Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+573: Ukraine at the UN. (CyberWire) Ukraine continues its slow advance as President Zelenskyy implores the United Nations to stop Russian genocide.
Russia-Ukraine war: List of key events, day 574 (Al Jazeera) As the war enters its 574th day, these are the main developments.
'The Wiliest Is The Winner': Ukrainian Marine Infantry Gradually Breaks Through Russian Defenses (RadioFreeEurope/RadioLiberty) Ukraine has deployed four NATO-trained, Western-equipped brigades in a small sector of the southern front and made significant advances there. From recently recaptured trenches, the war seems endless, but from headquarters, it’s a battle of wits as well as weapons -- and the smarter side will win.
Revealed: how Russia deliberately targeted Kherson’s hospitals (the Guardian) Study shared exclusively with Guardian details extent of attacks in south Ukrainian city
Ukraine Has Liberated 54% of Territory Seized by Russia, Joint Chiefs Chairman Says (Military.com) The promising assessment comes as more than 50 countries gathered for their regular meeting -- known as the Ukraine Defense Contact Group.
Why Cubans are fighting for Russia in Ukraine (CNN) For months, hundreds of Cubans have quietly left the island to fight for Russia in its war in Ukraine, chasing promises of money and Russian citizenship from shadowy online recruiters, family members told CNN.
Children arrive in Belarus after being illegally removed from Ukraine (the Guardian) Almost 50 children from Donetsk, Luhansk and Zaporizhzhia were removed by Belarusian charity, according to Belta
Ukraine-Russia war: Stop 'shady deals' with Putin, says Zelensky (The Telegraph) Volodymyr Zelensky has told the UN General Assembly he is aware of “shady dealings” with Vladimir Putin to end the war in Ukraine.
Russia has turned food, energy and even children into weapons against Ukraine, Zelenskyy says at UN (AP News) Ukraine's leader and Russia’s top diplomat could cross paths at the United Nations this week.
Zelenskyy implores world leaders to stick with fight against Russia (NBC News) The Ukrainian president called for Russia to be punished for the invasion.
Ukraine’s Fight Is the World’s, Zelensky Tells U.N. Assembly (New York Times) Painting Vladimir Putin’s Russia as a nation that seeks to dominate others, President Volodymyr Zelensky cast his appeal for broad support as a matter of global security.
Biden, in U.N. Speech, Calls for Action on Ukraine and Other Crises (New York Times) As other major leaders skipped the annual opening session of the General Assembly, Mr. Biden used his address to try to counter war fatigue both at home and abroad.
Iran accuses US of stoking Ukraine war in UN speech, sparking Israel walkout (the Guardian) President Ebrahim Raisi tells the UN general assembly the project to ‘Americanise’ the world had failed
The UN is letting Putin off scot-free (The Telegraph) The intergovernmental organisation has failed to keep the world safe, and instead gives a platform to authoritarians and rogue states
Biden Warns International Community That Russia's 'Naked Aggression' Can't Be Appeased (RadioFreeEurope/RadioLiberty) U.S. President Joe Biden has warned world leaders at the United Nations General Assembly that allowing Ukraine “to be carved up” will mean no nation is secure.
Joe Biden will urge UN to expand Security Council (The Telegraph) US president wants to add countries including Germany and Japan to dilute influence of China and Russia
Putin “knows very well” NATO poses no security threat to Russia (Atlantic Council) Russia's recent demilitarization of its NATO borders proves that Putin does not view alliance as a genuine security threat and makes a complete mockery of Kremlin propaganda blaming the invasion of Ukraine on NATO, writes Peter Dickinson.
Air Defense Remains Top Priority at Meeting on Ukraine Defense (U.S. Department of Defense) Continued air defense support was a key topic during today's meeting of the Ukraine Defense Contact Group at Ramstein Air Base in Germany, where new Ukrainian Defense Minister Rustem Umerov attended
US defense chief urges nations to dig deep and give Ukraine more much-needed air defense systems (AP News) Defense Secretary Lloyd Austin is urging defense leaders to “dig deep” and provide more air defense systems for Ukraine, to help the country block increasing barrages of Russian missiles.
Defence Secretary pledges tens of thousands of more artillery shells for Ukraine (GOV.UK) The UK has delivered over 300,000 artillery shells to Ukraine and is committed to delivering tens of thousands more artillery shells this year, the Defence Secretary announced today.
