Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+649: Managing mobilization. (CyberWire) A Russian privacy law seems to have as its principal purpose controlling anything that might resemble independent journalism in advance of the upcoming presidential election theater.
Overview of the Cyberwarfare used in Israel – Hamas War (Trustwave) On October 7, 2023, Hamas launched the biggest attack on Israel. The conflict escalated into cyber space, involving many different hacker groups.
Gaza and the Future of Information Warfare (Foreign Affairs) The digital front of the Israel-Hamas conflict is a preview of fights to come.
Israel orders evacuations as it widens offensive, but Palestinians are running out of places to go (AP News) Israeli warplanes heavily bombarded an area around Khan Younis in southern Gaza on Friday as the military ordered mass evacuations from the town.
Israel steps up Gaza attack in north and south as rise in civilian deaths reported (the Guardian) Israel says it has raided Hamas military HQ, as UN humanitarian chief says ‘an even more hellish scenario is about to unfold’
Why Gaza’s refugee camps are so vulnerable (The Economist) More than two thirds of the enclave’s population are registered refugees
Iran-linked hackers claim to leak troves of documents from Israeli hospital (Record) A hacker group allegedly linked to Iran claimed to have leaked thousands of medical records from an Israeli hospital, including those of Israeli soldiers.
Iran terrorist crew broke into 'multiple' US water systems (Register) There's a war on and critical infrastructure operators are still using default passwords
Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks (Record) The St. Johns River Water Management District, which oversees water quality and supply issues, confirmed it had responded to an incident after a ransomware gang claimed an attack. The report comes as the U.S. government is telling utilities to be on guard for attempts to disrupt specific hardware.
Feds: Iran-linked hacking campaign a 'clarion call' for digital defenses (CyberScoop) A campaign targeting an Israeli device manufacturer highlights lax cyber protections in the water sector, top cybersecurity officials say.
CISA’s response to Iran hacking control systems in US critical infrastructures is inadequate (Control Global) The U.S. is in an undeclared cyber war with Iran, including Iran cyberattacking U.S. control systems and IT networks
Traders with prior knowledge of Hamas attacks made millions shorting Israel, claims report (The Telegraph) Suspicious stock market activity suggests more than $100m made betting against Tel Aviv shares prior to Oct 7 massacre
Putin to discuss Israel-Hamas war during a 1-day trip to Saudi Arabia and UAE (AP News) The Kremlin says that Russian President Vladimir Putin will make a one-day trip to the United Arab Emirates and Saudi Arabia focused on the Israeli-Hamas war and also host the Iranian president in Moscow this week.
Russian Parliament To Declare Sea Of Azov As Internal Waters (RadioFreeEurope/RadioLiberty) Russian lawmaker Mikhail Sheremet told the RIA Novosti news agency on December 5 that the parliament's lower chamber, the State Duma, was set to approve a bill on the recognition of the Sea of Azov as an internal Russian body of water by the end of 2023.
Putin’s Weak Link to Crimea (Foreign Affairs) Kyiv should target the Kerch Bridge—but needs missiles to take it out.
Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Insikt Group® tracks ongoing malign influence activity by Russia-linked Doppelgänger network, targeting Ukrainian, US, and German audiences via fake news sites and social media.
Russia-linked ‘Doppelgänger’ social media operation rolls on, report says (Record) Researchers from Insikt Group are currently tracking over 2,000 inauthentic accounts associated with Dopplegänger, but say the actual number could be even higher.
Russian AI-generated propaganda struggles to find an audience (CyberScoop) A long-running Kremlin propaganda campaign is experimenting with AI to create phony news sites but isn’t reaching a significant audience.
Russia's AI-Powered Disinformation Operation Targeting Ukraine, U.S., and Germany (The Hacker News) Russian-linked Doppelganger influence operation exposed targeting Ukraine, U.S., and Germany with fake news and social media.
