New Trojan is simple, novel. Criminal activity targets East Asia. Insider risks. Applying SEC cyber rules. ICC hacked.

Announcement

Live Industry Panel: Bridging the IT and OT Gap for Effective Incident Response

While OT and IT networks have significantly converged to meet the demands of ongoing modernization, there are still distinct cybersecurity risks for each environment. Join Dave Bittner and guests, John Wood from Unit 42 by Palo Alto Networks and Vernon McCandlish from Dragos, on Tuesday, September 26th at 1pm ET for a live discussion on "Securing Industrial Infrastructure: Bridging the IT and OT Gap for Effective Incident Response." For more information and to register, visit thecyberwire.com/dragos.

Summary

By the CyberWire staff

At a glance.

ShroudedSnooper intrusion activity is both novel and simple.
Criminal malware from China prospects Sinophone victims.
Costs of insider risk.
More on the casino attacks (and related social engineering capers).
Clorox incident shows how one company navigates unfamiliar new SEC rules.
The International Criminal Court reports a "cybersecurity incident."

ShroudedSnooper intrusion activity is both novel and simple.

Cisco Talos describes a new intrusion set dubbed “ShroudedSnooper” that’s targeting telecommunications providers in the Middle East. The threat actor is using two implants Cisco Talos calls “HTTPSnoop” and “PipeSnoop.” Talos states, “Based on the HTTP URL patterns used in the implants, such as those mimicking Microsoft’s Exchange Web Services (EWS) platform, we assess that this threat actor likely exploits internet-facing servers and deploys HTTPSnoop to gain initial access.” The researchers add, “HTTPSnoop is a simple, yet effective, backdoor that consists of novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs and execute that content on the infected endpoint.” There's no attribution, yet, and Talos says that the group's tactics, techniques, and procedures don't match any known groups, and so they're tracking the activity as representing something new. The report notes, however, that state-sponsored groups, particularly groups operating on behalf of Iran and China, have recently shown a strong preference for attacking telecommunication providers, especially providers in the Middle East and Asia. For more on ShroudedSnooper, see CyberWire Pro.

Criminal malware from China prospects Sinophone victims.

Proofpoint is tracking suspected Chinese cybercriminal campaigns targeting Chinese-speaking users with malware-laden phishing emails: “Campaigns are generally low-volume and are typically sent to global organizations with operations in China. The email subjects and content are usually written in Chinese, and are typically related to business themes like invoices, payments, and new products. The targeted users have Chinese-language names spelled with Chinese-language characters, or specific company email addresses that appear to align with businesses' operations in China.”

While most of the activity is focused on users in China, at least one campaign is targeting Japanese organizations, which the researchers believe suggests “a potential expansion of activity.”

Why AI Is at Risk for Supply Chain Attacks and How You Can Address It.

As companies rush AI applications to market, pre-built open source binaries such as Python wheels have become widely adopted, even as they pose an increasing risk for supply chain attacks.

This webinar covers:

What are pre-built binaries and Python wheels
The state of open source software supply chain risks
How organizations can ensure secure, scalable use of open source for AI, even in the cloud

Costs of insider risk.

DTEX Systems has published a report conducted by the Ponemon Institute looking at the costs of insider risk: “The average annual cost of an insider risk has increased to $16.2M – a 40% increase over four years. Meanwhile the average number of days to contain an insider incident has increased to 86 days.” The report also found that the vast majority (90%) of insider risk budgets are spent after an insider incident has already occurred: “Only 10% of insider risk management budget (averaging $63,383 per incident) was spent on pre-incident activities: $33,596 on monitoring and surveillance, and $29,787 on ex-post analysis (this includes activities to minimize potential future insider incidents and steps taken to communicate recommendations with key stakeholders). The remaining 90% (averaging $565,363 per incident) was spent on post-incident activity cost centers: $179,209 on containment, $125,221 on remediation, $117,504 on investigation, $113,635 on incident response, and $29,794 on escalation.”

Join us for the 2023 Gone Phishing Tournament.

To coincide with Cybersecurity Awareness Month, Fortra’s Terranova Security is proud to host a new edition of the Gone Phishing Tournament.

Co-sponsored by Microsoft, the event uses real-world simulations to establish accurate phishing benchmarking statistics to help you drastically reduce your cyber security risk levels. 

In 2022, over 1.2 million participating end users tested their cyber knowledge during the Gone Phishing Tournament. Can your team outsmart this year’s simulation? Register for free.

More on the casino attacks (and related social engineering capers).

Okta has told Reuters that the criminals from ALPHV (also known as BlackCat) and Scattered Spider (the gangs are entangled in an affiliate relationship) used vishing attacks against MGM Resorts and Caesars Entertainment. They posed as employees and inveigled IT staff into giving them access to the companies' Okta client. This enabled the attackers to obtain further credentials within the Okta identity management system used by the organizations. Okta said that three of its other customers (unnamed, but said to be in the manufacturing, retail, and technology sectors) have recently sustained similar attacks. On August 31st the identity management provider warned of this trend. "Okta has observed attacks in which a threat actor used social engineering to attain a highly privileged role in an Okta customer Organization (tenant)," the company blogged. "When successful, the threat actor demonstrated novel methods of lateral movement and defense evasion. These methods are preventable and present several detection opportunities for defenders." Prevention would include adopting "phishing-resistant methods for enrollment, authentication and recovery," tight privilege management, and implementation of "dedicated access policies for administrative users." Okta also recommends close monitoring and swift investigation of any "anomalous use of functions reserved for privileged users."

