DDoS in Russia’s hybrid war. The state of OT/ICS cybersecurity. US National Defense Strategy and cyber.
Dateline Moscow and Kyiv: Mercenaries and reservists.
Ukraine at D+246: A narrative of Russian victimhood (also DDoS). (CyberWire) Heavy fighting around Bakhmut in the Donetsk, which has become a test of Russian pride. The partial mobilization remains in disarray. Russia disavows responsibility for its war as missile continue to strike Ukrainian cities and DDoS attacks hit parliaments in Poland and Slovakia.
Russia-Ukraine war: List of key events, day 247 (Al Jazeera) As the Russia-Ukraine war enters its 247th day, we take a look at the main developments.
Russia's hope for Ukraine win revealed in battle for Bakhmut (AP NEWS) Russian soldiers pummeling a city in eastern Ukraine with artillery are slowly edging closer in their attempt to seize Bakhmut, which has remained in Ukrainian hands during the eight-month war despite Moscow's goal of capturing the entire Donbas region bordering Russia.
Russia’s ‘army of the dead’ launches ‘crazy’ wave of attacks on Donbas (The Telegraph) Kremlin ‘driving people to their deaths’ day after day in the city of Bakhmut, with high level of artillery strikes
Moscow’s reliance on human wave tactics is a catastrophe for Russia’s working-age men (The Telegraph) In its determination to capture Bakhmut, the Kremlin is ‘driving people to their deaths’, treating them like ‘single-use soldiers’
Russia accused of sabotaging city's water supply (BBC News) A BBC investigation finds evidence that Russian forces deliberately destroyed a pipeline to Mykolaiv.
Why Russia Stole Potemkin’s Bones From Ukraine (New York Times) The 18th-century military commander and lover of Catherine the Great helped conquer Ukraine and looms large in the version of history the Kremlin uses to justify the war.
U.S. Plan to Counter Illicit Diversion of Certain Advanced Conventional Weapons in Eastern Europe (United States Department of State) Summary: The United States’ priority is to ensure that Ukraine has the weapons it needs to defend its territory against Russia’s further invasion. Helping to ensure Ukraine maintains control of its territory is a primary means to limit potential illicit diversion of weapons by Russia’s forces, Russia’s proxies, and non-state actors. Since Russia’s further aggression […]
Fearing Russian false flag in Ukraine, US launches plan to track arms (Defense News) The U.S. State Department released plans Thursday to better track weapons supplied to Ukraine.
U.S. Program Aims to Keep Sensitive Weapons in Ukraine (New York Times) Portable, lethal and high-tech munitions like Stinger and Javelin missiles are a focus of a monitoring program operating from the embassy in Kyiv.
Ukraine war latest: 'Severely undermanned' Russian units at 6pc of normal fighting strength (The Telegraph) "Severely depleted" Russian Army companies in the Kherson sector have been fighting with between six and eight men each, when they should be formed of around 100 soldiers, the MOD has said.
Ukraine Calls for More Air-Defense Help as Russian Barrages Continue (Wall Street Journal) Air defense is becoming a critical new front in the war after Russia launched a series of aerial attacks that have wreaked havoc on Ukraine’s electrical infrastructure.
Pentagon: Ukraine to get advanced air defense systems early next month (Washington Post) Defense Secretary Lloyd Austin confirmed the imminent delivery of two anti-aircraft batteries but quashed hopes on longer-range missiles Kyiv says it needs
Abandoned Russian base holds secrets of retreat in Ukraine (Reuters) When Russian troops fled the Ukrainian town of Balakliia last month, they left behind thousands of documents that show in unprecedented detail the inner workings of the Russian war machine.
Alleged Russian spy arrested by Norway attended seminar on hybrid attacks (Washington Post) The suspected Russian spy arrested in Norway this week attended a seminar on hybrid threats recently that included a scenario about responding to a pipeline explosion, according to Norwegian media, a coordinator for the group that hosted the event and a photograph from the event.
A ceasefire would condemn millions of Ukrainians to Russian occupation (Atlantic Council) Recent calls for a ceasefire in the Russo-Ukrainian War ignore the fact that millions of Ukrainians remain under Russian occupation and would face an uncertain fate if abandoned to the Kremlin, writes Mark Temnycky.
Putin Plays Down Nuclear Threat in Ukraine as He Lambasts US (Bloomberg) Russian president praises Saudi, Chinese leaders’ independence. Putin claims broad support from ‘traditional values’ advocates.
