Dateline Moscow, Kyiv, Helsinki, Stockholm, and London: Hybrid war during stalemate on the ground.
Ukraine at D+77: Hackivism, amid a temporary stalemate. (The CyberWire) Hacktivists continue to make their nuisance-level contributions to both sides in Russia's war against Ukraine.
Ukraine maps reveal how much territory Russia has lost in just a few days (Newsweek) Russian troops have reportedly been forced to retreat due to counterattacks by Ukrainian forces this week.
Counter-attacks force Russian troops to retreat behind their own borders (The Telegraph) Ukraine says Kremlin has sustained 'significant losses' and has moved back 25 miles inside Russian territory
Ukraine Live Updates: Russia Sees Threat as Finland Moves Closer to Joining NATO (New York Times) Finland’s president and prime minister endorsed joining the alliance, another sign of how Russia’s invasion has strengthened NATO instead of weakening it. Moscow said it would “take necessary measures” to protect itself, as Vladimir Putin shows no sign of backing down in Ukraine.
E.U. fails to agree on Russian oil embargo; Ukraine says negotiations ongoing to evacuate Azovstal fighters (Washington Post) As Russia’s invasion of Ukraine nears the end of its 11th week, European Union diplomats failed to reach an agreement on how to phase out imports of Russian oil — a move meant to undercut a key source of funding for the Kremlin. Talks ended Wednesday morning with Hungary remaining a holdout on the oil embargo.
Kherson’s puppet governors call on Russia to annex the city (The Telegraph) Kremlin collaborators scrap doomed referendum to secede the southern city from Ukraine into a Kherson People's Republic
Kherson’s military administrators to call for Russian annexation (the Guardian) Unclear if Kremlin will agree to annex captured Ukrainian territory or use threat to put pressure on Kyiv
Putin prepared for ‘prolonged’ conflict, U.S. intelligence chief says (Washington Post) Russian President Vladimir Putin is prepared for a prolonged conflict in Ukraine, betting that Russia is more willing and able to endure the longer-term effects of the war than Moscow’s adversaries, Director of National Intelligence Avril Haines told senators on Tuesday.
Vladimir Putin ‘gearing up for a prolonged war and will not stop at Donbas’ (The Telegraph) Russian leader’s retreat from Kyiv was ‘temporary shift’ and he is likely counting on Western resolve weakening, warns US intelligence chief
Strategic miscalculations have doomed Putin’s Donbas offensive (The Telegraph) For all the losses they are suffering in the Donbas, Russian forces have neither the force nor will to affect anything like a major victory
Will Putin use nuclear weapons in Ukraine? Our experts answer three burning questions. (Atlantic Council) Our nuclear experts weighed in on the chances of Putin taking the fateful step, how he might do it, and how the West would likely respond.
Kazakhstan cancels Victory Day in protest over Putin’s Ukraine War (Atlantic Council) With Russia currently waging war in Ukraine, traditional Victory Day events on May 9 took on added symbolic significance. This holiday marking the Soviet victory over Nazi Germany has become central to modern Russia’s national identity, but attitudes elsewhere in the former USSR are often more nuanced and reflect the complex dynamics of post-imperial relations with Moscow. For Kazakhstan, refusal to join this year’s Victory Day celebrations was a subtle way of distancing the country from Russia’s aggressive actions.
Belarusian volunteers see Ukraine war as stepping stone to a free Belarus (Atlantic Council) The hundreds of Belarusians who are currently fighting for Ukraine believe that defeating Vladimir Putin's invasion is their best chance of liberating Belarus itself and bringing the Lukashenka dictatorship to an end.
Pro-Russian hackers target Italy institutional websites -ANSA news agency (Reuters) Pro-Russian hackers have attacked the websites of several Italian institutions, including the senate, ANSA news agency reported on Wednesday.
US and EU Officials Attribute Viasat Cyber Attack to Russia (Via Satellite) Russia is responsible for cyber attacks against commercial satellite communications networks in late February to disrupt Ukraine’s command and control
U.S. allies blame Russia for a cyberattack early in its Ukraine invasion (Washington Post) The Biden administration and allies blame Russia for a hack directed at Ukraine
Russian cyber experts restore RuTube access after three-day outage (Reuters) Access to Russian video-hosting site RuTube was restored on Wednesday after a three-day outage, following a cyberattack that had demanded the attention of expert cybersecurity teams and called the service's durability into question.
