Dateline Moscow and Kyiv: Atrocities, leaks, and preparing for a spring offensive.
Ukraine at D+413: The Discord Papers investigation. (CyberWire) The Discord Papes seem to have been leaked by a young influencer with a surfeit of access and ego, and too many teenage followers.
Russia-Ukraine war: List of key events, day 414 (Al Jazeera) As the Russia-Ukraine war enters its 414th day, we take a look at the main developments.
Live Briefing: Russia Invades Ukraine (RadioFreeEurope/RadioLiberty) RFE/RL's Ukraine Live Briefing gives you the latest developments on Russia's ongoing invasion, Western military aid, global reaction, and the plight of civilians. The Live Briefing presents the latest developments and analysis, updated throughout the day.
Russia-Ukraine war at a glance: what we know on day 414 of the invasion (the Guardian) Pentagon leaks linked to young gun enthusiast who worked at military base; Russia again threatens no grain deal extension unless it can export agricultural products
The Final Blocks: Inside Ukraine’s Bloody Stand for Bakhmut (New York Times) Pushed into a shrinking corner of the devastated city, the Ukrainian military is determined to hold out for strategic reasons, even as allies question the cost.
Ukraine's outrage grows over video seeming to show beheading (AP NEWS) Ukraine is investigating a gruesome video that purportedly shows the beheading of one of its soldiers, in the latest accusation of atrocities said to have been committed by Russia since it invaded. The online video drew outrage from officials, including President Volodymyr Zelenskyy, as well as international organizations. The Kremlin called the footage “horrible” but said it needed to be verified.
Zelenskiy urges world leaders to act over PoW beheading video (the Guardian) Footage appears to show Russian soldiers beheading Ukrainian prisoner of war, with another showing two beheaded servicemen
Ukraine Launches Probe As Zelenskiy Blasts Russian 'Beasts' Over Video Of Apparent POW Beheading (RadioFreeEurope/RadioLiberty) The Security Service of Ukraine (SBU) says it has launched an investigation into the online appearance of a video on social media purporting to show the beheading of a Ukrainian prisoner of war.
A Former Russian Military Intelligence Officer Explains Why He's Fighting For Ukraine (RadioFreeEurope/RadioLiberty) A former Russian military and military intelligence officer tells RFE/RL's Ukrainian Service why he has volunteered to fight for Kyiv, saying "the enemies of my homeland are those who support" President Vladimir Putin.
Secretary of Defense Lloyd Austin Hosted Bilat Meeting With Denys Shmyhal, Prime Minister (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III hosted bilat meeting with Denys Shmyhal, Prime Minister of Ukraine, at the Pentagon.
U.S., Ukraine Leaders Discuss Ongoing Needs, Continuing Support (U.S. Department of Defense) Ukraine's battle against Russian invaders continues to inspire Americans with the daily examples of Ukrainians' courage and resilience, Secretary of Defense Lloyd J. Austin III said.
Ukraine’s prime minister urges US to send F-15 or F-16 fighter jets during Pentagon meeting (Stars and Stripes) Ukraine Prime Minister Denys Shmyhal urged the United States on Wednesday to begin sending fighter jets that can help drive Russian forces out of the country.
The West Needs a New Strategy in Ukraine (Foreign Affairs) A plan for getting from the battlefield to the negotiating table.
Leaker of U.S. secret documents worked on military base, friend says (Washington Post) THE DISCORD LEAKS | The online group that received hundreds of pages of classified material included foreigners, members tell The Post
Leaked Pentagon Documents May Herald a New Era of Revelations (WIRED) The bizarre release of sensitive US government materials soon after their creation signals a potential shift to near-real-time unauthorized disclosures.
Pentagon Intelligence Leak Spotlights Russian Infighting, Wagner’s Role in Ukraine War (Wall Street Journal) The U.S. says Kyiv remains confident in its ability to launch a counteroffensive.
Leaked Pentagon documents lingered on social media despite urgent national security concerns (CNN) Days after the Pentagon announced it was investigating the leak of more than 50 classified documents that turned up on social media sites, dozens of them remain viewable on Twitter.
U.S. may change how it monitors the web after missing leaked documents for weeks (NBC News) President Biden and other officials were dismayed when they learned the documents had been online for at least a month. “Nobody is happy about this,” said one official.
