Dateline Moscow, Kyiv, Riga, London, Brussels, and Washington: Deep fakes as a strategic tool.
Deep fakes as a bogus casus belli. (The CyberWire) Historical analogies with the outbreak of the Second World War are rife. Which way they run looks quite different in Moscow from the way the appear to most other countries. (And the closer you get to the Russian border, the more those analogies seem to tell against Moscow.)
Hacking team tied to Russia targeted 'western government entity' in Ukraine -researchers (Reuters) A hacking team that Ukraine says is controlled by Russian intelligence targeted a "western government entity" currently in the country, based on new research published by Palo Alto Networks on Thursday.
Cyberattack was attempted against a western government ‘entity’ in Ukraine, researchers say (VentureBeat) A cyberattack in Ukraine by a Russia-linked group targeted an "entity" that's part of a western government, Palo Alto Networks' Unit 42 said.
Gamaredon (Primitive Bear) Russian APT Group Actively Targeting Ukraine (Unit42) We continue to monitor Gamaredon. We mapped three large clusters of their infrastructure, identified potential malware testing activity and more.
Gamaredon Infection: From Dropper to Entry (CERT-EE) Gamaredon (Russian state sponsored) APT group has been active from 2013 and mostly known to target Ukrainian government and military officials with intention to gain access to information.
Symantec finds evidence of continued Russian hacking campaigns in Ukraine (TechRepublic) APT group Armageddon was identified as acting against Ukraine late last year, and Symantec’s own data backs up that presented by The Security Service of Ukraine.
Ukraine reconsiders bug bounties after latest cyberattacks. But are they enough? (The Record by Recorded Future) Ukrainian ethical hackers prefer to work with clients abroad: foreigners are more open to investing in cybersecurity—and they pay more.
Russia's cyber capabilities, explained (Northwestern University) V.S. Subrahmanian, a Northwestern Buffett Faculty Fellow and a global cybersecurity expert, said that Ukraine may already be vulnerable to a cyber first strike from Russia, and that it will likely be combined with a coordinated misinformation campaign.
US officials prepare for potential Russian cyberattacks as Ukraine standoff continues
(CNN) The FBI is asking US businesses to report any uptick in Russian hacking threats -- the latest effort to prepare for potential Russian cyberattacks on US organizations amid Russia's troop buildup on Ukraine's border.
Russia vs Ukraine: How 'new type of espionage' could disrupt the UK - expert (Express) TENSIONS remain at an all-time high between Ukraine and Russia, which Kiev accuses of having massed troops on its border before a potential invasion. But the UK could find itself the victim of cyber-attacks if the situation fails to deescalate soon.
A hopeful sign? Despite Russian warning, Ukraine talks go on (AP NEWS) When the U.S. and NATO rejected the Kremlin’s security demands over Ukraine last week, fears of an imminent Russian attack against its neighbor soared. But instead of sending armored armadas across the Ukrainian border as the U.S.
NATO ready for dialogue with Russia, not to compromise on core security principles - Stoltenberg (Ukrinform) NATO continues to call on Russia to de-escalate military tensions around Ukraine, is ready to engage in meaningful dialogue with Russia in the field of security, but it will not compromise on core security principles, NATO Secretary General Jens Stoltenberg has said. — Ukrinform.
Xi and Putin urge Nato to rule out expansion as Ukraine tensions rise (the Guardian) Chinese and Russian leaders call on west to abandon ‘cold war’ approach at pre-Olympic meeting
Putin and Xi unveil alliance at Olympics, mixing politics and sport (Reuters) Russian President Vladimir Putin and Chinese President Xi Jinping unveiled a global alliance with an anti-Western tilt on Friday, just hours before the grand opening of the Olympics in Beijing, in a striking juxtaposition of politics and sport.
Russia and China line up against U.S. in "no limits" partnership (Reuters) China and Russia proclaimed a deep strategic partnership on Friday to balance what they portrayed as the malign global influence of the United States as China's President Xi Jinping hosted Russia's Vladimir Putin on the opening day of the Beijing Winter Olympics.
