Dateline Moscow and Kyiv: START me up.
Ukraine at D+363: A pep rally for the special military operation. (CyberWire) Shellfire, speeches, and a very big nationalist pep rally mark Russia's activities on the eve of the first anniversary of Mr. Putin's war.
Russia-Ukraine war: List of key events, day 364 (Al Jazeera) As the Russia-Ukraine war enters its 364th day, we take a look at the main developments.
Ukraine-Russia war latest: Putin set to speak at nationalist rally - watch live (The Telegraph) Vladimir Putin is set to speak at a massive nationalist rally being held ahead of the one-year anniversary of Russia's invasion of Ukraine.
Follow the 600-mile front line between Ukrainian and Russian forces (Washington Post) Over the last year, the war in Ukraine has morphed from a multi-front invasion that included Kyiv in the north to a conflict of attrition largely concentrated along a 600-mile stretch in the east and south.
Kyiv and Moscow Are Fighting Two Different Wars (Foreign Affairs) What the war in Ukraine has revealed about contemporary conflict.
The Persistence of Great-Power Politics (Foreign Affairs) What the War in Ukraine Has Revealed About Geopolitical Rivalry
Opinion These charts suggest peace isn’t coming to Ukraine anytime soon (Washington Post) When the Iraq war began almost 20 years ago, Gen. David Petraeus asked, “Tell me how this ends?” It’s a question that applies to the Ukraine war today.
Move Fast and Win Things (Foreign Affairs) What the war in Ukraine has revealed about statecraft.
Putin Halts Nuke Pact With US, Vows to Push War in Ukraine (Bloomberg) Russia to halt observation of New START nuclear treaty With US. Putin says Russia will achieve its war aims in Ukraine.
Biden: 'Ukraine Will Never Be a Victory for Russia. Never' (U.S. Department of Defense) After an unprecedented visit to Ukraine, President Joe Biden told a crowd in Warsaw, Poland, that "brutality will never grind down the will of a free Ukraine."
Ukraine-Russia war latest: Putin will never win in Ukraine, says Joe Biden (The Telegraph) US President Joe Biden says Russia will never secure a victory in Ukraine and the West's support will never tire.
Biden, in Poland, proclaims NATO’s unity against Russia (Washington Post) Following up on his surprise visit to Kyiv, the president accuses Russia of crimes against humanity
'You cannot outlast us': Biden’s Kyiv visit sends strong message to Moscow (Atlantic Council) US President Joe Biden's bold surprise visit to wartime Kyiv sent a strong message to Moscow that time is not on Putin's side and Russia should not pin its hopes on a weakening of Western resolve to stand with Ukraine.
FACT SHEET: One Year of Supporting Ukraine (The White House) Nearly one year ago, Russia launched its unjust, brutal assault against Ukraine. Putin’s invasion was a test of Ukraine’s commitment to freedom, and a test for America and the world. Putin sought to subjugate Ukraine, but the free people of Ukraine stood strong—bravely defending their sovereignty and democracy. The United States, alongside our allies and partners,…
Biden Just Destroyed Putin’s Last Hope (The Atlantic) The president’s visit to Ukraine was a gut punch to the Russian leader.
Biden's Ukraine visit upstages Putin and leaves Moscow's military pundits raging (CNN) President Joe Biden's surprise visit to Ukraine sparked anger and embarrassment among many of Russia's hawkish military pundits on Monday, increasing pressure on Vladimir Putin as the Russian leader prepares to justify his stuttering invasion in a national address.
Russian hawks fume after Biden beats Putin to a triumphant welcome in Kyiv (Fortune) Biden's morale-boosting trip to Ukraine forced the Kremlin to soothe tempers by claiming the U.S. President only gathered his courage after receiving security guarantees in advance.
