Dateline
Ukraine at D+364: United Nations vote on Russia's war expected today. (CyberWire) Russia continues to maintain that its war is defensive, that it's the real victim here. (And Russian cyberattacks haven't had a decisive effect, but that's not for want of trying.)
Russia-Ukraine war: List of key events, day 365 (Al Jazeera) As the Russia-Ukraine war enters its 365th day, we take a look at the main developments.
Russia-Ukraine war: Key events in the year since Russia invaded Ukraine (ABC News) One year into the Russian invasion of Ukraine here is a timeline of events marking various stages throughout the war.
U.N. to mark one year of Ukraine war with vote to 'go down in history' (Reuters) Marking one year of war, Ukraine and Russia lobbied countries at the United Nations on Wednesday for backing ahead of a vote by the 193-member General Assembly that the United States declared will "go down in history."
Marking One Year Of War In Ukraine, UN Chief Denounces Russia (RadioFreeEurope/RadioLiberty) United Nations Secretary-General Antonio Guterres has denounced Russia's invasion of Ukraine as a violation of the founding UN Charter and international law and called out Russian threats about its possible use of nuclear weapons.
A global divide on the Ukraine war is deepening (Washington Post) Russia capitalizes on disillusionment with the United States to win sympathy in the Global South.
Three Reasons Most Analysts Were Wrong on War in Ukraine (VOA) Early predictions overestimated Russian military capabilities and underestimated the Ukrainian resistance
A year into Ukraine, looking back at 5 prewar predictions (Breaking Defense) A year ago, Mark Cancian of CSIS laid out five things to watch for in a war between Ukraine and Russia. Now he assess where things ended up.
Ukraine is still standing a year after the Russian invasion. Now what? (Yahoo News) U.S. officials acknowledged to Yahoo News that they do not expect either side to prevail in 2023.
The ripple effects of Russia's war in Ukraine continue to change the world (NPR) A year after Russia's invasion of Ukraine sparked the largest conflict in Europe since World War II, the repercussions continue to reverberate.
Ukraine-Russia war latest: Putin set to speak at nationalist rally - watch live (The Telegraph) Vladimir Putin is set to speak at a massive nationalist rally being held ahead of the one-year anniversary of Russia's invasion of Ukraine.
The Quiescent Russians (Foreign Affairs) What the war in Ukraine has revealed about Putin’s public.
In Russia-Ukraine war, more disastrous path could lie ahead (AP NEWS) For Russia, it's been a year of bold charges and bombardments, humiliating retreats and grinding sieges. Ukraine has countered with fierce resistance, surprising counteroffensives and unexpected hit-and-run strikes.
Q&A: Our experts answered your questions on the Ukraine War (The Telegraph) On Friday February 24, it will be one year since Russia invaded Ukraine.
Why Putin’s iron grip over Russia could be weakening (The Telegraph) The Telegraph’s writers take stock of the war’s impact and the challenges lying in wait for Russia’s leader this year
How the Russia-Ukraine war could end – four scenarios examined (The Telegraph) One year on, the conflict has triggered profound changes in Europe. An expert on global peace explains what an endgame could look like
'It's hard, but they're holding on': On the ground in Ukraine, the war depends on U.S. weapons (USA TODAY) Ukraine says U.S. weapons are making the difference in its Russia fight. USA TODAY was given exclusive access to what that means on the battlefield.
Why are NATO Articles 4 and 5 being discussed after the blast in Poland? (Washington Post) Two people were killed in explosions Tuesday in the Polish town of Przewodow on the border with Ukraine, according to a Polish official. The incident came amid a day of heavy Russian strikes on Ukrainian territory, but it was unclear where the reported strike in Poland came from, or whether it was deliberate.
Sweden open to sending Leopards to Ukraine, defence minister says - TT news agency (Reuters) Sweden is open to sending some of its Leopard battle tanks to Ukraine as the Nordic country prepares to present another package of aid to help the country fight off the Russian invasion, its defence minister told local news agency TT.
