Incident response and suggestions for more resilience.

Announcement

Join us for the Women in Cyber virtual panel discussion.

As part of N2K’s Women in Cyber series and in partnership with Tulsa Innovation Labs, we’re hosting an engaging virtual discussion featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. Register now and join us for this inspiring conversation.

N2K offers a new, on-demand course.

Based on our CSO's latest book, Cybersecurity First Principles: A Reboot of Strategy & Tactics, N2K has launched an on-demand course, featuring Rick “The Toolman” Howard himself as the instructor. Get a high-level overview of the strategies to pursue the absolute cybersecurity first principle: Reduce the probability of material impact due to a cyber attack. It’s the perfect quick-hitting content for busy security professionals, and it’s available now. Learn more here.

Summary

By the CyberWire staff

At a glance.

Update on Okta's response to its security incident.
A precautionary shutdown at a major US mortgage lender.
Call centers as targets.
Decoupling data and identity.
The cyber front in the Hamas-Israeli war.
Hacktivism and state-sponsored cyberattacks against Israel.
Managing influence operations: the case of TASS.
Cybercrime on the side of Ukraine.

Update on Okta's response to its security incident.

Identity and access management provider Okta has provided additional details on the breach it sustained from September 28th to October 17th. The company disclosed that “a threat actor gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers.” The threat actor obtained “HAR files that contained session tokens which could in turn be used for session hijacking attacks,” and used these tokens to hijack the Okta sessions of five customers. Three of these customers–1Password, BeyondTrust, and Cloudflare–have disclosed that they were affected.

Okta continued, “The unauthorized access to Okta’s customer support system leveraged a service account stored in the system itself. This service account was granted permissions to view and update customer support cases. During our investigation into suspicious use of this account, Okta Security identified that an employee had signed-in to their personal Google profile on the Chrome browser of their Okta-managed laptop. The username and password of the service account had been saved into the employee’s personal Google account. The most likely avenue for exposure of this credential is the compromise of the employee’s personal Google account or personal device.” For more on the incident, see CyberWire Pro.

A precautionary shutdown at a major US mortgage lender.

Mr. Cooper (previously Nationstar Mortgage LLC), the largest mortgage lending company in the US, has sustained a cyberattack that brought down its IT systems, BleepingComputer reports. The incident affected the company’s online payment portal; the company noted, “Customers trying to make payments will not incur fees or any negative impacts as we work to fix this issue.”

The company said, “On October 31, Mr. Cooper became the target of a cyber security incident and took immediate steps to lock down our systems in order to keep your data safe. Our systems remain locked down, and we are working on a resolution as quickly as possible.” It wasn't immediately clear whether any customer data had been compromised. The company added, “We are actively investigating this event to determine if any data has been compromised. If customers are impacted, they will be notified and provided with identity protection services.” For more on the incident, see CyberWire Pro.

Call centers as targets.

A report from TransUnion looks at fraud attacks targeting call centers in the financial industry, finding that “more than half of respondents say that fraud attacks on call centers are on the rise, based on growth from 2021 to 2022, with financial industry respondents noting an even more acute increase, with a full 90% of respondents indicating at least some observable growth in attacks.” (The company calls these attacks "omnichannel fraud.")

Lance Hood, senior director of omnichannel authentication at TransUnion, stated, “Through the use of tactics such as spoofed phone numbers and social engineering, combined with personal information obtained from identity theft scams and data breaches, fraudsters have become more focused on call centers as a target to access and take over accounts (ATO). More than ever, it’s critically important for call centers to find effective and efficient ways to separate legitimate callers from potentially fraudulent, high-risk ones in a way that reduces friction for the consumer.”

Quit scanning and remediating your entire registry

Runtime Protection will show you exactly what vulnerabilities lie within your application path, so you can zoom in on what's critical and ignore the vulnerabilities that don't matter. No need to burden dev teams – shrink your attack surface and remove 60-90% of your total vulnerabilities in a day.

Decoupling data and identity.

An article by Bruce Schneier and Barath Raghavan in IEEE Spectrum outlines a new approach to cloud security called “decoupling” that could provide better privacy for data stored in the cloud.

Schneier and Raghavan explain, “The less someone knows, the less they can put you and your data at risk. In security this is called Least Privilege. The decoupling principle applies that idea to cloud services by making sure systems know as little as possible while doing their jobs. It states that we gain security and privacy by separating private data that today is unnecessarily concentrated.”

They continue, “To ensure that cloud services do not learn more than they should, and that a breach of one does not pose a fundamental threat to our data, we need two types of decoupling. The first is organizational decoupling: dividing private information among organizations such that none knows the totality of what is going on. The second is functional decoupling: splitting information among layers of software. Identifiers used to authenticate users, for example, should be kept separate from identifiers used to connect their devices to the network.”

