Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+657: Complementary strikes against infrastructure. (CyberWire) Russia continues to accept high casualties as hopes in Moscow grow that Western support for Ukraine will fade.
UN General Assembly votes overwhelmingly to demand a humanitarian cease-fire in Gaza (AP News) The U.N. General Assembly has voted overwhelmingly to demand a humanitarian cease-fire in Gaza in a strong demonstration of global support for ending the Israel-Hamas war.
Ambush kills 9 Israeli soldiers in Gaza City, where battles rage weeks into devastating offensive (AP News) Israeli forces continue to meet heavy resistance in an offensive against Hamas that has drawn international outrage and rare U.S. criticism over the killing of civilians.
Israel’s Netanyahu Rejects U.S. Plan for Postwar Gaza (Wall Street Journal) The prime minister said he won’t allow the Palestinian Authority to take over Gaza, his sharpest comments yet against the White House plan for after the war.
Biden takes a tougher stance on Israel's 'indiscriminate bombing' of Gaza (AP News) Biden spoke out in unusually strong language as the United Nations neared a vote on demanding a cease-fire in the Israel-Hamas war.
Terrifying hacks on critical infrastructure have arrived. America isn’t ready. (The Hill) Critical infrastructure in the U.S. contains industrial control systems that are known to be easy targets for cyber attackers.
Biden Rallies for Ukraine, and Delivers a Warning to Israel (TIME) The two moments highlighted the balancing act for Biden, as opposition to Israel's bombing of Gaza grows.
Gaza and Ukraine show that war hasn’t become futuristic — it’s still hell (The Hill) Ground wars still require of their participants a type of communion with violence that may seem antiquated in the 21st century.
Russia-Ukraine war: List of key events, day 658 (Al Jazeera) As the war enters its 658th day, these are the main developments.
A Russian missile attack on Kyiv injures more than 50 people as Ukraine pleads for more Western help (AP News) A barrage of Russian missile has targeted Kyiv and wounded at least 53 people as the Ukrainian president sought more military support in Europe after a trip to Washington secured no new pledges.
ISW: Russia makes marginal gains along two axes (Euromaidan Press) Russians expand control towards Kupiansk in the north as well as near Avdiivka near Donetsk. Ukraine continues offensives in Kherson Oblast
Life in Russian-controlled areas of Ukraine is grim. People are fleeing through a dangerous corridor (AP News) Since Russia invaded Ukraine, thousands of people have fled occupied regions of the country over myriad routes.
New Polish PM Donald Tusk vows “full mobilization” of West to help Ukraine (Atlantic Council) Poland’s newly appointed Prime Minister Donald Tusk has vowed to rally Western support for Ukraine as it continues to defend itself against Russia’s ongoing invasion, writes Peter Dickinson.
Russia has suffered dramatic casualties in Ukraine, U.S. intelligence says (NBC News) Russia had 360,000 ground troops before the war and has suffered 315,000 killed and wounded since February 2022, according to newly declassified intel shared with Congress.
Russia-Ukraine war live: Zelenskiy tells US senators that Ukraine can win war with American help before he meets Biden (the Guardian) Ukraine president tells senators that, if Putin wins, it will be very dangerous for the United States
Zelenskyy asks Congress for more air defenses as Ukraine aid dwindles (Military Times) Zelenskyy faces an uphill battle on Capitol Hill as he asks for more Ukraine aid to unlock air defenses he says are crucial for victory over Russia.
Ukraine faces heavy attack from air and cyberspace while Zelenskyy in US presses for more funding (Washington Post) Ukraine came under heavy attack from the air and from cyberspace Tuesday, local officials said, as nearly 600 Russian shells, rockets and other projectiles rained down on a southern region and unidentified hackers knocked out phone and internet services of the country’s biggest telecom provider.
As Russia Gains Confidence, a New Urgency Grips Ukraine (New York Times) With Western support for Kyiv softening and Congress holding up urgently needed aid, Vladimir Putin’s bet on outlasting Ukraine and its allies is looking stronger.