Israel reconsidering whether to send weapons to Ukraine: Sources (Breaking Defense) A review of the Israeli policy is being led by the national security unit in the prime minister's office, in cooperation with the Ministry of Defense, the Ministry of Foreign Affairs and Mossad, per sources.
DOD Official Says U.S. Not Yet Seeing China Giving Lethal Aid to Russia (U.S. Department of Defense) The United States has not yet seen China giving lethal aid to Russia in its illegal and unprovoked invasion of Ukraine, but the Chinese also haven't taken that aid off the table, according to the
‘It’s a disgrace not to go to war’: muted Russian protest against Ukraine conflict (the Guardian) Families of dead Russian soldiers appear even more supportive of military operation
Dutch intelligence: Many cyberattacks by Russia are not yet public knowledge (The Record from Recorded Future News) Two Dutch intelligence agencies cited the volume of Russian cyber operations as one reason many are not yet publicly known.
Russia speeds shift to ruble and yuan as sanctions bite (Nikkei Asia) Response to Ukraine war fuels move away from export payments in dollars and euros
A Tool of Attrition (Foreign Affairs) What the war in Ukraine has revealed about economic sanctions.
Attacks, Threats, and Vulnerabilities
Clasiopa: New Group Targets Materials Research (Symantec) Group uses distinct toolset but there are few clues to its origins.
WinorDLL64: A backdoor from the vast Lazarus arsenal? (WeLiveSecurity) ESET researchers uncover the WinorDLL64 backdoor, one of the payloads of the Wslink downloader and probably part of Lazarus' arsenal.
Developers beware: Imposter HTTP libraries lurk on PyPI (ReversingLabs) ReversingLabs researchers discovered more than three dozen malicious packages on the PyPI repository that mimic popular HTTP libraries.
Rezilion Research Discovers Hidden Vulnerabilities in Hundreds of Docker Container Images (PR Newswire) Rezilion announced today the release of the company's new research, "Hiding in Plain Sight: Hidden Vulnerabilities in Popular Open Source...
Hiding in Plain Sight: Hidden Vulnerabilities in Open Source Scanners (Rezilion) Read this report for why traditional SCA tools struggle to detect software components not managed by package managers and the industry-wide impacts.
Third-party scripts in e-commerce websites: is payment data at risk? (Jscrambler) More than 99% of all websites use JavaScript in some form, as it serves many purposes. Some directly, and others via a third-party vendor.
Beware of macOS cryptojacking malware. (Jamf Threat Labs) You may have heard about the cryptojacking malware on macOS. Read about a new one spotted by Jamf Threat Labs.
Business Email Compromise Scam Leads to Credential Harvesting Evernote Page (Avanan) A crafty new Business Email Compromise scam adds a legitimate Evernote link to make it even more tricky to detect.
Kaspersky Lab: cybercriminals distribute a Trojan under the guise of ChatGPT for Windows (Gadget Tendency) The Kaspersky Lab team spoke about a new danger that lies in wait for users and fans of the ChatGPT chat bot with artificial intelligence. Generated by the Midjourney neural networkUnder the guise of the ChatGPT desktop client for Windows from OpenAI, attackers began to distribute malware that steals user data, including logins and passwords. […]
Scammers Mimic ChatGPT to Steal Business Credentials (Dark Reading) Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot.
"Mylobot" botnet infecting 50,000 devices per day worldwide (Neowin) A botnet called "Mylobot" is infecting over 50,000 devices daily, according to a recent report. Mylobot can download more malware, send spam emails, and even remain idle to avoid detection.
The 5 most dangerous cyberthreats facing businesses this year (Malwarebytes) Which of the myriad, extant cyberthreats should your business be paying the most attention to in 2023?
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966 (Bitdefender Business Insights) Numerous threat actors were detected abusing a critical CVE-2022-47966 RCE vulnerability affecting products from ManageEngine. Read our advisory.
