US, NATO, refuse Russian demands over Ukraine. Cyberespionage. State-sponsored hackers avoid Winter Games. C2C market notes. | #government | #hacking | #cyberattack


Dateline Moscow, Minsk, Kyiv, Brussels, Ottawa, and Washington: Russia gets its response.

Russia proposes; NATO responds (The CyberWire) Russia isn’t pleased with the response it received yesterday from the US, and sees a bleak future, but disclaims any intention to invade Ukraine. Offensive cyber operations, however, continue.

Russia threatens retaliation if Ukraine demands not met (Military Times) Russia says it has no plans to invade Ukraine, but the U.S. and allies are planning for the worst.

Ukraine crisis: Russia ‘not optimistic’ but will keep talking with west – live coverage (the Guardian) Russian president Vladimir Putin is being briefed on a US paper reaffirming support for Ukraine’s right to pursue Nato membership

Ukraine crisis: US rejects Russian demand to bar Ukraine from Nato (BBC News) Russia says the response does not address its concerns about Nato, but “gives hope” over other issues.

US offers no concessions in response to Russia on Ukraine (AP NEWS) The Biden administration and NATO told Russia on Wednesday there will be no U.S. or NATO concessions on Moscow’s main demands to resolve the crisis over Ukraine. In separate written responses delivered to the Russians, the U.S.

U.S. sends written responses to Russia on its demands over Ukraine crisis (Washington Post) The United States on Wednesday delivered written responses to Russia’s demands for security guarantees over NATO expansion and activities in Eastern Europe, as a senior U.S. diplomat predicted that Moscow may use military force against Ukraine sometime in the next few weeks.

US, NATO deliver counteroffers to Russia on defusing Ukraine war prospects (Defense News) U.S. and NATO officials have separately delivered new sets of proposals to the Russian government for sorting out security concerns in Europe, while rejecting Russia’s demand that the alliance forever close its door to Ukraine.

U.S. delivers written response to Russian demands amid Ukraine crisis (POLITICO) The document was “fully coordinated” with Ukraine and European allies, Secretary of State Antony Blinken said.

U.S. Delivers Response to Russian Demands Amid Ukraine Crisis (Wall Street Journal) The move seeks to address Moscow’s demands and avert what Western officials worry is a looming Russian invasion of Ukraine.

U.S. Offers ‘Diplomatic Path’ in Answer to Russian Demands (New York Times) The U.S. response was not made public but Secretary of State Antony J. Blinken said it contained “core principles” on Ukraine’s sovereignty.

France’s Macron takes own path, seeks dialogue with Russia (AP NEWS) There’s still room for diplomacy in the Ukrainian crisis. At least that’s the conviction of French President Emmanuel Macron, who continues to push for dialogue with Russia despite signs pointing to a potential war.

U.S., China confer on Ukraine, urge de-escalation and calm (Reuters) China has told the United States it wants to see all sides involved in Ukraine remain calm and avoid increasing tension while the United States stressed de-escalation and warned of the security and economic risks from Russian aggression.

Putin’s Calculus Over Ukraine (Foreign Policy) The Russian leader risks huge casualties and painful sanctions if he invades, but he’s left himself little room to de-escalate.

Why Is Putin Acting Now? (Foreign Policy) Multiple factors are driving Russia’s escalation against Ukraine.

As it weighs action in Ukraine, Russia showcases its new military prowess (Washington Post) Kyiv could soon confront the full power of a Russian military that has changed markedly since the last time Moscow invaded Ukraine.

Russia’s Military, Once Creaky, Is Modern and Lethal (New York Times) A significantly upgraded military has emerged as a key tool of Vladimir Putin’s foreign policy, as he flexes his might around the globe and, most ominously, on the Ukraine border.

Explainer: What are NATO’s next steps if Russia invades Ukraine? (Reuters) NATO allies are putting forces on standby and sending reinforcements to eastern Europe in response to Russia’s buildup of more than 100,000 troops on Ukraine’s borders.

With Russia’s Ukraine build-up, NATO faces existential crisis of coherence (Breaking Defense) As Baltic members pledge arms, European giants France and Germany stay in the background.

