Developments in cyberespionage, and a look at the cyber phases of a hybrid war. Malign influencers. The cyber labor market.

Summary

By the CyberWire staff

At a glance.

North Korea's APT37 is distributing M2RAT.
Multilingual BEC attacks, and how they happen.
Grand Theft Auto: now also a TikTok challenge.
The cyber labor force and how it might fare during layoffs.
Assessing the cyber phase of Russia's war at the first anniversary of the invasion approaches.
Killnet's attempt to rally hacktivists and criminals to the cause of Russia.

North Korea's APT37 is distributing M2RAT.

North Korea’s APT37 (also known as “RedEyes or “StarCruft”) is distributing a new strain of malware dubbed “M2RAT,” according to a report from AhnLab Security Emergency Response Center (ASEC). ASEC spotted M2RAT being distributed via phishing emails last month. The emails contain documents that will execute shellcode by exploiting an EPS vulnerability in the Hangul word processor, which BleepingComputer notes is commonly used in South Korea. The shellcode will download a JPEG image to the victim’s machine, then uses steganography to extract code that will download M2RAT. The malware is designed to exfiltrate data via keylogging and screenshotting. M2RAT will also scan for mobile devices that are connected to the infected machine, and will transfer any documents or voice recordings to the PC. ASEC explains that APT37 usually targets “human rights activists, journalists, and North Korean defectors.” The researchers note that since the threat actor targets individuals and personal devices rather than companies with expensive security solutions, the victims often don’t know they’ve been compromised. For more on APT37, see CyberWire Pro.

Doing Threat Intel is Really Difficult - Try a Managed Intel Service

Why are you struggling with interpreting threat intel by yourself? Engage Nisos to achieve better risk insights and outcomes. Rely on the experts with a managed service that gives you the people, process, and technology to control costs while improving your defenses. Nisos leverages automation efficiency and analyst expertise that eliminates noise, identifies risks, and prioritizes your company-specific threats. We help you respond to threats faster and more effectively through assessments, monitoring, and investigations.

Multilingual BEC attacks, and how they happen.

Abnormal Security today detailed insights into multilingual business email compromise (BEC) attacks in a report, and insights into two actors; Midnight Hedgehog and Mandarin Capybara, who launch these campaigns in multiple languages concurrently. BEC attacks may be somewhat less prevalent than their phishing and identity theft counterparts, Abnormal Security researchers say, but the availability, affordability, and accessibility of software and technology lower the barrier to entry in targeted multiple-language attacks. Such attacks use common sales and marketing online services for malicious purposes. “Using these resources, BEC actors tend to collect target contact information—referred to as ‘leads’—within a certain geographic area, usually a single country or state,” the research states. Google Translate doesn’t hurt either. While it’s not flawless, it is free, and allows for quick translation and turnaround to victims of varying tongues. For more on multilingual BEC attacks, see CyberWire Pro.

Get more depth with CyberWire Pro content.

Did you know that CyberWire Pro offers five tailored briefings to help you focus in on your area of cybersecurity speciality? With daily Privacy and Policy briefings and weekly Research, Business and Disinformation briefings, you can dive right into topics that interest you the most. PLUS, get ad-free listening of all of our public podcasts and exclusive CyberWire Pro podcasts like CSO Perspectives and extended Interview Selects. Subscribe today for only $99/year and get all of this content and more! Subscribe today. Subscribe today.

Grand Theft Auto: now also a TikTok challenge.

Car manufacturers Hyundai and Kia have rolled out free theft-deterrent software for vehicles that don’t have an immobilize, the United States Department of Transportation (NHTSA) said in a press release on Tuesday. Social media giant TikTok, known for its short-form video format, has seen the promotion of a so-called “Kia Challenge,” observed since July of last year in which users share “videos showing how to remove the steering column cover to reveal a USB-A slot that can be used to hotwire [the] car,” Bleeping Computer wrote yesterday. This “challenge” saw such a great level of virality that Los Angeles, California saw an 85% increase in Kia and Hyundai thefts in 2022, with Chicago seeing a nine-time increase for the same brands.

The issue resides within a flaw in the vehicles’ “turn-key-to-start" system that allows for bypassing of “the immobilizer that verifies the authenticity of the code in the key's transponder to the car's ECU. This allows thieves to forcibly activate the ignition cylinder using any USB cable to start the vehicle,” Bleeping Computer recounted. The NHTSA says that the update provides an extended alarm duration, from 30 seconds to one minute, and requires a physical key in the ignition to start. This initial rollout will impact 2017-2020 Elantra, 2015-2019 Sonata, and 2020-2021 Venue car models. More updates are anticipated in June, with that second rollout providing an update for other car models. For more on the vulnerability of cars to USB-enabled theft, see CyberWire Pro.

