BlackCat gang demands $5m. Fraudster’s claims exceed reality. CISA releases ICS advisories. Pro-Russian DDoS.

Dateline

Ukraine at D+92: Artillery, DDoS, and remittances in a hybrid war. (The CyberWire) Fighting in the Donbas becomes an artillery duel as Russia reconstitutes its armored forces with obsolescent tank stocks. DDoS continues to be the principal mode of hacktivists acting in the Russian interest. And sanctions are having the side effect of inhibiting ransomware gangs.

Russia-Ukraine war: what we know on day 93 of the invasion (the Guardian) Fresh strikes in Kharkiv kill nine civilians as Ukrainian officials admit Russia has the ‘upper hand’ in fighting in the country’s east

Russia’s invasion of Ukraine: List of key events, day 93 (Al Jazeera) As the Russia-Ukraine war enters its 93rd day, we take a look at the main developments.

UN says over 4,000 civilians killed in invasion of Ukraine so far (Al Jazeera) The UN human rights office has updated its official count, but says the actual death toll is likely much higher.

Ukrainian volunteer fighters in the east feel abandoned (Washington Post) Stuck in their trenches, the Ukrainian volunteers lived off a potato per day as Russian forces pounded them with artillery and Grad rockets on a key eastern front line. Outnumbered, untrained and clutching only light weapons, the men prayed for the barrage to end — and for their own tanks to stop targeting the Russians.

Ukraine morning briefing: Russian soldiers ‘regret actions our troops committed’ (The Telegraph) Plus: Moscow is ready to help end food crisis (but there’s a but), while Zelensky warns towns are being wiped from the face of the Earth

Zelensky, Western partners warn appeasing Putin will not end invasion (Washington Post) President Volodymyr Zelensky hit back at former U.S. Secretary of State Henry A. Kissinger’s suggestion that Ukraine should cede territory to Russia to help end the invasion. The Ukrainian leader likened Kissinger’s remarks to Britain’s appeasement policy in the lead-up to World War II — which allowed Hitler’s expansion of German territory — and noted that the former diplomat had fled the Nazi regime as a teen.

Fierce Resistance in Kherson Disrupts the Russian “Liberation” Scenario (Wilson Center) On February 24, 2022, the troops of the Russian Federation launched a military assault on Ukraine, advancing across its northern, eastern, and southern borders and starting a full-scale war. Kherson oblast, which borders the annexed Crimean Peninsula to the south, has been occupied by Russian troops since the very first day of the war, and the regional center of Kherson was besieged that same day, which prevented the evacuation of noncombatants. On March 1, Russian troops attacked the city of Kherson, killing the local border guards, members of Ukraine’s Territorial Defense units, and dozens of civilians.

How Ukraine is using artillery to stop Russian forces in their tracks (Task & Purpose) “The fight is really shaped by artillery in this phase.”

In Ukraine’s valleys of death, a lethal game of hide and seek is playing out (The Telegraph) Big guns are defining a new phase of the war against Russia, with artillery, rocket launchers and mortars likely to decide the outcome

Out-gunned Ukrainians holding Donbas line amid “intense” fight (Newsweek) Donetsk Governor Pavlo Kyrylenko told Newsweek the resistance is achieving the impossible, but needs more Western support to push Russia back.

Russia-Ukraine latest news: Boris Johnson calls for advanced long-range weapons to be sent to Ukraine (The Telegraph) It is "vital" to provide Ukraine with long-range rocket launchers as Russian forces slowly "chew through ground" in the east, Boris Johnson has said.

Exclusive: U.S. and Ukraine discuss danger of escalation as new arms extend Kyiv’s reach (Reuters) As the United States and its allies provide Ukraine with increasingly sophisticated arms, Washington has held discussions with Kyiv about the danger of escalation if it strikes deep inside Russia, U.S. and diplomatic officials tell Reuters.

