Target selection, by criminals, hacktivists, and intelligence services.

Summary

By the CyberWire staff

At a glance.

WildCard deploys SysJoker malware.
DPRK cryptocurrency theft.
Ransomware attacks against healthcare organizations.
The status of Ukraine's IT Army.
Russian news outlet outs Killmilk.
Former deputy head of SSSCIP arrested.
Smartphones as a source of battlefield OSINT.
Generative AI and security.
A snapshot of global threats.

WildCard deploys SysJoker malware.

Researchers have found a new strain of SysJoker malware. Check Point describes a variant written in Rust that's being actively deployed against targets, mostly Israeli, in connection with the ongoing war between Hamas and Israel. The researchers don't have an attribution to offer, but they do regard the malware's use as aligned with Hamas interests. They note that SysJoker has been used since 2021, and they connect it with attacks against infrastructure. The malware, formerly prepared in C++, has been completely rewritten in Rust. It appears to bear some connection with the Electric Powder Operation against Israel Electric Company in 2016 and 2017. That action has been attributed to the Gaza Cybergang.

Intezer, who, as BleepingComputer notes, first described SysJoker, regards the current activity as the work of a hitherto unremarked advanced persistent threat (APT) it calls "WildCard." WildCard, whose precise place among various anti-Israeli actors remains obscure, makes its initial approach through social engineering, using phishing emails, bogus social media profiles, and fake news sites, all techniques in which it's invested considerable resources. The APT also abuses legitimate cloud sevices. Intezer concludes, "Clustering these different sets of activities showcases an APT group consistently targeting Israeli critical sectors like education, IT infrastructure, and possibly electric power generation active to this day."

DPRK cryptocurrency theft.

Researchers at SentinelOne describe two North Korean cryptocurrency theft campaigns, tracked as “RustBucket” and “KandyKorn”: “The initial RustBucket campaign used a second-stage malware, dubbed ‘SwiftLoader’, which functioned externally as a PDF Viewer for a lure document sent to targets. While victims viewed the lure, SwiftLoader retrieved and executed a further stage malware written in Rust. The KandyKorn campaign, meanwhile, was an elaborate multi-stage operation targeting blockchain engineers of a crypto exchange platform. Python scripts were used to drop malware that hijacked the host’s installed Discord app, and subsequently delivered a backdoor RAT written in C++ and called ‘KandyKorn.’”

Recently, the threat actors have begun merging elements of the two campaigns, “with SwiftLoader droppers being used to deliver KandyKorn payloads.”

Uplevel your cloud security posture with CSPM

Is cloud security posture management (CSPM) right for your organization? Watch the webinar to learn about the four generations of CSPMs and building versus buying CSPM tools as well as use cases and real-world CSPM examples. Register today.

Ransomware attacks against healthcare organizations.

A ransomware attack against Tennessee-based healthcare provider Ardent Health Services on Thanksgiving disrupted services at hospitals across East Texas, New Jersey, Idaho, New Mexico, and Oklahoma, CNN reports. The attack forced hospitals to divert ambulances to different providers. Ardent owns thirty hospitals in the US, and the attack has impacted all of them, East Idaho News reports.

Ardent said in a statement yesterday, “The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality. As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet, and clinical programs. Ardent has reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. In addition to electronic protection procedures already in place, Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible. At this time, we cannot confirm the extent of any patient health or financial data that has been compromised.”

Separately, Vanderbilt University Medical Center in Nashville, Tennessee, is investigating a cybersecurity incident that led to a compromised database, the Record reports. A spokesperson for the center stated, “Preliminary results from the investigation indicate that the compromised database did not contain personal or protected information about patients or employees.”

And patient engagement company Welltok has disclosed that it was attacked by the Cl0p ransomware group earlier this year, leading to a breach of data belonging to at least 426,000 patients of Premier Health in Ohio and an unnamed Georgia-based company, 2 NEWS reports. For more on the risk of cyberattacks against the healthcare sector, see CyberWire Pro.

The status of Ukraine's IT Army.