A Prison at War: The Convicts Sustaining Putin’s Invasion (New York Times) Nearly 200 inmates left a high-security Russian prison to join the war in Ukraine, seeking redemption, money or freedom. Many were killed or wounded.
In Russia, some women demand return of their men from Ukraine front (Reuters) Maria Andreeva, whose husband has been fighting in Ukraine for more than a year, is also waging a battle in Moscow: to get him home. She is not alone.
Why Russia now has to use its A-50U closer to the fight in Ukraine (Breaking Defense) "They will have to decide what costs them more: to lose one or more of these A-50s or to continue to see their combat aircraft and S-400 units progressively degraded," a Ukrainian expert told Breaking Defense.
Zelenskiy to appeal to US senators for more aid to help Ukraine fight Russia (the Guardian) White House says Kyiv’s efforts may grind to a halt without further military and economic assistance
Ukrainian defense officials, EU diplomats discuss package of security guarantees for Ukraine. (UAZMI) Representatives of the Ukrainian Defense Ministry and the European Union have discussed long-term security guarantees for Ukraine.
Package of EU security guarantees for Ukraine includes 9 priorities (Ukrainian News) The package of security guarantees of the European Union for Ukraine includes nine priorities, including assistance with military equipment and equipment, training of the Ukrainian military and cooperation with the Ukrainian defense industry.
Deadly but tricky to fly, suicide drones have Ukraine putting thousands of soldiers through pilot training (Defense One) Private schools are churning out troops who can use hobbyist racing quadcopters as deadly loitering munitions.
Moscow jails activist for 25 years for opposing Ukraine war (the Guardian) Vladimir Kara-Murza had been charged with high treason and spreading false information to discredit Russian army
Attacks, Threats, and Vulnerabilities
VulnDB Uncovers 100,000+ Hidden Vulnerabilities Beyond CVE (Flashpoint) Veteran Expert Brian Martin Illuminates the Scope of 100,000+ Hidden Vulnerabilities Identified by Flashpoint’s VulnDB.
TA422’s Dedicated Exploitation Loop—the Same Week After Week (Proofpoint) Key takeaways Since March 2023, Proofpoint researchers have observed regular TA422 (APT28) phishing activity, in which the threat actor leveraged patched vulnerabilities to send, at times, high-vo...
Response to a news report on cyber security at Sellafield (GOV.UK) The Guardian has today published a series of claims about cyber security at Sellafield.
Britain says no evidence of Sellafield nuclear site hacking (Reuters) Britain has no records or evidence to suggest that networks at the Sellafield nuclear site were the victim of a successful cyber attack by state actors, the government said on Monday following a report by the Guardian newspaper.
UK government denies China/Russia nuke plant hack claim (Register) Report suggests Sellafield compromised since 2015, response seems worryingly ignorant of Stuxnet
Ministers pressed by Labour over cyber-attack at Sellafield by foreign groups (the Guardian) Ed Miliband asks for urgent assurances about government and regulators’ actions after vulnerabilities at nuclear site are revealed
Sellafield Accused of Covering Up Major Cyber Breaches (Infosecurity Magazine) Europe’s largest nuclear site, Sellafield, is accused of consistent security failings
Russian Group Targeting Exchange Flaw (Decipher) Fancy Bear, also known as APT28 and Forest Blizzard, has been targeting a Microsoft Exchange flaw (CVE-2023-23397) against targets in Poland.
CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion (Cybersecurity and Infrastructure Security Agency | CISA) Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution.
AeroBlade on the Hunt Targeting the U.S. Aerospace Industry (BlackBerry) A new threat actor BlackBerry is tracking as AeroBlade has been targeting an aerospace organization in the United States, with the goal of conducting commercial cyber espionage.
'AeroBlade' Group Hacks US Aerospace Company (Dark Reading) Aeroblade flew under the radar, slicing through detection checks on a quest to steal sensitive commercial data.