Has Ukraine Broken the Russian Military? (Defense One) With thousands of troops dead, Russia seems desperate for new soldiers—allowing enlistees as old as 50, U.S. defense official says.

More than 100 refuseniks dismissed from Russian army (The Telegraph) A Russian court on Thursday ordered the dismissal of some 115 National Guard officers who had refused to be deployed to Ukraine

Russia’s Shrinking War (New York Times) The goals of Russia’s invasion keep getting smaller. But its depleted military is still failing to make major advances, and time is on Ukraine’s side.

Ukraine Slams Idea of Swapping Land for Peace (Wall Street Journal) Ukrainian President Volodymyr Zelensky dismissed suggestions that his country should cede territory, comparing them to attempts to appease Nazi Germany, as Russia stepped up its attacks in Ukraine’s east.

How Does It End? Fissures Emerge Over What Constitutes Victory in Ukraine (New York Times) Differing objectives foreshadow a coming debate about what position President Volodymyr Zelensky of Ukraine and his Western allies would take if negotiations to end the conflict finally get going.

Three possible futures for a frozen conflict in Ukraine (Atlantic Council) As the war in Ukraine grinds on, our experts lay out several scenarios that could reshape the world.

What hope is there for diplomacy in ending the Russia-Ukraine war? (the Guardian) Analysis: Western leaders are divided on arming Ukraine, oil embargoes and whether Kyiv will have to accept territory loss

Putin ‘thunderbolt’ spells end of globalisation, Olaf Scholz warns (The Telegraph) German Chancellor says Ukraine war will usher in a new ‘multipolar world’

Moldova says Europe’s security policies need ‘paradigm shift’ (Al Jazeera) Al Jazeera interviews Ana Revenco, interior minister, amid fears that Moldova could be drawn into the Ukraine war.

As Russian Forces Retreated, Mock Executions and Beatings Increased in Ukraine (Wall Street Journal) Caught out by drone attacks and ambushes, Russian patrols began targeting civilians for interrogation in the weeks following the Ukraine invasion, convinced that citizens were taking photos of their positions or passing other information about their formations to Ukrainian forces.

‘Ukraine’s heritage under attack’: why Russia is looting museums (the Guardian) 2,000 stolen artworks attest to Putin’s desire to erase a nation’s history – like so many despots before him

Finland, Sweden Would Contribute Militarily to NATO on ‘Day One,’ General Says (Defense One) Alliance applicants would bring expertise in deterring Russia and advanced naval capabilities in the Baltic Sea.

The Gaslit Cave: Chained to a Television Screen (Wilson Center) It was Plato who invented propaganda and gave it so much credibility. In Republic, he imagined it as a force for good. He wanted the wise guardian rulers to produce noble lies that would benefit the country. He expected the gullible masses to believe the message and work tirelessly for the common good. He was convinced that, absent the nudging, the masses themselves would never think of worthy values.

War critics in Russia, facing continuing crackdown, turn to craftier, coded protests (Los Angeles Times) As Russia fines and arrests citizens for speaking out against the war in Ukraine, people are turning to coded messages.

Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy (Imperva) In April 2022 it was reported that pro-Russian hacktivist group, KILLNET, carried out a series of Distributed Denial of Service (DDoS) attacks against a number of websites including the United Nations (UN), The Organization for Security and Cooperation (OSCE) an organization founded in Finland, and other European sites in Czechia, Estonia, Latvia, Lithuania, German, Poland, Romania and the UK.

Cyberattacks against UK CNI increase amidst Russia-Ukraine war (Intelligent CIO Europe) The systems that underpin the UK’s critical national infrastructure (CNI) are under increasing cyber threat. Over seven in 10 cybersecurity decision-makers at UK CNI organisations reported a rise in cyberattacks since the start of the Ukraine war, according to new research by UK cybersecurity services firm, Bridewell. The research, which surveyed 521 cybersecurity decision-makers in […]

A cyberwar is already happening in Ukraine, Microsoft analysts say (NPR.org) Microsoft’s global ubiquity gives its cybersecurity experts a unique window into the Russian cyberwar against Ukraine. The software giant is involved in both monitoring and combatting attacks.