Biden announces $200M in additional military aid to Ukraine during Zelenskyy visit to White House (Fox News) President Biden announced an additional $200 million in military aid to Ukraine during a meeting with President Volodymyr Zelenskyy.
US credibility is on the line in Ukraine funding debate (AP News) President Joe Biden's pledge to restore American credibility around the globe is at risk during the congressional debate over support for Ukraine.
Republicans helping Russia by denying Ukraine aid, Biden says (the Guardian) US president announces emergency $200m in aid after Congress continues to deny Volodymyr Zelenskiy
Biden Says Russia Is Celebrating U.S. Divisions Over Providing Aid to Ukraine (New York Times) President Volodymyr Zelensky of Ukraine traveled to Washington to make a last-ditch appeal for more help to fight Russia. But Republicans said they wouldn’t act without a border deal.
Zelensky Begins Aid Push in Washington, Casting Inaction as Win for Putin (New York Times) The Ukrainian president plans to meet with President Biden and lawmakers on Tuesday as chances of an aid deal in Congress have become increasingly bleak.
Zelenskyy in Lilliput: Someone Shrunk Ukraine’s War Coalition (POLITICO) Biden, the Republicans and Europe suddenly look small, while Putin and Xi stand tall.
Kyivstar Provides Update on Cyber-Attack Recovery; Reports Partial Restoration of Connectivity on its Fixed Network (GlobeNewswire News Room) Amsterdam, 12 December 2023 – VEON Ltd. (NASDAQ: VEON, Euronext Amsterdam: VEON), a global digital operator that provides converged connectivity and online...
Ukraine's top mobile operator hit by biggest cyber attack of war so far (Reuters) Ukraine's biggest mobile network operator, Kyivstar, was hit on Tuesday by what appeared to be the biggest cyber attack of the war with Russia so far, knocking out mobile and internet services for millions.
Ukraine mobile network Kyivstar hit by 'cyber-attack' (BBC) Customers are left without phone and internet access, while one city's air raid sirens stop working.
Ukraine’s Biggest Wireless Service Knocked Offline in Attack (Wall Street Journal) The incident is among the most disruptive cyberattacks to succeed against the country’s civilian infrastructure since Russia’s invasion last year.
Major cyberattack on Ukrainian mobile operator disrupts banking services and air raid sirens (CNN) A major cyberattack on Ukraine’s largest mobile operator on Tuesday disrupted a regional air raid warning service and some banking services for Ukrainians, according to the operator and local authorities.
Ukraine's largest mobile operator Kyivstar downed by 'powerful' cyberattack (TechCrunch) Ukraine’s largest telecoms operator Kyivstar has been hit by a “powerful" cyberattack, disrupting phone and internet services for millions.
Ukraine's largest mobile communications provider down after apparent cyber attack (CyberScoop) Millions of customers lose mobile pohe and home internet service as a result of what the company said was a cyber attack.
Russian special services may be behind attack on Kyivstar - SSU (Ukraine News) Russian special services may be behind the hacker attack on Kyivstar mobile operator. Ukrainian News Agency was told about this by the Security Service of Ukraine (SSU).
Huge Cyberattack Knocks Ukraine’s Largest Mobile Operator Offline (New York Times) The interruption could pose real danger in a country where many rely on phone alerts to warn them of impending Russian bombardments.
Cyberattack cuts many internet connections in Ukraine (POLITICO) The attack comes as experts are warning that Russia is likely to intensify its cyberattacks on Ukraine in the winter months.
Ukraine's largest telecom operator shut down after cyberattack (Record) Kyivstar said it was hit by a "powerful" cyberattack that led to a "large-scale technical failure."
Hacking of Federal Tax Service of the russian federation ― Details of Another Cyber Operation of the Defence Intelligence of Ukraine (Defence Intelligence of the Ministry of Defence of Ukraine) Cyber units of the Defence Intelligence of Ukraine conducted another successful special operation in russia – this time they attacked the tax system of the aggressor state.