Zelensky Cleans House in Corruption-Plagued Defense Ministry (New York Times) On the eve of a trip to the United States, Ukraine’s president is eager to demonstrate that the billions of dollars Washington is spending to aid his country is not being squandered.
What would it take to hold elections in Ukraine? (Atlantic Council) Calls for elections in Ukraine are premature and do not take into consideration the extremely unfavorable wartime conditions that make it virtually impossible to stage a free, fair, and safe vote, write Peter Erben and Gio Kobakhidze.
Ukraine battles Russian bid to have genocide case tossed out of the UN's top court (ABC News) Russia is calling a Ukrainian case alleging that Moscow abused the Genocide Convention to justify its invasion last year an “abuse of process.”
War crimes tribunal ICC says it has been hacked (Reuters) The International Criminal Court (ICC) said on Tuesday its computer system had been hacked, a breach at one of the world's most high-profile international institutions and one that handles highly sensitive information about war crimes.
International Criminal Court says cybersecurity incident affected its information systems last week (AP News) The International Criminal Court says it responded urgently to “anomalous activity affecting its information systems” last week.
Hackers breached International Criminal Court’s systems last week (BleepingComputer) The International Criminal Court (ICC) disclosed a cyberattack on Tuesday after discovering last week that its systems had been breached.
'Cybersecurity Incident' Hits ICC (SecurityWeek) The International Criminal Court detected "anomalous activity" in its IT systems and is responding to a "cybersecurity incident."
War crime investigators prepare case against Russia over food attacks (The Telegraph) Human rights lawyers believe Kremlin is ‘intentionally using starvation of civilians as a method of warfare’
Denmark joins IT coalition created for Ukrainian Armed Forces (Yahoo News) Denmark, together with Estonia and Luxembourg, announced their intention to support the Armed Forces of Ukraine and the Ukrainian Ministry of Defence in the field of information and communication technologies and cyber defence.
Former Belarusian Security Force Member Confesses In Swiss Court To Kidnapping Opposition Figures (RadioFreeEurope/RadioLiberty) Yury Harauski, a former member of Belarusian authoritarian leader Alyaksandr Lukashenka’s special security forces, has confessed in court to taking part in the kidnapping of three opposition figures who ended up dead.
US sanctions firms in China , Russia, Turkey over Iran’s drone program (C4ISRNet) Tensions between the U.S. and Iran remain high, despite the release of five American detainees from Iran this week.
Russian allegedly smuggled US weapons electronics to Moscow (Register) Feds claim sniper scope displays sold in sanctions-busting move
How The Ukraine War Hit The Economy Of Romania's Eastern Borderlands
(RadioFreeEurope/RadioLiberty) This quiet corner of Romania has seen activity diminish further recently due to repeated Russian kamikaze drone strikes targeting Ukrainian ports across the river, and apparently sometimes slamming into Romanian territory.
Ukrainian First Lady's Apartment In Occupied Crimea To Be Sold At Auction (RadioFreeEurope/RadioLiberty) Russian-installed authorities in Ukraine's Moscow-annexed Crimea will put an apartment that belongs to Ukraine's first lady, Olena Zelenska, up for auction.
Attacks, Threats, and Vulnerabilities
US spy agency ‘hacked Huawei HQ’: China confirms Snowden leak (South China Morning Post) Chinese Ministry of State Security report acknowledges cyberattacks detailed in internal papers revealed by former contractor.
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware (WIRED) Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.
New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants (Cisco Talos) Cisco Talos recently discovered a new malware family we’re calling “HTTPSnoop” being deployed against telecommunications providers in the Middle East.
ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies (The Hacker News) Telecom providers in the Middle East face a stealthy cyber threat called ShroudedSnooper. It uses HTTPSnoop to exploit Windows HTTP kernel drivers.
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape (Proofpoint) Key Takeaways Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically asso...
Nagios XI vulnerabilities resulting in privilege escalation (& more) (Outpost24) Outpost24 has identified four vulnerabilities in Nagios XI, three of which result in privilege escalation.
Qatar Cyber Chiefs Warn on Mozilla RCE Bugs (Dark Reading) The WebP vulnerability affects multiple browsers besides Firefox and Thunderbird, with active exploitation ongoing.