This approach advocated is similar to the idea of a software-defined perimeter, in which resources are restricted based on identities. For more on this approach, see the CyberWire.

Microsoft Federal: Mission innovation, secure by design

Cybersecurity is a national security priority. That’s why Microsoft is setting the standard with security built-in. And our 8,000 threat hunters analyze 65 trillion+ signals daily, partnering with federal agencies to protect their digital estate. We help strengthen cybersecurity at scale—from identity, data, and apps to endpoints, infrastructure, and networks—so you can focus on what matters: your mission. Visit aka.ms/FedCyber today to get started.

The cyber front in the Hamas-Israeli war.

The National Interest yesterday published an assessment of cyber operations to date in the war between Hamas and Israel. Israel shut down Internet connectivity in Gaza during the first weeks of the war (and tightened the shutdown over the weekend), and Israel has sustained a variety of hacktivist assaults. Most of these have achieved at most nuisance-level effects. The most prominent were the successful hacktivist intrusion into the Red Alert civil defense missile warning system on October 8, and the October 12th hack of smart billboards in Tel Aviv to display pro-Hamas messages. Israeli defenses seem to have been largely successful in blunting state-directed attacks. The National Interest writes, "the lack of success or diminished presence of state-sponsored threat groups seems to be attributed to the proactive cyber defensive approach adopted by the Israeli National Cyber Directorate (INCD) as well as the mobilization of the country’s cyber security ecosystem."

Hacktivism and state-sponsored cyberattacks against Israel.

Whatever the effectiveness of Israeli cyber defenses, some state-sponsored threat actors have intervened on the side of Hamas (much of this activity is Iranian, some of it Russian). Palo Alto Networks' Unit 42 this morning reported that an Iranian threat group, "Agonizing Serpens" (which other researchers call "Agrius," "BlackShadow," "Pink Sandstorm," or "DEV-0022") is conducting a two-phase campaign against Israeli universities and research organization. The first stage is data theft, with the data subsequently used to dox the victims. Unit 42 sees this as fundamentally an influence operation as opposed to traditional espionage. The information stolen is both personal and proprietary, and doxing is central to the operation; its goal is "to sow fear or inflict reputational damage." The second stage is a wiper attack, which the researchers characterize as a "scorched earth" approach that renders affected endpoints unusable. The attackers gain access through vulnerable web servers through which they deploy web shells. Unit 42 describes three tools used in the wiper phase as novel, not previously seen: MultiLayer (which covers the attacker's tracks), MultiList (which inventories files on the affected system), and MultiWip (the wiper proper).

Uptycs reports that one hacktivist group, GhostSec, formerly an Anonymous affiliate, may be turning its attention to Israel. "Previously dedicated to tracking and disrupting ISIS-related online propaganda, they notably collaborate more closely with law enforcement and intelligence agencies than their predecessor, Anonymous, Uptycs comments. Their recent activity against Israeli targets, however, suggests a shift in the group's interests and focus, especially since that activity is centered on its GhostLocker ransomware-as-a-service operation. The evident profit motive suggests a new complexity to GhostSec's goals and objectives.

Managing influence operations: the case of TASS.

The chief of the major Russian news service TASS was replaced on July 5th, a few days after the Wagner Group's abortive march on Moscow. The Moscow Times reports that the removal was indeed a sacking, and not a retirement or voluntary resignation. The paper quotes an unnamed Russian government official on the change in leadership at TASS: “TASS covered all this," that is, the Wagnerite mutiny, "in too much detail and promptly. Some kind of insanity has happened to them. They have forgotten that their main task is not to report the news. It’s to create an ideologically correct narrative for the Kremlin.” The official added an assessment that TASS now understood its role, and that it would be properly aligned in the future. “The neutrality of TASS is of no use to anyone right now. It’s wartime and presidential elections are looming. The chief [Putin] must win on record. Under the new director general, TASS will be more aggressive and provocative.”

The Moscow Times, which ran this story, is an independent source of news on Russia. It published in English and Russian from Moscow between 1992 and 2022, leaving Moscow for Amsterdam last year to escape an increasingly restrictive and hostile media climate.

Cybercrime on the side of Ukraine.

While cybercriminals have worked for Russia in the hybrid war, either as privateers or co-opted contractors, they've been much less in evidence on the Ukrainian side. HackRead reports, however, a departure from this pattern. Russia's second largest insurer, Rosgosstrakh, has apparently sustained a significant data breach. Someone with the nom-de-hack "Apathy" has offered the stolen data for sale on Breach Forums. The asking price is $50,000, payable in Bitcoin or Monero.

