Dateline
Ukraine at D+355: A war of attrition, with cyber ops on the side. (CyberWire) A war of attrition continues around Bakhmut.
Himars strike wipes out Russian separatists’ HQ in strategic Ukrainian town (The Telegraph) Attack delivers blow to Kremlin’s hopes of capturing Vuhledar as it ‘loses 5,000-strong elite brigade’ in attempts to take it
Guided Missile Killed U.S. Aid Worker in Ukraine, Video Shows (New York Times) A Times analysis suggests that an intentional strike, not an indiscriminate attack, most likely killed Pete Reed. It is unclear whether the attackers knew he was with a group of aid workers.
Ukraine Faces Painful Choice as Russia Tightens Chokehold on Bakhmut (Wall Street Journal) Ukraine is seeking to degrade Russian forces advancing in costly house-by-house assaults and buy time until more and better Western weaponry arrives. The dilemma is how long to hang on before withdrawing to preserve lives.
Watch: Dramatic video appears to show heavy losses among Russian armored formations (CNN) The eastern front has seen some of the heaviest fightings in Ukraine. Ukrainian and Russian sources say that the Russian mechanized brigade trying to push through the town of Vuhledar saw significant losses recently. CNN's David McKenzie has more.
Russia planned coup in pro-West Moldova, president says (Washington Post) Russia planned to topple Moldova’s pro-West government by fomenting violence through foreign actors and internal criminal groups, Moldova’s President Maia Sandu said Monday.
Ukraine-Russia war latest: US tells citizens to leave Russia 'immediately' (The Telegraph) The United States has told its citizens to leave Russia "immediately" amid heightened fears of a Russian offensive in Ukraine.
Ukraine Has the Battlefield Edge (The Atlantic) Russia’s mobilization has given it a numerical advantage, but wars are not won by manpower alone.
When will the war in Ukraine end? Experts offer their predictions. (Defense News) First were the helmets, then the Leopard tanks. The evolving approach of sending aid to Ukraine fits a conflict as fluid as it is unpredictable.
Russians abandon wartime Russia in historic exodus (Washington Post) As Russian troops stormed into Ukraine last February, sending millions of Ukrainians fleeing for their lives, thousands of Russians also raced to pack their bags and leave home, fearing the Kremlin would shut the borders and impose martial law.
U.S. tells Ukraine it won’t send long-range missiles because it has few to spare (POLITICO) The Biden administration wants to ensure it has enough ATACMS for the U.S. military.
US To Allocate USD 60 Million To Strengthen Cybersecurity In Ukraine (Ukrainian News) The U.S. Agency for International Development (USAID) will allocate USD 60 million to strengthen cybersecurity in Ukraine.
What Happened to #OpRussia? (Dark Reading) The cyberwar to attack Russia has never really stopped, despite a decreasing interest from the West.
Russian hackers ‘disrupt Turkey-Syria earthquake aid’ in cyber attack on Nato (The Independent) The Killnet group reportedly claimed responsibility
Killnet DDoS attacks disrupt Nato websites (ComputerWeekly.com) A series of distributed denial of service attacks on various publice websites belonging to the Nato alliance were largely repelled but some resources remain unavailable
Russian Hackers Disrupt NATO Earthquake Relief Operations (Dark Reading) Killnet claims DDoS attack against NATO Special Operations Headquarters, Strategic Airlift Capability, and more.
Russian-linked malware was close to putting U.S. electric, gas facilities ‘offline’ last year (POLITICO) The malware was targeted at around a dozen U.S. facilities in the weeks after the invasion of Ukraine.
