Dateline Moscow and Kyiv: Considerations of cyber escalation.
Ukraine at D+377: Sabotage, and prospects of future cyberattacks. (CyberWire) Was the Nord Stream sabotage the work of anti-Putin freelancers? Prospects for cyber escalation in the war's next phases.
Russia-Ukraine war live: Bakhmut could fall within days, says Nato chief (the Guardian) Jens Stoltenberg says investigation into attack ongoing; Ukrainian denies involvement while Moscow calls reports a distraction
Russia-Ukraine war: List of key events, day 378 (Al Jazeera) As the Russia-Ukraine war enters its 378th day, we take a look at the main developments.
Intelligence Suggests Pro-Ukrainian Group Sabotaged Pipelines, U.S. Officials Say (New York Times) New intelligence reporting amounts to the first significant known lead about who was responsible for the attack on the Nord Stream pipelines that carried natural gas from Russia to Europe.
Nord Stream pipelines blown up by pro-Ukrainian group, US intelligence suggests (The Telegraph) Officials say there is no evidence Volodymyr Zelensky, the Ukrainian president, or any of his top aides were involved
Germany cautious over Nord Stream pipeline attack reports (AP NEWS) Germany’s defense minister voiced caution Wednesday over media reports that a pro-Ukraine group was involved in blowing up the Nord Stream gas pipelines in the Baltic Sea last year.
German prosecutors searched boat Nord Stream saboteurs may have used (the Guardian) Ministers urge caution over reports pro-Ukrainian group behind gas pipeline blasts
Exclusive: Zelensky warns of 'open road' through Ukraine's east if Russia captures Bakhmut, as he resists calls to retreat (CNN) Russian troops will have "open road" to capture key cities in eastern Ukraine if they seize control of Bakhmut, President Volodymyr Zelensky warned in an interview with CNN, as he defended his decision to keep Ukrainian forces in the besieged city.
The Russian military is so low on ammo that troops are reduced to fighting with e-tools (Task & Purpose) “One of the reservists described being ‘neither physically nor psychologically’ prepared for the action.”
Lots of Russian soldiers want to surrender. Ukraine makes it easier with a high-tech hotline (Los Angeles Times) The Ukrainian military's surrender hotline, dubbed 'I Want to Live,' is enticing some Russian soldiers to quit the battlefield as the war drags on.
Video of alleged POW killing angers and inspires Ukrainians (Washington Post) A weary man in combat fatigues, a Ukrainian flag on his arm, smokes a cigarette. He stands over a ditch in the woods, looking toward the camera.
Ukraine military identifies soldier seen in grisly war video (AP NEWS) A man who appeared to be shot dead by Russian-speakers in a short video was tentatively identified Tuesday as a missing Ukrainian soldier while the footage circulated widely on Ukrainian social media and caused an uproar.
Which fighter jet is best for Ukraine as it fights off Russia? (Defense News) Ukraine and its supporters say Western fighter jets are necessary to tip the balance in Ukraine’s favor, while allowing for close air support.
U.S. military eyes mounting Western air-to-air missiles on Ukrainian MiGs (POLITICO) The effort, if successful, could be part of a solution to Kyiv’s need for additional firepower and air defenses.
The Russian neo-Nazi hooligan who led an anti-Putin militia across the border (The Telegraph) Denis Nikitin and 40 others from the Russian Volunteer Corps snuck across into Russia to take photos of themselves
The Astonishing Endurance of Unity on Ukraine (Foreign Affairs) Russia’s threat to security and moral values has bolstered the West’s resolve.
It is time for the West to welcome Ukraine home (Ukraine Alert) As Russia’s full-scale invasion enters its second year, Ukraine remains unconquered. Russian President Vladimir Putin dreamed of seizing Kyiv in three days and imposing a puppet regime of pro-Kremlin political has-beens with zero legitimacy inside the country.
Premature peace with Putin would be disastrous for international security (Atlantic Council) Perhaps the best way to illustrate the perils of appeasing Putin with a premature peace deal is by imagining where the world would be today if Ukraine had indeed fallen one year ago, writes Peter Dickinson.