What China Is Actually Saying About Russia and Ukraine (Defense One) Bits of pro-Russian rhetoric are a far cry from substantive support—or preparations for an invasion of Taiwan.
Kremlin blasts U.S. for deploying troops to NATO’s eastern flank, even as Russia continues buildup around Ukraine (Washington Post) Russia assailed the United States for deploying thousands of additional U.S. troops to NATO’s eastern flank to bolster alliance defenses, even as Moscow continued a buildup of Russian forces and materiel around Ukraine that has stoked fears in Washington of a new, large-scale war in Europe.
More Russian forces mass near border, but still not ready to attack: Ukraine (Military Times) “The likelihood of more substantive escalation on the Ukrainian boarders as for today is viewed as low,” according to the Ukrainian Ministry of Defense.
U.S. accuses Russia of planning to film false attack as pretext for Ukraine invasion (Washington Post) Moscow is considering filming a fake attack against Russian territory or Russian-speaking people by Ukrainian forces as a pretext to invade its neighbor, the Biden administration said Thursday, warning that the resulting propaganda footage could include “graphic scenes of a staged false explosion with corpses.”
U.S. Warns of Fake Video Plot to Justify Attack: Ukraine Update (Bloomberg) The U.S. warned of a Russian plot to release a fake video purporting to show a Ukrainian attack on Russia or Russian-speaking people to justify an invasion.
U.S. says new intel shows Russia plotting false flag attack (Military Times) The U.S. has not provided detailed information backing up the intelligence findings.
Foreign Disinformation: What the US Government Can Start Doing Now (Just Security) Two recent commissions, while diagnosing the challenge differently, reached some similar conclusions on steps to take.
Why Zelenskyy Is Downplaying a Russian Invasion (The National Interest) A visit to Ukraine reveals that the dominant mood is a mixture of fatalism and sang-froid when it comes to a potential Russian invasion.
Russian cyber threat compounds tensions in Ukraine as invasion worries grow (Global News) Moscow's reputation of being a cyber threat could be dangerous throughout the ongoing Ukraine-Russia conflict, experts tell Global News.
Five things Putin could do to Ukraine that don't involve outright invasion (CNN) A week ago, the White House claimed Russia's invasion of Ukraine was "imminent." But there are other options available to Vladimir Putin.
Russia’s Strategy of Disruption Goes Beyond the Ukraine Crisis (World Politics Review) The U.S. and its allies have scrambled to respond quickly and forcefully to Russia’s military buildup near Ukraine. That’s because Russia’s strategic decisions from the past decade have increased its influence and weakened regional blocs—making it very difficult to mount a response to its aggression.
Vladimir Putin’s Ukraine playbook echoes the traditional tactics of Russian imperialism (Atlantic Council) Putin's hybrid war against Ukraine has been portrayed as innovative but Moscow’s approach also echoes more traditional tactics from the golden age of Russian imperialism and the era of Soviet expansionism.
The Bully in the Bubble (Foreign Affairs) Putin and the perils of information isolation.
Russia Couldn’t Occupy Ukraine if It Wanted to (Foreign Policy) The Russian military has too much experience to think a full-scale invasion is a good idea.
The Russian military build up near Ukraine is happening at sea too - Breaking Defense (Breaking Defense) Russia has “been very thoughtful about how they’ve been ramping up their level of activity” in the Black Sea, said Bryan Clark, a fellow at the Hudson Institute.
To placate Russia, Israel told Baltics states it would block weapon transfers to Ukraine: Sources (Breaking Defense) As Russian forces began massing along the Ukrainian border, the Israeli MoD sent word to the three Baltic nations that if they ask to transfer weapons to Ukraine, they will be denied, sources say.
