Stay ahead of the game with CrowdSec, an open-source security suite that offers crowdsourced protection against malicious IPs. With its simple integration into your existing security infrastructure, you gain behavioral detection and automated remediation. Plus, you will benefit from highly actionable cyber threat intelligence with zero-false positives and a reduced volume of alerts built from a network of 170k+ machines spread over 180+ countries. Don’t fight alone, let the crowd support you. Get started with CrowdSec for free!
We’re very pleased to announce that the Retail & Hospitality ISAC Podcast has joined the CyberWire Podcast Network. Join host Luke Vander Linden for chats with members of the InfoSec community to discuss the latest challenges, opportunities, and best practices unique to cybersecurity in the retail and hospitality industry. Tune in and subscribe.
Researchers at Safeguard Cyber have observed a social engineering campaign on LinkedIn that used the DALL-E generative AI model to make images for phony ads designed to gather personal information. The malicious ads purported to offer a link to a whitepaper that would empower “sales team[s] with next-level insights and strategies.” If a user clicks the ad, they’ll be asked to enter their personal information, including their email address and phone number, in order to receive the whitepaper. Safeguard Cyber’s researchers comment that this information would be useful in preparing future, targeted phishing attacks. For more information on abuse of DALL-E, see CyberWire Pro.
Why are you struggling with interpreting threat intel by yourself? Engage Nisos to achieve better risk insights and outcomes. Rely on the experts with a managed service that gives you the people, process, and technology to control costs while improving your defenses. Nisos leverages automation efficiency and analyst expertise that eliminates noise, identifies risks, and prioritizes your company-specific threats. We help you respond to threats faster and more effectively through assessments, monitoring, and investigations.
A report earlier this month from BitSight described the BHProxies botnet residential proxy service and the actor behind it: a six year-old botnet named Mylobot. KrebsOnSecurity wrote Friday that the primary purpose of Mylobot appears to be the transformation of the infected system into a proxy. The BHProxies service allows for the rental of a “residential IP address to use as a relay for their Internet communications, providing anonymity and the advantage of being perceived as a residential user surfing the web,” and is said to promote access to over 150,000 devices. The Mylobot threat actor, whose first activity was detected in an October 2017 sample by Deep Instinct, has used sophisticated methods of camouflage, lying dormant for a couple of weeks on an infected system before making contact with command-and-control servers, and running only in the temporary memory of the infected computer. BitSight researchers say that they “cannot prove that BHProxies is linked to Mylobot, but we have a strong suspicion, since Mylobot and BHProxies used the exact same IP 46.166.173.180 on an interval of 24 hours.”
Other CISSP certification training providers don't have a way to determine exam readiness until a practitioner passes (or fails) their certification exam. CyberVista's online CISSP course includes predictive analytics to show who is ready, who needs more time, and where to focus training. Through diagnostic exams, custom quizzes, a mock Computer Adaptive Test (CAT) Exam, and more, employers and practitioners alike feel confident in passing their CISSP the first time with CyberVista.
Menlo Security is tracking a campaign that’s using the commodity downloader PureCrypter to target government entities. The threat actor uses Discord to host the downloader, and employs a compromised domain belonging to a non-profit organization as a command-and-control server. The attackers are using PureCrypter to deliver a variety of malware strains, including the “Redline Stealer, AgentTesla, Eternity, Blackmoon, and Philadelphia Ransomware.” The researchers conclude that “this threat actor doesn’t appear to be a major player in the threat landscape, but the targeting of government entities is surely a reason to watch out for them.”
It was unclear whether outages over the weekend at Dish Network were the result of a cyberattack (as BleepingComputer speculated) or internal network issues (as the Verge reports Dish Network indicated). Whatever the cause, employees and customers have been affected since Friday. Dish.com this morning continued to display the message, "We are experiencing a system issue that our teams are working hard to resolve."
