Dateline Moscow and Kyiv: The brotherhood myth.
Ukraine at D+358: Heavy bombardment, but an aspirational offensive. (CyberWire) A major Russian offensive might be more aspirational than imminent.
Russia-Ukraine war: List of key events, day 359 (Al Jazeera) As the Russia-Ukraine war enters its 359th day, we take a look at the main developments.
Missiles hammer Ukraine as Russia eyes Bakhmut's capture by April (Reuters) Russia rained missiles across Ukraine on Thursday and struck its largest oil refinery, Kyiv said, while the head of the Wagner mercenary group predicted the long-besieged city of Bakhmut would take weeks if not months to fall.
Ukraine-Russia war latest: Rockets pound Bakmut as world leaders gather in Munich (The Telegraph) Olaf Scholz yesterday urged everyone who can send tanks to Ukraine to "really do so now".
New Russian offensive in eastern Ukraine 'more aspirational than realistic,' say Western officials (CNN) As Russia begins a new offensive in eastern Ukraine, the US and its allies are skeptical Moscow has amassed the manpower and resources to make significant gains, US, UK and Ukrainian officials tell CNN. "It's likely more aspirational than realistic," said a senior US military official.
Zelenskiy to open Munich summit amid fears of new Russian offensive (the Guardian) Security conference seen as a key test of west’s resolve to fight out a prolonged, expensive war
Harris headlines summit as world braces for fighting surge in Ukraine (Washington Post) The vice president will express continuing U.S. support for Kyiv, despite fears that support could flag in the coming months
Lukashenko blames Ukraine for war, warns Belarus will join fight if attacked (Washington Post) The authoritarian Belarusian leader, Alexander Lukashenko, on Thursday blamed Ukraine for provoking Russia’s full-scale invasion last year, and he insisted that Belarus was “a peaceful nation” despite allowing its territory to be used as a staging ground for the war.
Axis of Convenience (Foreign Affairs) Why Iran’s partnership with Russia endures.
Wagner mercenary head bemoans Russia’s ‘monstrous military bureaucracy’ (The Telegraph) Yevgeny Prigozhin criticises Moscow as he warns it could take months to capture embattled Ukrainian city of Bakhmut
Putin’s invasion shatters the myth of Russian-Ukrainian brotherhood (Atlantic Council) Vladimir Putin's genocidal invasion of Ukraine has shattered the myth of Russian-Ukrainian brotherhood and represents the point of no return in the relationship between the post-Soviet neighbors, writes Taras Kuzio.
Kyiv and Moscow Are Fighting Two Different Wars (Foreign Affairs) What the war in Ukraine has revealed about contemporary conflict.
Ukraine war: Zelensky rules out territory deal with Putin in BBC interview (BBC News) Ukraine's leader speaks to John Simpson before the anniversary of Russia's invasion on 24 February.
Antony Blinken 'warns Ukraine' against retaking Crimea (The Telegraph) US secretary of state fears that efforts to reclaim the annexed peninsula would be a red line for Vladimir Putin
'Hope Faded With Each Day': How Dozens Of Ukrainian Orphans Endured Months Of Russian Occupation (RadioFreeEurope/RadioLiberty) The director of an orphanage in Ukraine's southern Kherson region tells RFE/RL how he kept the dozens of children in his care from being deported to Russia through nearly nine months of Russian occupation.
Russia’s Brain Drain Is Helping Putin (World Politics Review) After Russia invaded Ukraine, hundreds of thousands of Russians emigrated, creating a brain drain with important implications for Putin.
The Kremlin’s Grand Delusions (Foreign Affairs) What the war in Ukraine has revealed about Putin’s regime.
US Army orders more 155mm artillery rounds (Defense Blog) The U.S. Department of Defense said Thursday that General Dynamics-Ordnance & Tactical Systems and American Ordnance would compete for $993 million worth of orders to produce 155mm artillery munitions.
Opinion U.S. defense spending will have to go up. The Ukraine war shows why. (Washington Post) Last February, the world witnessed a massive Russian military convoy driving down the road toward Kyiv.
Austin Assures Baltic States of U.S. Commitment (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III visited Estonia and re-emphasized that the United States is totally dedicated to the defense of the Baltic republics.
