Dateline Moscow and Kyiv: Ukrainian forces completing preparations for their counter-offensive.
Ukraine at D+425: Disruption, deterrence, and battlespace preparation. (CyberWire) Ukraine is generally believed to be in the final stages of preparation for its anticipated spring offensive. US officials describe how prewar Russian cyber operations were discovered and countered.
Ukraine-Russia war latest: Ukraine conducting frequent raids across Dnipro river (The Telegraph) Ukrainian forces on the western side of the Dnipro river are frequently carrying out raids on the eastern bank near Kherson to try and dislodge Russian troops, a regional official has said.
Russia-Ukraine war: List of key events, day 426 (Al Jazeera) As the war enters its 426th day, we take a look at the main developments.
Russia-Ukraine war at a glance: what we know on day 426 of the invasion (the Guardian) One killed and ten injured in strike on museum in Kupyansk; UK’s MoD says daily Russian casualties are falling
Ukraine’s Spring Offensive Comes With Immense Stakes for Future of the War (New York Times) Without a decisive victory, Western support for Ukraine could weaken, and Kyiv could come under increasing pressure to enter serious peace talks to end or freeze the conflict.
At U.S. behest, Ukraine held off anniversary attacks on Russia (Washington Post) Kyiv’s head of military intelligence, Kyrylo Budanov, planned bold strikes deep behind enemy lines that unnerved officials in Washington
Russia’s new T-14 Armata battle tank debuts in Ukraine: Report (Al Jazeera) The T-14 has an unmanned turret, and its crews remotely control the armaments, but Western intel says it has problems.
Why NATO Must Admit Ukraine (Foreign Affairs) Kyiv needs the alliance and the alliance needs Kyiv.
Nikolai Peskov: Putin spokesman's son 'joined Wagner in Ukraine' (BBC News) But some in Russia cast doubt on claims that Nikolai Peskov actually served with the mercenary group.
Britain joining forces with EU to protect wind farms from Putin (The Telegraph) Western leaders discuss drone task force to protect crucial North Sea infrastructure
Years after discovery of SolarWinds breach, Russian hackers could be struggling (Washington Post) Behind the booting of the SolarWinds hackers, and how the Russians are faring now
Russian hacktivist threat on Canada’s pipelines is ‘call to action,’ top cyber official says (Record) A cybersecurity incident affecting a Canadian gas pipeline, which pro-Russian hacktivists and an intelligence officer claimed could have caused an explosion, is “a call to action for the critical infrastructure sector” according to Canada’s top cyber official.
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering (The Hacker News) Russian Hackers Tomiris Targeting Central Asian Government and Diplomatic Entities for Intelligence Gathering
Russia-Ukraine war, and the fears of NotPetya-style attacks (Security Info Watch) Cyber activity since the invasion shows the difference between peacetime and wartime attacks
Continuity or change? The role of cyberspace in future armed conflicts (Defense 24) The ongoing conflict between Russia and Ukraine is being referred to as the first large-scale conventional war in nearly three decades, which is expected to bring significant...
Cybersecurity teams should be taking a military approach to winning the invisible cyber war (Federal News Network) Companies and critical national infrastructure organizations at risk of cyberattack now need to take best practices from the military’s approach to training and readiness and apply the Cyber Flag…
Experts: Cyber, Kinetic Forces Should be Battlefield Twins (Meritalk) A panel of cyber experts gathered by the Atlantic Council last week discussed the outcomes of modern warfare and pointed to the likelihood of increased coordination between cyber and kinetic forces.
Russia's deputy defense minister is under sanctions. His ex-partner is still living the high life in Europe, investigation reveals | CNN (CNN) Svetlana Maniovich is a woman of expensive tastes: invite-only Parisian jewelers, couture clothing and yacht vacations on the Mediterranean. The lifestyle isn't unusual for people in her elite Russian circle, and her lavish spending has been on display on social media and in Russia's society pages. But she's no ordinary Moscow highflyer.
The enemy within? Ukraine’s Moscow-affiliated Orthodox Church faces scrutiny (the Guardian) Church alleged to be arm of the Kremlin – disguising Russian propaganda as religious teachings
Attacks, Threats, and Vulnerabilities
Iran gained access to election results website in 2020, military reveals (Washington Post) Cyber Command cooperation with DHS prevented intruders from muddying results, senior commander tells conference
US gov’t stopped Iranian hackers who ‘gained access’ to 2020 election infrastructure (Record) Two U.S. cybersecurity agencies took actions to protect the 2020 presidential election from Iranian hackers, and thwarted digital criminals who targeted a trio of federal agencies, senior officials revealed on Monday.
