Somebody once said, “if it ain’t broke, don’t fix it.” That somebody didn’t work in cybersecurity. And that somebody didn't work at Raytheon, Intelligence & Space. Here we break the definition of cyber defense: Hiring the sharpest minds, actively hunting threats, and designing one-of-a-kind-never-been-done-before solutions. That’s how we shake up the future and uncover new thinking to protect our customer's most vital infrastructure and our way of life.
Tune in to the newest episode of our Special Editions podcast to hear Brandon Karpf, our Director of New Markets, interview a very special guest - ChatGPT, OpenAI's chatbot that's been vamping around the Internet these past few weeks. Our CSO, Rick Howard, also joins in to analyze & discuss potential use cases for the cybersecurity community. Check out this one-of-a-kind interview. Listen now. (Artificially intelligent listeners are welcome, too.)
Researchers at WithSecure are tracking a campaign by North Korea’s Lazarus Group that’s targeting “healthcare research, a manufacturer of technology used in energy, research, defense, and healthcare verticals, as well as the chemical engineering department of a leading research university.” One of the targeted healthcare research organizations was based in India. The attackers compromised their targets using known vulnerabilities in unpatched Zimbra platforms. The researchers believe the threat actor’s motive is cyberespionage.
Why are you struggling with interpreting threat intel by yourself? Engage Nisos to achieve better risk insights and outcomes. Rely on the experts with a managed service that gives you the people, process, and technology to control costs while improving your defenses. Nisos leverages automation efficiency and analyst expertise that eliminates noise, identifies risks, and prioritizes your company-specific threats. We help you respond to threats faster and more effectively through assessments, monitoring, and investigations.
A survey by BlackBerry has found that 71% of IT professionals believe that nation-state actors are already using ChatGPT to assist in launching cyberattacks: “ChatGPT’s ability to help hackers craft more believable and legitimate sounding phishing emails is the top global concern (53%), along with enabling less experienced hackers to improve their technical knowledge and develop more specialized skills (49%) and its use for spreading misinformation (49%)." The majority of respondents believe that ChatGPT still has more potential for good than for evil, though 95% of them think governments will need to regulate these types of advanced AI tools.
Did you know that CyberWire Pro offers five tailored briefings to help you focus in on your area of cybersecurity speciality? With daily Privacy and Policy briefings and weekly Research, Business and Disinformation briefings, you can dive right into topics that interest you the most. PLUS, get ad-free listening of all of our public podcasts and exclusive CyberWire Pro podcasts like CSO Perspectives and extended Interview Selects. Subscribe today for only $99/year and get all of this content and more! Subscribe today. Subscribe today.
Researchers at Fortinet have discovered a malicious PyPI package called “web3-essential” that will download a malicious executable. The malware appears to be designed to steal login credentials and payment card information from browsers, including Google Chrome, Microsoft Edge, and Firefox. The researchers note that the package was published on the same day that its author joined the repository, and that “[g]iven the frequency of this pattern of simultaneously joining and publishing, it may be a wise idea to take precautions for downloading packages published by newly joined authors.”
Avanan has released a report detailing a campaign leveraging ClickFunnels, described as “an online service that helps entrepreneurs and small businesses generate leads, build marketing engines and grow their businesses,” to bypass security measures. Ill-meaning actors are taking advantage of the service’s capability to create webpages, and are creating malicious pages with redirects to malicious links. Targets receive an email requesting the review of a file, providing a “Document Review” link. The email link opens a falsified OneDrive page with a “Get Document” button that redirects to a credential harvesting page. This incident is a textbook example of the Static Expressway: hackers leveraging the legitimacy of sites for hidden malicious purposes.
Becker's Hospital Review reports that KillNet has continued its attacks against hospitals in countries deemed hostile to Russia. The attacks--distributed denial-of-service (DDoS) for the most part--have afflicted medical organizations in the UK, the Netherlands, the US, Germany, Poland, and the Scandinavian countries.
