Dateline
Russia-Ukraine war at a glance: what we know on day 385 of the invasion (the Guardian) US Reaper drone forced down into Black Sea after collision with Russian fighter; Russian diplomat says Moscow does not want ‘any confrontation’
Ukraine at D+384: Close combat and preparation for a long war. (CyberWire) Russia forces a US drone down in international airspace as the Duma takes steps to secure a continued supply of manpower. Ukraine's SSSCIP looks at Russia's cyber order of battle as Kyiv moves to regularize its own hacktivists.
Ukraine Says Determined To Defend Bakhmut As Russia Keeps Up Pressure On The City (RadioFreeEurope/RadioLiberty) Russia kept up the intensity of its ceaseless assault on Bakhmut and continued to target civilian objectives, causing casualties, as President Volodymyr Zelenskiy vowed to keep defending the city in the eastern region of Donetsk and inflict maximum losses to the enemy.
Ukrainian Firefighters Overwhelmed Near Bakhmut (Military.com) Ukrainian firefighters in the Donetsk region are being overwhelmed by recent Russian attacks on towns near Bakhmut. (Mar 13) AP
'Why should I fight?': How Russian soldiers are mutinying in face of 'certain death' (The Telegraph) Videos and messages from inside Putin’s army show troops deserting, fleeing and struggling to find their teams
Russia’s next civil war has already begun (The Telegraph) Factions in the military establishment are vying for position, at the expense of Putin’s invasion effort
Flood of Russians Alters Life for Countries That Took Them In (New York Times) Russians, fleeing their country and its war, have quickly reshaped the societies of nations like Georgia and Armenia.
Russian Fighter Strikes U.S. Unmanned Aircraft (U.S. Department of Defense) A Russian Su-27 aircraft struck an Air Force MQ-9 unmanned aerial vehicle's propeller, causing U.S. forces to bring the MQ-9 down into international waters of the Black Sea.
Russian Warplane Hits American Drone Over Black Sea, U.S. Says: Live Updates (New York Times) A U.S. military official said that an American Reaper drone was brought down in international waters after one of two intercepting Russian jets hit its propeller. Russia denied that the jet made contact.
Ukraine-Russia war: Pentagon summons Russian ambassador over 'reckless' drone incident (The Telegraph) The United States has summoned Russia's ambassador to Washington after a Russian Su-27 fighter jet downed a US military drone over the Black Sea, State Department spokesperson Ned Price has said.
Opening Remarks by Secretary of Defense Lloyd J. Austin III at the Tenth Ukraine Defense Contact Group (As Prepared) (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III delivered opening remarks at the tenth meeting of the Ukraine Defense Contact Group.
To help Ukraine, UK explores supplying Eurofighter Typhoons to European MiG-29 operators (Breaking Defense) UK armed forces minister James Heappey told lawmakers the UK was investigating giving Typhoons to countries that give MiGs to Ukraine, but experts said it's unclear how the MiGs could change the war and if any other countries would really want the Typhoons in the first place.
DeSantis, Backing Away From Ukraine, Angers G.O.P. Hawks (New York Times) The Florida governor, who joined Donald Trump in declaring that defending Ukraine from Russia was not a vital interest, drew swift condemnations from establishment Republicans.
Putin failed to freeze Europe but Russia’s energy war will continue (Atlantic Council) Vladimir Putin's plan to freeze Europe into submission during the winter season failed but there is no room for complacency as Russia still sees gas and oil exports as key weapons in its campaign to isolate and destroy Ukraine.
Russian Lawmakers Introduce Bill Raising Draft Age (The Moscow Times) Russian lawmakers introduced a bill raising the upper age limit for military conscription on Monday, drawing criticism that it may be attempting to compensate for troop losses in Ukraine by expanding eligibility for mobilization.
NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine (BlackBerry) NOBELIUM, aka APT29, is a sophisticated, Russian state-sponsored threat actor targeting Western countries. BlackBerry researchers recently observed a new campaign targeting European Union countries; specifically, its diplomatic entities and systems providing help to the government of Ukraine.
Ukraine Tracks Increased Russian Focus on Cyberespionage (Bank Info Security) As Russia's full-scale invasion of Ukraine last year stalled, Russian hacking teams increasingly shifted from causing all-out disruption to cyber espionage, data
Ukraine scrambles to draft cyber law, legalizing its volunteer hacker army (Newsweek) The Ukrainian government is seeking to incorporate its volunteer hacker brigade, the IT Army, into the nation's armed forces, despite warnings.
