Shields Ready, as infrastructure operators look to threats and vulnerabilities.

Announcement

Join us for the Women in Cyber virtual panel discussion.

As part of N2K’s Women in Cyber series and in partnership with Tulsa Innovation Labs, we’re hosting an engaging virtual discussion featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. Register now and join us for this inspiring conversation.

N2K offers a new, on-demand course.

Based on our CSO's latest book, Cybersecurity First Principles: A Reboot of Strategy & Tactics, N2K has launched an on-demand course, featuring Rick “The Toolman” Howard himself as the instructor. Get a high-level overview of the strategies to pursue the absolute cybersecurity first principle: Reduce the probability of material impact due to a cyber attack. It’s the perfect quick-hitting content for busy security professionals, and it’s available now. Learn more here.

Summary

By the CyberWire staff

At a glance.

CISA, FEMA, and Shields Ready.
Ransomware operators exploit 3rd-party tools.
Bittrex bankruptcy phishing campaign.
Spammers abuse Google Forms quizzes.
Imperial Kitten in action against Israeli targets.
Iranian cyberattacks against Israel have been "reactive and opportunistic."
Sandworm and Ukraine's power grid: 2022 attacks.

CISA, FEMA, and Shields Ready.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) on Tuesday launched Shields Ready, “a sustained national campaign to increase the security and resilience of America’s critical infrastructure.” Shields Ready complements CISA’s “Shields Up” campaign; according to FEMA, “Shields Ready focuses more broadly and strategically on how to prepare critical infrastructure for a potential disruption and how to build more resilience into systems, facilities and processes by taking action before a crisis or incident even occurs.”

The approach encourages critical infrastructure operators to focus on the following steps:

“Identify Critical Assets and Map Dependencies: Determine the systems that are critical for ongoing business operations and map out their key dependencies on technology, vendors, and supply chains.
“Assess Risks: Consider the full range of threats that could disrupt these critical systems and the specific impacts such threats could pose to continuity of operations.
“Plan and Exercise: Develop incident response and recovery plans to reduce the impact of these threats to critical systems and conduct regular exercises under realistic conditions to ensure the ability to rapidly restore operations with minimal downtime.
“Adapt and Improve: Periodically evaluate and update response and recovery plans based on the results of exercises real-world incidents and an ongoing assessment of the threat environment.”

For more on the Shields Ready campaign, see CyberWire Pro.

Ransomware operators exploit 3rd-party tools.

The FBI has issued a Private Industry Notification outlining recent trends in ransomware attacks, specifically “ransomware actors exploiting vulnerabilities in vendor-controlled remote access to casino servers, and companies victimized through legitimate system management tools to elevate network permissions.”

The Bureau notes, “The FBI continues to track reporting of third-party vendors and services as an attack vector for ransomware incidents. Between 2022 and 2023, the FBI noted ransomware attacks compromising casinos through third-party gaming vendors. The attacks frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons.” For more on the warning, see CyberWire Pro.

Quit scanning and remediating your entire registry

Runtime Protection will show you exactly what vulnerabilities lie within your application path, so you can zoom in on what's critical and ignore the vulnerabilities that don't matter. No need to burden dev teams – shrink your attack surface and remove 60-90% of your total vulnerabilities in a day.

Bittrex bankruptcy phishing campaign.

Scammers are using the bankruptcy of crypto trading platform Bittrex as phishbait, Abnormal Security warns. The phishing emails targeted former customers of Bittrex, informing them that they still have more than $1,000 stored on the platform that they’ll need to withdraw before Bittrex shuts down. The researchers note, “[T]he timing of the attack was clearly deliberate. Bittrex received bankruptcy court approval on Monday, October 30 to officially shut down U.S. operations. Because this deadline was likely in the court docket, the threat actors had access to this information and were able to determine October 23 was the best day to launch the attack.”

Spammers abuse Google Forms quizzes.

Cisco Talos researchers report a spike in the abuse of the "release results" feature of Google Forms quizzes. It's a way of getting spam sent from trusted Google servers, and so increasing the likelihood that the spam message will find its way through many screens and filters that would have otherwise flagged it as suspect.

Microsoft Federal: Mission innovation, secure by design

Cybersecurity is a national security priority. That’s why Microsoft is setting the standard with security built-in. And our 8,000 threat hunters analyze 65 trillion+ signals daily, partnering with federal agencies to protect their digital estate. We help strengthen cybersecurity at scale—from identity, data, and apps to endpoints, infrastructure, and networks—so you can focus on what matters: your mission. Visit aka.ms/FedCyber today to get started.

