Dateline
Ukraine at D+344: Historical revisionism in Russia. (CyberWire) Little change in the front lines, but casualties continue to mount.
Vladimir Putin says ‘Nazi-like’ ideology threatens Russia on anniversary of Stalingrad battle (The Telegraph) After laying wreath at war memorial, Russian president compares German tanks in Ukraine to the Nazis sweeping across eastern Europe
As Russia Strikes Ukrainian Civilians, Putin Tells His People the War Is Just (New York Times) Invoking World War II on the 80th anniversary of victory at Stalingrad, Mr. Putin repeated his false justifications for an invasion that has taken a staggering toll.
Soaring Death Toll Gives Grim Insight Into Russian Tactics (New York Times) Moscow is sending poorly trained recruits, including convicts, to the front lines in eastern Ukraine to pave the way for more seasoned fighters, U.S. and allied officials say.
Russian missile destroys apartment block killing at least three (The Telegraph) The attack in the city of Kramatorsk came as EU officials arrived in Kyiv for talks seen as key to Ukraine's pivot towards the West
Ukraine War: As It's Happening (The Moscow Times) Air raid sirens rang out in Kyiv and across Ukraine on Friday before the start of a summit bringing together senior Ukrainian officials and EU representatives.
Ukraine’s Zelensky Presses EU Chief on Membership Progress (Wall Street Journal) The European Union will double the number of Ukrainian troops it trains to 30,000, a senior EU official says, in a sign of the bloc’s continued support for Kyiv’s war effort.
Russia-Ukraine war at a glance: what we know on day 345 of the invasion (the Guardian) EU leaders meet Zelenskiy in Kyiv; Ukraine presses charges against Wagner group founder for ‘waging a war of aggression’
Along Ukraine-Belarus border, a war of nerves — and drones (AP NEWS) The reconnaissance drones fly several times a day from Ukrainian positions deep inside the thick forest that marches across the border into Belarus, a close Russian ally, scouring sky and land for signs of trouble on the other side.
Ukraine hails French gift of radar as 'cherry on the cake' (AP NEWS) Ukraine's defense minister said Wednesday that Ukrainian lives will be saved by a sophisticated air-defense radar that France is supplying and which is powerful enough to spot incoming missiles and exploding drones in the skies over all of Ukraine's capital and its surrounding region.
What Ukraine wants from France: Munitions, training, air defense and, maybe, fighter jets? - Breaking Defense (Breaking Defense) Ukrainian Minister of Defense Oleksii Reznikov traveled to Paris for talks with counterparts, and came away with more firepower.
Training Ukrainians to fly British jets would take too long, says No 10 (Telegraph) The quickest a Ukrainian pilot could learn to fly a British fighter jet is 35 months, Rishi Sunak's spokesman has said, elaborating on an obstacle to sending warplanes to Kyiv.
Who’s sending what to Ukraine: A new wave of Western weapons explained (Washington Post) A new surge of increasingly elaborate weapons from Western countries could change the balance on the battlefield in Ukraine as Kyiv’s major backers agree to successive requests that once made them balk.
The real reason Ukraine won’t be joining the EU any time soon (The Telegraph) Bloc wants Kyiv as a member state, but there are no shortcuts amid challenges over money and Brussels rules
How to Get a Breakthrough in Ukraine (Foreign Affairs) The case against incrementalism.
What Ukraine Needs to Liberate Crimea (Foreign Affairs) A credible military threat might be enough.
Losing Crimea Would Escalate Russian-Ukraine Conflict, Former Defense Secretary Says (USNI News) Losing Crimea, which holds an important naval base in Sevastopol, to Ukraine would cross a “real red line” for Russia and likely risk an escalation of the ongoing war, a former U.S. defense secretary said Wednesday. Reclaiming Crimea would be “an exceptionally difficult fight” because Russian President Vladimir Putin attaches so much importance to it, …
Boris Johnson: Stop worrying about Putin and ‘focus entirely on Ukraine’ (Atlantic Council) The former UK prime minister urged the West to stop tiptoeing around Putin's threats and equip Ukraine with the weapons it needs to end the war.
