Listen to (and follow) T-Minus, the only daily space news podcast.
Tune in to new episodes covering the latest space news and insights from leading experts.
Tune in to new episodes covering the latest space news and insights from leading experts.
Tuesday, April 18th, is the day on which US income tax returns are due this year. The traditional April 15th deadline for filing falling as it did on a weekend, and Emancipation Day's observance on Monday pushed the filing deadline back an additional day. Tax season is usually an occasion for a wide range of fraud, combining as it does fear and greed (mostly fear, but some greed, too) emotions that tend to cloud the judgment and render people vulnerable to scams.
This year a number of such scams, however, have been targeted at victims who normally have greater detachment than the harried and baffled taxpayers themselve. Criminals, Sophos researchers report on the eve of the US tax filing deadline, are conducting spearphishing campaigns agains tax professionals themselves.
“Financial accountant firms and CPAs are in the crosshairs this tax season, as a threat actor is targeting that industry with an attack that combines social engineering with a novel exploit against Windows computers to deliver malware called GuLoader,” Sophos writes. GuLoader is an unusually evasive shellcode-based downloader that can be used to infect compromised victims with follow-on attacks.
The use of password-protected zip files has been noticed for over a month. Securonix began publishing research into this particular threat as early as March, when they identified a campaign of "hyper-targeted" phishing emails they tracked as Tactical#Octopus. The bundling of the malicious phish hook in a password-protected zip file has proceeded in distinct stages. After the criminals initiate contact, they induce an initial infection: a "PowerShell one liner command that downloads the Visual Basic file." The next phase is VBS file execution, which in turn enables PowerShell execution, at which point they've achieved access to the victim's system.
It's a clever campaign. Securonix says that attribution is ambigous, but that circumstantial evidence points to a Russian threat actor. "Two of three IP addresses identified in the attack were registered to Petersburg Internet Network Ltd. in the Russian Federation. This could indicate Russian origins, however the possibility of false flag operations cannot be ruled out at this point."
According to Microsoft, in most cases the scammers are installing the Remcos remote access Trojan (RAT). Remcos, developed in 2016 and in malicious use since shortly after its introduction, enables the attacker to gain administrative privileges in Windows systems. Microsoft writes, "Successful delivery of a Remcos payload could provide an attacker the opportunity to take control of the target device to steal information and/or move laterally through the target network." For more on tax season scams, see CyberWire Pro.
Halcyon is the first dedicated, adaptive solution that combines multiple advanced proprietary prevention engines focused specifically on detecting and stopping ransomware. With the fastest endpoint recovery capabilities, multiple layers of resiliency, bypass and evasion protection, automated key capture for swift decryption and data exfiltration prevention, the Halcyon Anti-Ransomware and Resilience Platform reverses the impact of ransomware attacks in just minutes. This is why Halcyon is the resilience platform Global 2000 companies rely on to defeat ransomware.
Jack Teixeira appeared Friday in federal court in Boston to face charges under the Espionage Act. The AP reports that he's accused of two counts of unauthorized retention and transmission of classified national defense information. He did not enter a plea, but a federal magistrate judge ordered him jailed until a detention hearing next week. The motivation of the alleged leaker was, by all accounts, not ideological, but simply a desire to show off in the disinhibited online world. The Washington Post cites a friend of Mr. Teixeira's who knew something of his online followers (Mr. Teixeira was evidently a leader and influencer within his small Discord circle) as explaining his alleged motive. "A friend of Teixeira described his motives to The Washington Post as wanting to share — and show off — the secrets he knew to a small circle of online friends who bonded over video games."
Broaden the reach of your ads, fill your funnel, and build partnerships with valuable leads. Having the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, means companies trust us to get their messages out. Feature your brand with the source that top security leaders choose. Learn more.
Foreign Policy has a reflective essay on the role social media have come to play in espionage:
"The likely motivations of the leaker—on Friday, prosecutors charged Airman First Class Jack Teixeira, a 21-year-old working in the intelligence wing of the Massachusetts Air National Guard, with two violations of the Espionage Act—are impossible to understand without digging into the deepest layers of internet culture. This leak is not a strange one-off but a harbinger of a future where secret statecraft meets an online world in which, for many people, the virtual is replacing the physical as a source of companionship, camaraderie, and social clout. This online world is fast replacing traditional espionage as a source of intelligence leaks—a shift that has profound implications for the future of spycraft, especially counterintelligence."