Imperial Kitten in action against Israeli targets.

CrowdStrike describes a series of cyberattacks that targeted Israeli organizations in the transportation, logistics, and technology sectors in October 2023. CrowdStrike attributes the campaign to the Iran-aligned threat actor IMPERIAL KITTEN. IMPERIAL KITTEN is believed to be associated with Iran’s Islamic Revolutionary Guard Corps (IRGC), and “likely fulfills Iranian strategic intelligence requirements associated with IRGC operations.” In this case, IMPERIAL KITTEN used spearphishing emails to deliver several strains of malware via malicious Excel documents, including IMAPLoader and StandardKeyboard.

Iranian cyberattacks against Israel have been "reactive and opportunistic."

That Tehran supports Hamas, and that Iran acts against Israel in cyberspace, is beyond dispute. But support, a coincidence of interests, and even sponsorship, don't guarantee or amount to coordination in cyberspace. A study by Microsoft finds that Iranian cyberattacks against Israeli targets have been "reactive and opportunistic," not forming part of an integrated campaign developed in cooperation with Hamas.

There have been many suggestions, in the media and elsewhere, that Iran's government was involved with the planning and even execution of Hamas's attacks on October 7th. At least insofar as cyber support for the operation is concerned, that seems not to have been the case. "Microsoft does not see any evidence suggesting Iranian groups (IRGC and MOIS) had coordinated, pre-planned cyberattacks aligned to Hamas’ plans and the start of the Israel-Hamas war on October 7." In fact, Iranian operators took a week-and-a-half before they began cyberattacks that can be construed as support for Hamas. "Observations from Microsoft telemetry suggest that, at least in the cyber domain, Iranian operators have largely been reactive since the war began, exploiting opportunities to try and take advantage of events on the ground as they unfold. It took 11 days from the start of the ground conflict before Microsoft saw Iran enter the war in the cyber domain."

Redmond also notes that Iran has remained true to its familiar playbook, which always includes influence in its calculus of effects. "Microsoft observes Iranian operators continuing to employ their tried-and-true tactics, notably exaggerating the success of their computer network attacks and amplifying those claims and activities via a well-integrated deployment of information operations. This is essentially creating online propaganda seeking to inflate the notoriety and impact of opportunistic attacks, in an effort to increase their effects."

Sandworm and Ukraine's power grid: 2022 attacks.

Mandiant has released a study of Sandworm's cyberattacks against Ukraine's electrical power grid last year. Sandworm, also known as Voodoo Bear, is a threat actor operated by the GRU's Unit 74455.

"While we were unable to identify the initial access vector into the IT environment," Mandiant wrote, "Sandworm gained access to the OT environment through a hypervisor that hosted a supervisory control and data acquisition (SCADA) management instance for the victim’s substation environment. Based on evidence of lateral movement, the attacker potentially had access to the SCADA system for up to three months." Those three months of preparation culminated in the exploitation, on October 10th, 2022, in the exploitation of end-of-life Hitachi Energy MicroSCADA control systems that brought the affected systems under Sandworm control, and which enabled the attackers to issue commands that tripped breakers in electrical power distribution substations. Two days later Sandworm deployed a new variant of CaddyWiper (discovered in Ukraine the previous March by ESET) which served both to damage the associated IT networks and to obscure its own operations. The attack was marked by living-off-the-land techniques, significant because they "decreased the time and resources required to conduct a cyber physical attack," and because they reduced the likelihood of detection.

The Russian campaign stands out for several reasons. First, it was a successful attack against a widely deployed OT system. Such attacks have been rare, and have proven difficult to execute. Second, the cyberattacks coincided with a kinetic Russian missile campaign designed to cripple Ukrainian infrastructure as winter approached. Such coordination of cyberattack into a combined arms operation has also been rare, and difficult for Russian forces to achieve. Third, the attack showed both careful preparation and an ability to develop offensive tools quickly. And, finally, the attack showed what Russia is likely to attempt in its infrastructure disruption campaign during the winter of 2023 and 2024.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

Notes.

Today's issue includes events affecting Australia, China, the European Union, France, Gaza, India, Iran, Israel, Japan, the Democratic People's Republic of Korea, the Republic of Korea, Pakistan, Russia, Ukraine, the United Kingdom, and the United States.

