Dateline: Russia's war against Ukraine.
Ukraine at D+449: G7 sanctions as cyberespionage and hacktivism continue. (CyberWire) President Zelenskyy will meet with the G7 as local fighting and hacktivist sparring continue.
Russia-Ukraine war: List of key events, day 450 (Al Jazeera) As the war enters its 450th day, we take a look at the main developments.
Russia-Ukraine war at a glance: what we know on day 450 of the invasion (the Guardian) Ukraine claims to have destroyed 19 drones and missiles out of 28 launched on Friday morning; Zelenskiy to attend Arab League and G7 meetings in person
Ukraine live briefing: Missile attack again jolts Kyiv; Patriot system still operational, U.S. says (Washington Post) Explosions rocked Kyiv early Thursday, as Russia continued a wave of strikes on the Ukrainian capital. An air raid alert remained in place, and residents were urged to stay in shelters. Debris from missiles fell on the city, but no casualties were reported.
How Ukraine turned the tables on Russia's aerial assault with these Western weapons (CNN) It’s the big question that has Russian military commanders scratching their heads: What’s made Ukraine’s air defenses so impenetrable all of a sudden?
Ukraine's Counteroffensive Appears Imminent. Here's What To Watch For. | RANE (Stratfor) Kyiv's spring offensive will likely target the south, where even small gains could put Russian forces on the defensive and force Putin to mull more unpopular mobilization measures.
‘They keep going even after being shot a few times’: The daily life of a Russian soldier (The Telegraph) Russian infantry are dispatched on blind charges nicknamed ‘Zombie Waves’ across no-man’s land, running headlong into machine gun fire
Why Ukraine Shouldn’t Talk to Russia—Yet (The Atlantic) Until the fighting makes both sides converge over the war’s realistic outcome, the West would undermine its ally by advocating for a peace deal.
Opinion The survivors of Putin’s atrocities have a warning for us (Washington Post) Those who argue that Russian President Vladimir Putin should be allowed to keep parts of Ukraine should meet the survivors of his atrocities. They know firsthand the horror of life under Russian occupation. Their stories remind us of what Ukraine is fighting for — and what the free world is standing against.
New Bernard Henri-Lévy documentary challenges Ukraine fatigue (Atlantic Council) For anyone seeking to make sense of Russia’s war in Ukraine, viewing French public intellectual Bernard Henri-Lévy’s new feature-length documentary “Slava Ukraini” (“Glory to Ukraine”) isn’t an option. It’s a must.
Ukrainian civilians subject to ‘unbearable routine’ of Russian attack (UN News) Nearly 15 months after Russia began its full-scale invasion of Ukraine, civilians are forced to live through an “unbearable routine”, amidst alarming levels of destruction and damage to their communities, said the deputy UN disarmament chief on Thursday.
Russia’s New Nuclear Normal (Foreign Affairs) How the country has grown dangerously comfortable brandishing Its arsenal.
The failure of Russia’s Wunderwaffe is game over for Putin (The Telegraph) In Kyiv I witnessed first-hand Moscow's wonder weapons fail. They were its last throw of the dice
Ukraine intelligence chief says Kyiv wants a demilitarized border zone up to 60 miles inside Russia to prevent future conflicts (Business Insider) Ukraine's intel chief said a demilitarized zone to prevent future conflicts "shouldn't be an issue" for Russia unless they were planning more attacks.
Ukraine's Zelenskyy to attend G-7 Hiroshima summit in person (Nikkei Asia) Leader seeks more aid ahead of expected counterattack
Zelenskyy to attend G7 summit Sunday as world leaders tighten sanctions against Russia over Ukraine (AP NEWS) Leaders of the world's most powerful democracies are pledging to tighten punishments on Russia for invading Ukraine. The Group of Seven leaders meeting in Japan made clear that their support for Ukraine “will not waver." Ukrainian President Volodymyr Zelenskyy was expected to join the summit in Japan in person on Sunday, following a virtual appearance on Friday. Russian President Vladimir Putin’s nuclear threats against Ukraine, along with North Korea’s missile tests and China’s expanding nuclear arsenal, have resonated with Japan’s push to make nuclear disarmament a major part of the summit that opened Friday in Hiroshima, Japan.