The Russian-speaking ransomware gang LockBit continues its financially-motivated campaigns, most recently against financial tech firm ION, where, Computing reports, the gang has demanded that it be paid by tomorrow. Canada's Communications Security Establishment warned that "LockBit will almost certainly remain an enduring threat to both Canadian and international organizations into 2023." LockBit has taken care to position itself as a simple, apolitical criminal organization, and not a cyber auxiliary working under Russian state supervision. But it certainly operates with the permission of, and at the sufferance of, the Russian government, and the relationship with that government is complex and imperfectly understood. Le Monde Informatique, for one, argues that not only Russian, but North Korean and Chinese services as well, are using ransomware as a cover for cyberespionage.
Telegram, a platform that's enjoyed a reputation for anonymity, seems to have been penetrated by Russian security services. Wired reports that dissidents have been receiving police attention that seems to be accounted for only by Telegram's cooperation with the authorities.
The CyberWire's continuing coverage of Russia's war against Ukraine may be found here.
CISA, the US Cybersecurity and Infrastructure Security Agency, released six Industrial Control Systems (ICS) advisories yesterday. They cover Delta Electronics DIAScreen, Mitsubishi Electric GOT2000 Series and GT SoftGOT2000, Baicells Nova, Delta Electronics DVW-W02W2-E2, Delta Electronics DX-2100-L1-CN, and Mitsubishi Electric Multiple Factory Automation Products (Update D).
Today's issue includes events affecting Canada, China, the Czech Republic, Egypt, the European Union, France, India, the Democratic People's Republic of Korea, Libya, NATO/OTAN, Russia, Sudan, Switzerland, Ukraine, the United Arab Emirates, the United Kingdom, and the United States.
Ukraine at D+344: Historical revisionism in Russia. (CyberWire) Little change in the front lines, but casualties continue to mount.
Vladimir Putin says ‘Nazi-like’ ideology threatens Russia on anniversary of Stalingrad battle (The Telegraph) After laying wreath at war memorial, Russian president compares German tanks in Ukraine to the Nazis sweeping across eastern Europe
As Russia Strikes Ukrainian Civilians, Putin Tells His People the War Is Just (New York Times) Invoking World War II on the 80th anniversary of victory at Stalingrad, Mr. Putin repeated his false justifications for an invasion that has taken a staggering toll.
Soaring Death Toll Gives Grim Insight Into Russian Tactics (New York Times) Moscow is sending poorly trained recruits, including convicts, to the front lines in eastern Ukraine to pave the way for more seasoned fighters, U.S. and allied officials say.
Russian missile destroys apartment block killing at least three (The Telegraph) The attack in the city of Kramatorsk came as EU officials arrived in Kyiv for talks seen as key to Ukraine's pivot towards the West
Ukraine War: As It's Happening (The Moscow Times) Air raid sirens rang out in Kyiv and across Ukraine on Friday before the start of a summit bringing together senior Ukrainian officials and EU representatives.
Ukraine’s Zelensky Presses EU Chief on Membership Progress (Wall Street Journal) The European Union will double the number of Ukrainian troops it trains to 30,000, a senior EU official says, in a sign of the bloc’s continued support for Kyiv’s war effort.
Russia-Ukraine war at a glance: what we know on day 345 of the invasion (the Guardian) EU leaders meet Zelenskiy in Kyiv; Ukraine presses charges against Wagner group founder for ‘waging a war of aggression’
Along Ukraine-Belarus border, a war of nerves — and drones (AP NEWS) The reconnaissance drones fly several times a day from Ukrainian positions deep inside the thick forest that marches across the border into Belarus, a close Russian ally, scouring sky and land for signs of trouble on the other side.
Ukraine hails French gift of radar as 'cherry on the cake' (AP NEWS) Ukraine's defense minister said Wednesday that Ukrainian lives will be saved by a sophisticated air-defense radar that France is supplying and which is powerful enough to spot incoming missiles and exploding drones in the skies over all of Ukraine's capital and its surrounding region.
What Ukraine wants from France: Munitions, training, air defense and, maybe, fighter jets? - Breaking Defense (Breaking Defense) Ukrainian Minister of Defense Oleksii Reznikov traveled to Paris for talks with counterparts, and came away with more firepower.
