Ransomware and materiality. MetaStealer targets businesses. Cloud attacks. His Highness the large language model. Spyware vs. Meduza. Lessons from a hacktivist auxiliary.

Summary

By the CyberWire staff

At a glance.

MGM Resorts incident now believed to be ransomware.
Materiality of a cyber incident, as seen in the MGM and Caesars ransomware attacks.
MetaStealer targets businesses.
Cloud access with stolen credentials.
The cloud as an expansive attack surface.
His Highness the LLM Prince of (some of) Nigeria (and his widows and business managers, too).
The Meduza spyware incident.
Lessons from a Ukrainian hacktivist auxiliary.

MGM Resorts incident now identified as ransomware.

The attack on MGM Resorts International is now generally held to be a ransomware operation, but there's some lack of clarity over which gang is responsible. Vx-underground tweeted that the ALPHV ransomware gang had claimed responsibility, and that the attackers gained access through social engineering, specifically vishing. They put it this way: “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.” Hackread offers a more extensive account of this attribution that's open to the possibility that the attackers may represent an ALPHV subgroup.

But it seems increasingly unlikely that it was ALPHV. Other sources, Bloomberg and Reuters among them, charge the attack to Scattered Spider, also known as UNC3944, a younger criminal organization. (Younger both in terms of its recent appearance and the ages of its members, some of whom are believed to be teenagers operating from the US and the UK.) Some of the confusion may arise from Scattered Spider's use of ransomware encryptors and dump-site infrastructure made available by ALPHV. ALPHV has traded these in the C2C markets, the FBI says, since April of 2022 at least. In this case there may have been some direct collaboration between Scattered Spider and ALPHV. Scattered Spider has shown considerable aptitude for social engineering, attributable in part to their vishing operators being native speakers of English.

The hospitality sector, and especially its casino subsector, has long been more security-aware than most, but the Wall Street Journal concludes that connectivity in the industry seems to have outrun the casinos' ability to secure their systems. Recovery has involved reversion to many long-sidelined manual systems, giving the affected casinos a curiously retro, "oddly analog vibe."

Earn your cybersecurity master’s from an NSA-recognized institution.

Further your career and secure your future with an advanced degree from the George Washington University — choose from 100% online master’s in cybersecurity analytics or in cybersecurity policy & compliance. Designed by D.C. experts and taught by cybersecurity leaders, these programs integrate computer science and engineering courses to give you the well-rounded expertise you need for leadership roles and professional advancement. Discover how you can get a world-class education made for working professionals.

Materiality of a cyber incident, as seen in the MGM and Caesars ransomware attacks.

Bloomberg says that Scattered Spider is believed to have been responsible for a ransomware attack against MGM Resorts competitor Caesars Entertainment a few weeks earlier. Caesars is expected to disclose the attack, which began on August 27th, in regulatory filings "imminently." The company had not yet done so as of this morning. Bank Info Security reports indications that Caesars paid the ransom demanded--some $15 million, or half of the extortionists' demand.

Moody's Investor Service evaluated the incident and said, in an assessment they provided the CyberWire, that the incident is "credit negative" for MGM Resorts International. The downtime in particular was a problem for a business that relies heavily on technology, especially when that downtime entails potential revenue losses. MGM Resorts will also be dealing with "reputational risk and any direct costs related to investigation and remediation." There's a risk of litigation as well. In general, Moody's regards "the gaming and gambling industry as carrying moderate cybersecurity risk" because of its high degree of digitization and the large quantities of potentially valuable personal information companies in the sector tend to hold.

MGM Resorts International, in a Form 8-K filed yesterday with the Securities and Exchange Commission (SEC), warned that the incident represents a material risk to the company. The 8-K said, "MGM Resorts recently identified a cybersecurity issue affecting certain of the Company’s systems. Promptly after detecting the issue, we began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and are taking steps to protect our systems and data, including shutting down certain systems. Our investigation is ongoing, and we are working diligently to resolve the matter. The Company will continue to implement measures to secure its business operations and take additional steps as appropriate.” New SEC regulations require companies to disclose cyber incidents that have a material effect on a public company. There's been much discussion of what counts as "materiality," with companies having considerable (unwelcome) latitude in reaching their own definition. The ransomware attacks on MGM Resorts and Caesars Entertainment offer two examples of companies' judgments of materiality. For more on the MGM Resorts ransomware incident, see CyberWire Pro.

MetaStealer targets businesses.

