Run up to Victory Day. A worm and a highly evasive phishing campaign. Mother’s Day threats. | #cybersecurity | #cyberattack


Dateline

Ukraine at D+71: Preparing for Victory Day (which falls on D+74). (The CyberWire) Russia’s Victory Day endgame seems to have focused on the Azovstal steel plant in Mariupol. The US is providing Ukraine with battlefield intelligence. NSA’s cyber director argues that hacktivist participation in hybrid war is unwise.

Unexplained Attacks Inside Russian Territory Raise Prospect of Wider Conflict (Wall Street Journal) A series of fires and explosions near the Ukrainian border—some attributed to Ukrainian forces—have underscored Russia’s vulnerabilities in regions that are crucial to its renewed offensive in eastern Ukraine.

Mariupol steel mill battle rages as Ukraine repels attacks (Military Times) Heavy fighting raged Thursday at the besieged steel plant in Mariupol, as Russian forces attempted to finish off the city’s last-ditch defenders and complete the capture of the strategically vital port.

‘Seemed like goodbye’: Mariupol defenders make their stand (AP NEWS) Ukrainian fighters in the tunnels underneath Mariupol’s pulverized steel plant held out against Russian troops Thursday in an increasingly desperate and perhaps doomed effort to deny Moscow what would be its biggest success of the war yet: the complete capture of the strategic port city.

Watch: Russian mercenaries storm trenches and fight door-to-door in rare close combat footage (The Telegraph) The skirmish, which was filmed by a drone, purportedly shows the moment the infamous Wagner Group captures a squad of Ukrainian soldiers

New effort races to rescue civilians from Mariupol plant (AP NEWS) A new international effort raced Friday to rescue more civilians from the tunnels under a besieged steel plant in Mariupol and the city at large, even as fighters holed up at the sprawling complex made their last stand to prevent Moscow’s complete takeover of the strategic port.

UN plans third evacuation from Azovstal steelworks as battle continues to rage (the Guardian) Ukraine says Russian bombing has destroyed or damaged 400 hospitals and medical centres; Moscow rushes to declare victory in Mariupol

Why the battle for Mariupol is important for Vladimir Putin. (New York Times) A victory in the predominantly Russian-speaking city could give a veneer of credibility to the Russian leader’s false claims of ridding Ukraine of “Nazis.”

A race against time in Ukraine as Russia advances, West sends weapons (Washington Post) Russia has adapted its tactics and Ukrainian forces are feeling the toll of two months of fighting, compounding the urgency of new U.S. and European weapons supplies arriving soon.

The AP Interview: Belarus admits Russia’s war ‘drags on’ (AP NEWS) Belarus’ authoritarian President Alexander Lukashenko defended Russia’s invasion of Ukraine in an interview Thursday with The Associated Press, but he said he didn’t expect the 10-week-old conflict to “drag on this way.”

Russia’s ally Belarus criticises war effort for ‘dragging on’ (The Telegraph) Alexander Lukashenko is Vladimir Putin’s closest ally, allowing Russian forces to invade Ukraine from his country

What If the War in Ukraine Doesn’t End? (Foreign Affairs) The global consequences of a long conflict.

The New Cold War Could Soon Heat Up (Foreign Affairs) Why Russia and the West might escalate the fight over Ukraine.

G7 leaders to hold talks with Ukraine’s Zelenskyy on May 8 (Al Jazeera) Talks to be held on symbolic day marking end of World War Two in Europe as conflict rages across Ukraine.

Olaf Scholz labelled a ‘thin-skinned sausage’ after blaming Ukraine for diplomatic rift (The Telegraph) Chancellor criticised for ill-tempered response to criticism over his failure to visit Kyiv since Russian invasion

Germany to send seven howitzers to Ukraine in further policy reversal (Reuters) Germany will deliver seven self-propelled howitzers to Ukraine, Defence Minister Christine Lambrecht said on Friday, in a further reversal of a longtime policy not to send heavy weapons to war zones due to the country’s Nazi past.

For first time, France talks openly about sending weapons to Ukraine (Breaking Defense) France has been tight-lipped about what it is sending to Ukraine, until a few days after President Emmanuel Macron won a second term.

Official: US gave intel before Ukraine sank Russian warship (AP NEWS) The U.S. says it shared intelligence with Ukraine about the location of the Russian missile cruiser Moskva before the strike that sank the warship, a high-profile embarrassment for Russia’s military, but the Pentagon denied Friday that it played a direct role in the strike.

