Somebody once said, “if it ain’t broke, don’t fix it.” That somebody didn’t work in cybersecurity. And that somebody didn't work at Raytheon, Intelligence & Space. Here we break the definition of cyber defense: Hiring the sharpest minds, actively hunting threats, and designing one-of-a-kind-never-been-done-before solutions. That’s how we shake up the future and uncover new thinking to protect our customer's most vital infrastructure and our way of life.
We’re very pleased to announce that the Retail & Hospitality ISAC Podcast has joined the CyberWire Podcast Network. Join host Luke Vander Linden for chats with members of the InfoSec community to discuss the latest challenges, opportunities, and best practices unique to cybersecurity in the retail and hospitality industry. Tune in and subscribe.
ESET this morning reports that North Korea's Lazarus Group may be deploying a new backdoor, "WinorDLL64," through its Wslink downloader. The "WinorDLL64 payload serves as a backdoor that most notably acquires extensive system information, provides means for file manipulation, such as exfiltrating, overwriting, and removing files, and executes additional commands," the researchers write, adding, "Interestingly, it communicates over a connection that was already established by the Wslink loader." The connection to the Lazarus Group is circumstantial but convincing: its development environment, behavior, and code show overlap known Lazarus samples, and the victimology is consistent with observed Lazarus targeting.
Why are you struggling with interpreting threat intel by yourself? Engage Nisos to achieve better risk insights and outcomes. Rely on the experts with a managed service that gives you the people, process, and technology to control costs while improving your defenses. Nisos leverages automation efficiency and analyst expertise that eliminates noise, identifies risks, and prioritizes your company-specific threats. We help you respond to threats faster and more effectively through assessments, monitoring, and investigations.
A ransomware attack on Dole PLC led the company to interrupt operations at its North American processing plants, CNN Business reports. A February 10th memo from the senior vice president of the company's Fresh Vegetables division said, “Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America." The shutdown affected deliveries of salad kits to food retailers. The specific strain of ransomware involved has not been publicly disclosed.
When seeking potential cybersecurity talent from non-tech or non-traditional backgrounds, you should ask yourself three things:
If these questions give you pause, CyberVista can help get you started. CyberVista's Professional Services solutions provide evidence-driven insights to transform your workforce.
Symantec describes a previously unobserved threat actor the company calls “Clasiopa” that targeted a materials research firm in Asia. The threat actor uses a combination of publicly available and custom-made malware tools, including a bespoke remote access Trojan called “Atharvan.” Clasiopa also may have abused two legitimate software packages in its attacks. Symantec says there’s no firm evidence pointing to who might be behind Clasiopa. Some of the threat actor’s malware contains references to India and Hinduism, but the researchers believe these are too obvious--that they could well be false flags. For more on Clasiopa, see CyberWire Pro.
Avanan warns that attackers are abusing the note-taking app Evernote to host malicious links they're distributing in a business email compromise (BEC) scam. Avanan researchers observed an attack in which an account belonging to the president of an organization was compromised. The attackers used the account to send phishing emails with a link to an Evernote page, purporting to contain a “secure message.” The Evernote page hosted a link to a credential-harvesting phishing site. For more on Evernote BEC abuse, see CyberWire Pro.
Identity and Access Management (IAM) platform provider Oort this morning released their 2023 State of Identity Security report, which details prevalent identity attacks that occurred in 2022, the weaknesses in multi-factor authentication, and related issues in the IAM industry. Researchers reference this month’s attack on Reddit, where attackers were capable of getting both a password and one-time password (OTP) from the victim, as well as attacks from cybercriminal gang 0ktapus. Oktapus targeted Twilio and are suspected of having targeted Coinbase. Such incidents have motivated a push from the security community toward phishing-resistant MFA, as the use of the strong second factors has only accounted for 1.82% of all logins. Just over 40% of organizations observed had weak MFA or none at all, showing a lot of holes for attackers to potentially exploit.
On average, just under a quarter (24.15%) of a company’s accounts are dormant, and these often have fewer activity monitors and controls in place. Oort found, for example, that in August 2022 password-guessing attacks by threat group APT29 targeted dormant mailboxes. The cybercriminals guessed the password of an account that had not been set up correctly. Research from the last two months of 2022 also showed an average of just over 500 attack attempts against inactive accounts. For more on identity-based attacks, see CyberWire Pro.
