Dateline Moscow and Kyiv: Rectification of names.
Ukraine at D+348: Preparing for the first anniversary of the invasion. (CyberWire) Russia moves conscripts to assembly areas, and a dark web souk appears on Moscow's electronic billboards.
Russia-Ukraine war live: Moscow repeats warning that Nato countries supplying Kyiv with arms risks ‘unpredictable escalation’ (the Guardian) Russian defence minister accuses Nato of trying to ‘prolong the conflict’
Ukraine Warns Russia Is Planning Major Offensive (Wall Street Journal) Kyiv says Russia is amassing troops and getting ready for a new push along the eastern front. This comes amid a signal that Ukraine may reshuffle in its military leadership following a corruption scandal.
Russia-Ukraine war: Wagner founder challenges Zelensky to a dogfight for control of Bakhmut (The Telegraph) The founder of Russia’s notorious Wagner mercenary group challenged Volodymyr Zelensky to a dogfight on Monday for the control of Bakhmut, as Ukraine braced for a renewed Russian offensive.
Ukraine releases video appearing to show Russian troops beating own wounded officer (the Guardian) Footage thought to show Wagner group fighters beating commander with what appear to be shovelsWarning: video contains footage that some viewers may find distressing
Austria’s About to Give Russia a Soapbox at the OSCE (Foreign Policy) Vienna will allow sanctioned Russian parliamentarians to attend the next big security meeting on the anniversary of Russia’s invasion of Ukraine.
Perspectives on Ukraine and the Russian Invasion (Global ECCO) Dr. Douglas Borer, Department of Defense Analysis at the US Naval Postgraduate School, asked Dr. Myerson some questions about the causes of the Russian war against Ukraine, the role of allies in Ukraine’s defense, and his perspective on how the war might end.
How Russia Decides to Go Nuclear (Foreign Affairs) Deciphering the way Moscow handles its ultimate weapon.
U.S. Leadership on Ukraine Is Increasing European Dependence (World Politics Review) Unwillingly and unintentionally, US leadership on Ukraine war policy is increasing Europe’s dependence. That could be a problem.
American conservatives are right behind Ukraine – but they want a better strategy than Biden’s (The Telegraph) The White House has been reactive, often only moving after significant Congressional and international pressure
Japan’s Long-Awaited Return to Geopolitics (Foreign Policy) Tokyo’s abandonment of its post-1945 security stance is another fallout from Russia’s war.
Analysis: Swiss neutrality on the line as arms-for-Ukraine debate heats up (Reuters) Switzerland is close to breaking with centuries of tradition as a neutral state, as a pro-Ukraine shift in the public and political mood puts pressure on the government to end a ban on exports of Swiss weapons to war zones.
The Deeper Reason Netanyahu Won’t Arm Ukraine Against Russia (Foreign Policy) Jerusalem’s ties to Moscow are partly about security. They’re also about illiberalism.
The Ukraine war is fuelling and obscuring cyberattacks (The National) The fighting is dominating the attention that might otherwise be given over to understanding the links between online threats and modern warfare
Darknet drug market BlackSprut openly advertises on billboards in Moscow (The Record from Recorded Future News) It's unclear why BlackSprut was able to buy the Moscow billboard space, but Russia is known for some permissiveness toward darknet groups.
Inside Safe City, Moscow’s AI Surveillance Dystopia (WIRED) Moscow promised residents lower crime rates through an expansive smart city project. Then Vladimir Putin invaded Ukraine.
Russia ends disclosure rules for officials, citing wartime secrecy needs (Washington Post) In the latest indication of expanded state secrecy in wartime Russia, President Vladimir Putin on Monday signed legislation that will exempt Russian lawmakers from a previous requirement that they disclose details of their income, expenses and property.
Russian Deficit Soars to $25 Billion on War Spending, Oil Embargo (Wall Street Journal) The government’s budget recorded its deepest deficit to start the year in more than a decade.
Attacks, Threats, and Vulnerabilities
Foreign states already using ChatGPT maliciously, UK IT leaders believe (CSO Online) Most UK IT leaders are concerned about malicious use of ChatGPT as research shows how its capabilities can significantly enhance phishing and BEC scams.
Ransomware Hits Unpatched VMware Systems: 'Send Money Within 3 Days' (Virtualization Review) Users who neglected to install security patches issued by VMware two years ago are now being hit by a big ransomware attack wave.
