Dateline
Ukraine at D+434: Wipers, and a possible false flag. (CyberWire) Drones over the Kremlin may have been a false-flag operation. GRU wipers reappear in Ukrainian networks.
Russia-Ukraine war at a glance: what we know on day 435 of the invasion (the Guardian) Ukrainian air defences shoot down 18 of 24 drones launched overnight; Zelenskiy to meet with ICC in The Hague
Russia-Ukraine war: List of key events, day 435 (Al Jazeera) As the war enters its 435th day, we take a look at the main developments.
Russia-Ukraine war live: US denies involvement in Kremlin drone attack; Zelenskiy calls for ICC to punish Putin (the Guardian) White House says: ‘We had nothing to do with this’; Ukraine’s president says ‘whoever brings war must receive judgement’ in speech to ICC
Death toll rises to 23 after Russian shelling of Ukraine's Kherson, governor says (Reuters) Russian shelling killed 23 people in and near the southern Ukrainian city of Kherson on Wednesday, hitting a hypermarket, a railway station and residential buildings, the regional governor said.
Fire, Explosions, Drone Attack Reported In Russian Regions Close To Ukraine (RadioFreeEurope/RadioLiberty) Fire, damaging explosions on railways, and a drone attack targeting a military airport have been reported in two Russian regions close to Ukraine, Krasnodar and Bryansk.
Kremlin drones: assassination attempt or something else? (The Telegraph) In the early hours, two drones crashed out of the Moscow sky into the Senate Palace, which the Kremlin denounced as an act of terrorism
Russia accuses US of being behind drone attack on Kremlin (the Guardian) Putin’s spokesperson claims, without providing evidence, that Washington was involved in alleged attempt to kill president
Zelenskiy Denies Kremlin Accusation That Kyiv Was Behind Alleged Drone Attack (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy said his country did not attack Moscow or Russian President Vladimir Putin, denying Russia's claim that Ukraine was behind an alleged overnight drone attack aimed at hitting Putin's residence inside the Kremlin.
Real or not, reported Kremlin drone attack unsettles Russia (AP NEWS) A cloud of questions hangs over Russia's claim that two Ukrainian drones flew into the very heart of Moscow under the cover of darkness, reaching the Kremlin before they were shot down at the last minute. Such an attack would be the most severe penetration of Russian airspace since German teen Matthias Rust landed his little single-engine plane on the fringes of Red Square in 1987. Announcing the attack — or even faking it — risks Russia undermining its citizens’ trust in its frequent assertions of military superiority. Even more unsettling is that it occurred less than a week before Victory Day, Russia’s paramount military holiday held on Red Square.
Kremlin drones: assassination attempt or something else? (The Telegraph) In the early hours, two drones crashed out of the Moscow sky into the Senate Palace, which the Kremlin denounced as an act of terrorism
Russian hawks demand brutal revenge for Kremlin drone strike ‘terrorist attack’ (The Telegraph) Assault on Vladimir Putin’s seat of power leaves angered security chief threatening the ‘elimination of Zelensky and his cabal’
Kremlin Cronies Compare Alleged Drone Attack to 9/11 (The Daily Beast) Never mind that no one was even injured.
Four Possibilities for the Kremlin Attack (The Atlantic) Moscow claims Ukraine struck the Kremlin. The truth is likely worse.
Fake or not, the Kremlin attack is extremely humiliating for Putin (Telegraph) Russian president may have orchestrated explosion to justify full mobilisation, but there are less embarrassing ways to whip up hysteria
Ukraine Seeks to Bolster Air Defenses After Russian Missile Barrages (Wall Street Journal) Ukrainian President Volodymyr Zelensky said further steps were being taken to shield the country’s skies after Russia killed scores of people in two deadly missile barrages.
Kuleba Says EU Move To Provide Ukraine With More Ammunition Is Step Kyiv's Been Waiting For (RadioFreeEurope/RadioLiberty) Ukrainian Foreign Minister Dmytro Kuleba said a decision by the European Union to allocate hundreds of millions of euros for the purchase and production of ammunition and missiles for Ukraine is a step that Kyiv has been waiting for.
