Dateline Moscow and Kyiv: Vladimir Putin, accused war criminal.
Ukraine at D+389: ICC's arrest warrant. (CyberWire) After the ICC issues a warrant for his arrest in connection with the unlawful deportation of Ukrainian children, Russia's President Putin responds with weekend visits to the Sevastopol Children's Palace (to show he's on the side of the children) and to Mariuopl (to show Donetsk is Russia's).
Russia-Ukraine war: List of key events, day 390 (Al Jazeera) As the Russia-Ukraine war enters its 390th day, we take a look at the main developments.
China's Xi meeting Putin in boost for isolated Russia leader (AP NEWS) Chinese leader Xi Jinping is due to meet with Vladimir Putin in a political boost for the isolated Russian president after the International Criminal Court charged him with war crimes in Ukraine .
Russia Launches Fresh Wave Of Drone Strikes In Ukraine After ICC Issues Arrest Warrant For Putin (RadioFreeEurope/RadioLiberty) Ukraine said Russia launched drone strikes in several areas of the country overnight after the International Criminal Court (ICC) announced it had issued an arrest warrant for Russian President Vladimir Putin for alleged war crimes.
‘Dear Vladimir Vladimirovich’ — Russian conscripts decry ‘criminal orders’ (Washington Post) In a dimly lit room, a dozen or so men in Russian military uniforms, their faces concealed by dark balaclavas, stood around a man reading out a letter addressed to President Vladimir Putin.
China's Xi meeting Putin in boost for isolated Russia leader (AP NEWS) Chinese leader Xi Jinping is due to meet with Vladimir Putin in a political boost for the isolated Russian president after the International Criminal Court charged him with war crimes in Ukraine .
Putin's next power move after 'returning to the scene of the crime' (The Telegraph) Ukraine says a ‘criminal always returns to the crime scene’ as the Russian president takes the wheel around the war-torn city
Russian attacks continue in wake of Putin arrest warrant (AP NEWS) Widespread Russian attacks continued in Ukraine following the International Criminal Court’s decision to issue an arrest warrant for Russian President Vladimir Putin and Russia’s commissioner for children’s rights.
Situation in Ukraine: ICC judges issue arrest warrants against Vladimir Vladimirovich Putin and Maria Alekseyevna Lvova-Belova (International Criminal Court) Today, 17 March 2023, Pre-Trial Chamber II of the International Criminal Court (“ICC” or “the Court”) issued warrants of arrest for two individuals in the context of the situation in Ukraine: Mr Vladimir Vladimirovich Putin and Ms Maria Alekseyevna Lvova-Belova. Mr Vladimir Vladimirovich Putin, born on 7 October 1952, President of the Russian Federation, is allegedly responsible for the war crime of unlawful deportation of population (children) and that of unlawful transfer of population (children) from occupied areas of Ukraine to the Russian Federation (under articles 8(2)(a)(vii) and 8(2)(b)(viii) of the Rome Statute).
Statement by Prosecutor Karim A. A. Khan KC on the issuance of arrest warrants against President Vladimir Putin and Ms Maria Lvova-Belova (International Criminal Court) On 22 February 2023, I submitted applications to Pre-Trial Chamber II of the International Criminal Court for warrants of arrest in the context of the Situation in Ukraine. Today, the Pre-Trial Chamber has issued arrest warrants in relation to the following two individuals: Mr Vladimir Putin, President of the Russian Federation; and Ms Maria Lvova-Belova, Commissioner for Children’s Rights in the Office of the President of the Russian Federation.
International court issues war crimes warrant for Putin (AP NEWS) THE HAGUE (AP) — The International Criminal Court said Friday that it has issued an arrest warrant for Russian President Vladimir Putin for war crimes, accusing him of personal responsibility for the abductions of children from Ukraine .
Ukraine-Russia war latest: ICC issues arrest warrant for Vladimir Putin over war crimes (The Telegraph) The International Criminal Court has issued an arrest warrant for Vladimir Putin for war crimes because of his alleged involvement in the abduction of children from Ukraine.
Live Updates: International Criminal Court Issues Arrest Warrant for Putin (New York Times) The court at The Hague accused the Russian president of bearing criminal responsibility for the abduction and deportation of Ukrainian children. Human rights groups praised the move, though the likelihood of an imminent arrest appeared slim.