Of the two casino chains hit, Caesars Entertainment saw data belonging to its loyalty program affected, but was able to keep its operations online during the incident. The Form 8-K the company filed with the SEC strongly hinted that it had paid the attackers ransom. MGM Resorts has had by all accounts a more difficult time. The New York Post reports that MGM continues to have trouble with its slot machines and hotel systems eight days after the attack was detected. The company is estimated to be losing as much as $8.4 million per day in revenue.

The MGM and Caesars incidents come as public companies come to grips with recently promulgated US Securities and Exchange Commission (SEC) regulations mandating quick disclosure of cyber incidents deemed likely to have a material effect on a business. These two companies face an additional regulatory burden, Dark Reading points out, in the form of oversight by the Nevada Gaming Control Board, whose regulation 5,260 requires "covered entities" (including casino operators) to establish effective cybersecurity measures. In the event of an incident "resulting in a material loss of control, compromise, unauthorized disclosure of data or information, or any other similar occurrence," a casino operator must disclose the incident to the Board within seventy-two hours and undertake both investigation and remediation of the incident.

Clorox incident shows how one company navigates unfamiliar new SEC rules.

The cyberattack that disrupted operations at Clorox was among the first major incidents to fall under the US Securities and Exchange Commission (SEC) rules that went into effect on September 5th. (Compliance dates for mandatory reporting are somewhat later, falling for most companies in December. "The Form 10-K and Form 20-F disclosures will be due beginning with annual reports for fiscal years ending on or after December 15, 2023. The Form 8-K and Form 6-K disclosures will be due beginning the later of 90 days after the date of publication in the Federal Register or December 18, 2023," the SEC explained.) The Wall Street Journal reviews how the company has responded publicly to the incident. Clorox has issued six statements, including two Forms 8-K, since the incident was disclosed on September 14th, shortly after it was detected. There are at least two challenges: keeping reporting current as an investigation unfolds ("A stream of 8-Ks will be the new norm,” one expert told the Journal), and determining whether an incident has a material impact on a public company.

Rampant cloud activity?

Cloud risk can grow faster than your AWS bill (true story).

That’s why Wiz partnered with Wiley to create the AWS Security for Dummies eBook. This free pdf contains 46 pages of expert tips to harden your AWS environment, including:

How to get the basics right to help scale security
How to secure specific resources based on your usage
Which critical weaknesses to prioritize

Grab your free digital copy now and boost your AWS security posture.

The International Criminal Court reports a "cybersecurity incident."

Reuters reports that yesterday in the Hague the International Criminal Court (ICC) said it had sustained a "cybersecurity incident." Not only the ICC's staff, but also lawyers for both victims and accused were affected. The ICC's brief statement, communicated in its X (formerly Twitter) channel, said that the Court detected "anomalous activity affecting its information systems," at which time "immediate measures were adopted to respond to this cybersecurity incident and to mitigate its impact." The ICC is investigating with the help of Netherlands authorities, but beyond that the Court has so far offered no further information. In particular there's no attribution, but the most prominent cases before the ICC involve allegations of war crimes and crimes against humanity committed by Russia in the course of its invasion of Ukraine. The AP reviewed some recent history of Russia's troubled relations with the ICC: "Last year, a Dutch intelligence agency said it had foiled a sophisticated attempt by a Russian spy using a false Brazilian identity to work as an intern at the court, which is investigating allegations of Russian war crimes in Ukraine and has issued a war crimes arrest warrant for President Vladimir Putin, accusing him of personal responsibility for the abductions of children from Ukraine." Russia responded to the warrant, SecurityWeek reminds readers, by placing ICC prosecutor Karim Khan on its own “wanted” list.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

Security isn’t M365’s strongest suite.

The most popular email app is also the most targeted one. Out-of-the-box M365 security may leave your inbox vulnerable to attacks. Mimecastis optimized for M365 so that you can install the best email security in minutes and neutralize threats. Start a free trial today to fill the gaps in email security and help your employees and business Work Protected.

Notes.

Today's issue includes events affecting Australia, Belarus, China, Cuba, Denmark, Estonia, Ethiopia, Finland, Iran, Luxembourg, NATO/OTAN, the Netherlands, Qatar, Romania, Russia, Switzerland, Ukraine, the United Kingdom, the United Nations, and the United States.

Dateline: Russia's hybrid war against Ukraine.

Ukraine at D+573: Ukraine at the UN. (CyberWire) Ukraine continues its slow advance as President Zelenskyy implores the United Nations to stop Russian genocide.

Russia-Ukraine war: List of key events, day 574 (Al Jazeera) As the war enters its 574th day, these are the main developments.

'The Wiliest Is The Winner': Ukrainian Marine Infantry Gradually Breaks Through Russian Defenses (RadioFreeEurope/RadioLiberty) Ukraine has deployed four NATO-trained, Western-equipped brigades in a small sector of the southern front and made significant advances there. From recently recaptured trenches, the war seems endless, but from headquarters, it’s a battle of wits as well as weapons -- and the smarter side will win.

