Ukraine at D+404: Lessons from the hybrid war. (CyberWire) Waiting for the counteroffensive, and assessing the lessons of cyberwar from the conflict.
Russia-Ukraine war: List of key events, day 405 (Al Jazeera) As the Russia-Ukraine war enters its 405th day, we take a look at the main developments.
Ukraine destroys 14 out of 17 drones Russia launched overnight -military (Reuters) Ukrainian defence forces destroyed 14 out of 17 Iranian-made Shahed drones Russia launched overnight, Ukraine's military said on Tuesday, with 13 drones destroyed over the Odesa region in the country's southwest.
A web of trenches shows Russia fears losing Crimea (Washington Post) With Ukrainian leaders vowing to retake all of their territory occupied by Russia, Moscow has readied elaborate defenses, especially in Crimea, the peninsula it annexed illegally in 2014, which is now one of the most fortified in the war zone.
Russia Accuses Dissidents and Ukraine of Killing Pro-War Blogger (New York Times) The authorities detained a woman they said had delivered the bomb, hidden in a statuette, that killed the blogger, and called it the work of antigovernment activists and Ukraine.
Russian police arrest woman over bombing that killed pro-war blogger (the Guardian) Local news reports say bomb was hidden in bust of blogger gifted to him by suspect moments before blast
Vladlen Tatarsky: Killing of pro-Kremlin blogger investigated as murder (BBC News) A blast at a St Petersburg cafe killed Vladlen Tatarsky, who blogged from the Ukraine front line.
Russia has framed 'assassin' of Vladlen Tatarsky, says her husband (The Telegraph) Daria Trepova videoed 'confessing' to delivering bomb that killed propagandist but exiled spouse says she wasn't capable of such an act
Lawyers for US journalist held in Russia on spying charges ‘file appeal’ (the Guardian) A Moscow district court says it has received documents relating to arrest of the Wall Street Journal’s Evan Gershkovich
Tank tactics: how might Ukraine use its influx of western armour? (the Guardian) Experts say weaponry will give Kyiv a psychological edge against Russia but is not enough for a ‘big punch’
Ukraine is now fielding 1940s-era anti-aircraft guns as artillery (Task & Purpose) The KS-19 is the latest decades-old weapon brought out of retirement in the conflict.
Ukraine to buy 100 Rosomak armored vehicles from Poland (Defense News) Kyiv will pay for the rides with EU and US aid funds, according to Polish Prime Minister Mateusz Morawiecki.
Armsmaker Rheinmetall sets up maintenance hub in Romania for Ukraine weapons (Reuters) German armsmaker Rheinmetall is building a military maintenance and logistics hub in Satu Mare, Romania, expected to begin operation this month to service weapons used for the war in Ukraine, the company said on Sunday.
Putin Presses the Nuclear Nerve Again (The Atlantic) Russia’s latest moves are useless, stupid, and provocative.
Putin will soon face his Julius Caesar moment in the Kremlin (The Telegraph) Given recent battlefield disasters, Russian generals could seize Brutus’s knife well before the invasion’s second anniversary
Congressman: US support for aid to Ukraine is 'overwhelming' (AP NEWS) The head of the U.S. House Intelligence Committee says there is “overwhelming” support in the United States to continue supplying aid to Ukraine in its fight against Russia, despite vocal opposition from a hard-right faction of his own Republican Party. Rep. Michael Turner is the Republican chairman of the committee, which serves as the House’s main body for overseeing American intelligence organizations. He spoke Monday alongside three other GOP congressmen during a brief visit to Kyiv.
Finland to Join NATO Tuesday, Military Alliance Chief Says (Military.com) NATO Secretary-General Jens Stoltenberg says Finland will become the 31st member of the military alliance on Tuesday.
Finland doubling NATO's border with Russia in blow to Putin (AP NEWS) The blue-and-white Finnish flag rises outside NATO headquarters Tuesday afternoon, doubling Russia’s border with the world’s biggest security alliance. The move is a strategic and political blow to President Vladimir Putin, who has long complained about NATO’s expansion toward Russia, using that in part as a justification for his country’s war with Ukraine. Russia immediately warned that it would bolster forces on the Finnish border if NATO sends any additional troops or equipment to what will be its 31st member country. Finland already has substantial, well-trained armed forces, with elite troops capable of operating in the sub-zero temperatures of the high north.
Russia's shadow war: Vulkan files leak show how Putin's regime weaponises cyberspace (The Conversation) More than 5,000 documents were leaked by an anonymous whistleblower.