International Criminal Court Issues Arrest Warrant for Putin for War Crimes (Bloomberg) The International Criminal Court issued an arrest warrant for Russian President Vladimir Putin for war crimes related to the alleged abduction of children from Ukraine, a largely symbolic move for now that the Kremlin shrugged off.
Experts react: The International Criminal Court just issued an arrest warrant for Putin. Will he wind up behind bars? (Atlantic Council) The Russian president and the Russian commissioner for children’s rights stand accused of the war crime of abducting Ukrainian children, and more charges may follow.
How Moscow grabs Ukrainian children and makes them Russian (The Telegraph) Adoption of thousands of children is being portrayed as an act of generosity that gives new homes and medical resources to helpless minors
Could Putin Really Be Prosecuted for War Crimes? (Bloomberg) Usually, it’s only after fighting ends that prosecutions begin for breaking the rules of war.
Vladimir Putin's arrest warrant: Could the Russian leader face trial? (The Telegraph) The president has become only the third sitting head of state to be indicted, but bringing him to court will prove very difficult
Ukraine (International Criminal Court) Ukraine is not a State Party to the Rome Statute, but it has twice exercised its prerogatives to accept the Court's jurisdiction over alleged crimes under the Rome Statute occurring on its territory, pursuant to article 12(3) of the Statute.
‘We had to hide them’: how Ukraine’s ‘kidnapped’ children led to Vladimir Putin’s arrest warrant (the Guardian) Thousands have been taken to Russia for ‘adoption’ or ‘re-education’, but the international community is seeking justice• Russia-Ukraine war – live updates
Joe Biden hails decision to issue ICC arrest warrant against Vladimir Putin (the Guardian) US president joined by German chancellor in support of action taken after Russia’s abduction of Ukrainian children
Putin Visits Occupied Crimea, a Day After War-Crimes Warrant (New York Times) President Vladimir V. Putin of Russia marked the anniversary of his illegal seizure of the Ukrainian peninsula, signaling defiance to the world and business as usual to his own people.
Russian President Putin visits occupied city of Mariupol (AP NEWS) Russian President Vladimir Putin has visited the occupied port city of Mariupol , his first trip to the Ukrainian territory that Moscow illegally annexed in September.
Ukraine war: Putin pays visit to occupied Mariupol, state media reports (BBC News) The Russian president toured the Ukrainian city devastated by Russian shelling, the Kremlin says.
Slovakia Will Send Entire Fleet of MiG-29 Jets to Ukraine (Bloomberg) Slovakia to send 13 fighter jets to Ukraine, officials say. NATO nation Slovakia joins Poland in sending fighters to Kyiv.
The Case for a Security Guarantee for Ukraine (Foreign Affairs) How to protect the country—without NATO membership.
This Week in the Russia-Ukraine War (March 17) (Defense Security Monitor) A snapshot of recent news from sources around the world on the ongoing Russia-Ukraine war. Poland has announced that it will be the first of the NATO allies to send fighters to support Ukraine. Po…
Putin's Mariupol visit is a symbol of his failure (The Telegraph) No amount of reinvention can disguise that seizing the city is far from what Putin sought to achieve with his brutal invasion
Putin’s war is headed for a terrifying escalation (The Telegraph) The increasingly erratic Russian president has backed himself into a corner. All the ingredients for a terrible miscalculation are present
Restricting Civil Rights Led to War (Wilson Center) Russia’s war against Ukraine has been going on for a year. Tens of thousands of people have been killed. Millions of Ukrainians are displaced; tens of millions live in anticipation of missile strikes.
Putin signs law criminalizing slander of any participants in special military operation (TASS) Spreading fake news about volunteers participating in the special operation will be punishable with 15 years in prison
The Constitutional Process in Wartime Ukraine (Wilson Center) Despite a limited judiciary and wartime conditions, the Constitutional Court has resolved a long-standing matter concerning MPs’ immunity and the Verkhovna Rada has adopted a law intended to improve how candidates for the Court are selected, opening the way to further reforms aligning Ukraine with EU norms.