New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP) (Bitsight) Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP)
BlackCat Ransomware Group Exploits GoAnywhere Vulnerability (At-Bay) At-Bay’s Cyber Research team confirmed that the BlackCat group has successfully exploited a known vulnerability in Fortra's GoAnywhere MFT.
Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal (Zero Day Initiative) Last week, the Zero Day Initiative (ZDI) threat-hunting team observed new exploit attempts coming from our telemetry system in Eastern Europe indicating that the Mirai botnet has updated its arsenal to include CVE-2023-1389, also known as ZDI-CAN-19557/ZDI-23-451 . This bug in the TP-Link Archer AX
Tech (non)support: Scammers pose as Meta on 3,200-plus fake profiles in Facebook account takeover ploy (Group-IB) Group-IB, a global cybersecurity leader headquartered in Singapore, has today published a new blog post offering a deep dive into a new and still ongoing global phishing campaign launched on Facebook by cybercriminals who impersonate the technical support staff of Meta, Facebook’s parent company.
North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware (Security Affairs) North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The group BlueNoroff is considered a group that operates under the control of the notorious North Korea-linked Lazarus APT group. The […]
Cisco Sees AI Software Making Phishing Attacks Harder to Resist (Bloomberg) Cisco Systems Inc. warned that artificial intelligence software such as OpenAI’s ChatGPT will make phishing attempts much harder to detect, requiring companies to adopt new defenses.
Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks (SecurityWeek) Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations.
US Navy Contractor Fincantieri Marine Group Hit by Cyber-attack (Infosecurity Magazine) Shipbuilder said the incident affected its email server and some network operations
Data security breach may have left Jewel-Osco employees' information exposed (CBS News) As of Monday night, it was not clear how many employees had been impacted.
Cascades remains closed following cyber attack (The Chatham Voice) Still no word on when the Cascades Casino in Chatham – and its sister Gateway Casinos across the province – will reopen. Gateway was the subject of a cyber attack recently, and the company was forced to idle its locations as it sorts out the matter. Gateway officials said they continue to work with all
Some casino sites could reopen this week after cyber attack, but it may already be too late, says tech expert (London CTV News) The shutdown at Gateway Casinos caused by a cyber attack is now into its second week, and at least one tech expert warns that it’s unlikely that personal information hasn’t already been compromised.
Rochester Schools Say Cyber Attack Didn't Touch Student Data (GovTech) After confirming earlier this month that an unauthorized party gained access to some data owned by the district, Rochester Public Schools in Minnesota told families last week that student data was not compromised.
Peugeot leaks access to user information in South America (Security Affairs) Peugeot, a French brand of automobiles owned by Stellantis, exposed its users in Peru, a South American country with a population of nearly 34 million. A brand, best known for its lion roaring for over a century, has leaked access to its user data in Peru. And while the country is not that big of […]
San Bernardino County sheriff's office struggling to recover from ‘malware’ incident (Record) A spokesperson wouldn't confirm if it was a ransomware attack. Local media reported that the department was struggling to recover from the incident.
2023 Cybersecurity Incident (Alaska Railroad) In addition to notifications mailed to affected parties beginning on April 17, 2023 and news release issued April 20, 2023, the Alaska Railroad is providing additional information to the public below.
Security Patches, Mitigations, and Software Updates
Google Authenticator now syncs 2FA with your Google Account, gets new icon (9to5Google) Google is addressing a big gap with its 2FA app by adding sync, with Google Authenticator also getting a new Android and iOS icon...
SolarWinds Platform Update Patches High-Severity Vulnerabilities (SecurityWeek) SolarWinds has patched two high-severity vulnerabilities that could lead to command execution and privilege escalation.
BeyondTrust Global Survey Provides Insights on Identity… (BeyondTrust) BeyondTrust has released a new global survey, “Identity Issues Impact Zero Trust Effectiveness.” The survey’s research focused on understanding current identity and zero trust trends, adoption rates, incidents, solutions, challenges, and new areas of focus.
RSAC 2023 Day 1: Fighting Bad AI with Good AI Is the Future (Channel Futures) AI and cybersecurity took center stage during Day 1 of RSAC 2023 with the message being good AI is needed to fight cybercriminals using bad AI.
Artificial intelligence takes RSA Conference by storm (SC Media) Cybersecurity professionals will need to leverage AI to neutralize sophisticated AI threats leveraged by bad actors, experts said at the RSA Conference.
