Update on Ukraine. ASIO will help private sector. CISA issues ICS advisories; adds to catolog of exploited vulnerabilities.

Dateline Moscow, Kyiv, London, Paris, and Washington: Sanctions for the cyber phase of a hybrid war.

Sanctions for the cyber phase of a hybrid war, amid protracted diplomacy. (The CyberWire) Diplomacy continues, but so do troop movements, and the US State Department tells Americans to leave Ukraine. Is there a failure to learn lessons from earlier cyber campaigns against Ukraine?

Ukraine rejects Russian pressure in talks, Moscow says zero progress (Reuters) Ukraine said on Friday it would not yield to pressure from Moscow to negotiate with Russian-backed separatist leaders, after the latest four-nation talks ended with no breakthrough on ending eight years of fighting.

Russia's top diplomat mocks 'deaf' Liz Truss at testy joint appearance in Moscow (The Telegraph) Sergey Lavrov attempted to throw Ms Truss off balance as she became the first foreign secretary to visit Moscow in more than four years

Russia could again invade Ukraine during Olympics, Blinken says (Military Times) "We continue to see very troubling signs of Russian escalation, including new forces arriving at the Ukrainian border,” Secretary of State Antony Blinken said in Canberra, Australia.

Netherlands advises Dutch citizens to leave Ukraine -BNR News Radio (Reuters) The Dutch government has advised Dutch citizens to leave Ukraine as soon as possible due to the security situation, the Dutch radio broadcaster BNR said on Friday, citing the Dutch ambassador in Ukraine.

Global Supply Chains Brace for Russia-Ukraine Conflict – Four Major Risks (Global Trade Magazine) A Russian invasion of Ukraine has the potential to cause extensive and debilitating disruption across global supply chains, resulting in...

European banks told to step up cyberattack defenses amid Russia-Ukraine crisis (CNBC) Banks across the euro zone are being told to increase their cyber defenses with the region's regulator saying the issue should be a top priority for the sector.

Is Ukraine ready for future cyberattacks? Don’t hold your breath, experts say (Euromaidan Press) During the online campaign #FRD (F*ck Responsible Disclosure) of 2018-2020, a group of cybersecurity experts of the Ukrainian Cyber Alliance (UCA) published around 120 reports on critical vulnerabilities in the cyber defense of Ukrainian government agencies. However, the state organs were not pleased. Their reactions ranged from denying the existence of vulnerabilities and downplaying their…

On Ukraine, senators put cyberattacks top-of-list for sanctions (POLITICO) Efforts to push back against Russian cyber aggression toward Ukraine are becoming more serious, with senators looking at sanctioning Russia and providing more cybersecurity assistance.

Aid to Ukraine Might Not Make it Ahead of Potential Invasion as Congress Is Gridlocked (Military.com) Negotiations on aid to Ukraine have stalled over a partisan impasse on sanctions, including what to do about the Nord Stream 2 natural gas pipeline.

Monsieur Fixit (Foreign Affairs) The perils of Macron’s shuttle diplomacy.

Russia's top diplomat mocks 'deaf' Liz Truss at testy joint appearance in Moscow (The Telegraph) Sergey Lavrov attempted to throw Ms Truss off balance as she became the first foreign secretary to visit Moscow in more than four years

UK defense secretary in Moscow amid Ukraine tensions (AP NEWS) Britain's defense secretary visited Moscow Friday for talks on easing tensions amid massive Russian war games near Ukraine. Ben Wallace's trip comes a day after British Foreign Secretary Liz Truss held talks in Moscow, urging Russia to pull back over 100,000 troops amassed near Ukraine and warning that attacking its neighbor would “have massive consequences and carry severe costs.”

How to Make a Deal With Putin (Foreign Affairs) Only a comprehensive pact can avoid war.

Black Sea blockade: Ukraine accuses Russia of major maritime escalation (Atlantic Council) While the world watches Ukraine's land borders with Russia and Belarus for signs of Putin's threatened full-scale invasion, Moscow may be in the process of opening a maritime front with a Black Sea blockade.

Russian Black Sea Exercises Raise Specter of Naval Blockade (Foreign Policy) Blocking Ukraine’s ports for an extended period could “suffocate” the country’s economy, experts say.