They Fled Ukraine to Keep Their Cyber Startup Alive. Now, They’re Hacking Back. (Wall Street Journal) Security firm Hacken relocated to Lisbon and is now launching cyberattacks against Russia.
Ukraine hacktivism 'problematic' for security teams says NSA cyber chief (Tech Monitor) Ukraine hacktivism efforts are often well-intentioned, but their attacks can be problematic says the NSA's cybersecurity director.
Attacks on UK's critical national infrastructure have surged since Ukraine war (Computing) Attacks against infrastructure firms have spiked since Russia invaded Ukraine in March
Critical Infrastructure Firms See Cyber-Attack Surge (Infosecurity Magazine) Most CNI providers have seen an increase in threats since Ukraine war
Digital cooperation by US, Ukraine is a success on multiple levels, Pentagon chief says (The Record by Recorded Future) The U.S. doctrine of staying in constant contact with adversaries in cyberspace is "paying dividends," saidDefense Secretary Lloyd Austin.
Intelligence-sharing with Ukraine designed to prevent wider war (Washington Post) The United States is sending billions of dollars in military equipment to Ukraine, including heavy artillery, drones and antitank missiles. Administration officials have publicly enumerated those contributions, practically down to the number of bullets. But they are far more cautious when describing another decisive contribution to Ukraine’s battlefield success: intelligence about the Russian military.
Ukraine invasion ‘reinforcing’ Army’s work on secure networks, comms (Breaking Defense) "...[W]hen you have a living and breathing threat, you need to think about the things such as a contested and congested environment,” Maj. Gen. Rob Collins, the service’s program executive officer for command, control, communications-tactical (PEO C3T) said.
Help Ukraine now, and it could power Europe later (Atlantic Council) The world should help rebuild a peaceful country that would contribute to Europe’s long-term energy security, argues the CEO of Ukraine's largest electricity producer.
Ukraine will feel aftermath of Russia's war 'for 100 years', says Olaf Scholz (The Telegraph) Ukraine can expect to feel the aftermath of Russia's war "for 100 years" because of unexploded bombs littering cities, German Chancellor Olaf Scholz has warned.
EXPLAINER: What's the fallout from Ukraine's pipe shutdown? (AP NEWS) The shutdown of a gas pipeline in eastern Ukraine has sent a fresh wave of energy jitters through Europe.
Finland and Sweden joining Nato shows just how terribly Vladimir Putin has miscalculated (The Telegraph) Russia’s ‘strategic genius’ in Europe set to evaporate as Ukraine war pushes Nordic states closer to the West
Finland moves toward joining NATO amid Russia threats (AP NEWS) Finland’s leaders Thursday came out in favor of applying to join NATO, and Sweden could do the same within days, in a historic realignment on the continent 2 1/2 months after Russian President Vladimir Putin’s invasion of Ukraine sent a shiver of fear through Moscow’s neighbors.
Finland's leaders call for NATO membership 'without delay' (AP NEWS) Finland’s leaders said Thursday they’re in favor of rapidly applying for NATO membership, paving the way for a historic expansion of the alliance that could deal a serious blow to Russia as its military struggles with its war in Ukraine .
Kremlin threatens retaliation after Finland leaders say it must join Nato (the Guardian) Finland’s president and PM make call after support in country for joining trebles since Ukraine war
Finland joining NATO will be "smooth and swift," says secretary-general (Newsweek) In a statement to Newsweek, NATO Secretary General Jens Stoltenberg welcomed Finland's bid to join the alliance and promised a "smooth and swift" process.
Boris Johnson: UK ‘would help Nordic nations fight the Russians’ (The Telegraph) Prime Minister says he would send British troops to Finland or Sweden to repel an invasion as he signs defence pact
Russia-Ukraine latest news: Boris Johnson signs historic military deals with Sweden and Finland (The Telegraph) Boris Johnson will sign historic security assurance declarations with Sweden and Finland in the face of Russia's invasion of Ukraine, pledging to "bolster military ties" and support both countries should they come under attack.