NSA: Sanctions on Russia Having a Positive Effect on Ransomware Attacks, Attempts Down Due to Difficulty Collecting Ransom Payments (CPO Magazine) National Security Agency (NSA) director of cybersecurity Rob Joyce told attendees of a recent UK security conference that ransomware attacks are down in roughly the last two months, and that trend can be traced directly to sanctions placed on Russia. Criminals that operate out of the country are struggling to find ways to cash out ransom payments and set up infrastructure, due in large part to sanctions attached to the invasion of Ukraine.

How Estonia became Europe’s leader in cyber security (euronews) Estonia was one of the first countries to come under attack from cyberattacks 15 years ago and has since built one of the world’s strongest cyber security systems.

Hungary’s Orban Dials Dictatorship Up a Notch (Foreign Policy) Budapest’s faux state of emergency is meant to appease Putin and cement Orban’s hold on power.

Russia’s Energy Transit Play, a Crooked Game (Wilson Center) After Russia launched a full-scale military invasion of Ukraine on February 24, Europe’s dependence on fossil fuels from Russia became an issue of top importance.

Don’t ignore the exchange rate: How a strong ruble can shield Russia (Atlantic Council) Western governments should remember: Relying on the medium- to long-term effects of sanctions gives Russia plenty of time to prepare.

Russian Rate Cut Tops Forecasts, Sends Ruble Rally Into Reverse (Bloomberg) Third straight reduction takes aim at ruble’s rebound. Currency’s gains concern the Kremlin, imperil budget revenue.

As Russia Diverges From the Global Economy, Soviet-Style Scarcity Looms (New York Times) With soaring prices and shortages of basic goods, the Russian people and businesses large and small are feeling the pinch.

Russians look to Iran for lessons on life under long-term sanctions (Washington Post) Independent Russian journalist Alexey Pivovarov wondered what life under years of economic sanctions could come to look like. So he went to Iran to find out.

Fish and chips to take a battering in latest round of Russian sanctions (The Telegraph) Fears for takeaways shops as Government announces intention to hit Moscow’s whitefish exports, including cod and haddock, with trade tariffs

Attacks, Threats, and Vulnerabilities

BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state (BleepingComputer) Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems.

Who’s watching your webcam? The Screencastify Chrome extension story… (Naked Security) When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.

Poisoned Python and PHP packages purloin passwords for AWS access (Naked Security) More supply chain trouble – this time with clear examples so you can learn how to spot this stuff yourself.

Vulnerability Spotlight: Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service (Talos Intelligence) A blog from the world class Intelligence Group, Talos, Cisco’s Intelligence Group

OAS platform vulnerable to critical RCE and API access flaws (BleepingComputer) Threat analysts have disclosed vulnerabilities affecting the Open Automation Software (OAS) platform, leading to device access, denial of service, and remote code execution.

Cybergang Claims REvil is Back, Executes DDoS Attacks (Threatpost) Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.

Top Ten Most Cumbersome Website Infections to Remove in 2021 (Sucuri Blog) To continue with content that didn’t make it into the final cut of our 2021 Threat Report: Today we go over the top 10 malware families that had the highest file count, making them quite difficult to remove without the right tools.

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw (Security Affairs) Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. Horizon3 security researchers have released a proof-of-concept (PoC) exploit and technical analysis for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The virtualization giant recently warned that a threat actor can exploit the CVE-2022-22972 flaw (CVSSv3 base score of 9.8) […]

Branded Domains Are the Focal Point of Many Phishing Attacks (CirxcleID) As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 — more than three times the number reported in early 2020, and the highest monthly total ever identified.

