Dateline Moscow, Kyiv, Ankara, Brussels, London, Washington, and Beijing: Negotiations between Russia and Ukraine yield no results.
Ukraine at D+15: Disinformation in the service of a stalled invasion. (The CyberWire) Russia's economy suffers under the weight of sanctions as its army prepares for the brutal reduction of Ukrainian cities by sheer firepower. The world continues to look for the cyber offensive that never fully developed.
Commercial satellites test the rules of war in Russia-Ukraine conflict (Washington Post) Companies are releasing images that once were seen only by intelligence agencies
Russia 'did not attack Ukraine' says Lavrov after meeting Kuleba (euronews) There was no breakthrough when the Ukrainian and Russian foreign ministers met in Turkey, their first encounter since Putin's forces invaded Ukraine two weeks ago.
Vladimir Putin cannot be ‘rewarded’ with the Donbas for invading Ukraine (The Telegraph) Minister says it is hard to see grounds for any territory-based agreement ahead of Russian president’s peace talks with Volodymyr Zelensky
Ukraine Update: Russia Targeting Airfields in Western Ukraine (Bloomberg) Two cities in western Ukraine that are far from the site of the fighting to date were hit by airstrikes overnight.
Read the latest cybersecurity analysis (Accenture) Russia Ukraine crisis impacts cybersecurity. Read the latest updates from Accenture.
Where conflict is reported in Ukraine right now (The Telegraph) Can a war be mapped in real-time? The Telegraph is now monitoring open source investigation into shelling, gunfire and troop movements in Ukraine that is taking place online.
Russia Crisis Military Assessment: How will Russia stage the battle of Kyiv? (Atlantic Council) Russia’s own force miscalculations and fierce Ukrainian opposition have dashed the Kremlin’s hopes of a lightning victory over Ukraine.
Russians keep pressure on Mariupol; massive convoy breaks up (AP NEWS) Russian forces kept up their bombardment of the port city of Mariupol on Thursday, while satellite photos appeared to show that a massive convoy that had been mired outside the Ukrainian capital split up and fanned out into towns and forests near Kyiv, with artillery pieces moved into firing positions.
What we know — and don’t know — about how many people have been killed in the Russian invasion of Ukraine (Washington Post) As Russia’s invasion of Ukraine enters its third week, military and civilian casualties are mounting — but no one, not even the United Nations or the Ukrainian government, can provide an accurate count of how many people have been injured or killed.
Has Russia committed war crimes in Ukraine? It's complicated (Newsweek) Legal experts break down what could be counted as war crimes with Newsweek, and whether Putin or officials implicated in these attacks could be held to account.
Opinion: If bombing a children's hospital isn't crossing a red line -- what is? (CNN) The indiscriminate shelling of what are meant to be safe havens for women and children needs to be set as a red line no thuggish regime should be allowed to cross, writes Michael Bociurkiw.
How U.S. Bioweapons in Ukraine Became Russia’s New Big Lie (Foreign Policy) A viral conspiracy theory could be used to justify an attack, the United States says.
How Putin Plunged Russia Toward Totalitarianism (Slate Magazine) While invading Ukraine, the dictator has imposed a new era of Soviet-style oppression at home. He's been building to this moment for a decade.
The UN Is Another Casualty of Russia’s War (Foreign Affairs) Why the UN might never bounce back from Russia's war.
China’s support of Russia's Ukraine invasion has a breaking point: expert (Fox News) China's support of Russia has an expiration point, according to expert James Carafano
Why Turkey is vital for Ukraine, as it balances both sides in Russia conflict (Atlantic Council) The Atlantic Council IN TURKEY discusses Turkey's importance for Ukraine, Turkey's stance towards the war between Russia and Ukraine and its efforts towards mediation with Yevgeniya Gaber.
Putin’s Nuclear Bluff (Foreign Affairs) How the West can make sure Russia’s threats stay hollow.