Looking ahead to Veterans Day.

Veterans Day, as November 11th is celebrated in the United States, will be observed as a Federal holiday this Friday, November 10th. We won't publish tomorrow, but we'll be back as usual on Monday. In the meantime, please spare a thought for all veterans everywhere, all those who served and sacrificed with honor.

Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.

Ukraine at D+223: Russia's 2022 grid attacks as foreshadowing. (CyberWire) Ukraine maintains its counteroffensive pressure. Russian milbloggers channel Tolstoi. And Sandworm's attacks on Ukrainian infrastructure in October 2022 suggest what may be in store for this winter.

Microsoft shares threat intelligence at CYBERWARCON 2023 (Microsoft Security) At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity.

Iran and Hamas showed no signs of cyber coordination in run-up to war, researchers say (Washington Post) There’s no sign that Iranian hackers attacking Israeli targets have coordinated with Hamas in that war, new Microsoft research out today concludes. Instead, the Iranian attacks have been opportunistic in their approach, the researchers say.

IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations (CrowdStrike) CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and technology sectors that occurred in October 2023.

MuddyC2Go – Latest C2 Framework Used by Iranian APT MuddyWater Spotted in Israel (Deep Instinct) The contents of this blog post were originally scheduled to be presented during an upcoming cybersecurity conference. However, interest in this topic has heightened due to the war in Israel and a suspected ongoing attack against Israeli targets. As such, we have decided to publish the relevant findings from the presentation now.

Israel-Hamas war live: talks under way on three-day ceasefire for hostage release; WHO says disease spreading in Gaza (the Guardian) Reported terms would enable more aid to enter territory in exchange for release of dozen hostages held by Hamas

The United States Applauds Germany’s Ban on Hamas Activities (United States Department of State) The United States welcomes Germany’s decision to ban activities supporting Hamas, which builds on the EU’s designation to fully restrict and criminalize support of the terrorist group. As the world witnessed on October 7, Hamas is a dangerous terrorist organization, which engages in barbaric actions and has compounded and perpetuated the suffering of the Palestinian people […]

US says it won’t tell space-imagery companies to stop showing Gaza photos (Defense One) But the satellite firms may be slowing the release of imagery anyway.

Putin calls for closer Russia-China cooperation on military satellites (C4ISRNet) “I mean space, including high-orbit assets, and new prospective types of weapons that will ensure strategic security" of both Russia and China, he said.

Ukraine criticizes calls for talks with Russia as ‘uninformed or misled’ (Al Arabiya News) Ukraine on Thursday criticized calls for Kyiv to hold negotiations with Russia, following reports its allies were pushing for talks in the wake of a underwhelming Ukrainian counter-offensive.

Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (Mandiant) This ICS/OT attack represents the latest evolution in Russia's cyber physical attack capability.

Russian spies behind cyber attack on Ukraine power grid in 2022 - researchers (Reuters) Russian cyber spies were behind a hack which disrupted part of Ukraine's power grid in late 2022 in a rare and advanced form of cyberwarfare, U.S. cybersecurity firm Mandiant, part of Google, said in a report on Thursday.

Hackers Linked To Russian Intelligence Blamed For 2022 Ukraine Grid Disruption (RadioFreeEurope/RadioLiberty) Hackers affiliated with Russia’s military intelligence agency penetrated, and disrupted, parts of Ukraine’s electricity grid late last year using sophisticated new hacking tools, a new report said.

Ukraine updates: Russia hacked Kyiv's power grid — report – DW – 11/09/2023 (Deutsche Welle) A US firm says Russia was able to hack into Ukraine's electricity network in 2022, causing a power outage. Meanwhile, the US and South Korea voice concern about North Korea's links to Russia. Follow DW for the latest.

Russian Hackers Used OT Attack to Disrupt Power in Ukraine Amid Mass Missile Strikes (SecurityWeek) Russian hackers disrupted power in Ukraine using a novel OT cyberattack coincided with missile strikes on critical infrastructure.

Energy security at forefront of NATO-Ukraine Council meeting (NATO) The NATO-Ukraine Council (NUC) met on Wednesday (8 November 2023) at NATO Headquarters to discuss energy security. The meeting was chaired by Deputy Secretary General Mircea Geoană, with the participation of Ukrainian Deputy Minister of Energy Farid Safarov, Deputy Chairman of the State Service of Special Communications and Information Protection of Ukraine Oleksandr Potii, and Deputy Chief of Staff of Ukrainian Air Force Hennadii Sheludko.

