Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+585: Trench fighting in the south. (CyberWire) The weekend saw few changes on the ground, as Russia celebrated its illegal annexation of Ukrainian territory. In cyberspace, low-level hacktivism and targeted disinformation persist
Russia-Ukraine war at a glance: what we know on day 586 of the invasion (the Guardian) Joe Biden urges Congress to swiftly approve Ukraine aid left out of US government funding bill; Rishi Sunak rows back on defence minister’s suggestion that British troops could carry out training in Ukraine
Russia-Ukraine war: List of key events, day 586 (Al Jazeera) As the war enters its 586th day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 585 of the invasion (the Guardian) Nine injured as blaze erupts at oil pipeline in western Ukraine; drone attack in southern Russia leaves one hurt
Ukraine-Russia war: Russian air defences shoot down one of its most advanced fighter jets (The Telegraph) Russian air defences have shot down one of the country’s most advanced fighter jets in a friendly fire incident, according to reports.
What happened in the Russia-Ukraine war this week? Catch up with the must-read news and analysis (the Guardian) European parts used in killer drones used by Russia; key details behind Nord Stream pipeline blasts revealed by scientists
‘Energy war’: Ukraine tries to protect electricity supply before winter (the Guardian) It seems likely Russia will target the grid with its missiles again, but engineers say they are better prepared now
Ukraine is winning. Now let’s finish the job (The Telegraph) As the counteroffensive breaks down the Russian lines, Britain must make sure the West stands firm
Russia-Ukraine war latest: No plans to deploy British troops to Ukraine, Sunak says (The Telegraph) Rishi Sunak said on Sunday there were no immediate plans to deploy military instructors to Ukraine, rowing back on comments by his defence minister who had suggested troops could carry out training in the country.
British troops could deploy to Ukraine for first time to train soldiers, says Grant Shapps (the Guardian) Defence secretary says proposal being discussed would reduce reliance on UK and other Nato members’ bases
Poland Becomes a Defense Colossus (CEPA) Poland has launched a huge and historic expansion of its military- what will the consequences be for NATO?
EU foreign ministers convene in Kyiv in ‘historic’ show of support (the Guardian) Josep Borrell condemns Russia’s war as he says meeting is taking place ‘within the future borders of the EU’
Top EU Diplomat Visits Odesa, Calls Russian Attacks On Ukrainian Port City 'Barbaric' (RadioFreeEurope/RadioLiberty) EU foreign policy chief Josep Borrell visited the embattled Ukrainian port city of Odesa on the Black Sea on September 30, lamenting that is has been in the news not because of its beauty and historical significance but because it has been targeted by Russian missile and drone attacks.
‘No turning back’: how the Ukraine war has profoundly changed the EU (the Guardian) Russia’s invasion has had a major impact on the bloc’s security and energy policies – and even its very raison d’être
Biden says there's 'not much time' to keep aid flowing to Ukraine and Congress must 'stop the games' (AP News) President Joe Biden says American aid to Ukraine will keep flowing for now as he tries to reassure allies of continued U.S. financial support for the war effort.
A look at the amount of U.S. spending powering Ukraine’s defense (Washington Post) The United States is the biggest financial supporter of Kyiv’s fight against Russia.
Trolls in Slovakian Election Tap AI Deepfakes to Spread Disinfo (Bloomberg) Videos featuring AI-generated deepfake voices of politicians are spreading on social media ahead of the Slovak parliamentary elections this weekend, showcasing how the emergent technology is being harnessed for political disinformation.
Leaked U.S. strategy on Ukraine sees corruption as the real threat (POLITICO) A report obtained by POLITICO details specific plans to reform Ukrainian institutions and warns Western support may hinge on cutting corruption.
Ukraine says it has a massive database the American embassy can use to track every last weapon the US has sent to Kyiv (Business Insider) A Pentagon report from October 2022 discussing Ukraine's tracking of US weapons found that criminals stole equipment multiple times early in the war.
Putin, Medvedev Combine Spin With Threats On Anniversary Of Unilateral Annexations In Ukraine (RadioFreeEurope/RadioLiberty) President Vladimir Putin and his lockstep deputy chairman of the federal Security Council Dmitry Medvedev issued separate statements on September 30 aimed at whitewashing the unrecognized annexation one year ago of four regions of Ukraine and seemingly threatening another land grab.
