Dateline Kyiv, Moscow, Minsk, Paris, London and Washington: Diplomacy and cyber readiness.
Diplomacy continues (as does preparation for hybrid war). (The CyberWire) Choose your metaphors and historical analogies with care: 1939? Tak, sure, maybe. Shock and awe? Nyet, nope, not yet, anyway.
European, U.S. regulators tell banks to prepare for Russian cyberattack threat (Reuters) The European Central Bank is preparing banks for a possible Russian-sponsored cyber attack as tensions with Ukraine mount, two people with knowledge of the matter said, as the region braces for the financial fallout of any conflict.
Vladimir Putin’s cyber warfare warning is an empty threat (The Telegraph) The risk of retaliation from Britain makes it too dangerous a weapon to use
There Is No Cyber ‘Shock and Awe’: Plausible Threats in the Ukrainian Conflict (War on the Rocks) The specter of cyber war is back. Not only does Russia’s massive military buildup along Ukraine’s borders bring a growing risk of the largest-scale
Macron claims Putin gave him personal assurances on Ukraine (the Guardian) French president’s statement that Russian leader vowed not to escalate crisis met with scepticism in Kyiv
Ukraine’s Zelensky Wants to Fend Off Russia—and America, Too (Wall Street Journal) The comic-turned-president is trying to navigate the ambitions of both Moscow and Washington.
Spy world wary as Biden team keeps leaking Russia intel (POLITICO) U.S. national security figures get that information war is the new battleground. But "how many freaking times do they need to warn that anything may be imminent?” one asked.
Poland launches cybersecurity military unit (AP NEWS) Poland’s defense minister on Tuesday appointed an army general to head a new Cyber Defense Force to officially launch the unit’s operation. Defense Minister Mariusz Blaszczak said the force's mission includes defense, reconnaissance and, if need be, offensive actions to protect Poland’s Armed Forces from cyberattacks.
Defence Minister launches Cyberspace Defence Forces (First News) Poland’s defence minister has taken part in a ceremony to establish the Cyberspace Defence Force, a brand new branch of the Polish Armed Forces.
Russia sends warships toward Black Sea as Europe ramps up Ukraine crisis diplomacy (Washington Post) Russian warships sailed toward the Black Sea on Tuesday, stoking alarm among U.S. and European security officials who warned that the final capabilities for a large-scale assault on Ukraine appeared to be falling into place.
Russian Hybrid Threats Report: New evidence of accelerated military build-up near Ukraine (Atlantic Council) The Council’s open-source researchers reveal the latest Russian troop, aircraft, and weapons movements around Ukraine, along with new Kremlin disinformation efforts.
Belarus emerges as key front in Putin’s war against Ukraine and the West (Atlantic Council) With tens of thousands of Russian troops currently deployed in Belarus, fears are mounting that the country could serve as a springboard for Vladimir Putin’s threatened full-scale invasion of Ukraine.
Vast drills spotlight Russia's grip on Belarus during standoff with West (Reuters) Russia launches the active phase of vast military exercises in Belarus on Thursday, a display of strength that shows how Moscow's tightening grip on Minsk has given it enhanced capabilities in its standoff with the West over Ukraine.
No, Russia will not invade Ukraine (AL Jazeera) A large-scale military operation does not fit into Moscow’s cost-benefit calculus.
Ukraine projects calm over Russia fears despite US rhetoric (AP NEWS) In the trenches of eastern Ukraine, across the lines from some of the 100,000 Russian troops amassed north and east of the country , Ivan Skuratovskyi's calm verges on numbness — even after a sniper's bullet recently killed one of the 50 or so men under his command.
Europe Calls for Peace, but Not at Any Price (New York Times) Two days of intense diplomacy on both sides of the Atlantic leave the standoff over Ukraine with Russia frozen in place.
Putin Is Operating on His Own Timetable, and It May Be a Long One (New York Times) The standoff between Russia and the West over Ukraine could turn into a drawn-out and dangerous diplomatic slog toward a difficult settlement.
