Dateline
Ukraine at D+440: FSB cyberespionage network disrupted. (CyberWire) Ukraine claims to have inflicted heavy casualties on Russian forces in Bakhmut. The Five Eyes take down the FSB's Turla cyberespionage infrastructure.
Russia-Ukraine war at a glance: what we know on day 441 of the invasion (the Guardian) The French parliament has called on the EU to formally label the Russian mercenary group Wagner as terrorists; Russian governor says two drones shot down in Voronezh region
Russia-Ukraine war: List of key events, day 441 (Al Jazeera) As the war enters its 441st day, we take a look at the main developments.
Russia-Ukraine war live: Ukraine claims it has partially destroyed brigade attacking Bakhmut with heavy Wagner losses (the Guardian) Ukraine’s military says Russia increasingly relying on regular forces after heavy losses to mercenary group in eastern city
Opinion Ukraine’s offensive is coming. Keep your expectations in check. (Washington Post) Unlike many TV series, most military battles do not feature tidy endings. The long history of warfare includes few fights that conclusively settled the larger struggle, which is why we know the names of the relative handful that did: Yorktown, Waterloo, Hastings.
Russia’s last red line: Will the West help Ukraine liberate Crimea? (Atlantic Council) The Crimean question has become a litmus test for Ukraine’s Western partners; do they want Ukraine to win the war, or are they merely seeking to avoid an outright Russian victory?
Russia’s losses are worse than anyone thinks (The Telegraph) Estimates of the Kremlin’s military casualties may be far too low given Kyiv’s use of new precision weapons
Russia's version of NATO is crumbling, with even some of its closest allies frustrated by Putin's war in Ukraine (Business Insider) The Russian-led Collective Security Treaty Organization has shown cracks since Russia invaded Ukraine, with allies visibly snubbing Vladimir Putin.
Putin claims West is waging a ‘real war’ on Russia at WWII parade (Military Times) Moscow reprised a familiar refrain at scaled-down Victory Day celebrations that may reflect the toll of Russia's war of aggression on Ukraine.
Putin’s embarrassing one-tank parade hints at catastrophic losses in Ukraine (Atlantic Council) Putin has transformed Victory Day into a celebration of Russia's resurgence as a military superpower, but this year's embarrassing one-tank parade underlined the catastrophic scale of Russian losses in Ukraine, writes Peter Dickinson.
A single WWII-era tank showed up for Russia's 'Victory Day' parade in Moscow (Task & Purpose) Tanks for the laughs!
Putin has nothing left to display (The Telegraph) Analysis from Dominic Nicholls, Associate Editor and Aliona Hlivco, former MP in Ukraine, of Russia's Victory Day parade in Moscow
Putin’s military might has vanished (The Telegraph) Victory Day underscored just how much weaponry the Russian army has lost in Ukraine. Yet Putin's capacity for self-delusion was on full show
Ukraine war: Jet pilots talk about the air war with Russia (BBC News) Ukrainian and Russian pilots are fighting to control the skies. Could Western jets change the war?
U.S., U.K. vow to aid Ukraine regardless of counteroffensive outcome (Washington Post) Britain and the United States will continue supporting Ukraine regardless of whether its military can recover territory from Russia in a planned counteroffensive, two senior officials said on Tuesday.
US announces $1.2B Ukraine aid package ahead of counteroffensive (The Hill) The Biden administration on Tuesday pledged a massive $1.2 billion chunk of long-term military assistance to Ukraine as the embattled country readies a counteroffensive that could alter the course …
U.S. Provides Ukraine $1.2 Billion for Air Defense, Artillery (U.S. Department of Defense) The United States will provide Ukraine with a $1.2 billion package to bolster the country's air defenses and sustain its artillery needs, Pentagon Press Secretary Air Force Brig. Gen. Pat Ryder said.
Pentagon Press Secretary Air Force Brig. Gen. Pat Ryder Holds a Press Briefing (U.S. Department of Defense) Pentagon Press Secretary Air Force Brig. Gen. Pat Ryder held a press briefing.
Hunting Russian Intelligence “Snake” Malware (Joint Cybersecurity Advisory) The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets.