Researchers at Jamf have discovered a new family of macOS cryptomining malware. The malware is evasive, and can sometimes pass security measures on machines running macOS Ventura. The malware is delivered via a malicious version of Final Cut Pro, which has been modified to install the XMRig miner in the background. The researchers discovered the software being offered on Pirate Bay. Since cryptomining “requires a significant amount of processing power," Jamf says, "it is likely that the ongoing advancements in Apple ARM processors will make macOS devices even more attractive targets for cryptojacking.” It’s worth noting that users can avoid this particular malware by not downloading pirated versions of software applications like Final Cut Pro. For more on this novel cryptojacker, see CyberWire Pro.
In the course of reviewing five predictions made at the outset of the war, Breaking Defense concludes that cyber has not been the "game-changer" it was widely expected to be. The analysis concludes that the much-discussed and feared "cyber Pearl Harbor" didn't materialize because, first, cyber weapons "are generally one-time use," that is, once they're employed, they're blown, and second, that effective defense has been shown to be possible. "Even the most obvious and expected use of cyber attacks — the degradation of civilian infrastructure like the electrical grid," the analysis says, "has come entirely from kinetic effects."
Cyber operations haven't been irrelevant, and skirmishes in cyberspace have marked Russia's war since before its troops crossed the Ukrainian border, but they haven't been decisive, and, on the Russian side at least, haven't been well-integrated into a combined arms effort.
It seems unlikely to Breaking Defense that any surprises will develop. "And while it is possible that Russia still has some unused capabilities, that seems unlikely since the Russian strategic situation has become desperate with no new capabilities becoming evident. That likely means they do not exist."
None of this means that Russian operators haven't been trying. Their attempted cyberattacks have maintained a high tempo. The Record cites a report by the Netherlands' General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD); that report says there have been many more attacks than have so far come to light. “Before and during the war, Russian intelligence and security services engaged in widespread digital espionage, sabotage and influencing against Ukraine and NATO allies.” But the attacks have been poorly integrated with other arms, and their effects have been lost in the overwhelming noise of kinetic destruction inflicted by missile and artillery fire.
The CyberWire's continuing coverage of Russia's war against Ukraine may be found here.
Netacea yesterday released their “Quarterly Index: Top 5 Scalper Bot Targets of Q4 2022”, detailing the most scalped items in the final quarter of last year, between October and December of 2022. The research found that PlayStation 5 consoles came in at number five, but the resale value of the consoles diminished as Sony was able to begin replenishing their stock. Nike Dunk Low Panda sneakers topped the list, followed by two different Air Jordan sneaker pairs. In an unsurprising fourth place, we have the highly publicized Taylor Swift Eras Tour tickets, resold at exorbitant prices: some have been seen as high as $31,000. While NVIDIA 40 series graphics cards, as well as Apple’s iPhone 14 Pro Max, were the target of much scalping due to the chip shortage, they did not find their way into the top five (not yet, anyway).
Today's issue includes events affecting Australia, China, Israel, the Democratic People's Republic of Korea, the Republic of Korea, New Zealand, Russia, Ukraine, the United Kingdom, and the United States.
Ukraine at D+364: United Nations vote on Russia's war expected today. (CyberWire) Russia continues to maintain that its war is defensive, that it's the real victim here. (And Russian cyberattacks haven't had a decisive effect, but that's not for want of trying.)
Russia-Ukraine war: List of key events, day 365 (Al Jazeera) As the Russia-Ukraine war enters its 365th day, we take a look at the main developments.
Russia-Ukraine war: Key events in the year since Russia invaded Ukraine (ABC News) One year into the Russian invasion of Ukraine here is a timeline of events marking various stages throughout the war.
U.N. to mark one year of Ukraine war with vote to 'go down in history' (Reuters) Marking one year of war, Ukraine and Russia lobbied countries at the United Nations on Wednesday for backing ahead of a vote by the 193-member General Assembly that the United States declared will "go down in history."
Marking One Year Of War In Ukraine, UN Chief Denounces Russia (RadioFreeEurope/RadioLiberty) United Nations Secretary-General Antonio Guterres has denounced Russia's invasion of Ukraine as a violation of the founding UN Charter and international law and called out Russian threats about its possible use of nuclear weapons.