US shared intel on Moskva location with Ukraine before it sank cruiser (the Guardian) Sinking of the flagship of Russia’s Black Sea fleet was seen as a high profile failure for its military

How Russia’s military leadership was decapitated thanks to U.S. intel (Newsweek) Ukrainian officials have said they have killed 12 Russian generals on the front lines since Moscow’s invasion began on February 24.

Vladimir Putin faces ‘huge cost’ if he threatens other countries, warns Navy chief (The Telegraph) In his first interview as First Sea Lord, Admiral Sir Ben Key says it is imperative Nato works to ‘contain’ invasion of Ukraine

Russia Ambassador to U.S. Says NATO Not Taking Nuclear War Threat Seriously (Newsweek) Russia’s envoy told Newsweek Moscow is “compelled to warn of the emerging risks associated with the intervention of NATO states into the Russian special military operation.”

Why Washington Should Take Russian Nuclear Threats Seriously (Foreign Policy) Historically, states have escalated when facing the prospect of imminent defeat—and Putin has a track record of following through on his threats.

Ukraine morning briefing: Five developments as Russia practises nuclear missile launches (The Telegraph) Plus: Over 300 civilians rescued from Mariupol, five killed in Russian shelling and EU considers ban on Russian oil

War without people (Meduza) How the ‘geopolitical worldview’ among dictators and scholars alike enables the unthinkable in Ukraine

Russia’s Nuclear Threats Recast Cold War Dangers: The “Delicate Balance of Terror” Revisited (Wilson Center) As the United States convened a meeting of 40 nations in late April to coordinate their military aid to Ukraine, Russia responded with renewed nuclear saber-rattling. Foreign Minister Sergei Lavrov, echoing earlier statements by President Vladimir Putin, charged the United States and NATO with waging a “proxy” war against Russia in Ukraine and asserted that the risk of nuclear war is now “considerable.”

Sweden seeking security ‘assurances,’ ahead of NATO move; US exercises on table? (Breaking Defense) “We have asked what other NATO members could do to help us out in this time to raise the threshold” for a Russian attack should Sweden move towards NATO membership, Sweden’s US ambassador said.

U.S. offers assurances to Sweden, Finland over NATO application (Reuters) The United States is confident it can address any security concerns Sweden and Finland may have about the period of time after they apply for NATO membership and before they are accepted into the alliance, the White House said on Thursday.

NATO chief says alliance will increase presence in Baltic sea if Sweden applies – SVT (Reuters) NATO will increase it’s presence around Sweden’s borders and in the Baltic sea while a potential application to join the alliance is processed, NATO Secretary-General Jens Stoltenberg told Swedish public broadcaster SVT.

Switzerland Flirts With NATO (Foreign Policy) Russia’s war in Ukraine has some Swiss considering closer cooperation with the alliance—but not membership.

Can NATO avoid direct confrontation with Russia? (Al Jazeera) Russia accuses NATO of extending the war indefinitely, but Western alliance doubles down on support for Ukraine.

Vladimir Putin apologises to Israeli PM over Sergei Lavrov’s Hitler comments

(The Telegraph) Vladimir Putin has apologised to Israeli Prime Minister Naftali Bennett for comments made by Russia’s foreign minister, Sergei Lavrov, who suggested that Adolf Hitler had Jewish origins.

Russia-Israel relations unravel as Putin risks losing key Middle East ally (Newsweek) Israeli President Isaac Herzog said he was “angry and disgusted” with claims by Russia’s foreign minister about Hitler and antisemitism

US Cyber Command Team Helps Lithuania Protect Its Networks (SecurityWeek) A hunt forward operation, involved a specialized team that worked to identify vulnerabilities and counter malicious cyber activity affecting the networks of Lithuania’s foreign affairs ministry and defense systems

NSA cyber boss seeks to discourage vigilante hacking against Russia (Defense News) “This certainly isn’t going to make the State Department discussions with Russia of ‘you need to hold your people accountable’ any easier.”