BLACK SEA GRAIN DEAL : A GEOPOLITICAL ETLM PERSPECTIVE (CYFIRMA) EXECUTIVE SUMMMARY Ukraine has famously some of the best farmland in the world, and before the invasion, Russia and Ukraine...

The new ‘Geneva code’ for hackers on the cyber battlefield (The Strategist) There’s been plenty of debate about why Russia’s invasion of Ukraine never devolved into the full-blown cyber Armageddon many expected at the start of the war, and what that suggests about the role of cyber ...

Russian ‘influence-for-hire’ firms spread propaganda in Latin America: US State Department (Record) The U.S. government has uncovered an ongoing Russia-funded disinformation campaign across Latin America aimed at undermining support for Ukraine and discrediting the U.S. and NATO.

Stars of David tags in Paris linked to pro-Russia interference: reports (POLITICO) Paris graffiti aimed to sow unrest in French society — a classic Russian move.

Attacks, Threats, and Vulnerabilities

QR Code Phishing: 4 Ways Scanners are Being Scammed (ReliaQuest) QR code phishing is a growing threat that attackers use to deceive targets into clicking on malicious links that elicit their personal information.

Spammers abuse Google Forms’ quiz to deliver scams (Cisco Talos Blog) Cisco Talos has recently observed an increase in spam messages abusing a feature of quizzes created within Google Forms.

Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan (Computing) ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region

Hive Ransomware's Offspring: Hunters International Takes the Stage (Bitdefender Blog) In January 2023, the FBI collaborated with law enforcement agencies in Germany and the Netherlands to successfully dismantle one of the most notorious ransomware groups known as Hive.

MOVEit hackers Cl0p exploit SysAid zero-day – Microsoft (Cybernews) The notorious Cl0p ransomware gang has been caught exploiting a new zero-day vulnerability in the SysAid IT support software.

Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms (SentinelOne) An emerging infostealer being sold on Telegram looks to harness generative AI to streamline cyber attacks on cloud services.

Hacker Leaks 35 Million Scraped LinkedIn User Records (Hackread) The hacker responsible for this leak is the same individual who previously leaked databases from InfraGard and Twitter.

Python obfuscation traps (Checkmarx.com) In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example involves developers being targeted by seemingly legitimate Python obfuscation packages that harbor malicious code.

Highly invasive backdoor snuck into open source packages targets developers (Ars Technica) Packages downloaded thousands of times targeted people working on sensitive projects.

Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools (FBI) As of July 2023, the FBI noted several trends emerging or continuing across the ransomware environment and is releasing this notification for industry awareness. New trends included ransomware actors exploiting vulnerabilities in vendor-controlled remote access to casino servers, and companies victimized through legitimate system management tools to elevate network permissions.

Phishing Attack Driven by Bittrex Bankruptcy (Abnormal) Attackers capitalize on the Bittrex bankruptcy by targeting customers with a convincing credential phishing attack.

Confluence flaw severity raised amid mass exploitation (Register) Attackers secure admin rights after vendor said they could only steal data

Sumo Logic Urges Users to Change Credentials Due to Security Breach (SecurityWeek) Cloud monitoring and SIEM firm Sumo Logic is urging users to rotate credentials following the discovery of a security breach.

How a tiny Pacific Island became the global capital of cybercrime (MIT Technology Review) Despite having a population of just 1,400, until recently, Tokelau’s .tk domain had more users than any other country. Here’s why.

Black Friday warning as ‘grinch bots’ target retailers (Cybernews) Advanced bots, which mimic human shoppers to snap up bargains for resale at higher prices, make up more than half of automated retail traffic for the first time ever, a cybersecurity analyst says.

Cyber attack hits council computer systems at Comhairle nan Eilean Siar (BBC News) The Scottish government and Dell are helping Western Isle Council with a suspected ransomware attack.

Council for Scottish islands faces IT outage after ‘incident’ (Record) The Comhairle nan Eilean Siar — which governs the more than 470,000 people living on the chain of islands — said access to its IT system “has been affected by an incident which has caused significant disruption.”