Ukraine Puts Putin's Military in Survival Mode (The Messenger) A crisis of confidence in commanders, weapons and their government is emerging among Russia's beleaguered soldiers
'Messianic' Putin Fell Victim To His Own Propaganda, Says Veteran Journalist (RadioFreeEurope/RadioLiberty) Veteran journalist and New Yorker columnist Susan Glasser talks to RFE/RL’s Georgian Service about Vladimir Putin’s evolution from “incrementalism” to “messianism,” authoritarianism and the “Russian river” of history, and Putin and the Ukraine war in the context of looming U.S. elections.
Putin is opening up a new front against the West (The Telegraph) The Balkans are set to explode unless urgent action is taken by Nato to quell Russian and Serbian aggression in Kosovo
A democratic nation has been allowed to die – the UN has failed once more (The Telegraph) The destruction of Nagorno-Karabakh shows that the West has again failed to stand up to international aggression
Lustrating Judges Is the Key to Post-Putin Transitional Justice (Wilson Center) Russian opposition political leader Alexey Navalny recently came to a clear conclusion: without a successful judicial reform following the collapse of the USSR, all other reforms were doomed to failure. “If an independent judiciary had been established, then a new usurpation would have been impossible or greatly hindered,” he said.
Royal Family's official website targeted in cyber attack (Sky News) The royal website was taken offline by a denial of service attack on Sunday, but a royal source said it was not a hack.
Royal family website hit by cyber attack (The Independent) Official website for the Royal family was beset by connectivity issues on Sunday morning (1 October)
Attacks, Threats, and Vulnerabilities
FBI warns energy sector of likely increase in targeting by Chinese, Russian hackers (Record) An FBI industry alert obtained by Recorded Future News says organizations can expect continued foreign hacking attempts due to factors such as increased U.S. exports of liquefied natural gas, ongoing Western pressure on Russia’s energy supply and China’s reliance on oil imports.
North Korean hackers posed as Meta recruiter on LinkedIn (CyberScoop) Targets of the operation were given phony coding challenges that delivered a range of malware, including a previously-unseen backdoor.
Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Previously, when the group exploited LinkedIn, it managed to pilfer a staggering $625 million from the Ronin Network (RON) blockchain network.
North Korean Lazarus targeted a Spanish aerospace company (Security Affairs) North Korea-linked APT group Lazarus impersonated Meta's recruiters in an attack against a Spanish company in the Aerospace industry.
APT34 deploys new Menorah malware in targeted phishing attack (Candid.Technology) A new malware strain, Menorah, has been linked to the notorious APT34 advanced persistent threat (APT) group.
APT34 Deploys Phishing Attack With New Malware (Trend Micro) We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
Iranian APT Group OilRig Using New Menorah Malware for Covert Operations (The Hacker News) Iranian cyber group OilRig strikes again with spear-phishing campaign, deploying a new Menorah malware for cyberespionage.
Alleged Iranian hackers target victims in Saudi Arabia with new spying malware (Record) Suspected Iranian hackers recently launched a new cyber espionage operation, infecting their victims with the newly discovered Menorah malware, according to a report published Friday.
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (BleepingComputer) The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors.
Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends (FBI) The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight emerging ransomware trends and encourage organizations to implement the recommendations in the “Mitigations” section to reduce the likelihood and impact of ransomware incidents.
FBI: Ransomware Actors Launching 'Dual' Attacks (Decipher) Threat actors have deployed two different ransomware variants against victims, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum and Roya.
FBI warns of dual ransomware attacks (Security Affairs) The U.S. Federal Bureau of Investigation (FBI) warns of dual ransomware attacks aimed at the same victims.
FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies (The Hacker News) FBI Alert: Dual ransomware attacks are surging, targeting U.S. businesses with multiple variants.
DHS: Physical Security a Concern in Johnson Controls Cyberattack (Dark Reading) An internal memo cites DHS floor plans that could have been accessed in the breach.
Unraveling the Johnson Controls Ransomware attack: Dark Angels wants $51 million (Dataconomy) Learn about the Johnson Controls ransomware attack, a cyber crisis with a $51 million demand, DHS concerns, and ongoing repercussions
A still unpatched 0-day RCE impacts more than 3.5M Exim servers (Security Affairs) Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software.