Ukraine’s intelligence claims cyberattack on Russia’s state tax service (Record) Ukraine's defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups.
Iranian Parliament Approves Information Security Deal With Russia (Iran International) Iran's parliament has given its approval for a bill aimed at fostering cooperation with Russia in the realm of information security, as both countries are accused of extensive cyber attacks.
E.U. Moves to Tap Frozen Russian Assets to Help Ukraine (New York Times) A plan to use interest earned on frozen Russian central bank assets could provide up to 15 billion euros for Ukraine, but faces hurdles before final approval.
Drones, jammers in Ukraine signal new era of warfare, Del Toro says (C4ISRNet) The U.S. Department of Defense is pouring billions of dollars into the development of drones, electronic warfare and a mix of the two.
Attacks, Threats, and Vulnerabilities
Agitate the Debate (Graphika) Inauthentic Accounts Pose as Taiwanese Users to Spread Political Memes and Videos Ahead of 2024 Election
Researchers identify campaign to manipulate online conversations about Taiwan elections (Washington Post) Swapped smiles and egg shortages: Researchers identify campaign to manipulate online conversations about Taiwan elections
Deepfakes for $24 a month — how AI is disrupting Bangladesh’s election (Financial Times) Ahead of South Asian nation going to the polls in January, AI-generated disinformation has become a growing problem
Think tank report labels NSO, Lazarus, 'cyber mercenaries' (Register) Sure, they do crimes. But the plausible deniability governments adore means they deserve a different label
UK at high risk of ‘catastrophic ransomware attack’, report says (the Guardian) Parliamentary committee says Britain is vulnerable because of poor planning and lack of investment
UK faces high risk of "catastrophic" ransomware attack (Computing) The Joint Committee on National Security Strategy (JCNSS) publishes report on the UKs readiness for a cyber-attack on critical national infrastructure. Spoiler alert - it's not great.
UK government risking ‘catastrophic ransomware attack at any moment,’ parliamentary report warns (Record) An unprecedentedly critical parliamentary report calls for the Home Office to be stripped of its responsibility for countering ransomware.
How Does Access Impact Risk? (Institute for Security and Technology) Assessing AI Foundation Model Risk Along a Gradient of Access
BazarCall Attack: Using Google Forms With Call-Back Phishing (Abnormal) Explore the intricacies of this BazarCall phishing attack that uses a Google Form for heightened authenticity.
State of SMS Pumping Fraud (Twilio) SMS pumping fraud is a growing and expensive problem for businesses who have yet to take preventative measures.
API and App Security: Q3 2023 (ThreatX) We recently analyzed data collected on the ThreatX API and Application Protection platform from August through October 2023.
API and App Security: Q3 2023 Snapshot (ThreatX) We recently analyzed data collected on the ThreatX API and Application Protection platform from August through October 2023. Two stand-out trends we see across industries are 1) the prevalence of bot attacks, which are rampant across companies of every size and in every industry, and 2) the popularity of credential stuffing attacks. We also found […]
New Underground Market Comes Online Just inTime for the Holidays (ZeroFox) Threat actors have opened a new underground market known as OLVX Marketplace (olvxcc) that is gaining notoriety just in time for the holidays. This new
"Pool Party" process injection techniques evade EDRs (Help Net Security) "Pool Party" process injection techniques can be used to evade EDR detection and execute malicious code on Windows systems.
Press and pressure: Ransomware gangs and the media (Sophos) Sophos X-Ops explores the symbiotic – but often uneasy – relationship between ransomware gangs and the media, and how threat actors are increasingly seeking to wrest control of the narrative
The Kids Aren’t Alright: Vulnerabilities in Edulog Portal Revealed K-12 Student Location Data (Tenable®) Tenable Research discovered security flaws in a popular transportation management app that allowed access to student location data. While these issues have been fixed, the findings again prove the importance of strong authentication and access control.