Is your CEO protected from impersonation? (IT-Online) A corporate security threat that threatens South African organisations with damaged reputations, financial losses, and significant disruption is increasing. According to Paul Stafford, vice-president for Africa at Mimecast, CEO fraud is on the rise and could cause significant damage. Mimecast’s State of Email Security 2022 report found that 92% of South African respondents had experienced […]

Could New Zealanders initiate a cyber attack from within? (ChannelLife New Zealand) The threat landscape is significantly increasing worldwide, and the opportunities it presents are a growing concern in Aotearoa.

Hacker Steals Database of Hundreds of Verizon Employees (Vice) The database contains information that could be used in social engineering and SIM swapping attacks.

Ransomware attack hits New Jersey county (CNN) A ransomware attack has forced officials in a 345,000-person New Jersey county to switch off their computers and set up temporary Gmail accounts so the public can email key agencies such as the health, emergency and sheriff’s departments.

Ransomware attack disrupts a range of services in a New Jersey county (The Record by Recorded Future) A county in New Jersey is still dealing with the aftermath of a ransomware attack that began on Tuesday. 

FBI heads to Brooks County to investigate cyber attack (kiiitv.com) According to county officials, if they cannot recover the online documents then it will be a lengthy process to re-enter that data by hand.

Security Patches, Mitigations, and Software Updates

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices (The Hacker News) Zyxel has released patches to address four vulnerabilities affecting its firewall, AP controller, and AP products.

Microsoft shares mitigation for Windows KrbRelayUp LPE attacks (BleepingComputer) Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations.

Citrix Releases Security Updates for ADC and Gateway (CISA) Citrix has released security updates to address vulnerabilities in ADC and Gateway. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX457048 and apply the necessary updates.

Drupal Releases Security Updates (CISA) Drupal has released security updates to address a vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website. CISA encourages users and administrators to review Drupal security advisory SA-CORE-010 and apply the necessary updates.

Keysight N6854A Geolocation server and N6841A RF Sensor software (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Keysight Technologies, Inc. Equipment: N6854A Geolocation server and N6841A RF Sensor software Vulnerabilities: Relative Path Traversal, Deserialization of Untrusted Data 2.

Horner Automation Cscape Csfont (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Csfont Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code by opening a malicious file.

Marsh and Microsoft survey identifies latest cyber risk trends (Insurance Business Magazine) Firms share guidance for developing better cyber resilience

Global Survey Finds 80% of Consumers Prefer Identity Verification Measures When Choosing Online Brands (Business Wire) Jumio, the leading provider of orchestrated end-to-end identity proofing, eKYC and AML solutions, today released the findings of its global research c

ZeroFox Releases New Research Highlighting Evolution of Threats Targeting Financial Services (GlobeNewswire News Room) Company processed over 460,000 takedowns in Q1 2022, observing a significant rise in frequency and sophistication of FinServ targeted cyberattacks…

BreachQuest Releases “Cybersecurity Risks In Healthcare Report” Examining Top Threats and Providing Best Practices (PR Newswire) BreachQuest, the company revolutionizing incident response, today announced the release of the “Cybersecurity Risks In Healthcare Report.” The…

Elevated Pulse: Cyber Security Risks in Healthcare (BreachQuest) Healthcare is one of the most targeted industries for cybercrime. Recent data suggests that hospitals account for 30% of all large data breaches! Defending against today’s advanced cyberattacks starts with gathering intelligence on threat actors’ methods and operations. Based on research from BreachQuest and case data from our incident response team, this report exposes the latest healthcare cybersecurity threats and provides insights into how these threats exploited healthcare business vulnerabilities in 2021.

Gigamon Releases “2022 TLS Trends Research” Based on 1.3 Trillion Network Flows (Yahoo Finance) Gigamon, the leading deep observability company, today released its updated TLS Trends Research report which highlights levels of encrypted traffic, versions in use, and trends over time. While this data is readily available for general internet traffic, Gigamon is the only vendor to publish data on the usage of encryption in intra-organization lateral communications (East-West traffic).