Ukraine’s secret weapon should terrify Putin (The Telegraph) The Kremlin’s campaign of fear has failed – and Kyiv now has a huge advantage over the Russian military
How Putin’s fear of democracy convinced him to invade Ukraine (Atlantic Council) Putin's decision to launch the full-scale invasion of Ukraine was rooted in his longstanding fear that the emergence of a democratic Ukraine could serve as a catalyst for the collapse of his own autocratic regime.
What can security teams learn from a year of cyber warfare? (Computer Weekly) With the passing of the first anniversary of Russia’s invasion of Ukraine, we reflect on the ongoing cyber war, and ask what security leaders can learn from the past 12 months.
Russian cyberattacks could intensify during spring offensives in Ukraine, US Cyber Command general says (Stars and Stripes) Army Gen. Paul Nakasone warned the Senate Armed Services Committee that Russia remains a “very capable adversary” in cyberspace and could unleash a barrage of cyberattacks against Ukraine and the West as part of a military push deeper into Ukraine.
US Bracing for Bolder, More Brazen Russian Cyberattacks (VOA) US intelligence officials, cyber command and others warn Moscow 'will be increasingly brazen' in cyberspace now that the one-year anniversary of its invasion of Ukraine has come and gone
Russia remains a ‘very capable’ cyber adversary, Nakasone says (C4ISRNet) “By no means is this done, in terms of the Russia-Ukraine situation,” Gen. Paul Nakasone told the Senate Armed Services Committee.
Attacks, Threats, and Vulnerabilities
“Sharp Panda”: Check Point Research puts a spotlight on Chinese origined espionage attacks against southeast asian government entities (Check Point Software) Highlights: CPR continues tracking Sharp Panda, a long-running Chinese cyber-espionage operation, targeting Southeast Asian government entities In late
Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities (Check Point Research) Executive summary In 2021, Check Point Research published a report on a previously undisclosed toolset used by Sharp Panda, a long-running Chinese cyber-espionage operation targeting Southeast Asian government entities. Since then, we have continued to track the use of these tools across several operations in multiple Southeast Asian countries, in particular nations with similar territorial claims or strategic […]
Chinese Sharp Panda Group Unleashes SoulSearcher Malware (HackRead | Latest Cybersecurity and Hacking News Site) Currently, in its cyber espionage campaign, Sharp Panda hackers are targeting government entities in Asia.
Taiwan suspects Chinese ships cut islands’ internet cables (AP NEWS) In the past month, bed and breakfast owner Chen Yu-lin had to tell his guests he couldn't provide them with the internet. Others living on Matsu, one of Taiwan’s outlying islands closer to neighboring China, had to struggle with paying electricity bills, making a doctor's appointment or receiving a package.
Cyber command chief: Election interference is not going away (The Hill) U.S. Cyber Command Director Gen. Paul Nakasone on Tuesday said that election interference from nation-state threat actors is still an ongoing issue that the U.S. must continue to address. Testifyin…
Israel publicly blames Iran for cyberattack on major university last month (Times of Israel) National Cyber Directorate says it traced assault on Technion Institute to group calling itself MuddyWater, which is affiliated with Iranian government intelligence
Iran behind cyber attack on Technion institute, Israel says (Israel Hayom) The institute's website went down in early February and students were asked to log off. The hackers demanded a ransom of 80 bitcoins, which is equivalent to $1,747,971.
BlackMamba: Using AI to Generate Polymorphic Malware (HYAS) HYAS Labs introduces new malware proof of concept BlackMamba, a keylogger using AI to generate polymorphic code that changes at runtime to avoid detection.
Everything You Didn’t Know About Cross-Account and Cross-Cloud Provider Attacks (Orca Security) Discover how the Orca cloud security platform is helping organizations identify cross-account and cross-cloud provider attack paths in cloud environments.
Acer Confirms Breach After Hacker Offers to Sell Stolen Data (SecurityWeek) Acer said one of its document servers was hacked after a hacker claimed to have stolen 160 Gb of data from the company.
Acer confirms breach after 160GB of data for sale on hacking forum (BleepingComputer) Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians.
Acer confirms data breach, says no customer data involved (IT World Canada) Computer manufacturer Acer has confirmed that it has been hacked. Security Week quotes an Acer spokesperson saying it recently detected unauthorized access to one company document server used by repair technicians. There is currently no indication that any consumer data was stored on that server, Acer said. The statement comes after the news site Hacked
Acer Data Breach? Hacker Claims to Sell 160GB Trove of Stolen Data (HackRead | Latest Cybersecurity and Hacking News Site) The hacker claims that it took them days to go through the list of what had been allegedly breached.