Kansas' electronic courts system still down weeks after cyber incident | StateScoop (StateScoop) The continued shutdown follows similar cybersecurity incidents in recent years affecting other state courts systems.

CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency | CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29552 Service Location Protocol (SLP) Denial-of-Service Vulnerability

Security Patches, Mitigations, and Software Updates

GitHub Enhances Security Capabilities With AI (SecurityWeek) GitHub adds AI-powered security features to help developers identify and address code vulnerabilities faster.

Trends

Cyber attackers and defenders are racing to up their AI game (CSO Online) As AI technology advances, cyber defenders are spending more on the technology to defend against malicious actors who currently hold an asymmetric advantage in deploying new AI-generated threats.

Generative AI could erode customer trust, half of business leaders say (CSO Online) Businesses leaders admit their company needs to improve security and compliance measures as demands of customers, investors, and suppliers increase.

Survey Finds Data Governance and Security are Top Priorities for 2024, Ahead of AI (PR Newswire) Immuta, a data security leader, today announced the findings of its fourth annual State of Data Security Report, which highlights the current...

The 2024 State of Data Security Report (Immuta) The 2024 State of Data Security Report surveyed 700+ data leaders for their views on AI, data security, visibility, and more. Get your copy.

Marketplace

Winners announced at UK IT Industry Awards 2023 (Computing) The UK IT Industry Awards 2023, held last night in Battersea, London, celebrated the top achievements in the tech world over the last 12 months.

Protecto Joins Cadre of Startups in AI Data Protection Space (SecurityWeek) Silicon Valley startup is pitching APIs to help organizations protect data and ensure compliance throughout the AI deployment lifecycle.

Tidal Cyber Announces $5 million in Seed Funding led by Squadra Ventures to bring threat-informed defense to security operators (PR Newswire) Tidal Cyber, the threat-informed defense company, announced today the company raised $5 million, led by Squadra Ventures with participation...

Protecting society from an unprecedented cyberattack will require more than insurance, says Geneva Association report | The Geneva Association (The Geneva Association) Growing geopolitical tensions and the use of digital technologies are amplifying cyber risks, with cyberattacks increasing by 38% in 2022 compared to 2021, globally.[1] Although the dedicated cyber insurance market has grown rapidly over recent years, a huge protection gap persists, especially if an unprecedented, extreme cyber incident – striking multiple, large segments of the global economy – were to occur.

Cyber Risk Accumulation: Fully tackling the insurability challenge | The Geneva Association (The Geneva Association) Cyber incidents have the potential to strike different, large segments of the global economy at the same time and lead to severe financial and even physical damage. Growing geopolitical tensions and reliance on digital technologies are amplifying cyber risks considerably, and the threat of an unprecedented, extreme cyber incident looms large.

Juniper is laying off more than 100 at its Sunnyvale headquarters (Silicon Valley Business Journal) The network equipment company's Silicon Valley cuts follow its announcement that it planned to lay off 440 people worldwide.

Visa launches cybersecurity training program (Cybersecurity Dive) The card giant rolled out a cybersecurity apprenticeship program last year amid a talent deficit highlighted by the Biden administration.

Zscaler to fortify cloud security with two new AI positions (CRN) Former Salesforce and Advantest AI veterans join to strengthen the vendor’s AI investment

Products, Services, and Solutions

Stack Identity Launches Identity Risk Management Platform on AWS Marketplace to Eliminate Unauthorized Access (Business Wire) Provides customers with direct access to procure the industry's leading identity security solution that automates manual and siloed processes to continuously detect, eliminate and govern the 10 types of Shadow Access

Palo Alto Networks Launches Strata Cloud Manager, Industry's First AI-Powered Zero Trust Management and Operations Solution (Palo Alto Networks) Additional innovations include advanced security capabilities and new Next-Generation Firewalls SANTA CLARA, Calif., Nov. 8, 2023 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW) today introduced...

Onapsis Unveils New Enhancements to Its AI-Driven Security Advisor and Broader Platform, Advancing Greater SAP Visibility and Attack Surface Management (Onapsis) New features offer an enhanced approach for addressing the expanding SAP threat landscape, backed by proprietary data from hundreds of SAP customers and 14 years of security best practices and threat research.