Key trends in the Verizon Data Breach Investigations Report (Security Magazine) From well publicized critical infrastructure attacks to massive supply chain breaches, the DBIR found five key trends in the security incidents analyzed.

Small Businesses Don’t Recognize Risk of Cyber-Attack Despite Repeated Warnings (The National Law Review) CNBC surveys over 2,000 small businesses each quarter to get their thoughts on the overall business environment and their small business’ health. According to the latest CNBC/SurveyMonkey Small

4/10 Australian SMEs fallen victim to cyber-attacks since pandemic (SecurityBrief Australia) Almost four out of teb SMEs in Australia have fallen victim to cyber-attacks since the pandemic began, according to a new study.

Marketplace

SYN Ventures Closes $300M Fund for Cybersecurity Bets (SecurityWeek) SYN Ventures has closed a new $300 million fund and announced the addition of serial entrepreneur Ryan Permeh as full-time operating partner.

VMware to Absorb Broadcom Security Solutions Following $61 Billion Deal (SecurityWeek) Broadcom announces acquisition of VMware for $61 billion in cash and stock, and VMware will absorb Broadcom’s security software solutions as part of the deal.

Broadcom’s $61B VMware buy ranks as 3rd largest tech deal (S&P Global) VMware is notable for its strong position in the hybrid cloud sector, where big companies combine their private networks with public cloud services from providers such as Amazon, Microsoft and Google.

Chipmaker Broadcom to buy VMware in $61 bln deal (Reuters) Broadcom Inc said on Thursday it will acquire cloud computing company VMware Inc in a $61 billion cash-and stock deal, the chipmaker’s biggest and boldest bid to diversify its business into enterprise software.

Trend Micro stands up federal subsidiary (Washington Technology) The Japan-headquartered cybersecurity company also shifts one of its vice presidents over to lead the federal business.

Microsoft, IBM Tackle the Cybersecurity Skills Gap (Security Boulevard) The cybersecurity skills shortage contributes to a significant portion of breaches and continues to leave companies worse for wear.

Cloud Security Firm Lacework Lays Off 20% of Workforce (SecurityWeek) Cloud security firm Lacework has announced laying off 20% of its staff as a result of restructuring.

Zscaler shares up on strong earnings and revenue beat (SiliconANGLE) Zscaler shares up on strong earnings and revenue beat – SiliconANGLE

SentinelOne Global Culture Named To Leading Workplaces Lists (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced the company has been recognized for its best-in-class global work

CrowdStrike Named a Leader in Threat Intel Management Market (CrowdStrike) Quadrant Knowledge Solutions has named CrowdStrike as a 2022 leader in the SPARK Matrix analysis of the global Digital Threat Intelligence Management market.

Infosec Institute Named a Visionary in EMA’s Vendor Vision report (IT News Online) Infosec Institute Named a Visionary in EMA’s Vendor Vision report

Greg Johnson to Take Reins as McAfee CEO (SecurityWeek) McAfee Corp. announced that Greg Johnson has been appointed President and Chief Executive Officer, effective June 13, 2022.

Former CIA chief information security officer Michael Mestrovich, joins Rubrik (CRN Australia) Michael Mestrovich worked at the spy agency for six years.

Michael Orozco joins MorganFranklin Consulting as Managing Director and Advisory Services Leader (Help Net Security) MorganFranklin Consulting announced the addition of cybersecurity expert Michael Orozco as new managing director.

Products, Services, and Solutions

New infosec products of the week: May 27, 2022 (Help Net Security) The featured infosec products this week are from: Corelight, Fortinet, Hunters, Kingston Digital, Netenrich, PIXM, and SafeGuard Cyber.

JFrog Integrates with ServiceNow to deliver “ServiceOps” – real-time insights on security vulnerabilities and compliance issues. (JFrog) Two new integrations for JFrog Xray with ServiceNow’s platform provide IT leaders with real-time insights on security vulnerabilities and compliance issues to quickly engage necessary team members from across the organization for more immediate response and remediation.