Revealed: how Russia deliberately targeted Kherson’s hospitals (the Guardian) Study shared exclusively with Guardian details extent of attacks in south Ukrainian city

Ukraine Has Liberated 54% of Territory Seized by Russia, Joint Chiefs Chairman Says (Military.com) The promising assessment comes as more than 50 countries gathered for their regular meeting -- known as the Ukraine Defense Contact Group.

Why Cubans are fighting for Russia in Ukraine (CNN) For months, hundreds of Cubans have quietly left the island to fight for Russia in its war in Ukraine, chasing promises of money and Russian citizenship from shadowy online recruiters, family members told CNN.

Children arrive in Belarus after being illegally removed from Ukraine (the Guardian) Almost 50 children from Donetsk, Luhansk and Zaporizhzhia were removed by Belarusian charity, according to Belta

Ukraine-Russia war: Stop 'shady deals' with Putin, says Zelensky (The Telegraph) Volodymyr Zelensky has told the UN General Assembly he is aware of “shady dealings” with Vladimir Putin to end the war in Ukraine.

Russia has turned food, energy and even children into weapons against Ukraine, Zelenskyy says at UN (AP News) Ukraine's leader and Russia’s top diplomat could cross paths at the United Nations this week.

Zelenskyy implores world leaders to stick with fight against Russia (NBC News) The Ukrainian president called for Russia to be punished for the invasion.

Ukraine’s Fight Is the World’s, Zelensky Tells U.N. Assembly (New York Times) Painting Vladimir Putin’s Russia as a nation that seeks to dominate others, President Volodymyr Zelensky cast his appeal for broad support as a matter of global security.

Biden, in U.N. Speech, Calls for Action on Ukraine and Other Crises (New York Times) As other major leaders skipped the annual opening session of the General Assembly, Mr. Biden used his address to try to counter war fatigue both at home and abroad.

Iran accuses US of stoking Ukraine war in UN speech, sparking Israel walkout (the Guardian) President Ebrahim Raisi tells the UN general assembly the project to ‘Americanise’ the world had failed

The UN is letting Putin off scot-free (The Telegraph) The intergovernmental organisation has failed to keep the world safe, and instead gives a platform to authoritarians and rogue states

Biden Warns International Community That Russia's 'Naked Aggression' Can't Be Appeased (RadioFreeEurope/RadioLiberty) U.S. President Joe Biden has warned world leaders at the United Nations General Assembly that allowing Ukraine “to be carved up” will mean no nation is secure.

Joe Biden will urge UN to expand Security Council (The Telegraph) US president wants to add countries including Germany and Japan to dilute influence of China and Russia

Putin “knows very well” NATO poses no security threat to Russia (Atlantic Council) Russia's recent demilitarization of its NATO borders proves that Putin does not view alliance as a genuine security threat and makes a complete mockery of Kremlin propaganda blaming the invasion of Ukraine on NATO, writes Peter Dickinson.

Air Defense Remains Top Priority at Meeting on Ukraine Defense (U.S. Department of Defense) Continued air defense support was a key topic during today's meeting of the Ukraine Defense Contact Group at Ramstein Air Base in Germany, where new Ukrainian Defense Minister Rustem Umerov attended

US defense chief urges nations to dig deep and give Ukraine more much-needed air defense systems (AP News) Defense Secretary Lloyd Austin is urging defense leaders to “dig deep” and provide more air defense systems for Ukraine, to help the country block increasing barrages of Russian missiles.

Defence Secretary pledges tens of thousands of more artillery shells for Ukraine (GOV.UK) The UK has delivered over 300,000 artillery shells to Ukraine and is committed to delivering tens of thousands more artillery shells this year, the Defence Secretary announced today.

Zelensky Cleans House in Corruption-Plagued Defense Ministry (New York Times) On the eve of a trip to the United States, Ukraine’s president is eager to demonstrate that the billions of dollars Washington is spending to aid his country is not being squandered.

What would it take to hold elections in Ukraine? (Atlantic Council) Calls for elections in Ukraine are premature and do not take into consideration the extremely unfavorable wartime conditions that make it virtually impossible to stage a free, fair, and safe vote, write Peter Erben and Gio Kobakhidze.

Ukraine battles Russian bid to have genocide case tossed out of the UN's top court (ABC News) Russia is calling a Ukrainian case alleging that Moscow abused the Genocide Convention to justify its invasion last year an “abuse of process.”

War crimes tribunal ICC says it has been hacked (Reuters) The International Criminal Court (ICC) said on Tuesday its computer system had been hacked, a breach at one of the world's most high-profile international institutions and one that handles highly sensitive information about war crimes.

International Criminal Court says cybersecurity incident affected its information systems last week (AP News) The International Criminal Court says it responded urgently to “anomalous activity affecting its information systems” last week.

Hackers breached International Criminal Court’s systems last week (BleepingComputer) The International Criminal Court (ICC) disclosed a cyberattack on Tuesday after discovering last week that its systems had been breached.

'Cybersecurity Incident' Hits ICC (SecurityWeek) The International Criminal Court detected "anomalous activity" in its IT systems and is responding to a "cybersecurity incident."