RSAC 2023: The Cybersecurity Industry Responds to the Growing ‘Identity Crisis’ (Technology Solutions That Drive Business) Artificial intelligence has made it harder to know who’s who — or who’s even human. The implications for security professionals are profound.
Almost three-quarters of cyber attacks involve ransomware (Computer Weekly) Data from Sophos’s annual Active Adversary Report reveals that almost three-quarters of the cyber security incidents it responded to in 2022 involved ransomware.
#RSAC: Climate Change is Increasing Cyber-Risks (Infosecurity Magazine) Chloe Messdaghi outlines the link between climate change and increased cyber-threats, and says this topic must be addressed
Industrial Control Systems Hardening at the Network, Endpoint, and Protocol Level Imperative (ABI Research) Industrial Control Systems (ICSs) including Supervisory Control and Data Acquisition (SCADA
HiddenLayer Named “Most Innovative Startup” at RSA Conference 2023 Innovation Sandbox Contest (Business Wire) RSA Conference™, the world’s leading cybersecurity conferences and expositions, today announced that HiddenLayer is the winner of the annual RSAC Innovation Sandbox contest.
Token Closes $30 Million Financing to Bring its Next-Generation Multifactor Authentication Solution to Market (Business Wire) Investment by Grand Oaks Capital will fund ongoing product development and launch of innovative anti-phishing and ransomware solution
The Palo Alto Research Center (PARC) will join SRI International - PARC (PARC) Signaling a new chapter for Silicon Valley, two veteran R&D leaders are combining minds to advance and accelerate world-changing science and
Elevate Security Receives Investment from CrowdStrike to Drive Proactive Defense for High-Risk Users (Business Wire) Elevate Security integrates with CrowdStrike Falcon platform to automate enterprise-wide collection, analysis, and application of user risk data
NetRise Announces $8 Million in Funding to Advance XIoT Security Technology (Netrise) NetRise raises $8M.
Cybereason cuts valuation by more than 90%, loses unicorn status (Axios) Boston-based cybersecurity "unicorn" Cybereason earlier this month announced $100 million in new funding from existing investor SoftBank.
BIO-key International, Inc. Receives Notice of Non-Compliance from Nasdaq (GlobeNewswire News Room) BIO-key International, Inc. (Nasdaq: BKYI), an innovative provider of workforce and customer identity and...
Forcepoint Selected for Joint Cyber Defense Collaborative to Enhance U.S. Foreign and Domestic Cyber Capabilities (Business Wire) Joint Collaborative marks latest engagement in Forcepoint’s long-standing relationship with CISA
Keeper Security Named Winner of Several Coveted Global InfoSec Awards at RSA 2023 (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software, today announced that the company has been...
Inspira Enterprise, Inc. Appoints Amit Gandre as CEO, Americas (PR Newswire) Inspira Enterprise, Inc. ("Inspira"), a global cybersecurity services organization, today announced that Amit Gandre will serve as CEO of the...
Mimecast Announces Two New Executive Appointments to Drive Customer and Operational Excellence (GlobeNewswire News Room) Jeff Hess and Purnima Jandial Join Corporate Leadership Team as Part of Amplified Organizational Focus on Customer Centricity...
Adlumin Expands Leadership Team with Promotion of Dan McQuade to Chief Technology Officer (Business Wire) As an Established Leader within Adlumin, McQuade Brings More Than 10 Years of Experience Building and Scaling Technology Companies to His New Role
Products, Services, and Solutions
AT&T and Trinity Cyber Collaborate to Deliver Commercially Managed Cybersecurity Solution to the Air Force (Trinity Cyber) AT&T and Trinity Cyber Collaborate to Deliver Commercially Managed Cybersecurity Solution to the Air Force
Zimperium Launches the Only Unified Mobile Security Platform for Threat Detection Visibility and Response for both Endpoints and Apps (PR Newswire) RSAC 2023 - Zimperium, the leading mobile security solution for endpoints and apps, today announced the launch of the Zimperium Mobile-First...
SentinelOne® Launches The Singularity™ Security DataLake (Business Wire) Industry’s most performant security data platform transforms cybersecurity, providing unparalleled insights to identify trends, detect anomalies, and respond to threats in real time
VISO TRUST Revolutionizing Third-Party Risk Management: Bringing Innovation to the Forefront with AI (PR Newswire) VISO TRUST, the emerging cybersecurity company at the forefront of automating vendor due diligence, continues to innovate with AI and machine...
