Lawfare, warfare, and old-fashioned crime in the hybrid battlespace.

Summary

By the CyberWire staff

At a glance.

Rhysida malware: a warning and a description.
Extending local breaches in Google Workspace.
Protestware in open-source products.
Donation scam: exploiting sympathy.
Cyber safety for the holidays.
Allocating resources for security.
Using regulatory risk to pressure a ransomware victim.
A call for regulatory action against a supply chain threat.
GRU's Sandworm implicated in campaign against Danish electrical power providers.

Rhysida malware: a warning and a description.

The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint Cybersecurity Advisory describing the Rhysida ransomware-as-a-service operation: “Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors and any ransom paid is split between the group and affiliates. Rhysida actors leverage external-facing remote services, such as virtual private networks (VPNs), Zerologon vulnerability (CVE-2020-1472), and phishing campaigns to gain initial access and persistence within a network.”

Fortinet has published an analysis of a Rhysida intrusion, noting, “The majority of the TTPs employed by the threat actor during this intrusion are typical for these types of ransomware intrusions, and no novel techniques were observed....While the threat actor may have had more sophisticated TTPs within their repertoire, in this case, they were able to achieve their outcomes using exclusively unsophisticated, known TTPs. As ransomware and extortion-based attacks continue to affect thousands of victims like this one across the globe every day, organizations should focus on ensuring they can detect more of the basic TTPs employed throughout this intrusion.” For more on Rhysida and its place in the C2C market, see CyberWire Pro.

Extending local breaches in Google Workspace.

Researchers at Bitdefender have uncovered “previously unknown attack methods for escalating a compromise from a single endpoint to a network-wide breach” in Google Workspace. The technique involves an OAuth 2.0 refresh token stored by Google Credential Provider for Windows (GCPW): “[T]he refresh token follows a two-step storage process. First, it's temporarily stored in the registry, and later, it finds a more permanent home under the user's Chrome profile. Decrypting it is possible from both locations, each with its own set of pros and cons. The registry approach is stealthier, offering a discreet way to access the token. However, it has a drawback—it's available for a limited time only. On the other hand, the profile-based storage method provides a more extended timeframe for access but is harder to conceal, making it a noisier option.”

Protestware in open-source products.

ReversingLabs today draws attention to the phenomenon of "protestware," that is, the practice of concealing scripts advocating some political position in NPM packages embedding in open-source software. The message is commonly displayed after a user installs or executes the software. "Although the latest packages are not malicious," ReversingLabs researchers say, "they underscore a persistent risk in open source software, in which unintended and malicious features can lurk undetected — even in widely used applications." The two campaigns discussed in the report are being run, separately, in the Palestinian and Ukrainian interest, and, while protestware tends to shadow current events, it's not confined to the fighting in Ukraine or Gaza.

Real time cloud security powered by runtime insights. Secure every second.

In the cloud, every second counts. Attacks move at warp speed; security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. We correlate signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation. Visit our website to learn more.

Donation scam: exploiting sympathy.

Abnormal Security warns that a phishing campaign is soliciting fraudulent donations for children in Palestine: “After asking for contributions ranging from $100 to $5,000, the attacker explains that donations can be made using cryptocurrency and provides wallet addresses for Bitcoin, Litecoin, and Ethereum—three of the most popular digital currencies. To further increase legitimacy and create one final opportunity to manipulate the recipients, three links to recent news articles discussing the impact of the conflict on children in the region are included at the bottom of the email.”

Cyber safety for the holidays.

A report from Visa outlines cyber threats facing consumers during the holiday season: “Visa’s data shows that for the top merchant categories targeted by fraudsters, 2022 holiday fraud rates increased 11% over their non-holiday fraud rate and saw an increase of 8% over the previous year during this time.” The report warns users to be on the lookout for digital skimming, phishing and social engineering, ATM and POS skimming, one-time passcode bypass and provisioning fraud, and physical theft.

Allocating resources for security.

S-RM has released its Cyber Security Insights Report for 2023, looking at cybersecurity trends and challenges over the past year. The report found that “[s]erious cyber incidents continue to occur across all sectors and the average direct costs relating to one incident increased 11% YoY to USD 1.7 million.” Additionally, 63% of respondents said their organizations had experienced a serious cyber incident within the past three years.

