Dateline
Ukraine at D+347: Hacktivism, privateering, and diversionary ops. (CyberWire) With little movement in the lines, there are signs of both Russian and Ukrainian diversionary operations in rear areas.
Russia-Ukraine war: List of key events, day 348 (Al Jazeera) As the Russia-Ukraine war enters its 348th day, we take a look at the main developments.
After months of stalemate, Vladimir Putin’s army is on the move again (The Telegraph) As Kremlin prepares assault on Ukraine ahead of war’s first anniversary, Vladimir Putin’s forces are likely to weigh up a number of options
Russia to Press Assault in Ukraine’s East as Kyiv Waits for More Weapons (Bloomberg) The latest assessments from Ukraine’s allies point to some difficult weeks ahead for its forces, who now face as many as 300,000 Russian troops along the front lines.
Urban Combat Is Changing. The Ukraine War Shows How (Defense One) Four attributes distinguish today’s city battles from those that have come before.
Russia-Ukraine war: All of Ukraine 'will burn' warns Russia (The Telegraph) Former Prime Minister Dmitry Medvedev said all of Ukraine 'will burn' after the West pledged to supply Kyiv with more sophisticated weapons.
Ukraine ‘hits Russian factory making parts for Crimea bridge’ (The Telegraph) Suspected stealth strike by Kyiv’s troops targets plant in a border city, months after the Kerch Strait Bridge attack
Wagner-linked mercenary who claimed to have originated 'Z' war symbol shot in 'warning hit' (The Telegraph) Igor Mangushev, a captain in the Russian army, was taken to a hospital in the town of Stakhanov with a head wound
‘We killed three Russians’: the secretive Ukrainian special forces taking the fight across the border (the Guardian) Kyiv and western governments deny they exist, but saboteurs say they are striking Russia on its soil with the help of its people
Life on the front line: ‘I called Ukrainian soldiers fascists before they saved my life,’ says Russian POW (The Telegraph) Igor Mikhailovich Trofimenko was buried in a bunker and left to freeze before Ukrainian soldiers rescued him
Ukrainians endure grim winter as Russia destroys infrastructure – in maps (the Guardian) Humanitarian crisis unfolding amid freezing weather, energy grid damage and displaced and vulnerable population
Ukraine replacing its defense minister nearly one year into Russia's invasion (Fox News) Kyrylo Budanov, Ukraine's military intelligence chief, will replace Oleksiy Reznikov as the country's defense minister, officials said on Sunday.
Joint statement following the 24th EU-Ukraine Summit (Odessa Journal) 3 February 2023, Kyiv Charles Michel, President of the European Council, Ursula von der Leyen, President of the European Commission, and Volodymyr
European Union to double military training for Ukraine, lines up new sanctions package (Breaking Defense) “Russia is paying a heavy price as our sanctions are eroding its economy, throwing it back by a generation,” said European Commission President Ursula von der Leyen, who noted Ukraine's "impressive progress" toward EU membership.
Air Defense Systems, Long-Range Fires Capability to be Sent to Ukraine (U.S. Department of Defense) The Defense Department announced a new package of security assistance for Ukraine.
Fact Sheet on U.S. Security Assistance to Ukraine (U.S. Department of Defense) In total, the United States has committed $30 billion in security assistance to Ukraine since the beginning of the Biden Administration, including more than $29.3 billion since the beginning of Russia’s unprovoked and brutal invasion on February 24, 2022.
Germany approves 88 Leopard tanks for Ukraine (The Telegraph) Germany has given the green light for the export of Leopard 1 battle tanks to Ukraine in a €100 million deal to bolster Kyiv’s defences.
What Does an Endgame Look Like in Ukraine? (Bloomberg) NATO and the West are sending more weapons to defend against Putin’s aggression. Whether it’s enough — or too little, too late — we just don’t know.
The Ukraine repair shop: where Russian tanks go to change sides (the Guardian) Western supplies of Leopards and Challengers have made the news, but the biggest donor is the enemy
Examining the Wagner Group, a private military company that Russia has relied on (NPR) NPR's Steve Inskeep talks to András Rácz of the German Council on Foreign Relations, about the Russian-allied paramilitary organization Wagner Group, which is operating in Ukraine.