Key lawmakers win access to mishandled classified docs (The Indiana Lawyer) The Biden administration has begun sharing with a bipartisan group of lawmakers known as the Gang of Eight classified documents found in the possession of former President Donald Trump, President Joe Biden and former Vice President Mike Pence, according to five people familiar with the matter.
Senate Intelligence Committee to get tough with Biden administration stonewalling (Washington Examiner) Senate Intelligence Committee members could soon reach a breaking point in their fight with the Biden administration over access to classified documents found in the homes of President Joe Biden and former President Donald Trump.
No Russia-Ukraine peace talks expected this year, U.S. leak shows (Washington Post) The war is expected to spill into 2024 with neither side notching victory and both refusing to negotiate, U.S. intelligence officials surmise
Serbia denies it sent weapons to Ukraine, as leaked document claims (Washington Post) The Serbian government on Wednesday rejected claims that it had sent weapons to Ukraine and doubled down on its policy of noninvolvement in the war, after a leaked U.S. intelligence document, the authenticity of which could not be verified, appeared to indicate that the Balkan country provided lethal aid to Kyiv.
US guided rockets in Ukraine are being jammed by Russia (The Hill) U.S.-made smart bombs provided to Ukraine are being jammed by Russia and are missing their targets, according to a Politico review of a leaked Pentagon document. Russia is electronically jamming th…
Leaked documents: Russian Wagner Group mercenaries want work in Haiti (NBC News) The Wagner Group, which fights for Russia in Ukraine and recruits soldiers from prisons, wants to pitch the Haitian government on fighting gangs, say the documents.
US intelligence leak complicates summit with South Korea (AP NEWS) Leaked U.S. intelligence documents suggesting Washington spied on South Korea have put the country’s president in a delicate situation ahead of a state visit to the U.S. It's the first such trip by a South Korean leader in 12 years. The documents contain purportedly private conversations between senior South Korean officials about Ukraine, indicating that Washington may have spied on a key Asian ally even as the two nations publicly vowed to reinforce their alliance. Since taking office last year, conservative President Yoon Suk Yeol has put a bolstered military partnership with the United States at the heart of his foreign policy to address intensifying North Korean nuclear threats and other challenges.
Pentagon leak shows perils of spying on your friends (Washington Post) A huge leak of Pentagon documents uncovered over the past week has revealed how deeply the United States has penetrated Russia and other rivals.
Cyberattacks on Canada’s gas infrastructure left ‘no physical damage,’ Trudeau says (Global News) The documents describe claims, which Global News has yet to independently verify, by Russian-backed hackers that they successfully accessed Canada’s natural gas infrastructure.
APT Winter Vivern Resurfaces (Avertium) The APT Winter Vivern was recently seen exploiting a Zimbra software vulnerability in an ongoing cyber espionage campaign.
Russian attacks on Ukrainian infrastructure cause internet outages, cutting off a valuable wartime tool (CyberScoop) With its war effort faltering, the Kremlin is stepping up its attacks on Ukrainian power plants, resulting in cascading internet failures.
US Warns Russia Getting Creative in Cyberspace (VOA) Russia’s cyber operations against Ukraine may not have made as big an impact as some Western officials and cybersecurity experts first feared following the start of last year’s invasion, but top U.S. officials warn that is no reason to underestimate Moscow’s cyber exploits.
In Tit-For-Tat Move, Russia Sanctions Another 333 Canadian Citizens (RadioFreeEurope/RadioLiberty) The Russian Foreign Ministry said on April 12 it had imposed sanctions against 333 more Canadian nationals -- including regional officials, lawmakers, politicians, and athletes -- "involved in unbridled Russophobia."
Kaspersky could face another round of US punishments on national security grounds (ITPro) The embattled Moscow-based company has fended countless allegations of Kremlin collaboration for more than a decade
How Much Damage Would US Action Against Kaspersky Inflict? (Bank Info Security) Further punishment of Moscow-based Kaspersky by the Biden administration could be the final nail in the coffin of the company's deeply wounded North American business. The U.S. Commerce Department is weighing enforcement action against the Russian cybersecurity giant under its online security rules.