U.S. Agencies and Allies Partner to Identify Russian Snake Malware Infrastructure Worldwide (National Security Agency/Central Security Service) The National Security Agency (NSA) and several partner agencies have identified infrastructure for Snake malware—a sophisticated Russian cyberespionage tool—in over 50 countries worldwide.
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service (US Department of Justice) “Russia used sophisticated malware to steal sensitive information from our allies, laundering it through a network of infected computers in the United States in a cynical attempt to conceal their crimes. Meeting the challenge of cyberespionage requires creativity and a willingness to use all lawful means to protect our nation and our allies,” stated United States Attorney Peace. “The court-authorized remote search and remediation announced today demonstrates my Office and our partners’ commitment to using all of the tools at our disposal to protect the American people.”
CISA and Partners Disclose Snake Malware Threat From Russian Cyber Actors (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and defend against this threat.
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure (Cybersecurity and Infrastructure Security Agency CISA) Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats:
• Patch all systems. Prioritize patching known exploited vulnerabilities.
• Enforce multifactor authentication.
• Secure and monitor Remote Desktop Protocol and other risky services.
• Provide end-user awareness and training.
Hunting Russian Intelligence “Snake” Malware (Cybersecurity and Infrastructure Security Agency CISA) The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P network serve as relay nodes which route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets. Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.
US Disrupts Russia's Sophisticated 'Snake' Cyberespionage Malware (SecurityWeek) US government disrupts Snake, a sophisticated cyberespionage malware officially attributed to a unit of Russia’s FSB agency.
Kremlin-linked ‘Snake’ espionage malware eliminated, Justice Department says (Record) U.S. law enforcement used its own tool to take down the Turla hacking group's Snake malware. Turla is associated with Russia's FSB intelligence service.
FBI Disables Malware Russia Allegedly Used to Steal Documents from NATO Allies (Wall Street Journal) The operation highlights the FBI’s increasing efforts to go beyond arresting hackers and find new ways to disrupt cyberattacks.
U.S. cyber officials go big-game malware hunting (Washington Post) With ‘Operation Medusa,’ U.S. cyber officials cut off the head of Russia’s ‘Snake’ hacking campaign.
FBI disrupts sophisticated Russian cyberespionage operation (CyberScoop) A law enforcement effort dubbed "Medusa" targeted malware deployed by Moscow's Federal Security Service, officials said Tuesday.
FBI Disrupts Turla Espionage Malware Network (Decipher) While Operation Medusa disrupts long standing espionage efforts by Turla, security researchers say that its effects will only be temporary.
Federal Operation Takes Down Sophisticated Russian Malware (Nextgov.com) Snake malware has plagued international digital networks for nearly two decades; a joint federal effort finally dismantled the web of espionage spyware.
US busts Russian cyber operation in dozens of countries (Military Times) The Justice Department says it has disrupted a long-running Russian cyberespionage campaign that stole sensitive information from U.S. and NATO networks.
FBI disrupts sophisticated Russian cyberespionage operation (CyberScoop) A law enforcement effort dubbed "Medusa" targeted malware deployed by Moscow's Federal Security Service, officials said Tuesday.
UK and allies smash Snake, Russia’s top digital hacking tool (The Telegraph) The malware, a core component of Russian espionage operations for nearly two decades, was dismantled by the NCSC, FBI and others
Russia’s invasion fails to prevent progress in Ukraine’s energy sector (Atlantic Council) Russia's seven-month airstrike campaign against Ukraine's civilian energy infrastructure has failed to derail Ukrainian progress toward greater energy sector integration with the EU, writes Aura Sabadus.
'Gotta be there early': American special ops lessons from Ukraine (Breaking Defense) Building special forces relationships with other countries requires being on the ground and meeting the partner where they are, SOCOM chief Gen. Bryan Fenton said.
French journalist killed in Russian rocket strike in Ukraine (the Guardian) AFP video coordinator Arman Soldin, 32, who was ‘totally dedicated to his craft’, died in attack near Bakhmut
Attacks, Threats, and Vulnerabilities
New phishing-as-a-service tool “Greatness” already seen in the wild (Cisco Talos Blog) Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.
