Dateline Moscow and Kiev (also Washington, Vilnius, and Brussels): Russo-Ukrainian tension and the future of open source software security.
Russo-Ukrainian tension and the future of open source software security. (The CyberWire) Cyberattacks of unclear (but probably Russian) origin hit Ukrainian websites. The FSB "liquidates" REvil. And the US moves toward an approach to open-source software security.
'Massive' Cyberattack Hits Ukraine Government Websites (The Moscow Times) The attack comes as tensions between Russia and the West soar over the strategic ex-Soviet country.
Cyberattack in Ukraine targets government websites (Washington Post) A cyberattack left a number of Ukrainian government websites temporarily unavailable on Friday, officials said.
Multiple Ukrainian government websites taken down in major cyber attack (Computing) Messages left in three languages threatening publication of private data
Hackers deface Ukrainian government websites (The Record by Recorded Future) Hackers have defaced multiple websites belonging to the Ukrainian government after talks between Ukrainian, US, and Russian officials hit a dead end on Thursday.
Russia and Ukraine Conflict Should Raise Cybersecurity Concerns (Dice Insights) Here’s why several experts believe IT and cybersecurity professionals need to watch these Russia/Ukraine developments carefully.
No new red lines can be drawn in Europe – Lithuanian president (Baltic Times) No new red lines can be drawn in Europe, Lithuanian President Gitanas Nauseda has said after a phone call with NATO Secretary Ge...
Belarus: Cyber upstart, or Russian staging ground? (CyberScoop) As the prospect of further Russian aggression in Ukraine looms, the Biden administration is concerned about Russian cyber operations against the U.S. and its allies. Yet as the White House engages with Moscow and builds out plans around these risks, it must watch an overlooked development in Russia’s near-abroad: growing cyber integration between Belarus and the Kremlin.
Does CISA’s Russia Alert Miss the Mark for Critical Infrastructure Security? (SDxCentral) CISA issued an alert warning about ongoing Russian state-sponsored threats against critical infrastructure and how to reduce the risk.
Russia Thinks America Is Bluffing (Foreign Affairs) To deter a Ukraine invasion, Washington’s threats need to be tougher.
Russia's defense industry might not survive an invasion of Ukraine (Breaking Defense) Russian industry is already struggling with sanctions and export limits. An invasion of Ukraine could be disastrous for them - and, politically, might spell doom for Vladimir Putin's regime.
ПРЕСЕЧЕНА ПРОТИВОПРАВНАЯ ДЕЯТЕЛЬНОСТЬ ЧЛЕНОВ ОРГАНИЗОВАННОГО ПРЕСТУПНОГО СООБЩЕСТВА (Федеральная Служба Безопасности) Федеральной службой безопасности Российской Федерации во взаимодействии со Следственным департаментом МВД России в городах Москве, Санкт-Петербурге, Московской, Ленинградской и Липецкой областях пресечена противоправная деятельность членов организованного преступного сообщества.
ФСБ по запросу США провела спецоперацию против хакеров REvil (Interfax) Участникам хакерской группы REvil, причастной к ряду атак на крупные американские компании, в России предъявлено обвинение, сейчас сообщество и его инфраструктура ликвидированы, сообщили "Интерфаксу" в Центре общественных связей (ЦОС) ФСБ.
Russia Lays the Smackdown on REvil Ransomware Gang (SecurityWeek) Russia on Friday said it cracked down on the infamous REvil hacking group, and it was reportedly done at the request of the United States.
Russia arrests, dismantles REvil hacking group at U.S. request - FSB (Reuters) Russia has conducted a special operation against ransomware crime group REvil at the request of the United States and has detained and charged the group's members, the FSB domestic intelligence service said on Friday.
Readout of White House Meeting on Software Security (The White House) Today, the White House convened government and private sector stakeholders to discuss initiatives to improve the security of open source software and ways
Making Open Source software safer and more secure (Google) We welcomed the opportunity to participate in the White House Open Source Software Security Summit today.
Red Hat Statement on White House Open Source Security Summit (Business Wire) Matt Hicks, executive vice president of Products and Technologies at Red Hat, Chris Wright, senior vice president and chief technology officer (CTO),
White House Convenes Open-Source Security Summit Amid Log4j Risks (Wall Street Journal) The Biden administration hosted a meeting of major technology companies, federal agencies and nonprofits Thursday to discuss cybersecurity problems with open-source technology, amid concerns that free, but flawed, software could leave critical infrastructure open to attack.
