Surprisingly, SecOps leads are less concerned at 58%. Further, 42% of DevOps respondents and 40% of SecOps leads say lack of regulation could deter developers from contributing to open source projects.”

The report adds, “Asked who they believe is responsible for regulating the use of generative AI, 59% of DevOps leads and 78% of SecOps leads say both the government and individual companies should be responsible for regulation.”

Notes.

Today's issue includes events affecting Australia, China, Estonia, the European Union, Iran, the Democratic People's Republic of Korea, the Republic of Korea, Lithuania, NATO/OTAN, the Netherlands, Russia, Sri Lanka, Ukraine, the United Kingdom, the United States, and Vietnam.

Dateline: Russia's hybrid war against Ukraine.

Ukraine at D+565: Cyber force availability. (CyberWire) Russia copes with resupply and force generation as Ukraine continues its slow advance in Donetsk and Zaporizhia.

Russia-Ukraine war: List of key events, day 566 (Al Jazeera) As the war enters its 566th day, these are the main developments.

Russia-Ukraine war at a glance: what we know on day 566 of the invasion (the Guardian) North Korea’s Kim Jong-un set to meet Vladimir Putin; Ukraine recaptures gas and oil rigs in Black Sea

Ukraine claims to recapture Black Sea oil platforms seized during Crimea's annexation (AP News) The Ukrainian military says it recaptured strategic gas and oil drilling platforms from Russia in the Black Sea.

Milley says Ukraine has 30-45 days of ‘fighting weather’ for counteroffensive (The Hill) Joint Chiefs of Staff Chairman Gen. Mark Milley on Sunday said Ukrainian troops are making “steady progress” in the counteroffensive against Russia but are running out of time to achieve key objectives.

New intelligence shows Russia's targeting of a cargo ship (GOV.UK) New intelligence shows the intended target of a Russian missile attack in the Black Sea was a cargo ship.

EU Warns Russia There Will Be 'Consequences' After 'Illegal' Vote In Occupied Ukraine (RadioFreeEurope/RadioLiberty) The European Union has warned Russia of “consequences” for those involved in organizing the “illegal” elections over the weekend in Ukrainian regions occupied by the Kremlin, while Germany said new EU sanctions are possible.

Ukraine-Russia war live: Britain is provoking us to strike Ukrainian nuclear plant, claims Putin (The Telegraph) Britain is trying to provoke Russia into launching an attack on a Ukrainian nuclear power station, Vladimir Putin has claimed.

North Korea’s Kim is in Russia to meet Putin, as both are locked in standoffs with the West (AP News) North Korea’s Kim Jong Un rolled into Russia on an armored train Tuesday to see President Vladimir Putin.

The Russian and North Korean leaders are set to meet. Why, and why now? (Washington Post) North Korean leader Kim Jong Un and Russian President Vladimir Putin are expected to meet in Vladivostok this week, their first summit since 2019, amid warming relations between the two countries.

Kim Jong-un Has Something Putin Needs, and That’s a New Wrinkle (New York Times) Kim Jong-un has ammunition stocks that Russia covets as it continues its war in Ukraine, and North Korea may get advanced technology and badly needed food aid in return.

Why Kim Jong Un's Russia Trip Is a Sign of Putin's Weakness (Time) The North Korean dictator arrived in Russia on Tuesday, with a meeting expected with President Vladimir Putin.

NATO prepares industry plan to boost arms production (Defense News) The initiative, agreed at the recent Vilnius summit, puts the spotlight on industrial bottlenecks that have often slipped under the radar.

Ukraine is ushering in a new uncrewed era at sea (Defense News) Sea drones are here to stay, and Western navies should get ready, argues IISS naval analyst Nick Childs.

Readout of Secretary of Defense Lloyd J. Austin III's Call With Ukrainian Minister of Defe (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke by phone with Ukraine's new minister of defense to congratulate him on his appointment and to reiterate the steadfast U.S. support for Ukraine.