Massive ransomware attack targets VMware ESXi servers worldwide (CSO Online) Cybersecurity agencies globally — including in Italy, France, the US and Singapore — have issued alerts about a ransomware attack targeting the VMware ESXi hypervisor.
CISA steps up to help VMware ESXi ransomware victims (SC Media) CISA says any organization experiencing a cybersecurity incident tied to VMware ransomware campaigns should immediately report it to CISA or the FBI.
‘Massive’ new ESXiArgs ransomware campaign has compromised thousands of victims (The Record from Recorded Future News) Thousands of servers running an unpatched version of VMware's ESXi product are vulnerable to ESXiArgs ransomware, researchers say.
GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry (The Hacker News) South Korean and American e-commerce industries have been targeted by a GuLoader malware campaign.
Polygraph: Click Fraud Scammers Are Targeting Pay-Per-Click Affiliate Schemes (GlobeNewswire News Room) Pay-per-click affiliate schemes are vulnerable to sophisticated click fraud techniques....
Hackers hit Vesuvius, UK engineering company shuts down affected systems (Graham Cluley) Vesuvius, the London Stock Exchange-listed molten metal flow engineering company, says it has shut down some of its IT systems after being hit by a cyber attack.
British steel industry supplier Vesuvius ‘currently managing cyber incident’ (The Record from Recorded Future News) Vesuvius Plc confirmed that the incident “involved unauthorized access to our systems,” but it did not provide further details.
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419) (Rapid7) Through the course of routine security testing and analysis, Rapid7 has discovered several issues in on-premises installations of open source and freemium Document Management System (DMS) offerings from four vendors. While all of the discovered issues are instances of CWE-79: Improper Neutralization of Input During Web Page Generation, in this disclosure, we have ordered them from most severe to least.
CyRC special report: Secure apps? Don’t bet on it (Application Security Blog) The Cybersecurity Research Center conducted a security analysis of the 10 most popular Android sports and betting apps.
Highmark Health Suffers Phishing Attack, 300K Individuals Impacted (Health IT Security) Highmark Health notified 300,000 individuals of a phishing attack that potentially compromised protected health information.
Cybersecurity Incident Under Investigation in Berkeley County Schools - 19,000 Students Have Day Off (WV MetroNews) More than 19,000 students got the day out of school in Berkeley County on Monday (February 06), but it was a workday for staff. This after a cybersecurity incident in the district Friday. Berkeley County Schools sent out a message saying they are investigating the “cause and scope.”
West Virginia students returning to class after days-long outage following cyberattack (The Record from Recorded Future News) Nearly 20,000 students in West Virginia were forced to miss classes on Monday due to a cyberattack that crippled their school.
MTU close Cork campuses after a 'significant' IT breach (Cork Beo) All full-time and part-time classes have been cancelled
Trends
Cybercrime Shows No Signs of Slowing Down (Dark Reading) Look for recent trends in attacks, strategies, and vulnerabilities to continue gaining steam throughout 2023.
Cyber Apocalypse 2023: Is The World Heading For A ‘Catastrophic’ Event? (Forbes) According to the 2023 Global Cybersecurity Outlook from the World Economic Forum, the world is facing more and potentially catastrophic cyber-attacks. Here, we explore what that means.
Blog | Permiso 2022 - End of Year Observations () The Permiso p0 labs team provides an overview of what they have observed from the front lines of cloud attacks over 2022, and where they expect cloud attacks to head next!
DataDome’s Inaugural E-Commerce Holiday Bot & Online Fraud Report Reveals the US as the Top Source of Bot Attacks (DataDome) Study finds US generated 10 times the number of bot attacks compared to China, the second highest source during the 2022 holiday season.
State of the Cloud 2023 (Wiz) The Wiz Threat Research team looks back on the past year to highlight trends and the state of cloud usage based on visibility across our customer base.
Marketplace
IronNet Signs Contract to Enhance Cybersecurity of U.S. Navy’s Naval Sea Systems Command (NAVSEA) Following Successful Pilot Program (Business Wire) Agreement addresses cyber threats against the Defense Industrial Base (DIB) by using the IronNet Collective Defense℠ Platform to improve threat visibility and anonymized intelligence sharing
Bitwarden Boosts FIDO Alliance Membership (Business Wire) Bitwarden, the leading open source password manager trusted by millions, today announced that it has expanded its partnership in the FIDO Alliance, an
Netsurion CRO John Addeo Honored on 2023 CRN Channel Chiefs List (GlobeNewswire News Room) Netsurion, a leading provider of managed XDR, today announced that CRN®, a brand of The Channel...