The Discord Papers apparently spread with the help of another online fantasist, the self-styled "Donbas Devushka" ("Donbas Girl") who claimed to be from Luhansk. In some personae she gave her first name as "Mila," but in fact, according to the Wall Street Journal, is allegedly one Sarah Bils, a 37-year-old from Vorhees, New Jersey, a US Navy veteran who now lives in the Pacific Northwest. Donbas Devushka has for some time blogged and podcast pro-Russian memes and topics (the podcasts are said to have been delivered in an implausible, Ensign-Chekhov-style Russian accent). She collected and reposted much of the stuff that was circulating in the Thug Shaker Central Discord channel. Her motives appear to be the increasingly familiar desire for influence and place in the online social world.
An advertisement on KillNet's Telegram channel is offering "gigabytes of NATO Documents." The ones they show are training PowerPoint presentations at the lowest classification. They want 3 Bitcoin for the documents. At yesterday's exchange rates, that was, oh, roughly $91,048.80. That's almost what a newly promoted US Air Force colonel makes in a year's base pay. Caveat emptor, bro--think about it: training PowerPoint slides. But as KillNet might say, hop to it, world. Or not. We'll pass.
The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.
This Saturday, MIT’s Sloan School of Management in partnership with Harvard Business School hosted their Technology and National Security Conference; the second-ever event of its kind and the first to be held at MIT. The conference honed in on challenges, opportunities, and emerging dynamics within global defense. Centered around technology and innovation, this year’s conference honed in on the hybrid war between Russia and Ukraine, and its implications for China and Taiwan. The conference included not only a cybersecurity panel, but an Innovation Showcase displaying the work of a multitude of players in the cyber and defense sectors.
Of course, a major feature of the Russo-Ukrainian conflict has been operations in cyberspace. The conference included a cyber-focused panel discussing the implications of the US National Cybersecurity Strategy, which included speakers both within and outside of the government. Discussed was the importance of public and private partnership with governmental organizations, as well as the need for talent within the cybersecurity sector, and how the National Cybersecurity Strategy (among other governmental reports) is attempting to help build up the talent within the industry. We’ll follow up with more reports on the conference over the course of the week.
Today's issue includes events affecting Australia, Belarus, Brazil, China, the European Union, Germany, India, Iran, Israel, Moldova, NATO/OTAN. Poland, Romania, Russia, Sweden, Ukraine, the United Kingdom, and the United States.
Ukraine at D+417: US leaks and Russian elite conflict. (CyberWire) The strange risk posed by online communities: the cool frenzy of social media renown and the transactional gift economy that drives it.
Russia-Ukraine war: List of key events, day 418 (Al Jazeera) As the conflict enters its 418th day, we take a look at the main developments.
Fighting Rages In Ukraine's Bakhmut As Death Toll In Slovyansk Climbs To 11 (RadioFreeEurope/RadioLiberty) Intense fighting between Ukrainian and Russian forces raged in the devastated town of Bakhmut on April 15 as the death toll from a Russian strike in nearby Slovyansk climbed to 11.
Russia-Ukraine war live: Kyiv’s forces in ‘unprecedented’ bloody battles in Bakhmut (the Guardian) Intense fighting in middle of eastern city as Russia claims advances; Sloviansk death toll rises to 11 while Russian shelling also kills two in Kherson
Ukraine awaits US missile system after latest Russian strike (Military Times) A Ukrainian air force spokesperson said that a Patriot air defense system promised by the U.S. was expected to arrive sometime after Easter.
Ukraine, Romania, Moldova hold security meeting to strengthen security in their Black Sea (Republic World) Neighbors Romania, Ukraine, and Moldova signed cooperation agreements in Romania's capital Thursday after a trilateral meeting on ways to strengthen security in their Black Sea region to counter threats posed by Russian aggression.
Russia trains Belarusian pilots in nuclear weapons use (Defense News) The deployment of Russian tactical nuclear weapons to Belarus would put them closer to potential targets in Ukraine and NATO members in Europe.
China, Russia defence ministers to hold security talks next week (Reuters) Chinese Defence Minister Li Shangfu and his Russian counterpart Sergei Shoigu will discuss global and regional security at planned talks on April 16-18, the defence ministry in Moscow said on Friday.
Putin mocked for "embarrassing" cancellation of Victory Day parade (Newsweek) "It's possible last year was the last Moscow Victory Parade we may see for some years," said retired Army Lieutenant Colonel Alexander Vindman on Friday.
Putin's intelligence problem and Pentagon leaks (The Telegraph) The key to defence intelligence is how it is assessed by humans; if you torture it hard enough, it will tell you anything you want to hear
Pentagon Document Leaks Foreshadow a Long War in Ukraine (World Politics Review) The leaked Pentagon documents likely won’t affect the Russia-Ukraine war, but they say a lot about the state of the war.