G7 prepares new Russia sanctions as Zelenskiy to attend summit in person (the Guardian) Ukrainian president to take part in Hiroshima talks on Sunday as leaders target exports to Russia
G-7 latest: Quad to meet Saturday, replacing canceled Sydney summit (Nikkei Asia) Zelenskyy stops in Jeddah for Arab League Summit on way to G-7
EU says 'Russian diamonds are not forever' in sanctions push at G-7 (Nikkei Asia) G-7 trade restriction could shrink source of funding for Russia's war in Ukraine
U.S. Plans to Expand Sanctions, Export Controls on Russia (Wall Street Journal) The new effort targets military and energy industries, with Western allies planning to roll out similar measures.
US signals to allies it won't block their export of F-16 jets to Ukraine (CNN Politics) The Biden administration has signaled to European allies in recent weeks that the US would allow them to export F-16 fighter jets to Ukraine, sources familiar with the discussions said, as the White House comes under increasing pressure from members of Congress and allies to help Ukraine procure the planes amid intensifying Russian aerial attacks.
$3 billion accounting error means the Pentagon can send more weapons to Ukraine (AP NEWS) The Pentagon has overestimated the value of the weapons it has sent to Ukraine by at least $3 billion. It's an accounting error that could be a boon for the war effort because it will allow the Defense Department to send more weapons now without asking Congress for more money. The acknowledgment comes at a time when the Pentagon is under increased pressure by Congress to show accountability for the billions of dollars it has sent in weapons, ammunition and equipment to Ukraine and as some lawmakers question whether that level of support should continue.
Congressional lawmakers are shocked by reports of the Pentagon's $3B Ukraine aid error. (POLITICO) News and analysis from Capitol Hill for when you only have a few minutes, from POLITICO.
Opinion | The U.S. and U.K. Are Split on the Ukraine War (Wall Street Journal) The British are more assertive, the Americans more worried about provoking Russia.
Russian hackers hit Polish news sites in DDoS attack (Cybernews) Multiple Polish news websites were knocked offline Thursday after being hit by DDoS attacks said to be instigated by Russian hackers.
Europe: The DDoS battlefield (Help Net Security) Global DDoS trends in 2022, mirroring geopolitical challenges and nation-state conflicts, show DDoS as part of the hybrid warfare arsenal.
The Hunt for VENOM SPIDER PART 2 (eSentire) Tracking the Real Mastermind Behind the Cyber Weapon of Choice for Two of Russia’s Most Notorious Internet Crime Gangs
“Honey, I’m Hacked”: Ethical Questions Raised by Ukrainian Cyber Deception of Russian Military Wives (Just Security) States must pay greater attention to adequately preparing military relatives for targeted cyber deception campaigns.
Russian IT worker jailed for participating in pro-Ukraine DDoS attacks (Record) A Russian regional court sentenced an IT worker to three years imprisonment on Tuesday for joining pro-Ukraine DDoS attacks against Russian government websites.
Russian dissident gets three years in prison colony for DDoS attacks on military website (Cybernews) A pro-Ukraine activist based in Russia has been sentenced to three years in a prison colony for launching cyberattacks on its Ministry of Defense in opposition to the war.
Analysis of the CloudWizard APT framework (SecureList) Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict.
A Mysterious Group Has Ties to 15 Years of Ukraine-Russia Hacks (WIRED) Kaspersky researchers have uncovered clues that further illuminate the hackers’ activities, which appear to have begun far earlier than originally believed.
Pro-ISIS Channel: Russian Hackers Carried Out Cyber Attack On Ukrainian Government Networks Using WinRAR Files (MEMRI) A channel on the Rocket.Chat server operated by the Islamic State (ISIS) published a post reporting that hackers been using WinRAR files to carry out "destructive cyberattacks," including a recent attack by Russian hackers targeting Ukrainian government networks.
Bank of Canada details cyber concerns - Business Insurance (Business Insurance) The Bank of Canada said Thursday that a major cyberattack on one part of the financial system could quickly spread and threaten overall financial stability.
Ukraine Marks 79th Anniversary Of Stalin-Era Deportations Of Crimean Tatars (RadioFreeEurope/RadioLiberty) Ukraine on May 18 marked the 79th anniversary of Stalin-era deportations of Crimean Tatars to Central Asia.
Attacks, Threats, and Vulnerabilities
China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan (Trellix) The rise in tensions between Taiwan and China has led to a worrying increase in cyberattacks towards Taiwan
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (Dark Reading) Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.
