Dateline Moscow, Kyiv, Berlin, London, and Washington: Tanks for Ukraine.
Ukraine at D+336: Missile reprisal for tank promises. (CyberWire) Russia replies to news of tank deliveries with drone and missile strikes. NCSC warns of Russian and Iranian cyberattacks.
Russia unleashes missiles at Ukraine after Kyiv secures tanks (Reuters) Russia sent Ukrainian civilians racing for cover with a rush-hour missile barrage, killing at least one person, the day after Kyiv secured Western pledges of dozens of modern battlefield tanks to try to push back the Russian invasion.
Ukraine-Russia war latest: Putin’s Arctic bombers launch wave of missiles at Ukraine (The Telegraph) Vladimir Putin ordered his bombers to take off from bases in Russia’s arctic far north to launch a cruise missile attack on Ukraine, the Ukrainian military has said.
Russia-Ukraine war live: Ukraine says it shot down 47 of 55 Russian missiles; at least one dead reported in Kyiv (the Guardian) Top general says most missiles shot down after six explosions reported in Vinnytsia and air defence active in other regions
Ukraine live briefing: Germany, U.S. to send battle tanks; Ukraine confirms Soledar withdrawal (Washington Post) Berlin announced plans Wednesday to send German-made Leopard 2 main battle tanks to Ukraine after weeks of international pressure. Germany will send 14 tanks from its own military stocks and begin training Ukrainian forces on German territory, the government said, adding that it would also “issue the appropriate transfer permits” enabling other European nations to reexport their Leopard 2 tanks to Ukraine.
Biden Administration Announces Additional Security Assistance for Ukraine (U.S. Department of Defense) The Defense Department announced the procurement of Abrams tanks for Ukraine via the Ukraine Security Assistance Initiative to support Ukraine's defense against Russian aggression.
Biden Announces Abrams Tanks to be Delivered to Ukraine (U.S. Department of Defense) President Joe Biden announced that the United States will provide Ukraine with 31 M1 Abrams tanks, which is the required number to equip an entire Ukraine tank battalion.
Abrams to rumble into Ukraine: US joins Germany's vow to send Kyiv tanks - Breaking Defense (Breaking Defense) US to send 31 M1 Abrams tanks in a matter of “months as opposed to weeks” but will use the lag time to begin training Ukraine forces and sorting through logistical challenges.
With demand high in Ukraine, US Army ramps up artillery production (Defense News) As Ukraine rapidly burns through 155mm artillery rounds to fight back the Russian invasion, the U.S. Army is scrambling to increase production capacity.
Ukraine finally has its Western tanks – now it’s time for the hard part (The Telegraph) After realising its dream of getting the sought-after Leopards, Kyiv must grapple with using, maintaining and protecting them
Olaf Scholz: I was right to delay sending tanks to Ukraine (The Telegraph) Germany will provide 14 Leopard II tanks as a first step and give European allies permission to export the German-made vehicles
Release of Leopards piles pressure on Macron (The Telegraph) France has pledged to send armoured surveillance vehicles to Ukraine, but has so far stopped short of sending heavier Leclerc tanks
Panel seeks to allow re-exports of Swiss weaponry to Ukraine (AP NEWS) A parliamentary panel in Switzerland has recommended waiving a law that bars countries from re-exporting Swiss armored vehicles, weapons and other war materiel to Ukraine for its defense against Russia, insisting the move would not violate the country's much-vaunted neutrality.
Ukraine expecting long-range missiles next after West finally sends its tanks (The Telegraph) Kyiv will receive 200 tanks, but is hopeful weaponry capable of striking 190 miles behind Russian lines will soon follow
Ukraine will now push for F-16 fighter jets, government adviser says (The Hill) With main battle tanks from the U.S. and Germany now headed to Ukraine, Kyiv is now focusing on securing modern fighter jets from Western allies. Yuriy Sak, an adviser to Ukraine’s Defense se…
Opinion Are we seeing the beginning of the end of Putinism? (Washington Post) Wartime leaders change generals when they’re losing, not winning. On Jan. 11, Russian President Vladimir Putin announced that Valery Gerasimov, chief of the general staff, was to replace Sergei Surovikin, who was appointed just a few months earlier in October, as his new overall commander of Russian military forces in Ukraine. The only reasonable conclusion: Putin understands that Russia is losing in Ukraine.
