Dateline Moscow, Kyiv, and Minsk: Hacktivisim and privateering.
Russia’s invasion of Ukraine: List of key events, day 71 (Al Jazeera) As the Russia-Ukraine war enters its 71st day, we take a look at the main developments.
Ukraine Latest: Russian Troops Bogged Down, Pentagon Says (Bloomberg) The European Union proposed a ban on Russian crude oil phased in over the next six months, part of the bloc’s sixth package of sanctions as President Vladimir Putin seeks to cement military gains in Ukraine.
Russian War Report: New fires and alleged sabotage operations across Russian territory (Atlantic Council) Over the past week, numerous strategic facilities on Russian territory have caught fire drawing accusation of sabotage.
Russian troops begin huge assault on Mariupol steelworks (The Telegraph) Azovstal plant, providing shelter for city's last 2,000 Ukrainian soldiers and 1,000 citizens, under infantry attack after bombardment
Easy out from steel mill seen as unlikely for Ukraine troops (AP NEWS) With the evacuation of some civilians from a steel mill besieged by Russian forces in the port of Mariupol, attention is turning to the fate of hundreds of Ukrainian troops still inside after weeks in the plant's warren of underground tunnels and bunkers.
Ukraine leader appeals for truce to dig out civilians trapped under Mariupol steel plant (Reuters) Civilians will need to be dug from bunkers under a steel works that is the last holdout of resistance in Ukraine's Mariupol, President Volodymyr Zelenskiy said on Thursday, after a Russian bombardment that has littered the area with concrete debris.
Russia planning victory parade in Mariupol, Ukraine says (euronews) Dead bodies and debris are being hastily cleaned from the streets of Mariupol ahead of a Russian victory parade, Ukraine's intelligence service has said. #EuropeNews
EXPLAINER: Why Victory Day in Russia is different this year (AP NEWS) The invasion of Ukraine means that fewer Russian tanks and other military hardware will rumble through Moscow’s Red Square on Monday, when the country marks its victory over Nazi Germany in World War II.
Grave by grave, police and war crimes investigators comb a Ukrainian forest (Los Angeles Times) Weeks after Russian occupation, rural areas outside Ukraine's capital still yield forest graves. Exhumations remain a near-daily task for police.
Russia Seeks to Annex Occupied Ukraine as Invasion Goals Shift (Bloomberg) Kremlin plans referenda to absorb Donbas into its territory. Votes on joining Russia could be delayed as offensive stalls.
Tolstoy’s great-great-grandson boasts of his ancestor ‘slaughtering’ British troops in Crimea (The Telegraph) Pyotr Tolstoy, a politician and descendant of the War and Peace novelist, praises the Ukraine war and repeats calls for ‘de-Nazification’
Putin may soon officially declare war on Ukraine, US and Western officials say (CNN) Russian President Vladimir Putin could formally declare war on Ukraine as soon as May 9, a move that would enable the full mobilization of Russia's reserve forces as invasion efforts continue to falter, US and Western officials believe.
Russian Troops Are Taking Putin’s Orders to Demilitarize Ukraine Literally (Foreign Policy) Russian strikes have hammered facilities that produce heavy gear the Ukrainian armed forces desperately need.
Russian airstrikes target western arms arriving in Ukraine (the Guardian) Moscow steps up missile strikes on key infrastructure as flow of western weapons becomes focus of war
Ukraine: Russia using 'missile terrorism' in wide attacks (AP NEWS) Complaining that the West is "stuffing Ukraine with weapons,” Russia bombarded railroad stations and other supply-line targets across the country, as the European Union moved to further punish Moscow for the war Wednesday by proposing a ban on oil imports.
Ukraine War Diary: “You can never really get used to the air raid sirens” (Atlantic Council) Ukrainian media personality Vitaly Sych has kept a war diary recounting his experiences and observations during the past two terrifying and heroic months as Ukrainians have adjusted to Vladimir Putin’s criminal invasion.