RapperBot DDoS Botnet Expands into Cryptojacking (Fortinet Blog) FortiGuard Labs discusses the changes observed in a new RapperBot campaign and provides a technical analysis of the variant upgraded with miner capabilities. Learn more.…
Ransomware - Akira and Rapture (Avertium) This month has seen activity from two lesser-known ransomware groups that are not currently in the spotlight. Let’s look at them - Akira and Rapture.
Threat Assessment: Royal Ransomware (Unit 42) Royal ransomware has made notable attacks against sectors such as healthcare and infrastructure. Our overview includes victimology and functionality.
BEC Campaign via Israel Spotted Targeting Large Multinational Companies (Dark Reading) The latest scams request historically high sums of around $700,000.
North Korean hackers stole 830K people’s data in attack on Seoul hospital: ROK (NK News - North Korea News) North Korean hackers accessed the personal medical records of hundreds of thousands of patients at a major hospital in Seoul, police announced Wednesday, in one of the largest known cyberattacks on South Korean civilian infrastructure. The threat actor hacked into the intranet of Seoul National University Hospital (SNUH) between May and June 2021 using seven […]
Food distribution giant Sysco warns of data breach after cyberattack (BleepingComputer) Sysco, a leading global food distribution company, has confirmed that its network was breached earlier this year by attackers who stole sensitive information, including business, customer, and employee data.
More than 1 million people have SSNs leaked after cyberattack on hospital technology giant (Record) More than 1 million people had their Social Security numbers leaked after a cyberattack on hospital technology giant NextGen Healthcare
More than 45,000 affected by December cyberattack on Metropolitan Opera (Record) Hackers accessed the sensitive personal information of more than 45,000 people across the U.S. during a December cyberattack on the Metropolitan Opera.
B2B LinkedIn scams: trends & how to prevent them (NordLayer) Discover the latest research on LinkedIn scams and learn how to protect yourself from fake profiles and phishing schemes. Stay safe on the platform!
Australia's TechnologyOne halts trading after being hit by cyber attack (Reuters) Australia's TechnologyOne Ltd said on Wednesday it had detected an unauthorised third-party access to its back-office systems, becoming the latest target in a series of cyber attacks that has bogged companies in the country since last year.
Dallas restores core emergency dispatch systems (Cybersecurity Dive) “At this point, we do not have evidence or indication that there has been data removed during this attack,” Dallas CIO Bill Zielinski told city officials Monday.
Ransomware gang that hit Dallas an offshoot of Conti group, researchers say (StateScoop) The Royal ransomware group has claimed responsibility for more than 150 attacks since last year, including one against the City of Dallas.
Cyber hack to cost UK outsourcer Capita up to $25 mln (Reuters) British outsourcing company Capita warned it would take a 15 million pound to 20 million pound ($25 million) hit after its systems were hacked in a cyber incident earlier this year.
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-29336 Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
Security Patches, Mitigations, and Software Updates
Microsoft fixes three zero-days in May 2023 Patch Tuesday (Computing) A Secure Boot bypass flaw was actively exploited by a threat actor to install the BlackLotus UEFI bootkit
¡OLÈ! Microsoft patches pre-auth RCE, zero day, warns on BlackLotus bootkit (Stack) Although May Patch Tuesday she be but little, she is fierce: Microsoft has pushed out a modest 38 new security fixes for its monthly fix cycle , but don’t get caught napping: They include fixes for a pre-authentication remote code execution (RCE) vulnerability in Outlook, CVE-2023-29325, that requires no user interaction, no privileges and for which the preview pane is a threat vector, and a Win32k Elevation of Privilege (EOP) vulnerability, CVE-2023-29336, which gives SYSTEM and which has been reported by AVAST as exploited in the wild.
Microsoft Releases May 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA) Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Light May Patch Tuesday will weigh heavily on Windows admins (SearchWindowsServer | TechTarget) Microsoft corrected 38 new vulnerabilities, including two Windows zero-days and a flaw that could open Microsoft Outlook users to threats from email.
Adobe Patches 14 Vulnerabilities in Substance 3D Painter (SecurityWeek) Adobe has patched more than a dozen vulnerabilities, including critical code execution flaws, in its Substance 3D Painter product.
SAP Security Patch Day - May 2023 (Onapsis) SAP released new and updated security patches for its May 2023 SAP Patch Day. Read a comprehensive summary and how Onapsis contributed.
