200-301 Practice Test - Cisco Certified Network Associate - CCNA 2023 Updated: 2024

Earning specialized certifications is a surefire way to advance your career in the IT field, regardless of industry or current career level. The right certification validates your skills and knowledge, which makes you more desirable to future employers who want to attract and retain the best employees. Below, we’ll explore the top IT certifications and share how to examine your goals to choose the right path forward. 

This course is tailored for paralegals, legal assistants, aspiring legal professionals, and anyone seeking to enhance their understanding of federal law. Whether you're preparing for the Certified Paralegal Exam or simply aiming to bolster your legal expertise, this course can assist you towards successfully completing your goal.

Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.

Ukraine at D+665: Reprisals for the Kyivstar hack. (CyberWire) Ukrainian hacktivist auxiliaries undertake reprisals for the Kyivstar hack, and Russian disinformation tacks toward a narrative of the Russian World as it takes advantage of technological advances.

Hamas insists on end to Israel’s offensive in Gaza before hostage talks can begin (the Guardian) UN security council resolution calling for ceasefire and more aid deliveries delayed again at the request of the US

Russia-Ukraine war: List of key events, day 666 (Al Jzeera) As the war enters its 666th day, these are the main developments.

Russia shells 6 communities in Sumy Oblast (The Kyiv Independent) Russian forces attacked six communities along the Sumy Oblast border on Dec. 20, firing 14 times over the course of the day, the Sumy Oblast military administration reported.

Captured Russian weapons, an ammo crisis and a new NATO ally: 5 stories from Europe in 2023 (Breaking Defense) Alliance expansion might force Russia to reassess a strategic calculus around a war beyond Ukraine’s borders, but tough questions around just how long Kyiv can defend itself are beginning to be asked.

While Washington Dickers, Tiny Bulgaria Races To Supply Ukraine With Bullets, Tank Shells, and Armor (The New York Sun) Russia’s neighbors — from Norway and Finland to Romania and Bulgaria — see helping Ukraine as an existential necessity for the defense of eastern and…

Expert Opinion: To Win in Ukraine, We Must Prove Putin Wrong (The Cipher Brief) Cipher Brief expert and former Chief of CIA's Central Eurasia Division Rob Dannenberg shares his insights on how to win in Ukraine

Putin’s dead end | The Strategist (The Strategist) In his annual press conference, Russian President Vladimir Putin made it clear that he will be ready for a peace settlement with Ukraine only after he has achieved his goals, which haven’t changed since he ...

Orban Isn’t the EU’s Trump (World Politics Review) The EU’s struggle to manage rogue member states is a chronic but manageable condition. The US’ Trump problem is much more acute.

European Allies’ Views of Russia’s Nuclear Policy after the Escalation of Its War in Ukraine (Real Clear Defense) Russia’s nuclear threats have not gone unnoticed among citizens of European nations, including in those countries that reportedly host U.S. battlefield (also sometimes called tactical or short-range) nuclear weapons (Belgium, Germany, Italy, the Netherlands and Turkey[1]).

Ukraine’s Front-Line Troops Are Getting Older: ‘Physically, I Can’t Handle This’ (Wall Street Journal) Corruption and fear are hindering effort to rebuild army

Ukrainian hackers breach Rosvodokanal, seize data of Russia's largest private water utility (RBC-Ukraine) Ukrainian hackers, reportedly with support from the Security Service (SSU), sought revenge for the recent cyberattack on Kyivstar and destroyed the IT infrastructure of the Russian major private water-supply company Rosvodokanal, according to RBC-Ukraine's own sources.

Ukrainian hackers report successful attack on Russian Bitrix service (Ukrainska Pravda) Hackers from the IT Army of Ukraine have announced that they have carried out a successful attack on the servers of Bitrix24, a service used by major Russian companies such as Rosneft.

Uninterrupted communications for critical infrastructure: Ukraine gets 5,000 more Starlinks from Poland (Ministry of Digital Transformation of Ukraine) The Polish government has handed over another 5,000 Starlinks to Ukraine. The terminals are being transferred to critical infrastructure facilities and frontline areas to ensure uninterrupted communications.

How pro-Russian 'yacht' propaganda influenced US debate over Ukraine aid (BBC) A false rumour spread by a dubious AI-powered website caught the attention of leading politicians.