The cyber labor force and how it might fare during layoffs.

ISC2 today shared their “How the Cybersecurity Workforce Will Weather a Recession” report, detailing the anticipated impact of economic hard times and related factors on the cybersecurity workforce as this year unfolds. The study analyzed input from C-Suite executives on their economic concerns.The research shows that the cybersecurity workforce is highly regarded by executives. 87% of the respondents note that a cut to their cybersecurity teams would mean more risk for the company, so much so that 31% of those surveyed noted cybersecurity to be the least likely department to feel the impact of layoffs. HR, sales, and operations were cited as more likely to be affected in the first round of job cuts, with 44%, 41%, and 40% of respondents citing those departments respectively as likeliest to bear the weight of layoffs. Cyber professionals are also at the top of the list for many executives when it comes to rehiring, with 51% of respondents saying cybersecurity professionals would be a priority to rehire. For more on the cyber labor market, see CyberWire Pro.

Assessing the cyber phase of Russia's war as the first anniversary of the invasion approaches.

The approach of the first anniversary of Russia's invasion of Ukraine has prompted a number of retrospective assessments of the cyber phases of Russia's war. The Washington Post cites expert opinion that sees a general Russian failure to integrate its cyber efforts into a more general combined arms operation. This failure has led Russia's cyber campaigns to be far less effective than expected. Dmitri Alperovitch, executive chair of the Silverado Policy Accelerator, told the Post, “For cyber to be effective on a battlefield, it has to be deeply integrated into conventional military plans. They’ve utterly failed in achieving any tactical or strategic successes, Viasat aside, which actually was a combined arms operation with significant effects.” And, despite the efforts of Russia's cybercriminal auxiliaries, large-scale and devastating cyberattacks against nations sympathetic to Ukraine have also fallen short of expectations. CISA Director Easterly said, “I think all of us were surprised, somewhat, that there have not been more significant attacks outside of Ukraine."

In a report issued this morning, Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape, Google's Threat Analysis Group, Mandiant, and Trust & Safety groups offered an appreciation of how the cyber phases of the war have developed. Google makes no pretense of neutrality in the war, which it directly calls Russian "aggression." Russian cyber operations have so far fallen short of prewar expectations and may well continue to do so, but Google thinks that the war has shown that cyber operations are likely to remain an enduring feature of future wars.

Killnet's attempt to rally hacktivists and criminals to the cause of Russia.

Flashpoint offers an update on the Infinity criminal-to-criminal marketplace which Killnet, the Russian cybercriminal auxiliary, has opened to attract more talent to the Russian cause. It continues to offer strong financial incentives to those willing to work for the Kremlin. One interesting conclusion the researchers arrive at is that Infinity's rules are much less fastidious about permitting financially-motivated crime against Russian organizations than other Russian criminal fora have been. “Notably, the forum does not seem to discourage members from selling data breached from Russian entities—such as malware logs or passports—which traditionally is frowned upon or downright forbidden on most Russian-speaking forums."

The CyberWire's continuing coverage of Russia's war against Ukraine may be found here.

Notes.

Today's issue includes events affecting China, France, India, Israel, the Democratic People's Republic of Korea, Russia, Ukraine, the United Kingdom, and the United States.

Dateline

Ukraine at D+357: Combined arms failure. (CyberWire) As the first anniversary of Russia's war approaches, observers take stock of Moscow's cyber campaigns and see them as having fallen short of expectations.

Russia-Ukraine war: List of key events, day 358 (Al Jazeera) As the Russia-Ukraine war enters its 358th day, we take a look at the main developments.

Ukraine-Russia war: Starmer demands 'justice for atrocities' as he meets Zelensky in Kyiv (The Telegraph) Sir Keir Starmer met with Volodymyr Zelensky on Thursday in his first visit to Ukraine since the Russian invasion.

Moscow’s Military Capabilities Are in Question After Failed Battle for Ukrainian City (New York Times) A disastrous Russian assault on Vuhledar, viewed as an opening move in an expected spring offensive, has renewed doubts about Moscow’s ability to sustain a large-scale ground assault.

Ukraine-Russia war: Six Russian balloons spotted over Kyiv, says Ukraine (The Telegraph) Six Russian balloons were spotted over Kyiv and most were shot down after being engaged by air defences, the Ukrainian capital's military administration said on Wednesday.