The Lessons From Cyberwar, Cyber-in-War and Ukraine (SecurityWeek) SecurityWeek looks at the use of cyber in the years leading to the kinetic war, and the use of cyber technology on the modern battlefield
British embassy spy 'foiled by MI5 agent posing as Russian intelligence officer' (The Telegraph) David Smith caught in sting after leaking details about UK agents to Moscow, court told
Pregnant Russian women are flying to Argentina looking for citizenship (Quartz) The Argentian government is cracking down on 'birth tourism' as Russians take advantage of visa-free travel
Attacks, Threats, and Vulnerabilities
Has a Sanctioned Bitcoin Mixer Been Resurrected to Aid North Korea’s Lazarus Group? (Elliptic Connect) Elliptic analysis indicates that sanctioned Blender is highly likely to have re-launched as Sinbad, which has laundered nearly $100 million in Bitcoin from Lazarus Group hacks. Read more.
North Koreans Adopt New Crypto Mixer After Sanctions, Firm Says (Bloomberg Law) Hackers affiliated with the North Korean government have a new tool to launder stolen virtual currency, according to crypto tracing firm Elliptic Enterprises Ltd.
Sanctioned cryptocurrency tool appears to reemerge under new name (Washington Post) Punished crypto mixer allegedly sets sail under new moniker — Sinbad
Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack (The Cloudflare Blog) This was a weekend of record-breaking DDoS attacks. Over the weekend, Cloudflare detected and mitigated dozens of hyper-volumetric DDoS attacks. The majority of attacks peaked in the ballpark of 50-70 million requests per second (rps) with the largest exceeding 71 million rps
Cloudflare blocks record-breaking 71 million RPS DDoS attack (BleepingComputer) This weekend, Cloudflare blocked what it describes as the largest volumetric distributed denial-of-service (DDoS) attack to date.
Cloudflare says it stopped largest DDoS attack on record (The Record from Recorded Future News) Cloudflare said that over the weekend it detected and mitigated the largest distributed denial-of-service (DDoS) attack ever recorded.
Nice Try Tonto Team (Group-IB) How a nation-state APT attempted to attack Group-IB
Cybersecurity Firm Group-IB Repeatedly Targeted by Chinese APT (SecurityWeek) Cybersecurity company Group-IB claims it was repeatedly targeted by a Chinese APT called Tonto Team, CactusPete, and Karma Panda.
Chinese Hackers Keep Targeting Group-IB Cybersecurity Firm (HackRead) An APT group known as Tonto Team has tried targeting the Singapore-based Group-IB cybersecurity firm for the second time.
Fool’s Gold: dissecting a fake gold market pig-butchering scam (Sophos News) Scammers use counterfeit bank website, hijacked legitimate app to defraud and steal identifying information.
Crypto scam aimed at online acquaintances costs victims billions (Washington Post) Despite the fraud’s growth, federal law enforcement and major crypto exchanges appear to be behind in cracking down
Pig Butchering Scams Are Evolving Fast (WIRED) Investment schemes are ensnaring victims with increasingly compelling narratives and believable tech.
'You Feel So Violated': Streamer QTCinderella Is Speaking Out Against Deepfake Porn Harassment (Vice) After Atrioc was caught buying non-consensual, pornographic deepfakes of fellow Twitch streamers, the abuse against women targeted has been endless.
Pepsi Bottling Ventures suffers data breach after malware attack (BleepingComputer) Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems.
Data breach hits Pepsi Bottling Ventures (Computing) Pepsi Bottling Ventures, which is part-owned by PepsiCo, has disclosed a data breach caused by a network intrusion, which led to the installation of data-stealing malware and exfiltration of personal and financial information from the company's IT systems.
Hackers attack Israel’s Technion University, demand over $1.7 million in ransom (ARN) A new group called DarkBit has claimed responsibility for the ransomware attack and demanded that the ransom of 80 Bitcoins be paid within the next 48 hours.
Israel's top tech university postpones exams after ransomware attack (The Record from Recorded Future News) Hackers from a previously unknown group called DarkBit demanded about $1.7 million from the Technion technical university.