AP Methodology: Calculating Mariupol theater airstrike dead (AP NEWS) Close to 600 people died in the Russian airstrike on the Mariupol drama theater on March 16, evidence from an Associated Press investigation suggests.
U.S. Intelligence Is Helping Ukraine Kill Russian Generals, Officials Say (New York Times) Targeting assistance is part of a classified effort by the Biden administration to provide real-time battlefield intelligence to Ukraine.
Russian ally Belarus launches military quick-response drills (Washington Post) The Belarusian military has launched large-scale drills to test the readiness of its armed forces to respond quickly to “possible crises” and counter threats from the air and ground, the country’s Defense Ministry said early Wednesday.
Putin’s Ukraine War: Desperate Belarus dictator strikes back (Atlantic Council) Belarus dictator Alyaksandr Lukashenka is seeking to introduce the death penalty for anti-war activists who are sabotaging Russian troop movements in protest over Belarus's supporting role in Putin's Ukraine invasion.
Russian ransomware group claims attack on Bulgarian refugee agency (CyberScoop) The impact of the alleged attack is so far unclear. The country has taken in hundreds of thousands of Ukrainian refugees.
Nakasone says Cyber Command did nine 'hunt forward' ops last year, including in Ukraine (CyberScoop) U.S. Cyber Command's Gen. Paul Nakasone says Russian cyber attacks against Ukraine have been destructive and he is still bracing for potentially serious cyberattacks against the U.S.
CYBERCOM Sent a ‘Hunt Forward’ Team to Help Ukraine Harden Systems (MeriTalk) While the United States has refrained from getting involved in the Russia-Ukraine war from a “boots-on-the-ground” standpoint, one of the ways the nation has been supporting Ukraine in the conflict has been through the help of a U.S. Cyber Command (CYBERCOM) hunt forward team to aid in its cyber defenses against Russia, CYBERCOM Commander Gen. Paul Nakasone said today.
Russia and Ukraine Conflict Q&A | Cybersixgill (Cybersixgill) Hacktivist groups backing each side of the conflict have joined the war effort, launching a series of wide-scale cyberattacks targeting critical infrastructures and industries in hostile nations.
Google Sees More APTs Using Ukraine War-Related Themes (SecurityWeek) Google's Threat Analysis Group (TAG) observed an increased number of threat actors using cyberattack themes related to the war in Ukraine.
Pro-Ukraine hackers use Docker images to DDoS Russian sites (BleepingComputer) Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations.
Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites (Security Affairs) Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites. Pro-Ukraine hackers, likely linked to Ukraine IT Army, are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media. The DDoS attacks also targeted three Lithuanian media websites. The attacks were monitored by […]
Foreign policy realists should be bolder about defeating Putin in Ukraine (Atlantic Council) Foreign policy realists have urged caution over Ukraine but as the conflict grinds on it is now time to recognize that the democratic world has a significant interest in securing Vladimir Putin's decisive defeat.
Gazprom set the Russian invasion of Ukraine in motion (Atlantic Council) Gazprom's actions in the months leading up to Russia's invasion of Ukraine can only be interpreted as stage-setting maneuvers to deter European involvement. Its willingness to abdicate its commercial responsibilities raises serious questions about Europe's future business with Russian energy companies.
Iran sanctions raise doubts about the success of economic pressure on Russia (Atlantic Council) One parallel for the new Russia sanctions can been seen in the even more stringent measures imposed against its ally, Iran.
Viktor Orban blocks EU plan for total ban on Russian oil (The Telegraph) Bloc split as Hungary, fearing for its own energy security, rejects a key new package of sanctions to put pressure on Vladimir Putin
EU Plans to Block Russians From Buying European Real Estate (Bloomberg) Measure to affect Russian nationals, residents and entities. Member states must sign off on ban, which is subject to change.
EU Proposes Sanctions on Main Belarus Potash Companies (Bloomberg) Proposed sanctions package also targets oil refinery Naftan. EU is expected to outline a sixth sanctions package Wednesday.