In Ukraine, Smartphones Are Thickening the Fog of War (World Politics Review) A distorted perception about Russia’s war in Ukraine is affecting analysts’ view of the future of tanks.
‘I want to live’: the Ukraine hotline encouraging Russians to surrender (the Guardian) It is claimed 6,543 Russian personnel have surrendered since the hotline launched in September 2022
These Russians, evading call-up to Ukraine, live in a Seoul airport (Washington Post) The Russian men now have inside jokes with the South Korean staff they see at 6 p.m. every day at the Burger King in Terminal 1. They spend their days walking around, smoking cigarettes or learning Korean. They wash their clothes with bathroom soap.
The Putin Super Power Myth (Puck) Putin destroyed in a year an energy business that took three generations to build. As it turns out, Russia needed Europe far more than Europe needed Russia.
NCSC: Russian and Iranian hackers targeting UK politicians, journalists (Computing) Threat actors are impersonating journalists, colleagues and interested parties to obtain credentials in spear-phishing attacks, agency warns
British cyber agency issues warning over Russian and Iranian espionage campaigns (The Record from Recorded Future News) The NCSC warned about activity from two hacking groups – identified as Russia-based SEABORGIUM and Iran-linked APT42, or Charming Kitten.
Attacks, Threats, and Vulnerabilities
CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software (CISA) Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) Protecting Against Malicious Use of Remote Monitoring and Management Software. The advisory describes a phishing scam in which cyber threat actors maliciously use legitimate remote monitoring and management (RMM) software to steal money from victim bank accounts.
Protecting Against Malicious Use of Remote Monitoring and Management Software (CISA) The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software. In October 2022, CISA identified a widespread cyber campaign involving the malicious use of legitimate RMM software.
CISA: Federal agencies hacked using legitimate remote desktop tools (BleepingComputer) CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management (RMM) software for malicious purposes.
DHS warns SNAP receivers of phishing scams | What to know (11Alive.com) The department said in a statement that they have received multiple reports of fake text messages convincing recipients to give out their EBT card information.
Abraham's Ax Likely Linked to Moses Staff (Secureworks) Learn how CTU researchers observed similarities between the Moses Staff hacktivist group personal and the Abraham's Ax personal, suggesting they are likely operated by the same entity.
COBALT SAPLING (Secureworks) COBALT SAPLING emerged in October 2021, styling themselves as a pro-Palestinian hacktivist group with a stated aim of harassing and disrupting businesses and government entities in Israel.
'Malicious' cyber attacks launched by groups connected to Iran's regime (ABC) Iran's Revolutionary Guard-affiliated actors have launched targeted cyber attacks on Australian organisations, aiming to use the data obtained for extortion, a report tabled in parliament shows.
Chinese threat actor DragonSpark targets Singaporean businesses (Channel Asia) The group is seen using SparkRAT, a multi-platform remote access trojan, to target firms in Singapore, Hong Kong, Taiwan and China.
Hackers Dangling Fake Job Offers to Students (Avanan) Qualified members of the media are encouraged to register for a complimentary Press Pass to RSA Conference 2023. In the interest of maintaining a neutral and productive press working environment, every Press Pass and Content Creator Pass application will be evaluated independently from years' past.
Kronos Malware Reemerges with Increased Functionality (Security Intelligence) Kronos has made yet another resurgence — this time combined with ransomware. Unpack the findings IBM Security Trusteer observed with increased Kronos malware activity in Mexico.
Crims can still exploit this NSA-discovered Microsoft bug (Register) You know when we all said quit using MD5? We really meant it
Exploit released for critical Windows CryptoAPI spoofing bug (BleepingComputer) Proof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by the NSA and U.K.'s NCSC allowing MD5-collision certificate spoofing.