Turkey’s Balancing Act on Ukraine Is Becoming More Precarious (Foreign Policy) Ankara faces growing pressure to pick sides between Kyiv and Moscow.
Arming Ukraine Is Worth the Risk (Foreign Affairs) The West can help raise the cost of Russian aggression.
The No-Fly Zone Delusion (Foreign Affairs) In Ukraine, good intentions can’t redeem a bad idea.
Russian embassy demands Meta stop 'extremist activities' (NASDAQ:FB) (SeekingAlpha) The Russian embassy in the U.S. said on Friday that it has demanded that Meta Platforms (FB) cease ...
Transparency Org Releases Alleged Leak of Russian Censorship Agency (Vice) Distributed Denial of Secrets said the 800GB of data came from a section of Roskomnadzor, and that Anonymous claimed responsibility.
Anonymous hacked Roskomnadzor agency revealing Russian disinformation (Security Affairs) The Anonymous collective continues to launch attacks against Russian entities, this is a summary of recent offensives. Anonymous announced to have hacked the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media, also known as Roskomnadzor. The agency is responsible for monitoring, controlling and censoring Russian mass media and according to Anonymous, […]
SecurityScorecard Discovers new botnet, ‘Zhadnost,’ responsible for… (SecurityScorecard) SecurityScorecard (SSC) has identified three separate DDoS attacks which all targeted Ukrainian government and financial websites leading up to and during Russia’s invasion of Ukraine.
Inside the Russian cyber war on Ukraine that never was (Task & Purpose) Many experts believed a Russian invasion of Ukraine would start with significant cyber warfare operations. They never materialized.
Report: Recent 10x Increase in Cyberattacks on Ukraine (KrebsOnSecurity) As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks…
Russian defense firm Rostec shuts down website after DDoS attack (BleepingComputer) Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "cyberattack."
We Are the World: Cyber Precautions to Take Due to Russia/Ukraine Conflict - Pondurance Cybersecurity Recommendations Due to Russia-Ukraine Conflict (Pondurance) Actions you can take to protect your organization from the potential escalation of cyberthreats due to the Russia/Ukraine conflict
Opinion | Are We Ready for Putin’s Cyber War? I Asked One of Biden’s Top Cybersecurity Officials. (New York Times) Anne Neuberger, the deputy national security adviser for cyber and emerging technology, discusses how the battle in cyberspace is shaping up.
Putin’s red (lipstick) army: the women tasked with spreading Russia’s narrative (The Telegraph) Led by Maria Zakharova, a steely group of media-savvy mouthpieces have become the president’s weapon of choice in his propaganda war
The Spectacular Collapse of Putin’s Disinformation Machinery (Wired) A few critical errors have brought down Russia's complex and objectively brilliant war of influence in the West.
Online Sleuths Are Using Face Recognition to ID Russian Soldiers (Wired) It takes five minutes to put a name to a soldier's face using little more than a screenshot, but there's a catch.
Russia claims there were combat positions at bombed hospital (CNN) US President Joe Biden announced a ban on Russian energy imports to the US as Ukraine's President urged the UK Parliament to strengthen sanctions against Moscow and vowed the country will "fight to the end." Follow here for live news. updates from on the ground in Ukraine.
Not just Putin: Most Russians support the war in Ukraine (Atlantic Council) Many international commentators have pinned the blame for the Russian invasion of Ukraine solely on Vladimir Putin but the chilling truth is that an overwhelming majority of ordinary Russians also support the war.
Will Russians Choose Truth or Lies? Ukraine’s Fate Depends on Them (Bloomberg) We all deceive ourselves into not seeing painful truths. How ordinary Russians deal with this temptation now has become a matter of war and peace.
The Russian invasion of Ukraine happened because the world gave Vladimir Putin a free pass in Syria (Atlantic Council) Now that the world can finally—albeit belatedly—see Vladimir Putin for what he is, Syrians hope that the world views their plight for democracy and freedom in Syria with more solidarity.