Russia and Ukraine Are Trapped in Medieval Myths (Foreign Policy) A shared past underpins—and worsens—the conflict.
Why the Chess Metaphor for Putin Is Wrong (Foreign Policy) The problem with Russia is not a game.
Both Sides of Taiwan Strait Are Closely Watching Ukraine’s Crisis (New York Times) Taiwan knows what it’s like to have an overbearing neighbor. China wonders how forcefully Western powers might react to a Russian invasion.
Berger calls for 'deterrence by detection' in light of Russia-Ukraine tensions (Breaking Defense) “We have to have the capability to illuminate" adversarial actions, Berger said. “Some portion of that is so that we can understand how they're setting their pieces for battle. And part of it, frankly, is to bring it to international attention and expose it for what it is.”
Attacks, Threats, and Vulnerabilities
Cyberattack launched on Foreign Office (Times) The Foreign Office was the target of a “serious” cyberattack last month that was deemed so severe that officials had to seek outside help.According to a public
UK foreign ministry suffered serious cyber attack earlier this year - documents (Reuters) Britain's foreign ministry was the target of a serious cyber security incident earlier this year, according to tender documents posted on the government's website.
Cybercriminals Target Linux‑based Systems with Ransomware and Cryptojacking Attacks (VMware News and Stories) VMware Threat Analysis Unit (TAU) released a new threat report titled "Exposing Malware in Linux‑based Multi‑Cloud Environments."
Exposing Linux Malware in Multi-Cloud (VMware) 90% of cloud runs on Linux, but current countermeasures are focused on addressing Windows-based threats, leaving multi-cloud deployments vulnerable to attacks. So, is it any wonder that malware is propagating in multi-cloud environments under the radar?
Critical Flaws Expose Mimosa Wireless Broadband Devices to Remote Attacks (SecurityWeek) Critical vulnerabilities expose wireless broadband devices made by Mimosa to remote attacks from the internet.
Medusa Android Banking Trojan Spreading Through Flubot's Attacks Network (The Hacker News) FluBot and Medusa, two separate Android banking trojans, join forces to use the same distribution network to launch simultaneous attacks.
'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns (The Hacker News) Mobile malware roaming mantis is now targeting European users through smishing campaigns.
Palestinian hacking group evolving with new malware, researchers say - CyberScoop (CyberScoop) A Palestinian-aligned hacking group has targeted Middle Eastern governments, foreign policy think tanks and a state-affiliated airline with a new malware implant as part of “highly targeted intelligence collection campaigns,” according to research published Tuesday.
Vodafone Portugal hit with cyberattack affecting 4G/5G network, TV, SMS services (ZDNet) The company discovered the network disruption on Monday night.
Vodafone Portugal 4G and 5G services down after cyberattack (BleepingComputer) Vodafone Portugal suffered a cyberattack causing country-wide service outages, including the disruption of 4G/5G data networks, SMS texts, and television services.
You've still not patched it? Hackers are using these old software flaws to deliver ransomware (ZDNet) Significant vulnerabilities like Log4j have been the focus of cybersecurity staff - but that focus could be allowing attackers to slip by using older security bugs.
Log4Shell exploitation isn’t over (ITWeb) Kaspersky blocked more than 30 000 attempts to use the Log4Shell exploit in January.
Security Experts Discuss Log4j Mitigation Before US Senate (GovInfoSecurity) In a U.S. Senate hearing on Tuesday, the Apache Software Foundation and leaders from Cisco, Palo Alto Networks and The Atlantic Council discussed open source
Log4Shell: Cisco Presents Testimony to Senate Homeland Security and Governmental Affairs Committee (MarketScreener) I recently had the privilege of providing testimony to the U.S. Senate Homeland Security and Governmental Affairs Committee regarding Cisco's remediation of the Log4Shell... | February 9, 2022
Hackers disrupt Belgian port's fruit supply (Fresh Plaza) Online hackers have been attacking some companies at the Port of Antwerp since the weekend. Sea-Invest in one of them. This company runs the fruit wharves at Belgian New Fruit Wharf in Antwerp. Sea-Invest's fruit…
Professions, businesses affected by potential data breach range from cosmetologists to court reporters (Seattle Times) Personal data for individuals in 23 professional and business categories may have been exposed in a potential breach of a database used by Washington state Department of Licensing’s online licensing system, known as POLARIS, which has been taken offline as a precaution.