Russian troops bolster deployments near Ukraine, new satellite images show (Military Times) Satellite images released Thursday show new military deployments in Crimea, Belarus, and western Russia near Ukraine.

Pictured: Russia and Belarus hold major war games in 'violent gesture' to Europe (The Telegraph) Some 30,000 Russian combat troops plus weapons and military equipment have been deployed for the 10-day war games

Russia-Ukraine explained: How big is the risk of invasion and what could happen next? (The Telegraph) Russian troops have massed by the tens of thousands on Ukraine border. So, why might Russia invade Ukraine and how did it reach this point?

Russia Crisis Military Assessment: What would a ground offensive against Ukraine look like? Watch the skies. (Atlantic Council) Our military experts analyze the greatest defense and security challenges facing the United States and its allies and partners.

Nine probable Russian routes into Ukraine in full-scale invasion, U.S. intel says (NBC News) The two most extensive invasion scenarios would involve a simultaneous attack from multiple sides, according to a U.S. military and intelligence assessment.

Russian Hybrid Threats Report: Belarus threatens to arm firefighters as military exercises kick off (Atlantic Council) The Council's Digital Forensic Research Lab tracks the latest Russian troop movements and Kremlin-pushed narratives around NATO, Germany, and more.

‘They Are No Longer Our Brothers’ (Foreign Policy) On the front lines of Ukraine’s frozen conflict, soldiers fight cold and boredom—but worry little about a Russian invasion.

Russian parliament may delay vote on recognizing eastern Ukraine (Reuters) Russia's lower house of parliament may seek guidance from the government on whether to call for the recognition of two breakaway Ukrainian regions as independent, its speaker said on Friday, implying that the step could be delayed.

EXPLAINER: Putin’s Ukraine strategy mixes threats, diplomacy (AP NEWS) With Russia carrying out a massive military buildup near Ukraine and the West roundly rejecting Moscow’s security demands, a window for diplomacy in the crisis appears to be closing. But even as Moscow continues to bolster its forces and holds sweeping war games, President Vladimir Putin is keeping the window open for more negotiations in a calculated game of brinkmanship intended to persuade Washington and its allies to accept Russia's demands.

The Putin Doctrine (Foreign Affairs) A move on Ukraine has always been part of the plan.

Soviet Reunion: Belarus, Ukraine and Vladimir Putin’s dreams of empire (Atlantic Council) Ukraine and Belarus are the first targets in Putin's quest to revive the old empire. While the world watches Russia's brinkmanship against Ukraine, Moscow is swiftly and quietly completing the takeover of Belarus.

How Russia has revived NATO (The Economist) Ukraine has forced America and its allies to bond. But the country’s future is still uncertain

Why NATO will endure well beyond today’s crises (Atlantic Council) Russian President Vladimir Putin, in his efforts to destroy the liberal international order, has shaken the foundations of NATO. But this is a time for reinvigoration.

Engagement Reframed #2: Seize the opportunity to rethink European security (Atlantic Council) What is the opportunity? The ongoing crisis over Ukraine poses an extraordinary challenge for US and NATO policymakers. In recent months, Russia has

Ukraine crisis: American B-52 'Stratofortress' bombers land in UK (The Telegraph) A UK defence source said that such deployments were not unusual but that the timing was striking

American military aircraft on the move in Europe amid ongoing Ukraine crisis (Stars and Stripes) The U.S. Air Force is sending eight F-15 Eagle fighter jets to Poland to bolster NATO defenses amid ongoing fears of a new Russian invasion of Ukraine.

Florida National Guard unit preps Ukraine’s ‘tough and skilled hombres’ for Russian attack (McClatchy) In far west Ukraine near the border with Poland, at an Allied training center, there is a watering hole known as the “Swamp” — a small piece of home for roughly 150 members of the Florida Army National Guard who are gearing the Ukrainian military to protect itself.

Attacks, Threats, and Vulnerabilities

University Project Cataloged 1,100 Ransomware Attacks on Critical Infrastructure (SecurityWeek) The Temple University project that tracks ransomware attacks on critical infrastructure has documented more than 1,100 incidents to date.

Several Malware Families Using Pay-Per-Install Service to Expand Their Targets (The Hacker News) Malware families are making use of PrivateLoader's pay-per-install service in order to expand their victim list.