SentinelOne has published an analysis of MetaStealer, a malware family designed to target macOS. The malware is distributed via social engineering with business-themed lures: “This specific targeting of business users is somewhat unusual for macOS malware, which is more commonly found being distributed via torrent sites or suspicious third-party software distributors as cracked versions of business, productivity or other popular software.” Once installed, the malware attempts to exfiltrate data, particularly passwords saved in the keychain.

Why AI Is at Risk for Supply Chain Attacks and How You Can Address It.

As companies rush AI applications to market, pre-built open source binaries such as Python wheels have become widely adopted, even as they pose an increasing risk for supply chain attacks.

This webinar covers:

What are pre-built binaries and Python wheels
The state of open source software supply chain risks
How organizations can ensure secure, scalable use of open source for AI, even in the cloud

Cloud access with stolen credentials.

IBM X-Force has released its 2023 Cloud Threat Landscape Report, finding that 36% of cloud security incidents in 2023 resulted from the theft of valid credentials, compared to just 9% in 2022: “X-Force engagements reveal that, often, credentials with overprivileged access are left exposed on user endpoints in plaintext, creating an opportunity for attackers to establish a pivot point to move deeper into the environment or access highly sensitive information. Specifically, plaintext credentials were located on user endpoints in 33% of X-Force Red’s adversary simulation engagements that involved cloud environments during the reporting period.”

The researchers add, “Microsoft Outlook Cloud credentials accounted for over 5 million mentions on illicit marketplaces — by far the most popular access for sale.”

The cloud as an expansive attack surface.

Palo Alto Networks has released its Unit 42 Attack Surface Threat Report for 2023, finding that 80% of security exposures are located in cloud environments. These exposures are often introduced through changes in cloud services, which occur frequently: “Over 45% of most organizations’ high-risk, cloud-hosted exposures in a given month were observed on new services that hadn’t been present on their organization's attack surface in the month prior. Thus, the creation of new, publicly accessible cloud services (both intended and unauthorized) is a risk factor related to nearly half of all high-criticality exposures at a given time.”

His Highness the LLM Prince of (some of) Nigeria (and his widows and business managers, too).

Abnormal Security warns that cybercriminals are using generative AI tools like ChatGPT to improve upon classic Nigerian prince scams: “Spelling mistakes and grammatical errors have long been characteristics of an attack, making them easy to spot even if they did land in the inbox. But with the rise of generative AI, this is no longer the case.” Some threat actors are sending a combination of human- and AI-generated emails, which the researchers think “is an indication that cybercriminals are still testing out the technology to determine how useful it may be for their work.” The scammers have also shifted the themes of these emails, with many of them referring to business transactions rather than personal ones.

Fortra Discusses Developing the Framework for a Culture of Security Awareness.

From gaining buy-in to staying engaged during leadership churn, Fortra walks you through the ins-and-outs of bringing a culture of cybersecurity to your company. With over two decades of security awareness training expertise, we know the pitfalls and can prepare you for persistent success. Learn from our experience how to:

Communicate a cybersecurity framework
Increase engagement
Plan for leadership turnover
Leverage safety net technology
And more

Read Now.

The Meduza spyware incident.

Investigation of the installation of Pegasus spyware on the phone of Galina Timchenko, an expatriate Russian journalist who's the founder and CEO of the exiled Russian Meduza news service, continues. While circumstantially Russian security services would be the obvious suspects, it's not at all clear that such attribution would be correct. There's the possibility that an intelligence service of another government, possibly Latvia, which gave Meduza refuge when it was forced from Russia, could be responsible. Research by Access Now and Citizen Lab stops short of calling out any government as responsible for the incident. There have been twenty-two operators of Pegasus in fourteen European countries. Latvia is thought to be one of the forty-five countries worldwide where Pegasus has been used, but Riga isn't known to have deployed the surveillance tool outside its borders. The installation of the spyware took place while Timchenko and her device were in Germany.

Meduza has long been a critic of President Putin's regime. The publication's editor-in-chief said, in a long statement about the incident, "Hackers have been targeting Meduza’s founders and employees since the very first months of our existence. Their tactics have included DDoS attacks, phishing attempts, sophisticated attacks on our email newsletters, and elaborate attempts to hack our mobile application (which can still circumvent Russia’s censors)." Meduza expressed its gratitude to Europe in general and to Latvia in particular: "We’re very grateful to Europe. The hospitality of Latvia, where our editorial office has been located since 2014, is one of the key factors that has allowed Meduza to succeed." But the statement went on to express concerns that Meduza and organizations like it may now be caught between the repressive apparatus of the governments they've fled and the suspicious intelligence services of the counties that offer them asylum.