Russia's Spetsnaz forces are being annihilated in Ukraine, leaks claim (Task & Purpose) Leaked U.S. documents report that Russia's Spetsnaz commandos are suffering "significant losses" fighting in Ukraine.
Russians boasted that just 1% of fake social profiles are caught, leak shows (Washington Post) The estimate is contained in a document that is part of a trove of top-secret material leaked in a Discord chatroom
Inside the furious week-long scramble to hunt down a massive Pentagon leak (CNN Politics) Jack Teixeira, wearing a green t-shirt and bright red gym shorts with his hands above his head, walked slowly backward toward the armed federal agents outside his home in North Dighton, Massachusetts, who took him into custody on charges of leaking classified documents.
Massachusetts Air National Guard’s Intelligence Mission in the Spotlight (New York Times) A junior enlisted airman assigned to an intelligence unit on Cape Cod is accused of leaking a trove of top-secret information.
Leaker of U.S. secret documents worked on military base, friend says (Washington Post) THE DISCORD LEAKS | The online group that received hundreds of pages of classified material included foreigners, members tell The Post
WSJ News Exclusive | Social-Media Account Overseen by Former Navy Noncommissioned Officer Helped Spread Secrets (Wall Street Journal) A pro-Russian account overseen by an American administrator played a key role in spreading classified documents online, reposting files from obscure chat rooms.
A Russian Disinformation Empire in Oak Harbor, Washington (Malcontent News) Donbass Devushka claims she's from Luhansk, Ukraine. In reality she's a Navy vet born in New Jersey.
Pro-Russia propagandist unmasked as New Jersey tropical fish seller (The Telegraph) Sarah Bils identified as the woman behind 'Donbas Devushka' social media accounts, notorious for spreading disinformation about the war
Suspect charged in case involving leaked classified military documents (Washington Post) Jack Teixeira, the Massachusetts Air National Guard member suspected of leaking a trove of classified military intelligence, was charged by the federal government Friday with retention and transmission of national defense information and willful retention of classified documents.
Jack Teixeira, suspect in Pentagon leaks, charged under Espionage Act (the Guardian) Government to seek 10 years on each of two charges, says prosecutor in Boston court
Leak suspect appears in court as US spells out its case (AP NEWS) A Massachusetts Air National Guardsman has appeared in court, accused in the leak of highly classified military documents. The guardsman, Jack Teixeira, did not enter a plea at Friday's hearing in Boston and was returned to detention pending his next appearance — next week. Meanwhile, prosecutors unsealed charges and revealed how billing records and interviews with Teixeira's social media comrades helped pinpoint the suspect. He is charged with unauthorized removal and retention of classified and national defense information. Investigators believe Teixeira was the leader of an online private chat group where the documents were shared. Accounts by others in the group depict him as motivated more by bravado than ideology.
Airman in Pentagon intel leak charged (Military Times) Airman 1st Class Jack Teixeira will remain in federal custody until a hearing next week.
Airman charged in Pentagon intel leak regretted joining the military (Military Times) Airman 1st Class Jack Teixeira was charged Friday with unauthorized removal and retention of classified and national defense information.
He’s from a military family — and allegedly leaked U.S. secrets (Washington Post) Online, the suspect in the breach of dozens of classified documents took on a persona seemingly at odds with his military career
Jack Teixeira's alleged Discord leaks show why the US should stop showering Top Secret clearances on 21-year-old keyboard warriors (Business Insider) The Discord leaks show the US's secrecy system is failing on its own terms, a victim of bureaucratic bloat, social media and simple math.
The military loved Discord for Gen Z recruiting. Then the leaks began. (Washington Post) Defense officials told service members not to ‘post anything in Discord that you wouldn’t want seen by the general public.’ But by then, hundreds of secret documents had already spilled out.
A new kind of leaker: Spilling state secrets to impress online buddies (Washington Post) A decade after Edward Snowden leaked classified documents to change U.S. policy, the Discord leaks show how top-secret military intelligence can spread in internet backyards where users think ‘secrets are for losers’ and just want to make friends
Was the Gen-Z Pentagon leaker motivated by social media clout? (the Guardian) Sources say he wanted to impress a bunch of teenage boys and young men who were his acolytes in a Discord chatroom
Pentagon leaks: A who's who of US intelligence leakers behind high-profile past security breaches (Sky News) The cases of Chelsea Manning, Julian Assange and Edward Snowden are again under scrutiny after the latest disclosure of classified documents, which has led to the arrest of 21-year-old national guardsman Jack Teixeira.
