Lifeboat Foundation

The Russian-linked hacking group that’s been blamed for an attack on the U.S. government and a significant number of private U.S. companies last year is targeting key players in the global technology supply chain, according to cybersecurity experts at Microsoft.

Nobelium, as the hacking group is known, is infamous for the SolarWinds hack.

On Monday, Tom Burt, Microsoft corporate vice president of customer security and trust, said Nobelium has “been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”

The North Atlantic Treaty Organization (NATO), the military alliance of 30 countries that border the North Atlantic Ocean, this week announced that it would adopt its first AI strategy and launch a “future-proofing” fund with the goal of investing around $1 billion. Military.com reports that U.S. Defense Secretary Lloyd Austin will join other NATO members in Brussels, Belgium, the alliance’s headquarters, to formally approve the plans over two days of talks.

Speaking at a news conference, Secretary-General Jens Stoltenberg said that the effort was in response to “authoritarian regimes racing to develop new technologies.” NATO’s AI strategy will cover areas including data analysis, imagery, cyberdefense, he added.

In a wide-ranging interview at the WSJ Tech Live conference that touched on topics like the future of remote work, AI innovation, employee activism and even misinformation on YouTube, Alphabet CEO Sundar Pichai also shared his thoughts on the state of tech innovation in the U.S. and the need for new regulations. Specifically, Pichai argued for the creation of a federal privacy standard in the U.S., similar to the GDPR in Europe. He also suggested it was important for the U.S. to stay ahead in areas like AI, quantum computing and cybersecurity, particularly as China’s tech ecosystem further separates itself from Western markets.

In recent months, China has been undergoing a tech crackdown, which has included a number of new regulations designed to combat tech monopolies, limit customer data collection and create new rules around data security, among other things. Although many major U.S. tech companies, Google included, don’t provide their core services in China, some who did are now exiting — like Microsoft, which just this month announced its plan to pull LinkedIn from the Chinese market.

Pichai said this sort of decoupling of Western tech from China may become more common.

Grayscale wants to convert the trust to an ETF, one that owns bitcoins rather than futures, to lose the discount. Which raises a question: why has the Securities and Exchange Commission approved a bitcoin futures ETF, and not yet a plain bitcoin ETF? Bitcoin is tricky enough. Adding futures compounds the trickiness.

I’m not sure what the answer to this is, but it seems to be that bitcoin scares the SEC, because God knows where it originates (in a server farm somewhere in China?), who holds most of it (cyberbaddies?), what it is used for (illegal activity?), or what risks it may entail (hacking? Fraud?). Bitcoin futures, by contrast, are created and traded within the confines of the CME, under the watchful eye of the Commodity Futures Trading Commission, in the upstanding American city of Chicago.

And a few more words on margins.

A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles.

The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons.

The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information.

(2021). Nuclear Technology: Vol. 207 No. 8 pp. 1163–1181.

Focusing on nuclear engineering applications, the nation’s leading cybersecurity programs are focused on developing digital solutions to support reactor control for both on-site and remote operation. Many of the advanced reactor technologies currently under development by the nuclear industry, such as small modular reactors, microreactors, etc., require secure architectures for instrumentation, control, modeling, and simulation in order to meet their goals. ¹ Thus, there is a strong need to develop communication solutions to enable secure function of advanced control strategies and to allow for an expanded use of data for operational decision making. This is important not only to avoid malicious attack scenarios focused on inflicting physical damage but also covert attacks designed to introduce minor process manipulation for economic gain. ²

These high-level goals necessitate many important functionalities, e.g., developing measures of trustworthiness of the code and simulation results against unauthorized access; developing measures of scientific confidence in the simulation results by carefully propagating and identifying dominant sources of uncertainties and by early detection of software crashes; and developing strategies to minimize the computational resources in terms of memory usage, storage requirements, and CPU time. By introducing these functionalities, the computers are subservient to the programmers. The existing predictive modeling philosophy has generally been reliant on the ability of the programmer to detect intrusion via specific instructions to tell the computer how to detect intrusion, keep log files to track code changes, limit access via perimeter defenses to ensure no unauthorized access, etc.

Continue reading “Covert Cognizance: A Novel Predictive Modeling Paradigm” »

Cybereason, a Tel Aviv-and Boston, Massachusetts-based cybersecurity company providing endpoint prevention, detection, and response, has secured a $50 million investment from Google Cloud, VentureBeat has learned. It extends the series F round that Cybereason announced in July from $275 million to $325 million, making Cybereason one of the best-funded startups in the cybersecurity industry with over $713 million in the capital.

We reached out to a Google Cloud spokesperson, but they didn’t respond by press time.

The infusion of cash comes after Cybereason and Google Cloud entered into a strategic partnership to bring to market a platform — Cybereason XDR, powered by Chronicle — that can ingest and analyze “petabyte-scale” telemetry from endpoints, networks, containers, apps, profiles, and cloud infrastructure. Combining technology from Cybereason, Google Cloud, and Chronicle, the platform scans more than 23 trillion security-related events per week and applies AI to help reveal, mitigate, and predict cyberattacks correlated across devices, users, apps, and cloud deployments.

Plus: The biggest Twitch hack, an iOS zero day, and more of the week’s top security news.

The U.S. Cybersecurity Infrastructure and Security Agency (CISA) issues a warning about cyber threats targeting wastewater and water systems.