Austin Makes Call to New Counterpart in Ukraine (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke to Ukraine's new defense minister to discuss his role and emphasize the ongoing U.S. support for Ukraine.

Readout of Acting Under Secretary of Defense for Policy Sasha Baker Meeting with Estonian (U.S. Department of Defense) Acting Undersecretary of Defense for Policy Sasha Baker met with Estonian Ministry of Defense Permanent Secretary Kusti Salm at the Pentagon.

Germany orders 40 Marder combat vehicles for Ukraine (Defense News) The new order doubles the total number of Marders to be sent to Ukraine, according to its manufacturer Rheinmetall.

After Microsoft and X, Hackers Launch DDoS Attack on Telegram (SecurityWeek) Anonymous Sudan launches a DDoS attack against Telegram in retaliation for the suspension of their primary account on the platform.

Elon Musk's refusal to have Starlink support Ukraine attack in Crimea raises questions for Pentagon (AP News) SpaceX founder Elon Musk’s refusal to allow Ukraine to use Starlink internet services to launch a surprise attack on Russian forces in Crimea last September has raised questions for the Pentagon.

European Commission bans Russians from entering EU by car, with valuables (espreso.tv) The European Commission has banned Russians from entering EU countries in Russia-registered cars, and from importing personal belongings. Read more.

Lula backpedals on suggestion Putin could attend G20 without fear of arrest (the Guardian) Comments were at odds with Brazil foreign minister’s statement that Putin could face ‘issues’ if he traveled to any ICC member state

My nation didn’t learn lesson of war, says Russian who finds bodies of Soviet soldiers (the Guardian) Konstantin Dobrovolski, who has spent decades finding and reburying those killed in WW2, says Ukraine invasion was ‘madness’

‘You may have been poisoned’: how an independent Russian journalist became a target (the Guardian) The long read: My reporting on the invasion of Ukraine led to an assassination order being issued – and then came the mysterious illness

Attacks, Threats, and Vulnerabilities

New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk (Checkmarx.com) A new vulnerability has been discovered that could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations. This technique could be used to perform a Repojacking attack (hijacking popular repositories to distribute malicious code). This finding marks the fourth time a unique method was identified that could potentially bypass GitHub’s “Popular repository namespace retirement” mechanism. The vulnerability has been reported to GitHub and has been fixed.

Massive ransomware attack on state email domain (Sunday Times) All Government offices using the “gov.lk” email domain, including the Cabinet Office, have lost data from May 17 to August 26, 2023, after a massive ransomware attack, the Information and Communication Technology Agency (ICTA) has confirmed.

CXO Research: 58% of Data Backups are Failing, Creating Data Protection Challenges and Limiting Digital Transformation Initiatives (Veeam Software) Veeam Data Protection Report 2021 finds that COVID-19 has significantly impacted Digital Transformation (DX) spending, with 40% of global organizations viewing economic uncertainty as the greatest barrier to DX in the next 12 months and one-third having slowed or halted initiatives in the past year

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (ESET) ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor.

Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E. (The Hacker News) Charming Kitten strikes again! Latest report reveals their campaign using 'Sponsor' backdoor, targeting Brazil, Israel, and U.A.E.

Iran's Charming Kitten Pounces on Israeli Exchange Servers (Dark Reading) Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent.

Iranian hackers break into networks of more than 30 companies in Israel (ynetnews) Cyber company ESET found that Iranian hackers took advantage of a known weakness in corporate email servers to introduce a backdoor that allows entry into their networks; The companies include insurance, medicine, industry, communications, IT, technology, retail, automobile, law, financial services, architecture and civil engineering

Cuba ransomware gang deploys new malware (Kaspersky) Kaspersky has unveiled new research into the activities of the notorious ransomware group known as Cuba. This cybercriminal gang recently deployed malware that evaded advanced detection, targeting organizations worldwide and leaving a trail of compromised companies across various industries.