Russia open to proposals on resolving Ukraine issue, says diplomat (TASS) Moscow will not accept the language of ultimatums, though, Russian Foreign Ministry Spokeswoman pointed out
China’s Xi to meet Putin in Russia next week (Washington Post) Chinese leader Xi Jinping will travel to Russia next week to meet with his Russian counterpart Vladimir Putin in the strongest show of Beijing’s support for Moscow since the war in Ukraine began.
What Zelenskyy should know before he talks with Xi (Atlantic Council) If Zelenskyy withholds his honest assessment of Beijing's peace plan, he may risk giving Beijing the perfect cover to refute questions about its alleged neutrality—and do little to ensure an outcome to the crisis that actually works for Ukraine.
The Russian Invasion of Ukraine and the Arab World, One Year After (Wilson Center) The Russian invasion of Ukraine has brought hardships and opportunities to the Arab region. Energy producers reaped handsome profits while populations were hit by price inflation. The Arab block has maintained political unity, but cracks may form as the war persists.
Opinion Some of my GOP colleagues have lost their moral compass on Ukraine (Washington Post) “America First” does not mean “America Only.” It means putting our interests first — and that’s what opposing Russia in Ukraine does.
Russia and West accuse each other of cyber attacks (The Economic Times) A Russian diplomat said the West has unleashed a full-scale campaign against Russia since the start of Moscows war against Kyiv, with the intention to test the strength of the countrys economy, financial and energy sectors, as well as its main industries.
Ukraine warns that hacked software can be infected with Russian viruses (Kyiv Independent) Ukraine's Special Communications Service warned on March 19 that Russian hackers share hacked software online to get access to the data of Ukrainian users and Ukrainian companies and state agencies.
Russian hackers spread infected software through torrents (SSSCIP) The SSSCIP warns: downloading cracked software is extremely dangerous. Such software is usually shared via torrent trackers that are actively used by criminals, including russian special agencies, by adding malicious codes to cracked software. This issue is referred to in the SSSCIP report Russia’s Cyber Tactics: Lessons Learned 2022.
Moldova: Russian disinformation rockets tenfold since the start of Ukraine war (Sky News) Moldova's President Maia Sandu says they're fighting a hybrid war and are under attack from Kremlin interference which is aimed at destabilising Ukraine's neighbours.
KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks (Azure Network Security Team) In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups.
Pro-Russia hackers are increasingly targeting hospitals, researchers warns (Record) Cybersecurity researchers said this week that they have observed the pro-Russia hacking group known as Killnet increasingly launch distributed denial of service (DDoS) attacks targeting healthcare organizations since November.
Russian hacktivist group targets India’s health ministry (CSO Online) The Phoenix group claims to have access to all hospital systems in India and information on hospital employees and chief physicians.
Russian Hacktivist group Phoenix targets India’s Health Ministry Website (Threat Intelligence | CloudSEK) CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor group claiming to have targeted an Indian government website.
Everything We Know About CVE-2023-23397 (Huntress) Huntress is tracking CVE-2023-23397, a 0-day that impacts Microsoft Outlook and requires no user interaction to expose user credential hashes.
In Ukraine, Crypto Finds a Purpose (WIRED) The UN’s refugee agency has partnered with blockchain and money transfer companies to get vital aid to people displaced by conflict.
SBU exposes Russian intel agent group, including nurse of Ukrainian combat unit (Yahoo Life) Ukraine’s SBU Security Service uncovered Russian sleeper agents leaking positions of the Ukrainian Defense Forces near Bakhmut to Russian intelligence, the SBU’s press service reported on Telegram on March 16.
Biden administration quietly resumes deportations to Russia (the Guardian) Exclusive: Apparent reversal of position adopted after invasion of Ukraine sends men fleeing Putin’s draft back to Russia
Acting Out Wartime Emotions (Wilson Center) “When you hear the sound of a shell flying at your house, at first you feel fear, then hatred. Hatred for whoever did it. For all of Russia, for all inhabitants without exception.” This line, by the first-person narrator in Olena Astaseva’s play “A Dictionary of Emotions in a Time of War” reveals more about the future of Ukrainian-Russian relations than all the well-meaning calls for peace in formal and informal media outlets.