Russia steps up threats against Republic of Moldova (National Herald) Russia's foreign minister has warned that Moldova could meet the same fate as Ukraine
Georgia Wants Russia to Leave Its Land in a Ukraine Peace Deal (Bloomberg) Russia must ‘learn where its borders are,’ Zourabichvili said. Georgia President Zourabichvili speaks in interview in Tbilisi.
Putin’s War in Ukraine Pushes Ex-Soviet States Toward New Allies (Bloomberg) The Kremlin ruler’s efforts to restore Russian dominance over its neighbors seem further away than ever as nations build ties with rival powers.
Russia’s Failed War Has Created an Opening in the Balkans (Foreign Policy) The West should remind Serbia not to hitch its wagon to a diminished Russia.
In pro-Putin Serbia, liberal-minded Russians seek a home (AP NEWS) At a central square in Serbia's capital of Belgrade, dozens of Russians gathered recently to denounce President Vladimir Putin's war in Ukraine , holding up photos of political prisoners from their homeland.
Eastern Europe Wants NATO to Beef Up Defense Spending (Foreign Policy) Poland and Estonia are planning to push the alliance to raise its defense spending benchmark this year to at least 2.5 percent of GDP.
NATO Must Stand Up to Turkey’s Blackmail (Foreign Policy) Ankara has legitimate security concerns, but the alliance should firmly reject Erdogan’s transactional diplomacy when it comes to Swedish accession.
WSJ News Exclusive | Moscow, Tehran Advance Plans for Iranian-Designed Drone Facility in Russia (Wall Street Journal) Moscow and Tehran are moving ahead with plans to build a factory in Russia that could make at least 6,000 Iranian-designed drones for the Ukraine war, said officials from a country aligned with the U.S.
Ukraine’s Uncrewed Raid on Sevastopol and the Future of War at Sea (RUSI) The use of uncrewed surface vessels by Ukraine to inflict damage on the Russian navy has attracted widespread attention. But does it really herald a new era of naval warfare as some are suggesting?
RAND experts fear stalemate, ‘frozen conflict’ in Ukraine (Breaking Defense) Experts believe Ukraine's near-term will be a grueling marathon between the West’s ability to churn out arms and Russia’s capacity to suffer.
Ukraine is using Palantir's software for 'targeting,' CEO says (Reuters) Data analytics company Palantir is "responsible for most of the targeting in Ukraine," Chief Executive Alex Karp said Wednesday, elaborating on the U.S. company's work with Kyiv since Russia's invasion last year.
Smartphones Lead the Battlefield as Ukraine Overtakes Occupied City (iHLS) This post is also available in: עברית (Hebrew)The Russian Defense Ministry has issued a rare statement following a successful Ukrainian strike against
Ukraine to implement Delta situation awareness system in defense forces (Euromaidan Press) On 4 February, Ukraine’s Cabinet of Ministers adopted a resolution to introduce the Delta system to the country’s Defense Forces, following a proposal by Minister of Defense of Ukraine Oleksii Reznikov.
What is hybrid warfare? Inside the centre dealing with modern threats (BBC News) Frank Gardner visits the Helsinki centre where a joint EU-Nato team is focused on so-called hybrid threats.
Customizable new DDoS service already appears to have fans among pro-Russia hacking groups (The Record from Recorded Future News) For $120 per month, Passion allows customers to “customize” their DDoS incidents. The tool allegedly has been used against hospital websites.
Russian Hackers Take Down At Least 17 U.S. Health System Websites (MedCity News) Russian hacker group Killnet has claimed responsibility for a string of recent cyberattacks that took more than a dozen hospital websites offline across the U.S. — including the websites for Cedars-Sinai, Michigan Medicine, and UPMC. The group has been active for at least a year and is known to target countries that support and/or send resources to Ukraine.
Tallahassee Memorial HealthCare, Florida, has taken IT systems offline after cyberattack (Security Affairs) The Tallahassee Memorial HealthCare (TMH) hospital in Florida was forced to take offline its systems after a cyberattack. The Tallahassee Memorial HealthCare (TMH) hospital has taken its IT systems offline and suspended non-emergency procedures after a cyberattack. The attack took place on Thursday, the cyberattack hit some of the systems at the hospital. The Tallahassee […]
Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack (The Record from Recorded Future News) A Tallahassee hospital has been forced to divert patients and cancel all non-emergency surgical procedures after a Thursday night cyberattack.