SlashNext Complete™ AI Security for Email, Mobile and Browser

At SlashNext, we know the demands of a changing and growing threat landscape increase the need to protect people where they work in real time. That’s why SlashNext Complete delivers zero-hour protection for how people work today across email, mobile, and browser apps. With SlashNext’s generative AI to defend against advanced business email compromise, smishing, spear phishing, executive impersonation, and financial fraud, your people are always protected anywhere they work. Request a demo today.

Lessons from a Ukrainian hacktivist auxiliary.

Technopedia discussed wartime lessons learned from the operations of the IT Army of Ukraine with one of the group's spokesmen, Harv Xavier. He drew four lessons from the hacktivist auxiliary's experiences. They seem equally applicable to its Russian counterparts.

"DDoS Attacks are a Go-To Tool for Hackers." The IT Army says that distributed denial-of-service (DDoS) is one of its "go-to techniques." It's used that technique especially against Russian logistical targets. Interestingly, such attacks against "specialized stores" has made it somewhat more difficult for newly mobilized Russian troops to purchase "quality equipment," targeting that says as much about Russian logistical shortfalls as it does about Ukrainian hacktivism. Banks have also been targets of DDoS attacks.
"Exposed Data Assets Will Be Weaponized." The IT Army has frequently resorted to doxing. Much of the doxing has targeted individual Russian servicemembers and adherents of Russian patriotic organizations. Some of the compromised data have been turned over to law enforcement authorities.
"Websites Remain a High-Value Target." Defacement is a common tactic.
"Never Underestimate How IT Systems Can Be Exploited." Disruption of connected services can cause physical, kinetic, inconvenience. Xavier cited a Moscow traffic jam deliberately induced by abusing Yandex Taxi's ride-hailing service as an example.

The attacks share these features: they're opportunistic, they don't require a high degree of technical sophistication, and they lend themselves to decentralized execution.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

Notes.

Today's issue includes events affecting Argentina, Armenia, Estonia, Germany, the Democratic People's Republic of Korea, Latvia, NATO/OTAN, Russia, Turkey, Ukraine, the United Kingdom, the United Nations, and the United States.

Dateline: Russia's hybrid war against Ukraine.

Ukraine at D+567: Investigating Meduza's Pegasus infestation. (CyberWire) The Pegasus attack against Meduza remains unattributed. A representative of the IT Army of Ukraine shares some wartime lessons from the hacktivist auxiliary.

Russia-Ukraine war: List of key events, day 568 (Al Jazeera) As the war enters its 568th day, these are the main developments.

Live Briefing: Russia Invades Ukraine (RadioFreeEurope/RadioLiberty) RFE/RL's Ukraine Live Briefing gives you the latest developments on Russia's ongoing invasion, Western military aid, global reaction, and the plight of civilians. The Live Briefing presents the latest developments and analysis, updated throughout the day.

Russian submarine hit by British Storm Shadow missile strike (The Telegraph) Fires blaze at Sevastopol shipyard after Ukraine attacks Russia’s key Black Sea fleet base

Ukrainian intel confirms damage to Russian landing ship, submarine in Sevastopol (Ukrinform) Ukrainian intelligence has confirmed that a Russian large landing ship and submarine were hit by missile strikes in temporarily occupied Sevastopol. — Ukrinform.

Ukrainian missiles strike Russia’s Black Sea fleet in Crimea (the Guardian) Large vessel and submarine damaged beyond repair in Sevastopol in what could be biggest single attack of war, intelligence official confirms

Zelensky’s commandos are crushing their enemy behind the frontline – just like Britain in WWII (The Telegraph) Young, untrained Russian soldiers fear the prospect of daring Ukrainian raids, crossing vast rivers to capture them

First-Person Firepower: Ukrainian Drone Unit Hunts Down Russian Armor (RadioFreeEurope/RadioLiberty) Remotely piloting fast, light FPV (or First-Person View) drones, a Ukrainian aerial attack unit has become adept at chasing down Russian targets. RFE/RL's Maryan Kushnir travels to the front with the operators who are hunting down enemy artillery with increasing accuracy.

Zelenskyy heading to New York to court the rest of the world (POLITICO) Ukrainian leaders are trying to shore up support from dozens of countries and hope in-person talks will make a difference.

What Russia's Refusal to Restore the Ukraine Grain Deal Means for Its Ties With Turkey (RANE) Despite failing to achieve a new grain deal, Turkey and Russia will retain their pragmatic relationship due to economic benefits and weakening competition in other areas of foreign policy.