Belarus joins Vladimir Putin’s war against Ukraine and the West (Atlantic Council) If Russia proceeds with its threatened full-scale invasion of Ukraine, it is increasingly clear that Belarus dictator Alyaksandr Lukashenka will also need to be viewed as a full combatant in Putin’s war.

Russian forces will leave Belarus once drills are over, Minsk says (Reuters) Russian military forces will leave Belarus once joint exercises between the two ex-Soviet countries are over next month, the Belarusian Ministry of Defence said on Thursday.

Stop asking what Putin wants and start asking what Ukrainians want (Atlantic Council) Fears of a major European war have sparked endless speculation over what Putin may want and how the West should react, but Ukraine itself has been largely reduced to the status of bystander in its own national drama.

Ukraine Is Betting on Militias to Bleed Russia (Foreign Policy) Ukraine hopes 130,000 new civilian defensive forces will make Putin think twice.

US Air Force ramps up intel flights, weapons shipments to Ukraine (Air Force Times) Flight trackers have spotted American Rivet Joint, Global Hawk, Reaper and Joint STARS aircraft, plus allied assets.

If Russia boosts its aggression against Ukraine, here’s what NATO could do (Atlantic Council) NATO has no obligation to defend Ukraine, but it should make any Russian attempts to annex territory more difficult.

Ukrainian diaspora says Canada must do more to back Ukraine against Putin (Atlantic Council) Members of Canada’s large Ukrainian diaspora are growing increasingly frustrated with what they see as their government’s failure to stand with Ukraine as it faces the prospect of a full-scale Russian invasion.

In meeting that Italian government tried to stop amid Ukraine crisis, Putin speaks to Italian CEOs via video (Washington Post) The leaders of some of Italy’s most influential companies defied the Italian government on Wednesday, meeting via videoconference with Russian President Vladimir Putin to discuss economic ties.

Survey: Western public backs stronger support for Ukraine against Russia (Atlantic Council) A recent six-country opinion survey commissioned by the Yalta European Strategy and Victor Pinchuk Foundation has identified strong Western public backing for an assertive policy in support of Ukraine.

Ukrainian government calls out false flag operation in recent data wiping attack (The Record by Recorded Future) The Ukrainian government said today that it found evidence meant to connect the data wiping attack that hit its own systems two weeks ago to a pro-Ukrainian hacking group in what security researchers typically describe as a “false flag” meant to distract investigators from the real culprits of the attack.

Cyber-attack briefly takes down Ukrainian ministry’s promotional website (Reuters) Unidentified hackers briefly took down a promotional website for Ukraine’s foreign ministry for several hours on Wednesday, the ministry said, amid increased tensions between Kyiv and Moscow over a massive build-up of Russian forces near their borders.

Expect more cybersecurity fallout from the Russia-Ukraine conflict (Tech Monitor) Growing tensions between Russia and Ukraine are likely to increase cybersecurity risks for Western companies.

As Russian cyberattack looms, cyberspace is ’21st century battleground’: experts (Fox Business) Concerns have mounted that Russia’s next move in the continuing threat of a Ukrainian invasion could target the U.S. in a cyberattack – a strategy experts argue is a battlefront already part of how global superpowers engage.

The Ukrainian Government Cyberattack – What You Need to Know (Deep Instinct) On the evening of January 13, several Ukrainian government websites, including the Ministry of Foreign Affairs, were hacked in a coordinated effort. Provocative messages were posted on the main page of these sites in three languages: Ukrainian, Russian, and Polish.

Wiper in Ukraine Used Code Repurposed From WhiteBlackCrypt Ransomware (Zero Day) This month’s wiper attack against government agencies in Ukraine has been tied to a 2021 ransomware campaign and a 2019 extortion plot against a Russian oligarch, investigators say.

What Happens When Russian Hackers Come for the Electrical Grid (Bloomberg) Emergency training at a restricted facility off Long Island has aimed to minimize the potentially catastrophic effects of a cyberattack on U.S. power infrastructure.

Insurers Want to Avoid Covering War. Ukraine Hacks Put That to the Test. (Wall Street Journal) As U.S. officials warn of Russian cyberattacks, a court ruling could affect whether insurance covers the damage.

Attacks, Threats, and Vulnerabilities

German govt warns of APT27 hackers backdooring business networks (BleepingComputer) The BfV German domestic intelligence services (short for Bun­des­amt für Ver­fas­sungs­schutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group.

