Industrial systems under threat. Lazarus resumes Operation Dream Job. OldGremlin phishes in Russia. | #cybersecurity | #cyberattack


Dateline Moscow and Kyiv: Russian preparations for cyberattacks against the energy sector.

Ukraine at D+49: Exchanges of kinetic fire, and preparation for cyberattacks against ICS/SCADA. (The CyberWire) Ukraine says it’s hit the guided missile cruiser Moskva with anti-ship missiles. The US warns of Russian preparations for cyberattacks against ICS and SCADA systems (and both government and industry have published details on the tools they’ve found). On the ground, Russia continues to resort to heavy and indiscriminate fires as it seeks to reduce cities in the Donbas and along the Black Sea coast.

Ukraine Update: U.S., EU to Send More Arms; Warship Damaged (Bloomberg) President Joe Biden announced $800 million in additional U.S. military aid for Ukraine and the European Union agreed to provide more cash for weapons, as Russia repositions its forces for renewed attacks in eastern and southern parts of its neighbor.

Ukraine says it damaged Russian flagship, crew evacuates (AP NEWS) Ukraine said its forces struck and seriously damaged the flagship of Russia’s Black Sea fleet, dealing a potentially major setback to Moscow’s troops as they try to regroup for a renewed offensive in eastern Ukraine after retreating from much of the north, including the capital.

Russian warship notorious for firing on Snake Island defenders ‘seriously damaged’ after blast (The Telegraph) The Moskva missile cruiser was struck by two Ukrainian missiles, the Ukrainian governor of the region said

Russia says warship ‘seriously damaged’ by explosion as Putin builds forces in east Ukraine (the Guardian) Ukraine says it struck the Moskva with two anti-ship missiles without giving evidence as Zelenskiy says Russia ramping up offensive in east and south

One Of Russia’s Biggest Cruisers May Have Sunk Near Ukraine (Forbes) There are unconfirmed reports that a Ukrainian navy missile battery has struck the Russian navy cruiser Moskva off the coast of Odessa, a strategic port city on the Black Sea in southwest Ukraine.

Russia to consider US and NATO vehicles carrying weapons in Ukraine as legitimate military targets (TDPel Media) “We are warning that we will consider US-NATO transports with weapons moving through the Ukrainian territory as legitimate military targets,” Ryabkov

As Russia continues to bomb Ukraine, are its weapons of choice getting worse? (the Guardian) Analysis: Russia’s indiscriminate use of weaponry has already led to high numbers of civilian deaths

Chemical weapons use from Syrian war stokes Ukraine’s fears (AP NEWS) The chilling scenes from Syria of victims twitching and gasping for air after chlorine cylinders were dropped from helicopters in towns and villages were broadcast over and over in the course of country’s civil war.

Explained: The deadly chemical and biological weapons Russia could deploy in Ukraine (The Telegraph) Novichok, biological agents, chlorine and radiation poison all feared to be part of Russia’s arsenal

A bright, talented Ukrainian journalist signed up to help Fox News cover the war. Two months later she was dead. (Business Insider) Oleksandra “Sasha” Kuvshynova died in Ukraine on March 14 at the age of 24, with little public explanation. Insider investigated what happened.

The Secret of Ukraine’s Military Success: Years of NATO Training (Wall Street Journal) Extensive programs have taught thousands of soldiers, plus military brass and lawmakers overseeing the armed forces, how to transform from a rigid Soviet-style force into a modern army that thinks on the move.

‘It can’t be fixed:’ In shattered Irpin, signs of homecoming (AP NEWS) Pounding sounds came from a sixth-floor window, along with the risk of falling glass. For once, it was not destruction in the Ukrainian town of Irpin, but rebuilding. Heartened by Russia’s withdrawal from the capital region, residents have begun coming home, at least to what’s left.

Forced into a basement in Ukraine, residents began to die (AP NEWS) The Russian soldiers forced more than 300 villagers into a school basement.

Opinion | The Mercenaries Behind the Bucha Massacre (Wall Street Journal) Professional soldiers like the Wagner Group let clients wage war brutally at minimal political cost.

