Somebody once said, “if it ain’t broke, don’t fix it.” That somebody didn’t work in cybersecurity. And that somebody didn't work at Raytheon, Intelligence & Space. Here we break the definition of cyber defense: Hiring the sharpest minds, actively hunting threats, and designing one-of-a-kind-never-been-done-before solutions. That’s how we shake up the future and uncover new thinking to protect our customer's most vital infrastructure and our way of life.
Happy New Year, CyberWire readers! As a special thank you, we would like to offer you a free practice test from CyberVista, as well as three free months of CyberWire Pro. Visit thecyberwire.com/promo and use the code PROLEARN to redeem the offer.
Meta's advertising practices have drawn a €210 million (roughly $223 million) fine from European authorities. Meta is the corporate parent of Facebook, Instagram and WhatsApp. The Wall Street Journal reports that what's at issue was Meta's "behavioral ads," which pitched specific ads to users based upon Meta's tracking of the users' online activity.
Ireland's Data Protection Commission (DPC), which oversees activities of US companies on behalf of the larger European Union, announced the conclusion of its two investigations, and the fines. The DPC summarized its findings as follows:
"1. In breach of its obligations in relation to transparency, information in relation to the legal basis relied on by Meta Ireland was not clearly outlined to users, with the result that users had insufficient clarity as to what processing operations were being carried out on their personal data, for what purpose(s), and by reference to which of the six legal bases identified in Article 6 of the GDPR. The DPC considered that a lack of transparency on such fundamental matters contravened Articles 12 and 13(1)(c) of the GDPR. It also considered that it amounted to a breach of Article 5(1)(a), which enshrines the principle that users’ personal data must be processed lawfully, fairly and in a transparent manner. The DPC proposed very substantial fines on Meta Ireland in relation to the breach of these provisions and directed it to bring its processing operations into compliance within a defined and short period of time.
"2. In circumstances where it found that Meta Ireland did not, in fact, rely on users’ consent as providing a lawful basis for its processing of their personal data, the “forced consent” aspect of the complaints could not be sustained. From there, the DPC went on to consider Meta Ireland’s reliance on “contract” as providing a legal basis for its processing of users’ personal data in connection with the delivery of its personalised services (including personalised advertising). Here, the DPC found that Meta Ireland was not required to rely on consent; in principle, the GDPR did not preclude Meta Ireland’s reliance on the contract legal basis."
The New York Times reports that Meta disputes the finding. It maintains its targeted advertising is properly respectful of GDPR, the EU's General Data Protection Regulation, and that the terms of service it asks its users to accept constitute proper consent to tracking.
Tune in to hear CyberWire’s Chief Analyst and Senior Fellow Rick Howard’s conversation with Hash Table experts as they discuss the lessons learned about software supply chain management and a “Secure-byDesign” approach to securing software environments, dev processes, and products. Rick also has a chat with SolarWinds CISO Tim Brown. Check out the episode here.
Password manager LastPass has been victimized in a data breach that included customer data, including password vaults. SecurityWeek reports that the breach occurred in August of last year, when hackers got into the LastPass network and returned later to hijack customer information. The threat actor is said to have copied a backup of customer vault data, which is said to contain “both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data,” LastPass CEO Karim Toubba said. HackRead reports that the threat actor also stole technical data and source code from the development environment.
British news site Which says that LastPass customers should ensure that their master password isn’t used elsewhere, and is more complex than the passwords they customarily use, as LastPass doesn’t store master passwords and asserts that only “brute force” will allow threat actors access to users’ master passwords. “LastPass does not know users' master passwords and they are not stored or maintained by LastPass. If you're a LastPass user, only you know your master password. The company describes this as its 'zero knowledge architecture',” Which explains, saying that the information can only be decrypted with encryption keys derived from master passwords. The company also recommends changing passwords on websites that had stored passwords through the manager. For more on the LastPass incident, see CyberWire Pro.
The CyberWire can help you fill your funnel and build partnerships with valuable leads. With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust us to get their messages out. Feature your brand with the source that top security leaders choose. Learn more.
The threat group GhostWriter has resurfaced in phishing campaigns against Polish targets, according to authorities in Warsaw. BleepingComputer reports that "the Russian hackers set up websites that impersonate the gov.pl government domain, promoting fake financial compensation for Polish residents allegedly backed by European funds." The goals of the campaign are believed to be intelligence collection and disinformation. The EU has linked GhostWriter to Russia's GRU military intelligence service. Mandiant has also discerned a connection to Belarusian services. GhostWriter has long specialized in impersonation.