A global divide on the Ukraine war is deepening (Washington Post) Russia capitalizes on disillusionment with the United States to win sympathy in the Global South.
Three Reasons Most Analysts Were Wrong on War in Ukraine (VOA) Early predictions overestimated Russian military capabilities and underestimated the Ukrainian resistance
A year into Ukraine, looking back at 5 prewar predictions (Breaking Defense) A year ago, Mark Cancian of CSIS laid out five things to watch for in a war between Ukraine and Russia. Now he assess where things ended up.
Ukraine is still standing a year after the Russian invasion. Now what? (Yahoo News) U.S. officials acknowledged to Yahoo News that they do not expect either side to prevail in 2023.
The ripple effects of Russia's war in Ukraine continue to change the world (NPR) A year after Russia's invasion of Ukraine sparked the largest conflict in Europe since World War II, the repercussions continue to reverberate.
Ukraine-Russia war latest: Putin set to speak at nationalist rally - watch live (The Telegraph) Vladimir Putin is set to speak at a massive nationalist rally being held ahead of the one-year anniversary of Russia's invasion of Ukraine.
The Quiescent Russians (Foreign Affairs) What the war in Ukraine has revealed about Putin’s public.
In Russia-Ukraine war, more disastrous path could lie ahead (AP NEWS) For Russia, it's been a year of bold charges and bombardments, humiliating retreats and grinding sieges. Ukraine has countered with fierce resistance, surprising counteroffensives and unexpected hit-and-run strikes.
Q&A: Our experts answered your questions on the Ukraine War (The Telegraph) On Friday February 24, it will be one year since Russia invaded Ukraine.
Why Putin’s iron grip over Russia could be weakening (The Telegraph) The Telegraph’s writers take stock of the war’s impact and the challenges lying in wait for Russia’s leader this year
How the Russia-Ukraine war could end – four scenarios examined (The Telegraph) One year on, the conflict has triggered profound changes in Europe. An expert on global peace explains what an endgame could look like
'It's hard, but they're holding on': On the ground in Ukraine, the war depends on U.S. weapons (USA TODAY) Ukraine says U.S. weapons are making the difference in its Russia fight. USA TODAY was given exclusive access to what that means on the battlefield.
Why are NATO Articles 4 and 5 being discussed after the blast in Poland? (Washington Post) Two people were killed in explosions Tuesday in the Polish town of Przewodow on the border with Ukraine, according to a Polish official. The incident came amid a day of heavy Russian strikes on Ukrainian territory, but it was unclear where the reported strike in Poland came from, or whether it was deliberate.
Sweden open to sending Leopards to Ukraine, defence minister says - TT news agency (Reuters) Sweden is open to sending some of its Leopard battle tanks to Ukraine as the Nordic country prepares to present another package of aid to help the country fight off the Russian invasion, its defence minister told local news agency TT.
Israel reconsidering whether to send weapons to Ukraine: Sources (Breaking Defense) A review of the Israeli policy is being led by the national security unit in the prime minister's office, in cooperation with the Ministry of Defense, the Ministry of Foreign Affairs and Mossad, per sources.
DOD Official Says U.S. Not Yet Seeing China Giving Lethal Aid to Russia (U.S. Department of Defense) The United States has not yet seen China giving lethal aid to Russia in its illegal and unprovoked invasion of Ukraine, but the Chinese also haven't taken that aid off the table, according to the
‘It’s a disgrace not to go to war’: muted Russian protest against Ukraine conflict (the Guardian) Families of dead Russian soldiers appear even more supportive of military operation
Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge (The Record from Recorded Future News) Two Dutch intelligence agencies cited the volume of Russian cyber operations as one reason many are not yet publicly known.
Russia speeds shift to ruble and yuan as sanctions bite (Nikkei Asia) Response to Ukraine war fuels move away from export payments in dollars and euros
A Tool of Attrition (Foreign Affairs) What the war in Ukraine has revealed about economic sanctions.
Clasiopa: New Group Targets Materials Research (Symantec) Group uses distinct toolset but there are few clues to its origins.