Ukraine war: European rights experts find ‘clear patterns’ of Russian war crimes (Haaretz) Russia is beefing up its forces for a new assault on Ukraine’s eastern Donbas region, setting the stage for a protracted battle that is certain to inflict heavy losses on both sides as the Russians try to encircle Ukraine’s fighters, analysts said.

The shocking inspiration for Putin’s atrocities in Ukraine | Opinion (Haaretz) There’s never been a shortage of Russian genocidal fantasies about Ukraine but, until recently, they were confined to the political margins. Now, those fantasies and their neo-fascist roots are normalized and put into action

Memo to Macron: Putin’s Ukraine genocide is not the act of a brother (Atlantic Council) French President Emmanuel Macron has refused to describe the mass killing of Ukrainians by Russian soldiers as genocide despite overwhelming evidence of Putin’s intention to destroy the Ukrainian nation.

When Biden ‘speaking from his heart’ doesn’t speak for US (Federal News Network) There’s no such thing as a purely personal opinion from the Oval Office on major matters of policy…

Ukraine says it stopped a Russian cyberattack on its power grid (The Verge) Analysts found a new, highly targeted piece of malware.

Industroyer2 Targets Ukraine’s Electric Grid: Here’s How Companies Can Stay Protected and Resilient (Nozomi Networks) In light of Sandworm’s attack on Ukraine’s power grid with Industroyer2 malware, the safety and security of Nozomi Networks customers is our top priority.

Russia Tries to Kill Ukraine’s Power Grid—and FAILS (Security Boulevard) Russia’s infamous Sandworm APT group is at it again: The scrotes have been trying to cut power to the Ukrainian capital.

Ukraine electricity grid cyberattack: More destructive attacks may follow (Tech Monitor) A failed cyberattack on Ukraine’s electricity grid could indicate Russia’s growing willingness to attack critical infrastructure.

INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems (Mandiant) This ICS threat represents an exceptionally rare and dangerous cyber attack capability.

PIPEDREAM: CHERNOVITE’s Emerging Malware Targeting Industrial Environments | Dragos (Dragos) PIPEDREAM is the sixth known ICS-specific malware. It is developed by the Activity Group (AG) Dragos has designated as CHERNOVITE. PIPEDREAM malware can disrupt, degrade, and potentially destroy industrial environments and physical processes depending on how it is leveraged in CHERNOVITE’s operations.

CHERNOVITE Threat Activity Group | Dragos (Dragos) Learn more about the threat activity group, CHERNOVITE, and its potential to destroy or disrupt industrial environments and physical processes in industrial environments.

US agencies warn of custom-made hacking tools targeting energy sector systems (The Record by Recorded Future) Several APT actors have created custom-made tools designed to breach multiple industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices, according to a new advisory from multiple US agencies. 

APT Actors Target ICS/SCADA Devices (CISA) CISA, the Department of Energy (DOE), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), warning that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices using custom-made tools. 

APT Cyber Tools Targeting ICS/SCADA Devices (CISA) Actions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to mitigate password brute force attacks and to give defender monitoring systems opportunities to detect common attacks.

U.S. warns newly discovered malware could sabotage energy plants (Washington Post) Private security experts said they suspect liquefied natural gas facilities were the malware’s most likely target

US agencies: Industrial control system malware discovered (Federal News Network) Multiple U.S. government agencies have issued a joint alert announcing the discovery of malicious cyber tools capable of gaining “full system access” to multiple industrial control systems…

Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Systems (Wired) The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.

U.S. Warns New Sophisticated Malware Can Target ICS/SCADA Devices (SecurityWeek) The U.S government is sounding a loud alarm after discovering new custom tools capable of full system compromise and disruption of ICS/SCADA devices and servers.

Hackers Have Ability To Control Key Infrastructure, U.S. Says (Law360) Skilled hackers have shown the capability of taking full control of numerous key U.S. infrastructure systems, including those in the energy and manufacturing sector, according to a Wednesday cybersecurity alert from several federal agencies.

