Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+565: Cyber force availability. (CyberWire) Russia copes with resupply and force generation as Ukraine continues its slow advance in Donetsk and Zaporizhia.
Russia-Ukraine war: List of key events, day 566 (Al Jazeera) As the war enters its 566th day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 566 of the invasion (the Guardian) North Korea’s Kim Jong-un set to meet Vladimir Putin; Ukraine recaptures gas and oil rigs in Black Sea
Ukraine claims to recapture Black Sea oil platforms seized during Crimea's annexation (AP News) The Ukrainian military says it recaptured strategic gas and oil drilling platforms from Russia in the Black Sea.
Milley says Ukraine has 30-45 days of ‘fighting weather’ for counteroffensive (The Hill) Joint Chiefs of Staff Chairman Gen. Mark Milley on Sunday said Ukrainian troops are making “steady progress” in the counteroffensive against Russia but are running out of time to achieve key objectives.
New intelligence shows Russia's targeting of a cargo ship (GOV.UK) New intelligence shows the intended target of a Russian missile attack in the Black Sea was a cargo ship.
EU Warns Russia There Will Be 'Consequences' After 'Illegal' Vote In Occupied Ukraine (RadioFreeEurope/RadioLiberty) The European Union has warned Russia of “consequences” for those involved in organizing the “illegal” elections over the weekend in Ukrainian regions occupied by the Kremlin, while Germany said new EU sanctions are possible.
Ukraine-Russia war live: Britain is provoking us to strike Ukrainian nuclear plant, claims Putin (The Telegraph) Britain is trying to provoke Russia into launching an attack on a Ukrainian nuclear power station, Vladimir Putin has claimed.
North Korea’s Kim is in Russia to meet Putin, as both are locked in standoffs with the West (AP News) North Korea’s Kim Jong Un rolled into Russia on an armored train Tuesday to see President Vladimir Putin.
The Russian and North Korean leaders are set to meet. Why, and why now? (Washington Post) North Korean leader Kim Jong Un and Russian President Vladimir Putin are expected to meet in Vladivostok this week, their first summit since 2019, amid warming relations between the two countries.
Kim Jong-un Has Something Putin Needs, and That’s a New Wrinkle (New York Times) Kim Jong-un has ammunition stocks that Russia covets as it continues its war in Ukraine, and North Korea may get advanced technology and badly needed food aid in return.
Why Kim Jong Un's Russia Trip Is a Sign of Putin's Weakness (Time) The North Korean dictator arrived in Russia on Tuesday, with a meeting expected with President Vladimir Putin.
NATO prepares industry plan to boost arms production (Defense News) The initiative, agreed at the recent Vilnius summit, puts the spotlight on industrial bottlenecks that have often slipped under the radar.
Ukraine is ushering in a new uncrewed era at sea (Defense News) Sea drones are here to stay, and Western navies should get ready, argues IISS naval analyst Nick Childs.
Readout of Secretary of Defense Lloyd J. Austin III's Call With Ukrainian Minister of Defe (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke by phone with Ukraine's new minister of defense to congratulate him on his appointment and to reiterate the steadfast U.S. support for Ukraine.
Austin Makes Call to New Counterpart in Ukraine (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke to Ukraine's new defense minister to discuss his role and emphasize the ongoing U.S. support for Ukraine.
Readout of Acting Under Secretary of Defense for Policy Sasha Baker Meeting with Estonian (U.S. Department of Defense) Acting Undersecretary of Defense for Policy Sasha Baker met with Estonian Ministry of Defense Permanent Secretary Kusti Salm at the Pentagon.
Germany orders 40 Marder combat vehicles for Ukraine (Defense News) The new order doubles the total number of Marders to be sent to Ukraine, according to its manufacturer Rheinmetall.
After Microsoft and X, Hackers Launch DDoS Attack on Telegram (SecurityWeek) Anonymous Sudan launches a DDoS attack against Telegram in retaliation for the suspension of their primary account on the platform.
Elon Musk's refusal to have Starlink support Ukraine attack in Crimea raises questions for Pentagon (AP News) SpaceX founder Elon Musk’s refusal to allow Ukraine to use Starlink internet services to launch a surprise attack on Russian forces in Crimea last September has raised questions for the Pentagon.
European Commission bans Russians from entering EU by car, with valuables (espreso.tv) The European Commission has banned Russians from entering EU countries in Russia-registered cars, and from importing personal belongings. Read more.