An essay published by the Center for European Policy Analysis (CEPA) discusses the operations of the IT Army of Ukraine, pointing out that organizations of that kind can have an ambiguous legal status. There seems little mystery about the IT Army: it's an auxiliary, differing in mission but not in status from such US military auxiliaries as the Civil Air Patrol (CAP) and the Military Auxiliary Radio System (MARS). The IT Army seems to operate under effective authority, and it says it's a non-combatant (read, non-kinetic) service that observes the laws and usages of war. Both claims seem, on the available evidence, justified. CEPA characterizes the IT Army's most typical operation as distributed denial-of-service. CEPA also suggests that the IT Army offers a template for other nations too small or resource-poor to maintain a fully fledged military cyber command.

Russian news outlet outs Killmilk.

The Moscow-based news outlet Gazeta has identified a man it claims is Killmilk. That nom-de-hack belongs, Gazeta says, to one Nikolai Serafimov, a man who's not exactly been media-shy, but who's also taken care to cloak his identity in cliché fashion, appearing with his face obscured by a balaclava like someone who drew his personal style from a clip-art representation of a hacker. His reputation is one of a marketing savvy but technically weak self-promoter, and his sometime colleagues have apparently grown tired of his schtick. They accuse him of being a thief, running not only a DDoS-for-hire service but also engaging in various charity scams. His actions, his erstwhile collaborators say, discredit the Russian cause. They've been reluctant to break with him for fear of retaliation by Killmilk, who seems to have the goods on them, or at least their identities. The outing suggests that Killmilk's star is in decline.

Former deputy head of SSSCIP arrested.

Victor Zhora, who until his dismissal last week was the deputy head of Ukraine’s State Special Communications Service, the SSSCIP, was arrested today on charges related to alleged corruption in contracting dating back to 2021. He'll be released pending trial should he make his UAH 10,000,584 (roughly $275,970) bail. His former chief, Yurii Shchyhol, was arrested last week and is now out on bond, the Record reports. Both men are expected to stand trial within the coming months. Mr. Zhora had become well-known internationally due to his prominent participation in security conferences.

Intercepted soldiers' phone calls reveal Russian morale problems: “You just die like a f------ earthworm.”

Apart from what the phone calls reveal about the state of the Russian army, there's a broader lesson here: the smartphone now presents armies everywhere with an as yet unsolved operations security problem.

The AP has obtained intercepts of phone calls home from Russian soldiers at the front. “You just die like a f------ earthworm,” one representative call said. The calls generally depict an army now largely composed of hastily mobilized, partially trained, and indifferently equipped conscripts swept up in Russia's partial mobilization. They report poor command practices, high casualties, misbehavior toward civilians, combat refusals, and leadership by fear.

In introducing its intercepts the AP calls the recordings "secret" but says it's independently verified them.There's also a lesson about the importance and ready availability of open source intelligence, enabled to a great extent by smartphones and, in other cases, by commercial satellite imagery.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

Generative AI and security.

A report Snyk issued this morning looks at security issues introduced by AI-generated code, finding that 92% of developers said that AI coding tools occasionally generate insecure code suggestions: “Less than 10% of survey respondents have automated the majority of their security checks and scanning. 80% of respondents said that developers in their organizations bypass AI security policies. Respondents are also not taking proper measures to ensure that their open source libraries are secure, with only 25% using an automated scanning tool to check the security of open source components included in AI coding suggestions. The consequences of placing too much trust in AI coding tools are real. Among respondents who said that AI coding tools reduced productivity, the two primary reasons for this negative result were poor code quality and security problems introduced by AI.”

A snapshot of global threats.

BlackBerry has published its Global Threat Intelligence Report for Q3 2023, noting a 70% increase in unique malware samples compared to the previous quarter. The financial services industry remained the most targeted sector. The researchers note, “In multiple cases, we have seen tooling overlap in attacks against the public and financial sectors. That may also indicate that the same cyber criminal groups are targeting different institutions and organizations operating in different economic sectors. Due to the continued proliferation of MaaS, such as RustyStealer, RedLine, and Lumna Stealer on underground forums and marketplaces, we see a blurring trend between attacks on traditional cyber crime assets and attacks on critical infrastructure in different countries using shared and commodified tools.”