Acer Confirms Data Offered Up for Sale Was Stolen (Dark Reading) An Acer statement confirms that a document server for repair techs was compromised, but says customer data doesn't appear to be part of the leak.
Researchers detect ongoing malware campaign targeting routers popular with small businesses (Axios) The campaign has already affected at least 100 businesses across Europe, North America and Latin America.
DrayTek routers under active attack and there's no patch (Register) Workaround: Throw away kit?
New spy malware found in the wild on DrayTek routers (CyberSecurity Connect) A United States telco has discovered a new malware infection circulated on older routers made by the networking company Draytek.
Remcos RAT Spyware Scurries Into Machines via Cloud Servers (Dark Reading) Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.
Ransomware Roundup – Sirattacker and ALC Ransomware (Fortinet Blog) In this week's Ransomware Roundup, FortiGuardLabs covers Sirattacker and ALC ransomware along with protection recommendations. Learn more: …
Identity verification & fraud scams to avoid (Veriff) A blog about 12 common identity verification & fraud scams to avoid, including the most common types of scams and how to prevent the risk fraudsters pose.
Employees Are Feeding Sensitive Business Data to ChatGPT (Dark Reading) More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.
LastPass hack caused by an unpatched Plex software on an employee’s PC (Security Affairs) The LastPass data breach was caused by the failure to update Plex on the home computer of one of the company updates. The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. Recently, the password management software firm disclosed a “second attack,” […]
Commonwealth Bank of Australia's Indonesian arm hit by cyber attack (Reuters) Commonwealth Bank of Australia said on Wednesday its Indonesian unit, PT Bank Commonwealth (PTBC), had been hit by a cyber incident.
Brazilian construction giant suffers a major data breach (teiss) Andrade Gutierrez, the Brazilian engineering firm, has reportedly suffered a data breach that saw hackers steal several terabytes of corporate and employee information.
German university hit by Vice Society ransomware gang (SC Media) Germany-based Hamburg University of Applied Sciences has been added by the Vice Society ransomware operation to its leak site following an attack on Dec. 29, reports The Record, a news site by cybersecurity firm Recorded Future.
Tennessee State University Posts Notice of “Ransomware Threat” (JD Supra) On February 26, 2023, Tennessee State University (“TSU”) posted a “Notice of Suspicious Network Activity” after the institution experienced what it...
Southeastern Louisiana University Experiences What Some Believe to Be a Ransomware Attack (JD Supra) On February 25, 2023, Southeastern Louisiana University (“SLU”) posted notice of a potential data breach on Facebook. Based on the school’s post,...
Data breach impacts Denver Public Schools (SC Media) Denver Public Schools, the largest school district in Colorado, had its systems affected by a data breach between Dec. 13, 2022, and Jan. 13, 2023, exposing employee data, Government Technology reports.
LVHN: Ransomware hackers posted photos of cancer patients on dark web (The Morning Call) A ransomware attack has led to photos of Lehigh Valley Health Network cancer patients being posted online.
Privacy watchdog probes breach at Toronto breast milk bank for fragile babies (CBC News) Ontario's privacy watchdog is investigating a data breach at a breast milk bank that provides breast milk to medically fragile babies across the province.
Serious DJI Drones Flaws Could Crash Drones Mid-flight (HackRead | Latest Cybersecurity and Hacking News Site) During their assessment, the researchers discovered a total of 16 vulnerabilities with a broad range of impacts, from denial of service to arbitrary code execution.
Data security flaws found in China-owned DJI drones (Cybernews) Serious security vulnerabilities in multiple drones made by Chinese manufacturer DJI have allowed users to modify crucial identification details and even bring down the devices remotely in flight, researchers say.
CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
March 7 CISA KEV Breakdown | Zoho, Teclib, Apache (Nucleus Security) In this Breakdown, Nucleus experts explore the three vulnerabilities added to the KEV on March 7, 2023
Security Patches, Mitigations, and Software Updates
Apache Patches Two Important Bugs in Web Server (Decipher) The Apache Software Foundation has fixed two important security flaws in version 2.4.56 of its HTTP Server.
Trends
Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems (Dark Reading) The health, manufacturing, and energy sectors are the most vulnerable to ransomware.