Lula backpedals on suggestion Putin could attend G20 without fear of arrest (the Guardian) Comments were at odds with Brazil foreign minister’s statement that Putin could face ‘issues’ if he traveled to any ICC member state
My nation didn’t learn lesson of war, says Russian who finds bodies of Soviet soldiers (the Guardian) Konstantin Dobrovolski, who has spent decades finding and reburying those killed in WW2, says Ukraine invasion was ‘madness’
‘You may have been poisoned’: how an independent Russian journalist became a target (the Guardian) The long read: My reporting on the invasion of Ukraine led to an assassination order being issued – and then came the mysterious illness
Attacks, Threats, and Vulnerabilities
New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk (Checkmarx.com) A new vulnerability has been discovered that could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations. This technique could be used to perform a Repojacking attack (hijacking popular repositories to distribute malicious code). This finding marks the fourth time a unique method was identified that could potentially bypass GitHub’s “Popular repository namespace retirement” mechanism. The vulnerability has been reported to GitHub and has been fixed.
Massive ransomware attack on state email domain (Sunday Times) All Government offices using the “gov.lk” email domain, including the Cabinet Office, have lost data from May 17 to August 26, 2023, after a massive ransomware attack, the Information and Communication Technology Agency (ICTA) has confirmed.
CXO Research: 58% of Data Backups are Failing, Creating Data Protection Challenges and Limiting Digital Transformation Initiatives (Veeam Software) Veeam Data Protection Report 2021 finds that COVID-19 has significantly impacted Digital Transformation (DX) spending, with 40% of global organizations viewing economic uncertainty as the greatest barrier to DX in the next 12 months and one-third having slowed or halted initiatives in the past year
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (ESET) ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor.
Charming Kitten's New Backdoor 'Sponsor' Targets Brazil, Israel, and U.A.E. (The Hacker News) Charming Kitten strikes again! Latest report reveals their campaign using 'Sponsor' backdoor, targeting Brazil, Israel, and U.A.E.
Iran's Charming Kitten Pounces on Israeli Exchange Servers (Dark Reading) Archrivals face off in the cyber plane, as opportunistic hackers prey on the unpatched and generally negligent.
Iranian hackers break into networks of more than 30 companies in Israel (ynetnews) Cyber company ESET found that Iranian hackers took advantage of a known weakness in corporate email servers to introduce a backdoor that allows entry into their networks; The companies include insurance, medicine, industry, communications, IT, technology, retail, automobile, law, financial services, architecture and civil engineering
Cuba ransomware gang deploys new malware (Kaspersky) Kaspersky has unveiled new research into the activities of the notorious ransomware group known as Cuba. This cybercriminal gang recently deployed malware that evaded advanced detection, targeting organizations worldwide and leaving a trail of compromised companies across various industries.
Phishing Attack Abuses Baidu Link Redirect, Cloudflare, and Microsoft (Vade) A new phishing attack detected by Vade exploits Baidu link redirection and uses Microsoft and Cloudflare spoofing.
“MrTonyScam” — Botnet of Facebook Users Launch High-Intent Messenger Phishing Attack on Business Accounts (Guardio Labs, via Medium) Facebook’s Messenger platform has been heavily abused in the past month to spread endless messages with malicious attachments from a swarm of fake and hijacked personal accounts. These threat actors are targeting millions of business accounts on Facebook’s platform — from highly-rated marketplace sellers to large corporations, with fake business inquiries, achieving a staggering “success rate” with approximately 1 out of 70 infected!
Facebook Messenger phishing wave targets 100K business accounts per week (BleepingComputer) Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware.
Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger (The Hacker News) Beware of the latest Facebook Messenger phishing attack! Attackers are taking over accounts through malicious attachments.
OriginBotnet Spreads via Malicious Word Document (Fortinet Blog) FortiGuard Labs detected a Word doc with a malicious URL, leading to a 400MB loader, distributing OriginBotnet, RedLine Clipper, and AgentTesla. Learn more.…
Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows (The Hacker News) "Steal-It" campaign targets Windows systems in Australia, Poland, and Belgium. Learn how attackers use PowerShell scripts to steal NTLMv2 hashes.
Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach (SecurityWeek) Cybercriminals breached an AP Stylebook website and obtained information on customers who were then targeted in phishing attacks.