The harrowing war crimes in Ukraine and why they may never be prosecuted (The Telegraph) Rape as a weapon of war is common, but it typically remains undisclosed and hidden under layers of stigma and fear
Ukraine must do more to counter Russian narratives in the Global South (Atlantic Council) While Ukraine enjoys overwhelming support from the West, the Global South remains reluctant to oppose or even criticize Russia's ongoing invasion. Ukraine must do more to influence opinion in Asia, Africa, and Latin America.
Attacks, Threats, and Vulnerabilities
Ring Denies Falling Victim to Ransomware Attack (SecurityWeek) Ring says it has no indications it has fallen victim to a ransomware attack after cybergang threatens to publish supposedly stolen data.
Cryptocurrency Exchange Exposed Sensitive Customer Records Online (Website Planet) Cybersecurity Researcher, Jeremiah Fowler, has recently reported a discovery of a non password-protected database to WebsitePlanet that contained
Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day (SecurityWeek) Adobe issues urgent warning for “very limited attacks” exploiting a zero-day vulnerability in its ColdFusion web app development platform.
Microsoft SmartScreen Zero-Day Exploited to Deliver Magniber Ransomware (SecurityWeek) Cybercrime group exploiting a Microsoft SmartScreen zero-day vulnerability tracked as CVE-2023-24880 to deliver the Magniber ransomware.
Fortinet: New FortiOS bug used as zero-day to attack govt networks (BleepingComputer) Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss.
Hackers used Fortra zero-day to steal sales data from cloud management giant Rubrik (Record) Cloud management giant Rubrik confirmed that hackers attacked the company using a vulnerability in a popular file transfer tool.
Ransomware Group Claims Theft of Valuable SpaceX Data From Contractor (SecurityWeek) The LockBit ransomware group claims to have stolen valuable SpaceX data after breaching the systems of Maximum Industries.
LockBit claims it stole SpaceX schematics, may leak them (Register) And also, Ring hit with ransomware, too? No, says Amazon
Key aerospace player Safran Group leaks sensitive data (Security Affairs) Top aviation company Safran Group left itself vulnerable to cyberattacks, likely for well over a year, underlining how vulnerable big aviation firms are to threat actors, according to research by Cybernews. Original post at https://cybernews.com/security/key-aerospace-player-leaks-sensitive-data/ The Cybernews research team recently discovered that the French-based multinational aviation company, the eighth largest aerospace supplier worldwide, was leaking […]
New threat group hacked EU healthcare agency and embassies, researchers say (Record) A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research.
UK Crypto Firm Loses $200m in Cyber-Attack (Infosecurity Magazine) Euler Finance suffered
UK’s largest state boarding school announces ‘sophisticated cyberattack’ (Record) The leadership of Wymondham College's parent company says the boarding school was not aware of any data breach, but some systems were affected.
Pupils affected as college hit by sophisticated cyber attack (Eastern Daily Press) Wymondham College said disruption was likely to continue until the Easter holidays due to its IT system being targeted.
LA housing authority discloses data breach after ransomware attack (BleepingComputer) The Housing Authority of the City of Los Angeles (HACLA) is warning of a "data security event" after the LockBit ransomware gang targeted the organization and leaked data stolen in the attack.
Data breach hits LA housing authority after LockBit attack (SC Media) The Housing Authority of the City of Los Angeles has disclosed having been impacted by data breach following LockBit ransomware's admission of compromising its systems and leaking its data, BleepingComputer reports.
Hacker posts more D.C. Health Link data online, exposing lawmakers' personal information (CyberScoop) Congressional officials believe 21 members of Congress have seen their personal information leaked online.
Merced College Provides Notice of Data Breach to Students Following Malware Attack (JD Supra) On March 9, 2023, Merced College (“MCCD”) filed a notice of data breach with the Attorney General of California after learning that a malware attack...
BlueVoyant Research Illuminates Latest Cyber Attack Techniques and How to Defend Against Them (PR Newswire) BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks in one platform, today released the...
Emerging External Cyber Defense Trends (BlueVoyant) To shed light on the state of external cyber defense, we compiled an analysis of emerging trends that represent critical concerns for organizations of all types.
CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
March 14 CISA KEV Breakdown | Microsoft, Fortinet (Nucleus Security) In this Breakdown, Nucleus experts explore the three vulnerabilities added to the CISA KEV list on March 14, 2023.