Attacks, Threats, and Vulnerabilities
Attackers are starting to target .NET developers with malicious-code NuGet packages (JFrog) Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically – there was no public evidence of severe malicious activity in the NuGet repository other than spam packages used for spreading phishing links. As with other repositories, the JFrog Security Research team regularly monitors the …
Cyber Threats in the Wake of the SVB Collapse (ReliaQuest) The collapse of SVB leaves some businesses vulnerable to new cyber threats. In this blog, we explore threat scenarios and provide mitigation advice.
SVB’s collapse is a scammer’s dream: Don’t get caught out (WeLiveSecurity) Here's what to watch out for as cybercriminals try to exploit Silicon Valley Bank's meltdown for their own ends – and at your expense.
Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe (WeLiveSecurity) Scammers are looking to cash in on the chaos that has set in amid the meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse.
New SILKLOADER malware loader gains traction in Russian, Chinese hackers (SC Media) More Russian and Chinese hacking operations have been leveraging the new SILKLOADER malware loader that facilitates the delivery of Cobalt Strike in compromised machines through DLL side-loading techniques, according to The Hacker News.
The new black version of Lockbit ransomware is even more destructive and difficult to detect (Information Security Newspaper | Hacking News) The new black version of Lockbit ransomware is even more destructive and difficult to detect
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (BleepingComputer) A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm with the potential for massive attacks.
Go-based HinataBot latest botnet to focus on DDoS attacks (SC Media) Akamai researchers say the HinataBot botnet has been active for the first three months on 2023, but has exploited vulnerabilities from as far back as 2014.
Chinese threat group suspected to be behind Fortinet zero-day attacks (SC Media) Several attacks against government organizations involving the exploitation of a Fortinet FortiOS vulnerability, tracked as CVE-2022-41328, since the middle of last year have been attributed to China-linked attackers UNC3886, reports BleepingComputer.
Emotet Rises Again: Evades Macro Security via OneNote Attachments (The Hacker News) Emotet is back, now hiding in Microsoft OneNote email attachments to bypass macro-based security restrictions and compromise systems.
Inside the DEA Tool Hackers Allegedly Used to Extort Targets (Vice) The DEA run "EPIC Portal" includes access to license plate reader information, drug seizures, intelligence reports, and more.
Samsung’s Exynos chips cited for potentially hackable flaws (Record) Important Samsung-made chips inside several popular Android devices have serious vulnerabilities that could allow attackers to “silently and remotely” compromise them, researchers said Thursday.
Beware of New Trigona Ransomware Attacking Finance and Marketing Industries (GBHackers - Latest Cyber Security News | Hacker News) The relatively new Trigona ransomware strain, according to Unit 42 researchers, was particularly active in December 2022, targeting industries in the manufacturing, finance, construction.
Clop ransomware expands GoAnywhere victims list, as Hitachi and more confirm incidents (Record) Some of the two dozen organizations added to a victim list on Thursday by the Clop ransomware group have confirmed that they were targeted with cyberattacks.
Hitachi Energy confirms data breach after Clop GoAnywhere attacks (BleepingComputer) Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability.
Hitachi Energy Group hit by cyber-attack, says network operations not compromised (cnbctv18.com) The company said a third-party software provider called FORTRA GoAnywhere MFT (Managed File Transfer) was the victim of an attack by the CLOP ransomware group.
NBA alerts fans of a data breach exposing personal information (BleepingComputer) The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, "held" by a third-party newsletter service, was stolen.
Another company has been hacked and Australian customers are furious that not enough is being done to protect data (ABC) As well as being a Latitude Financial customer, Courtney was also caught out by the Medibank and Optus cyber-attacks. She says companies need to do more than send generic emails and platitudes.
Ransomware Gangs Release Naked Photos of Cancer Patients, Student Sexual Assault Records (Campus Safety Magazine) Cybersecurity experts say ransomware groups are going to extremes as more organizations refuse to pay ransoms.
LCC to resume some classes but remain offline next week (Lansing State Journal) LCC said all staff, non-teaching faculty and student employees should report to their workplaces on Monday and follow their regular work schedules.
Minneapolis Public Schools confirms hackers released personal data (kare11.com) The district is offering free credit monitoring and identity protection services for those potentially impacted after MPS data was released on the "dark web" Friday.
YouTube millionaires are not your friends (Vox) YouTube and TikTok are plagued with 20-something "passive income" bros who want your attention — and your money.