Weaponizing POCs – a Targeted Attack Using CVE-2022-47966 (Bitdefender Labs) Known-yet-unpatched vulnerabilities have always represented a key entry point to
modern business networks.
Cyberattack on food giant Dole temporarily shuts down North America production, company memo says (CNN Business) A cyberattack earlier this month forced produce giant Dole to temporarily shut down production plants in North America and halt food shipments to grocery stores, according to a company memo about the incident obtained by CNN.
The Good Guys customers' personal data stolen in cyberattack on third-party supplier (9News) Popular Australian electronics retailer The Good Guys has revealed some of its customers' personal data has...
Trove of L.A. Students’ Mental Health Records Posted to Dark Web After Cyber Hack (74 Million) 74 investigation reveals systemic data breach of sensitive psychological evaluations following Vice Society ransomware attack
Indigo admits cyber attack was ransomware, employee data accessed (IT World Canada) Two weeks after suffering a cyber attack, Indigo Books and Music has acknowledged it was hit by ransomware and employee data was compromised. "On February 8, 2023, Indigo experienced a ransomware attack," the company says in an updated FAQ on its website. "Through our investigation we learned there is no reason to believe customer data
When your “friends” spy on you: The firm pitching Orwellian social media surveillance to militaries (Forbidden Stories) Imagine opening Facebook to a new friend request. You click on the profile and notice mutual friends. The person shares interesting content related to your job or passion on their profile. You don’t know them, but you accept the request.
Tesla to Change Camera Settings in Europe Over Privacy Fears (Wall Street Journal) The car maker agreed to issue software update to cars in the EU so that cameras have to be turned on and don’t record continuously.
No relief in sight for ransomware attacks on hospitals (TechTarget) Ransomware gangs will continue to target the hospitals and healthcare providers in 2023, despite efforts to curb the threat.
February 21 CISA KEV Breakdown | IBM, Mitel (Nucleus Security) In this Breakdown, Nucleus experts explore the three vulnerabilities added to the KEV on February 21, 2023
Vulnerability Summary for the Week of February 13, 2023 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Trends
85% of Public Safety Organizations are Not 'Very Prepared' for Cyberattacks (Security Intelligence) Public safety organizations are major targets for cyberattacks. So why are they so unprepared to defend against them?
Netacea Quarterly Index: Top 5 Scalper Bot Targets of Q4 2022 (Netacea) Netacea’s Threat Research team provides expert analysis on the most scalped items from October to December 2022, from sneakers to Taylor Swift tickets.
authID Releases Results of its 2nd Annual Fintech Cybersecurity Survey (GlobeNewswire News Room) 80% of respondents said they are likely to evaluate solutions that eliminate the risks and costs of passwords and legacy multi-factor authentication ...
Australia and New Zealand Cybersecurity Survey (Arctic Wolf) Learn the findings from 300 IT and cybersecurity decision-makers and business executives in Australia and New Zealand on the happenings, attitudes, and beliefs they have on cybersecurity and business issues.
Cynet Reveals 94% of CISOs Suffer from Work-Related Stress and It’s Putting Companies at Risk (Business Wire) After surveying CISOs of small to midsize businesses, Cynet discovered 65% report their ability to protect their organization is compromised because of work overload, with nearly 100% admitting they need additional resources
Sensitive Data Protection Still Major Challenge for Enterprises (GlobeNewswire News Room) New report by Piiano details gaps in best practices for enterprise protection of sensitive customer data, especially in PII handling...
Marketplace
Venture capital financing of cyber companies slid to $18.5 billion in 2022 (The Record from Recorded Future News) VC investments in cybersecurity startups began to dip in the second half of 2022, but private equity firms spent billions buying companies.