QuSecure’s Leading Post-Quantum Cybersecurity Solution Wins Next-Gen Quantum Computing Global InfoSec Award During RSA Conference 2023 (Business Wire) Judging Panel Honors QuProtect as Industry’s Only Fully Orchestrated Solution Delivering Validated Post-Quantum Cryptography with Managed Deployment that is Monitored for Attack and Actively Defended
Data Theorem’s Leading AppSec Solutions Earn Three Global InfoSec Awards for API, Cloud, and Mobile Security During RSA Conference 2023 (Business Wire) Data Theorem’s API Secure Wins Cutting Edge API Security Award; Cloud Secure Recognized with Next Gen CSPM Award; Mobile Secure Named Best Product in Mobile App Security
Netsurion Wins Global Infosec Awards for MDR and XDR at 2023 RSA Conference (GlobeNewswire News Room) Netsurion, a leading provider of Managed XDR, has been named a winner in three categories at...
RiskLens named winner of a coveted Global InfoSec Award during RSA Conference 2023 (GlobeNewswire News Room) RiskLens wins Editor's Choice Risk Management Award in 11th Annual Global InfoSec Awards at #RSAC 2023...
Devo Technology Exhibits Comprehensive Security Analytics Platform at RSA Conference 2023 (GlobeNewswire News Room) Devo Technology, the cloud-native security analytics company, will showcase the...
Open Systems Wins Coveted Global InfoSec Award during RSA Conference 2023 for Best SASE Platform (PR Newswire) Open Systems, a leader in managed secure access service edge (SASE) services, today announced that its industry-leading managed SASE platform...
Ontinue Takes Top Honors in the CEO and MDR Service Categories of the Global InfoSec Awards (PR Newswire) Ontinue, a leading managed detection and response (MDR) provider and winner of the 2022 Microsoft Security MSSP Partner of the Year award,...
Concentric AI Honored with Data Security Posture Management Global InfoSec Award During RSA Conference 2023 (Business Wire) Concentric AI Semantic Intelligence Recognized by Judging Panel for Unique Deep Learning that Autonomously and Accurately Finds Sensitive Content, Assesses Risk, and Remediates Security Issues
BigID Introduces Industry-Leading Data Risk Management at RSAC (PR Newswire) BigID, the leading platform for data security, compliance, privacy, and governance, today launched Data Risk Management, a critical element of...
TXOne Networks to Showcase New Portable Inspector Tool and Five Coveted Global InfoSec Awards at RSA Conference (Business Wire) Industry-recognized pioneer of OT zero trust approach will share latest cutting-edge solutions at Booth 1067 during RSA Conference
Trellix Launches Comprehensive Endpoint Security Suite (Business Wire) Powerhouse solution protects all enterprise workloads against sophisticated threats
Trellix Expands Threat Intelligence Portfolio to Stay Ahead of Cyber Adversaries (Business Wire) Offerings enhanced through new partnership with intelligence leader Intel 471
NowSecure Wins Four Coveted Global InfoSec Awards from Cyber Defense Magazine at RSA 2023 (News Direct) NowSecure innovation honored for its industry leading mobile app security solutions, services and training courseware at 11th Annual Global InfoSec Awards
Immuta Launches New Data Security Features for Enhanced Data Security Posture Management (DSPM) | Immuta (Immuta) New capabilities help customers quickly identify security gaps and accelerate remediation efforts to strengthen security posture with appropriate data access security controls.
Forcepoint Selected for Joint Cyber Defense Collaborative to Enhance U.S. Foreign and Domestic Cyber Capabilities (Forcepoint) Joint Collaborative marks latest engagement in Forcepoint’s long-standing relationship with CISA
Flashpoint Unveils Ignite: A New Intelligence Platform to Accelerate Threat Detection and Cross-Functional Risk Mitigation (Flashpoint) Engineered for speed, relevance, and action, Flashpoint Ignite delivers a unified intelligence experience that helps CTI, Vulnerability Management, National Security, and Physical Security teams streamline workflows and rapidly reduce risk
Deep Instinct Announces Strategic Partnership with eSentire (Business Wire) Deep Instinct helps Managed Detection and Response (MDR) providers deliver superior endpoint threat prevention as the complexity of unknown attacks increases
Cyera Introduces Data Detection and Response and Unified Data Explorer for SaaS, IaaS and PaaS Revolutionizing Security Operations (PR Newswire) Cyera, the data security company, today unveiled revolutionary new operational capabilities in its AI-powered data security platform. The...