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks (The Hacker News) Attention IT Admins! Multiple vulnerabilities in Exim mail agent exposed. Find out how unauthenticated attackers could exploit these vulnerabilitie
Exploit released for Microsoft SharePoint Server auth bypass flaw (BleepingComputer) Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation.
Microsoft Bing Chat spotted pushing malware via bad ads (Register) From AI to just plain aaaiiiee!
New report reveals that nearly three-quarters (71%) of AI detectors can’t tell if a phishing email has been written by a chatbot (GlobeNewswire News Room) Missed voice messages accounted for 18% of phishing attacks, making them the most phished topic of the year so farThe most common type of payload is...
The Dark Side of AI: How ChatGPT and Generative AI Tools Fuel Cyberattacks (Cryptopolitan) Recently, the tech world has been abuzz with the capabilities of ChatGPT, an AI-based chatbot developed by OpenAI. This versatile tool has garnered praise for its ability to generate persuasive prose and even functional code. However, as technology evolves, so do the methods of malicious actors, and ChatGPT’s prowess is not immune to exploitation by ... <a title="The Dark Side of AI: How ChatGPT and Generative AI Tools Fuel Cyberattacks" class="read-more" href="https://www.cryptopolitan.com/the-dark-side-of-ai-how-chatgpt-and-generative-ai-tools-fuel-cyberattacks/" aria-label="More on The Dark Side of AI: How ChatGPT and Generative AI Tools Fuel Cyberattacks">Read more</a>
Fact Checkers Take Stock of Their Efforts: ‘It’s Not Getting Better’ (New York Times) The momentum behind organizations that aim to combat online falsehoods has started to taper off.
The Thin Line: Educational Tools vs. Malicious Threats - A Focus on The-Murk-Stealer (CYFIRMA) EXECUTIVE SUMMARY At CYFIRMA, our commitment is to furnish you with the latest insights into prevalent threats and strategies employed...
BunnyLoader, the newest Malware-as-a-Service (Zscaler) BunnyLoader features rapid iterations, anti-sandbox tactics, second-stage payload executions, keylogging, stealing capabilities, and remote execution.
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground (The Hacker News) BunnyLoader, the latest malware-as-a-service, is up for sale in the dark web. It can steal your data, replace your crypto address
Dark Web Pedophiles Using Open-Source AI to Generate CSAM (Hackread) This was revealed by the Internet Watch Foundation, a UK-based internet watchdog.
“I messed up”: Thousands of teen boys are being extorted in sexting scams (Washington Post) An unprecedented number of cases is leaving families devastated
Clorox says production sites back up after August cyberattack (Reuters) Clorox said on Friday all its manufacturing facilities resumed operations and it is ramping up production to restock inventories after a cyberattack last month disrupted the bleach maker's business.
Large Michigan healthcare provider confirms ransomware attack (Record) McLaren HealthCare says it recently detected suspicious activity on its computer network and immediately began an investigation.
Norfolk Southern system outage not the result of cyber attack according to rail company (Security Systems News) A technology outage that impacted rail operations for the Norfolk Southern Corporation late Friday evening on September 29, have been ruled not a cyber-attack following an update from the company
Tom Hanks Warns Fans About ‘AI Version of Me’ Promoting Dental Plan: ‘I Have Nothing to Do With It’ (Variety) Tom Hanks shared a computer-generated image of himself on Instagram, warning his followers about an 'AI version of me' promoting a dental plan.
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Updates for Multiple Products | CISA (Cybersecurity and Infrastructure Security Agency CISA) Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, Firefox Focus for Android, and Firefox for Android. A cyber threat actor can exploit this vulnerability to take control of an affected system.
Trends
SMBs Embrace the Future, Ready to Harness the Power of AI and Automation, Reveals airSlate Study (Business Wire) Respondents rank business productivity solutions including document workflow and esignature tools as most pressing technology needs
Marketplace
SingTel to sell stake in Trustwave for $205 million (Reuters) Singapore Telecommunications on Monday said it entered into an agreement with MC2 Titanium, LLC to sell its stake in cyber security business Trustwave for $205 million.
TPG Completes Acquisition of Forcepoint Global Governments and Critical Infrastructure Cybersecurity Business from Francisco Partners (Business Wire) Transaction marks next chapter for Forcepoint G2CI as a standalone company backed by leading technology investor TPG
Bankrupt IronNet Shuts Down Operations (SecurityWeek) Bankrupt and out of financing options, IronNet has terminated all employees and plan to file for Chapter 7 protection.