Training Ukrainians to fly British jets would take too long, says No 10 (Telegraph) The quickest a Ukrainian pilot could learn to fly a British fighter jet is 35 months, Rishi Sunak's spokesman has said, elaborating on an obstacle to sending warplanes to Kyiv.
Who’s sending what to Ukraine: A new wave of Western weapons explained (Washington Post) A new surge of increasingly elaborate weapons from Western countries could change the balance on the battlefield in Ukraine as Kyiv’s major backers agree to successive requests that once made them balk.
The real reason Ukraine won’t be joining the EU any time soon (The Telegraph) Bloc wants Kyiv as a member state, but there are no shortcuts amid challenges over money and Brussels rules
How to Get a Breakthrough in Ukraine (Foreign Affairs) The case against incrementalism.
What Ukraine Needs to Liberate Crimea (Foreign Affairs) A credible military threat might be enough.
Losing Crimea Would Escalate Russian-Ukraine Conflict, Former Defense Secretary Says (USNI News) Losing Crimea, which holds an important naval base in Sevastopol, to Ukraine would cross a “real red line” for Russia and likely risk an escalation of the ongoing war, a former U.S. defense secretary said Wednesday. Reclaiming Crimea would be “an exceptionally difficult fight” because Russian President Vladimir Putin attaches so much importance to it, …
Boris Johnson: Stop worrying about Putin and ‘focus entirely on Ukraine’ (Atlantic Council) The former UK prime minister urged the West to stop tiptoeing around Putin's threats and equip Ukraine with the weapons it needs to end the war.
With or Without Western Tanks, Escalation Is Coming to Ukraine (The National Interest) To meet the expected Russian offensive in the late winter or early spring, Ukraine needs additional components for modern air-land battle.
Is the U.S. Military Capable of Learning From the War in Ukraine? (Foreign Policy) The Pentagon has learned painful lessons in the past—and may have to do so again.
Europe's last empire: Putin’s Ukraine war exposes Russia’s imperial identity (Atlantic Council) Vladimir Putin's genocidal invasion of Ukraine has exposed modern Russia's unapologetically imperial identity but could yet lead to the collapse of the Kremlin's broader imperial ambitions, writes Botakoz Kassymbekova.
Russian presence at Paris Olympics risks normalizing Ukraine invasion (Atlantic Council) The International Olympic Committee's decision to allow Russian athletes to compete at the 2024 Paris Olympics under a neutral flag has sparked outrage from critics who say it risks normalizing the genocidal invasion of Ukraine.
Petr Pavel: Ukraine deserves to join Nato, says new Czech leader (BBC News) Petr Pavel tells the BBC Ukraine is morally and practically ready to join Nato after the war is over.
Czech Election Sends a Reassuring Signal to Ukraine and NATO (World Politics Review) Czech Republic’s presidential election was widely considered a referendum on sending aid to Ukraine and sticking by Prague’s NATO allies.
The Kremlin Has Entered the Chat (WIRED) Russian antiwar activists placed their faith in Telegram, a supposedly secure messaging app. How does Putin’s regime seem to know their every move?
Intelligence agency says ransomware group with Russian ties poses 'an enduring threat' to Canada (CBC) Canada's cyber intelligence agency says Lockbit — a prolific ransomware group with links to Russia — was responsible for 22 per cent of attributed ransomware incidents in Canada last year and will pose an "enduring threat" to Canadian organizations this year.
Les ransomwares, couverture des groupes APT pour du cyber-espionnage (Le Monde Informatique) Les groupes APT nord-coréens, russes et chinois changent de tactique. Sous couvert de mener des attaques par rançongiciels, ils mènent des campagnes...
Winners and Losers in the Russia–Ukraine Cyberwar | Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA) The Russia–Ukraine cyberwar has upended a number of existing preconceptions about cyber conflict in an active war.
