Dateline
Ukraine at D+357: Combined arms failure. (CyberWire) As the first anniversary of Russia's war approaches, observers take stock of Moscow's cyber campaigns and see them as having fallen short of expectations.
Russia-Ukraine war: List of key events, day 358 (Al Jazeera) As the Russia-Ukraine war enters its 358th day, we take a look at the main developments.
Ukraine-Russia war: Starmer demands 'justice for atrocities' as he meets Zelensky in Kyiv (The Telegraph) Sir Keir Starmer met with Volodymyr Zelensky on Thursday in his first visit to Ukraine since the Russian invasion.
Moscow’s Military Capabilities Are in Question After Failed Battle for Ukrainian City (New York Times) A disastrous Russian assault on Vuhledar, viewed as an opening move in an expected spring offensive, has renewed doubts about Moscow’s ability to sustain a large-scale ground assault.
Ukraine-Russia war:
Six Russian balloons spotted over Kyiv, says Ukraine (The Telegraph) Six Russian balloons were spotted over Kyiv and most were shot down after being engaged by air defences, the Ukrainian capital's military administration said on Wednesday.
Russian Air Force 'Has Lot of Capability Left' One Year On From Ukraine Invasion (Air & Space Forces Magazine) The Russian air force remains largely intact despite its grinding war in Ukraine, according to independent analysis and official comments.
Russian Invasion Changed Security Calculations Worldwide, Austin Says (U.S. Department of Defense) The outcome of Russia's unprovoked war in Ukraine is profoundly important to Ukraine, Europe and all nations of the world, Secretary of Defense Lloyd J. Austin III said at the end of the NATO defense
Your simple guide to a year of Russia’s war in Ukraine (Al Jazeera) Ukraine says a renewed Russian offensive is under way following 12 months of bloodshed.
Spurred by Ukraine war, 18 Western countries plan to share remote sensing data (Breaking Defense) "Russia’s illegal invasion of Ukraine has highlighted the importance of a persistent space surveillance capability," said the United Kingdom, as European nations (and Canada) band together.
NATO vows more ammo and ‘additional capabilities’ to boost Ukraine spring offensive (Breaking Defense) NATO member also agreed on a new ammunition warehousing initiative aimed at supporting the pre-positioning of ammunition, while defense ministers started discussions on increasing defense spending above the decade-old two percent GDP target.
New battle emerges between the West and defence industry as the push continues to help arm Ukraine (The Telegraph) Nato members concede that Western militaries risk running out of the ammunition Kyiv needs, but also protect themselves going forward
NATO must collaborate, be 'smarter' about rebuilding munition stockpiles: Official (Breaking Defense) Patria Group’s CEO, Esa Rautalinko suggested the UAF were using more than 5,000 artillery rounds every day during the conflict — a figure which is more than the annual procurement of some European nations, he claimed.
U.S. focuses on training Ukrainian troops to use less ammo (POLITICO) Western nations are growing concerned over their ability to quickly replenish stocks.
If we can’t send F-16s, let’s send Ukraine our old planes (The Telegraph) The Western powers have plenty of Apache attack helicopters, A10 Thunderbolts and Tucano aircraft that would make a real difference to Kyiv
Ukraine’s Four-Letter War (Puck) As the battle for Ukraine enters its second year, neither side seems willing to negotiate. A source familiar with the Russian posture described Moscow’s opening position as “go fuck yourself.” Another well-informed source said that’s Kyiv’s opener, too.
Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape (Google Threat Analysis Group) One year after the Russian invasion of Ukraine, Google TAG, Mandiant, and Trust & Safety provide insights into changes in the cyber threat landscape triggered by the war.
Russian Hackers Slammed Ukraine After Invasion, Google Says (Bloomberg) NATO members also hit with malicious cyber activity last year
Following the Money: Killnet’s ‘Infinity Forum’ Wooing Likeminded Cybercriminals (Flashpoint) Killnet has created a new illicit forum, called Infinity, that hopes to bridge the gap between hacktivists and cybercriminals.