The researchers state, “The top three impacts of a cyber attack on our respondents were increased insurance premiums (37%), operational downtime (36%) and recovery/response costs (32%). The average direct costs associated with these impacts was USD 1.7 million per incident, however in the extractives sector, these costs were almost 80% higher than average, standing at USD 3 million.”

Optimize the value of your biggest investment – your cyber talent.

Gain actionable insights to continuously build and maintain high-performance teams, climb the knowledge curve, and stay ahead in a rapidly changing world. CyberVista’s Strategic Cyber Workforce Intelligence is a comprehensive solution designed to identify current capabilities and develop a data-driven framework to enrich hiring, upskilling, and career mobility efforts in your people strategy that evolves with ongoing organizational transformation. Learn more.

Using regulatory risk to pressure a ransomware victim.

BleepingComputer reports that ALPHV/BlackCat ransomware gang has dimed out one of its claimed victims to the US Securities and Exchange Commission (SEC). Their victim, the criminals allege, failed to disclose a cyber incident that had a material impact on its business by filing an 8K within the prescribed four days. ALPHV/BlackCat claimed to have stolen data from software company MeridianLink on November 7th. MeridianLink hasn't paid, and so the gang has reported the company to the SEC. MeridianLink says it's found no evidence of data loss.

The gang received an automated reply from the SEC ("Thank you for contacting the United States Securities and Exchange Commission," etc.) but it's unlikely their complaint will be found to have merit. For one thing, the SEC's new disclosure rule doesn't take formal effect until December 15th, even though companies are already adjusting their practices to come into compliance. And for another thing, public companies will be required to disclose attacks that have a material impact. Who made BlackCat the expert on materiality?

A call for regulatory action against a supply chain threat.

The Electronic Frontier Foundation has asked the Federal Trade Commission (FTC) to stop resellers from selling set-top Android boxes and mobile devices known to be compromised with malware. The ban the EFF advocates would affect devices manufactured by AllWinner and RockChip. These devices, the EFF says, were found by HUMAN researchers to be infected with BadBox malware. "When first connected to the internet, these infected devices immediately start communicating with botnet command and control servers, the letter explains. Then they connect to a vast click-fraud network—in which bots juice advertising revenue by producing bogus ad clicks." The infected devices can also be used to stage other attacks without their owners' knowledge, and this exposed them to legal risk as well as ordinary cyber risk. The EFF argues that this supply chain problem is a consumer protection issue, which therefore clearly lies within the FTC's remit.

GRU's Sandworm implicated in campaign against Danish electrical power providers.

SektorCERT, Denmark's "cyber security centre for the critical sectors," this week described what it characterized as the largest cyberattack on record against that country's critical infrastructure. In May of this year an APT group, which SektorCERT associates with the Sandworm, simultaneously hit twenty-two companies in Denmark's highly decentralized electrical power sector. The attacks, which began on May 11th and continued into the last week of that month, exploited CVE-2023-28771, a critical command injection flaw affecting Zyxel firewalls. That vulnerability had been disclosed and addressed in late April, but the attackers were able to find enough unpatched systems to gain access.

The attack was ultimately detected and stopped without disruption to power distribution, but it seems to have been aimed at gaining comprehensive access to Denmark's grid. The attacks proper were preceded by a reconnaissance phase that began in January. A simultaneous attack against so many targets suggests both careful planning and determined execution. SektorCERT properly notes the difficulties of attribution, and itself stops short of saying the incident was the work of Russia's GRU, but on form it certainly looks like a Sandworm operation. Similar attacks have been mounted against Ukraine's power grid, and the incident in Denmark strongly suggests that infrastructure in what Moscow tends to call the "collective West" can be expected to figure in Russian target lists.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

Notes.

Today's issue includes events affecting Australia, China, Czechia, Denmark, Gaza, Iran, Ireland, Israel, Mexico, Russia, Ukraine, the United Kingdom, and the United States.

Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.

Ukraine at D+670: GRU may be expanding its targeting. (CyberWire) Both sides look for ways to break out of positional warfare's unstable stalemate. Ukraine continues to expand its foothold on the east bank of the Dnipro, and Russia makes a minor advance at great cost against Avdiivka. The GRU seems to have expanded its cyber targeting to infrastructure in Western Europe.