BeyondTrust and Beyond Identity Partner for Zero Trust PAM | Beyond Identity (Beyond Identity) Unphishable MFA Plus Privileged Access Management Ensures Only Authorized Users on Secure Devices Have Access to All Privileged Accounts

Gigamon Releases "2022 TLS Trends Research" Based on 1.3 Trillion Network Flows (Benzinga) Unique research analyzes encryption trends and versions based on real-world North-South and East-West traffic Gigamon, the leading deep observability company, today released its updated TLS Trends Research report which

Radware Expands Relationship with a Leading Multinational E-Commerce Company in Million Dollar Deal (Yahoo) Mitigates spikes in complex bot attacks without interrupting online purchasesMAHWAH, N.J., May 26, 2022 (GLOBE NEWSWIRE) — Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, today announced it has expanded its relationship with a leading, multinational e-commerce company in a million dollar deal. The company purchased the Radware Bot Manager and Managed Services to further protect its global e-commerce network and website traffic from cyber attack.

Radware provides DDoS protection for National Telecom in Thailand (Intelligent CIO APAC) National Telecom (NT) in Thailand has chosen Radware to increase the cyber-defenses surrounding its international telecommunications infrastructure. The Thai state-owned telecommunications company supports over 25,000 telecommunication towers nationwide, underwater cables, underground conduits, fiber optic cables and 13 data centers. The company has been modernizing its infrastructure by deploying 5G, laying a strong fiber-optic network for […]

SailPoint Achieves FedRAMP ‘In Process’ Designation for its SaaS Identity Security Offerings (Business Wire) SailPoint Technologies Holdings, Inc. (NYSE: SAIL), the leader in enterprise identity security, today announced it has achieved the “In Process” desig

SentinelOne Pioneers Inaugural Deception MITRE Engenuity ATT&CK® Evaluation (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced its results from the inaugural MITRE Engenuity ATT&CK® Decept

Fortinet introduces self-learning AI in latest offering (SecurityBrief Asia) Fortinet is introducing self-learning AI capabilities in its new network detection and response offering, FortiNDR.

iTWire – Fortinet Fabric-Ready Technology Alliance Partner Program hits new milestone, surpassing 500 integrations (IT Wire) Fortinet’s portfolio of cybersecurity solutions is built from the ground up with integration and automation top of mind. The momentum with our Open Ecosystem is more important than ever as organisations continue digital acceleration initiatives. Many organisations struggle to get their…

Zscaler and Siemens Partnership Delivers All-in-One Solution to Accelerate Secure Digitalization for OT Environments (GlobeNewswire News Room) To be Demonstrated at Hannover Messe Fair, World’s First Zero Trust OT Security Platform Powered by Zscaler™ Now Available Globally via Siemens…

Verizon customers get home security with home internet (Verizon) New Verizon 5G Home Internet customers and Fios customers can get a SimpliSafe home security system and one month of their most comprehensive professional monitoring worth up to $400.

Technologies, Techniques, and Standards

Cyber Resilience Pledge (World Economic Forum) The Cyber Resilience Pledge aims to mobilize global commitment towards strengthening cyber resilience across industry ecosystems.

The Cornerstone of Cybersecurity – Cryptographic Standards and a 50-Year Evolution (NIST) In today’s connected digital world, cryptographic algorithms are implemented in every device and applied to every link to protect information in transmission

CISA and DoD Release 5G Security Evaluation Process Investigation Study (CISA) CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios: low-, mid-, and high-band spectrum. 

DHS, DoD publish 5G security guidance to help agencies think through key ATO process (Federal News Network) The “5G Security Evaluation” was developed by a joint study team led by the Department of Homeland Security and the Department of Defense.