Putin: "It doesn't make sense" for Russia to use nuclear weapons in Ukraine (Axios) "We have only hinted in response to statements made by western leaders."
Playing to Western Discord, Putin Says Russia Is Battling ‘Strange’ Elites (New York Times) Ahead of U.S. elections, the Russian leader sounded like some right-wing Westerners, saying his fight is not with those in the West who hold “traditional values.”
Ukraine-Russia war latest: Putin set to give 'very important' annual speech (The Telegraph) President Vladimir Putin is due to give his annual speech shortly in which he is expected to give “extensive report” on world politics.
Putin attempts to back up claim dirty bomb could be used against Russia troops (the Guardian) Russian president says he told his defence minister to raise threat of nuclear device despite Kyiv insisting it has no plans to use one
UN still sees no sign of biological weapons in Ukraine (UN News) The United Nations is not aware of any biological weapons programmes in Ukraine, a senior official in the Office for Disarmament Affairs (UNODA) reiterated on Thursday in a briefing to the Security Council.
Opinion: In neighboring Georgia, the mass arrival of Russians triggers anxieties (CNN) For Georgians, the mass arrival of Russians has, confusingly, triggered both desperately needed economic growth and a very tangible sense of deep, historically rooted anxiety about yet another Russian takeover, writes Natalia Antelava.
The cult of Putin in Serbia reflects a nation that has still not dealt with its past (the Guardian) In this, one of a series of essays from countries in or neighbouring the former Soviet bloc, a Serbian poet decries the glorification of Russia’s aggression
US to send hi-tech nuclear weapons to Nato bases amid rising tensions with Russia (The Telegraph) Deployment of B61-12 tactical bombs to Europe comes after Moscow held military exercises showcasing its own ballistic capabilities
Austin: Talks With Russia Important to Avoid Escalation in Ukraine (U.S. Department of Defense) As long as the channels of communication are open and the Defense Department is able to communicate what's important, Secretary of Defense Lloyd J. Austin III says he thinks there's an opportunity to
Computer networks of parliaments in Poland and Slovakia paralyzed by cyberattacks (Euro Weekly News) The computer networks of parliaments in both Poland and Slovakia have been paralyzed by cyberattacks today, Thursday, October 27
Slovak, Polish Parliaments Hit By Cyber Attacks (Barron's) Cyberattacks hit the Slovak and Polish parliaments on Thursday, bringing down the voting system in Slovakia's legislature, parliamentary authorities said.
Slovak parliament suspends voting due to suspected cyberattack (Reuters) The Slovak parliament suspended its session on Thursday after a suspected cyberattack brought down its IT systems, parliament speaker Boris Kollar said.
"Also from Russia" - cyber attack on parliaments in Poland and Slovakia - Today Times Live (Today Times Live) Parliaments in Poland and Slovakia have become the target of cyber attacks. The attack came from various sides, "including from the Russian Federation," a spokesman for the Polish Senate said on Thursday. He said it may have been related to a vote in the Senate on Wednesday that declared the…
The West needs a more united approach to sanctioning Putin’s elite (Atlantic Council) With Russia's invasion of Ukraine now in its ninth month, it is time for a coordinated approach to sanctioning Putin's elite that reflects the seriousness of the threat they pose to global security, writes David Clark.
Attacks, Threats, and Vulnerabilities
Discussing cyberattacks vs system failures. (CyberWire) IBM OT/ICS Security Practice Manager David Lancaster discusses the convergence of OT and IT systems and the challenges that come with that.
Critical zero-day bug, first since Heartbleed, identified in OpenSSL (Computing) New version to be released 1st November. Organisations should act now to track down OpenSSL 3.0.x in their infrastructure, warns Sonatype
Masquerading as a translation app, Furball spyware goes after Iranian citizens, ESET Research finds (ACE Times) Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books
New Phishing Campaign Leverages Income Tax Refunds (Cofense) By Adam Martin & Janos Torok, Cofense Phishing Defense Centre
Kiss-a-Dog Cryptojacking Campaign Targets Docker and Kubernetes (Infosecurity Magazine) The threat actors also utilized user and kernel mode rootkits to hide the activity
A Bug in Apple MacOS Ventura Breaks Third-Party Security Tools (WIRED) Your anti-malware software may not work if you upgraded to the new operating system. But Apple says a fix is on the way.
Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs (Security Affairs) DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks. Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin […]
Thomson Reuters collected and leaked at least 3TB of sensitive data (Cybernews) Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack.
Thomson Reuters exposes 3TB+ of sensitive data on unsecured ElasticSearch database (SiliconANGLE) Media conglomerate Thomson Reuters Corp. has been found to have exposed more than 3 terabytes of sensitive customer and corporate data, the latest company to fail in applying basic security to its hosting solutions.
New York Post Employee Publishes Fake Content on Website and Twitter (Wall Street Journal) A Post spokeswoman said an employee was responsible for the unauthorized activity, adding that the employee has been terminated.
Major German energy supplier hit by cyberattack (The Record by Recorded Future) Enercity, one of Germany’s largest municipal energy suppliers, confirmed it was targeted by a cyberattack on Wednesday morning.
Twilio discloses another hack from June, blames voice phishing (BleepingComputer) Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information.
Data breach possibly exposes health info for 34K Michigan Medicine patients (mlive) The cause of the data breach was a phishing scam conducted in mid-August, health system officials said.
DeFi platform robbed of nearly $15 million in hack (The Record by Recorded Future) DeFI platform Team Finance confirmed on Thursday that hackers exploited a vulnerability and stole $14.5 million worth of cryptocurrency.
Phishing: The tip of the iceberg (Avast) Fortunately, protection against phishing attempts have increased due to increased awareness of these scams. Here are some tips on how to spot phishing sites.
Security Patches, Mitigations, and Software Updates
CISA Releases Four Industrial Control Systems Advisories (CISA) CISA has released four (4) Industrial Control Systems (ICS) advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:
Trihedral VTScada (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Trihedral Equipment: VTScada Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition in the affected product.
Rockwell Automation Stratix Devices Containing Cisco IOS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix Devices Vulnerabilities: Incorrect Authorization, Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Interpretation Conflict, OS Command Injection, Improper Verification of Cryptographic Signature, Path Traversal 2.
SAUTER Controls moduWeb (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SAUTER Controls Equipment: moduWeb Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to trick users into clicking on malicious links and steal sensitive information.
Rockwell Automation FactoryTalk Alarm and Events Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: Rockwell Automation Equipment: FactoryTalk Alarm and Events Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition causing the server to be unavailable.
Trends
SANS 2022 Survey: The State of OT/ICS Cybersecurity in 2022 and Beyond | Nozomi Networks (Nozomi Networks) Read the latest findings on OT/ICS cybersecurity in the Nozomi Networks-sponsored SANS 2022 survey.
New research finds 73% of organizations will increase AppSec investment in 2023 (Invicti) Invicti Security has announced released the Fall 2022 edition of its bi-annual AppSec Indicator: Tuning Out AppSec Noise is All About DAST, revealing how modern AppSec solutions, like dynamic application security testing (DAST), offer fewer noisy distractions like false positives and provide more focus.
Consumer Habits, Trends and Adoption of Authentication Tech (FIDO Alliance) What’s the latest in consumer habits, trends and adoption of authentication technologies across the globe?
The Great Privacy Awakening | DataGrail (DataGrail) Explore the research: The Great Privacy Awakening report reveals consumer privacy concerns in the digital age.
The State of Compliance: 2022 Trends Report (Arctic Wolf Networks) See our analysis of the prevalent and emerging compliance trends impacting IT and security teams.
New research finds 73% of organizations will increase AppSec investment in 2023 (Invicti) Invicti Security has announced released the Fall 2022 edition of its bi-annual AppSec Indicator: Tuning Out AppSec Noise is All About DAST, revealing how modern AppSec solutions, like dynamic application security testing (DAST), offer fewer noisy distractions like false positives and provide more focus.
Netwrix Study: 86% of Cloud Attacks in the Healthcare Sector Result in Financial Losses or Other Damage (Netwrix) The healthcare sector is twice as likely to face data breach consequences as any other industry surveyed.
Average cost of healthcare data breach rises to $7.1M, according to IBM report (Fierce Healthcare) A healthcare data breach comes with a hefty price tag—to the tune of $7.13 million on average.