The Wall Street Journal reviews the mistakes that led to the Russian disaster in Makiivka: among them concentrated administrative troop billeting, storage of ammunition adjacent to the billets, and generally poor operations security (manifested in undisciplined use of cellphones and failure to camouflage). “The Russian military is not a learning organization,” the Journal quotes US Army Lieutenant General Ben Hodges, a former commander of U.S. Army forces in Europe. “To learn," General Hodges added, "first you have to acknowledge that you were wrong, and that’s not the culture.”
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.
Today's issue includes events affecting the European Union, Ireland, NATO/OTAN, Poland, Russia, Ukraine, the United Kingdom, and the United States.
Ukraine at D+313: OPSEC failures and the return of GhostWriter. (CyberWire) Cellphones are again shown to be an opsec disaster. GhostWriter is back, and pretending to be Polish.
Russia-Ukraine war: List of key events, day 315 (Al Jazeera) As the Russia-Ukraine war enters its 315th day, we take a look at the main developments.
Russia-Ukraine war live: Ukraine says Russian strikes targeted civilian infrastructure in past 24 hours; Moscow raises Makiivka death toll (the Guardian) Kyiv says there have been civilian casualties in Kramatorsk, Zaporizhzhia and Kherson; Russian defence ministry revises number of soldiers killed to 89
Russian Offensive Campaign Assessment, January 2, 2023 (Institute for the Study of War) Ukrainian air defenses reportedly intercepted all drones from two consecutive nights of Russian drone strike attacks against Ukraine on December 31 – January 2. Ukraine’s air force reported on January 1 that Ukrainian air defense forces shot down all 45 R
Russia says phone use allowed Ukraine to target its troops (AP NEWS) Unauthorized use of cell phones by Russian soldiers led to a deadly Ukrainian rocket attack on the facility where they were stationed, according to the Russian military, as it raised the death toll from the weekend attack to 89.
Russian soldier gave away his position with geotagged social media posts (Task & Purpose) A Russian service member geotagged his location in pictures and videos posted on social media
Russian commanders blamed for heavy losses in New Year’s Day strike (Washington Post) The deaths of scores of Russian troops in a devastating strike on New Year’s Day has set off a blame game among Russian officials now facing criticism for allegedly packing hundreds of soldiers into a barracks and storing ammunition in the same building — all within Ukrainian firing range.
Russian commanders 'must be punished for treason' over deadly Ukrainian Himars attack (The Telegraph) Kyiv claims hundreds of Vladimir Putin's troops were killed after a building housing them was flattened
Russia fighting for weeks to capture 'a single home', says Wagner head as he hits out at lack of equipment (The Telegraph) Progress to capture the area in the Donetsk region stagnates as troops struggle to break through defences, says head of the Wagner Group
Kremlin suffering heavy losses in Zaporizhzhia as fighting intensifies (The Telegraph) Russia has suffered heavy losses in the Zaporizhzhia, the general staff of Ukraine's armed forces has said, in a fresh uptick of fighting around a key gateway to the South.
An unexpected glimpse of disillusionment in Russia’s trenches (Military Times) The former frontline village of Novopetrivka, in southern Ukraine’s Mykolaiv oblast, offers a glimpse of the day-to-day existence for Russian soldiers.
Russia’s Basic Errors Jeopardize Its Ukraine Forces, Military Analysts Say (Wall Street Journal) Cellphone use, storage of ammunition near troops are called indicative of poor discipline
Russia-Ukraine War: Ukraine Defends Against Russia’s Inexpensive Drones With Far Costlier Missiles (New York Times) Analysts note that the damage the drones could cause would be extremely expensive, but question whether the cost imbalance between offense and defense can be sustained.
In Bucha, a Final Rampage Served as a Coda to a Month of Atrocities (New York Times) Hours before Russian troops began withdrawing from the suburban town, a Russian soldier left a trail of blood and devastated lives in a last paroxysm of violence.
Drone advances in Ukraine could bring dawn of killer robots (AP NEWS) Drone advances in Ukraine have accelerated a long-anticipated technology trend that could soon bring the world's first fully autonomous fighting robots to the battlefield, inaugurating a new age of warfare.