Joe Biden says Russian forces in disarray after year of war in Ukraine (the Guardian) US president issues rallying cry in Warsaw speech but warns of ‘very bitter days’ ahead in defence of democracy
Disaster lies behind the Kremlin’s bluster (The Telegraph) Putin’s nuclear brinkmanship cannot conceal the truth: his war has ruined Russia
In the Shadow of War, Ukraine’s New Political Order Is Taking Shape (World Politics Review) Amid Russia’s war in Ukraine, normal politics have seized, opening up space for Zelensky’s anti-corruption reforms.
Putin walks away from world’s last remaining nuclear arms treaty (The Telegraph) Decision to suspend agreement with US came during long speech by Russian president in which he blamed the West for triggering Ukraine war
Putin aiming to divide US public opinion with nuclear treaty pullout, experts say (the Guardian) Russian president accused of ‘playing to rifts in the United States’ by raising specter of nuclear war between Moscow and west
New Start nuclear treaty explained – and what its suspension could mean (The Telegraph) The Telegraph takes a deep dive into the weapons pact following Vladimir Putin’s decision to pull Russia out of it
US foreign policy: China is important but the top priority is stopping Russia (Atlantic Council) Members of the US foreign policy establishment are wrong to prioritize a "China First" perspective at a time when Putin's Russia is waging a major war of aggression in Ukraine, writes Richard D. Hooker, Jr.
F-16s, longer-range missiles could help Ukraine beat Russia, U.S. general privately tells lawmakers (POLITICO) Gen. Christopher Cavoli’s comments go further than other administration officials.
Putin could still win unless the West speeds up efforts to arm Ukraine (Atlantic Council) As the Russian invasion of Ukraine enters its second year, Western support for the Ukrainian war effort is growing. The first two months of 2023 have seen a series of landmark decisions to provide Ukraine with weapons that Western leaders had previously been reluctant to deliver, with the list including armored vehicles, modern tanks, and long-range missiles.
Russia’s military brass accused of ‘treason’ by Wagner chief (Al Jazeera) Yevgeny Prigozhin says the Russian army is starving his fighters of ammunition and they are ‘dropping like flies’.
Treasury Deputy: Russia Sanctions Are Degrading its Military (Military.com) American and allied sanctions and export controls are constraining Russia’s ability to wage war on Ukraine by degrading its military, a top Treasury Department official says.
Russian economy shrank 2.1% in 2022, much less than expected (Al Jazeera) The economy defied fears of a recession and previous predictions that it would contract by more than 12 percent.
At Munich Conference, Ukraine drives an unusual focus on acquisition over policy (Breaking Defense) Last week's Munich Security Conference included call-outs on specific weapon systems, an unusual occurrence at the normally high-minded dialogue.
A year of Russian fighting in Ukraine shows the US military what it needs to improve, analysts say (Stars and Stripes) Hidden amid Russian failures is a threat still facing the United States military and its allies in Europe, where vulnerabilities persist on its eastern borders, experts say.
Opinion | Some of the Best Weapons in the World Are Now in Ukraine. They May Change the War. (New York Times) What will Ukraine do with its new tanks?
‘Russian troops deprived diabetic patient of insulin to let him slowly die’ (The Telegraph) Investigation reveals how hospitals have been pillaged, medics imprisoned and patients crushed by Russian attacks
Ukraine Suffered More Data-Wiping Malware Last Year Than Anywhere, Ever (WIRED) As Russia has accelerated its cyberattacks on its neighbor, it's barraged the country with an unprecedented volume of different data-destroying programs.
Ukrainian hackers claim disruption of Russian TV websites during Putin speech (The Record from Recorded Future News) The Ukrainian hacktivist group IT Army said it caused blackouts of TV websites during a speech by Russian President Vladimir Putin.
Ukraine's volunteer cyber army could be model for other nations: experts (Newsweek) As the first anniversary of Russia's invasion approaches, the architects of Ukraine's cyber militia are declaring it a model other democracies should emulate.
Ukraine's largest charity wants to raise $1.3 million for ‘cyber offensive’ (The Record from Recorded Future News) Ukraine's largest charitable foundation, Come Back Alive, has launched a fundraiser to support the country's cyber offensive against Russia.