Shields Up: Russian Cyberattacks Headed Our Way (JD Supra) As we watch the televised Russian invasion of Ukraine with horrific destruction and casualties caused by missiles, tanks, and other conventional…

Hackers Reused Computer Routers for Attacks on Ukrainian, European Websites (Wall Street Journal) Cyberattacks on Ukrainian and Finnish government websites in February and April were likely launched by the same Russia-aligned hacker group that so far hasn’t had very damaging effects, researchers say.
A cyberattack that took down the website of Ukraine’s postal service last month used techniques

How millions of Russians are tearing holes in the Digital Iron Curtain (Washington Post) A tremendous surge in VPN downloads represents a challenge to Putin and his version of the Ukraine war

How ‘Swan Lake’ became a symbol of protest in Russia (ABC News) “It’s almost impossible now in Russia to protest in direct forms.”

The North Caucasus in the Ukrainian War: Only Cemeteries at the Rear (Wilson Center) The North Caucasus has had to pay with three generations of young Muslims for the people’s disloyalty to Moscow. Now the sons, nephews, and brothers of those who perished in the mountain forests and Syrian deserts are dying on the steppes and in the cities of Ukraine. They are dying for Putin’s regime, which has been killing and imprisoning their family members and fellow Muslims for decades.

Russia’s war against Ukraine is ‘ethnic cleansing,’ says former NATO strategic commander (Government Matters) Russia has warned NATO that transports carrying weapons in Ukraine are targets. As Putin tries to threaten and weaken the alliance, more countries are seeking NATO membership. General Wesley Clark (Ret.), senior fellow at UCLA’s Burkle Center for International Relations and former NATO Supreme Allied Commander Europe, said the war is “ethnic cleansing,” “essentially genocide” […]

Ukraine has accused Russian troops of rape, a tough crime to prosecute (Washington Post) When Russian forces withdrew from the suburbs around Kyiv last month, the horrors they left behind — bodies lying in the streets, signs of summary killings and reports of torture and mass graves — shocked the Western world and elicited calls for war crimes investigations.

Clash Of Titans: As EU Moves To End Reliance On Russian Gas, Will Putin Seek To Strike First? (RadioFreeEurope/RadioLiberty) The European Union says it can drastically cut Russian natural gas imports this year and end them “well before” the decade is out. How realistic is that? And what if Russia moves to create economic havoc by cutting the EU off even earlier?

Putin will beat a hasty retreat as another miscalculation is exposed (The Telegraph) The EU’s energy embargo is set to be the decisive blow against Russia’s depleted army

Europeans weigh costs of cutting Russian energy over Ukraine (AP NEWS) Across Europe, rising energy prices are testing the resolve of ordinary consumers and business owners who are caught between the continent’s dependence on cheap Russian energy and its revulsion over President Vladimir Putin’s invasion of Ukraine .

Unlearned Lessons of Energy Dependence on Russia (Wilson Center) After Russia unleashed a full-scale war against Ukraine on February 24, Western countries, and particularly the EU, had to grapple with their deep dependence on Russian energy supplies, which had become an obstacle to the immediate imposition of sanctions. Germany’s minister of the economy Robert Habeck said it was “stupid” to have let the country become dependent on Russia for about half its gas supplies. Current German president and former foreign affairs minister Frank-Walter Steinmeier said his earlier strong support for Nord Stream 2, another Russian gas pipeline, was a mistake.

SEC Questions Companies About Financial Impact of Russian War on Ukraine (Wall Street Journal) The regulator on Tuesday urged companies to provide detailed disclosure on their exposure to Russia, Belarus and Ukraine, from business relationships to supply-chain disruptions to their investments.

‘Vladimir Putin’s yacht’ back in the water and may flee Italian port (The Telegraph) Police are still investigating the ownership of the Scheherazade, which means that it’s free to leave at any time

Attacks, Threats, and Vulnerabilities

Hackers stole data undetected from US, European orgs since 2019 (BleepingComputer) Cybersecurity analysts have exposed a lengthy operation attributed to the group of Chinese hackers known as “Winnti” and tracked as APT41, which focused on stealing intellectual property assets like patents, copyrights, trademarks, and other types of valuable data.

Raspberry Robin gets the worm early (Red Canary) Raspberry Robin is a worm spread by external drives that leverages Windows Installer to download a malicious DLL.

VIP3R: New actor. Old story. Great success. (Menlo Security) Menlo Labs has observed a threat campaign – dubbed VIP3R – that leverages Highly Evasive Adaptive Threat (HEAT) techniques to compromise the credentials of users at various organizations.