Industrial Sector Hit Hard by Phishing, Malicious Scripts Attacks During 2022, Kaspersky Reports (MSSP Alert) In the second half of 2022, roughly 34% of industrial sector computers were hit by malware, including malicious scripts and phishing pages.
Wallarm 2022 Year-End API ThreatStats™ Report Provides Important Insights for 2023 API Security (Business Wire) API attacks jump over 197% in 2022, while API-related vulnerabilities grew more than 78% and average time-to-exploit worsens
Palo Alto Networks: Most Orgs Can't Resolve Cyberthreats Within an Hour (Channel Futures) Palo Alto Networks found that 90% of organizations said they cannot detect, contain and resolve cyber threats within an hour.
New Zealand’s IT Decision-makers Woefully Underprepared For Cyber Risks (Scoop News) KnowBe4 , the provider of the world’s largest security awareness training and simulated phishing platform, today announced new research which has found New Zealand IT decision-makers are underprepared regarding risks to the business from ...
Marketplace
Thoughts on International Women's Day 2023. (CyberWire) With March being Women's History Month, and March 8th the observance of International Women's Day, we assembled some thoughts and quotes with these themes in mind from women in our industry to share
Cyber Security Works to Rebrand As Securin Inc. (Dark Reading) Securin Inc. will provide tech-enabled security solutions, vulnerability
intelligence and deep domain expertise.
PayPal Ventures Invests in Threat Prevention Leader Deep Instinct (Business Wire) Deep Instinct is Transforming Cybersecurity with Deep Learning to Prevent Unknown Cyber Threats
SAIC Invests In Cloud Management Company Morpheus Data (Defense Daily) Science Applications International Corp. on Monday said it has made a $5 million strategic investment in Morpheus Data, a software provider of cloud
Want data security? Concentrate on cybersecurity training, RangeForce raises $20M (VentureBeat) Cybersecurity training and upskilling provider RangeForce announced it has raised $20M in funding for a solution to mitigate human risk.
High Wire Networks Sells Legacy Staffing Subsidiary in $11.5 Million Transaction, Turns Focus on Faster-Growing Managed Cybersecurity and Tech Enablement Business (GlobeNewswire News Room) Multiple benefits of the divestiture include: Eliminates debt payments of $3.9 million on an annualized basis.Reduces fully diluted common shares by...
Meta Plans Thousands More Layoffs as Soon as This Week (Bloomberg) Second round of cuts in four months driven by efficiency push. Social networking giant may finalize plans in the next week.
Kudelski Security Joins Microsoft Intelligent Security Association (MISA) (Kudelski Security) Membership expands early access to emerging threat intelligence and increases protections against cyber-attacks. Cheseaux-sur-Lausanne, Switzerland, and Phoenix (AZ), USA –...
AuditBoard Surpasses $150 Million in ARR Following Record-Breaking Year of Bookings (Business Wire) Company continues rapid ARR growth of 60%+ while generating positive cash flow and gaining strong momentum with IT Risk and Compliance leaders
Elon Musk apologizes after mocking disabled Twitter employee (AP NEWS) If you're not told you are fired, are you really fired? At Twitter, probably. And then, sometimes, you get your job back — if you want it. Haraldur Thorleifsson, who until recently was employed at Twitter, logged in to his computer last Sunday to do some work — only to find himself locked out, along with 200 others.
Komal Bazaz Smith Joins GCA as Chief Business Officer (Global Cyber Alliance) Komal Bazaz Smith is joining the Global Cyber Alliance as its Chief Business Officer.
Silverfort introduces five new members of executive team (Silverfort) Silverfort introduces five new senior executive team members as it continues to strengthen and grow multiple departments.
Sylvia Go to lead ExtraHop APJ channel (Reseller News) Cyber analytics vendor ExtraHop has appointed Sylvia Go as assistant vice president of channel for Asia Pacific and Japan.
Former CSOs from Microsoft, Boeing join Prescient Advisory Board (EIN News) Prescient has announced that Dave Komendat, former CSO for The Boeing Company, and Mike Howard, former CSO for Microsoft, have joined its advisory board.
Check Point Hires Distribution Vet Francisco Criado As New Channel Chief (CRN) Cybersecurity firm Check Point announced it has hired Francisco Criado, formerly of TD Synnex, as its new channel chief.