Phishing Attack Abuses Baidu Link Redirect, Cloudflare, and Microsoft (Vade) A new phishing attack detected by Vade exploits Baidu link redirection and uses Microsoft and Cloudflare spoofing.

“MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts (Guardio Labs, via Medium) Facebook’s Messenger platform has been heavily abused in the past month to spread endless messages with malicious attachments from a swarm of fake and hijacked personal accounts. These threat actors are targeting millions of business accounts on Facebook’s platform — from highly-rated marketplace sellers to large corporations, with fake business inquiries, achieving a staggering “success rate” with approximately 1 out of 70 infected!

Facebook Messenger phishing wave targets 100K business accounts per week (BleepingComputer) Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware.

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger (The Hacker News) Beware of the latest Facebook Messenger phishing attack! Attackers are taking over accounts through malicious attachments.

OriginBotnet Spreads via Malicious Word Document (Fortinet Blog) FortiGuard Labs detected a Word doc with a malicious URL, leading to a 400MB loader, distributing OriginBotnet, RedLine Clipper, and AgentTesla. Learn more.…

Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows (The Hacker News) "Steal-It" campaign targets Windows systems in Australia, Poland, and Belgium. Learn how attackers use PowerShell scripts to steal NTLMv2 hashes.

Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach (SecurityWeek) Cybercriminals breached an AP Stylebook website and obtained information on customers who were then targeted in phishing attacks.

MGM Resorts shuts down some computer systems after cyber attack (Reuters) MGM Resorts International has shut down some of its computer systems due to cybersecurity issues, according to a post on the company's website on Monday.

Cybersecurity issue prompts computer shutdowns at MGM Resorts properties across US (AP News) Casino and hotel giant MGM Resorts International says a cybersecurity issue led to the shutdown of computer systems at its properties across the U.S.

MGM Resorts shuts down IT systems after cyberattack (BleepingComputer) MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines.

MGM Resorts experiences 'cybersecurity issue' impacting operations and prompting investigation (Fox Business) MGM Resorts International said on Monday it was experiencing a "cybersecurity" issue, forcing the company to shut down certain systems while experts investigated the breach.

MGM resorts says 'cybersecurity issue' may have widespread impact (NBC News) The company said the issue might have affected its properties in Las Vegas, Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio.

MGM Resorts blames 'cybersecurity issue' for ongoing outage (TechCrunch) Hotel and casino giant MGM Resorts has confirmed a “cybersecurity issue” is to blame for an ongoing outage affecting systems at the company's Las Vegas

FBI assisting in MGM cybersecurity investigation as slot machines, website, and emails rem (KSNV) What started as a slow trickle of computer systems going offline on Sunday has turned into what appeared to be a widespread cybersecurity attack on MGM Resorts

MGM Resorts Says It Shut Down Some Systems Following Hack (Bloomberg) MGM Resorts International said it has identified a cyberattack that is affecting some of the company’s systems, as reports trickled in about slot machines and guest check-in being disrupted.

Stolen Auto Accounts: The $2 Price Tag on Your Car's Identity (Kasada) New threat intelligence uncovers nearly 15,000 automotive accounts for sale online, the likely result of a credential stuffing attack to hit top car manufacturers.

Hackers Scammed $500K In Crypto from Twitter Users In Just 20 Minutes (Vice) “Twitter's account security is not designed as [a financial platform],” a crypto CEO said.

Extremists keep trying to trigger mass blackouts — and that’s not even the scariest part (POLITICO) Extremist groups are among those targeting the electricity network, exposing the reporting gaps between the state and federal agencies that oversee its security.

CISA Adds Two Known Vulnerabilities to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41064 Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow CVE-2023-41061 Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability

Vulnerability Summary for the Week of September 4, 2023 | CISA (Cybersecurity and Infrastructure Security Agency CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

CISA warns govt agencies to secure iPhones against spyware attacks (BleepingComputer) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware.