Marketplace
DataTribe announces cybersecurity startup challenge finalists (The Business Monthly) Fulton-based DataTribe announced the finalists of its fifth-annual DataTribe Challenge. The competition is poised to identify seed stage start-ups with a vision to disrupt cybersecurity and data science. Finalists will present a pitch and answer questions from judges during a live event on Nov. 3. The three finalists will split $20,000 in prize money and […]
DMI Announces the Acquisition of the Ambit Group (PR Newswire) DMI, a global leader in digital transformation services, announced today that it has acquired the Ambit Group LLC ("Ambit"), a leading provider...
Cinchy Announces $14.5 Million Series B Funding Led by Forgepoint (Cinchy) Cinchy, the pioneer of dataware technology and leader of data liberation, announced a $14.5 million USD Series B financing round led by Forgepoint Capital.
Cryptosat Raises $3 Million to Launch Satellite into Space for Bulletproof Cryptography (Finanace Feeds) Cryptosat has successfully completed a seed raise of $3 million as it prepares to launch a Trusted Execution Environment in space,
Avast paid US $326M for SecureKey Technologies (Private Capital Journal) Avast plc paid US $325.9M for acquisition of SecureKey Technologies Inc. from Blue Sky Capital, Intel Capital, BMO, CIBC, RBC, ScotiaBank, TD, Desjardins, Visa, Mastercard, Discover, TELUS, and Rogers Venture Partners.
Versa raises $120M for its software-defined networking and security stack (TechCrunch) Versa, a provider of software-defined networking and security technologies, has raised $120 million in a funding round.
Elon Musk Twitter Deal Completed, CEO and CFO Immediately Fired (Wall Street Journal) The billionaire entrepreneur completed his takeover and fired top executives, capping an unusual corporate battle and setting up one of the world’s most influential social-media platforms for potentially broad change.
Elon Musk is officially Twitter's new owner, and he's firing executives already (Business Insider) Musk and Twitter just closed on his $44 billion deal to take the platform private. The billionaire is already firing executives and doing technical reviews.
Elon Musk's first move as Twitter's new owner has been to fire at least 4 top executives, including CEO Parag Agrawal (Business Insider) The executives fired include CEO Parag Agrawal, COO Ned Segal, top legal and policy executive Vijaya Gadde, and general counsel Sean Edgett.
Elon Musk Takes Twitter, and Tech Deals, to Another Level (New York Times) Silicon Valley moguls used to buy yachts and islands. Now they are rich enough, and perhaps arrogant enough, to acquire companies they fancy.
Here’s How Mergers Close as Musk and Twitter Move to the Altar (Bloomberg) Sealing a messy deal involves more than Musk saying ‘I do’. Who will be celebrating union and how remains to be seen.
WSJ News Exclusive | Elon Musk Says Twitter Won’t Be ‘Free-for-All Hellscape,’ Addressing Advertisers’ Concerns (Wall Street Journal) The Tesla CEO moved to reassure marketers who are concerned about his stance on content moderation and potential conflicts in auto advertising if the deal for Twitter is completed.
Elon Musk, on Eve of Twitter Deal Close, Promises Advertisers It Won’t Become a ‘Free-for-All Hellscape’ (Variety) Mega-billionaire Elon Musk, nearing the finish line in his rocky takeover of Twitter, posted an open letter to advertisers on the the social network — seeking to calm their nerves that he won…
Musk Says Twitter Can’t Become a ‘Free-for-All Hellscape’ (Bloomberg) Elon Musk, who’s on track to buy Twitter Inc. for $44 billion on Friday after earlier trying to back out of the deal, said he’s making the purchase “to try to help humanity, whom I love.”
Elon Musk reportedly tells Twitter he won’t lay off 75 percent of staff (Engadget) Elon Musk visited Twitter's HQ and reportedly denied that he's laying off 75 percent of the company's employees..
With Musk Now Running Twitter, Spotlight is on Workforce (The Information) Elon Musk is now in control of Twitter, having completed the $44 billion purchase of Twitter on Thursday and fired the company’s top leadership. For employees, there’s both good and bad news. While Twitteremployees with stockcan look forward to a cash payout from the takeover, some will likely ...
How Twitter Will Change as a Private Company (New York Times) The social media company went public in 2013. But Elon Musk is taking it private as part of his acquisition of the firm. Here’s what that means.
European staff hit by Snyk restructure (CRN) Start-up became latest cybersecurity vendor to announce job cuts on Monday
Once-hot Boston cybersecurity firms still retrenching (BostonGlobe.com) Security-tech companies Snyk and Cybereason this week announced significant layoffs after having already trimmed their workforces during the summer.