Hyperscalers, telcos exposing BIG-IP to the internet as pre-auth RCE vulnerability drops (Stack) A critical vulnerability in F5’s BIG-IP software (CVE 2020-5902) was among the top ten software flaws most exploited by hackers in 2020. Now a new BIG-IP vulnerability (CVE-2022-1388) in the load balancing and security suite gives an unauthenticated attacker remote code execution (CVSS 9.8). Users should patch urgently.

An Easy Misconfiguration to Make: Hidden Dangers in the Cloud Control Plane (Mitiga) The biggest risk in cloud development is not recognizing the differences between cloud and traditional definitions of common architecture terms. For example, imagine a system that is completely “firewalled off”—a firewall prevents any inbound or outbound connections from the machine. Could an adversary build malware that could still communicate with that machine over the network? The answer is less clear than you’d imagine.

Flaws in Avast, AVG Antiviruses Could Have Facilitated Attacks on Millions of Devices (SecurityWeek) SentinelOne researchers discover two high-severity vulnerabilities in Avast and AVG antiviruses that put millions of devices at risk in the past decade.

A Sticky Situation Part 1: The Pervasive Nature of Credit Card Skimmers (DomainTools) In our latest series, we’ll discuss obscure, but premium services that enable cybercrime and online fraud to thrive and scale. Our first installment explores a dubious, y

Heroku resets user passwords after concluding April cyber-attack ran deep (The Daily Swig) Hack investigation blames compromised token for breach

Cyberattack takes down network of State Bar of Georgia (The Record by Recorded Future) Officials would not specify if it was a ransomware attack. The incident affected the organization’s email, website and more.

There’s no sugarcoating it: That online sugar daddy may be a scammer (WeLiveSecurity) The bitter truth about how sugar daddy scammers dupe online daters in romance fraud that is designed to exploit a fast-growing niche in the dating world.

Top 3 Mother’s Day Scam Sites – Be Smart When Buying Gifts (Trend Micro News) Mother’s Day is coming – have you prepared any wonderful gifts for your mom or grandma yet? No doubt most of you have already started searching for the best deals. But don’t let scammers cut in and ruin the fun! In this post, we’ve put together some common Mother’s Day shopping scams and listed some tips to avoid them.

Security Patches, Mitigations, and Software Updates

Cisco Releases Security Updates for Enterprise NFV Infrastructure Software (CISA) Cisco has released security updates to address multiple vulnerabilities in Enterprise NFV Infrastructure Software. An attacker could exploit these vulnerabilities to take control of an affected system.  

Johnson Controls Metasys (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to lock other users out of the system and take over their accounts.

CISA urges F5 users to address ‘critical’ vulnerability in BIG-IP software (The Record by Recorded Future) F5’s BIG-IP products — which include software and hardware — are used widely by companies to help keep their applications up and running.

Android’s May 2022 Security Updates Patch 36 Vulnerabilities (SecurityWeek) Google resolves tens of high-severity security bugs with the latest software updates for Android and Pixel devices.

Q1 2022 Phishing and Malware Report: Malware Skyrockets, Microsoft Is the Most Impersonated Brand (Vade) Malware and phishing volumes across the globe moved in an upward trajectory in the early months of 2022.

BlackFog Global Ransomware Report (BlackFog) In April we recorded 25 ransomware attacks with Panasonic, Snap On and the American Dental Association making headlines. Coca Cola also made news when Russian-linked hackers claimed to have stolen financial data, passwords and accounts and trying to sell it for US$640,000.

New Prevalent Study Reveals Organizations Are Not Equipped to Handle Increasing Third-Party Security Incidents (PR Newswire) Prevalent, Inc., the company that takes the pain out of third-party risk management (TPRM), today announced a new report, The 2022 Third Party…

2022 Third-Party Risk Management Study | Prevalent (Prevalent) This definitive report from Prevalent is loaded with insightful data, analysis and recommendations from our survey of global risk management practitioners. Get immediate access to a 22-page e-book revealing our findings and recommendations, plus an infographic highlighting key results.

A majority of Americans are concerned about the safety and privacy of their personal data (Ipsos) However, many also acknowledge sharing passwords, reusing them, or other behaviors that could compromise their online behavior

Marketplace

AutoRABIT Raises $26 Million for Salesforce DevSecOps Platform (SecurityWeek) AutoRABIT raises $26 million in Series B funding for its Salesforce DevSecOps platform for regulated industries.