WinorDLL64: A backdoor from the vast Lazarus arsenal? (WeLiveSecurity) ESET researchers uncover the WinorDLL64 backdoor, one of the payloads of the Wslink downloader and probably part of Lazarus' arsenal.
Developers beware: Imposter HTTP libraries lurk on PyPI (ReversingLabs) ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.
Rezilion Research Discovers Hidden Vulnerabilities in Hundreds of Docker Container Images (PR Newswire) Rezilion announced today the release of the company's new research, "Hiding in Plain Sight: Hidden Vulnerabilities in Popular Open Source...
Hiding in Plain Sight: Hidden Vulnerabilities in Open Source Scanners (Rezilion) Read this report for why traditional SCA tools struggle to detect software components not managed by package managers and the industry-wide impacts.
Third-party scripts in e-commerce websites: is payment data at risk? (Jscrambler) More than 99% of all websites use JavaScript in some form, as it serves many purposes. Some directly, and others via a third-party vendor.
Beware of macOS cryptojacking malware. (Jamf Threat Labs) You may have heard about the cryptojacking malware on macOS. Read about a new one spotted by Jamf Threat Labs.
Business Email Compromise Scam Leads to Credential Harvesting Evernote Page (Avanan) A crafty new Business Email Compromise scam adds a legitimate Evernote link to make it even more tricky to detect.
Kaspersky Lab: cybercriminals distribute a Trojan under the guise of ChatGPT for Windows (Gadget Tendency) The Kaspersky Lab team spoke about a new danger that lies in wait for users and fans of the ChatGPT chat bot with artificial intelligence. Generated by the Midjourney neural networkUnder the guise of the ChatGPT desktop client for Windows from OpenAI, attackers began to distribute malware that steals user data, including logins and passwords. […]
Scammers Mimic ChatGPT to Steal Business Credentials (Dark Reading) Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot.
"Mylobot" botnet infecting 50,000 devices per day worldwide (Neowin) A botnet called "Mylobot" is infecting over 50,000 devices daily, according to a recent report. Mylobot can download more malware, send spam emails, and even remain idle to avoid detection.
The 5 most dangerous cyberthreats facing businesses this year (Malwarebytes) Which of the myriad, extant cyberthreats should your business be paying the most attention to in 2023?
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966 (Bitdefender Business Insights) Numerous threat actors were detected abusing a critical CVE-2022-47966 RCE vulnerability affecting products from ManageEngine. Read our advisory.
Weaponizing POCs – a Targeted Attack Using CVE-2022-47966 (Bitdefender Labs) Known-yet-unpatched vulnerabilities have always represented a key entry point to modern business networks.
Cyberattack on food giant Dole temporarily shuts down North America production, company memo says (CNN Business) A cyberattack earlier this month forced produce giant Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores, according to a company memo about the incident obtained by CNN.
The Good Guys customers' personal data stolen in cyberattack on third-party supplier (9News) Popular Australian electronics retailer The Good Guys has revealed some of its customers' personal data has...
Trove of L.A. Students’ Mental Health Records Posted to Dark Web After Cyber Hack (74 Million) 74 investigation reveals systemic data breach of sensitive psychological evaluations following Vice Society ransomware attack
Indigo admits cyber attack was ransomware, employee data accessed (IT World Canada) Two weeks after suffering a cyber attack, Indigo Books and Music has acknowledged it was hit by ransomware and employee data was compromised. "On February 8, 2023, Indigo experienced a ransomware attack," the company says in an updated FAQ on its website. "Through our investigation we learned there is no reason to believe customer data
When your “friends” spy on you: The firm pitching Orwellian social media surveillance to militaries (Forbidden Stories) Imagine opening Facebook to a new friend request. You click on the profile and notice mutual friends. The person shares interesting content related to your job or passion on their profile. You don’t know them, but you accept the request.
Tesla to Change Camera Settings in Europe Over Privacy Fears (Wall Street Journal) The car maker agreed to issue software update to cars in the EU so that cameras have to be turned on and don’t record continuously.
No relief in sight for ransomware attacks on hospitals (TechTarget) Ransomware gangs will continue to target the hospitals and healthcare providers in 2023, despite efforts to curb the threat.