Space Force rolls out cybersecurity standards for commercial providers of satellite services (SpaceNews) The Space Systems Command announced May 26 the official rollout of a new process to assess the cybersecurity of commercial satellite operators that do business with the Defense Department. 

Can your intelligent building outsmart hackers? (Building Design & Construction) ESD’s security services studio leader Coleman Wolf offers tips, advice, and lessons for protecting real estate assets from cyberattacks.

There are systems ‘guarding’ your data in cyberspace – but who is guarding the guards? (The Conversation) Many organisations abide by a “zero trust” rule wherein absolute trust is placed in nothing, apart from a central identity and access management system. But what happens when this system is breached?

Can comprehensive cloud security capabilities protect businesses? (Tech Wire Asia) When it comes to cloud security, organizations rely on it to secure their cloud deployments and applications. For most businesses today,  securing the

The Myths of Ransomware Attacks and How To Mitigate Risk (The Hacker News) The Myths of Ransomware Attacks and How To Mitigate Risk

Design and Innovation

A Face Search Engine Anyone Can Use Is Alarmingly Accurate (New York Times) PimEyes is a paid service that finds photos of a person from across the internet, including some the person may not want exposed. “We’re just a tool provider,” its owner said.

Academia

FBI: Compromised US academic credentials available on various cybercrime forums (Security Affairs) The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI issued an alert to inform the higher education sector about the availability of login credentials on dark web forums that can be used by threat actors to launch attacks […]

NSF Tags FAU Scientist for Post-quantum Cryptography in NextG Networks (Florida Atlantic University) FAU’s Reza Azarderakhsh, Ph.D., was picked by the NSF for “Resilient and Intelligent Next-Generation Systems” for his project, which is the only one taking post-quantum cryptography to next generation systems.

Student wins cyber research award (University of North Georgia) Four University of North Georgia (UNG) students pursuing degrees in cybersecurity had their research accepted for the inaugural Cybersecurity Research in Undergraduate Programs (CyRUP) Conference held April 6-8 at Norwich University, and one of them won an award.

Cyberwarfare Reporter Nicole Perlroth ’04 Traces Path to Government (Princeton Alumni Weekly) Award-winning cybersecurity reporter Nicole Perlroth ’04 didn’t start her journalism career writing about cybersecurity or even tech. She started with a tabloid exposé — on food.

Legislation, Policy, and Regulation

China, Russia veto U.S. push for more U.N. sanctions on North Korea (Reuters) China and Russia vetoed on Thursday a U.S.-led push to impose more United Nations sanctions on North Korea over its renewed ballistic missile launches, publicly splitting the U.N. Security Council for the first time since it started punishing Pyongyang in 2006.

UK Government sets out position for applying international law in cyberspace (Business Leader) Attorney General Suella Braverman recently set out the UK government’s position on applying international law to cyberspace.

Spain vows legal reforms in wake of spying allegations (MSN) The Spanish government will tighten judicial control over the country’s intelligence agency, Prime Minister Pedro Sánchez said Thursday, weeks after the agency admitted it had spied on several pro-independence supporters in the region of Catalonia with judicial authorization.

Spain’s PM vows to reform intelligence services following phone hacking scandal (The Record by Recorded Future) Spanish prime minister Pedro Sánchez pledged to further regulate and oversee the country’s spy agencies on Thursday following the discovery of unauthorized spyware on the phones of top politicians earlier this year. 

Spain set to strengthen oversight of secret services after NSO spying scandal (Times of Israel) PM Sanchez, who was targeted by Pegasus spyware, says move is about ‘ensuring maximum respect for the individual and political rights of people’

The Mystery of China’s Sudden Warnings About US Hackers (Wired) The Chinese government recently began saber-rattling about American cyberespionage. The catch? It’s all old news.

Russian aggression must not distract from China threat, Blinken says (Washington Post) Beijing represents “the most serious long-term challenge to the international order,” the top diplomat said in a long-awaited speech on Biden’s China policy.