New AeroBlade hackers target aerospace sector in the U.S. (BleepingComputer) A previously unknown cyber espionage hacking group named 'AeroBlade' was discovered targeting organizations in the United States aerospace sector.
New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace (The Hacker News) Aerospace organization in the U.S. targeted in suspected cyber espionage mission.
Disney+ Impersonated in Personalized Multi-Stage Email Attack (Abnormal) This Disney+ scam email uses brand impersonation and personalization to send a convincing fake subscription charge notice.
End-of-Life Microsoft Exchange Servers Pose Significant Cybersecurity Threat (WinBuzzer) 20,000 Microsoft Exchange servers are vulnerable to cyberattacks due to outdated software. Experts recommend upgrading to supported versions
New Relic Says Hackers Accessed Internal Environment Using Stolen Credentials (SecurityWeek) New Relic said hackers gained access to an environment using social engineering and stolen credentials for an employee account.
How to Attack and Protect WebLogic Server (Pentera) WebLogic is a popular enterprise middleware tool that orchestrates the interaction between backend systems and frontend clients. This makes it a valuable tool for attackers, who can exploit it to access and influence a wide range of organizational applications. In this blog post, we explore how to install a persistent backdoor on WebLogic Server. We...
Using AI to Automatically Jailbreak GPT-4 and Other LLMs in Under a Minute (Robust Intelligence) It’s been one year since the launch of ChatGPT, and since that time, the market has seen astonishing advancement of large language models (LLMs). Despite the pace of development continuing to outpace model security, enterprises are beginning to deploy LLM-powered applications.
Mirai Botnet Exploits Zero-Day Bugs For DDoS Attacks (TuxCare) Learn about the latest Mirai botnet and how it functions. Stay informed and safeguard your devices today!
Accounting software provider Tipalti investigating alleged ransomware attack (Record) California-based Tipalti released a statement saying that it was responding to an alleged ransomware attack. The Black Cat/AlphV cybercrime gang claimed an intrusion on the company.
National Tax Security Awareness Week, Day 5: As tax season approaches, IRS, Security Summit partners warn taxpayers, tax professionals to watch out for emerging scams by email, text, phone (Internal Revenue Service) To wrap up National Tax Security Awareness Week, the Internal Revenue Service and the Security Summit partners today reminded taxpayers and tax professionals to stay alert against emerging scams during the upcoming filing season and throughout the year.
60 credit unions facing outages due to ransomware attack on popular tech provider (Record) The ransomware attack targeted the cloud services provider Ongoing Operations, a company owned by credit union technology firm Trellance.
23andMe: Data Breach Was a Credential-Stuffing Attack (Dark Reading) The DNA testing company believes that the attack has now been contained and is notifying impacted individuals.
Hershey phishes! Crooks snarf chocolate lovers' creds (Register) Stealing Kit Kat maker's data?! Give me a break
Booking.com users angry at firm's response to hacks (BBC) Customers say they have been failed and feel let down after losing hundreds of pounds to fraudsters.
Crude Anglo American email highlights cyber-hack threat (The Northern Miner) Subscribers to global miner Anglo American’s (LSE: AAL) email newsletter service might have received an eyebrow-raising message from the company on Monday telling them to “GO F**K YOURSELF.”
CISA Adds Two Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency | CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-42917 Apple Multiple Products WebKit Memory Corruption Vulnerability
CVE-2023-42916 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
Vulnerability Summary for the Week of November 27, 2023 (Cybersecurity and Infrastructure Security Agency | CISA) High Vulnerabilities Primary Vendor -- Product Description Published
Trends
Cybersecurity Futures 2030: New Foundations (World Economic Forum) A New Report Aims to Help Decision-Makers Navigate a World in Flux
The Cyberthreat Report: November 2023 (Trellix) Trellix's report distills cybersecurity insights from diverse data sources, offering expert interpretations for informed cyber defense practices. Covers April 1 - September 30, 2023.