War crime investigators prepare case against Russia over food attacks (The Telegraph) Human rights lawyers believe Kremlin is ‘intentionally using starvation of civilians as a method of warfare’

Denmark joins IT coalition created for Ukrainian Armed Forces (Yahoo News) Denmark, together with Estonia and Luxembourg, announced their intention to support the Armed Forces of Ukraine and the Ukrainian Ministry of Defence in the field of information and communication technologies and cyber defence.

Former Belarusian Security Force Member Confesses In Swiss Court To Kidnapping Opposition Figures (RadioFreeEurope/RadioLiberty) Yury Harauski, a former member of Belarusian authoritarian leader Alyaksandr Lukashenka’s special security forces, has confessed in court to taking part in the kidnapping of three opposition figures who ended up dead.

US sanctions firms in China , Russia, Turkey over Iran’s drone program (C4ISRNet) Tensions between the U.S. and Iran remain high, despite the release of five American detainees from Iran this week.

Russian allegedly smuggled US weapons electronics to Moscow (Register) Feds claim sniper scope displays sold in sanctions-busting move

How The Ukraine War Hit The Economy Of Romania's Eastern Borderlands (RadioFreeEurope/RadioLiberty) This quiet corner of Romania has seen activity diminish further recently due to repeated Russian kamikaze drone strikes targeting Ukrainian ports across the river, and apparently sometimes slamming into Romanian territory.

Ukrainian First Lady's Apartment In Occupied Crimea To Be Sold At Auction (RadioFreeEurope/RadioLiberty) Russian-installed authorities in Ukraine's Moscow-annexed Crimea will put an apartment that belongs to Ukraine's first lady, Olena Zelenska, up for auction.

Attacks, Threats, and Vulnerabilities

US spy agency ‘hacked Huawei HQ’: China confirms Snowden leak (South China Morning Post) Chinese Ministry of State Security report acknowledges cyberattacks detailed in internal papers revealed by former contractor.

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware (WIRED) Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.

New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants (Cisco Talos) Cisco Talos recently discovered a new malware family we’re calling “HTTPSnoop” being deployed against telecommunications providers in the Middle East.

ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies (The Hacker News) Telecom providers in the Middle East face a stealthy cyber threat called ShroudedSnooper. It uses HTTPSnoop to exploit Windows HTTP kernel drivers.

Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (Proofpoint) Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically asso...

Nagios XI vulnerabilities resulting in privilege escalation (& more) (Outpost24) Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.

Qatar Cyber Chiefs Warn on Mozilla RCE Bugs (Dark Reading) The WebP vulnerability affects multiple browsers besides Firefox and Thunderbird, with active exploitation ongoing.

Inside the Code of a New XWorm Variant (The Hacker News) XWorm: The new kid on the malware block. ANY.RUN's analysts dive deep to expose its tactics and evasion techniques.

Threat Spotlight: How attackers use inbox rules to evade detection after compromise (Baracuda) Automated email inbox rules are a useful and familiar feature of most email clients. They help people manage their inboxes and the daily flood of wanted and unwanted communications by enabling them to move emails to specific folders, forward them to colleagues while they’re away, or simply delete them.

38TB Microsoft data leak highlights risks of oversharing (ComputerWeekly.com) An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing.

Microsoft’s 38TB Leak: How IT Leaders Should Respond (Information Week) Microsoft’s AI team’s Azure mistake led to a 38TB dump of private company data. Should CIOs worry about cloud security implications?

Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says (Reuters) Hackers who breached casino giants MGM Resorts International and Caesars Entertainment in recent weeks also broke into the systems of three other companies in the manufacturing, retail, and technology space, a security executive familiar with the matter said.

Las Vegas casino ransomware attacks: Okta in the spotlight (The Stack) "I think our biggest challenge was, and this is something we learned the hard way, was the password reset..."

MGM losing up to $8.4M per day as cyberattack paralyzes slot machines, hotels for 8th straight day: analyst (New York Post) MGM Resorts has officially entered its eighth day of “cybersecurity issues” that have silenced slot machines and shut down internal computer systems, costing the hotel and casino chain …

Caesars reports cyberattack but did not go offline (Top Class Actions) Caesars Entertainment disclosed to federal regulators it suffered a data breach Sept. 7 as a result of a cyberattack against the casino company and its online operations.

What Las Vegas tourists need to know about casino hacks (Washington Post) Cyberattacks on MGM and Caesars put gamblers’ personal information at risk

MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (Dark Reading) MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom.

Marvell disputes claim that Cavium backdoored its chips (Register) Allegations date back a decade to leaked Snowden docs

Nuance Communications, Inc. Confirms MOVEit Data Breach Compromised Consumer Data (JD Supra) On September 18, 2023, Nuance Communications, Inc. (“Nuance”) filed a notice of data breach with the Attorney General of Texas after discovering that...

Pizza Hut Australia hack: data breach exposes customer information and order details (the Guardian) Company says it believes about 193,000 customers are affected by the breach, which it spotted in early September

Essential Lessons from the Duolingo API Breach (Cequence Security) The API breach that exposed information on 2.6 million customer accounts, and how such data could be better protected.

CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28434 MinIO Security Feature Bypass Vulnerability

Security Patches, Mitigations, and Software Updates

CISA Releases Four Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released four Industrial Control Systems (ICS) advisories on September 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-262-01 Siemens SIMATIC PCS neo Administration Console ICSA-23-262-03 Omron Engineering Software Zip-Slip ICSA-23-262-04 Omron Engineering Software ICSA-23-262-05 Omron CJ/CS/CP Series

GitLab urges users to install security updates for critical pipeline flaw (BleepingComputer) GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies.

New Pegasus Spyware Zero-Click Patched Out by Apple in Ongoing Battle Against Commercial Zero-Days (CPO Magazine) NSO Group appeared to be on the ropes after the publication of the “Pegasus Project” reports in late 2021, which led to a subsequent patch of a zero-click iMessage exploit that its Pegasus spyware relied on to compromise iPhones. NSO appears to have unearthed more zero-days in the interim, however, and Apple has recently announced the patching of another iMessage vulnerability that involved exploitation of image attachments.

Trends

Cado Security Labs Researchers Witness a 600X Increase in P2Pinfect Traffic (Cado Security) Cado Security Labs have been tracking P2Pinfect since August 2023. This blog summarizes the latest updates.

August Ransomware Recap: Sixth Month in a Row with YoY Increase (Corvus Insurance) It didn’t feel like it, but some ransomware groups took a summer break. Here’s what you need to know.

AT&T Cybersecurity Insights Report: Focus on Manufacturing (AT&T) We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Manufacturing. The report examines the edge ecosystem, surveying manufacturing IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on manufacturing report documented how we secure the data, applications, and endpoints that rely on edge computin

Threat Labs Report — FINANCIAL SERVICES 2023 (Netskope) Gain insights into the threats targeting the financial services sector. Learn how organizations can defend against these threats.

Why cybersecurity's software vulnerability crisis is year-round now (Axios) A wave of newly discovered critical software vulnerabilities has been keeping cybersecurity teams working overtime this summer.

SpyCloud Report: Infostealer Malware is a Precursor to Ransomware Attacks (Business Wire) 79% of organizations are confident in their ransomware defenses, but only 19% are addressing the malware threat

83% of IT Security Professionals Say Burnout Causes Data Breaches (PR Newswire) Devo Technology, the cloud-native security analytics company, today unveiled the results of a new study examining the ramifications of...

Marketplace

Alcion Raises $21 Million for Backup-as-a-Service Platform (SecurityWeek) Data management startup Alcion has raised $21 million in a Series A funding round led by Veeam to expand its market presence.

CrowdStrike confirms its Bionic.ai acquisition, sources say for $350M (TechCrunch) Update: CrowdStrike has now officially confirmed the deal. As we previously reported, CrowdStrike will merge Bionic's tech with its Falcon product. "The

US cyber giant CrowdStrike snaps up Israeli-founded cloud security startup Bionic (Times of Israel) Company has developed a ‘Google Maps' security platform to help businesses protect their software applications from cyber threats

New Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard (WatchGuard Technologies) Once integrated into the WatchGuard Unified Security Platform architecture, the CyGlass technology will deliver AI- and ML-based detection of network anomalies and accelerate Open XDR capabilities.

Discern Security lands funding round as it launches world's first AI powered security policy management platform (Yahoo Finance) Discern Security launches with $3m funding round to enhance performance of cybersecurity tools used by businesses, as it builds ties with Fortune 500 enterprises and cybersecurity firms.

HiddenLayer raises $50M for its AI-defending cybersecurity tools (TechCrunch) HiddenLayer, a startup building tools to defend AI models from attack, has raised $50 million in a fresh funding round.

HiddenLayer Raises Hefty $50M Round for AI Security Tech (SecurityWeek) Texas startup attracts major investor interest to build an MLMDR (machine learning detection and response) technology.

George Kurtz’s 5 Boldest Statements At CrowdStrike Fal.Con 2023 | CRN (CRN) CrowdStrike CEO George Kurtz spoke about generative AI and the new Raptor data lake during his Fal.Con 2023 keynote.

SailPoint approaching $600M ARR and exceeding 50% YoY increase in SaaS revenue (Yahoo Finance) SailPoint Technologies, Inc. ("SailPoint" or the "Company"), a leader in enterprise identity security, has surpassed key growth and revenue milestones, underscoring the strength of SailPoint’s multi-tenant SaaS platform and the Company’s expectations of continued acceleration. SailPoint has recently achieved annual recurring revenue (ARR) approaching $600 million and more than a 50% YoY increase in SaaS revenue in the first half of 2023.

On the Cybersecurity Jobs Shortage (Schneier on Security) In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage

What's in a name? Five vendors reveal their name origins (CRN) Splunk, Snyk, N-able, Arctic Wolf and Zyxel - ever wonder how these companies landed on their names?

Admiral (Ret.) Craig Faller Joins Strider Technologies as an Advisor (Strider Intel) Strider Technologies, Inc. ("Strider"), the leading provider of strategic intelligence, today announced that Admiral (Ret.) Craig Faller is joining the company as an Advisor. In this role, Admiral Faller will provide Strider valuable insight on our strategic priorities, product development, and other opportunities to achieve our long-term goals.