Trends

CYFIRMA Industry Report : PROFESSIONAL GOODS AND SERVICES (CYFIRMA) EXECUTIVE SUMMARY The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry- driven statistics of global industries, covering one sector...

Record number of cyberattacks targeting critical IT infrastructure reported to UK gov’t this year (Record) According to data obtained under Britain's Freedom of Information Act, the first six months of 2023 have seen a spike in reporting of incidents involving critical IT infrastructure services.

Coalfire Continues Penetration Risk Research, 5th Annual Report Highlights Evolution In Offensive Security (PR Newswire) Today Coalfire released its 5th annual Securealities Penetration Risk Report, validating a significant advancement in offensive security...

Generative AI Adoption Surges in Software Development Despite Security Risks, Sonatype Research Finds (GlobeNewswire News Room) Application security leaders are more bullish than developer leaders on generative AI, though both agree it will lead to more pervasive security...

Marketplace

Netcraft Acquires FraudWatch to Cement Leadership in Cybercrime Detection & Takedown; Delivers Online Brand Protection at Scale Supported by 24/7 Security Operations Center (Netcraft) Netcraft, global leader in cybercrime detection, disruption, and takedowns, announced today the acquisition of FraudWatch, a leading Australian online brand ...

Binalyze Secures $19 Million in Series A Funding (Binalyze) Cybersecurity firm will use the investment to accelerate the company’s growth and development of its category-defining the DFIR platform.

Check Point to acquire Atmosec (iTWire) Security vendor Check Point Software Technologies is acquiring Atmosec, a start-up specialising in SaaS security. Atmosec's technology is able to quickly discover and disconnect malicious SaaS applications, prevent third-party SaaS applications from communicating with an enterprise's SaaS en...

The Syndicate Group (TSG) Announces Strategic Investment in Veza to Accelerate Channel-Led Growth for the Identity Security Company (PR Newswire) Veza, the identity security company, and The Syndicate Group (TSG), a leading venture firm focused on revenue growth and new customer...

Tamnoon Raises $5.1M in Seed Funding and Appoints Executives to Accelerate Customer Adoption of Assisted Cloud Remediation (Tamnoon) Ran Nahmias joins as Chief Business Officer, and Jonathan Lebowitsch joins as the company’s Vice President of Technical Services

Working Together For Greater SAP Security: SecurityBridge And Protect4S Are Joining Forces (Yahoo Finance) Established in 2012 and headquartered in Ingolstadt, SecurityBridge is a leading provider and pioneer in cybersecurity solutions for SAP customers. With its innovative and holistic cybersecurity software platform, SecurityBridge helps companies to monitor their business-critical SAP systems and to detect and fend off attacks in real-time.

BCR Cyber Advances EARN Maryland Program with Northrop Grumman (EIN Presswire) Companies Helping to Meet Critical Need for Cybersecurity Talent

Sophos Named the #1 Leader for MDR and Firewall by G2 (GlobeNewswire News Room) Sophos Ranks Highest in 26 Reports and Earns 114 Award Badgesas the Only Leader Across MDR, XDR, EDR, Endpoint Protection, and Firewall OXFORD, United...

Aqua Security New Business Increases by 65% in H1 2023 (GlobeNewswire News Room) Aqua’s unique CNAPP capabilities drive accolades, recognition, customer adoption and hyper growth...

KuppingerCole Names Veracode an Overall Leader for Software Supply Chain Security (Veracode) API Security, Visibility & Reporting, and SBOM Highlighted as Strengths in SSCS Leadership Compass 2023

Insider Selling: SentinelOne, Inc. (NYSE:S) CEO Sells 40,000 Shares of Stock (MarketBeat) SentinelOne, Inc. (NYSE:S - Get Free Report) CEO Tomer Weingarten sold 40,000 shares of the business's stock in a transaction on Thursday, September 7th. The stock was sold at an average price of $17.07, for a total transaction of $682,800.00. Following the transaction, the chief executive officer now owns 848,969 shares in the company, valued at $14,491,900.83. The sale was disclosed in a legal filing with the Securities & Exchange Commission, which is available at this hyperlink.