The state of hybrid Active Directory cyber resilience (Quest) A report based on a recent survey of 430 Quest customers and Active Directory (AD) users to discover where organizations struggle with AD security today
Organizations Lack Resources to Address Active Directory (AD) Security Concerns, New Quest Software Research Shows (Quest) Quest announces Security Guardian solution to reduce attack surface by preventing critical asset vulnerabilities, protecting AD configurations
Pluralsight’s AI Skills Report finds 90% of executives don’t completely understand their teams’ AI skills and proficiencies (Pluralsight) Pluralsight, the technology workforce development company, today released new research titled Pluralsight AI skills report: The gap between AI investments and worker readiness. The research is based on a survey of 1,200 decision-makers and practitioners working in technology, IT, cloud, cybersecurity and related fields.
IT Survey Finds Enterprises Identify Automation and Generative AI as Top Business Priorities (Business Wire) Digitate report studies IT leaders' automation goals and roadmaps, with 26% of companies planning a shift toward more autonomous operations in the next 5 years
Keeper Security Survey Finds 82% of IT Leaders Want To Move Their On-Premises Privileged Access Management (PAM) Solution to the Cloud (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged...
Predicting the biggest cybersecurity risks of 2024 (NordVPN) What are hackers planning for 2024? Researchers tracked discussions on a major dark web hacker forum to help predict 2024's biggest cybersecurity threats.
What’s in Store for 2024: Predictions About Zero Trust, AI, and Beyond (Netskope) With 2024 on the horizon, we have once again reached out to our deep bench of experts here at Netskope to ask them to do their best crystal ball gazing
Five Threats Predictions To Note For 2024 (Netskope) As a continuation of our ongoing series collecting predictions from our many subject-matter experts here at Netskope, we headed down the (metaphorical)
Marketplace
ArmorCode raises $40M to consolidate security data in one place (TechCrunch) ArmorCode, a startup developing a platform to consolidate security data from various apps and services in one place, has raised $40 million in funding.
Klarytee secures £700k Pre-Seed investment backed by Concept Ventures (UK Tech News) High-profile angel investors back startup that encrypts fragments of data at source to provide protection against leaks for sectors that handle sensitive material London, 5th December: Klarytee, a software platform that builds security into the data itself for large organisations to handle sensitive information, has closed a £700,000 pre-Seed funding round backed by early-stage VC fund […]
Mine Secures $30 Million in Series B Funding to Transform the Landscape of Data Privacy Governance for the Enterprise (PR Newswire) Mine, a pioneering company disrupting the data privacy market, announced today that it has raised $30 million in Series B funding, co-led by...
Is There Really a Shortage of Information Security Workers? (Slashdot) What's behind a supposed shortage of cybersecurity workers? Last month cybersecurity professional Ben Rothke questioned whether a "shortage" even existed. Instead Rothke argued that human resources "needs to understand how to effectively hire information security professionals. Expecting an HR gene...
Return To Office Survey Insights 2023: What To Consider When Planning To Bring Your Team Back To Work (eLearning Industry) We surveyed 1,200 U.S. workers to see how they truly feel about the return to office and how these mandates will affect their everyday lives.
Meta and IBM Launch AI Alliance (Wall Street Journal) Meta Platforms and IBM launched a coalition of more than 50 AI companies and research institutions that are pushing a so-called open model of AI, hoping to gain traction in a fast-growing market.
Make no mistake—AI is owned by Big Tech (MIT Technology Review) If we’re not careful, Microsoft, Amazon, and other large companies will leverage their position to set the policy agenda for AI, as they have in many other sectors.
Google Opens Third Cybersecurity Hub in Europe (MSSP Alert) Google has opened a new cybersecurity hub on the Spanish coast, promising to help build a better, safer internet.