Attacks, Threats, and Vulnerabilities
Threat Advisory: New Log4j Exploit Demonstrates a Hidden Blind Spot in the Global Digital Supply Chain (Cequence) Threat advisory: New Log4j exploit demonstrates a hidden blind spot in the global digital supply chain | Cequence Security Learn how Log4j has evolved to become LoNg4j and how it exposes the flaws in the digital supply chain.
Anonymous Leak 82GB of Police Emails Against Australia's Offshore Detention (HackRead) In total, Anonymous leaked 285,635 confidential emails belonging to the Nauru Police Force of the tiny Nauru Island infamously known for being used by Australia as an offshore refugee detention center in return for aid.
Colonial Pipeline One Year Later: What’s Changed? (Digital Shadows) For the first half of 2021, ransomware groups looked unstoppable. Ransomware gangs were adding victim after victim on their dark web data leak sites, displaying an unprecedented level of technical sophistication and corporate-like organization. On top of that, new ransomware variants were popping up with increasing regularity to capitalize on the immensely lucrative nature of
Analyzing BlackByte Ransomware's Go-Based Variants (Zscaler) In this post, Zscaler ThreatLabz analyzes two variants of the Go-based implementation of BlackByte ransomware. Read more.
China-Linked Winnti APT Group Silently Stole Trade Secrets for Years: Report (SecurityWeek) Winnti is a Chinese state-affiliated group that has existed since at least 2010 and is known for its sophistication, stealth and focus on stealing technology secrets.
New report uncovers massive Chinese hacking of trade secrets (The Hill) Security researchers on Wednesday said that hackers connected to the Chinese government have attempted to access sensitive information from dozens of global organizations. Security firm Cyber…
Chinese hackers perform 'rarely seen' Windows mechanism abuse in three-year campaign (ZDNet) Operation CuckooBees is an elaborate operation against companies in the US and beyond.
Cisco Issues Fresh Warning Over Counterfeit Switches (SecurityWeek) Cisco has issued another warning over the use of counterfeit switches, advising customers to update the software on devices before they are onboarded.
3 most dangerous types of Android malware (WeLiveSecurity) Here's what to know about some of the nastiest types of mobile malware – from software that takes your phone and data hostage to RATs that allow hackers to control your device.
Twitter Blue Badge Phishing Scams Are Targeting Verified Accounts (Trend Micro News) If you have a verified Twitter account (with a blue badge), please be careful — you're a potential target in this latest phishing scam!
CISA Adds Five Known Exploited Vulnerabilities to Catalog (CISA) CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.
Malware identified used in RIPTA breach that affected 22,000 Rhode Islanders (The Providence Journal) Ransomware used for RIPTA breach was reportedly developed by\u00a0Russian cybercriminals and was involved in 87 incidents reported to the FBI.
Evri warning over new phishing text message scam: How to report and what is smishing? (Yahoo Finance) People should be wary of a text message claiming to be from delivery service Evri
State Bar of Georgia reels from cyber-attack (The Daily Swig) Bar suspends website after mystery assault
Security Patches, Mitigations, and Software Updates
Android monthly updates are out – critical bugs found in critical places! (Naked Security) Android May 2022 updates are out – with some critical fixes in some critical places. Learn more…
Mozilla Releases Security Updates for Firefox and Firefox ESR (CISA) Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 100 and Firefox ESR 91.9 and apply the necessary updates.
F5 Releases Security Advisories Addressing Multiple Vulnerabilities (CISA) F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit CVE-2022-1388 to take control of an affected system.
F5 Informs BIG-IP Customers About 18 Serious Vulnerabilities (SecurityWeek) F5 has released its quarterly security notifications, which inform BIG-IP customers about 18 critical and high-severity vulnerabilities.
GitHub users will be required to use two-factor authentication by 2023 (Protocol) By the end of 2023, GitHub.com will require contributors to use two-factor authentication.
Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software (The Hacker News) Cisco has released patches to fix 3 new vulnerabilities in Enterprise NFV Infrastructure Software (NFVIS) .
Trends
Virginia Researchers Study Gaps in Cyber Crime Reporting (GovTech) States still don’t know how much cyber crime actually occurs or how residents are trying to protect themselves. A research team in Virginia is hoping to fill in the knowledge gap with a newly launched study.
Marketplace
Hubble Technology Banks $9 Million for Asset Visibility Platform (SecurityWeek) Hubble Technology banks $9 million in venture capital funding to build an “agentless technology asset visibility” aimed at disrupting the asset management space.
Application Security Firm ShiftLeft Raises $29 Million (SecurityWeek) ShiftLeft closes a $29 million funding round led by Blackstone Innovations Investments and SYN Ventures.
SentinelOne Completes Acquisition of Attivo Networks (SentinelOne) With this acquisition, SentinelOne extends Singularity XDR capabilities across endpoint, cloud, IoT devices, and data wherever it resides.
Iron Bow Technologies Awarded 2021 Quest Federal Partner of the Year (Yahoo Finance) HERNDON, Va., May 04, 2022--Iron Bow Technologies, an information technology solutions provider to government, commercial, education, and healthcare markets, announced today that it was selected as the Quest 2021 Federal Partner of the Year.
Zscaler taps Forcepoint’s John Milionis to be new ANZ channel chief (CRN Australia) He replaces Foad Farrokhnia who was promoted to APJ channel chief.
Kyndryl names new ANZ alliances boss (CRN Australia) Yolanda Stead joins from KPMG.
Products, Services, and Solutions
Buoyant Cloud Introduces Fully Managed Linkerd to Automate Service Mesh Management (PR Newswire) Buoyant, creator of the widely-used open source Linkerd service mesh, today introduced "fully managed" Linkerd functionality to Buoyant Cloud,...
Onapsis Partners with NextGen Cyber Talent to Expand and Diversify the Cybersecurity Workforce (Business Wire) Onapsis, the leader in business-critical application cybersecurity and compliance, today announced that it has partnered with nonprofit education prov
NINJIO Announces Agreement With TD SYNNEX (NINJIO) Partnership with TD SYNNEX to reach more customers with NINJIO AWARE – the most effective cybersecurity awareness training solution available
Enpass launches first offline password management tool for enterprises (VentureBeat) Enpass launches offline password management tool to allow users to store passwords on local devices or in the cloud.
New Cisco Technology Can Predict Network Issues Before They Happen () Customer Trials Show IT Teams Can Predict and Avoid Issues with High Accuracy News summary Cisco reveals how it is helping networks evolve by predicting application issues before they happen, enabling a new level of reliability and performance.
Hillstone Networks Expands Its Security Portfolio With CloudArmour (Forbes) Analyst Matt Kimble takes a look at Hillstone Networks' new CloudArmour security offering.
Check Point, DCC partner on intelligent security solutions (IT-Online) Check Point Software Technologies has appointed Drive Control Corporation (DCC) as its official distributor for South Africa and the SADC region. The appointment will see DCC distributing Check Point’s complete range of advanced security solutions which focus on cloud and on-premises security. DCC and Check Point’s partnership represents the distributor’s established reputation that sees it […]
Fisher Jones Greenwood Selects Cyren Inbox Security to Protect Against BEC Attacks (Access Wire) Ensures resiliency of Microsoft Office 365 against targeted cyber threats
Quisitive Achieves Microsoft Cloud Security Advanced Specialization (Yahoo) Company Achieves 11th Microsoft Advanced SpecializationTORONTO, May 04, 2022 (GLOBE NEWSWIRE) -- Quisitive Technology Solutions Inc. (“Quisitive” or the “Company”) (TSXV: QUIS, OTCQX: QUISF), a premier Microsoft solutions and payment solutions provider, has achieved the Microsoft Cloud Security Advanced Specialization, marking the 11th advanced specialization it has received and the final one available in the security solutions area. The Company now holds all four Microsoft Security Solutions Ad
Microsoft Rebrands its Data Governance Service to Microsoft Purview (InfoQ) Recently, Microsoft announced Microsoft Purview, a new product branding bringing together the Azure Purview data governance service with various Microsoft 365 compliance solutions.