Unveiling the invisible war: Ukraine suffered 29 state-sponsored cyberattacks in 2022 (Atlas VPN) In recent years, state-sponsored cyberattacks have become a growing concern for governments, businesses, and individuals alike.
Ukraine war shows urgency of military AI, Palantir CEO says (Reuters) Ukraine's effective use of artificial intelligence (AI) to target Russian forces has pushed the technology onto the agenda of military and political leaders around the world, the CEO of U.S. software firm Palantir said on Wednesday.
Attacks, Threats, and Vulnerabilities
WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks (SentinelOne) A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.
WordPress sites backdoored with ad fraud plugin (Malwarebytes) Popunders are the ideal vehicle to serve ad fraud. In this case, we investigate a scheme where a webpage you can't see is loading a bunch of ads while code mimics user activity by scrolling and visiting links.
RedEyes hackers use new malware to steal data from Windows, phones (BleepingComputer) The APT37 threat group (aka 'RedEyes' or 'ScarCruft') has been spotted using a new evasive malware named 'M2RAT' along with steganography to attack specific individuals for intelligence collection.
North Korea's APT37 Targeting Southern Counterpart with New M2RAT Malware (The Hacker News) Cybersecurity experts have linked North Korea's notorious APT37 hacking group to a new malware, dubbed M2RAT, which is targeting South Korea.
ShadowPad attacks targeting South American diplomatic orgs (SC Media) Chinese threat actor DEV-0147 has targeted several South American diplomatic entities with the ShadowPad remote access trojan, also known as PoisonPlug, in a bid to facilitate network infiltration and persistent access, reports The Hacker News.
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (The Hacker News) Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad and QuasarLoader
Chinese Hackers Infiltrate South American Diplomatic Networks (Infosecurity Magazine) The group previously targeted government agencies and think tanks in Asia and Europe
China-based cyberespionage actor seen targeting South America (ARN) Cyberthreat group DEV-0147 is deploying the ShadowPad RAT to hit diplomatic targets in South America, expanding from its traditional attack turf in Asia and Europe, Microsoft says.
Multilingual Executive Impersonation Attacks (Abnormal Intelligence) See how two BEC threat groups use automated translation tools to execute payment fraud and payroll diversion attacks in several languages simultaneously.
Adsense abused: 11,000 sites hacked in a backdoor attack (HackRead) The campaign has been active since September 2022, and the recent surge in website infections was noted in January 2023.
Over 10,000 WordPress websites affected by fake redirect URLs to inflate Google AdSense revenue (TimesNow) Over 10,000 websites have been found to be affected by fake redirect URLs in a bid to inflate Google AdSense revenue. A detailed report by Sucuri, a cybersecurity company sheds light on the numerous websites where malicious URLs and backdoors have been added that redirect visitors to fake and spammy websites with prominent AdSense monetization.
DarkBit Ransomware Targets Israel with Command-Line Options and Optimized Encryption Routines (BlackBerry) A new ransomware group dubbed "DarkBit" has recently appeared on the threat landscape after targeting one of Israel's top research universities, Technion - Israel Institute of Technology (IIT).
Deep Lateral Movement in OT Networks: When is a Perimeter Not a Perimeter (Forescout) This research report is the first systematic study into how attackers can move laterally between different network segments and types of networks at the controller level – Purdue level 1 (L1) – of OT networks.
ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage (SecurityWeek) ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge after deep lateral movement
The return of ICEFALL: Two critical bugs revealed in Schneider Electric tech (The Record from Recorded Future News) Two vulnerabilities affecting tools from Schneider Electric have been disclosed by the researchers behind last year’s “ICEFALL” findings.
Experts Warn of 'Beep' - A New Evasive Malware That Can Fly Under the Radar (The Hacker News) Cybersecurity researchers have discovered a new evasive malware, Beep, which can drop an information stealer onto a compromised host.