HackRead summarizes the data that appear to be on offer: "The compromised data includes full access to the investment and life insurance department records dating back to 2010. The breach, which has put approximately 3 million bank statements at risk, has also compromised data on 730,000 individuals, with approximately 80,000 individuals’ Russian Social Security Numbers (SNILS) and 45,000 individuals’ complete bank routing information now in jeopardy. The breach also includes access to all life insurance policies and contracts, as well as associated attachments such as passports and scanned documents of public officials or their immediate relatives."

The attack seems be criminally motivated, with no obvious admixture of political or military purpose. (The compromised data do seem to include relatively full information on three Russian GRU agents, but that's hardly enough to qualify the hack as a wartime coup.) Insofar, however, as the cyberattack inconveniences and embarrasses a major Russian enterprise, objectively (as TASS used to say, and may now start saying again) it works in the interests of Ukraine.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

Notes.

Today's issue includes events affecting Armenia, Azerbaijan, Gaza, Iran, Israel, the Netherlands, Russia, Ukraine, the United Kingdom, the United Nations, and the United States.

Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.

Ukraine at D+620: Influence discipline. (CyberWire) Ukrainian strikes seek to isolate the battlefield as concerns about a stalemate persist. Russia disciplines state media to keep them on message.

Israel and Hamas at war: what we know on day 29 (the Guardian) Israeli airstrike on Gaza ambulance convoy kills at least 15, says Hamas-run Gaza ministry; US working ‘hard’ to secure release of hostages

More than 1,000 craters: satellite images show destruction of northern Gaza Strip (the Guardian) One heavily bombed residential area half a kilometre wide has about 100 craters, Guardian analysis reveals

Israel-Hamas war latest: Netanyahu says no ceasefire with Hamas until hostages freed (The Telegraph) Israel will not agree to any temporary ceasefire with Hamas until it frees the hundreds of hostages it is holding captive, Benjamin Netanyahu has said, in an apparent rebuff to US calls for a “pause” to the conflict.

Israeli troops encircle Gaza City and expected to enter in force within 48 hours (the Guardian) Gaza severed into two parts, says Israel, as US sends missile-carrying submarine to Middle East

The End of Israel’s Gaza Illusions (Foreign Affairs) This war is unlike any other—and must begin at home.

The Cyberwarfare Front of the Israel-Gaza War (The National Interest) The Hamas attack on Israel and the subsequent war in Gaza have been accompanied by a myriad of threat actors seeking to turn cyberspace into an additional front.

Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors (Unit 42) A cyberattack series by APT Agonizing Serpens (Agrius) targeting organizations in Israel started in January 2023. We analyze the novel wipers and other advanced tools used.

GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel (Uptycs) Explore GhostSec's GhostLocker Ransomware-as-a-Service (RaaS): from hacktivist roots to Israel cyberattacks; featuring Uptycs' technical insights.

Russia-Ukraine war: List of key events, day 621 (Al Jazeera) As the war enters its 621st day, these are the main developments.

Russia-Ukraine war live: Zelenskiy denies US and Europe pushing for peace talks (the Guardian) Ukraine’s president denies US media report saying Kyiv approached about conditions for peace

A Ukrainian missile strike on a shipyard in Crimea damages a Russian ship (AP News) The Russian military says a Ukrainian missile strike on a shipyard in annexed Crimea had damaged a Russian ship. The Russian Defense Ministry said late Saturday that Ukrainian forces fired 15 cruise missiles at the Zaliv shipyard in Kerch, a city in the east of the Crimean Peninsula.

Ukraine hits Russian warship after 15-missile salvo on Crimea shipyard (The Telegraph) Missile attack could further undermine Russia’s ability to launch counter-attacks

Biden Administration Announces New Security Assistance for Ukraine (U.S. Department of Defense) The DOD announced additional security assistance to meet Ukraine's critical security and defense needs. This includes the drawdown of security assistance from DOD inventories valued at up to $125

Kremlin Sacks TASS Chief for Wagner Mutiny Coverage (The Moscow Times) When Deputy Prime Minister Dmitry Chernyshenko walked up to the state-run TASS news agency’s Soviet brutalist headquarters a few blocks from the Kremlin on July 5, no one suspected that he would announce the appointment of a new general director.

Watch: How Putin’s rule will end as Russia collapses around him (The Telegraph) Russia is heading for an inflection point when the war in Ukraine has a serious impact on the home front

‘I Am Dreaming It Will Stop’: A Deadlocked War Tests Ukrainian Morale (New York Times) Pessimism over prospects for a quick victory is increasing, and the spirit that infused the first days of the conflict is starting to fade, polls find.