Mozilla Releases Security Advisories for Multiple Products | CISA (Cybersecurity and Infrastructure Security Agency CISA) Mozilla has released security advisories to address vulnerabilities in Firefox and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released two Industrial Control Systems (ICS) advisories on May 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
How number matching works in multifactor authentication (MFA) push notifications for Microsoft Authenticator (Microsoft Entra) Learn how to use number matching in MFA notifications
Trends
ESET APT Activity Report Q4 2022–Q1 2023 (WeLiveSecurity) This issue of the ESET APT Activity Report features an overview of the activities of selected APT groups as analyzed by ESET Research in Q4 2022 and Q1 2023.
Global Research from Delinea Reveals That 61% of IT Security Decision Makers Think Leadership Overlooks the Role of Cybersecurity in Business Success (PR Newswire) Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced findings from a global...
Threat Research | Uptycs Quarterly Threat Bulletin #7 Q1 (May 2023) (Uptycs) This bulletin is a tool to evaluate and form a more robust detection and protection posture against the latest threats in Windows, Linux & macOS platforms.
Data Encryption from Ransomware Reaches Highest Level in Four Years, Sophos’ Annual State of Ransomware Report Finds (GlobeNewswire News Room) Paying the Ransom Doubles Recovery Costs Rate of Ransomware Attacks Remains Steady, with 66% of Organizations Surveyed Reporting They Were a Victim of...
State-Sponsored Actors Leading Cause of Cyber Concern in Public Sector (Nextgov.com) A new SolarWinds report details how foreign hackers have become the largest concern among government entities, and how zero-trust strategies have become the most popular defense.
Incode Releases "Consumer Pulse on Biometrics" Survey Report (PR Newswire) Incode Technologies Inc., a leading provider of world-class identity verification and authentication solutions for global enterprises, today...
The 2023 Third-Party Risk Management Study (Prevalent) Our definitive report, The 2023 Third-Party Risk Management Study: How Are Organizations Avoiding TPRM Turbulence? is loaded with insightful data, analysis and recommendations from a survey of global third-party risk management practitioners.
Marketplace
Young Cyber Companies Face Uncertain Economy (Wall Street Journal) Newer cybersecurity companies are grappling with uncertain economic conditions as they find it harder to raise capital, continue to trim their workforces and refocus on profits after long periods of chasing growth.
SquareX raises $6M as it empowers users to be fearless online (Benzinga) Coming out of stealth, the cybersecurity startup is launching a productivity-first security solution. SquareX has raised the seed round from Sequoia Capital Southeast Asia...
Data Protection Startup Optery Raises $2.7 Million in Seed Funding (SecurityWeek) Data protection startup Optery has raised $2.7 million in a seed funding round led by Bayhouse Capital.
It’s Time to Build For America: Announcing Our $500M+ Commitment to Companies Building in American Dynamism | Andreessen Horowitz (Andreessen Horowitz) We’re proud to share that we’re dedicating $500 million toward the early stage companies building for American Dynamism. We’re eager to make bold bets on bold entrepreneurs at all stages of the building process.
Palo Alto Networks Stock Joins Elite Club Of Stocks With RS Ratings Over 90 (Investor's Business Daily) On Tuesday, Palo Alto Networks (PANW) received an upgrade to its Relative Strength (RS) Rating, from 90 to 93.
Wiz's rapid ascent to $10 billion valuation in market downturn shows cloud security is 'still huge' (CNBC) Wiz is gaining traction quickly in cloud security and taking business from Palo Alto Networks, but not simply by offering lower prices.
Celebrating Tanium's 2023 Women of the Channel (Tanium) Tanium is excited to announce that four of its female channel leaders are recognized in the 2023 Women of the Channel program by CRN®, a brand of The Channel Company.
AfP partners with GCA to strengthen digital peacebuilding (GCA | Global Cyber Alliance | Working to Eradicate Cyber Risk) Global Cyber Alliance and Alliance for Peacebuilding partner to improve cybersecurity within the peacebuilding community and fragile communities.