Entrust Hires Jordan Avnaim as Chief Information Security Officer (Entrust) Seasoned technology and cybersecurity executive brings 20+ years of experience in enterprise digital transformations; will replace retiring CISO Mark Ruchie

Salt Security Appoints Michael Porat Senior Vice President, Corporate and Business Development (PR Newswire) Salt Security, the leading API security company, today announced it has named Michael Porat senior vice president, corporate and business...

Boom Supersonic CISO Chris Roberts Joins Onyxia Cyber's Advisory Board (PR Newswire) Onyxia Cyber ("Onyxia"), a leading provider of AI-powered Cybersecurity Management solutions, is proud to announce the newest addition to...

Tariq Shaukat Joins Sonar as co-CEO (Sonar) Former President of Google Cloud and Bumble joins Clean Code market leader to accelerate growth alongside Founder and CEO Olivier Gaudin

DataDome Appoints Chris Raniere as Chief Revenue Officer to Further Scale Customer Acquisition & Expansion (DataDome) Hiring of Global Revenue Leader Marks Company Milestone as It Experiences Tremendous Growth

Products, Services, and Solutions

Telos Corporation Awarded Contract Extension with Central Intelligence Agency (Telos Corporation) ASHBURN, Va., September 12, 2023 — Telos Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, today announced a $6.7 million, two-year contract extension with the Central Intelligence Agency (CIA). This contract builds on Telos’ six-year relationship with the CIA and adds three option periods... Read more

Built with Google Cloud: Google and Acalvio partner to deliver Active Defense to protect customers from advanced threats (Google Cloud Blog) Acalvio ShadowPlex is a SaaS platform that adds a new layer of defense based on cyber-deception to the defense-in-depth model.

Mercury’s Secure Encryptor Now Available for Integration into Military Platforms Across the Defense Industry (GlobeNewswire News Room) Mercury Systems, Inc. (NASDAQ: MRCY, www.mrcy.com), a technology company that delivers processing...

Cloudflare Announces Unified Data Protection Suite to Address Risks of Modern Coding and Increased AI Use (Dark Reading) Rich security suite enables seamless and secure path to transition corporate networks to the cloud, and accelerate innovation.

Netskope Expands Strategic Alliance with Deloitte by Joining MXDR by Deloitte (Netskope) SANTA CLARA, Calif. – September 12, 2023 - Netskope, a leader in Secure Access Service Edge (SASE), today announced that its existing strategic alliance

NormCyber announces new ISO27001 consultancy services (NormCyber) NormCyber announces new ISO27001 consultancy services to enable mid-sized organisations to flexibly procure compliance services

Mimecast Partner ONE™ Program Launches to Unify and Scale Channel Program (GlobeNewswire News Room) Streamlined partner program emphasizes Mimecast’s commitment to enhancing the partner experience, bringing new incentives, investments, and competencies...

Code42 Releases Insider Risk Management Program Launchpad to Accelerate Program Buildout (Code42) Code42 Software, Inc., the Insider Risk Management (IRM) leader, today announced the release of its IRM Program Launchpad, a self-paced training offering designed exclusively for Code42 customers to help launch and mature their IRM program, increase program effectiveness, and maximize program ROI without extra legwork. Building an effective data protection program can be challenging for […]

Proofpoint Unveils New Security Awareness Features to Educate Users About Today’s Most Advanced Cyber Threats (Proofpoint) Adaptive groups, ML leveled phishing, and new content prepare users to defend themselves and their organizations

Sentra Empowers Enterprises to Curb Data Risks at Scale with Addition of Large Language Models to Classification Engine (PR Newswire) Sentra, the cloud data security leader, today announced that large language models (LLMs) are now included in its data classification engine,...