White House will meet execs from Apple, Amazon, IBM to discuss software security (Reuters) The White House will meet executives from leading tech firms, including Alphabet-owned Google , Apple Inc and Amazon.com Inc , on Thursday to discuss software security after the United States suffered several major cyberattacks last year.
Apple, Amazon, IBM to discuss open software security at White House | AppleInsider (AppleInsider) Executives from technology firms including Apple are to attend a White House cybersecurity meeting on Thursday, following multiple attacks on the US that exploited open-source software.
Open Source Developer Intentionally Corrupts NPM Libraries; Suspected Hack Turns Out to be Mischief (CPO Magazine) “Colors” and “JS” are widely-used “no padding margin” (NPM) libraries, modules that are used in JavaScript and Node.js projects. Thousands of companies that use them have just learned that the hidden price of free software is that the open source developer may withdraw their consent at any time, for whatever reason might occur to them.
Attacks, Threats, and Vulnerabilities
US Cyber Command Discloses MuddyWater Malware Samples (Decipher) The U.S. government gave details on 17 MuddyWater samples and linked the threat group to the Iranian intelligence service.
Iran-Based APT35 Group Exploits Log4J Flaw (eSecurityPlanet) The Apache Log4j Log4Shell vulnerability is being targeted by one major threat group, and others will likely follow.
U.S. confirms Iranian intel behind hacker group that hit Israel, Saudi Arabia (haaretz.com) MuddyWater, said to be working for Iran’s Revolutionary Guard, has been linked to attacks and cyberespionage operations across the world, including an attempted airline hack
US Military Ties Prolific MuddyWater Cyberespionage APT to Iran (Threatpost) US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.
The BlueNoroff cryptocurrency hunt is still on (SecureList) It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income.
North Korean Hackers Stole Nearly $400M in Crypto Last Year (Wired) The regime had a “banner year,” thanks to skyrocketing cryptocurrency values and a new generation of vulnerable startups.
North Korea stole a record $400 million in cryptocurrency last year, researchers say (NBC News) North Korea stole nearly $400 million in cryptocurrency in 2021, particularly ethereum, researchers have found.
North Korean hackers stole nearly $400M in cryptocurrency in 2021 (The Record by Recorded Future) Hackers working for the North Korean government are believed to have stolen almost $400 million worth of cryptocurrency from seven hacked companies over the course of 2021, up from the $300 million they stole from four companies the year before.
Who is the Network Access Broker ‘Wazawaka?’ (KrebsOnSecurity) In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to…
Kronos hackers stole personal info of Metro-North workers, MTA says (New York Post) Ransomware hackers who breached the network of MTA timeclock provider Kronos made off with the personal information of several current and former Metro-North employees, transit leadership said Thur…
Cyber attack in Albuquerque latest to target public schools (AP NEWS) When the superintendent of Albuquerque Public Schools announced earlier this week a cyber attack would lead to the cancellation of classes for around 75,000 students, he noted that the district’s technology department had been fending off attacks “for the last few weeks.”
Albuquerque schools are having a cybersecurity snow day—and they aren't alone (The Record by Recorded Future) Schools are increasingly having to take days off for cyberattacks like they have to take off for extreme weather.
Security Patches, Mitigations, and Software Updates
Windows 'RemotePotato0' zero-day gets an unofficial patch (BleepingComputer) A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "won't fix."
Cisco Patches Critical Vulnerability in Contact Center Products (SecurityWeek) Cisco on patches a critical vulnerability in Unified Contact Center Management Portal (CCMP) and Unified Contact Center Domain Manager (CCDM) that could be exploited remotely to elevate privileges.
Trends
Embracing Change with Software Licensing State of Software Monetization 2022 (Thales) Software delivery methods have changed significantly over time. Today, software-asa-service (SaaS) is considered to be the most popular way for independent software (ISV) and intelligent device (IDV) vendors to deliver software. There are many advantages associated with SaaS products. The primary advantage associated with SaaS is the ability to offer subscription options to customers demanding more flexible licensing options. Although this is not limited to SaaS, it is a main driver of this shift.