SolarWinds India Appoints Abhijit Banerjee as New Managing Director (CRN - India) SolarWinds, a leading provider of simple, powerful, and secure IT management software, announced the recent appointment of Abhijit Banerjee as the new managing director of its India operations, including the region of South Asian Association for Regional Cooperation (SAARC) which is comprised of countries such as Bangladesh, Bhutan, Maldives, Nepal, and Sri Lanka.
Military cyber advocacy group taps first president to harness growing ‘hive mind’ (Record) A nonprofit made up of thousands of former and current military cyber professionals has named its first president, as the group looks to tap the country’s growing reservoir of digital security leaders and to weigh in more frequently on pressing cyber issues.
Supply Wisdom Fortifies Leadership to Accelerate Innovation and Growth (Business Wire) Seasoned Enterprise Software Leader Tom Thimot Appointed as CEO
Traceable AI Enters New Phase of Hypergrowth, Names Brian McDonough as Chief Revenue Officer (Business Wire) API Security Leader, Traceable, Bolsters Executive Team with New Revenue Leader
Products, Services, and Solutions
Stamus Networks Releases Updated “Security Analyst’s Guide to Suricata” (Stamus) Stamus Networks publishes updated version of “The Security Analyst’s Guide to Suricata,” a practical guide to threat hunting and detection using Suricata.
Kudelski Security Expands Next-Generation Managed Detection & Response (MDR) Service, MDR ONE Resolute (Kudelski Security) The cutting-edge turnkey solution delivers risk-based detection and response capabilities augmented by AI and paves the way for proactive security...
Resecurity Partners with ICS Technologies to Strengthen Cybersecurity in Iraq (InvestorsObserver) Resecurity Partners with ICS Technologies to Strengthen Cybersecurity in Iraq
Denver Broncos Partner with Check Point Software Technologies to Protect Broncos Country (GlobeNewswire News Room) Check Point’s AI-powered cloud, network and endpoint solutions provide the Denver Broncos with consolidated prevention, threat management and visibility...
VISO TRUST Integrates 2024 Shared Assessments (SIG) Questionnaire into AI-Powered TPRM Cyber Risk Management Platform, Continuing Its Commitment to Innovation (Business Wire) De Facto Standard TPRM SIG Extends the Power of VISO TRUST’s Transformative AI-Driven Platform, Enabling Rapid Risk Assessments to Identify High-Risk Vendors with Up to 500% Greater Accuracy.
Cybercrime victims lose an estimated $318 billion annually (Comparitech) When it comes to cybercrime costs, astronomical figures are often involved. So, you’d be forgiven for thinking each country has in-depth reports on the subject and knows the cost of these crimes within their country. However, as our report demonstrates, cybercrime is still severely underreported by police and government entities and the true monetary value remains […]
Veeam Expands Cyber Protection Capabilities and Adds AI Assistance with New Veeam Data Platform 23H2 Update Available Now (Business Wire) Updated and extended cyber protection capabilities, including new Threat Center, backup of object storage and AI assistance in Veeam Backup & Replication v12.1, will keep businesses running as ransomware and cyberattacks continue
Searchlight Cyber Bolsters DarkIQ Dark Web Monitoring Tool With More Than 450 Billion Additional Exposure Data Points (Business Wire) New indexed, searchable, and actionable Exposure Data helps investigators identify and stop threats earlier
Next DLP Transforms Insider Threat Detection with New Reveal Platform Capability (PR Newswire) Next DLP ("Next"), a leader in insider risk and data protection, today announced the launch of Activity Feed to its industry-leading...
Chubb and NetSPI Launch Cyber Protection Partnership (PR Newswire) Chubb, the world's largest publicly traded property & casualty insurance company, has announced an innovative collaboration with NetSPI, a...