UScellular Donates $28,150 in wireless hot spots and service to New Beginnings (The Laconia Daily Sun) To help provide reliable and safe internet access and opportunities and keep local families connected, UScellular has donated 25 wireless hotspots and two years of service to New
Products, Services, and Solutions
650 Group Reaffirms Versa Networks’ Market Leadership for Both Deployed SASE and Enabled SD-WAN (Business Wire) 650 Group Reports Reveal Versa is the Market Leader for Both Deployed SASE and Enabled SD-WAN for the Third Year in a Row
DigiCert announces partnership with Oracle to make DigiCert® ONE available on Oracle Cloud Infrastructure (PR Newswire) DigiCert, a leading global provider of digital trust and a member of Oracle PartnerNetwork (OPN), today announced a partnership to provide...
Omada Named an Overall Leader in the KuppingerCole Leadership Compass Access Governance Report (PR Newswire) Omada A/S ("Omada"), a global leader of Identity Governance and Administration (IGA), announced today that the company has been named an...
VirnetX Partners with Samsung (PR Newswire) VirnetX Holding Corporation (NYSE: VHC) today announced that it has signed an agreement with Samsung to resell Samsung's digital display...
DataDome Expands Partner Program to Accelerate Delivery of Best-in-Class Protection to Enterprises Worldwide (PR Newswire) DataDome, a leading provider of AI-powered online fraud and bot management, is proud to announce it is strategically expanding its channel...
Quest Software Releases QoreStor v7.2 to Protect Organizations From Data Loss and Cyberattacks (GlobeNewswire News Room) Secondary software storage solution ensures operational resilience across all IT environments...
Gurucul Builds Next-Gen Security Analytics and Operations Platform on the Snowflake Data Cloud (Business Wire) Gurucul’s platform, Powered by Snowflake, allows customers to rapidly identify and mitigate risks
UberEther Announces IAM Advantage, a First-to-Market DoD IL5 ICAM Package Offering (GlobeNewswire News Room) Best-in-class identity providers UberEther, Ping Identity, SailPoint, Nok Nok, Radiant Logic, Appgate and Carahsoft join forces to modernize identity...
Aqua Enhances Software Supply Chain Security with Pipeline Integrity Scanning (GlobeNewswire News Room) Real-Time eBPF monitoring technology prevents code tampering throughout build and delivery...
Tanium Earns Protected B Status by the Government of Canada (Business Wire) Classification enables federal departments to be prepared for cyber threats with complete visibility, control, and remediation of their endpoints in the cloud
Palo Alto next-gen firewall now supports Azure (SC Media) Palo Alto Networks announced that its cloud-based next-generation firewall is now available on Microsoft Azure as an Azure-native, a managed independent software vendor service, according to SDxCentral.
Kyndryl collaborates with Fortinet to modernize mission-critical networking (Help Net Security) Kyndryl is leveraging Fortinet secure networking solutions to help enterprise customers modernize their security architectures.
Proficio Expands Cybersecurity Offerings through Cyber Intelligence House Partnership (EIN Presswire) Collaboration provides advanced cyber exposure monitoring services
Vanta Expands Partnership with CrowdStrike, Announces New Integration to Secure Access for Automated Compliance (Business Wire) New integration transforms automation process for security operations at scale
Shine a Light on Shadow IT: Vanta Launches Category-First Vendor Risk Management Solution (Business Wire) Delivering a single platform to assess vendor risk, automate security reviews and remediate issues
Technologies, Techniques, and Standards
The SBOM Bombshell (SecurityWeek) SBOMs can be used for managing risk and determining vulnerability impact: Here are three key points that you need to take away from your SBOM.
Streamline Security Vendor Selection with VAC (IANS) IANS’ Vendor Assessment Community streamlines security vendor decision-making process. Read about how you can use Faculty and peer research to provide an unbiased perspective on selected tools and services.
Air Force Is Working on Rules for Using ChatGPT (Defense One) The service's CIO also wants to encourage exploration of the "incredibly powerful capability" of generative artificial intelligence tools.
How To Delete Your Data From ChatGPT (WIRED) OpenAI has new tools that give you more control over your information—although they may not go far enough.
Design and Innovation
Microsoft and Oracle Discussed Sharing AI Servers to Solve Shortage (The Information) Oracle and Microsoft recently discussed an unusual agreement to rent servers from each other if either company runs out of computing power for cloud customers that use large-scale artificial intelligence, according to a person with direct knowledge of the negotiations. A deal would help the two ...