BlackBerry Delivers More Security, Less Complexity with Enhanced Cybersecurity Solutions Portfolio (Yahoo Finance) BlackBerry Limited (NYSE: BB; TSX: BB) today announced a revamped AI-based Cylance® cybersecurity portfolio that advances the company's mission to deliver enterprise-grade security assurances to organizations at a fraction of the time, effort, and initial capital typically required.
Gurucul Wins 2023 Global InfoSec Award at RSA Conference for Cutting Edge Security Information and Event Management (Business Wire) Gurucul Next-Gen SIEM recognized for dramatically reducing SOC operational expenses and improving threat detection efficiency through automation
VirusTotal now has an AI-powered malware analysis feature (BleepingComputer) VirusTotal announced on Monday the launch of a new artificial intelligence-based code analysis feature named Code Insight.
Qwiet AI Builds a Neural Net to Catch Coding Vulnerabilities (Dark Reading) Code property graphs and a threat feed powered by artificial narrow intelligence help developers incorporate AppSec into DevOps.
Google Workspace Extends Enterprise-Grade Security and Device Management for Hybrid Work with Okta and VMware (PR Newswire) Google Cloud today announced a series of new security alliances to bring more choice, capability, and simplicity to enterprise and public...
Cato Networks Introduces Instant RBI Featuring Single-Click Activation (PR Newswire) At the RSA Conference 2023, Cato Networks, provider of the world's leading single-vendor SASE platform, announced the addition of Cato Remote...
GrammaTech Partners with ArmorCode to Deliver Vulnerability Management Orchestration Across Development Pipelines (Business Wire) GrammaTech CodeSonar and ArmorCode combine application vulnerability intelligence with AppSecOps workflows for end-to-end product security automation
Thales Unveils New Secrets Management Solution to Help Reduce Risks and Improve DevOps and Cloud Security (Thales Group) Thales’ new secrets management solution helps ensure that only authorized workloads and applications can access their passwords, API keys, and certificates, protecting them from unauthorized access, theft, or misuse. The process of secrets management typically involves generating and storing secrets securely, controlling access, and monitoring to alert when there is a suspicion of a breach and associated details.
QuintessenceLabs' qStream Entropy-as-a-Service (EaaS) Solution Delivers Truly Random Numbers for Encryption Keys (PR Newswire) QuintessenceLabs, a leader in the quantum cybersecurity industry, is showcasing its qStream™ Entropy-as-a-Service (EaaS) solution this week at...
OT Cybersecurity Leaders to Deliver First Open-Source Information Sharing for Collective Early Warning in Critical Infrastructure (GlobeNewswire News Room) Collaborative information sharing developed by ETHOS to help entire Operational Technology (OT) community rapidly identify, assess and respond to potential...
Exclusive: Google opens its security tools to competitors' platforms (Axios) Google is leaning into flexibility as part of a new strategy to stymie the impact of belt-tightening among cyber chiefs.
Noname Security Joins Intel Network Builders to Enhance Cybersecurity for Enterprise Customers (GlobeNewswire News Room) Collaboration Delivers API Security Innovation to Public, Private, and Hybrid-Cloud Architectures...
VMware Unveils New Security Capabilities to Help See and Stop More Threats (VMware News and Stories) At RSA Conference 2023, VMware will showcase lateral security designed to better protect multi‑cloud and enterprise branch environments.
Hoxhunt Named Winner of Two Prestigious Global InfoSec Awards by Cyber Defense Magazine (PR Newswire) Hoxhunt, the leading cybersecurity behavior change software company, today announced that the company has been named a winner of two Global...
Dilithium core complements Xiphera's xQlave® family of post-quantum cryptography (Design And Reuse) Xiphera announces an implementation of CRYSTALS-Dilithium, a new product in the xQlave® family of quantum-secure IP cores. CRYSTALS-Dilithium algorithm was selected as the primary digital signature algorithm for Post-Quantum Cryptography (PQC) by the US National Institute of Standards and Technology (NIST).
Tanium XEM Platform Wins Top Honors for Endpoint Security in 2023 Global InfoSec Awards (Business Wire) Company continues to lead the market with additional industry recognition in 11th annual award
Seclore Puts Risk Into Focus with New Data Classification and Risk Insights Capabilities That Protect Enterprises’ Most Critical Assets - Seclore (Seclore) Company pioneering data-centric security offers new functionality that will provide customers expanded visibility and actionable insights to help secure data
High Wire Networks Enhances Overwatch Managed Cybersecurity Partner Program as Userbase Increases 430% Over Past Year (GlobeNewswire News Room) Expanded Program Provides Additional Strategic Sales, Marketing, Technical and Operational Support Designed to Drive Greater Recurring Revenue Streams...