IronNet, Inc. (SEC) CURRENT REPORT Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 Date of Report (Date of earliest event reported): September 29, 2023
Palo Alto opens UK headquarters amid M&A reports (CRN) Cybersecurity specialist teases plans to create 485 new roles
Palantir Receives $250M Army Contract for AI/ML R&D Services (GovCon Wire) Looking for the latest GovCon News? Check out our story: Palantir to Continue Army AI/ML Research & Experimentation Work Under $250M Contract. Click to read more!
Fortinet Joins the United Nations Global Compact (GlobeNewswire News Room) Membership emphasizes Fortinet’s focus on embedding sustainability and responsible corporate governance into its operations and business model...
Why I Joined Endor Labs as Chief Security Advisor (Endor Labs) Throughout my IT and Cybersecurity career, I, like others, have watched the tremendous growth and adoption of Open Source Software (OSS). It now powers everything from our consumer goods to critical infrastructure and national security systems.
Saviynt Appoints Security Industry Leader Jim Routh as Chief Trust Officer (Business Wire) Former MassMutual, Aetna, American Express CISO Joins Company to Further Accelerate the Rapid Adoption of Its Converged Identity Platform
Saviynt Expands Leadership in Marketing, Cloud Platform Innovation and Security (Business Wire) Company Expands Global Go-to-Market Strengths and Cloud Platform Innovation with Appointments of Tara Ryan as Chief Marketing Officer, Akshay Sivananda as CISO and Sapna Nair as GM of India
Products, Services, and Solutions
New infosec products of the week: September 29, 2023 (Help Net Security) The featured infosec products this week are from: AlphaSOC, Baffle, Immersive Labs, OneTrust, Panzura, runZero, and SeeMetrics.
Chubb and SentinelOne® Partner to Enhance Cyber Risk Management (Chubb Corporate Newsroom) Chubb leverages industry-leading security solutions to help policyholders enhance cyber defenses and help protect businesses from emerging threats WHITEHOUSE STATION, N.J., Sept. 27, 2023...
Chubb and SentinelOne partner to enhance cybersecurity for U.S. businesses (ReinsuranceNe.ws) In a strategic move aimed at bolstering cybersecurity practices for American businesses, Chubb, the world's largest publicly traded property &
Exabeam Brings Generative AI to SIEM Platform (Security Boulevard) Exabeam added generative artificial intelligence (AI) capabilities to the company’s New-Scale security information event management (SIEM) platform.
Bitdefender Threat Intelligence enables organizations to improve their security posture (Help Net Security) Bitdefender Threat Intelligence delivers threat intelligence obtained from multiple sources including its own network of customers.
Pax8 and Blackpoint Cyber Partner to Offer MSPs 24/7 Managed Detection and Response Platform (GlobeNewswire News Room) Leading MDR technology responds to malicious events...
Eclypsium’s Supply Chain Security Platform Adds New Capabilities to Protect Network Infrastructure From Compromise (Eclypsium) Eclypsium’s new integrity monitoring and threat detection capabilities help organizations protect from ransomware and state-sponsored threat actors using network infrastructure devices to establish initial access and persistence Portland, OR – October 2, 2023 – Eclypsium®, the supply chain security company protecting critical hardware, firmware, and software in enterprise IT infrastructure, today announced new threat detection […]
Proactively Prevent Breaches with Expanded Endpoint Protection in Rapid7 MDR (Rapid7) Rapid7 has expanded Managed Threat Complete to include native NGAV and DFIR powered by our universal Insight Agent.
Technologies, Techniques, and Standards
Cybersecurity Awareness Month: perspectives from the cyber sector. (CyberWire) As Cybersecurity Awareness Month is held in 2023, we mark the twentieth anniversary of the annual October observance with perspectives from industry experts:
Kicking off NIST's Cybersecurity Awareness Month Celebration & Our Cybersecurity Awareness Month 2023 Blog Series (NIST) October is always an exciting time for us as we celebrate
UAE launches cyber awareness campaign on Cybersecurity Awareness Month (WAM) Marking Cybersecurity Awareness Month, the UAE has launched a cybersecurity awareness campaign, to share its leading cybersecurity experience and success stories with the world, helping strengthen the cybersecurity culture and highlight the importance of maintaining the safety of the digital space and protecting institutions and individuals from cybercrime.Boasting a remarkable track record in cybersecurity, the UAE established the Cyber Security Council, and launched its Federal Network (FedNet) and its own digital cloud, as well as several initiatives to...