With or Without Western Tanks, Escalation Is Coming to Ukraine (The National Interest) To meet the expected Russian offensive in the late winter or early spring, Ukraine needs additional components for modern air-land battle.
Is the U.S. Military Capable of Learning From the War in Ukraine? (Foreign Policy) The Pentagon has learned painful lessons in the past—and may have to do so again.
Europe's last empire: Putin’s Ukraine war exposes Russia’s imperial identity (Atlantic Council) Vladimir Putin's genocidal invasion of Ukraine has exposed modern Russia's unapologetically imperial identity but could yet lead to the collapse of the Kremlin's broader imperial ambitions, writes Botakoz Kassymbekova.
Russian presence at Paris Olympics risks normalizing Ukraine invasion (Atlantic Council) The International Olympic Committee's decision to allow Russian athletes to compete at the 2024 Paris Olympics under a neutral flag has sparked outrage from critics who say it risks normalizing the genocidal invasion of Ukraine.
Petr Pavel: Ukraine deserves to join Nato, says new Czech leader (BBC News) Petr Pavel tells the BBC Ukraine is morally and practically ready to join Nato after the war is over.
Czech Election Sends a Reassuring Signal to Ukraine and NATO (World Politics Review) Czech Republic’s presidential election was widely considered a referendum on sending aid to Ukraine and sticking by Prague’s NATO allies.
The Kremlin Has Entered the Chat (WIRED) Russian antiwar activists placed their faith in Telegram, a supposedly secure messaging app. How does Putin’s regime seem to know their every move?
Intelligence agency says ransomware group with Russian ties poses 'an enduring threat' to Canada (CBC) Canada's cyber intelligence agency says Lockbit — a prolific ransomware group with links to Russia — was responsible for 22 per cent of attributed ransomware incidents in Canada last year and will pose an "enduring threat" to Canadian organizations this year.
Les ransomwares, couverture des groupes APT pour du cyber-espionnage (Le Monde Informatique) Les groupes APT nord-coréens, russes et chinois changent de tactique. Sous couvert de mener des attaques par rançongiciels, ils mènent des campagnes...
Winners and Losers in the Russia–Ukraine Cyberwar | Manohar Parrikar Institute for Defence Studies and Analyses (MP-IDSA) The Russia–Ukraine cyberwar has upended a number of existing preconceptions about cyber conflict in an active war.
Russia-Ukraine war has improved US cyber cooperation, says key official (The Hill) Nathaniel Fick, U.S. ambassador at large for cyberspace and digital policy, said on Thursday that the Russia-Ukraine war prompted the government to significantly increase its partnership with the p…
Report: 'KillNet' targeting hospitals in countries helping Ukraine in war efforts (Becker's Hospital Review) On Feb. 1, Dutch cyber authorities confirmed that several hospital websites in the Netherlands and Europe were targeted by 'KillNet's' DDoS campaign, along with U.S. hospitals and health systems, Security Week reported Feb. 1.
Kazakhstan’s Tokayev Is Playing With Fire at Home—and With Russia (World Politics Review) President Tokayev has shown a willingness to stand up to Russia, but amid domestic protests, has refused to implement promised reforms.
Ukrainian SMEs hold the key to the country’s economic revival (Atlantic Council) There is still no end in sight to the Russian invasion of Ukraine but the international community must not delay efforts to revive Ukraine's economy by supporting the country's vibrant SME sector.
Ukraine’s Coming Electricity Crisis (Foreign Affairs) How to protect the grid from Russian attacks.
How Putin’s plans to blackmail Europe over gas supply failed (the Guardian) Within eight months of Russia invading Ukraine, the EU’s 27 states had replaced about 80% of the natural gas they used to get from Moscow
US seeks to expel Russian mercenaries from Sudan, Libya (AP NEWS) The United States has stepped up pressure on Middle East allies to expel the Wagner Group, a military contractor with close ties to Russia's president, from chaos-stricken Libya and Sudan where it expanded in recent years, regional officials told The Associated Press.
Don’t dress like Volodymyr Zelensky when in Kyiv, EU officials warned (The Telegraph) Memo advised them to don ‘usual business attire’ and avoid military ‘green and khaki’ when meeting the Ukraine president
Attacks, Threats, and Vulnerabilities
U.S. nuclear sites face hacking and espionage threats (Washington Post) Hackers target U.S. nuclear facilities, the latest in a long line of nuclear-related cyberattack
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector (WithSecure) During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.