Cryptocurrency scam uses thousands of YouTube videos to connect with victims (News Powered by Cision) WithSecure™ researchers discover a network of videos, channels, and fraudulent web-apps that
Technical Advisory: Immediately Patch Your VMware ESXi Servers Targeted by Opportunistic Threat Actors (Bitdefender) Last week, unknown threat actors started targeting, VMware ESXi using CVE-2021-21974, a pre-authorization remote code execution vulnerability.
Namecheap denies system breach after email service used to spread phishing scams (The Record from Recorded Future News) Domain name registrar and web hosting company Namecheap denied that its systems were breached after several customers received scam emails.
Changing Leaders? You May Be a Target of Hackers (Wall Street Journal) Research suggests that when companies have turnover at the top, they are more vulnerable to cyberattacks.
What’s love got to do with it? 4 in 5 Valentine’s Day-themed spam emails are scams, Bitdefender Antispam Lab warns (Hot for Security) In cybersecurity, Valentine’s Day always heralds one thing: a scam wave washing
across the digital landscape.
For a former ‘Yahoo Boy,’ romance is a cut-and-paste proposition (The Record from Recorded Future News) In a special Valentine’s Day episode, we look at the evolution of romance scams. They aren’t just about bilking lonely people out of their life savings anymore – scammers have diversified, and they’re making victims accomplices in a roster of cyber crimes from email scams and check fraud to money laundering.
Reports: T-Mobile users experience service outages across US (AP NEWS) Customers of wireless provider T-Mobile US Inc. reported widespread service outages in the U.S. late Monday, according to websites tracking service interruptions. Posts on Downdetector.com and Product-Reviews.net indicated T-Mobile service outages in multiple areas of the country.
T-Mobile went down across the US (Quartz) Some T-Mobile subscribers reported that they could not even connect to emergency numbers
LockBit deadline passes, no Royal Mail data appears (Computing) Royal Mail data stolen in a cyberattack last month, claimed by the LockBit ransomware gang, has not been made public despite the gang's payment deadline passing.
Bridgewater-Raritan Schools Data Breach Exposes Personal Info (GovTech) A New Jersey school district has offered employees free membership to identity monitoring services after discovering a hacker in December gained access to social security numbers and insurance enrollment information.
Indigo Books still recovering from cyber attack (IT World Canada) Canadian bookstore chain Indigo is still dealing with last week's cyber attack. This morning, the company's website was still offline. Stores were open but some were having trouble: Shoppers at the Indigo store in Toronto's Yorkdale mall were told on Saturday that the point of sales stations on the main floor weren't working and they
Trends
2022 ICS/OT Cybersecurity Year in Review Executive Summary (Dragos) Know your threats and benchmark your cybersecurity posture with highlights from our annual ICS/OT report. Download now →
Global Perspectives on Threat Intelligence Report (Mandiant) Global Perspectives on Threat Intelligence Report. This report offers insight into how organizations are navigating the global cyber security threat landscape.
Majority of Firms Make Cybersecurity Decisions Without Attacker Insight (Infosecurity Magazine) Cybersecurity experts believe senior leadership teams underestimate cyber-threats
Are US Data Brokers Able to Protect the Personal Information They Deal In? [2023] (Incogni Blog) Incogni’s researchers analyzed 506 registered, US-based data brokers and found that 23 (4.5%) of these companies have suffered data breaches. They examined
Marketplace
It’s No Lie: Startups Fighting Disinformation Are Raking In Cash (Crunchbase News) Innovators believe tech will play a major part in mitigating the spread of misinformation. It appears venture backers are on board as well.
Accenture Acquires Morphus, Brazil-Based Cybersecurity Company (Accenture) Accenture expands its cybersecurity practice in Latin America with 230 skilled cybersecurity professionals from Morphus and a new Cyber Fusion Center in Fortaleza.
Cerberus Sentinel Announces Proposed Public Offering of Common Stock (GlobeNewswire News Room) Cerberus Cyber Sentinel Corporation (“Cerberus Sentinel” or the “Company”)...