German airport websites hit by suspected cyber attack (Reuters) The websites of seven German airports were hit by a suspected cyber attack on Thursday, the ADV airport association said, a day after a major IT failure at Lufthansa left thousands of passengers stranded.
German airport websites down in possible hacker attack (Deutsche Welle) Experts are investigating after several German airports reported website failures. The disruption has been attributed to a possible hacking attack.
The Cyber Defense Assistance Imperative – Lessons from Ukraine (Aspen Institute) Russia’s further invasion of Ukraine in February 2022 was a watershed moment, and unique in that a major nation-state had engaged in coordinated, convergent digital and physical attacks in an effort to conquer a neighboring country.
Russia’s cyber spooks hit hard wall of Ukrainian resilience (The Washington Times) Confounding pre-war predictions, Russia’s cyber offensive against Ukraine has proven unprepared, uncoordinated and unable to overcome a well-prepared, flexible series of Ukrainian defenses that have relied on experience and expertise.
Cyber companies' aid to Ukraine is vital, report says, but the efforts also have limitations (The Record from Recorded Future News) The Aspen Institute suggests ways that Western companies' cybersecurity aid to Ukraine could start to move away from the "ad hoc" phase.
Russia’s cyber spooks hit hard wall of Ukrainian resilience (The Washington Times) Confounding pre-war predictions, Russia’s cyber offensive against Ukraine has proven unprepared, uncoordinated and unable to overcome a well-prepared, flexible series of Ukrainian defenses that have relied on experience and expertise.
Rebuilding Ukraine: Private sector role can help counter corruption concerns (Atlantic Council) Recent corruption allegations have shaken international confidence in the Ukrainian authorities but Ukraine's vibrant private sector benefits from broadly positive perceptions and should play a leading role in rebuilding efforts.
Russians perform ice-bucket challenge in support of 'heroes' on the front line (The Telegraph) Men and women dressed in bathing suits gathered in the main square of Blagoveshchensk to undergo the freezing challenge
Top Putin official involved in funding Ukraine war dies in apparent suicide (The Telegraph) Marina Yankina is the latest high-ranking figure to die in suspicious circumstances in Russia
Russian general takes his own life after being sacked by Vladimir Putin (The Telegraph) Maj Gen Vladimir Makarov’s body found by his wife just weeks after he was fired by the Russian president in late January
Watch: British embassy spy David Smith jailed as judge rejects his 'self-pity' (The Telegraph) Smith was motivated by his support for Russian president Vladimir Putin and hatred of the UK when he began collecting classified documents
Suspected German double agent ‘tried to give Russia coordinates of Himars rocket launchers’ (The Telegraph) Carsten Linke is accused of treason after prosecutors claim he is the source of a leak of top secret intelligence to Moscow
In wake of Ukraine war, U.S. and allies are hunting down Russian spies (Washington Post) Officials caution that Russia retains significant capabilities despite exposure of multiple operatives in Europe
Attacks, Threats, and Vulnerabilities
Exclusive: FBI says it has 'contained' cyber incident on bureau's computer network (CNN) The FBI has been investigating and working to contain a malicious cyber incident on part of its computer network in recent days, according to people briefed on the matter.
FBI is investigating a cybersecurity incident on its network (BleepingComputer) The U.S. Federal Bureau of Investigation (FBI) is reportedly investigating malicious cyber activity on the agency's network.
Ruto ally says Telegram account was hacked before Kenyan election (the Guardian) Strategist says he noticed ‘increased activity’, after revelations about activities of a disinformation unit
These aren’t the apps you’re looking for: fake installers targeting Southeast and East Asia (WeLiveSecurity) ESET researchers identify a campaign that abuses Google search ads to deliver malware to the devices of people searching for popular software.
Hackers target Chinese language speakers with FatalRAT malware (The Record from Recorded Future News) Chinese-speaking users are being targeted with FatalRAT malware, spread via fake websites of popular apps, new research has found.
WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks (SentinelOne) A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.