Sumo Logic SVP of Global Partners and Alliances Named as a 2023 CRN Channel Chief (GlobeNewswire News Room) Sumo Logic (NASDAQ: SUMO), the SaaS analytics platform to enable reliable and secure cloud-native...
Aqua Security’s Jeannette Lee Heung Named a 2023 CRN Channel Chief (GlobeNewswire News Room) Lee Heung was behind the Aqua Advantage partner program launch driving a surge in channel revenue...
Axis Channel Leader Nicholas Mirizzi Receives 2023 CRN Channel Chief Honor (PR Newswire) Axis, the leading innovator in Security Service Edge, today announced that CRN®, a brand of The Channel Company, has recognized Nicholas...
Jamie Hawkins of DH2i Honored as a 2023 CRN Channel Chief (DH2I) Recognized for Dedication, Innovative Strategies, and Programs That Have Driven Partner Success
Brillio Appoints Navneet Narula to Lead Global Banking and Financial Services Unit (CXOToday.com) Industry veteran tapped to turbocharge company’s burgeoning BFSI vertical Brillio, a leading digital transformation services and solutions provider
Moti Gindi, Former CVP of Security Products at Microsoft, Joins Apiiro as Chief Product Officer (GlobeNewswire News Room) Moti, who built Microsoft Defender into a multi-billion dollar business, joins Apiiro to scale the growing business...
Folio Photonics Expands Engineering Leadership Team with the Appointment of Greg Kittilson as Vice President of Engineering (Business Wire) Announces Great Leap Forward with Newly Patented Systems and Methods for Increasing Data Rate and Storage Density in Multi-Layer Optical Discs
Products, Services, and Solutions
Cognni Launches AI-Powered Automated Infosec Risk Assessment Product (GlobeNewswire News Room) The new risk-assessment tool can scan all the data held by an organization in minutes and provide a detailed report on risks and the mitigation measures...
Cequence Security Enhances API Security Testing Capabilities (Business Wire) Cequence Security, the leading provider of Unified API Protection, today announced it has enhanced the testing capabilities within its Unified API Pro
Keyfactor Global Channel Program Hits New Milestones as Businesses Prioritize Machine Identity Management (Business Wire) Keyfactor appoints Michael de Paris as VP of EMEA Channels; SVP of Global Channel Joe Tong named to 2023 CRN Channel Chief List.
Cadien Cyber Response Launches to Deliver Incident Response & Complex Digital Forensics Services (Dark Reading) Cadien Cyber Response, a US-based incident response and complex digital forensics firm, formally launched operations today and unveiled its team of leading industry and government cyber experts focused on reactive services.
Baffle Makes Multi-Tenant Data Security for SaaS Providers Even Easier (GlobeNewswire News Room) Record-level Encryption Isolates Customer Data; BYOK Gives Customers Complete Control
How Parallel Loop Empowers Torq Users to Rapidly Automate Bulk Data Processing Up to 10x (Torq) Torq is proud to introduce Parallel Loop, a new capability that enables users to process bulk data from myriad security tools with unprecedented ease. It also provides the power of orchestration like no other automation tool in the security automation industry with true parallelism. That means multiple tasks can be run simultaneously, and optionally, on […]
Snyk Achieves FedRAMP “In Process” Milestone (GlobeNewswire News Room) With Expected FedRAMP Authorization, Snyk to Address Crucial Need for Developer Security in Public Sector
Coalfire Compliance Essentials Optimized for Automated Evidence Collection (PR Newswire) Global cybersecurity pioneer Coalfire announced today major innovations to its Compliance Essentials solution, including advanced automated...
Deepwatch Advances SecOps Platform to Detect and Contain Identity Threats (Business Wire) Introduces Managed Extended Detection and Response (MXDR) for Rapid Containment of Identity Compromise
Technologies, Techniques, and Standards
Agencies Seek Public Input on Updates to Guiding Plan for Cyber R&D (Nextgov.com) The document is updated once every four years.
How Artificial Intelligence is Changing the Spy Game (SpyCast) Mike Susong (Website, LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss the impact and potential of AI on the intelligence field. Mike is a former CIA case officer who now oversees global intelligence for a risk management company.
Why Crowdsourced Security is Devastating to Threat Actors (Security Intelligence) See how crowdsourcing security is an effective tool against phishing and other cyber threats.