Ukraine has blown its best chance to defeat Putin (The Telegraph) Deprived of the weapons it needs to win, and with global attention shifting to Israel, the outlook is terrible

Opinion Ukraine’s supporters need to rethink their theory of victory (Washington Post) “Our experience since the foundation of the Republic,” wrote journalist Walter Lippmann in 1943, “has shown that domestic division over foreign relations is the outward and visible consequence — and not the cause — of an insolvent foreign policy.”

Frontline Facilitators: How Secretive UK Partnerships Supply Wartime Russia (bellingcat) Since Russia’s full-scale invasion of Ukraine in February 2022, UK Limited Partnerships (LPs) have been named as trade intermediaries in thousands of records detailing imports into the belligerent state. The UK has introduced a variety of sanctions aimed at negating Russia’s war efforts. However, experts have long argued these corporate vehicles — which are easy […]

Russia's 2nd-Largest Insurer Rosgosstrakh Hacked; 400GB of Data Sold Online (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) The hackers are selling the trove of data for $50,000 in Bitcoin (BTC) or Monero (XMR) cryptocurrency.

Red Flags: Soviet Symbols Return To Russia's Military (RadioFreeEurope/RadioLiberty) Nearly two years into an invasion with increasingly vague goals, recent photos show symbols from Russia’s Soviet past becoming increasingly mainstreamed as a rallying point for Russian troops.

Ukraine Files Criminal Charges Against Head Of Russian Orthodox Church (RadioFreeEurope/RadioLiberty) The Ukrainian Security Service (SBU) announced on November 4 that it had filed criminal charges against Patriarch Kirill, the leader of the Russian Orthodox Church, in absentia for "justifying" Russia's invasion.

Attacks, Threats, and Vulnerabilities

Apple warns Armenians of state-sponsored hacking attempts (Record) Apple has sent alerts to people in Armenia in recent weeks that their phones are being targeted by state-sponsored hackers, with several cybersecurity experts warning that it is likely tied to Pegasus spyware.

Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks (OODA Loop) Scarred Manticore, an Iranian nation-state threat actor with possible connections to Iran's Ministry of Intelligence and Security, recently used a new 'LionTail' malware framework to attack various organizations in the Middle East. The threat actor

Looney Tunables Vulnerability Exploited by Kinsing (Aquasec) We intercepted Kinsing's experimental incursions into cloud environments and have uncovered their efforts to manipulate the Looney Tunables vulnerability.

Phishing Group Found Abusing .top Domains (CircleID) Threat researcher Dancho Danchev recently discovered a phishing operation that seemed to be abusing .top domains for which he collated 89 email addresses that served as indicators of compromise (IoCs).

Unveiling a New Threat The Millenium RAT (CYFIRMA) EXECUTIVE SUMMARY At CYFIRMA, our mission is to equip you with the most cutting-edge insights into the evolving landscape of...

This tiny device is sending updated iPhones into a never-ending DoS loop (Ars Technica) No cure yet for a popular iPhone attack, except for turning off Bluetooth.

Meet hackers’ favourite new tool: WormGPT (The Sydney Morning Herald) WormGPT is being described as similar to ChatGPT, but with no ethical boundaries or limitations, and Australian businesses are in the firing line.

Navigating the AI Threat Landscape: From Executive Orders to Cyber Frontlines (Flashpoint) Despite the good that AI brings, there are risks that the technology introduces. In this post we take a deep dive into AI threats.

American Airlines pilot union hit by ransomware attack (BleepingComputer) Allied Pilots Association (APA), a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday.

American Airlines pilot union hit with ransomware (Record) The union is working to restore its systems following a ransomware attack, the latest in a rash of cyber incidents affecting the aviation industry.

Clop group obtained access to the email addresses of about 632,000 US federal employees (Security Affairs) Clop ransomware gang gained access to the email addresses of more than 632K US federal employees at the departments of Defense and Justice.

India's Infosys says US unit hit by cyber security event (Reuters) Indian IT service provider Infosys said on Friday its U.S. unit, Infosys McCamish Systems, was impacted by a cyber security event, resulting in the non-availability of certain applications and systems.

Okta defends 2-week gap in response to identity token theft, says 134 customers affected (Record) The identity management company said that from September 28, to October 17, a threat actor “gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers.”

Okta breach: 134 customers exposed in October support system hack (BleepingComputer) Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens.

Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop (SecurityWeek) Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

No, Okta, senior management, not an errant employee, caused you to get hacked (Ars Technica) If a transgression by a single employee breaches your network, you're doing it wrong.

What to know about the recent breach of Okta (Washington Post) A recent breach at digital identity management services provider Okta that led to the targeting of some of its customers probably happened because an employee logged into a personal Google account on a company laptop, Okta said Friday.