Germany's Scholz, U.S. President to discuss Ukraine-Russia, China next week (Reuters) German Chancellor Olaf Scholz and U.S. President Joe Biden will discuss the Russian-Ukrainian conflict, China and the Group of Seven when they meet in Washington D.C. next week, a German government official said on Friday.
Will Germany Hobble Western Sanctions Against Russia? (Foreign Policy) Attempts to punish Putin won’t succeed without hitting the energy sector—but sanctioning Russian oil and gas is unthinkable for many in Europe.
New Russia attack fears add to economic woes in Ukraine’s frontline port (The Irish Times) Eight-year war disrupts shipping and deepens poverty in strategic Mariupol
‘We just want peace’ — what it’s like living in Ukraine right now (CNBC) CNBC spoke to a man living in the Ukrainian city of Kramatorsk, around 100 miles from the Russian border.
Ukraine crisis: Russia’s quiet anti-war movement gets louder (Al Jazeera) Dozens of public figures condemned Russia’s ‘party of war’ as a film director used his platform to decry conflict.
Attacks, Threats, and Vulnerabilities
Cyberattacks continue to extend across Europe, BlackCat ransomware may be involved (Industrial Cyber) Cyberattacks have continued to affect oil transport and storage companies across Europe, as BlackCat ransomware may be involved.
European Oil Port Terminals Hit by Cyberattack (SecurityWeek) Major oil terminals in some of Western Europe's biggest ports have fallen victim to a cyberattack.
Oil terminals disrupted after European ports hit by cyberattack (euronews) The hackers disrupted operating systems and prevented some oil tankers from delivering energy supplies.
Aggressive BlackCat Ransomware on the Rise (Dark Reading) The cybercriminals behind the malware claim to have compromised more than a dozen companies; they have aggressively outed victims and purportedly paid a significant share of ransoms back to affiliates.
Iran accused of sowing Israel discontent with fake Jewish Facebook group (BBC) A suspected Iranian disinformation unit ran an elaborate network on Facebook targeting nationalist and ultra-religious Jews in Israel in an attempt to stoke division and inflame tensions with Palestinians, according to research shared exclusively with the BBC.
European governments targeted by Chinese hackers with a Zimbra webmail zero-day (The Record by Recorded Future) A new Chinese cyber-espionage group has been seen abusing a zero-day vulnerability in the Zimbra collaboration suite to gain access to the email inboxes of European governments and media agencies.
News Corp. cyberattack believed to be tied to China (SeekingAlpha) News Corp. said Friday that one of its cloud-based information systems was hit in a cyberattack that it believes was launched by a foreign government.
Cyberattack on News Corp, Believed Linked to China, Targeted Emails of Journalists, Others (Wall Street Journal) News Corp was the target of a hack that accessed emails and documents of some employees, an incursion a cybersecurity consultant said was likely meant to gather intelligence to benefit China’s interests.
Hackers breached China's National Games ahead of last year's competition (The Record by Recorded Future) An unidentified hacking group has gained access to the internal IT network of the 2021 National Games of China.
State hackers' new malware helped them stay undetected for 250 days (BleepingComputer) A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies.
North Korean hacking group targets defense contractors (Restoring America ) The motives range from credit card theft to information-gathering about personnel.
New Variant of UpdateAgent Malware Infects Mac Computers with Adware (The Hacker News) Microsoft warns users about a new version of UpdateAgent malware that’s targeting Mac computers with adware.
Malicious Kubernetes Helm Charts can be used to steal sensitive information from Argo CD deployments (Apiiro) Apiiro's Security Research team has discovered a major vulnerability in Argo CD platform (CVE-2022-24348).
Using Power Automate for Covert Data Exfiltration in Microsoft 365 (Varonis) Power Automate, formerly known as Microsoft Flow, allows users to automate workflows between various apps and services. Using Power Automate, you can create "flows" in Microsoft 365 for Outlook, SharePoint, and OneDrive to automatically share or send files, forward emails, and much more.