News Insights: 23AndMe with Alethe Denis, Security Expert - Red Team (Bishop Fox) Alethe Denis, Bishop Fox Senior Red Team consultant and Social Engineering expert, reveals her perspective on what she sees about the 23AndMe breach.
Responding to CitrixBleed (CVE-2023-4966): Key Takeaways from Affected Companies (Morphisec) This blog provides an analysis by Morphisec of responding to actual Citrix Bleed attacks (CVE-2023-4966), detailing threat actor tactics and recommended safeguards.
Citrin Cooperman Advisors Files Notice of Data Breach Following Cyberattack (JD Supra) On November 6, 2023, Citrin Cooperman Advisors LLC (“Citrin Cooperman”) filed a notice of data breach with the Attorney General of Vermont after...
Notorious hacker wipes clean video hosting site for balloon 'enthusiasts' (The Daily Dot) A hacker has leaked sensitive user data from a website dedicated to hosting inflatable and balloon videos.
Bitcoin ATM company Coin Cloud got hacked. Even its new owners don't know how. (TechCrunch) Hackers breached Bitcoin ATM company Coin Cloud, but even the new company owners don't know when it happened, or who is responsible.
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency | CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-6448 Unitronics Vision PLC and HMI Insecure Default Password
NVD - CVE-2023-6448 (NIST) Unitronics Vision Series PLCs and HMIs use default administrative passwords. An unauthenticated attacker with network access to a PLC or HMI can take administrative control of the system.
Security Patches, Mitigations, and Software Updates
December 2023 Security Updates (Microsoft Security Response Center) This release consists of the following 36 Microsoft CVEs
Microsoft Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency | CISA) Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws (SeurityWeek) Microsoft warns of critical spoofing and remote code execution bugs in the Windows MSHTML Platform and Microsoft Power Platform Connector.
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update (Dark Reading) The company's final patch release for 2023 contained fixes for a total of just 36 vulnerabilities — none of which, for a change, were zero-days.
Adobe Security Bulletin (Adobe) Security updates available for Adobe Substance3D - Stager | APSB23-73
Adobe Security Bulletin (Adobe) Security Updates Available for Adobe Illustrator | APSB23-68
Adobe Security Bulletin (Adobe) Security Updates Available for Adobe After Effects | APSB23-75
Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency | CISA) Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle (SecurityWeek) Adobe warned users on both Windows and macOS systems about exposure to code execution, memory leaks and denial-of-service security issues.
S2-066 - Apache Struts 2 Wiki (Apache Software Foundation) An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
The Apache Software Foundation Updates Struts 2 (Cybersecurity and Infrastructure Security Agency | CISA) The Apache Software Foundation has released security updates to address a vulnerability (CVE-2023-50164) in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.
SAP Security Patch Day –December2023 (SAP) This post shares information onSecurity Notesthat remediatevulnerabilities discovered in SAP products. SAP strongly recommends that the customer visitstheSupport Portaland applies patches on priority to protect their SAP landscape.
SAP Patches Critical Vulnerability in Business Technology Platform (SecurityWeek) SAP patches multiple vulnerabilities in the Business Technology Platform, including a critical elevation of privilege bug.
Apple Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency | CISA) Apple has released security updates for Safari, iOS and iPadOS, Sonoma, Ventura, and Monterey to address multiple vulnerabilities. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
Apple Makes Security Changes to Protect Users From iPhone Thefts (Wall Street Journal) When your iPhone isn’t in a familiar location, Stolen Device Protection can prevent thieves from making critical changes to your Apple account.
Apple Sets Trap to Catch iMessage Impersonators (SecurityWeek) New iMessage Contact Key Verification feature in Apple’s iOS and macOS platforms help catch impersonators on its iMessage service.
CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) CISA released two Industrial Control Systems (ICS) advisories on December 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-346-01 Schneider Electric Easy UPS Online Monitoring Software
ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update B)
Trends
Hackers Stole About $1.7 Billion This Year From Crypto Projects (Bloomberg) The amount of funds crypto projects lost to hackers has declined by about half to around $1.7 billion so far this year, amid improved security measures and an uptick in law enforcement actions.