Escalating China-Taiwan Tensions Fuel Alarming Surge in Cyber Attacks (The Hacker News) Cyber warfare escalates amidst rising tensions between China and Taiwan. Find out how malicious actors are using phishing lures and trojans.
From GitHub to Account Takeover: Misconfigured Actions Place GCP & AWS Accounts at Risk (Rezonate) Contents Key Points Background GitHub OpenID Provider Integration GitHub OIDC Integration with GCP & AWS Potential Misconfiguration Identifying Vulnerable Organizations Remediation Guidelines In April 2023, Rezonate research team explored prevalent misconfigurations of GitHub integration with cloud native vendors. GitHub OIDC-based trust relations have been found with the critical misconfigurations that leave connected AWS/GCP accounts vulnerable...
A different kind of ransomware demand: Donate to charity to get your data back (CyberScoop) The group has claims nearly 180 targets despite being relatively new and casts its attacks as a form of activism.
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices (Trend Micro) An overview of the Lemon Group’s use of preinfected mobile devices, and how this scheme is potentially being developed and expanded to other internet of things (IoT) devices. This research was presented in full at the Black Hat Asia 2023 Conference in Singapore in May 2023.
This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide (The Hacker News) ALERT: Lemon Group, a cybercrime enterprise, has taken control of millions of pre-infected Android smartphones worldwide!
Cybercrime gang pre-infects millions of Android devices with malware (BleepingComputer) A cybercriminal tracked as the "Lemon Group" has been infecting millions of Android-based smartphones, watches, TVs, and TV boxes, with a malware strain named 'Guerilla.'
The Top 5 Cloud Security Risks of 2023 (so far) (Orca Security) The cloud security landscape is constantly evolving. Get a comprehensive look at the top 5 cloud security risks that organizations may face in 2023.
New API-based attacks on Microsoft Teams underscore the need for wider awareness training (SC Media) Security researchers say awareness training must explain other methods of phishing and go beyond just teaching users not to click on suspicious links.
Pimcore: One click, two security vulnerabilities (Sonar) We discovered two vulnerabilities in Pimcore that could be chained together in one GET request to achieve RCE.
Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks (The Hacker News) Cisco has released crucial updates to address 9 vulnerabilities in its Small Business Series Switches.
KeePass exploit helps retrieve cleartext master password, fix coming soon (BleepingComputer) The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked.
Hackers target vulnerable Wordpress Elementor plugin after PoC released (BleepingComputer) Hackers are now actively probing for vulnerable Essential Addons for Elementor plugin versions on thousands of WordPress websites in massive Internet scans, attempting to exploit a critical account password reset flaw disclosed earlier in the month.
3 Ways Hackers Use ChatGPT to Cause Security Headaches (Dark Reading) As ChatGPT adoption grows, the industry needs to proceed with caution. Here's why.
The dangers of ChatGPT: this is how cybercriminals are using artificial intelligence (Gearrice) Cybersecurity experts warn of the most common uses of ChatGPT features by cybercriminals. Knowing them will help you avoid them.
Super Mario Bros. Movie Pirates Getting Hit With Malware (Kotaku) Some illegal downloads of Nintendo and Illumination’s Mario movie come with a malicious Trojan virus
Gentex confirms data breach by Dunghill ransomware actors (Security | TechTarget) The Dunghill ransomware gang claimed it breached Gentex Corporation and stole sensitive data, and Gentex confirmed the breach this week.
UK steel industry supplier Vesuvius says ‘cyber incident’ cost £3.5 million (Record) The engineering company told U.K. regulators that despite the incident in February, its share price was still exceeding expectations.
UHS of Delaware Files Notice of Third-Party Data Breach (JD Supra) On May 17, 2023, United Health Services of Delaware (“UHS of Delaware”) filed a notice of data breach with the Montana Attorney General’s office after...
A Month After Cyberattack, a Fix May Be Weeks Away for Harvard Pilgrim (NBC Boston) A month after cyberattack, a fix may be weeks away for Harvard Pilgrim
Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown (Record) Dozens of angry parents and patients are demanding answers after an Oklahoma allergy clinic shut its doors, blaming a cyberattack for the abrupt closure.
Security Patches, Mitigations, and Software Updates
About the security content of iOS 16.5 and iPadOS 16.5 (Apple Support) This document describes the security content of iOS 16.5 and iPadOS 16.5.