DOD Announces Latest Security Assistance Package for Ukraine (U.S. Department of Defense) The Defense Department announced an additional security assistance package for Ukraine containing more ammunition for U.S.-provided High Mobility Artillery Rocket Systems and other weapons.
Fact Sheet on U.S. Security Assistance to Ukraine (U.S. Department of Defense) In total, the United States has committed more than $36.4 billion in security assistance to Ukraine since the beginning of the Biden Administration, including more than $35.7 billion since the beginning of Russia’s unprovoked and brutal invasion on February 24, 2022.
Russian defense chief wants to double wartime missile output (Military Times) Russia’s defense chief is urging a state company to double its missile output as a possible Ukrainian counteroffensive looms.
Russian hackers use WinRAR to wipe Ukraine state agency’s data (BleepingComputer) The Russian 'Sandworm' hacking group has been linked to an attack on Ukrainian state networks where WinRar was used to destroy data on government devices.
WinRAR as a "cyberweapon". Destructive cyberattack UAC-0165 (probably Sandworm) on the public sector of Ukraine using RoarBat (CERT-UA#6550) (CERT-UA) The Government Computer Emergency Response Team of Ukraine CERT-UA implements the Law of Ukraine "On the Basic Principles of Cyber Security of Ukraine" to take organizational and technical measures to prevent, detect and respond to cyber incidents and cyber attacks and eliminate their consequences.
Swedish parliament website hit by DDoS attack (Reuters) Sweden's parliament has been hit by a so called distributed denial-of-service (DDoS) attack that has disrupted access to its web page, it said on Wednesday.
Opinion: The chilling logic behind Russia’s deportation of children (CNN) Over the course of the war, Russia has forcibly transferred at least 20,000 Ukrainian children to its territory, according to Ukrainian officials. But as historians Kristina Hook and Oleksandra Gaidai write, Moscow has a history of mass deportations going back centuries.
Ukraine war: Zelensky visits The Hague after new strikes in Ukraine (BBC News) The Ukrainian president is in western Europe amid speculation over Wednesday's drone attack on the Kremlin.
Zelenskiy Calls For Creation Of Special Court To Try Russia's Crimes In Ukraine (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy, in a speech at the International War Crimes Tribunal (ICC) in The Hague, has called for the creation of a special court to try Russian war crimes in Ukraine and for the prosecution of President Vladimir Putin for his "criminal actions."
The Taxman Cometh: Russian Bloggers Hit With Evasion Claims Amid Ballooning Wartime Budget Deficit (RadioFreeEurope/RadioLiberty) Russia has accused three top bloggers of tax evasion and is reportedly investigating dozens more. It comes as the state budget falters and the Kremlin stifles individual voices amid its war on Ukraine.
Attacks, Threats, and Vulnerabilities
The malware threat landscape: NodeStealer, DuckTail, and more (Engineering at Meta) We’re sharing our latest research and analysis into malware campaigns that are targeting online businesses — including newer malware posing as AI tools.
Facebook disrupts new NodeStealer information-stealing malware (BleepingComputer) Facebook discovered a new information-stealing malware distributed on Meta called 'NodeStealer,' allowing threat actors to steal browser cookies to hijack accounts on the platform, as well as Gmail and Outlook accounts.
NodeStealer Malware Targets Gmail, Outlook, Facebook Credentials (Decipher) The new malware was found stealing saved usernames and passwords in browsers in order to compromise business Gmail, Outlook and Facebook accounts.
Attack on Security Titans: Earth Longzhi Returns With New Tricks (Trend Micro) After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.
Earth Longzhi Uses "Stack Rumbling" to Disable Security Software (Infosecurity Magazine) Trend Micro analyzed two separate Earth Longzhi campaigns between 2020 and 2022
Cyber-espionage campaigns targeting military personnel in South Asia, Meta warns (Record) A Pakistan-linked group is one of three South Asian operations described in Meta’s quarterly adversarial threat report.
Tick-box GDPR Compliance and High Cyberattack Volumes Put European Data at Risk (comforte) comforte AG announced research revealing that European IT and security leaders may be dangerously over-confident in their ability to avoid cyberattacks.
