Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+641: Russian lawfare and official narratives. (CyberWire) Both sides look for targets in the enemy's rear areas (with Russia showing signs of considering NATO as Ukraine's rear area. Russia seeks to reframe its wartime narrative: Moscow represents itself as a principled opponent of genocide and a partner for peace.
A brutal battle for southern Gaza beckons after the truce ends (The Economist) The next stage of fighting will be harder and more controversial
Israel-Hamas War: Second Hostage-Prisoner Exchange Is Completed After a Delay (New York Times) Israeli and Thai hostages held by Hamas and Palestinian prisoners in Israeli jails were freed after mediators broke an impasse over aid to northern Gaza.
Israel-Hamas War: Amid Calls to Extend Truce, Complications Surround Last Planned Swap (New York Times) With a four-day truce set to expire, both Israel and Hamas said they are open to extending it to allow more hostages and Palestinian detainees to be freed.
Israel unveils what it claims is a major Hamas militant hideout beneath Gaza City's Shifa Hospital (AP News) Israeli military officials have shown a group of international journalists a small living quarters they found in a tunnel underneath Shifa Hospital, claiming that the space had been used by Hamas militants.
Israel strikes a hostage deal, but says the Gaza war isn’t over (The Economist) Hamas is desperate to split Israel and turn a pause into a ceasefire
Israel-Hamas War: Hamas Releases First Group of Hostages Under Gaza Cease-Fire Deal — Latest Updates (Wall Street Journal) Hamas released 24 hostages abducted nearly seven weeks ago, a Qatari official said.
Israel-Hamas war live: first freed Israeli hostages cross into Egypt, local media says; 12 Thai hostages released (the Guardian) Local media reports Israeli hostages have been released; Thai prime minister Srettha Thavisin confirms release of Thai hostages
Israeli media say Hamas has released 13 Israeli hostages (AP News) Officials and media reports say Hamas has released the first batch of hostages under a cease-fire deal that began Friday, including 13 Israelis. The hostages have been held in the Gaza Strip since the militant group staged a raid on Israel nearly seven weeks ago.
The agony of 24 hostages is over. The Gaza war isn’t (The Economist) Israel and Hamas trade captives during a four-day truce
BBC’s Jeremy Bowen admits he ‘got it wrong’ in Gaza hospital report but has ‘no regrets’ (The Telegraph) International editor says he doesn't 'feel particularly bad about' his inaccuracies
Israel investigates an elusive, horrific enemy: Rape as a weapon of war (Washington Post) The first indications of possible sexual violence came as early as Oct. 7, the day that thousands of Hamas and other fighters streamed into Israeli towns and began live-streaming bloodshed and torture.
Cyberattacks on Israel intensify as the war against Hamas rages: Check Point (CSO Online) Cyberattacks have grown in frequency as well as sophistication as the Israel-Hamas conflict intensifies.
Iranian-Linked Cyber Army Had Partial Control Of Aliquippa Water System (BeaverCountian.com) Editor’s Note: This article concerns a serious incident affecting a critical infrastructure in Beaver County. We are making it available for all to read free of charge outside of our normal paywall. Please consider supporting our investigative journalism efforts by becoming a subscriber. If you have already done so, thank you, your support makes work […]
Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (CBS News) The Municipal Water Authority of Aliquippa said on Saturday that one of their booster stations had been hacked by an Iranian-backed cyber group.
Ukrainian Marines Crossing the Dniepr in Echo of an Epic World War II Struggle (The New York Sun) With the world’s news cameras focused on Gaza, Ukrainian Marines are secretly crossing the half-mile wide waterway, ferrying men and ammo in inflatable…
On Holodomor Remembrance Day, Russia Unleashes Largest Drone Attack On Ukraine (RadioFreeEurope/RadioLiberty) Russia on November 25 unleashed the largest wave of drone attacks on Ukraine since the start of the war, wounding several people and causing damage, with Kyiv bearing the brunt of the attack, in what President Volodymyr Zelenskiy called "an act of willful terror."
Fierce Russian drone attack shatters Kyiv’s calm (Washington Post) Russia launched a fierce swarm of explosive drones at Kyiv and other targets early Saturday, interrupting a weeks-long relative lull in the Ukrainian capital and adding to its darkening mood.
At Least Four Civilians Killed In Separate Russian Strikes In Southern Ukraine (RadioFreeEurope/RadioLiberty) At least four civilians were killed and five wounded as Russian forces targeted civilian and infrastructure facilities in the southern Ukrainian region of Kherson on November 23, officials reported, as Ukraine braces for an uptick in attacks on its energy facilities during the upcoming winter.
Ukraine-Russia war: Russian state TV journalist killed in Ukrainian drone strike (The Telegraph) A Russian state television journalist was killed by shrapnel in a Ukrainian drone attack.