Iran tells Hamas it will not enter the war with Israel (The Telegraph) Supreme leader accuses the terror group of not giving any prior warning of the Oct 7 attacks

NSA's Joyce: Israel faces 'enormous amount of cyber pressure' from Iran, hacktivists (Record) Israel is experiencing direct cyber and misinformation attacks from a variety of adversaries as it battles Hamas, according to NSA’s Rob Joyce.

Israel-Hamas war live: IDF says it has hit Hamas leader’s house; Biden defends refusal to call for ceasefire (the Guardian) Israel Defense Forces say airstrike hit Ismail Haniyeh’s home; US president appears to acknowledge Israeli bombing campaign has been ‘indiscriminate’

UN Security Council adopts resolution calling for urgent humanitarian pauses and corridors in Gaza (AP News) The U.N. Security Council has approved a resolution calling for “urgent and extended humanitarian pauses and corridors throughout the Gaza Strip” after four failed attempts to respond to the Israel-Hamas war.

Joe Biden issues strident defence of refusal to call for ceasefire in Gaza (the Guardian) US president argues Hamas has said it will not stop attacking Israel, and says he is ‘mildly hopeful’ of hostage deal

Attackers Exploit Crisis for Fraudulent Crypto Donations (Abnormal) Attackers attempt to solicit fraudulent donations via cryptocurrency transfers under the guise of collecting donations for children in Palestine.

Russia-Ukraine war live: Ukraine has claimed initiative in Black Sea and forced Russian navy to pull back, Zelenskiy says (the Guardian) Ukraine’s president says use of naval drones has prevented Russia from using Black Sea as springboard

The Russian Federation’s Ongoing Aggression Against Ukraine (U.S. Mission tot he OSCE) On November 20th, the international community will commemorate World Children’s Day. While most children around the world will mark this day with their families and classmates in school, Ukrainian children will continue to face the psychological stress of airstrikes on playgrounds and supermarkets, relatives gone missing, and the unbearable anguish of parents and other family members killed by Russian troops.

Being drafted into Russia’s army in Ukraine is becoming a death sentence (The Telegraph) Nobody comes back from the front line unless they're dead or wounded

With Talk Of A Stalemate And Potential Elections, Politics Seeps Back Into Ukraine (RadioFreeEurope/RadioLiberty) As the war drags on and another winter approaches, rumblings about elections next year and talk of a “stalemate” on the battlefield have exposed fault lines in a country whose unity has been a crucial force in an existential struggle against the Russian invasion.

A Brief Summary of the Battle of the Black Sea (USNI) Last year, Ukraine put out an unusual crowdfunding request. It aimed to build 100 sea drones, which it would use to attack Russia’s Black Sea Fleet and ports.

Ukraine-Russia war live: I will keep focus on Ukraine, David Cameron assures Zelensky on first visit (The Telegraph) Lord Cameron has promised Volodymr Zelensky that the UK will help to keep the world focussed on the war in Ukraine, on his first visit as Foreign Secretary.

As Putin Girds for a Long War, Europe Seeks to Harden Sanctions on Russia (Wall Street Journal) With sanctions so far failing to dent Moscow’s attack on Ukraine, the EU is looking for new ways to erode the Russian economy.

CISA's Goldstein: Ukrainian response to Viasat hack proves need for redundancy, resilience (Record) The Ukrainian military’s ability to recover from the Russian attack on satellite company Viasat is an example of the need for redundant systems and resilient organizations, according to a top U.S. government cybersecurity official.

Suspect Russia cash movements trigger Italian intelligence alert (Decode39) The Russian Embassy in Rome is in the Italian intelligence’s crosshairs, as its staff withdrew 4 million in cash since February 2022. It’s quite likely the money was used to pay agents and spread propaganda campaigns

Prague Freezes Russian Property On Czech Territory (RadioFreeEurope/RadioLiberty) The Czech government on November 15 froze property owned by Russia on Czech soil as it put a company managing Russian property abroad on its sanction list.

Woman Charged In Killing Of Pro-Kremlin Blogger Pleads Not Guilty As Trial Starts (RadioFreeEurope/RadioLiberty) Darya Trepova, who is suspected of involvement in the killing of prominent pro-Kremlin blogger Vladlen Tatarsky, pleaded not guilty to a charge of terrorism as her trial started on November 15 in St. Petersburg.