The healthcare industry also saw a 181% increase in unique malware attacks.

Notes.

Today's issue includes events affecting Australia, Canada, China, the European Union, France, Gaza, Germany, Iran, Israel, the Democratic People's Republic of Korea, NATO/OTAN, the Netherlands, New Zealand, Russia, Switzerland, Ukraine, the United Kingdom, and the United States.

Today is Giving Tuesday.

Coming as it does on the heels of Black Friday and Cyber Monday (which we might as well call the "Long Lost Weekend of Taking") it can be easy to forget that today is Giving Tuesday. Spare a thought for the charities that might benefit from our generosity.

Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.

Ukraine at D+642: OSINT on morale, and a coming hacktivist shakeup. (CyberWire) Storms impede ground operations. Smartphones as intelligence sources (and as a security problem). Notes on hacktivist auxiliaries, both Russian and Ukrainian.

Israel-Hamas War: Second Hostage-Prisoner Exchange Is Completed After a Delay (New York Times) Israeli and Thai hostages held by Hamas and Palestinian prisoners in Israeli jails were freed after mediators broke an impasse over aid to northern Gaza.

Three year old Israeli twins released by Hamas in latest hostage exchange (The Telegraph) Three-year-old twins were among the eleven Israelis freed from Hamas captivity tonight as they had safely made it back to Israel, and to hospital for observation, after being held captive for seven weeks.

Freed Israeli hostage describes deteriorating conditions while being held by Hamas (AP News) An Israeli hostage freed by Hamas has said in an interview that she was initially fed well in captivity until conditions worsened and captives became hungry. She was kept in a “suffocating” room and slept on plastic chairs with a sheet for nearly 50 days.

Briefing: Musk Tours Israel, Amid Criticism for His Antisemitic Remarks (The Information) On a visit to Israel on Monday, Elon Musk toured the site of one of the Oct. 7 Hamas attacks on Israelis, accompanied by prime minister Benjamin Netanyahu, in a trip seemingly designed to blunt criticism of his endorsement of an antisemitic conspiracy theory and the resulting advertiser exodus from his social media company X. As part of the visit, Musk and Netanyahu held an online discussion

Israel tells Elon Musk Starlink can only operate in Gaza with its approval (Financial Times) Entrepreneur meets country’s leaders amid furore over alleged antisemitism on his social platform X

Top Israeli intel unit wasn’t operational on October 7 due to personnel decision (Times of Israel) New report claims senior officer decided 2 years ago that Unit 8200 shouldn’t work overnight or on weekends, said warning of Hamas attack wouldn’t come from ‘classic sources’

WildCard: The APT Behind SysJoker Targets Critical Sectors in Israel (Intezer) Our research team has identified a new APT group, dubbed “WildCard,” initially detected through its use of the SysJoker malware, which targeted Israel’s educational sector in 2021. WildCard has since expanded its reach, creating sophisticated malware variants disguised as legitimate software, and a recently developed malware called ‘RustDown,’ written in Rust for potential operational advantages. […]

Shadowy hacking group targeting Israel shows outsized capabilities (CyberScoop) A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.

New Rust-based SysJoker backdoor linked to Hamas hackers (BleepingComputer) A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.

Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker (Check Point Research) Key Findings Introduction Amid tensions in the ongoing Israel-Hamas war, Check Point Research has been conducting active threat hunting in an effort to discover, attribute, and mitigate relevant regional threats. Among those, some new variants of the SysJoker malware, including one coded in Rust, recently caught our attention. Our assessment is that these were used […]

Iran hits Pennsylvania water utility. (CyberWire) Iranian hacktivists claim an attack on a Pennsylvania water utility.