A Few Cybersecurity Stocks Soared in 2022, But Most Stumbled (Info Risk Today) After two sensational years in the public markets during the height of COVID-19, 2022 was a rude awakening for the cybersecurity industry. The four-headed monster of inflation, interest rate hikes, supply chain shortages and the ongoing Russia-Ukraine war dragged most stock prices down.
Trend Micro Acquires SOC Technology Expert Anlyz (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, has announced the signing of a definitive agreement to acquire...
Metomic Raises $20 Million to Protect Sensitive Data in SaaS Applications (Metomic) As a data security solution focused solely on SaaS ecosystems, Metomic will use the Series A funding round to expand into the U.S.
Kaspersky acquires 49 per cent of container security solutions developer Ximi Pro (ANI News) Kaspersky has acquired 49 per cent of Ximi Pro, a subsidiary of Ximi Lab that develops Tron, a comprehensive solution for the protection of container infrastructures. This acquisition will allow the company to develop an offering that would provide full-fledged protection within Cloud Workload Protection concept. It would also extend its upcoming XDR solution with the ability to detect and respond to threats in container's infrastructure.
Why Is AT&T Cybersecurity Such a Good Acquisition Target? (Bank Info Security) AT&T wants to unload its cyber assets just five years after doubling down on security through its $600 million purchase of threat intelligence vendor AlienVault. The Dallas-based carrier has been working with British banking firm Barclays to solicit bids for its cybersecurity business, Reuters said.
Telos Corporation Receives Follow-on Contract with National Security Agency (Telos Corporation) Telos Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, announced today a five-year contract with the National Security Agency (NSA). With this contract, NSA is continuing its licensing of Xacta 360 and Xacta.io while also acquiring new... Read more
Palo Alto Networks stock jumps as 'budget scrutiny' for cybersecurity favors large platforms (MarketWatch) Palo Alto Networks shares surged Wednesday after Wall Street rewarded the cybersecurity company as budget crunches appear to be favoring larger vendors.
Meta plans additional layoffs across various divisions, report (Computing) Move is part of a downsizing and restructuring effort that could affect thousands of employees
Senhasegura Named Leader for 2nd Consecutive Year in the KuppingerCole Leadership Compass for Privileged Access Management (Business Wire) Brazilian-based PAM provider recognized in 2023 Report for overall leadership, technical innovation, and advanced product features
Interview: Ciaran Martin’s New Chapter in Cybersecurity (Infosecurity Magazine) The former NCSC chief executive discussed his new role at SANS and a number of other important issues in cyber today
Peter Kujawa of ConnectWise’s Service Leadership Business Named 2023 Channel Influencer Award Winner by Channel Futures (GlobeNewswire News Room) ConnectWise, the world’s leading software company dedicated to the success of IT solution providers...
CRN Names Versa Networks One of 10 Hot SASE Companies to Watch in 2023 (Business Wire) Only Versa Lets Partners Deliver Services Including Secure SD-WAN, Secure Web Gateway, Cloud Access Security Broker, Network Firewalling and Zero Trust from a Unified Platform
Akamai Ascents on Auckland (Australian Cybersecurity Magazine) Akamai Technologies has announced that it is building a Scrubbing Centre and Cloud Data Centre in Auckland, New Zealand as part of its global infrastructure investment strategy.
Bugcrowd Expands Advisory Board with the Appointment of Prabhath Karanth (PR Newswire) Bugcrowd, the leader in crowdsourced cybersecurity, today announced the appointment of Prabhath Karanth (PK) to the company's Advisory Board....
SentinelOne Bolsters Singularity Platform with Executive Appointments (SentinelOne) Enterprise Cybersecurity Experts Jane Wong and Lana Knop Join to Take Product Leadership Evolution to Next Level
INSA Names Todd Probert to its Board of Directors (Yahoo) CACI International Inc (NYSE: CACI) announced today that the Intelligence and National Security Alliance (INSA) named Todd Probert, CACI President of National Security and Innovative Solutions, to its Board of Directors. Probert will serve a three-year term, effective January 1, 2023.