ESXiArgs ransomware has infected hundreds of new targets in Europe (The Record from Recorded Future News) More than 500 European organizations are dealing with new infections of the ESXiArgs ransomware, according to Censys.
Give Me Libre or Give Me Dread: The Fleeting Promise of Centralized Illicit Communities (Flashpoint) Libre Forum, an illicit community and potential successor to Dread, is showing the limits—and enduring resiliency—of centralized forums on the dark web.
Hackers start using Havoc post-exploitation framework in attacks (BleepingComputer) Security researchers are seeing threat actors switching to a new and open-source command and control (C2) framework known as Havoc as an alternative to paid options such as Cobalt Strike and Brute Ratel.
PhishPal: How PayPal Became a Hackers’ Haven (Avanan) PayPal is a favorite of hackers.
Cybercriminals Cause Heartbreak on Valentine’s Day (Security Boulevard) Many people look for love or companionship online, and Valentine’s Day presents the perfect opportunity for digital crooks to take advantage of vulnerable
Kaspersky warns against ‘romanticization’ of digital stalking (Back End News) Kaspersky rings the alarm about the romanticization of stalking as depicted in TV series and movies. The cybersecurity company reminds people that stalking, both online and offline, is unacceptable…
British police vulnerable to Chinese spying, commissioner warns (Computing) Government departments were instructed last year to discontinue use of China-made cameras at sensitive sites
BlackCat hackers post personal data of staff and students of Irish university (CyberSecurity Connect) After suffering a ransomware attack nearly a fortnight ago, for which it declined to pay a ransom, Ireland’s Munster Technological University has had the personal details of some of its staff and students posted online.
3 Alarming Threats To The U.S. Energy Grid – Cyber, Physical, And Existential Events (Forbes) The aging U.S. Energy Grid infrastructure is extremely vulnerable to cyber-attacks, physical incidents, and existential threats.
Spoiler: It's not the IRS calling (Security Boulevard) Have you ever gotten a call from the IRS? If you have, then you might be one of the thousands of people losing millions of dollars every year to IRS scam calls. These fraudulent calls, which claim to be from the Internal Revenue Service (IRS), are typically made by scammers who are trying to steal money or personal information from taxpayers.
SAS hit by serious cyber attack (Copenhagen Post) Hacking incident led to a serious GDPR leak relating to passenger information being accessible to others.
Scandinavian Airlines Hit by Cyber Attack (Skift) SAS said it was hit by a cyber attack Tuesday evening and earlier had urged customers to refrain from using its app.
City of Hilliard investigating following phishing incident (WSYX) A phishing incident in December cost the city of Hilliard over $218 thousand, and now the city is investigating to bring those responsible to justice.
Security Patches, Mitigations, and Software Updates
Hyundai, Kia patch bug allowing car thefts with a USB cable (BleepingComputer) Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an easy hack that makes it possible to steal them.
Hyundai and Kia Launch Service Campaign to Prevent Theft of Millions of Vehicles Targeted by Social Media Challenge (NHTSA) Approximately 3.8 million Hyundais and 4.5 million Kias involved
Dozens of Vulnerabilities Patched in Intel Products (SecurityWeek) Intel has released patches for multiple critical- and high-severity vulnerabilities across its product portfolio.
ICS Patch Tuesday: 100 Vulnerabilities Addressed by Siemens, Schneider Electric (SecurityWeek) Siemens and Schneider Electric address 100 vulnerabilities across their products with their February 2023 Patch Tuesday advisories.
Trends
SynSaber Report Brings More Context to ICS Security (Security Boulevard) An analysis of three years of vulnerabilities found in industrial control systems (ICS) published by SynSaber, a provider of an ICS monitoring platform,
If you bought an iPhone after 2017, update it now, CISA says (The Record from Recorded Future News) CISA added four critical issues affecting Apple and Microsoft products to its list of known exploited vulnerabilities list this week.