Hackers linked to North Korea targeted Indian medical org, energy sector (The Record from Recorded Future News) North Korea's Lazarus Group is accused of targeting an Indian medical research company and other businesses in the energy sector.
North Korean hackers stole research data in two-month-long breach (BleepingComputer) A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction.
Supply Chain Attack by New Malicious Python Package, “web3-essential” (Fortinet Blog) FortiGuard Labs team discovers another 0-day attack in a malicious PyPI package called “web3-essential”. See how this malware avoids suspicion and other observations.…
Google ads push ‘virtualized’ malware made for antivirus evasion (BleepingComputer) An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer.
Vulnerability Causing Deletion of All Users in CrushFTP Admin Area (Trustwave) During a recent penetration test, Trustwave SpiderLabs researchers discovered a weak input validation vulnerability in the CrushFTP application which caused the deletion of all users.
Majority of the ransomware gangs used this packer to bypass antivirus and encrypt devices (Information Security Newspaper) Majority of the ransomware gangs used this packer to bypass antivirus and encrypt devices - Malware - Information Security Newspaper | Hacking News
LockBit claims attack on financial software firm ION, demands payment by tomorrow (Computing) Ransomware attack has affective derivative trading for dozens of financial enterprises
ChatGPT May Already Be Used in Nation State Cyberattacks, Say IT Decision Makers in BlackBerry Global Research (BlackBerry) BlackBerry Limited today released new research revealing that half (51%) of IT professionals predict that we are less than a year away from a successful cyberattack being credited to ChatGPT, and 71% believe that foreign states are likely to already be using the technology for malicious purposes against other nations.
UK IT leaders fear malicious use of ChatGPT by foreign states (Computing) UK IT leaders are concerned about the potential for malicious use of the ChatGPT chatbot by foreign states, according to a new study.
Switzerland’s largest university confirms ‘serious cyberattack’ (The Record from Recorded Future News) The University of Zurich, Switzerland’s largest university, announced on Friday it was the target of a “serious cyberattack."
Tallahassee Memorial hospital victim of suspected ransomware attack (Florida Politics - Campaigns & Elections. Lobbying & Government.) The hospital is also diverting EMS patients.
Data breach at Vice Media involved SSNs, financial info (The Record from Recorded Future News) A data breach involving Vice Media leaked the sensitive information and financial data of more than 1,700 people.
The website that wants you to kill yourself—and won't die (Mother Jones) How the trolls on Kiwi Farms hounded people to commit suicide and created the online culture we have today.
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Advisories for Multiple Products (CISA) Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
Drupal Releases Security Update to Address a Vulnerability in Apigee Edge (CISA) Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x. An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB- 2023-005 and apply the necessary update.
Delta Electronics DIAScreen (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution.
Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Corporation Equipment: GOT Mobile Function on GOT2000 Series and GT SoftGOT2000 Vulnerabilities: Authentication Bypass by Spoofing, Improper Restriction of Rendered UI Layers or Frames 2.
Baicells Nova (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baicells Technologies Equipment: Nova Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands.
Delta Electronics DVW-W02W2-E2 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Public exploit available/exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DVW-W02W2-E2 Vulnerabilities: OS Command Injection 2.
Delta Electronics DX-2100-L1-CN (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Public exploits available/exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DX-2100-L1-CN Vulnerabilities: OS Command Injection, Cross-site Scripting 2.
Mitsubishi Electric GT SoftGOT2000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GT SoftGOT2000 Vulnerabilities: Infinite Loop, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create a denial-of-service condition or enable arbitrary code execution.
Trends
The Top Security Priorities in 2023, According to Info-Tech Research Group (PR Newswire) Although ransomware campaigns declined quarter over quarter in 2022, primarily due to the collapse of more experienced cybercriminal groups, IT...
Security Priorities 2023 (Info-Tech) Each organization is different, so a generic list of security priorities will not be applicable to every organization. Use this report to help...