Apple’s secret is out: 3 zero-days fixed, so be sure to patch now! (Naked Security) All Apple users have zero-days that need patching, though some have more zero-days than others.
CISA Releases Five Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA released five Industrial Control Systems (ICS) advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Trends
Intelligence Trends Summary: January - April 2023 (Retail & Hospitality ISAC) In this installment of the RH-ISAC Intelligence Trends Summary, we highlight where intelligence sharing, requests for information (RFIs), surveys, and a wide variety of other engagements continued to provide insights into the major security concerns and challenges facing the community.
Confidence Game: The Shifting Tactics Fuel Surge in Business Email Compromise (Microsoft Threat Intelligence Cyber Signals) Microsoft’s Digital Crimes Unit has observed a 38 percent increase in Cybercrime-as-a-Service targeting business email between 2019 and 2022.
RSA 2023 Survey Reveals the Biggest SIEM Challenges Facing the SOC Today (Gurucul) Gurucul recently conducted a survey of more than 230 security professionals at the 2023 RSA Conference to better understand the biggest SIEM challenges facing the SOC today.
Report finds just one unpatched vulnerability increases the risk of a cyber insurance claim by 33% (SiliconANGLE) Report finds just one unpatched vulnerability increases the risk of a cyber insurance claim by 33% - SiliconANGLE
Cyber Threats Will Only Grow (AUSA) The Army is hardening its networks and strengthening cooperation with allies and partners to protect against cyberattacks and information warfare, a panel of experts said May 17 at the Association of the U.S. Army’s LANPAC Symposium and Exposition in Honolulu.
McAfee ‘Safer Summer Holidays’ Travel Report Reveals Impact of Cost-of-Living Crisis on Summer Travel and Digital Safety (Business Wire) As adults globally get ready for summer travel, inflation and cost-of-living concerns drive 56% of vacationers to seek out bargain holiday deals
Marketplace
SpiderOak Secures Investment from Accenture, Raytheon Technologies & Stellar Ventures (PR Newswire) SpiderOak, a leader in zero-trust cybersecurity and resiliency solutions for space systems, is pleased to announce an investment from key...
WestBridge Capital picks up $236m stake in Zscaler (CIO News) WestBridge Capital Management LLC has picked up a $236 million stake in Indian billionaire Jay Chaudhry’s cloud security company, Zscaler.
Consulting firm Krebs Stamos Group lays off six employees (TechCrunch) The consultancy cybersecurity firm founded by Chris Krebs and Alex Stamos laid off six employees, showing the cybersecurity world isn't immune to layoffs.
NSO Group Spends Millions Lobbying US Government (Infosecurity Magazine) Spyware maker wants return to
Stairwell Hires Eric Foster As Next Step in Strategic Expansion (PR Newswire) Stairwell, a leading cybersecurity company that empowers security teams to outsmart any attacker, today announced the appointment of Eric...
Dasera Names Seasoned Tech Executive Terry Hill as Chief Revenue Officer (Business Wire) Will Leverage Recent Series A Funding to Drive Revenue Growth and Expand Dasera's Presence in the Data Security Industry
Products, Services, and Solutions
New infosec products of the week: May 19, 2023 (Help Net Security) The featured infosec products this week are from: Bitwarden, Cloudflare, ComplyAdvantage, Enzoic, Neurotechnology, Nozomi Networks, and Satori.
Zerto Unveils Real-Time Encryption Detection and Cyber Resilience Vault for Hybrid Cloud Security (Zerto) New Detection, Alerting, and Air-gapped Capabilities Empower Users to Thwart Ransomware Attacks
Zerto 10 Introduces Enhanced Disaster Recovery and Mobility for Microsoft Azure at Scale (Zerto) Offering Native Protection of Azure Virtual Machines, Multi-Volume VM Support, and Enhanced Scale-Out Efficiency for Infrastructure Flexibility
Management Controls, Inc. Selects Quorum Cyber to Strengthen Cybersecu (PRWeb) Get more story insights from reading Quorum Cyber’s complete MCi case study
Serving state, local governments, and global
1Password Launches New Products to Bring Passkeys to Any Website (PR Newswire) 1Password, the leader in human-centric security and privacy, today launched Passage by 1Password — a standalone authentication solution that...