5 Things NATO Must Do to Deter a Dangerous Russia (19FortyFive) Putin could not stand the idea of Ukraine becoming a more wealthy and prosperous nation. NATO must ensure that Russia does not go further.
Frustrated lawmakers blast stalled transfer of European aircraft to Ukraine (Defense News) Lawmakers on both sides of the aisle grilled Biden administration officials Thursday over the Pentagon’s rejection of Poland’s surprise plan give the U.S. its MiG-29 fighter jets for use by Ukraine to repel Russia’s mightier forces.
Russia’s Invasion of Ukraine Is Putting India in the Hot Seat (World Politics Review) The Russian-Ukraine war puts India in a difficult position. India wants to avoid antagonizing the U.S., a long-time partner with which it has multifaceted ties. But ongoing tensions with Pakistan and China require India to preserve its relationship with Russia, which is one of New Delhi’s leading weapons and defense suppliers.
Western Europe leaders rebuff Ukraine fast-track EU membership appeal (the Guardian) Emmanuel Macron says ‘we must be vigilant’ despite eastern member states wanting to show Ukraine ‘path is open to them’
G7 nations strip Russia of ‘most favoured nation’ status (the Guardian) Group of wealthy nations plan to revoke benefits and impose heavy tariffs to further isolate Moscow over Ukraine war
Russian economy in 'shock' from unprecedented economic war - Kremlin (Reuters) The Kremlin said on Thursday that Russia's economy was experiencing a shock and that measures were being taken to soften the impact of what it described as an "absolutely unprecedented" economic war being waged against Moscow.
Boycotts, Not Bombs: Sanctions Are a Go-To Tactic, With Uneven Results (New York Times) Financial, travel and trade penalties have become common tools to combat warfare and human rights abuses, but they have not always met their stated goals.
Making Coercion Work Against Russia (War on the Rocks) Editor’s note: Don’t miss our comprehensive guide to Russia’s war against Ukraine. As the Ukraine war enters its third week, Western countries
Russia will recover with a 'full bill of health,' says Lavrov, vowing to cut ties with the West (CNBC) Russia's foreign minister on Thursday struck a defiant tone in the face of intensifying sanctions, saying his country would recover with a full bill of health.
What’s left to sanction in Russia? Wallets, stocks, and foreign investments. (Atlantic Council) There are still some tools left for the West to escalate sanctions against Russia in response to its aggression against Ukraine—including an Iran-style approach.
War in Ukraine: US condemns reports Russia may seize firms' assets (BBC News) On Thursday, the US Congress passed a bill which includes almost $14bn in emergency aid for Ukraine.
Britain Freezes Assets of Roman Abramovich, Creating Crisis at Chelsea (New York Times) The Premier League club will be allowed to continue operating, but it cannot sell tickets or merchandise and is blocked from buying or selling players.
Abramovich and Deripaska among 7 oligarchs targeted in estimated £15 billion sanction hit (GOV.UK) The UK has announced sanctions against 7 oligarchs including Roman Abramovich and Oleg Deripaska.
Daughter of Sergei Lavrov’s mistress should be next in line for Russian sanctions, say MPs (The Telegraph) Polina Kovaleva, who paid £4.4m in cash for Kensington apartment at age 21, among those facing possible punitive action over links to Putin
Who Are Russia’s Oligarchs and Why Are They Under Scrutiny? (Wall Street Journal) Western leaders have moved to review assets of rich and powerful Russians they accuse of profiting from close ties to the Kremlin. Here’s what to know about the effort and the people targeted.
Goodbye Londongrad: Russian Oligarchs Put Pressure on U.K. Property Market (Wall Street Journal) London’s high-end real-estate sector was once overrun by the global superrich, led by Russian oligarchs. But now the U.K. government has all but told them they are no longer welcome.
How Western Firms Quietly Enabled Russian Oligarchs (New York Times) Investment, law and lobbying firms have helped enmesh Kremlin-linked oligarchs into the Western financial and legal systems.