Russia-Ukraine war has improved US cyber cooperation, says key official (The Hill) Nathaniel Fick, U.S. ambassador at large for cyberspace and digital policy, said on Thursday that the Russia-Ukraine war prompted the government to significantly increase its partnership with the p…
Report: 'KillNet' targeting hospitals in countries helping Ukraine in war efforts (Becker's Hospital Review) On Feb. 1, Dutch cyber authorities confirmed that several hospital websites in the Netherlands and Europe were targeted by 'KillNet's' DDoS campaign, along with U.S. hospitals and health systems, Security Week reported Feb. 1.
Kazakhstan’s Tokayev Is Playing With Fire at Home—and With Russia (World Politics Review) President Tokayev has shown a willingness to stand up to Russia, but amid domestic protests, has refused to implement promised reforms.
Ukrainian SMEs hold the key to the country’s economic revival (Atlantic Council) There is still no end in sight to the Russian invasion of Ukraine but the international community must not delay efforts to revive Ukraine's economy by supporting the country's vibrant SME sector.
Ukraine’s Coming Electricity Crisis (Foreign Affairs) How to protect the grid from Russian attacks.
How Putin’s plans to blackmail Europe over gas supply failed (the Guardian) Within eight months of Russia invading Ukraine, the EU’s 27 states had replaced about 80% of the natural gas they used to get from Moscow
US seeks to expel Russian mercenaries from Sudan, Libya (AP NEWS) The United States has stepped up pressure on Middle East allies to expel the Wagner Group, a military contractor with close ties to Russia's president, from chaos-stricken Libya and Sudan where it expanded in recent years, regional officials told The Associated Press.
Don’t dress like Volodymyr Zelensky when in Kyiv, EU officials warned (The Telegraph) Memo advised them to don ‘usual business attire’ and avoid military ‘green and khaki’ when meeting the Ukraine president
U.S. nuclear sites face hacking and espionage threats (Washington Post) Hackers target U.S. nuclear facilities, the latest in a long line of nuclear-related cyberattack
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector (WithSecure) During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.
Hackers linked to North Korea targeted Indian medical org, energy sector (The Record from Recorded Future News) North Korea's Lazarus Group is accused of targeting an Indian medical research company and other businesses in the energy sector.
North Korean hackers stole research data in two-month-long breach (BleepingComputer) A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction.
Supply Chain Attack by New Malicious Python Package, “web3-essential” (Fortinet Blog) FortiGuard Labs team discovers another 0-day attack in a malicious PyPI package called “web3-essential”. See how this malware avoids suspicion and other observations.…
Google ads push ‘virtualized’ malware made for antivirus evasion (BleepingComputer) An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer.
Vulnerability Causing Deletion of All Users in CrushFTP Admin Area (Trustwave) During a recent penetration test, Trustwave SpiderLabs researchers discovered a weak input validation vulnerability in the CrushFTP application which caused the deletion of all users.
Majority of the ransomware gangs used this packer to bypass antivirus and encrypt devices (Information Security Newspaper) Majority of the ransomware gangs used this packer to bypass antivirus and encrypt devices - Malware - Information Security Newspaper | Hacking News
LockBit claims attack on financial software firm ION, demands payment by tomorrow (Computing) Ransomware attack has affective derivative trading for dozens of financial enterprises
ChatGPT May Already Be Used in Nation State Cyberattacks, Say IT Decision Makers in BlackBerry Global Research (BlackBerry) BlackBerry Limited today released new research revealing that half (51%) of IT professionals predict that we are less than a year away from a successful cyberattack being credited to ChatGPT, and 71% believe that foreign states are likely to already be using the technology for malicious purposes against other nations.
UK IT leaders fear malicious use of ChatGPT by foreign states (Computing) UK IT leaders are concerned about the potential for malicious use of the ChatGPT chatbot by foreign states, according to a new study.
Switzerland’s largest university confirms ‘serious cyberattack’ (The Record from Recorded Future News) The University of Zurich, Switzerland’s largest university, announced on Friday it was the target of a “serious cyberattack."
Tallahassee Memorial hospital victim of suspected ransomware attack (Florida Politics - Campaigns & Elections. Lobbying & Government.) The hospital is also diverting EMS patients.
Data breach at Vice Media involved SSNs, financial info (The Record from Recorded Future News) A data breach involving Vice Media leaked the sensitive information and financial data of more than 1,700 people.