Espionage malware targeted telecoms in Middle East using Microsoft, Google, Dropbox tools (The Record from Recorded Future News) An espionage campaign targeting telecoms across the Middle East used a range of popular tools from Microsoft, Google and Dropbox.
Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor (Symantec, by Broadcom Software) Malware injects malicious code into Failed Request Event Buffering module in order to monitor HTTP requests from attacker.
Hackers backdoor Microsoft IIS servers with new Frebniis malware (BleepingComputer) Hackers are deploying a new malware named 'Frebniss' on Microsoft's Internet Information Services (IIS) that stealthily executes commands sent via web requests.
ProxyShellMiner Campaign Creating Dangerous Backdoors (Morphisec) A new ProxyShellMiner campaign is compromising a range of Windows endpoints, leaving them vulnerable not just to crypto mining, but ransomware too.
Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack (BleepingComputer) A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers.
Alert: Threat actors are using fake Emsisoft code-signing certificates to disguise their attacks (Emsisoft | Cybersecurity Blog) Emsisoft detected an attack where a fake certificate was used to obfuscate an attack against a customer, revealing the need for organizations to be extremely vigilant about allowing applications.
New Mirai botnet variant has been very busy, researchers say (The Record from Recorded Future News) Researchers have discovered a new variant of the infamous Mirai malware that compromises smart devices and adds them to a botnet. Called V3G4, the variant exploits 13 known vulnerabilities, according to research by Palo Alto Networks’ Unit 42. Mirai typically allows for full control of devices, adding them to its network of remotely controlled bots […]
Mirai V3G4 botnet exploits 13 flaws to target IoT devices (Security Affairs) During the second half of 2022, a variant of the Mirai bot, tracked as V3G4, targeted IoT devices by exploiting tens of flaws. Palo Alto Networks Unit 42 researchers reported that a Mirai variant called V3G4 was attempting to exploit several flaws to infect IoT devices from July to December 2022. Below is the list […]
No Surprise! ESXiArgs Ransomware Attacks Exploit 2-Year-Old Vulnerability (Deep Instinct) Targeting VMware ESXi is not new; previous ransomware attacks such as Babuk, AvosLocker, BlackCat, Hive, and others have targeted it as well. The uniqueness of ESXiArgs is that it’s only targeting ESXi and it’s exploiting a two-year-old vulnerability resulting in remote code execution (RCE).
The anatomy of vendor email compromise (Cloudflare) Slow play attacks with a big payout
Attacks with novel Havoc post-exploitation framework identified (SC Media) Novel open-source command-and-control framework Havoc has been gaining traction among threat actors, with more attackers using the post-exploitation framework in place of Cobalt Strike and Brute Ratel, according to BleepingComputer.
Malware authors leverage more attack techniques that enable lateral movement (CSO Online) Malware authors and cybercriminal groups are making sophisticated techniques practical for threat actors to use more widely, changing threat models.
Spyware, fake news and more feature in investigation of reputation management firm (Washington Post) The Post and its media partners uncover depths of deceptive tactics at Spanish firm
A reputation-management company promises it can secretly remake anyone’s online image. But how do they do it? (Washington Post) Those stories, published on the network of fake news sites, are designed to show up prominently in internet searches of the clients’ names, the review found.
Third-Party Data Breach Corrupts Medical Records at NH Hospital (Health IT Security) The third-party data breach impacted patient information entered into the practice’s EHR system between April and December, corrupting the data and rendering it inaccessible.
More victims of fake crypto investor scam come to light (Register) UK-based Coin Publishers were conned out of $206,000 after meeting in a Barcelona hotel
Atlassian says recent data leak stems from third-party vendor hack (BleepingComputer) Atlassian has confirmed that a breach at a third-party vendor caused a recent leak of company data and that their network and customer information is secure.
Atlassian says employee, company info stolen from third-party app (The Record from Recorded Future News) Atlassian confirmed that data related to the company was stolen from Envoy, a third-party software supplier.
CommonSpirit Health Reports $150 Million Loss Due to Ransomware Attack (HIPAA Journal) The October 2022 ransomware attack on CommonSpirit Health, which caused a month-long outage, has cost the health system more than $150 million to date, according to its recent quarterly filing.