Pro-Russian attackers aim for US Department of Homeland Security (Cybernews) Killnet, a hacker group loyal to Russia, continues to test the US, adding different government institutions to its list of targets.
Ukraine cyber police charge suspected Russian propagandist over YouTube gonzo campaign (Cybernews) A man has been accused of using YouTube and Telegram to spread pro-Russian propaganda to an online audience of three million people, garnering half a billion hits, say cyber police in Ukraine.
Winners And Losers In The Russia-Ukraine Cyberwar – Analysis (Eurasia Review) By Dr Cherian Samuel* The cyber conflict between Russia and Ukraine preceded the kinetic conflict by almost a month, with the first major cyber attack on 14 January 2022 knocking out over 70 Ukrain…
The SSU detained two Russian agents who were preparing missile strikes on railway nodes and energy facilities in Odessa and Kherson | odessa-journal.com (Odessa Journal) Cyber specialists of the SSU exposed two more FSB agents in the course of large-scale counter-subversive measures in the front-line areas of southern
Exclusive: German football coach unmasked as 'Russian double agent' (The Telegraph) The Telegraph can reveal the identity of the man at the heart of the biggest intelligence scandal to rock Europe in decades
How Germany's intelligence agency became a liability for Europe (The Telegraph) The unmasking of a German football coach as a Russian double agent is the latest in a string of embarrassments for Berlin's spy unit
How will EU ban and West's price cap on Russian diesel work? (AP NEWS) The European Union is taking another big step toward cutting its energy ties with Russia .
Russia's 2021 Census Results Raise Red Flags Among Experts And Ethnic-Minority Activists (RadioFreeEurope/RadioLiberty) The Kremlin released the results of the COVID-delayed 2021 census late last year, and the numbers have alarmed many among the country's non-Russian ethnic minorities, who allege they have been undercounted.
Attacks, Threats, and Vulnerabilities
Chinese 'internet water army' attacks Taiwan president’s and former premier’s Facebook pages (Taiwan News) CCP hires online marketing companies to enlist internet water armies to engage in cyberattacks, disinformation | 2023-02-05 21:14:00
America's top cyber diplomat says his Twitter account was hacked (CNN) America's top cybersecurity diplomat Nate Fick said his personal Twitter account was hacked, calling it part of the "perils of the job."
Iran responsible for Charlie Hebdo attacks - Microsoft On the Issues (Microsoft On the Issues) Today, Microsoft’s Digital Threat Analysis Center (DTAC) is attributing a recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor. Microsoft calls this actor NEPTUNIUM and we believe this attack is a response by the Iranian government to a cartoon contest conducted by the publication.
Piratage de « Charlie Hebdo » : un groupe iranien à la manœuvre, selon Microsoft (Le Monde.fr) Le groupe « Emennet Pasargad » est déjà bien connu des autorités américaines, et s’en prend notamment à des cibles israéliennes.
Iran behind hack of French magazine Charlie Hebdo, Microsoft says (Reuters) An Iranian government-backed hacking team allegedly stole and leaked private customer data belonging to French satirical magazine Charlie Hebdo, security researchers at Microsoft said on Friday.
Microsoft attributes Charlie Hebdo data leak to Iran-linked NEPTUNIUM APT (Security Affairs) Microsoft attributes a recent cyber attack against the satirical French magazine Charlie Hebdo to an Iran-linked NEPTUNIUM APT group. Microsoft’s Digital Threat Analysis Center (DTAC) attributes a recent cyberattacks against the satirical French magazine Charlie Hebdo to an Iran-linked threat actor tracked as NEPTUNIUM (aka Emennet Pasargad, Holy Souls). The attack is a retaliation for […]
Bermuda hit by major internet and power outage (BleepingComputer) Bermuda experienced a widespread power outage on Friday which impacted the island's internet and phone services. Calling it a "serious incident" at BELCO, the Bermudian power supplier, the government has advised customers to "unplug all sensitive electrical equipment" as crews work around the clock on restoration efforts.