Cyber Insights 2022: Adversarial AI (SecurityWeek) Adversarial AI – or the use of artificial intelligence and machine learning within offensive cyber activity – comes in two flavors: attacks that use AI and attacks against AI
Top Attack Vectors: December 2021 (Expel) This report dives into the top attack vectors and trends among the incidents our SOC investigated in December 2021. Learn our key recommendations to protect your org from these types of attacks.
Router security survey 2022 (Broadband Genie) Way back in 2018, Broadband Genie ran a survey looking at Wi-Fi router security. In that poll, we asked how many people had ever made changes to their router settings, such as choosing a new admin password or updating the firmware.
How Cybercriminals Are Cashing in on the Culture of 'Yes' (Dark Reading) The reward is always front of mind, while the potential harm of giving out a phone number doesn't immediately reveal itself.
Marketplace
Germany’s SoSafe raises $73M Series B led by Highland to address human error in cyber (TechCrunch) As we’ve learned in the last few years, “human error”-led cybersecurity breaches are the ones companies often find hardest to guard against. Surveys suggest some 85% of attacks can be traced back to the human factor. Thus startups built to alleviate this gap — such as the U.K.’s Cybsafe…
Mimecast spurns Proofpoint's higher take-private bid over antitrust concerns (Reuters) Mimecast Ltd , the email security provider that announced a deal to go private last month, has rejected a higher offer from Thoma Bravo-backed Proofpoint due to antitrust risks, according to regulatory filings and sources familiar with the situation.
Godspeed Capital Acquires Exceptional Software Strategies, Inc. (Business Wire) Godspeed Capital Management LP (“Godspeed Capital”), a lower middle-market Defense & Government services, solutions, and technology focused privat
ZDI Announces Rules and Prizes for Pwn2Own 2022 (SecurityWeek) ZDI has announced that over $1 million in cash and prizes are being offered at Pwn2Own Vancouver 2022, including up to $600,000 for hacking Tesla cars.
Tanium Honored as One of the Best Places to Work in 2022, A Glassdoor Employees’ Choice Award Winner (Business Wire) Tanium has been honored with a Glassdoor Employees’ Choice Award, recognizing the Best Places to Work in 2022.
Onapsis Appoints Denis Cashman as Chief Financial Officer (Business Wire) Onapsis, the leader in business-critical application cybersecurity and compliance, today announced the appointment of Denis Cashman as Chief Financial
Anomali Appoints Chris Peterson as Vice President of Global Channel and Technology Partnerships (StreetInsider.com) Peterson Will Leverage Global Partner Sales and Services Teams to Lead Efforts that Meet Rising Demand for Anomali Cyber Detection and Response Solutions
Radware Appoints Guy Avidan Chief Financial Officer (GlobeNewswire News Room) Radware® (NASDAQ: RDWR) announced today the appointment of Guy Avidan as its new chief financial...
Products, Services, and Solutions
Available Now: Complete Log4j Vulnerability Discovery Solution for Corvus Policyholders (Corvus Insurance) Today we’re inviting all Corvus policyholders to request a scan to help determine if they are vulnerable to attacks on the Log4j zero-day vulnerability.
FNTS to Leverage Astadia’s FastTrack Migration Factory for Accelerating Mainframe-to-Cloud Migrations (FNTS) Two IT industry leaders with a combined 50-plus years of mainframe expertise have partnered to help organizations with mainframe modernization.
StratoKey releases Cloud Compliance Manager (CCM) (PR Newswire) StratoKey, a leading provider of cloud security and data protection solutions, announced the release of their Cloud Compliance Manager (CCM)...
New York Power Authority to beef up cybersecurity with new IronNet, AWS deal (ZDNet) New York Power Authority is the nation's largest state public power organization.
IronNet collaborates with New York Power Authority to defend key supply chain partners (Help Net Security) IronNet announced an expanded partnership with the New York Power Authority (NYPA to secure the state of New York’s public energy ecosystem.
Learn How IronNet and AWS Helped a State Power Authority Prevent Cyberattacks at a Scale (Techwire) IronNet Inc. joined forces with AWS to deploy IronNet’s Collective Defense cybersecurity platform to protect the New York power grid from well-funded and nation-state-sponsored threats. IronNet enables organizations to secure their networks by delivering a Collective Defense platform that operates…
Thales introduces the first all-French collaborative platform approved to handle "restricted level" information (Thales Group) Thales has launched TrustNest Restricted, France’s first collaborative platform approved to handle "restricted level" information. Secure applications on the platform will support new hybrid (physical and virtual) working practices and ...