Meet the hacker armies on Ukraine's cyber front line (BBC News) How links between ‘hacktivists’ and official military are becoming blurred on both sides in the war.
Kremlin-backed hackers blamed in spying campaign on EU and NATO diplomatic agencies (Record) Russian state-affiliated hackers have launched a spying campaign targeting foreign ministries and diplomatic entities in NATO countries, the European Union, and, “to a lesser extent,” Africa, Poland’s top cybersecurity agency said.
Poland busts Russian cyber spies targeting European diplomats (POLITICO) Warsaw said attack campaign used emails impersonating embassies of European countries to target personnel.
Microsoft president claims Russian intelligence is trying to "penetrate gaming communities" (GamesIndustry.biz) Sign up for the GI Daily here to get the biggest news straight to your inbox The president of Microsoft has claimed tha…
How Gamers Eclipsed Spies as an Intelligence Threat (Foreign Policy) The latest leak has profound implications for counterintelligence.
Blinken Calls On Russia To Allow Access To Detained WSJ Journalist Gershkovich (RadioFreeEurope/RadioLiberty) U.S Secretary of State Antony Blinken says U.S. consular officers have not been granted access to Wall Street Journal (WSJ) reporter Evan Gershkovich, who is currently detained in Russia.
Russia’s FSB accuses aides of Kremlin critic Navalny of inciting blogger’s killing (Al Arabiya English) Russia’s FSB security service on Thursday accused top allies of jailed Kremlin critic Alexei Navalny of inciting a bomb attack that killed a high-profile
Alexei Navalny's spokesperson claims Putin critic is 'being slowly poisoned' in prison (Republic World) Alexei Navalny is currently serving his prison sentence in a maximum-security penal colony IK-6 located in Melekhovo, approximately 115 miles east of Moscow.
Russian Mother Of Lost Moskva Sailor Refuses To Accept Official 'Story' (RadioFreeEurope/RadioLiberty) Olga Dubinina cannot accept the Kremlin version of events surrounding the sinking of the Moskva in the Black Sea on April 14, 2022. The day before, two Ukraine-launched Neptune rockets were reportedly fired at the Russian missile cruiser. The official number of victims is still unknown.
Norway says expelled Russian diplomats sought sources, technology (Reuters) Fifteen Russian diplomats expelled by Norway this week had sought to recruit sources, intercept communications and buy advanced technology, the Norwegian PST security police said on Friday.
Italy probes how Russian, wanted by US, fled house arrest (AP NEWS) Italy is investigating how a Russian businessman escaped from house arrest to avoid extradition to the U.S. on charges of breaking sanctions. Artyom Uss was arrested at Milan’s main airport in October 2022 on a U.S. warrant. In March, he apparently removed an electronic bracelet at the home near Milan where he had been confined since November. Uss, the son of a Russian regional governor, resurfaced in Russia in early April. Italian media say Italy’s justice minister has ordered a probe into his escape. Uss’ father reportedly thanked Russian President Vladimir Putin for his son’s return.
Russia sentences opposition activist Vladimir Kara-Murza to 25 years in prison (NPR) Kara-Murza's sentence is the harshest prison term delivered yet to a government opponent since the Kremlin launched its war in Ukraine in February 2022.
Russia-Ukraine war live: UN human rights head tells Putin to release Kremlin critic Kara-Murza (the Guardian) UN condemns 25-year prison sentence for Vladimir Kara-Murza for criticising the war in Ukraine
‘My vendetta against Putin’: the Ukrainian sculptor whose work is shaped by war (the Guardian) Mikhail Reva has used shrapnel and missile parts to recreate the nightmare world of the conflict
LockBit ransomware encryptors found targeting Mac devices (BleepingComputer) The LockBit ransomware gang has created encryptors targeting Macs for the first time, likely becoming the first major ransomware operation to ever specifically target macOS.
LockBit Ransomware Tests Taking a Bite Out of Apple Users (Data Breach Today) Apple users: Don't fear newly discovered samples of LockBit ransomware designed to target newer macOS devices. Researchers say the still-in-development code, tied to no known in-the-wild attacks, contains numerous errors, leaving it unable to execute.
Not all Open-source Software is Created Equal: Many Fail to Meet Integrity Standards, Leaving Organizations Open to Cyberattacks (Business Wire) New research from Lineaje assesses open-source software
What it will look like if China launches cyberattacks in the U.S. (POLITICO) Chinese hackers are likely to target U.S. military networks and other critical infrastructure in the event of an invasion of Taiwan.