Russian IT firm's work on hacking tools implied in leaked documents (SC Media) A whistleblower collaborating with cybersecurity firm Mandiant has revealed documents indicating that Russian IT contractor NTC Vulkan was possibly involved in the development of several offensive hacking tools for the Russian government, according to Security Week.
Russia's Invasion of Ukraine Heralds New Era of Warfare (VOA) There are growing concerns among top U.S. military and intelligence officials that Russia’s use of cyberattacks during its war against Ukraine is ushering in a new era of combat in which the line between virtual and real-life battlefields is being erased, along with the notion that any targets...
Views of a hot cyberwar — the Ukrainian perspective on Russia’s online assault (CSO Online) A report from Ukraine’s cybersecurity service reveals insight into what the country has been facing from belligerent attackers and holds a lesson for CISOs.
West’s Cyber Appeasement Gave Putin Green Light: James Stavridis (1) (Bloomberg Law) There were many reasons Russian President Vladimir Putin finally decided to invade Ukraine, but one was the failure of an international alignment on the consequences of such aggression. Tacit indifference to Russia’s behavior from both sides of the Atlantic — regarding previous invasions of Georgia in 2008 and Ukraine in 2014, nerve-agent attacks on political opponents, support for a bloody war criminal in Syria — undoubtedly encouraged the Kremlin’s provocations.
Why a top US cyber spy urges: Get religious about backups (Register) Lesson we've learned from Ukraine
Saudi crown prince hands Putin his biggest weapon in the energy war (The Telegraph) West creaks as Russia befriends the powerful Saudi snubbed by Biden
How Russia killed its tech industry (MIT Technology Review) The invasion of Ukraine supercharged the decline of the country’s already struggling tech sector—and undercut its biggest success story, Yandex.
Attacks, Threats, and Vulnerabilities
Report: Chinese state-sponsored hacking group highly active (AP NEWS) An American cybersecurity firm says a Chinese hacking group that is likely state-sponsored and has been linked previously to attacks on U.S. state government computers is still “highly active” and is focusing on a broad range of targets that may be of strategic interest to China’s government and security services.
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (The Hacker News) RedGolf, a highly-likely Chinese state-sponsored threat group, is using a new custom backdoor called KEYPLUG to target multiple sectors.
With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets (Recorded Future) Insikt Group examines activity attributed to likely the Chinese state-sponsored actor, RedGolf targeting victims with KEYPLUG malware.
Immigration Dept’s site temporarily down after possible cybersecurity breach (Malay Mail ) The Immigration Department’s official website is temporarily down as it is currently under maintenance after a possible cyber threat. On Facebook, the...
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies (Trustwave) Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera.
Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities (Cisco Talos Blog) The stealer is for sale on dark web forums for $59 a month, or $540 for a lifetime subscription, which is relatively inexpensive compared to other infostealers.
Mantis: New Tooling Used in Attacks Against Palestinian Targets (Symantec) Espionage group puts time and effort into avoiding detection and maintaining persistent presence on compromised networks.
InfoSec Handlers Diary Blog - SANS Internet Storm Center (SANS Internet Storm Center) Supply Chain Compromise or False Positive: The Intriguing Case of efile.com [updated - confirmed malicious code], Author: Johannes Ullrich
‘A cautionary tale of success’: Taking stock of the latest massive hack (Washington Post) Everyone’s still sifting through the hacks targeting 3CX after notching defensive successes
New VPN Malvertising Attack Drops OpcJacker Crypto Stealer (HackRead | Latest Cybersecurity and Hacking News Site) Follow us on Twitter @Hackread - Facebook @ /Hackread
Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service (The Hacker News) Beware of OpcJacker! This stealthy #malware is targeting users through fake websites, promising VPN services and more.
Western Digital Provides Information on Network Security Incident (Business Wire) Western Digital Corp. (NASDAQ: WDC) today provided information regarding a network security incident involving some of its systems and the Company’s active response to this matter.
Western Digital confirms breach, shuts down systems (Computing) US-based storage services provider Western Digital has shut down its My Cloud consumer cloud and backup service due to a systems hack.
Western Digital discloses network breach, My Cloud service down (BleepingComputer) Western Digital announced today that its network has been breached and an unauthorized party gained access to multiple company systems.
WD says law enforcement probing breach of internal systems (Register) Thinks info from internal systems 'obtained' by miscreant, unsure of nature or scope data
Western Digital investigating MyCloud data breach affecting Mac desktop drives (Macworld) Western Digital takes down MyCloud server following a 'network security incident.'