Chinese hackers target German pharma and tech firms (Reuters) Chinese hacker group APT 27, long suspected of launching attacks on Western government agencies, has started targeting German companies in sectors such as pharmaceuticals and technology, Germany’s Federal Office for the Protection of the Constitution (BfV) said on Wednesday.

APTs quiet ahead of Beijing games, but financially motivated hackers are still lurking, research says (CyberScoop) State-sponsored hacking groups have been uncharacteristically quiet leading up to the Olympic Games next month in Beijing. Researchers say there’s one big reason why: No one wants to get on the bad side of China. “Disruptive Russian, Iranian, and North Korean state-sponsored cyberattacks targeting the 2022 Winter Olympics are unlikely to manifest due to the close relationships those countries maintain with the host nation, China,” Recorded Future researchers write in a report on potential cybersecurity threats to the games released Wednesday.

Threats to the 2022 Winter Olympics (Recorded Future) The hosting of the 2022 Winter Olympic Games in Beijing, China, alters the cyber, information, and geopolitical threats that face the Games.

Hackers Weaponize Microsoft Excel in West-Asian Cyberattack (SDxCentral) Attackers have weaponized Excel documents as part of an espionage campaign targeting high-ranking government officials in western Asia.

Prime Minister’s Office Compromised: Details of Recent Espionage Campaign (Trellix) Threat researcher Marc Elias discloses in-depth research results into a multi-stage cyberespionage campaign targeting high-ranking government officials overseeing national security policy and defense industry executives in Western Asia.

Sophisticated Threat Actor Targets Governments, Defense Industry in Western Asia (SecurityWeek) High-ranking government officials and individuals in the defense industry in Western Asia were targeted in a sophisticated campaign that involved the use of Graphite malware

Report: Access Broker Exploiting VMware Log4j Vulnerability (GovInfoSecurity) The risks posed by Apache Log4j continue, as a previously seen initial access broker group, codenamed Prophet Spider IAB, appears to be targeting vulnerabilities in

Log4U, Shell4Me (Blackberry) The BlackBerry Research & Intelligence and Incident Response teams have found evidence correlating attacks by the Initial Access Broker (IAB) group Prophet Spider with exploitation of the Log4j vulnerability in VMWare Horizon.

Malicious app on Google Play drops banking malware on users’ devices (Pradeo) Pradeo’s researchers discovered a malicious mobile application called 2FA Authenticator distributed on Google Play and installed by 10K+ users.

TeaBot and FluBot banking trojans resurface, targeting Android devices (SC Magazine) Bitdefender researchers say the TeaBot and FluBot malware campaigns revolve around malicious SMS messages on Android devices.

New FluBot and TeaBot Global Malware Campaigns Discovered (Bitdefender Labs) Some malware and phishing campaigns have short lives, tending to dissipate after they’re identified by security solutions.

Safari Flaws Exposed Webcams, Online Accounts, and More (Wired) Apple awarded a $100,500 bug bounty to the researcher who discovered the latest major vulnerability in its browser.

Polkit Vulnerability Provides Root Privileges on Linux Systems (SecurityWeek) Qualys security researchers warn of an easily exploitable privilege escalation vulnerability in polkit’s pkexec.

PwnKit Linux bug lets an unprivileged user gain full root privileges (Computing) The 12-year-old flaw exists in the pkexec component of Polkit system utility

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access (The Hacker News) A 12-year-old vulnerability has been discovered in the Polkit utility that could allow unprivileged attackers to gain root access to targeted Linux.

‘Dark Herring’ Billing Malware Swims onto 105M Android Devices (Threatpost) The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.

Financially Motivated Mobile Scamware Exceeds 100M Installations (Zimperium Mobile Security Blog) The Dark Herring Android scamware took advantage of millions of Android victims, promising features and access never delivered.

Deceptive financial ransomware variant ‘White Rabbit’ emerges in banking (SC Magazine) White Rabbit is a new family of ransomware exploits that has already been discovered making an attack on at least one major U.S. bank last month, according to cybersecurity researchers at Trend Micro.