U.S., U.K. Sanction Firms Tied to Russian Oligarch Alisher Usmanov (Wall Street Journal) The move is part of the continuing effort to sever Russian economy from global trade and finance.
Attacks, Threats, and Vulnerabilities
Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector (SentinelOne) SentinelLabs has been tracking a cluster of malicious documents that stage the Crimson RAT malware distributed by APT36 (Transparent Tribe).
Following the Lazarus group by tracking DeathNote campaign (Securelist) The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we’ll focus on an active cluster that we dubbed DeathNote.
Lazarus Group's 'DeathNote' Cluster Pivots to Defense Sector (Dark Reading) Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world.
North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack (The Hacker News) Lazarus sub-group Labyrinth Chollima identified as the mastermind behind 3CX supply-chain cyberattack.
Mandiant says 3CX attack probably came from North Korea (iTnews) Security update on the way.
Security Update Mandiant Initial Results (3CX) Initial Results from Mandiant Incident Response Following the appointment of Mandiant as our security incident response team, forensic analysis on our
What went wrong with the 3CX software supply chain attack — and how it could have been prevented (Security Boulevard) Software supply chain attacks are happening all too frequently now, especially ones that occur due to the inclusion of malicious dependencies found in open source repositories. While this kind of supply chain attack is common, other forms of these attacks, such as targeted tampering incidents that impact the end user, are not as common, but carry a great impact as well.
FBI: Crooks posing as PRC agents prey on Chinese in the US (Register) 你好 [insert name], 我在 Ministry of Public Security 工作 [insert shakedown]
Legion: an AWS Credential Harvester and SMTP Hijacker (Cado Security) Cado Labs researchers recently encountered an emerging Python-based credential harvester and hacktool, named Legion.
Standing up for democratic values and protecting stability of cyberspace: Principles to limit the threats posed by cyber mercenaries (Microsoft On the Issues) At Microsoft, we believe that digital technology has incredible potential to improve lives across the world, support democracy, and protect and promote human rights. That is why, at the second Summit for Democracy, we were proud to join the international coalition of over 150 companies that make up the Cybersecurity Tech Accord.
Experts warn of new spyware threat targeting journalists and political figures (the Guardian) Citizen Lab says victims’ phones infected after being sent an iCloud calendar invitation in a ‘zero-click’ attack
Israeli firm QuaDream's spyware used to hack journalists, activists around the world (Haaretz.com) QuaDream, which previously sold cyber tools to Saudi Arabia, exploited a breach in iPhones' digital calendars. Those targeted include victims in North America, Asia, Europe and the Middle East, per new Citizen Lab and Microsoft report
Group accused of selling the ‘Pegasus-alternative’ spyware received FDI clearance from UPA govt (India Today) According to corporate filings in the US, the listed version of Cognyte was created through a spin-off from its parent company Verint Systems on February 1, 2021, after it separated its ‘Cyber Intelligence Solutions’ business. Financial declarations stated Verint had four subsidiaries in India.
Inside NSO Group, the Israeli spyware firm linked to the US government (New York Post) The Israeli firm’s “blacklisted” spyware, including the notorious Pegasus, has been used to catch El Chapo — but also to spy on dissidents and journalists including Jamal Khashogg…
Zelle Phishing (Avanan) Hackers are spoofing Zelle to steal money.
Investigating the resurgence of the Mexals campaign (Akamai) Akamai Security Research has been tracking and analyzing the resurgence of Mexals, a likely Romanian based cryptojacking campaign.
DDoS attacks shifting to VPS infrastructure for increased power (BleepingComputer) Hyper-volumetric DDoS (distributed denial of service) attacks in the first quarter of 2023 have shifted from relying on compromised IoT devices to leveraging breached Virtual Private Servers (VPS).
Are Internet Macros Dead or Alive? (Fortinet Blog) FortiGuard Labs highlights how threat actors are using macro-based Office documents to initiate attacks and distribute their payloads. Read into the details of the threat actors' activities.…
Exploring a Recent Microsoft Outlook Vulnerability: CVE-2023-23397 (Fortinet Blog) FortiGuard Labs highlights an Elevation of Privilege Vulnerability in Microsoft Outlook that can be exploited by sending a crafted email to a vulnerable version of the software. Read more.…
Cybercriminals charge $5K to add Android malware to Google Play (BleepingComputer) Malware developers have created a thriving market promising to add malicious Android apps to Google Play for $2,000 to $20,000, depending on the type of malicious behavior cyber criminals request.