Microsoft Seizes Control of Notorious Zloader Cybercrime Botnet (SecurityWeek) Microsoft has disrupted the operation of one of the most notorious cybercrime botnets and named a Crimean hacker as an alleged perpetrator.

Notorious cybercrime gang’s botnet disrupted (Microsoft On the Issues) day, Microsoft’s Digital Crimes Unit (DCU) has taken legal and technical action to disrupt a criminal botnet called ZLoader, run by a global internet-based organized crime gang operating malware as a service that is designed to steal and extort money.

ESET takes part in global operation to disrupt Zloader botnets (WeLiveSecurity) ESET has collaborated with partners Microsoft, Lumen’s Black Lotus Labs, Palo Alto Networks, and others in an attempt to disrupt known Zloader botnets.

Putin is holding GPS hostage – Here’s how to get it back (C4ISRNet) Just the threat of interfering with GPS can help Putin keep the U.S. at bay.

An ‘Explosion’ of Anti-Ukraine Disinformation Is Hitting Moldova (Wired) Divisive anti-refugee videos are spreading from TikTok to Facebook as the threat of Russia grows.

Russia Is Mimicking Open-Source Intelligence Methods to Discredit Bucha Atrocities (Foreign Policy) The Kremlin is desperate to muddy the waters around its war crimes.

Russian War Report: Russia promotes misleading video accusing Ukraine of using mannequins as casualties (Atlantic Council) Kremlin-controlled TV network Rossiya 24 broadcast a misleading video claiming that mannequins were being used in Ukraine to stage war casualties.

Russia Is Leaking Data Like a Sieve (Wired) Ukraine claims to have doxed Russian troops and spies, while hacktivists are regularly leaking private information from Russian organizations.

Inside Roscosmos Lunar Sphere Program (Inside Cyber Warfare) Files from the Roscosmos breach by GUR Cyber Operators

Leaked documents show notorious ransomware group has an HR department, performance reviews and an ’employee of the month’ (CNBC) The notorious ransomware group Conti operates much like a regular tech company, say cybersecurity specialists who analyzed the group’s leaked documents.

Midterms raise fears of Russian cyberattacks (The Hill) Russia is likely to deploy a range of cyber weapons on the United States and its election systems during this year’s midterm election cycle, as tensions continue to escalate amid the ongoing war in…

CybeReady Presents Five Cybersecurity Countermeasures in Times of War (Investor Ideas) CybeReady Presents Five Cybersecurity Countermeasures in Times of War

Kremlin crackdown silences war protests, from benign to bold (AP NEWS) A former police officer who discussed Russia’s invasion on the phone. A priest who preached to his congregation about the suffering of Ukrainians.

Biden Sends Heavy Weapons as Ukraine Faces New Russia Offensive (Bloomberg) Heavy artillery signals more intense U.S. military commitment. President announced new aid package after call with Zelenski.

Biden unveils $800 million security package for Ukraine in call with Zelensky (CNN) President Joe Biden on Wednesday told Ukrainian President Volodymyr Zelensky the US was sending his nation an additional $800 million worth of weapons, ammunition and other security assistance.

The Right Way to Arm Ukraine (Foreign Policy) There has been too much cheerleading and too little attention to detail when it comes to giving Kyiv the weapons it needs.

The Ukraine War Doesn’t Change Everything (Foreign Policy) Russia’s war marks the definitive end of America’s unipolar moment and returns the world to a state best explained by realism.

Despite Russian Warnings, Finland and Sweden Draw Closer to NATO (New York Times) The invasion of Ukraine has heightened security fears, pushing even formally nonaligned countries toward the Western alliance.

Finland, Sweden move ahead toward possible NATO membership (AP NEWS) European Union nations Finland and Sweden reached important stages Wednesday on their way to possible NATO membership as the Finnish government issued a security report to lawmakers and Sweden’s ruling party initiated a review of security policy options.