FormBook Malware Spreads via Malvertising Using MalVirt Loader to Evade Detection (The Hacker News) Researchers have uncovered a malvertising campaign that distributes virtualized . NET MalVirt loaders to evade detection and infect victims' computers
Linux version of Royal Ransomware targets VMware ESXi servers (BleepingComputer) Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.
Ransomware scum attack old VMWare ESXi vulnerability (Register) You’ve had almost two years to patch and some of the software is EOL, now attackers déployer un rançongiciel
Italy sounds alarm on large-scale computer hacking attack (Reuters) Thousands of computer servers around the world have been targeted by a ransomware hacking attack, Italy's National Cybersecurity Agency (ACN) said on Sunday, warning organisations to take action to protect their systems.
Italy's TIM suffers internet connection problems (Reuters) Thousands of Telecom Italia (TIM) customers across Italy complained of internet outages and glitches on Sunday which the company blamed on problems with an international link.
Italy sounds alarm on large-scale computer hacking attack (Jerusalem Post) Servers had been compromised in other European countries such as France and Finland as well as the US and Canada.
Italian National Cybersecurity Agency (ACN) warns of massive ransomware campaign targeting VMware ESXi servers (Security Affairs) The Italian National Cybersecurity Agency (ACN) warns of an ongoing massive ransomware campaign targeting VMware ESXi servers. The Italian National Cybersecurity Agency (ACN) warns of an ongoing massive ransomware campaign targeting VMware ESXi servers worldwide, including Italian systems. The attackers are attempting to exploit the CVE-2021–21974 vulnerability. According to the ACN, most of the attacks […]
Campagne d’exploitation d’une vulnérabilité affectant VMware ESXi (CERT-FR) Le 03 février 2023, le CERT-FR a pris connaissance de campagnes d'attaque ciblant les hyperviseurs VMware ESXi dans le but d'y déployer un rançongiciel.
VMSA-2021-0002 (VMware) VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2021-21972, CVE-2021-21973, CVE-2021-21974)
CERT-FR warns of a new wave of ransomware attacks targeting VMware ESXi servers (Security Affairs) A new wave of ransomware attacks is targeting VMware ESXi servers to deliver ransomware, CERT of France warns. The French Computer Emergency Response Team (CERT-FR) warns that threat actors are targeting VMware ESXi servers to deploy ransomware. CERT-FR reported that threat actors behind these ransomware attackers are actively exploiting the vulnerability CVE-2021-21974. “OpenSLP as used […]
‘0ktapus’ hackers are back and targeting tech and gaming companies, says leaked report (TechCrunch) A leaked report obtained by TechCrunch says the hackers behind the massive "0ktapus" campaign is back and targeting companies like Riot Games and Mailchimp.
Zero day affecting Fortra’s GoAnywhere file transfer tool is actively being exploited (The Record from Recorded Future News) Fortra issued a private advisory about the zero-day. Cyber researchers then highlighted the information. There's no mention of a patch.
Ransomware Gang in Trading Hack Says Ransom Was Paid (Bloomberg) Ion Trading representative declines to comment on ransom claim. Hack of ION Trading upended derivatives trading around world.
Regulators weigh in on ION attack as LockBit takes credit (Register) Crims put a February 4 deadline for software slinger to pay up
Russian hackers launch attack on City of London infrastructure (The Armchair Trader) Security specialists claim that the recent attack on Ion Markets servers illustrate the vulnerability the City of London has to cyber crime.
Ransomware attack on data firm ION could take days to fix -sources (Reuters) A ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades, sources familiar with the matter told Reuters on Thursday.
Is ChatGPT making life easier for con artists? (Fortune) Despite fears about malicious code, its actually older con artists tricks that might be getting a boost, cybersecurity company Darktrace says
Unmasking Crypto Scams: The Team Effort Behind the Con (Legacy) Dive into the inner workings of crypto scams and the team effort and structures cyber criminals use to fool victims.
110,000 more users affected in 'LG Uplus' data breach (Weekend Leader) LG Uplus said that last month's data breach affected a total of 290,000 users, about 110,000 more than initially suspected.