Being cyber wise: Cybersecurity Awareness Month 2023 (ETCIO.com) Reinforcing the importance of cyber safety, disseminating information on cyber resilience strategies, and decoding the everyday emergence of the multitude of cyber threats — here's everything you need to know stepping foot in the 20th year of Cybersecurity Awareness Month.
Risk Management and the Board of Directors (The Harvard Law School Forum on Corporate Governance) This post is based on a Wachtell article by Martin Lipton, John Savarese, Sarah K. Eddy, Ryan McLeod, Elina Tetelbaum, David Adlerstein, and Carmen Lu. ...
AWS Using MadPot Decoy System to Disrupt APTs, Botnets (SecurityWeek) AWS says an internal threat intel decoy tool called MadPot is successfully trapping nation state APTs like Volt Typhoon and Sandworm.
'All systems need to be hardened': Officials, industry sound the alarm on quantum threat to encryption (Breaking Defense) New “quantum resistant” encryption standards won’t be finalized until next year, but officials and experts say agencies and industry should start hunting vulnerabilities hidden in their software and hardware, including embedded chips critical to US weapons.
Swamped with cybersecurity data, NGA hopes ChatGPT-like tools can help (Defense One) The mapping agency is trying to keep tabs on 70,000 events per second.
A Primer On Artificial Intelligence And Cybersecurity (Forbes) In simple terms, artificial intelligence acts as a powerful catalyst and enabler for cybersecurity in our connected ecosystem.
Why software teams have to change their focus from vulnerabilities to malware (SC Media) Most software supply chain organizations have fallen behind tracking malware – here’s how to correct that.
Design and Innovation
Signal Chief Meredith Whittaker Could Use Some Backup in the Fight for Encryption (The Information) I was about to sit down for coffee in Brooklyn with Meredith Whittaker when she started apologizing for the messages blowing up her phone. “Sorry, we’re launching our post-quantum protocol today,” she said while tapping away in—what else—her Signal app. Whittaker, the president of the Signal ...
What If the Robots Were Very Nice While They Took Over the World? (WIRED) First it was chess and Go. Now AI can beat us at Diplomacy, the most human of board games. The way it wins offers hope that maybe AI will be a delight.
IBM exec explains the difference between it and prominent AI competitors (The Street) TheStreet spoke to Christina Montgomery, IBM's chief privacy officer, on how the company is ensuring safe, responsible AI.
Legislation, Policy, and Regulation
The country ‘dodged a bullet’ after shutdown avoided, but the cyber threat still hovers (Washington Post) When Congress agreed on a short-term funding deal to avoid a federal government shutdown this weekend, it also averted — temporarily — a potential disaster for cybersecurity.
Norway wants Europe-wide ban on Facebook behavioral ads (Register) But Meta was just about to start asking people for their permission!
Germany is failing to protect power groups from cyber attacks, warns Eon boss (Financial Times) Operator of the country’s largest network urges authorities across Europe to do more to protect key assets
UK Government Wants Authorities to Stop Using Microsoft Excel in FOI Responses (WebProNews) The UK's Information Commissioner is calling on authorities to stop using Microsoft Excel when responding to Freedom of Information Act (FOI) requests.
Joint Statement from Argentina, Bahamas, Barbados, Belize, Brazil, Canada, Chile, Colombia, Costa Rica, Dominican Republic, Ecuador, El Salvador, Guatemala, Honduras, Jamaica, Mexico, Panama, Paraguay, Peru, Trinidad and Tobago, Uruguay, the United States, and the Organization of American States Inter-American Committee Against Terrorism Following the Department of Homeland Security Western Hemisphere Cyber Conference (Department of Homeland Security) On September 27-28, 2023, Secretary of Homeland Security Alejandro N. Mayorkas hosted representatives from 21 nations at a Department of Homeland Security Western Hemisphere Cyber Conference, held in person at the Organization of American States (OAS). The conference convened senior officials from throughout the hemisphere to discuss the most significant cybersecurity challenges that they face.