Lancashire County Council has had a data breach (LancsLive) Information has been made visible to internal users 'if someone would want to find it'
Burton Snowboards cancels online orders after 'cyber incident' (BleepingComputer) Burton Snowboards, a leading snowboard manufacturing company, has canceled all online orders today following what it describes as a "cyber incident."
Indigo website still offline one week after cybersecurity incident (Financial Post) Indigo Books & Music Inc.'s e-commerce website remains down a week after the company said it experienced a "cybersecurity incident." Read on.
Hacker Uncovers How to Turn Traffic Lights Green With Flipper Zero (The Drive) A DIY hacker equipped with a Flipper Zero and old security camera managed to build a Mobile Infrared Trasmitter to bypass red lights.
CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
Security Patches, Mitigations, and Software Updates
Google security certificate log change broke Android apps (Register) Devs missed warnings plus tons of code relies again on lone open source maintainer
Cisco Releases Security Advisories for Multiple Products (CISA) Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following advisories and apply the necessary updates.
Siemens Solid Edge (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens SCALANCE X200 IRT (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens Brownfield Connectivity Client (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens Brownfield Connectivity Gateway (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens SiPass integrated AC5102 / ACC-G2 and ACC-AP (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens Simcenter Femap before V2023.1 (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens TIA Project-Server formerly known as TIA Multiuser Server (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens RUGGEDCOM APE1808 (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens SIMATIC Industrial Products (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens COMOS (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens Mendix (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Siemens JT Open, JT Utilities, and Parasolid (CISA) As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). 1.
Sub-IoT DASH 7 Alliance Protocol stack implementation (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sub-IoT project Equipment: DASH 7 Alliance Protocol stack implementation Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to create an out-of-bounds write condition.
Delta Electronics DIAEnergie (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Cross-site Scripting, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to inject arbitrary code to retrieve and modify database contents and execute system commands.
BD Alaris Infusion Central (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris Infusion Central Vulnerability: Credentials Management Errors 2.
Trends
Return of the Hacktivists: Financial services industry under DDoS fire (SecurityBrief Australia) DDoS can serve as a cover for other, potentially more damaging cyber activities such as infiltration and exfiltration of data and malware installation.
2022 Cloud (In)Security Report (Zscaler) Discover the latest insights and risks revealed by ThreatLabz on the current state of cloud security and learn how to reduce your risk.
Ransomware actors increasingly weaponizing old vulnerabilities (TechTarget Security) Research from Cyber Security Works, Cyware, Ivanti and Securin highlights the dangers of old vulnerabilities being exploited by ransomware actors.
Cyber-physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months (PR Newswire) Cyber-physical system vulnerabilities disclosed in the second half (2H) of 2022 have declined by 14% since hitting a peak during 2H 2021, while...
GRIT Ransomware Report: January 2023 (Guidepoint Security) January kicked off 2023 with a slowdown in victim posting rates across ransomware groups. Overall, January saw a 41% decrease compared to December 2022 and a 12.9% decrease in victims compared to January of last year.
Race to the Top: New Study Reveals Majority of Business Leaders Looking to App Modernization in 2023 to Drive Transformation Efforts (Business Wire) Insight-commissioned survey documents the current state of digital-first initiatives.
Marketplace
CommandK raises $3m to become the command center for enterprise security (News Direct) CommandK is helping engineering teams gain more control over their secrets, enabling developers to build secure apps quickly with zero change management.
SecurityBridge Achieves 100 Percent 2022 YOY Growth in License Revenue And Expands Its Groundbreaking SAP Cyber Security Solution As The Company Targets The U.S. Market (Yahoo) Throughout 2022, SecurityBridge continued to advance that state of SAP security by introducing its One-Click Patch Management, which provides instant insight into missing SAP security patches, streamlining the process of identifying and applying applicable patches. The company also launched a new Security Roadmap, simplifying the journey to SAP security by grouping all required software fixes. In addition, SecurityBridge enhanced the Security & Compliance Manager with multi-baseline support, ena
OTORIO Inducted Into World Economic Forum Global Innovators Community (OTORIO) OTORIO joins the prestigious World Economic Forum (WEF) Global Innovators Community contributing ideas to address long-term global security concerns.