Twitter silent as hackers scam users with stolen high-profile verified accounts (Mashable) Users are being scammed out of money and Twitter support is MIA.
Romance scammers are bilking Americans out of $1.3 billion a year (Business Insider) Be careful who you trust online: more people are getting scammed out of thousands of dollars by people who claim to love them.
Security Patches, Mitigations, and Software Updates
Drupal Releases Security Advisory to Address Vulnerability in Drupal Core | CISA (Cybersecurity and Infrastructure Security Agency CISA) Drupal has released a security advisory to address an access bypass vulnerability affecting multiple Drupal versions. An attacker could exploit this vulnerability to take control of an affected system.
Dangerous Android phone 0-day bugs revealed – patch or work around them now! (Naked Security) Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.
Pixel Markup vulnerability lets some screenshots be un-redacted, un-cropped; fixed by March update (9to5Google) Besides an Exynos modem vulnerability, the Android 13 QPR2 March 2023 security update fixes an issue with the Pixel Markup screenshot tool...
Trends
Recent wave of data breaches at telecom companies spotlights industry's weaknesses (Axios) Telecommunications companies collect a wealth of data about their customers.
Global cybersecurity spending to top $219B this year: IDC (Cybersecurity Dive) Persistent cyberattack threats, increased regulations and the demands of hybrid work are driving sustained growth.
Up to 45% of U.S. Businesses Stopped Using a Software Platform Because of Security Concerns (Business Wire) 50% of businesses say security is the most influential factor when they buy software, according to Capterra’s new survey
Businesses Say Security is the Top Factor When Buying Software—Here’s What They’re Looking For (Capterra) Discover the security features that are most important to software buyers, and find out which security certifications are most appealing.
Marketplace
Minerva Labs purchased by Rapid7 for $38M (SC Media) Ransomware detection startup Minerva Labs has been acquired by cybersecurity provider Rapid7 in a $38 million deal as it seeks to bolster its managed threat detection and response service, according to SiliconAngle.
Mastercard strengthens customer security with new AI ‘Cyber Shield’ (Mastercard) Mastercard today acquired cloud-based cybersecurity company Baffin Bay Networks to better help businesses deal with the increasingly challenging nature of cyber-attacks.
Market Guide for Cloud-Native Application Protection Platforms (Gartner) CNAPPs address the full life cycle protection requirements of cloud-native applications from development to production. Security and risk management leaders responsible for cloud security strategies should use this research to analyze and evaluate emerging CNAPP offerings.
SVB Financial Goes Bankrupt, Buying Time to Repay Creditors (Bloomberg) Banking unit was biggest to enter FDIC receivership since 2008. Prominent VC firms advised portfolio companies to pull cash.
SVB Financial files for Ch. 11 bankruptcy protection, says it has $2.2B in liquidity (TechCrunch) It plans to file a motion to resume business while looking for buyers of its assets "in the coming days."
A North Carolina bank is reportedly weighing a bid for Silicon Valley Bank (Silicon Valley Business Journal) First Citizens Bank is reportedly among a "handful" of potential bidders for Silicon Valley Bank.
Before Collapse of Silicon Valley Bank, the Fed Spotted Big Problems (New York Times) The bank was using an incorrect model as it assessed its own risks amid rising interest rates, and spent much of 2022 under a supervisory review.
‘We’ve Got to Take Care of Our People’: The Instant Oral History of the Silicon Valley Bank Collapse (The Information) On a cosmic level, the collapse of Silicon Valley Bank was a mere blip. The murmurs about trouble began last Wednesday, the panic spread via group texts and Twitter threads on Thursday, the bank went under on Friday, the government got its act together on Saturday, and on Sunday every current ...
The Ugly Lessons of Silicon Valley Bank’s Collapse (WIRED) Notoriously smart risk-takers missed a huge threat under their own noses, while avowed libertarians begged for government help.
Pain In the Tech Industry Is Beginning to Hit the Rest of Us (Wall Street Journal) Up to one in five jobs in America is dependent on the tech industry; ‘You never let an opportunity for a good, thoughtful resizing be lost’
'Most extreme form of panic:' Tysons cyber firm RunSafe Security talks about SVB ordeal (Washington Business Journal) If Joe Saunders could pinpoint the most stressful moment of his work life, the morning of March 9 is definitely a top contender.