Security Patches, Mitigations, and Software Updates
March 2023 Patch Tuesday: Updates and Analysis (CrowdStrike) Microsoft has released 80 security patches for its March 2023 Patch Tuesday rollout: 9 vulnerabilities are rated Critical, 70 Important and 1 Moderate.
Microsoft Warns of Outlook Zero-Day Exploitation, Patches 80 Security Vulns (SecurityWeek) Microsoft warns of vulnerability (CVE-2023-23397) that could lead to exploitation before an email is viewed in the Preview Pane.
Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack (The Hacker News) Microsoft's latest Patch Tuesday update for March 2023 is here with fixes for 80 security flaws, including two actively exploited vulnerabilities.
Microsoft Releases March 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA) Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Adobe Security Bulletin (Adobe) Security updates available for Adobe ColdFusion | APSB23-25
Adobe Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
Firefox 111 patches 11 holes, but not 1 zero-day among them… (Naked Security) In the game of cricket, 111 is an inauspicious number, but for Firefox, there doesn’t seem to be much to worry about this month.
Mozilla Releases Security Updates for Firefox 111 and Firefox ESR 102.9 (Cybersecurity and Infrastructure Security Agency CISA) Mozilla has released security updates to address vulnerabilities in Firefox 111 and Firefox ESR 102.9. An attacker could exploit some of these vulnerabilities to take control of an affected system.
SAP Security Patch Day for March 2023 (Onapsis) SAP Patch Day for March 2023 addresses twenty-one new and updated patches including six HotNews Notes and four High Priority Notes.
CISA Releases Four Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA released four Industrial Control Systems (ICS) advisories on March 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Omron CJ1M PLC (Cybersecurity and Infrastructure Security Agency CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Omron
Equipment: CJ1M PLC
Vulnerabilities: Improper Access Control
Autodesk FBX SDK (Cybersecurity and Infrastructure Security Agency CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Autodesk
Equipment: FBX SDK
Vulnerability: Out-of-bounds Read, Use After Free, Out-of-bounds Write
GE iFIX (Cybersecurity and Infrastructure Security Agency CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: GE Digital
Equipment: iFIX
Vulnerability: Code Injection
AVEVA Plant SCADA and AVEVA Telemetry Server (Cybersecurity and Infrastructure Security Agency CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: AVEVA
Equipment: AVEVA Plant SCADA and AVEVA Telemetry Server
Vulnerability: Improper Authorization
Trends
Entrust Survey Reveals Consumers Can’t Remember Their Passwords and It’s Reshaping the Identity Landscape (Business Wire) The Future of Identity Report Finds Consumers Want More Convenience Without Sacrificing Security
Huntress Research Survey Pulls Back Curtain on Security Threats to Mid-Sized Businesses (GlobeNewswire News Room) 61% of mid-sized businesses do not have dedicated cybersecurity experts...
DirectDefense Reports the Top Threats from 2022 and What’s Trending for 2023 (DirectDefense) Read highlights from the first-ever security operations threat report by DirectDefense.
Data Loss Prevention and Data Security Survey Report | CSA (Cloud Security Alliance) In partnership with Netskope, CSA developed a survey about data loss prevention and data security in the cloud, including DLP strategies and challenges.
Marketplace
Samsung Next Invests In Mitiga, Brings Total Funding to $45M (PR Newswire) Mitiga, the cloud and SaaS incident response leader, today announced the completion of its Series A Round, bringing total funding to $45...
Optiv More Than Doubles Federal Presence With ClearShark Acquisition (Dark Reading) Convergence of two leading cybersecurity companies creates federal sector powerhouse.
A-Labs Reaffirms $20 million PIPE Investment in HUB at $10 per share (PR Newswire) HUB Cyber Security Ltd (Nasdaq: HUBC), a developer of Confidential Computing cybersecurity solutions and services ("HUB" or the "Company"),...
Keyfactor Joins the Connectivity Standards Alliance (Business Wire) The IoT Security Leader Will Fuel Digital Trust in Matter-Certified IoT Devices, Enabling Faster, More Secure Go to Market Product Strategies for Customers
Silicon Valley Bank collapse poses challenge for cybersecurity defenders, firms (Washington Post) The cyber impact of the Silicon Valley Bank collapse
IT Leaders Reassess Vendor Risks After Silicon Valley Bank Collapse (Wall Street Journal) CIOs say they are checking in with suppliers and have brushed up on contingency plans. ‘If you receive the warning from the universe, take it on board.’