Proofpoint Announces CFO Transition (GlobeNewswire News Room) Rémi Thomas succeeds Paul Auvil as chief financial officer, bringing over 30 years’ experience across the technology sector...
Keith Mason Joins Paladin Capital Group as a Venture Partner with Focus on Southeast United States (Paladin Capital) As an experienced investor with deep Georgia ties, Mason will help accelerate Paladin’s expansion in the southeast. Mason previously advised Paladin during the firm’s fundraise for its $372 million Cyber Fund II.
Products, Services, and Solutions
JFrog Revolutionizes C/C++ Development with Conan 2.0: Advanced Capabilities for Building High-Performance, Embedded, and IoT Applications (JFrog) Already Powering the World of AI, Automotive, Aerospace, Robotics and Healthcare, the New C/C++ Package Manager Will Help Organizations Build and Secure Software Pipelines at Scale
Product Security Report 2022 (Intel) Read the full Intel 2022 Product Security Report.
Keysight Launches Wireless Test Platform for 5G RedCap and Cellular IoT Industry Progression (Business Wire) Provides chipset, device, and module maker ecosystem with a network emulation platform designed specifically for all cellular internet of things technologies, including the 5G RedCap specification.
Netography Launches Network Visibility and Operational Governance for Social Media Policies (Business Wire) Threat analysts can now quickly see and analyze social media network usage across the Atomized Network with Netography Fusion®
New Version of Netwrix Privilege Secure Further Reduces Attack Surface (Netwrix) Netwrix Privilege Secure (formerly Netwrix SbPAM) now provides just-in-time privileges for database access.
IRONSCALES Partners with Yellow Cube (Ironscales) With Yellow Cube on our side, IRONSCALES is making its innovative, AI-powered, enterprise email security solution accessible to this exciting market.
Proofpoint announces Element Partner Programme for channel partners removing complexity (Intelligent CIO Middle East) Unveils new simplified partner programme to accelerate channel growth Proofpoint Element Partner Programme strengthens resellers’ position and market opportunity in the Middle East with enhanced sales and marketing development resources, benefits, incentives, and training support Proofpoint, a cybersecurity and compliance company, announced its new partner programme to empower the channel to drive sales, enhance customer […]
WithSecure’s new tech is an ‘undo’ button for ransomware (News Powered by Cision) WithSecure’s Activity Monitor technology rolls back changes to data caused by malware.
Helsinki,
Built-in macOS Security Tools (Huntress) We discuss some of our favorite and most interesting built-in macOS security tools.
Qonsent and LiveRamp Partner to Drive Consumer-First Consent Solution for Brands, Marketers, and Consumers (PR Newswire) Qonsent, the first consent enablement and consumer trust platform, today announced a partnership with LiveRamp, the leading data enablement...
Verifone Selects Lacework to Help Secure its Cloud Infrastructure (PR Newswire) Lacework®, the data-driven cloud security company, today announced that Verifone, a global FinTech leader and payment solution provider to the...
ThreatQuotient Selected by Sysdig to Scale Cloud Threat Detection and Response (Business Wire) Sysdig has standardized on the ThreatQ Platform for data-driven security operations, saving time and improving threat detection and research capabilities at scale
Technologies, Techniques, and Standards
NSA Releases Best Practices For Securing Your Home Network (National Security Agency/Central Security Service) The National Security Agency (NSA) released the “Best Practices for Securing Your Home Network” Cybersecurity Information Sheet (CSI) today to help teleworkers protect their home
Balance Data Retention vs Data Protection with Quantitative Risk Analysis (RiskLens) Data is the “oil” of the digital age, the saying goes, but it’s also a cyber risk, a target for data breach as well as regulatory fines for privacy violations. Data retention policy vs. data protection – what’s the right balance at your organization that meets the needs of the business and cybersecurity?