Thwarting Black Basta (Quadrant Security) Recently, Quadrant Security was able to aid a client during a targeted organization-wide compromise executed by the Black Basta ransomware group. The following is an illustration of the techniques and timeline as the attack progressed from delivery and detonation, to detection and response. Our intention is to better educate the security community regarding these types of events.
Technical Analysis: Black Basta Malware Overview (Quadrant Security) The following is a deep-dive technical analysis of a client event that unfolded in late 2022 involving an active compromise by the Black Basta ransomware group and how we responded.
Expert Insights: Black Basta Backend Operations (Quadrant Security) Insights gleaned regarding “backend operations” of Black Basta during a recent offensive attack that took place in one of our client environments.
Special Report - Quadrant Security (DomainTools) Champ Clark and Steven Drenning-Blalock from Quadrant Security discuss a recent client breach made by the re-emerging Black Basta Ransomware group
Over 4,500 WordPress Sites Hacked to Redirect Visitors to Sketchy Ad Pages (The Hacker News) Warning: A massive malware campaign has infected more than 4,500 WordPress websites and is redirecting their visitors to sketchy ad pages.
Zacks Investment Research data breach affects 820,000 clients (BleepingComputer) Hackers breached Zacks Investment Research (Zacks) company last year and gained access to personal and sensitive information belonging to 820,000 customers.
Zacks Investment Research Hack Exposes Data for 820K Customers (Dark Reading) Zacks Elite sign-ups for the period 1999–2005 were accessed, including name, address, email address, phone number, and the password associated with Zacks.com.
820,000 people affected by Zacks Investment Research breach from November 2021 (The Record from Recorded Future News) Zacks Investment Research is sending out breach notification letters to 820,000 people after discovering a breach that lasted nearly a year.
No-fly list with details of over 1 million people leaked by hacker (Panda Security Mediacenter) Not having strong security on a server can lead to this. More than 1 millon people had their data stolen with little effort.
ManageEngine Patch Released, But Apache Santuario Users Could Still Be At Risk (Flashpoint) On January 11, Zoho released a security advisory describing a remote code execution (RCE) vulnerability affecting ManageEngine products.
Arnold Clark cyber attack claimed by Play ransomware gang (Computer Weekly) A cyber attack that struck car dealer Arnold Clark prior to Christmas has been claimed as the work of the Play ransomware cartel
Malicious Prompt Engineering With ChatGPT (SecurityWeek) The release of OpenAI’s ChatGPT has demonstrated the potential use of artificial intelligence (AI) for both good and bad.
ChatGPT Could Automate Malware Production (Morphisec) Is the AI-powered chatbot ChatGPT a game-changer for cyberattackers looking to automate the production of advanced malware?
Yes, ChatGPT can write malicious code -- but not well (Washington Post) Hackers are using this AI chatbot as a weapon, but it only can do so much — for now
Hackers Dangling Fake Job Offers to Students (Avanan) Qualified members of the media are encouraged to register for a complimentary Press Pass to RSA Conference 2023. In the interest of maintaining a neutral and productive press working environment, every Press Pass and Content Creator Pass application will be evaluated independently from years' past.
Jefferson County Health Department Files Notice of Data Breach Affecting 115,940 Individuals (JD Supra) On January 13, 2023, Jefferson County Health Center d/b/a Jefferson County Health Department filed notice of a data breach with the U.S. Department of...
IHA Phone Systems Are [...] (Indianapolis Housing Agency) The Indianapolis Housing Agency's customer call center, main office and site telephone systems, landlord portal and some emails are not functional at this time. You may experience a disconnection with no option for messaging when you call our listed telephone numbers.
Security Patches, Mitigations, and Software Updates
VMware Releases Security Updates for VMware vRealize Log Insight (CISA) VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply the necessary updates.
Security Update for Chrome 109 Patches 6 Vulnerabilities (SecurityWeek) Google awards more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.
Trends
Quarterly Report: Incident Response Trends in Q4 2022 (Cisco Talos Blog) Syncro, a remote management and monitoring tool, emerges as an increasingly common tool for adversaries. Ransomware continued to be a top threat Cisco Talos Incident Response (Talos IR) responded to this quarter, with appearances from both previously seen and newly observed ransomware families. However, IR also observed...