Rebrandly Launches New Marketplace -- Empowering Developers to Easily Integrate with Rebrandly's Leading Link Management and Click Tracking Solutions (PR Newswire) Rebrandly, the market-leading provider of link management solutions, today announced the launch of the Rebrandly Marketplace, a new cloud...

Gigamon Announces Precryption Technology, a Breakthrough Cybersecurity Innovation that Brings Deep Observability to Encrypted Traffic Across Any Hybrid Cloud Infrastructure (Business Wire) Powerful technology captures packets inside the Linux kernel, bringing plaintext visibility to encrypted traffic to eliminate the most significant security blind spot across virtual, cloud, and container applications

Axiad Achieves FedRAMP Ready Certification Status (PR Newswire) Axiad, a leading provider of organization-wide passwordless orchestration, today announced its Axiad Cloud platform has achieved The Federal...

Marygold & Co. partners with Sardine and Incode to protect clients’ financial futures with artificial intelligence (GlobeNewswire News Room) Harnessing its new partners’ AI-driven security platforms, the Marygold & Co. fintech app better secures client payments and accounts in the digital age...

United States Patent and Trademark Office Takes Innovative Approach to Machine Identity Management With Venafi (Business Wire) Government Agency Automates Digital Certificate Management to Reduce Complexity and Prevent Security Incidents

Skybox Security Unveils Next-Generation of Continuous Exposure Management Platform (Business Wire) Significant Enhancements in Attack Surface and Vulnerability Management Solutions Empower Organizations to Mitigate Cyber Exposure Risk

Technologies, Techniques, and Standards

The MOVEit Hack, Ransomware Attacks, and Cyber Insurance (The National Law Review) Ransomware attacks and cyber data theft are an unfortunate fact of life for businesses. Whether through attacks targeting individual companies or widespread

Why Cyber Risk Quantification Needs a Trust Makeover? (Balbix) With this blog, we begin the series dedicated to exploring the nuances of cyber risk quantification.

Building Compliance from Scratch with a Culture of Security (Apptega) With the proper approach, MSPs can merge security programs with regular business operations by creating a culture of security.

CISA Announces Open Source Software Security Roadmap (Cybersecurity and Infrastructure Security Agency) The Cybersecurity and Infrastructure Security Agency (CISA) published the Open Source Software Security Roadmap today that articulates how the agency will enable the secure usage of open source software within the federal government and support a healthy, secure, and sustainable global open source software ecosystem.

Enhanced Data Resilience Will Help the Design and Construction Industry Face the Risks That Impact Their Businesses (Business Wire) A new study highlights the importance of data access in the new digital age, provides insights into how to manage the top risks companies face and demonstrates that designers and contractors underestimate the cyber risks they face.

2023 THE STATE OF AUTHENTICATION SECURITY REPORT [ENZOIC] (Cybersecurity Insiders) Authentication security remains a cornerstone of any cybersecurity strategy, yet it is an area fraught with challenges.

Design and Innovation

RevealSecurity Named SINET16 Innovator (PR Newswire) RevealSecurity, a leader in application detection and response, today announced it has been named a SINET16 Innovator Award winner for 2023....

Deepfactor Named a Winner in 2023 SINET16 Innovator Award (GlobeNewswire News Room) Group of 16 includes emerging companies identified as the most innovative and compelling technologies addressing cybersecurity threats and vulnerabilities...

Arctic Wolf CEO: 'AI is an opportunity for vendors and customers, but also bad actors' (CRN) Nick Schneider opens up about the opportunities and challenges facing the cybersecurity market

Generative AI: A pragmatic blueprint for data security (VentureBeat) Avoiding generative AI security tools due to fear, uncertainty and doubt may be more of a risk than diving headlong into the conversation.

M.B.A. Students vs. ChatGPT: Who Comes Up With More Innovative Ideas? (Wall Street Journal) We put humans and AI to the test. The results weren’t even close.