Users fume after My Cloud network breach locks them out of their data (Ars Technica) The compromise allowed hackers to steal data, raising the specter of ransomware.
Company Selling Social Media, Gaming Accounts, and Software Licenses Worldwide Suffered a Data Breach (vpnMentor) The database also contained images of users, credit cards, passports and other forms of identification.
Cybersecurity Researcher, Jeremiah Fowler, has recently reported to
Personal information of more than 2,000 TAFE SA students stolen in 'serious' data breach (ABC) TAFE SA says the stolen documents were uncovered during an unrelated SA Police investigation and included copies of driver's licences, proof of age cards, tax file numbers and passports.
Copies of passports, licences and tax file numbers stolen in 'serious matter' data breach (9News) TAFE SA is conducting a "robust" investigation and issued an email today to the 2,224 impacted students wh...
Jefferson Co. School System victim of ransomware attack over Spring Break (Alabama Public Radio) The Jefferson County School System says it was the target of a ransomware attack over Spring Break. A news release from Superintendent Dr. Walter B. Gonsoulin says, "Our district’s technology team took immediate steps to stop the attack and then notified state and local authorities."
Montgomery General Hospital Reportedly Experiences Data Breach Following Ransomware Attack (JD Supra) On April 2, 2023, a prominent cybersecurity website reported that Montgomery General Hospital (“Montgomery,” “MGH”) may have experienced a data...
Uber driver info stolen in yet another third-party breach (Register) Never mind software supply chain attacks, lawyers are the new soft target?
Service NSW 'technical issue' may have exposed data of 3700 customers (9News) Drivers licence details, vehicle registration, mobile numbers and names of children may have been made publ...
These Dangerous Vulnerabilities on CISA's KEV List Are Still Being Widely Exploited (My TechDecisions) Despite patches being available for most of the bugs in CISA's Known Exploited Vulnerabilities catalog, many devices remain unpatched.
Researchers claim they can bypass Wi-Fi encryption (briefly, at least) (Naked Security) They can’t read much of your data, but even a few stray network packets could tell them something they’re not supposed to know.
Wages Dominate Cybercrime Groups' Operating Expenses (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, today published new research detailing how criminal groups...
Inside the Halls of a Cybercrime Business (Trend Micro) We explore three differently sized criminal groups to determine how they compare to similarly sized legitimate businesses in terms of how they are organized. We also discuss the advantages of knowing the size of a target criminal organization for cybercrime investigators.
Size Matters: Unraveling the Structure of Modern Cybercrime Organizations (Trend Micro) Criminal organizations, like any other human group, tend to become more complex as they grow larger. This complexity manifests as a group forms department-like groups with managers in charge, who report to others further up the hierarchy. We already know this from companies and their departmental subdivisions:
Service NSW data breach: Customer data exposed for 90 minutes after website update (News.com) Drivers licences, children’s names and mobile numbers could have been exposed in a major data breach after an update on a government website.
March 15 CISA KEV Breakdown | Apple, Microsoft, Google, Spyware actors, oh my! (Nucleus Security) In this Breakdown, Nucleus experts explore the ten vulnerabilities added to the CISA KEV list on March 30, 2023.
Former Employees' Orphaned Data Could Destroy Your Business (Datadobi) Employees are leaving their jobs at record rate, and leaving orphaned data behind. Having a plan to manage that data is vital to protecting your business.
Security Patches, Mitigations, and Software Updates
High severity vulnerability fixed in WordPress Elementor Pro plugin. (NinTechNet's updates and security announcements.) Elementor Pro, a popular page builder plugin for WordPress, fixed a broken access control vulnerability affecting version 3.11.6 and below that could allow full site takeover.
Threat Landscape 2022-2023 - Almond (Almond) Nouvelles menaces cyber, nouvelles solutions : téléchargez le Threat Landscape 2022-2023 Almond !
The State of Security 2022 | Splunk (Splunk) New research highlights today’s biggest security challenges — and the strategies organizations need to overcome them.
The State of Remote Work Security 2023 (Lookout Resource) Organizations need a new approach to security so that they can keep pace with the way remote users access data and collaborate with each other.
93% of Organizations Find the Execution of Essential Security Operation Tasks Challenging, Sophos Survey Finds (GlobeNewswire News Room) Among These Challenges, 75% Struggle with Identifying the Root Causes Behind an Incident, Leaving Them Vulnerable to Further Malicious Activity...