Cyber Command Should Tap on Iran’s Windows (The Messenger) Perhaps it’s time to send in the nerds to remind Iran of the full scope of American power

Russia-Ukraine war live: wife of Ukrainian military’s top intelligence official poisoned; Stoltenberg urges Nato to ‘stay the course’ (the Guardian) Marianna Budanova undergoing treatment in hospital; Nato’s secretary general says it is ‘our obligation’ to supply Ukraine with weapons

Russian forces advancing on Ukrainian town from all sides (Reuters) Russian forces are intensifying their drive to capture the eastern Ukrainian town of Avdiivka, trying to advance on all sides after weeks of fighting, the town's top official was quoted as saying on Monday.

Putin Has Staked Russia’s Resources on Victory in Ukraine. Can the West Match Him? (Wall Street Journal) The Russian president seeks to turn his nation’s advantage in manpower and munitions into battlefield progress, while Western will and assistance for Kyiv are wavering.

A Containment Strategy for Ukraine (Foreign Affairs) How the West can help Kyiv endure a long war.

Is it worse than 'stalemate' in Ukraine right now? (Responsible Statecraft) Experts say Russia has the upper hand at a time when US aid is not coming fast enough

Intercepted calls from the front lines in Ukraine show a growing number of Russian soldiers want out (AP News) In audio intercepts from the front lines in Ukraine, Russian soldiers speak in shorthand. They describe 200s to mean dead, 300s to mean wounded, and 500s to describe people who refuse to fight.

Ukraine’s Volunteer IT Army Confronts Tech, Legal Challenges (CEPA) Ukraine’s volunteer IT army is growing in strength and audacity. Its independence also poses questions of legality.

Leader of Killnet 'unmasked' by Russian state media (Register) Also: NXP China attack, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month

«От него устали, но боятся»: что известно о лидере хакерской группировки Killnet - Газета.Ru (Газета.Ru) В пророссийском хакерском сообществе назрел новый конфликт. Более десяти хакеров и хактивистов публично выступили против российской группировки Killnet и ее лидера, известного под ником Killmilk. Его обвиняют в атаках на инфраструктуру РФ, мошенничестве и многочисленных нарушениях хакерской этики. «Газета.Ru» рассказывает, чем прославилась Killnet, и деанонимизирует личность главаря группировки.

Ukraine detains Victor Zhora, former top government cyber official (TechCrunch) Last week, the Ukrainian government fired two of its top cybersecurity officials, who are accused of embezzlement. Now, one of them has been detained.

Second top Ukrainian cyber official arrested amid corruption probe (Record) Viktor Zhora, the ex-deputy head of Ukraine’s State Service for Special Communications and Information Protection (SSSCIP), is accused of facilitating a corruption scheme involving the procurement of software.

Turkey’s exports of military-linked goods to Russia soarFinancial Times (Financial Times) Growth in shipments of restricted parts fuels western suspicions that Turkish companies are conduit for Moscow

Attacks, Threats, and Vulnerabilities

Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable for Takeover, Says Cybersecurity Company Hunters (Hunters) Hunters today announced it ranked 15 on the Deloitte Technology Fast 500™, a ranking of the fastest-growing tech companies in North America

DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover (Hunters) Team Axon discovered a severe design flaw in Google Workspace's domain-wide delegation feature that can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs. They also developed a tool to to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks.

Spyware in Serbia: civil society under attack (Access Now) Access Now and our partners have discovered that civil society in Serbia have been targeted with invasive spyware technology. Here’s what we know.

Spyware abuses travel to Serbia for first time (Washington Post) Investigators say they found evidence of attempted spyware infections targeting two people representing civil-society groups in Serbia, believed to be the first abuse of spyware in that nation.

Iran hacks US water system: Observation and implications of a terrorist attack on US soil (Control Global) An Iranian-backed cyber group recently launched an attack on the Municipal Water Authority of Aliquippa, Pennsylvania

Federal, state investigators probing Aliquippa Water Authority hack (Beaver County TImes) An Iran-aligned “hacktivist” group known for targeting the critical infrastructure sector reportedly hacked a Municipal Water Authority of Aliquippa water booster station Saturday.