Abnormal Protects Against Multi-Channel Attacks (Abnormal) New platform enhancements enable detection of email-like attacks across Slack, Microsoft Teams and Zoom
Sophos’ Industry-First Vendor-Agnostic Managed Detection and Response (MDR) Service Grows Customer Base by 33% in First Six Months Since Launching New Capabilities (GlobeNewswire News Room) Sophos Adds Team of MDR Experts in Germany, Expanding Global Footprint of Security Operations Specialists Defenders Have Less Time to Defend; MDR Services...
Varonis Launches Third-Party App Risk Management (GlobeNewswire News Room) Reduce your cloud attack surface by discovering and remediating risky third-party integrations connected to Microsoft 365, Google Workspace, and...
Apiiro Introduces Industry’s First Risk Graph Explorer to Empower Security Teams with Complete Flexibility to Understand their Application Attack Surface (GlobeNewswire News Room) Powerful and Simple Capability to Query All Code Components, Their Connections, Business Impact and Risks Across Modern Applications and Software Supply...
Everything Blockchain Inc. Expands Availability of EB Control (Globe Newswire) Company removes barriers by making EB Control available through any browser; no download required
iProov and Authsignal partner to strengthen online fraud prevention (Electronic Payments International) iProov, a company offering facial biometric authentication technology, has partnered with Authsignal, a global platform for fraud automation
Graylog Security 5.1 Simplifies Incident Investigations with End-to-End Tracking and Collaboration (Business Wire) Other new features optimize threat detection and response, reduce unnecessary data storage costs
Sonatype Advances Software Supply Chain Management with New Platform Enhancements (GlobeNewswire News Room) Company Upgrades Platform with Boosted Product Capabilities and Refreshed Branding to Drive Developer Productivity and Intelligent Security...
SecurityScorecard Launches First and Only Security Ratings Platform with OpenAI's GPT-4 Search System, Providing Customers with Faster Security Insights (Business Wire) GPT-4 Natural Language Global Search Developed by Innovation Incubator, ScorecardX
Noname Security and IBM Collaborate to Deliver Advanced API Security Offerings (Noname Security) Noname Security announces partnership with IBM® (NYSE: IBM) to provide advanced API security for an organization’s entire API landscape.
Noname Security Partners with Fastest-Growing Software Company Wiz To Secure Cloud APIs and Advance Cyber Resilience (Noname Security) Noname Security announces partnership with Wiz, the leading cloud security platform and world’s fastest-growing software company to help customers improve security posture.
Noname Security Joins Intel Network Builders to Enhance Cybersecurity for Enterprise Customers (Noname Security) Noname Security announces acceptance by Accelerated by Intel.
Traceable AI Introduces World’s First Zero Trust API Access (ZTAA) Solution (Business Wire) Traceable launches world’s first and only solution that integrates API Security with Zero Trust Security initiatives
Sumo Logic to Scale SecOps for Modern Enterprises with Wave of New Innovations Built on Leading Log Analytics Platform (GlobeNewswire News Room) Applies detection logic to behavior modeling with UEBACloud SOAR features added to Cloud SIEM power new Automation ServiceML-powered detection lowers false...
Jamf Showcases New Functionality for Simplifying the Way Work Gets Done During Special Event (GlobeNewswire News Room) Event covers new ways Jamf is empowering IT, simplifying access for users with ZTNA as part of Jamf Connect, and protecting company resources with key...
BigID Launches BigAI: Adapting Generative AI to Accelerate Data Security, Governance and Risk Management (PR Newswire) BigID, the leading platform for data security, compliance, privacy, and governance, today announced the launch of BigAI, its newest AI engine...
Enzoic Enhances its Active Directory Lite to Help Companies Spot Password Vulnerabilities (Business Wire) Free Monitoring Tool Combats Compromised Credentials and Now Scans for Stale Accounts, Password Sharing and Other Critical Risk Factors
Tufin to Showcase Network Access Automation Between Cloud-Native and Traditional Network Devices at RSAC 2023 (Business Wire) Company to Preview Enhanced Microsoft® Azure® and Cisco® Meraki® Support, and Demonstrate How Tufin Shrinks Attack Surface and Accelerates Application Delivery
NetBrain Drives No-Code Network Automation with Release of NetBrain Next-Gen (Business Wire) Enables Network Automation to be used pervasively across every hybrid multi-cloud network
Thales Unveils New Secrets Management Solution to Help Reduce Risks and Improve DevOps and Cloud Security (Business Wire) Thales’ CiperTrust Data Security Platform now enables customers to manage and secure DevOps and cloud workloads’ secrets
Sonatype Advances Software Supply Chain Management with New Platform Enhancements (Sonatype) Sonatype has unveiled new product capabilities and refined product names as part of a strengthened software supply chain management platform.