The State of Cybersecurity 2023: The Business Impact of Adversaries (Sophos) Findings from an independent study of 3,000 leaders responsible for IT/cybersecurity across 14 countries conducted in January and February 2023.
OTORIO ServiceNow OT Security Survey 2023 (OTORIO) Critical infrastructure organizations and manufacturers are at high risk of OT cybersecurity attacks, according to a survey by OTORIO and ServiceNow
Inside the Mind of a Threat Hunter: Team Cymru's Latest Report Sheds Light on Challenges Faced by Cybersecurity Analysts (ACCESSWIRE News Room) Team Cymru, a leader in digital risk management solutions, has released the findings from their
Decision Intelligence Leader & AI Innovator Quantexa Raises Valuation to $1.8 Billion With Completion of Series E Funding Round (GlobeNewswire News Room) GIC leads funding round of $129 million with Warburg Pincus, Dawn Capital and other existing investors participating Quantexa joins elite group of UK tech...
Votiro Raises $11.5 Million to Prevent File-Borne Threats (SecurityWeek) Votiro raised $11.5 million in a Series A investment round led by Harvest Lane Asset Management.
Trustle Raises $6M Seed Funding for Access Management Tech (SecurityWeek) California startup Trustle banks a $6 million seed round to join the competition in the cloud access management technology space.
Cradlepoint Acquires Ericom and its Cloud-Based Enterprise Security Solution (GlobeNewswire News Room) With this Acquisition, Cradlepoint, Part of Ericsson, Solidifies its SASE, Zero Trust, and Cloud-Based Security Strategies for Hybrid 5G and Wireline...
Saudi Arabia Discloses Ties to Andreessen Horowitz, Dozens of Other Venture Funds (The Information) For several years, venture capital firms have been cagey about whether they have raised money from Saudi Arabia, following the 2018 murder of Washington Post columnist Jamal Khashoggi in one of the country’s consulates. The Saudis, for their part, are no longer keeping quiet. The venture arm of ...
NATO to Seek a Contractor for Website Cybersecurity Testing (Nextgov) Those interested will need to go through a Department of Commerce approval process to be eligible to bid on the contract.
FAA awards Verizon $2B contract to build new communications platform (FedScoop) The system will form a key part of the FAA’s Next Generation Air Transportation System.
Delinea Carries Strong Channel Momentum Into 2023 with Increased Global Channel-Sourced Bookings (PR Newswire) Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today detailed 2022 performance results in...
AvePoint Wins Two Awards and Named a Finalist at the 2023 Microsoft Singapore and Asia Pacific Partner of the Year Awards (GlobeNewswire News Room) AvePoint named a winner for the Education Industry and Future of Work Transformation, Modern Work categories in Singapore, and a finalist for ISV Partner...
EMA Identifies Leading Security Visionaries in its Annual Vendor Visionaries (PRWeb) Enterprise Management Associates (EMA), a leading IT and data management research and consulting firm, today announced the release of its annual Vendor Visio
Cowbell Appoints Cyber Insurance Expert Simon Hughes to Spearhead UK Operations (PR Newswire) Cowbell, the leading provider of cyber insurance for small and medium-sized enterprises (SMEs), has launched its UK operations and appointed...
Products, Services, and Solutions
LogRhythm Enriches Security Analyst Experience with Streamlined Collection of Log Sources, New Analytics Capabilities, and Unlimited Upgrade Services (LogRhythm) For a fourth consecutive quarter, LogRhythm releases innovation that makes it easier for security teams to reduce noise, prioritize work and quickly secure their environments
EBI Partners with Al-Rushaid Technologies to Broaden International Reach (Yahoo Finance) Company delivers innovative data protection to communities in the Middle East and North Africa.
Venable LLP Expands Technology and Innovation Offerings with Venable Blue (Venable) Legal and Consulting Service Helps Clients Protect Their Reputation and Manage Risk Online
Passbolt: Open-source password manager for security-conscious organizations (Help Net Security) The Passbolt open source password manager puts users in control of their data, while protecting them from a wide range of potential threats.
MSAB unveils state-of-the-art new tools and features allowing investigators to enhance their digital forensic capabilities. (MSAB) MSAB unveils state-of-the-art new tools and features allowing investigators to enhance their digital forensic capabilities. MSAB, a world leader in mobile forensics, is proud to announce its first major release of the year, packed with powerful new features and significant updates designed to enhance digital investigations for law enforcement and government agencies worldwide. “Our mission […]
Malwarebytes Launches WorldBytes for Real-Life Threat Assessments (PR Newswire) Malwarebytes, a global leader in real-time cyber protection, is taking the next great leap in security with the launch of WorldBytes, a...