Internet Freedom Isn’t a Luxury (The Information) One year ago this week, the Russian government launched its illegal and unprovoked invasion of Ukraine. Almost immediately after, the Kremlin blocked Facebook and Twitter for people in Russia and forced the remaining independent and foreign media operating in the country to shut their doors. ...
Attacks, Threats, and Vulnerabilities
S1deload Stealer – Exploring the
Economics of Social Network
Account Hijacking (Bitdefender Labs) Social networks, which have grown to occupy a significant portion of our lives, have been abused by criminals since their inception.
A New Kind of Bug Spells Trouble for iOS and macOS Security (WIRED) Security researchers found a class of flaws that, if exploited, would allow an attacker to access people’s messages, photos, and call history.
Stealc: a copycat of Vidar and Raccoon infostealers gaining in popularity - Part 1 (SEKOIA.IO Blog) Stealc infostealer is another fully featured infostealer sold as a MaaS which emerged on underground forums in early 2023.
How NPM Packages Were Used to Spread Phishing Links (Checkmarx.com) On Monday, 20th of February, Checkmarx Labs discovered an anomaly in the NPM ecosystem when we cross-referenced new information with our databases. Clusters of packages had been published in large quantities to the NPM package manager.
Cyber Attacks on Data Center Organizations (Resecurity) Resecurity notified several data center organizations about malicious cyber activity targeting them and their customers. The initial early-warning threat notification about this activity was sent around September 2021 with further updates during 2022 and January, 2023.
Hackers Scored Data Center Logins for Some of the World's Biggest Companies (Bloomberg) Such credentials in the wrong hands could be dangerous, experts say, potentially allowing physical access to data centers. The affected data center operators say the stolen information didn’t pose risks for customer IT systems.
Data centre hacks affect Amazon, Apple and Microsoft (Computing) Hackers have stolen login credentials at two major Asian datacentre firms, which some of the world's largest companies use to store their data.
Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia (Symantec) No custom malware deployed in attack campaign that appears to rely exclusively on open-source tools.
LockBit gang takes credit for attack on water utility in Portugal (The Record from Recorded Future News) The LockBit ransomware group has taken credit for a cyberattack on Águas e Energia do Porto — the water utility for the city of Porto.
Android voice chat app leaked private user conversations (Cybernews) A popular app for voice chats, OyeTalk, stored unencrypted user chats on a database unguarded by a password.
Sensitive US military emails spill online (TechCrunch) A security researcher told TechCrunch that a government server was exposing military emails to the internet because no password was set.
US Military Emails Exposed Due to Simple Error in DoD Server (Tech Times) A security researcher explained what happened.
SF-86 and other Sensitive Data Exposed in U.S. Military Email Spill (ClearanceJobs) The DoD discovered over the weekend that one of their servers was sharing sensitive U.S. military information with the public.
US military investigating leak of emails from Pentagon server (CNN) The US military's Special Operations Command says it is investigating a report from a cybersecurity researcher that the command was leaking a trove of unclassified email data on the internet.
Pentagon probing report of leak from military email server (The Hill) The Defense Department’s U.S. Special Operations Command (USSOCOM) launched an investigation this week following a report that said that the unit had an exposed server that was leaking sensitive bu…
Activision confirms data breach exposing employee and game info (BleepingComputer) Activision has confirmed that it suffered a data breach in December 2022 after one of its employees fell victim to an SMS phishing attack, giving hackers access to its internal systems.
Hacker Breaches Activision Slack, Steals Call of Duty Info (Vice) Screenshots show how a hacker tricked an Activision worker into providing a two-factor authentication token.
Alleged Activision data breach reveals Call of Duty's 2023 plans, including MW2 and possible new CoD (Dot Esports) An alledged data breach has revealed major plans for CoD in 2023.