'This tears my soul apart': A Ukrainian boy and a killing (AP NEWS) As he listened to his father die, the boy lay still on the asphalt. His elbow burned where a bullet had pierced him. His thumb stung from being grazed. Another killing was in progress on a lonely street in Bucha, the community on the outskirts of Ukraine’s capital, Kyiv, where bodies of civilians are still being discovered weeks after Russian soldiers withdrew.
Ukraine to hold first war crimes trial of captured Russian (AP NEWS) Ukraine’s top prosecutor disclosed plans Wednesday for the first war crimes trial of a captured Russian soldier, as fighting raged in the east and south and the Kremlin left open the possibility of annexing a corner of the country it seized early in the invasion.
WHO's European countries say Moscow office should be moved (AP NEWS) Members of the World Health Organization’s European region have condemned Russia’s war in Ukraine, which could result in moving one of the agency’s offices out of Russia and suspending all meetings there until Moscow pulls its troops out of Ukraine.
Attacks, Threats, and Vulnerabilities
COBALT MIRAGE Conducts Ransomware Operations in U.S. (Secureworks) The Iranian threat group blurs the line between financially motivated attacks and espionage
Analysts confirm return of REvil ransomware gang (ComputerWeekly) Secureworks CTU analysis has found that the REvil ransomware is undergoing active development, possibly heralding a new campaign of cyber attacks.
Falcon OverWatch Detects Novel IceApple Framework (CrowdStrike) CrowdStrike's Falcon OverWatch proactive threat hunting uncovered IceApple, a sophisticated post-exploitation framework.
CrowdStrike Identifies Novel ‘IceApple’ Post-Exploitation Framework (MeriTalk) Cybersecurity services provider CrowdStrike said today it has identified a sophisticated post-exploitation framework that was first detected in 2021 and that has been observed in multiple victim environments in geographically distinct locations – with intrusions spanning technology, academic, and government sectors.
New 'post-exploitation' threat deployed on Microsoft Exchange servers is spotted by researchers (The Record by Recorded Future) The stealthy IceApple malware is aimed at Microsoft Exchange servers and probably comes from an advanced adversary, CrowdStrike said.
npm supply chain attack targets Germany-based companies with dangerous backdoor malware (JFrog) The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations
The Conti Leaks - Insight into a Ransomware Unicorn (BreachQuest) The recent Conti Ransomware leaks reveal how the notorious ransomware group manages to operate a global criminal enterprise from the shadows.
Critical Vulnerability Exploited to 'Destroy' BIG-IP Appliances (SecurityWeek) The critical F5 BIG-IP vulnerability CVE-2022-1388 is being exploited to erase files from appliances, potentially causing serious disruption.
Trustwave’s Action Response: F5 BIG-IP Vulnerability (CVE-2022-1388) (Trustwave) Trustwave SpiderLabs is tracking a new critical-rated vulnerability (CVE-2022-1388) affecting F5 BIG-IP network devices. Threat actors are reported to be actively exploiting this vulnerability in the wild. F5 disclosed and issued a patch for CVE-2022-1388 on May 4.
DEA Investigating Breach of Law Enforcement Data Portal (KrebsOnSecurity) The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime…
Canadian fighter jet training company investigating ransomware attack (The Record by Recorded Future) Top Aces, which provides adversary aircraft used in fighter jet pilot training, showed up on the leak site for the LockBit ransomware group.
How to Protect Your Mac From Ransomware (Deep Instinct) Threat actors are getting smarter and your macOS is not safe from ransomware attacks. Read more on the latest threats and how to protect your mac.
What malware to look for if you want to prevent a ransomware attack (Intel471.com) Ransomware attacks start way before ransomware is placed onto a network. Here is the malware you need to watch out for.
SaaS App Vanity URLs Can Be Spoofed for Phishing, Social Engineering (SecurityWeek) Researchers have analyzed the potential risks associated with vanity URLs for popular SaaS applications such as Box, Zoom and Google Docs.
Vulnerability Summary for the Week of May 2, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
HP Wolf Security Threat Insights Report Q1 2022 | HP Wolf Security (HP Wolf Security) Don’t let cyber threats get the best of you. Read our post, HP Wolf Security Threat Insights Report Q1 2022, to learn more about cyber threats and cyber security.