OT Security Firm Network Perception Raises $13 Million (SecurityWeek) OT security solutions provider Network Perception raises $13 million in Series A funding.

Radware launches SkyHawk Security to improve the overall security posture for organizations (Help Net Security) Radware announced the spinoff of its Cloud Native Protector (CNP) business to form a new company called SkyHawk Security.

Kyndryl CEO: Moving Out Of IBM’s Shadow With $1B In Pipeline (CRN) While Kyndryl’s financials still show impacts from its recent spin out from IBM, the company is expanding alliances to grow independently.

Elon Musk expected to serve as temporary Twitter CEO after deal closes (CNBC) Elon Musk is expected to serve as a temporary Twitter CEO for a few months after he completes his takeover of the company, sources told CNBC’s David Faber.

Elon Musk Gets $7 Billion in Fresh Financing for Twitter Deal (Wall Street Journal) A Saudi prince, Larry Ellison and a bitcoin exchange are among a group of 19 investors who have committed more than $7 billion to back the Tesla CEO’s bid for Twitter.

BAE Systems to develop autonomous network technology for multi-domain military missions (BAE Systems) BAE Systems to develop software that autonomously configures tactical networks for mission-critical communications as part of the Mission-Integrated Network Control (MINC) program.

US-based Swimlane establishes regional headquarters in Malaysia (New Straits Times) US-based Swimlane today has announced plans to open a regional headquarters in Kuala Lumpur as part of a strategic partnership with CyberSecurity Malaysia to create a more robust cyber environment in the region.

Egnyte Expands Footprint with Opening of Salt Lake City Office (Martech360) Egnyte, a leader in cloud content security and governance, announced that it has opened a new office in Salt Lake City.

CyberArk Announces Simon Mouyal as Chief Marketing Officer (CyberArk) CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced the appointment of Simon Mouyal as Chief Marketing Officer (CMO). Mouyal will be responsible…

Arcanna.ai Bolsters Executive Team and Advisory Board to Drive Growth of AI-Assisted Cybersecurity Platform for SOC Teams (Yahoo) Cybersecurity startup led by expert team of advisors and security professionals

KSOC Announces Executive Advisory Board (Business Wire) KSOC revealed the executive advisory board that is comprised of a distinguished group of cybersecurity investors and industry experts.

QinetiQ’s US subsidiary brings in new ‘C5ISR’ business leader (Washington Technology) The business is undertaking a push to double in size by 2026.

Splunk Names Katie Bianchi Chief Customer Officer (Valdosta Daily Times) Splunk Inc. (NASDAQ: SPLK), the data platform leader for security and observability, today announced the appointment of Katie Bianchi to Senior Vice President and Chief Customer Officer. Reporting to Gary Steele, Splunk President and CEO, and effective immediately, Bianchi leads the organization’s mission to help customers achieve exceptional outcomes and ongoing value with Splunk.

ExtraHop Hires Two VPs to Drive European Security Channel Partnerships (MSSP Alert) Network detection & response (NDR) security company ExtraHop hires Duncan Butchart & Karl Werner to drive European reseller, systems integrator & channel partnerships

Products, Services, and Solutions

Dashlane Launches Small Business Campaign to Increase Security Awareness Among SMBs (Business Wire) Dashlane Launches Small Business Campaign to Increase Security Awareness Among SMBs

Exabeam OEMs ZeroFox to Enhance Threat Intelligence (Exabeam) Exabeam, the leader in Next-gen SIEM and XDR, and ZeroFox, a leading external cybersecurity threat intelligence provider, today announced an OEM partnership to enhance indicators of compromise (IoC) with an added layer of threat intelligence for Exabeam Fusion SIEM and Exabeam Fusion XDR customers. In addition… Read more »

Mphasis partners with Securonix to prepare customers against advanced cyber security risks – Help Net Security (Help Net Security) Mphasis announced a strategic partnership with Securonix, a provider of next-gen Security Information and Event Management (SIEM).

CrowdStrike Introduces Multi-Cloud Threat Hunting Capabilities – MSSP Alert: Cybersecurity News for MSSPs & MDR Service Providers (MSSP Alert) CrowdStrike announces multi-cloud threat hunting capabilities for its Cloud Native Application Protection Platform to help orgs address cloud threats.