DragonForce Malaysia attacks Israeli institutions: Radware (SecurityBrief Asia) According to Radware cybersecurity advisory, DragonForce Malaysia has returned for the third year with operations targeting Israel, known as OpsPetir.
DragonForce Malaysia: OpsPetir (Radware) This year, DragonForce Malaysia returns for the third year in a row with operations targeting Israel. OpsPetir, an official replacement for OpsBedil, is a rebranded campaign from DragonForce Malaysia.
Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation (SecurityWeek) Google and CISA warn of Android vulnerability CVE-2023-20963, reportedly exploited as a zero-day by a Chinese app against millions of devices
Zaraza Bot Credential Stealer Targets Browser Passwords (Uptycs) Uptycs threat research has identified a new variant of credential stealing malware, dubbed Zaraza bot, that steals credentials from 38 web browsers.
Bugs in Manarium Play-to-Earn Platform Showcase Crypto-Gaming Insecurity (Dark Reading) Researchers plug in winning scores to make off with NFTs without actually playing the GameFi platform's minigames.
Code Intelligence Uncovers Another Expression DoS in Spring (Code Intelligence) Just 3 weeks after the last Spring finding, Code Intelligence found another DoS vulnerability (CVE-2023-20861) in the popular Java framework. This one has an even higher CVE rating.
Another Expression DoS Vulnerability Found in Spring - CVE-2023-20863 (Code Intelligence) We found another Expression DoS vulnerability in Spring (CVE-2023-20863). CVSS Base Score: 7.5 (high). Here's everything you need to know for mitigation.
Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site (SecurityWeek) Cybersecurity firm Darktrace has issued a statement after it was listed on the leak website of the LockBit ransomware group.
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (Security Intelligence) Unpack a newly discovered malware family dubbed “Domino” — and explore the intricate nature of cooperation among cybercriminal groups and their members. More from IBM Security X-Force.
Ransomware Roundup – Kadavro Vector Ransomware (Fortinet Blog) FortiGuard Labs covers the Kadavro Vector ransomware that encrypts files and demands a ransom in Monero (XMR) cryptocurrency for file decryption. Learn more.…
Analyzing Your Risk from the MSI Breach (Eclypsium) Over the past several weeks, Eclypsium researchers have been closely monitoring an incident involving Micro-Star International (MSI) and likely breach of sensitive product data. MSI has provided few details publicly. However, information obtained by Eclypsium researchers indicates that a new ransomware operator known as Money Message has likely stolen 1.5TB…
Tasmania: 150,000 individuals and businesses affected by Clop ransomware group (Record) The Australian state's government has “proactively reached out by phone to those identified as vulnerable to ensure they have the supports in place," a top official said.
Supermarket giant's credit card customers caught up in massive cyber hack (Breaking Australian and World News Headlines - 9News) Shoppers who applied for a credit card from Coles more than five years ago have been caught up in the large...
IRCTC warns users against ‘fake’ Android app, phishing scam: Report (Hindustan Times) IRCTC has warned its users about a malicious Android application called "irctcconnect.apk."
NatWest warns customers over new email scam (InYourArea.co.uk) Customers are advised to be cautious and vigilant when receiving emails, especially those that require them to share personal information
Rheinmetall suffers cyber attack, military business unaffected, spokesperson says (Reuters) Rheinmetall , suffered a cyber attack to the division of its business dealing with industrial customers, mostly in the automotive sector, the company said on Friday, adding its military division was unaffected.
Crypto platform Bitrue has $23 million stolen in cyberattack (Record) The attacker absconded with digital coinage in the form of Ethereum, Polygon, Shiba Inu, Quant, GALA and Holo.
Stanford: Personal information stolen in health care data breach (The Mercury News) The compromised data included subscriber and dependent names, but no Social Security numbers, officials said.
Culbertson Hospital Systems Hit With Cyber Attack (WLDS) An area hospital’s network was recently disrupted by a cyberattack. Sarah D. Culbertson Memorial Hospital in Rushville notified the public last Friday that they had to take their network offl…
Cyberattack causing treatment delays at Canadian hospital (Record) A cyberattack on a hospital in Ontario, Canada is causing delays to scheduled and non-urgent care.
Cornwall Community Hospital experiencing cyber incident (Standard-Freeholder) Network issue arose on April 11, hospital confirmed Thursday the problem was caused by a cyber incident.