'ChatGPT is the new crypto': Meta warns hackers are exploiting interest in the AI chatbot (CNN) Hackers have seized on worldwide interest in the artificial intelligence-powered tool ChatGPT in an effort to break into people's devices, Facebook owner Meta revealed in a security report Wednesday, equating the phenomenon to the surge in cryptocurrency scams.
Meta says ChatGPT-related malware is on the rise (Reuters) Facebook owner Meta said on Wednesday it had uncovered malware purveyors leveraging public interest in ChatGPT to lure users into downloading malicious apps and browser extensions, likening the phenomenon to cryptocurrency scams.
Hackers Promise AI, Install Malware Instead (SecurityWeek) Security researchers found malicious software posing as ChatGPT or similar AI tools, Meta CISO Guy Rosen said in a briefing.
The Fake Firefighter PayPal Scam (Avanan) Hackers are sending legitimate PayPal invoices to solicit fake donations.
Using Discord? Don’t play down its privacy and security risks (WeLiveSecurity) It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, privacy and security threats lurking on Discord.
MacBook users beware: Atomic Stealer malware gets new capabilities (Record) The infostealer often arrives disguised as a download of legitimate software. Researchers at SentinelOne say the malware is more targeted at financially oriented cybercrime now.
MacBook users beware: Atomic Stealer malware gets new capabilities (Record) The infostealer often arrives disguised as a download of legitimate software. Researchers at SentinelOne say the malware is more targeted at financially oriented cybercrime now.
City of Dallas likely targeted in ransomware attack, city official says (Dallas News) A spokeswoman for Dallas police confirmed the department's website is down due to an outage affecting the city. The extent of the outage is unknown at this...
Dallas city government confirms ransomware attack affecting police and other services (Record) The city of Dallas confirmed on Wednesday that it is dealing with a ransomware attack that has affected numerous IT systems and shut down the website of the police department.
Dallas, Texas hit by ransomware attack (Computing) Police and court websites have been impacted by the attack, which seems to have been executed by the Royal ransomware group
Brightline data breach impacts 783K pediatric mental health patients (BleepingComputer) Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform.
Brightline continues notifying clients of GoAnywhere incident; count continues to rise (more than 1 million) (Data Breaches) Updated May 3: When DataBreaches checked Clop’s leak site today, the listing for Brightline was gone. Whether this means that they paid Clop to get it removed, or if its removal is just temporary remains to be seen.
Cybercrime groups find a new target: religious institutions (Record) Two well-established hacking groups claimed attacks on religious organizations over the weekend, a foray into a new arena for gangs that typically focus their attention on corporations and government agencies.
Cyberattacks hit religious organizations (SC Media) South Carolina-based Relentless Church and Catholic publishing firm Our Sunday Visitor have been claimed to be compromised in separate cyberattacks during the weekend, reports The Record, a news site by cybersecurity firm Recorded Future.
The Fake Firefighter PayPal Scam (Avanan) Hackers are sending legitimate PayPal invoices to solicit fake donations.
Security Patches, Mitigations, and Software Updates
Mystery Apple security update sparks speculation (ComputerWeekly.com) Apple releases its first Rapid Security Response update for iPhone, iPad and Mac devices, but users are in the dark about what security problems they have fixed.
Trends
Companies need a wakeup call to fix chronic security shortcomings, cyber experts say (Cybersecurity Dive) One researcher wonders if the industry needs another Snowden-like moment to spring organizations into action.
Fight Against Ransomware Follows Government Recommendations (Bloomberg) Payments to hacking gangs are down across the board, according to researchers.
Marketplace
Moonsense Raises $4.2 Million in Seed Funding and Introduces Next-Gen User Behavior and Network Intelligence Solution to Future-Proof Fraud Prevention (Business Wire) Hassle-free initial trial, harnesses digital body language and source data for enhanced fraud detection
BioCatch, the Leading Online Fraud Detection Platform, welcomes Permira Growth Opportunities as a significant shareholder (PR Newswire) BioCatch, the pioneer of behavioral biometrics intelligence and a global leader in digital fraud detection, today announced that Permira Growth...