DocuSign to lay off 10% of its workforce, or about 700 employees (CNBC) E-signature software company DocuSign on Thursday announced plans to cut around 10% of its workforce.
Entara Recognized on CRN's 2023 MSP 500 List in the Security 100 Category (GlobeNewswire News Room) Entara Named by CRN to Managed Service Provider (MSP) 500 List in the Security 100 Category for Second Time...
High Wire Networks Onshores Cybersecurity Operation Centers As Customer Growth Tops 430% to 1,000 Businesses Worldwide (GlobeNewswire News Room) High Wire Networks, Inc. (OTCQB: HWNI), a leading global provider of managed cybersecurity and IT...
MVP Vibe Fest Bridges Gap Between Athletics and Cybersecurity (Dark Reading) Top athletes compete both on and off the track in a mix of track and field events and cyber games.
QinetiQ forms new Australia unit, names CEO (Sharecast) Defence technology company QinetiQ said it had formed a new Australia Sector and named Gary Stewart as its chief executive.
Acalvio Announces Federal Advisory Board and Appoints Former Vice Chairman of the Joint Chiefs of Staff Admiral James “Sandy” Winnefeld, as Its Chair (Business Wire) Acalvio Technologies, the leader in cyber deception technology, today announced its Federal Advisory Board, which will be comprised of government and industry leaders and experts dedicated to advising Acalvio on meeting federal government needs as well as providing informed perspectives on pertinent defense and security issues.
Dr. Cindy Vestergaard is RKVST’s new vice president special projects and external relations (Business Wire) Nuclear sector and global security blockchain expert joins leader in trustworthy digital archives and supply chain integrity, transparency and trust
QuSecure Expands its Board of Directors as Quantum Market Rapidly Accelerates (Business Wire) Current Intelsat Board Chair and Former Senior Executive at IBM, Salesforce, Visa and Hewlett Packard Lisa Hammitt Joins QuSecure’s Board of Directors
Kaspersky appoints Rashed Al Momani as the General Manager for the Middle East (ITP.net) Operations in Saudi Arabia and Bahrain will be led by Mohamad Hashem as the newly appointed General Manager for the two countries.
McLean's Cycurion names Kevin Kelly CEO ahead of SPAC merger (Washington Business Journal) Cycurion Inc., a McLean cybersecurity solutions firm set to go public via a SPAC merger this year, has appointed a new CEO to guide it through its next phase of growth.
Products, Services, and Solutions
New infosec products of the week: February 17, 2023 (Help Net Security) The featured infosec products this week are from: CyberSaint, DigiCert, Finite State, FireMon, and Veeam Software.
Dynatrace and Snyk Unify Security Insights Across the Entire Software Lifecycle (Business Wire) “DevSecOps Lifecycle Coverage with Snyk” app, developed with the new Dynatrace AppEngine, will enable teams to mitigate security risks across pre-production and production environments, including runtime vulnerability detection, blocking, and remediation
Nozomi Networks Expands Strategic Partnership with Mandiant to Deliver Advanced OT & IoT Threat Intelligence and Response (GlobeNewswire News Room) Nozomi Networks, the leader in OT and IoT security, today announced an expanded global strategic...
Appdome Strengthens Go-to-Market Leadership to Meet Accelerating Demand for Mobile Cyber Defense Automation (PR Newswire) Appdome, the mobile economy's one and only Cyber Defense Automation platform, today announced that it has expanded its global leadership team...
StarTree Receives SOC 2 Type II Certification, Demonstrating Best-in-Class Security, Integrity, and Privacy (GlobeNewswire News Room) SOC 2 Type II Certification marks a major milestone in the company’s security roadmap to accelerate vendor onboarding and support customer compliance....
Noetic Cyber Achieves SOC 2® Type II Compliance (GlobeNewswire News Room) Successful completion of recent controls audit demonstrates Noetic's commitment to customer security...
Code Intelligence Integrates with Jest to Enable Developers to Test JavaScript for Vulnerabilities (Code Intelligence) Developers who run unit tests in Jest can now test their JavaScript applications for bugs and security vulnerabilities, including remote code executions.