Finland Starts Path Toward NATO as Sweden Seen Inching Closer (Bloomberg) Finland’s government publishes white paper on security options. Swedish leader declines to confirm report her party backs NATO.

How Finland Could Tilt the Balance Against Putin (Foreign Policy) Helsinki joining NATO is his worst nightmare—apart from losing Ukraine.

Russia’s AI setbacks will likely heighten its cyber aggression (CSO Online) As sanctions hamper Russia’s plans for AI dominance, it might turn up its cyber activities to hamper other countries’ AI efforts.

Janet Yellen’s message to the world: There can be no ‘sitting on the fence’ on Russia (Atlantic Council) The US secretary of the treasury joined the Atlantic Council ahead of next week’s IMF and World Bank meetings to address Russia’s invasion of Ukraine and the economic fallout for the developing world.

The Outsiders (Foreign Affairs) The international system can still check China and Russia.

Russian oil sales have gone up — not down — after massive sanctions from the West (Business Insider) Russia is expected to rake in roughly $321 billion from energy exports in 2022, Bloomberg reported. That’s up more than a third from last year.

Russia Sanctions: The U.S. Government Leans In (JD Supra) The week ending Saturday, April 9, 2022, witnessed a ramping up of U.S. and allied sanctions against Russia and the continuing evolution of U.S….

DOJ Russia Task Force Is Scrutinizing Putin’s Wealth, Assets (Bloomberg) Andrew Adams is leading the U.S. ‘KleptoCapture’ initiative. Adams told Bloomberg his unit would look at cut-outs for Putin.

German Authorities Impound World’s Largest Superyacht in Hamburg (Bloomberg) Authorities in Hamburg impounded Russian billionaire Alisher Usmanov’s superyacht Dilbar after determining it was legally owned by his sister, who is also subject to western sanctions over the war in Ukraine.

Panicky Markets Are the Greatest Danger to Global Food Supply (Foreign Policy) The loss of Ukrainian and Russian wheat can be made up elsewhere.

Huawei limits Russian business to comply with US sanctions (Protocol) Huawei and ZTE supply around half of Russia’s telecommunications equipment. The other major suppliers, Nokia and Ericsson, announced their own exits from Russia earlier this week.

Zelensky proposes Putin swap Viktor Medvedchuk with Ukrainian POWs (Newsweek) Volodymyr Zelensky first announced the news of the arrest of Viktor Medvedchuk, who is seen as Putin’s closest ally in Ukraine, in a Telegram post on Tuesday.

Attacks, Threats, and Vulnerabilities

Lazarus Targets Chemical Sector (Symantec) Continuation of Operation Dream Job sees North Korea-linked APT target orgs in espionage campaign.

OldGremlin ransomware deploys new malware on Russian mining org (BleepingComputer) OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year.

Old Gremlins, new methods (Group-IB) After a long break, the Russian-speaking ransomware group OldGremlin resumes attacks in Russia

Flaws in ABB Network Interface Modules Expose Industrial Systems to DoS Attacks (SecurityWeek) ABB is working on patches for several high-severity DoS vulnerabilities affecting network interface modules for control hardware.

Hackers exploit critical VMware CVE-2022-22954 bug, patch now (BleepingComputer) Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems.

Using Quoted-Printable Encoding to Bypass Scanners (Avanan) Attackers are encoding malicious links within quoted-printable encoding.

Don’t let ransomware gangs spend months in your network (Register) Miscreants Googled for post-intrusion tools before downloading them onto servers, PCs

Wind Turbine Giant Nordex Scrambling to Recover From Cyberattack (SecurityWeek) Wind turbines manufacturing giant Nordex Group this week announced that it is still working on restoring systems after a crippling cyberattack on March 31.

Wind Turbine Giant Nordex Hit By Cyber-Attack (Infosecurity Magazine) The company is restoring IT systems and warned customers, employees and
stakeholders might be affected

You can’t protect the unprotectable – our critical infrastructures (Control Global) Emphasis has been placed on cyber security and resilience of computer systems, patching software, zero trust, and multi-factor authentication. We continue to make significant progress in new add-on cyber security features protecting IT systems, many of which are now inextricably linked to both the IoT and operational (OT) networks. However, the same cannot be said for control system field devices.