Russian Air Force 'Has Lot of Capability Left' One Year On From Ukraine Invasion (Air & Space Forces Magazine) The Russian air force remains largely intact despite its grinding war in Ukraine, according to independent analysis and official comments.

Russian Invasion Changed Security Calculations Worldwide, Austin Says (U.S. Department of Defense) The outcome of Russia's unprovoked war in Ukraine is profoundly important to Ukraine, Europe and all nations of the world, Secretary of Defense Lloyd J. Austin III said at the end of the NATO defense

Your simple guide to a year of Russia’s war in Ukraine (Al Jazeera) Ukraine says a renewed Russian offensive is under way following 12 months of bloodshed.

Spurred by Ukraine war, 18 Western countries plan to share remote sensing data (Breaking Defense) "Russia’s illegal invasion of Ukraine has highlighted the importance of a persistent space surveillance capability," said the United Kingdom, as European nations (and Canada) band together.

NATO vows more ammo and ‘additional capabilities’ to boost Ukraine spring offensive (Breaking Defense) NATO member also agreed on a new ammunition warehousing initiative aimed at supporting the pre-positioning of ammunition, while defense ministers started discussions on increasing defense spending above the decade-old two percent GDP target.

New battle emerges between the West and defence industry as the push continues to help arm Ukraine (The Telegraph) Nato members concede that Western militaries risk running out of the ammunition Kyiv needs, but also protect themselves going forward

NATO must collaborate, be 'smarter' about rebuilding munition stockpiles: Official (Breaking Defense) Patria Group’s CEO, Esa Rautalinko suggested the UAF were using more than 5,000 artillery rounds every day during the conflict — a figure which is more than the annual procurement of some European nations, he claimed.

U.S. focuses on training Ukrainian troops to use less ammo (POLITICO) Western nations are growing concerned over their ability to quickly replenish stocks.

If we can’t send F-16s, let’s send Ukraine our old planes (The Telegraph) The Western powers have plenty of Apache attack helicopters, A10 Thunderbolts and Tucano aircraft that would make a real difference to Kyiv

Ukraine’s Four-Letter War (Puck) As the battle for Ukraine enters its second year, neither side seems willing to negotiate. A source familiar with the Russian posture described Moscow’s opening position as “go fuck yourself.” Another well-informed source said that’s Kyiv’s opener, too.

Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape (Google Threat Analysis Group) One year after the Russian invasion of Ukraine, Google TAG, Mandiant, and Trust & Safety provide insights into changes in the cyber threat landscape triggered by the war.

Russian Hackers Slammed Ukraine After Invasion, Google Says (Bloomberg) NATO members also hit with malicious cyber activity last year

Following the Money: Killnet’s ‘Infinity Forum’ Wooing Likeminded Cybercriminals (Flashpoint) Killnet has created a new illicit forum, called Infinity, that hopes to bridge the gap between hacktivists and cybercriminals.

Unveiling the invisible war: Ukraine suffered 29 state-sponsored cyberattacks in 2022 (Atlas VPN) In recent years, state-sponsored cyberattacks have become a growing concern for governments, businesses, and individuals alike.

Ukraine war shows urgency of military AI, Palantir CEO says (Reuters) Ukraine's effective use of artificial intelligence (AI) to target Russian forces has pushed the technology onto the agenda of military and political leaders around the world, the CEO of U.S. software firm Palantir said on Wednesday.

Attacks, Threats, and Vulnerabilities

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks (SentinelOne) A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.

WordPress sites backdoored with ad fraud plugin (Malwarebytes) Popunders are the ideal vehicle to serve ad fraud. In this case, we investigate a scheme where a webpage you can't see is loading a bunch of ads while code mimics user activity by scrolling and visiting links.

RedEyes hackers use new malware to steal data from Windows, phones (BleepingComputer) The APT37 threat group (aka 'RedEyes' or 'ScarCruft') has been spotted using a new evasive malware named 'M2RAT' along with steganography to attack specific individuals for intelligence collection.

North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware (The Hacker News) Cybersecurity experts have linked North Korea's notorious APT37 hacking group to a new malware, dubbed M2RAT, which is targeting South Korea.

ShadowPad attacks targeting South American diplomatic orgs (SC Media) Chinese threat actor DEV-0147 has targeted several South American diplomatic entities with the ShadowPad remote access trojan, also known as PoisonPlug, in a bid to facilitate network infiltration and persistent access, reports The Hacker News.

Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (The Hacker News) Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad and QuasarLoader

Chinese Hackers Infiltrate South American Diplomatic Networks (Infosecurity Magazine) The group previously targeted government agencies and think tanks in Asia and Europe

China-based cyberespionage actor seen targeting South America (ARN) Cyberthreat group DEV-0147 is deploying the ShadowPad RAT to hit diplomatic targets in South America, expanding from its traditional attack turf in Asia and Europe, Microsoft says.

Multilingual Executive Impersonation Attacks (Abnormal Intelligence) See how two BEC threat groups use automated translation tools to execute payment fraud and payroll diversion attacks in several languages simultaneously.

Adsense abused: 11,000 sites hacked in a backdoor attack (HackRead) The campaign has been active since September 2022, and the recent surge in website infections was noted in January 2023.

Over 10,000 WordPress websites affected by fake redirect URLs to inflate Google AdSense revenue (TimesNow) Over 10,000 websites have been found to be affected by fake redirect URLs in a bid to inflate Google AdSense revenue. A detailed report by Sucuri, a cybersecurity company sheds light on the numerous websites where malicious URLs and backdoors have been added that redirect visitors to fake and spammy websites with prominent AdSense monetization.

DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines (BlackBerry) A new ransomware group dubbed "DarkBit" has recently appeared on the threat landscape after targeting one of Israel's top research universities, Technion - Israel Institute of Technology (IIT).

Deep Lateral Movement in OT Networks: When is a Perimeter Not a Perimeter (Forescout) This research report is the first systematic study into how attackers can move laterally between different network segments and types of networks at the controller level – Purdue level 1 (L1) – of OT networks.

ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage (SecurityWeek) ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge after deep lateral movement

The return of ICEFALL: Two critical bugs revealed in Schneider Electric tech (The Record from Recorded Future News) Two vulnerabilities affecting tools from Schneider Electric have been disclosed by the researchers behind last year’s “ICEFALL” findings.

Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar (The Hacker News) Cybersecurity researchers have discovered a new evasive malware, Beep, which can drop an information stealer onto a compromised host.

ESXiArgs ransomware has infected hundreds of new targets in Europe (The Record from Recorded Future News) More than 500 European organizations are dealing with new infections of the ESXiArgs ransomware, according to Censys.

Give Me Libre or Give Me Dread: The Fleeting Promise of Centralized Illicit Communities (Flashpoint) Libre Forum, an illicit community and potential successor to Dread, is showing the limits—and enduring resiliency—of centralized forums on the dark web.

Hackers start using Havoc post-exploitation framework in attacks (BleepingComputer) Security researchers are seeing threat actors switching to a new and open-source command and control (C2) framework known as Havoc as an alternative to paid options such as Cobalt Strike and Brute Ratel.

PhishPal: How PayPal Became a Hackers’ Haven (Avanan) PayPal is a favorite of hackers.

Cybercriminals Cause Heartbreak on Valentine’s Day (Security Boulevard) Many people look for love or companionship online, and Valentine’s Day presents the perfect opportunity for digital crooks to take advantage of vulnerable

Kaspersky warns against ‘romanticization’ of digital stalking (Back End News) Kaspersky rings the alarm about the romanticization of stalking as depicted in TV series and movies. The cybersecurity company reminds people that stalking, both online and offline, is unacceptable…

British police vulnerable to Chinese spying, commissioner warns (Computing) Government departments were instructed last year to discontinue use of China-made cameras at sensitive sites

BlackCat hackers post personal data of staff and students of Irish university (CyberSecurity Connect) After suffering a ransomware attack nearly a fortnight ago, for which it declined to pay a ransom, Ireland’s Munster Technological University has had the personal details of some of its staff and students posted online.

3 Alarming Threats To The U.S. Energy Grid – Cyber, Physical, And Existential Events (Forbes) The aging U.S. Energy Grid infrastructure is extremely vulnerable to cyber-attacks, physical incidents, and existential threats.

Spoiler: It's not the IRS calling (Security Boulevard) Have you ever gotten a call from the IRS? If you have, then you might be one of the thousands of people losing millions of dollars every year to IRS scam calls. These fraudulent calls, which claim to be from the Internal Revenue Service (IRS), are typically made by scammers who are trying to steal money or personal information from taxpayers.

SAS hit by serious cyber attack (Copenhagen Post) Hacking incident led to a serious GDPR leak relating to passenger information being accessible to others.

Scandinavian Airlines Hit by Cyber Attack (Skift) SAS said it was hit by a cyber attack Tuesday evening and earlier had urged customers to refrain from using its app.