State of the CIO Study 2023: CIOs cement leadership role (Foundry) CIOs remain consumed with core modernization and transformation, yet their maturing leadership role wields an impact well beyond IT.
Marketplace
Lantronix Announces Record $40 Million Contract With Gridspertise (GlobeNewswire News Room) Announces Preliminary Second Quarter Revenue and Updates Fiscal 2023 Revenue Guidance to Reflect Revised Delivery Schedule...
WSJ News Exclusive | Elon Musk Explores Raising Up to $3 Billion to Help Pay Off Twitter Debt (Wall Street Journal) The billionaire has held talks with investors about selling new Twitter shares.
NetSPI Achieves 58% Organic Revenue Growth in 2022, Unveils Initiative to Accelerate Offensive Security Innovation (PR Newswire) NetSPI, the leader in enterprise penetration testing and attack surface management, today announced a record fiscal year, achieving 58% organic...
Just two months after layoffs, Checkmarx flew hundreds of employees to kickoff event in Mexico (CTech) The Israeli cybersecurity company is estimated to have spent hundreds of thousands of dollars on the annual event in Cancun that was held only a few weeks after it laid off around 100 employees
IBM to Cut About 3,900 Workers, Still Hiring in ‘Higher Growth’ Areas (Bloomberg) Company will cut about 1.5% of workforce, CFO Kavanaugh says. Free cash flow in 2023 projected to be $10.5 billion.
SAP to Cut 3,000 Jobs After Profit Plunges (Wall Street Journal) The German software company joined the ranks of tech companies announcing job cuts this year, following a 47% fall in net profit in the final quarter of 2022.
Cengage Group Research Tracks Workforce Trends and Finds Great Resigners Are Satisfied in New Roles That Offer Upskilling and Growth (Cengage) Survey of Great Resigners and the role of online training and upskilling in career movement
Tech employers count the cost of snobbery (Computing) Businesses are struggling to fill entry level tech vacancies due to a continuing prioritisation of candidates’ academic prestige over their potential.
Military Contractor Raytheon Denies That War Thunder Makes You A Security Risk (TheGamer) Raytheon said it "can’t imagine a case" where it’d be worried about a video game.
Meta to Reinstate Donald Trump’s Facebook, Instagram Accounts (Wall Street Journal) The company said it would reinstate the former president’s accounts in the coming weeks, lifting bans put in place in the wake of the Jan. 6, 2021, Capitol riot.
Exclusive: Facebook to reinstate Trump (Axios) The decision will end a two-year ban and allow Trump to post and raise money using the platforms.
Neo-Nazi Nick Fuentes Booted Off Twitter Less Than a Day After Return (The Daily Beast) The white supremacist apparently wasted no time using the site to praise Hitler.
Lantronix Names Eric Bass as VP of Engineering (GlobeNewswire News Room) Industry Veteran Brings More Than 25 Years of Experience in Design and Engineering...
The Cyber AB Announces New Members to its Board of Directors (Business Wire) The Cyber AB Announces New Members to its Board of Directors
Zimperium Appoints Sammie Walker as Chief Marketing Officer to Accelerate Growth (Zimperium) Sammie Walker has joined Zimperium as chief marketing officer (CMO), bringing extensive go-to-market strategy and category-creation experience to the mobile security leader.
Products, Services, and Solutions
CRITICALSTART® Announces Availability of Managed Detection and Response Service for Trend Micro™ Vision One™ (PR Newswire) Today, Critical Start, a leading provider of Managed Detection and Response (MDR) cybersecurity solutions, announced the availability of its...
ThreatConnect Extends Industry Leading Threat Intelligence Platform to Enable Threat Intelligence Operations (TI Ops) (PR Newswire) ThreatConnect announced today the release of ThreatConnect Platform v7.0, the industry's first threat intelligence platform designed...
Code42 Insider Risk Management Solutions Now Available on Carahsoft GSA Schedule (GlobeNewswire News Room) New Designation Makes Code42 Incydr Available to Federal, State and Local Agencies
Lookout Announces the Industry's Only Endpoint to Cloud Security Platform (PR Newswire) Lookout, Inc., the endpoint to cloud security company, today announced increased functionality and feature enhancements to its award-winning...