How Phishers Are Slinking Their Links Into LinkedIn (KrebsOnSecurity) If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne'er-do-wells are hoping you will, because they've long taken advantage of a marketing feature on the business networking site…
New SEO Poisoning Campaign Distributing Trojanized Versions of Popular Software (The Hacker News) A new SEO poisoning campaign is distributing trojanized versions of popular software utilities.
How Will Cyber Threats Impact the Beijing Winter Olympics? (Radware Blog) NTT helped the International Olympic Committee dodge cyber threats in Tokyo. The world will watch if it happens again in Beijing.
Ransomware Wants You to Like and Subscribe, Or Else (Vice) Researchers have found a new type of ransomware that asks for YouTube subscriptions and comments rather than Bitcoin.
Financially Motivated Hackers Use Leaked Conti Ransomware Techniques in Attacks (SecurityWeek) A series of financially motivated attacks are employing techniques observed in Conti ransomware playbooks that were leaked online in August 2021
Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent | Mandiant (Mandiant) While defending our customers against threats, Mandiant Managed Defense continues to see new threats that abuse trust in legitimate tools and products to carry out their attacks. These attacks are effective in getting past security defenses and staying undetected in a network.
Intuit warns of phishing emails threatening to delete accounts (BleepingComputer) Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended.
Hackers hold Hula Hoops hostage in cyber-raid on Britain's KP Snacks (Reuters) Hackers are hitting Britain where it hurts by targeting some of its favourite savoury snacks, with the likes of Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks in their cyber sights.
They Were ‘Calling to Help.’ Then They Stole Thousands (Wired) When my mom fell victim to a phone scam, we learned a painful truth: The explosion of personal finance apps makes it all too easy to target vulnerable people.
Students express outrage online after university admissions body hack (Thai Enquirer) Latest Thailand English Online News
Security Patches, Mitigations, and Software Updates
Sensormatic PowerManage (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc Equipment: PowerManage Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain remote code execution.
Airspan Networks Mimosa (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Airspan Networks Equipment: Mimosa by Airspan product line Vulnerabilities: Improper Authorization, Incorrect Authorization, Server-side Request Forgery, SQL Injection, Deserialization of Untrusted Data, OS Command Injection, Use of a Broken or Risky Cryptographic Algorithm 2.
FANUC Robot Controllers (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: FANUC Equipment: R-30iA and R-30iB series controllers Vulnerabilities: Integer Coercion Error, Out-of-bounds Write 2.
Oppia Fixed XSS to Prevent Attackers from Hijacking Kids from Learning (Checkmarx.com) Discovering issues like the ones mentioned in this blog is why the Checkmarx Security Research Team performs investigations. This type of research activity is part of their ongoing efforts to drive the necessary changes in software security practices among organizations worldwide.
Google Workspace to strip privacy control from admins, re-enable tracking (Ars Technica) Users that shut off "Web & App Activity" will have data retention turned back on.
Intel Patched 226 Vulnerabilities in 2021 (SecurityWeek) Intel patched 226 vulnerabilities in 2021 and it has paid out an average of $800,000 per year via its bug bounty program.
Trends
Ransomware Often Hits Industrial Systems, With Significant Impact: Survey (SecurityWeek) Ransomware attacks in many cases hit ICS/OT environments, and impact is often significant, according to a survey commissioned by Claroty.
New research reveals vicious tactics of ransomware groups (IT Brief) “Ransomware groups are becoming more sophisticated and their attacks more impactful. These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into networks.
SA 7th on list of countries most attacked by ransomware (ITWeb) SA orgs might not have the time or expertise to address attacks before they damage their operations, says Trellix.
Data Breach Report: 2021 Year End (Risk Based Security) Today we released our 2021 Year End Data Breach QuickView Report, revealing that 4,145 publicly disclosed breaches had exposed over 22 billion records last year.
Marketplace
The Briefing: NGP Launches $400M Fund, Marvel Fusion Raises $40M, And More (Crunchbase News) Crunchbase News' top picks of the news to stay current in the VC and startup world.