Cybersecurity at a Crossroads: New Implications on Business Risk (Qualys Security Blog) During our 2023 Qualys Security Conference (QSC) taking place in Orlando, Florida, November 6-9, 2023, I unveiled an exciting new milestone for the company – the release of our new Qualys Enterprise…

SentinelOne® Sets New Standard for Cybersecurity with Singularity™ Platform Unity Release (SentinelOne) Next generation of market-leading platform unleashes power of data and AI to drive faster, smarter security decisions

Introducing AI-powered application security testing with GitHub Advanced Security (The GitHub Blog) Learn about how GitHub Advanced Security’s new AI-powered features can help you secure your code more efficiently than ever.

NetRise Releases Industry’s First AI-Powered Semantic Search for Software Supply Chain Security (Netrise) New solution finds compromised, vulnerable assets across firmware & cyber-physical systems using AI.

Introducing Trace: AI Powered Semantic Search for the NetRise Platform (Netrise) NetRise Trace is a first of its kind, AI-powered semantic search solution enabling users to query the entire system based on intent.

CompTIA Security+ certification exam update released (Yahoo Finance) Globally recognized certification validates baseline skills needed to perform core security functionsDowners Grove, IL, Nov. 08, 2023 (GLOBE NEWSWIRE) -- CompTIA, the nonprofit association for the information technology (IT) industry and its workforce, today launched the latest version of CompTIA Security+, a global certification that validates the baseline skills necessary to perform core security functions and pursue a career in IT security.“Cybersecurity jobs are continuing to grow across the

Bitdefender Selected as an Official Partner of the San Antonio Spurs (Bitdefender) Famed NBA Franchise Leverages Bitdefender Managed Detection and Response and Advanced Endpoint Security Technology to Secure its Operations and Stop Cyberthreats Faster

SentinelOne® Enhances Cloud Security with Snyk (SentinelOne) Singularity™ Cloud Workload Security paired with the Snyk Developer Security Platform, helping customers secure cloud-native applications.

Netskope Delivers the Next Gen SASE Branch, Powered by Borderless SD-WAN (Netskope) Expanded solution empowers organizations to eliminate complicated, inefficient legacy branch infrastructure, optimize performance, and unlock massive cost

Akamai and Deloitte Announce Strategic Alliance to Deliver Zero Trust Segmentation and Managed Incident Response (Akamai) The alliance will deliver a unified product and services approach to mitigate ransomware attacks in an enterprise-ready solution

Aqua Security Delivered $5.45M in Benefits for a 207% ROI, According to Independent Study (Aqua) BOSTON—Nov. 9, 2023—Aqua Security, the pioneer in cloud native security, today published the results of a commissioned study conducted by Forrester Consulting titled The Total Economic Impact™ (TEI) Of Aqua Platform, which illustrates the cost savings and business benefits delivered by the Aqua Platform. The study revealed $5.45 million in benefits over three years with […]

QuSecure Earns Select Admission into Amazon Web Services Partner Network’s Highly Respected AWS Global Startup Program (Business Wire) As AWS Global Startup Program’s Only PQC Member, QuSecure Expands Reach and Capabilities with AWS to Bring Singular Orchestrated Cryptographic Agile Cybersecurity Solution to Public and Private Sectors

Tanium and VetsinTech Partner to Train and Develop Military Veterans to Close Tech Talent Gap (Tanium) Tanium and VetsinTech will work to develop, certify, and connect U.S. military veterans with open IT and security positions while simultaneously filling a widening talent gap.

ConnectWise Unveils Robotic Process Automation and New Asio™ Workflow Orchestration (GlobeNewswire News Room) ConnectWise, the world’s leading software company dedicated to the success of IT solution providers...

ConnectWise Announces ConnectWise Sidekick™, the World’s First Purpose-Built AI Companion for Technology Providers (GlobeNewswire News Room) Designed for faster problem resolution, automation of complex tasks, and increased efficiency...

ConnectWise RMM Evolves to Unified Monitoring and Management Solution, Unveiling Cloud and Backup Monitoring Capabilities Alongside New Real-time Interactive Dashboard (GlobeNewswire News Room) ConnectWise, the world’s leading software company dedicated to the success of technology solution...

ConnectWise Delivers Revolutionized Experiences Across Business Management Solutions (GlobeNewswire News Room) ConnectWise, a leading provider of software solutions and services for technology solution providers...

ConnectWise Announces New SaaS Security Workflow Engine and Enhanced SIEM Features (GlobeNewswire News Room) Cybersecurity Management Reimagined to more Efficiently Protect Security Tech Stacks...