Opinion | Vladimir Putin Harasses Finland (Wall Street Journal) Russia is using migrants as a weapon against the newest NATO member.
U.S. Warns Iran Is Weighing Sending Short-Range Missiles to Russia (Wall Street Journal) The U.S. fears Iran is preparing to provide Russia with advanced short-range ballistic missiles for its military campaign in Ukraine, U.S. officials said Tuesday.
The West can no longer ignore Putin's murderous alliance with Iran (The Telegraph) Their relationship has already caused destruction in Europe and will likely lead to increased threats in the Middle East too
Ukrainian Attack Cuts Power to Some Russian-Occupied Areas (New York Times) The assault on energy infrastructure, a significant theater in the war, followed a large-scale Russian drone attack on Kyiv.
Ukraine aims a major drone attack at Crimea as Russia tries to capture a destroyed eastern city (AP News) Russian officials say Ukraine has launched one of its biggest drone attacks on the Moscow-annexed Crimean Peninsula since the full-scale war began.
Russian Women Protest Long Deployments for Soldiers in Ukraine (New York Times) “Make way for someone else,” a new grass-roots movement demands as women challenge the official argument that the mobilized troops are needed in combat indefinitely.
Manpower becomes Ukraine’s latest challenge as it digs in for a long warFinancial Times (Financial Times) Kyiv seeks to persuade younger recruits with better endurance and higher skills to join up
Yale historian says west can break Ukraine stalemate with more military aid (the Guardian) Timothy Snyder argues that ‘dropping five more queens on the board’ would allow Ukraine to prevail
Scholz Tells Putin To 'End His Attack On Ukraine' (RadioFreeEurope/RadioLiberty) German Chancellor Olaf Scholz said on November 22 that he urged Russian President Vladimir Putin to end Moscow's war in Ukraine and withdraw all troops during the first Group of 20 video call Putin participated in since the conflict.
Germany to supply Ukraine with IRIS-T systems in $1.4 billion package (C4ISRNet) The package also includes drones and drone-defense systems, demining vehicles, satellite communications and electronic warfare equipment.
Austin Kicks Off Meeting on Ukraine Defense (U.S. Department of Defense) Collectively, the countries that comprise the Ukraine Defense Contact Group have committed more than $80 billion in security assistance to Ukraine since Russia launched its invasion and will remain
Putin to boost AI work in Russia to fight a Western monopoly he says is 'unacceptable and dangerous' (AP News) Russian President Vladimir Putin says that he will endorse a national strategy for the development of artificial intelligence.
The Russian Way of War (Foreign Affairs) Moscow wants to weaken NATO in Ukraine, not just win battles.
Ukraine’s long war — and how to win it (Financial Times) Every conflict has periods of defeatism but there are no signs of it in Kyiv, which just needs the west to keep the faith
Musk’s Starlink satellites aiding Ukraine could be legally destroyed by Russia, says space law expert (The Telegraph) In Earth’s orbit, the lines of legitimacy are blurred as civilian objects used for military purposes may be targeted, warns US major
Defence Intelligence of Ukraine conducted a cyber operation against Rosaviatsia - sanctions accelerate Russia's aviation collapse (Defence Intelligence of Ukraine) The Defence Intelligence of Ukraine informs that as a result of a successful complex special operation in cyberspace, a large volume of confidential documents of the structural subdivision of the Russian Ministry of Transport - the Federal Air Transport Agency (Rosaviatsia) - is now acquired.
Ukrainian Defence Intelligence Claims Cyberattack on Russian Civil Aviation (The Cyber Express) Publicly announcing an offensive cyber operation is highly unusual, but Ukraine took this unprecedented step. Ukrainian intelligence confirmed a successful
Russia continuing cyberthreats against NATO countries (Defence Industry Europe) In recent years, Russia has increased the intensity of hostile operations conducted in cyberspace against NATO members and Ukraine.
Europe’s grid is under a cyberattack deluge, industry warns (POLITICO) Cyberattacks against the energy sector have spiked. The sector needs to speed up, chief officials say.
Russian state hackers unleash USB worm with global reach (Computing) LittleDrifter has infected organisations worldwide
Russian state hackers spread USB worm worldwide (The Independent) LitterDrifter worm has been traced back to Russia’s Federal Security Service
US penetrates Russian surveillance system used by FSB (Ukrainska Pravda) More than 10 years ago, the US special services could have hacked SORM, a Russian hardware and software system for monitoring telephone conversations, text messages and all message exchanges by residents of the Russian Federation on the Internet.
Cyberpropaganda: How Russia Exploits the Gaming Industry? (Uacrisis.org) Written by Anton Khimiak, analyst HWAG/UCMC The largest international Dota2 eSports tournament wrapped up on October 29, with Team Spirit emerging as the | Uacrisis.org
Former Ukrainian Agency Chief Detained Under Suspicion Of Graft (RadioFreeEurope/RadioLiberty) A specialized court in Ukraine has accepted a request by anti-corruption prosecutors and ruled to place the ex-chief of the country's special communications agency in custody, setting his bail at 25 million hryvnyas ($687,000).