FritzFrog botnet returns to attack healthcare, education, government sectors (ZDNet) The botnet managed to strike at least 500 government and enterprise SSH servers in eight months.

FritzFrog botnet grows 10x, hits healthcare, edu, and govt systems (BleepingComputer) The FritzFrog botnet that's been active for more than two years has resurfaced with an alarming infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server.

FritzFrog P2P Botnet Attacking Healthcare, Education and Government Sectors (The Hacker News) A new campaign by FritzFrog peer-to-peer Golang-based botnet attacking in the healthcare, education, and government sectors.

Former Employees Admit to Using Continued Account Access to Harm Previous Employers (Beyond Identity) An exploration into the relationship between former employees' continued digital access, the offboarding process, and company security.

Critical RCE Flaws in 'PHP Everywhere' Plugin Affect Thousands of WordPress Sites (The Hacker News) WordPress plugin PHP Everywhere contains several critical RCE vulnerabilities that affect more than 30,000 websites worldwide.

National Cybersecurity Alliance and PCI Security Standards Council Issue Joint Bulletin on Ransomware Attack (PCI Security Standards Council) Two Industry-Leading Organizations Join Forces to Highlight Ransomware Threat

The Threat of Ransomware Attacks (PCI Security Standards Council) How the spike in ransomware attacks presents an urgent threat to the business community. On the blog, we cover basic questions with Lisa Plaggemier, Executive Director National Cybersecurity Alliance and PCI SSC Executive Director, Lance Johnson about this growing challenge to businesses across the U.S. and how to better protect yourself from this dangerous threat.

Cyber-attack disrupts Slovenia's top TV station (The Record by Recorded Future) A cyber-attack has disrupted the operations of Pop TV, Slovenia's most popular TV channel, in an incident this week believed to be an extortion attempt.

Vodafone Portugal struggles to restore service following cyberattack (Ars Technica) Ambulance and emergency services are among those suffering from “deliberate” hack.

Spammers Play Cupid with Your Heart and Wallet on Valentine’s (Hot for Security) As Feb. 14 draws near, scammers are out in full force, love-bombing millions of inboxes with bogus Valentine’s Day ads, promotions and online dating requests.

Pembroke Pines still restoring access to some computer systems after cyber-attack (WPLG) The city of Pembroke Pines sent out an update Wednesday on a cyber-attack investigation.

CISA Adds 15 Known Exploited Vulnerabilities to Catalog (CISA) CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

Security Patches, Mitigations, and Software Updates

Siemens SIMATIC Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siemens SIMATIC Industrial Products Vulnerabilities: Operation on a Resource after Expiration or Release, Missing Release of Memory after Effective Lifetime 2.

Siemens SIMATIC WinCC and PCS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC and PCS Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Externally-Accessible File or Directory 2.

Siemens Simcenter Femap (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Simcenter Femap Vulnerabilities: Out-of-bounds Write, Access of Resource Using Incompatible Type, Improper Restriction of Operations within the Bounds of a Memory Buffer, Stack-based Buffer Overflow 2.

SINEMA Remote Connect Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use a specially crafted link to steal login credentials.

SICAM TOOLBOX II (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM TOOLBOX II Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access through an exploitable access control.

Siemens Spectrum Power 4 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Spectrum Power 4 Vulnerability: Cross-site scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise the confidentiality and integrity of the affected product.

Siemens Solid Edge, JT2Go, and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge, JT2Go, and Teamcenter Visualization Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, Out-of-bounds Read 2.

Siemens COMOS Web (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Basic XSS, Relative Path Traversal, SQL Injection, Cross-site Request Forgery 2.

Siemens Healthineers syngo fastView (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Healthineers, a subsidiary of Siemens Equipment: syngo fastView

Siemens SIMATIC WinCC (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC WinCC Vulnerabilities: Path Traversal, Insertion of Sensitive Information into Log File 2.

Siemens LOGO! CMR and SIMATIC RTU 3000 (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Low attack complexity Vendor: Siemens Equipment: LOGO! CMR, SIMATIC RTU 3000 Vulnerability: Use of Insufficiently Random Values 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-257-13 Siemens LOGO! CMR and SIMATIC RTU 3000 that was published September 14, 2021, on the ICS webpage on www.cisa.gov/uscert.