New Security Trends Report Highlights Top Security Challenges and Priorities for Global Organizations (Arctic Wolf) Majority of businesses surveyed plan to increase cybersecurity spending despite economic uncertainty EDEN PRAIRIE, MN – February 16, 2022 – Arctic Wolf®, a global leader in security operations, today published findings from its State of Cybersecurity: 2023 Trends Report based on a survey the company commissioned of over 700 senior IT and cybersecurity decision-makers from over a dozen ... New Security Trends Report Highlights Top Security Challenges and Priorities for Global Organizations
PWC highlights 11 ChatGPT and generative AI security trends to watch in 2023 (VentureBeat) PWC analysts highlight 11 ChatGPT and generative AI security trends that organizations should watch out for in 2023.
Cybercriminals Increase Recruiting Tech and IT Pros Across the Darknet (Dice Insights) Like any good enterprise, successful cybercrime operations require recruiting and retaining top tech talent. A Kaspersky analysis finds underground darknet groups are offering salaries, bonuses and other perks in a search for tech pros with specific skills. Here’s what is behind the recent spike in cybercrime recruiting.
Marketplace
Smaller Companies Facing Cybersecurity Insurance Headwinds: Equifax Executive (Broadband Breakfast) Cost of insurance for cybersecurity could be a problem for smaller companies.
The hottest cybersecurity startups to watch in 2023, according to VCs (Fortune) Keep your eye on these cybersecurity startups in 2023.
ReliaQuest Completes Strategic Transition to Partner-First Channel Model to Empower Customers and Partner Network (GlobeNewswire News Room) ReliaQuest, a force multiplier of security operations, announced today that the company will be moving to...
Cerberus Sentinel Announces Termination of Public Offering of Common Stock (GlobeNewswire News Room) Cerberus Cyber Sentinel Corporation (“Cerberus Sentinel” or the “Company”)...
NSA again chooses CACI for $2.4B award and protestors return (Washington Technology) The National Security Agency has now twice chosen CACI International for the network analysis contract and is now facing a second round of protests.
The cyber security business is very strong, says Akamai CEO Tom Leighton (CNBC) Tom Leighton, Akamai CEO, joins 'TechCheck' to discuss his thoughts on the company after shares plunge despite beating earnings estimates in the fourth quarter.
How cyber athletes are gaming the job market (MasterCard) As cyberattacks continue to rise, cybersecurity competitions are drawing fresh talent — and many gamers — to shore up a field with a huge workforce gap.
'CyberArk hired 150 employees last quarter" (Globes) Set to step down as CEO after 18 years, Udi Mokady tells "Globes" how CyberArk has continued to grow despite the tech crisis.
DigitalOcean axes about 11 percent of workforce (Register) The layoffs will continue until morale improves
Versasec Joins Microsoft Intelligent Security Association (PRWeb) STOCKHOLM (PRWEB) February 15, 2023
Versasec, a global leader in credential management, is proud to announce its membership in the Microsoft Intelligent Security Association (MISA), a global ecos
Salt Security Appoints Gilad Gruber as Senior Vice President of Engineering (PR Newswire) Salt Security, the leading API security company, today announced the addition of Gilad Gruber to the Salt executive team as senior vice...
NSA Veteran Lori Weatherwax Joins LexisNexis Special Services; Haywood Talcove Quoted (GovCon Wire) Looking for the latest GovCon News? Check out our story: NSA Veteran Lori Weatherwax Joins LexisNexis Special Services. Click to read more!
Products, Services, and Solutions
ESET Launches Threat Intelligence Services - Delivering In-Depth Reports to Organizations and Governments (PR Newswire) ESET, a global leader in digital security, today announced the availability of its threat intelligence services, designed to extend an...
Building a better, more useful 1Password (1Password Blog) Learn about the latest improvements coming to 1Password 8 for iOS, Android, Mac, Windows, and Linux.