Many popular websites still cling to password creation policies from 1985 (Help Net Security) A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers have found.
THE Q3 GLOBAL IDENTITY FRAUD REPORT Uncovers 56% Surge in Payment Sector Correlated with Unprecedented Decline in Crypto (AU10TIX) Crypto Sector, Traditionally Ground Zero for Organized Fraud Activity, Sees 51% Decrease in Anticipation of Sweeping EU Regulations
Marketplace
How Did Tech Become America’s Most Troubled Industry? (The Atlantic) The U.S. economy’s most dynamic sector is suddenly hemorrhaging jobs.
BlackBerry squashes plan to spin out its IoT biz (Register) Board and incoming CEO decide reorganizing is better than splitting
What’s behind Microsoft's big security shakeup - and what needs to come next (SiliconANGLE) What’s behind Microsoft's big security shakeup - and what needs to come next - SiliconANGLE
Sam Altman Defends AI Thrust Days After Retaking OpenAI’s Helm (Bloomberg) Sam Altman is back on the conference circuit and touting AI’s benefits to humanity, days after regaining the lead at the world’s best-known artificial intelligence startup.
Camelot Secure Bolsters Cyber Defense Arsenal with Cybersecurity Luminary Maxwell Carroll as Chief of Threat Intelligence (Camelot Secure) Columbia, MD, December 12, 2023 – Camelot Secure (Camelot), a […]
Securiti Appoints Bruce Nixon as Partner Director of APAC & Middle East (Business Wire) Industry veteran joins the pioneers of the Data Command Center to drive growth and regional partner success in APAC & the Middle East
Zscaler Boosts Partner Push With Hire Of Channel Veteran Christine McElduff (CRN) Zscaler hired Christine McElduff from Palo Alto Networks as its vice president for Americas partner and alliances sales.
NinjaOne Welcomes Business Visionary Gerhard Watzinger and Marketing Legend Hila Nir to its Board of Directors (NinjaOne) Read first-hand accounts of how Ninja's products and superior support help companies deliver fast and effective IT management.
Data security vendor Vault365 hires new UK&I channel leader (CRN) Mike Basile joins Vault365 from Cadoo
Products, Services, and Solutions
Immersive Labs Recognized as a Leader in Cybersecurity Skills and Training Platforms by Independent Research Firm (Business Wire) People-Centric Cyber Resilience Pioneer Receives Highest Possible Scores in 13 Criteria
PlainID Announces Dynamic Security Capabilities with SQL Databases (PR Newswire) PlainID, the Authorization Company™, has announced its new dynamic security capabilities via the PlainID Authorizer for SQL databases....
Cohesity Ranked as the Fastest Growing of the Top 10 Largest Players in Data Replication and Protection Software Market for 1H 2023 (Cohesity) Cohesity, a leader in AI-powered data security and management, today announced that according to IDC’s Semiannual
Total Economic Impact Study Finds Code42’s Data Protection Solution Delivered a 172% Return on Investment (ROI) (Code42) Code42 Software, Inc., the leader in data loss and insider threat protection, commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study to evaluate the return on investment (ROI) that the Code42® Incydr™ data protection solution provides customers. Forrester found that a composite organization, comprised of interviewees with experience using the Code42 Incydr solution […]
Total Economic Impact™ of Code42 Incydr: A Forrester Study (Code42) Discover the value of Incydr data protection in Forrester’s 2023 Total Economic Impact™ (TEI) study commissioned by Code42, which provides a comprehensive review of the product's return on investment (both tangible and unquantified) to a composite organization comprised of interviewees with experience using Incydr.
Saviynt Selected For Microsoft Security Copilot Partner Private Preview (Saviynt) Saviynt today announced its participation in the Microsoft Security Copilot Partner Private Preview.