Accidental WhatsApp account takeovers? It's a thing (Register) Blame it on phone number recycling (yes, that's a thing, too)
Royal Mail resumes overseas deliveries via post offices after cyber-attack (the Guardian) Branches to get payments to cover lost international income as postal workers threaten further strikes
A DNA Testing Company Forgot About 2.1 Million People’s Data. Then It Leaked. (Yahoo) A prominent DNA testing firm has settled a pair of lawsuits with the attorney generals of Pennsylvania and Ohio after a 2021 episode that saw cybercriminals steal data on 2.1 million people, including the social security numbers of 45,000 customers from both states. As a result of the lawsuits, the company in question, DNA Diagnostics Center (or DDC), will have to pay out a cumulative $400,000 to both governments and has also agreed to beef up its digital security practices. The company said it
GoDaddy blasted for breach response (SC Media) Security researchers hunt for clues to what’s behind the breach on the large hosting site, which services nearly 21 million customers.
Washington County Sheriff says Russia hacked his office (Mypanhandle.com) Washington County Sheriff’s Office said its operational services are down and they believe Russia is to blame. Sheriff Kevin Crews said the hack is also affec…
Alarum to Investigate Potential Illegal Short Selling (GlobeNewswire News Room) Alarum Technologies Ltd. (www.alarum.io) (Nasdaq, TASE: ALAR) (“Alarum” or the “Company”), a global...
CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Security Patches, Mitigations, and Software Updates
Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities (SecurityWeek) Apple has updated its security advisories to add new iOS and macOS vulnerabilities, including ones belonging to a new class of bugs.
VMware Plugs Critical Carbon Black App Control Flaw (SecurityWeek) VMware warns that hackers can launch injection exploits to gain full access to the underlying server operating system.
Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (BleepingComputer) VMware has released a vSphere ESXi update to address a known issue causing some Windows Server 2022 virtual machines to no longer boot after installing this month's KB5022842 update.
Trends
FortiGuard Labs Reports Destructive Wiper Malware Increases Over 50% (Fortinet) Adversarial Supply Chains Strengthen in Complexity and Sophistication to Counter Evolving Defenses
76% of Vulnerabilities Currently Exploited by Ransomware Groups Were Discovered Before 2020, Report Finds (Business Wire) Joint study by Cyber Security Works, Ivanti, Cyware, and Securin also identifies 56 new ransomware-associated vulnerabilities, for a year-end total of 344 ransomware threats in 2022
The Fraud Trend Report (Fluro) Fluro has looked into the UK’s most popular types of fraud, how much money is being lost to them and the cities facing the biggest scamming problem.
Cyberthreats, Regulations Mount for Financial Industry (Dark Reading) Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture.
Many executives expect a rise in cyber attacks, survey says (The North Bay Business Journal) Over one-third of C-suite executives polled by Deloitte said their organizations' accounting and financial data were targeted, but fewer said they regularly worked with cybersecurity teams.
WSJ News Exclusive | Hackers Extort Less Money, Are Laid Off as New Tactics Thwart More Ransomware Attacks (Wall Street Journal) Extortion payments from ransomware, a hacking scourge that has crippled hospitals, schools and public infrastructure, fell last year.
Marketplace
Entitle Launches With $15M in Seed Funding to Bake Security Into Permissions Management (PR Newswire) Entitle today announced that it has exited stealth with $15 million in seed financing and launched its cloud permissions management platform....
AT&T seeks to shed cybersecurity division -sources (Reuters) AT&T Inc , the second-biggest U.S. wireless carrier, is exploring a sale of its cybersecurity division, potentially undoing an acquisition it completed five years ago, according to people familiar with the matter.
Resecurity Becomes Gold Sponsor of InfraGard National Members Alliance (PR Newswire) Resecurity is proud to announce that it has become a Gold Sponsor of InfraGard National Members Alliance (INMA), an FBI-affiliated nonprofit...
Avertium Recognized on CRN's 2023 MSP 500 List (Avertium) Avertium Ranks in Security Top 100 for Seventh Consecutive Year.
Varonis Featured on CRN’s 2023 Security 100 List (GlobeNewswire News Room) Varonis Systems, Inc. (Nasdaq: VRNS), a pioneer in data security and analytics, today announced that it has...