Attacks, Threats, and Vulnerabilities

China, Russia And Iran Have Been Blamed For Cyber Attacks On Australia (Nation World News) The Australian Signals Directorate's (ASD) annual cyber threat report reveals that China, Russia and Iran are the main sponsors of serious hacking actions

Russia's Sandworm Linked to Unprecedented Danish Energy Hack (Bloomberg) An unprecedented cyberattack on Danish energy producers this year is linked to a familiar culprit.

Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (The Hacker News) Denmark's energy sector hit by massive cyberattack! In May 2023, 22 Danish energy sector companies were simultaneously targeted.

Denmark hit with largest cyberattack on record (Cybernews) Hackers potentially linked to Russia’s military intelligence carried out a series of highly coordinated cyberattacks on Danish energy infrastructure in the spring, a new report says.

#StopRansomware: Rhysida Ransomware (Cybersecurity and Infrastructure Security Agency | CISA) This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors.

Investigating the New Rhysida Ransomware (Fortinet Blog) FortiGuard Labs sheds insights into the operations, tactics, and impact, including a novel technique involving ESXi-based ransomware of an incident involving the Rhysida ransomware group. Learn mor…

Analyzing Rhysida Ransomware Intrusion (Fortinet) Rhysida is a relatively new ransomware group that claimed its first public victim in May 2023. This threat actor group employs its own ransomware, also called Rhysida, which they also offer as a Ransomware-as-a-Service (RaaS).

The Chain Reaction: New Methods for Extending Local Breaches in Google Workspace (Bitdefender Blog) Modern EDR and XDR solutions do not operate deterministically.

Hackers are exploiting 'CitrixBleed' bug in the latest wave of mass cyberattacks (TechCrunch) Hackers are mass-exploiting a critical bug in Citrix NetScaler systems to launch crippling cyberattacks against big-name global organizations.

Citrix Bleed: CVE-2023-4966 Vulnerability Analysis and Exploitation (CYFIRMA) EXECUTIVE SUMMARY The CYFIRMA Research team delves into the critical cybersecurity landscape surrounding the Citrix Bleed vulnerability, marked by CVE-2023-4966....

Protestware taps npm to call out wars in Ukraine, Gaza (ReversingLabs) ReversingLabs researchers have discovered npm packages that hide scripts broadcasting messages of peace related to the conflicts in Ukraine and in Israel and the Gaza Strip.

New Intel CPU Vulnerability 'Reptar' Can Allow DoS Attacks, Privilege Escalation (SecurityWeek) A new Intel CPU vulnerability tracked as Reptar and CVE-2023-23583 can be exploited for DoS attacks and possibly privilege escalation

Attacker targeting Python developers (Checkmarx.com) For close to six months, a malicious actor has been stealthily uploading dozens of malicious Python packages, most of them mimicking the names of legitimate ones, to bait unsuspecting developers.

New ransomware groups help drive surge in attacks (ITWeb) Of the 60 multi-point extortion ransomware gangs whose activities WithSecure has tracked during the first nine months of 2023, 29 are new.

US says Royal ransomware gang plans 'Blacksuit' rebrand (TechCrunch) The prolific Royal ransomware gang targeted hospitals, healthcare organizations, and critical infrastructure across the United States.

Hackers Claim Major Data Breach at Smart WiFi Provider Plume (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Plume has not confirmed the data breach but has acknowledged that the company is aware of the claims made by hackers.

Samsung hit by new data breach impacting UK store customers (BleepingComputer) Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.

Gamblers’ data compromised after casino giant Strendus fails to set password (Security Affairs) Mexican online casino Strendus has exposed sensitive user data, including home addresses and the amounts of money they spent on gambling.

Security incident at Beaverton School District may have compromised student passwords (KGW) The district said IT teams are working on reinstating student accounts and devices but didn't give a time frame for when that would happen.

Anger as Fife GP patients' private details leaked in 'deeply concerning' data breach (The Courier) Invoices containing names, dates of birth and details of private work carried out at Tayview Medical Practice were released in an email.

Digital pharmacy startup Truepill says hackers accessed sensitive data of 2.3 million patients (TechCrunch) The digital health unicorn says the data breach includes the personal information of millions of patients.

Cyber-related rail incidents have killed more than 490 people (Control Global) The government and industry cybersecurity guidelines have often failed to address the control system cyber issues that have resulted in catastrophic control system cyber rail ...