Inside the Code of a New XWorm Variant (The Hacker News) XWorm: The new kid on the malware block. ANY.RUN's analysts dive deep to expose its tactics and evasion techniques.
Threat Spotlight: How attackers use inbox rules to evade detection after compromise (Baracuda) Automated email inbox rules are a useful and familiar feature of most email clients. They help people manage their inboxes and the daily flood of wanted and unwanted communications by enabling them to move emails to specific folders, forward them to colleagues while they’re away, or simply delete them.
38TB Microsoft data leak highlights risks of oversharing (ComputerWeekly.com) An accidentally disclosed SAS token with excessive privileges enabled researchers to access nearly 40TB of Microsoft’s data, highlighting the risks of privilege mismanagement and oversharing.
Microsoft’s 38TB Leak: How IT Leaders Should Respond (Information Week) Microsoft’s AI team’s Azure mistake led to a 38TB dump of private company data. Should CIOs worry about cloud security implications?
Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says (Reuters) Hackers who breached casino giants MGM Resorts International and Caesars Entertainment in recent weeks also broke into the systems of three other companies in the manufacturing, retail, and technology space, a security executive familiar with the matter said.
Las Vegas casino ransomware attacks: Okta in the spotlight (The Stack) "I think our biggest challenge was, and this is something we learned the hard way, was the password reset..."
MGM losing up to $8.4M per day as cyberattack paralyzes slot machines, hotels for 8th straight day: analyst (New York Post) MGM Resorts has officially entered its eighth day of “cybersecurity issues” that have silenced slot machines and shut down internal computer systems, costing the hotel and casino chain …
Caesars reports cyberattack but did not go offline (Top Class Actions) Caesars Entertainment disclosed to federal regulators it suffered a data breach Sept. 7 as a result of a cyberattack against the casino company and its online operations.
What Las Vegas tourists need to know about casino hacks (Washington Post) Cyberattacks on MGM and Caesars put gamblers’ personal information at risk
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (Dark Reading) MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom.
Marvell disputes claim that Cavium backdoored its chips (Register) Allegations date back a decade to leaked Snowden docs
Nuance Communications, Inc. Confirms MOVEit Data Breach Compromised Consumer Data (JD Supra) On September 18, 2023, Nuance Communications, Inc. (“Nuance”) filed a notice of data breach with the Attorney General of Texas after discovering that...
Pizza Hut Australia hack: data breach exposes customer information and order details (the Guardian) Company says it believes about 193,000 customers are affected by the breach, which it spotted in early September
Essential Lessons from the Duolingo API Breach (Cequence Security) The API breach that exposed information on 2.6 million customer accounts, and how such data could be better protected.
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-28434 MinIO Security Feature Bypass Vulnerability
Security Patches, Mitigations, and Software Updates
CISA Releases Four Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released four Industrial Control Systems (ICS) advisories on September 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-262-01 Siemens SIMATIC PCS neo Administration Console
ICSA-23-262-03 Omron Engineering Software Zip-Slip
ICSA-23-262-04 Omron Engineering Software
ICSA-23-262-05 Omron CJ/CS/CP Series
GitLab urges users to install security updates for critical pipeline flaw (BleepingComputer) GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies.
New Pegasus Spyware Zero-Click Patched Out by Apple in Ongoing Battle Against Commercial Zero-Days (CPO Magazine) NSO Group appeared to be on the ropes after the publication of the “Pegasus Project” reports in late 2021, which led to a subsequent patch of a zero-click iMessage exploit that its Pegasus spyware relied on to compromise iPhones. NSO appears to have unearthed more zero-days in the interim, however, and Apple has recently announced the patching of another iMessage vulnerability that involved exploitation of image attachments.
Trends
Cado Security Labs Researchers Witness a 600X Increase in P2Pinfect Traffic (Cado Security) Cado Security Labs have been tracking P2Pinfect since August 2023. This blog summarizes the latest updates.
August Ransomware Recap: Sixth Month in a Row with YoY Increase (Corvus Insurance) It didn’t feel like it, but some ransomware groups took a summer break. Here’s what you need to know.