Ukraine: A battle over the future of Europe (POLITICO) Andrew A. Michta is dean of the College of International and Security Studies at the George C. Marshall European Center for Security and a nonresident senior fellow at the Scowcroft Strategy Initia…
Eight reasons for Ukrainian optimism in 2023 (Atlantic Council) Ukrainians have experienced an incredibly traumatic year but the country enters 2023 with reason for cautious optimism that Vladimir Putin's criminal invasion can be decisively defeated, writes Brian Mefford.
Peace May Be a Long Way Off in Ukraine in 2023 (Foreign Policy) Both sides believe they can win on the battlefield.
Russia’s Rebound (Foreign Affairs) Moscow has partly recovered from its military setbacks.
Opinion | Putin Has No Red Lines (New York Times) There are better ways to think about strategy.
Bakhmut: Fortress of freedom (Atlantic Council) Western support for Ukraine must remain strong in 2023 to prevent a Russian victory that would fuel a global authoritarian revival, warns the head of Ukraine's Office of the President, Andriy Yermak.
Ukraine Has Digitized Its Fighting Forces on a Shoestring (Wall Street Journal) Kyiv’s forces networked under Russian attack, achieving a cut-priced ‘MacGyver’ version of systems the Pentagon has spent decades developing
Ukraine Unplugged (The Atlantic) How Ukrainian citizens persevere in the darkness
Digitalization and transparency are vital for Ukraine’s reconstruction (Atlantic Council) Ukraine's reconstruction will depend on digitalization and the recruitment of motivated personnel from the military, writes Deputy Minister for Communities, Territories, and Infrastructure Development Oleksandra Azarkhina.
Ukraine’s Volunteers (The New York Review of Books) It was dark and getting colder. The four-wheel drive was slipping and straining as we tried to yank the van out of a muddy field. We had already lightened
The time is now to question how NATO should look post Ukraine (Breaking Defense) "Now is the moment to consider what changes may be needed to ensure the alliance is strong, healthy and focused on its core task of keeping alliance members out of Russia’s grasp," writes Joshua Huminski of the Center for the Study of the Presidency & Congress.
Europe prepares to take in more Ukrainians, with less support, in 2023 (Washington Post) Last winter, Jaroslaw Olak, a Warsaw native, spent the early days of the Ukraine war handing out sweets with his young sons to refugees arriving in the Polish capital. Soon after, he was hosting Ukrainian families rent-free in his apartment downtown.
The Myth of America’s Ukraine Fatigue (Foreign Policy) No, the U.S. public isn’t giving up on Ukraine.
Germany Open to Seizing Russian Assets to Help Ukraine Rebuild (Bloomberg) Berlin backs Kyiv government’s demands for war reparations. Move hinges on resolving legal issues, allied coordination.
Poland warns of attacks by Russia-linked Ghostwriter hacking group (BleepingComputer) The Polish government is warning of a spike in cyberattacks from Russia-linked hackers, including the state-sponsored hacking group known as GhostWriter.
Poland targeted by persistent pro-Russian cyberattacks (SC Media) Poland's government services, private firms, media companies, and citizens are being subjected to persistent and exacerbating cyberattacks by pro-Russian hacking groups since the beginning of the Russia-Ukraine war, according to The Record, a news site by Recorded Future.
Time to Reconsider How State Actors are Defined in Cyberspace (OODA Loop) Since the late 1990s, geopolitics have increasingly become a driver of hostilities between nation states and their non-state sympathizers.
Sudden Russian Death Syndrome (The Atlantic) It’s not a great time to be an oligarch who’s unenthusiastic about Putin’s war in Ukraine.
Russia Is Afraid of Western Psychic Attacks (Foreign Policy) Pseudoscience and mysticism are common among the Moscow elite.
Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks (BleepingComputer) More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE) vulnerability, one of the two security flaws targeted by ProxyNotShell exploits.
Hackers' latest trick looks like free movie streaming (Fox News) Downloadable links with access to movies and shows could contain malware that gives hackers access to your information. Here's how you can protect your devices from malicious files.
Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware (The Hacker News) Cybercriminals Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware
BitRAT malware campaign uses stolen bank data for phishing (BleepingComputer) Threat actors behind a recent malware campaign have been using the stolen information of bank customers in Colombia as lures in phishing emails designed to infect targets with the BitRAT remote access trojan, according to cloud security firm Qualys.
OpwnAI: AI That Can Save the Day or HACK it Away (Check Point Research) Latest Research by our Team
Cyber-attack threatens release of Port of Lisbon data (Port Technology) The Port of Lisbon suffered a cyber-attack on Christmas Day, raising concerns about the potential exposure of confidential information.