Russia Devises Plan to Seize Firms Abandoned in Foreigner Exodus (Bloomberg) Flood of foreign companies left Russia after Ukraine invasion. Economy Ministry said goal is asset sales, not nationalization.
Vanguard, Northern Trust ESG Funds Added Russia Bets Before War (Bloomberg) ESG index funds added Russian holdings just before invasion. Indexing and sustainable investing aren’t ‘good bedfellows’.
Goldman Sachs to Exit Russia in Wall Street’s First Pullout (Bloomberg) Firm’s credit exposure to the nation is about $650 million. Bank is ‘closing out pre-existing obligations in the market’.
Can Sanctions Stop Russia? (The Atlantic) Nicholas Mulder, the author of a new book on the history of sanctions, explains the West’s use of the “economic weapon.”
Russia at risk of default within days (The Telegraph) Fears grow over bond payment due next week as IMF warns country faces 'deep recession'
Beyond oil, natural gas, and wheat: The commodity shock of Russia-Ukraine crisis (Atlantic Council) The impact of Russia-Ukraine crisis on the global economy is much broader than oil, natural gas, and wheat. The commodity shock of the crisis and the resulting supply chain disruptions in many strategic industries threatens the global economic recovery and the fight against inflation.
Russia's invasion and geopolitical implications for Venezuela: Oil, sanctions, and aid (Atlantic Council) As the Kremlin's invasion rattles energy markets and the US moves forward with banning Russian oil, US and European policymakers explore solutions to increase global oil supply and mitigate transatlantic energy dependency on Russia. On March 5, senior US government officials met with the Nicolás Maduro administration in Caracas, Venezuela.
Attacks, Threats, and Vulnerabilities
Finnish govt agency warns of unusual aircraft GPS interference (BleepingComputer) Finland's Transport and Communications Agency, Traficom, has issued a public announcement informing of an unusual spike in GPS interference near the country's eastern border.
Corporate website contact forms used to spread BazarBackdoor malware (BleepingComputer) The stealthy BazarBackdoor malware is now being spread via website contact forms rather than typical phishing emails to evade detection by security software.
New Variant of Spectre Attack Bypasses Intel and Arm Hardware Mitigations (SecurityWeek) A team of researchers from a Dutch university has demonstrated a new Spectre attack variant, dubbed Spectre-BHB, that can bypass hardware mitigations implemented by Intel and Arm.
U.S. Warns of Conti Ransomware Attacks as Gang Deals With Leak Fallout (SecurityWeek) The U.S. government has reissued an alert warning organizations about Conti ransomware attacks as the cybercrime group deals with the recent leaks.
Conti Ransomware Group Continues to Threaten Healthcare (Health IT Security) CISA re-released its advisory on Conti ransomware group, which claimed responsibility for at least 16 US healthcare cyberattacks.
Hacking Poses Risks for Artificial Intelligence (SIGNAL Magazine) In the rush to implement national security use cases for AI and machine learning, policymakers need to ensure they are properly weighing the risks, say experts.
Vodafone Investigating Source Code Theft Claims (SecurityWeek) Vodafone is investigating claims by a hacker group that it has stolen hundreds of gigabytes of source code from the company.
Notice of Data Breach (CIO) Anderson, Indiana – March 8, 2022 – Central Indiana Orthopedics (“CIO”) recently experienced a data security incident that may have resulted in an unauthorized access to some individuals’ sensitive personal… read more
Security Patches, Mitigations, and Software Updates
Siemens RUGGEDCOM Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords.
Siemens SIMOTICS CONNECT 400 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMOTICS CONNECT 400 Vulnerabilities: Type Confusion, Improper Validation of Specified Quantity in Input, Wrap or Wraparound, Improper Handling of Inconsistent Structural Elements 2.
Siemens SINEC NMS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: SQL Injection, Deserialization of Untrusted Data, Improper Privilege Management 2.
Siemens SINEMA Mendix Forgot Password Appstore (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Forgot Password Appstore module Vulnerabilities: Improper Access Control, Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION These vulnerabilities could allow a threat actor access to arbitrary user accounts.