Take Immediate Actions to Stop Your NAS from Exposing to the Internet, and Fight Against Ransomware Together (QNAP Systems, Inc.) Taipei, Taiwan, January 26, 2022 – QNAP® Systems, Inc. (QNAP) today issued a statement in response to a new type of ransomware …

Blox Tales: Zoom Meeting with a Phish (Armorblox) In this Blox Tales, we look at an account takeover attack with the goal of stealing victims’ Microsoft Teams account credentials through phishing scamsm

Every breath you take, every move you make: Do fitness trackers pose privacy risks? (WeLiveSecurity) Should you beware of wearables? Here’s what you should know about the potential security and privacy risks of your smartwatch or fitness tracker.

Norton Consumer Cyber Safety Pulse Report Reveals Online Tracking is More Rampant Than Most Realize (Norton Lifelock) Learn How Scammers Use Current Events and Pop Culture Trends to Lure Victims

Exploits to target satellite networks (ITWeb) Attacks will be launched on everything from crypto wallets to satellite services, warns Fortinet.

Positive Technologies Names Top 10 Phishing Topics of 2021 (Positive Technologies) In a new study, Positive Technologies listed the ten most popular topics used in phishing attacks throughout 2021. According to the company the share of attacks on individuals using social engineering in Q3 2021 increased to 83%, up from 67% in the same quarter of 2020.

She was a notorious hacker in the ’80s — then she disappeared (The Verge ) Claire Evans searches for Susy Thunder.

Security Patches, Mitigations, and Software Updates

Apple fixes new zero-day exploited to hack macOS, iOS devices (BleepingComputer) Apple has released security updates to fix two zero-day vulnerabilities, with one publicly disclosed and the other exploited in the wild by attackers to hack into iPhones and Macs.

Apple Patches ‘Actively Exploited’ iOS Security Flaw (SecurityWeek) Apple releases an urgent iOS update with fixes for 11 documented security flaws and warned that one of the vulnerabilities “may have been actively exploited.”

Expel’s Great eXpeltations Report Shares Insights on Cybersecurity Trends and Predictions (Expel) Expel debuts annual report, Great eXpeltations 2022, demystifying the biggest attack trends in 2021 and sharing guidance on how to prepare for the year ahead

Digital Exposure Report Finds Widespread Cyber Vulnerabilities for Pharma Companies & Executives on Fortune Global 500 List (PR Newswire) Today, Constella Intelligence (“Constella”), a leader in Digital Risk Protection and Identity Threat Intelligence, released their Pharma Sector…

Ransomware 2021 Year End Report Reveals Hackers are Increasingly Targeting Zero-Day Vulnerabilities and Supply Chain Networks for Maximum Impact (Business Wire) Ivanti, the provider of the Ivanti Neurons automation platform that discovers, manages, secures, and services IT assets from cloud to edge, today anno

Cyber Insights 2022: Identity (SecurityWeek) Account takeover, account opening and BEC scams are three sub-categories of identity to watch in 2022.

Akamai Research Reveals Extensive Global Piracy Demand, Industry and Regional Trends (PR Newswire) Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s most trusted solution for protecting and delivering digital experiences, released today…

Vietnamese lose VND24.4 trillion because of computer malware in 2021 (VietNamNet) In 2021, the damage caused by computer viruses to Vietnamese users continued to be at a high level of VND24.4 trillion ($1.06 billion), according to Bkav. 

Marketplace

A Look at Early Stage Venture Investment Activity in the Preceding Decade and how the Coronavirus (COVID-19) plays into 2020 (DataTribe) Venture capital investment activity can fluctuate year-to-year due to a variety of reasons ranging from macroeconomic conditions to geopolitical concerns. As an early-stage startup foundry…

Slim.AI Raises $31 Million to Secure Cloud-Native Applications (SecurityWeek) Cloud-native application security startup Slim.AI has raised $31 million in Series A funding, which brings the total raised by the company to $37.6 million.

Veriff Raises $100M Series C at $1.5B valuation co-led by Tiger Global and Alkeon (Yahoo Finance) Veriff, a premier global identity verification (IDV) provider, today announced it has raised $100M in Series C financing, co-led by Tiger Global and Alkeon, joined by existing investors IVP and Accel. This round brings Veriff’s total funding to $200M and its valuation to $1.5B, as it aims to expand its global customer base and deliver trusted online identity verifications.