Android banking malware intercepts calls to customer support (BleepingComputer) A banking trojan for Android that researchers call Fakecalls comes with a powerful capability that enables it to take over calls to a bank’s customer support number and connect the victim directly with the cybercriminals operating the malware.

PHI Potentially Accessed in Ballad Health Email Data Breach (Health IT Security) Ballad Health, WellStar Health, and Resources for Human Development all reported healthcare data breaches recently.

KnowBe4 Finds Holiday-Themed Emails Entice Employees to Click (PR Newswire) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the results of its Q1…

CISA Adds 10 Known Exploited Vulnerabilities to Catalog (CISA) CISA has added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates. 

Security Patches, Mitigations, and Software Updates

ICS Patch Tuesday: Siemens, Schneider Fix Several Critical Vulnerabilities (SecurityWeek) Schneider Electric and Siemens have patched critical vulnerabilities in industrial and energy management products.

Microsoft Releases Advisory to Address Critical Remote Code Execution Vulnerability (CVE-2022-26809) (CISA) Microsoft has released an advisory to address CVE-2022-26809, a critical remote code execution vulnerability in Remote Procedure Call Runtime Library. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system.  CISA encourages users and administrators to review Microsoft’s advisory and apply the recommended mitigations.

Supply chain security risks are providing a back door for hackers (Mynewsdesk) Organisations have an opportunity to reduce their third-party risk by clarifying whether they or their suppliers are responsible for supply chain risk…

Corvus Insurance Reports Ransomware Attacks are Down from Recent Peaks, as Costs and Frequency of Claims Trend Downward (Business Wire) Corvus Insurance, the leading provider of smart commercial insurance products powered by AI-driven risk data, today released findings from its second

Corvus Risk Insights Index: Ransomware Trends & Cyber Readiness (Coruvs) Welcome to the second edition of the Corvus Risk Insights Index, where we provide an in-depth look at cybersecurity — the market, landscape, and where we see trends moving.

Ransomware Claims Trending Downward, Insurance Firm Says (SecurityWeek) Cyber insurance firm Corvus saw a dramatic reduction in ransomware insurance claims in the last quarter of 2021.

After a brief decline, organizations once again are bombarded with ransomware (The Record by Recorded Future) The start of the year brought good news for organizations that have been struggling to secure themselves against cyberattacks.

Consumers feel data leakage is inevitable so many have stopped caring (Help Net Security) Imperva releases findings from a global study on consumer perceptions of data privacy and trust in digital service providers.

Marketplace

Elon Musk bids $41 billion for Twitter (Computing) The Tesla founder has offered to buy the social media company outright.

MDR Provider Critical Start Lands $215 Million Growth Investment (SecurityWeek) MDR solutions provider Critical Start will use a $215 million investment to accelerate growth in the cybersecurity sector

DoControl Secures $30 Million Series B to Redefine SaaS Data Security (DoControl) Insight Partners-led Series B Will Help Businesses Prevent SaaS Data Breaches and Accelerate DoControl’s Growth

 Obsidian Security Raises $90 Million Series C Round to Cement its Leadership in SaaS Security (Business Wire) Obsidian Security, the leader in SaaS Security and Posture Management (SSPM), today announced $90 million in Series C financing led by Menlo Ventures,

Crypto startup Ava Labs is said to raise $350 million at $5 billion valuation (The Economic Times) Ava Labs is raising money even as crypto markets remain choppy, with Bitcoin well down from its November all-time high amid worries over Fed tightening, inflation and Russias invasion of Ukraine.

SailPoint, Tufin go private in run of cybersecurity acquisitions by PE firms (S&P Global) Cybersecurity has been a hot consolidation sector for some time, and it has only gained steam in recent months with several private equity firms targeting publicly traded companies at high multiples.