Information for over 6,000 Memorial Hermann patients accessed in security breach (KHOU) A contracted vendor with Memorial Hermann is looking into the security breach. Hackers could access social security numbers, financial information and more.
Security Patches, Mitigations, and Software Updates
Microsoft February 2022 Patch Tuesday: 48 bugs squashed, one zero-day resolved (ZDNet) This month's round of security fixes includes a patch for a public zero-day vulnerability.
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day (Threatpost) This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said.
Microsoft February 2022 Patch Tuesday fixes 48 flaws, 1 zero-day (BleepingComputer) Today is Microsoft's February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws.
Microsoft's February Patch Tuesday update hits 48 vulnerabilities (Computing) This month's set of updates is the smallest since August 2021, with no 'critical' vulnerabilities - but admins should still act on them as soon as possible
Mitsubishi Electric Factory Automation Engineering Products (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2.
Mitsubishi Electric FA Engineering Software Products (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerabilities: Heap-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency 2.
Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse (The Hacker News) Microsoft has temporarily disabled the MSIX ms-appinstaller protocol handler in Windows.
At last! Office macros from the internet to be blocked by default (Naked Security) It’s been a long time coming, and we’re not there yet, but at least Microsoft Office will be a bit safer against macro malware…
Trends
2021 Trends Show Increased Globalized Threat of Ransomware (CISA) CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021.
Cybersecurity Market Review (Q3 2021) (Momentum Cyber) We are pleased to provide you with Momentum Cyber’s Cybersecurity Almanac 2022 – the most comprehensive and accurate strategic data and insights available on the industry.
2021 State of Cybersecurity Effectiveness Usage Report (Cymulate) This usage report analyzes the results of 2021 clients’ usage data, comprised of over one million real-world offensive tests by Cymulate.
APAC firms need to build trust, brace for more third-party attacks (ZDNet) Summary: More businesses are expected to appoint chief trust officers to drive their focus on security and risk management, which may be necessary this year as ransomware and supply chain attacks are projected to escalate.
Marketplace
Vicarius Announces $24 Million Series A Funding to Rebuild the Vulnerability Remediation Market for Today’s Remote, Cloud-Based World (Yahoo) NEW YORK, February 09, 2022--Vicarius secures $24 Million Series A funding to rebuild the Vulnerability Remediation market for today’s remote, cloud-based world.
Microsoft Considers Pursuing a Deal for Cybersecurity Firm Mandiant (Bloomberg) Software maker has been building capability against threats. Discussions may not lead to an offer for cybersecurity firm.
Microsoft Reportedly Wants To Buy Mandiant, Formerly FireEye (Channel Futures) Microsoft reportedly is interested in acquiring Mandiant, which rebranded from FireEye last fall. Microsoft would gain new capabilities from the deal.
Amid rumors of Microsoft acquisition, Mandiant reports Q4 revenue of $132 million (ZDNet) The company reported a loss per share of $0.10 for the quarter on revenue of $132.9 million.
Oloid raises $12 million from Dell, Honeywell, Okta Ventures, others (The Economic Times) Software-as-a-service (SaaS) firm Oloid has raised $12 million in its Series A round, led by Dell Technologies Capital with participation from Honeywell Ventures, Okta Ventures and other existing investors.
UncommonX Names Patrick Hayes Chief Strategy Officer (AiThority) UncommonX, a SaaS-based cybersecurity extended detection and response (XDR) provider, has promoted Patrick Hayes to chief strategy officer.