Three Cybersecurity Stocks That Look Cheap (The Information) You can tell a company’s stock price has fallen too far when its shareholders resist private equity buyout offers on the grounds that valuations are too depressed for selling. That’s what has happened lately in enterprise software, and it’s a sign that there are bargains to be had for savvy ...
Deepwatch Names Mel Wesley as Chief Financial Officer (Business Wire) Successful finance and cybersecurity industry veteran to support rapid growth
Trustmarque appoints former NTT Data UK boss as CEO (CRN) Simon Williams takes the top position at provider of IT solutions and services
Proceed Group Appoints New Managing Director to Renew Focus on Fast-Tracking RISE for SAP Customers (PR Newswire) Proceed Group, the SAP data management specialists, announced today that Robert Reuben has been appointed as managing director after three...
NetSPI Appoints Scott Lundgren and John Spiliotis to its Board of Directors (PR Newswire) NetSPI, the leader in enterprise penetration testing and offensive security, today announced the appointment of Scott Lundgren and John...
Brian Gumbel Appointed President of Armis (Armis) The new 100m USD ARR cybersecurity centaur will focus on its next wave of growth for 2024 and prepare for potential future IPO
Products, Services, and Solutions
Concentric AI Uniquely Addresses Data Security Needs for Financial Services Organizations with Autonomous Data Security Posture Management (Business Wire) Growing Number of Financial Organizations Leverage Concentric AI for Accurately Finding Sensitive Data Across Locations, Assessing Risk, and Remediating Security Issues
Perimeter 81 Partners with TD SYNNEX to Expand Distribution of Award-Winning Platform (Business Wire) Agreement empowers Perimeter 81 to share its innovative solutions to a greater number of customers
Cradlepoint successfully demonstrates SD-WAN and 5G network slicing for distributed enterprises at Ericsson D-15 Labs (GlobeNewswire News Room) Cradlepoint cellular-aware SD-WAN steers applications into the optimal network slices, allowing enterprises to take advantage of true differentiated...
Radware Introduces a Best-of-Suite Approach to Cloud Application Protection (GlobeNewswire News Room) Delivers seamless 360-degree application protection from browser side to server side; adds advanced client-side protection...
Radware launches new series of attack mitigation platforms (SecurityBrief Australia) The next-generation offering combines performance and DDoS protection with enriched usability and visibility to defend against increasingly sophisticated cyber threats.
Binary Defense, ExtraHop in New Managed Network Detection and Response Pact (MSSP Alert) ExtraHop’s Reveal(x) 360 customers can add Binary’s MDR services and security operations center (SOC) capabilities to their portfolios.
Syxsense First to Combine Endpoint Security Scanning and Remediation for CIS Level 1 Benchmarking and Compliance (Business Wire) IT and security teams can now quickly evaluate endpoint compliance against more than 300 CIS Level 1 Benchmarks, accelerating vulnerability assessment and remediation
CyberGRX Launches Portfolio Risk Findings to Help Customers Identify Their Riskiest Vendors (Business Wire) Enabling customers to pinpoint and prioritize security weaknesses across their entire third-party portfolio
Technologies, Techniques, and Standards
NATO seeks OSINT AI alerting platform (Intelligence Community News) On February 21, the U.S. Department of Commerce posted a NATO business opportunity: Provision of an Open Source Intelligence (OSINT) Artificial Intelligence (AI) Alerting Platform as SaaS. Responses are due no later than April 3, 2023, 3:00 pm Brussels time (CET).
Synopsys Study Underscores Need for Comprehensive SBOM as Best Defense in Software Supply Chain Security (Synopsys) 84% of codebases contained at least one known open source vulnerability, an almost 4% increase from last year's findings MOUNTAIN VIEW, Calif., Feb. 22, 2023 /PRNewswire/ -- Synopsys, Inc....