Dynatrace Platform to Power Boundless Observability and Security Analytics (Business Wire) Expands Grail data lakehouse to additional data types with graph-based multicloud topology and dependencies, and unveils new user experience to simplify custom analytics for nearly infinite BizDevSecOps use cases
Dynatrace Launches AutomationEngine to Drive Intelligent Cloud Automation (Business Wire) Answer-driven automation across the broad spectrum of BizDevSecOps workflows enables organizations to tame cloud complexity, act faster, and do more with fewer resources
Dynatrace Launches AppEngine to Enable Teams to Build Custom Apps that Unlock Insights and Drive Automation from Cloud Observability, Security, and Business Data (Business Wire) Empowers teams across organizations to collaborate, create, and share causal AI-driven solutions for any BizDevSecOps use case
WatchGuard Launches New Line of Firewall Products to Enhance Unified Security for Remote and Distributed Businesses (RealWire) Powered by WatchGuard’s Unified Security Platform® architecture, new Fireboxes deliver enhanced performance and added security capabilities that MSPs and IT admins can easily manage in WatchGuard Cloud
SEATTLE – February 16, 2023 – WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the release of its new Firebox T25/T25-W, T45/T45-POE/T45-W-POE, and T85-POE tabletop firewall appliances
Radware Introduces Industry-Leading Lineup of High-Capacity Attack Mitigation Platforms (GlobeNewswire News Room) Combines two- to three-fold performance increases and state-of-the-art DDoS protection with an innovative security operations management solution...
BAE Systems partners with Home Office to help identify national security risks at the UK border (BAE Systems | International) BAE Systems Digital Intelligence is partnering with the Home Office to develop data analysis technology that will help protect the UK’s border and simplify processes for traders and travellers in a three-year £38m contract.
Proofpoint Unveils New Simplified Partner Program to Accelerate Channel Growth (GlobeNewswire News Room) Proofpoint Element Partner Program strengthens resellers’ position and market opportunity with enhanced sales and marketing development resources,...
ProofPoint and Gatewatcher ramp up partner programmes (Microscope) Cyber security players are looking for growth with channel offerings that increase support and incentives.
ReliaQuest goes all-in on channel (Microscope) Cyber security player shares 100% partner commitment at a time that Searchlight Cyber reveals there are emerging opportunities for MSSPs around the dark web
Cleerly partners with ClearDATA to keep patient health data secure (VatorNews) Cleerly uses AI to identify the features of plaques that may cause heart attacks
Cisco unveils new cloud security solutions (SC Media) The recent Cisco Live 2023 Amsterdam event saw the security firm unveiling a new lineup of cloud security tools and features, according to CRN.
Technologies, Techniques, and Standards
CISA strategist: What is an SBOM and why it matters to compliance (Compliance Week) Cyberattacks on software are increasing, and the best chance organizations have of protecting themselves is to know about potential vulnerabilities through a software bill of materials, CISA Strategist Allan Friedman shared at CW's virtual Cyber Risk & Data Privacy Summit.
My Password Manager was Hacked! How to Prevent a Catastrophe (BleepingComputer) A recent password manager breach sent a shockwave through the security community. No service is perfect, and that goes for password managers, so what can you do to protect yourself?
Keeper Security Issues Top 5 Cybersecurity Tips for the 2023 Tax Season (PR Newswire) With the 2023 tax season upon us, individuals and businesses are reminded to stay vigilant to protect their personal and financial information...
Keeper Security Survey Finds Most Privileged Access Management Solutions are too Complex, With 68% of Organizations Paying for Wasted Features (PR Newswire) Keeper Security, the leading provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and...
Traditional PAM solutions aren’t working, Keeper Security study finds (IT Security Guru) Keeper Security, the provider of cloud-based zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, has released fi
Are C-Suite Executives Fluent in IT Security Speak? Five Reasons Why the Communication Gap is Wider Than You Think (MSSP Alert) C-suite executives sometimes struggle to understand IT security speak, according to new study by security provider Kaspersky.