New SVB CEO: Startup Debt Facilities ‘Will be Honored,’ Says ‘A Lot of People’ Interested in Bank Assets (The Information) The government-appointed CEO of the Silicon Valley ‘bridge bank’ asked venture capitalists on Tuesday morning to keep deposits at the bank and return them to the institution. He also said clients with existing debt facilities will be honored. “I’m not asking you to do this as an act of charity,” ...
Apollo Asks VCs to Back Its Bid For Silicon Valley Bank Assets (The Information) Private equity giant Apollo Global Management has asked major venture capital firms to help finance a bid for the assets of Silicon Valley Bank, according to a person with knowledge of the discussion. Earlier, The Information reported that several firms, including General Catalyst, Andreessen ...
The collapse of Silicon Valley Bank foreshadows a bigger reckoning for the tech industry (Business Insider) "They will learn nothing from this": Tech-industry leaders remain staggeringly oblivious to the true lessons of Silicon Valley Bank's collapse.
Where the Venture Community Goes From Here (The Information) March 9, 2023, will be remembered as a sad day in Silicon Valley’s history. We have been through crises before—the Japan Inc. fears of the 1980s; the dot-com bubble during which my firm, General Catalyst, was founded; the global financial crisis of the late 2000s; the Covid-19 crisis we’re still ...
Opinion | How Bad Was the Silicon Valley Bank Bailout? (New York Times) It may not have been necessary, but it won’t do much harm, either.
Crypto Reg Affairs: Bank Collapses Raise Questions Over Crypto-Banking Relationships (Elliptic Connect) The failure of three US banks within a matter of days has raised questions around how the crypto industry will continue to secure much-needed banking relationships. Read more.
In Their Own Words: What Silicon Valley Bank Meant To The Valley (Crunchbase News) We spoke to some Silicon Valley investors on the impact of SVB and what its downfall means for them personally and professionally.
Lawmakers Split on Tighter Rules After Silicon Valley Bank Failure (Wall Street Journal) Democrats want to look at tightening regulations on midsize banks, while Republicans are criticizing Democratic spending as a root cause of the bank’s weakness.
WSJ News Exclusive | Justice Department, SEC Investigating Silicon Valley Bank’s Collapse (Wall Street Journal) The probes include examining executives’ share sales before bank’s failure.
‘Old-School’ Signature Bank Collapsed After Its Big Crypto Leap (Bloomberg) The lender survived blowups with cabbies, “bad landlords” and Trump — only to fall after trying a side gig.
KnowBe4 Recognized as a Microsoft Security Excellence Awards Finalist for Diversity in Security (KnowBe4) KnowBe4 Recognized as a Microsoft Security Excellence Awards Finalist for Diversity in Security
Zero Trust Pioneer John Kindervag Joins Traceable AI as an Advisor (PR Newswire) Traceable AI, the industry's leading API security company, today announced that John Kindervag, known for creating the Zero Trust Model for...
QuSecure Expands Experience of Executive Leadership Team as Post-Quantum Cybersecurity Market Rapidly Accelerates (Business Wire) Former Northrup Grumman, Raytheon and National Security Agency Executive Aaron Moore Named Executive Vice President and Head of Engineering
SecurityScorecard Appoints Former U.S. Congressman John Katko as Senior Advisor (SecurityScorecard) Capitol Hill cybersecurity leader joins the company’s Cybersecurity Advisory Board to drive further adoption of security ratings in the public...
Products, Services, and Solutions
Camozzi Group and Radiflow Announce Collaboration on Industrial Systems Cybersecurity (StartupHub.ai) Camozzi Group, a leading provider of Industrial Automation solutions, and Radiflow, part of Sabanci Holding and a global player in Industrial Cybersecurity and Operational Technology (OT), have announced a collaboration agreement to implement cybersecurity technologies across Camozzi’s production sites. The collaboration between Camozzi Group and Radiflow aims to strengthen the resilience and security of industrial […]
New Partnership Brings Forter’s Fraud Prevention Solution to Wix Merchants (Business Wire) Forter, the Trust Platform for digital commerce, today announced its partnership with Wix.com Ltd. (Nasdaq: WIX), a leading global SaaS platform to create, manage, and grow an online presence. The partnership delivers Forter’s accurate, real-time decisions to Wix merchants in certain countries — increasing their approval rates, reducing fraud and delivering superior customer experience.