Infosec products of the month: March 2023 (Help Net Security) The featured infosec products this month are from: 1Password, Appdome, Atakama, BreachLock, Elevate Security, Fastly, Forescout, and more.
TrustCloud Replaces Manual Risk Registers with TrustRegister (TrustCloud) TrustCloud launches a predictive risk management application to replace manual risk registers and reduce liability and manual work with AI.
CodeSee Launches Enterprise 2.0; A Revolutionary Way to See Your Whole System (GlobeNewswire News Room) Code Visibility Platform Reduces Time and Increases Efficiency for Developers...
Absolute Software Available through SHI NASPO ValuePoint Contract (Absolute Software) Absolute is the leading visibility and control platform that gives you tamper-proof protection for all of your devices, data and applications. With the Absolute Platform, you get the power of asset intelligence, continuous compliance and endpoint hygiene.
Fortinet Revolutionizes Secure Networking with Unified Management and Analytics Across the Entire Hybrid Network | Fortinet (Fortinet) New Innovations to Fortinet’s Secure Networking Portfolio and FortiOS 7.4 Span Hybrid Mesh Firewall, Secure SD-WAN, Single-Vendor SASE, Universal ZTNA, and Secure WLAN/LAN
Fortinet Unveils New Real-Time Response and Automation Capabilities Across its Security Fabric, Empowering CISOs to Build a Self-Defending Ecosystem | Fortinet (Fortinet) New Innovations, Including FortiOS 7.4, Support Organizations in Building a Cybersecurity Platform Across Endpoint Security, SOC Automation, Threat Intelligence, Identity and Access, and Application Security
Fortinet Expands its NSE Certification Program to Address Evolving Cybersecurity Skillset Needs | Fortinet (Fortinet) Updates to the Fortinet Network Security Expert (NSE) Certification program and other Training Institute initiatives are helping address the cybersecurity skills gap and the expanding needs of customers and partners
Enhancements to the Fortinet Engage Partner Program | Fortinet Blog (Fortinet Blog) Read how Fortinet's Engage Partner Program evolves to include enhancement changes to our NSE educational offerings, expansion of the Engage program, and a new configuration tool.…
SnykLaunch April 2023 Highlights New Code to Cloud Capabilities to Tackle Software Supply Chain Security (GlobeNewswire News Room) Enhancements to Enable Further DevSecOps Collaboration Across Global Enterprises...
Technologies, Techniques, and Standards
NEW BLOG | The Importance of Transparency – Fueling Trust and Security Through Communication (National Institute of Standards and Technology (NIST)) Who needs to know ‘What,’ ‘When,’ and ‘How’ to tell them
Cybersecurity unaligned with business goals is reactive … and flawed: Study (TechRepublic) Study from WithSecure suggests most companies are investing in tactical and reactive security, not security aligned with business outcomes.
Why medical device vulnerabilities are hard to prioritize (TechTarget Security) Medical device vulnerabilities have been a concern in the infosec community for years. But experts are split on how serious a threat they are.
5 strategies to manage cybersecurity risks in mergers and acquisitions (CSO Online) Mergers and acquisitions offer benefits to both buyer and those being bought, brining new synergies and energizing both sides while creating a newer, bigger, stronger entity. But a new addition to the corporate family can bring with it a host of cybersecurity risks.
Using gamification to help build cyber resilience (Continuity Central) Human errors are present in most cyber attacks says Dr John Blythe; and standard prescriptive training programmes are not proving to be very effective in improving this situation. In this article he explains why gamification can improve employee learning, outcomes, and overall cyber resilience.
Design and Innovation
Okay, so ChatGPT just debugged my code. For real. (ZDNET) Not only can ChatGPT write code, it can read code. On one hand, that's very helpful. On the other hand, that's truly terrifying.
ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications (SecurityWeek) Artificial Intelligence (AI) and ChatGPT is ongoing evolution – and is one that we cannot stop. The genius is out of the bottle, and we have little understanding of where it will take us.
Twitter's new dog icon is sending dogecoin -- sigh -- to the moon (TechCrunch) Twitter changed its homepage icon to the doge meme photo, sending dogecoin up in value. Meanwhile, Musk seeks to dismiss a related lawsuit.
Research and Development
The impact of Quantum Computing on cybersecurity (Tripwire) We are currently in a period of a quantum revolution. Many organizations are currently investing in the quantum computer industry, and it is predicted that the quantum computing market may increase by 500% by 2028.