Technologies, Techniques, and Standards

Shields Ready | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA’s Shields Ready campaign is about making resilience during incidents a reality by taking action before incidents occur. As a companion to CISA’s Shields Up initiative, Shields Ready drives action at the intersection of critical infrastructure resilience and national preparedness.

DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (FEMA) Today, the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and FEMA launched the new “Shields Ready” campaign to encourage the critical infrastructure community to focus on strengthening resilience. Resilience is the ability to prepare for, adapt to, withstand and rapidly recover from disruptions caused by changing conditions. The new campaign was unveiled during a joint press conference at the Port of Long Beach, alongside speakers from the Long Beach, California, community and members of the U.S. Coast Guard.

US Urges Critical Infrastructure Firms to Get “Shields Ready” (Infosecurity Magazine) Government campaign aims to promote cyber-resilience

US launches “Shields Ready” campaign to secure critical infrastructure (CSO Online) Shields Ready initiative outlines strategies for preparing critical infrastructure organizations for potential disruption and building more resilience into systems, facilities, and processes.

DHS Launches New Critical Infrastructure Security and Resilience Campaign (SecurityWeek) DHS launches Shields Ready, a new campaign promoting security and resilience for critical infrastructure organizations.

Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point (SecurityWeek) Offensive security ("Hacking Back”) as a category has blown past its tipping point, and is in danger of becoming an overused term.

UL Solutions and the Telecommunications Industry Association Launch SPIRE 2.0 to Enhance Smart Building Performance in Cybersecurity, Connectivity and Sustainability (PR Newswire) UL Solutions, a leading global safety science company and the Telecommunications Industry Association (TIA), the trusted industry association...

Key Takeaways from the 2023 Kubernetes Security Report (Wiz Blog) Get the key highlights from the 2023 Kubernetes Security Report, which analyzed 200,000+ cloud accounts to to break down the state of Kubernetes security.

Design and Innovation

Helping People Understand When AI Or Digital Methods Are Used In Political or Social Issue Ads (Meta for Government and Nonprofits) We’re requiring advertisers to disclose when they digitally create or alter a political or social issue ad in certain cases

Meta to Require Campaigns to Disclose AI-Altered Political Ads (Wall Street Journal) Facebook parent said new policy to be in effect at the beginning of next year and ahead of U.S. presidential primaries

Research and Development

Imagining the Future of Quantum Computing for Space (Satellite Today) Space is one of the sectors that could benefit from experimenting with and adopting cutting-edge quantum technologies. This article explores the applications of quantum technologies for space.

Legislation, Policy, and Regulation

How India tamed Twitter and set a global standard for online censorship (Washington Post) For years, a committee of executives from U.S. technology companies and Indian officials convened every two weeks in a government office to negotiate what could — and could not — be said on Twitter, Facebook and YouTube.

US, South Korea and Japan to form council to counter North Korean cyber threats (NK News) The U.S., South Korea and Japan will establish a new forum to coordinate responses to illicit North Korean cyber operations that fund its nuclear program, Seoul’s presidential office announced Monday. The Office of National Security said in a press release that the high-level trilateral consultative body will seek to strengthen “practical joint response capabilities” against […]

Palantir: David Davis MP raises privacy concerns over potential NHS data contract (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.

Response of the Information Technology industry Council to the Request for Information on Open Source Software Security: Areas of Long-Term Focus and Prioritization (ITI) The Information Technology Industry Council (ITI) appreciates the opportunity to provide its perspective on the Request for Information on Open Source Software (OSS) Security: Areas of Long-Term Focus and Prioritization (the RFI). We welcome ONCD’s decision to explore ways in which the government can contribute to the active OSS security ecosystem.

ACLU warns of free-speech risks in FEC oversight of AI-generated election ads (Nextgov.com) The civil liberties group expressed concern over a possible Federal Election Commission rulemaking that would call out content generated by artificial intelligence in the agency’s regulations on fraudulent misrepresentation.

New York Department of Financial Services Amends Its Cybersecurity Regulations (cyber/data/privacy insights) On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized its proposed cybersecurity rules, which build upon existing NYDFS cybersecurity requirements in the Part 500 Cybersecurity Rules. New class of covered entities The updated rules finalize a new class of financi

Litigation, Investigation, and Law Enforcement

Court rules automakers can record and intercept owner text messages (Record) A Seattle-based appellate judge ruled that the practice does not meet the threshold for an illegal privacy violation under state law, handing a big win to automakers Honda, Toyota, Volkswagen and General Motors.