Datadobi and Climb Channel Solutions Launch StorageMAP File System Assessment Service (Datadobi) StorageMAP File System Assessment Service: providing needed insight into Customers’ Rapidly Growing Unstructured Data Storage Estate.
Zetron Awarded Cybersecurity Services Contract for Kansas Counties (PRWeb) Zetron, a global leader in integrated mission critical communications technology, announced today that the North Central Regional Planning Commission (NCRPC)
Vaultree Launches Software Development Kit, Making Scalable Data-In-Use Encryption Generally Available to All Enterprises (Business Wire) This first-of-its-kind Fully Functional Data-In-Use Encryption toolkit will transform enterprise security
NordVPN makes its Meshnet private tunnel free for everyone (BleepingComputer) NordVPN's Meshnet private tunnel feature for Windows, macOS, and Linux is now free for everyone, even users who do not have a subscription to NordVPN.
Motorola Solutions releases new Avigilon security suite to improve enterprise security (Help Net Security) The new Avigilon security suite from Motorola Solutions makes enterprise-grade physical security accessible to businesses of any size.
ThreatHunter.ai Launches Comprehensive FIVE EYES Solution to Revolutionize Cybersecurity (ACCESSWIRE News Room) ThreatHunter.ai is proud to announce the launch of its comprehensive FIVE EYES cybersecurity solution, designed to provide complete coverage and protection against all manner of threats BREA, CA / ACCESSWIRE / March 14, 2023 / Leading cybersecurity firm ThreatHunter.ai has announced the launch of its comprehensive FIVE EYES solution, a cutting-edge approach to cybersecurity that provides unparalleled protection to organizations. FIVE EYES
Zscaler Extends CNAPP Capabilities with Integrated Data Loss Prevention and Threat Intelligence from the World’s Largest Security Cloud (GlobeNewswire News Room) Integration Provides Precise Understanding of Cloud Risk by Correlating Sensitive Data Discovery and Security Signals Across an Array of Security Products...
RANE Launches New Cyber Intelligence Solution (GlobeNewswire News Room) Unique, strategic cyber intelligence provides value across operating teams...
CyberGRX Integrates with ServiceNow to Streamline Third-Party Cyber Risk Programs (Business Wire) Customers will now have access to CyberGRX’s extensive third-party risk datasets
Palo Alto Networks Leads the Industry to AI-Powered SASE (Palo Alto Networks) News Summary Palo Alto Networks today announced new capabilities to boost its single-vendor SASE solution enabling organizations to automate their increasingly complex IT and network operations...
Google Selects Fastly Oblivious HTTP Relay for Privacy Sandbox Initiative to Enhance Online Privacy for Billions of Chrome Users (Business Wire) Fastly, Inc. (NYSE: FSLY), the world’s fastest global edge cloud platform, today announced it has entered into an agreement with Google LLC (NASDAQ: GOOGL) to operate an Oblivious HTTP Relay (OHTTP Relay) as part of FLEDGE, the Privacy Sandbox initiative to improve privacy while continuing to support tailored advertising.
OneWelcome Identity Platform Expansion in new USA Zone (Thales) Thales brings OneWelcome Identity Platform to new United States zone. European leader in CIAM, enables secure and frictionless digital journeys for their customers.
NeoSystems Recognized as Industry-Leading Managed Service Provider by CRN (NeoSystems LLC) NeoSystems Recognized as Industry-Leading Managed Service Provider by CRN
Axis' Atmos SSE Platform Named Best Security Service at 19th Annual 2023 Globee® Cybersecurity Awards (PR Newswire) Axis announced today that its Atmos Security Service Edge (SSE) platform has been named Best Security Service at 19th Annual 2023 Globee®...
Seraphic Security Takes Home Two 2023 Globee Cybersecurity Awards (Business Wire) Award recognizes company’s innovation in Browser Isolation, Cybersecurity Industry Solution categories
Tanium XEM Platform Brings Home the Gold in the 19th Annual 2023 Globee® Cybersecurity Awards (Business Wire) Converged endpoint management innovator wins again for vulnerability assessment, remediation, and management capabilities
Technologies, Techniques, and Standards
Dangers from Hacks Stretch Beyond Broken Computer Systems (Wall Street Journal) When hackers strike, responding to the damage becomes an all-encompassing affair. Business leaders who communicate poorly about an incident, including about steps to recovery, alienate customers and stakeholders, executives who have experienced cyberattacks say.