Adaptive Shield's annual SaaS-to-SaaS Access Report, which discusses this year’s organizational security risks posited by connected third-party apps, was released this morning. The researchers report that companies with 10,000 SaaS users of Microsoft 365 have on average 2,033 applications connected to the productivity software, with that number jumping to 6,710 in Google Workspace connections. For companies with a larger user base of 10,000-20,000 SaaS users of Google Workspace, the average number of connected apps increases to 13,913. High-risk access to permissions, such as the ability to see, create, edit, and delete Google Drive files and M365 data have been found in 39% of apps connected to M365 and 11% to Google Workspace, researchers say. The apps most commonly connected to such software were email applications, followed by file and document management apps. Scheduling, content management, and project management apps also earned a spot on the top ten list. For more on Adaptive Shield's study, see CyberWire Pro.
While Russian offensive cyber action against Ukraine has been heavy, and marked by the intelligence services' attempts at disruptive attacks (using wipers, for example), fallen far short of prewar expectations. Ukrainian resilience has blunted much of the Russian cyber offensive's effects. ESET offers a history of wiper attacks over the course of the war, and also notes that "many of the attacks have been detected and thwarted." CyberScoop draws attention to the success of Ukrainian defensive measures, which have certainly blunted the effects of the wipers and other attempts to influence the outcome of the war in cyberspace.
The Canadian Centre for Cybersecurity issued a warning Friday: "The Communications Security Establishment (CSE) is urging Canadian organizations to be vigilant and prepared for potential malicious cyber activity following the one-year mark of Russia’s full-scale invasion of Ukraine. CSE’s Canadian Centre for Cyber Security (Cyber Centre) is specifically warning Canadian organizations and critical infrastructure operators to be prepared for the possible disruptive and defacement of websites by cyber threat actors aligned with Russian interests. The Cyber Centre continues to remind the Canadian cyber security community – especially the operators of government and critical infrastructure web sites – to adopt a heightened state of vigilance, and to bolster their awareness of and protection against malicious cyber threats."
The CyberWire's continuing coverage of Russia's war against Ukraine may be found here.
State-directed and politically-motivated threat actors aren't the only ones finding their tasks harder. The Wall Street Journal reports that cyber gangs' proceeds from their crimes have fallen off, and the individual criminals themselves are facing the equivalent of layoffs. Companies, encouraged by more stringent requirements for obtaining cyber insurance, have improved their defenses, and more aggressive law enforcement activity has also taken a direct toll on the gangs.
The proposed changes to US National Institute of Standards and Technology's (NIST) guidance, found in NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework are open for public comment through this Friday, March 3rd, 2023. Among other goals, the changes are intended to expand the scope of the Framework to organizations of all sizes, in all sectors. They also reflect an increased emphasis on international cooperation, and a more extensive treatment of cybersecurity as an exercise in risk management. Comments on Framework 2.0 should be emailed to cyberframework@nist.gov. For more on the proposed revisions to the framework, see CyberWire Pro.
Today's issue includes events affecting Australia, Belarus, Bolivia, Canada, China, Cuba, Denmark, El Salvador, the European Union, Germany, NATO/OTAN, the Netherlands, Nicaragua, Peru, Russia, Ukraine, the United Kingdom, the United States, and Venezuela.
Ukraine at D+368: The war's first anniversary passes. (CyberWire) The first anniversary of Russia's invasion passes, but marked by diplomacy and disinformation rather than the expected Russian offensive.
Russia-Ukraine war at a glance: what we know on day 369 of the invasion (the Guardian) Two killed as Ukraine claims to have shot down 11 of 14 drones in overnight attack; partisans claim to have destroyed Russian plane at Belarusian airstrip
Russia-Ukraine war: List of key events, day 369 (Al Jazeera) As the Russia-Ukraine war enters its 369th day, we take a look at the main developments.