Cyberstarts Appoints Emily Heath as General Partner (GlobeNewswire News Room) Venture firm adds former DocuSign and United Airlines CISO to investment team to nurture portfolio companies building next generation cybersecurity...
Proficio Hires Jen Ferguson as VP of Marketing and Glenn Williamson as VP of Channel Sales (EIN Presswire) Leadership Team Additions Help to Accelerate Company Growth and Strategic Expansion
Products, Services, and Solutions
Twitter just let its privacy- and security-protecting Tor service expire (The Verge) Just shy of its one-year anniversary.
ReliaQuest Completes Transition to Partner-First Channel Model (ReliaQuest) ReliaQuest completes strategic transition to Partner-First Channel Model to empower customers and partner network. ReliaQuest GreyMatter, a security operations platform built on an open XDR architecture, can integrate with existing customer investments, accommodating everyone from large to mid-enterprises.
Optiv Launches Full Suite of Operational Technology Services (Optiv) Digitization and the heavy adoption of connected devices are enabling organizations to reach new heights and, at the same time, have intensified the threat landscape and extended the attack surface.
Next IT & Systems, Leonard McDowell, & XQ Message Announce Partnership on Zero Trust Data for High Value Applications (GlobeNewswire News Room) International collaboration brings a new technology governance framework to drive trust, sustainability, and innovation on a global scale...
New controller IP core for secure data (Control Engineering Europe) Data security is one of the most important issues in today's digital age. Increasing system attacks and cybercrime make it necessary to secure data in new ways. Recognising this the Fraunhofer Institute for Photonic Microsystems IPMS has developed the MACsec Controller IP-Core, which implements the latest Ethernet security standards.
Acronis Launches New Cyber Cloud Data Center in Toronto (Be Korea-savvy) Acronis, a global leader in cyber protection, today announced the availability of a new Cyber …
Deloitte partners Circulor on supply chain traceability (Security Industry) Circulor’s blockchain-powered traceabil;ity technology is used to trace raw materials from source to use.
Boeing signs off anti-jamming tech to keep satellites online (Register) China and Russia won't be jammin' US sats no more
Boeing says ground-based system keeps satellites free from jamming (C4ISRNet) The company is developing the U.S. Space Force’s Protected Tactical Enterprise Services ground system, which can defend against electronic warfare threats.
GrammaTech Introduces Three New Editions of CodeSentry Binary Software Composition Analysis Platform (Business Wire) Company is also offering a free SBOM service that allows organizations to detect open source software in third party components and legacy applications
Thunderdome Completes Prototype to Modernize U.S. Cyber Defenses (MSSP Alert) The U.S. Defense Information Systems Agency (DISA) has implemented a zero trust architecture to fortify the nation’s cyber defenses.
How Orca’s Multi-cloud Attack Path Analysis Enables Strategic Alert Remediation (Orca Security) The Orca security platform offers new attack path analysis capabilities with multi-cloud support to detect cross-account and cross-cloud provider attack paths.
Presidio Federal Announces Partnership with Peraton in Service to Department of Homeland Security (GlobeNewswire News Room) Data Center and Cloud Optimization Contract to Include Presidio Federal’s Expertise...
Concentric AI and CTERA Partner to Bolster Data Security Posture Management for Customers (Business Wire) AI-based Semantic Intelligence Integration Seamlessly Protects Data, Meets Mandates for Privacy Data Protection, and Mitigates Risk Across CTERA’s Enterprise File Services Platform
Netsurion Strengthens Partnership with Deep Instinct for Managed Endpoint Security (GlobeNewswire News Room) Netsurion, a leading provider of Managed XDR, today announced key enhancements to the Netsurion...
Technologies, Techniques, and Standards
NCUA Announces New Cyber Threat Reporting Requirement (JD Supra) The NCUA stated the new rule, which was approved on Feb. 16, 2023, aims to mitigate cyber incidents “that [lead] to a substantial loss of...
Thinking differently about process control strategies (Control Engineering Europe) <span style="font-style: italic;">Gaetano Micera</span> argues that it’s time to think differently when looking at upgrading ageing distributed control systems.
Government Cybersecurity Status Report (Ivanti) 4 Important Ways to Take Action and Drive Change in 2023
3 Reasons Why Organizations Need Managed Security Services (MSSP Alert) Amid IT labor shortages and intensifying cyberthreats, organizations need managed security services to stay protected, Sophos asserts.