Cyberattack on Pittsburgh-area water authority sends alarms to Department of Homeland Security (CBS News) KDKA-TV's Andy Sheehan breaks down what happened and what it means to our security.

DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads (SentinelOne) Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.

How generative AI is assisting payment scams (American Banker) The rise of generative artificial intelligence is driving a sharp uptick in basic payment-card fraud tactics including bot attacks, card testing, credential stuffing and ordinary account phishing, according to a new Arkose Labs report.

Voting machine trouble in Pennsylvania county triggers alarm ahead of 2024 (POLITICO) Officials say the issue did not affect the outcome of the votes, but are nonetheless racing to restore voter confidence ahead of next year’s election.

The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI (Sophos News) Generative artificial intelligence technologies such as OpenAI’s ChatGPT and DALL-E have created a great deal of disruption across much of our digital lives. Creating credible text, images and even…

Cybercriminals can’t agree on GPTs (Sophos News) Despite concern over illicit applications of ChatGPT and similar models, Sophos X-Ops’ exploration of cybercrime forums suggests many threat actors are still skeptical – and wrestling with the same…

WSJ News Exclusive | Instagram’s Algorithm Delivers Toxic Video Mix to Adults Who Follow Children (Wall Street Journal) Content served to WSJ test accounts included risqué footage of kids, overtly sexual adult videos and ads from major brands.

Fidelity National Financial Takes Down Systems Following Cyberattack (SecurityWeek) Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack.

Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial (Record) The AlphV/Black Cat group claimed it breached Fidelity National Financial, a Fortune 500 provider of title insurance for property sales.

Ransomware group claims responsibility for another Florida attack (The Capitolist) Ransomware group BlackCat has targeted Florida-based Fidelity National Financial (FNF), a major title insurance provider, accessing systems and obtaining credentials. FNF has launched an investiga…

Nation's biggest title company hit by ransomware attack (Inman) Fidelity National Financial acknowledges that a "cybersecurity incident" disrupted the provision of title and escrow services and other technology and mortgage services.

DP World says hackers stole Australian ports employee data (Reuters) DP World Australia, one of the country's largest ports operators, said on Tuesday hackers had accessed files containing personal details of employees after a cyber incident early this month forced it to suspend operations for three days.

GE investigates alleged data breach into confidential projects: Report (CSO Online) General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker.

Alleged GE hack raises concerns about US national security (SiliconANGLE) General Electric Co. has allegedly been hacked, and the hacker is offering stolen data, including Defense Advanced Research Projects Agency documents for sale on a hacking forum, raising national security concerns.

Ardent hospital ERs disrupted in 6 states after ransomware attack (BleepingComputer) Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday.

Ardent Health Services Reports Information Technology Security Incident (Ardent Health Services) Ardent Health Services and its affiliated entities (“Ardent”) became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack. The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality.

2 N.J. emergency rooms diverting patients after Hackensack Meridian Health hit with potential cyber attack (CBS News) Patients in need of emergency care were being diverted away from hospitals impacted by the network outage.

Portneuf Medical Center experienced ransomware attack. Hospital is adapting with pencils and paper (East Idaho News) Portneuf Medical Center is the latest hospital in eastern Idaho to experience a cyber-attack. Services are currently curtailed.

UT Health East Texas back on divert status after ransomware attack (KETK.com | FOX51.com) TYLER, Texas (KETK) – UT Health East Texas is asking ambulance services to transport emergency patients to other hospitals as they deal with a cyberattack. UT Health East Texas first announce…

Criminal hacking group breaches data, including Premier Health (WDTN) A recent data breach could impact thousands of people who use Premier Health services in the Miami Valley. Denver-based patient engagement company Welltok confirmed that…

Lovelace Health System in New Mexico impacted by ransomware attack (KRQE NEWS 13) The parent company of the Lovelace Health System, which has six hospitals and more than one dozen medical centers in New Mexico, was hit with a ransomware attack Thurs…

Rivers Casino joins the club of hacked casinos (Panda Security Mediacenter) Cyber-attacks on gambling companies appear to be a trend among hackers, as last week, Rivers Casino Des Plaines reported a cyber incident.