Rail giant Wabtec discloses data breach after Lockbit ransomware attack (BleepingComputer) U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information.
Huron-Superior Catholic District School Board employees likely affected by cyber attack (CBC) Employees with the Huron-Superior Catholic District School Board have likely had their personal information compromised due to a cyber attack.
Arnold Clark’s Christmas cyber attack recovery a ‘mammoth task’ (AM Online) Arnold Clark’s recovery from a Christmas cyber attack has been described as a “mammoth task” after the car retail giant was forced to axe internet access to protect its customer data.
LA housing agency is hit with cyberattack and is given a deadline to respond (Daily News) In an eerie replay of the cyberattack on LAUSD, the City of LA’s $1 billion housing agency is attacked.
Los Angeles housing authority says cyberattack disrupting systems (The Record by Recorded Future) The Housing Authority of the City of Los Angeles confirmed that it is dealing with a cyberattack on Monday.
The Guardian offices close after ransomware attack (New York Post) The Guardian staff have been told to work remotely since the hacking incident began on December 20.
The Guardian contacts data protection regulator after suspected ransomware incident (The Record by Recorded Future) The Guardian newspaper has contacted the United Kingdom’s data protection regulator following a suspected ransomware attack on December 20.
More than 200 U.S. institutions hit with ransomware in 2022: report (The Record by Recorded Future) Emsisoft researchers said more than 200 local governments, schools and hospitals were affected by ransomware in 2022.
Cyber attacks to one day become ‘uninsurable’ (Cyber Security Connect) CEO of Zurich Insurance Group Mario Greco has issued a warning that cyber attacks will one day become “uninsurable.” Insurance executives have been stating that natural catastrophes such as global
Defensive vs. offensive AI: Why security teams are losing the AI war (VentureBeat) What enterprises can do to counter weaponized AI and ML wielded by cybercriminal gangs and nation-state threat actors.
The cybersecurity industry will undergo significant changes in 2023 (Help Net Security) The cybersecurity industry is set to undergo some significant changes in 2023, due to consolidation and workers returning to the office.
Twitter to Relax Ban on Political Ads (New York Times) Elon Musk’s social media service said it would begin to permit cause-based advertising to “facilitate public conversation around important topics.”
Twitter whistleblower Zatko lands new job at a security consulting firm (Washington Post) Former Twitter security chief Peiter Zatko, whose whistleblower claim against the company triggered multiple ongoing investigations, has joined security company Rapid7, where he will advise a range of consulting clients, the Boston-based company told The Washington Post.
John W. Thompson Joins Rubrik as the Lead Independent Board Director (Enterprise Security) We've built an elite leadership team of cybersecurity experts across public and private sectors to better equip our customers in the ongoing battle against...
R Street welcomes Brandon Pugh as new director of Cybersecurity and Emerging Threats team (R Street) WASHINGTON (Jan. 4, 2022) — This week the R Street Institute welcomed Brandon Pugh as policy director for our Cybersecurity and Emerging Threats team. He was previously a senior fellow on the same team. In this role, Pugh will spearhead public policy strategy for the department with a focus on data security and data privacy […]
Intel and Check Point Extend Collaboration for Ransomware Defense (Spiceworks) Check Point’s upgraded solution will be available to customers in early 2023 at no extra cost.
Illumio Government Cloud Achieves FedRAMP® In Process Designation to Help Federal Agencies Stop the Spread of Breaches and Reduce Risk (GlobeNewswire News Room) Illumio is a Zero Trust Segmentation platform...
Cyber Chiefs Face Scrutiny and Challenges in 2023’s Uncertain Economy (Wall Street Journal) Security chiefs will likely be told to do more with less in 2023, as economic uncertainty batters budgets and companies brace for a potential recession.
CYBER101: Joint Force Headquarters–Department of Defense Information Network (JFHQ-DODIN) (U.S. Cyber Command) A digital revolution in cyberspace has swept the globe over the last three decades leading to the interconnectivity of disparate nations, organizations, groups, and people across a worldwide network
How Can the White House's New IoT Labels Improve Security? (Security Intelligence) The White House is attempting to establish globally used and recognized labels for IoT to improve security.
Breaking RSA with a Quantum Computer (Schneier on Security) A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong.
Can these researchers help defend satellite systems targeted by hackers? (CyberScoop) Despite growing cyberattacks on satellite networks, efforts to protect communication systems in space remain nascent.