AT&T Cybersecurity Insights Report: Focus on Manufacturing (AT&T) We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Manufacturing. The report examines the edge ecosystem, surveying manufacturing IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on manufacturing report documented how we secure the data, applications, and endpoints that rely on edge computin
Threat Labs Report — FINANCIAL SERVICES 2023 (Netskope) Gain insights into the threats targeting the financial services sector. Learn how organizations can defend against these threats.
Why cybersecurity's software vulnerability crisis is year-round now (Axios) A wave of newly discovered critical software vulnerabilities has been keeping cybersecurity teams working overtime this summer.
SpyCloud Report: Infostealer Malware is a Precursor to Ransomware Attacks (Business Wire) 79% of organizations are confident in their ransomware defenses, but only 19% are addressing the malware threat
83% of IT Security Professionals Say Burnout Causes Data Breaches (PR Newswire) Devo Technology, the cloud-native security analytics company, today unveiled the results of a new study examining the ramifications of...
Marketplace
Alcion Raises $21 Million for Backup-as-a-Service Platform (SecurityWeek) Data management startup Alcion has raised $21 million in a Series A funding round led by Veeam to expand its market presence.
CrowdStrike confirms its Bionic.ai acquisition, sources say for $350M (TechCrunch) Update: CrowdStrike has now officially confirmed the deal. As we previously reported, CrowdStrike will merge Bionic's tech with its Falcon product. "The
US cyber giant CrowdStrike snaps up Israeli-founded cloud security startup Bionic (Times of Israel) Company has developed a ‘Google Maps' security platform to help businesses protect their software applications from cyber threats
New Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard (WatchGuard Technologies) Once integrated into the WatchGuard Unified Security Platform architecture, the CyGlass technology will deliver AI- and ML-based detection of network anomalies and accelerate Open XDR capabilities.
Discern Security lands funding round as it launches world's first AI powered security policy management platform (Yahoo Finance) Discern Security launches with $3m funding round to enhance performance of cybersecurity tools used by businesses, as it builds ties with Fortune 500 enterprises and cybersecurity firms.
HiddenLayer raises $50M for its AI-defending cybersecurity tools (TechCrunch) HiddenLayer, a startup building tools to defend AI models from attack, has raised $50 million in a fresh funding round.
HiddenLayer Raises Hefty $50M Round for AI Security Tech (SecurityWeek) Texas startup attracts major investor interest to build an MLMDR (machine learning detection and response) technology.
George Kurtz’s 5 Boldest Statements At CrowdStrike Fal.Con 2023 | CRN (CRN) CrowdStrike CEO George Kurtz spoke about generative AI and the new Raptor data lake during his Fal.Con 2023 keynote.
SailPoint approaching $600M ARR and exceeding 50% YoY increase in SaaS revenue (Yahoo Finance) SailPoint Technologies, Inc. ("SailPoint" or the "Company"), a leader in enterprise identity security, has surpassed key growth and revenue milestones, underscoring the strength of SailPoint’s multi-tenant SaaS platform and the Company’s expectations of continued acceleration. SailPoint has recently achieved annual recurring revenue (ARR) approaching $600 million and more than a 50% YoY increase in SaaS revenue in the first half of 2023.
On the Cybersecurity Jobs Shortage (Schneier on Security) In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage
What's in a name? Five vendors reveal their name origins (CRN) Splunk, Snyk, N-able, Arctic Wolf and Zyxel - ever wonder how these companies landed on their names?
Admiral (Ret.) Craig Faller Joins Strider Technologies as an Advisor (Strider Intel) Strider Technologies, Inc. ("Strider"), the leading provider of strategic intelligence, today announced that Admiral (Ret.) Craig Faller is joining the company as an Advisor. In this role, Admiral Faller will provide Strider valuable insight on our strategic priorities, product development, and other opportunities to achieve our long-term goals.
Former GCHQ chief joins security investment group Gallos as chai (Financial Times) Jeremy Fleming’s appointment a feather in the cap of fledgling investment company
Stack Identity Announces Official Formation of Advisory Board, Appoints Multiple Cybersecurity Leaders to Solve Shadow Access Problem (Business Wire) Former Crowdstrike chief product officer, Amol Kulkarni, and former Accurics CEO and serial entrepreneur, Sachin Aggarwal, join as newest members
Products, Services, and Solutions
Venafi Leverages Generative AI to Manage Machine Identities (SecurityWeek) Venafi launched a proprietary generative AI model to help with the mammoth, complex, and expanding problem of managing machine identities.