Sacked Ukrainian cyber chief released on bail amid corruption probe (Record) Ukraine's former cybersecurity chief was released from detention on Friday on $700,000 bail, according to Ukraine’s anti-corruption non-profit.
Russian Teen Sentenced To Six Years For Throwing Molotov Cocktails At Recruitment Centers (RadioFreeEurope/RadioLiberty) A Russian court on November 22 sentenced a 17-year-old to six years in prison for attempting to set fire to two military recruitment offices in protest at Moscow's war in Ukraine.
Moscow adds Meta spokesperson to criminal wanted list, TASS reports (POLITICO) The reason Andy Stone was added to the list was not indicated, according to the Russian news agency.
Russia To Impose Hefty Fines For Distribution Of Unlabeled 'Foreign Agent' Materials (RadioFreeEurope/RadioLiberty) Russia is to introduce legislation that will impose fines of up to 500,000 rubles ($5,660) on third parties that "intentionally or unintentionally" promote or distribute materials produced by "foreign agent" entities without appropriately labeling them, Deputy Justice Minister Oleg Sviridenko said.
Russia held these Ukrainian teens captive. Their testimonies could be used against Putin. (Washington Post) The Russian missing child poster went up in Crimea soon after Rostyslav Lavrov escaped last month.
Poland Charges 16 Foreigners With Spying For Russia (RadioFreeEurope/RadioLiberty) Poland has charged 16 foreign nationals with spying for Russia, for allegedly preparing acts of sabotage and gathering information on military equipment deliveries to Ukraine.
Attacks, Threats, and Vulnerabilities
New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government (The Hacker News) A new web shell called HrServ is part of a suspected APT attack in Afghanistan. HrServ can erase tracks and execute code in memory.
Beijing fosters foreign influencers to spread its propaganda (Register) They get access to both China's internet and global platforms, and cash in on both
WITH THE WORLD DISTRACTED, CHINA STIRS TROUBLE IN THE ASIA PACIFIC (CYFIRMA) EXECUTIVE SUMMARY China is yet again meddling in the South China Sea, this time while wars rage in Gaza and...
Chinese hackers steal chip designs from major Dutch semiconductor company — perps lurked for over two years to steal NXP's chipmaking IP: Report (Tom's Hardware) The full extent of the security breach is unknown.
Diamond Sleet supply chain compromise distributes a modified CyberLink installer (Microsoft Security) Microsoft Threat Intelligence has uncovered a supply chain attack by the North Korea-based threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp., a software company that develops multimedia software products.
North Korean Supply Chain Threat is Booming, UK and South Korea Warn (Infosecurity Magazine) The UK’s NCSC and South Korea’s NIS issued a joint advisory describing some of North Korean hackers’ tactics in deploying supply chain attacks
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (BleepingComputer) Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
North Korean attack on CyberLink impacted devices around the world, Microsoft says (Record) Microsoft has uncovered a supply chain attack by North Korean hackers who attached a malicious file to a CyberLink photo and video editing application installer.
Trojanized CyberLink installer used in global Lazarus supply chain attack (SC Media) North Korea's Lazarus Group, also known as Diamond Sleet, has been leveraging a trojanized CyberLink app installer to facilitate the distribution of LambLoad malware in a new supply chain attack, according to SiliconAngle.
CyberLink targeted in supply chain attack by infamous Lazarus hacking group (SiliconANGLE) CyberLink targeted in supply chain attack by infamous Lazarus hacking group - SiliconANGLE
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software (Security Affairs) North Korea-linked APT group Diamond Sleet is distributing a trojanized version of the CyberLink software in a supply chain attack.
Hackers pose as officials to steal secrets and cryptocurrency for North Korea (Hot for Security) A hacking gang has been accused of impersonating South Korean officials and
journalists in a plot to steal cryptocurrency for the North Korean regime.
Telekopye: Chamber of Neanderthals’ secrets (We Live Security) ESET research shares insights about groups operating Telekopye, Telegram bots that scam people in online marketplaces, their internal onboarding process, different tricks of trade that Neanderthals use, and more.
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale (The Hacker News) Beware of Telekopye: The malicious Telegram bot used by the "Neanderthals" for large-scale phishing scams. It crafts phishing websites and emails.
New botnet malware exploits two zero-days to infect NVRs and routers (BleepingComputer) A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet (Ars Technica) Internet scans show 7,000 devices may be vulnerable. The true number could be higher.
Hackers Exploiting 0-day RCE Flaws in the Wild to Deploy Mirai Malware (Cyber Security News) The Mirai botnet is a malicious network of infected computers, routers, and IoT devices harnessed by cybercriminals to launch large-scale DDoS attacks.