Design and Innovation
From Bing to Sydney (Stratechery by Ben Thompson) More on Bing, particularly the Sydney personality undergirding it: interacting with Sydney has made me completely rethink what conversational AI is important for.
A Conversation With Bing’s Chatbot Left Me Deeply Unsettled (New York Times) A very strange conversation with the chatbot built into Microsoft’s search engine led to it declaring its love for me.
Microsoft’s new ChatGPT AI starts sending ‘unhinged’ messages to people (The Independent) System appears to be suffering a breakdown as it ponders why it has to exist at all
What Is ChatGPT Doing … and Why Does It Work? (Stephan Wolfram | Writings) Stephen Wolfram explores the broader picture of what's going on inside ChatGPT and why it produces meaningful text. Discusses models, training neural nets, embeddings, tokens, transformers, language syntax.
ChatGPT is not capable of creating malware automatically: David Fairman, Netskope (DATAQUEST) ChatGPT was able to create, review, improve and explain code, but it will not create novel, functional malware automatically
ChatGPT hints at potential for artificial intelligence in government (Federal Times) Agency leaders must clear up the common misconception that AI/ML infrastructure, data governance and efficiency must be perfectly aligned to get started.
Academia
JCSD and Lincoln University cybersecurity partnership taking shape (KOMU 8) Last October, Lincoln University reached a partnership with the Jefferson City School District to bring Project REACH to its schools.
Florida Tech L3Harris Institute Cybersecurity Team Wins Saint Leo Capture the Flag Tournament (Space Coast Daily) The L3Harris Institute for Assured Information FITSEC competitive cybersecurity team won the Saint Leo Capture the Flag cybersecurity tournament on Feb. 11. The victory brought a $3,500 cash prize.
Legislation, Policy, and Regulation
Govt spending billions on cybersecurity solutions to protect critical infrastructure (BizzBuzz) For cybersecurity firms, the period of hyper-growth may be over, but growth will continue as organisations see cybersecurity as an area of critical investment
DoD CIO Issues DoD Manual 8140 (U.S. Department of Defense) The Department of Defense Chief Information Officer, Honorable John Sherman, issued DoD Manual 8140.03 Cyberspace Workforce Qualification & Management Program, the third issuance of the DoD 8140
A new Navy ‘cyber’ rating is in the works (Navy Times) The new rating will replace cryptologic technician networks and it's name will include "cyber." Expect more details later this year.
Nebraska bill would ban access to USF funds for cell providers with Huawei equipment | Nebraska Examiner (Nebraska Examiner) Nebraska bill would ban the Universal Service Fund from distributing customer fees to wireless companies that use Huawei or ZTE equipment.
Litigation, Investigation, and Law Enforcement
Significant gaps found in DoD's management of mobile devices (SC Media) The U.S. Department of Defense Office of the Inspector General has discovered significant lapses in the Defense Department's management of mobile devices issued to its employees, reports The Register.
S.B.F.’s Unsolved Dark-Money Mysteries (Puck) A Taldmudic reading of exclusively obtained FTX filings suggests the next steps in this unfolding drama: finding out what Gabe Bankman-Fried knew about Salame’s dark money machine, S.B.F.’s ties to David McCormick, and more.
Revolut poised for Treasury crackdown on unregulated crypto trades (The Telegraph) Banking app’s ‘staking’ service could face new controls from City watchdog
First on CNN: FBI searched University of Delaware for Biden documents, source says (CNN) The FBI has conducted two searches at the University of Delaware in connection with the investigation into President Joe Biden's handling of classified documents, a source familiar with the investigation told CNN.
France probes Thales subsidiary over past ID deals in Africa | Biometric Update (Biometric Update |) The investigations were set off in 2021 following a report by Tracfin, an intelligence service under the French Ministry of the Economy and Finance.