Anti-war partisans in Belarus claim to have damaged Russian plane (the Guardian) Group says it used drones to hit early warning aircraft at Machulishchy airfield 12km from Minsk
Zelenskiy fires a top Ukrainian military commander, no reason given (Reuters) Ukrainian President Volodymyr Zelenskiy on Sunday fired a senior military commander helping lead the fight against Russian troops in the country's embattled east but gave no reason for the move.
Ukraine war: How Russia took the south - and then got stuck (BBC News) The story of Russia's rapid advance in southern Ukraine, told by the people who managed to stop it.
Tears, defiance and new tanks in Ukraine for war anniversary (Military Times) China on Friday called for a ceasefire, an idea Ukraine has previously rejected for fear that a pause would allow Russia to regroup militarily.
On Ukraine Front, Civilians Cling On as Troops Repel Russia (Military.com) The town of Vuhledar has become one of the deadliest hot spots on the largely static front line between Ukrainian and Russian forces that stretches hundreds of kilometers in eastern Ukraine.
Russia-Ukraine war at a glance: what we know on day 368 of the invasion (the Guardian) Vladimir Putin accuses west of wanting to liquidate Russia; US president Biden says China negotiating peace deal ‘not rational’
Ukraine Focus Returns to Battlefield as War’s First Anniversary Passes (Wall Street Journal) After a wave of new Western sanctions and commemorations to mark the first anniversary of the Russian invasion, Ukrainian forces were again focused on repelling Russian attempts to advance.
Russia-Ukraine war live: Moscow cuts oil supply to Poland – as it happened (the Guardian) Comments from French president come after Joe Biden said it was ‘not rational’ for Beijing to be negotiating a peace deal
Russia’s Assault on Daily Life in Ukraine (bellingcat) Playgrounds, post offices, bus stops. A year on, Russia’s invasion of Ukraine has wrought death and destruction well beyond the front lines.
A Year into Russia’s Invasion, Survival in Ukraine is Still “Like a Lottery Ticket” (bellingcat) Bellingcat and Scripps News examine the human cost of Russia's invasion of Ukraine.
Protests in Russia denounce Ukraine invasion; antiwar rallies held worldwide (Washington Post) As politicians and people worldwide marked the first anniversary of Russia’s invasion of its neighbor on Friday, small sporadic protests broke out across Russia, where it is illegal to criticize the military or the conflict.
Ukraine Latest: Zelenskiy Says Victory Assured — With Support (Bloomberg) Ukrainian President Volodymyr Zelenskiy said on the one-year mark of the Russian invasion that his country will secure victory if allies maintain their support, possibly this year.
The War in Ukraine, One Year On - Interactive Commentary (Royal United Services Institute) Russia’s war strategy was predicated on the assumption that Ukrainian political opposition would be minimal, and that the ‘decapitation’ of the Ukrainian government would lead to a collapse of resistance.
One year, eight world-changing numbers. Quantifying Russia's war in Ukraine. (Atlantic Council) Experts from across the Atlantic Council have drawn up the figures they believe best illustrate all the ways this war has shaken the world.
Putin Will 'Take into Account' NATO's Nuclear Capability (Military.com) Putin repeated his common theme that the West is bent on destroying Russia.
The UN Couldn't Even Agree to Hold a Minute of Silence for Ukraine (Bloomberg) Even holding a minute of silence for victims of the conflict in Ukraine proved too hard for the United Nations Security Council, where a meeting meant to push for peace a year after Russia invaded descended into objections about the order of speakers.
What I said to the United Nations Security Council on the one-year anniversary of Putin’s war in Ukraine (U.S. Department of State) This week, I traveled to New York and told the United Nations Security Council’s session on Ukraine that Russia’s full-scale invasion of Ukraine is a violation of the UN Charter and a betrayal of the Security Council's mandate to maintain international peace and security.