Govt releases draft online gaming rules for public consultation (Moneycontrol) These draft regulations come at a time when India's gaming sector has seen unprecedented growth in terms of app downloads and revenue
Watching porn now requires age verification in La. because of new law (Fox 8 Live) A new law that was passed in Louisiana requires age verification for any website that contains 33.3% or more pornographic material.
Meta’s Ad Practices Ruled Illegal Under E.U. Law (New York Times) The decision is one of the most consequential issued under the E.U.’s landmark data-protection law and creates a new business headwind for the social media giant.
Meta Fined More Than $400 Million in EU for Serving Ads Based on Online Activity (Wall Street Journal) European regulators ruled the Facebook and Instagram parent can’t use its contracts with users to justify sending them ads based on their online activity, a blow to the digital-advertising industry.
Meta's New Year kicks off with $410M+ in fresh EU privacy fines (TechCrunch) Meta is starting the new year with more privacy fines for its business in Europe following enforcement of complaints over the legal basis it claims to run behavioral ads.
How Social Media Can Come Back to Bite You During the Security Clearance Process (Government Executive) Lindy Kyzer joins the podcast to discuss networks like Twitter and Tiktok relates to the continuous vetting of employees working for the federal government.
Sam Bankman-Fried Pleads Not Guilty as Trial Set for October (Wall Street Journal) The FTX founder faces eight criminal counts, including conspiracies to commit securities fraud and commodities fraud. A judge set his trial to begin Oct. 2.
Sam Bankman-Fried, Founder Of The Crypto Exchange FTX, Has Pleaded Not Guilty To Fraud And Other Charges (BuzzFeed News) If convicted on all counts, he faces up to 115 years in prison.
Crypto Hack Lawsuits Rise as Theft Victims Try Untested Claims (Bloomberg Law) Lawsuits against cryptocurrency exchanges, digital wallet providers, and mobile service companies following cyberattacks reached a new high in 2022, as hacking victims increasingly test unproven legal claims to recoup their crypto losses.
Google settles user location tracking lawsuits for $29.5M (SC Media) Google has agreed to settle for $29.5 million two lawsuits involving "deceptive" location tracking, reports The Hacker News.
For a complete running list of events, please visit the Event Tracker.
Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Jan 9 - 13, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.
Convene: Security Training and Awareness Conference (Clearwater, Florida, USA, Jan 10 - 11, 2023) The National Cybersecurity Alliance is gathering training and awareness professsionals together to connect, share, and convene. Connect with the training and awareness community. Convene was created for this close-knit group, which has few opportunities to connect in person at an event designed just for them. Learn best practices. Thought leaders and industry executives will share their recent successes, failures and insights from recent campaigns and programs. Build camaraderie. Immersive gatherings with like-minded professionals breed innovation, sharing and human connection.
Insider Threat Program Development - Management Training Course (Laurel, Maryland, USA, Jan 30 - 31, 2023) The training course will be taught at the Johns Hopkins University Applied Physics Laboratory, in Laurel, Maryland. This highly sought after and very comprehensive 2 day training course will ensure the Insider Threat Program (ITP) Manager/ Senior Official (Insider Threat Analyst, FSO, CSO, CISO, Etc.), and others who support the ITP (Human Resources, IT, Network Security, Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group. Our student satisfaction levels are in the exceptional range. Over 900+ individuals have attended this training course and received ITP Manager Certificates.
CybertechGlobal Tel Aviv (Tel Aviv, Israel, Jan 30 - Feb 1, 2023) Cyber is all around us—it is one of the most trending topics in the tech and business arenas. It is a whole-encompassing industry that is not only about threats, but also covers the scope of digitalization and opportunities in the realm of innovation. From Tel Aviv and Rome, to Tokyo, Singapore, Panama, and more, Cybertech is the cyber industry’s foremost B2B networking platform conducting industry-related events all around the globe. Our conferences and exhibitions serve as the go-to place to make business happen and learn all about the latest technological innovations, challenges, and solutions to combating threats within the global cyber arena. Cybertech events feature top executives, government officials, leading decision-makers from a wide range of sectors including critical infrastructure, insurance, retail, health and government, defense, R&D, manufacturing, automotive, and more! Multinational corporations, startups, private and corporate investors, venture capital firms, experts, and clients—come and meet all the key players from the cyber industry and be immersed in everything there is to offer. Cyber. We live it. Breathe it. All at the forefront of global innovation.
Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Feb 6 - 10, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.