Microsoft Releases Defender for SMBs (Dark Reading) Microsoft's stand-alone version of Defender for SMBs promises to help SecOps teams automate detection, response, and recovery.
Technologies, Techniques, and Standards
U.S. conducts first Hunt Forward Operation in Lithuania (U.S. Cyber Command) At the invitation of the Lithuanian government, U.S. Cyber Command’s Cyber National Mission Force deployed a hunt forward team to conduct defensive cyber operations alongside partner cyber forces,
NSA Chief: Cyber Command Did 9 Cyber Defense Missions Last Year (Nextgov.com) The dual-hatted head of the spy agency and military command has been conducting proactive missions to diffuse cyber threats to U.S. elections and other critical infrastructure and stressed the importance of artificial intelligence to advance the efforts.
Cyber Command sent a 'hunt forward' team to help Lithuania harden its systems (The Record by Recorded Future) U.S. Cyber Command recently deployed personnel to Lithuania to strengthen that country’s digital defenses, the second such mission tied to Russia’s invasion of Ukraine, a senior command official said Wednesday.
A top online voting company is ramping up its cyber vetting Image without a caption (Washington Post) Democracy Live is submitting to continuous vetting for hackable bugs
Design and Innovation
A Plan to Keep the Space Force's Future AI Safe (Air Force Magazine) The Space Force’s chief technology and innovation officer has an idea for how not to let the military’s AI get out of hand.
Legislation, Policy, and Regulation
Cybersecurity continues to be a top priority in Canada (Toronto Sun) Every year the statistics on cybercrime increase. It is a growing problem in Canada like in the rest of the world.
How Ireland lost its chance to become Big Tech’s ‘super regulator’ (CNBC) With the recently approved Digital Services Act, Ireland will no longer be at the center of the EU's clampdown on Big Tech.
Ireland 'not able to defend itself from air, sea, or cyberattack' (Irish Examiner) Senator quizzes minister about country's current defence capabilities
MeitY, CERT-In order VPNs, crypto exchanges, others to store user data for at least five years (NEWS9LIVE) Even in case a user cancels service subscription, the companies are required to track and maintain their records for the same period of time
White House to boost support for quantum technology while boosting cybersecurity (Reuters) The White House on Wednesday will announce a slate of measures to support quantum technology in the United States while laying out steps to boost cybersecurity to defend against the next generation of supercomputers.
Executive Order on Enhancing the National Quantum Initiative Advisory Committee (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including section 104(a) of the National
Facebook, Google face regulatory reckoning that may end Big Tech dominance (Newsweek) A spate of new laws in Europe and the U.S. foreshadow what could be the end of dominance for Google, Facebook and Amazon
President Biden Announces Appointments to the President’s Intelligence Advisory Board and the National Science Board (The White House) WASHINGTON – Today, President Biden announces his intent to appoint the following individuals to serve in key roles: Admiral James A. “Sandy” Winnefeld,
Idaho needs to shore up cybersecurity, task force says (AP NEWS) Idaho needs to be better prepared to defend against inevitable cyberattacks that could harm individuals, businesses and critical infrastructure, the Governor's Cybersecurity Task Force said in a report released Wednesday.
Litigation, Investigation, and Law Enforcement
Meta Tells High Court To Deny Spyware Co.'s Immunity Bid (Law360) Meta and its subsidiary WhatsApp told the U.S. Supreme Court to reject a review petition from Israeli spyware firm NSO Group Technologies, which is appealing a Ninth Circuit ruling that denied it foreign immunity from WhatsApp's hacking claims.