Drata Launches Third-Party Risk Management (PR Newswire) Drata, the leading continuous security and compliance automation platform, today announced its Third-Party Risk Management (TPRM) offering,...
Resecurity Launches Identity Protection in Bahrain Following Arab International Cybersecurity Summit (PR Newswire) Resecurity, a leading cybersecurity company, announced the successful launch of its innovative Identity Protection solution in Bahrain. The...
Analysts Recognize HackerOne in the PTaaS Market Amidst Rapid Business Expansion (HackerOne) HackerOne Recognized in PTaaS Space by Analysts While Revenue For PTaaS Product Grows By 200%
VISO TRUST, Shared Assessments Licensing Extends Relationship, Accelerates TPRM Program Maturity with New Ease, Allowing Companies to Increase Scope and Immediacy of Assessments (Business Wire) Patented AI Platform Drives Unprecedented Questionnaire-Free TPRM Assessments and Auto-Completes Questionnaires. Ingests, Auto-Populates SIG and All other TPRM Questionnaires in Minutes, Not Months.
Safe Security Introduces New SAFE Materiality Assessment Module to Help Companies in SEC Compliance (Safe Security) Safe Security's AI-driven Materiality Assessment Module ensures SEC compliance, estimating cyber incident materiality with the recognized FAIR-MAM framework.
Semperis Is Now an Approved Software Vendor with the Texas Department of Information Resources, Furthering Its Reach in the Public Sector Market (Semperis) We protect the world’s largest and most complex environments from cyberattacks, data breaches, and operational errors. Read our press release "Semperis Is Now an Approved Software Vendor with the Texas Department of Information Resources, Furthering Its Reach in the Public Sector Market " to learn more.
Concentric AI Introduces Industry’s First Audio/Video File Data Discovery and Protection in a Data Security Posture Management Solution (Concentric AI) Concentric AI announced that its DSPM solution now offers the industry’s first sensitive data discovery, identification, risk monitoring, and remediation protection for audio and video files.
CISO Global Successfully Completes SOC 2 Audit (GlobeNewswire News Room) Independent Audit Validates CISO Global Security Controls and Data Privacy Practices Scottsdale, Ariz., Dec. 13, 2023 (GLOBE NEWSWIRE) -- CISO Global...
Simplicity Meets Security: Dashlane Becomes the First Credential Manager to Eliminate the Master Password (Dashlane) Passwordless login for Dashlane, a login experience without the Master Password, is now available on iOS and Android mobile devices.
Duet AI for Developers and in Security Operations now GA | Google Cloud Blog (Google Cloud Blog) Duet AI for Developers and Duet AI in Security Operations are now generally available.
Technologies, Techniques, and Standards
NSA Issues Recommendations to Protect Software Defined Networking Controllers (National Security Agency/Central Security Service) The National Security Agency (NSA) has released the Cybersecurity Information Sheet (CSI), “Managing Risk from Software Defined Networking Controllers.” The report provides recommendations to help
CISA releases new tools to help agencies secure Gmail, other Google applications (Federal News Network) The addition of security baselines for Google Workspace products comes after CISA already released baseline configurations for Microsoft 365.
Strengthening identity protection in the face of highly sophisticated attacks (Microsoft Tech Community) Get the latest information on our engineering advancements and continued commitments to secure identities as part of the Secure Future Initiative.
Design and Innovation
CIOs grapple with the ethics of implementing AI (CIO) With ethical considerations around AI use increasingly top of mind, IT leaders are developing governance frameworks, establishing review boards, and coming to terms with the difficult discussions and decisions ahead.
OWASP Top 10 for Large Language Model Applications (OWASP) Aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing Large Language Models (LLMs)
Building a Passwordless Future (Dashlane) Dashlane is the first credential manager to eliminate the Master Password, a key step in our efforts to build a passwordless future.
WSJ News Exclusive | New York Times Hires First Newsroom Leader Focused on Artificial Intelligence (Wall Street Journal) Quartz co-founder Zach Seward is being tasked with establishing principles for how the Times will and won’t use generative AI.