Eclypsium Launches Supply Chain Security Platform for Enterprise Infrastructure (Business Wire) RSA Conference-- Eclypsium®, the digital supply chain security company protecting enterprises’ critical hardware, firmware, and software, today announced the release of its Supply Chain Security Platform.
Technologies, Techniques, and Standards
Zero Trust is the Pentagon's new cyber buzzword. It might not have stopped the Discord leaks. (Breaking Defense) When it comes to zero trust, there’s “a lot of buzz” on things like secure facilities and networks, but not as much emphasis on “how do we watch and make sure it’s staying that way," one expert said.
Les Alliés et plusieurs pays partenaires participent au plus grand exercice de cyberdéfense au monde (NATO/OTAN) Depuis le 19 avril 2023, plus de 3 000 spécialistes venus de 38 pays – notamment des pays membres et des pays partenaires de l’OTAN – participent à l’édition 2023 de l’exercice « Locked Shields », organisé chaque année par le Centre d’excellence pour la cyberdéfense en coopération à Tallinn (Estonie).
U.S. deploys more cyber forces abroad to help fight hackers (Reuters) The United States is sending more of its cyber forces abroad to help foreign governments fight hackers, a top U.S. military official said at the RSA cybersecurity conference in San Francisco.
U.S. Sent Teams into Foreign Networks to Hunt SolarWinds, Microsoft Hackers (Wall Street Journal) The U.S. military deployed teams of hackers to foreign networks in 2020, in the days after a major cyberattack on federal agencies was revealed. They hunted for intruders to study their behavior before shutting down their access, according to U.S. officials discussing the events publicly for the first time Monday.
Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said (CyberScoop) During the 2023 RSA Conference, top officials provided rare insight into sharing information to protect U.S. networks from malicious hackers.
A threat to us is a threat to you – US Hunt Forward Operations embedded to Homeland Security (Australian Cybersecurity Magazine) The US Department of Defence Cyber National Mission Force (CNMF), and Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) shared details for the first time this morning on recently declassified cyber operations, showcasing how both organisations work together to bolster cyber defenses.
#RSAC: Three US Federal Agencies Suffer Cyber Intrusion Campaign (Infosecurity Magazine) The CISA and CNMF prevent a foreign-based cyber-criminal carrying out an attack on three US Federal Agencies
Cyber hygiene: Building blocks to protect attack surfaces (Security Magazine) Cyber breaches or ransomware-induced shutdowns can crush a company. But, cybersecurity hygiene can greatly limit exposure and prevent most breaches.
Design and Innovation
SentinelOne experiments with GPT-4 as part of new threat hunting platform (VentureBeat) SentinelOne announced the launch of a threat hunting platform that uses GPT4 and other LLMs to help SOC analysts automate threat response.
AI Spam Is Already Flooding the Internet and It Has an Obvious Tell (Vice) The phrase 'as an AI language model' is starting to flood Amazon user reviews and Twitter bot accounts.
ChatGPT Can Help Doctors—and Hurt Patients (WIRED) The chatbot is tempting physicians with its ability to spout medical information, but researchers warn against trusting AI with tough ethical decisions.
Research and Development
Transparent labeling of training data may boost trust in artificial intelligence (Penn State University) Showing users that visual data fed into artificial intelligence (AI) systems was labeled correctly might make people trust AI more, according to researchers. The findings may also pave the way to help scientists better measure the connection between labeling credibility, AI performance and trust.
These two countries are teaming up to develop AI for cybersecurity (ZDNET) Singapore's Ministry of Defence and France's Ministry of the Armed Forces will jointly develop artificial intelligence capabilities, with potential research areas that include natural language processing.
National Cybersecurity Alliance Partners with One In Tech Foundation to Launch HBCU Scholarship Program (GlobeNewswire News Room) WASHINGTON, April 25, 2023 (GLOBE NEWSWIRE) -- The National Cybersecurity Alliance (NCA), the nation’s leading nonprofit promoting cybersecurity...
Truman State University students feel extra stress during cyber attack (KTVO) A cyberattack forced the shutdown of all computers on the Truman State University (TSU) campus and halted all online classes.