Ukrainian Nobel peace laureate calls for special tribunal to try Putin (the Guardian) Oleksandra Matviichuk says trials for crime of aggression may deter Russians from further atrocities
Statement from Secretary Mayorkas on the Anniversary of Russia’s Unprovoked Invasion of Ukraine (US Department of Homeland Security) Secretary of Homeland Security Alejandro N. Mayorkas released the following statement on the anniversary of Russia's unprovoked invasion of Ukraine.
Austin Says World is Resolute in Supporting Ukraine (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke by phone to Ukraine's defense minister on the one-year anniversary of the Russian invasion, praising Ukrainians for their courage and resolve.
Readout of Secretary of Defense Lloyd J. Austin III's Call With Ukrainian Minister of Defe (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke with Ukrainian Defense Minister Oleksii Reznikov to reiterate the unwavering U.S. commitment to supporting Ukraine.
Brigadier General Pat Ryder, Pentagon Press Secretary, Holds a Press Briefing (U.S. Department of Defense) Pentagon Press Secretary Air Force Brig. Gen. Pat Ryder updated reporters during a Defense Department news briefing.
Blinken Aims to Pressure Russia on Trip to Central Asia, India (Bloomberg) Secretary of State Antony Blinken is traveling into Russia’s sphere of influence next week as he tries to pull some of Moscow’s traditional partners closer to the US position on the war in Ukraine.
G-20 finance chiefs forgo joint declaration as China backs Russia (Nikkei Asia) Most members condemn Ukraine war; India's 'outcome document' promises debt action
China’s Ukraine Plan Is All About Challenging the US (Bloomberg) Beijing is offering a bogus path to peace, weighing arms sales to Russia, and showing an increasing appetite for confrontation with the democratic world.
Zelenskiy open to China peace plan but rejects compromise with ‘sick’ Putin (the Guardian) Ukrainian president shows steel and emotion in marathon press conference, as Joe Biden says having China as peacemaker is ‘just not rational’
Latin America Is Still Giving Putin a Pass on Russia’s War in Ukraine (World Politics Review) Most Latin American countries, including Mexico and Brazil, have opted to remain neutral on Russia’s war in Ukraine.
Russia and Putin’s Latest Speech: A Series of Unfortunate Events (Royal United Services Institute) Doubling down on past errors seems to be the Russian leader’s only constant approach.
‘That’s my neighbour’: Mariupol residents’ shock at Putin’s parade line-up (the Guardian) Survivors’ disgust as children thank ‘rescuers’ in a lavish Moscow celebrationRussia-Ukraine war – latest news updates
Thousands protest in Berlin against giving weapons to Ukraine (the Guardian) About 13,000 people gather at Brandenburg Gate, as demonstrations also take place in other German cities
Central Asians Pressed To Fight In Ukraine With Russian Troops Returning Home In Coffins (RadioFreeEurope/RadioLiberty) Dozens of families in Central Asia have received the bodies of their loved ones killed in Ukraine. Some of them were recruited from Russian prisons. Others were migrant workers lured with promises of money and a Russian passport, and some went to war willingly.
Dozens Of Coffins Stacked In Novosibirsk Airport Hint At Soaring Recent Russian Losses In Ukraine (RadioFreeEurope/RadioLiberty) A video has gone viral of what appears to be coffins stacked like wood at the main international airport in the Siberian city of Novosibirsk. Many are thought to have been local inmates who signed up to fight in Ukraine with the Wagner mercenary force.
How Wagner Gave Three Russian Crime Bosses from the 90s a New Lease of Death (bellingcat) In a bid to fill the trenches of eastern Ukraine, the mercenary group turned to the leaders of criminal gangs from Russia’s ‘wild 1990s’.
Polish Leopard 2 tanks arrive in Ukraine as Sweden announces more to come (Breaking Defense) The delivery marks the first foreign gifts of Western-made main battle tanks to Ukraine, a long-sought after weapon for Kyiv which it hopes to use as part of a planned upcoming spring offensive.