February 21 CISA KEV Breakdown | IBM, Mitel (Nucleus Security) In this Breakdown, Nucleus experts explore the three vulnerabilities added to the KEV on February 21, 2023
Vulnerability Summary for the Week of February 13, 2023 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
85% of Public Safety Organizations are Not 'Very Prepared' for Cyberattacks (Security Intelligence) Public safety organizations are major targets for cyberattacks. So why are they so unprepared to defend against them?
Netacea Quarterly Index: Top 5 Scalper Bot Targets of Q4 2022 (Netacea) Netacea’s Threat Research team provides expert analysis on the most scalped items from October to December 2022, from sneakers to Taylor Swift tickets.
authID Releases Results of its 2nd Annual Fintech Cybersecurity Survey (GlobeNewswire News Room) 80% of respondents said they are likely to evaluate solutions that eliminate the risks and costs of passwords and legacy multi-factor authentication ...
Australia and New Zealand Cybersecurity Survey (Arctic Wolf) Learn the findings from 300 IT and cybersecurity decision-makers and business executives in Australia and New Zealand on the happenings, attitudes, and beliefs they have on cybersecurity and business issues.
Cynet Reveals 94% of CISOs Suffer from Work-Related Stress and It’s Putting Companies at Risk (Business Wire) After surveying CISOs of small to midsize businesses, Cynet discovered 65% report their ability to protect their organization is compromised because of work overload, with nearly 100% admitting they need additional resources
Sensitive Data Protection Still Major Challenge for Enterprises (GlobeNewswire News Room) New report by Piiano details gaps in best practices for enterprise protection of sensitive customer data, especially in PII handling...
Venture capital financing of cyber companies slid to $18.5 billion in 2022 (The Record from Recorded Future News) VC investments in cybersecurity startups began to dip in the second half of 2022, but private equity firms spent billions buying companies.
A Few Cybersecurity Stocks Soared in 2022, But Most Stumbled (Info Risk Today) After two sensational years in the public markets during the height of COVID-19, 2022 was a rude awakening for the cybersecurity industry. The four-headed monster of inflation, interest rate hikes, supply chain shortages and the ongoing Russia-Ukraine war dragged most stock prices down.
Trend Micro Acquires SOC Technology Expert Anlyz (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, has announced the signing of a definitive agreement to acquire...
Metomic Raises $20 Million to Protect Sensitive Data in SaaS Applications (Metomic) As a data security solution focused solely on SaaS ecosystems, Metomic will use the Series A funding round to expand into the U.S.
Kaspersky acquires 49 per cent of container security solutions developer Ximi Pro (ANI News) Kaspersky has acquired 49 per cent of Ximi Pro, a subsidiary of Ximi Lab that develops Tron, a comprehensive solution for the protection of container infrastructures. This acquisition will allow the company to develop an offering that would provide full-fledged protection within Cloud Workload Protection concept. It would also extend its upcoming XDR solution with the ability to detect and respond to threats in container's infrastructure.
Why Is AT&T Cybersecurity Such a Good Acquisition Target? (Bank Info Security) AT&T wants to unload its cyber assets just five years after doubling down on security through its $600 million purchase of threat intelligence vendor AlienVault. The Dallas-based carrier has been working with British banking firm Barclays to solicit bids for its cybersecurity business, Reuters said.
Telos Corporation Receives Follow-on Contract with National Security Agency (Telos Corporation) Telos Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, announced today a five-year contract with the National Security Agency (NSA). With this contract, NSA is continuing its licensing of Xacta 360 and Xacta.io while also acquiring new... Read more
Palo Alto Networks stock jumps as 'budget scrutiny' for cybersecurity favors large platforms (MarketWatch) Palo Alto Networks shares surged Wednesday after Wall Street rewarded the cybersecurity company as budget crunches appear to be favoring larger vendors.
Meta plans additional layoffs across various divisions, report (Computing) Move is part of a downsizing and restructuring effort that could affect thousands of employees
Senhasegura Named Leader for 2nd Consecutive Year in the KuppingerCole Leadership Compass for Privileged Access Management (Business Wire) Brazilian-based PAM provider recognized in 2023 Report for overall leadership, technical innovation, and advanced product features
Interview: Ciaran Martin’s New Chapter in Cybersecurity (Infosecurity Magazine) The former NCSC chief executive discussed his new role at SANS and a number of other important issues in cyber today
Peter Kujawa of ConnectWise’s Service Leadership Business Named 2023 Channel Influencer Award Winner by Channel Futures (GlobeNewswire News Room) ConnectWise, the world’s leading software company dedicated to the success of IT solution providers...