LogMeIn changes name to GoTo, debuts new all-in-one platform (CRN Australia) Also debuts new all-in-one platform.
Cybereason IPO Details: MDR, XDR Cybersecurity Company's Emerging Plan (MSSP Alert) Cybereason IPO filing sets stage for MDR & XDR cybersecurity software company to potentially trade publicly. Everything MSPs, MSSPs & investors need to know.
Thales Says It Is Potentially Interested in Cybersecurity Assets; But No Talks Under Way With Atos (MarketWatch) Thales SA late Wednesday confirmed its potential interest for cybersecurity assets and said it wasn't currently discussing with Atos SE...
Atos rules out sale of cyber security arm to Thales (iTnews) After talk of a potential acquisition.
Keeper Security acquires Apache Guacamole inventor Glyptodon (SiliconANGLE) Cybersecurity software startup Keeper Security Inc. today said it has acquired remote access gateway company Glyptodon Inc. for an undisclosed price.
IBM partners with Canadian province of Quebec in quantum computing push (Reuters) International Business Machines Corp is partnering with the Canadian province of Quebec to boost quantum computing in a collaboration that could help advance areas like battery development, a company official said on Thursday.
Facebook Parent Meta’s Stock Plunges, Loses More Than $200 Billion in Value (Wall Street Journal) The technology giant was on course for its worst daily performance on record after it startled investors with a sharper-than-expected decline in profit and a gloomy outlook.
vArmour Joins SAP PartnerEdge® Open Ecosystem (GlobeNewswire News Room) Company Becomes a Build Partner to Accelerate Application and Identity Security Initiatives...
Products, Services, and Solutions
Absolute Software Achieves Common Criteria Certification (Absolute Software) Absolute is the leading visibility and control platform that gives you tamper-proof protection for all of your devices, data and applications. With the Absolute Platform, you get the power of asset intelligence, continuous compliance and endpoint hygiene.
Socure Achieves Certification for NIST Digital Identity Guidelines Confirming its Commitment to Providing Trustworthy Services to Government Agencies (Socure) Socure’s industry-leading identity verification & fraud platform has received Kantara approval for NIST Digital Identity Assurance Level 2. Read more now.
Intel 2021 Product Security Report (Intel) Securing hardware is the foundation to all security efforts.
Chips & Salsa Episode 10 - Intel 2021 Product Security Report (Intel) Hi everyone, Get the 2021 Product Security Report! This is our third annual product security report. As part of Intel’s Security First Pledge and our commitment to transparency, we publish these reports to demonstrate our investments in proactive product security assurance and the results of thos...
Cellulant Recognised Among Organisations Committed to Data Protection in Nigeria (African Business) The National Information Technology Development Agency (NITDA) has recognised Cellulant (Cellulant.com) Nigeria among the 2020-2021 NDPR Audit Compliant
Netskope achieves milestone in global coverage and connectedness with NewEdge Infrastructure (Intelligent CIO Middle East) Netskope, a leader in SASE, has announced a major global milestone in the continuing expansion of its NewEdge security private cloud, which is now powered by full-compute data centres in more than 50 regions worldwide. Every data centre is accessible to every customer without additional fees or surcharges, with all Netskope Security Cloud services available, […]
SentinelOne and Mimecast Integrate to Improve End-To-End Threat Protection for Enterprise Devices and Email (GlobeNewswire News Room) Integrated solutions offer holistic approach to incident response with XDR automation...
Technologies, Techniques, and Standards
IronNet : The need for behavior-based detection as attackers adopt uncommon coding languages (MarketScreener) According to recent findings from the BlackBerry Research and Intelligence Team, exotic programming languages are gaining popularity among both APTs (advanced persistent threats) and cybercriminals alike.
Five Reasons You Shouldn’t Manage Your Own eDiscovery Environment (JD Supra) For more than 20 years now, I’ve carried primary responsibility to keep eDiscovery environments humming along like a well-oiled machine. I’ve lost...