The not-so obvious benefits of BAS (teiss) Breach and attack simulation (BAS) platforms provide immense value for the modern organisation. But they are not always well understood
NSA's National Security Operations Center celebrates 50 years of 24/7 operations in servic (National Security Agency/Central Security Service) Since its ribbon-cutting on February 21, 1973, NSOC has served as NSA’s nerve center, responsible for managing its cryptologic posture for time-sensitive actions and crisis response to optimize the
Design and Innovation
What did they know, and when did they know it? The Microsoft Bing edition. (Gary Marcus on Substack) A new discovery that makes a curious story a whole lot more curious
Generative AI Is Coming For the Lawyers (WIRED) Large law firms are using a tool made by OpenAI to research and write legal documents. What could go wrong?
The ChatGPT Reincarnation of the Marquis de Sade Is Coming (WIRED) “Loab” was just the beginning. Artificial intelligence will soon dredge up all kinds of secret fascinations and fears.
The Myth of the Psychopathic Personality Refuses to Die (WIRED) Science wants to solve the problem of evil but some of the most mainstream concepts are little more than folklore.
Meta Verified Shows a Company Running Out of Ideas (WIRED) Mark Zuckerberg has a new subscription service for Instagram and Facebook. That blue check mark looks awfully familiar.
AI Startups Find an Unlikely Friend: Oracle (The Information) Top cloud providers are jostling to sign deals with artificial intelligence startups that need computing resources as they chase OpenAI, maker of ChatGPT. An improbable early leader in the race to rent servers to these startups is Oracle, a longtime laggard in the cloud field that had developed ...
Research and Development
AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm (SecurityWeek) The CRYSTALS-Kyber encryption mechanism recommended for post-quantum cryptography was cracked using AI combined with side channel attacks.
Legislation, Policy, and Regulation
Civil liberties groups call for EU-wide ban on spyware (The Record from Recorded Future News) An association of civil liberties and human rights organizations is recommending that spyware is banned throughout the EU.
Brussels sets out to fix the GDPR (POLITICO) New law to solve enforcement flaws of the GDPR could open a Pandora’s box of lobbying and regulators’ infighting.
What is Section 230, the rule that made the modern internet? (AP NEWS) Twenty-six words tucked into a 1996 law overhauling telecommunications have allowed companies like Facebook, Twitter and Google to grow into the giants they are today.
CISA on the Prowl for Defenses Against Emerging Tech (Meritalk) The Cybersecurity and Infrastructure Security Agency (CISA) is considering letting a three-year consulting contract that will help the agency develop strategies against new and emerging technologies.
Federal panel says agencies need to focus on harmonizing cyber regulations (Washington Post) An advisory committee recommended the creation of an office to deconflict cyber rules
Litigation, Investigation, and Law Enforcement
Supreme Court declines to hear Wikimedia case against NSA surveillance program (CyberScoop) Critics of the high court's decision not to hear the case say the justices have struck a blow against civil liberties.
U.S. Supreme Court snubs Wikipedia bid to challenge NSA surveillance (Reuters) The U.S. Supreme Court on Tuesday declined to hear a bid by the operator of the popular Wikipedia internet encyclopedia to resurrect its lawsuit against the National Security Agency challenging mass online surveillance.
Supreme Court Turns Away Challenge to Warrantless Surveillance Program (Wall Street Journal) Privacy groups have argued the program exposed by Edward Snowden is unconstitutional.
Supreme Court considers if Google is liable for recommending ISIS videos (Washington Post) The Supreme Court on Tuesday heard oral arguments in Gonzalez v. Google, a lawsuit that could shift the foundations of internet law. It argues tech companies should be legally liable for harmful content their algorithms promote.
House Dems Call for Info on Racially-Motivated Cyber Attacks (Nextgov.com) Several House lawmakers tasked DHS and CISA with providing information on “racially- or ethnically- motivated” violent attacks on the U.S. electrical sector.
Mideast governments accused of using fake dating profiles in arrests of LGBT people (The Record from Recorded Future News) Human Rights Watch says authorities in Egypt, Iraq, Jordan, Lebanon and Tunisia used dating apps as lures to find and detain LGBT people.