CRN Names Versa Networks One of 10 Hot SASE Companies to Watch in 2023 (Business Wire) Only Versa Lets Partners Deliver Services Including Secure SD-WAN, Secure Web Gateway, Cloud Access Security Broker, Network Firewalling and Zero Trust from a Unified Platform
Akamai Ascents on Auckland (Australian Cybersecurity Magazine) Akamai Technologies has announced that it is building a Scrubbing Centre and Cloud Data Centre in Auckland, New Zealand as part of its global infrastructure investment strategy.
Bugcrowd Expands Advisory Board with the Appointment of Prabhath Karanth (PR Newswire) Bugcrowd, the leader in crowdsourced cybersecurity, today announced the appointment of Prabhath Karanth (PK) to the company's Advisory Board....
SentinelOne Bolsters Singularity Platform with Executive Appointments (SentinelOne) Enterprise Cybersecurity Experts Jane Wong and Lana Knop Join to Take Product Leadership Evolution to Next Level
INSA Names Todd Probert to its Board of Directors (Yahoo) CACI International Inc (NYSE: CACI) announced today that the Intelligence and National Security Alliance (INSA) named Todd Probert, CACI President of National Security and Innovative Solutions, to its Board of Directors. Probert will serve a three-year term, effective January 1, 2023.
Proofpoint Announces CFO Transition (GlobeNewswire News Room) Rémi Thomas succeeds Paul Auvil as chief financial officer, bringing over 30 years’ experience across the technology sector...
Keith Mason Joins Paladin Capital Group as a Venture Partner with Focus on Southeast United States (Paladin Capital) As an experienced investor with deep Georgia ties, Mason will help accelerate Paladin’s expansion in the southeast. Mason previously advised Paladin during the firm’s fundraise for its $372 million Cyber Fund II.
JFrog Revolutionizes C/C++ Development with Conan 2.0: Advanced Capabilities for Building High-Performance, Embedded, and IoT Applications (JFrog) Already Powering the World of AI, Automotive, Aerospace, Robotics and Healthcare, the New C/C++ Package Manager Will Help Organizations Build and Secure Software Pipelines at Scale
Product Security Report 2022 (Intel) Read the full Intel 2022 Product Security Report.
Keysight Launches Wireless Test Platform for 5G RedCap and Cellular IoT Industry Progression (Business Wire) Provides chipset, device, and module maker ecosystem with a network emulation platform designed specifically for all cellular internet of things technologies, including the 5G RedCap specification.
Netography Launches Network Visibility and Operational Governance for Social Media Policies (Business Wire) Threat analysts can now quickly see and analyze social media network usage across the Atomized Network with Netography Fusion®
New Version of Netwrix Privilege Secure Further Reduces Attack Surface (Netwrix) Netwrix Privilege Secure (formerly Netwrix SbPAM) now provides just-in-time privileges for database access.
IRONSCALES Partners with Yellow Cube (Ironscales) With Yellow Cube on our side, IRONSCALES is making its innovative, AI-powered, enterprise email security solution accessible to this exciting market.
Proofpoint announces Element Partner Programme for channel partners removing complexity (Intelligent CIO Middle East) Unveils new simplified partner programme to accelerate channel growth Proofpoint Element Partner Programme strengthens resellers’ position and market opportunity in the Middle East with enhanced sales and marketing development resources, benefits, incentives, and training support Proofpoint, a cybersecurity and compliance company, announced its new partner programme to empower the channel to drive sales, enhance customer […]
WithSecure’s new tech is an ‘undo’ button for ransomware (News Powered by Cision) WithSecure’s Activity Monitor technology rolls back changes to data caused by malware. Helsinki,
Built-in macOS Security Tools (Huntress) We discuss some of our favorite and most interesting built-in macOS security tools.
Qonsent and LiveRamp Partner to Drive Consumer-First Consent Solution for Brands, Marketers, and Consumers (PR Newswire) Qonsent, the first consent enablement and consumer trust platform, today announced a partnership with LiveRamp, the leading data enablement...