Keeper Security Announces Keeper Connection Manager: Privileged Access to Remote Infrastructure with Zero-Trust and Zero-Knowledge Security (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software announces the launch of Keeper Connection…

Technologies, Techniques, and Standards

Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins (FIDO Alliance) Faster, easier and more secure sign-ins will be available to consumers across leading devices and platforms  Mountain View, California, MAY 5, 2022  – In a joint effort to make the web […]

New standard improves international supply chain security (Security Magazine) The recently released SCS 9001 supply chain security standard offers an auditable and verifiable solution to help meet the goals of initiatives aimed at improving global cybersecurity.

Cyber-war gaming: A cybersecurity tabletop exercise (SearchSecurity) Is your company prepared for cyber attacks? Cyber-war gaming via cybersecurity tabletop exercises helps strengthen readiness from the top down.

Data Privacy and Fallacies (Integration Developer News) To improve data privacy and security, enterprise IT and business users are taking a harder look at their data collection policies.  Axway’s Brian Pagano says ensuring data security and privacy often starts by simply asking what data is necessary to collect.

Should You Pay for Identity-Theft Protection? Ask Yourself These Questions First. (Wall Street Journal) Policies—and prices—vary. So make sure you know what you’re buying, and whether you want to do it on your own.

World Password Day – the 1960s just called and gave you your passwords back (Naked Security) Yes, passwords are going away. No, it won’t happen tomorrow. So it’s still worth knowing the basics of picking proper passwords.

It’s Time to Move Beyond Just MFA (Total Retail) While multi-factor authentication (MFA) has become a part of daily online life for consumers, it’s not always a welcome one. The security feature can sometimes feel like more of a hassle than it’s worth.

Passwords aren’t going away any time soon (ITWeb) South African companies still don’t take password management as seriously as they should, warn experts.

Marine Corps Reserve Team Performs Impressively During Cyber Competition (Marine Corps Forces Reserve) The President’s Cup is a cybersecurity competition that was established in 2019 as mandated by Executive Order 13870, with the intent of identifying, challenging, and rewarding the U.S. government

Design and Innovation

One step closer to a passwordless future (Google) Over the next year all major device platforms have committed to building in support for passwordless FIDO Sign-in standards.

Research and Development

The number of machine learning inventions patented by Kaspersky has increased 19 times over the past three years (Kaspersky) Kaspersky has obtained 53 patents for machine learning (ML) inventions and submitted 116 relevant applications since 2019. The majority of these patented inventions are related to areas such as malware detection, critical infrastructure protection, anti-phishing technologies and security information and management solutions (SIEM).

Legislation, Policy, and Regulation

UK joins EU in Big Tech regulation plans (Computing) The threat of billion-dollar fines aimed at Big Tech is intended to promote competition and innovation from smaller players

When Corporate Interests and International Cyber Agreements Collide (The Cipher Brief) Cyber experts Bruce Schneier and Tarah Wheeler share thoughts on the divergence of corporate interests and international cyber agreements

National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems | The White House (The White House) NATIONAL SECURITY MEMORANDUM/NSM-10 MEMORANDUM FOR THE VICE PRESIDENT…

US Gov Issues Security Memo on Quantum Computing Risks (SecurityWeek) White House national security memo warns of severe risks from a quantum computer of sufficient size and sophistication.

White House: Prepare for cryptography-cracking quantum computers (BleepingComputer) President Joe Biden signed a national security memorandum (NSM) on Thursday asking government agencies to implement a set of measures that would mitigate risks posed by quantum computers to US national cyber security.

Biden Signs Bill To Create Cybercrime Reporting System (Forbes) President Joe Biden today signed the Better Cybercrime Metrics Act into law. The measure, which received bipartisan Congressional support, represents the latest step by the federal government to help beef up various aspects of the country’s cyber defenses.

Biden signs bill aimed at improving data collection on cybercrime (The Hill) President Biden on Thursday signed into law bipartisan legislation aimed at improving federal law enforcement’s collection of data related to cybercrime.   The legislation, known as the “Bette…

One year ago, Colonial Pipeline changed the cyber landscape forever (Washington Post) The Colonial Pipeline ransomware attack, which took place one year ago tomorrow, is a strong contender for the most consequential cyberattack in history.