Bitdefender Expands Cybersecurity Partnership with Ferrari (Bitdefender Blog) Luxury Automotive Company with its Legendary F1 Racing Team Integrates Bitdefender Advanced Threat Intelligence into its Operations to Detect and Respond to Cyber Threats Faster
.
Concentric AI Announces Industry’s First Deep-Learning Driven Detection of Secrets and Keys within Today’s Most Popular On-premise and Cloud Data Repositories (Business Wire) Deep Learning and Natural Language Processing Detects Secrets and Keys for Applications Embedded in Unstructured Data in Data Repositories and Email/Messaging Applications
Inspira Partners with Microsoft and Saviynt on Converged IAM Solution (PR Newswire) Inspira Enterprise, Inc., a leader in business outcome-based cybersecurity solutions and digital transformation, has launched its new I-AM...
New KnowBe4 SecurityCoach Integrates With Bitdefender GravityZone (Yahoo Finance) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced that its new SecurityCoach product integrates with Bitdefender GravityZone, a leading next-generation endpoint protection platform for threat prevention, detection and response. The new partnership and product integration between the two cybersecurity leaders will help reduce risky behavior, support real-time security coaching and help organizations become more cyber resilien
Check Point Software Extends its Industry-Leading Cloud Firewall to Secure Microsoft Azure Virtual WAN (Check Point Software) Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, announces the general availability of its
Zebra Digital Partners with RocketFuel to Offer B2B Cryptocurrency Solutions (GlobeNewswire News Room) RocketFuel Blockchain, Inc. (OTCQB: RKFL) (“RocketFuel” or the “Company”), a global provider of...
MCi Protects its Customers with Enterprise-Grade Cyber Security (Quorum Cyber) Management Controls, Inc. (MCi) provides critical Software-as-a-Service (SaaS) solutions and needed to transform its cyber security ...
Technologies, Techniques, and Standards
NIST SP 800-63-4: What the new phishing-resistant definition means for federal agencies (Federal News Network) The recent drafts from National Institute of Standards and Technology around cybersecurity highlight important updates on where the government is moving on technology and the focus on increasing…
Enduring Security Framework ESFlock (NSA) The National Security Agency/Central Security Service leads the U.S. Government in cryptology that encompasses both signals intelligence insights and cybersecurity products and services that enables computer network operations to gain a decisive advantage for the nation and our allies.
WH cyber adviser raises AI watermarking in private meeting with tech execs (FedScoop) During a discussion on the sidelines of RSA, Anne Neuberger urged tech leaders to watermark online content to help tackle AI-generated disinformation.
Is Patching the Holy Grail of Cybersecurity? (Security Intelligence) Patching is an essential component of your cybersecurity strategy. However, patching alone isn't enough to keep your organization safe.
Why the Distinction between Compliance and Security Matters (Spiceworks) Ben Smith of RSA Security, explains why organizations must go beyond compliance to achieve comprehensive protection.
Most Companies Can’t Handle Cybersecurity Alone (Harvard Business Review) The way to detect and neutralize determined cyber attackers is with 24/7 eyes-on-glass delivered by expert security operations professionals. These highly skilled operators have never been more critically urgent. Few organizations, however, have the right tools, people, infrastructure, and processes in-house to do this on their own.
Pentagon Cyber Official Provides Progress Update on Zero Trust Strategy Roadmap (U.S. Department of Defense) The Defense Department is on track to implement its zero trust cybersecurity framework by fiscal year 2027 as planned, the Pentagon's senior information security official said.
Breezeline Promotes Online Safety Awareness (GlobeNewswire News Room) Breezeline sponsorship supports CyberSecurity NonProfit...
CISA and ONCD Award Champions of the Fourth Annual President’s Cup Cybersecurity Competition (Cybersecurity and Infrastructure Security Agency) Top cyber talent from the Federal Government honored in White House ceremony
Your digital life isn’t as permanent as you think it is (MIT Technology Review) Google will delete accounts after two years of inactivity, and experts expect more data deletion policies to come
Design and Innovation
AI and ChatGPT aren’t intelligent. They just parrot human thought – and lies (The Telegraph) Sorry, Drake fans, the ability to reproduce his music is not a sign of intelligence
AI in your pocket: ChatGPT officially comes to iPhone with new app (Ars Technica) App brings popular AI assistant to an official mobile client app for the first time.