Siemens Simcenter STAR-CCM+ Viewer (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter STAR-CCM+ Viewer Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a crash, arbitrary code execution, or data exfiltration.
Siemens COMOS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Memory Allocation with Excessive Size Value, Untrusted Pointer Dereference, Type Confusion, Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Use After Free, Improper Check for Unusual or Exceptional Conditions 2.
Siemens Climatix POL909 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Climatix POL909 (AWB and AWM modules) Vulnerabilities: Cross-site Scripting, Improper Access Control 2.
Siemens Polarion ALM (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary code execution and sensitive information extraction.
Siemens SINEC INS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker to interfere with the affected product in various ways.
Siemens Simcenter Femap (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to leverage the vulnerabilities to leak information or perform remote code execution in the context of the current process.
Siemens SINUMERIK MC (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SINUMERIK MC Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to escalate privileges to root.
Siemens RUGGEDCOM ROS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROS Vulnerability: Using Components with Known Vulnerabilities 2.
Siemens Mendix (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to dump and modify sensitive data.
PTC Axeda agent and Axeda Desktop Server | (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: PTC
Equipment: Axeda agent, Axeda Desktop Server
Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor, Path Traversal, Improper Check or Handling of Exceptional Conditions
Siemens SIMATIC Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siemens SIMATIC Industrial Products Vulnerabilities: Operation on a Resource after Expiration or Release, Missing Release of Memory after Effective Lifetime 2.
SICAM TOOLBOX II (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM TOOLBOX II Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access through an exploitable access control.
Siemens Solid Edge, JT2Go, and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge, JT2Go, and Teamcenter Visualization Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, Out-of-bounds Read 2.
Siemens SIMATIC WinCC (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC Vulnerabilities: Path Traversal, Insertion of Sensitive Information into Log File 2.
Siemens Climatix POL909 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Siemens --------- Begin Update A Part 1 of 3 --------- Equipment: Climatix POL909 (AWM and AWB modules) --------- End Update A Part 1 of 3 ---------
Siemens Industrial Products Intel CPUs (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINUMERIK Vulnerabilities: Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-222-05 Siemens Industrial Products Intel CPU that was published August 10, 2021, to the ICS webpage on www.cisa.gov/uscert.
Siemens SIMOTICS CONNECT 400 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMOTICS CONNECT 400 Vulnerabilities: Improper Null Termination, Out-of-bounds Read, Access of Memory Location After End of Buffer, Use of Insufficiently Random Values 2.
Siemens Industrial Products (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Siemens Industrial Products containing certain processors Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2.
Wibu-Systems CodeMeter (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Wibu-Systems AG Equipment: CodeMeter Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release 2.
Siemens Industrial Products (Update P) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2.
Trends
Cyberattacks highlight risks to physical and digital supply chains (The Record by Recorded Future) Attacks on a Toyota supplier, NVIDIA, and Samsung show cybersecurity risks to physical and digital supply chains relied on around the world.
Navigating Cyber 2022 (FS-ISAC) FS-ISAC, the global fincyber utility, releases its report on cyber threats in 2021 and predictions for 2022 and beyond.
New LookingGlass reports highlight glaring vulnerabilities in U.S. Critical Infrastructure (GlobeNewswire News Room) Financial Services and Energy sectors are more susceptible to cyberthreats from nation-state actors than ever before...
Are U.S. Healthcare Organizations Ready for 2022 Cyber Threats? (Longview News-Journal) Protected Harbor, a full-service IT solution and consulting firm, just announced the launch of its latest whitepaper on healthcare cybersecurity. The whitepaper, entitled "2021
Separating Bot Fact from Fiction | 2022 Report (Netacea) The Bot Management Review: Separating Bot Fact from Fiction Download the report You have WAF protection in place, so you should be protected from bots –
Marketplace
Netsurit Acquires EVOKE (PR Newswire) Netsurit, a managed service provider (MSP) industry leader, today announced its acquisition of EVOKE, an award-winning digital transformation...