How Ukraine is using US mines to decimate Russian tanks (Task & Purpose) Russian troops have spent February trying to take the town of Vuhledar, but its tanks keep running into the same problem. Mines. Lots of mines.
Here’s what arming Ukraine could look like in the future (Vox) France, Germany, and the UK proposed a new defense plan — that might be a subtle bid for peace negotiations.
EXCLUSIVE: 7 Former NATO Commanders Say US ‘Must Do Everything We Can’ for Ukrainian Victory (Defense One) "Now is the time for America and its allies to dig deeper to get Ukraine what it needs to win."
Naval warfare poised to play smaller role in year 2 of Ukraine war (Breaking Defense) “You’ve seen the Russian effectiveness from the maritime has been declining. The very reason [is] that the Ukrainians have become better at targeting and using the weapons that we that we provided them,” said CNO Adm. Michael Gilday.
People Forgot How War Actually Works (The Atlantic) Armed conflict is never straightforward. Weapons are not power. National identity matters.
Discreetly, and at peril, Russian volunteers help Ukrainian refugees (Washington Post) To avoid the authorities, thousands of displaced Ukrainians in Russia are relying on a discreet network of unofficial volunteers — a sort of Slavic echo of the Underground Railroad — working to bring war refugees through Russia to safety in Europe.
Facebook Is Still Letting Russia Interfere in Politics (WIRED) Russian-backed groups are using political ads to subvert the democratic process in Moldova.
Hacker group defaces Russian websites to display the Kremlin on fire (TechCrunch) Hacking websites to display propaganda or make a political statement is as old as the internet, and something that’s been done since the war began in Ukraine.
A year after Russia's invasion, the scope of cyberwar in Ukraine comes into focus (CyberScoop) The Ukraine war has inspired a defensive cyber effort that government officials and technology executives describe as unprecedented.
Cybersecurity in wartime: how Ukraine's infosec community is coping (CSO) A year into the war, resilience and adaptation, risk and sacrifice are the hallmarks of being a cybersecurity professional in Ukraine.
MWC 23 How mobile networks are being used in the war in Ukraine (Telemedia Online) Mobile networks have been critical since day one of the war in Ukraine, and as February 24 marked the one year anniversary of the invasion, Enea
Russia Engages With Ukraine on Cyber Battlefield (The Street) Criminals are turning more to cyberattacks instead of engaging in physical wars.
A parallel terrain: Public-private defense of the Ukrainian information environment (Atlantic Council) The report analyzes Russia’s continuous assaults against the Ukrainian information environment, and examines how Russian offensives and Ukrainian defense both move through this largely privately owned and operated environment. The report highlights key questions that must emerge around the growing role that private companies play in conflict.
Ukraine gears up for new phase of cyber war with Russia (POLITICO) Ukraine withstood a deluge of cyberattacks from Russia in the past year, but Russia will test its cyber defenses further as the war drags on.
Ukraine war anniversary likely to bring ‘disruptive’ cyberattacks on West, agencies warn (Global News) The U.S. Cybersecurity and Infrastructure Security Agency said malicious online actors may be seeking 'to sow chaos and societal discord' amid the Ukraine anniversary.
How the Ukraine War Has Changed Russia’s Cyberstrategy (Foreign Policy) Defensive measures and disarray have hampered Moscow’s abilities, but that could change.
Russia-Ukraine War Prompts New Battlefield for Cybersecurity (Channel Futures) Friday marks one year since the start of the Russia-Ukraine war, a conflict fought on several fronts, including cybersecurity.
A year of wiper attacks in Ukraine (WeLiveSecurity) ESET Research has compiled a timeline of cyberattacks that have used wiper malware and targeted Ukraine since Russia’s invasion in February 2022.
Russia's yearlong cyber focus on Ukraine (Axios) Experts say Russia lacked the resources and time to plan destructive cyberattacks against the West.