The legal case for seizing Russia’s assets (Financial Times) G7 allies are debating whether to spend Moscow’s frozen funds to support Ukraine

Germany moves to seize €720mn of Russian group’s assets (Financial Times) Bid to take cash from financial institution comes as west explores ways to seize assets of Russia’s central bank

U.S. Makes a New Attempt to Stifle Russian Oil Trade (Wall Street Journal) Treasury Department imposes blocking sanctions on three trading firms that have emerged as important players in the Russian petroleum market

Russia Jails Men for Funding Far-Right Ukraine Group (The Moscow Times) Russia on Thursday handed long jail sentences to a Ukrainian man and another individual for financing an ultranationalist group in Ukraine by selling illegal drugs.

Attacks, Threats, and Vulnerabilities

Web injections are back on the rise: 40+ banks affected by new malware campaign (Security Intelligence) DanaBot is a sophisticated banking trojan targeting financial institutions and their customers. Now, a new global campaign has put more users at risk.

This JavaScript code hit 50K online banking sessions in 2023 (Register) Why keeping your PC secure and free of malware remains paramount

Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (BleepingComputer) Cryptocurrency scammers are abusing a legitimate Twitter "feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs.

Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla (Zscaler) Understand how threat actors exploit CVE-2017-11882 to deliver Agent Tesla for data exfiltration

Attackers Exploit 6-Year-Old Microsoft Office Bug to Spread Spyware (Dark Reading) Malicious attachments that exploit an RCE flaw from 2017 are propagating Agent Tesla, via socially engineered emails and an evasive infection method.

Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware (Cisco Talos Blog) Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.

Cybercriminals target UAE residents, visitors in new info-stealing campaign (Record) A group of hackers in recent months has attempted to steal personal and financial information from residents and visitors of the United Arab Emirates in a new text-based phishing campaign, according to new research.

Cybercrims target hotel staff for management credentials (Register) Research highlights how major attacks like those exploiting Booking.com are executed

The Naughty List: scammers exploit Christmas Eve rush with fake deliveries (Group-IB) Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has detected a sharp increase in the number of fake delivery websites just weeks before Christmas.

Seasonal-themed scams hit user inboxes in the run-up to Christmas, Bitdefender Antispam Lab warns (Hot for Security) During the winter holidays, online scams and unsolicited emails increase considerably and malicious spammers, as usual, begin celebrating early.

Microsoft Alert: COLDRIVER Credential Theft Rising Again (TuxCare) Stay informed on the surge in COLDRIVER credential theft. Microsoft's alert reveals the latest tactics. Safeguard your data now!

Hacker Sells Access to Customer Data from Brazil ISPs (SafetyDetectives) A hacker is selling information allegedly stolen from Brazil-based internet service providers (ISPs) The SafetyDetectives cybersecurity team found a forum post

Nearly 3 million affected by ransomware attack on medical software firm (Record) Austin-based ESO Solutions said a ransomware attack allowed hackers to access patient health information.

Indian tech giant HCL investigating ransomware attack (Record) In a regulatory filing, HCL Technologies said it “has become aware of a ransomware incident in an isolated cloud environment for one of its projects.”

Wolverine part of massive Insomniac Games leak after ransomware deadline passes (The Verge) 1.67 terabytes of data comprising over 1.3 million files.

Data Leak Exposes 1.5 Billion Real Estate Records, Including Elon Musk, Kylie Jenner (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) A Campbell, New York-based real estate training platform called Real Estate Wealth Network exposed a massive treasure trove of real estate records due to cloud server misconfiguration.

COC alerts employees to third-party data breach  (Santa Clarita Valley Signal) Unauthorized data breach via the college’s insurance provider affects more than 2,400 current, former employees  College of the Canyons is communicating with more than 2,400 affected personnel after an unauthorized data breach through its insurance provider, according to Eric Harnish, a spokesman for the college.  Keenan & Associates, a Torrance-based consulting and brokerage firm which […]

Security Patches, Mitigations, and Software Updates

Apple Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency | CISA) Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information.

Mozilla Releases Security Updates for Firefox and Thunderbird | CISA (Cybersecurity and Infrastructure Security Agency CISA)

Trends

Annual Payment Fraud Intelligence Report: 2023 (Recorded Future) Throughout 2023, many indications suggested that the payment fraud underground has begun to recover from Russian law enforcement’s crackdown against domestic cybercriminals and the subsequent full-scale Russian invasion of Ukraine in 2022.