Broadcom CEO Hock Tan On VMware: 'We Can Offer Better Products Without Raising Prices' (CRN) With partners and industry analyst Gartner worried about a price hike on the way for customers, Broadcom CEO Hock Tan announces that he can offer a better VMware ‘without raising prices.
Frank Roe Joins LastPass Board of Directors (LastPass) Software leader joins LastPass’ board during time of critical growth
Products, Services, and Solutions
New infosec products of the week: October 28, 2022 (Help Net Security) The featured infosec products this week are from: ARMO, Array, AuditBoard, Illusive, Kasten by Veeam, Prove, SkyKick, and Socure.
OPSWAT Announces FileScan.IO Asset Acquisition; Delivers Advanced Malware Analysis Platform (GlobeNewswire News Room) Asset acquisition underscores OPSWAT’s commitment to continuous innovation by providing the most comprehensive next-gen malware analysis platform...
Versasec Entrust Partnership Creates "One-Stop Shopping" Experience for Credential Management (PRLog) Versasec Entrust Partnership Creates "One-Stop Shopping" Experience for Credential Management. Cybersecurity Leaders Expand Long-standing Technology Partnership to Meet Evolving Customer Needs - PR12938071
Open Systems Partners With Patriot Consulting to Meet the Cybersecurity Needs of Microsoft Customers (Business Wire) Open Systems, a provider of next-gen managed detection and response (MDR) services and the 2022 Microsoft Security MSSP Partner of the Year, today ann
Siren Forms Strategic Partnership with ShadowDragon (ShadowDragon) Market Leading Technologies Combineto Provide Powerful Investigative Solution
Cinchy: Revolutionizing Data Infrastructure with Dataware (Forgepoint Capital) We’re excited to announce our investment in Cinchy as we join co-founders Dan DeMers (CEO) and Karanjot Jaswal (CTO) to revolutionize data infrastructure.In a rapidly digitizing world, the explosion of data has brought on unique challenges. Cinchy is addressing those challenges with “dataware.” Instead of an application-centric architecture in which data must be copied for each application, Cinchy introduces a data-centric architecture.
Embroker Announces Partnership With LastPass to Bridge Critical Password & Identity Protection Gaps for Small Businesses (Business Wire) Embroker, the digital platform making it radically simple to get business insurance, today announced a partnership with LastPass, the award-winning pa
Kaspersky launches a new online cybersecurity training for ‘Mobile Malware Reverse Engineering’ experts (GlobeNewswire News Room) Woburn, MA, Oct. 26, 2022 (GLOBE NEWSWIRE) -- Developed by Kaspersky experts, the company’s new ‘Mobile Malware Reverse Engineering’ course helps upgrade...
Zscaler’s Longest-Standing Customer, The Arc Mid-Hudson, Advances Security Capabilities for Mobile Healthcare Workers and Patient Data (GlobeNewswire News Room) After 15 Years with Zscaler, The Arc Mid-Hudson Continues to Rely on Zscaler to Secure its Workforce and Enable Data Protection for Healthcare Information...
DYXnet, Zscaler Partner to Launch Brand-new SASE Solution (Fast Mode) DYXnet Partners with Zscaler to Launch Its Brand-new SASE Solution
CrowdStrike and EY expand global cloud security alliance (IT Brief Australia) The alliance combines CrowdStrike's cloud security and observability solutions with consulting capabilities and services provided by EY.
Sandline Global to Become the First Private-Sector Customer for Cellebrite Guardian (GlobeNewswire News Room) Cellebrite Guardian will enhance Sandline’s in-house investigation and evidence management system...
LogRhythm Announces Integration with the Gigamon Hawk Deep Observability Pipeline (Business Wire) New integration will help customers rapidly detect and respond to anomalies and threats across their networks.
Technologies, Techniques, and Standards
CISA announces cybersecurity performance goals for critical infrastructure (CyberScoop) The voluntary goals are meant to be a starting guide for critical infrastructure in both IT and OT environments.
Biden administration rolls out new cybersecurity performance goals for private sector (SC Media) The documents include a list of best practices for securing accounts, devices and data, vulnerability management, governance and the supply chain, as well as a “user friendly” worksheet for owners and operators in critical infrastructure to map their cybersecurity practices to standards developed by the National Institute for Standards and Technology and plan new investments.
