Dateline
Ukraine at D+341: Killnet hits US hospitals. (CyberWire) Cyber operations continue in the hybrid war, but again without obvious signs of coordination with kinetic action at the tactical or operational levels.
Russia-Ukraine war live: Ukraine to receive up to 140 tanks in ‘first wave’, says Kuleba (the Guardian) Ukrainian foreign minister says first deliveries to come from coalition of 12 countries
Russia-Ukraine war: List of key events, day 342 (Al Jazeera) As the Russia-Ukraine war enters its 342nd day, we take a look at the main developments.
'The situation is stably f----d': Russians close in on gateway to Bakhmut (The Telegraph) The lifeline in this small town is the 'point of invincibility' - a ground-floor room with electricity, heat and phone signal
Ukraine-Russia war latest: Waves of Russian troops 'crushed' in fresh assault on strategic eastern town (The Telegraph) Waves of Russian troops are being "crushed" during a fresh assault on a strategically important town in eastern Ukraine.
Russia Freed Prisoners to Fight Its War. Here’s How Some Fared. (New York Times) Tens of thousands of inmates have joined a mercenary group fighting with the Kremlin’s decimated forces in Ukraine. Some of them are returning to civilian life with military training and, in many cases, battlefield traumas.
Rebuilding in a warzone: no time for grand visions in Ukraine (the Guardian) As people try to reconstruct their lives, the focus is on critical projects vital to the country’s survival
Why Crimea Is Not a Bridge Too Far (Foreign Policy) Withholding support for Ukraine in reclaiming the territory risks undermining gains made thus far.
Biden seemingly rejects request to send U.S. F-16s to Ukraine (POLITICO) But the administration has yet to hold high-level discussions about arming Kyiv with the jets, a U.S. official said later.
Biden rules out sending F-16s to Ukraine but Macron may still commit French fighter jets (The Telegraph) French President does not rule out delivering warplanes if the move is ‘not escalatory’ and ‘not likely to touch Russian soil’
Gates: A lot of US military aid to Ukraine ‘could have been done sooner’ (The Hill) Former Defense Secretary Robert Gates said on Sunday that a lot of the U.S.’s military aid to Ukraine “could have been done sooner.” “I think the only thing I would have sai…
NATO chief urges Seoul to send military support to Ukraine (AP NEWS) NATO Secretary-General Jens Stoltenberg on Monday called for South Korea to provide direct military support to Ukraine, saying Kyiv is in urgent need of weapons to fight off the prolonged Russian invasion.
South Korea Could Sweep Up Europe’s Tank Market (Foreign Policy) Germany’s self-inflicted wound has left defense partners looking for alternatives.
Russia becomes target of West’s coordinated aggression in cyberspace — MFA (TASS) In 2022, Russia faced unprecedented external cyberattacks
Russian foreign ministry claims to be the target of ‘coordinated' cyber aggression (The Record from Recorded Future News) Russia’s deputy foreign minister claimed this weekend that the country has been the target of “coordinated aggression” in cyberspace.
BlueBravo Uses Ambassador Lure to Deploy GraphicalNeutrino Malware (Recorded Future Insikt Group) BlueBravo is a threat group tracked by Recorded Future’s Insikt Group that overlaps with the Russian advanced persistent threat (APT) activity tracked as APT29 and NOBELIUM. APT29 and NOBELIUM operations have been previously attributed to Russia’s Foreign Intelligence Service (SVR), an organization responsible for foreign espionage, active measures, and electronic surveillance.
Russia-Linked APT29 Uses New Malware in Embassy Attacks (SecurityWeek) Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.
Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector (Health Sector Cybersecurity Coordination Center) The hacktivist group ‘KillNet’—has targeted the U.S. healthcare industry in the past and is actively targeting the health and public health sector. The group is known to launch DDoS attacks and operates multiple public channels aimed at recruitment and garnering attention from these attacks.
HC3 TLP Clear Analyst Note: Pro-Russian Hacktivist Group Threat to HPH Sector (American Hospital Association) The hacktivist group ‘KillNet’—has targeted the U.S. healthcare industry in the past and is actively targeting the health and public health sector.
HHS, AHA Warn of Surge in Russian DDoS Attacks on Hospitals (Gov Info Security) Government authorities and industry groups are warning the healthcare sector of ongoing denial of service attacks on hospitals and other medical entities by Russian
Russian hackers allegedly take down Duke University Hospital’s website (Carolina Journal -) Russian hackers were allegedly behind a cyberattack that took down 14 hospital systems websites across the country Monday, including Duke University Hospital in Durham.