Versa Networks Earns Multiple Leadership Accolades in KuppingerCole’s SASE Leadership Compass Report for its Industry-Leading SASE Solution (Business Wire) Versa Unified SASE Ranked Highly Among Nine Other SASE Solutions Based on Overall Industry Leadership, Product Leadership and Completeness, Market Leadership, and Innovation Leadership
Indusface is the Only Vendor to be Recognized as Customers' Choice with 100% Customer Recommendation for 3 consecutive years (PR Newswire) Indusface, an application security SaaS company trusted by 5000+ customers globally, has been recognized as a Customers' Choice globally on the...
Orca Launches New Capabilities to Optimize Cloud Security and Cloud Spend from a Single Platform (Business Wire) Patented SideScanning™ Technology Automatically Identifies And Eliminates Cloud Waste For Organizations
Aryaka Invests in Bringing its Award-Winning Managed SD-WAN and SASE to More Markets and Industry Verticals (PR Newswire) Aryaka®, the leader in Unified SASE solutions, today announced that it is increasing investment in its Hyperscale Point-Of-Presence (POP)...
Radware Adds a New Weapon to its DDoS-Fighting Arsenal (Radware Blog) In 2022, Radware saw DDoS attacks grow by over 200% and the number of blocked events per customer nearly doubled each quarter. The precipitous growth in DDoS attacks is frightening.
OneSpan Strengthens Protection of Web3 with New Innovative Cloud Notarization Solution (Business Wire) Co-created with OneSpan notary customers, the new solution offers a convenient way to notarize documents digitally with the industry’s highest level of security
Microsoft shifts to a comprehensive SaaS security solution (Microsoft Security) Software as a service (SaaS) apps are ubiquitous, hybrid work is the new normal, and protecting them and the important data they store is a big challenge for organizations.
DISA Approves Riverbed's Network Analytics Tool Security Guide (ExecutiveBiz) Looking for the latest Government Contracting News? Check out our story: DISA Approves Riverbed's Network Analytics Tool Security Guide. Click to read the
Rebellion, a Cyber Simulation Developer, in Deal with Sofwerx to Strengthen, Scale Cyber Readiness (MSSP Alert) The Nova platform is Rebellion’s flagship cyber readiness product to accurately assess how cyber defenses perform against adversarial attacks.
The Instillery deepens its partnership with Zscaler (IT Brief New Zealand) The Instillery has achieved the 3-peat in partnership status as a Zscaler authorised services partner, Zscaler managed services partner and Zenith partner.
Introducing Drata’s Open API (Drata) A connected and automated risk and compliance ecosystem is now possible with Drata’s Open API. Keep reading to learn how.
Technologies, Techniques, and Standards
Cyber leaders applaud forthcoming updates to NIST cybersecurity framework (Federal News Network) NIST is updating its Cybersecurity Framework for the first time in five years, and there’s a new focus on “governance” and other emerging cyber issues.
Perception Isn't Always Reality: New Report from HFS Research and Syniti Makes the Case for More Effective Data Management (PR Newswire) New research conducted by HFS Research in conjunction with Syniti, a global leader in enterprise data management, shows that while data is a...
Dynatrace Delivers Real-Time Insights into the Carbon Footprint of Hybrid and Multicloud Ecosystems (Business Wire) “Carbon Impact” app demonstrates the boundless capabilities of the Dynatrace AppEngine and provides customers with precise answers about their cloud ecosystems’ carbon footprint and ways to reduce it
How Rust went from a side project to the world’s most-loved programming language (MIT Technology Review) For decades, coders wrote critical systems in C and C++. Now they turn to Rust.
Design and Innovation
Google asks employees to rewrite Bard's bad responses, says the A.I. 'learns best by example' (CNBC) As Google races to get its artificial intelligence search tool up to speed, it wants employees to flag incorrect answers and even to rewrite them.