City of Hilliard investigating following phishing incident (WSYX) A phishing incident in December cost the city of Hilliard over $218 thousand, and now the city is investigating to bring those responsible to justice.

Security Patches, Mitigations, and Software Updates

Hyundai, Kia patch bug allowing car thefts with a USB cable (BleepingComputer) Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an easy hack that makes it possible to steal them.

Hyundai and Kia Launch Service Campaign to Prevent Theft of Millions of Vehicles Targeted by Social Media Challenge (NHTSA) Approximately 3.8 million Hyundais and 4.5 million Kias involved

Dozens of Vulnerabilities Patched in Intel Products (SecurityWeek) Intel has released patches for multiple critical- and high-severity vulnerabilities across its product portfolio.

ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric (SecurityWeek) Siemens and Schneider Electric address 100 vulnerabilities across their products with their February 2023 Patch Tuesday advisories.

Trends

SynSaber Report Brings More Context to ICS Security (Security Boulevard) An analysis of three years of vulnerabilities found in industrial control systems (ICS) published by SynSaber, a provider of an ICS monitoring platform,

If you bought an iPhone after 2017, update it now, CISA says (The Record from Recorded Future News) CISA added four critical issues affecting Apple and Microsoft products to its list of known exploited vulnerabilities list this week.

New Security Trends Report Highlights Top Security Challenges and Priorities for Global Organizations (Arctic Wolf) Majority of businesses surveyed plan to increase cybersecurity spending despite economic uncertainty EDEN PRAIRIE, MN – February 16, 2022 – Arctic Wolf®, a global leader in security operations, today published findings from its State of Cybersecurity: 2023 Trends Report based on a survey the company commissioned of over 700 senior IT and cybersecurity decision-makers from over a dozen ... New Security Trends Report Highlights Top Security Challenges and Priorities for Global Organizations

PWC highlights 11 ChatGPT and generative AI security trends to watch in 2023 (VentureBeat) PWC analysts highlight 11 ChatGPT and generative AI security trends that organizations should watch out for in 2023.

Cybercriminals Increase Recruiting Tech and IT Pros Across the Darknet (Dice Insights) Like any good enterprise, successful cybercrime operations require recruiting and retaining top tech talent. A Kaspersky analysis finds underground darknet groups are offering salaries, bonuses and other perks in a search for tech pros with specific skills. Here’s what is behind the recent spike in cybercrime recruiting.

Marketplace

Smaller Companies Facing Cybersecurity Insurance Headwinds: Equifax Executive (Broadband Breakfast) Cost of insurance for cybersecurity could be a problem for smaller companies.

The hottest cybersecurity startups to watch in 2023, according to VCs (Fortune) Keep your eye on these cybersecurity startups in 2023.

ReliaQuest Completes Strategic Transition to Partner-First Channel Model to Empower Customers and Partner Network (GlobeNewswire News Room) ReliaQuest, a force multiplier of security operations, announced today that the company will be moving to...

Cerberus Sentinel Announces Termination of Public Offering of Common Stock (GlobeNewswire News Room) Cerberus Cyber Sentinel Corporation (“Cerberus Sentinel” or the “Company”)...

NSA again chooses CACI for $2.4B award and protestors return (Washington Technology) The National Security Agency has now twice chosen CACI International for the network analysis contract and is now facing a second round of protests.

The cyber security business is very strong, says Akamai CEO Tom Leighton (CNBC) Tom Leighton, Akamai CEO, joins 'TechCheck' to discuss his thoughts on the company after shares plunge despite beating earnings estimates in the fourth quarter.

How cyber athletes are gaming the job market (MasterCard) As cyberattacks continue to rise, cybersecurity competitions are drawing fresh talent — and many gamers — to shore up a field with a huge workforce gap.

'CyberArk hired 150 employees last quarter" (Globes) Set to step down as CEO after 18 years, Udi Mokady tells "Globes" how CyberArk has continued to grow despite the tech crisis.

DigitalOcean axes about 11 percent of workforce (Register) The layoffs will continue until morale improves

Versasec Joins Microsoft Intelligent Security Association (PRWeb) STOCKHOLM (PRWEB) February 15, 2023 Versasec, a global leader in credential management, is proud to announce its membership in the Microsoft Intelligent Security Association (MISA), a global ecos

Salt Security Appoints Gilad Gruber as Senior Vice President of Engineering (PR Newswire) Salt Security, the leading API security company, today announced the addition of Gilad Gruber to the Salt executive team as senior vice...