Cowbell Launches "Cowbell Academy", New eLearning Center Dedicated to Cyber Insurance (PR Newswire) Cowbell, the leading provider of cyber insurance for small and medium-sized enterprises (SMEs), today announced the launch of Cowbell Academy,...
ThreatConnect Platform 7.0 enables organizations to modernize security operations (Help Net Security) ThreatConnect Platform 7.0 increases the effectiveness of threat intelligence analysts and security operations teams.
9 API security tools on the frontlines of cybersecurity (CSO Online) Top API security tools can help hold the line against modern threats to the important and ubiquitous software development interfaces.
Technologies, Techniques, and Standards
Top-3 Drawbacks of Content Disarm + Reconstruction (CDR) for Malware Prevention (Deep Instinct) While traditional approaches like AV and Sandbox have been used by many organizations in an attempt to catch malicious content, they have severe drawbacks when it comes to speed, efficacy, and scale. CDR was created to address these concerns. On paper, Content Disarm and Reconstruction (CDR) looks quite promising to prevent malicious file uploads. However, it falls short in production.
GigaOm Report Reveals Advantages of Modern Approach to Data Access Control (Business Wire) Data security leader Immuta today announced its position in GigaOm’s ABAC vs. RBAC: The Advantage of Attribute-Based Access Control over Role-Based Ac
Deconstructing Application Connectivity Challenges in a Complex (CSA) The production and use of SaaS applications in organizations has grown exponentially over the past several years. Application Security has become an integral part of many organizations' security strategies. However, there are still many pain points organizations face with application connectivity security and risk management.
Standardizing cybersecurity: Open Cybersecurity Schema Framework helps build cyber resiliency (SiliconANGLE) Standardizing cybersecurity: Open Cybersecurity Schema Framework helps build cyber resiliency - SiliconANGLE
PayPal Credential Stuffing Attacks Renew Calls for MFA (Security Boulevard) An internal review confirmed that on December 20, 2022, unauthorized parties could use account holders’ login credentials to access their PayPal accounts.
How CISOs Can Help SMBs Minimize Risks from Zero-Day Exploits (HackerNoon) SMBs are particularly vulnerable, so they should prioritize building their security strategies. Fortunately, CISOs can bring the expertise needed.
Password Dependency: How to Break the Cycle (SecurityWeek) Organizations need to look beyond usernames and passwords when it comes to granting access to valuable data and critical systems.
Do iPhones Need Antivirus? (Panda Security Mediacenter) Do iPhones need antivirus software? Even with built-in protection, some iPhones are vulnerable to viruses and hackers. Learn how to protect your phone.
Design and Innovation
Pentagon tech hub reports strong year with 17 projects fielded (Yahoo) The 17 capabilities represent about $1.3 billion in contract awards to companies that haven’t traditionally worked with the Department of Defense.
Research and Development
U.S. Intelligence Wants to Use Psychology to Avert Cyberattacks (Wall Street Journal) IARPA scientists are taking up the nascent field of cyber psychology to predict and counter hacker behavior.
Legislation, Policy, and Regulation
Greek Ex-Prime Minister Requests Censure Motion Over Spy Scandal (Bloomberg) It’s great opportunity to discuss everything, government says. Discussion starts Wednesday, lawmakers to vote on Friday.
DOD Updates Autonomy in Weapons System Directive (U.S. Department of Defense) The Defense Department updated DOD Directive 3000.09, Autonomy in Weapon Systems, which governs the development and fielding of autonomous and semi-autonomous weapon systems.
DoD Announces Update to DoD Directive 3000.09, 'Autonomy In Weapon Systems' (U.S. Department of Defense) The Department of Defense announced today the update to DoD Directive 3000.09, Autonomy in Weapon Systems.
When May a Robot Kill? New DOD Policy Tries to Clarify (Defense One) An updated policy tweaks wording in a bid to dispel confusion.