Barracuda Networks and SailPoint secure billion-dollar takeovers (TechRadar) Deals for SailPoint and Barracuda show that big tech M&A is officially back

Investors dump Darktrace after cybersecurity firm warns of impending share sale by staff (Times) Investors in Darktrace took fright today after the cybersecurity company warned of an impending share sale by its employees.Shares in the FTSE 250-listed compan

What Does a Cyber Threat Intel Analyst Do? A Look at the Intelligence Professionals Who Bring Threat Intel Programs to Life (Flashpoint) What is a threat intelligence analyst? A strong cyber threat intelligence program is your organization’s most valuable line of defense against attacks

Jumio Announces Industry Veteran Stuart Wells as Chief Technology (MarTech Series) Jumio, the leading provider of orchestrated end-to-end identity proofing, eKYC and AML solutions, today announced the appointment of Stuart Wells as the company’s new chief technology officer.

Cobalt Names Chris Manton-Jones Chief Executive Officer (CEO) (PRWeb) Cobalt, the leading Pentest as a Service (PtaaS) company, today announced Chris Manton-Jones as its new Chief Executive Officer. The former GM of Internationa

Products, Services, and Solutions

VMRay Unveils Advanced Machine Learning Capabilities to Accelerate Threat Detection and Analysis (GlobeNewswire News Room) VMRay introduces Machine Learning capabilities to its advanced threat detection technologies that go beyond the sandbox and make it possible to detect…

Introducing WSO2 API Manager 4.1 (WSO2) We’re excited to announce that WSO2 API Manager 4.1—a complete platform for building, integrating, and exposing digital services as managed APIs in any environment—is now available. This release improves productivity in development and operations, expands support for different protocols and third-party technologies, and completes the product’s analytics story.

AppOmni Introduces the AppOmni Developer Platform to Provide Universal SaaS Security Across All Enterprise SaaS Applications (Business Wire) AppOmni, the leading provider of SaaS security, today unveiled the AppOmni Developer Platform, which enables organizations to extend visibility and en

Telos Corporation Teams with Carahsoft to Expand Public Sector Reach (GlobeNewswire News Room) New Partnership Brings Enhanced Cybersecurity, Risk Management and Compliance to Public Sector…

Offensive Security Launches Global Partner Program to Meet Demand for Continuous Cybersecurity Education and Training (Business Wire) Offensive Security Global Partner Program provides greater access to its world-class cybersecurity education, training and certifications.

Deepwatch expands email protection capabilities in MDR Essentials (Help Net Security) Deepwatch announced added email security capabilities to its MDR Essentials service to provide inbox protection against phishing.

SAUDI ARABIA : Riyadh uses Spire Solutions deal to attract fresh cyber education capacity (Intelligence Online) Dubai-based cyber systems distribution group Spire Solutions, which has teamed up with Saudi Arabia’s leading cyber training body, the SAFCSP, brings with it its own army of experts. This will enable

Palo Alto Networks Extends SASE to Protect Home Networks With Okyo Garde Enterprise Edition (PR Newswire) With the wide adoption of hybrid work, cyberattacks on home networks are potential threats to modern enterprises. Palo Alto Networks (NASDAQ:…

Orange County, California Awards SAIC $55 Million IT Services Contract (SAIC) The County of Orange, California awarded Science Applications International Corp. (NYSE: SAIC) a contract extension to continue to provide information technology (IT) managed services and solutions to agencies and departments within the county.

Checkmarx SCA Now Available as Native Integration within JetBrains IntelliJ IDEA Ultimate (PR Newswire) Checkmarx, the global leader in developer-centric application security testing (AST) solutions, and JetBrains, the company that created an…

Seceon Delivers Unprecedented Growth for Its AI/ML-Based aiSIEM™/aiMSSP™/aiXDRTM Platforms (Yahoo Finance) Seceon, the pioneer of the first fully-automated, real-time cyber ransomware detection, containment and elimination platform to empower Enterprises and MSSPs with its award-winning solutions (#aiSIEM, #aiMSSP, #aiXDR), announced that it is seeing unprecedented triple digit growth for last 5 consecutive quarters. Seceon’s easy to deploy and completely automated monitoring, threat detection and containment approach, multi-tiered multi-tenancy as well as same platform for both on-prem or cloud offe