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks (The Hacker News) Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
InfectedSlurs Botnet Resurrects Mirai With Zero-Days (Infosecurity Magazine) The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path
Mirai malware infects routers and cameras for new botnet (Register) Akamai sounds the alarm – won't name the vendors yet, but there is a fix coming
Atomic Stealer distributed to Mac users via fake browser updates (Malwarebytes) Compromised websites are being used to redirect to fake browser updates and deliver malware onto Mac users.
Atomic Stealer Distributes Malware to Macs Through False Browser Downloads (TechRepublic) Atomic Stealer malware advertises itself through ClearFake browser updates disguised as Google's Chrome and Apple’s Safari.
MacOS targeted by ClearFake malware campaign (Cybernews) A data-stealing program that targets Mac operating systems (OS) is being distributed to unsuspecting targets by means of fake web browser updates, Malwarebytes has warned.
The alarming rise of quishing is a red flag for CISOs (CSO Online) Multiple reports show a dramatic rise in phishing scams employing QR codes. Now is the time for security leaders to take proactive steps.
Rhysida ransomware gang claimed China Energy hack (Security Affairs) The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation.
Rhysida, the new ransomware gang behind British Library cyber-attack (Guardian) Gang thought to be from Russia or CIS has attacked companies and institutions in several countries
Emergence of Rhysida: A New Player in the Ransomware Landscape (isp.page) Emergence of Rhysida: A New Player in the Ransomware Landscape - isp.page
Rhysida ransomware group lists British Library data for sale (Cyber Daily) Following the confirmation that the major outage it has been suffering since last month was the result of a cyber attack, data belonging to the British Library
Windows Hello bypassed with laptop fingerprint sensor bugs (SC Media) Microsoft, Dell, and Lenovo laptops had faulty implementations of the Secure Device Connection Protocol in their fingerprint sensors, which enabled Windows Hello authentication bypass and potential app access and data exfiltration activities, SiliconAngle reports.
General Electric investigates claims of cyber attack, data theft (BleepingComputer) General Electric is investigating claims that a threat actor breached the company's development environment in a cyberattack and leaked allegedly stolen data.
General Electric investigates data theft claimed by IntelBroker hackers (Computing) Multinational tech giant General Electric (GE) is investigating claims of a cyberattack and data theft.
GCHQ investigates cyber attack on hospital to the royals after data stolen (The Telegraph) King Edward VII’s Hospital in London has previously treated Queen Elizabeth II and Prince Philip
HSBC online banking outage hampers Black Friday shopping for thousands (Computing) In a recurrence of the ongoing digital banking woes, thousands of HSBC customers in the UK found themselves locked out of mobile and online banking services on Friday.
For teen girls victimized by ‘deepfake’ nudes, there is little recourse (NBC News) The FBI has warned that technology used to create pornographic deepfake photos and videos was improving and being used for harassment and sextortion.
New Relic warns customers it's experienced a cyber incident (Register) Users told to hold tight and await instructions as investigation continues
TransUnion and Experian face $30 million hacker ransom demand By Investing.com (Investing.com) TransUnion and Experian face $30 million hacker ransom demand
Hackers demand R1.1bn ransom from TransUnion, Experian (ITWeb) Hacker group N4ughtySecTU claims it has again breached the firms' IT systems and is demanding $60 million in 72 hours.
Cyber-Attack Disrupts UK Property Deals (Infosecurity Magazine) A legal sector specialist infrastructure service provider has experienced a service outage that is impacting up to 200 conveyancing firms across the UK
Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS (Record) The managed service provider CTS confirmed it had experienced a "cyber-incident." At least one report said the CitrixBleed bug was involved.
Potentially hundreds of UK law firms affected by cyberattack on IT provider CTS (Record) The managed service provider CTS confirmed it had experienced a "cyber-incident." At least one report said the CitrixBleed bug was involved.
Disclosure of sensitive credentials and configuration in containerized deployments (ownCloud) Risk: critical CVSS v3 Base Score: 10 CVSS v3 Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE ID: CWE-200 CWE Name: Exposure of Sensitive Information to an Unauthorized Actor Description The “graphapi” app relies on a third-party library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes […]
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (The Hacker News) ownCloud, an open-source file-sharing software, has disclosed 3 critical vulnerabilities.
Drone Maker AFT Faces Cyber Threat (CyberMaterial -) Drone systems manufacturer, Autonomous Flight Technologies (AFT), has reportedly experienced a cyberattack orchestrated by the BlackCat ransomware group.
Boeing shares ransomware incident TTPs as Citrix Bleed attacks ramp up (The Stack) Fire an HTTP GET request. Grab system memory including session cookies issued post-authentication, don't worry about logs, pillage and loot.