Cybersecurity Budgets Are Going Up. So Why Aren't Breaches Going Down? (The Hacker News) Stay ahead of the game with top-notch cybersecurity measures. The attacks may be becoming more severe, but so are our defenses.
Marketplace
Cyren Announces Global Reduction in Force; Liquidity Challenges (Cyren) Cyren (NASDAQ:CYRN), a provider of inbox security and threat detection solutions, today announced that, in response to current market conditions and associated challenges with raising additional capital, the Company approved a plan to reduce its workforce by approximately 121 employees, representing substantially all of the Company's workforce.
GIC-Backed Chainalysis Cuts Jobs in Latest Crypto Layoffs (Bloomberg) Layoffs affect less than 5% of the GIC-backed firm’s staff. Teams will be built out under refocused strategy: spokesperson.
TikTok’s Transparency Campaign Echoes Effort by Huawei to Ease Security Concerns (Wall Street Journal) The Chinese-owned app is opening testing centers and promising access to core technology, similar to largely unsuccessful tactics used by the telecom giant.
Earnings Tracker: Takeaways From Apple, Amazon and This Week's Other Results (Wall Street Journal) Apple and Amazon reported their latest quarterly results after the close on Thursday, as did Google parent company Alphabet. Shares of all three tech giants fell soon after. Read up on how they did:
[Apple Sales Shrink as Covid Disruptions in China Slow Production](https://www.wsj.com
Twitter to end free access to its API in Elon Musk's latest monetization push (TechCrunch) Twitter will discontinue offering free access to the Twitter API starting February 9 and will launch a paid version.
Apple reports first quarter results (Apple Newsroom ) Apple today announced financial results for its fiscal 2023 first quarter ended December 31, 2022.
Alphabet Announces Fourth Quarter and Fiscal Year 2022 Results (Alphabet) Alphabet Inc. (NASDAQ: GOOG, GOOGL) today announced financial results for the quarter and fiscal year ended December 31, 2022.
Google suffered 'pullback' in ad spending over holidays, Alphabet stock falls after earnings (MarketWatch) Alphabet Inc.'s stock slipped nearly 5% in extended trading Thursday after the tech giant missed slightly on revenue and earnings in ho-hum quarterly results.
Alphabet Misses Q4 Earnings Estimates, YouTube Ad Revenue Drops by Nearly 8% (Variety) Alphabet, parent company of Google and YouTube, turned in fourth-quarter 2022 earnings that missed analyst estimates, as YouTube’s ad revenue again suffered a year-over-year decline. Overall,…
Amazon.com Announces Fourth Quarter Results (Business Wire) Amazon.com, Inc. (NASDAQ: AMZN) today announced financial results for its fourth quarter ended December 31, 2022. Fourth Quarter 2022 Net sales increa
Qualcomm revenue falls 12%, guidance implies more pain this quarter (CNBC) Qualcomm saw weakness in mobile handset performance, and the chipmaker sees a sharper revenue decline coming in the quarter ahead.
Sony Raises Outlook on Strong PlayStation 5 Momentum (Bloomberg) PlayStation 5 console sales hit 7.1 million in holiday quarter. Premium image sensors softened blow of weak smartphone demand.
Winners announced for the 2022 Infosec Excellence Client Award Program (Infosec) Ten clients were recognized in the 2022 Infosec Excellence Awards Program.
Lumen Reshaping Executive Leadership Team to Drive Simplification, Customer Obsession (PR Newswire) To serve customers better and best position the company for growth, Lumen Technologies (NYSE: LUMN) is making changes to its executive...
Products, Services, and Solutions
Corvus Supercharges Cyber Underwriters with Corvus Risk Navigator™ (Business Wire) Corvus Insurance, the leading provider of Smart Cyber Insurance® products powered by AI-driven risk data, announced today its all-in-one cyber underwr
Dashlane's Mobile Code Now Publicly Available (Dashlane Blog) The Dashlane Android and iOS application code is now publicly available under a Creative Commons Attribution-NonCommercial 4.0 license.
DoControl's SaaS Security Platform Is Now Available on the AWS Marketplace (PR Newswire) DoControl, the automated Software-as-a-Service (SaaS) security company, today announced general availability of its no-code SaaS security...