Academia
Students can’t get off their phones. Schools have had enough. (Washington Post) Administrators see them as an intensifying distraction — or, worse, a tax on students’ mental health
URI to host R.I. high school students at CS4RI Cyber Summit (URI News) WHAT: The University of Rhode Island will host the CS4RI Cyber Summit, which will bring more than 350 Rhode Island school students to the Kingston Campus for a day of activities that will excite and inspire them about the possibilities of computer science and cybersecurity in their futures. CS4RI (Computer Science for […]
Legislation, Policy, and Regulation
DoD Releases National Defense Science and Technology Strategy (U.S. Department of Defense) The Department of Defense released the National Defense Science and Technology Strategy.
Pentagon strategy urges faster tech transition, more collaboration (C4ISRNet) The 11-page strategy, which the department released May 9, also emphasizes the need for more investment in lab and test infrastructure.
Austria to join countries banning TikTok from government phones (Reuters) Austria will join the growing list of countries banning Chinese-owned video-sharing app TikTok from government employees' work phones, Interior Minister Gerhard Karner said on Wednesday.
TikTok Is Not the Enemy (The Information) The tensions surrounding TikTok in the U.S. have been building for years, but lately they have reached a boiling point. More than half of all states have either partially or fully banned TikTok on government devices. The Biden administration gave the platform an ultimatum, demanding that ...
Two New State Privacy Laws – But What is Really New? (Seyfarth Shaw) Tennessee and Montana are now set to be the next two states with “omnibus” privacy legislation. “Omnibus” privacy legislation regulates personal information as a broad category, as opposed to data collected by a particular regulated business or collected for a specific purpose, like health information, financial or payment card information. As far as omnibus laws go, Tennessee and Montana are two additional data points informing the trend we are seeing at the state level regarding privacy and data protection. Fortunately (or unfortunately depending on your point of view) these two states have taken the model which was initiated by Virginia and Colorado instead of following the California model.
TSA Says Its Drone Program Won’t Collect Much Info on the Public (Nextgov.com) The agency is going to use drones to conduct security assessments at airports, transportation incidents and large security events.
Discord leaks show classified vetting needs reform. Here's what should happen. (Breaking Defense) It's time for the SF-86 form to focus on digital interactions, writes Richard Phillips of the Center for the Study of the Presidency and Congress
EU draft rules propose tougher cybersecurity labelling rules for Amazon, Google, Microsoft (Reuters) Amazon , Alphabet's Google, Microsoft and other non-European Union cloud service providers looking to secure an EU cybersecurity label to handle sensitive data can only do so via a joint venture with an EU-based company, according to an EU draft document seen by Reuters.
Litigation, Investigation, and Law Enforcement
Police Arrest Suspected Cybercriminal Kingpin In Rivers (Independent) The Nigeria Police Force (NPF) through their Seasoned Cybercrime Forensic and Intelligence Assets has nabbed a cybercrime kingpin, George Gift Ikata, 21 years old.
Spanish police dismantle phishing operation linked to crime ring (BleepingComputer) The National Police of Spain have arrested two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams.
U.K. Citizen Extradited and Pleads Guilty to Cyber Crime Offenses (US Department of Justice) A U.K. citizen pleaded guilty today in New York to his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter.
Feds continue takedowns of DDoS-for-hire ‘booter’ sites (Record) U.S. law enforcement has seized 13 more internet domains that hosted “booter” services for attacking websites, prosecutors said Monday, and four people arrested in a previous sweep have pleaded guilty to related charges.
The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services (WIRED) For a decade, a group called Big Pipes has worked behind the scenes with the FBI to target the worst cybercriminal “booter” services plaguing the internet.
Exclusive: Deputy AG Monaco on ‘Operation Cookie Monster’ and why it represents a change (Record) In an exclusive interview with the Click Here podcast, Deputy Attorney General Lisa Monaco says the Department of Justice's latest takedown of a cybercrime site "should feel familiar" to anyone who has followed U.S. counterterrorism operations.
Pearson initiates legal proceedings against company that used its content to train language models (Computing) The company has already issued a cease-and-desist letter to an unnamed tech firm