Biden’s democracy summit should produce a transatlantic anti-corruption strategy (Atlantic Council) The Biden administration's impressive new corruption strategy should inspire the UK and EU to join in.
The Future of Conquest (Foreign Affairs) Fights over small places could spark the next big war.
G7 warns Russia of 'massive' consequences if Ukraine invaded (AP NEWS) LIVERPOOL, England (AP) — The Group of Seven economic powers told Russia on Sunday to “de-escalate” its military buildup near the Ukrainian border, warning that an invasion would have “massive consequences” and inflict severe economic pain on Moscow.
Don’t Sell Out Ukraine (Foreign Affairs) The west must respond to Russia with strength, not appeasement.
Six ways Russia views Ukraine — and why each should worry the West (Washington Post) Since President Biden’s call with Russian President Vladimir Putin over the Ukraine crisis, Russian officials have dug in deeper: blaming NATO for the confrontation, dismissing Ukraine as a puppet state of the West and ruling out a pullback of Russian forces massed near Ukraine’s border.
NATO membership still possible for Ukraine, alliance chief says (Stars and Stripes) Ukraine’s quest to eventually join NATO has been a major point of contention with Russia, which has used Kyiv’s increasingly closer ties with the West as a justification for its military buildup on Ukraine’s borders.
Ukraine Says It Can Deter a Russian Invasion With Air Defenses; NATO Calls for ‘Adjustments’ (Air Force Magazine) NATO members call for eastern flank “adjustments,” and Ukraine needs to know the U.S. will deliver air defenses to deter a Russian attack.
Russia’s Internet Censorship Machine Is Going After Tor (Wired) The attempt to block the site, which helps users mask their online activity, is the latest step in the country's efforts to control the internet.
Kicking Russia Off of SWIFT Might Not Be the Nuclear Option (Foreign Policy) But additional economic sanctions under study could be more devastating to Moscow than the last ones were.
Biden’s latest attempt to curb cyber surveillance leaves much to be desired (Israel Defense) Only three other countries signed a new initiative on the matter, out of more than 100 which participated at the Summit for Democracy, held virtually last week
It’s time for democracies to protect dissidents from spyware (TechCrunch) Only by enacting stronger regulatory and legal protections can democracies ensure their survival, enable free speech to flourish and safeguard their citizens' well-being.
Officials press for actionable recommendations from new cyber advisory committee (TheHill) Top officials at the Department of Homeland Security (DHS) on Friday urged a newly established advisory committee composed of experts from across sectors to propose solutions to help tackle the growing wav
CISA Director tells new Advisory Committee she wants more than just talk (The Record by Recorded Future) First meeting focused on building functional cooperation between the public and private sectors to defend America's networks.
New White House policy gives agencies 24 hours to assess cyberattacks of potential national security concern (CNN) The White House has enacted a new policy requiring the FBI and other agencies to help US officials quickly assess whether a cyberattack "rises to the level of a national security concern" that could hamper the provision of key services such as fuel or food, according to a National Security Council memo obtained by CNN and two US officials.
US Cyber Command Goes on the Offensive (Security Boulevard) This past week, General Paul Nakasone, who is both head of U.S. Cyber Command and director of the National Security Agency, acknowledged that the United
Corruption, Cybercrime In Crosshairs For DOJ Crime Chief (Law360) As the Biden administration marshals the full power of the federal government to tackle global corruption and cybercrime, U.S. Department of Justice Criminal Division chief Kenneth Polite says his unit stands ready with a strong pipeline of cases and a new task force in the works.
DOD needs stronger way to gauge effectiveness of cyber program, GAO says (FedScoop) The DOD's Cybersecurity Maturity Model Certification program needs better communication and stronger management, a GAO review found.
GAO Finds Cybersecurity Improvements at NIH and Identifies Remaining Areas of Weakness (Homeland Security Today) The National Institutes of Health’s (NIH) duties include researching infectious diseases and administering over $30 billion a year in research grants. NIH uses IT systems containing sensitive data to carry out its mission.
Congress must do more to stop China’s military-industrial spying on US campuses (New York Post) A new report from the Foundation for Defense of Democracies details how China-sponsored Confucius Institutes at campuses across America facilitate Beijing’s espionage.
US, Australia, Japan to fund undersea cable in Pacific (Al Jazeera) The announcement is the latest funding commitment in the telecommunications sector of the Pacific.
U.S. senators announce bipartisan social media data transparency bill (Reuters) Three U.S. senators, two Democrats and a Republican, announced on Thursday a bill to require social media companies like Facebook, now known as Meta Platforms Inc , to give certain researchers access to its data.
Statement from CISA Director Easterly on “Log4j” Vulnerability (CISA) Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly released the following statement today on the “log4j” vulnerability:
Critical remote code execution vulnerability found in Apache Log4j2 library (Australian Signals Directorate | Australian Cyber Security Centre) A vulnerability exists in certain versions of Apache Log4j2 library. A malicious cyber actor could exploit this vulnerability to execute arbitrary code. Affected Australian organisations should apply the available patch.
Apache Security Advisory - Canadian Centre for Cyber Security (Canadian Centre for Cyber Security) On 10 December 2021 Apache published a Security Advisory to address a critical vulnerability in the following product...
Log4j RCE 0-day actively exploited (CERT-NZ) Updated: 3.30pm, 13 December 2021 to provide link to list of related softwares' vulnerablity status. The widely-used java logging library, Log4j, has an unauthenticated RCE vulnerability if a user-controlled string is logged. This could allow the attacker full control of the affected server.
Update: Kritische Schwachstelle in log4j veröffentlicht (Bundesamt für Sicherheit in der Informationstechnik) Das Blog eines Dienstleisters für IT-Sicherheit[LUN2021] berichtet über die Schwachstelle CVE-2021-44228[MIT2021] in log4j in den Versionen 2.0 bis 2.14.1, die es Angreifern gegebenenfalls ermöglicht, auf dem Zielsystem eigenen Programmcode auszuführen und so den Server zu kompromittieren. Diese Gefahr besteht dann, wenn log4j verwendet wird, um eine vom Angreifer kontrollierte Zeichenkette wie beispielsweise den HTTP User Agent zu protokollieren.
Zero-Day Exploit Targeting Popular Java Library Log4j (Swiss Government Computer Emergency Response Team) On Friday morning, NCSC/GovCERT.ch received reports about a critical vulnerability in a popular Java library called “Log4j”. At the time of receiving these reports, the vulnerability apparently has been exploited by threat actors “in the wild” and no patch was available to fix the vulnerability (0-day exploit).
[MaJ] Vulnérabilité dans Apache Log4j (CERT-FR) Une vulnérabilité a été découverte dans la bibliothèque de journalisation Apache log4j. Cette bibliothèque est très souvent utilisée dans les projets de développement d'application Java/J2EE ainsi que par les éditeurs de solutions logicielles sur étagère basées sur Java/J2EE.