MGM Resorts shuts down some computer systems after cyber attack (Reuters) MGM Resorts International has shut down some of its computer systems due to cybersecurity issues, according to a post on the company's website on Monday.
Cybersecurity issue prompts computer shutdowns at MGM Resorts properties across US (AP News) Casino and hotel giant MGM Resorts International says a cybersecurity issue led to the shutdown of computer systems at its properties across the U.S.
MGM Resorts shuts down IT systems after cyberattack (BleepingComputer) MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website, online reservations, and in-casino services, like ATMs, slot machines, and credit card machines.
MGM Resorts experiences 'cybersecurity issue' impacting operations and prompting investigation (Fox Business) MGM Resorts International said on Monday it was experiencing a "cybersecurity" issue, forcing the company to shut down certain systems while experts investigated the breach.
MGM resorts says 'cybersecurity issue' may have widespread impact (NBC News) The company said the issue might have affected its properties in Las Vegas, Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio.
MGM Resorts blames 'cybersecurity issue' for ongoing outage (TechCrunch) Hotel and casino giant MGM Resorts has confirmed a “cybersecurity issue” is to blame for an ongoing outage affecting systems at the company's Las Vegas
FBI assisting in MGM cybersecurity investigation as slot machines, website, and emails rem (KSNV) What started as a slow trickle of computer systems going offline on Sunday has turned into what appeared to be a widespread cybersecurity attack on MGM Resorts
MGM Resorts Says It Shut Down Some Systems Following Hack (Bloomberg) MGM Resorts International said it has identified a cyberattack that is affecting some of the company’s systems, as reports trickled in about slot machines and guest check-in being disrupted.
Stolen Auto Accounts: The $2 Price Tag on Your Car's Identity (Kasada) New threat intelligence uncovers nearly 15,000 automotive accounts for sale online, the likely result of a credential stuffing attack to hit top car manufacturers.
Hackers Scammed $500K In Crypto from Twitter Users In Just 20 Minutes (Vice) “Twitter's account security is not designed as [a financial platform],” a crypto CEO said.
Extremists keep trying to trigger mass blackouts — and that’s not even the scariest part (POLITICO) Extremist groups are among those targeting the electricity network, exposing the reporting gaps between the state and federal agencies that oversee its security.
CISA Adds Two Known Vulnerabilities to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-41064 Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow
CVE-2023-41061 Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Vulnerability Summary for the Week of September 4, 2023 | CISA (Cybersecurity and Infrastructure Security Agency CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
CISA warns govt agencies to secure iPhones against spyware attacks (BleepingComputer) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware.
Trends
CYFIRMA Industry Report : PROFESSIONAL GOODS AND SERVICES (CYFIRMA) EXECUTIVE SUMMARY The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry- driven statistics of global industries, covering one sector...
Record number of cyberattacks targeting critical IT infrastructure reported to UK gov’t this year (Record) According to data obtained under Britain's Freedom of Information Act, the first six months of 2023 have seen a spike in reporting of incidents involving critical IT infrastructure services.
Coalfire Continues Penetration Risk Research, 5th Annual Report Highlights Evolution In Offensive Security (PR Newswire) Today Coalfire released its 5th annual Securealities Penetration Risk Report, validating a significant advancement in offensive security...
Generative AI Adoption Surges in Software Development Despite Security Risks, Sonatype Research Finds (GlobeNewswire News Room) Application security leaders are more bullish than developer leaders on generative AI, though both agree it will lead to more pervasive security...
Marketplace
Netcraft Acquires FraudWatch to Cement Leadership in Cybercrime Detection & Takedown; Delivers Online Brand Protection at Scale Supported by 24/7 Security Operations Center (Netcraft) Netcraft, global leader in cybercrime detection, disruption, and takedowns, announced today the acquisition of FraudWatch, a leading Australian online brand ...
Binalyze Secures $19 Million in Series A Funding (Binalyze) Cybersecurity firm will use the investment to accelerate the company’s growth and development of its category-defining the DFIR platform.
Check Point to acquire Atmosec (iTWire) Security vendor Check Point Software Technologies is acquiring Atmosec, a start-up specialising in SaaS security. Atmosec's technology is able to quickly discover and disconnect malicious SaaS applications, prevent third-party SaaS applications from communicating with an enterprise's SaaS en...