Socure Adds Identity Policy Expert Brendan Peter to Help Government Agencies Achieve Industry-Leading Identity Verification Standards (Socure) Socure, the industry leader in digital identity verification and fraud solutions, announced that Brendan Peter has joined as vice president of government relations.
Trellix announces three executive leadership appointments (Help Net Security) Trellix announced Michael Alicea as Chief Human Resource Officer, Tara Flanagan as General Counsel, and Adam Philpott as CRO.
QuintessenceLabs Appoints Silvio Pappalardo as First Chief Revenue Officer and Veteran Cybersecurity Leader John Stewart as Strategic Advisor (Yahoo Finance) QuintessenceLabs appoints the first CRO to further enhance its growth strategy and market leadership in quantum-enhanced cybersecurity solutions.
Products, Services, and Solutions
Smart Communications and OneSpan Partner to Expand Value of Customer Conversations with Electronic Signature Integration (OneSpan) Smart Communications™, a leading technology company focused on helping businesses engage in more meaningful customer conversations, and OneSpan Inc. (NASDAQ: OSPN), a global leader in digital identity verification and e-signatures, today announced a partnership that integrates OneSpan’s e-signature product, OneSpan Sign, into the Smart Communications platform to extend the value of the total customer experience.
Celerium's Log4j Global Coverage Site Provides Log4j Discovery Help for Companies (PR Newswire) Celerium today announced its Log4j Global Coverage, which provides resources related to combatting Log4j vulnerabilities. The site is part of...
Armorblox Integrates Its Email Security Platform with Microsoft Sentinel and Joins the Microsoft Intelligent Security Association (Armorblox) Best-in-Class Leaders in Cyber Insurance and Email Security Join Forces to Mitigate the Number One Risk Organizations Face Today – Email-based Cyber Attacks
Mandiant and SentinelOne Partner to Safeguard Organizations Against Threats (Mandiant) Mandiant is joining forces with SentinelOne in a strategic partnership to ensure joint customers remain secure.
Mandiant and SentinelOne Announce Strategic Partnership (Mandiant) Mandiant is joining forces with SentinelOne in a partnership to ensure joint customers remain secure.
Cloudentity Joins Google Cloud Partner Advantage Program (Bloomberg) Partnership will Enable Google Cloud Customers to Accelerate Innovation and Easily Address Open Banking Requirements
Google Cloud launches agentless cryptojacking malware scanner (ZDNet) The new security feature is designed to hunt down instances of cryptojacking.
Cellebrite Deploys SaaS Investigative Digital Evidence Management Solution in AWS London Data Center (Yahoo) Cellebrite’s industry-leading Digital Intelligence Platform continues to provide flexible options for law enforcement agencies to efficiently collect and review, analyze, manage, and share digital evidence to accelerate justice Additional AWS data center deployments are planned for Canada, Singapore, and Australia
Cyware Enhances Automated Threat Intelligence Sharing for Auto-ISAC to Promote a Proactive, Collective Defense (Business Wire) Cyware has partnered with Auto-ISAC, giving its members the ability to automatically aggregate, share, and collaborate on threat intelligence.
IronOrbit Partners with Keeper Security (PR.com) The alliance delivers on the commitment to protect clients against password-related data breaches by improving password management & security.
Gigamon ThreatINSIGHT 365-Day Data Retention Levels the Playing Field Against Adversaries’ Dwell Time Advantage (Business Wire) Gigamon, the leader in cloud visibility and analytics, today announced the latest release of Gigamon ThreatINSIGHT Guided-SaaS NDR™ . As the first NDR
Mlytics launches enhanced Origin Shield to fully protect web applications and APIs (ReBlonde) Cited in Gartner’s Market Guide for Global CDN, the Mlytics platform now takes its security arsenal to the next level with Origin Shield across multiple CDNs, simplifying deployment and removing the need for complicated configurations
Prevalent Unveils New Solution to Centralize and Automate Vendor Contract Lifecycle Management (Prevalent) Contract Essentials seamlessly integrates contract management into broader vendor risk efforts
Cybereason XDR for Cloud Workloads Secures Native and Hybrid Cloud Environments at Petabyte Scale (Cybereason) Cybereason, the XDR company, today announced the availability of its next-generation Cybereason XDR for Cloud Workloads, leveraging AI-driven behavioral analysis to deliver unparalleled runtime protection, detection and response to protect cloud workloads and containers across both native and hybrid cloud environments at petabyte scale.