CISA unveils voluntary cybersecurity performance goals (Federal News Network) The goals are voluntary, but the Biden administration is separately pressing certain critical infrastructure sectors to adopt minimum cyber standards.
Sharpening ‘Shields Up’: CISA Delivers Critical Infrastructure Cyber Performance Goals to Prioritize Decisions, Spending, and Action (Nozomi Networks) CISA’s cross-sector cyber performance goals (CPGs) aim to improve critical infrastructure cybersecurity maturity. Here’s how to use them effectively.
5 Things to Know About New CISA CPGs (Claroty) The Cybersecurity Infrastructure & Security Agency (CISA) today released its new Cross-Sector Cybersecurity Performance Goals (CPGs), a foundational set of IT and operational technology (OT) practices and recommendations that can help smaller, lesser-resourced organizations better prioritize cybersecurity efforts and reduce risk
'Our security here is a joke': Election workers lament lack of federal spending on security ahead of crucial midterms (CNN) Millions in federal dollars could have gone to protect election workers and improve the physical security of their offices, but in a classic tale of bureaucratic red tape, most of it remains untapped less than two weeks before the midterm elections.
Design and Innovation
YouTube will let doctors and nurses apply to be labeled as reliable (The Verge) They have to follow health information guidelines.
Legislation, Policy, and Regulation
China’s Cyberattack Strategy Explained (Booz Allen Hamilton) China’s cyberattacks threaten U.S. security and critical infrastructure. Here’s how to spot and counter these threats.
As Washington wavers on TikTok, Beijing exerts control (Washington Post) The wildly popular app’s link to China has sparked fears over propaganda and privacy. It’s also exposed America’s failure to safeguard the web.
2022 National Defense Strategy (US Department of Defense) President Biden has stated that we are living in a decisive decade."
2022 NDS Fact Sheet | Integrated Deterrence (US Department of Defense) The concept of deterrence is not new. But – given the urgent need to strengthen and sustain deterrence to protect vital U.S. national security interests – the Department of Defense must adopt a new approach to bring its full resources to bear in deterring aggression from competitors. Integrated Deterrence is weaving together cuttingedge technology, operational concepts, and state-of-the-art capabilities alongside interagency counterparts and with Allies and partners – to dissuade aggression.
The Attack on America’s Future (Foundation for the Defense of Democracies) In 2018, the Foundation for Defense of Democracies (FDD) published a series of monographs analyzing cyber-enabled economic warfare (CEEW) as practiced by Russia, China, North Korea, and Iran.
The U.S. is vulnerable to economic warfare in cyberspace (Washington Post) Adversaries could exploit U.S. vulnerabilities in cyberattacks intended to harm the economy
U.S. must step up against 'cyber-enabled economic warfare,' think tank urges (The Record by Recorded Future) The U.S. must do more to combat its digital adversaries, who are utilizing cyber-enabled economic warfare tactics to boost their own political or military power, according to a report out today from the Foundation for Defense of Democracies.
Why Google supports the US Securing Open Source Software Act (Google) Google welcomes efforts by the U.S. Government to advance open source software security.
Google backs senate bill on securing open source software (The Record by Recorded Future) Google joined other forces in the tech world today to publicly voice its support of legislation to secure open source software.
Litigation, Investigation, and Law Enforcement
Interpol says metaverse opens up new world of cybercrime (Reuters) Global police agency Interpol said it was preparing for the risk that online immersive environments - the "metaverse" - could create new kinds of cybercrime and allow existing crime to take place on a larger scale.
FBI probing ex-CIA officer's spying for World Cup host Qatar (AP NEWS) A former CIA officer who spied on Qatar’s rivals to help the tiny Arab country land this year’s World Cup is now under FBI scrutiny and newly obtained documents show he offered clandestine services that went beyond soccer to try to influence U.S.
Inside the Secret Prisoner Swap That Splintered the U.S. and China (Wall Street Journal) The detention of a Chinese executive to stand trial in the U.S. provoked a standoff between global rivals and opened an acrimonious new era. “You are lapdogs of the United States.”
Arrested Ukrainian national charged with running Raccoon Infostealer malware (The Record by Recorded Future) The U.S. Department of Justice charged a Ukrainian national this week over his alleged role in a cybercrime operation known as Raccoon Infostealer.
Gloss