Flaw in Citrix software led to the recent cyberattack on Boeing: Report (CSO Online) Malicious elements, including LockBit 3.0, managed to exploit vulnerabilities in Citrix software even after they were fixed.
Henry Schein re-encrypted by BlackCat again (Data Breaches) On October 15, Henry Schein, Inc. disclosed a breach: On Saturday, October 14, Henry Schein, Inc. (Nasdaq: HSIC) determined that a portion of its...
Fidelity National Financial shuts down network in wake of cybersecurity incident (TechCrunch) Real estate services company Fidelity National Services announced that it had suffered a "cybersecurity incident," which has forced it to shut down some systems.
Rug Pull Schemes: Crypto Investor Losses Near $1M (Infosecurity Magazine) New scam identified by Check Point Threat Intelligence Blockchain system
Check Point Research Unraveling the Rug Pull: a Million-Dollar Scam with a Fake Token Factory (Check Point Research) By Oded Vanunu, Dikla Barda, Roman Zaikin Highlights Background In the dynamic realm of cryptocurrency, recent events have highlighted the ever-present threat of Rug Pulls—deceptive maneuvers that leave investors empty-handed. Our Threat Intel Blockchain system, developed by Check Point, recently sounded the alarm on a sophisticated scheme that managed to pilfer nearly $1 million. Let’s […]
Vanderbilt University Medical Center investigating cybersecurity incident (Record) Vanderbilt University Medical Center said it is investigating a cybersecurity incident that led to the compromise of a database.
East Texas hospital network can’t receive ambulances because of potential cybersecurity incident (CNN) A network of hospitals in East Texas has not been able to accept ambulances to emergency rooms since Thanksgiving Day because of a “potential [cyber]security incident,” a hospital spokesperson told CNN on Friday.
Cyberattack takes down Long Beach Airport's website, but no travel delays expected over the holiday (Long Beach Post News) The airport's website, which includes live arrival and departure times, has been pulled offline. It now redirects to the city's temporary website which carries that information.
Cyberattackers leaked data of 27,000 NYC Bar Association membersers (Record) The Clop ransomware gang claimed to have attacked the organization in January. Eleven months later, the New York City Bar Association has finally acknowledged the incident.
Cyberattack on Kansas Courts Leaves Lawyers Filing ‘Everything by Fax’ (Wall Street Journal) The state’s court system has been offline for more than a month.
GTA 5 Michael actor Ned Luke swatted while playing on Thanksgiving stream (Eurogamer.net) Ned Luke, the actor behind GTA 5 main character Michael De Santa, has been swatted while playing the game for fans in a…
Gay Furry Hackers Break Into Nuclear Lab Data, Want Catgirls (Kotaku Australia) Self-proclaimed "gay furry hackers" breached a major US Nuclear Lab, and are demanding catgirls in return for data.
The people targeting you with cyberscams may themselves be victims of slavery (the Guardian) Hundreds of thousands across south-east Asia are forced to work for industrial-scale criminal enterprises. Reporting scams is therefore critical
Online stores may not be as secure as you think (Help Net Security) Credit card skimming is on the rise for the holiday shopping season. Another risk to shoppers this holiday season is malvertising.
‘It’s not a public service, it’s toxic’: welcome to the world of gossip surveillance (the Guardian) TikTokers are sharing strangers’ conversations, hoping to expose gossipers to the very people they’re talking about. Is the humiliation worth it?
Security Patches, Mitigations, and Software Updates
Adobe Releases Security Updates for ColdFusion | CISA (Cybersecurity and Infrastructure Security Agency CISA) On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software. Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system.
Trends
The Cyberthreat Report: November 2023 (Trellix) Trellix's report distills cybersecurity insights from diverse data sources, offering expert interpretations for informed cyber defense practices. Covers April 1 - September 30, 2023.
Trellix Identifies Collaboration Among Cybercriminals and Nation-States (SME Street) As technology advances, so does cybercrime – and understanding the changing landscape is vital for CISOs and SecOps teams to stay ahead of threats," stated John Fokker, Head of Threat Intelligence, Trellix Advanced Research Center
AI Solutions Are the New Shadow IT (The Hacker News) AI Solutions Are the New Shadow IT - Ambitious Employees Tout New AI Tools, Ignore Serious SaaS Security Risks
TRACKING RANSOMWARE : OCTOBER 2023 (CYFIRMA) EXECUTIVE SUMMARY This CYFIRMA Monthly Ransomware report analyses ransomware activity in October 2023, covering significant attacks, the top five ransomware...
IoT-reliant firms are cybersecurity laggards, warns EY (SupplyChain) EY Asia-Pacific cybersecurity leader Jeremy Pizzala warns that firms most vulnerable to cyber attacks are reliant on operational technology, such as IoT
Security violations by employees as harmful as hacking: Report (Statesman) Employee violations of an organisation’s information security policies are as dangerous as external hacker attacks, a report warned on Friday.
