Two NATO warships, the Dutch vessel Evertsen and the Royal Navy's HMS Defender, operating in the Black Sea and visiting the Ukrainian port of Odessa, were falsely reported to have moved to disputed waters in the vicinity of the Russian-claimed port of Sevastopol. The USNI News reports that it seems Automatic Identification System (AIS) signals were falsified to give the impression that the warships had engaged in what effectively would have been a provocation. In fact, both ships remained in Odessa. Who falsified the AIS reports and how the spoofing was accomplished is unclear.
eSentire reports finding spoofed Google ads for the Signal and Telegram messaging apps that induce visitors to download RedlineStealer, information-harvesting malware whose take the criminals subsequently sell in various dark web souks.
Bishop Fox has found specially crafted HTML tags can use HTML parsing logic to bypass lexical parsing security controls and execute cross-site scripting attacks.
Secureworks has published its study of LV ransomware. The researchers conclude that LV isn't a distinct strain, but rather simply repurposed REvil malware.
The Colonial Pipeline and JBS ransomware incidents raised concerns about two critical infrastructure sectors, and recent reports have suggested that the water and wastewater sector has also come under attack. This morning BlueVoyant released a study of the US Defense Industrial Base that concludes that this sector, too, exhibits significant vulnerabilities, particularly among its smaller companies. Half of the three-hundred small and medium businesses studied were found critically vulnerable to ransomware; 28% fell short of CMMC requirements.