1.2M patients impacted after Cook County Health data breach (WGN-TV) Patients who may have been affected are asked to call (888) 867-3881.

Mortgage Giant Mr. Cooper Shuts Down Systems Following Cyberattack (SecurityWeek) Mr. Cooper has suspended operations, including payments, after a cyberattack forced it to take systems offline.

Monero’s community wallet loses all funds after attack (Cointelegraph) A security breach has resulted in the loss of 2,675.73 XMR from Monero's community crowdfunding wallet. The cause and source of the breach remain unidentified.

This top torrent service suffered a major data breach (TechRadar) Huge WiHD database left unprotected online

Cloudflare Dashboard and APIs down after data center power outage (BleepingComputer) An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces (APIs) customers use to manage and read service configurations.

Cybercriminal group claims responsibility for ransomware attack as Ontario hospitals slowly recover (CBC News) Twelve days into a ransomware attack that has upended health-care services at five hospitals in southwestern Ontario, a cybercriminal group claimed responsibility in an online blog, describing how the attack happened and what it says are the millions of private patient records it has stolen.

Data breach at MGM Resorts, parent company of Borgata, expected to cost casino giant $100 million (6abc Philadelphia) The incident, which was detected on Sept. 10, led to MGM shutting down some casino and hotel computer systems at properties across the U.S. in efforts to protect data.

Ace Hardware Still Reeling From Weeklong Cyberattack (Dark Reading) Cyberattackers downed a quarter of the hardware giant's entire IT apparatus. Now, before the company can recover, they're going after individual branches.

The mysterious demise of the Mozi botnet (Week in security with Tony Anscombe) Various questions linger following the deliberate and calculated takedown of the Mozi IoT botnet, including: who actually initiated its demise?

It’s shockingly easy to buy sensitive data about US military personnel (MIT Technology Review) A new report exposes the privacy and national security concerns created by data brokers. US senators tell MIT Technology Review the industry needs to be regulated.

Security Patches, Mitigations, and Software Updates

Cisco Releases Security Advisories for Multiple Products (Cybersecurity and Infrastructure Security Agency | CISA) Cisco released security advisories for vulnerabilities affecting multiple Cisco products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

Discord will switch to temporary file links to block malware delivery (BleepingComputer) Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware.

Trends

Surge in hacktivism aligns with geopolitical tensions in 2023 (SecurityBrief Asia) Cyberattacks surge by 11% amid Israel-Hamas, Ukraine-Russia, and Taiwan-China tensions, highlighting new hacktivist trends.

Irish cybersecurity chief warns of link between cyberattacks and disinformation campaigns (Irish Examiner) The NCSC is involved in combating disinformation campaigns from abroad

CISA sees increase in zero-day exploitation, official says (CyberScoop) Michael Duffy, an official in CISA’s cybersecurity division, says zero-day exploits are “really affecting the federal government networks.”

Dashlane Reveals Global Password Health and Hygiene Improving, But Reuse Leaves Users at Increased Risk: New Report (Business Wire) Dashlane analysis of 19 million users and 22,000 customer organizations finds share of weak, reused and compromised passwords dropped globally in the past year

A day without internet globally costs $43 billion (AtlasVPN) The internet has become such an integral part of our daily lives that we often do not even think about how much we rely on it.

Onclusive's 2024 US Presidential Election Media Impact Analysis Report Reveals Key Insights Surrounding the Election Coverage so far (Onclusive News) Onclusive launches quarterly US Presidential Election Report Analyses the impact and performance of the presidential election candidate campaigns in the media

CYFIRMA Industry Report : LOGISTICS (CYFIRMA) EXECUTIVE SUMMARY The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each...

Individuals targeted in social engineering attacks in 2023 (AtlasVPN) According to data presented by the Atlas VPN team, 31% of all social engineering attacks were aimed at targeted individuals in 2022 and 2023.

Marketplace

Microsoft pledges a dramatic software security overhaul (The Stack) Biggest overhaul of Redmond's security in 20 years sees promises of "code analysis [of] 100% of commercial product”, cryptographic keys to be kept in a hardened Azure HSM, more.

Palo Alto Networks Finalizing $600 Million-Plus Acquisition of Israeli Startup (The Information) Palo Alto Networks is close to acquiring Israeli startup Talon Cyber Security in a deal that could value itat $600 million to $700 million, according to two people familiar with the discussions. The deal couldbe announced as soon asMonday, one of the people said. The acquisition would extend ...

Lumen Technologies officially sells EMEA business for $1.8bn (CRN) On the heels of job cuts and debt restructuring news, the telecom giant announces that it has closed on its deal to sell its EMEA business to London-based Colt Technology Services.