Cloud breaches costing Australian businesses $4.9M on average: Illumio (IT Wire) New research released by cybersecurity company Illumio has found that in the last year, nearly half of all local data breaches originated in the cloud, and more than 60% of local security workers believe cloud security is lacking and poses a severe risk to their business operati...
Cloud security continues to give IT managers headaches. Here's why (SiliconANGLE) Cloud security continues to give IT managers headaches. Here's why - SiliconANGLE
CYFIRMA Industry Report : HEALTHCARE (CYFIRMA) EXECUTIVE SUMMARY The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each...
Marketplace
'Upskill or cross-skill': Cybersecurity skill gap hobbles banking sector (Business Standard) Recently, UCO Bank reported an IMPS (Immediate Payment Service) fraud, wherein Rs 820 crore was credited to certain account holders of the bank without a corresponding debit from any other bank
Jacobs Reports $4.3B Q4 Fiscal 2023 Revenue, Announces Businesses Spin-Off & Merger; Bob Pragada Quoted - GovCon Wire (GovCon Wire) Looking for the latest GovCon News? Check out our story: Jacobs Reports $4.3B Q4 Fiscal 2023 Revenue, Announces Businesses Spin-Off & Merger. Click to read more!
AT&T’s mysterious MSSP spinoff could have upsides for its security consulting business (CSO Online) AT&T is spinning off part of its cybersecurity business, joining a venture firm to create a new managed security services provider (MSSP) entity, for faster growth.
"Palo Alto Networks didn't invest a billion dollars in Israel as a show of solidarity" (CTech) Liran Grinberg, Managing Partner at Team8, which invested in Israeli cyber startups Dig and Talon, talks about marking a huge exit in the midst of the war and the danger of cyber threats to Israel
ICBC’s Entree Onto Wall Street Looked Like a Bargain—Until Hackers Crippled Its U.S. Unit (Wall Street Journal) The China megabank bought its U.S. broker-dealer 13 years ago for practically nothing. It got more than it bargained for.
Exclusive: OpenAI researchers warned board of AI breakthrough ahead of CEO ouster, sources say (Reuters) Ahead of OpenAI CEO Sam Altman’s four days in exile, several staff researchers sent the board of directors a letter warning of a powerful artificial intelligence discovery that they said could threaten humanity, two people familiar with the matter told Reuters.
OpenAI Made an AI Breakthrough Before Altman Firing, Stoking Excitement and Concern (The Information) One day before he was fired by OpenAI’s board last week, Sam Altman alluded to a recent technical advance the company had made that allowed it to “push the veil of ignorance back and the frontier of discovery forward.” The cryptic remarks at the APEC CEO Summit went largely unnoticed as the ...
Sam Altman’s Second Coming Sparks New Fears of the AI Apocalypse (WIRED) Five days of chaos at OpenAI revealed weaknesses in the company’s self-governance. That worries people who believe AI poses an existential risk and proponents of AI regulation.
OpenAI Rivals Move to Exploit Leadership Turmoil (Wall Street Journal) Google launches sales effort to convert OpenAI business customers to its platform in the wake of the AI startup’s power struggle.
Briefing: OpenAI’s Employee Share Sale to Continue After Altman Returns (The Information) An OpenAI employee share sale that values the firm at $86 billion is back on track following Sam Altman’s reinstatement as CEO late Tuesday night, The Information reported.
The deal, which is led by Thrive Capital, would buy up to $1 billion of stock or more from employees and other investors. It is expected to close next month.
Other investors that were expected to participate, at least
From King to Exile to King Again: The Inside Story of Sam Altman’s Whiplash Week (The Information) Late Thursday afternoon, on what would become the eve of his firing from OpenAI, Sam Altman joined rivals from Google and Meta Platforms on stage at the APEC CEO Summit in San Francisco to discuss the future of artificial intelligence. In an uncanny foreshadowing of the drama to come, the event’ ...
Sam Altman’s return marks a new phase for OpenAI (The Economist) The industry seems set to move from academic idealism to commercial pragmatism
Sam Altman enters his power era (Business Insider) A failed coup at OpenAI saw Sam Altman return as CEO and stronger than ever. OpenAI staffers displayed unusual loyalty to Altman after his firing last week. Those who know him point to his charisma and communication skills.
With Sam Altman’s return, a shift in AI from idealism to pragmatism (Economist) The lasting consequences of a head-spinning week
Sam Altman: Religious Cult Leader or CEO? (The Information) In a crash pod filmed hours before The Information broke Sam Altman would be returning to OpenAI,the More or Less gang got to the root of why the last five days of chaos around OpenAI is like nothing we've seen before in business. For those of you looking for the broader significance—and where ...