The new Bing & Edge – Learning from our first week (Microsoft Bing Blogs) A little over a week ago, we shared an all new, AI-powered Bing search engine, Edge web browser, and integrated Chat, that we think of as Your Copilot for the Web. Since we made this available in limited preview, we have been testing with a select set of people in over 169 countries to get real-world feedback to learn, improve, and make this product what we know it can be &ndash…
Network Map NMAP Meets ChatGPT (Trustwave) We’ve now seen a number of different use cases for ChatGPT from marketing, sales, software development and others including from the security field. This platform continues to dominate most of the headlines and impress based on how it’s able to handle questions and topics from various backgrounds.
A brief overview of ChatGPT and the risks associated with it (Panda Security Mediacenter) ChatGPT already has more than 100 million users. Why is it such a big deal? Are there any security risks involved in using ChatGPT?
We’re Reliving the Start of the Smartphone Era, This Time with AI (The Information) Last week, both Microsoft and Google gave demos of their new artificial intelligence–powered search assistants. Microsoft’s Bing Chat sits inside its Bing search engine and Edge web browser, while Google’s Bard chatbot will do its thing on the same page where Google’s standard search results ...
ChatGPT is a robot con artist, and we’re suckers for trusting it (Business Insider) The new Google and Microsoft chatbots get stuff wrong and lie. So why do we fall for their shtick?
A Conversation With Bing’s Chatbot Left Me Deeply Unsettled (New York Times) A very strange conversation with the chatbot built into Microsoft’s search engine led to it declaring its love for me.
From Bing to Sydney (Stratechery by Ben Thompson) More on Bing, particularly the Sydney personality undergirding it: interacting with Sydney has made me completely rethink what conversational AI is important for.
Chatbots Got Big—and Their Ethical Red Flags Got Bigger (WIRED) Researchers have spent years warning that text-generation algorithms can spew bias and falsehoods. Tech giants are rushing them into products anyway.
The CEO of IBM says A.I. is going to replace ‘clerical white-collar work’ but it could be ‘a good thing’ for the looming population crisis (Fortune) IBM’s CEO says some ‘clerical white collar’ jobs could be replaced by A.I., but it might be necessary to avoid an even larger crisis.
Research and Development
10 things to know about how social media affects teens' brains (NPR) Eye-opening testimony from a top scientist offers a useful primer on the role social media may play in the teen mental health crisis.
Legislation, Policy, and Regulation
New legal framework for reporting IT vulnerabilities (Centre for Cyber security Belgium) 15 February 2023
Vulnerability reporting to the CCB (Centre for Cyber security Belgium) Every computer system or network may contain vulnerabilities.
Belgium launches nationwide safe harbor for ethical hackers (The Daily Swig) New legal protections for security researchers could be the strongest of any EU country
Political Declaration on Responsible Military Use of Artificial Intelligence and Autonomy (United States Department of State) An increasing number of States are developing military AI capabilities, which may include using AI to enable autonomous systems.1 Military use of AI can and should be ethical, responsible, and enhance international security. Use of AI in armed conflict must be in accord with applicable international humanitarian law, including its fundamental principles. Military use of […]
U.S. launches 'disruptive technology' strike force to target national security threats (Reuters) A top U.S. law enforcement official on Thursday unveiled a new "disruptive technology strike force" tasked with safeguarding American technology from foreign adversaries and other national security threats.
DOJ, Commerce Department strike force to fight technology threats from adversaries (The Hill) The Justice and Commerce departments launched a strike force on Thursday to oppose the threats posed by technology from adversaries like Russia and China. The Department of Justice (DOJ) said…
Justice Department to Increase Scrutiny of Technology Exports, Investments (Wall Street Journal) Deputy Attorney General Lisa Monaco said federal prosecutors will team up with Commerce Department agents to police technology exports that could pose a national security threat in the hands of foreign adversaries such as China and Russia.
Security experts warn of foreign cyber threat to 2024 voting (AP NEWS) Top state election and cybersecurity officials on Thursday warned about threats posed by Russia and other foreign adversaries ahead of the 2024 elections, noting that America's decentralized system of thousands of local voting jurisdictions creates a particular vulnerability.
Bipartisan bill would require that social networks have 'clear' content policies (Engadget) Senators have introduced a bill that would make social networks provide clearer content moderation policies..