Devo Launches Application Marketplace to Accelerate Time-to-Value for Customers and Partners - Devo.com (Devo.com) New Devo Exchange extends the capabilities of enterprise security teams, offering an abundance of valuable content to maximize their security tools at the push of a button
NordVPN launches Threat Protection and steps into the antivirus market (PCR) For accelerated security protection against cyber threats, NordVPN has integrated Threat Protection
Auth0 Credential Guard Detects Breached Passwords Faster to Prevent Account Takeover (Auth0 - Blog) New feature adds a dedicated security team and support for multiple languages to prevent fraudulent access with stolen credentials
Synopsys Introduces Code Sight Standard Edition to Enable Secure Software Development (Synopsys) Standalone IDE plugin enables developers to detect security vulnerabilities in source code and open source dependencies
Cofense Launches Cofense Validator to Help Organizations Evaluate the Efficacy of Secure Email Gateways Against Real Threats (Business Wire) Cofense announced the release of Cofense Validator to empower organizations to better understand the effectiveness of their SEGs.
Technologies, Techniques, and Standards
Google account hacks dropped by half after pushing two-step authentication by default (The Verge) "There is a lot of educating that needs to happen with 2SV."
'Hack One, Breach Many' Is Here to Stay: How to Secure Your Third-Party Risks (SecureLink) The connection point between a third party and a client’s system is the biggest point of risk.
Understand and reduce the Attack Surface (SecurityBridge) At SecurityBridge we interact with partners and customers to understand their risk appetite and to engender a solution to mitigate the unacceptable risks. One of the first questions is the following: Do you know your attack surface?
How a Texas hack changed the ransomware business forever (The Record by Recorded Future) The early morning hours of August 16, 2019 began with the whirring and burping sound of computer printers. The scratch and screech echoed along the empty corridors of the Borger, Tex. administrative offices, paper sliding from tray to ink jet to tray and then back again.
Design and Innovation
Cyber uncertainties: Observations from cross-national war games (ETHZürich) It is crucial for us to understand the motivations and processes that facilitate decisions to operate in cyberspace. Pseudo-experimental war games were designed to help with that.
Artificial intelligence and the offense–defense balance in cyber security (ETHZürich) This chapter will take stock of the knowledge about when, how, and to what extent AI and cyber security are converging and will shed light on the difficulty to answer these questions.
Quantum computing and classical politics: The ambiguity of advantage in signals intelligence (ETHZürich) This chapter puts quantum information technology into political context, focusing on the applications for code making and code breaking, as they are particularly dramatic.
Legislation, Policy, and Regulation
Putin, Xi Aim Russia-China Partnership Against U.S. (Wall Street Journal) The two leaders together advanced their joint opposition to America’s global network of alliances, seeking to nudge it aside as the sole superpower.
Opinion: Russia and China announce a bid to make the world safe for dictatorship (Washington Post) There was potent symbolism in the warm meeting between President Xi Jinping of China and his Russian counterpart, Vladimir Putin, as the Winter Olympics opened in Beijing. At a time when other countries are troubled by the actions of these Eurasian giants — from Russia’s threatened invasion of Ukraine to China’s genocide against the Uyghur people — the two dictators took center stage to support one another.
Don’t Buy the Xi-Putin Hype (Foreign Policy) Beijing went out of its way to downplay the summit's significance, revealing a potential wedge for the West.
Odds shorten on Huawei 5G ban in Czech Republic (Light Reading) The cybersecurity office recommends using 5G suppliers from only democratic countries, which is bad news for Huawei and its customers.