Academia
BU receives $3.5 million to fund cybersecurity scholarships (Pipe Dream) A $3.5 million grant has been awarded to fund a five-year cybersecurity scholarship program for 24 Binghamton University students. The National Science Foundation’s (NSF) CyberCorps...
Marshall joins U.S. Cyber Command Academic Engagement Network (Lootpress) Marshall University has been selected as a member of the United States Cyber Command Academic Engagement Network. U.S.
Legislation, Policy, and Regulation
Labor pledges to reform Canberra's cyber security culture (iTnews) Wants to "normalise" involvement of private sector, security researchers.
Elephants Must Learn to Street Dance: The Chinese Communist Party’s Appeal to Youth in Overseas Propaganda (Recorded Future) The CCP’s focus on global youth stems from the belief they can serve as a bedrock of support once they mature into positions of influence.
WSJ News Exclusive | Biden Administration Forms Cybersecurity Review Board to Probe Failures (Wall Street Journal) The new panel is loosely modeled on the National Transportation Safety Board and will look into the recently discovered Log4j internet bug.
'Log4j' Flaw Is First Focus Of New Cyber Safety Review Board (Law360) A new team of government officials and private sector cybersecurity experts will analyze the country's biggest digital threats, starting with the "Log4j" software flaw that poses a risk to millions of consumer products, the Department of Homeland Security said Thursday.
Homeland Security establishes the Cyber Safety Review Board to learn the mistakes from past cyber incidents (TechCrunch) The board is tasked with studying the cause and fallout from major hacks.
DHS Launches Cyber Safety Review Board (Decipher) The board, tasked with identifying and sharing lessons learned from “significant cybersecurity events,” will first assess the Log4j logging library flaw.
How Does Biden’s Cyber Order Apply to the DOD and Intelligence Agencies? (FedTech Magazine) In January, President Joe Biden signed a memo clarifying how new cybersecurity rules affect the Defense Department and intelligence community.
Pentagon’s main cybersecurity initiative for defense contractors switches hands (C4ISRNet) The Cybersecurity Maturity Model Certification is moving from the undersecretary of defense for acquisition and sustainment to the chief information officer.
Apple avoided the Washington techlash for years. Now it’s at the center of the bull’s eye. (Washington Post) The Senate Judiciary Committee advanced legislation forcing Apple and Google to allow people to download apps outside of their stores
CISA Supports Inaugural U.S. Cyber Games as Founding Sponsor (Hstoday) Sponsorship of the US Cyber Team complements CISA’s other workforce development initiatives aimed at expanding the talent pool.
Litigation, Investigation, and Law Enforcement
Israel Police admit hacking into phone of key witness in Netanyahu trial, source says (Haaretz) Police say they used spyware to break into the phone of a key witness, after Netanyahu asked the court to divulge all intel gained through the hack
Yes, the Equifax data breach settlement email and website are real (king5.com) Years after the Equifax data breach exposed the personal information of 147 million Americans, we can VERIFY emails linking to EquifaxBreachSettlement.com are real.
UnitedHealthcare data breach sparks Rhode Island attorney general probe (Modern Healthcare) The state attorney general has asked for information on UnitedHealthcare's security networks and patient information systems as well as communication related to the breach.
St. Clair County Data Breach Impacted More Than 600 People (Governing) The Illinois county’s eight-month review of a ransomware attack on its computer systems last spring has found that hackers may have been able to view or acquire personal or medical information on more than 600 residents and non-residents.
Conspiracy theorists sent GOP senators a memo calling for seizure of 'NSA unprocessed raw signals data' to overturn the election, report says (Business Insider) An informal Trump adviser described the memo to the Washington Post as part of "amateur hour" chaos in the lead-up to January 6.
Trump Allies Reportedly Wanted To Use NSA Data To Overturn 2020 Election, Memo Shows (Forbes) Multiple senators also attended a meeting about election fraud organized by MyPillow CEO Mike Lindell, the Washington Post reports.