How Venture Capital Can Avoid the Next Silicon Valley Bank Fiasco (WIRED) The crisis exposed Big VC’s flaws. It’s time to rethink venture capital’s power—and reimagine investment in innovation.
SVB Collapse Could Trigger More Corporate M&A, Tech Leaders Say (Wall Street Journal) The increasing pressure on venture capital investing from the collapse of Silicon Valley Bank and other macroeconomic factors could spur a pick up in technology-focused corporate M&A, according to business technology leaders.
SVB collapse hits Japanese banks harder than Chinese ones (Nikkei Asia) Investors punish Asian lenders with big portfolios of interest rate-sensitive bonds
TikTok Tries to Allay Advertisers’ Concerns as U.S. Ban Threat Looms (The Information) No matter what happens in Washington, TikTok needs to keep advertisers spending money on the app. The latest threat of a ban, made recently by the Biden administration, has prompted marketers to consider their alternatives, ad executives say. TikTok has been taking steps to reassure the ad ...
TikTok Creators Contemplate Life After Possible Ban: ‘It All Can Be Taken Away’ (Wall Street Journal) The platform created business opportunities for some users. Now, they’re planning for what might come next.
Huawei has replaced 13,000 parts, redesigned circuits to beat US sanctions (South China Morning Post) Huawei took measures to substitute imports and redesign circuit boards to survive US sanctions, founder Ren Zhengfei said in a transcript from a seminar last month.
Amazon To Cut 9,000 More Jobs After Earlier Layoffs (Wall Street Journal) CEO Andy Jassy cited an ‘uncertain economy’ and more uncertainty in the near future.
BlackBerry Wins 8 Cybersecurity Excellence Awards (BlackBerry) There’s something special about being recognized because your cybersecurity products, services and company stand out from the competition — and provide uniquely powerful protection for customers. That’s why I’m thrilled to announce BlackBerry’s spectacular results in the 2023 Cybersecurity Excellence Awards.
Bishop Fox Innovation Recognized with Seven New Awards in Q1 2023 (GlobeNewswire News Room) Company and Cosmos platform win four Globees and three Cybersecurity Excellence Awards...
Rapid7 Appoints Jaya Baloo as Chief Security Officer (iTWire) Cloud risk and threat detection provider Rapid7 has announced the appointment of Jaya Baloo as its new Chief Security Officer (CSO). Rapid7 says Jaya Baloo brings more than 20 years’ experience in Information Security, from strategy and policy to architecture and operations - and in her new role as...
Cybersecurity Veteran David Kennedy Joins Axiad's Board of Directors (PR Newswire) Axiad, a leading provider of organization-wide passwordless orchestration, today announced the addition of David Kennedy to its board of...
Former Deputy Secretary at Department of Defense, John C. Rogers, Joins HUB Security Advisory Board (PR Newswire) HUB Cyber Security Ltd (NASDAQ: HUBC), a developer of Confidential Computing cybersecurity solutions and services ("HUB" or the "Company"),...
Products, Services, and Solutions
ForgeRock is the First Identity Platform to Fully Eliminate Passwords (Business Wire) ForgeRock Announces Major Expansion of its Passwordless Capabilities with the Introduction of Enterprise Connect Passwordless. The ForgeRock Identity Platform Now Offers a Full Spectrum of Passwordless Options Designed for All Users, including Workforce, Consumer, and Partner.