Regulators Got Tough on Cyber in 2023 as Crime Soared (Wall Street Journal) Regulators Got Tough on Cyber in 2023 as Crime Soared

7 Security Trends to Watch Heading into 2024 (Information Week) Challenges and opportunities old and new will shape another year in the cybersecurity space.

Tracking Ransomware: November 2023 (CYFIRMA) This CYFIRMA Monthly Ransomware Report thoroughly analyses ransomware activity in November 2023, covering significant attacks, the top five ransomware families, geographical distribution, targeted industries, evolution of attacks, vulnerabilities exploited by ransomware groups, and trends

Marketplace

Proofpoint closes acquisition of Tessian (iTWire) Cybersecurity and compliance company Proofpoint has completed the acquisition of AI-based Cloud Email Security provider Tessian. Proofpoint says combining its industry-leading threat and data loss protection technology and intelligence with Tessan's AI-powered behavioral and dynamic detection wi...

Anthropic to Raise $750 Million in Menlo Ventures-Led Deal (The Information) Anthropic is in talks to raise $750 million in a venture round led by Menlo Ventures that values the two-year-old artificial intelligence startup at $15 billion not including the investment, more than three times its valuation this spring, according to two people with direct knowledge of the ...

BlackBerry posts surprise quarterly profit on resilient cybersecurity demand (Moneycontrol) BlackBerry (BB.TO) reports unexpected quarterly profit, driven by robust demand for cybersecurity services amid escalating online threats; stable spending despite overall IT downturn.

Cybersecurity Leader Ranell Gonzales Joins Cybrella as Vice President of Global Sales and Alliances (PR Newswire) Cybrella, a prominent player in the cybersecurity advisory space, is thrilled to welcome Ranell Gonzales as the new Vice President of Global...

Products, Services, and Solutions

Independent Technical Evaluation from Technology Advancement Center Finds Darktrace Federal Cyber AI Mission Defense Provides Comprehensive Visibility and Detection for IT and OT Environments (PR Newswire) Darktrace Federal announced that the Technology Advancement Center (TAC) completed an independent technical evaluation of the Darktrace Federal...

Saviynt Recognized as a 2023 Gartner® Peer Insights™ Customers’ Choice for IGA (Saviynt) Converged identity security company is recognized as a Customers’ Choice for 3 years in a row

Saviynt helps Danfoss cut the time to onboard new employees by 83 percent (Saviynt) Saviynt Enterprise Identity Cloud enables engineering and manufacturing company to manage and secure 45,000 digital identities across 100 countries

The Limitations of Google Play Integrity API (ex SafetyNet) (Approov) Explore the history, uses, and limitations of the Google Play Integrity API (formerly SafetyNet); compare and contrast it with Approov's mobile security.

Stellar Cyber integrates with SentinelOne for enhanced cybersecurity across environments (Help Net Security) Stellar Cyber and SentinelOne integration boosts cybersecurity across on-premises, cloud, hybrid, and IT/OT environments.

Microsoft teams up with Silobreaker to enhance cybersecurity with MDTI intelligence (MSPoweruser) Microsoft and Silobreaker announced an integration between Microsoft Defender Threat Intelligence (MDTI) and Silobreaker's 360 Search platform. 

Technologies, Techniques, and Standards

The Disturbing Impact of the Cyberattack at the British Library (The New Yorker) The library has been incapacitated since October, and the effects have spread beyond researchers and book lovers.

The cult of tech could push us into a new Dark Age (The Telegraph) It is senseless to destroy historical documents and assume digital versions will survive the centuries

CISA seeking comments on its ‘secure by design’ guidance (FedScoop) The agency’s request for information on its software security white paper “acknowledges that security by design is not easy,” and that additional comments from manufacturers and other interested parties are needed.

What's the Best Way to Communicate After a Data Breach? (Dark Reading) So you've had a data breach, and now you need to take the next step. Here's a guide for communicators dealing with security incidents from Ashley Sawatsky of Rootly.

Research and Development

The FTC Voice Cloning Challenge (US Federal Trade Commission) Voice cloning technology is becoming increasing sophisticated due to improving text-to-speech AI.

GPT and other AI models can't analyze an SEC filing, researchers find (CNBC) The findings from Patronus AI highlight some of the challenges of using AI models within big companies in regulated industries like finance.