Siemens Industrial Products Intel CPUs (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINUMERIK Vulnerabilities: Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-222-05 Siemens Industrial Products Intel CPU that was published August 10, 2021, to the ICS webpage on www.cisa.gov/uscert.

Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC3220, SENTRON PAC4200 Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2.

Siemens SCALANCE & SIMATIC (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update E) that was published September 14, 2021, to the ICS webpage on www.cisa.gov/uscert. 

Siemens Industrial Products SNMP (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Various SCALANCE, SIMATIC, SIPLUS products Vulnerabilities: Data Processing Errors, NULL Pointer Dereference 2.

Siemens SCALANCE X Switches (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Switches Vulnerability: Missing Authentication for Critical Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-014-03 Siemens SCALANCE X Switches that was published January 14, 2020, to the ICS webpage on www.cisa.gov/uscert.

Siemens SCALANCE X Switches (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X switches Vulnerability: Insufficient Resource Pool 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-225-03 Siemens SCALANCE X Switches (Update C) that was published September 14, 2021, to the ICS webpage on www.cisa.gov/uscert.

Siemens PROFINET DCP (Update V) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable from an adjacent network/low attack complexity Vendor: Siemens Equipment: Devices using the PROFINET Discovery and Configuration Protocol (DCP) Vulnerabilities: Uncontrolled Resource Consumption 2.

Trends

Identity is the New Battleground (Cyber SIgnals) Identity is the new battleground, but most are unprotected against attacks

It Started With a Click… Huge Rise in Romance Scams for Second Year Running (Tessian) Scammers target those looking for love with a range of scams and tricks to extract money. Here's how to stay protected when looking for that special someone

ZeroFox Releases 2022 Forecast Report Anticipating Increases in Ransomware, Third-Party Compromises and Malware-as-a-Service (ZeroFox) Press Release February 10, 2022 ZeroFox Releases 2022 Forecast Report Anticipating Increases in Ransomware, Third-Party Compromises and Malware-as-a-Service | ZeroFox

New API Research Shows 62% Growth in ATOs Targeting Login APIs (Cequence) APIs are the Developer Tool of Choice and #1 Target for Malicious Use Today, everything is an app. A Tesla isn’t really a car – it’s a four-wheeled app. Every one of the 142B+ device app downloads including your money management or a favorite shopping or fitness app are all built on application programming interfaces […]

APIs: Developer Tool of Choice. #1 Target for Malicious Use (Cequence) Today, software is eating the world and APIs ARE TAKING THE BIGGEST BYTE. Modern cars, every mobile app we use, our favorite shopping site, and our nance management all rely on APIs to deliver an engaging user experience. For these same reasons, threat attackers love APIs. So much so that Gartner predicts that by 2022, API attacks will become the most-frequent attack vector, causing data breaches for enterprise web applications.

10 Cyber Attacks in 2021 Cost $600M With 40,000 Businesses Put at Risk (Insurance Journal) In just 10 cyber incidents last year, over $600 million in cash was stolen or taken as ransom, tens of millions of citizen records stolen, 40,000

2021 Fraud Report (Money) As a result of the pandemic, we’ve seen an evolution in fraud attacks over the past two years, as criminals explore new and sophisticated ways to target potential victims. Our personal finance experts have dug into the latest police figures to reveal the full impact of fraud and cybercrime in 2021.

Cybersecurity in a Changed World: 2022 Cybersecurity and the Rising Role of MSPs (Digital Defense) The harsh realities of 2020 and 2021 have forced businesses across sectors to accept vast amounts of change in a short amount of time. Face-to-face operations are no longer the norm and technology-driven strategies are essential for survival.

Marketplace

Anexinet and Veristor Merge to Create One of the Largest Full-Service Technology Solution Providers (Veristor) Merger Doubles the Companies’ Geographic Reach, Customer Base, and Solution Delivery Teams PHILADELPHIA and ATLANTA – February 10, 2022 – Anexinet Corporation, a Mill Point Capital LLC portfolio company, and Veristor Systems Inc. announced today that they are merging. The unified company will offer full-lifecycle expertise across the complete technology landscape and deliver the superior technical

Titaniam Secures $6 Million in Seed Funding as Customer Demand Soars (PR Newswire) Titaniam, Inc., a data protection and privacy company, today announced that it has closed a $6 million seed funding round led by Refinery...