A Democratic campaign deploys the first synthetic AI caller (POLITICO) A candidate in a competitive Pennsylvania congressional race is using “Ashley,” an AI campaign volunteer, stretching the bounds of how technology shapes retail politics.
Legislation, Policy, and Regulation
EU Takes Cyber Defense to the Next Level with Cyber Solidarity Act (OCCRP) The European Parliament adopted legislation on Thursday aimed at enhancing the European Union's ability to combat the growing number of cyber attacks, which now cost the world's economy trillions of dollars.
The US government plans to go all-in on using AI. But it lacks a plan, says a government watchdog (CNN Business) The US government plans to vastly expand its reliance on artificial intelligence, but it is years behind on policies to responsibly acquire and use the technology from the private sector, according to a new federal oversight report.
SEC Cyber Rules Loom Over Public Companies (Wall Street Journal) Listed companies must publicly report material cyberattacks starting Dec. 18.
Section 702 Delivers Stronger U.S. National Security (The Cipher Brief) Cipher Brief Expert General Joe Votel (Ret.) shares insights on how Section 702 of FISA delivers stronger U.S. national security
Harry Coker confirmed to be the next National Cyber Director (CyberScoop) The former National Security Agency executive director will oversee federal cyber policy as the first Senate-confirmed NCD in 10 months.
Ex-NSA Official Harry Coker Approved as Biden’s Next Cyber Czar (The Messenger) Coker will immediately confront pressing dilemmas over how to better protect the government from hackers.
White House cyber director confirmed in Senate (Record) Harry Coker will take over as the second-ever Senate-confirmed leader of the Office of the National Cyber Director.
Litigation, Investigation, and Law Enforcement
Global law enforcement targets Southeast Asian cyberscam gangs (Nikkei Asia) U.K. launches first sanctions against suspects involved in online fraud schemes
U.S. seizes crypto linked to Southeast Asian investment scam (Reuteres) The United States has seized digital currency worth about half a million dollars from an account registered to a Chinese man who featured in a Reuters investigation into crypto-investment fraud run from Southeast Asia.
Outdated data protection practice key factor in PSNI data breach (ComputerWeekly.com) The August 2023 data breach at the Police Service of Northern Ireland arose chiefly from an outdated approach to data protection and compliance at the force, according to an independent review.
FCC reminds mobile phone carriers they must do more to prevent SIM swaps (Record) The FCC warning comes on the heels of a Cyber Safety Review Board report about the Lapsus$ cybercrime group.
Brazil's first lady X account hacked, authorities open investigation (Reuters) Brazilian First Lady Rosangela "Janja" Silva had her account on social media platform X hacked on Monday, prompting local authorities to launch an investigation and request that the Elon Musk-owned company freeze her profile.
Google’s Epic Legal Defeat Threatens $200 Billion App Store Industry (Bloomberg) Google’s legal defeat at the hands of Fortnite maker Epic Games Inc. threatens to roil an app store duopoly with Apple Inc. that generates close to $200 billion a year and dictates how billions of consumers use mobile devices.
Congress finds pharmacies give patient records to law enforcement without warrants (Record) Sen. Ron Wyden and two House members led an investigation into how major U.S. pharmacy chains handle requests from law enforcement agencies.
SBF’s Lawyer Says His Client Was the ‘Worst’ Ever Under Cross Examination (Bloomberg) Stanford Law Professor David Mills, who led defense for FTX’s Sam Bankman-Fried as favor to his parents, now fears ‘unwinnable’ case has ended their friendship.
The Discord Leaks, explained (Washington Post) On April 13, Jack Teixeira, a 21-year-old member of the Massachusetts Air National Guard, was arrested and charged with illegal retention and transmission of national defense information. His arrest came after Pentagon officials learned that highly classified U.S. documents had been popping up in social media channels.
Portrait of a Troubled Loner-Leaker (Spy Talk) Jack Teixeira and "The Discord Leaks" get a close-up on PBS Frontline tonight