Legislation, Policy, and Regulation

Biden administration takes first step toward writing key AI standards (Reuters) The Biden administration said on Tuesday it was taking the first step toward writing key standards and guidance for the safe deployment of generative artificial intelligence and how to test and safeguard systems.

How Congress can rein in data brokers (CyberScoop) Know your customer rules are a first step to address the risks of sensitive data — including on U.S. military servicemembers — sold online.

U.S. Regulators Propose New Online Privacy Safeguards for Children (New York Times) The F.T.C. called for sweeping changes that could curb how social media, game and learning apps use and monetize youngsters’ data.

FTC Proposes Curbing Targeted Advertising to Children Online (Wall Street Journal) Agency seeks to bolster 1998 law by requiring targeted ads for children to be turned off by default

FTC proposes tougher children’s data privacy rules for first time in a decade (Record) The agency is proposing new restrictions on the use and disclosure of children’s personal data and wants to make it much harder for companies to exclude children from their services if they can’t monetize their data.

The Obscure Google Deal That Defines America’s Broken Privacy Protections (WIRED) Google’s doomed social network Buzz led US regulators to force Google and Meta to monitor their own data use. Insiders say the results were mixed, as pressure mounts for a federal privacy law.

Litigation, Investigation, and Law Enforcement

Julian Assange's 'Final' Appeal Against US Extradition to be Held in February (Voice of America) Assange is wanted by the U.S. on 18 counts relating to WikiLeaks' release of confidential U.S. military records

ALPHV's Downfall? The 2023 Crackdown on BlackCat Ransomware (Flashpoint) Exploring the impact of ALPHV's ransomware blog takedown by law enforcement and its impact on the greater cyber threat landscape

ALPHV Ransomware Site Outage: What We Know So Far (ReliaQuest) The ALPHV ransomware data-leak site has been offline for 30 hours, raising speculation of disruption by law enforcement activity. Here's what we know so far.

How hard has the BlackCat ransomware group been hit by the FBI? (Tech Wire Asia) The BlackCat ransomware group has been around since November 2021 targeting organizations globally. Has the FBI just hit it hard?

German police take down Kingdom Market, a darknet emporium of illicit goods (Record) German police said they posted a takedown notice on the website and are now analyzing Kingdom Market's server infrastructure to identify the people behind the website's operation.

AI cannot be patent 'inventor', UK Supreme Court rules in landmark case (Reuters) A U.S. computer scientist on Wednesday lost his bid to register patents over inventions created by his artificial intelligence system in a landmark case in Britain about whether AI can own patent rights.

Judge Gives Prosecutors Access to G.O.P. Lawmaker’s Messages in Jan. 6 Case (New York Times) The roughly 1,700 messages are from the cellphone of Representative Scott Perry, who was involved in discussions with Trump administration officials about overturning the election.

Rite Aid Banned From Using AI Facial Recognition in FTC Settlement (Wall Street Journal) The company said it ‘fundamentally’ disagrees with the allegations

The couch surfing predator: how a group of women were drugged and assaulted – then fought back (the Guardian) Dino Maglio, a former Italian police officer, opened up his home to young women travellers, many of whom suffered at his hands. As scattered as they were, legal action seemed impossible. But as their numbers grew, so too did their determination ...

Brazil’s First Lady Clashes With Elon Musk Over Hacked X Account (Bloomberg) Janja has threatened to sue over slow response to breach. Musk says his platform bears no responsibility for hacking.

Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors' opinions or evaluations.

Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.

Ukraine at D+666: Kyivstar attack may represent a new cyber phase of the hybrid war. (CyberWire) Unattributed cyberespionage campaigns afflict both sides. The Kyivstar cyberattack is now regarded as the most effective Russian cyber operation since its attack against Viasat ground stations in the opening hours of the invasion.

The case of al-Shifa: Investigating the assault on Gaza’s largest hospital (Washington Post) Weeks before Israel sent troops into al-Shifa Hospital, its spokesman began building a public case.

Hamas leader says hostage deal is ‘all or nothing’ (The Telegraph) Yahya Sinwar has reportedly insisted on a lasting ceasefire and the release of all Palestinian prisoners, including high-profile figures

Israel Mostly Excluded From Talks as America Signals Support for UN Resolution Seeking Increase in Gaza Humanitarian Aid (The New York Sun) The scheme being considered has been tried before — under the now-infamous name of oil-for-food.