NSA Veteran Lori Weatherwax Joins LexisNexis Special Services; Haywood Talcove Quoted (GovCon Wire) Looking for the latest GovCon News? Check out our story: NSA Veteran Lori Weatherwax Joins LexisNexis Special Services. Click to read more!

Products, Services, and Solutions

ESET Launches Threat Intelligence Services - Delivering In-Depth Reports to Organizations and Governments (PR Newswire) ESET, a global leader in digital security, today announced the availability of its threat intelligence services, designed to extend an...

Building a better, more useful 1Password (1Password Blog) Learn about the latest improvements coming to 1Password 8 for iOS, Android, Mac, Windows, and Linux.

Dynatrace Platform to Power Boundless Observability and Security Analytics (Business Wire) Expands Grail data lakehouse to additional data types with graph-based multicloud topology and dependencies, and unveils new user experience to simplify custom analytics for nearly infinite BizDevSecOps use cases

Dynatrace Launches AutomationEngine to Drive Intelligent Cloud Automation (Business Wire) Answer-driven automation across the broad spectrum of BizDevSecOps workflows enables organizations to tame cloud complexity, act faster, and do more with fewer resources

Dynatrace Launches AppEngine to Enable Teams to Build Custom Apps that Unlock Insights and Drive Automation from Cloud Observability, Security, and Business Data (Business Wire) Empowers teams across organizations to collaborate, create, and share causal AI-driven solutions for any BizDevSecOps use case

WatchGuard Launches New Line of Firewall Products to Enhance Unified Security for Remote and Distributed Businesses (RealWire) Powered by WatchGuard’s Unified Security Platform® architecture, new Fireboxes deliver enhanced performance and added security capabilities that MSPs and IT admins can easily manage in WatchGuard Cloud SEATTLE – February 16, 2023 – WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the release of its new Firebox T25/T25-W, T45/T45-POE/T45-W-POE, and T85-POE tabletop firewall appliances

Radware Introduces Industry-Leading Lineup of High-Capacity Attack Mitigation Platforms (GlobeNewswire News Room) Combines two- to three-fold performance increases and state-of-the-art DDoS protection with an innovative security operations management solution...

BAE Systems partners with Home Office to help identify national security risks at the UK border (BAE Systems | International) BAE Systems Digital Intelligence is partnering with the Home Office to develop data analysis technology that will help protect the UK’s border and simplify processes for traders and travellers in a three-year £38m contract.

Proofpoint Unveils New Simplified Partner Program to Accelerate Channel Growth (GlobeNewswire News Room) Proofpoint Element Partner Program strengthens resellers’ position and market opportunity with enhanced sales and marketing development resources,...

ProofPoint and Gatewatcher ramp up partner programmes (Microscope) Cyber security players are looking for growth with channel offerings that increase support and incentives.

ReliaQuest goes all-in on channel (Microscope) Cyber security player shares 100% partner commitment at a time that Searchlight Cyber reveals there are emerging opportunities for MSSPs around the dark web

Cleerly partners with ClearDATA to keep patient health data secure (VatorNews) Cleerly uses AI to identify the features of plaques that may cause heart attacks

Cisco unveils new cloud security solutions (SC Media) The recent Cisco Live 2023 Amsterdam event saw the security firm unveiling a new lineup of cloud security tools and features, according to CRN.

Technologies, Techniques, and Standards

CISA strategist: What is an SBOM and why it matters to compliance (Compliance Week) Cyberattacks on software are increasing, and the best chance organizations have of protecting themselves is to know about potential vulnerabilities through a software bill of materials, CISA Strategist Allan Friedman shared at CW's virtual Cyber Risk & Data Privacy Summit.

My Password Manager was Hacked! How to Prevent a Catastrophe (BleepingComputer) A recent password manager breach sent a shockwave through the security community. No service is perfect, and that goes for password managers, so what can you do to protect yourself?

Keeper Security Issues Top 5 Cybersecurity Tips for the 2023 Tax Season (PR Newswire) With the 2023 tax season upon us, individuals and businesses are reminded to stay vigilant to protect their personal and financial information...

Keeper Security Survey Finds Most Privileged Access Management Solutions are too Complex, With 68% of Organizations Paying for Wasted Features (PR Newswire) Keeper Security, the leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and...

Traditional PAM solutions aren’t working, Keeper Security study finds (IT Security Guru) Keeper Security, the provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, has released fi

Are C-Suite Executives Fluent in IT Security Speak? Five Reasons Why the Communication Gap is Wider Than You Think (MSSP Alert) C-suite executives sometimes struggle to understand IT security speak, according to new study by security provider Kaspersky.