Accenture acquires Spanish cybersecurity firm Innotec Security (CRN) The acquisition is designed to accelerate the company’s growth and market presence in Spain

Aramco’s VC arm invests in Dubai cybersecurity start-up SpiderSilk (ACE Times) Wa’ed Ventures leads funding round that raised $9mln

Threater Announces New Brand and Goes Beyond Blocking (Threater) Threater, the only active defense cybersecurity platform, today announced its new brand identity to reflect a more resilient, diversified company focused on helping customers defend against all-encompassing modern cybersecurity threats.

Splunk sheds 7% of staff amid Cisco's $28B embrace (Register) Have another great quarter? Time to get rid of some staff, then

CISA Awards $3M in Funding for Cyber Education and Training of Next-Gen Cyber Leaders (Cybersecurity and Infrastructure Security Agency) The Cybersecurity and Infrastructure Security Agency (CISA) has awarded two non-profits $1.5 million each in funding through the Cyber Workforce Development and Training for Underserved Communities program. The awardees of the funding are South Memphis Renewal Community Development Corporation and Per Scholas.

Where the Hell Is X CEO Linda Yaccarino? (WIRED) Despite Linda Yaccarino having the top job at X, Elon Musk’s outsize presence may be hampering her ability to succeed.

Lantronix Appoints Saleel Awsare as President and CEO (GlobeNewswire News Room) Synaptics Senior Vice President and General Manager to Join Lantronix Effective November 20, 2023...

Zscaler Accelerates AI Innovations with Appointments of Two Prominent Tech Industry Disruptors (Yahoo Finance) Renowned Leaders in Data, AI and Automation Join Zscaler to Strengthen and Advance AI/ML-powered Zero Trust Platform Claudionor Coelho - Chief AI Officer at Zscaler HEADSHOT: Claudionor Coelho Mohamed Shabar - EVP, Data and AI Platforms HEADSHOT: Mohamed Shabar SAN JOSE, Calif., Nov. 06, 2023 (GLOBE NEWSWIRE) -- Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, reinforces its investments in Artificial Intelligence (AI) with the appointments of two of the industry’s top innovation and tec

Products, Services, and Solutions

New infosec products of the week: November 3, 2023 (Help Net Security) The featured infosec products this week are from: Action1, Enzoic, Immuta, and Snappt.

Announcing Grok (X) Grok is an AI modeled after the Hitchhiker’s Guide to the Galaxy, so intended to answer almost anything and, far harder, even suggest what questions to ask!

Elon Musk’s X Has Started Selling Off Old Twitter Handles For Upwards Of $50,000 (Forbes) Rumored to be in the works for the past year, the initiative appears to have begun rolling out recently, with email solicitations being sent to potential buyers.

YouTube’s Crackdown Spurs Record Uninstalls of Ad Blockers (WIRED) YouTube expanded a “test” that threatens to cut off users who don't turn off their ad blocker. Developers of the tools are scrambling to respond.

What Is Home Title Theft? (Trend Micro News) What is home title theft? Can your home be stolen by hackers? How does home title theft happen and how to prevent it?

Unlock Faster Intelligence-Led Decisions with Silobreaker’s New AI Tool (Silobreaker) Introduction to Silobreaker's new AI tool Threat Intelligence analysts are supporting an increasingly wide range of intelligence requirements from a diverse group of stakeholders. Being able to collect, analyse and disseminate reporting in a timely manner – while maintaining accuracy and delivering actionable insights that speak to the specific needs of intelligence customers – is...

Azion's New Templates Accelerate Edge Adoption and Optimization (Azion Technologies) Elevate your edge projects instantly with Azion's templates. Explore now!

Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning with Trivy KBOM (Aqua) Aqua Security announced its open source solution Trivy now supports vulnerability scanning for Kubernetes components.

More Than Half of Organizations Have Experienced Security Issues in Kubernetes and Containers as They Transition to Cloud Native Environments (Business Wire) New Research from Venafi Reveals Top Trends and Challenges Impacting State of Cloud Native Security

Mezmo Unveils Data Profiling and Responsive Telemetry Pipelines for Kubernetes (GlobeNewswire News Room) With Mezmo, SREs and platform engineers can understand telemetry data clearly, optimize with ease, and respond to incidents rapidly. ...

Tigera Introduces Powerful Enhancements to Calico Open Source and Calico Cloud to Elevate Security, Scalability and Performance (PR Newswire) Calico Cloud's Security Score and Recommended Actions provide an unparalleled view of security risks, enabling enterprises to identify and mitigate them...

NetBrain Launches Network Automation Hackathon to Showcase the Simplicity of Applying No-Code Network Automation to Real-World Network Challenges (Business Wire) NetBrain Power Users can compete to demonstrate their prowess at applying no-code network automation to the problems they see every day.