API protection platform Salt Security raises $140M (VentureBeat) Salt Security, an API vulnerability and protection platform, has raised $140 million in a series D round of funding.

Salt Security Joins Growing Herd Of Cyber-Corns (Crunchbase News) API security company Salt Security on Thursday announced a $140 million Series D round led by Alphabet’s CapitalG, earning the company a $1.4 billion valuation and minting it as cybersecurity’s latest unicorn.

Allure Security raises $6.8 million seed round in fight against digital fraud (Channel Life) Allure Security has raised a $6.8 million seed round as the company progresses in a $76 billion battle against digital fraud.

Microsoft considers deal for cybersecurity heavy hitter Mandiant (Seattle Times) Microsoft is in talks to acquire cybersecurity research and incident response company Mandiant, according to people familiar with the discussions, a deal that would bolster efforts to protect customers from hacks and breaches.

Darktrace signs million-dollar deal with leading global electronics corporation (Cambridge Network) Darktrace, a global leader in cyber security AI, announces that a multinational electronics corporation has signed a million-dollar deal with Darktrace to ensure its business is protected from sophisticated and fast-moving cyber-attacks.

Cyberstarts Hits 300% Yearly Returns for Backers Such as Sequoia (Bloomberg) Israeli VC bet on early-stage cyber security startups. Cyberstarts’s returns come amid investment surge for VCs.

Satori Sweeps the Prestigious Cybersecurity Excellence Awards, Winning in Four Categories (GlobeNewswire News Room) DataSecOps platform recognized as best product in data governance, data security, identity and access management, and secure access categories...

Google awarded $8.7 million to security researchers in 2021 (The Record by Recorded Future) In the yearly review of its vulnerability rewards program (VRP), Google said on Thursday that it awarded more than $8.7 million to security researchers in the form of bug bounties for thousands of vulnerabilities reported in Google products.

Largest ever intake and a new cyber programme for Thales in the UK shows its commitment to apprenticeships (FE News) Largest ever intake and a new cyber programme for Thales in the UK shows its commitment to apprenticeships

LogRhythm Partners with Pareto to Support Greater Cybersecurity Insight and Expertise in the UK (LogRhythm) LogRhythm has partnered with the world’s largest assessment, placement and training provider, Pareto...

5 ways to attract top cybersecurity talent in a tight labor market (TechCrunch) At a time when ransomware attacks, data breaches and supply chain intrusions are skyrocketing amid a labor shortage, what is a company supposed to do?

DEF CON bans social engineering expert Chris Hadnagy (SearchSecurity) DEF CON announced Thursday that Chris Hadnagy of the Social Engineering Village had been banned for reports of unspecified misconduct at the conference.

Cape Privacy Hires Alan Wong as Head of Finance and Operations (GlobeNewswire News Room) Industry Veteran Will Be a Critical Driver Toward Profitability as Company Grows...

Former NSW Premier Gladys Berejiklian joins Optus (CRN Australia) Will become head of enterprise, business and institutional.

Deep Instinct Welcomes Two New Cybersecurity Experts to Executive Leadership Team (Yahoo) Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, today announced the addition of two recognized security experts to its executive leadership team. Yariv Fishman joins as Vice President of Product, and Ofir Arkin joins as Vice President of Research & Development (R&D) to help the company further develop its technology roadmap for 2022 and beyond.

SparkCognition Names Lord Browne of Madingley Chairman of Board of Directors (PR Newswire) SparkCognition, a global leader in artificial intelligence (AI) software solutions for business, is pleased to announce, as part of its growth...

BigID Announces New Board Member Alongside Recent Strategic Technology Investments from Splunk, ServiceNow, and HPE (PR Newswire) BigID, the leading data intelligence platform that enables organizations to know their enterprise data and take action for privacy, security,...

KnowBe4 Promotes Dan Duckworth to VP of Global Diversity & Engagement (WFMZ) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has promoted Dan Duckworth to

Products, Services, and Solutions

Relativity's Security Sandbox podcast joins the CyberWire Network. (The CyberWire) The CyberWire announced today that global legal and compliance technology company, Relativity, will kick off its second season of its popular new podcast, Security Sandbox, by joining the rapidly growing CyberWire Podcast Network.