Is Armenia Turning To The West? (RadioFreeEurope/RadioLiberty) A series of demonstrative anti-Russian statements, and the hosting of an unprecedented military exercise with U.S. troops, has raised speculation that Armenia's slow drift away from Russia may be reaching a breaking point.

Boris Johnson attacks UK aid to Ukraine: ‘What the hell are we waiting for?’ (the Guardian) Former PM says west is dragging its feet in support for Ukraine and calls for urgent supply of weaponry in Spectator column

The Missing Escalation in Ukraine (Foreign Affairs) In defense of the West’s go-slow approach.

Former generals urge House to approve Ukraine aid as Republican resistance grows (Stars and Stripes) Retired Air Force Gen. Philip Breedlove, a former NATO Supreme Allied Commander, and retired Lt. Gen. Ben Hodges, the former commanding general for U.S. Army forces in Europe, made the appeal in a letter this week to House Speaker Kevin McCarthy.

Even in Europe, we are not safe A statement from Meduza editor-in-chief Ivan Kolpakov (Meduza) Meduza was launched in Riga in 2014. We’ve been working in the European Union for nearly 10 years. During that time, our publication has gone from being a tiny media startup with about 15 employees to being the world’s largest international Russian-language news outlet.

Pegasus Infection of Galina Timchenko, exiled Russian Journalist and Publisher (The Citizen Lab) In an investigative collaboration with Access Now, the Citizen Lab has analyzed forensic artifacts from the iPhone of award-winning exiled Russian investigative journalist Galina Timchenko and found with high confidence that on or around February 10th, 2023 it was infected with NSO Group’s Pegasus spyware.

Hacking Meduza: Pegasus spyware used to target Putin’s critic (Access Now) The publisher of Russian independent media org Meduza was hacked with NSO’s Pegasus spyware. As both Russia and Latvia are potential culprits, Access Now demands accountability and sanctions.

NSO Spyware Hacked Independent Russian Journalist, Researchers Say (Bloomberg) Digital-rights groups say Pegasus infected Meduza CEO’s iPhone. CEO’s phone attacked after Russia labeled media group a threat.

4 Lessons From the Ukraine IT Army’s Cyber Operations Against Russia (Techopedia) Harv Xavier, an IT Army of Ukraine representative, shares details on some of the operations the group has been involved in against Russia.

Electronic warfare in Ukraine informing US playbook (Defense News) “Both sides are doing the cat-and-mouse game very, very well,” said Col. Josh Koslov, the commander of the 350th Spectrum Warfare Wing.

Ukraine's Fight on the Front Lines of the Information Environment (Modern War Institute) In early August 2023, residents of Russian-annexed Crimea received phone calls containing a recorded message urging them to avoid military infrastructure, naval bases, and assembly areas for military equipment in […]

Putin will give me a jail sentence for opposing his war in Ukraine, but he won’t silence me | Alexander Rodnyansky (the Guardian) Russia’s president is wrong if he mistakes the silence of most of his people for tacit support, says film-maker Alexander Rodnyansky

Attacks, Threats, and Vulnerabilities

Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes (Akamai) Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-3676 with a CVSS score of 8.8.

macOS Info-Stealer Malware 'MetaStealer' Targeting Businesses (SecurityWeek) The MetaStealer macOS information stealer has been targeting businesses to exfiltrate keychain and other valuable information.

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments (Security Intelligence) Get top insights from the 2023 Cloud Threat Landscape Report, provided by IBM X-Force.

The Nigerian Prince is Alive and Well: Cybercriminals Use Generative… (Abnormal) Scams about the Nigerian Prince that promise millions have been around for decades. But they are transitioning, now using ChatGPT and similar tools to seem more convincing.

Caesars Entertainment Paid Millions to Hackers in Attack (Bloomberg) Hackers stole data, extorted company, people familiar said. Caesars breach came in weeks before MGM announced cyberattack.

Caesars Paid Ransom After Suffering Cyberattack (Wall Street Journal) Caesars is second major casino operator hit by hackers in recent weeks.

The Cyberattack That Sent Las Vegas Back in Time (Wall Street Journal) The security issue left MGM Resorts hotels on the Strip with an oddly analog vibe.

Pro Take: MGM Casino Hack Shows Challenge in Defending Connected Tech (Wall Street Journal) The attack shows how hacks can significantly disrupt operations.

ALPHV Ransomware Used Vishing to Scam MGM Resorts Employee, Researchers (Hackread) The responsibility for the MGM Resorts cyberattack has been claimed ALPHV ransomware group.