The website that wants you to kill yourself—and won't die (Mother Jones) How the trolls on Kiwi Farms hounded people to commit suicide and created the online culture we have today.
Cisco Releases Security Advisories for Multiple Products (CISA) Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
Drupal Releases Security Update to Address a Vulnerability in Apigee Edge (CISA) Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x. An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB- 2023-005 and apply the necessary update.
Delta Electronics DIAScreen (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution.
Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: GOT Mobile Function on GOT2000 Series and GT SoftGOT2000 Vulnerabilities: Authentication Bypass by Spoofing, Improper Restriction of Rendered UI Layers or Frames 2.
Baicells Nova (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baicells Technologies Equipment: Nova Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands.
Delta Electronics DVW-W02W2-E2 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Public exploit available/exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DVW-W02W2-E2 Vulnerabilities: OS Command Injection 2.
Delta Electronics DX-2100-L1-CN (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Public exploits available/exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DX-2100-L1-CN Vulnerabilities: OS Command Injection, Cross-site Scripting 2.
Mitsubishi Electric GT SoftGOT2000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GT SoftGOT2000 Vulnerabilities: Infinite Loop, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create a denial-of-service condition or enable arbitrary code execution.
The Top Security Priorities in 2023, According to Info-Tech Research Group (PR Newswire) Although ransomware campaigns declined quarter over quarter in 2022, primarily due to the collapse of more experienced cybercriminal groups, IT...
Security Priorities 2023 (Info-Tech) Each organization is different, so a generic list of security priorities will not be applicable to every organization. Use this report to help...
Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down? (The Hacker News) Stay ahead of the game with top-notch cybersecurity measures. The attacks may be becoming more severe, but so are our defenses.
Cyren Announces Global Reduction in Force; Liquidity Challenges (Cyren) Cyren (NASDAQ:CYRN), a provider of inbox security and threat detection solutions, today announced that, in response to current market conditions and associated challenges with raising additional capital, the Company approved a plan to reduce its workforce by approximately 121 employees, representing substantially all of the Company's workforce.
GIC-Backed Chainalysis Cuts Jobs in Latest Crypto Layoffs (Bloomberg) Layoffs affect less than 5% of the GIC-backed firm’s staff. Teams will be built out under refocused strategy: spokesperson.
TikTok’s Transparency Campaign Echoes Effort by Huawei to Ease Security Concerns (Wall Street Journal) The Chinese-owned app is opening testing centers and promising access to core technology, similar to largely unsuccessful tactics used by the telecom giant.
Earnings Tracker: Takeaways From Apple, Amazon and This Week's Other Results (Wall Street Journal) Apple and Amazon reported their latest quarterly results after the close on Thursday, as did Google parent company Alphabet. Shares of all three tech giants fell soon after. Read up on how they did: [Apple Sales Shrink as Covid Disruptions in China Slow Production](https://www.wsj.com
Twitter to end free access to its API in Elon Musk's latest monetization push (TechCrunch) Twitter will discontinue offering free access to the Twitter API starting February 9 and will launch a paid version.
Apple reports first quarter results (Apple Newsroom ) Apple today announced financial results for its fiscal 2023 first quarter ended December 31, 2022.
Alphabet Announces Fourth Quarter and Fiscal Year 2022 Results (Alphabet) Alphabet Inc. (NASDAQ: GOOG, GOOGL) today announced financial results for the quarter and fiscal year ended December 31, 2022.
Google suffered 'pullback' in ad spending over holidays, Alphabet stock falls after earnings (MarketWatch) Alphabet Inc.'s stock slipped nearly 5% in extended trading Thursday after the tech giant missed slightly on revenue and earnings in ho-hum quarterly results.
Alphabet Misses Q4 Earnings Estimates, YouTube Ad Revenue Drops by Nearly 8% (Variety) Alphabet, parent company of Google and YouTube, turned in fourth-quarter 2022 earnings that missed analyst estimates, as YouTube’s ad revenue again suffered a year-over-year decline. Overall,…
Amazon.com Announces Fourth Quarter Results (Business Wire) Amazon.com, Inc. (NASDAQ: AMZN) today announced financial results for its fourth quarter ended December 31, 2022. Fourth Quarter 2022 Net sales increa
Qualcomm revenue falls 12%, guidance implies more pain this quarter (CNBC) Qualcomm saw weakness in mobile handset performance, and the chipmaker sees a sharper revenue decline coming in the quarter ahead.