WSJ News Exclusive | SolarWinds Denies SEC Charges Over Cyber Disclosures (Wall Street Journal) The business software maker is denying charges that it lacked adequate cybersecurity controls in the build up to a significant hack of its products in 2020, and accused the U.S. Securities and Exchange Commission of misrepresenting facts in its complaint.

Australia to investigate Optus internet and phone outage (INQUIRER.net) Australia said on Thursday it would launch an investigation into a 12-hour national outage at telco Optus that cut off internet and phone connections to nearly half of its population,

Google and prominent telecom groups call on Brussels to act over Apple’s iMessage (Financial Times) Companies want chat app designated a ‘core’ service that would require it to be fully compatible with rivals

FTC takes shots at AI in rare filing to US Copyright Office (VentureBeat) Critics are accusing the FTC of overstepping its bounds and ultimately undermining the long-held legal doctrine of Fair Use.

New Jersey Keeps Newborn DNA for 23 Years. Parents Are Suing (WIRED) All US states take pinpricks of blood from newborns to test for diseases. New Jersey stores them for decades and may allow them to be used in police investigations.

Approximately 150 Business and Public Sector Leaders Participate in Cybersecurity Conference Co-Hosted By The Maryland U.S. Attorney’s Office And The University Of Maryland (Maryland U.S. Attorney’s Office) On November 6, 2023, approximately 150 business and public sector leaders participated in a cybersecurity conference co-hosted by the U.S. Attorney’s Office for the District of Maryland and the University of Maryland. The conference included panels of cybersecurity experts from government and the private sector discussing the emerging threats, best practices, and effective collaboration between federal, state, and local agencies, the private sector, and law enforcement.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

SANS San Diego Fall 2023 (San Diego and Virtual, California, USA, Nov 6 - 11, 2023) Hands-on cyber security training taught by world-renowned practitioners. Attend in San Diego, CA or live online. At SANS San Diego Fall 2023, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

Cybertech New York (New York, New York, USA, Nov 8 - 9, 2023) Cybertech events feature top executives, government officials, leading decision-makers from a wide range of sectors including critical infrastructure, insurance, retail, health and government, defense, R&D, manufacturing, automotive, and more! Multinational corporations, startups, private and corporate investors, venture capital firms, experts, and clients—come and meet all the key players from the cyber industry and be immersed in everything there is to offer.

Immersive Tech Panel Series: AI (Virtual, Nov 9, 2023) The Future of Privacy Forum has kicked off its Immersive Tech Panel Series, examining the new privacy risks and policy questions that arise when immersive technologies are integrated into domains like health, advertising, transportation, AI, and education. Join us for an engaging discussion on key issues that arise from the use of artificial intelligence (AI) in immersive spaces. What are the potential benefits, challenges, and risks of using generative AI in extended reality environments? What privacy laws, policies, and ethical considerations should be taken into account regarding the use of AI as these technologies are developed? This event will provide valuable insights and guidance to professionals, researchers, and enthusiasts interested in exploring the intersection of AI and immersive technology.

innovate Connect (Grapevine, Texas, USA, Nov 12 - 14, 2023) Join Innovate Connect for 3 days of premier cybersecurity education content delivered by subject matter experts, peer to peer networking and learning opportunities, and breakout sessions with top vendors – all tailored for the needs of MSPs. At Innovate Connect, we provide more than just a platform for engagement and content. We empower MSPs to connect with top cybersecurity experts, enabling them to expand and grow their business. This is chance for MSPs to learn and discover ideas, forge valuable partnerships with cyber experts and other MSPs, and unlock a world of new possibilities in the cybersecurity space. Featuring key sponsors such as Pax8, Dell, and Kaseya!

Cybersecurity & Ransomware Live! – Part of Live! 360 (Orlando, Florida, USA, Nov 12 - 17, 2023) Are you ready to fortify your organization's cybersecurity and protect it from the ever-evolving threats of the digital world? If so, join us for Cybersecurity & Ransomware Live! (Part of Live! 360) taking place this November 12-17 at the Royal Pacific Resort, Universal Orlando. You will embark on an immersive journey into the world of cybersecurity and learn invaluable strategies to safeguard your digital assets.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.