Certero Achieves Oracle Fusion Middleware Verification (Certero) Certero, an innovator in unified IT Hardware, Software, SaaS and Cloud Asset Management solutions and member of Oracle Partner Network (OPN), today announced that they have been verified as a third-party tool vendor for Oracle Fusion Middleware.

Dynatrace launches DevSecOps partner integrations for context-aware adaptive automation (Dynatrace news) Dynatrace has launched its DevSecOps Automation Partner Program, enabling alliance and solution partners to extend the DevSecOps capabilities

Dynatrace Application Security detects and blocks attacks automatically in real-time (Dynatrace news) Dynatrace has enhanced its Application Security Module to provide real-time, automatic attack detection and blocking.

IBM upgrades FlashSystem to tackle ransomware (SearchStorage) Combining its FlashSystem and Cyber Vault storage products, IBM debuted an offering that focuses on ransomware recovery.

Traceable AI Offers Free Solution To Stop Log4j Attacks (PR Newswire) Traceable AI, leader in API security, today announced that its free API security solution, released in August 2021, can be used to find and...

Orca Security Provides Industry’s Most Comprehensive Agentless Cloud Security Platform with Expanded CIEM Capabilities and Multi-Cloud Security Score (Business Wire) Orca Security, the cloud security innovation leader, today announced new product capabilities that further simplify cloud security and compliance oper

Tigera Tightens Container Security, Goes Beyond Detecting Threats with Industry’s Most Comprehensive Active Cloud-Native Application Security with Zero Trust (Tigera) Harnessing machine learning, Calico Cloud detects known and unknown threats, reduces attack surface, and actively mitigates risks in cloud-native applications

SentinelOne Announces Zscaler Integration, Simplifying XDR and Zero Trust Adoption (SentinelOne) Strategic alliance enables joint customers to benefit from market leading Mandiant Advantage and Singularity XDR

ElcomSoft Brings Repeatable, Forensically Sound checkm8 Extraction to iPhone 8, iPhone X and Apple Watch Series 3 (PR Newswire) ElcomSoft Co. Ltd. rolls out an update to iOS Forensic Toolkit for Mac, the company's mobile forensic tool for extracting data from a range of...

Cellebrite kit can't unlock iPhones – but the company can, at $4k each (9to5Mac) 9to5Mac has learned that the Cellebrite kit sold to customers can't unlock iPhones – but the company can and will if customers send ...

Technologies, Techniques, and Standards

The CISO’s Playbook: Stay Ahead of Friday Breach Effects (SecurityScorecard) While ransomware attacks spike on holidays and weekends, the most common day to discover a breach is Friday. This phenomenon poses challenges for every organization, its workforce, partners, customers, and society in general

The 2022 State of Password Security Federal Government Edition PUBLIC (BitWarden) The State of Password Security A report and assessment of security advice from U.S. Federal Agencies SUMMARY PRESENTATION

Moxa MXview Network Management System Vulnerabilities Patched (Claroty) Claroty Team82 discloses five Moxa MXview network management system vulnerabilities that have been patched by Moxa.

#BeCyberSmart: Tips to protect your heart and wallet (Newsroom | TikTok) We're always enamored with the creativity of our global community, and TikTok is buzzing with feelings this Valentine's Day. With over 640 billio

Why the C-suite should focus on understanding cybersecurity and investing appropriately (Help Net Security) persistently low IT/C-suite engagement may imperil investments and expose organizations to increased cyber risk.

How to have a smooth digital breakup (Avast) No one ever wants to plan for a breakup — but let’s be real: Breakups happen. And these days, as we spend so much time online, an IRL breakup needs to be accompanied by a digital breakup. 

Design and Innovation

US Army improving how it tests its tactical network (C4ISRNet) The Army conducted a technical test of the next iteration of its tactical network, applying lessons from the first go around.

Research and Development

Orbital Insight Wins Department of Defense Contract to Develop Technology to Identify Intentional GNSS Disruptions (PR Newswire) Orbital Insight, the leader in geospatial intelligence, today announced that it has been awarded a contract from the U.S. Department of Defense...