Meta is building an AI model as powerful as GPT-4, report says (Business Insider) The Facebook owner is developing an AI model that can go toe-to-toe with OpenAI's most powerful system, unnamed sources told The Wall Street Journal.

Generative AI Adoption Surges in Software Development Despite Security Risks, Sonatype Research Finds (Sonatype) New research from Sonatype reveals that generative AI adoption has surged in software development despite noted security risks.

Legislation, Policy, and Regulation

Revealed: The Country that Secretly Wiretapped the World for the FBI (404 Media) For years the FBI ran its own encrypted phone company to intercept messages from thousands of people around the globe. One country was critical to that operation, whose identity was unknown to the public. Until now.

Crypto Reg Affairs: Seoul developing crypto bill to combat North Korean illicit finance | Elliptic (Elliptic Connect) South Korea is reportedly planning to submit a bill that would track and freeze North Korean cryptocurrency and virtual assets that are used to fund its illicit weapons programs. Read more.

A top Canadian cyber official discusses major threats, challenges (Washington Post) Sami Khoury talks Canadian cyber challenges, threats

DOJ to ‘Surge’ Resources at Corporate Crimes With National Security Implications (Wall Street Journal) Principal Associate Deputy Attorney General Marshall Miller cited the appointment of the National Security Division’s first chief counsel for corporate enforcement and its ongoing hiring of 25 prosecutors.

Senators Want ChatGPT-Level AI to Require a Government License (WIRED) A new US government body would force companies to seek a license before working on powerful AI models like OpenAI's GPT-4, under a bipartisan proposal by senators Richard Blumenthal and Josh Hawley.

White House mulls rating system to boost cybersecurity for critical infrastructure (Cybersecurity Dive) Anne Neuberger, deputy national security advisor for cyber, told the Billington Cybersecurity Summit that a new ransomware summit is set and updated a consumer labeling push for IoT.

What new federal cybersecurity policy means for government contractors (C4ISRNet) The most controversial section calls for holding software companies liable for producing insecure code.

Why keep the dual-hat arrangement between Cybercom and NSA? (Security Intelligence) One person has led the NSA and Cybercom since 2010. But many are asking whether this dual-hat arrangement should continue indefinitely.

State CIOs have a small, but important to-do list for their federal counterparts (Federal News Network) Alex Whitaker, the director of government affairs for the National Association of State Chief Information Officers, said pushing for broader adoption of the .gov domain and harmonization of federal…

Litigation, Investigation, and Law Enforcement

Revelations of Chinese espionage rock British Parliament (Washington Post) British politicians were asking for answers on Monday after it was revealed that two men — one working as a researcher in Parliament — were arrested in March on suspicion of spying for China.

It’s Google versus the US in the biggest antitrust trial in decades (AP News) Google will confront a threat to its dominant search engine beginning Tuesday when federal regulators launch an attempt to dismantle its internet empire in the biggest U.S. antitrust trial in a quarter century.

Dutch groups sue Google over alleged privacy violations (Reuters) The Dutch consumers' association Consumentenbond together with the Privacy Protection Foundation issued legal proceedings against Google on Tuesday for alleged large-scale privacy violations, they said in a statement.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Immersive Tech Panel Series: Vehicles (Virtual, Sep 18, 2023) The Future of Privacy Forum has kicked off its Immersive Tech Panel Series, examining the new privacy risks and policy questions that arise when immersive technologies are integrated into domains like health, advertising, transportation, AI, and education. Join us for a forward-looking conversation on the issues raised by the use of immersive technologies like extended reality (XR) in cars, both for safety and convenience. What kinds of data are collected through sensors, cameras, and user input? What are the relevant privacy laws, policies, and ethical considerations organizations should be mindful of? This event will provide valuable insights and guidance to professionals, researchers, and enthusiasts interested in exploring the intersection of immersive technology and vehicles.