The Syndicate Group (TSG) Announces Strategic Investment in Veza to Accelerate Channel-Led Growth for the Identity Security Company (PR Newswire) Veza, the identity security company, and The Syndicate Group (TSG), a leading venture firm focused on revenue growth and new customer...
Tamnoon Raises $5.1M in Seed Funding and Appoints Executives to Accelerate Customer Adoption of Assisted Cloud Remediation (Tamnoon) Ran Nahmias joins as Chief Business Officer, and Jonathan Lebowitsch joins as the company’s Vice President of Technical Services
Working Together For Greater SAP Security: SecurityBridge And Protect4S Are Joining Forces (Yahoo Finance) Established in 2012 and headquartered in Ingolstadt, SecurityBridge is a leading provider and pioneer in cybersecurity solutions for SAP customers. With its innovative and holistic cybersecurity software platform, SecurityBridge helps companies to monitor their business-critical SAP systems and to detect and fend off attacks in real-time.
BCR Cyber Advances EARN Maryland Program with Northrop Grumman (EIN Presswire) Companies Helping to Meet Critical Need for Cybersecurity Talent
Sophos Named the #1 Leader for MDR and Firewall by G2 (GlobeNewswire News Room) Sophos Ranks Highest in 26 Reports and Earns 114 Award Badgesas the Only Leader Across MDR, XDR, EDR, Endpoint Protection, and Firewall OXFORD, United...
Aqua Security New Business Increases by 65% in H1 2023 (GlobeNewswire News Room) Aqua’s unique CNAPP capabilities drive accolades, recognition, customer adoption and hyper growth...
KuppingerCole Names Veracode an Overall Leader for Software Supply Chain Security (Veracode) API Security, Visibility & Reporting, and SBOM Highlighted as Strengths in SSCS Leadership Compass 2023
Insider Selling: SentinelOne, Inc. (NYSE:S) CEO Sells 40,000 Shares of Stock (MarketBeat) SentinelOne, Inc. (NYSE:S - Get Free Report) CEO Tomer Weingarten sold 40,000 shares of the business's stock in a transaction on Thursday, September 7th. The stock was sold at an average price of $17.07, for a total transaction of $682,800.00. Following the transaction, the chief executive officer now owns 848,969 shares in the company, valued at $14,491,900.83. The sale was disclosed in a legal filing with the Securities & Exchange Commission, which is available at this hyperlink.
Entrust Hires Jordan Avnaim as Chief Information Security Officer (Entrust) Seasoned technology and cybersecurity executive brings 20+ years of experience in enterprise digital transformations; will replace retiring CISO Mark Ruchie
Salt Security Appoints Michael Porat Senior Vice President, Corporate and Business Development (PR Newswire) Salt Security, the leading API security company, today announced it has named Michael Porat senior vice president, corporate and business...
Boom Supersonic CISO Chris Roberts Joins Onyxia Cyber's Advisory Board (PR Newswire) Onyxia Cyber ("Onyxia"), a leading provider of AI-powered Cybersecurity Management solutions, is proud to announce the newest addition to...
Tariq Shaukat Joins Sonar as co-CEO (Sonar) Former President of Google Cloud and Bumble joins Clean Code market leader to accelerate growth alongside Founder and CEO Olivier Gaudin
DataDome Appoints Chris Raniere as Chief Revenue Officer to Further Scale Customer Acquisition & Expansion (DataDome) Hiring of Global Revenue Leader Marks Company Milestone as It Experiences Tremendous Growth
Products, Services, and Solutions
Telos Corporation Awarded Contract Extension with Central Intelligence Agency (Telos Corporation) ASHBURN, Va., September 12, 2023 — Telos Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, today announced a $6.7 million, two-year contract extension with the Central Intelligence Agency (CIA). This contract builds on Telos’ six-year relationship with the CIA and adds three option periods... Read more
Built with Google Cloud: Google and Acalvio partner to deliver Active Defense to protect customers from advanced threats (Google Cloud Blog) Acalvio ShadowPlex is a SaaS platform that adds a new layer of defense based on cyber-deception to the defense-in-depth model.
Mercury’s Secure Encryptor Now Available for Integration into Military Platforms Across the Defense Industry (GlobeNewswire News Room) Mercury Systems, Inc. (NASDAQ: MRCY, www.mrcy.com), a technology company that delivers processing...