KyberSwap recovers $4.7 million after exploit (The Block) Decentralized exchange protocol KyberSwap has recovered approximately $4.67 million in funds following a recent security attack.

Google investigating missing files on Drive, caused by desktop app (9to5Google) The missing file issue affecting Google Drive users is caused by the desktop app, Google has confirmed, and the company is investigating.

Trends

DataDome Research Discovers That 2 in 3 US Websites Are Unprotected Against Simple Bot Attacks (PR Newswire) Today, DataDome, a leading provider of AI-powered online fraud and bot mitigation, unveiled insights from its US Bot Security Report, which...

BlackBerry Quarterly Global Threat Report — November 2023 (BlackBerry) The latest report by the BlackBerry Threat Research and Intelligence team provides actionable and contextualized cyber intelligence to increase your organization's cyber resilience.

Government breaches - can you trust the US Government with your data? (Comparitech) In 2020, the US government suffered 87 data breaches that affected over 3.3 million people. Based on an average cost of $146 per affected record, we estimate that these breaches cost government entities almost $487 million last year alone. Despite a 25 percent year-on-year decrease in the number of breaches targeting government entities (down from […]

Our embrace of the end of privacy comes at a costFinancial Times (Financial Times) I was wrong to assume that liberal indifference to our actions would be the ultimate consequence of online living

Marketplace

Jacobs to Spin-off and Merge its Critical Mission Solutions and Cyber & Intelligence Businesses (Dallas Innovates) Jacobs announced it will combine the businesses with Virginia-based Amentum, a global engineering and technology solutions provider—creating a new, publicly traded player in the government services sector with nearly $13 billion in annual revenue.

Godspeed Capital launches Crimson Phoenix (Intelligence Community News) On November 27, Godspeed Capital Management LP announced the formation of Crimson Phoenix, a data and intelligence solutions platform designed to support critical mission requirements of the U.S. Intelligence Community and U.S. Special Operations Command.

Layoffs engulf VMware after Broadcom close, 'chaos' for partners in sales trenches (CRN) VMware layoffs are creating ‘significant concern and chaos’ among customers and partners in the sale trenches, said C.R. Howdyshell, CEO of Advizex, a Fulcrum IT Partners company

HII wins Air Force contract for Five Eyes information sharing (APDR) HII announced that its Mission Technologies division was awarded a three-year task order under the Analytical and Technical Services contract to provide information-sharing capabilities to the Five Eyes intelligence alliance […]

Microsoft Needs a Better Seat at OpenAI’s Table (Wall Street Journal) The leadership crisis exposed Microsoft’s reliance on the AI startup, showing a need for a greater role.

DevTernity conference collapses amid claims of fake speakers (Register) Anna? Oh, she was just a demo persona, says organizer

Male Tech Conference Founder Is Behind Popular Woman Coding Influencer Account (404 Media) IP logs show that accounts for Coding Unicorn, a female tech influencer who's built a following based on her coding advice and Instagram influencer posts, are run by a male developer and conference organizer.

Products, Services, and Solutions

Infinigate UK&I Launches Next-Gen Cyber Observability Solution for Customers (SME Bulletin) Infinigate UK&I has launched an integrated, interoperable offering to provide reseller partners with a complete cyber-observability package to face today’s escalating cyber-threats. The ‘Next-Gen Cyber Observability’ (NGCO) framework draws from the best tools from five specialist vendors – Anomali, Cybereason, Gigamon, LogRhythm and Vectra – for comprehensive risk visibility across extended hybrid networks.

Trend Micro Delivers Visibility to Entire Kill Chain by Uniting Global Threat Feeds and Generative AI-Powered Platform (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, announced today its latest evolution in generative AI: the...

Datadobi Announces Enhancements to StorageMAP for the Most Comprehensive Unstructured Data Management at Massive Scale (Datadobi) StorageMAP Minimizes Risk and Transforms Unstructured Data From A Cost Center Into A Profit-Generating Competitive Advantage

CardinalOps Contributes to MITRE ATT&CK for Fourth Consecutive Release (PR Newswire) CardinalOps, the detection posture management company, announced today that it contributed updates to the latest version of MITRE ATT&CK, a...