Dragos Expands CrowdStrike Partnership to Provide Comprehensive Visibility, Detection, and Response Capabilities Across IT and OT Networks (Business Wire) New integrations bring customers a holistic, intelligence-driven approach to threat detection and response across critical infrastructure and industrial organizations
These New Alerts Notify You When Something's Phishy (Dashlane) Dashlane is the first password manager to offer built-in, proactive phishing alerts. Now available in the Dashlane web extension.
Venafi Brings New AI Innovation to Control Plane for Machine Identities (Business Wire) Venafi Athena Leverages Power of Generative AI and Machine Learning to Deliver Industry’s First Intelligent Machine Identity Management Capabilities
LogRhythm Announces Partnership with Novacoast to Enhance Security Services Through Axon (LogRhythm) This partnership marks a significant milestone as Novacoast becomes the first LogRhythm Axon service provider to provide level one and level two analyst services and custom content for the cloud-native SaaS SIEM platform.
Acronis Unveils First Ever AI-powered All-in-One Cyber Protection Solution for Consumers (GlobeNewswire News Room) Acronis Cyber Protect Home Office protects data, devices, and identity security in a single, innovative offering...
Zscaler Partners with Imprivata and CrowdStrike to Announce New Zero Trust Security Solution for Healthcare Organizations (GlobeNewswire News Room) End-to-End Threat Protection, Visibility, and Traceability Capabilities Provide Role-Based Controls to Protect Against Growing Ransomware Threats Against...
Forward Networks Wins Stratus Award for Second Consecutive Year (PR Newswire) The Business Intelligence Group today announced that it has awarded Forward Networks the 2023 Stratus Award in the Security category. This...
Blues Expands Notecard Offerings for Enhanced IIoT Connectivity (PR Newswire) Blues, a leader in IIoT technology enabling global connectivity solutions, today announced a series of enhanced offerings based on its flagship...
Akamai Extends Its Industry-Leading DDoS Defense with Prolexic On-Prem and Hybrid Options Powered by Corero (Akamai) Partnership will offer customers best-in-class security and reliability
Veeam Achieves International Common Criteria Certification for Cyber Resilience from U.S National Information Assurance Partnership (Veeam Software) Veeam Achieves International Common Criteria Certification for Cyber Resilience from U.S National Information Assurance Partnership
Wing Security Launches Compliance-Grade SaaS Security Solution for Just $1.5K (Business Wire) This new SaaS protection tier for mid-market companies focuses on the most critical security tasks, as defined by compliance standards (ISO27001/SOC2)
McAfee Launches AI-powered Scam Protection to Spot and Block Scams in Real-Time (Business Wire) McAfee’s patented and powerful AI technology addresses the rise in AI-generated phishing scams by proactively detecting URLs for you.
Dig Security Enhances DSPM Platform to Secure Enterprise Data in On-Prem File-Share Environments (PR Newswire) Dig, the cloud data security leader, today announced the expansion of the Dig Data Security Platform to protect data anywhere enterprises store...
CyberArk Collaborates with Accenture to Deliver Advanced Privileged Access Management Solutions for Clients (Business Wire) Accenture Also Utilizes CyberArk Cloud in Its Own Cyber Defense Strategy
Skyhawk Security Launches Comprehensive Generative AI Benchmark Ranking LLMs Based on Cyber Threat Scoring Capabilities (GlobeNewswire News Room) Free resource analyzes the performance of ChatGPT, Google BARD, Claude, LLAMA2-based open LLMs...
Telesign Scans the Dark Web to Catch Intrusions and Protect Identities with New Breached Data Offering (GlobeNewswire News Room) New add-on to Telesign’s Identity product family enables customers to know if and when a phone number—and any associated data—has been compromised...
New Acquisition Powers AI-based Network Detection and Response and Open XDR Capabilities for WatchGuard (GlobeNewswire News Room) Once integrated into the WatchGuard Unified Security Platform architecture, the CyGlass technology will deliver AI- and ML-based detection of network...
Synopsys Recognized as a Leader in Static Application Security Testing by Independent Research Firm (Synopsys) Synopsys received the second highest score in the current offering category and tied for the second highest scores in the strategy and market presence categories SUNNYVALE, Calif., Sept. 20, 2023...