Fact Sheet: DHS Western Hemisphere Cyber Conference (Department of Homeland Security) Secretary of Homeland Security Alejandro N. Mayorkas has made cybersecurity a top priority for the Department of Homeland Security (DHS), in alignment with the Biden-Harris Administration’s priorities. On September 27-28, 2023, DHS hosted the first Western Hemisphere Cyber Conference, which convened foreign government cyber leaders to discuss cybersecurity challenges and identify areas of collaboration.
China looks to relax cross-border data security controls | Financial TimesFinancial Times (Financial Times) Draft rules from cyber regulator aim to stem concerns over transfer of foreign business data
UK-US Data Bridge Gets Green Light (cyber/data/privacy insights) Closely following the establishment of the EU-US Data Privacy Framework (DPF) – see our July 2023 post – the UK has now agreed to an extension for the transfer of personal data from the UK to the US, known as the UK Extension to the EU-US Data Privacy Framework, or the UK-US Data Bridge. Taking effe
CISA and UK NCSC Hold Inaugural Meeting of Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression (Cybersecurity and Infrastructure Security Agency) This week, the Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (UK-NCSC) held the Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression.
CISA Views Critical Infrastructure and Cybersecurity Through Global Lens (AFCEA International) An international coalition pushes for cybersecurity by design and default.
National Security Agency is Starting an Artificial Intelligence Security Center (SecurityWeek) The NSA is starting an artificial intelligence (AI) security center that will be integrated into U.S. defense and intelligence systems.
National Security Agency is starting an artificial intelligence security center (Quartz) The National Security Agency is starting an artificial intelligence security center — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems
Key lawmakers join free-market initiative on ‘nexus’ between AI and cybersecurity (R Street Institute) The R Street Institute, a free market-oriented think tank, is starting a new working group focused on the tie-in between artificial intelligence and cybersecurity that includes members from key congressional offices, the cyber industry, digital rights groups, academia, and others, with a focus on developing policy recommendations. The group includes representatives from Palo Alto Networks,...
FCC says it could boost authority over Huawei, ZTE equipment (Reuters) Federal Communications Commission Chair Jessica Rosenworcel said on Thursday the agency's proposal to reinstate net neutrality rules could give it new authority to force the removal of equipment from China-based Huawei and ZTE from U.S. networks, including data centers.
GAO Clobbers State Dept. for Slow Walk on Cyber Work (Meritalk) According to a new report out from the Government Accountability Office (GAO) on Thursday, the State Department has failed to fully implement its cybersecurity risk program and needs to take a number of steps to better protect its IT network and systems.
New Group Attacking iPhone Encryption Backed by U.S. Political Dark-Money Network (The Intercept) The Heat Initiative, formed to attack Apple encryption in the name of stopping child abuse, is part of a political dark-money network.
Litigation, Investigation, and Law Enforcement
AG approves use of Pegasus phone spyware in probe of shooting that killed 5 (Times of Israel) But Baharav-Miara does not allow use of controversial spying tool to extract data remotely from devices as police probe suspected gangland slayings
Child abuse site taken down, organized child exploitation crime suspected – exclusive (Security Affairs) A child abuse site has been taken down following a request to German law enforcement by Cybernews research team.
Israel allows police to use Pegasus spyware to probe killings of Palestinian citizens (Record) The use of spyware by Israeli law enforcement has been banned, with exceptions, since a 2022 scandal.
Supreme Court to Hear Challenges to State Laws on Social Media (New York Times) The tech industry argues that laws in Florida and Texas, prompted by conservative complaints about censorship by tech platforms, violate the First Amendment.
Landmark Texas, Florida social media cases added to Supreme Court term (Washington Post) The justices announced Friday which cases they will add to their calendar for the term that begins Monday
ShinyHunters member pleads guilty to $6 million in data theft damages (BleepingComputer) Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group.
French cybercriminal pleads guilty to fraud and aggravated identity theft for hacking private information (US Department of Justice) Seattle – A 22-year-old French citizen from Epinal, France, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft in U.S. District Court in Seattle, announced Acting U.S. Attorney Tessa M. Gorman.
Russian Court Jails Crypto Money Launderer for 12 Years (Hackread) A Russian crypto money launderer and drug trafficker has been sentenced to 11.5 years by the Ryazan region of Russia.
As trial looms, Sam Bankman-Fried’s own words may pose his biggest risk (Washington Post) The founder of FTX is accused of bilking customers and investors out of billions of dollars in the 2022 collapse of his cryptocurrency empire