PSA: Ongoing Webex malvertising campaign drops BatLoader (Malwarebytes) Corporate users performing Google searches for the popular conferencing software Webex are being targeted in a malvertising campaign.

Data stolen from Hong Kong Cyberport includes staff details, credit card records (South China Morning Post) Tech hub, which did not disclose the hacking until last week after hacking came to light on social media, says data leakage took place on August 18.

Rollbar discloses data breach after hackers stole access tokens (BleepingComputer) Software bug-tracking company Rollbar disclosed a data breach after unknown attackers hacked its systems in early August and gained access to customer access tokens.

Airbus data leaked via infected customer computer (Register) Ransomware group nicked info from employee of airline, say researchers

DEED's jobs website for unemployed Minnesotans hacked (Star Tribune) The Department of Employment and Economic Development has notified jobseekers of the unauthorized access to information in the MinnesotaWorks.net website.

Vendor used by Baylor College of Medicine for employee wellness portal reports possible data breach (KPRC) A vendor used by Baylor College of Medicine for its employee wellness portal has reported a potential data security breach.

City of Tomball, Texas, Announces Data Breach in the Wake of 2022 Ransomware Attack (JD Supra) On September 12, 2023, the City of Tomball, Texas (“Tomball”) filed a notice of data breach with the Attorney General of Texas after learning that the...

Microsoft's Security Culture Just Isn't up to Scratch (Seriously Risky Business) Last week, Microsoft released its latest report into how its services were compromised by a China-based actor it called Storm-0558. It's an eye opening document that raises some red flags about Microsoft's security culture.

Wi-Fi radio signal data can be used 'to predict passwords' (Register) Fun technique – but how practical is it?

Malware Detection: Evasion Techniques (Cyfirma) In today’s ever-evolving cybersecurity landscape, the role of malware detection solutions has reached a critical juncture in safeguarding against...

Critical WebP bug: many apps, not just browsers, under threat (Stack Diary) A significant vulnerability in the WebP Codec has been unearthed, prompting major browser vendors, including Google and Mozilla, to expedite the release

CISA Adds Three Known Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-35674 Android Framework Privilege Escalation Vulnerability CVE-2023-20269 Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability CVE-2023-4863 Google Chrome Heap-Based Buffer Overflow Vulnerability

Security Patches, Mitigations, and Software Updates

Mozilla Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, and Thunderbird. A cyber threat actor can exploit this vulnerability to take control of an affected system.

New Windows 11 feature blocks NTLM-based attacks over SMB (BleepingComputer) Microsoft added a new security feature to Windows 11 that lets admins block NTLM over SMB to prevent pass-the-hash, NTLM relay, or password-cracking attacks.

Trends

A Cyber Attack's Emotional Toll Is More Impactful Than Financial Loss Reveals KnowBe4 (The Fintech Times) KnowBe4 research shows 50% of victims feel a significant psychological impact as a result of falling for a scam.

GRIT Ransomware Report: August 2023 (Guidepoint Security) August’s trends in ransomware highlight that as much as the ransomware environment changes, it also stays the same. While at first glance August’s statistics reflect a 25% decrease in total observed victims, the removal of Clop’s mass campaign victims across the past two months results in a different picture, in which the total victims across other groups modestly increased or remained constant month-over-month.

Enterprise Strategy Group Research Reveals Majority Organizations View Ransomware as a Top-three Threat to the Viability of the Business (Business Wire) To mitigate ransomware attacks, IT professionals must consider both business-related and infrastructure data equally

ICS Computers in Western Countries See Increasing Attacks: Report (SecurityWeek) ICS computers in the Western world have been increasingly attacked, but the percentages are still small compared to other parts of the globe.

Marketplace

Digital forensics firm Binalyze raises $19M to investigate cyber threats (TechCrunch) Binalyze, a digital forensics and investigation platform, has raised $19 million in a venture funding round.

Alarum Announces Closing of $4.25 Million Private Placement (GlobeNewswire News Room) The Company’s Chairman of the board, its Chief Executive Officer and its Chief Financial Officer invested more than $1.0 million in the Offering TEL AVIV,...

Goldilock Secures 1.7 million USD Seed Round Led by New York Angels and Harvard Business School Alumni Angels of Greater New York (Business Wire) British company gains support of well-known US angel investors for its unique hardware approach to cybersecurity

Google to cut hundreds of jobs out of its global recruiting team (Silicon Valley Business Journal) Google LLC intends to cut hundreds of jobs from its global recruiting team, the Mountain View-based company confirmed Wednesday.