Local governments are more vulnerable to cyberattacks than ever before. DHS wants mayors to step up. (USA Today) In an exclusive interview with USA TODAY, the nation’s top civilian cybersecurity official says local governments face more digital threats than ever.
Fears of Chinese government espionage to cost US $5.6 billion (Verdict) The FCC recently revised figures on how much it will cost US network operators to ‘rip and replace’ Huawei and ZTE’s network equipment.
Senate lawmakers try again on cyber incident reporting legislation (The Record by Recorded Future) The leaders of the Senate Homeland Security Committee on Tuesday introduced a legislative package meant to boost U.S. cybersecurity, warning a possible Russian invasion of Ukraine could result in cyberattacks against the U.S. by Moscow or its proxies.
Hacks Bring New Urgency to Moves by Congress and Agencies to Reduce Future Cybersecurity Risks (Government Accountability Office) After two recent high-profile cyber incidents that affected federal IT systems—the SolarWinds and Microsoft Exchange Server hacks—Congress and federal agencies are moving with renewed urgency to take actions that would improve the security of U.S. government IT systems from cyberattacks. But they have a lot more work to do to make these systems secure.
Cyberflashers face jail in law change (Times) People who send unsolicited images of their genitals to strangers will face up to two years in jail. Perpetrators will also be put on the sex offenders register
Top Pentagon Cybersecurity Official Resigns (Infosecurity Magazine) Katie Arrington steps down in protest over movement of CMMC Program to DOD CIO’s office
DoD’s Arrington resigns ‘in protest’, announces run for Congress (Federal News Network) Former leader of DoD's CMMC program alleges her security clearance suspension and later elimination of her position were "politically influenced."
Litigation, Investigation, and Law Enforcement
Russian government continues crackdown on cybercriminals (CyberScoop) Russian authorities seized the websites of several Russian cybercrime forums Monday, the latest in a string of high-profile actions the government there has taken against cybercriminals.
DOJ Seizes $3.6 Billion in Bitcoin Stolen in Bitfinex Hack (Bloomberg) Case represents largest financial seizure ever, Monaco says. Two people charged with seeking to launder 119,754 Bitcoin.
Justice Department Says It Seized $3.6 Billion Worth of Bitcoin Stolen in 2016 Hack (Wall Street Journal) The value of the bitcoin at the time it was seized last week marks the department’s largest-ever financial seizure, officials said.
DOJ seizes $3.6 billion from 2016 Bitfinex hack, arrests New York couple (The Record by Recorded Future) The US Department of Justice announced today that it seized more than 94,000 Bitcoin assets stolen from the Bitfinex cryptocurrency exchange in 2016 and arrested a New York couple on charges connected to attempts to launder the funds.
Self-proclaimed 'Crocodile of Wall Street' snagged in big Bitcoin bust (Reuters) Heather Morgan is a would-be corporate influencer who raps about entrepreneurship, designs handbags inspired by ketchup squirts, and signs off from her motivational YouTube videos with the words "razzle-dazzle."
Who is 'the Crocodile of Wall Street' who laundered $4.5B in stolen Bitcoin? (Fortune) Heather Morgan, aka Razzlekhan, and husband Ilya Lichtenstein are charged with laundering Bitcoin stolen in a 2016 hack.
NSO Group Gave Pegasus Spyware Demo to the NYPD (Vice) An email obtained by Motherboard says that the audience for a demo of NSO Group's Pegasus spyware included "NYPD intel."
‘They pretty much had access to everything’: WFAA reveals the masterminds behind last year’s Dallas ISD cyber breach. And it’s not who you think. (WFAA) A year and a half before the breach, consultants told DISD its systems were vulnerable, but then COVID hit and it’s unclear if fixes were made.
Cyber Firm Sues Founder Group In Del. Over Merger Dissent (Law360) Recently merged cybersecurity company Cygilant Inc. sued the company's founders and substantial investors in Delaware Chancery Court, citing allegedly disruptive objections to the company's merger with former BAE Systems PLC affiliate SilverSky.