Beyond Identity Expands Integrations With Leading SSO Providers (Beyond Identity) New Integrations With CyberArk, Google Cloud, OneLogin by One Identity, Shibboleth, and VMware Augment Robust Passwordless MFA Ecosystem

Technologies, Techniques, and Standards

How USCG is reducing cyber risk; Coordinating JADC2 across DOD; Endpoint protection and ZTA (FedScoop) Commander of Coast Guard Cyber Command Rear Adm. Michael Ryan, former JAIC Director Lt. Gen. Jack Shanahan and Okta’s Sean Frazier.

Research and Development

New Clue in the Problem That Haunts All Cryptography? (Mind Matters) A team of mathematicians has shown that a code that hackers can’t just figure out is possible in principle if we rely on Kolmogorov complexity.

Academia

NSA’s Centers of Academic Excellence students give Florida a peak at the Nation’s future c (National Security Agency/Central Security Service) Over the course of three days, over 200 students from NSA’s Centers of Academic Excellence in Cybersecurity (NCAE-C) designated schools and USCYBERCOM’s Academic Engagement Network tested the

Washington state universities get funding to create cybersecurity programs as industry demand grows (GeekWire) Breaches in cybersecurity continue to grow in complexity and severity, costing companies more than $10 trillion per year by 2025, according to some estimates. To help train future cybersecurity…

Legislation, Policy, and Regulation

China’s not happy about Taiwan’s chip IP espionage laws (Register) Tightening of IP laws to prevent poaching seen by Beijing as ‘provocative smear’

Government agrees bulk surveillance powers fail to protect journalists and sources (ComputerWeekly.com) Bulk communications data, which includes details of an individual’s phone and email contacts, websites visited, and their mobile phone location, can be used to build  highly detailed profiles of people. This could include people’s personal relations, contact with doctors or therapists, their physical movements and location, participation in protests and political views. In an eight page decision on 8 April 2022, the high court gave Liberty permission to appeal a 2019 court ruling which refused the NGO access to a judicial review to seek a declaration of incompatibility between the Investigatory Powers Act and the Human Rights Act.

A spice up to Australia’s cyber capabilities? What we know so far about Project REDSPICE (Lexology) Late last month, the government announced a record $9.9 billion investment package to boost Australia’s national security. Introduced by Treasurer…

Industry Leaders Say the U.S. Securities and Exchange Commission’s Proposed Rules Would Set New Cybersecurity Requirements (PR Newswire) The National Association of Corporate Directors (NACD), SecurityScorecard and the Cyber Threat Alliance today released a report, “An Update on…

The new cyberspace agency needs to tackle fraud, not just cyberattacks (Fast Company) Attacks on oil processing plants and meat producers get all the attention, but it’s online fraud that victimizes hundreds of thousands of people every year.

Tim Cook warns of privacy ’emergency’ in attack on social media and search engines (The Telegraph) Apple chief executive says governments and tech companies have a ‘profound responsibility’ to protect users

Arizona Expands Regulator Data Breach Notification Obligations (Eye On Privacy) Arizona recently amended its breach notice law to change the regulator notification requirements. Starting this summer, depending on the scope of the

Litigation, Investigation, and Law Enforcement

Investigators halt Hawai’i underwater cable cyberattack (Hawai’i Public Radio) A cyberattack on an underwater cable was prevented by the Homeland Security Investigations Honolulu branch last week, officials said Tuesday.

Federal agents disrupted cyberattack targeting phone, internet infrastructure on Oahu (Hawaii News Now) Authorities said hackers went after a company that operates an undersea cable.

NBI to file raps against Smartmatic employee linked to data breach (INQUIRER.net) The National Bureau of Investigation (NBI) said Wednesday it will file complaints against a former Smartmatic employee who was allegedly linked to the security breach



Original Source link

Leave a Reply

Your email address will not be published.

1 + one =