The Evolution of DDoS: Return of the Hacktivist (FSISAC) A joint report by FS-ISAC and Akamai to educate our community on the new and evolving threat of DDoS, the business risks it poses, and best practices on mitigation for the sector to better combat these attacks
Ukrainian organisations getting hit by destructive new SwiftSlicer malware (CyberSecurity Connect) Experts at security company ESET spotted the malware - which they are dubbing SwiftSlicer - in operation on January 25, and it is believed to have been deployed by the Sandworm hacking group.
Hackers Use New SwiftSlicer Wiper To Destroy Windows Domains (TechJuice) Researchers have found a new data-wiping malware used by hackers to destroy Windows domains. Security researchers have named it SwiftSlicer,
Ships Are Flying False Flags to Dodge Sanctions (Foreign Policy) Illegal Russian tankers are a maritime nightmare.
Attacks, Threats, and Vulnerabilities
The Dangerous Consequences of Threat Actors Abusing Microsoft’s “Verified Publisher” Status (Proofpoint) New Malicious Campaign Abuses Microsoft’s “verified publisher” status to successfully proliferate malicious OAuth apps, targets UK-based users
Serious Security: The Samba logon bug caused by outdated crypto (Naked Security) Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Phony, malicious Bitwarden ads slip past Google's watch (PCWorld) Google hosted ads that sent users to a fake Bitwarden login site
Breaking the Impersonation: Armorblox Stops DocuSign Attack (Armorblox) This blog examines a credential phishing attack that impersonated the brand DocuSign in an attempt to steal victims' login credentials. The email attack bypassed Microsoft Office 365 Email Security and Proofpoint and had the potential to land in the inboxes of over 10,000 end users.
Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529) (Unit 42) We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.
CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library (Synopsys Application Security Blog) Learn about CVE-2022-23846, a denial-of-service-vulnerability affecting GTP libraries found in Open5GS.
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware (Check Point Research) Research by: Arie Olshtein Executive summary Introduction Cyber criminals increasingly rely on packers to carry out their malicious activities. The packer, also referred to as “Crypter” and “FUD” on hacking forums, makes it harder for antivirus programs to detect the malicious code. By using a packer, malicious actors can spread their malware more easily with […]
Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges (WIRED) The crypto money-laundering market is tighter than at any time in the past decade, and the few big players are moving a “shocking” amount of currency.
No Blocking, No Issue: The Curious Ecosystem of Financial Advisor Impersonation Scams (DomainTools) Pig butchering activity has been observed in Southeast Asia, but in our latest blog post, we’ll examine a cluster of similar activity operating out of West Africa using financial impersonation
Critical OpenEMR vulnerabilities may allow attackers to access patients' health records (Help Net Security) Three critical vulnerabilities in OpenEMR can be chained to achieve RCE on a server running the open-source electronic health record system.
Third-party data breach round-up: mscripts, Diligent, Mailchimp (Healthcare IT News) Recent attacks on healthcare provider business associates, including prescription and hosting platforms, expose more PII and PHI. Newly compromised email lists may be used for phishing attacks.
TSA issues security directive to airports, carriers after 'no-fly' list leak (The Record from Recorded Future News) TSA issued a security directive to all U.S. airports and air carriers demanding tougher cybersecurity rules after the leak of the no-fly list.
The Untold Story of a Crippling Ransomware Attack (WIRED) More than two years ago, criminals crippled the systems of London’s Hackney Council. It's still fighting to recover.
IT specialists search and recruitment on the dark web (Securelist) We have analyzed more than 800 IT job ads and resumes on the dark web. Here is what the dark web job market looks like.
Cybercrime job ads on the dark web pay up to $20k per month (BleepingComputer) Cybercrime groups are increasingly running their operations as a business, promoting jobs on the dark web that offer developers and hackers competitive monthly salaries, paid time off, and paid sick leaves.
Report on hackers' salaries shows poor wages for developers (Register) Salary report shows OKish pay, plus the possibility of getting ripped off and the whole prison thing
Cybercrime groups offer six-figure salaries, bonuses, paid time off to attract talent on dark web (CyberScoop) Despite the obvious risks, jobs with hacking groups can be alluring for those who need the money or want to do the work.
Ransomware attack on Indianapolis Housing Agency leaks sensitive info on 200,000 residents (The Record from Recorded Future News) The Indianapolis Housing Agency is notifying more than 200,000 people that their information was leaked during an October ransomware attack.