Google lays off hundreds of employees (ET CIO) Google is laying off hundreds of employees from its recruiting team globally, as the new hiring has slowed down at the Alphabet company, the media reported.

Dell Technologies’ August Layoffs Cost $364M In Severance Charges, SEC Filings Show (CRN) Dell Technologies has shelled out $740 million this year in two rounds of layoffs which have targeted the infrastructure leader’s sales force.

Serial cybersecurity founders get back in the game (Help Net Security) Serial cybersecurity founders enter the new game with more maturity, confidence, and focus for the startup journey.

Introducing BlackBerry Fact Check (BlackBerry) BlackBerry Fact Check is an initiative dedicated to calling out and correcting untrue or misleading information about BlackBerry that could adversely affect our customers. There is no trust without truth and while everyone is entitled to their own opinion, they are not entitled to their own facts.

Aryaka SD-WAN and SASE Services Delivered 113% ROI and $2.48 Million in Net Present Value Over Three Years According to Total Economic Impact Study (PR Newswire) Aryaka®, the leader in Unified SASE solutions, today announced the results of a business benefit analysis and its ability to aid businesses...

Dell’Oro Group Again Ranks Versa Networks as the Current Worldwide Unified SASE Market Share Leader (Versa Networks) Dell’Oro Group Research Ranked Vendors Based on Q2 2023 Worldwide Revenue; Reveals Worldwide SASE Market Annual Revenue will Increase to More Than $14B in 2027

Virtru unveils new headquarters and technology hub in Washington, D.C. (GlobeNewswire News Room) The HUB, Virtru’s new headquarters on Pennsylvania Avenue, will serve as an innovation center for local cybersecurity leaders...

Qrypt Appoints FS-ISAC CEO, Steven Silberstein, to Board of Advisors (Business Wire) Qrypt, the pioneering quantum-secure encryption company, today announced Steven Silberstein, the CEO of FS-ISAC (the Financial Services Information Sharing and Analysis Center), is joining its Board of Advisors. With more than 25 years of experience in financial services, technology and cybersecurity, Silberstein is a longstanding leader in promoting data security and protecting the financial sector from cybersecurity threats.

Products, Services, and Solutions

ConnectWise Announces Integrations with Microsoft in Collaboration to Benefit Managed Service Providers, Worldwide (GlobeNewswire News Room) MSPs Gain Strengthened Cybersecurity Management, Streamlined IT Management, Improved Operational Efficiency...

SentinelOne® Launches Singularity™ RemoteOps Forensics for Incident Response and Evidence Acquisition (Business Wire) New solution combines forensics evidence with real-time telemetry to deliver unified insights into security incidents analysts need to perform investigation and response activities with efficiency and speed

Alkira Boosts Global Expansion Efforts for Enterprises with Cloud Exchange Point Presence in China (PR Newswire) Alkira®, the pioneer in agentless, multi-cloud networking, today announced availability of Alkira Cloud Exchange Point® (CXP) in China,...

SecurityScorecard Joins Forces with Measured Analytics and Insurance to Deliver Industry-First Cyber Insurance Discounts for Top Security Ratings (Business Wire) Continuous cyber risk assessments with actionable threat mitigation plans reduce breach likelihood and financial vulnerability

Adaptive Shield Now Available on Google Cloud Marketplace (Business Wire) Delivers Businesses Fast Path to Securing Growing SaaS Environments

BackBox Announces Strategic Partnership and Product Integration with Paessler AG – BackBox Software (BackBox Software) Paessler PRTG and BackBox now integrate seamlessly to provide a complete NOC stack DALLAS, TX – Sept. 13, 2023 — BackBox, the world’s most trusted network automation company, today announced a strategic partnership with Paessler AG, the monitoring experts for IT infrastructures and networks. In addition, BackBox and Paessler PRTG now work together seamlessly to support

Adlumin Unveils Warranty and Cyber Insurance Offerings that Make Coverage Attainable and Affordable for Previously Unprotected Small and Mid-Sized Organizations (Business Wire) Adlumin Protection Plus Suite Receives Cysurance Certification to Provide Low Friction Path to Complementary Financial Protection

Ivanti and Catchpoint Partner to Proactively Address Remote Connectivity Issues and Enhance Workforce Productivity (Business Wire) The partnership expands the Ivanti Digital Experience Score with application and network visibility to detect and troubleshoot remote connectivity issues before they impact the workforce.