Verifone Selects Lacework to Help Secure its Cloud Infrastructure (PR Newswire) Lacework®, the data-driven cloud security company, today announced that Verifone, a global FinTech leader and payment solution provider to the...
ThreatQuotient Selected by Sysdig to Scale Cloud Threat Detection and Response (Business Wire) Sysdig has standardized on the ThreatQ Platform for data-driven security operations, saving time and improving threat detection and research capabilities at scale
NSA Releases Best Practices For Securing Your Home Network (National Security Agency/Central Security Service) The National Security Agency (NSA) released the “Best Practices for Securing Your Home Network” Cybersecurity Information Sheet (CSI) today to help teleworkers protect their home
Balance Data Retention vs Data Protection with Quantitative Risk Analysis (RiskLens) Data is the “oil” of the digital age, the saying goes, but it’s also a cyber risk, a target for data breach as well as regulatory fines for privacy violations. Data retention policy vs. data protection – what’s the right balance at your organization that meets the needs of the business and cybersecurity?
JPMorgan Restricts Employees From Using ChatGPT (Wall Street Journal) Verizon and other organizations have also blocked access to the popular AI chatbot.
Twitter Is Correct To Move Away From SMS Two Factor Authentication, Though, There Are Much Better Ways To Do It (Techdirt) A lot of people freaked out on Friday after the news came out that Twitter was going to make SMS two-factor authentication (2FA) only available to paid Twitter Blue subscribers. The news was first …
Microsoft brings Bing chatbot to phones after curbing quirks (AP NEWS) Microsoft is ready to take its new Bing chatbot mainstream — less than a week after making major fixes to stop the artificially intelligent search engine from going off the rails .
ChatGPT Fever Sweeps China as Tech Firms Seek Growth (Wall Street Journal) As companies play catch-up, they face hurdles including securing advanced chips and China’s tight censorship rules.
Baidu says its alternative to ChatGPT is coming to the public in March (CNBC) Chinese tech giant Baidu said Wednesday its artificial intelligence product Ernie bot is set to open to the public next month.
I interviewed ChatGPT for a job. Employers should take note of its performance. (Washington Business Journal) What happens when you interview a hypothetical, AI-powered candidate for a hypothetical job? A surprising performance that suggests employers are in for some interesting challenges in the years to come.
Gamifying cyber: new strategies to diversify the security profession (Computing) Getting a job in cybersecurity used to rely on luck or sideways movement, but new programmes like Cyber Explorers are changing that
Google claims major quantum computing breakthrough (Computing) Researchers say their technique for reducing error rates is a significant advance
TikTok Banned on EU Executive Staff Devices (Wall Street Journal) The move comes as officials in Europe and the U.S. scrutinize TikTok over concerns that Beijing could force the company to hand over data on its users.
DOJ Issues Corp. Self-Disclosure Policy For US Attys Offices (Law360) The U.S. Department of Justice said Wednesday it is implementing a voluntary self-disclosure policy for corporate criminal enforcement in all U.S. attorney's offices across the nation, offering steep discounts on fines and non-guilty plea resolutions to companies that timely self-report.
The raucous battle over Americans’ online privacy is landing on states (POLITICO) But industry critics are playing catch-up to a campaign that's made significant headway in several states, including Virginia and Utah, where weaker laws were enacted in recent years.
A longtime DOJ cyber official gives an exclusive exit interview (Washington Post) Adam Hickey discusses his time working on cyber issues at DOJ, and what’s next.
House Democrats want briefing on domestic terrorism at energy facilities, including malware (The Record from Recorded Future News) Democrats in the House asked CISA and DHS for a briefing about domestic terrorists, including cyberattacks against energy infrastructure.
Live updates: Supreme Court hears Twitter v. Taamneh oral arguments (CNN) The Supreme Court is scheduled to hear oral arguments on the case Twitter v. Taamneh on Wednesday — which could reshape the rules of the internet. Listen to the oral arguments live here and follow for the latest news updates.
Supreme Court Struggles With Social Media’s Role in Terrorism (Bloomberg) Justices explore banking, rental cars or guns analogies. Twitter argues it did not violate the Anti-Terrorism Act.