Downriver police agengies targeted in malware attack, prevent data breach (FOX 2 Detroit) Several Downriver police communities were targeted in a data breach this week but, thanks to quick actions, were able to stop the attack before it became a data breach.
Bigger than they knew: Diligent Corp. sends more notifications after discovering hacked data on the internet (Databreaches.nte) Bigger than they knew: Diligent Corp. sends more notifications after discovering hacked data on the internet
TruthFinder, Instant Checkmate confirm data breach affecting 20M customers (BleepingComputer) PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers.
Feds say cyberattack caused suicide helpline's outage (ABC News) A cyberattack caused a nearly daylong outage of the nation’s new 988 mental health helpline late last year, federal officials tell The Associated Press
UT: Aspire Surgical notifying patients of data breach (DataBreaches.net) Yet another one you probably hadn’t heard about yet.
Complexity, the enduring enemy of medical cybersecurity (Today's Medical Developments) Cybersecurity for operations and facilities is arguably most important in the hospital setting where critical populations gather, and the safe movement of resources, equipment and personnel is essential.
When Justine got unexpected mail, she thought she had a 'secret admirer'. Instead it was a scam (ABC) "Brushing" scams are ploys by retailers to amp up their online presence by sending real people unsolicited goods. It seems harmless, but it could be a warning sign your data has been compromised.
How Tyrants Use Tech to Spy on All of Us (CyberWire) Parmy Olson: You’re the co-authors of a new book, “Pegasus: How a Spy In Your Pocket Threatens the End of Privacy, Dignity, and Democracy,” which tells the story of Pegasus, a powerful spyware developed by the Israeli cybersecurity firm NSO Group.
CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (The Hacker News) Cyber criminals are actively exploiting known vulnerabilities in Oracle E-Business Suite (CVE-2022-21587) and SugarCRM (CVE-2023-22952) systems.
CISA adds Oracle, SugarCRM bugs to exploited vulnerabilities list (The Record from Recorded Future News) CISA said two vulnerabilities from Oracle and SugarCRM are being exploited and ordered federal agencies to patch them before February 23.
Security Patches, Mitigations, and Software Updates
Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501) (Help Net Security) Atlassian has released patches for CVE-2023-22501, a critical authentication vulnerability in Jira Service Management Server and Data Center.
Microsoft Edge Gets Password Strength Check - WinBuzzer (WinBuzzer) Edge will evaluate new passwords in real time, suggesting changes to make them more secure.
Trends
Report: Data breach notices lack key details, enable identity theft 'Scamdemic' (KOMO) There’s a good chance you received a data breach notice last year—possibly more than one. Unfortunately, hackers continue to be very successful.
Have we learnt nothing from SolarWinds supply chain attacks? (Register) From frameworks to new federal offices it's time to get busy
OSINT in Current and Future Military Operations (Modern Diplomacy) In recent years, the international security environment has evolved in a way that lays greater emphasis on information gathering and analysis. This is largely due to the proliferation of digital technologies and the internet, which have made it easier for individuals, organisations, and governments to access, share, and disseminate information. As a result, the traditional […]
From ‘hi mum’ to crypto fraud: five of the latest scams to watch out for (the Guardian) Australians are losing millions of dollars a week to increasingly common swindles. How can you avoid them?
Marketplace
Darktrace boss defends UK cybersecurity firm amid short-seller attacks (the Guardian) Embattled firm to launch £75m share buyback to bolster stock price after criticism of sales and marketing
Okta CEO blames overhiring, ‘execution challenges’ for layoffs (Cybersecurity Dive) A series of security incidents hit the identity and access management platform last year. But financial results are improving and the customer base is growing.
Dell to Cut 5% of Workforce (Wall Street Journal) Dell Technologies said it is cutting about 5% of its workforce as market conditions continue to erode.
OpenAI Dangles Perks and Early Access to Win Investments in AI Startups (The Information) OpenAI has proven itself to be a prolific fundraiser, collecting billions of dollars from Microsoft and others to perfect its artificial intelligence software. Lately, it’s also been flexing its muscles as an investor in other AI startups, a strategy that could tie a generation of young ...