Infinigate UK&I Launches Next-Gen Cyber Observability Solution (Pressat) Infinigate UK&I is launching a composite, multi-vendor offering to provide reseller partners with a complete cyber-observability package to face today’s escalating cyber-threat.

Deepwatch Standardizes on Torq Hyperautomation Platform Across Its Global Security Infrastructure (Torq) Deepwatch harnesses enterprise-grade Torq Hyperautomation platform to increase flexibility, enhance visibility across the attack surface, and respond to emerging threats

Securonix Joins Wiz Integrations (WIN) to Provide a Unified Approach to Protecting Complex Cloud Environments (Business Wire) Collaboration Creates a Single Pane of Glass for Monitoring Security Events and Incidents Across Cloud Platforms and On-Premises Infrastructure

Skyhawk Security Announces a Paradigm Shift in Cloud Security, Introduces AI-based Autonomous Purple Team for Continuous Proactive Protection (GlobeNewswire News Room) AWS re:Invent -- Skyhawk Security, the originator of cloud threat detection and response (CDR, now also...

Lacework Launches Generative AI Assistant to Level-Up Cloud Security Teams (PR Newswire) Lacework, a data-driven cloud security company, today announced a generative artificial intelligence (AI) assistant that gives enterprise...

Armis Releases Q4 Update to Its Armis Centrix™ Platform (Armis) Armis today announced the availability of version 23.3 of the Armis Centrix™️ platform.

Data Theorem Expands Ecosystem Partnerships, Bolsters Technical Integrations with Industry-Leading API Gateway Platforms and WAAP/WAF Service Providers (Business Wire) Company Integrates Leading API Solutions with Growing Partner Ecosystem, Including Akamai, Axway, CloudFlare, Google Cloud (Apigee), Imperva, Ideatec, and Kong

RapidFort’s Platform Now Available in Microsoft Azure Marketplace (Business Wire) Marketplace inclusion improves access to industry-leading software attack surface management technology

Technologies, Techniques, and Standards

Guidelines for secure AI system development (NCSC) This document recommends guidelines for providersof any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.

AI threat demands new approach to security designs -US official (Reuters) The potential threat posed by the rapid development of artificial intelligence (AI) means safeguards need to be built in to systems from the start rather than tacked on later, a top U.S. official said on Monday.

Trellix, Illumio team up with advice on how to defeat ransomware (ITWeb) Trellix is partnering with Illumio on a series of Ransomware Detection and Response Workshops this December in the US.

Incognito Mode Isn’t Doing What You Think It’s Doing (Wall Street Journal) Private browsing, for one thing, may be giving holiday shoppers a false sense of privacy.

Design and Innovation

Superintelligent AI: can chatbots think? (Financial Times) When you interact with a chatbot, it seems like it’s reasoning. But are we being fooled?

Legislation, Policy, and Regulation

Resilience in a Time of Uncertainty: National Chemical Security During the CFATS Lapse (Cybersecurity and Infrastructure Security Agency | CISA) But 2023 is not a normal November for CISA Chemical Security. This summer, Congress allowed the Chemical Facility Anti-Terrorism Standards program’s statutory authority to expire, leaving our nation without a regulatory chemical security program for the first time in 15 years.

Swiss army takes part in NATO cyber defense exercise in Estonia (SWI swissinfo.ch) This week, the Swiss Armed Forces are taking part in the NATO Cyber Coalition exercise to defend against cyber attacks.

A Controversial US Surveillance Program May Get Slipped Into a ‘Must-Pass’ Defense Bill (WIRED) Congressional leaders are discussing ways to reauthorize Section 702 surveillance, including by attaching it to the National Defense Authorization Act, Capitol Hill sources tell WIRED.

Cyber Insurers Warn Catastrophic Hacks Will Require Government Help (Wall Street Journal) U.S. officials and insurers plan to meet in April to discuss options for a federal cyber insurance backstop.