Legislation, Policy, and Regulation
Crypto Regulatory Affairs: European Parliament Votes to Approve Landmark MiCA Regulation (Elliptic Connect) The passage of MiCA is a defining moment in the effort to bring greater oversight and transparency to crypto markets. Read more.
Top US Intelligence Official Warns of Global Digital Crackdown on Dissent (Bloomberg) China a ‘leading perpetrator’ of repression, Avril Haines said. China spokesman pushes back against US ‘slanders and smears’.
China Developing Cyber Weapons to Gain Control of Enemy Satellites (CircleID) According to a leaked US intelligence report, China is developing capabilities to "deny, exploit or hijack" enemy satellites as a core part of its goal to control information.
Government pledges £100 million for AI taskforce (Computing) The UK government has pledged £100 million to form a Foundation Model Taskforce, whose focus will be developing AI to solidify the UK's standing as a science and technology leader by 2030.
DHS Outlines Cyber Priorities in Release of Delayed Review (Nextgov.com) The Department of Homeland Security’s long-delayed Quadrennial Homeland Security Review warned that “more complex” threats to the nation, such as crippling cyberattacks, could affect “multiple industries, sectors and national critical functions.”
DHS Procurement Cyber Reporting Requirement Needs Clarifying, Watchdog Finds (Nextgov.com) The Government Accountability Office noted that several major acquisition programs at DHS didn’t think the requirement applied to them.
NIST sets sights on implementing identity provisions from the CHIPS Act (FCW) According to a recent roadmap, NIST is looking to issue guidance on how federal, state and local governments can offer attribute validation services.
Opinion | I Was General Counsel of the N.S.A. America Has a Problem With Secrets. (New York Times) We need to start treating the protective end of the intelligence process like it’s as important as the collection part.
Iowa congressman aims to beef up school cybersecurity after Des Moines district breach (Des Moines Register) New federal legislation would aim to help schools prevent and respond to cyber-attacks, months after Des Moines schools' data was breached.
Litigation, Investigation, and Law Enforcement
US sanctions supporters of North Korean hackers, Iranian cyberspace head (Record) The Justice Department announced indictments and the Treasury Department implemented sanctions against men suspected of conspiring to launder money for the North Korean government. An Iranian official was sanctioned, too.
North Korean Foreign Trade Bank Rep Charged for Role in Two Crypto Laundering Conspiracies (Department of Justice. U.S. Attorney's Office District of Columbia) Two federal indictments, unsealed today in the District of Columbia, charge a North Korean Foreign Trade Bank (“FTB”) representative for his role in money laundering conspiracies designed to generate revenue for the Democratic People’s Republic of Korea, through the use of cryptocurrency. A third indictment charges one of the co-conspirators in a separate scheme.
Treasury Targets Actors Facilitating Illicit DPRK Financial Activity in Support of Weapons Programs (U.S. Department of the Treasury) WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned three individuals for providing support to the Democratic People’s Republic of Korea (DPRK) through illicit financing and malicious cyber activity. The DPRK launders stolen virtual currency and deploys information technology (IT) workers to fraudulently obtain employment to generate revenue in virtual currency to support the regime and its unlawful weapons of mass destruction and ballistic missile programs.
U.S. Supreme Court to decide if public officials can block critics on social media (Reuters) The U.S. Supreme Court, exploring free speech rights in the social media era, on Monday agreed to consider whether the Constitution's First Amendment bars government officials from blocking their critics on platforms like Facebook and Twitter.
US Supreme Court rejects computer scientist's lawsuit over AI-generated inventions (Reuters) The U.S. Supreme Court on Monday declined to hear a challenge by computer scientist Stephen Thaler to the U.S. Patent and Trademark Office's refusal to issue patents for inventions his artificial intelligence system created.
CFPB still has not notified consumers about data breach (American Banker) The Consumer Financial Protection Bureau said it is still working to notify consumers about the Feb. 14 breach in which a bank examiner sent personal information on 256,000 consumers and supervisory information on 45 institutions to his email.
Could your employees’ use of ChatGPT put you in breach of GDPR? (ComputerWeekly.com) Following Italy's run-in with OpenAI’s ChatGPT, legal expert Richard Forrest emphasises the necessity for additional scrutiny while using AI tools in a work environment, and practical guidance on doing so safely
Prince Harry takes on Murdoch unit over phone-hacking, brother 'settled' (Reuters) Britain's Prince William has settled a phone-hacking claim against Rupert Murdoch's UK newspaper arm for a "very large sum" after a secret deal struck with Buckingham Palace, lawyers for the heir's brother Prince Harry said in court documents.