Worklyn Partners Announces Acquisition of Quadrant Information Security (PRWeb) Worklyn Partners, a growth equity fund investing and operating at the intersection of cybersecurity and IT services, announced today its acquisition of

Burlington cybersecurity firm acquired by NC competitor (Boston Business Journal) Cygilant, a Burlington cybersecurity firm, has been acquired by SilverSky, a competitor based in North Carolina.

Portnox Closes $22 Million Series A to Make Cloud-Native Network & Endpoint Security a Reality for the Midmarket (Business Wire) Portnox, a proven leader in cloud-native network and endpoint security solutions, today announced the close of a $22 million Series A round of growth

Censys Completes $35 Million Series B Funding Round Led by Intel Capital (PR Newswire) Censys, the leading provider of continuous attack surface management, today announced it completed a $35 million Series B funding round led by…

Israel’s NSO Group says in talks with U.S. funds over possible deal (Reuters) Israeli spyware firm NSO Group said on Wednesday it is in talks with a number of U.S. funds over “various financial moves”, confirming media reports that it was discussing a sale of its assets.

Seeking a lifeboat, NSO Group in talks with US investors over possible sale (Times of Israel) Spyware maker reportedly in negotiations with Integrity Partners for $300 million cash infusion as it seeks to turn around, remove US sanctions

Why traditional insurers are struggling with cyber risk aggregation (Insurance Business Magazine) It’s all to do with the data they’re collecting, says CEO

ServiceNow CEO: “We’re in a sustained demand environment” (ZDNet) After delivering solid Q4 results, ServiceNow CEO Bill McDermott explains to ZDNet how the company will continue landing big deals

Valimail Doubles Customer Base, Solidifies Position as the Leading DMARC Provider (Yahoo Finance) Valimail, the global leader in zero-trust, identity-based authentication solutions, doubled its market-leading roster of customers in 2021. Further investments in its email authentication technology and the launch of Valimail Authenticate, a new DMARC-as-a-Service solution, fueled the company’s continued growth.

Arctic Wolf Expands Board of Directors with Key Leadership Appointments (Business Wire) Arctic Wolf®, a leader in security operations, today announced the appointment of two new independent members to the company’s Board of Directors, Tod

Sonatype Exceeds $100M in ARR, Names First President as Demand for Software Supply Chain Management Soars (Yahoo Finance) Addition of proven leader Alex Berry, largest Q4 ever, and 200+ new hires bolster momentum for 2022- Company growth showcases importance of intelligent, full-spectrum software supply chain management for both developers and security teams Alex Berry Sonatype welcomes Alex Berry as its first president…

Sift Appoints Alice Katwan to its Board of Directors and April Oman as Chief Customer Officer (GlobeNewswire News Room) Katwan and Oman bring a combined 40 years of experience to Sift as the company strengthens its position as the leading Digital Trust & Safety platform…

Datadobi Continues Momentum in EMEA Region with Appointment of Matthias Nijs as Vice President of EMEA Sales (Business Wire) Company veteran Nijs will be focused on building a growing regional team to help enterprises harness the power of unstructured data management

Products, Services, and Solutions

StorCentric Launches New Nexsan Channel Partner Certification Program (Nexsan) Enables Nexsan Channel Partners to Further Enhance Ability to Serve End Clients’ Data Management and Security Needs, Fortify Their Trusted Advisor Status, and Drive Additional Business Opportunities

Panorays Launches Complimentary Starter Offering (Panorays) Panorays has unveiled a powerful new complimentary offering available to users for an unlimited amount of time.

SecurityScorecard and Marsh McLennan Collaborate to Elevate Cybersecurity in Challenging Risk Landscape (PR Newswire) SecurityScorecard, the global leader in cybersecurity ratings, today announced a collaboration with Marsh McLennan, the world’s leading…

Socure and Public.com Win the 2022 Best in Future of Trust Award from IDC with the Use Case of Solving for Identity Verification: Balancing Fraud Risk, Customer Friction & Compliance (Business Wire) Socure, the leading provider of digital identity verification and fraud solutions, has won IDC’s Best in Future of Trust Award, based on the transform

WhiteSource Launches Azure Repository Integration (PR Newswire) WhiteSource, a leader in open source security and management, today released an Azure DevOps repository integration, allowing Azure DevOps…

Sotero Announces the Data Security Industry’s First Single-Pane Data Security Fabric (PR Newswire) Sotero, a leading provider of enterprise data security solutions, announces the availability of the Sotero data security fabric, a flexible…

Glasswall Announces Exclusive Distribution Agreement With Nihon Cyber (PRWeb) Glasswall, a cybersecurity company that offers instant protection against file-based threats with Content Disarm and Reconstruction (CDR) technology, has

New Open Source Tool Helps Identify EtherNet/IP Stacks for ICS Research, Analysis (SecurityWeek) Claroty has released a new open source tool designed for identifying ENIP stacks.