BIO-key Awarded $800K Follow-On Order for Biometric User Authentication from Leading Government Defense Ministry (GlobeNewswire News Room) BIO-key was awarded an $800K follow-on order for biometric user authentication from a leading government defense ministry, following two orders in Q3....

Trust Swiftly Partners with WooCommerce Anti-Fraud to Enhance Online Fraud Prevention (GlobeNewswire News Room) Trust Swiftly and OPMC Anti-Fraud team up to offer WooCommerce merchants a seamless solution to combat fraud with identity verifications....

Cyera Delivers First-to-Market Automated Remediations Extending Data Security Posture Management From Observability into Security Operations (PR Newswire) Cyera announced today that its cloud-native data security platform now includes automated remediation for sensitive data. Cyera combines...

Setting the Standard: Ambassador Labs Delivers Best Developer Experience Through Flagship Innovations (GlobeNewswire News Room) Ambassador Labs today announced from Kubecon NA 2023 a laser focus on their flagship offerings, Edge Stack API Gateway and Telepresence....

Technologies, Techniques, and Standards

Research: The Impact of Machine Identities on Cloud Native Security in 2023 (Venafi) Learn organizations' top threats and cloud native security challenges, including their approach to cloud native security, challenges faced, ownership among security and development teams, and the foundational role machine identities play within cloud native security.

A Bold New Plan to Make Cloud Computing More Secure (IEEE Spectrum) An approach called “decoupling” could provide better privacy and security online

Forecasting where a hacker will go once inside an OT network (Control Global) Work is ongoing in identifying cyber threats, vulnerabilities and locating hacker penetration in electric utility and other OT networks

Guarding against social engineering attacks (Security) Social engineering attacks are on the rise, and despite increased awareness, human error is still the most successful gateway for most data breaches.

Guarding Against the Unseen: The U.S. Coast Guard's Insider Threat Program (United States Coast Guard) Protecting America's shield from within.

How do you solve a problem like [REDACTED]? (Computing) Developing complex digital solutions to reach the proof-of-concept stage is even more of a challenge when you don’t have access to the sensitive data you need.

Design and Innovation

Microsoft's experiments with AI news spreading misinformation (Computing) Microsoft's move towards AI for MSN news curation has had a serious impact on the quality of information featured on its homepage, say reports.

Legislation, Policy, and Regulation

N. Korea imports second-hand Huawei devices to modernize telecommunications network (Daily NK) North Korea currently has a 3G network in place, but appears to be importing equipment with a view to launch a 4G network

The AI Arms Race Will Be The Next Geopolitical Kingmaker, Experts Warn (The Debrief) Are we headed toward an AI arms race? Experts warn that future conflicts will be strategized and future societies shaped by the technology.

Cybersecurity chief says Ireland is under attack right now (Irish Examiner) Richard Browne tells Cormac O’Keeffe the National Cyber Security Centre is growing to face down the threat from hostile states and cybercriminals, often using artificial intelligence

UN chief Guterres calls for 'united' response to AI threats at UK summit (France 24) UN Secretary-General Antonio Guterres called Thursday for a "united, sustained, global response" to artificial intelligence (AI) threats, as world leaders met in Britain to discuss the risks posed by…

Biden's executive order on AI has 'extensive to-do list' for Homeland Security (ABA Journal) President Joe Biden issued an executive order on artificial intelligence this week that is intended to reduce security risks, protect privacy and prevent use of the technology to discriminate.

Homeland Security needs far better oversight before it embraces AI (The Hill) Indeed, it’s not clear that any neutral observers within the department writ large oversee much of what happens in these powerful agencies.

Joe Biden Has a Secret Weapon Against Killer AI. It's Bureaucrats (WIRED) In Hollywood, taming rogue AI requires military hardware. In Washington, Joe Biden plans to stop AI from harming people by tapping the power of bureaucracy.

How the US aims to tackle the ‘collective action problem’ of ransomware (Nextgov.com) New efforts in the International Counter Ransomware Initiative intend to leverage automated systems to halt illicit financial transactions, according to a White House cyber official.

Election Officials Plead for Federal Cybersecurity Funding (BankInfo Security) Secretaries of state and election administrators told the Senate Committee on Rules and Administration that local election offices are facing a critical lack of

The US just got serious about cybersecurity. Contractors aren’t ready. (C4ISRNet) Opinion: In many cases, companies that hold intelligence aren’t aware of their own role in national security, the author argues.