Former GCHQ chief joins security investment group Gallos as chai (Financial Times) Jeremy Fleming’s appointment a feather in the cap of fledgling investment company

Stack Identity Announces Official Formation of Advisory Board, Appoints Multiple Cybersecurity Leaders to Solve Shadow Access Problem (Business Wire) Former Crowdstrike chief product officer, Amol Kulkarni, and former Accurics CEO and serial entrepreneur, Sachin Aggarwal, join as newest members

Products, Services, and Solutions

Venafi Leverages Generative AI to Manage Machine Identities (SecurityWeek) Venafi launched a proprietary generative AI model to help with the mammoth, complex, and expanding problem of managing machine identities.

Dragos Expands CrowdStrike Partnership to Provide Comprehensive Visibility, Detection, and Response Capabilities Across IT and OT Networks (Business Wire) New integrations bring customers a holistic, intelligence-driven approach to threat detection and response across critical infrastructure and industrial organizations

These New Alerts Notify You When Something's Phishy (Dashlane) Dashlane is the first password manager to offer built-in, proactive phishing alerts. Now available in the Dashlane web extension.

Venafi Brings New AI Innovation to Control Plane for Machine Identities (Business Wire) Venafi Athena Leverages Power of Generative AI and Machine Learning to Deliver Industry’s First Intelligent Machine Identity Management Capabilities

LogRhythm Announces Partnership with Novacoast to Enhance Security Services Through Axon (LogRhythm) This partnership marks a significant milestone as Novacoast becomes the first LogRhythm Axon service provider to provide level one and level two analyst services and custom content for the cloud-native SaaS SIEM platform.

Acronis Unveils First Ever AI-powered All-in-One Cyber Protection Solution for Consumers (GlobeNewswire News Room) Acronis Cyber Protect Home Office protects data, devices, and identity security in a single, innovative offering...

Zscaler Partners with Imprivata and CrowdStrike to Announce New Zero Trust Security Solution for Healthcare Organizations (GlobeNewswire News Room) End-to-End Threat Protection, Visibility, and Traceability Capabilities Provide Role-Based Controls to Protect Against Growing Ransomware Threats Against...

Forward Networks Wins Stratus Award for Second Consecutive Year (PR Newswire) The Business Intelligence Group today announced that it has awarded Forward Networks the 2023 Stratus Award in the Security category. This...

Blues Expands Notecard Offerings for Enhanced IIoT Connectivity (PR Newswire) Blues, a leader in IIoT technology enabling global connectivity solutions, today announced a series of enhanced offerings based on its flagship...

Akamai Extends Its Industry-Leading DDoS Defense with Prolexic On-Prem and Hybrid Options Powered by Corero (Akamai) Partnership will offer customers best-in-class security and reliability

Veeam Achieves International Common Criteria Certification for Cyber Resilience from U.S National Information Assurance Partnership (Veeam Software) Veeam Achieves International Common Criteria Certification for Cyber Resilience from U.S National Information Assurance Partnership

Wing Security Launches Compliance-Grade SaaS Security Solution for Just $1.5K (Business Wire) This new SaaS protection tier for mid-market companies focuses on the most critical security tasks, as defined by compliance standards (ISO27001/SOC2)

McAfee Launches AI-powered Scam Protection to Spot and Block Scams in Real-Time (Business Wire) McAfee’s patented and powerful AI technology addresses the rise in AI-generated phishing scams by proactively detecting URLs for you.

Dig Security Enhances DSPM Platform to Secure Enterprise Data in On-Prem File-Share Environments (PR Newswire) Dig, the cloud data security leader, today announced the expansion of the Dig Data Security Platform to protect data anywhere enterprises store...

CyberArk Collaborates with Accenture to Deliver Advanced Privileged Access Management Solutions for Clients (Business Wire) Accenture Also Utilizes CyberArk Cloud in Its Own Cyber Defense Strategy

Skyhawk Security Launches Comprehensive Generative AI Benchmark Ranking LLMs Based on Cyber Threat Scoring Capabilities (GlobeNewswire News Room) Free resource analyzes the performance of ChatGPT, Google BARD, Claude, LLAMA2-based open LLMs...

Telesign Scans the Dark Web to Catch Intrusions and Protect Identities with New Breached Data Offering (GlobeNewswire News Room) New add-on to Telesign’s Identity product family enables customers to know if and when a phone number—and any associated data—has been compromised...

New Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard (GlobeNewswire News Room) Once integrated into the WatchGuard Unified Security Platform architecture, the CyGlass technology will deliver AI- and ML-based detection of network...

Synopsys Recognized as a Leader in Static Application Security Testing by Independent Research Firm (Synopsys) Synopsys received the second highest score in the current offering category and tied for the second highest scores in the strategy and market presence categories SUNNYVALE, Calif., Sept. 20, 2023...

1Password Launches Mobile Support for Passkeys (Business Wire) Identity security leader offers the first end-to-end passkey experience to safeguard digital identities across platforms and devices

Improved Digital Employee Experiences, Expedited Investigations and the Fastest Tanium Ever: Announcing Our Q3 Products, Features, and Updates (Tanium) Learn about the new features to Tanium Digital Employee Experience (DEX), a new module to XEM Core, and an upgraded, faster platform.