Cybersixgill Announces $35 Million in Series B Funding to Expand Global Footprint to Combat the Growing Cybercrime and Cyber Threat Landscape (Cybersixgill) Funding Led by More Provident, Pension Funds, REV Venture Partners – Additional Investors Include CrowdStrike Falcon Fund, Elron Ventures, OurCrowd, and SonaeIM
Illumio Named a Leader in Microsegmentation by Independent Research Firm (GlobeNewswire News Room) Illumio Portfolio Scored as Differentiated in Half of the Evaluation Criteria...
LaunchTech Communications Wins Gold in the 2022 Cyber Security Global Excellence Awards® (Yahoo) BALTIMORE, March 10, 2022--Technology PR agency named the Agency of the Year for Cyber and Info Security for the third consecutive year.
1Password Increases Top Bug Bounty Reward to $1 Million (SecurityWeek) Password management software vendor 1Password today announced that it is willing to pay up to $1 million to researchers able to steal secrets from its vault.
Industrial Defender Opens European Office in the Netherlands to Meet Increasing Global Demand for OT Cybersecurity (Industrial Defender) Industrial Defender's new European office will serve customers in Europe, the Middle East, and Asia to boost their cyber resilience with local resources amid escalating cyberthreats.
Council Post: Why You Need To Hire Cybersecurity Professionals With Three-Dimensional Competency (Forbes) Interviewing and hiring in the cybersecurity field can be tricky, but with the right screening, leaders and hiring managers can determine whether or not a candidate is a good fit.
KnowBe4 Appoints Seasoned Financial Executive Robert “Bob” Reich as New Chief Financial Officer (KnowBe4) KnowBe4 Appoints Seasoned Financial Executive Robert “Bob” Reich as New Chief Financial Officer
Zuul Reveals Executive Advisory Board (Business Wire) The board was created to challenge Zuul to drive improvements that will ensure the company is seen as a leader in industrial cybersecurity protection.
Safe Security Board welcomes cybersecurity veteran (APN News) Safe Security, a global leader in Cybersecurity and Digital Business Risk Quantification, announced the appointment of Michael Johnson, a veteran US government and commercial industry Chief Information Officer (CIO) and Chief Information Security Officer (CISO), to its Board of Directors. Mr. Johnson has been advising Safe Security since December 2020. Michael joined the Board of Directors of the company on November 10, 2021.
Richard Orange Joins Exabeam as Vice President EMEA (Exabeam) Leadership appointment boosts EMEA team and sets up region to manage increased Exabeam Fusion SIEM and Exabeam Fusion XDR demand
Products, Services, and Solutions
LogicHub Press Release - 2022 Cybersecurity Excellence Awards (LogicHub) LogicHub Advanced Automation-Driven Security Brings Home the Gold in 2022 Cybersecurity Excellence Awards. LogicHub’s AI-based Platform Solutions Win Best Product in MDR, SOAR, XDR and
Security Automation Categories
Synack Launches Global Partner Program to Bring Better, On-Demand Pentesting to the Channel (PR Newswire) /PRNewswire/ -- Synack, the premier crowdsourced platform for on-demand security expertise, announced the launch of its emPower Synack Partner Program today to...
ACI Worldwide Launches Innovative ACI Fraud Scoring for Financial Institutions (Business Wire) ACI Worldwide Launches Innovative ACI Fraud Scoring for Financial Institutions
Digital Identity Verification Leader Trulioo Launches Initiative to Support Industry Professionals in Tackling Global Regulatory, Compliance Pressures (Financial Post) Nearly 90% of organizations recognize increasing importance of digital identity, new resources will support establishment of trust online
Why the biggest laptop vendors are ignoring Microsoft's Pluton security tech (PCWorld) Both Dell and Lenovo appear to be passing on Microsoft's Pluton technology for securing their PCs. But the reason why might not be all that complicated.