Security Patches, Mitigations, and Software Updates
CISA tells federal agencies to fix actively exploited F5 BIG-IP bug (BleepingComputer) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices.
May Patch Tuesday 2022 Addresses 74 Critical Issues (SYXSENSE) April Patch Tuesday 2022 has arrived. Tackle the latest Microsoft updates, critical patches, and vulnerabilities of the month.
Microsoft Releases May 2022 Security Updates (CISA) Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2022 Security Update Summary and Deployment Information and apply the necessary updates.
Chrome 101 Update Patches High-Severity Vulnerabilities (SecurityWeek) Google this week announced the release of a Chrome browser update that resolves a total of 13 vulnerabilities, including nine that were reported by external researchers.
Google Releases Security Updates for Chrome (CISA) Google has released Chrome version 101.0.4951.64 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.
Trends
LinkedIn users targeted in 52% of all phishing attacks globally in Q1 2022 (Atlas VPN) Data presented by Atlas VPN reveals that LinkedIn was related to over 52% of all phishing scams globally in the first quarter of 2022. Interestingly, it’s the first time that social media network was leveraged much more often than any tech giant brand name like Apple, Google, and Microsoft.
Marketplace
Email Security Vendors Score Billion-Dollar Valuations (SecurityWeek) Material Security, a startup operating in the crowded email security market, has banked $100 million in new venture capital funding at $1.1 billion valuation.
Material Security Reaches $1.1 Billion Valuation for ‘Zero Trust’ Security on Microsoft and Google Email (Business Wire) Material Security, a company that can protect email accounts even after they have been compromised, today announced it has secured $100 million in Ser
Identitypass, A Black-Owned Identity Verification API, Raises $2.8M Seed Funding (POCIT) Identitypass today announced that it has raised $2.8 million in seed funding, months after graduating from Y Combinator. The round also comes a few months after the startup raised $360,000 in pre-seed investment last November, bringing its total funding to $3.1 million.
LookingGlass Cyber To Acquire BI & Strategic Advisory Firm, Next5 (MarTech Series) LookingGlass Cyber Solutions, the leader in actionable threat intelligence, will acquire Next5, a business intelligence and strategic advisory
Google is failing to enforce its own ban on ads for stalkerware (MIT Technology Review) The apps’ ads openly promise to help people spy on their partners.
PKWARE Promotes Sarah Fellner to VP of Global Marketing (PKWARE) PKWARE, a global leader in automated data security, today announced the promotion of Sarah Fellner to vice president of global marketing.
Safe Security Strengthens Advisory Board, welcomes David Reilly, veteran financial services executive (Global Security Mag Online) Safe Security announced the appointment of David Reilly, a veteran financial services industry Chief Information Officer (CIO) to its Advisory Board. David has served various roles in multiple Fortune 500 companies, most recently as CIO, Global Banking and Markets at Bank of America.
Socure Names Security Veteran Chad Kalmes as Chief Information Security Officer (Business Wire) Today Socure, the leading provider of digital identity verification and fraud solutions, announced the hiring of Chad Kalmes as Chief Information Secu
Products, Services, and Solutions
Orca Security Unveils Industry’s First Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues Earlier in the Development Cycle (Orca Security) Enterprises can now ship more secure code to production by unifying security across software development, DevOps, and security teams
Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete) (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software covering password management, dark web...
BalkanID Unveils AI-Powered Identity Governance and Administration Solution for SaaS and Public Cloud Environments (Business Wire) BalkanID today announced $5.75 million in seed funding and the launch of its artificial intelligence (AI)-powered Identity Governance and Administrati
Technologies, Techniques, and Standards
Palo Alto Networks Calls on Cybersecurity Industry to Adopt ZTNA 2.0 -- Zero Trust with Zero Exceptions (Palo Alto Networks) First-gen ZTNA solutions have major gaps in security protection and can put organizations at significant risk SANTA CLARA, Calif., May 11, 2022 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW),...
A Cybersecurity Risk Management Strategy for the C-Suite (Hstoday) There are several encompassing security strategies to evaluate, depending on your requirements and threat posture.