Legion: an AWS Credential Harvester and SMTP Hijacker (Cado Security) Cado Labs researchers recently encountered an emerging Python-based credential harvester and hacktool, named Legion.
FBI office warns against using public phone charging stations at airports or malls, citing malware risk (CBS News) "Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices," the FBI Denver office tweeted in a general alert.
Plenty of juice-jacking scare stories, but precious little juice-jacking (Graham Cluley) Travellers are being told to be wary when plugging their smartphones and laptops into USB chargers. But has anyone ever actually been juice-jacked in the real world?
FBI Advising People to Avoid Public Charging Stations (Schneier on Security) The FBI is warning people against using public phone-charging stations, worrying that the combination power-data port can be used to inject malware onto the devices:
Data on 400K Kodi Forum Members Stolen and Put Up for Sale (Dark Reading) Open source media player Kodi still hasn't recovered its forum and plans to redeploy it on a new server with software update.
Cyberattack targets websites for port authorities in Halifax, Montreal (CBC News) Ports say operations are unaffected and traffic continues to move normally
Hyundai suffered a data breach that impacted customers in France and Italy (Security Affairs) Hyundai disclosed a data breach that impacted Italian and French car owners and clients who booked a test drive. Hyundai has suffered a data breach that impacted Italian and French car owners and customers who booked a test drive. Threat actors had access to the email addresses, physical addresses, telephone numbers, and vehicle chassis numbers […]
National Data Breach Impacts Some Iowa Medicaid Members (Iowa Department of Health and Human Services) The Iowa Department of Health and Human Services (HHS) announces today that some Medicaid members’ personal information was compromised in a national data breach affecting a contractor’s computer system last year. The Iowa Medicaid system was not breached.
National Data Breach Impacts Some Iowa Medicaid Members (Vinton Today) Cyberattack Occurred On Contractor's Computer System; Iowa Medicaid System Was Not BreachedThe Iowa Department of Health and Human Services (HHS) announces today that some Medicaid members' personal information was compromised in a national data breach affecting a contractor's computer system last year. The Iowa Medicaid system was not breached.
Data breach at Elmbrook School District exposes personal information about former and current employees (Milwaukee Journal Sentinel) The breach continued even after the district was aware of the problem.
Forensic report on Suffolk cyberattack shows 71 systems encrypted by ransomware (News 12 - Long Island) Suffolk County has announced it has completed the forensic investigation into the cyberattack that happened on Sept.8.
Meet PassGAN, the supposedly “terrifying” AI password cracker that’s mostly hype (Ars Technica) AI cracking is on par with conventional methods, but you'd be forgiven for thinking otherwise.
What Is PII? (Trend Micro News) What is PII? Personally Identifiable Information is any data that can be used to identify you, like your name and Social Security number.
CISA adds Microsoft, Apple bugs to exploited vulnerabilities catalog (Record) The Cybersecurity and Infrastructure Security Agency added three bugs to its catalog of known exploited vulnerabilities this week, highlighting issues with popular products from Microsoft and Apple.
Security Patches, Mitigations, and Software Updates
ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities (SecurityWeek) Siemens and Schneider Electric’s Patch Tuesday advisories for April 2023 address a total of 38 vulnerabilities found in their products.
Apple Patches Two Zero-Days Exploited in the Wild (Infosecurity Magazine) Vulnerabilities affect macOS Ventura 13.3.1 and iOS and iPadOS 16.4.1 devices
2023 State of Cyber Assets Report Reveals Nearly 600% Annual Growth in Vulnerable Cloud Attack Surface (PR Newswire) JupiterOne, the leading cyber asset visibility and management company, today announced the release of its second annual State of Cyber Assets...
The 2023 State of Cyber Assets Report (JupiterOne) In the 2023 State of Cyber Assets Report (SCAR), we analyzed over 291 million cyber assets and attributes. These findings will help you to understand how security teams discover cyber assets and secure their attack surfaces.