CultureAI secures £7m seed funding to reduce human security risks (FinTech Global) CultureAI, the number one human risk management platform for security and awareness teams, has raised £7 million in seed funding. The investment came from Conviction VC, Passion Capital, Senovo, and angel investors Paul Forster, founder of Indeed, and Guntram Friede, formerly Head of Marketing EMEA at Mulesoft.
Bishop Fox lays off employees days after throwing conference party (TechCrunch) Cybersecurity firm Bishop Fox laid off 13% of its employees a few months after announcing an expansion in the U.K. and raising $129 million.
Md. cybersecurity group lands Alan Paller Laureate Program grant (Maryland Daily Record) Chris Abell, executive director of Carroll Technology and Innovation Council, Wednesday was named an inaugural grant winner in the Alan Paller Laureate Program. Paller was the co-founder of the Center for Internet Security and former CIS board member, as well as the founder of the SANS Institute and SANS Technology Institute, the nation’s first regionally accredited, […]
Products, Services, and Solutions
Veza debuts Authorization Platform for Data in AWS Marketplace and… (Veza) November 8, 2022 , Veza , the identity-first security platform for data, announced today that its Core Authorization Platform is now available to purchase in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors (ISV) that make it easy to find,…
DoControl Brings the Power of SaaS Security Workflows to Atlassian Jira Software (PR Newswire) DoControl, the no-code Software as a Service (SaaS) security company, today announced it has integrated with Atlassian Jira Software to add a...
Lumu and Carahsoft Partner to Bring Powerful Cybersecurity Solutions to Government Agencies (Access Wire) Lumu, creators of the Continuous Compromise Assessment® cybersecurity model that empowers organizations to measure compromise in real time, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced a partnership.
RF Code Partners With Managed Service Provider To Help Organizations Manage Remote IT Edge Locations (PR Newswire) RF Code, a pioneer of automated, real-time physical asset lifecycle management and environmental monitoring solutions, today announced a...
Keeper Security Joins Pax8 to Aid MSPs In Mitigating Password-Related Cyber Risks (PR Newswire) Keeper Security, a renowned industry leader in exceptional password management, secrets management, privileged access, secure remote access and...
Booz Allen Selects Credo AI to Deliver Responsible AI Solutions to the US Federal Government (Business Wire) Strategic investment deepens expertise in operationalizing responsible AI at scale
Technologies, Techniques, and Standards
CISA Advises FCC Covered List For Risk Management (Infosecurity Magazine) Some of the companies included in the list are Huawei, ZTE, Dahua and China Unicom
US cyber leaders look to AI to augment network activities (C4ISRNet) If planes can fly and land using autopilot, ARCYBER boss Lt. Gen. Maria Barrett said, it is "not scary to run a network in an automated way."
Advancing The Security Operations Center (SOC): New Technologies and Processes Can Help Mitigate Cyber Threats (Forbes) A vital and important development to meet numerous cyber-threat challenges is the development of enhanced capabilities in Security Operations Centers (SOCs)
How one researcher used ChatGPT to fool a hacker (Venture Beat) The release of GPT-4 back in March has changed enterprise security forever. While hackers have the ability to jailbreak these tools and generate malicious code, security teams vendors have also begun experimenting with generative AI’s detection capabilities. However, one security researcher has quietly developed an innovative new use case for ChatGPT: deception.
Design and Innovation
The beginning of the end of the password (Google) We’ve begun rolling out support for passkeys across Google Accounts on all major platforms as an additional option that people can use to sign in.
So long passwords, thanks for all the phish (Google Online Security Blog) By: Arnar Birgisson and Diana K Smetters, Identity Ecosystems and Google Account Security and Safety teams Starting today , you can create a...
Google Is Rolling Out Password-Killing Tech to All Accounts (WIRED) The tech industry’s transition to passkeys gets its first massive boost with the launch of the alternative login scheme for Google’s billions of users.