Clorox CISO flushes self after multi-million-dollar attack (Register) Plus: Ransomware crooks file SEC complaint against victim

Clorox Cyber Chief Leaves While Company Recovers From Devastating Hack (Bloomberg) Attack disrupted manufacturing operations for several weeks. Group known as ‘Scattered Spider’ suspected in security breach.

Security Patches, Mitigations, and Software Updates

Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities (SecurityWeek) Intel and AMD have informed their customers about a total of more than 130 vulnerabilities found in their products.

Trends

GRIT Ransomware Report: October 2023 (Guidepoint Security) October proved to be much quieter than expected. Compared to the massive month of September 2023, where threat actors posted 495 victims, October represents a significant cooling off with a 32% reduction in victims month over month. Despite the slowdown this month, October’s victim counts still dwarf those from the beginning of 2023. This likely short-term reduction is mostly indicative of just how busy ransomware groups were in Q3. Despite the smaller pool of victims, the number of active ransomware groups has not significantly changed, with many of the larger Established groups showing stability while the smaller Ephemeral and Emerging actors demonstrate staying power.

Cyber budgets fail to meet expectations with only 1% increase on previous year in the U.S., finds S-RM (S-RM) In 2023, the average cyber budget for large organizations grew by 3.1% YOY globally to USD 27.10 million — but only by 1% YOY in the U.S.

Identity Fraud Report (Onfido) Get the latest identity fraud trends and threats, and get best practice advice for fraud prevention in this report.

New Report Shows 95% of CISOs, CSOs and CIOs Fear Identity-related Threats (PR Newswire) Omada A/S ("Omada"), a global leader of Identity Governance and Administration (IGA), today released its State of Identity Governance Report...

Marketplace

SonicWall Acquires Managed Detection and Response Services Tailor-Made for MSPs/MSSPs (SonicWall) Acquiring Solutions Granted, Inc. expands SonicWall’s cybersecurity solutions creating a cost-effective, flexible, and technology-driven managed security offering

For top cybersecurity talent, companies pay over $500,000: Report (CSO Online) Cybersecurity strategy success depends on appropriate staff size and salary to retain top talent, according to a report from security analysis firm IANS.

Ping Identity lays off employees after merger with San Francisco-based ForgeRock (Bay Area Inno) Ping Identity, a cloud-based cybersecurity company, recently laid off several employees following a merger with San Francisco-based ForgeRock.

Denver-based Ping Identity goes through layoffs after merger with San Francisco company (Denver Business Journal) Denver-based Ping Identity, a cloud-based cybersecurity company, recently laid off several employees. This round of layoffs comes less than three months after Ping merged with San Francisco-based ForgeRock, an identity and access management software company.

Blacklisted spyware firm looks for inroads amid war in Gaza (POLITICO) NSO Group has been meeting with lawmakers from both parties since the attack on Oct. 7.

Cybersecurity Warning Puts Palo Alto’s 85% Rally in Spotlight (Bloomberg) One investor sold Palo Alto Networks shares ahead of earnings. Bulls see it gaining more as a leader in the cyber industry.

Juniper Networks Falls as CISA Calls for Feds to Secure Devices (HS Today) Juniper Networks (NYSE:JNPR) shares fell almost 1% on Monday as the Cybersecurity and Infrastructure Security Agency reportedly warned federal offices today to secure their Juniper-made devices by this week after it found issues with its code.

Products, Services, and Solutions

Tanium Unveils the Future of its Autonomous Platform at Annual Converge Conference (Business Wire) Company announces Tanium AI and new innovations in Autonomous Endpoint Management to drive operational efficiency and faster risk mitigation through automation

Wiz becomes the first CNAPP to provide AI Security Posture Management (Wiz Blog) Wiz extends its platform to secure AI with AI-SPM capabilities, helping organizations accelerate their AI innovation in the cloud.

Onfido launches first Fraud Lab capable of creating synthetic attacks at scale as deepfakes increase 31X (Onfido) Onfido publishes 2024 Identity Fraud Report, revealing steep rise in deepfake fraud and other security trends and recommendations: Video spoofs now account for 80% of…

Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite (Microsoft) The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security.