Immersive Tech Panel Series: Education (Virtual, Oct 19, 2023) The Future of Privacy Forum has kicked off its Immersive Tech Panel Series, examining the new privacy risks and policy questions that arise when immersive technologies are integrated into domains like health, advertising, transportation, AI, and education. As back to school season gears up, more students than ever will be heading to higher education campuses offering immersive experiences. Schools and universities are leveraging virtual and augmented reality to facilitate teaching, learning and student engagement. Adoption of this technology brings new possibilities to the classroom environment, and also brings new considerations regarding student data collection and privacy practices. Please join us for a panel discussion to consider the relevant privacy laws, policies, and ethical considerations in the intersection of immersive technology and higher education.

Immersive Tech Panel Series: AI (Virtual, Nov 9, 2023) The Future of Privacy Forum has kicked off its Immersive Tech Panel Series, examining the new privacy risks and policy questions that arise when immersive technologies are integrated into domains like health, advertising, transportation, AI, and education. Join us for an engaging discussion on key issues that arise from the use of artificial intelligence (AI) in immersive spaces. What are the potential benefits, challenges, and risks of using generative AI in extended reality environments? What privacy laws, policies, and ethical considerations should be taken into account regarding the use of AI as these technologies are developed? This event will provide valuable insights and guidance to professionals, researchers, and enthusiasts interested in exploring the intersection of AI and immersive technology.

Immersive Tech Panel Series: Kids & Teens (Virtual, Dec 6, 2023) The Future of Privacy Forum has kicked off its Immersive Tech Panel Series, examining the new privacy risks and policy questions that arise when immersive technologies are integrated into domains like health, advertising, transportation, AI, and education. While young people may be the generation most interested in immersive spaces, the concern for how kids and teens engage with technology is greater than ever. Companies must tread cautiously in designing immersive spaces for kids and teens and consider privacy, safety, and design. Learn about the key issues at the intersection of youth and immersive technology and hear from leaders in the space on considerations, best practices, and where the technology is headed.

Events

Borderless Cyber: Cybersecurity Meets Privacy (Egham, Surrey, UK, Sep 11 - 12, 2023) 'Cybersecurity Meets Privacy' Royal Holloway, University of London 11-12 September 2023 Egham, Surrey, UK Borderless Cyber is unique, focusing on the convergence of the cybersecurity and privacy disciplines and addressing new technologies, research, operationalization realities, risks, and solutions. It brings together international experts and offers opportunities for networking, good dialogue, and future collaboration. It promises to be illuminating and challenging! Speakers from Uber, Meta, Vodafone, NATO NCI, Intel, CISA, Infosys, ITU, the UK Home Office, and other organizations are included in the recently released program.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Sep 11 - 15, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps.

Insider Threat Program Development - Management Training Course (Tysons Corner, Virginia, USA, Sep 12 - 13, 2023) The training course will be taught on September 12-13, 2023. This highly sought after and very comprehensive 2 day training course will ensure that the ITP Manager and others who support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Legal Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group. This training will also provide students with an in depth view of how to obtain visibility of potential or malicious employee actions on computer systems and networks, using Insider Threat Detection software. Our student satisfaction levels are in the exceptional range. Over 900+ individuals have attended this training course and received ITP Manager Certificates.

2023 PCI SSC North America Community Meeting (Portland, Oregon, USA, Sep 12 - 14, 2023) Join your global payment security peers at the 2023 PCI SSC Community Meetings! PCI SSC Community Meetings bring together the brightest minds in payment security. Don’t miss the opportunity to collaborate and learn about the latest developments in global payment security and in the PCI Security Standards.

What the White House’s 2023 National Cybersecurity Strategy Means to Your Security Plan (Virtual, Sep 13, 2023) Join Fortra’s upcoming webinar to break down the White House’s 2023 National Cybersecurity Strategy. In this webinar, we will cover the strategy’s goals, five pillars, and how Fortra products and solutions can better secure software and data, respond to changing cyber threats, and help organizations on their journey to implementing some of the plan’s objectives.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.