What Is Cloud Patch Management? (The New Stack) In our cloud-heavy ecosystem, it is impractical to manually respond effectively as vulnerabilities are reported faster than they can be mitigated
Companies Prepare to Spend More on Cybersecurity Under New Rules (Defense One) Despite some complaints about the White House's new tack, industry leaders say most recognize the need for better defenses.
Preventing corporate data breaches starts with remembering that leaks have real victims (Help Net Security) When it comes to data breaches, organizations are generally informed about the risks, but is the corporate world good at preventing them?
Global Research Study Affirms Network-Derived Intelligence and Insights are Critical to the Security and Performance of Multi-Cloud Workloads (Business Wire) New findings reveal that 75 percent of enterprises believe deep observability is essential to delivering defense in depth across hybrid cloud infrastructure
Design and Innovation
The Race Against Quantum: It’s Not Too Late to be the Tortoise that Beat the Hare (Infosecurity Magazine) The race to defend against cyber threats brought on by quantum computing is on, and Jon France, CISO of (ISC)2, says the cyber industry must catch up
Legislation, Policy, and Regulation
Huawei and ZTE may not last long in Germany. Here's why (TechHQ) The government is planning on forbidding telecom operators from using certain components from Huawei and ZTE in their 5G networks.
China blasts Germany over reported plan to ban Huawei, ZTE (Al Jazeera) Chinese embassy says it opposes ‘abuse of state power’ following report Berlin will ban Chinese firms from 5G network.
Commentary: ‘We won’t pay’ - ransom negotiations in cyberattacks aren’t so straightforward (CNA) A ransomware task force in Singapore has recommended that it be made mandatory for companies to report ransom payments. Sygnia’s vice president of cyber security service in APAC weighs up the considerations behind ransom payments.
One leader for Cyber Command, NSA has ‘substantial benefits,’ report says (Record) Gen. Paul Nakasone, head of U.S. Cyber Command and the NSA, quoted a high-level, non-public DOD report as saying the two agencies' leadership structure has "substantial benefits."
USCYBERCOM’s Operations Have Strengthened Allies, Agency Lead Says (Nextgov.com) Gen. Paul Nakasone, commander of U.S. Cyber Command, told members of the Senate Armed Services Committee that the agency’s cyber partnerships have helped to build “tremendous confidence between nations.”
U.S. government debuts new cyber rules for aviation sector (Washington Post) TSA rolls out new cyber rules for airports and airline operators
NIST Renews Cyber Center Partnership, Launches Small Business Focus (Nextgov.com) The agency renewed its partnerships that support the National Cybersecurity Center of Excellence and launched the NIST Small Business Cybersecurity Community of Interest.
How China takes extreme measures to keep teens off TikTok (MIT Technology Review) TikTok announced a one-hour daily limit for users under 18, but authorities in China have pushed the domestic version, Douyin, much further.
Czech cyber security body issues TikTok warning (Radio Prague International) Czech cyber security body issues TikTok warning
TikTok data collection, influence operations potential draw U.S. NSA concern (Reuters) U.S. National Security Agency Director Paul Nakasone on Tuesday expressed concern during congressional testimony about Chinese-owned video app TikTok's data collection and potential to facilitate broad influence operations.
NSA chief warns TikTok could censor videos as part of Chinese influence operations (CNN Business) US national security officials are concerned that TikTok could use its vast global reach to shape public opinion by either suppressing certain videos or promoting others, the head of the National Security Agency and US Cyber Command told lawmakers on Tuesday.
US senators unveil bipartisan bill empowering Biden to ban TikTok and other services (CNN Business) A dozen US senators unveiled bipartisan legislation Tuesday expanding President Joe Biden's legal authority to ban TikTok nationwide, marking the latest in a string of congressional proposals threatening the social media platform's future in the United States.