Zscaler Announces Industry-First, Integrated SaaS Supply Chain Security Capabilities with the Acquisition of Canonic Security (GlobeNewswire News Room) New Capabilities Further Expand the Zscaler Zero Trust Exchange™Data Protection Set of Services Enabling Enterprises to Protect Data Being Accessed Through...
Palantir expects 2023 to be first profitable year, shares soar (Reuters) Palantir Technologies on Monday forecast its first profitable year and said it had slowed hiring, cut stock-based payouts and reduced cloud computing investments in response to lower spending from recession-wary businesses.
Palantir CEO Alex Karp Touts Profitability, Artificial Intelligence Advantage, Acquisition Interest Following Q4 Earnings - Palantir Technologies (NYSE:PLTR) (Benzinga) Palantir Technologies Inc (NYSE: PLTR) shares soared in Monday's after-hours session as the data software company's surprise leap into profitability outshined its poor guidance.
Secureworks announces layoffs for almost ten per cent of staff (CRN) The Dell Technologies majority-owned group said it’s 'shifting investments' to growth areas such as its Taegis platform
SAP is laying off 224 Bay Area employees (Silicon Valley Business Journal) Two weeks after the company announced it would be laying off 2.5% of its workforce, it unveiled just how many it would cut in the Bay Area.
Microsoft’s LinkedIn Lays Off Staff Amid Hiring Slowdown (The Information) Microsoft-owned LinkedIn laid off staff in its recruiting department on Monday, the company confirmed to The Information, the latest sign of how Microsoft’s layoffs are rippling through the tech giant. Microsoft said earlier this year it would cut 10,000 people across the company this quarter as ...
DirectDefense Promotes Christopher Walcutt to Chief Security Officer (DirectDefense) DirectDefense, Inc., an information security services company today announced that Christopher Walcutt has been promoted to
Vaultree Appoints Technology Industry Veteran Rinki Sethi to Its Board of Directors (Business Wire) Vaultree, the Data-In-Use Encryption leader, today announced the appointment of Rinki Sethi to the company's board of directors.
Products, Services, and Solutions
Telos Corporation Receives $32.5 Million U.S. Air Force Contract for Defensive Cyber Operations Support (GlobeNewswire News Room) Telos Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for...
Atlas VPN upgrades its speeds with 10Gbps servers – Global Security Mag Online (Global Security Mag Online) Atlas VPN upgrades its speeds with 10Gbps servers
Toshiba Brings SQBM+™, its Quantum-Inspired Optimization Solution, to AWS Marketplace (Toshiba Digital Solutions) Toshiba Digital Solutions Corporation (TDSL), an industry leader in applying quantum-inspired solutions to complex real-world problems, today announced the launch of "SQBM+ for AWS," a version of its SQBM+ software customized for the AWS Marketplace operated by Amazon Web Services, Inc.
Netwrix Usercube Named a Leader in All Categories of KuppingerCole's Identity Governance and Administration (IGA) Leadership Compass (Netwrix) Netwrix has been recognized as a Product Leader, Innovation Leader, Market Leader and Overall Leader in the IGA market.
KnowBe4 Earns Spots on G2's 2023 Best Software Award Lists (Yahoo) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has been named to G2's 2023 Best Software Awards, placing on both the Best Global Software Companies list and the Best of Security Products list for PhishER. As the world's largest and most trusted software marketplace, G2 is visited by 80 million software buyers each year. Its annual Best Software Awards rank the world's best software companies and products based on authe
Akamai Unveils Akamai Connected Cloud and New Cloud Computing Services (Akamai) Offering a fundamentally different approach to cloud that integrates core and distributed computing sites with a massively scaled edge network
ThreatBlockr Enhances Threat Identification and Prevention with Greater Control, Visibility and Flexibility (Business Wire) With these updates, managed service providers can streamline and prioritize alert management for even better protection
EnterpriseDB Raises the Bar for Postgres Security and Compliance with Transparent Data Encryption (GlobeNewswire News Room) Addition of TDE to enterprise-grade Postgres solutions enables IT decision makers to improve critical enterprise data security ...