Salt Communications announce integration with Document Management Platform iManage at Legal Week New York 2023 (Salt | Secure Communications) Secure Communications leader Salt Communications today announced the official launch of its integration functionality with document management platform, iManage, at Legal Week New York 2023. Legal Week New York gathers legal professionals to explore the business and regulatory trends, technology and talent drivers that impact the industry. This year it is being […]
SecurityBridge Introduces The SAP Management Dashboard - The Real-Time, Customizable Data View and Analysis Solution For SAP Security (PRWeb) With the Dashboard, organizations can now benefit from analyzing live monitoring, static configuration validation, patching, interface traffic statistic
Prancer Announces Integration With ChatGPT for Enhanced Security Assessments (Dark Reading) We are thrilled to announce that Prancer, a leading cloud security solution provider, has integrated its SOC2 Type II certified cloud security solution with ChatGPT, a highly advanced language model for natural language processing, and OpenAI APIs
MSAB launches new advanced software to secure evidence from mobile phones (MSAB) MSAB launches new advanced software to secure evidence from mobile phones MSAB, a world leader in mobile forensics, is launching a new extraction software, XRY Pro. The software is the company’s most advanced tool for extracting data from the most secure and challenging mobile phones. “We are very proud to be able to offer this […]
Technologies, Techniques, and Standards
E-1 RD23-3-000: Order Approving Reliability Standard CIP-003-9 (Federal Energy Regulatory Commission) On December 6, 2022, the North American Electric Reliability Corporation (NERC), the Commission-certified Electric Reliability Organization (ERO), submitted a petition seeking approval of proposed Reliability Standard CIP-003-9 (Cyber Security – Security Management Controls).
FERC Approves New Cybersecurity Standards for Low-Impact Electric Assets (Holland & Knight) At its open monthly meeting on March 16, 2023, the Federal Energy Regulatory Commission (FERC) approved a new cybersecurity standard proposed by the North American Electric Reliability Corporation (NERC) to address the supply chain risks posed by "low-impact" assets within the nation's bulk electric system (BES).
CISA lays out post-EINSTEIN future with shift to ‘Cyber Analytics and Data System (Federal News Network) CISA is requesting nearly $425 million in 2024 to launch a new “Cyber Analytics and Data System.”
How to Communicate Clearly (and Legally) During a Cybersecurity Crisis | Focal Point (Tanium) Trying to duck the consequences of a breach is risky. Better to explain what you know, and update those affected about next steps.
Cyber risk is a business risk (Security Magazine) Addressing business risk requires identifying cyber risk. Involving C-suite in cybersecurity discussions is good digital stewardship & good leadership.
Design and Innovation
ChatGPT Helped Win a Hackathon (Wall Street Jounal) A team from cybersecurity firm Claroty used the AI bot to write code to exploit vulnerabilities in industrial systems.
Glaze protects art from prying AIs (TechCrunch) An academic research project has launched a free 'cloaking' tool for visual artists to protect online artworks against style-ripping generative AI models.
Google embeds generative AI features in cloud and Workspace (Enterprise AI | TechTarget) Google introduces new generative AI API PaLM. The tech giant also rolled out new capabilities and features in Google Cloud and Workspace.
Legislation, Policy, and Regulation
The World’s Real ‘Cybercrime’ Problem (WIRED) From US state laws to the international stage, definitions of “cybercrime” remain vague, broad, and increasingly entrenched in our legal systems.
Nigeria Calls For Regional Partnerships To Tackle Cyber Threats (Voice of Nigeria) Nigeria’s National Information Technology Development Agency (NITDA) has called for regional partnerships among governments to address the increasing challenges of cyberattacks in Africa. The Director General of NITDA, Kashifu Inuwa, made the call while speaking on ‘Strategies for Boosting Africa’s Cyber Resilience’ at the ongoing GISEC Global, a main event on cybersecurity in Dubai, United […]
India floats dedicated tribunal to handle internet offences (Register) Consultation for the long-awaited Digital India Act is finally under way although the draft law's still not been revealed
Germany leaders say banning Huawei, ZTE won't be easy (Register) More than half of Euro nation's infrastructure would have to go
US to Propose New Cyber Rules to Respond to ION Hack by Mid-Year (Bloomberg) The top US derivatives regulator is set to propose new cybersecurity rules by the middle of this year after the hack on ION Trading UK roiled markets.
DoD driving ‘dramatic’ change to 'outpace' foes, line up with National Cyber Strategy (Breaking Defense) "Now is the time to drive the dramatic change necessary to make cyber threats far more difficult and far more costly for our adversaries," DoD CIO John Sherman told Breaking Defense.
Mace to Hold Subcommittee Hearing on the White House’s National Cybersecurity Strategy - United States House Committee on Oversight and Accountability (United States House Committee on Oversight and Accountability) Subcommittee on Cybersecurity, Information Technology, and Government Innovation Chairwoman Nancy Mace (R-S.C.) will hold a hearing titled “Unpacking the White House National Cybersecurity Strategy” to delve into the cybersecurity strategy the Biden Administration released on March 2nd. The strategy is intended to be a road map to strengthening federal cybersecurity and protecting Americans’ sensitive information.