A year after Russia's invasion, cyberdefenses have improved around the world (Washington Post) More lessons on the cyber role in the Russia-Ukraine war
One year on, how is the war playing out in cyberspace? (WeLiveSecurity) As Russia's war on Ukraine passes the one-year mark, we look at some of its implications for cyberspace.
The Russia-Ukraine cyber war: one year later (IT World Canada) To soften up Ukraine just prior to its February 24, 2022 invasion, Russia, or Russian-backed threat groups, unleashed a wave of wiperware against the country's organizations, deployed a new version of the Industroyer malware against power generating stations and took down thousands of routers used by Ukrainian (and other) subscribers to Viasat's satellite internet service.
A Year of Conflict: Cybersecurity Industry Assesses Impact of Russia-Ukraine War (SecurityWeek) On first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.
Undermining Ukraine (Atlantic Council) From the very start of the war, the Kremlin emphasized demoralizing Ukrainian audiences and destroying their will to fight. Building on daily monitoring of the Kremlin media ecosystem, this report analyzes Russia’s attempts to undermine Ukraine by targeting local, regional, and global audiences since February 2022.
Narrative warfare (Atlantic Council) In the weeks and months leading up to Russia invading Ukraine on February 24, 2022, the Kremlin and pro-Kremlin media employed false and misleading narratives to justify military action against Ukraine, mask the Kremlin’s operational planning, and deny any responsibility for the coming war. Dive into a full accounting of the road to war.
Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine (Dark Reading) Preparation and cooperation helped to mitigate the worst of the digital damage, amid cyber sorties from all sides.
Russia launched large-scale operations in cyberspace alongside war (euronews) As the war dragged on, Russian hackers were unable to compensate for failures on the battlefield, not least because of the support Ukraine has received, including in cyberspace.
Cybersecurity must be tightened up in this era of polycrisis (World Economic Forum) Achieving cyber resilience is one of the biggest cybersecurity challenges. It requires a harmonised approach that stretches across borders and businesses.
PSC Report Details GovCon Industry Services to Ukraine (Executive Gov) Looking for the latest Government Contracting News? Read about PSC Report Details GovCon Industry Services to Ukraine.
Ukraine issues Banksy mural postage stamp (the Guardian) Stamp features British artist’s mural on a demolished wall in Borodianka near Kyiv, bombed at the start of the Russian invasion
Russia policy after the war: A new strategy of containment (Atlantic Council) To prevent further damage to the rules-based international order, the United States and its allies will need a strategy of containment to deter Russia militarily and decouple Russia from the international community, until Moscow has earned the right to be considered a partner once more.
The Good, the Bad and the Ugly: Assessing a Year of Military Aid to Ukraine (Royal United Services Institute) How has the Western effort to train and equip Ukrainian forces fared in year one – and what might we expect from additional military assistance in the future?
MLRS and the Totality of the Battlefield (Royal United Services Institute) Multiple rocket launchers like MLRS and HIMARS have altered the totality of the battlefield in Ukraine. The integration of long-range precision effects and intelligence into a single system is therefore a critical lesson that other forces must learn.
Ukraine’s War Brings Autonomous Weapons to the Front Lines (WIRED) Drones that can find their own targets already exist, making machine-versus-machine conflict just a software update away.
Targeting Key Sectors, Evasion Efforts, and Military Supplies, Treasury Expands and Intensifies Sanctions Against Russia (U.S. Department of the Treasury) Actions Taken in Coordination with G7 Metals and Mining Determination Enables Targeting of Putin Revenue Source Wide Array of Evasion-Related Targets Exposed
US Treasury to Target ‘Dual-Use’ Products Headed for Russia (Bloomberg) Deputy Treasury chief Adeyemo speaks in Bloomberg TV interview. Chinese and Indian firms among those under US scrutiny.
Treasury Department hits Russian disinformation operators with sanctions (The Record from Recorded Future News) The Treasury announced sanctions on Russian companies, including some connected to disinformation operations with links to intelligence.