Grammarly Wants to Expand Its AI From the Classroom to the Office (Bloomberg) Company offers software to improve office communications. The tool faces competition from Google, Microsoft and others.
Research and Development
Request for Information: Automated Worker Surveillance and Management (Office of Science and Technology Policy) Employers are increasingly using automated systems to monitor, manage, and evaluate their workers. These systems may allow employers to manage supply chains, improve health and safety, or make other informed business decisions. At the same time, applications of surveillance and monitoring systems can also pose risks to workers, including to their health and safety, equal employment opportunities, privacy, ability to meet critical needs, access to workplace accommodations, and exercise of workplace and labor rights, including their rights to form or join a labor union. The White House Office of Science and Technology Policy (OSTP) seeks comments from the public to better understand automated surveillance and management of workers, including its prevalence, purposes, deployment, and impacts, as well as opportunities for Federal agencies to work with employers, workers, and other stakeholders to ensure that these systems do not undermine workers' rights, opportunities, access, health, or safety.
Academia
Grambling Receives $74K for ‘Ethical Hacking’ Lab (Biz New Orleans) Hands-on, practical training is something employers are looking for in potential hires, and funding recently awarded to Grambling State University’s Department of Computer Science and Digital Technologies will provide just that for GSU cybersecurity students. GSU received $74,261 from the Department of Defense’s (DOD) National Security Agency (NSA) that will...
Legislation, Policy, and Regulation
Ukraine and China Will Dominate G7 Summit, but a New Threat Lurks: A.I. (New York Times) The leaders are expected to hold their first talks on a common regulatory approach to generative artificial intelligence.
China Puts Spymaster in Charge of U.S. Corporate Crackdown (Wall Street Journal) Investigations into due-diligence firms show how state-security clique is gaining more control over economic policy.
FTC Warns About Misuses of Biometric Information and Harm to Consumers (Federal Trade Commission) The Federal Trade Commission today issued a warning that the increasing use of consumers’ biometric information and related technologies, including those powered by machine learni
Bill Bolstering Satellite Cybersecurity Advances in Senate (Nextgov.com) The legislation was introduced in early May.
What NIST is hearing from industry about critical infrastructure cybersecurity (Federal News Network) Some things in life are certain. Death, taxes and, wait for it: updates to NIST cybersecurity documents.
CIA Focused on Cyber, Conducting Simulated Attacks, CISO Says (Meritalk) The Central Intelligence Agency (CIA) is hyper-focused on cybersecurity and is conducting simulated cyberattacks to better understand the “bad actors” who are trying to do “the unthinkable,” the agency’s chief information security officer (CISO) said on May 16.
Inglis Exits National Cyber Director Role, Uncertainty Looms Over Digital Defense Strategy (SOFREP) Chris Inglis' imminent departure as National Cyber Director raises concerns about the nation's cybersecurity landscape, prompting urgent calls for a successor to ensure continuity and effective execution of the national cybersecurity strategy.
Four federal departments have not fully implemented cloud security practices, GAO says (FCW) The departments of Agriculture, Homeland Security, Labor and Treasury have made varying amounts of progress in applying crucial cloud security practices, but remain far from fully executing them, the watchdog found.
Litigation, Investigation, and Law Enforcement
Supreme Court shields Twitter from liability for terror-related content and leaves Section 230 untouched (CNN Politics) The Supreme Court handed Silicon Valley a massive victory on Thursday as it protected online platforms from two lawsuits that legal experts had warned could have upended the internet.
Briefing: Supreme Court Sides With Tech Companies in Liability Cases (The Information) The Supreme Court said Thursday that Google, Facebook and Twitter couldn’t be held liable for hosting content from an extremist group known as ISIS, but avoided ruling on a key legal protection known as Section 230.
In a unanimous decision, the court rejected arguments from the families of victims of ISIS violence that the tech firms could be held responsible because their algorithms
United States: Clear victory for free speech in the Supreme Court decisions (ARTICLE 19) ARTICLE 19 welcomes today’s US Supreme Court decisions in two key cases, Twitter v. Taamneh and Gonzalez v Google, concerning liability of online platforms for terrorist content they host and recommend. The decisions represent a significant win not just for two platforms but also for free expression online. The two cases heard earlier this year […]
A cyber scare for public transit (Washington Post) Transit agencies are particularly vulnerable to cyberattacks, as D.C.’s apparent breach shows
Russian Hacker “Wazawaka” Indicted for Ransomware (KrebsOnSecurity) A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev, a.k.a. "Wazawaka"…
Russian National Charged with Ransomware Attacks Against Critical Infrastructure (US Department of Justice) The Justice Department today unsealed two indictments charging a Russian national and resident with using three different ransomware variants to attack numerous victims throughout the United States, including law enforcement agencies in Washington, D.C. and New Jersey, as well as victims in healthcare and other sectors nationwide.