HUMAN Security and Locality Partner to Help Local CTV Advertisers Reach Quality Consumers (HUMAN) HUMAN Security, Inc. — the global cybersecurity leader in protecting enterprises by disrupting bot attacks, digital fraud and abuse with modern defense, today announced a new strategic partnership with Locality, the industry’s preeminent local television solutions provider.

Sonar Delivers Clean Code with Zero-Configuration Analysis of C and C++ Projects (Sonar) Press Release - SonarCloud zero-configuration, automatic analysis feature removes friction to analyzing C and C++ projects, regardless of compiler

Cloud Range Delivers Next-Generation Cyber Range-as-a-Service with Range365™ (Business Wire) Cloud Range Range365 delivers an on-demand, fully customizable cyber range sandbox for unlimited cybersecurity simulation training and live production environment testing

Veracode Named a Leader in The Forrester Wave™: Static Application Security Testing, Q3 2023 (Veracode) Veracode earns the top scores across the Current Offering, Strategy, and Market Presence (tied) categories.

SentinelOne® Achieves 100% Prevention and Detection in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise (SentinelOne) Singularity™ XDR provides real-time protection with zero delays or configuration changes

Technologies, Techniques, and Standards

Australia to build ‘six cyber shields’ to defend nation (Register) Local corporate regulator warns boards that cyber is totally a directorial duty

OSINT: Revolution or Renaissance? (AFCEA International) Expanding capabilities will benefit decision-makers and the intelligence community.

The Rise of OSINT: Few Rules, Many Opportunities (AFCEA International) Open-source intelligence investigations must be well-sourced and protected from cyber or physical attacks.

President's Commentary: The Ever-expanding Value of OSINT (AFCEA International) Open-source intelligence (OSINT) may be entering its heyday due to the sheer volume of information available, the emergence of artificial intelligence (AI) to help sort through it, and the relatively low cost of collecting, analyzing, disseminating and exploiting it.

Unsung Hero in Cyber Risk Management (Trend Micro) Behind the scenes of the world of vulnerability intelligence and threat hunting there is an unsung hero in cyber risk management - learn who.

What do you Need to Know When Creating a Data Breach Investigation and Mitigation Checklist? (BlackFog) Ask these key questions as part of your data breach investigation and mitigation checklist to stand the best chance of recovering from a data breach.

Why it’s Crucial to Protect Loyalty Data (Total Retail) With customers willing to hand over their data for discounts and rewards, especially as we find ourselves in a time of economic turmoil, firms end up with more and more sensitive data that they need to protect. But how can organizations protect loyalty data effectively? And where should they start?

Why CISOs need zero trust as a ransomware shield (VentureBeat) To limit an attack's blast radius, it is critical to have zero trust and microsegmentation hardened with real-time credential validation.

Design and Innovation

TikTok debuts new tools and technology to label AI conten (TechCrunch) As more creators turn to AI for their artistic expression, there's also a broader push for transparency around when AI was involved in content creation.

SecureAuth Awarded New Patents for Identity Proofing (SecureAuth) SecureAuth, a leader in authentication and access management, today announced that the United States Patent and Trademark Office (USPTO) has granted the company three groundbreaking patents for identity verification using Bluetooth®, personal attributes, and environmental information.

ConnectWise Announces PitchIT Accelerator Program Finalists for 2023 (GlobeNewswire News Room) With $100k Investment on Offer, Each of the Finalists' Solutions Will be Judged at IT Nation Connect...

Research and Development

DARPA Turns to AI to Secure Cyberspace (Meritalk) The Defense Advanced Research Projects Agency (DARPA) has turned to artificial intelligence (AI) capabilities to bolster cybersecurity defenses against continued and growing threats, an agency official explained last week.

Paperclip SAFE® Awarded Patent for Secure Data Processing (GlobeNewswire News Room) Paperclip was awarded Canadian Patent No. 3,087,924 to protect its proprietary data encryption process...

Academia

80% of education providers hit with ransomware last year, Biden administration responds (Atlas VPN) As the 2023 academic year kicks off, schools across the globe are facing an escalating cybersecurity crisis, the Atlas VPN team reports. Data shows the education sector is the most targeted industry by cybercriminals, primarily motivated by the high percentage of schools choosing to pay the ransom.

Legislation, Policy, and Regulation

Ethiopian region’s internet blackout continues as human rights situation deteriorates (Record) A militia group seized control of several towns in the Amhara region in early August, and internet access has been largely unavailable, experts say, as the Ethiopian military cracks down.

UK opens new chapter in digital regulation as parliament passes Online Safety Bill (TechCrunch) Controversial UK legislation that brings in a new regime of content moderation rules for online platforms and services -- establishing the comms watchdog Controversial UK legislation that brings in a new regime of content moderation rules for online platforms and services has been passed by parliament today, paving the way for Royal Assent and the Online Safety Bill becoming law in the coming days.

UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption (Record) Parliament has finished its work on the Online Safety Bill, ending a legislative saga that focused the U.K.'s attention on how far the government should go to control certain online behaviors.

Nordstream trauma leads Berlin to draw up fresh Huawei bans (POLITICO) Plans under discussion include bans on core and sensitive parts of telecoms networks.

The Biden Administration’s Implementation Plan for the National Cybersecurity Strategy (Default) The first installment of the implementation plan provides insight into how the Biden administration intends to achieve the National Cybersecurity Strategy’s goals.