US schools leaked 32 million records in 2,691 data breaches since 2005 (Comparitech) Since 2005, K–12 school districts and colleges/universities across the US have experienced 2,691 data breaches, affecting nearly 32 million records. Our team of researchers analyzed data over the past 18 years to find out where the hot spots are, the biggest causes of these breaches, and how many students have been affected by each breach. […]
Legislation, Policy, and Regulation
Australia faces ‘dystopian’ future of cyber-attacks targeting fabric of society, Clare O’Neil says (the Guardian) Home affairs minister says Medicare and Optus breaches the ‘tip of the iceberg’ as she announces cyber exercises focusing on critical infrastructure
UK government's NCF hackers have launched cyberattacks on enemies - GCHQ (Tech Monitor) In a rare insight into the work of the National Cyber Force, GCHQ says it has countered disinformation campaigns and disrupted terrorists.
UK says its offensive cyber operations are ‘accountable, precise, and calibrated’ (Record) As the role of cyber operations in international statecraft continues to grow, the United Kingdom’s National Cyber Force (NCF) has published a paper arguing that its activities are fundamentally different from those of its adversaries.
Australia Bans TikTok From Government Devices Amid Security Concerns (Wall Street Journal) With the decision, Australia joins the U.S. and all other members of the so-called Five Eyes intelligence alliance in restricting government access to the video-sharing app
China seethes as US chip controls threaten tech ambitions (AP NEWS) Furious at U.S. efforts that cut off access to technology to make advanced computer chips, China’s leaders appear to be struggling to figure out how to retaliate without hurting their own ambitions in telecoms, artificial intelligence and other industries.
NCSC and Partners Launch “National Supply Chain Integrity Month” in April (ODNI) The National Counterintelligence and Security Center (NCSC) and its partners in government and industry today launched the 6th annual “National Supply Chain Integrity Month.” The theme for this year’s month-long awareness campaign is “Supply Chain Risk Management (SCRM) – The Recipe for Resilience.”
How Biden’s Cybersecurity 'Dream Team' Was Undone by Internal Strife (Data Center Knowledge) National Cyber Director Chris Inglis resigned due to clashes with another top official, according to sources. The discord threatens to imperil the administration’s efforts to curb hacking and roll out its ambitious new cyber strategy.
Does the military need a separate service for cyber? Some lawmakers think so; DoD isn’t sure (Federal News Network) DoD hasn't yet weighed in with an official position on whether a notional "cyber force" should become a new seventh branch of the armed services, despite years of Congress asking.
Litigation, Investigation, and Law Enforcement
WSJ News Exclusive | Congress Seeks Details on Spying Risks From Chinese Cargo Cranes (Wall Street Journal) Lawmakers called for hearings amid growing concerns of surveillance or sabotage at U.S. ports.
IRS System Doesn’t Meet All Cloud Security Requirements, Watchdog Says (Nextgov) Treasury’s Inspector General found the IRS did not meet requirements like malicious code protection and timely risk mitigation.
Banco Popular de Puerto Rico Defeats Data Breach Class Action (Bloomberg Law) Banco Popular de Puerto Rico won’t have to face a proposed class action alleging it negligently failed to protect customers’ personal information in connection with a June 2021 data breach.
Data hack by ransomware group poses no threat to Tasmanians, minister says (ABC) Tasmania's technology minister says no government-held data was compromised as part of a hack of a third-party file transfer site by a cybercrime enterprise, but added the investigations were ongoing.
Govt says police closing in on hacker (Bangkok Post) Police are closing in on the hacker who threatened to release data stolen in an alleged security breach affecting 55 million Thais, said Digital Economy and Society (DES) Minister Chaiwut Thanakamanusorn.
Feds Rip Russian's Bid To Undo $90M Hack-And-Trade Verdict (Law360) Boston federal prosecutors said a Russian national convicted in a $90 million hack-and-trade scheme is "whistling past the evidence" in his bid to have the verdict thrown out on technical venue issues.
Justice Department Seizes Over $112M in Funds Linked to Cryptocurrency Investment Schemes (US Department of Justice) The Department of Justice announced today that it has seized virtual currency worth an estimated $112 million linked to cryptocurrency investment scams.
Feds seize $112 million connected to cryptocurrency ‘pig butchering’ scams (Record) Scammers collected the money by developing long-term relationships with victims online before convincing them to invest in fraudulent cryptocurrency trading platforms.