Versa Networks Announces Participation in Microsoft Security Copilot Partner Private Preview (Versa Networks) Versa Networks Announces Participation in Microsoft Security Copilot Partner Private Preview Combination of Microsoft Security Copilot with Versa’s Secure Networking Telemetry and Insights will Provide more Robust Protection against Cyberthreats in areas of Better Anomaly Detection, Faster Response to Security Incidents, and more Effective Mitigation of Risk Santa Clara, Calif. – Nov. 15, 2023 Versa

ContraForce is a Proud Participant in Microsoft’s Security Copilot Partner Private Preview (Business Wire) ContraForce today announced its participation in the Microsoft Security Copilot Partner Preview. ContraForce was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.

Zimperium Recognized as a Proud Participant in the Microsoft Security Copilot Partner Private Preview (PR Newswire) Zimperium, the only mobile-first security platform for mobile devices and mobile apps, today announced its participation in the Microsoft...

HUMAN is a proud participant in the Microsoft Security Copilot Partner Private Preview (HUMAN) HUMAN Security, Inc. announced it has disrupted a key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices, sold to end users through major retailers originating from repackaging factories in China.

Cyware is a Proud Participant in the Microsoft Security Copilot Partner Private Preview (Business Wire) Cyware today announced its participation in the Microsoft Security Copilot Partner Private Preview. Cyware was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.

HYAS is a Proud Participant in the Microsoft Security Copilot Partner Private Preview (Business Wire) HYAS Infosec today announced its participation in the Microsoft Security Copilot Partner Private Preview. HYAS Infosec was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting-edge functionality, and close relationship with Microsoft.

Gigamon is a Proud Participant in the Microsoft Security Copilot Partner Private Preview (Business Wire) Gigamon Deep Observability Pipeline joins Security Copilot ecosystem supporting AI for security teams

CISO Global Participates in Microsoft Security Copilot Partner Private Preview (GlobeNewswire News Room) CISO Global (NASDAQCM: CISO) today announced its participation in the Microsoft Security Copilot...

Qualys Participates in the Microsoft Security Copilot Partner Private Preview (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security, and compliance solutions, today announced...

Quorum Cyber is a proud participant in the Microsoft Security Copilot Partner Private Preview (Quorum Cyber) Quorum Cyber today announced its participation in the Microsoft Security Copilot Partner Private Preview. Read more.

Trustwave Joins Microsoft’s Security Copilot Partner Private Preview (Trustwave) Trustwave is proud to announce it is now a full participant in the Microsoft Security Copilot Partner Private Preview.

Cohesity Expands Collaboration with Microsoft to Bring Enhanced Data Security and Backup Protections to Microsoft 365 (Business Wire) Integration of Cohesity DataProtect and Microsoft 365 Backup Storage Aims to Deliver Fast Data Recovery and Resilience Against Cyber Risk

Illumio is a proud participant in the Microsoft Security Copilot Partner Private Preview (GlobeNewswire News Room) Illumio, Inc., the Zero Trust Segmentation company, today announced its participation in the...

BlueVoyant is a Proud Participant in the Microsoft Security Copilot Design Advisory Council (PR Newswire) BlueVoyant, a cybersecurity company that illuminates, validates, and mitigates internal and external risks, today announced its participation...

Corelight is a Proud Participant in the Microsoft Security Copilot Partner Private Preview (PR Newswire) Corelight, the leader in open network detection and response (NDR), today announced its participation in the Microsoft Security Copilot Partner...

Centripetal Launches Global Partner Program, Empowering Partners to Proactively Leverage Threat Intelligence for Unparalleled Protection (Business Wire) Company Kicks Off Program with Worldwide Partners to Drive Growth and Accelerate Customer Value

Bulletproof is a proud participant in the Microsoft Security Copilot Partner Private Preview (Yahoo Finance) Bulletproof today announced its participation in the Microsoft Security Copilot Partner Private Preview. Bulletproof was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.

The latest Titan Security Key is in the Google Store (Google) During today’s Aspen Cyber Summit in New York City, we rolled out the latest version of our Titan Security Key — now available on the Google Store.

SecurityBridge Ramps Up U.S. Support Teams To Further Bolster SAP Cybersecurity Growth Throughout North America (ABC27) Elizabeth Murphy Joins SecurityBridge's U.S. team as VP of Global Sales, Alliances, and Channels SecurityBridge, a leading global provider of SAP security solutions.