Experts fret over fate of CISA cyber programs as shutdown clouds loom (SC Media) A hearing ostensibly focused on CISA's CDM and EINSTEIN cybersecurity programs took a detour as witnesses strongly warned Congress that a shutdown could imperil federal cybersecurity efforts.

Proposals to streamline cyber incident reporting rules win cautious praise (Washington Post) Cyber reporting regulations are proliferating. Here’s what a federal council says should be done about that.

Litigation, Investigation, and Law Enforcement

Contents of the Piilopuoti web server seized by Finnish Customs – major breakthrough in the anonymous Tor network (Tulli) Finnish Customs has seized the “Piilopuoti” web server in cooperation with foreign authorities, and seized the contents of the server. The web server was operational in the Tor network since 2022.

Finland, Europol take down PIILOPUOTI dark web marketplace (Record) Law enforcement officials in Finland worked with Europol and a cybersecurity firm to take down a dark web marketplace called PIILOPUOTI.

Virginia, other US states back Montana in TikTok ban -court filing (Reuters) A group of 18 state attorneys general said on Monday they backed Montana's effort to ban Chinese-owned short video app TikTok, urging a U.S. judge to reject legal challenges ahead of the Jan. 1 effective date.

UMass Medical School Sued Over MOVEit File-Transfer Data Breach (Bloomberg Law) The University of Massachusetts Chan Medical School failed to safeguard the confidential information of 134,000 people, who receive public assistance, when their personal information was exposed in a data breach connected to a cyberattack on Progress Software Corp.'s MOVEit file-transfer app, according to a proposed class action.

UnitedLex faces potential class action over data breach (Kansas City Business Journal) A data breach in March compromised the personal information for an estimated 7,000 people. That has led to a lawsuit, now in federal court, against data and professional services company UnitedLex.

Snap Finance’s $1.8 Million Data Breach Settlement Gets Early OK (Bloomberg Law) Customers of Snap Finance LLC won preliminary approval for a $1.8 million class action settlement with the company, resolving allegations that the digital lender’s negligence allowed hackers access to sensitive data in federal Utah court.

FTX Sues Sam Bankman-Fried’s Parents to Claw Back Funds (Bloomberg) FTX was a self-described ‘family business,’ lawsuit says. Advisers allege fraud was perpetrated for insiders’ benefit.

ESET wins long-running patent dispute against Finjan (EIN News) Jury vindicates ESET following eight-year court battle

Sysadmin admits to part in mega Avaya license scam (Register) Could spend 20 years in prison after selling $88M in ADI software keys

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

SINET New York 2023 (New York, New York, USA, Oct 5, 2023) SINET events provide exclusive opportunities to engage directly with a select network of influential thought leaders, solution providers, researchers and investors from the global security community. SINET invites you to become an event sponsor and receive the unique advantage of showcasing your company’s offering directly to high level decision makers and influencers from the security profession.

Gone Phishing Tournament (Virtual, Oct 9 - 27, 2023) The annual Gone Phishing TournamentTM allows you to benchmark your organization's phishing resilience against true global standards. It's not just an exciting event but also a proven way to build a robust cyber-aware culture within your organization. It’s an online phishing tournament that uses real-world simulations to establish accurate phishing clickthrough rates and additional benchmarking statistics for end user behaviors.

Blu Cyber Venture Forum (Rockville, Maryland, USA, Oct 19, 2023) Presented by Blu Venture Investors, the Blu Cyber Venture Forum is the leading conference in the East for creating outcomes-based connections between early stage cybersecurity companies and institutional investors. Use code CYBERWIRE20 for 20% off.

Events

mWISE™–Mandiant Worldwide Information Security Exchange (Washington, DC, USA, Sep 18 - 20, 2023) The global community of security practitioners comes together at mWISE to share unique knowledge for strengthening their defenses, individually and together. Featuring frontline experts, critical insights and cutting edge trends, mWISE is for practitioners who want to uplevel their excellence together with the industry’s best.

Fal.Con (Las Vegas, Nevada, USA, Sep 18 - 21, 2023) Fal.Con is where the greatest minds in cybersecurity come together to protect and power businesses. If you want to network with industry experts, explore the latest technology, build skills at hands-on workshops, learn from skilled threat hunters, and tap into the full power of the CrowdStrike ecosystem, this is the place to be.

SECtember (Bellevue, Washington, USA, Sep 18 - 22, 2023) Taking place just a ride share away from the centers of cloud innovation, Cloud Security Alliance's SECtember is bringing together leading experts at the forefront of cloud security, providing deep insights into how organizations, industries and nations are protecting their most vital assets and systems in the cloud. Interactive sessions will cover the hottest technology trends and vetted best practices that keep some of the most iconic brands secure. From AI to Zero Trust, SECtember will deliver the knowledge and networking security leaders need to stay ahead of the cybersecurity curve.

Women4Cyber Conference “Hacking Gender Barriers” (Madrid, Spain, Sep 26 - 27, 2023) The Women4Cyber Conference “Hacking Gender Barriers” will take place in September 2023 in Madrid. It will be the very first conference in Europe organised by Women4Cyber bringing women and men together to collaborate on building diversity in our field.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.