Crafty PDF link is part of another tax-season malware campaign (Record) Accounting firms appear to be the prime target of a malware campaign that mixes some familiar moves with a less common exploit involving a manipulated file shortcut, cybersecurity researchers said Thursday.
Rochester schools end week without internet; questions linger about cyber attack (MPR News) Rochester Public Schools disabled its internet access this week in response to an apparent cyber attack. For students that has meant hot classrooms, lots of pen and paper assignments and even an extra day of Spring Break.
CISA adds Android zero-day to KEV catalogue (Computing) The US Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Android Framework security flaw to its known exploited vulnerabilities (KEV) catalogue, based on evidence of ongoing exploitation.
Actually, Charging Your Phone in a Public USB Port Is Fine! (Slate Magazine) Here’s how the FBI, the FCC, and hundreds of news organizations got this one so wrong.
Google Chrome emergency update fixes first zero-day of 2023 (BleepingComputer) Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year.
WhatsApp announces features to prevent account takeover (Help Net Security) New security features will help WhatsApp prevent unauthorized account access and takeover, increase user privacy.
Threat Horizons April 2023 Threat Horizons Report (Google Cloud Cybersecurity Action Team) When one thinks about the proliferation of military or espionage technology, the typical image is of “spin off,” where once-futuristic fighter jets and spy gadgets gradually become available for public use and commercialized. Sometimes there’s an intermediary step, where non-state groups including organized crime are early adopters and have a mismatch with the defenses of their targets stuck in a previous generation of civil conflict.
ZeroFox to Acquire LookingGlass, Broadening Global Attack Surface Intelligence Capabilities (GlobeNewswire News Room) Deal strengthens ZeroFox’s External Cybersecurity Platform with industry-leading attack surface management (EASM) and threat intelligence capabilities...
Spyware Company QuaDreams Set to Close (Infosecurity Magazine) Under-fire Israeli firm was accused of developing zero-day exploits
Automatic Vulnerability Fixer Mobb Secures $5.4m and Launches Community Tool (PR Newswire) Mobb, the trusted automatic vulnerability fixer, today announced it has raised $5.4M in seed funding led by Angel Investor Ariel Maislos and...
Veridas Increases Capital by €15 Million; Boosts Global Expansion as an Identity Company (Veridas) Veridas Integrates dasGate with aims to grow 100% by 2023 with 26.3 million in revenue and 278 employees. Veridas, a Spanish company specializing in digital identity and biometrics, has announced a 15 million Euro capital increase from its own partners and new positioning as a global identity company, offering solutions for identity management in digital […]
UltraViolet Cyber launches to address the ever-expanding cyber threat (Help Net Security) UltraViolet Cyber launches to provide organizations across the globe with a streamlined approach to address the ever-expanding cyber threat.
Four cybersecurity firms merge to create McLean's UltraViolet Cyber (Washington Business Journal) With backing from private equity, four cybersecurity companies have combined into one and have set up shop in Northern Virginia.
EY and IBM Expand Strategic Alliance into Quantum Computing (IBM Newsroom) The EY organization & IBM announced that EY Global Services Limited will be joining the IBM Quantum Network, further enabling EY teams to explore solutions w/IBM that could help resolve some of today’s most complex business & global challenges.
Croatian ReversingLabs Aiming for Unicorn Status With New Product (Total Croatia News) The impressive Croatian ReversingLabs is aiming for the very prestigious unicorn status with its brand new product. It seems they have a very good chance of success.
Snyk Lays Off Another 128 Staffers as Economic Woes Persist (Bank Info Security) Snyk has executed its third round of layoffs since June 2022, axing 128 workers amid projections of challenging market conditions persisting into early 2024. The
Apollo names Jennifer Gold as new Head of Threat Intelligence (Security Systems News) Apollo Information Systems announced the appointment of nationally recognized cybersecurity and technology leader Jennifer Gold to head their growing Threat Intelligence practice.
New infosec products of the week: April 14, 2023 (Help Net Security) The featured infosec products this week are from: BigID, Binarly, Cynalytica, GitGuardian, Netskope, Searchlight Cyber, ThreatX, and Wazuh.
BlackBerry and KnowBe4: Boost Your Human and Technological Defenses (BlackBerry) BlackBerry and KnowBe4 are partnering to unlock new value for mutual customers, integrating CylancePROTECT® — an AI-based EPP by BlackBerry that blocks up to 99% of attacks — with KnowBe4’s SecurityCoach, a real-time security coaching product that utilizes HDR technology to help strengthen security cultures.