KnowBe4 Is Now FedRAMP® (Federal Risk and Authorization Management Program) Moderate Authorized (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced that its KMSAT and...

Flexxon’s AI-based cybersecurity solution promises to tackle cybercrime (WIPO) The cost of cybercrime set to rise to USD 10.5 trillion by 2025, crippling businesses and critical infrastructure. Camellia (Cam) Chan, CEO and co-founder of Flexxon, a Singapore-based hardware-based cybersecurity solutions manufacturer, and co-founder, Camellia (Cam) Chan, discusses outlines Flexxon’s novel approach to cybersecurity and its commitment to innovation and IP to safeguard digital citizens everywhere.

iTWire - Radware to deliver advanced DDoS protection for data centre infrastructure of leading telecom (IT Wire) COMPANY NEWS: Radware (NASDAQ: RDWR), is a leading provider of cyber security and application delivery solutions, announced it signed an agreement with a leading European telecom and managed security service provider. Ranking among its country’s top four largest telecoms based on revenue,...

IBM Launches Watsonx.governance to Optimize AI Management (Yahoo Finance) IBM introduces automated AI governance features to enhance transparency and mitigate bias in predictive AI models.

IONIX Extends Leading Attack Surface Management Platform Adding Threat Exposure Management Capabilities (GlobeNewswire News Room) New Threat Exposure Radar Enables Security Teams to Visualize and Prioritize Hundreds of Attack Surface Threats into a Manageable Set of Specific,...

Devo Introduces Collective Defense to Enable Enterprises to Respond to Emerging Threats (PR Newswire) Devo Technology, the security data analytics company, has launched Devo Collective Defense, a threat intelligence feed within the Devo Security...

ESET launches all-in-one home cybersecurity protection package (Hardware Zone) It comes with options like antivirus, password manager, browser privacy extensions, and covers most operating systems across laptops, phones, and even smart TVs.

Finance of America Chooses Spera Security to Bolster its Identity Security (GlobeNewswire News Room) Leading identity security vendor reduces cybersecurity risk and improves compliance for Finance of America...

Flare Launches Enhanced MSSP Partner Program (Newswire) Flare, the leading continuous threat exposure management solution provider, today announced the launch of their new tiered Managed Security Servi ...

Technologies, Techniques, and Standards

Cyber Talent Acquistion Woes for Enterprises (N2K Networks) Enterprises face significant challenges when it comes to acquiring and retaining top cybersecurity talent. Here are top challenges and how to address them.

Disinformation is an Open Source Problem (ActiveState) In social media & open source anyone can post/upload anything leading to abuse. Social media can learn from open source innovative solutions.

Design and Innovation

Large language models: The foundations of generative AI (InfoWorld) Large language models evolved alongside deep-learning neural networks and are critical to generative AI. Here's a first look, including the top LLMs and what they're used for today.

Google DeepMind wants to define what counts as artificial general intelligence (MIT Technology Review) AGI is one of the most disputed concepts in tech. These researchers want to fix that.

Research and Development

[New research] How tough is bcrypt to crack? And can it keep passwords safe? (Specops Software) New Specops research shows the time it takes to crack passwords encrypted with the bcrypt hashing algorithm – plus how attackers get around its protection.

Monash University and CSIRO create quantum-secure online transaction algorithm (SecurityBrief Australia) CSIRO, in association with Monash University, creates 'LaV', a quantum-secure algorithm enhancing online transactions.

Academia

Norwich enters first-ever Educational Partnership Agreement with U.S. Cyber Command (WCAX) Norwich University has entered into a first-of-its-kind educational partnership with the U.S. Cyber Command.

Legislation, Policy, and Regulation

UK National Cyber Force operations to become ‘more embedded’ with policing (Record) The elite U.K. hacking unit eventually will be more integrated into police operations, alongside military and intelligence ones, according to Gen. Sir Jim Hockenhull, the chief of Strategic Command.

Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (Voice of America) Australia to boost its cyber defenses

ITI Reacts to Senate Introduction of the Artificial Intelligence Research, Innovation, and Accountability Act of 2023 (Information Technology Industry Council) Today, global tech trade association ITI responded to the introduction of the Artificial Intelligence Research, Innovation, and Accountability Act of 2023 by Senators John Thune (R-SD) and Amy Klobuchar (D-MN). Among its provisions, the bill would promote AI transparency and accountability and preserve existing laws that govern AI.