How TikTok went from teen sensation to political pariah (Washington Post) In the seven years since TikTok was born as a niche lip-syncing app for Chinese teens, the platform has reshaped the media landscape — forcing U.S. tech giants to reckon with a foreign rival. The short-form video platform has amassed startling economic power, with more than a billion users and revenue expected to surpass YouTube’s, at nearly $25 billion by 2025.
Biden asks Congress to crack down on executives at failed banks (CBS News) The president is asking Congress to expand the FDIC's authority to penalize executives of failed banks.
SEC Proposes Changes to Trio of Cybersecurity Rules (JD Supra) On March 15, the Securities and Exchange Commission ("Commission") addressed continuing concerns regarding cybersecurity risks by proposing amendments...
New Jersey latest state to implement cyber incident reporting requirement (StateScoop) Gov. Phil Murphy signed a bill giving the New Jersey agencies and critical infrastructure operators 72 hours to disclose cyber incidents.
Shand: Government needs a civilian cyber reserve (Boston Herald) The National Digital Reserve Corps Act maximizes benefits to civilian reservists and federal technologists while attracting top reserve talent to combat our nation’s most pressing cyber threats.
Litigation, Investigation, and Law Enforcement
Australia's Latitude takes systems offline, Federal Police investigate cyberattack (Reuters) Australian fintech firm Latitude Group Holdings Ltd said on Monday it had taken its platforms offline as the cyberattack detected last week remained active, adding the Federal Police was investigating the incident.
AFP cracks down on crypto-based money laundering rings (Cybersecurity Connect) The Australian Federal Police has unveiled a new taskforce focused on taking down money laundering operations in Australia with links to international organised crime.
FCC orders phone companies to block scam text messages (Ars Technica) First robotext rule requires blocking of texts from invalid and unused numbers.
'Fortnite' studio hit with £201million fine and ordered to stop tricking players (NME) Epic Games faces over half a billion dollars in fines from the FTC
Justice Department Probes TikTok’s Tracking of U.S. Journalists (Wall Street Journal) The federal investigation follows ByteDance’s admission that employees misused records.
The FBI And DOJ Are Investigating ByteDance’s Use Of TikTok To Spy On Journalists (Forbes) Months before the U.S. government demanded ByteDance divest from TikTok, the Department Of Justice’s Criminal Division subpoenaed the app’s Chinese parent company, according to a source.
FBI targets notorious cybercrime market with teen’s arrest (Washington Post) The FBI arrested a 19-year-old New York man whom agents accused of running one of the most notorious underground marketplaces for criminals to buy and sell stolen personal information, phone takeovers and harassment.
Dark Web ‘BreachForums’ Operator Charged With Computer Crime (Bloomberg) Federal agents have arrested a Peekskill, New York, man they say ran the notorious dark web data-breach site “BreachForums” under the name “Pompompurin.”
Feds arrest alleged BreachForums owner linked to FBI hacks (The Verge) Pompompurin took credit for hacking the FBI’s emails.
NY Man Charged as 'Pompompurin,' the Boss of BreachForums (KrebsOnSecurity) The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum's…
Breach Forums Admin 'Pompompurin' Arrested in New York (Cyber Kendra) Conor Brian Fitzpatrick, aka "Pompompurin," is charged with conspiracy to commit access device fraud.
Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York (The Hacker News) The mastermind behind BreachForums, known as "Pompompurin," has been arrested!
FDIC Fails to Establish Effective Controls to Secure Sensitive Data, Report Says (Nextgov.com) The agency tasked with supervising financial institutions nationwide is struggling to maintain effective information security measures, according to a new inspector general report.
Cyber Cell Recovers ₹62l In 3 Months (The Times of India) Lucknow: The Lucknow cyber cell has recovered Rs 62 lakh that was defrauded by cyber cons in different cases.
PayPal sued for negligence in data breach that affected 35,000 users (CSO Online) Alleged data breach victims have sued PayPal in federal court for failing to safeguard their personal data, and are asking for class-action certification.
I Got Investigated by the Secret Service. Here's How to Not Be Me (WIRED) Don't drink and tweet.