House intel mulls ‘Plan B’ of short-term 702 renewal amid looming FISA deadline (The Hill) House Intelligence Committee lawmakers tasked with shepherding a bill to reauthorize the government’s warrantless spy powers are considering pushing a short-term extension of the law, saying they n…

Latvian government plans new cyber defense center (LSM) On Tuesday, October 31, the Cabinet of Ministers supported the proposal of the Ministry of Defense to allow the Ministry of Defense and the Central Finance and Contracts Agency to undertake long-term state budget commitments in order to implement and co-finance the cyber security project "National Coordination Center - Latvia" (NCC-LV).

The Case for Banning Crypto (Foreign Affairs) For finance, the blockchain’s risks far outweigh its rewards.

Litigation, Investigation, and Law Enforcement

China Unleashes Crackdown on ‘Pig Butchering.’ (It Isn’t What You Think.) (Wall Street Journal) Beijing is pursuing scam mills that operate out of secretive, dystopian compounds and swindle people worldwide.

Companies scrutinise cyber risk disclosure after SEC charges (The Stack) 'Do not state anything that is subjective and avoid adjectives (e.g., "state of the art," "mature," "advanced," "appropriate," "comprehensive," or "reasonable")' say experts.

How Will the SEC’s Pursuit of SolarWinds Affect Cyber Chiefs? Readers Weigh In (Wall Street Journal) An SEC lawsuit against SolarWinds and its security leader divides the cybersecurity profession.

Industry Reactions to SEC Charging SolarWinds and Its CISO: Feedback Friday (SecurityWeek) SEC charges SolarWinds and its CISO over cybersecurity and risk handling practices before the massive hack that came to light in late 2020.

ICE’s ‘outdated and overly permissive’ device policy left the agency vulnerable, watchdog warns (Nextgov.com) A spring audit of agency mobile devices found several banned and outdated applications installed on personnel and contractor smartphones.

Trio of text flinging menaces collared for breaking PECR (Register) 'High-pressure' sales tactics targeted people registered with Telephone Preference Service

Dutch hacker jailed for extortion, selling stolen data on RaidForums (BleepingComputer) A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide.

US sanctions Russian accused of laundering virtual currency for ransomware affiliate (Record) According to the Office of Foreign Assets Control, Ekaterina Zhdanova worked to help other Russians evade sanctions imposed on the country’s financial system after the invasion of Ukraine.

Treasury eyes bank whistleblowers as it steps up sanctions enforcement (American Banker) The Treasury Department is expanding a whistleblower program, which currently deals only with anti-money-laundering violations, to include tips from employees of financial institutions that result in sanctions-related penalties.

'Corrupt' cop jailed for tipping off pal to EncroChat op (Register) Taking selfie with 'official sensitive' doc wasn't smartest idea, either

AI fake nudes are booming. It’s ruining real teens’ lives. (Washington Post) Artificial intelligence makes it frighteningly easy to transform ordinary pictures into realistic nudes, triggering a surge of fake images of women and teens

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

CyberSatGov (Reston, Virginia, USA, Nov 6 - 8, 2023) Join like-minded colleagues, high ranking intelligence and DoD officials, cybersecurity professionals, satellite industry providers and integrators in dynamic, high-level discussion, one-on-one networking, and informative, solution-oriented sessions.

SANS San Diego Fall 2023 (San Diego and Virtual, California, USA, Nov 6 - 11, 2023) Hands-on cyber security training taught by world-renowned practitioners. Attend in San Diego, CA or live online. At SANS San Diego Fall 2023, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

Predict 2023 (Singapore, Nov 7 - 8, 2023) PREDICT is the world’s leading intelligence summit where executives, security practitioners, technologists, researchers, and journalists come together to hear from experts, learn from one another, and make new connections. From illuminating panels and expert-led workshops, attendees gain practical skills and insights into the future of intelligence.

Cybertech New York (New York, New York, USA, Nov 8 - 9, 2023) Cybertech events feature top executives, government officials, leading decision-makers from a wide range of sectors including critical infrastructure, insurance, retail, health and government, defense, R&D, manufacturing, automotive, and more! Multinational corporations, startups, private and corporate investors, venture capital firms, experts, and clients—come and meet all the key players from the cyber industry and be immersed in everything there is to offer.

Immersive Tech Panel Series: AI (Virtual, Nov 9, 2023) The Future of Privacy Forum has kicked off its Immersive Tech Panel Series, examining the new privacy risks and policy questions that arise when immersive technologies are integrated into domains like health, advertising, transportation, AI, and education. Join us for an engaging discussion on key issues that arise from the use of artificial intelligence (AI) in immersive spaces. What are the potential benefits, challenges, and risks of using generative AI in extended reality environments? What privacy laws, policies, and ethical considerations should be taken into account regarding the use of AI as these technologies are developed? This event will provide valuable insights and guidance to professionals, researchers, and enthusiasts interested in exploring the intersection of AI and immersive technology.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.