The US Supreme Court Doesn’t Understand the Internet (WIRED) A case before the court is challenging social media platforms’ legal protections. The outcome could be huge for the future of the web.
Can employees be fired over online posts? Attorneys say yes (Maryland Daily Record) Inquiring minds want to know: Can I be fired over something I posted online?
The Next S.B.F. Legal Riddle: What’s in Puerto Rico? (Puck) An elite unit of the Department of Justice has taken an interest in the political side of the FTX case, raising the possibility of more indictments to come.
Prosecutors Seek to Encourage Corporate Confessions (Wall Street Journal) U.S. attorneys say companies will face reduced criminal penalties if they self-report.
For a complete running list of events, please visit the Event Tracker.
The Personal Stories, Challenges, and Triumphs of Women in Cyber (Virtual, Mar 22, 2023) In this panel discussion hosted by Devo, leading women in cyber will come together to share their experiences, discuss challenges they’ve faced throughout their careers, and offer advice on how more women can flourish in cybersecurity. Register today!
24th Annual CERIAS Cybersecurity Symposium & 2nd Annual Indiana Statewide Academic Cybersecurity Alliance Summit (West Lafayette, Indiana, USA, Mar 28 - 29, 2023) Purdue's CERIAS is the world's oldest, largest, and preeminent interdisciplinary academic education and research institute for cyber and cyber-physical systems. The 24th annual CERIAS Security Symposium will bring together experts and practitioners from all areas of cyber and cyber-physical systems with interests in security, privacy, resiliency, autonomy, trusted electronics, and explainable AI. Attendees will consist of a mix of academic, industry, government and military representatives who are interested in learning new and innovative ways to secure our future. Join us as we celebrate the 25th anniversary of CERIAS!
Authenticate 2023 (Carlsbad, California, USA, Oct 16 - 18, 2023) It’s time to modernize your authentication! Organizations around the globe are embracing a new way to authenticate with FIDO standards, moving past passwords and legacy forms of multifactor authentication to provide users with passkeys for phishing-resistant sign-ins. Their results? Strong security, lessened data breach risk, improved user experiences, faster sign-in rates, and reduced costs. Join these industry leaders as they come together at Authenticate 2023, and get the latest tools and insights to get your organization on the path to strong, modern passwordless authentication. Hosted by the FIDO Alliance, Authenticate is the industry’s only conference dedicated to all aspects of user authentication – including a focus on FIDO-based sign-ins. It is the place for CISOs, business leaders, product managers, security strategists and identity architects to get all of the education, tools and best practices to roll out modern authentication across web, enterprise and government applications.
SINET Live: Building the Right Security Program: Compliance-Aligned or Threat-Aligned? (Virtual, Feb 23, 2023) Various enterprises operating in a multitude of industries enact varying approaches to build their Cybersecurity teams and capabilities. Two popular program-building strategies are: 1) Aligning with an Information Security Management System (ISMS) and the associated compliance requirements 2) Building and maturing a Cybersecurity function based on specific threats faced by the enterprise. In this session, our esteemed panelists will discuss strategies to identify and take advantage of the program best suited to you and your organization. How can security leaders draw the line between a compliance framework and a risk management framework? Can the two be balanced?
3rd Annual Nunn School Symposium: Lessons from Russia’s War in Ukraine for the West (Atlanta, Georgia, USA, Feb 28, 2023) This half-day program explores what lessons the West should draw a year after Russia’s invasion of Ukraine. It will consider both what can be learned about warfighting and about the broader role of statecraft. While what has happened and what might happen are clearly relevant, the focus will be on what lessons can be drawn from what has happened thus far.
SecureWorld Charlotte (Charlotte, North Carolina, USA, Mar 2, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Mar 13 - 17, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.
Security & Policing (Farnborough, England, UK, Mar 14 - 16, 2023) Security & Policing, the official Government global security event, returns to the Farnborough International Exhibition and Conference Centre between 14-16 March 2023. Hosted by the Home Office’s Joint Security & Resilience Centre (JSaRC), Security & Policing offers a world‐class opportunity to meet and discuss the latest advances in delivering national security and resilience with leading UK suppliers, UK and overseas Government officials and senior decision makers across the law enforcement and security sectors. There is no general admittance to Security & Policing and all visitors and exhibitors are subject to Home Office approval.