M&A transactions need more cyber due diligence (SC Media) Here are four steps companies can take to integrate cybersecurity into the M&A process.
Juniper Networks Looks to Drop Specializations in Partner Program Reorg (Channel Futures) Juniper Networks announces partner program changes, including a transition to “solution building outcomes” instead of specializations.
Elon Musk says Twitter will provide a free write-only API to bots providing 'good' content (TechCrunch) Elon Musk said that due to feedback Twitter will provide a write-only API for "bots providing good content that is free."
Mobilicom Joins U.S. Cybersecurity Working Group AUVSI to Set Industry Standards (GlobeNewswire News Room) AUVSI is the world's largest nonprofit organization dedicated to the advancement of uncrewed systems – maritime, land robotics, and drones Cybersecurity...
Keyfactor Global Channel Program Hits New Milestones as Businesses Prioritize Machine Identity Management (Business Wire) Keyfactor appoints Michael de Paris as VP of EMEA Channels; SVP of Global Channel Joe Tong named to 2023 CRN Channel Chief List.
NTT New Zealand appoints new head of cyber security (Reseller News) IT infrastructure and services company NTT has appointed Darren Ryland as head of cybersecurity for New Zealand.
Andreessen-Backed Cybersecurity Software Firm Tanium Taps Next CEO (Bloomberg) Dan Streetman to be CEO, Hindawi named executive chairman. Tanium has entertained prospects of going public since 2016.
Gigamon Appoints Chaim Mazal Chief Security Officer (Business Wire) Gigamon, the leading deep observability company, today announced that Chaim Mazal has been named Chief Security Officer (CSO). Mr. Mazal, who recently
Vanta Names Security Leader David Eckstein as CFO (Business Wire) Vanta, the leading trust management platform, announced today that it has appointed David Eckstein as its Chief Financial Officer, effective immediate
Products, Services, and Solutions
New infosec products of the week: February 3, 2023 (Help Net Security) The featured infosec products this week are from: Arkose Labs, Hornetsecurity, HYCU, KELA, and Trulioo.
Akamai offers micro-segmentation for Kubernetes clusters (SC Media) Attacks on Kubernetes clusters have increased, so researchers welcome the news from Akamai that security teams can now segment K8 clusters.
Radware launches new cloud security centers in Australia, Canada and New Zealand - Intelligent CIO APAC (Intelligent CIO APAC) Radware, a leading provider of cybersecurity and application delivery solutions, is to launch new cloud security centers in Melbourne, Toronto and Auckland. The facilities will reduce traffic latency as well as increase service redundancy and mitigation capacity to help customers defend against denial-of-service attacks, web application attacks, malicious bot traffic and attacks on APIs. It […]
SaiFlow Expands into North American Market and Releases Findings on Cybersecurity Vulnerabilities in EV Charging Software (GlobeNewswire News Room) SaiFlow offers strategies for working with OEMs, charge point operators and utilities to mitigate these threats...
OPSWAT Unveils New Mobile & Rugged Portable Media Security Solution for Critical Infrastructure (GlobeNewswire News Room) ARC Industry Leadership Forum attendees are among the first to experience the MetaDefender Kiosk K2100, a new ultra-rugged security solution built for...
Fortinet Unveils New ASIC to Accelerate the Convergence of Networking and Security Across Every Network Edge (Fortinet) Fifth-generation security processing unit (FortiSP5) delivers unparalleled levels of power-efficient performance to open new frontiers for securing the branch, campus, 5G, edge compute, operational technologies, and more
ArmorPoint Announces Strategic Partnership With CONNECT LATAM (GlobeNewswire News Room) Cybersecurity Solution Expands Footprint in Latin America Through Partnership with International Value Added Distributor...
Technologies, Techniques, and Standards
MITRE Launches Cyber Resiliency Engineering Framework Navigator (Business Wire) MITRE released the Cyber Resiliency Engineering Framework (CREF) NavigatorTM — a free, visualization tool that allows organizations to customize their
MITRE CREF Navigator empowers enterprises to improve cyber resiliency strategies (Help Net Security) MITRE's CREF Navigator allows organizations to customize their cyber resiliency goals , objectives and techniques.