DoD's update to autonomous weapons policy accounts for AI's 'dramatic' future role (Breaking Defense) “I think one of… the things we sought to accomplish in the course of the update is clarifying the language to ensure a common understanding both inside and outside the Pentagon of what the directive says,” said Michael Horowitz, director of the Pentagon’s Emerging Capabilities Policy Office.
Pentagon updates autonomous weapons policy to account for AI advances (C4ISRNet) The Pentagon's director of emerging tech policy said the changes incorporate the Defense Department's vision for AI.
DoD wants to declassify more intelligence to enhance private-sector cybersecurity (Federal News Network) In today's Federal Newscast: The Defense Department wants to declassify more intelligence to enhance private-sector cybersecurity. GSA is taking new steps to make sure the software it uses is secure.
Who Will Be the Next National Cyber Director? (Security Intelligence) Chris Inglis has served as the first-ever National Cyber Director since 2021. Now, he plans to retire. Who will take his place?
NSA's former top lawyer on understanding electronic surveillance — "Intelligence Matters" (CBS News) Host Michael Morell talks with Glenn Gerstell, former general counsel at the National Security Agency, about how and when the NSA is authorized to use electronic surveillance to collect intelligence on foreign targets.
Litigation, Investigation, and Law Enforcement
US announces it seized Hive ransomware gang's leak sites and decryption keys (TechCrunch) U.S. federal agents seized the Hive ransomware operation in July 2022, allowing the capture of Hive’s decryption keys.
Dieb österreichischer Meldedaten in den Niederlanden gefasst (APA) An die Daten war der Hacker durch eine Panne bei einer Wiener IT-Firma gelangt, welche die GIS mit der Neustrukturierung ihrer Datenbank beauftragt hatte.
Dutch hacker obtained virtually all Austrians' personal data, police say (Reuters) A Dutch hacker arrested in November obtained and offered for sale the full name, address and date of birth of virtually everyone in Austria, the Alpine nation's police said on Wednesday.
The rising tide of child abuse content on social media (Comparitech) Facebook flagged a staggering 73.3 million pieces of content under “child nudity and sexual exploitation” from Q1 to Q3 of 2022–just 4 million short of 2021’s overall total of 77.5 million. According to the social network’s latest transparency reports, 44 percent of this content (32.4 million pieces) was flagged in Q3 of 2022 and 30 […]
Senators vent frustration after intel official refuses to brief on Biden and Trump docs (NBC News) Sen. Tom Cotton threatened to block presidential nominees until Intelligence Committee members are shown the classified material at the center of special counsel investigations.
Leaders are meant to keep state secrets. Just not at home. (AP NEWS) Democrats responded with aggrieved fury when former President Donald Trump was found in possession of classified documents that should have been turned over to the government when he left office.
Alumnus files federal lawsuit against Knox College over data breach (WGIL 93.7 FM & 1400 AM) A Knox College alumnus has filed a class action lawsuit against Knox after a ransomware attack compromised sensitive data of students, alumni, and employees. The complaint was filed Friday, Jan. 20th
Bankman-Fried Behind Bars: How Being Unplugged From The Internet Untethered The Former Crypto Billionaire (Forbes) Tiny towels and stale Wonder Bread were a bother, but for the former FTX chief, jail time in the Bahamas was unbearable because he was offline. Under house arrest in his parents’ California home, he’s been pleading his case on a new Substack and playing his favorite fantasy video game.
Recent legal developments bode well for security researchers, but challenges remain (CSO Online) Security researchers gained greater federal legal protections over the past two years, but US state laws and China’s recently adopted vulnerability disclosure law pose threats.
Department of Justice drops challenge of Booz Allen-EverWatch deal (FedScoop) It marks the end of a lawsuit that has run since June last year, after the Department of Justice sued to try and stop the transaction.
eMazzanti Asks What is a Cyber Security Lawyer, and Do I Need One? (PRWeb) A NYC area cyber security consultant and managed services provider (MSP) urges a proactive approach to information security challenges in a new article. The
Cellebrite signs $14 million agreement with leading law enforcement agency in Singapore (CTech) The digital intelligence company’s collect and review solution for digital evidence will be deployed to the entire law enforcement force throughout the country to help reduce crime