Design and Innovation
JPMorgan Restricts Employees From Using ChatGPT (Wall Street Journal) Verizon and other organizations have also blocked access to the popular AI chatbot.
Twitter Is Correct To Move Away From SMS Two Factor Authentication, Though, There Are Much Better Ways To Do It (Techdirt) A lot of people freaked out on Friday after the news came out that Twitter was going to make SMS two-factor authentication (2FA) only available to paid Twitter Blue subscribers. The news was first …
Microsoft brings Bing chatbot to phones after curbing quirks (AP NEWS) Microsoft is ready to take its new Bing chatbot mainstream — less than a week after making major fixes to stop the artificially intelligent search engine from going off the rails .
ChatGPT Fever Sweeps China as Tech Firms Seek Growth (Wall Street Journal) As companies play catch-up, they face hurdles including securing advanced chips and China’s tight censorship rules.
Baidu says its alternative to ChatGPT is coming to the public in March (CNBC) Chinese tech giant Baidu said Wednesday its artificial intelligence product Ernie bot is set to open to the public next month.
I interviewed ChatGPT for a job. Employers should take note of its performance. (Washington Business Journal) What happens when you interview a hypothetical, AI-powered candidate for a hypothetical job? A surprising performance that suggests employers are in for some interesting challenges in the years to come.
Gamifying cyber: new strategies to diversify the security profession (Computing) Getting a job in cybersecurity used to rely on luck or sideways movement, but new programmes like Cyber Explorers are changing that
Research and Development
Google claims major quantum computing breakthrough (Computing) Researchers say their technique for reducing error rates is a significant advance
Legislation, Policy, and Regulation
TikTok Banned on EU Executive Staff Devices (Wall Street Journal) The move comes as officials in Europe and the U.S. scrutinize TikTok over concerns that Beijing could force the company to hand over data on its users.
DOJ Issues Corp. Self-Disclosure Policy For US Attys Offices (Law360) The U.S. Department of Justice said Wednesday it is implementing a voluntary self-disclosure policy for corporate criminal enforcement in all U.S. attorney's offices across the nation, offering steep discounts on fines and non-guilty plea resolutions to companies that timely self-report.
The raucous battle over Americans’ online privacy is landing on states (POLITICO) But industry critics are playing catch-up to a campaign that's made significant headway in several states, including Virginia and Utah, where weaker laws were enacted in recent years.
A longtime DOJ cyber official gives an exclusive exit interview (Washington Post) Adam Hickey discusses his time working on cyber issues at DOJ, and what’s next.
Litigation, Investigation, and Law Enforcement
House Democrats want briefing on domestic terrorism at energy facilities, including malware (The Record from Recorded Future News) Democrats in the House asked CISA and DHS for a briefing about domestic terrorists, including cyberattacks against energy infrastructure.
Live updates: Supreme Court hears Twitter v. Taamneh oral arguments (CNN) The Supreme Court is scheduled to hear oral arguments on the case Twitter v. Taamneh on Wednesday — which could reshape the rules of the internet. Listen to the oral arguments live here and follow for the latest news updates.
Supreme Court Struggles With Social Media’s Role in Terrorism (Bloomberg) Justices explore banking, rental cars or guns analogies. Twitter argues it did not violate the Anti-Terrorism Act.
The US Supreme Court Doesn’t Understand the Internet (WIRED) A case before the court is challenging social media platforms’ legal protections. The outcome could be huge for the future of the web.
Can employees be fired over online posts? Attorneys say yes (Maryland Daily Record) Inquiring minds want to know: Can I be fired over something I posted online?
The Next S.B.F. Legal Riddle: What’s in Puerto Rico? (Puck) An elite unit of the Department of Justice has taken an interest in the political side of the FTX case, raising the possibility of more indictments to come.
Prosecutors Seek to Encourage Corporate Confessions (Wall Street Journal) U.S. attorneys say companies will face reduced criminal penalties if they self-report.