Israel’s Muddled Strategy in Gaza (Foreign Affairs) Time to make hard choices.

Opposition to Israel’s war for survival fails to understand Hamas’s goals (Atlantic Council) Calls for an immediate and permanent ceasefire, beyond humanitarian pauses, are implicitly advocating for a Hamas victory.

In Dealing With the Israeli-Palestinian Conflict, America Has No Easy Way Out (Foreign Affairs) Biden must take risks, talk straight, and act boldly.

Distortion by design (Atlantic Council) Almost as soon as the Israel-Hamas war began, it collided with the engineering and policy decisions of social media companies. On Telegram, terrorist content spread mostly uncontested; on X, false claims proliferated. Accusations of anti-Palestinian bias at Meta and pro-Palestinian bias at TikTok added to the confusion. Can the platforms thread this needle?

Opinion How the battle for democracy will be fought — and won (Washington Post) In September last year, three days after widespread protests broke out across Iran over the death of a young woman detained for not fully covering her hair with a hijab, the authorities blocked the internet.

Kyiv Targeted By Mass Russian Drone Attack (RadioFreeEurope/RadioLiberty) The Ukrainian capital, Kyiv, was targeted by more than two dozen drones launched by Russia early on December 22, injuring two people.

Analysts say Ukraine's forces are pivoting to defense after Russia held off their counteroffensive (AP News) A British military analysis says Ukraine’s armed forces are taking up a more defensive posture, after their summer counteroffensive failed to achieve a major breakthrough against Russia’s army and as winter weather sets in after almost 22 months of war.

Ukrainian spies vow to stab Russia ‘with a needle in the heart’ (POLITICO) Chief of SBU intelligence service warns Putin to expect ‘surprises’ in 2024.

Ukraine in Europe: One Hard-Earned Step Closer (Wilson Center) On December 14, 2023, the European Council adopted an historic decision to open membership negotiations with Ukraine and Moldova, and to grant candidate status to Georgia.

Orban acknowledges EU can provide aid to Ukraine without Hungary’s (EMEA Tribune) Hungarian Prime Minister Viktor Orban has acknowledged that European Union member states have the autonomy to provide assistance to Ukraine independently, bypassing the need for consensus within the

Orban Says He Accepted Zelenskiy's Invitation To Discuss Ukraine's EU Membership Hopes (RadioFreeEurope/RadioLiberty) Hungarian Prime Minister Viktor Orban says he has accepted an invitation from Ukrainian President Volodymyr Zelenskiy to hold a bilateral meeting, which would be the first between the two leaders since Russia launched its full-scale invasion of Ukraine.

Putin scents historic victory amid growing signs of Western weakness (Atlantic Council) Recent indications of growing Russian confidence in victory over Ukraine owe much more to Western weakness than to the Kremlin’s own military might, writes Peter Dickinson.

Europe Must Ramp Up Its Support for Ukraine (Foreign Affairs) Abandoning Kyiv would embolden Russia—and lead only to more war.

Ukraine Should Take a Page out of Finland’s Fight With Stalin (Real Clear Defense) Helsinki had to sacrifice territory for autonomy, but its pride and prosperity soared.

A majority of Congressmen want more military aid for Ukraine (The Economist) They are being prevented from voting for it in the name of phoney populism

Threat Actor 'UAC-0099' Continues to Target Ukraine (Deep Instinct) Deep Instinct’s Threat Research team explores recent activities by threat actor "UAC-0099," including recent attacks on Ukrainian targets. It also examines common tactics, techniques, and procedures (TTPs), including the use of fabricated court summons to bait targets in Ukraine into executing malicious files.

Ukrainian remote workers targeted in new espionage campaign (Record) A group tracked as UAC-0099 exploited a high-severity vulnerability in WinRAR software to target Ukrainians outside the country, researchers at Deep Instinct said.

Cyber-espionage group Cloud Atlas targets Russian companies with war-related phishing attacks (Record) The hacker group known as Cloud Atlas targeted a Russian agro-industrial enterprise and a state-owned research company in a new espionage campaign, researchers have found.

Fog of cyber war: spies from Cloud Atlas attack Russian companies under the guise of supporting SVO participants (FACCT) FACCT experts analyzed new attacks by the Cloud Atlas spy group

Kyivstar Restores Full Services After Massive Hacker Attack (KyivPost) Ukraine’s largest mobile telephone operator is running again after a huge cyber-attack. Kyivstar will also cancel the plan fee for its users and allocate millions of dollars for the AFU.