Varonis Expands DSPM Capabilities With Deeper Azure and AWS Support (Varonis) Industry-leading platform delivers automated security for structured and unstructured data in multi-cloud environments
Nexusflow Unveils Open-source Generative AI That Empowers Copilots to Use Tools and Outperforms GPT-4 (Business Wire) NexusRaven-V2 is the latest LLM released by Nexusflow that surpasses GPT-4 in enabling copilots and agents to use software tools
Nexusflow.ai | Blog :: NexusRaven-V2: Surpassing GPT-4 for Zero-shot Function Calling (Nexusflow) NexusRaven-V2: Surpassing GPT-4 for Zero-shot Function Calling
DeNexus Expands Access to its AI-Powered Cyber Risk Assessment Platform for Physical Critical Infrastructure and Industrial Enterprises (PR Newswire) DeNexus, a leader in cyber risk quantification and management for operational technology (OT) and industrial control systems (ICS), today...
Security Journey Launches Enterprise-Grade Security and Accessibility Features for World-Class Secure Coding Training Platform (GlobeNewswire News Room) Key product milestones are an industry first, marking a new maturity level in the AppSec education market...
Fortra Launches Cloud Email Protection to Combat the Rise of Advanced Threats (PR Newswire) Global cybersecurity software and services provider Fortra‥today introduced a transformative advancement in email security with the...
Vanta Unveils New Products to Secure and Accelerate an AI-Powered Future (Business Wire) Vanta to debut AI-powered innovations to automate managing and proving trust at VantaCon: The Future of Trust in an AI World
Stytch Unveils the Most Complete Developer Toolkit for Passkeys (Business Wire) Developers Can Quickly and Easily Accelerate the Migration to Passwordless with Passkeys – Ensuring the Highest Levels of User and Application Security
Vade Announces Integration Capabilities with ConnectWise and Autotask through New Partnership with ApplicationLink (PR Newswire) Vade, global leader in email security with more than 1.4 billion mailboxes protected, today announces a new partnership with Dutch company...
KPMG in India and Lineaje form an alliance to manage Software Supply Chain security risk (KPMG) To Help Organisations Safeguard Against Software Supply Chain Attacks with Advanced Third-Party Risk Management Offerings
'This is the official launch of our first truly global partner programme' - Barracuda's Jason Beal (CRN) The partner boss talks evolving partner models, the rise of marketplaces, and how the vendor continues to invest in the channel
Technologies, Techniques, and Standards
NCCoE 5G Cybersecurity: Connecting the Dots Between IT and Teleco Cybersecurity Capabilities in 5G Systems (NIST) 5G will eventually impact every single industry—from healthcare to financial to even agriculture and transportation...and its impact
Cybersecurity and Privacy Reference Tool | CSRC (NIST) Want to build your own cybersecurity guidance? This tool provides a simple way to access reference data from various NIST cybersecurity and privacy standards, guidelines, and Frameworks– downloadable in common formats (XSLS and JSON)....
Navigating the Path to Ethical Hacking: A Roadmap for Cybersecurity Learning in 2024 (Medium) Roadmap for Cybersecurity Learning in 2024
Advanced ransomware campaigns expose need for AI-powered cyber defense (Help Net Security) By employing AI and deep learning, organizations can prevent ransomware and other attacks instead of merely detecting and responding to them.
Design and Innovation
The Right Stuff for AI: Hard-won safety lessons from the world of flight testing (Breaking Defense) Amidst rising concerns about unreliable AI — from hallucinations and disinformation to “killer robots” going rogue — how do you safety-test an algorithm? Space Force Maj. Michael O’Connor has some ideas.
Asking ChatGPT to Repeat Words ‘Forever’ Is Now a Terms of Service Violation (404 Media) A technique used by Google researchers to reveal ChatGPT training data is now banned by OpenAI.
Research and Development
RTX Business Secures DARPA Contract to Develop Supply Chain Risk Management Tool; John Santini Quoted (Executive Gov) Looking for the latest Government Contracting News? Read about RTX Business Secures DARPA Contract to Develop Supply Chain Risk Management Tool; John Santini
Academia
UK schoolgirls secure victory as champions of NCSC cyber skills contest (NCSC) Teams of schoolgirls from across the UK have been crowned cyber security champions.