Trends
Exabeam Survey Finds Organizations Prioritize Prevention Over Detection While Breaches Continue to Rise (Exabeam) Research also shows the inability to prevent bad things from happening as the worst part of a security job with more than a third of respondents unsure they could tell their boards that no adversaries are inside
New Report Finds Increase in DDoS Attacks Targeting the Financial Services Industry (PR Newswire) FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, and Akamai...
Kroll Cyber Data Breach Outlook - 2023 (Kroll) Kroll's Data Breach Outlook ranks the most-breached industries of the year. In 2022, health care overtook finance as the most-breached industry, accounting for 22% of the breaches handled by Kroll, compared to 16% in 2021; a 38% increase year over year (YoY). Finance dropped to second place with 19% of the cases in 2022, a 3% drop from 2021 where it accounted for 22% of breach cases.
150+ Million Americans Victims of Credit Card Fraud Up from 127 Million a Year Ago, According to New Security.org Annual Research (GlobeNewswire News Room) Security.org (https://www.security.org) annual research out today finds more than 150 million Americans...
Marketplace
Saviynt Raises $205M; Founder Rejoins as CEO, Appoints Seasoned President to Accelerate its Leadership in Identity Management (Business Wire) Saviynt, a leading provider of intelligent identity and access governance solutions, today announced that it has closed $205 million in growth financi
Trulioo Launches New Global Identity Verification Platform (Trulioo) Trulioo released its new industry-defining global identity platform, showcasing the company’s expertise and innovation in helping businesses worldwide.
Booz Allen's acquisition pace is slower than it expected (Washington Technology) Integration is the firm's current focus now that the EverWatch purchase has closed, as is hiring.
Swimlane Announces Record Year with 123% New ARR Growth (Business Wire) 14 New Fortune 500 Companies Choose Swimlane as Sole Source for Security Automation
Aqua Security Named as Leader and Outperformer in GigaOm Radar Report for Container Security (Aqua) Aqua Security today announced that it ranked as an Outperformer and Leader in innovation in the GigaOm Radar for Container Security.
Versa Networks Awarded Top Intel® Network Builders Winners’ Circle 2022 Award (Business Wire) Versa Networks, the recognized leader of single-vendor Unified Secure Access Service Edge (SASE), today announced it was awarded the highest level of
Simone Biles, Cybersecurity And Foster Care: Why The Best Collaborations Are Often Unexpected (Forbes) If your business is looking for a next-level collaboration, think outside the box to make it happen — take Simone Biles and Axonius, for example.
Trinity Cyber Appoints Frank Koehl to Lead Product Development (Trinity Cyber) Trinity Cyber Appoints Frank Koehl to Lead Product Development
RMC Appoints Retired Four-Star Navy Admiral James Foggo III as Board Chair (PR Newswire) RMC, the leader in Mission Assurance, Risk Management and Industrial Cybersecurity solutions, today announced the appointment of Admiral James...
Mimecast Names David Helfer as Chief Revenue Officer (GlobeNewswire News Room) Global Sales Executive Joins Email and Collaboration Security Company to Build on Momentum...
Products, Services, and Solutions
Radware Introduces New Cybersecurity Partner Program (GlobeNewswire News Room) Enhances partner experience and increases financial incentives...
Guardz Launches to Secure and Insure Small Businesses from Rising Cybersecurity Threats (PR Newswire) Guardz, the cybersecurity company building a safer digital world for small businesses, today launched from stealth to secure and insure small...
Cloudflare to Offer Comprehensive Email Security & Data Protection Tools to Protect Enterprises from Phishing Attacks (CIOReview) Cloudflare to Offer Comprehensive Email Security & Data Protection Tools to Protect Enterprises from Phishing Attacks By CIOReview - The CIO can deploy advanced Zero Trust email security tools such as Remote Browser Isolation and Data Loss Prevention with any...
Aqua Security Named as Leader and Outperformer in GigaOm Radar Report for Container Security (GlobeNewswire News Room) Earning the highest rank in innovation, the report validates Aqua’s leadership in cloud native security and CNAPPs...
Cerberus Sentinel Announces Strategic Partnership with Kivu Consulting (GlobeNewswire News Room) Global cybersecurity services firm broadens team in incident response, digital forensics, and ransomware negotiation...
Varonis Announces Proactive Incident Response for SaaS Customers (GlobeNewswire News Room) World-class cybersecurity team will proactively monitor customer data and respond to threats
GroupSense Launches New, Individualized VIP Monitoring Service (GroupSense) In our latest service offering, your VIPs and executives will be protected from cyber threats.