What CISOs Can Do About Brand Impersonation Scam Sites (Dark Reading) Apply these nine tips to proactively fight fraudulent websites that use your brand to rip people off.
Why boards tune out CISOs, and 4 ways to get them to listen (IT World Canada) Imagine an adult in front of you talking in an unintelligible foreign language. That, says Jeffrey Wheatman, is how most chief information security officers (CISOs) sound to their boards and senior management. Wheatman, the cyber evangelist for U.S.-based IT supply chain security ratings service Black Kite, gave that analogy during his presentation Monday to the annual
Dealing With the Carcinization of Security (SecurityWeek) How can cybersecurity teams cut through the noise and confusion when everything starts to look and sound alike?
Unified Pacific Intel Wargame “Pacific Winds” offers key insights to deter potential adver (U.S. Indo-Pacific Command) U.S. Army Pacific Commanding General Gen. Charles A. Flynn hosted senior leaders from across the Department of Defense and several allied nations as part of the Unified Pacific Wargame Series
We can't rely on goodwill to protect our critical infrastructure (Help Net Security) Self-regulation isn’t stopping groups from targeting critical national infrastructure: hospitals, power grids, and oil pipelines.
What a perfect day in data privacy looks like (Help Net Security) Everyone wants extraordinary online experiences without sacrificing the security of their personal info - they want perfect data privacy.
Design and Innovation
How ChatGPT Kicked Off an A.I. Arms Race (New York Times) Even inside the company, the chatbot’s popularity has come as something of a shock.
Soon AI will battle AI in cyberspace, Israeli experts predict (Jerusalem Post) Cybersecurity companies race to find solutions as generative artificial intelligence is expected to lead to spike in cyberattacks
Academia
York Uni Joins Data Networks to Fight Cybercrime, Food Security (Mirage) A new research programme is developing ways of extracting information from complex datasets to tackle a number of real-world issues, such as cyberattacks, greener power grids, and food security.
Top College Majors for Getting a Job in National Security (ClearanceJobs) If you're applying to college, check out these top college majors. There are a lot of paths into national security.
Legislation, Policy, and Regulation
WSJ News Exclusive | U.S. Weighs Sanctions for Chinese Companies Over Iran Surveillance Buildup (Wall Street Journal) Beijing’s exports of video recorders to Iran more than doubled in 2022 as protests swept the country.
Trust, not tech, is holding back a safer internet (Register) Excuse me, citizen, did you packet this data yourself?
Is the government’s cyber policy moving from partnership to command-and-control? (Federal News Network) Cybersecurity in the private sector has long been a matter of collaboration. Companies and sectors worked with government to establish risk management approaches to what companies would ultimately…
How CISA plans to get tech firms to bake security into their products (Washington Post) The Cybersecurity and Infrastructure Security Agency (CISA) is pressing ahead on its push for technology manufacturers to make their products secure as they design them — and to make their default settings secure when consumers buy them.
CISA Announces Joint Emergency Communications Division and Stakeholder Engagement Division Virtual Industry Day (Hstoday) In its ongoing efforts to engage closely with Industry, CISA’s Industry Day Events will provide insight into CISA’s current and future challenges.
President Biden Announces Appointments to the President’s National Security Telecommunications Advisory Committee (The White House) Today, President Biden announced his intent to appoint highly qualified and diverse industry leaders as members of the President’s National
Dr. Rand Paul Elected Ranking Member of Senate Homeland Security Committee (HS Today) For the past two years, Dr. Paul served as ranking member of the Senate Small Business Committee. For the past two years, Dr. Paul served as ranking member of the Senate Small Business Committee.
Utah Lawmakers Rushing Through Bills To Destroy The Internet… ‘For The Children’ (Techdirt) The evidence-free moral panic over social media keeps getting stupider, and when things get particularly stupid about the internet, you can pretty much rely on Utah politicians being there to proud…
With TikTok banned by more governments, including Baltimore, cybersecurity experts weigh in (Maryland Daily Record) TikTok will soon be banned from Baltimore City devices, becoming the latest in a growing line of governments to prohibit the social media platform.