1Password Launches Mobile Support for Passkeys (Business Wire) Identity security leader offers the first end-to-end passkey experience to safeguard digital identities across platforms and devices
Improved Digital Employee Experiences, Expedited Investigations and the Fastest Tanium Ever: Announcing Our Q3 Products, Features, and Updates (Tanium) Learn about the new features to Tanium Digital Employee Experience (DEX), a new module to XEM Core, and an upgraded, faster platform.
HUMAN Security and Locality Partner to Help Local CTV Advertisers Reach Quality Consumers (HUMAN) HUMAN Security, Inc. — the global cybersecurity leader in protecting enterprises by disrupting bot attacks, digital fraud and abuse with modern defense, today announced a new strategic partnership with Locality, the industry’s preeminent local television solutions provider.
Sonar Delivers Clean Code with Zero-Configuration Analysis of C and C++ Projects (Sonar) Press Release - SonarCloud zero-configuration, automatic analysis feature removes friction to analyzing C and C++ projects, regardless of compiler
Cloud Range Delivers Next-Generation Cyber Range-as-a-Service with Range365™ (Business Wire) Cloud Range Range365 delivers an on-demand, fully customizable cyber range sandbox for unlimited cybersecurity simulation training and live production environment testing
Veracode Named a Leader in The Forrester Wave™: Static Application Security Testing, Q3 2023 (Veracode) Veracode earns the top scores across the Current Offering, Strategy, and Market Presence (tied) categories.
SentinelOne® Achieves 100% Prevention and Detection in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise (SentinelOne) Singularity™ XDR provides real-time protection with zero delays or configuration changes
Technologies, Techniques, and Standards
Australia to build ‘six cyber shields’ to defend nation (Register) Local corporate regulator warns boards that cyber is totally a directorial duty
OSINT: Revolution or Renaissance? (AFCEA International) Expanding capabilities will benefit decision-makers and the intelligence community.
The Rise of OSINT: Few Rules, Many Opportunities (AFCEA International) Open-source intelligence investigations must be well-sourced and protected from cyber or physical attacks.
President's Commentary: The Ever-expanding Value of OSINT (AFCEA International) Open-source intelligence (OSINT) may be entering its heyday due to the sheer volume of information available, the emergence of artificial intelligence (AI) to help sort through it, and the relatively low cost of collecting, analyzing, disseminating and exploiting it.
Unsung Hero in Cyber Risk Management (Trend Micro) Behind the scenes of the world of vulnerability intelligence and threat hunting there is an unsung hero in cyber risk management - learn who.
What do you Need to Know When Creating a Data Breach Investigation and Mitigation Checklist? (BlackFog) Ask these key questions as part of your data breach investigation and mitigation checklist to stand the best chance of recovering from a data breach.
Why it’s Crucial to Protect Loyalty Data (Total Retail) With customers willing to hand over their data for discounts and rewards, especially as we find ourselves in a time of economic turmoil, firms end up with more and more sensitive data that they need to protect. But how can organizations protect loyalty data effectively? And where should they start?
Why CISOs need zero trust as a ransomware shield (VentureBeat) To limit an attack's blast radius, it is critical to have zero trust and microsegmentation hardened with real-time credential validation.
Design and Innovation
TikTok debuts new tools and technology to label AI conten (TechCrunch) As more creators turn to AI for their artistic expression, there's also a broader push for transparency around when AI was involved in content creation.
SecureAuth Awarded New Patents for Identity Proofing (SecureAuth) SecureAuth, a leader in authentication and access management, today announced that the United States Patent and Trademark Office (USPTO) has granted the company three groundbreaking patents for identity verification using Bluetooth®, personal attributes, and environmental information.
ConnectWise Announces PitchIT Accelerator Program Finalists for 2023 (GlobeNewswire News Room) With $100k Investment on Offer, Each of the Finalists' Solutions Will be Judged at IT Nation Connect...
Research and Development
DARPA Turns to AI to Secure Cyberspace (Meritalk) The Defense Advanced Research Projects Agency (DARPA) has turned to artificial intelligence (AI) capabilities to bolster cybersecurity defenses against continued and growing threats, an agency official explained last week.