How to deal with sneaky spear phishing- and more - on Safer Internet Day (WatchGuard Technologies) In support of a safer Internet for all here are some insights on today’s most prevalent threats and what you can do to stay cyber secure. Follow our tips and protect yourself and your business.
Design and Innovation
Microsoft announces surprise event for tomorrow with Bing ChatGPT expected (The Verge) Microsoft won’t be streaming this event, though.
The Race to Build a ChatGPT-Powered Search Engine (WIRED) A search bot you converse with could make finding answers easier—if it doesn’t tell fibs. Microsoft, Google, Baidu, and others are working on it.
Google has unveiled its ChatGPT rival and is promising its will offer AI-powered search 'soon' (Silicon Valley Business Journal) Google is following through on CEO Sundar Pichai's promise last week to open up it AI tools to the public.
Google launches ChatGPT rival called Bard (BBC) Google is launching an Artificial Intelligence (AI) powered chatbot called Bard to rival ChatGPT.
Google Releases ChatGPT Rival AI ‘Bard’ to Early Testers (Bloomberg) Microsoft expected to announce ChatGPT integration into Bing search engine
Academia
The SANS Institute Reopens HBCU Cyber Academy Application Window to Address Growing Need for Cybersecurity Professionals (PR Newswire) The SANS Institute is proud to announce the reopening of the HBCU Cyber Academy application window from February 1, 2023 to March 1, 2023. The...
Legislation, Policy, and Regulation
Chinese hacking probably outweighs balloon, experts say (Washington Post) Don’t forget about Chinese hackers
Quad Joint Statement on Cooperation to Promote Responsible Cyber Habits (The White House) We the Quad partners of Australia, India, Japan, and the United States are launching a public campaign to improve cyber security across our nations: the
Wikipedia unblocked in Pakistan after Prime Minister's intervention (TechCrunch) Pakistan has unblocked Wikipedia in the South Asian market, three days after the online encyclopedia was censored in the nation.
What CISOs need to know about the renewal of FISA Section 702 (CSO Online) Section 702 of the Foreign Intelligence Surveillance Act sets out the rules for the US intelligence community around gathering information abroad—but is it inadvertently being used at home too?
Let Section 230 Stay (The Information) Gonzalez v. Google, which the Supreme Court will hear this month, is the culmination of years of litigation. The action—a consolidation of lawsuits filed against Google, Twitter and Facebook—attempts to hold these platforms liable for their automated recommendation of content to users. Social ...
Biden taps experts in threat intel, networking and satellite cybersecurity for telecom advisory board (SC Media) The Biden administration appointed new leaders for the National Security Telecommunications Advisory Council, while adding a number of other notable tech and cybersecurity executives.
Litigation, Investigation, and Law Enforcement
China’s tech weapons roll in to quell demonstrations, identify protesters (The Record from Recorded Future News) At a time when an errant spy balloon has raised new questions about President Xi Jinping’s absolute control over all things Chinese, we take a look at how his regime quelled last year’s Covid protests and how an arsenal of digital weapons helped tighten his grip on power.
U.S. senators question Meta over Chinese, Russian access to Facebook data -statement (Reuters) A bipartisan pair of U.S. senators said on Monday they had sent a letter to Meta CEO Mark Zuckerberg questioning the company about documents that they say reveal that Facebook developers in China and Russia had access to user data.
Police hacked Exclu 'secure' message platform to snoop on criminals (BleepingComputer) The Dutch police announced on Friday that they dismantled the Exclu encrypted communications platform after hacking into the service to monitor the activities of criminal organizations.
Finnish psychotherapy extortion suspect arrested in France (Naked Security) Company transcribed ultra-personal conversations, didn’t secure them. Criminal stole them, then extorted thousands of vulnerable patients.
How Sam Bankman-Fried’s Psychiatrist Became a Key Player at Crypto Exchange FTX (Wall Street Journal) Hired as a coach at the crypto exchange, George Lerner was there for its dramatic downfall.
Politie leest opnieuw mee met criminelen (Politie) De politie en het Openbaar Ministerie in Nederland zijn er opnieuw in geslaagd toegang te krijgen tot data van een cryptocommunicatiedienst van criminelen en de afgelopen vijf maanden hun…
Eurocops shut down Exclu encrypted messaging app (Register) German and Dutch authorities say the app was a favorite of organized criminals and drug smugglers