Veeam Releases NEW Veeam Data Platform to Keep Businesses Running as Ransomware Continues to Increase (Business Wire) 500+ new features and enhancements for Veeam Backup & Replication v12, the foundation of the Veeam Data Platform, including direct-to-object storage backup, trusted immutability, advanced cyber resiliency and unmatched hybrid cloud protection
NeoSystems Unveils NeoSMRT 2.0 to Track CMMC Compliance of Supply Chain (PR Newswire) NeoSystems, a full-service strategic outsourcer, IT systems integrator and managed services provider to the government contracting market,...
At-Bay reveals Google Workspace customers experience 40% fewer security email incidents than average (At-Bay) Insurer ranks industry-leading email security solutions and email solutions based on cyber incident frequencies among businesses
Technologies, Techniques, and Standards
Coming soon: All Coast Guard emails must have a digital signature (MyCG) Why this is happening and what you need to know
Privileged Access Management Survey: User Insights on Cost & Complexity (Keeper® Password Manager & Digital Vault) Download the Privileged Access Management Survey: User Insights on Cost & Complexity to learn how hundreds of IT leaders globally think about PAM.
A Guiding Light in the Dark: How MSSPs Are Using Dark Web Threat Intelligence (Searchlight Cyber) Download the report to learn what we found out from surveying more than 500 MSSPs in the US and UK about dark web threat intelligence.
Design and Innovation
Facial recognition’s latest foe: Italian knitwear (The Record from Recorded Future News) The Italian clothing brand Cap_able makes knitwear with designs that trick facial recognition software into misidentifying humans as animals.
Why you shouldn’t trust AI search engines (MIT Technology Review) Plus: The original startup behind Stable Diffusion has launched a generative AI for video.
News Publishers Are Wary of the Bing Chatbot’s Media Diet (WIRED) Microsoft’s new search interface can serve up key information from articles, removing the need to click—and potentially undermining media business models.
Instagram's sex censorship sweeps up educators, adult stars and sex workers (NBC News) Adult stars and sex workers say Instagram unfairly patrols their accounts while letting celebrities dodge the same rules.
Legislation, Policy, and Regulation
Opinion They clicked once. Then came the dark prisons. (Washington Post) Ms. Perednya was arrested and sentenced to 6½ years in prison. Ms. Shehab was sentenced to 34 years in prison and to a 34-year travel ban. Ms. Krivtsova has been added to a list of terrorists and extremists, charged with discrediting the military and put under house arrest, and she is facing seven years in prison. They all are being punished by despotic regimes for nothing more than posting or reposting something on social media.
India’s Government Wants Total Control of the Internet (WIRED) The Modi administration keeps giving itself new powers, and Big Tech keeps giving in.
The US Government says companies should take more responsibility for cyberattacks. We agree. (Google Online Security Blog) Posted by Kent Walker, President, Global Affairs & Chief Legal Officer, Google & Alphabet and Royal Hansen, Vice President of Engineering fo...
MD lawmakers weigh measure aimed at protecting children online (Maryland Daily Record) Maryland lawmakers plan to lock horns with powerful social media companies as the national debate over internet safety for children moves to the state level.
Litigation, Investigation, and Law Enforcement
Biometrics regulator calls for clarity around police use (Computing) The UK's biometrics and surveillance camera commissioner, Fraser Sampson, has said "clear and comprehensive" rules are needed to control police use of AI and biometrics.
Alleged SIM Swapper Ransomed Instagram Influencer for Dates, Striptease Video (Vice) Amir Hossein Golshan allegedly broke into influencers' Instagram accounts not just for financial gain, but to sextort the victims too.