Our battle with China over the future of the Internet is just beginning (Washington Post) The United States has mostly won the fight to restrict China’s role in building next-generation 5G telecom systems over spying concerns.

Cyber EO One Year Later: Implementing Holistic Zero Trust Security (MeriTalk) MeriTalk recently sat down with Fortinet’s Jim Richberg, public sector CISO, Peter Newton, senior director, product marketing, and Fortinet Federal’s Felipe Fernandez, senior director, system engineering, to gain their insights into how Federal technology teams can integrate all of the components of a zero trust architecture to achieve holistic cybersecurity in a cloud, hybrid, or closed environment.

In private, vulnerable Senate Dems back off tech bill (POLITICO) Democratic leaders want to crack down on Big Tech. Others in the party think it’s too big of a risk.

Updated autonomous weapons rules coming for the Pentagon: Exclusive details – Breaking Defense (Breaking Defense) “We want to make sure, of course, that the directive still reflects the views of the department and the way the department should be thinking about [autonomous] weapon systems,” Michael Horowitz told Breaking Defense in an exclusive interview.

General tapped for NATO supreme command vows to prioritize cyber, information ops (FedScoop) President Biden’s nominee to be the head of U.S. European Command and NATO’s next supreme allied commander in Europe intends to prioritize cyber capabilities and information operations if he’s confirmed by the Senate. NATO has enhanced its ability to detect, deter and respond to cyberattacks, Gen. Christopher Cavoli told lawmakers Thursday. But more effort is […]

Senate confirms Cyber Command deputy, new Navy cyber leader (The Record by Recorded Future) The Senate confirmed a pair of senior defense nominees on Thursday, including a new deputy for U.S. Cyber Command.

Sgt. 1st Class Antonio Rey Rodriguez honored during NSA Cryptologic Memorial Wall ceremony (National Security Agency/Central Security Service) On Thursday, GEN Paul M. Nakasone, Commander, U. S. Cyber Command, Director, NSA/Chief CSSNakasone hosted the 2022 Memorial Wall Ceremony to honor those who fell in the line of duty in service to the

Litigation, Investigation, and Law Enforcement

Data on ransomware attacks is ‘fragmented and incomplete’, warns Senate report (ZDNet) The US government must clean up ransomware reporting and data collection if it wants to devise adequate policy responses.

PSNI wrongly shared personal data with foreign police (BBC News) The PSNI wrongly shared the personal data of 152 people and has referred itself to the Ombudsman.

Twitter to Pay $150 Million Privacy Fine as Elon Musk Deal Looms (Wall Street Journal) Federal officials allege the social-media company deceptively used phone numbers and emails, collected for security purposes, for targeted advertising.

Shooter warning signs get lost in sea of social media posts (AP NEWS) The warning signs were there for anyone to stumble upon, days before the 18-year-old gunman entered a Texas elementary school and slaughtered 19 children and two teachers .

Surveillance Tech Didn’t Stop the Uvalde Massacre (Gizmodo) Robb Elementary’s school district implemented state-of-the-art surveillance that was in line with the governor’s recommendations to little avail.

SEC’s Use of Administrative Proceedings Ruled Unconstitutional by Court of Appeals (Lexology) Last week, the Court of Appeals for the Fifth Circuit ruled that the U.S. Securities and Exchange Commission’s (SEC’s) use of an administrative…

The Marriott lawsuit explores the conundrum of how to value stolen data (Washington Post) Hotel giant Marriott is facing one of the largest-ever class-action lawsuits in response to a data breach.

Next Post

Man who struck police horse and threw traffic bollard at officer during Melbourne lockdown protests pleas guilty

A former prospective Hells Angels member who struck a police horse with a flag pole and hurled a traffic bollard at a mounted officer during Melbourne’s infamous lockdown protests has implored a judge to show him mercy, as prosecutors denounced his “cowardly” crimes. Key points: Dennis Basic confronted two police […]

Subscribe US Now