As Malicious Open Source Packages Proliferate, Checkmarx Announces Supply Chain Threat Intelligence for Faster, Easier Identification of Potential Threats (PR Newswire) Checkmarx, the global leader in developer-centric application security solutions, announced today the immediate availability of Supply Chain...
Dremio and Privacera Announce Latest Integration Introducing Advanced Data Security Governance Capabilities on Data Lakehouses (PR Newswire) Dremio, the easy and open data lakehouse, and Privacera, the only open-standards based data security governance leader founded by the creators...
TripleBlind Collaborates with Mayo Clinic Platform To De-Identify Patient Data, Strengthen Privacy, and Improve Global Health Care Outcomes (GlobeNewswire News Room) TripleBlind, the leader in automated, real-time data de-identification, today announced an expanded...
SentinelOne and KPMG Announce Alliance to Accelerate Cyber Investigations and Response (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced an alliance with KPMG LLP, the audit, tax and advisory firm, to a
Confluent Enables Enterprises to Build a Secure Shared Services Platform for Data Streaming to Maximize Cost Efficiency (Confluent) The first fully managed Apache Kafka® service with OAuth helps businesses automate identity management, reducing the operational burden of scaling workloads
Menlo Security Cloud Security Platform receives FedRAMP® Authorization (Menlo Security) Menlo Security announced that the Menlo Security Cloud Security Platform has received Authorization to Operate at the moderate level under FedRAMP.
Varonis Announces Proactive Incident Response for SaaS Customers (Varonis) World-class cybersecurity team will proactively monitor customer data and respond to threats
VertexGraph delivers Zero Trust Network Access 2.0 (ZTNA 2.0) remote file access to AEC firms (GlobeNewswire News Room) VertexGraph brings much-needed innovation to Architecture, Engineering, and Construction (AEC) firms to solve some of the toughest collaboration challenges...
Technologies, Techniques, and Standards
Redaction: how to properly hide sensitive text on a PDF document (Panda Security Mediacenter) You can use redaction to hide part of the text on a PDF document so that it can not be read. Here is how to redaction works.
Academia
NSA expands grant for compliance curriculum (University of North Georgia) The NSA has provided additional funding for its grant supporting UNG's creation and marketing of graduate and undergraduate certificates in compliance and ethics, including a total of 100 tuition waivers.
ChatGPT Is Making Universities Rethink Plagiarism (WIRED) Students and professors can’t decide whether the AI chatbot is a research tool—or a cheating engine.
Legislation, Policy, and Regulation
The Abraham Accords expand with cybersecurity collaboration (Washington Post) U.S., allies in Middle East and North Africa broaden collaboration on cyberdefense
US stops provision of licences for export to China's Huawei (CRN Australia) Could mean total ban on American tech for the Chinese telco gear vendor.
CISA establishes new office to ‘operationalize’ supply chain security (Federal News Network) CISA’s new office is looking to move beyond guidance and policies to help agencies move out on security their IT supply chains.
US Surgeon General says 13-year-olds are too young to be on social media (ABC News) Meta, Twitter and other social media platforms currently allow 13-year-olds to join.
US Surgeon General says 13-year-olds are too young to be on social media (Good Morning America) Meta, Twitter and other social media platforms currently allow 13-year-olds to join.
Litigation, Investigation, and Law Enforcement
MI5 breached law with five-year data retention (Computing) MI5 workers improperly held people's intercepted data for nearly five years, an independent tribunal concluded on Monday, criticising the spy agency for its "serious failings."
Wealthy Russian undertook $90 mln hack-and-trade scheme, U.S. says at trial (Reuters) A wealthy Russian businessman with ties to the Kremlin made tens of millions of dollars trading on secret financial information obtained by hackers about multiple companies before it was public, a U.S. prosecutor said Monday at the start of his trial.
FTC orders Chegg to improve 'lax security' (EdScoop) The Federal Trade Commission has given edtech company Chegg 90 days to improve its data security practices.
How the Silk Road Affair Changed Law Enforcement (Security Intelligence) Shutting down The Silk Road set the stage for future action against darknet marketplaces forever. Here's how the saga unfolded.
The media is blowing Biden’s documents ‘scandal’ out of proportion | Margaret Sullivan (the Guardian) The news media has greeted the supposed scandal of Biden’s mishandling of classified documents with breathless glee