Netwrix 1Secure: New SaaS Auditing Solution Tailored for Managed Service Providers (MSPs) (Netwrix) Netwrix’s new product empowers MSPs to secure and support clients from a single console.
Silverfort launches free identity risk assessment | Silverfort News (Silverfort) Free identity risk assessment provides insight into the identity security gaps and compliance with cyber insurance policies.
Technologies, Techniques, and Standards
Protect data in use with OCI Confidential Computing (Oracle) At Oracle, we’re constantly working to help our customers create a more robust security posture for their compute infrastructure.
Design and Innovation
Microsoft Word gets ChatGPT integration with new ‘Ghostwriter’ third-party add-in (GeekWire) A new Microsoft Word add-in queries OpenAI's ChatGPT natural language processing chatbot and puts responses directly into the document.
Whispers of A.I.’s Modular Future (The New Yorker) ChatGPT is in the spotlight, but it’s Whisper—OpenAI’s open-source speech-transcription program—that shows us where machine learning is going.
Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse (SecurityWeek) Since public key encryption is used to secure almost all data in transit, that data will eventually be accessible by anyone with a quantum computer.
Legislation, Policy, and Regulation
How Japan Is Modernizing Its Cybersecurity Policy (Stimson Center) In its new National Security Strategy, Japan includes the development of a posture for information warfare and active cyber defense.
US Cyber Diplomat Calls for Bolstering American Advantage in Global Tech Policy (Nextgov.com) The head of the State Department’s Bureau of Cyberspace and Digital Policy said that a more prominent U.S. focus on tech policy necessitates greater international engagement.
Biden’s cyberspace ambassador wants less anti-China, anti-Russia talk on tech (The Washington Times) President Biden’s cyberspace ambassador is urging Americans to tone down the anti-China and anti-Russia tough talk on tech in hopes of establishing better relations with nations that have not yet picked a side.
A new bill would ban anyone under 16 from using social media (Washington Post) The movement to keep kids off social media altogether
The Push for New Healthcare Sector Cybersecurity Legislation (Bank Info Security) Virginia Democratic Sen. Mark Warner, who chairs the Senate Select Committee on Intelligence, says he hopes to gather support for new bipartisan legislation this
A Closeup Look At Texas Data Privacy Laws (Security Boulevard) Every state has its own parameters when it comes to data privacy, cybersecurity, and breach notification. But Texas? Yeah, don’t mess with it. (I know, I went there…) Understanding the laws that regulate student data privacy is an important part of managing data at your school district. That’s why we’re here to help you out. The post A Closeup Look At Texas Data Privacy Laws appeared first on ManagedMethods.
Litigation, Investigation, and Law Enforcement
FBI Seeks Information on ION Hack That Disrupted Derivatives (Bloomberg) US agency joins UK regulators in reviewing the cyberattack. ION told clients it won’t be fully operational until Feb. 5.
Coinbase wins dismissal of lawsuit claiming it sold tokens illegally (Reuters) A U.S. judge on Wednesday dismissed a proposed class action lawsuit by Coinbase Global Inc customers who accused the cryptocurrency exchange of selling unregistered securities and failing to register as a broker-dealer.
Former Ubiquiti dev pleads guilty to trying to extort his employer (BleepingComputer) Nickolas Sharp, a former Ubiquiti employee who managed the networking device maker's cloud team, pled guilty today to stealing gigabytes worth of files from Ubiquiti's network and trying to extort his employer while posing as an anonymous hacker and a whistleblower.
Data Breach Class Claims Against LendingTree Sent to Arbitrator (Bloomberg Law) Allegations that LendingTree LLC negligently failed to protect users’ financial information in connection with a February 2022 data breach should be heard by an arbitrator, a federal magistrate judge said.
Hope College faces new lawsuit over data breach (FOX 17 West Michigan News (WXMI)) Another class-action lawsuit has been filed against Hope College over their response to a large data breach that was discovered in the fall.
WSJ News Exclusive | FBI to Search Mike Pence’s Home for Additional Classified Materials (Wall Street Journal) The Justice Department is in talks with former vice president’s legal team about scheduling search, say people familiar with the matter.