McCaul Demands Clarification on Huawei Licensing Policy, Biden Admin Still Allowing CCP Access to U.S. Tech - Committee on Foreign Affairs (Committee on Foreign Affairs) Yesterday, House Foreign Affairs Committee Chairman Michael McCaul sent a letter to Under Secretary of the Bureau of Industry and Security (BIS) Alan Estevez requesting clarification of the Biden administration’s licensing policy regarding Huawei. At the House Foreign Affairs Committee hearing on February 28th, the chairman expressed deep concern after Secretary Estevez […]
Biden FCC nominee withdraws after a bruising lobbying battle (Washington Post) Gigi Sohn notified the White House she would drop out; her nomination was stalled for 16 months amid industry opposition
Acting national cyber director offers new details on upcoming cyber workforce strategy (FCW) The forthcoming plan is meant to accompany an overarching cyber strategy released last week that industry groups and cybersecurity experts said would be challenging to implement given the nation’s cyber workforce woes.
Litigation, Investigation, and Law Enforcement
Israeli Firm Suspected of Illegally Selling Classified Spy Tech (Haaretz) Haaretz reveals NFV Systems’ surveillance tools; firm under investigation by secretive defense body for skirting arms export controls, in case that may ‘damage national security’
Internal documents show Mexican army used spyware against civilians (Record) The Click Here podcast interviewed Luis Fernando Garcia, a lawyer and executive director of R3D, about revelations that Mexico's army used spyware on civilians.
Spying by Mexico’s Armed Forces Brings Fears of a ‘Military State’ (New York Times) This is the first time a paper trail has emerged to prove definitively that the Mexican military spied on citizens who were trying to expose its misdeeds.
Watchdog says US cyber agency lacks a plan for communicating during major hacks (CNN Politics) More than two years after an alleged Russian hacking campaign exposed glaring weakness in US federal defenses, the Department of Homeland Security's cyber agency has not updated a key agency blueprint for maintaining communications in the event of a major hack, the department's inspector general said Monday.
OIG Assesses CISA’s Cyber Response Post-SolarWinds (HS Today) CISA has improved its ability to detect and mitigate risks from major cyber attacks since the SolarWinds breach, but work remains to safeguard Federal networks. CISA has improved its ability to detect and mitigate risks from major cyber attacks since the SolarWinds breachwork remains to safeguard Federal networks.
GSA Misled Customers on Login.gov’s Compliance with Digital Identity Standards (Office of Inspections, Office of Inspector General, U.S. General Services Administration) In April 2022, the Office of Inspector General (OIG), Office of Inspections, initiated an evaluation of the U.S. General Services Administration’s (GSA) Login.gov services. We initiated this evaluation based on a notification received from GSA’s Office of General Counsel identifying potential misconduct within Login.gov, a component of GSA’s Technology Transformation Services (TTS) under the Federal Acquisition Service (FAS).
GSA officials misled agencies about Login-dot-gov (FCW) The agency’s inspector general blasted GSA officials for claiming that its identity proofing website met NIST guidelines for biometric comparison, charging millions for it, when it did not.
Australia demands Russia crack down on cyber criminals (Reuters) One of Australia's top government bureaucrats on Wednesday demanded Russia crack down on the large number of cyber criminals operating in the country, saying their actions posed a threat to national security.
EU tells Musk: 'Recruit more staff to moderate Twitter' (Computing) The EU has told Twitter owner Elon Musk to increase the number of human moderators and fact-checkers who review posts on the microblogging site.
WSJ News Exclusive | FTC Twitter Investigation Sought Elon Musk’s Internal Communications, Journalist Names (Wall Street Journal) The agency also asked the company to “identify all journalists” granted access to company records, according to documents obtained by a House panel that shed light on the probe into Twitter’s compliance with a settlement.
How Denmark’s Welfare State Became a Surveillance Nightmare (WIRED) Once praised for its generous social safety net, the country now collects troves of data on welfare claimants.
The Fraud-Detection Business Has a Dirty Secret (WIRED) When systems designed to catch welfare cheats go wrong, people find themselves trapped between secretive governments and even more opaque private companies.
Irish Data Watchdog Hits Cos. With Over €1B In Fines (Law360) Ireland's data regulator said on Tuesday that it imposed more than €1 billion ($1.06 billion) in fines in 2022 as it ramps up efforts to ensure that large technology businesses comply with data protection rules.
Deloitte probe into Optus data breach to be completed in May (iTWire) The findings of an investigation by professional services firm Deloitte into the Optus data breach, which came to light in September last year, will be known by late May. The probe was announced by Optus chief executive Kelly Bayer Rosmarin in October. Asked about the investigation, an Optus spokesp...