Apple launches new ‘Personal Safety User Guide’ amid AirTag concerns and more (9to5Mac) Apple has launched a new “Personal Safety User Guide” that aggregates details and support documents that can help users “when your personal safety is at risk.” The launch of this dedicated hub comes after Apple published an initial round of support resources a year ago, and as concerns around AirTag safety and stalking continue to […]

Penetration Tests and Still Photographs: Moving into the Future (IGI) Like the photograph, a penetration test is just a snapshot in time. IGI PenLogic provides better visibility and resiliency than the traditional approach.

LogRhythm Launches Strategic Partnership in Eastern Europe and Commonwealth of Independent States (CIS) to Detect, Investigate, and Neutralise Cybersecurity Threats (LogRhythm) LogRhythm has launched a strategic partnership with leading Value-Added IT Distributor, Softprom…

REPX Selects WISeKey’s WISeID Technology to Secure its Applications for the Sports Fans Ecosystems (Yahoo Finance) REPX Selects WISeKey’s WISeID Technology to Secure its Applications for the Sports Fans Ecosystems The growth potential of social networks as platforms that allow fans to purchase branded products and services, including credit cards, from their favorite clubs and the number of followers of top clubs such as Real Madrid, ACMilan, As Roma, Torino, that have already signed with REPX, opens new market opportunities in the digital transformation of financial services. Geneva, London – January 26, 20

New KnowBe4 Feature Enables Peer Comparisons With Security Culture Benchmark (GlobeNewswire News Room) Organizations can now compare their security culture score with others…

Cellebrite’s Training, Certification, and Advisory Programs Upskill Customers to Resolve Digital Investigation Challenges through Continuous Capabilities Development (GlobeNewswire News Room) Custom offerings delivered by nearly 150 Trainers in more than 20 languages give law enforcement professionals the ability to solve crimes efficiently and…

Proofpoint Extends Data Residency Capabilities to the Canadian Market (Proofpoint) We are pleased to announce that in addition to providing email protection and information archiving solutions to our Canadian customers, Proofpoint can now also provide its full advanced threat detection capabilities within our Canadian Data Centre.

DoControl Announces The First No-Code Security Workflows Triggered By Any SaaS Event To Enforce Data Access Control (PR Newswire) DoControl, the automated Software as a Service (SaaS) security company, today announced the first no-code security workflows to extend Zero…

Fastly’s New On-Demand Learning Center Unlocks Self-Paced Technical Training At Scale (Fastly) Fastly’s edge cloud platform helps the world’s most popular digital businesses keep pace with their customer expectations by delivering fast, secure, and scalable online experiences.

Technologies, Techniques, and Standards

DISA makes $7M award to start proving out DoD zero trust strategy (Federal News Network) The award to Booz Allen Hamilton will be used to start testing a prototype of DoD’s zero trust security model, which the agency calls “Thunderdome.”

How would zero trust prevent a Log4Shell attack? (Help Net Security) To avoid the consequences of vulnerabilities such as Log4Shell, we must use the least privilege principle and other principles of zero trust.

NSA Releases Cyber Advisory to Secure VSAT Networks (Executive Gov) The National Security Agency provided a set of recommendations to help organizations protect very small aperture terminals and understand associated risks.

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox (Threatpost) Threat actors use bogus ‘shipping delays’ to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.

‘Hack One, Breach Many’ Is Here to Stay: How to Secure Your Third-Party Risks (Infosecurity Magazine) ‘Hack one, breach many’ is here to stay so secure your access points before it’s too late

22 cybersecurity myths organizations need to stop believing in 2022 (CSO Online) Security teams trying to defend their organizations need to adapt quickly to new challenges. Yesterday’s buzzwords and best practices have become today’s myths.