SentinelOne Expands Partner Ecosystem with New Zero Trust, CNAPP, Patch Management, and Threat Simulation Integrations (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced integrations with Remediant, Blue Hexagon, Keysight, and Automox,
Technologies, Techniques, and Standards
Lessons learned: How to prevent the next SolarWinds attack (ITP.net) ITP.net speaks to industry experts on lessons learned following the SolarWinds cyber-attack.
Learn about 4 approaches to comprehensive security that help leaders be fearless - Microsoft Security Blog (Microsoft Security Blog) The last 18 months have put pressure on organizations to speed up their digital transformation as hybrid work continues to become the new normal. Yet even with all the change and uncertainty, having the right security support system in place means your organization can still move forward confidently to turn your vision into reality.
Most companies are failing to implement their zero trust strategies effectively (TechRadar) Benefits of ZTNA are obvious to most, report says
Design and Innovation
New Paper Addresses Bias and Insider Threat Programs (Hstoday) Bias undermines the effectiveness of insider threat programs by diverting attention to low risks and causing higher risks to go unexamined.
Research and Development
Smart device security the focus of newly funded research (Security Brief) Research out of the University of Southern Queensland in Australia has been funded to help make smart devices and connected technology safer.
22 DHS S&T Questions to Start Off 2022 - HS Today (Hstoday) Agency explores emerging science and technology areas and their potential threat and/or application to DHS missions.
Academia
Mercer named a member of U.S. CYBERCOM Academic Engagement Network (The Den) Mercer University was recently selected as a member of the U.S. Cyber Command (CYBERCOM) Academic Engagement Network (AEN), consisting of 84 colleges and universities representing 34 U.S. states and the District of Columbia.
Legislation, Policy, and Regulation
US ‘Clean Network’ is synonym for coercive diplomacy: Foreign Ministry (Global Times) The US’ so-called Clean Network program has proven to be a synonym for coercive diplomacy, Chinese foreign ministry spokesperson Wang Wenbin said on Thursday, after a former UK government minister admitted that the UK banned Huawei’s 5G equipment under the US’ pressure.
Turkey Could Lose Big in the Russia-Ukraine Standoff (Foreign Policy) Conflict could topple Ankara’s delicate balancing act between NATO and Russia.
Kazakhstan Exposes the Central Flaw of Biden’s Foreign-Policy Doctrine (Foreign Policy) Lofty democratic rhetoric can’t compete with autocratic boots on the ground. That should make Washington uncomfortable.
Looks like no respite for Huawei from Biden (Light Reading) Trump's State Department launched a 'Clean Networks' initiative that rallied US allies against Huawei. Biden's new 'Alliance for the Future of the Internet' likely will do the same.
No one reads the terms of service. Lawmakers want to fix that with a new 'TLDR' bill. (Washington Post) No one reads the terms of service. Lawmakers want to fix that with a new 'TLDR' bill.
Is there a path forward in Congress for mandatory cyber incident reporting? (FCW) A group of lawmakers is seeking legislation that would require private companies to report cyber incidents and ransomware attacks to the Cybersecurity and Infrastructure Security Agency, despite their efforts being derailed late last year.
US Government Seeks Mandatory Cyber & Ransomware Reporting Requirements - Government, Public Sector - United States (Mondaq) In the wake of recent high-profile cyber and ransomware attacks, Congress and the Biden administration have joined forces, in an increasingly rare show of bipartisanship.
Cyber incident reporting backers pledge to resume push (The Record by Recorded Future) Proponents of legislation that would mandate certain companies report major cyberattacks vowed on Thursday that they would try to again this year, though they were short on specifics about how such a measure would ultimately be enacted into law.
FBI Officials Clarify What the Bureau Wants in Cyber Incident Reporting Bill (Nextgov.com) However the legislation is eventually passed, CISA plans to share reports with the FBI and other agencies, a Homeland Security official said.
FBI shifting cybercrime focus from arrests, indictments to payment seizures, incident response (CyberScoop) In 2022, the FBI is looking to approach cybercrime differently. During separate public appearances on Thursday, two FBI officials said the bureau was going to change up how it deals with computer intrusions.