DHS touts effectiveness of security directives one year after Colonial Pipeline ransomware attack (Inside Cybersecurity) DHS is underscoring what it sees as a flexible and effective approach to improving pipeline sector cybersecurity in the aftermath of the ransomware attack on Colonial Pipeline, pointing to implementation of Transportation Security Administration security directives while providing an overview of the threat landscape and information on how TSA has staffed up to meet cyber

NSA Chief: Cyber Command Did 9 Cyber Defense Missions Last Year (Nextgov.com) The dual-hatted head of the spy agency and military command has been conducting proactive missions to diffuse cyber threats to U.S. elections and other critical infrastructure and stressed the importance of artificial intelligence to advance the efforts.

Nakasone has been asked to remain at helm of NSA, Cyber Command (The Record by Recorded Future) U.S. Cyber Command and National Security Agency chief Gen. Paul Nakasone has been asked to remain in his post for another year, according to two senior defense officials, extending a four-year term that has seen the organizations expand their missions to include election security and combating ransomware.

NSA, Cyber Command tap new election security leaders (The Record by Recorded Future) The Election Security Group will play a central role in keeping the 2022 midterm elections free of foreign interference.

Connecticut becomes fifth state with data privacy law (The Record by Recorded Future) Connecticut’s recently passed data privacy bill became law on Wednesday, making it the fifth state in the US with some form of privacy protections for its residents. 

California Gov. Newsom Issues Executive Order for Crypto Business Rules (Wall Street Jpurnal) California Gov. Gavin Newsom issued an order aiming to help the state maintain its central role in crypto and blockchain, by building a regulatory framework and infrastructure.

Litigation, Investigation, and Law Enforcement

How to Erode Terrorists’ Trust in Cyberspace: The Role of Intelligence Services – GNET (GNET) One of the most crucial missions entrusted to intelligence services in the fight against jihadist terrorism is carried out on the Internet.

Catalan: Spain Spy Chief Admits Legally Hacking Some Phones (SecurityWeek) Spain’s top intelligence official acknowledged that her agency had hacked into the cellphones of “some” of the dozens of politicians reported to be targeted by spyware but she said it had proper judicial authorization.

Separatist politician says Spain’s spy chief admitted legally hacking some phones (CNBC) A Catalan separatist politician said Spain’s top intelligence official acknowledged that her agency had hacked into cellphones of “some” politicians.

Spain Spy Chief In Hot Seat Over Phone Hacking Scandal (NDTV.com) Spain’s top spymaster was grilled behind closed doors by lawmakers on Thursday over mobile phone hacking revelations that have roiled the country’s fragile coalition government.

U.S. agency proposes nearly $1 mln penalty on Colonial for safety violations (Reuters) The top U.S. pipeline regulator on Thursday said it proposed a nearly $1 million penalty for management failures at energy pipeline operator Colonial Pipeline Co that contributed to widespread fuel shortages along the U.S. East Coast in 2021.

Facebook Deliberately Caused Havoc in Australia to Influence New Law, Whistleblowers Say (Wall Street Journal) When Facebook blocked news pages last year to pre-empt Australian legislation that would force it to pay for content, it also took down hospitals, emergency services and charities. The company says that was inadvertent; whistleblowers allege it was a negotiating tactic.

FBI: Losses From BEC Scams Surpass $43 Billion (SecurityWeek) The FBI says business email compromise (BEC) and email account compromise (EAC) losses have surpassed $43 billion globally.

FBI: Business Email Compromise attacks led to more than $43 billion in losses since 2016 (The Record by Recorded Future) More than $43 billion has been lost through Business Email Compromise and Email Account Compromise scams since 2016, according to data collected by the FBI. 

Federal Judge Rules Massive Marriott Data Breach Class Action May Proceed (DiCello Levitt) Greenbelt, Md. – A federal judge in Maryland has granted class certification in a data breach impacting over 133 million American consumers against hotel chain Marriott (NASDAQ: MAR) and its data security vendor Accenture (NYSE: ACN), clearing the way for the litigation to move forward.  The Court will allow the case to proceed as a … Continued

Buying Authenticity: Inside the World of the Paid Crypto Shills (Vice) Around the world, influencers are hawking crypto projects for pay on Twitter, YouTube, and TikTok—and sometimes pushing the limits of U.S. law.

Court orders investment firm to engage MSSP Security In Depth (CRN Australia) And pay ASIC $750,000 following multiple preventible security breaches.



Original Source link

Leave a Reply

Your email address will not be published.

eighty five − eighty one =