Research and Development
The Hidden Race to Protect the US Bioeconomy From Hacker Threats (Wired) A biotech threat intelligence group is gaining supporters as urgency mounts around an overlooked vulnerable sector.
Academia
Educators Call for Cyber Pros To Teach Part Time (SIGNAL Magazine) A panel of cyber educators encourage subject matter experts in the military and industry to teach cybersecurity part time.
Ransomware Attack a Nail in the Coffin as Lincoln College Closes After 157 Years (SecurityWeek) Whether Lincoln College could have survived Covid alone, or the ransomware alone, are academic questions: it could not and did not survive them both together.
Legislation, Policy, and Regulation
Prince Charles announces UK ‘data reform’ bill, throwing EU adequacy status into limbo (The Record by Recorded Future) Prince Charles confirmed that the UK will reform its data privacy rules, raising questions among experts about whether the country will still be in compliance with European Union regulations.
EXCLUSIVE Biden eyes new ways to bar China from scooping up U.S. data (Reuters) The Biden administration has drafted an executive order that would give the Department of Justice vast powers to stop foreign adversaries like China accessing Americans' personal data, according to a person familiar with the matter and excerpts seen by Reuters.
Biden drafts executive order to bar China from scooping up US data (bestinau) The Biden administration has drafted an executive order that would give the Department of Justice vast powers to stop foreign adversaries like China accessing
A year later, Biden’s cybersecurity executive order driving positive change (CSO Online) Notable experts say the cybersecurity executive order has improved the nation's security posture, but more work is to be done.
The National Security Implications of New Rules of the Road for Cyber (The Cipher Brief) Principal members of the Cyber Initiatives Group filed comments supporting the SEC's proposed rules regarding cyber
Connecticut Becomes Fifth State With Consumer Data Privacy Law (Bloomberg Law) Connecticut has become the fifth US state with comprehensive consumer privacy legislation and the second so far this year, after Utah, to enact such a measure.
Litigation, Investigation, and Law Enforcement
Spanish journalist held in Poland on suspicion of pro-Russian espionage (the Guardian) Pablo González, who has joint Spanish and Russian nationality, alleged to have worked for GRU military intelligence
French watchdog mulls action against U.S. AI company Clearview (Reuters) The head of France's data privacy said on Wednesday she was considering triggering the process of fining U.S.-based Clearview AI, a facial recognition company the regulator had ordered to stop amassing data from people based in the country.
Opposition pushes through preliminary bill for probe into police spying (Times of Israel) Proposal manages to pass first reading in Knesset with vote of 59-58 after coalition MK leaves plenum for interview
Private spies search for NSO's true clients (Intelligence Online) Berkeley Research Group, which has been managing the fund behind Israeli cyber firm NSO since last year, has hired private investigators to shed light on the company's activities amid a legal wrangle
Judge bars indicted official Tina Peters from overseeing 2022 elections (Washington Post) A Colorado judge on Tuesday ruled that Mesa County Clerk Tina Peters (R), a supporter of former president Donald Trump who has embraced election-fraud conspiracy theories, is barred from overseeing elections in her home county because of her indictment for allegedly tampering with voting equipment.
Appeals court rules Texas social media law can proceed (Protocol) The decision was an unexpected victory for conservative tech critics who want to force social media companies to carry most content.
Capital One Data Breach $190M Class Action Settlement (Top Class Actions) Capital One will pay $190 million to resolve claims it jeopardized customer information in a 2019 data breach.
Trio Of Cybercriminals Sentenced For Conspiracy To Commit Fraud And Aggravated Identity Theft (US Attorney for the Middle District of Florida) U.S. District Judge Gregory A. Presnell has sentenced Alessandro Doreus (29, Port St. Lucie), Jean Elie Doreus Jovin (34, Loganville, GA), and Djouman Doreus (29, North Miami) to federal prison for conspiracy to commit fraud and aggravated identity theft. Alessandro Doreus and Jovin were each sentenced to six years and nine months in federal prison. Djouman Doreus was sentenced to five years and one month imprisonment. All three had previously pleaded guilty.
Three hackers given multiple-year sentences for SSN fraud, identity theft (The Record by Recorded Future) Two Floridians and a Georgian had pleaded guilty in 2021. Prosecutors said they defrauded hundreds of people.