NSA Releases Recommendations for Maturing Identity, Credential, and Access Management in Zero Trust (National Security Agency/Central Security Service) The National Security Agency (NSA) released the “Advancing Zero Trust Maturity throughout the User Pillar” Cybersecurity Information Sheet (CSI) today to help system operators’ mature identity,
The NSA has advice for protecting the smallest elements in the nation’s critical infrastructure (Federal News Network) You could think of integrated circuits (chips), as the smallest building blocks in the nation's critical infrastructure. Recently, the National Security Agency (NSA) issued detailed guidance on…
CISA Trials Ransomware Warning System for Critical Infrastructure Orgs (Dark Reading) An agency team will identify vulnerabilities being exploited by ransomware groups and alert organizations ahead of attacks, CISA says.
CISA Establishes Ransomware Vulnerability Warning Pilot Program (Cybersecurity and Infrastructure Security Agency CISA)
OpenSSH Privilege Separation and Sandbox - Attack Surface Analysis (JFrog) An in-depth analysis of OpenSSH's attack surface and security measures. Read our research findings and analysis >
We can't wait for SBOMs to be demanded by regulation (Help Net Security) Don't wait for regulation and enact policies that act as if strict demands on SBOMs exist. You have to plan carefully for the future.
Design and Innovation
GPT-4 has arrived. It will blow ChatGPT out of the water. (Washington Post) The long-awaited tool, which can describe images in words, marks a huge leap forward for AI power — and another major shift for ethical norms
OpenAI’s GPT-4 exhibits “human-level performance” on professional benchmarks (Ars Technica) Multimodal AI model can process images and text, pass bar exams.
Concentric AI Announces Industry’s First Support for Optimized Large Language Models Delivering Unmatched Data Security Posture Management (Business Wire) Company’s Adaptive Manifold Compression Models Optimize Data Intensive Large Language Models to Accurately Discover All Sensitive Data Models with Context Quickly and Efficiently
Research and Development
New algorithm may change the future of secure communication (Help Net Security) Researchers have made a significant breakthrough in secure communication by developing an algorithm that conceals sensitive information.
Academia
SU axe student-led inquiry into data breach (Varsity Online) The SU’s board of trustees has blocked the student-led inquiry into concerns over a data breach and replaced it with an external investigation, amid student concerns about a ‘culture of secrecy and cover-up
Legislation, Policy, and Regulation
UK's National Cyber Security Centre reviewing TikTok risks, minister says (Reuters) Britain's National Cyber Security Centre is reviewing whether Chinese-owned video app TikTok should be banned from government phones, security minister Tom Tugendhat said on Tuesday.
UK creates new National Protective Security Agency (Register) A threat that needs two orgs to tackle it: the 'Integrated Security Fund' and the 'National Protective Security Agency'
UK quietly shifts China policy as trust between countries erodes (the Guardian) British stance edges closer to the US, but many MPs want government to go further and designate China as a threat
BBC given £20m war chest to counter disinformation (PR Week) BBC given £20m war chest to counter disinformation. From PR Week
Presidential advisory council recommends cyber mandates for critical infrastructure (CyberScoop) The National Infrastructure Advisory Council also stresses the need for cybersecurity mandates on tech vendors serving the industrial sector.
Key Takeaways from the US National Cybersecurity Strategy (Baker Hostetler) The Biden Administration’s much-awaited National Cybersecurity Strategy calls for fundamental change to “the underlying dynamics of the digital ecosystem” and seeks to rebalance responsibility for cybersecurity defense between the federal government and the private sector.
Litigation, Investigation, and Law Enforcement
Police shut down dark web crypto laundering service linked to FTX hack (TechCrunch) The FBI and other International, law enforcement agencies took down a crypto laundering service linked to the FTX hack and ransomware gangs.
Proposed class action lawsuit filed over Lehigh Valley Health Network data breach (Yahoo News) Mar. 14—The Lehigh Valley Health Network knew that hospital systems nationwide are prone to cybercriminal attacks, but it still failed to take sufficient measures to protect its patients' information, according to a proposed class action lawsuit. The lawsuit appears to be the first to seek damages on behalf of patients impacted by a data breach at LVHN's Lackawanna County-based Delta Medix ...
Investigation into Congress health data breach could take weeks (Courthouse News Service) A hacker who gained access to the District of Columbia’s health insurance portal may have collected the personal information of several members of Congress and their families.