Elon Musk just shut down automation for important public safety accounts (Mashable) Twitter's new API rules just blocked numerous National Weather Service alert accounts and others from working.
Mandiant’s new solution allows exposure hunting for a proactive defense (CSO Online) Mandiant Proactive Exposure Management combines a suite of capabilities to effect exposure hunting, threat correlation, penetration testing, and real-time intrusion defense.
Palo Alto Networks Woos Customers With Years of Free Software as Cloud Security Sales Slow (The Information) The slowdown in enterprise software spending is forcing some software firms to go to extraordinary lengths to win business. Palo Alto Networks, for instance, is giving away cloud security service—literally. The company, which is the biggest stand-alone security software firm measured by market ...
Xator wins $750M contract to support humanitarian logistics with identity services (Biometric Update |) The contract won by the Parsons subsidiary is worth up to $750 million, with a $250 million one-year base period and two single-year option periods.
Verizon Business deploys Zero Trust network capabilities for Siemens (Verizon) Verizon Business is helping advance Siemens’ vision of a secure global Internet-first network with a range of network connectivity solutions.
Deepwatch Announces Enhancements to Channel Partner Program (Deepwatch) MDR leader enhances channel partner program with sales enablement tools & rewards for investment in Deepwatch. Read the press release.
NIST Wants to Mitigate Smart Home Telehealth Cybersecurity Risks (Nextgov.com) The agency is looking for providers to help address the cybersecurity and privacy vulnerabilities in the telehealth ecosystem as it works to create a practice guide on the topic.
How to survive a cyber attack: 3 lessons from the world's top CEOs (World Economic Forum) Cyber attacks are on the rise. Even the most technically advanced companies aren't immune. A new report highlights lessons learned from the world's top CEOs.
Google Proposes More Transparent Vulnerability Management Practices (SecurityWeek) New Google paper calls for increased transparency from vendors regarding their vulnerability management practices.
How Bank Apps Know You’re You (Wall Street Journal) Username and password aren’t the only line of defense protecting mobile financial-account logins from hackers.
How Device Verification protects your WhatsApp account (Engineering at Meta) Device Verification on WhatsApp helps protect users accounts from on-device malware while allowing uninterrupted access to calls and messages.
Cybersecurity 4 Psychology (CYSEC4PSYCH) The goal of this project is to link the fields of cybersecurity and psychology and thus create a new professional field of psychology.
G-7 diplomats reject Chinese, N. Korean, Russian aggression (AP NEWS) Top diplomats from the Group of Seven wealthy democracies are vowing a tough stance on China’s increasing threats to Taiwan and on North Korea’s unchecked tests of long-range missiles. Russia’s war in Ukraine consumed much of the agenda Monday for the envoys gathered in the Japanese resort town of Karuizawa. Their talks will pave the way for action by G-7 leaders when they meet next month in Hiroshima. Japanese Foreign Minister Yoshimasa Hayashi told his colleagues that the world is at “turning point” on the fighting in Ukraine and must firmly reject unilateral attempts to change the status quo by force. A senior official traveling with the U.S. secretary of state says the Biden administration’s goal is to shore up support for Ukraine,
Enea Urges EU PEGA Committee: Broaden the focus beyond spyware to c... (Swedish Ministry of Finance) Enea, a world-leading specialist in telecommunications and cybersecurity software solutions, recently highlighted the types of spyware being used over mobile networks at a public hearing of the Eur...
Germany examining Chinese components in its 5G network, interior minister says (Reuters) Germany's Interior Ministry is examining all Chinese components that are already installed in the country's 5G network, Minister Nancy Faeser was quoted as saying on Sunday, as Berlin re-evaluates its relationship with top trade partner China.
Governments worldwide attempting to regulate generative AI (Enterprise AI | TechTarget) Hours after cloud vendor Alibaba released its generative AI chatbot, China proposed new AI regulation. The U.S. also seeks comments about the systems.
Blinken: US intel leak has not affected cooperation with allies, partners (TRT World) The leak of military intelligence records online is believed to be the most serious US security breach since more than 700,000 documents, videos and diplomatic cables appeared on the WikiLeaks website in 2010.
Time to Designate Space Systems as Critical Infrastructure (FDD) After interviewing more than 30 industry and government experts, the authors have concluded that designating space systems as a U.S. critical infrastructure sector would close current gaps and signal both at home and abroad that space security and resilience is a top priority.
White House should designate space systems as critical infrastructure: Cyberspace Solarium Commission (Record) The U.S. should formally name space as a critical infrastructure sector and take steps to protect satellites and other space systems against cyberattacks, according to a study from the influential Cyberspace Solarium Commission.