Modernizing FISMA; Legacy of the Cyberspace Solarium Commission (FedScoop) On the latest episode of The Daily Scoop Podcast, former White House Senior Director for Cybersecurity Ari Schwartz and former acting under secretary for management at the Department of Homeland Security Chris Cummiskey.
Transcript: Securing Cyberspace with Dmitri Alperovitch, Jeremy Sheridan & Tonya Ugoretz (Washington Post) MS. NAKASHIMA: Hello, and welcome to Washington Post Live. I’m Ellen Nakashima, a national security reporter at The Washington Post. Thanks for joining us today for our three-part program on securing cyberspace.
Litigation, Investigation, and Law Enforcement
Cybersecurity: Federal Response to SolarWinds and Microsoft Exchange Incidents (US Government Accountability Office) This report describes the federal response to 2 high-profile cybersecurity incidents that affected the U.S. government. The Russian Foreign...
Federal agencies struggled to share information in SolarWinds aftermath, GAO finds (FedScoop) Information sharing between federal agencies was “slow, difficult and time consuming” as they worked to respond to the SolarWinds cyberattack in late 2020, according to a new report by the Government Accountability Office. In the in-depth study published Thursday, the watchdog pointed to difficulties between the government and private sector, as well as problems with interagency […]
GAO releases SolarWinds hack report, notes issues with agencies' info on sharing and collecting (Fox Business) The Government Accountability Office (GAO) released its findings on the 2020 SolarWinds hack and identified issues in agency cooperation.
Jan. 6 Panel Subpoenas Records From Social Media Giants Alphabet, Meta, Reddit and Twitter (Wall Street Journal) The House select committee investigating last year’s attack on the U.S. Capitol issued subpoenas to Alphabet, Meta Platforms, Reddit and Twitter, after receiving what the committee called inadequate responses to its prior requests for information.
Jan. 6 committee subpoenas tech giants after 'inadequate responses' (NBC News) The subpoenas demand that Facebook, Google, Reddit and Twitter turn over more information about what they did and didn't do in the lead-up to Jan. 6.
Israel says it broke up Iranian spy network that recruited women (BBC News) Four Israeli Jewish women of Iranian descent were allegedly paid thousands of dollars by a handler.
Ukrainian authorities arrest suspected ransomware ringleader (CyberScoop) Police in Ukraine on Thursday said they broke up a ransomware gang allegedly responsible for extorting more than 50 companies across Europe and the U.S. for more than $1 million. The Ukrainian Cyberpolice, a division of the country’s national police, announced the arrest of an unnamed 36-year-old man who they say partnered with his wife and three others to carry out ransomware attacks.
The Antitrust Case Against Facebook Draws Blood (Wired) The latest ruling by a federal judge is a milestone for the effort to regulate Big Tech.
NSO Group Taking Its Spyware Feud With Meta to Supreme Court (Bloomberg Law) Israeli spyware maker NSO Group plans to seek U.S. Supreme Court review of its challenge to a lawsuit from Meta Platforms Inc. over surveillance software that allegedly targeted WhatsApp users.
Austrian website’s use of Google Analytics breached GDPR (TechCrunch) A decision by Austria’s data protection watchdog upholding a complaint against a website related to its use of Google Analytics does not bode well for use of US cloud services in Europe. The decision raises a big red flag over routine use of tools that require transferring Europeans’ pe…
Ransomware Group That Targeted Over 50 Companies Dismantled in Ukraine (SecurityWeek) Ukrainian authorities say they have dismantled a ransomware gang that made over $1 million after targeting more than 50 companies in Europe and America.
Accellion reaches $8.1 mln settlement to resolve data breach litigation (Reuters) Accellion Inc has reached an $8.1 million deal with a proposed nationwide class to end litigation over a breach of its legacy file transfer product, a platform that allowed companies to securely share large or sensitive files, according to settlement papers filed in California federal court.
Q & A of the Spokesperson of the Chinese Embassy in Belgium on information security for people travelling to China (Embassy of the People's Republic of China in the Kingdom of Belgium) Recently, according to the report of some Belgian media, the Belgian Olympic and Interfederal Committee gave an advice to the athletes who will go to China for the Beijing Winter Olympics not to bring their mobile phones and laptops in order to avoid being exposed to cyber-espionage. What is your comment on this?