Design and Innovation

From Bing to Sydney (Stratechery by Ben Thompson) More on Bing, particularly the Sydney personality undergirding it: interacting with Sydney has made me completely rethink what conversational AI is important for.

A Conversation With Bing’s Chatbot Left Me Deeply Unsettled (New York Times) A very strange conversation with the chatbot built into Microsoft’s search engine led to it declaring its love for me.

Microsoft’s new ChatGPT AI starts sending ‘unhinged’ messages to people (The Independent) System appears to be suffering a breakdown as it ponders why it has to exist at all

What Is ChatGPT Doing … and Why Does It Work? (Stephan Wolfram | Writings) Stephen Wolfram explores the broader picture of what's going on inside ChatGPT and why it produces meaningful text. Discusses models, training neural nets, embeddings, tokens, transformers, language syntax.

ChatGPT is not capable of creating malware automatically: David Fairman, Netskope (DATAQUEST) ChatGPT was able to create, review, improve and explain code, but it will not create novel, functional malware automatically

ChatGPT hints at potential for artificial intelligence in government (Federal Times) Agency leaders must clear up the common misconception that AI/ML infrastructure, data governance and efficiency must be perfectly aligned to get started.

Academia

JCSD and Lincoln University cybersecurity partnership taking shape (KOMU 8) Last October, Lincoln University reached a partnership with the Jefferson City School District to bring Project REACH to its schools.

Florida Tech L3Harris Institute Cybersecurity Team Wins Saint Leo Capture the Flag Tournament (Space Coast Daily) The L3Harris Institute for Assured Information FITSEC competitive cybersecurity team won the Saint Leo Capture the Flag cybersecurity tournament on Feb. 11. The victory brought a $3,500 cash prize.

Legislation, Policy, and Regulation

Govt spending billions on cybersecurity solutions to protect critical infrastructure (BizzBuzz) For cybersecurity firms, the period of hyper-growth may be over, but growth will continue as organisations see cybersecurity as an area of critical investment

DoD CIO Issues DoD Manual 8140 (U.S. Department of Defense) The Department of Defense Chief Information Officer, Honorable John Sherman, issued DoD Manual 8140.03 Cyberspace Workforce Qualification & Management Program, the third issuance of the DoD 8140

A new Navy ‘cyber’ rating is in the works (Navy Times) The new rating will replace cryptologic technician networks and it's name will include "cyber." Expect more details later this year.

Nebraska bill would ban access to USF funds for cell providers with Huawei equipment | Nebraska Examiner (Nebraska Examiner) Nebraska bill would ban the Universal Service Fund from distributing customer fees to wireless companies that use Huawei or ZTE equipment.

Litigation, Investigation, and Law Enforcement

Significant gaps found in DoD's management of mobile devices (SC Media) The U.S. Department of Defense Office of the Inspector General has discovered significant lapses in the Defense Department's management of mobile devices issued to its employees, reports The Register.

S.B.F.’s Unsolved Dark-Money Mysteries (Puck) A Taldmudic reading of exclusively obtained FTX filings suggests the next steps in this unfolding drama: finding out what Gabe Bankman-Fried knew about Salame’s dark money machine, S.B.F.’s ties to David McCormick, and more.

Revolut poised for Treasury crackdown on unregulated crypto trades (The Telegraph) Banking app’s ‘staking’ service could face new controls from City watchdog

First on CNN: FBI searched University of Delaware for Biden documents, source says (CNN) The FBI has conducted two searches at the University of Delaware in connection with the investigation into President Joe Biden's handling of classified documents, a source familiar with the investigation told CNN.

France probes Thales subsidiary over past ID deals in Africa | Biometric Update (Biometric Update |) The investigations were set off in 2021 following a report by Tracfin, an intelligence service under the French Ministry of the Economy and Finance.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Identity Management Day 2023 Virtual Conference (Virtual, Apr 11, 2023) Identity Management Day, started in 2021 and hosted by the Identity Defined Security Alliance and National Cybersecurity Alliance, aims to inform about the dangers of casually or improperly managing and securing digital identities by raising awareness and sharing best practices across the industry. In its second year, the 2023 Virtual Conference brings together identity and security leaders and practitioners from all over the world to learn and engage. The conference is presented virtually with a full day of sessions featuring leading identity and security experts discussing the role of identity in cybersecurity strategies and how to address the threats facing organizations today. Registration is free! The conference will be open April 11th 9am ET to 4:30pm ET, giving attendees an opportunity to visit with our exhibitors. The Virtual Conference kicks off at 10am ET.