Privacy policies are hard to read (Avast) Taking a look at some of the best and worst privacy policies in terms of their overall readability.

Design and Innovation

Defense Innovation Unit highlights 2021 technology transition efforts (C4ISRNet) The Defense Innovation Unit transitioned eight projects from commercial vendors to military users last year, according to its annual report.

Academia

Alexandria College selected as U.S. Cyber Command partner (Alexandria Echo Press) Alexandria College was the only institution selected from Minnesota.

Legislation, Policy, and Regulation

From Tiananmen to Hong Kong, China’s crackdowns defy critics (AP NEWS) From the deadly crushing of Beijing’s 1989 pro-democracy protests to the suppression of Hong Kong’s opposition four decades later, China’s Communist Party has demonstrated a determination and ability to stay in power that is seemingly impervious to Western criticism and sanctions.

Europe’s Hypocrisy Over Personal Data Privacy Exposed (SecurityWeek) Inherent hypocrisy is fully revealed by Europol’s mass collection of personal data of European residents contrary to the principles of GDPR

White House instructs government agencies to beef up cybersecurity, adopt ‘zero trust’ in new memo (The Verge) The strategy was shaped by the response to vulnerabilities like the Log4j exploit.

White House wants US govt to use a Zero Trust security model (BleepingComputer) A newly released Federal strategy wants the US government to adopt a “zero trust” security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies.

Moving the U.S. Government Toward Zero Trust Cybersecurity Principles (Office of Management and Budget) This memorandum sets forth a Federal zero trust architecture (ZTA) strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year (FY) 2024 in order to reinforce the Government’s defenses against increasingly sophisticated and persistent threat campaigns. Those campaigns target Federal technology infrastructure, threatening public safety and privacy, damaging the American economy, and weakening trust in Government.

Litigation, Investigation, and Law Enforcement

Cryptocurrencies: tracing the evolution of criminal finances | Europol (Europol) Cryptocurrencies are a technical and financial innovation that offer major potential for the global economy. At the same time, they are being used for criminal purposes such as money laundering, fraud, and the online trade of illicit goods and services. The ways criminals use cryptocurrencies is evolving, and it is spreading to all forms of serious and organised crime.  Following…

DeFi Increasingly Popular Tool for Laundering Money, Study Finds (Wall Street Journal) Decentralized finance protocols are playing an increasing role in money laundering, with the total value of cryptocurrency laundered rising year over year by 30% in 2021, according to blockchain data platform Chainalysis Inc.

A Chinese teen found his birth parents with a social media appeal. He killed himself after the reunion took a dark turn. (Washington Post) It began as a feel-good story for China’s modern age that played out in the bright glare of social media. Liu Xuezhou, a teenage teacher in training who had been adopted as an infant, found his birth parents after posting a video about his search. In a remarkably short time, police found them and organized a meeting.

Crypto Lending Firms Celsius Network, Gemini Face SEC Scrutiny (Bloomberg) Review focuses on whether offerings are securities, people say. High-yield products have sparked investor protection concerns.

Germany arrests Russian citizen suspected of space tech espionage (Reuters) German prosecutors arrested and charged a Russian citizen with spying for Russia, alleging he had passed information on aerospace technology, in particular the Ariane space launch vehicle, to Russian intelligence.

DeepDotWeb co-admin sentenced to 8 years in prison (The Record by Recorded Future) One of the two administrators of the DeepDotWeb portal was sentenced this week to 97 months in prison for receiving money from illegal dark web marketplaces to promote their sites.

DeepDotWeb Administrator Sentenced for Money Laundering Scheme (US Department of Justice) An Israeli national was sentenced yesterday to 97 months in prison for operating DeepDotWeb (DDW), a website that connected internet users with Darknet marketplaces, where they purchased illegal firearms, malware and hacking tools, stolen financial data, heroin and fentanyl, and other illicit materials.

EU court overturns $1.2 billion antitrust fine against Intel as company posts record fourth-quarter earnings (Computing) European Commission penalised Intel in 2009 on the basis that the firm had unfairly tried to block rival Advanced Micro Devices



Original Source link

Leave a Reply

Your email address will not be published.

thirty one + = thirty eight