Sony Raises Outlook on Strong PlayStation 5 Momentum (Bloomberg) PlayStation 5 console sales hit 7.1 million in holiday quarter. Premium image sensors softened blow of weak smartphone demand.
Winners announced for the 2022 Infosec Excellence Client Award Program (Infosec) Ten clients were recognized in the 2022 Infosec Excellence Awards Program.
Lumen Reshaping Executive Leadership Team to Drive Simplification, Customer Obsession (PR Newswire) To serve customers better and best position the company for growth, Lumen Technologies (NYSE: LUMN) is making changes to its executive...
Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™ (Business Wire) Corvus Insurance, the leading provider of Smart Cyber Insurance® products powered by AI-driven risk data, announced today its all-in-one cyber underwr
Dashlane's Mobile Code Now Publicly Available (Dashlane Blog) The Dashlane Android and iOS application code is now publicly available under a Creative Commons Attribution-NonCommercial 4.0 license.
DoControl's SaaS Security Platform Is Now Available on the AWS Marketplace (PR Newswire) DoControl, the automated Software-as-a-Service (SaaS) security company, today announced general availability of its no-code SaaS security...
Netwrix 1Secure: New SaaS Auditing Solution Tailored for Managed Service Providers (MSPs) (Netwrix) Netwrix’s new product empowers MSPs to secure and support clients from a single console.
Silverfort launches free identity risk assessment | Silverfort News (Silverfort) Free identity risk assessment provides insight into the identity security gaps and compliance with cyber insurance policies.
Protect data in use with OCI Confidential Computing (Oracle) At Oracle, we’re constantly working to help our customers create a more robust security posture for their compute infrastructure.
Microsoft Word gets ChatGPT integration with new ‘Ghostwriter’ third-party add-in (GeekWire) A new Microsoft Word add-in queries OpenAI's ChatGPT natural language processing chatbot and puts responses directly into the document.
Whispers of A.I.’s Modular Future (The New Yorker) ChatGPT is in the spotlight, but it’s Whisper—OpenAI’s open-source speech-transcription program—that shows us where machine learning is going.
Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse (SecurityWeek) Since public key encryption is used to secure almost all data in transit, that data will eventually be accessible by anyone with a quantum computer.
How Japan Is Modernizing Its Cybersecurity Policy (Stimson Center) In its new National Security Strategy, Japan includes the development of a posture for information warfare and active cyber defense.
US Cyber Diplomat Calls for Bolstering American Advantage in Global Tech Policy (Nextgov.com) The head of the State Department’s Bureau of Cyberspace and Digital Policy said that a more prominent U.S. focus on tech policy necessitates greater international engagement.
Biden’s cyberspace ambassador wants less anti-China, anti-Russia talk on tech (The Washington Times) President Biden’s cyberspace ambassador is urging Americans to tone down the anti-China and anti-Russia tough talk on tech in hopes of establishing better relations with nations that have not yet picked a side.
A new bill would ban anyone under 16 from using social media (Washington Post) The movement to keep kids off social media altogether
The Push for New Healthcare Sector Cybersecurity Legislation (Bank Info Security) Virginia Democratic Sen. Mark Warner, who chairs the Senate Select Committee on Intelligence, says he hopes to gather support for new bipartisan legislation this
A Closeup Look At Texas Data Privacy Laws (Security Boulevard) Every state has its own parameters when it comes to data privacy, cybersecurity, and breach notification. But Texas? Yeah, don’t mess with it. (I know, I went there…) Understanding the laws that regulate student data privacy is an important part of managing data at your school district. That’s why we’re here to help you out. The post A Closeup Look At Texas Data Privacy Laws appeared first on ManagedMethods.