Cloudflare Announces Unified Data Protection Suite to Address Risks of Modern Coding and Increased AI Use (Dark Reading) Rich security suite enables seamless and secure path to transition corporate networks to the cloud, and accelerate innovation.
Netskope Expands Strategic Alliance with Deloitte by Joining MXDR by Deloitte (Netskope) SANTA CLARA, Calif. – September 12, 2023 - Netskope, a leader in Secure Access Service Edge (SASE), today announced that its existing strategic alliance
NormCyber announces new ISO27001 consultancy services (NormCyber) NormCyber announces new ISO27001 consultancy services to enable mid-sized organisations to flexibly procure compliance services
Mimecast Partner ONE™ Program Launches to Unify and Scale Channel Program (GlobeNewswire News Room) Streamlined partner program emphasizes Mimecast’s commitment to enhancing the partner experience, bringing new incentives, investments, and competencies...
Code42 Releases Insider Risk Management Program Launchpad to Accelerate Program Buildout (Code42) Code42 Software, Inc., the Insider Risk Management (IRM) leader, today announced the release of its IRM Program Launchpad, a self-paced training offering designed exclusively for Code42 customers to help launch and mature their IRM program, increase program effectiveness, and maximize program ROI without extra legwork. Building an effective data protection program can be challenging for […]
Proofpoint Unveils New Security Awareness Features to Educate Users About Today’s Most Advanced Cyber Threats (Proofpoint) Adaptive groups, ML leveled phishing, and new content prepare users to defend themselves and their organizations
Sentra Empowers Enterprises to Curb Data Risks at Scale with Addition of Large Language Models to Classification Engine (PR Newswire) Sentra, the cloud data security leader, today announced that large language models (LLMs) are now included in its data classification engine,...
Rebrandly Launches New Marketplace -- Empowering Developers to Easily Integrate with Rebrandly's Leading Link Management and Click Tracking Solutions (PR Newswire) Rebrandly, the market-leading provider of link management solutions, today announced the launch of the Rebrandly Marketplace, a new cloud...
Gigamon Announces Precryption Technology, a Breakthrough Cybersecurity Innovation that Brings Deep Observability to Encrypted Traffic Across Any Hybrid Cloud Infrastructure (Business Wire) Powerful technology captures packets inside the Linux kernel, bringing plaintext visibility to encrypted traffic to eliminate the most significant security blind spot across virtual, cloud, and container applications
Axiad Achieves FedRAMP Ready Certification Status (PR Newswire) Axiad, a leading provider of organization-wide passwordless orchestration, today announced its Axiad Cloud platform has achieved The Federal...
Marygold & Co. partners with Sardine and Incode to protect clients’ financial futures with artificial intelligence (GlobeNewswire News Room) Harnessing its new partners’ AI-driven security platforms, the Marygold & Co. fintech app better secures client payments and accounts in the digital age...
United States Patent and Trademark Office Takes Innovative Approach to Machine Identity Management With Venafi (Business Wire) Government Agency Automates Digital Certificate Management to Reduce Complexity and Prevent Security Incidents
Skybox Security Unveils Next-Generation of Continuous Exposure Management Platform (Business Wire) Significant Enhancements in Attack Surface and Vulnerability Management Solutions Empower Organizations to Mitigate Cyber Exposure Risk
Technologies, Techniques, and Standards
The MOVEit Hack, Ransomware Attacks, and Cyber Insurance (The National Law Review) Ransomware attacks and cyber data theft are an unfortunate fact of life for businesses. Whether through attacks targeting individual companies or widespread
Why Cyber Risk Quantification Needs a Trust Makeover? (Balbix) With this blog, we begin the series dedicated to exploring the nuances of cyber risk quantification.
Building Compliance from Scratch with a Culture of Security (Apptega) With the proper approach, MSPs can merge security programs with regular business operations by creating a culture of security.
CISA Announces Open Source Software Security Roadmap (Cybersecurity and Infrastructure Security Agency) The Cybersecurity and Infrastructure Security Agency (CISA) published the Open Source Software Security Roadmap today that articulates how the agency will enable the secure usage of open source software within the federal government and support a healthy, secure, and sustainable global open source software ecosystem.
Enhanced Data Resilience Will Help the Design and Construction Industry Face the Risks That Impact Their Businesses (Business Wire) A new study highlights the importance of data access in the new digital age, provides insights into how to manage the top risks companies face and demonstrates that designers and contractors underestimate the cyber risks they face.