Premom fertility app shared sensitive data with Chinese analytics firms, FTC says (TechCrunch) Fertility tracking app Premom shared users’ sensitive information with third-party advertisers without their consent, the FTC alleges.
Pentagon leak suspect Jack Teixeira due back in court as judge weighs his continued detention (AP NEWS) A judge is poised to decide whether a Massachusetts Air National Guard member accused of leaking highly classified military documents will remain behind bars while he awaits trial. Jack Teixeira is due back in federal court Friday in Worcester, Massachusetts, where a magistrate judge is expected to hear arguments on prosecutors’ request to keep the 21-year-old locked up before issuing a ruling. Prosecutors said in court papers filed this week that Teixeira was caught by superiors months before his April arrest taking notes on classified information or viewing intelligence not related to his job.
18-year-old charged with hacking 60,000 DraftKings betting accounts (BleepingComputer) The Department of Justice revealed today that an 18-year-old man named Joseph Garrison from Wisconsin had been charged with hacking into the accounts of around 60,000 users of the DraftKings sports betting website in November 2022.
Wisconsin man, 18, charged in cyberattack on sportsbook (ABC News) An 18-year-old Wisconsin man has been charged with crimes related to a cyberattack on a fantasy sports and betting site this past fall that impacted approximately 60,000 accounts, according to an indictment unsealed Thursday by the United States Attorney's Office of the Southern District of New York.
Some Of Russia’s Most Dangerous Cybercriminals Just Had Their Malware Dealer Unmasked (Forbes) American sleuths claim what might be a major cyber scalp by uncovering the creator of the ‘Golden Chickens’ malware that’s tied to over $1 billion in damages. They’re hopeful it will disrupt two of Russia’s most profitable hacking crews.
Attorney General charges 4 ex-officials in Pegasus spyware probe (Mexico News Daily) The government accused the 4 ex-officials of fraud and embezzlement in relation to the purchase of Pegasus spyware and its use from 2012-18.
IRS deploys cyber attachés to fight cybercrime abroad (The Hill) The IRS Criminal Investigation (CI) announced Thursday that it will launch a pilot program in June in which cyber attachés will be sent across four continents to combat cyber crime. The attachés w…
IRS deploys cyber attachés to fight cybercrime abroad (Yahoo Entertainment) The IRS Criminal Investigation (CI) announced Thursday that it will launch a pilot program in June in which cyber attachés will be sent across four continents to combat cyber crime. The attachés will focus on cracking down tax and financial crimes that use cryptocurrency, decentralized finance, peer-to-peer payments and mixing services. The four attachés will…
SolarWinds Board Wins Appeal Over 2020 Russian Cyberattack (1) (Bloomberg Law) SolarWinds Corp.‘s senior leaders prevailed on appeal Wednesday against shareholder litigation over a 2020 cyberattack by Russian hackers that compromised the systems of Fortune 500 companies and US government agencies.
Investors' case against SolarWinds resolved in favour of company (iTWire) The verdict in a case filed by investors against the directors of the software firm SolarWinds, claiming they were aware of the risks that the firm's software posed, but failed to act to prevent devastating attacks that came to light in 2020, has gone in favour of the company. The Supreme Court...
Radiology Group Sues Broker Over Lapsed Cyber Insurance Policy (Wall Street Journal) A Raleigh firm alleges that its cyber insurance expired without its knowledge on the eve of a hack.
Twitter Accuses Microsoft of Improperly Using Its Data (New York Times) In a letter to Microsoft’s chief executive, Satya Nadella, Twitter said the tech giant had violated a data agreement.
Eye insurance firm agrees to $2.5 million settlement with state AGs after data breach (Record) EyeMed will pay a penalty to New Jersey, Florida, Oregon and Pennsylvania for a 2020 data breach. New York state previously reached a settlement in the case.