EU Hits Russia With More Sanctions One Year After Invasion (Bloomberg) European Union member states backed a 10th package of sanctions on Russia including tighter export restrictions and technology controls, as well as requiring banks to report information on Russian Central Bank and other sanctioned assets they hold.
EU adopts 10th package of sanctions against Russia (Sanctions & Export Controls Update) The EU has today adopted its 10th package of sanctions against Russia. Please see here for relevant Regulations and Council decisions. The new package includes the following measures:
EU Announces Additional Sanctions Against Wagner Group For Activities In Africa (RadioFreeEurope/RadioLiberty) The EU has announced additional sanctions against Russia's Wagner mercenary group for "human rights abuses" in the Central African Republic, Sudan, and Mali.
How Biden’s Shock-and-Awe Tactic Is Failing to Stop Russia (Military.com) Sanctions have inflicted damage, but they haven’t induced Putin to stop the war — raising wider questions about a tool that’s become increasingly central to U.S. foreign policy.
How Ukraine’s Defence Industry Can Reduce Russian Geopolitical Influence (Royal United Services Institute) Russia’s arms sales remain a critical component of its economy. With the West’s help, Ukraine could work to displace Moscow in key markets, thus weakening its global influence.
How Russia’s Invasion of Ukraine Changed Financial Markets (Wall Street Journal) A year after Russian tanks rolled into Ukraine, markets have absorbed many of the short-term impacts—but investors say the conflict could have longer-lasting financial consequences.
Danish hospitals hit by cyberattack from ‘Anonymous Sudan’ (The Record from Recorded Future News) The websites of nine hospitals in Denmark went offline on Sunday evening following distributed-denial-of-service (DDoS) attacks from a group calling itself Anonymous Sudan.
15M records allegedly belonging to Peruvian tax authority exposed on a forum (SafetyDetectives) The SafetyDetectives cybersecurity team recently discovered a database shared on a clear web forum for free, presumably belonging to the Peruvian governmental e
Attacker floods PyPI with 1000s of malicious packages that drop Windows trojan via Dropbox (Sonatype) A threat actor has infiltrated the PyPI software registry with 1000s of malicious packages at one time.
A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life (Wall Street Journal) The passcode that unlocks your phone can give thieves access to your money and data. “It’s like a treasure box.”
A woman who got locked out of her Apple account minutes after her iPhone was stolen and had $10,000 taken from her bank account says Apple was 'not helpful at all' (Business Insider) Reyhan Ayas was standing outside a bar in New York when a man snatched her iPhone and ran off. She said that was only the start of her Apple ordeal.
Who’s Behind the Botnet-Based Service BHProxies? (KrebsOnSecurity) A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a…
Mylobot: Investigating a proxy botnet (Bitsight) Read latest research on Mylobot after first appeared in 2017 and main capability, which is transforming the infected system into a proxy.
PureCrypter targets government entities through Discord (Menlo Security) Menlo Labs has uncovered an unknown threat actor leveraging an evasive threat campaign distributed via Discord featuring the PureCrypter downloader and targeting government entities.
PureCrypter malware hits govt orgs with ransomware, info-stealers (BleepingComputer) A threat actor has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains.
When Low-Tech Hacks Cause High-Impact Breaches (KrebsOnSecurity) Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's…
Fortinet Shares Clarifications on Exploitation of FortiNAC Vulnerability (SecurityWeek) Fortinet provides clarifications related to exploitation attempts targeting the FortiNAC vulnerability CVE-2022-39952
ChromeLoader campaign lures with malicious VHDs for popular games (BleepingComputer) Security researchers have noticed that the operators of the ChromeLoader browser hijacking and adware campaign are now using VHD files named after popular games. Previously, such campaigns relied on ISO-based distribution.