The many contradictions of Sam Altman (The Economist) Is the boss of OpenAI a genius or an opportunist?
Larry Summers Jumps to Center of AI Stage With OpenAI Board Seat (Bloomberg) Late on Tuesday night, OpenAI announced the return of Sam Altman, its ousted chief executive officer, along with a revamped board that included one name not often associated with Silicon Valley: Larry Summers.
The channel reacts to this week's OpenAI drama (CRN) The battle between not for profit vs profit and the story of governance, six channel players weigh in on all that went down at OpenAI
You Can Separate a For-Profit Company From a Nonprofit. I Helped Do It (The Information) In the turmoil around the firing and rehiring of former OpenAI CEO Sam Altman, many people have looked to OpenAI’s complex governance structure, which marries its original nonprofit mission with a rapidly growing for-profit company now generating revenue at a pace exceeding $1 billion a year. ...
OpenAI and X: Promises of populist technology, shaped by a single man (Washington Post) The drama inside the Silicon Valley icons shows they’re just as secretive, centralized and ego-driven as the Big Tech titans they vowed to supplant
While One Crypto Party Was Ruined, Another Raged On in Amsterdam (The Information) In the final week of October, over 3,000 crypto believers descended into woods on the outskirts of Amsterdam, arriving by shuttle bus to a gritty campus emblazoned in purple neon lights. Gaggles of hoodie-clad developers wandered the halls of industrial warehouses packed with lavish lounges, ...
Products, Services, and Solutions
Swedish Club to offer cyber cover to shipowner clients (TradeWinds) Package will help members comply with new IMO guidelines
ESET launches all-in-one protection, including VPN, identity protection, and a new look for consumer offering (PR Newswire) ESET, a global leader in cybersecurity, today announced the launch of its new innovative and streamlined offering for consumers. With more than...
Global Cybersecurity Firm Selects Brands2Life As UK Agency (PRovoke Media) The agency will support ESET with media relations as it seeks to ramp up its presence in the UK market.
ReversingLabs Launches Software Supply Chain Security Availability in AWS Marketplace (ReversingLabs) ReversingLabs software supply chain security will be available directly through AWS Marketplace, improving how your team can fortify your application security.
Logi-Tech & ARIA Cybersecurity unite to defend Australian infrastructure (ChannelLife Australia) ARIA Cybersecurity and Logi-Tech introduce AZT PROTECT, a novel service aimed at defending Australia's crucial infrastructure from cyber threats.
Veracode Revolutionizes Cloud-Native Security with Dynamic Duo: DAST Essentials and Veracode GitHub App (Veracode) Intelligent Software Security Leader Unveils Unified Defense Against Threats from Code to Cloud at AWS re:Invent 2023
Trend Micro Delivers Visibility to Entire Kill Chain by Uniting Global Threat Feeds and Generative AI-Powered Platform (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, announced today its latest evolution in generative AI: the...
Trend Micro First to Market with AI-powered Cybersecurity Assistant for Security Teams (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today announced the launch of its new generative AI tool, Trend...
Extend Wiz to your Developers: Enable secure cloud development with agility. (Wiz Blog) New capabilities extend Wiz CNAPP to secure the entire software pipeline, enabling organizations to securely develop for the cloud.
Sumo Logic Accelerates Cloud Insights Into Action Across AWS Environments (Business Wire) New platform innovations across observability, security and AI help DevSecOps teams accelerate troubleshooting through curated workflows for AWS services
Announcing Fortanix Key Insight – An Industry-First Solution to Discover and Remediate Data Security Risks in Hybrid Multicloud Environments (Business Wire) Key Insight introduces data-driven insights to assess the risk posture of encryption keys and cloud data services, fortifying data security and compliance with policies and regulations
Immuta Announces New Integration Between Its Data Security Platform and Amazon S3 Access Grants (PR Newswire) Immuta, a data security leader, today announced a new native integration between the Immuta Data Security Platform and object storage service...
Technologies, Techniques, and Standards
DHS/CISA and UK NCSC Release Joint Guidelines for Secure AI System Development (US Department of Homeland Security) Taking a significant step forward in addressing the intersection of artificial intelligence (AI) and cybersecurity, the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) today jointly released Guidelines for Secure AI System Development to help developers of any systems that use AI.
The challenge of adding governance as a pillar of cybersecurity (C4ISRNet) Opinion: The new framework expands past critical infrastructure and reflects a structure for all organizations, no matter size, industry or region.
US Navy: ‘Non-kinetic effects’ will likely decide the next war (Defense One) The service’s new cyber strategy lays out lines of effort for a new era of warfare.
Humans Are Notoriously Bad at Assessing Risk (SecurityWeek) 7 Steps Toward Objective Risk Management: How security teams can ensure their risk assessment, management, and mitigation is as objective as possible.