Ukrainian telecoms hack highlights cyber dangers of Russia's invasion (Atlantic Council) An unprecedented December 12 cyber attack on Ukraine's largest telecoms operator Kyivstar left tens of millions of Ukrainians without mobile services and underlined the cyber warfare potential of Russia's ongoing invasion, writes Mercedes Sapuppo.

U.S. and Europe Eye Russian Assets to Aid Ukraine as Funding Dries Up (New York Times) Despite legal reservations, policymakers are weighing the consequences of using $300 billion in Russian assets to help Kyiv’s war effort.

The pitfalls of seizing Russian assets to fund Ukraine (Financial Times) Moscow must be made to pay, but without risking harm to global financial stability

Russia Adds Two Of Navalny's Self-Exiled Associates To Its Wanted List (RadioFreeEurope/RadioLiberty) The Russian Interior Ministry on December 21 added two self-exiled associates of imprisoned opposition politician Aleksei Navalny to its wanted list on unspecified charges.

Russia Launches Probe Against Self-Exiled Opposition Politician Leonid Gozman (RadioFreeEurope/RadioLiberty) Sources in Russian law enforcement on December 22 said a probe had been launched against self-exiled opposition politician Leonid Gozman on charge of spreading "fake" information about Russia's armed forces involved in Moscow’s ongoing invasion of Ukraine.

Kazakhstan To Extradite U.S.-Wanted Russian Cybersecurity Expert To Moscow (RadioFreeEurope/RadioLiberty) Russia's Prosecutor-General's Office said on December 21 that the Kazakh authorities would extradite Russian cybersecurity expert Nikita Kislitsin to Moscow, although he is also wanted in the United States for allegedly buying illegally obtained personal data.

Attacks, Threats, and Vulnerabilities

Microsoft Warns of New 'FalseFont' Backdoor Targeting the Defense Sector (The Hacker News) Iranian threat actor targets Defense Industrial Base sector with a new backdoor called FalseFont.

‘Today FBI Got Him, Tomorrow They Will Get Me’: LockBit, BlackCat Unite to Form Cyber Cartel (The Cyber Express) In the aftermath of a successful takedown of Alphv ransomware infrastructure, an unexpected alliance has emerged. LockBit and BlackCat/APLHV, two

Bandook - A Persistent Threat That Keeps Evolving (Fortinet Blog) FortiGuard Labs has uncovered a fresh threat - the latest generation of Bandook is being distributed via a Spanish PDF file. Learn more.…

BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (Proofpoint) Overview  Throughout the summer and fall of 2023, DarkGate entered the ring competing for the top spot in the remote access trojan (RAT) and loader category. It was observed in use by multiple cybe...

8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack (Hackread) The 8220 gang, believed to be of Chinese origins, was first identified in 2017 by Cisco Talos when they targeted Drupal, Hadoop YARN, and Apache Struts2 applications for propagating cryptojacking malware.

BidenCash darkweb market gives 1.9 million credit cards for free (BleepingComputer) The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals.

Android malware Chameleon disables Fingerprint Unlock to steal PINs (BleepingComputer) The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs.

Instagram users targeted in elaborate backup code phishing scheme (9to5Mac) A new strain of Instagram phishing emails has been detected, in which attackers attempt to trick victims into forking over...

An iPhone Thief Explains How He Steals Your Passcode and Bank Account (Wall Street Journal) Thieves are stealing iPhones, passcodes and thousands of dollars from their victims’ bank accounts. WSJ’s Joanna Stern sat down with a convicted thief in a high-security prison to find how—and how you can protect yourself. Photo illustration: The Wall Street Journal

Patient data stolen in ransomware attack affecting millions of healthcare victims (TechRadar) Supply chain attack resulted in the theft of sensitive patient data

Kansas City-area hospital transfers patients, reschedules appointments after cyberattack (Register) "We expect this process to take time," Missouri's Liberty Hospital said earlier this week as it began responding to a disruption to its systems.

Data stolen in cyber attack on St Vincent's Health network (ABC) St Vincent's Health says there is evidence that "some data" has been removed from its system, but it is still working to determine what information had been stolen.

Title insurance giant First American offline after cyberattack (BleepingComputer) First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack.