Republicans take aim at risque jokes and romance novels with anti-sex bills (the Guardian) Bills are part of religious right’s post-Roe strategy, with most prevalent ones relating to age verification of sex-related websites
AT&T, Verizon, Lumen propose 'strike force' for Internet security (Light Reading) Three of the largest telecom network operators in the US – AT&T, Verizon and Lumen Technologies – teamed up to urge federal regulators to create a "strike force" that would focus on Internet protocol (IP) security.
Congressman LaHood appointed chair of subcommittee for National Security Agency and Cyber (Shaw Local) U.S. Rep. Darin LaHood, R-Peoria, whose 16th District includes La Salle, Livingston, Bureau and Putnam counties, was appointed chairman of the subcommittee for National Security Agency and Cyber.
Governors Collaborate to Speed Energy Infrastructure Construction (National Governors Association) National Governors Association (NGA) Vice Chair Utah Governor Spencer Cox and Louisiana Governor John Bel Edwards released the following statement on the formation of a bipartisan working group that will collaborate to improve the energy and infrastructure delivery process to provide better results for states and territories.
Litigation, Investigation, and Law Enforcement
It's bigger than a balloon: Chinese spying in US includes research labs and universities (USA TODAY) U.S. national labs develop state-of-the-art technology and conduct pioneering research funded by American taxpayers. Too often, China has a front-row seat to their work.
German court rules police use of crime-fighting software is unlawful (Reuters) Police use of automated data analysis to prevent crime in some German states was unconstitutional, a top German court said on Thursday, ruling in favour of critics of software provided by the CIA-backed Palantir Technologies .
Exclusive: British intel caught FBI spy chief secretly meeting a Russian in London (Business Insider) The FBI opened an investigation into a top spy-hunter after the UK tipped them off about a meeting with a Russian, Insider has exclusively learned.
Fugitive Stablecoin Founder Do Kwon Accused of Securities Fraud in U.S. (Wall Street Journal) The SEC alleges that the cryptocurrencies developer and Terraform Labs defrauded buyers of TerraUSD and Luna.
SEC Sues Over TerraUSD Stablecoin That Rocked Crypto (Bloomberg) Lawsuit asserts turf for Wall Street’s main regulator. Agency alleges company and co-founder Kwon misled investors.
Banks Are Breaking Up With Crypto During Regulatory Crackdown (Wall Street Journal) The Securities and Exchange Commission and banking overseers are stepping up scrutiny following last year’s collapse of FTX.
From Math Camp to Handcuffs: FTX’s Downfall Was an Arc of Brotherhood and Betrayal (Bloomberg) Gary Wang and Sam Bankman-Fried are offering dueling accounts of the FTX fiasco and of who’s ultimately to blame.
US government launches 'strike force' to combat Chinese and Russian technology threats (CyberScoop) Deputy Attorney General Lisa Monaco said the Disruptive Technology Strike Force will use intelligence and analytics to target illicit actors.
ASML Stolen Data Came From Technical Repository for Chip Machines (Bloomberg) Information stolen from shared storehouse of technical details. US ‘deeply concerned’ about allegations of economic espionage.
ASML says ex-China employee misappropriated data relating to its critical chip technology (CNBC) The security incident comes at a sensitive time for ASML which has been caught in the middle of the battle for tech supremacy between the U.S. and China
Don’t pay ransom in cyberattacks, FBI director tells companies at CNU: It’s like ‘gasoline that’s pouring on the fire’ (Daily Press) FBI Director Christopher Wray spoke during a homeland security symposium at Christopher Newport University a day after an appearance at the bureau's Norfolk field office in Chesapeake.
Fairfield DNA testing company fined $200,000 for data breach (Cincinnati Enquirer) A Fairfield company that provides paternity and other DNA testing has agreed to pay a $200,000 fine for a 2021 data breach that compromised the personal information of consumers in Ohio and Pennsylva…
Advent Health Partners Proposes $500,000 Settlement to Resolve Class Action Data Breach Lawsuit (HIPAA Journal) The Nashville, TN-based health system, Advent Health Partners, has proposed a $500,000 settlement to resolve claims related to a September 2021 data A $500,000 settlement has been proposed by Advent Health Partners to resolve a class action lawsuit related to a September 2021 data breach that affected 61,072 patients.