Security Teams Pressured into Keeping Quiet About Security Breaches (HIPAA Journal) Ransomware and phishing attacks on organizations have increased over the past 12 months as have the costs associated with the attacks. In 2022, the An alarming number of cybersecurity professionals are being pressured into keeping quiet about reportable security breaches, including 28.6% of security professionals in the healthcare industry.
Gorilla Technology Group Announces Intention to Acquire Bacom Internetwork (GlobeNewswire News Room) Acquiring Thailand-based systems integrator and provider of Smart Cities solutions is key step in Gorilla’s global expansion strategy...
HYAS Reports on Rapid Growth, Driven by Market’s Demand to Block Malware at the Network Level (Business Wire) Executive Hires, BlackMamba Threat Research, Client Growth, Innovation, and Partner Integrations Reflect Market Momentum for Leading Protective DNS Solutions.
Elon Musk says he’s sleeping on a couch at Twitter and his dog is in charge (Washington Post) The Twitter CEO provided a six-month update on his takeover in a live interview with the BBC
Twitter no longer exists (Computing) Twitter no longer exists as an independent company. Elon Musk has merged it with a newly formed company called X Corp., leading to speculation about his plans for the social media platform.
The NSA’s Brain Drain Has a Silver Lining (Defense One) Agency leaders should use former employees to recruit new talent and cement public-private working relationships.
Lantronix Named to the CRN 2023 Internet of Things 50 List, a Ranking of the Most Influential IoT Solution Providers (GlobeNewswire News Room) Lantronix ranked among the “10 Coolest IoT Hardware Companies,” which include Cisco, Dell Technologies, Hewlett Packard, Intel, Lenovo and Nvidia...
Zerto Spotlighted in the 2023 CRN® Partner Program Guide (PRWeb) Zerto, a Hewlett Packard Enterprise company, has been recognized by CRN®, a brand of The Channel Company, in its 2023 Partner Program Guide. This annual guide offers
Fenix24 Appoints Marko Polunic as Managing Director (PR Newswire) Fenix24, an industry-leading cyber disaster recovery firm that is transforming the post-breach restoration process and impact, today announced...
HUB Security Announces the Appointment of David Riker as Global Chief Operating Officer (PR Newswire) HUB Cyber Security Ltd (Nasdaq: HUBC), a developer of Confidential Computing cybersecurity solutions and services ("HUB Security" or the...
NordPass introduces improvements to its business suite (GlobeNewswire News Room) On Thursday, NordPass Business announced that it is now complementing its password management solution with...
Products, Services, and Solutions
Google Cloud Assured Open Source Software service now GA | Google Cloud Blog (Google Cloud Blog) Building on Google’s efforts to improve OSS security, we are announcing the general availability of Assured Open Source Software.
Extending Zero-Trust Protection to Workloads with Virsec's Latest Platform Release (Virsec) Virsec expands zero trust protection to workloads with new capabilities, including allowlisting automation, application workload visibility, & ease of use.
Rezonate Expands Its Identity-Centric Security Platform to Automatically Detect and Stop Identity Threats (Business Wire) Rezonate Empowers Security Teams to Go Beyond Removing Identity and Access Risks and Stop Active Threats in Real-Time Across SaaS Applications, IAM, and Multi-Cloud Infrastructure
(ISC)² Certified in Cybersecurity Earns ANAB Accreditation to ISO 17024 and Surpasses 15,000 Certification Holders (PR Newswire) (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – today announced that the (ISC)² Certified in...
LinkedIn rolls out ways to verify your identity and employment, without a price tag (TechCrunch) LinkedIn is introducing new ways to verify your identity and where you work, the company announced on Wednesday.
Netskope Endpoint SD-WAN helps enterprises accelerate edge networking (Help Net Security) Netskope’s Endpoint SD-WAN allows IT teams to implement, manage, and scale their branch and remote user network architecture.
‘We Need It’: How ThreatConnect Is Uniting Cyber Threat Intelligence Into A Single Platform (CRN) Threat intelligence aggregation platform ThreatConnect recently named former FireEye and McAfee CEO Dave DeWalt as its chairman.