Litigation, Investigation, and Law Enforcement
Spain: Rights experts call for probe into claim Catalan leaders were spied on (UN News) Three independent UN-appointed human rights experts on Thursday demanded that the Spanish Government thoroughly investigate an alleged spying operation against leaders and activists from the Catalonia region, in the wake of a failed bid for independence six years ago.
Microsoft’s Activision Deal Tests a New Global Alignment on Antitrust (New York Times) Until recently, antitrust regulators in Europe and the United States took different approaches. Now, they’re on the same page — which some experts say makes closing deals harder.
U.S. judge denies FTC request to stop Meta from acquiring VR firm Within (Reuters) A judge on Friday released a ruling denying the Federal Trade Commission's request to stop Meta Platforms Inc from buying virtual reality content maker Within Unlimited, rejecting the regulator's concerns the deal would reduce competition in a new market.
Online misogyny set to be outlawed (The Telegraph) Government will use new Bill to crack down on abuse of women and girls on the internet
Priti Patel calls for stronger Online Safety Bill with power to jail tech bosses (The Telegraph) Former home secretary backs amendment to law saying public expect senior managers at social media firms ‘to be held fully to account’
Wikipedia Is Blocked in Pakistan Over ‘Sacrilegious’ Content (Bloomberg) Pakistan has blocked Wikipedia services in the South Asian nation after the platform failed to remove “sacrilegious” content.
WSJ News Exclusive | FTC Prepares Possible Antitrust Suit Against Amazon (Wall Street Journal) The potential lawsuit could target an array of Amazon’s business practices as anticompetitive, according to people familiar with the matter.
Will Class Action Lawsuits Force Companies to Get Serious About Cybersecurity? | Focal Point (Tanium) Class action lawsuits due to data breaches are on the rise and getting costlier. Here’s how firms can withstand future attacks—and litigation.
New York attorney general fines developer of stalking apps (The Record from Recorded Future News) The New York attorney general has ordered a spyware maker whose apps are used to surveil one’s partner to pay a $400,000 fine.
NY attorney general forces spyware vendor to alert victims (BleepingComputer) The New York attorney general's office has announced a $410,000 fine against a stalkerware developer who used 16 companies to promote surveillance tools illegally.
Finland’s Most-Wanted Hacker Nabbed in France (KrebsOnSecurity) Julius "Zeekill" Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands…
The Brothers Bankman-Fried (Puck) Gabe Bankman-Fried rode his brother’s reputation, and moolah, to political-donor stardom. Can he survive Sam’s fall?
Mark Cuban’s Crypto Garbage & Boies v. Brady (Puck) David Boies opens up about his novel legal stratagem to sue the bejesus out of Tom Brady, Gisele, and Larry David over FTX’s collapse—and why he’s coming for Mark Cuban next.
The longtime Biden aide at the center of classified documents furor (Washington Post) Kathy Chung went to work for Biden in 2012, becoming part of his inner circle and a bridge between him and his family
A Judge Just Used ChatGPT to Make a Court Decision (Vice) The case is the first time a court has admitted to using the AI text generator’s answers in a legal ruling.
How Prosecutors Say a Top F.B.I. Agent Sold His Services Overseas (New York Times) As the counterintelligence chief in New York, Charles McGonigal had access to sensitive American secrets. His arrest has touched off a scramble to assess the damage.
Knight First Amendment Institute Sues a Cyber-Intelligence Company (Columbia News) A senior attorney at the Knight Institute explains why they filed the lawsuit and what's at stake for free speech.
Dark Web Hitman Paid with BTC to Murder Teen Victim (HackRead) The man exchanged sexually explicit photographs and videos with a 14-year-old and intended to have the victim killed so that they would be unable to testify against him in court.
When Hackers Hobbled Ireland’s Hospitals, They Took Themselves Down, Too (Bloomberg) A 2021 ransomware attack froze the country’s biggest health system, showing some cybercriminals the line they didn’t want to cross.
Man sentenced for stealing identities of Johnson County employees after data breach (Kansas City Star) A Raytown man was sentenced on two separate, unrelated federal charges Wednesday — one for stealing the identities of Johnson County government employees and another for conspiracy to distribute $10 million of methamphetamine.