Litigation, Investigation, and Law Enforcement

Police dismantle ransomware group behind attacks in 71 countries (BleepingComputer) In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.

Inside U.S. Efforts to Untangle an A.I. Giant’s Ties to China (New York Times) American spy agencies have warned about the Emirati firm G42 and its work with large Chinese companies that U.S. officials consider security threats.

Meta Loses Bid to Push FTC Into Court on Privacy Deal (Bloomberg) Meta, under FTC order on privacy, sought federal court review. Agency opened proceeding on alleged new privacy violations.

A Bank Watchdog Crowned Its First Chief Fintech Officer. His Work History Was A Web Of Lies. (The Information) In March, the Office of the Comptroller of the Currency—the powerful federal banking regulator—tapped Prashant Kumar Bhardwaj as the first person to lead its mission to police fintech firms and the banks that power them. On the surface, Bhardwaj seemed to be well qualified to be the OCC’s new ...

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Russia’s Cyber War Against Ukraine: Lessons and Policy Challenges (Virtual, Dec 5, 2023) Ukraine has become a crucible for a new breed of warfare—one fought not only with traditional battlefield weapons but also with lines of code and keystrokes. The country has faced for almost a decade an unrelenting wave of cyberattacks, with this invisible front blurring the line between state and nonstate actors, and introducing hackers, volunteers, and private companies to the fight. Ukraine’s experience has implications that go beyond national security to include the future of international cyber policy, the role of technology giants in warfare, and the rights and responsibilities of civilians in a conflict. This event will discuss the various questions of cyber warfare that Russia’s war on Ukraine has brought to the fore: How has the conflict influenced Ukrainian cyber policy and where is it headed? What role do citizens and other nonstate actors play in developing digital resilience? How can legal and policy challenges relevant to “cyber troops” be addressed? How should international humanitarian law treat evolving cyber warfare?

Events

AWS re:Invent 2023 (Las Vegas and Virtual, Nevada, USA, Nov 27 - Dec 1, 2023) Come together with cloud enthusiasts from around the world to hear the latest cloud industry innovations, meet with AWS experts, have fun, and build connections. You’ll gain skills and expertise that would take weeks or months to learn at home.

SANS Austin Fall 2023 (Austin, Texas, USA, Nov 27 - Dec 2, 2023) At SANS Austin Fall 2023, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

TRUSTECH 2023 (Paris, France, Nov 28 - 30, 2023) During this new edition, TRUSTECH 2023 will welcome professionals from the cards, payments and identification solutions markets from all over the world. The outlook for the event should be at its best, since the number of exhibitors (85% of whom are from outside-France) is already superior to 2022. International speakers, opinion leaders and experts from the payments, financial services and identification ecosystems will be leading a high-level programme of keynotes, conferences and roundtables throughout the three-day event.

Online safety and digital content oversight (Washington (and virtual), DC, USA, Nov 30, 2023) As the United States wrestles with the impact of online content — from children’s safety to AI deepfakes — the United Kingdom has passed a sweeping Online Safety Bill, delegating implementation to the Office of Communications (Ofcom). On November 9, Ofcom released the draft of its approach to balancing protections with free speech rights. It is the most comprehensive effort undertaken by any Western government to date. On November 30, join the Center for Technology Innovation at Brookings for an event with Ofcom Chief Executive Dame Melanie Dawes to discuss the challenges faced by liberal democracies in dealing with online content.

Insider Threat Program Development - Management Training Course (Washington, DC, USA, Dec 4 - 5, 2023) The training course will be taught on December 4-5, 2023. This highly sought after and very comprehensive 2 day training course will ensure that the Insider Threat Program (ITP) Manager and others who support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group. This training will also provide students with an in depth view of how to obtain visibility of potential or malicious employee actions on computer systems and networks, using Insider Threat Detection software. Our student satisfaction levels are in the exceptional range. Over 900+ individuals have attended this training course and received ITP Manager Certificates.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.