OneSpan Named a Leader in Worldwide eSignature Software Vendor Assessment by the IDC MarketScape (OneSpan) OneSpan™, the digital agreements security company, announced it was named a Leader in the “IDC MarketScape Worldwide eSignature Software 2023 Vendor Assessment."

Checkly Expands Monitoring Capabilities with Introduction of Heartbeat Checks (PR Newswire) Checkly, the leading provider of monitoring solutions powered by a Monitoring as Code (MaC) workflow, today announced the introduction of...

SentinelOne Earns Top Honors Across Five Key Security Categories in 2023 PeerSpot Awards (Business Wire) Trusted customer review platform validates company’s leadership in XDR, EDR, EPP, MDR, and Anti-Malware solutions through verified user feedback

DoControl Integrates with HRIS Platforms to Mitigate Insider Threats (PR Newswire) DoControl, the leading SaaS Security Platform (SSP), today announces integration with popular Human Resources Information System (HRIS)...

Technologies, Techniques, and Standards

CISOs and Board Reporting – an Ongoing Problem (SecurityWeek) For CISOs to gain board support, they must translate and report technical cybersecurity concerns and solutions into language that can be understood.

Why executives should never be exempted from cybersecurity policy (CSO Online) Some are fine with C-suite executives opting out of cybersecurity measures for the sake of convenience. It’s a bad idea.

180 minutes to kill: Can the Air Force update EW within 3 hours of detecting a new threat? (Breaking Defense) “Our mindset has to be that we use the spectrum to kill faster, not to protect things,” said Col. Joshua Koslov. “The more things we kill, the less things that can hurt us.”

Defining Shadow Access: The Emerging IAM Security Challenge | CSA (CSA) Shadow Access is the unmonitored, unauthorized, invisible, unsafe and generally over-permissioned access in your cloud environment. In short, the unintended access to your applications and data. The consequences of Shadow Access are massive and threaten to impact any organization that has an evolving cloud. This short document intends to summarize the background, causes, impact and path forward to regain the benefits of a dynamic and secure cloud environment.

Bit-Wizards Urges Businesses to Assess BCDR Plans Amidst Height of Hurricane Season (GlobeNewswire News Room) Managed IT Services company, Bit-Wizards, encourages businesses of all sizes to assess their...

Research and Development

Distributed Energy Resources Get Cybersecurity Boost With $39M DOE Funding (SecurityWeek) The US Department of Energy gives $39 million in funding for nine projects to advance the cybersecurity of distributed energy resources.

Legislation, Policy, and Regulation

UN debates how to define cybercrime (Ideastream Public Media) While cybercrime is a problem around the world, agreeing on a definition on the international stage has been a huge challenge. That's plainly been on display at the United Nations recently.

Musk Warns Senators About AI Threat, While Gates Says the Technology Could Target World Hunger (Wall Street Journal) Tech leaders debate perils and possibilities of artificial intelligence at closed-door Senate session.

Regulation of Artificial Intelligence in Insurance: Balancing consumer protection and innovation | The Geneva Association (The Geneva Association) Artificial intelligence (AI) can allow insurers to provide more personalised services as well as coverage for risks that were previously difficult to insure. Enhanced risk assessment and claims management, as well as lower costs due to increased efficiency, may also increase the affordability and attractiveness of insurance.

China’s Apple iPhone Ban Appears to Be Retaliation, US Says (Bloomberg) The White House said it believes China’s moves to institute and expand a government ban on iPhones is an attempt to retaliate against the US as it weighed in for the first time on the backlash against Apple Inc.

China Flags ‘Security Incidents’ With Apple’s iPhones (Bloomberg) The Chinese government’s position on Apple Inc. only grew more muddled Wednesday, with Beijing both pushing back on reports about iPhone restrictions but also raising concerns about security problems with the device.

White House urging dozens of countries to publicly commit to not pay ransoms (Record) The National Security Council wants all members of the International Counter Ransomware Initiative to sign on to a statement saying their governments won't pay ransoms to cybercrime groups.

NSA plans new ‘innovation pipeline’ to focus on China (Federal News Network) The new concept, “Red Ventures,” will help the NSA coordinate both internal ideas and work with outside partners on technology innovation.

Readout from CISA’s 2023 Third Quarter Cybersecurity Advisory Committee Meeting (Cybersecurity and Infrastructure Security Agency) Today, the Cybersecurity and Infrastructure Security Agency (CISA) held its third quarter Cybersecurity Advisory Committee (CSAC) meeting.

CISA advisory committee urges action on cyber alerts and corporate boards (CyberScoop) The advisory committee delivered a lengthy list of recommendations to CISA Director Jen Easterly on Wednesday.