FBI Director: FISA 702 warrant requirement 'de facto ban' (Register) War of words escalates as deadline draws near

State plans to lead by example in tech diplomacy politics (Nextgov.com) Between following a new executive order and modernizing agency operations, the State Department is building its policy on artificial intelligence through promoting U.S. innovation.

FCC Adopts Rules to Protect Consumers' Cell Phone Accounts (FCC) Strengthens FCC Protections Against SIM Swapping and Port-Out Scams

Meta says vetting teens’ ages should fall on app stores, parents (Washington Post) The tech giant is calling for legislation requiring that parents approve teens’ downloads on app stores like Google and Apple

Login-dot-gov is 'fraudulent,' says House Republican gunning to defund 18F (Nextgov.com) Texas Republican Pete Sessions said 18F “misled and lied to the government” about the credentialing service’s capabilities .

Silicon Valley’s Top Data Enforcer in Europe Is Leaving Her Post (Bloomberg) Helen Dixon this year slapped Meta with biggest GDPR fine yet. Irish watchdog is lead EU data enforcer for Meta and Apple.

Australia’s cybersecurity coordinator goes on unplanned leave (CSO Online) Air Marshal Darren Goldie gets recalled to Defence to deal with workplace matters and goes on leave.

Litigation, Investigation, and Law Enforcement

EFF Urges FTC to Address American Resellers of Malware on Android TV Set-Top Boxes (Electronic Frontier Foundation) The Federal Trade Commission (FTC) must act to halt sales by Amazon, AliExpress, and other resellers of Android television set-top boxes and mobile devices manufactured by AllWinner and RockChip that have been pre-infected with malware before ever reaching consumers, the Electronic...

Lawsuit over 'authorized' courthouse burglary bounces back to state court (Iowa Capital Dispatch) A judge has ruled that two men who broke into a county courthouse have failed to prove they had a “constitutional right not to be arrested.”

DraftKings teen hacker who boasted 'fraud is fun' pleads guilty in fantasy sports betting theft (Yahoo News) A Wisconsin teenager pleaded guilty Wednesday in New York federal court to conspiracy in connection with a scheme to hack user accounts at the DraftKings fantasy sports betting website and with others steal about $600,000 from its customers.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

Cybersecurity & Ransomware Live! – Part of Live! 360 (Orlando, Florida, USA, Nov 12 - 17, 2023) Are you ready to fortify your organization's cybersecurity and protect it from the ever-evolving threats of the digital world? If so, join us for Cybersecurity & Ransomware Live! (Part of Live! 360) taking place this November 12-17 at the Royal Pacific Resort, Universal Orlando. You will embark on an immersive journey into the world of cybersecurity and learn invaluable strategies to safeguard your digital assets.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Nov 13 - 17, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps.

MILIPOL Paris2023 (Paris Nord Villepinte, France, Nov 14 - 17, 2023) During 4 days, Milipol Paris 2023, organised under the auspices of the French Ministry of Interior and in partnership with several governmental bodies, will be the epicentre of all security-related innovations. For this new edition, Milipol will gather over 1,000 exhibitors, 65% of whom are from outside-France, 30,000 attendants from more than 150 countries, and 150 official delegations.

2023 PCI SSC Asia-Pacific Community Meeting (Kuala Lumpur, Malaysia, Nov 15 - 16, 2023) Join your global payment security peers at the 2023 PCI SSC Community Meetings! PCI SSC Community Meetings bring together the brightest minds in payment security. Don’t miss the opportunity to collaborate and learn about the latest developments in global payment security and in the PCI Security Standards.

IRISSCERT Annual Cybercrime Conference 2023 (Dublin, Ireland, Nov 16, 2023) IRISSCERT holds an annual conference themed on cyber crime in November. This is an all day conference which focuses on providing attendees with an overview of the current cyber threats facing businesses in Ireland and what they can do to help deal with those threats. Experts on various aspects of cyber crime and cyber security share their thoughts and experiences with attendees, while a number of panel sessions will provide the opportunity to discuss the issues that matter most. The conference will be open to anyone with the responsibility for securing their business information assets. There is a nominal fee of €50 per person attending to cover the costs of catering and other organisational expenses.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.