Cyberspace Solarium Commission: Space Systems Need Critical Infrastructure Label (Decipher) The cybersecurity issues challenging space systems warrant the attention and resources that come with the critical infrastructure designation, the CSC argues.
SEC’s Gensler Takes on Crypto DeFi Exchanges With Refreshed Rule Plan (Bloomberg) SEC would get more power to scrutinize decentralized finance. Agency voted to reopen comment on oversight plan on Friday.
Testimony of Gary D. Friedman (US EEOC) Introduction Chair Burrows and Commissioners, thank you for inviting me to testify before the Equal Employment Opportunity Commission (“EEOC” or “Commission”) on this important emerging topic. I am a senior partner at Weil, Gotshal & Manges LLP in its Employment Litigation Practice Group, and I represent employers in a wide range of employment-related matters, including discrimination and other complex employment class and collective actions, trade secrets and restrictive covenant litigations, and internal investigations.
Some Democrats worry crackdown on TikTok could hurt party (Washington Post) As the White House toughens its stand toward the wildly popular app, party strategists urge caution
U.S. wiretaps tracked Gulf Cartel after Americans abducted, leak shows (Washington Post) U.S. intelligence agencies were eavesdropping on members of the Gulf Cartel last month after its gunmen attacked and abducted four U.S. travelers, killing two, in the Mexican border city of Matamoros, according to leaked classified documents reviewed by The Washington Post.
Twitter Clashes With Brazil Over School Violence Posts (Bloomberg) Platform resisted calls to remove hate speech content. Authorities threaten to ban and fine social media platforms.
Nigerian man extradited to US over alleged $6 million BEC scam (Record) A Nigerian man is scheduled to appear in a Maryland federal court Friday to begin facing charges that he and two others ran a business email compromise (BEC) scam that took more than $6 million from victims.
For a complete running list of events, please visit the Event Tracker.
Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Apr 14 - 21, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now!
SANS Pen Test Austin 2023 (Austin (and virtual), Texas, USA, Apr 17 - 22, 2023) SANS Pen Test Austin 2023 is six days of in-depth, hands-on penetration testing, red teaming, purple teaming, and exploit development training for professionals who need to know how to find vulnerabilities within their organizations, understand risk, and prioritize resources based on potential real-world attacks. This event isn't just for penetration testers or red team members; it is for any information security professional who wants to understand the mindset, tools, and techniques used by those who intrude where they don't belong. If you like to break things, put them back together, find out how they work, and mimic the actions of real-world bad guys—all the while providing real business value to your organization—this event is for you! View the line-up of cutting-edge offensive operations courses, and register now to learn from leading industry experts.
9th Annual Cybersecurity Conference for Executives (Baltimore, Maryland, USA, Apr 18, 2023) The 9th Annual Cybersecurity Conference for Executives, hosted by Ankura and the Johns Hopkins University Information Security Institute, will foster an open learning environment for C-suite executives, IT and security directors, risk managers, legal/compliance directors, and more across all industries. The world of regulatory compliance is becoming increasingly more complex, as privacy and cybersecurity requirements are enforced both nationally and overseas. With regulations such as GDPR, CCPA, CMMC, SEC, HIPAA, and more, executive leaders are challenged to identify the applicable controls for their organization and ensure compliance.
Election Threats: Past, Present, & Future (Virtual, Apr 19, 2023) Join us virtually on April 19th from 12:00 PM - 1:00 PM. Experts will explore both historical and current domestic threats to our election security: Michael Chertoff, Co-Founder and Executive Chairman, The Chertoff Group; Mary McCord, Executive Director of the Institute for Constitutional Advocacy and Protection, Visiting Professor of Law at Georgetown University Law Center; and David Laufman, Partner, Wiggin and Dana LLP. Moderated by David Hickton, Founding Director, Pitt Cyber. Presented by Pitt Cyber, in partnership with The Azure Forum, CSIS, and Keep Our Republic.
Gender Digital Divide Community Forum: Views From Central & Eastern Europe (New York, New York, USA, Apr 19, 2023) Czechitas, the Consulate General of the Czech Republic in New York and CzechInvest invite you to a community forum on the gender digital divide in Central and Eastern Europe. Forum guests will learn first-hand about women‘s technology challenges and opportunities across the CEE region. Participants will also share cross-border insights with experts on empowering women through technology for economic growth and educational success. Networking with coffee and light refreshments included, so remember to bring your business cards! Event is free, but RSVP is required.