CyberLEO (Los Angeles, California, USA, May 10 - 12, 2023) Our mission is to bring you discussions, updates, briefings, and lessons learned stemming from real-world experiences that will make a positive impact on your cybersecurity strategy. That’s why we work closely with our Advisory Board to build a program that you can feel confident in. With multiple constellations being launched, we could see tens of thousands of satellites entering LEO. CyberLEO will become the epicenter of discussion surrounding security issues in a LEO world.

3rd Annual Cyber Senate Rail Cybersecurity USA Conference (Chicago, Illinois, USA, May 23 - 24, 2023) The 3rd annual Cyber Senate Rail Cybersecurity USA conference will address the railways “Detect, Respond and Recover,” initiatives, highlight the growing dependence of the “Internet of Rail,” our inherent vulnerabilities created in the design of these “system of systems” and how the sector can mitigate risk and respond appropriately. Attendees will hear insight on how manufacturers are securing rolling stock by design (locomotives and freight), TSA Security Directive 1580/82-2022-01, the challenges of IoT proliferation, predictive maintenance and the maturing of endpoint detection. Furthermore, we will dig deeper into areas such as cloud monitoring, identifying critical assets and managing blindspots, the convergence of IT and OT, remote access security, potential impacts on safety, governance, supply chain, ransomware and how we can operationalise data to mitigate threats and enhance organisational efficiency.

CYBERJUTSU CON 4.0 and the 10th Annual Cyberjutsu Awards (TBD, Jun 24, 2023) Join us on June 24th as we learn, grow, and build together. Cyberjutsu Con will consist of Hands-on Workshops, Capture The Flag (CTF) Competitions, Professional Headshots, Recruiting Opportunities, Celebration, and more. Participants will walk away with hands-on knowledge that can be applied immediately on the job.

2023 RH-ISAC Cyber Intelligence Summit (Dallas, Texas, USA, Oct 2 - 4, 2023) The RH-ISAC is proud to bring you the 2023 RH-ISAC Cyber Intelligence Summit this October 2-4, 2023. This will be our second year at the Hilton Dallas/Plano Granite Park in Plano, Texas. Join us for a Welcome Reception on October 2, followed by a two-day conference on October 3-4 that brings together top cybersecurity leaders and teams representing the most prominent organizations in retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies. Called the “Crown jewel of RH-ISAC offerings,” the annual event brings together members from the strategic, operational, and tactical levels to participate in interactive, practitioner-led case studies showcasing what works – and sometimes what does not work – in addressing the threats and challenges of the retail and hospitality industries. The RH-ISAC Summit features an RH-ISAC member-driven agenda including sessions delivered by prominent thought leaders, and experts from the provider community. This event inlcludes collaborative workshops, cybersecurity exercises, and exceptional networking opportunities. This is the “can’t miss” event for cybersecurity professionals from the retail and hospitality industries. We look forward to seeing you in October 2023.

Events

Mandatory Cyber Incident Reporting Requirements are Good for Business (Virtual, Feb 16, 2023) How can we implement a mandatory cyber incident reporting in a way that benefits business and government alike? Join Cyber Threat Alliance Chief President and CEO Michael Daniel Rapid7 Senior Vice President and Chief Scientist Raj Samani, Scitum Head of SCILabs Imelda Flores and Sophos Chief Technology and Product Officer Joe Levy as they discuss how mandatory cyber incident reporting aid governments and cybersecurity providers in generating better warnings to companies to lessen the burden cybercrime is placing on the economy, ultimately benefiting the business community.

Cyversity Engage - Breaking Into Cybersecurity Community Talk (Reston, Virginia, USA, Feb 17, 2023) Our community leaders will share with you what it takes women and minorities to break into the cybersecurity field, will address career questions related to required skills and certifications necessary to lead a thriving cyber profession, we will go over important leadership and communication skills required to help you successfully progress in your cyber careers, and lastly we will demystify typical requirements for security clearances in our profession and provide you with an overview of the different types of security clearances and their impact on your job searches.

3rd Annual Nunn School Symposium: Lessons from Russia’s War in Ukraine for the West (Atlanta, Georgia, USA, Feb 28, 2023) This half-day program explores what lessons the West should draw a year after Russia’s invasion of Ukraine. It will consider both what can be learned about warfighting and about the broader role of statecraft. While what has happened and what might happen are clearly relevant, the focus will be on what lessons can be drawn from what has happened thus far.

SecureWorld Charlotte (Charlotte, North Carolina, USA, Mar 2, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Mar 13 - 17, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.