FBI Seeks Information on ION Hack That Disrupted Derivatives (Bloomberg) US agency joins UK regulators in reviewing the cyberattack. ION told clients it won’t be fully operational until Feb. 5.
Coinbase wins dismissal of lawsuit claiming it sold tokens illegally (Reuters) A U.S. judge on Wednesday dismissed a proposed class action lawsuit by Coinbase Global Inc customers who accused the cryptocurrency exchange of selling unregistered securities and failing to register as a broker-dealer.
Former Ubiquiti dev pleads guilty to trying to extort his employer (BleepingComputer) Nickolas Sharp, a former Ubiquiti employee who managed the networking device maker's cloud team, pled guilty today to stealing gigabytes worth of files from Ubiquiti's network and trying to extort his employer while posing as an anonymous hacker and a whistleblower.
Data Breach Class Claims Against LendingTree Sent to Arbitrator (Bloomberg Law) Allegations that LendingTree LLC negligently failed to protect users’ financial information in connection with a February 2022 data breach should be heard by an arbitrator, a federal magistrate judge said.
Hope College faces new lawsuit over data breach (FOX 17 West Michigan News (WXMI)) Another class-action lawsuit has been filed against Hope College over their response to a large data breach that was discovered in the fall.
WSJ News Exclusive | FBI to Search Mike Pence’s Home for Additional Classified Materials (Wall Street Journal) The Justice Department is in talks with former vice president’s legal team about scheduling search, say people familiar with the matter.
For a complete running list of events, please visit the Event Tracker.
Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Feb 6 - 10, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.
Women in CyberSecurity (WiCyS) State of Inclusion Assessment Measuring Inclusion Workshops (Virtual, Feb 7 - 9, 2023) Previous studies have shown that the representation of women in cybersecurity is not where it should be, but it is not as clear why this is the case, or how exactly we can improve matters. In collaboration with the DEI firm Aleria, we are launching a pioneering study to understand the real causes of disparities in the experiences of women in cybersecurity, and to help us understand how best to pinpoint and remove the barriers that keep women from being recruited, hired, retained and promoted at the same rate as men. Please join us in this exciting project to ensure that your voice is heard as we identify root causes and pinpoint initiatives to eliminate disparities and inequities.
Chicago Cybersecurity Conference (Chicago, and virtual, Illinois, USA, Feb 8, 2023) FutureCon Events brings high-level Cyber Security Training discovering cutting-edge security approaches, managing risk in the ever-changing threat of the cybersecurity workforce. Join us as we talk with a panel of C-level executives who have effectively mitigated the risk of Cyber Attacks. Educating C-suite executives and CISOs (chief information security officers) on the global cybercrime epidemic, and how to build Cyber Resilient organizations. Gain the latest knowledge you need to enable applications while keeping your computing environment secure from advanced Cyber Threats. Demo the newest technology, and interact with the world’s security leaders and gain other pressing topics of interest to the information security community. The FutureCon community will keep you updated on the future of the Cyberworld and allow you to interact with your peers and the world’s security leaders.
Spyware and the Press (New York, New York, USA, Feb 8, 2023) A discussion about the threat that malicious surveillance technology poses to press freedom around the world. Authoritarian and rights-abusing regimes are increasingly using malicious spyware to surveil and intimidate journalists, threatening press freedom around the world. Late last year, the Knight Institute filed a lawsuit on behalf of journalists and other members of El Faro—one of Central America’s leading independent news organizations. Over a 16-month period, El Faro’s employees were subjected to more than 200 attacks that relied on NSO Group’s Pegasus technology. Their iPhones were accessed remotely and surreptitiously, their communications and activities were monitored, and their personal data was accessed and stolen. What implications does the proliferation of spyware have for press freedom, democracy, and human rights? And what can be done to hold accountable the companies that sell this technology, and the governments (and others) who use it against journalists?
Tech Days (Barcleona (and virtual), Spain, Feb 13 - 15, 2023) The PKI and cryptography landscape is in a state of constant evolution. Emergence of post-quantum cryptography, new PKI and IoT use cases, and rapid growth of machine identities are all serious challenges. At Tech Days 2023, we say “Game On.”