First American is the latest cybersecurity attack victim (HousingWire) First American suffers cybersecurity attack less than a month after the firm agreed to pay New York $1 million in cybersecurity settlement.

Breach exposed data of more than 1,400 detainees and 400 staff members, Wyatt detention facility says (Boston Globe) The Wyatt detention facility in Central Falls said it discovered a data breach on Nov. 2, and that personal data has been posted on the dark web, including financial and medical information.

What Hacked Files Tell Us About The Studio Behind Spider-Man 2 (Kotaku) Internal documents show how a big PlayStation studio plans its future

CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-49897 FXC AE1021, AE1021PE OS Command Injection Vulnerability CVE-2023-47565 QNAP VioStor NVR OS Command Injection Vulnerability

Security Patches, Mitigations, and Software Updates

OpenAI rolls out imperfect fix for ChatGPT data leak flaw (BleepingComputer) OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL.

Google Rushes to Patch Eighth Chrome Zero-Day This Year (SecurityWeek) Google warns of in-the-wild exploitation of CVE-2023-7024, a new Chrome vulnerability, the eighth documented this year.

ESET Patches High-Severity Vulnerability in Secure Traffic Scanning Feature (SecurityWeek) ESET has patched CVE-2023-5594, a high-severity vulnerability that can cause a browser to trust websites that should not be trusted.

ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products (Security Affairs) ESET fixes flaw in Secure Traffic Scanning Feature that could have been exploited to cause web browsers to trust untrustworthy sites

Microsoft deprecates Defender Application Guard for some Edge users (BleepingComputer) Microsoft is deprecating Defender Application Guard (including the Windows Isolated App Launcher APIs) for Edge for Business users.

CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool (Cybersecurity and Infrastructure Security Agency | CISA) CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations’ M365 cloud services per CISA’s recommended baselines.

CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) CISA released two Industrial Control Systems (ICS) advisories on December 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

Trends

NCC Group Monthly Threat Pulse - November 2023 (NCC Group) Ransomware attacks in November rise 67% from 2022

Cyber Threat Intelligence Report - November 2023 (NCC Group) Welcome to NCC Group’s monthly Cyber Threat Intelligence Report, bringing you exclusive insight into the latest Threat Intelligence, updates on recent and emerging advances in the threat landscape and a deep understanding of the latest Tactics, Techniques and Procedures (TTPs) of threat actors.

Twitter’s Demise Is About So Much More Than Elon Musk (The Atlantic) TikTok is eating microblogging as we’ve always known it.

America’s Spam-Call Scourge (The Atlantic) How robocalls disturbed a nation

Marketplace

Cisco to Acquire Isovalent, Add eBPF Tech to Cloud Portfolio (SecurityWeek) Isovalent raised about 70 million in funding from prominent investors including Microsoft’s venture fund, Google, and Andreessen Horowitz.

Cisco to acquire cloud-native networking and security startup Isovalent (TechCrunch) Cisco is acquiring cloud native networking and security startup Isovalent, giving it a key set of cloud native technologies.

Is Microsoft The Answer To Cybersecurity Risks Or The Problem? (Investor's Business Daily) Its cybersecurity business is booming. So what about those hacks that gave it a black eye?

DeNexus expands re/insurance and Insurance-Linked Securities expertise with new senior hire (PR Newswire) DeNexus Inc, a provider of second-generation cyber risk quantification and management services to industrial enterprises and critical...

GCA Announces Three New Appointments for its Board of Directors (Global Cyber Alliance) The Global Cyber Alliance (GCA), an international nonprofit that builds communities to deploy tools, services, and programs that provide cybersecurity at global scale, announced the appointment of three new Board Members: Michael Lashlee, Executive Vice President, Deputy Chief Security Officer at Mastercard, who has been a long term strategic advisor to GCA with Mastercard being a valued Premium Partner and sponsor of our Cybersecurity Toolkit for Small Business; Kiersten Todt, former Chief of Staff of the Cybersecurity and Infrastructure Security Agency (CISA), and Greg Kapfer, formerly Board Member of the Public Interest Registry (PIR).

Products, Services, and Solutions

Socure Eliminates More Than 200K Synthetic Identities in 2023 (PR Newswire) Socure, the leading provider of artificial intelligence for digital identity verification, sanction screening, and fraud prevention, today...