CyberRes strengthens IT security by combining deep analytics with threat research network (IT Brief Australia) The latest releases of CyberRes Galaxy and ArcSight deliver more actionable insights for both free and subscription options.
Juniper Networks Announces Expansion of the Partner Channel with Unified Managed Services Program in EMEA (Official Juniper Networks Blogs) There is increasing demand in the burgeoning subscription economy for many organisations to turn to ‘as-a-service’ business models. Resellers across the IT sector, particularly in networking, are moving from simply
Technologies, Techniques, and Standards
Why You Should Be Using CISA's Catalog of Exploited Vulns (Dark Reading) It's a great starting point for organizations that want to ride the wave of risk-based vulnerability management rather than drowning beneath it.
Complexity: How to Combat the No. 1 Cause of Security Breaches (Dark Reading) The scaling of hardware, software and people has created an ever-growing complexity problem.
Academia
NSA and DHS honor St. Mary’s with Cyber Defense designation (St. Mary's University) The St. Mary’s Master of Science in Cybersecurity becomes the first master’s in San Antonio to receive this designation
Legislation, Policy, and Regulation
Biden’s cryptocurrency executive order will help unify counter-ransomware strategy (The Record by Recorded Future) President Joe Biden signed an executive order on Wednesday for “ensuring responsible innovation in digital assets,” which is designed to, among other things, crack down on the use of cryptocurrency among cybercriminals.
Cyber incident reporting bill hitches a ride on $1.5 trillion spending deal (The Record by Recorded Future) Legislation that would require critical infrastructure companies to alert the government when they are hacked has been attached to a $1.5 trillion spending package that would fund the government into the fall.
Hacked US companies to face new reporting requirements (CT Insider) WASHINGTON (AP) — Companies critical to U.S. national interests will now have to report...
SEC Proposes Four-Day Security Incident Reporting Mandate (Decipher) Beyond the SEC, lawmakers and federal agencies at a broader level are examining cyberattack reporting deadlines.
SEC Proposes Requiring Firms to Report Cyberattacks Within Four Days (Wall Street Journal) Federal regulators offered up a rule that would mandate that companies report ransomware incidents and data breaches.
Wall Street regulator proposes listed companies spell out cyber breaches within four days (Reuters) Wall Street's watchdog voted to unveil a rule on Wednesday that aims to enhance how public companies disclose when they experience a breach, and how soon.
Litigation, Investigation, and Law Enforcement
Ex Canadian government worker extradited to U.S. to face more ransomware charges (CBC) A former federal public servant from Gatineau, Que., who recently pleaded guilty after a joint FBI-RCMP ransomware investigation that netted tens of millions of dollars' worth of seized bitcoin, has now been extradited to the U.S. to face similar charges.
NetWalker ransomware affiliate extradited to the US (The Record by Recorded Future) A NetWalker affiliate who was sentenced in Canada last month to seven years in prison was extradited Wednesday to the US, where he will face multiple charges related to his alleged participation with the ransomware group, the US Department of Justice announced today.
Former Canadian Government Employee Extradited to the United States to Face Charges for Dozens of Ransomware Attacks Resulting in the Payment of Tens of Millions of Dollars in Ransoms (US Department of Justice) Tampa, FL – A Canadian man was extradited yesterday from Canada to the United States on an indictment returned in the Middle District of Florida that charges him with conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer arising from his alleged participation in a sophisticated form of ransomware known as NetWalker. NetWalker ransomware has targeted dozens of victims all over the world, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.
Italy Fines US Facial Recognition Firm (SecurityWeek) Italy's data privacy watchdog on Wednesday fined US-based firm Clearview AI 20 million euros (almost $22 million) over its controversial facial recognition software.
Angry Birds Maker Says AG Misses Mark With Kids' Data Suit (Law360) The company behind Angry Birds is pushing to catapult the New Mexico attorney general's lawsuit claiming it's collecting and selling personal data from kids under 13 without parental consent, arguing that the complaint paints the mobile game maker as "a caricature of something it is not."