Lawmaker slams White House refusal to create plan for economy after potential cyberattack (Record) Rep. Andrew Garbarino, chairman of a House cybersecurity subcommittee, says it's "scary" that the Biden administration won't produce a "COTE" plan specifically for a cyberattack. The White House argues that such plans already exist elsewhere.

Litigation, Investigation, and Law Enforcement

FBI probing MGM Resorts cyber incident as some casino systems still down (Reuters) The FBI said on Wednesday it was investigating a cybersecurity incident at gaming giant MGM Resorts International that kept several of the casino operator's systems paralyzed for a third straight day.

MGM Resorts says cyberattack could have material effect on company (NBC News) The company’s corporate email, restaurant reservation and hotel booking systems remain offline as a result of the attack, as do digital room keys.

MGM Resorts cybersecurity breach could cost millions, expert says (KLAS) The breach suffered by MGM Resorts International may cost the company millions of dollars, cybersecurity experts said Tuesday.

Google Antitrust Trial: Google Viewed Exclusive Search Deals as a ‘Weapon,’ Justice Department says (New York Times) A lawyer for the federal government argued that Google has illegally protected its internet search monopoly using deals struck with smartphone makers. Google’s lawyer says governments want people to use inferior products.

CareFirst Data Breach Suit Moves Forward Despite ‘Thin’ Evidence (Bloomberg Law) Customers of CareFirst Inc. advanced a proposed class action alleging it failed to protect the personal information of more than one million people that was exposed in a 2014 data breach.

Capita class action: 2,000 sign up in wake of data theft (Register) Pensioners, employees and medical pros among those aiming to be compensated for data exposure

The Twisted Eye in the Sky Over Buenos Aires (WIRED) A scandal unfolding in Argentina shows the dangers of implementing facial recognition—even with laws and limits in place.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Join us for the 2023 Gone Phishing Tournament. (Virtual, Oct 9 - 27, 2023) The annual Gone Phishing TournamentTM allows you to benchmark your organization's phishing resilience against true global standards. It's not just an exciting event but also a proven way to build a robust cyber-aware culture within your organization.

Events

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Sep 11 - 15, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps.

2023 PCI SSC North America Community Meeting (Portland, Oregon, USA, Sep 12 - 14, 2023) Join your global payment security peers at the 2023 PCI SSC Community Meetings! PCI SSC Community Meetings bring together the brightest minds in payment security. Don’t miss the opportunity to collaborate and learn about the latest developments in global payment security and in the PCI Security Standards.

Secure Our Streets Conference (Virtual, Sep 14, 2023) The inaugural International ASRG conference SOS (Secure Our Streets) is all about automotive cybersecurity: the latest interesting insights, technologies, solutions, and processes from companies and leaders with well-known experience in the industry. Passenger cars, commercial vehicles, and more are fast becoming the world’s most sophisticated computers, effectively networks on wheels, and they have become a great target for cybercriminals. The OEMs and the suppliers are also facing new standards and regulations such as ISO/SAE-21434 and UN R155, which require reorganization, impose new responsibilities, and require new resources, new culture, and new processes. At SOS, we will explore existing and emerging cybersecurity challenges and solutions.

National Insider Threat Special Interest Group - Melbourne, Florida Chapter Kickoff Meeting (Melbourne, Florida, USA, Sep 18, 2023) The National Insider Threat Special Interest Group (NITSIG) is excited to announce the establishment of a Melbourne, Florida Chapter. The meeting will focus on; Going Beyond Traditional Definitions Of Insider Threats, Eye Opening Damages And The Many Different Types Of Organizations Impacted From Insider Threats, Employee Motivations + Contributing Organizational Factors That Turn Trusted Employees' Into Malicious Employees, Insider Threat Mitigation Guidance, Question / Answer Session.

Immersive Tech Panel Series: Vehicles (Virtual, Sep 18, 2023) The Future of Privacy Forum has kicked off its Immersive Tech Panel Series, examining the new privacy risks and policy questions that arise when immersive technologies are integrated into domains like health, advertising, transportation, AI, and education. Join us for a forward-looking conversation on the issues raised by the use of immersive technologies like extended reality (XR) in cars, both for safety and convenience. What kinds of data are collected through sensors, cameras, and user input? What are the relevant privacy laws, policies, and ethical considerations organizations should be mindful of? This event will provide valuable insights and guidance to professionals, researchers, and enthusiasts interested in exploring the intersection of immersive technology and vehicles.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.