NetSPI Celebrates Momentous Year for its Partner Program, Achieves 30% Growth in 2023 (PR Newswire) NetSPI, the global leader in proactive security, today celebrates the achievements of its Partner Program in 2023, which experienced...

QuSecure™ Launches QuProtect™ Post-Quantum Cryptography Cybersecurity Software in AWS Marketplace (Yahoo Finance) QuSecure™, Inc., a leader in post-quantum cryptography (PQC), today announced the availability of its cutting-edge cybersecurity software QuProtect™ in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that makes it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS). This strategic move marks a significant milestone not only for QuSecure but also for the PQC market...

Technologies, Techniques, and Standards

DOD Issues Civilian Harm Mitigation, Response Instruction (U.S. Department of Defense) Defense Department officials have completed work on a DOD instruction that incorporates the direction of the department's civilian harm mitigation and response action plan.

DOD INSTRUCTION 3000.17: CIVILIAN HARM MITIGATION AND RESPONSE (U.S. Department of Defense) Consistent with Section 936 of Public Law 115-232, also known and referred to in this issuance as the “John S. McCain National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019”, as amended and codified as a note in Section 134 of Title 10, United States Code (U.S.C.), this issuance: • Establishes policy, assigns responsibilities, and provides procedures for civilian harm mitigation and response (CHMR). • Helps implement U.S. Government (USG) policy prescribed in Executive Order 13732. • Helps implement the August 25, 2022 DoD Civilian Harm Mitigation and Response Action Plan (CHMR-AP). • Will be implemented through the phased approach established by the CHMR-AP.

As British Library faces fallout of cyber attack—what can arts bodies do to combat ransomware threats? (The Art Newspaper) A hack that has limited the British Library’s access to its digital systems is the latest in a series of online raids on cultural institutions

Design and Innovation

How to Build Trust in Artificial Intelligence (The Information) Last month, OpenAI fired and then rehired CEO Sam Altman. When the dust settled, Open AI emerged looking even more like a for-profit corporation than a nonprofit, with a board that is indistinguishable from those of other tech startups—right down to the lack of diversity. This is a clear ...

Legislation, Policy, and Regulation

The Premature Quest for International AI Cooperation (Foreign Affairs) AI regulation must start with national governments.

Can AI be creative? Global copyright laws need an answer. (Atlantic Council) Advances in generative artificial intelligence have revealed serious shortcomings in global copyright laws.

New rules in UK could reimburse fraud victims up to £415,000 ($525,000) (Record) Expected in October 2024, the new rules represent a radical change to who is liable for losses incurred in fraud such as romance and investment scams.

Cyber Security Association of India Emphasizes Importance of Cyber Security in Power Sector (India Technology News) Cyber Security Association of India (www.ncsai.in) under the chairmanship of Lt Gen (Dr.) Rajesh Pant, Former National Cyber Security Coordinator organised Power Sector

Congress wants spy agencies to hire more experts in financial intelligence, emerging technology (Federal News Network) Congress wants spy agencies to hire more experts in financial intelligence, emerging technology

Litigation, Investigation, and Law Enforcement

Turkey’s ‘disinformation law’ weaponized to target journalists: int’l NGOs (Turkish Minute) A new report released jointly by several international NGOs details the worsening press freedom environment in Turkey, accusing the government of instrumentalizing the recently passed “disinformation law” to harass and silence journalists, the Stockholm Center for Freedom reported, citing the Evrensel newspaper.

Teen Who Leaked ‘Grand Theft Auto VI’ as Part of Lapsus$ Gang Put in Secure Hospital by UK Judge (Bloomberg) Arion Kurtaj placed in hospital to protect public from harm. Two teens sentenced for hacking, blackmailing tech firms.

Teenage Lapsus$ hacker sentenced to indefinite hospital confinement (Computing) An 18-year-old hacker associated with the cybercrime group Lapsus$ has been sentenced to an indefinite stay in a secure hospital after being involved in high-profile data breaches and extortion attempts.

U.S. appeals court finalizes mandate for forfeiture of Silk Road bitcoin (The Block) A U.S. appeals court finalized a mandate on Wednesday that formalizes the forfeiture of 69,370 bitcoin connected to the Silk Road.

Darknet site “Kingdom Market” has fallen (Cybernews) Law enforcement has taken down the illegal marketplace known as “Kingdom Market,” which specialized in drug trade and malware.