Nok Nok Expands S3 Authentication Suite to Meet the Needs of Government, Regulated, Payment and E-Commerce Organizations (Business Wire) New capabilities include regulatory compliance and risk management, synced passkeys, secure payment confirmation, and more
Votiro Integrates with Sumo Logic to Provide Analytics on File-Borne Threats Targeting Collaboration and Cloud Environments (Business Wire) Integration empowers SOCs to view types of malware and zero-day threats proactively removed by Votiro Cloud
ABS Wavesight™ and ActZero Alliance Will Deliver Cybersecurity Solutions to Global Fleet (Business Wire) Market-leading risk management solutions partner to support connected maritime operations
Imprivata Launches First Digital Identity Maturity Model and Assessment Developed for Healthcare IT, Security, and Clinical Leadership (GlobeNewswire News Room) Free, one-of-a-kind resources deliver actionable guidance to build a comprehensive digital identity strategy that improves care quality, reduces cyber...
Phosphorus to Show the Path Forward in Healthcare Cybersecurity at HIMSS23 with Groundbreaking Breach Prevention for IoT, OT, and IoMT Devices (GlobeNewswire News Room) The xIoT security leader is showcasing several new advanced capabilities for discovering, assessing, and remediating the full range of critical non-IT...
Alarum Launches New White Label Enabled Privacy Application (GlobeNewswire News Room) Discussions underway with potential B2B customers Tel Aviv, Israel, April 13, 2023 (GLOBE NEWSWIRE) -- Alarum Technologies Ltd. (Nasdaq, TASE: ALAR)...
ngrok Launches Kubernetes Ingress Controller (GlobeNewswire News Room) ngrok enables secure ingress to Kubernetes for developers...
Alacriti Partners with Socure for Payments Fraud Prevention (Alacriti) Alacriti, a fintech company specializing in payments, partners with Socure to deliver third-party and synthetic identity fraud prevention for instant payments.
Versa Networks Selects Calculus as Its Distributor Serving Mexico and Other Growing Latin America Regions (Business Wire) Calculus to Team with Versa’s Latin America Partners to Help Them Address Growing Regional Demand for Versa’s Industry-Leading Single-Vendor Unified SASE
Technologies, Techniques, and Standards
Is Your Organization Testing Against the Right Cyber Threats? (My TechDecisions) New research shows that organizations are testing against cyber threats in the headlines rather than attacks they're more likely to face.
CTIG IoT Research (Cybrary) To begin a discussion about preventing stalking and surveillance, we must first talk about the Internet of Things (IoT).
Key factors driving changes in the perception of the CISO role (Help Net Security) This video with Immuta discusses the internal and external factors driving the changes in workload and perception of the CISO role.
Cybrary Counter-Stalking Initiative (Cybrary) Learn how the Cybrary counter-stalking initiative uses the Flipper Zero to detect Bluetooth trackers, such as Tile and AirTags, with their new app. Discover how this app can help individuals protect their privacy and security by detecting any tracker in their vicinity. Join the initiative and take an active role in your security.
Chief Information Security Officer (CISO) Board Role | SEC Cybersecurity Rule (Contrast Security) Contrast CISO Dave Lindner says thanks to the SEC's new rule, cybersecurity's no longer just a CISO problem. Yet 90% of businesses aren’t ready; is yours?
IRS acting CIO: Securing software supply chain remains a challenge for agencies (FedScoop) The IT executive spells out the need to balance freedom to innovate with traceability requirements.
Design and Innovation
Recorded Future Announces World's First AI for Intelligence (PR Newswire) Recorded Future, the intelligence company, today announced the immediate general availability of the world's first AI for intelligence. With...
Recorded Future launches OpenAI GPT model for threat intel (TechTarget Security) Recorded Future launched an OpenAI model for threat intelligence, which provides enterprises with recommendations on current and emerging threats.
Recorded Future offers peek at the AI future of threat intelligence (CyberScoop) The Massachusetts-based cybersecurity company has fine-tuned an OpenAI model to help analysts synthesize data.
GPT has entered the security threat intelligence chat (VentureBeat) Recorded Future announces the release of a GPT-powered threat intelligence tool that can generate real-time reports.
The AI singularity is here (InfoWorld) The time to figure out how to use generative AI and large language models in your code is now.