Academia
University of Waterloo ends research partnerships with Huawei, amid security concerns over China (Toronto Star) Move is “extremely significant” for one of Canada’s top research universities and is seen as a possible precedent-setter for other institutions.
Legislation, Policy, and Regulation
Terry Glavin: Why we may have finally reached a tipping point on Chinese interference (National Post) Evidence of Beijing's terrorizing of Chinese-Canadians, and its manipulation of Canadian politicians, has been in plain sight for years
Authorized strategic intelligence disclosures are likely here to stay, US officials say (DefenseScoop) Officials described how the authorized disclosures of intelligence in the run up to Russia's invasion of Ukraine will likely be a tactic used if things heat up with China.
Opinion | Lina Khan: We Must Regulate A.I. Here’s How. (New York Times) Lina Khan, chair of the Federal Trade Commission, on the agency’s oversight of the A.I. revolution.
Microsoft Economist Warns Bad Actors Will Use AI to Cause Damage (Bloomberg) Danger of election interference cited by Michael Schwarz. He sees ‘clearly’ a need to regulate Artificial Intelligence.
Alphabet and Microsoft Are Among Firms Attending White House Meeting on AI Safeguards (Bloomberg) Biden officials aim to mitigate risks from emerging technology. Generative AI has come under scrutiny as popular use explodes.
Pentagon chief AI officer 'scared to death' of potential for AI in disinformation (Breaking Defense) “Here’s my biggest fear about ChatGPT,” Craig Martell said. “It has been trained to express itself in a fluent manner. It speaks fluently and authoritatively. So you believe it even when it’s wrong… And that means it is a perfect tool for disinformation..."
Lawmakers again want to advance the EARN IT Act. Cybersecurity experts still oppose it. (Washington Post) For years, many cybersecurity and privacy experts have criticized a bill aiming to curb child sexual abuse material (CSAM) online, arguing that it could also undermine end-to-end encryption.
Litigation, Investigation, and Law Enforcement
End police spyware use until it's regulated - Public Defender’s Office (The Jerusalem Post) The Public Defender's Office argued that the use of spyware by police was not addressed in any legislation, and wasn't covered in the Wiretapping Law.
FTC proposes barring Meta from monetizing kids' data (CNBC) According to the FTC, an independent assessor found "several gaps and weaknesses in Facebook's privacy program" that posed "substantial risks to the public."
Briefing: FTC Seeks To Block Meta From Releasing New Products Until Privacy Concerns Resolved (The Information) The Federal Trade Commission proposed major new restrictions on Facebook owner Meta Platforms, including preventing the company from releasing new products until it can prove its privacy program is in compliance with past FTC orders. The commission also wants to block Meta from profiting off data it collects on users under 18 years of age, the agency said Wednesday.
Cybercriminal Network Fueling the Global Stolen Credit Card Trade is Dismantled (US Department of Justice) “Today is a bad day for criminals who relied on the defendant’s platform as the gold standard to verify that the credit cards they stole from hard working individuals living in the Eastern District of New York and across the world had value,” stated United States Attorney Peace. “Today’s indictment and global takedown of the Try2Check website demonstrates that the Office, together with our partners, will disrupt cybercrime operations no matter where they are based.”
Secret Service, State Department Offer Up To $10 Million Dollar Reward For Information On Wanted International Fugitive
(US Secret Service) U.S. Secret Service in partnership with the Department of State’s Bureau of International Narcotics and Law Enforcement Affairs (INL) today announced a reward of up to $10 million dollars for information leading to the arrest and/or conviction of a wanted international fugitive.
Police dismantles Try2Check credit card verifier used by dark web markets (BleepingComputer) The U.S. Department of Justice announced today the indictment of Russian citizen Denis Gennadievich Kulkov, suspected of running a stolen credit card checking operation that generated tens of millions in revenue.
Russian national charged for role in stolen credit card verification scheme (CyberScoop) Prosecutors say Denis Kulkov earned at least $18 million in Bitcoin through his service that checked the status of stolen credit cards.
Former Uber Security Chief to Be Sentenced for Federal Crimes (Wall Street Journal) The cybersecurity industry has been divided between support for a peer and calls for stronger responsibilities