Paperclip SAFE® Awarded Patent for Secure Data Processing (GlobeNewswire News Room) Paperclip was awarded Canadian Patent No. 3,087,924 to protect its proprietary data encryption process...
Academia
80% of education providers hit with ransomware last year, Biden administration responds (Atlas VPN) As the 2023 academic year kicks off, schools across the globe are facing an escalating cybersecurity crisis, the Atlas VPN team reports. Data shows the education sector is the most targeted industry by cybercriminals, primarily motivated by the high percentage of schools choosing to pay the ransom.
Legislation, Policy, and Regulation
Ethiopian region’s internet blackout continues as human rights situation deteriorates (Record) A militia group seized control of several towns in the Amhara region in early August, and internet access has been largely unavailable, experts say, as the Ethiopian military cracks down.
UK opens new chapter in digital regulation as parliament passes Online Safety Bill (TechCrunch) Controversial UK legislation that brings in a new regime of content moderation rules for online platforms and services -- establishing the comms watchdog Controversial UK legislation that brings in a new regime of content moderation rules for online platforms and services has been passed by parliament today, paving the way for Royal Assent and the Online Safety Bill becoming law in the coming days.
UK passes the Online Safety Bill — and no, it doesn’t ban end-to-end encryption (Record) Parliament has finished its work on the Online Safety Bill, ending a legislative saga that focused the U.K.'s attention on how far the government should go to control certain online behaviors.
Nordstream trauma leads Berlin to draw up fresh Huawei bans (POLITICO) Plans under discussion include bans on core and sensitive parts of telecoms networks.
The Biden Administration’s Implementation Plan for the National Cybersecurity Strategy (Default) The first installment of the implementation plan provides insight into how the Biden administration intends to achieve the National Cybersecurity Strategy’s goals.
Experts fret over fate of CISA cyber programs as shutdown clouds loom (SC Media) A hearing ostensibly focused on CISA's CDM and EINSTEIN cybersecurity programs took a detour as witnesses strongly warned Congress that a shutdown could imperil federal cybersecurity efforts.
Proposals to streamline cyber incident reporting rules win cautious praise (Washington Post) Cyber reporting regulations are proliferating. Here’s what a federal council says should be done about that.
Litigation, Investigation, and Law Enforcement
Contents of the Piilopuoti web server seized by Finnish Customs – major breakthrough in the anonymous Tor network (Tulli) Finnish Customs has seized the “Piilopuoti” web server in cooperation with foreign authorities, and seized the contents of the server. The web server was operational in the Tor network since 2022.
Finland, Europol take down PIILOPUOTI dark web marketplace (Record) Law enforcement officials in Finland worked with Europol and a cybersecurity firm to take down a dark web marketplace called PIILOPUOTI.
Virginia, other US states back Montana in TikTok ban -court filing (Reuters) A group of 18 state attorneys general said on Monday they backed Montana's effort to ban Chinese-owned short video app TikTok, urging a U.S. judge to reject legal challenges ahead of the Jan. 1 effective date.
UMass Medical School Sued Over MOVEit File-Transfer Data Breach (Bloomberg Law) The University of Massachusetts Chan Medical School failed to safeguard the confidential information of 134,000 people, who receive public assistance, when their personal information was exposed in a data breach connected to a cyberattack on Progress Software Corp.'s MOVEit file-transfer app, according to a proposed class action.
UnitedLex faces potential class action over data breach (Kansas City Business Journal) A data breach in March compromised the personal information for an estimated 7,000 people. That has led to a lawsuit, now in federal court, against data and professional services company UnitedLex.
Snap Finance’s $1.8 Million Data Breach Settlement Gets Early OK (Bloomberg Law) Customers of Snap Finance LLC won preliminary approval for a $1.8 million class action settlement with the company, resolving allegations that the digital lender’s negligence allowed hackers access to sensitive data in federal Utah court.
FTX Sues Sam Bankman-Fried’s Parents to Claw Back Funds (Bloomberg) FTX was a self-described ‘family business,’ lawsuit says. Advisers allege fraud was perpetrated for insiders’ benefit.
ESET wins long-running patent dispute against Finjan (EIN News) Jury vindicates ESET following eight-year court battle
Sysadmin admits to part in mega Avaya license scam (Register) Could spend 20 years in prison after selling $88M in ADI software keys