2023 THE STATE OF AUTHENTICATION SECURITY REPORT [ENZOIC] (Cybersecurity Insiders) Authentication security remains a cornerstone of any cybersecurity strategy, yet it is an area fraught with challenges.
Design and Innovation
RevealSecurity Named SINET16 Innovator (PR Newswire) RevealSecurity, a leader in application detection and response, today announced it has been named a SINET16 Innovator Award winner for 2023....
Deepfactor Named a Winner in 2023 SINET16 Innovator Award (GlobeNewswire News Room) Group of 16 includes emerging companies identified as the most innovative and compelling technologies addressing cybersecurity threats and vulnerabilities...
Arctic Wolf CEO: 'AI is an opportunity for vendors and customers, but also bad actors' (CRN) Nick Schneider opens up about the opportunities and challenges facing the cybersecurity market
Generative AI: A pragmatic blueprint for data security (VentureBeat) Avoiding generative AI security tools due to fear, uncertainty and doubt may be more of a risk than diving headlong into the conversation.
M.B.A. Students vs. ChatGPT: Who Comes Up With More Innovative Ideas? (Wall Street Journal) We put humans and AI to the test. The results weren’t even close.
Meta is building an AI model as powerful as GPT-4, report says (Business Insider) The Facebook owner is developing an AI model that can go toe-to-toe with OpenAI's most powerful system, unnamed sources told The Wall Street Journal.
Generative AI Adoption Surges in Software Development Despite Security Risks, Sonatype Research Finds (Sonatype) New research from Sonatype reveals that generative AI adoption has surged in software development despite noted security risks.
Legislation, Policy, and Regulation
Revealed: The Country that Secretly Wiretapped the World for the FBI (404 Media) For years the FBI ran its own encrypted phone company to intercept messages from thousands of people around the globe. One country was critical to that operation, whose identity was unknown to the public. Until now.
Crypto Reg Affairs: Seoul developing crypto bill to combat North Korean illicit finance | Elliptic (Elliptic Connect) South Korea is reportedly planning to submit a bill that would track and freeze North Korean cryptocurrency and virtual assets that are used to fund its illicit weapons programs. Read more.
A top Canadian cyber official discusses major threats, challenges (Washington Post) Sami Khoury talks Canadian cyber challenges, threats
DOJ to ‘Surge’ Resources at Corporate Crimes With National Security Implications (Wall Street Journal) Principal Associate Deputy Attorney General Marshall Miller cited the appointment of the National Security Division’s first chief counsel for corporate enforcement and its ongoing hiring of 25 prosecutors.
Senators Want ChatGPT-Level AI to Require a Government License (WIRED) A new US government body would force companies to seek a license before working on powerful AI models like OpenAI's GPT-4, under a bipartisan proposal by senators Richard Blumenthal and Josh Hawley.
White House mulls rating system to boost cybersecurity for critical infrastructure (Cybersecurity Dive) Anne Neuberger, deputy national security advisor for cyber, told the Billington Cybersecurity Summit that a new ransomware summit is set and updated a consumer labeling push for IoT.
What new federal cybersecurity policy means for government contractors (C4ISRNet) The most controversial section calls for holding software companies liable for producing insecure code.
Why keep the dual-hat arrangement between Cybercom and NSA? (Security Intelligence) One person has led the NSA and Cybercom since 2010. But many are asking whether this dual-hat arrangement should continue indefinitely.
State CIOs have a small, but important to-do list for their federal counterparts (Federal News Network) Alex Whitaker, the director of government affairs for the National Association of State Chief Information Officers, said pushing for broader adoption of the .gov domain and harmonization of federal…
Litigation, Investigation, and Law Enforcement
Revelations of Chinese espionage rock British Parliament (Washington Post) British politicians were asking for answers on Monday after it was revealed that two men — one working as a researcher in Parliament — were arrested in March on suspicion of spying for China.
It’s Google versus the US in the biggest antitrust trial in decades (AP News) Google will confront a threat to its dominant search engine beginning Tuesday when federal regulators launch an attempt to dismantle its internet empire in the biggest U.S. antitrust trial in a quarter century.
Dutch groups sue Google over alleged privacy violations (Reuters) The Dutch consumers' association Consumentenbond together with the Privacy Protection Foundation issued legal proceedings against Google on Tuesday for alleged large-scale privacy violations, they said in a statement.