Academia

Nakasone emphasizes growing partnerships between CYBERCOM and academia (U.S. Cyber Command) On February 10, 2022, U.S. Army Gen. Paul M. Nakasone, commander of U.S. Cyber Command, director of the National Security Agency, and chief of the Central Security Service hosted a virtual welcome

UCSC selected to join US CYBERCOM Academic Engagement Network (UC Santa Cruz News) UCSC will join the inaugural class of the U.S. Cyber Command’s (CYBERCOM) Academic Engagement Network (AEN), a group of 84 colleges and universities selected to help strengthen the country’s cybersecurity operations.

SANS Institute Launches First-Ever Nationwide Cybersecurity Education Scholarship for HBCU Students and Alumni (PR Newswire) SANS Institute (SANS), the global leader in cyber security training and certifications, announced that applications are now open for the SANS +...

What is social engineering? This prof is training the new workforce in cybersecurity's nontechnical side - Technical.ly (Technical.ly) Why this liberal arts professor hosts competition events for students of all majors: "Cybersecurity is for everyone, and we all have to do our part to develop holistic and effective solutions that cater to an ever-changing threat landscape."

Legislation, Policy, and Regulation

North Korea Knows How Important Its Cyberattacks Are (Foreign Policy) Pyongyang’s tradition of guerrilla warfare keeps its “all-purpose sword” sharp.

Head spy flags more ‘proactive approach’ to cyber threats against companies (CRN Australia) Thousands of aussies targeted by spies, including on Tinder and Hinge.

White House 100-Day Cybersecurity Plan for Water Utilities Calls for New Monitoring Tech and Reporting Requirements (CPO Magazine) Following earlier executive orders aimed at shoring up other aspects of critical infrastructure, the White House has issued a 100-day cybersecurity plan for United States water utilities.

US Federal Cyber Plan Could Help Mitigate Water Utility Cyber Risk (Fitch Ratings) Fitch Ratings-Austin/New York-10 February 2022: Recent steps taken by the US federal government to bolster cyber resiliency across the water sector are an important start in mitigating rising cyber risks for publicly-owned utility systems, Fitch Ratings says.

DHS Cybersecurity Review Board: First Priorities Surface (MSSP Alert) Department of Homeland Security (DHS) Cyber Safety Review Board (CSRB): Who's included and what's the mission? Initial answers surface.

New Bill Would Force Critical Infrastructure Operators to Report Cyberattacks Within 72 Hours (Top Class Actions) Legislation that would require operators of critical infrastructure to report cybersecurity episodes within 72 hours has been reintroduced in the senate.

Massachusetts Legislature Advances Data-Privacy Bill (Wall Street Journal) New rules would require data brokers to register and allow individuals to sue for data breaches.

Former NYC cyber chief Geoff Brown looks back at time with city (StateScoop) Geoff Brown, who served as the city's CISO from 2016 through 2021, is now a vice president at cybersecurity firm Recorded Future.

Litigation, Investigation, and Law Enforcement

Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards (The Hacker News) Russia cracks down on 4 dark web marketplaces ⁠— Ferum Shop, Sky-Fraud, Trump's Dumps, and UAS ⁠— specialized in the sale of stolen credit cards.

Emily O’Reilly opens inquiry into European Commission policing of GDPR in Ireland (The Irish Times) EU ombudsman acts after complaint from the Irish Council for Civil Liberties

Google Analytics Risks French Ban Over U.S. Data Spy Fears (Bloomberg) CNIL rules Google Analytics EU-U.S. data transfers unsafe. Decision follows landmark 2020 EU court ruling on data flows.

Meta and Chime sue Nigerians behind Facebook, Instagram phishing (BleepingComputer) Meta (formerly known as Facebook) has filed a joint lawsuit with Chime, a financial technology and digital banking company, against two Nigerian individuals who allegedly used Instagram and Facebook accounts to impersonate Chime and target its users in phishing attacks.

Texas Woman Charged with Operating Warranty Fraud Scheme Targeting Cisco Systems (US Attorney for the Eastern District of Pennsylvania) The Defendant Also Allegedly Engaged in PPP Fraud Worth Over $100,000