Legislation, Policy, and Regulation
ITI Underscores Need for Risk-Based Approach in EU AI Act Ahead of Trilogues (Information Technology Industry Council) Today, global tech trade association ITI released the following statement from its Director General for Europe Guido Lobrano in reaction to the European Parliament Plenary vote on the EU AI Ac...
Deputy Prime Minister annual Resilience Statement (GOV.UK) Annual Resilience Statement delivered by the Deputy Prime Minister to the House of Commons.
Stock up on candles and digital radios in case of digital meltdown, Brits warned (MSN) Brits should stock up on candles and battery-powered radios in case war, disaster or another pandemic destroys our gadgets, the deputy prime minister.
Cyber attack will leave you needing these ‘analogue’ items, says Oliver Dowden (The Telegraph) Deputy Prime Minister says UK should prepare for digital attack and keep ‘resilient’ products like a battery-powered radio and torch to hand
Ofcom publishes UK age verification proposals (Register) Won't somebody think of the children?
The case for a Cyber Force (Australian Defence Magazine) Major General Murray Thompson, head of Defence Information Communications Technology Operations, wonders if it’s not time for a review to create a new force to operate in the cyber domain | Max Blenki...
Clandestine online operations now require sign-off by senior officials (Washington Post) Following a controversy over the Pentagon’s use of clandestine information operations, the U.S. military has eliminated dozens of false online personas it created in recent years and has curtailed the use of such operations overseas, according to senior defense officials.
House bill looks to shore up federal cyber workforce (Nextgov.com) The bill, a companion to a Senate bill introduced in July, looks to fortify the U.S.’s domestic cybersecurity workforce and training programs.
OPM launches cyber rotational program for feds (Nextgov.com) The new rotational program is an outgrowth of 2022 legislation backed by Sen. Gary Peters, D-Mich., who chairs the Homeland Security and Governmental Affairs Committee.
FBI chief to urge Senate panel to renew US global surveillance power (Reuters) FBI Director Christopher Wray will press a Senate committee on Tuesday to renew the authority of the U.S. government to conduct warrantless surveillance outside the United States, arguing that failing to do so would be “a form of unilateral disarmament.”
Human operators must be held accountable for AI’s use in conflicts, Air Force secretary says (Nextgov.com) The Pentagon needs “to find a way to hold people accountable” for what artificial intelligence technologies do in future conflicts, according to Air Force Secretary Frank Kendall.
Nondisclosure Agreements Get Trickier Under New SEC Scrutiny (Wall Street Journal) The SEC is trying to ensure nondisclosure language isn’t used to deter whistleblowers. Prodded by some stiff fines, companies are reviewing their confidentiality agreements.
Litigation, Investigation, and Law Enforcement
Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (Government Accountability Office) Federal agencies have made progress in preparing for and responding to cyber threats. For instance, agencies have improved their ability to detect...
Facebook owner Meta faces $600 mln lawsuit from Spanish media (Reuters) A group representing 83 Spanish media outlets has filed a 550 million euro ($600 million) lawsuit against Facebook owner Meta Platforms, citing unfair competition in the advertising market in a case that could be replicated across the European Union.
Ousted propaganda scholar Joan Donovan accuses Harvard of bowing to Meta (Washington Post) In a whistleblower complaint, she breaks her silence over events that unsettled other misinformation researchers
Former career US diplomat charged with secretly spying for Cuban intelligence for decades (AP News) Manuel Rocha, a former career American diplomat, was charged Monday with serving as a secret agent for communist Cuba going back decades.
Former US ambassador to Bolivia charged with being a covert agent of Cuba’s government (CNN Politics) The former US ambassador to Bolivia has been charged with acting as a secret foreign agent of Cuba, according to court documents unsealed Monday.