SRA report examines use of AI in law firms (Today's Wills and Probate) The Solicitors Regulation Authority (SRA) have shared a report outlining both the opportunities and risks associated with and presented by the use of Artificial Intelligence (AI). This report forms part of the SRA’s Risk Outlook series and the latest report specifically focuses on how AI is impacting the legal services sector. The report, whilst researching
AI’s behind you! SRA warns firms not to rely on machine learning (RollOnFriday) SRA backs the humans, for now...
4 Tips to Spot Misinformation on the Web (WIRED) Don't believe everything you read on social media.
KnowBe4 Shares Top 5 Cybersecurity Tips for the 2023 Holiday Season (KnowBe4) KnowBe4 Shares Top 5 Cybersecurity Tips for the 2023 Holiday Season
Tips to avoid charity scams during the holidays (Virginia Tech) For many people, the holiday season is a time to giveback. It’s also the time of year when scammers ramp up their efforts to take advantage of your goodwill and steal your hard earned money.
How to Make Your Web Searches More Secure and Private (Wired) What you look for online is up to you—just make sure no one else is taking a peek.
Design and Innovation
How OpenAI's five days of chaos sparked fresh debate about the future of AI (The Drum) The recent power struggle within the company has shed light on a growing divide between those in the AI industry who are pushing full steam ahead for innovation, and those who are primarily concerned about safety. At the same time, it's made Sam Altman more famous – and perhaps more powerful – than ever before.
AI won’t take your job; it’ll help you do it better. Here’s how. (The Drum) Leaders from Anthropologie, J Crew Factory, Molson Coors, Publicis, and Forrester join Meta to explore four ways AI is changing marketing at Advertising Week New York.
Academia
University of Manchester CISO Speaks Out on Summer Cyber-Attack (Infosecurity Magazine) University of Manchester CISO Heather Lowrie shared how the institution tackled a major data breach earlier in 2023
Legislation, Policy, and Regulation
EU lawmakers criticize lack of action to tackle spyware abuses (Record) The European Parliament adopted a resolution on Thursday criticizing the bloc’s executive for failing to bring forward any laws that would address spyware abuses.
Nur jedes zweite Land definiert schützenswerte Einrichtungen (Tagespiegel) Kaum eine Rede, kaum ein Strategiepapier, kaum ein Gesetz mit Bezug zur äußeren Sicherheit kommt ohne Erwähnung der Kritischen Infrastrukturen aus. Doch was der Begriff bedeutet, darüber gibt es global keine gemeinsame Vorstellung. Etliche Staaten haben noch nicht einmal für sich selbst festgelegt, was sie darunter verstehen, wie eine Studie der DGAP zeigt.
United States Endorses Responsible AI Measures for Global Militaries (U.S. Department of Defense) The United States government is leading global efforts to build strong norms that will promote the responsible military use of artificial intelligence and autonomous systems.
Pentagon’s AI Initiatives Accelerate Hard Decisions on Lethal Autonomous Weapons (SecurityWeek) The U.S. military is increasing use of artificial intelligence (AI) technology that will fundamentally alter the nature of war.
China Tried to Keep Kids Off Social Media. Now the Elderly Are Hooked (WIRED) As smartphone costs fall and society becomes more atomized, China’s elderly are using apps like Douyin to find connection and companionship. Many feel they have no choice.
The Eyes on the Board Act Is Yet Another Misguided Attempt to Limit Social Media for Teens (Electronic Frontier Foundation) This heavy-handed plan to cut federal funding to any school that doesn’t block all social media platforms may have good intentions—like ensuring kids are able to focus on school work when they’re behind a desk—but the ramifications of such a bill would be bleak, and it’s not clear that it would solve any actual problem.
Fabricating an artificial emergency isn’t intelligent (The Hill) President Biden’s recent executive order on artificial intelligence (AI) abuses a 1950 war powers law called the Defense Production Act (DPA) meant to avoid shortages during times of war and nation…
CISA relaunches working group on cyber insurance, ransomware (Security | TechTarget) CISA announced that the Cybersecurity Insurance and Data Analysis Working Group will relaunch in December to help reduce cyber-risk.
Litigation, Investigation, and Law Enforcement
US Lawmakers Ask SEC to Launch Fraud Investigation Into Elon Musk (WIRED) A letter members of Congress sent to the SEC claims that Musk misled Neuralink investors in a post on X about the fate of monkeys used to test a brain-chip interface.
Mr. Cooper faces slew of class action lawsuits after hack (Inman) The servicer is facing five federal lawsuits over an Oct. 31 cyberattack that knocked out services for days and prevented borrowers from paying home loans.
America's highest-ranking spy, traitor and no-good human being, Jim Nicholson, released from prison (We Are The Mighty) America's most notorious, double-dealing spy, Jim Nicholson, was officially released from prison on Friday, according to the Federal Burea of Prisons. Here's how really awful he was/is.