Research and Development
IARPA's plan to hack the brains of hackers (FCW) The intelligence research agency released a broad agency announcement on Tuesday for a program that looks to leverage psychological biases among hackers for cyber defense.
Legislation, Policy, and Regulation
Why the EU Should Stop Talking About Digital Sovereignty (Council on Foreign Relations) Digital sovereignty has become a popular slogan in the European Union. However, this approach creates several weaknesses for the EU, and should lead the group to adopt a new mantra.
U.S. and International Partners Publish Secure-by-Design and -Default Principles and Approaches (Cybersecurity and Infrastructure Security Agency) Joint product outlines clear steps that technology providers can take to increase the safety of products used around the world
U.S. launches secure software push with new guidelines (Washington Post) A big group of international agencies gives a how-to on secure-by-design, secure-by-default
US plans to boost tech diplomats deployed to embassies (CyberScoop) Top cyber diplomat Nate Fick says the State Department is on track to have a diplomat trained in tech issues in every embassy.
U.S. House to vote on bill to address potential Huawei, ZTE threats (Reuters) The House of Representatives is set to vote next week on a bill to crack down on Chinese telecommunications companies Huawei and ZTE Corp that have been deemed security threats by the U.S. government.
Transcript: Ezra Klein Interviews Alondra Nelson (New York Times) The April 11, 2023, episode of “The Ezra Klein Show.”
NSA Pushes Eavesdropping Law, Hits TikTok, Braces for AI-Boosted Attacks (Defense One) AI will help malicious actors “to be better or faster,” says the spy agency’s cybersecurity director.
State Department, Congress working on formal program for US cyber aid (Record) The effort would include a fund dedicated to technology support, as well as other forms of assistance, says Nathaniel Fick, the ambassador at large for the department’s Bureau of Cyberspace and Digital Policy.
Navy anticipates cyber strategy release in May ... maybe (Breaking Defense) The Navy's cyber strategy, originally expected to be released in March, will potentially be released as soon as next month, the service's principal cyber advisor told Breaking Defense.
Arkansas governor signs sweeping bill imposing a minimum age limit for social media usage (CNN) Arkansas Gov. Sarah Huckabee Sanders has signed a sweeping bill imposing a minimum age limit for social media usage, in the latest example of states taking more aggressive steps intended to protect teens online.
Litigation, Investigation, and Law Enforcement
Italy gives OpenAI initial to-do list for lifting ChatGPT suspension order (Yahoo News) Italy's data protection watchdog has laid out what OpenAI needs to do for it to lift an order against ChatGPT issued at the end of last month -- when it said it suspected the AI chatbot service was in breach of the EU's General Data Protection Regulation (GDPR) and ordered the U.S.-based company to stop processing locals' data.
WSJ News Exclusive | House GOP Subpoenas FTC for Twitter Investigation Documents (Wall Street Journal) Rep. Jim Jordan, the chair of the Judiciary Committee, said the FTC has made burdensome demands of Twitter and its owner, Elon Musk.
Senator calls for investigation after Reuters facial recognition report (Reuters) U.S. Senator Ron Wyden has called for the Biden administration to carry out an investigation after a Reuters report showed how Russian authorities are using facial recognition to curb dissent with the aid of U.S. technology.
The U.S. Cracked a $3.4 Billion Crypto Heist—and Bitcoin’s Anonymity (Wall Street Journal) Federal authorities are making arrests and seizing funds with the help of new tools to identify criminals through cryptocurrency transactions.
Cyber watchdog has 'no confidence' in US emergency cell network security -senator (Reuters) America's cybersecurity watchdog has no confidence that the cellular network used by first responders and the military is secure against digital intrusions, U.S. Senator Ron Wyden said in a letter released on Wednesday.
Nurses Sue CommonSpirit Hospital Chain Over Unpaid Wages After 2022 Cyberattack (Wall Street Journal) Oregon nurses say they weren’t paid correctly for several pay periods.
Ransomware attack that forced a New York county back to pen and paper began in 2021, official says (Record) New York’s Suffolk County has concluded an investigation into a destabilizing ransomware attack that forced government workers to rely on fax machines and paper records, discovering stark deficiencies in the county clerk's cybersecurity practices.