What We Know About the New Oracle WebLogic Vulnerabilities (Flashpoint) We are currently seeing an Oracle WebLogic vulnerability getting some attention as exploit code was published by multiple sources. Oracle provided patches on January 17, 2023 with the latest Critical Patch Update, so with exploit code publicly available it is time to ensure that those patches have been applied.
Dish Network goes offline after likely cyberattack, employees cut off (BleepingComputer) American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours.
Dish Network hit by multi-day internal outage, in possible cyber attack (Data Center Dynamics) Company won't say if a ransomware attack is to blame
Dish Network’s internal systems are so broken some employees haven’t worked in over a day (The Verge) Boost Mobile is also affected.
Rackspace Ransomware Attack Update: What You Need to Know (IT Security News) During the recent Rackspace ransomware attack, the company confirmed hackers accessed customer data. Rackspace staff and cybersecurity researchers have been investigating the incident since it occurred, and new information has emerged. The attack, which Rackspace first confirmed on December 6, 2022, impacted the company’s hosted Exchange Email service, forcing the web giant to shut it down
News Corp says state hackers were on its network for two years (BleepingComputer) Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020.
Hackers accessed News Corp's network for two years (Computing) The company says the unauthorised access does not appear to have been targeted towards exploiting personal information
‘Limited number’ of News Corp employees sent breach notification letters after January cyberattack (The Record from Recorded Future News) Employees of News Corp are being sent breach notification letters this week following a January 2022 breach.
LockBit leaks Royal Mail's data, renews ransom demand (Computing) Most of the leaked data is made up of technical program files and administrative business data, according to Royal Mail
Telus says it’s investigating claims employee information was posted on ‘dark web’ (Global News) The telecom is probing claims that a 'small amount of data' including employee information was posted online. Telus says it has not identified any customer data in the incident.
Ohio’s largest oil producer says ‘no impact’ seen after cyberattack (The Record from Recorded Future News) Encino Energy, which is based in Houston and has a large operation in Ohio, said a recent cyberattack was remediated after it was discovered.
Stanford University discloses data breach affecting PhD applicants (BleepingComputer) Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023.
Oakland says 311, business license systems still down, but National Guard is helping (The Record from Recorded Future News) IT experts from the California National Guard and other state agencies are helping Oakland deal with a crippling ransomware attack.
Pubs and clubs target data and surveillance in race to win pokie profits (The Sydney Morning Herald) In the battle for profits, clubs are investing in number plate, CCTV and player recognition and crowd counting in the hunt for what has been dubbed “untapped gold” from pokie machines.
U of S data breach may affect those who bought Huskies tickets (Star Phoenix) Huskies fans who bought tickets online between Feb. 17 and Feb. 21 have been potentially affected by a data breach.
Fake Friends: Leak Reveals Israeli Firms Turning Social Media Into Spy Tech (Haaaretz) Avatars are not used just to push out disinformation. A massive leak of 500,000 documents reveals how fake online accounts are also used to spy on journalists and activists
Microsoft recommending you scan more Exchange server files (Register) Software giant takes some files and processes off the exclusion list
WSJ News Exclusive | Hackers Extort Less Money, Are Laid Off as New Tactics Thwart More Ransomware Attacks (Wall Street Journal) Extortion payments from ransomware, a hacking scourge that has crippled hospitals, schools and public infrastructure, fell last year.
Wiper malware goes global, destructive attacks surge (Help Net Security) Adversaries are deploying attack alternatives to enable their destructive attempts with APT-like threat methods such as wiper malware.
Schneider Electric canvasses increased awareness to tackle cyber-attacks (Businessday NG) Digital energy multinational, Schneider Electric has called for caution from industrial players with regard to the increased risk of cyber-attacks on
IBM report reveals vulnerable UK energy system among top targets for cybercriminals (Intelligent CIO Europe) IBM Security has released its 2023 X-Force Threat Intelligence Index, which revealed that the UK’s energy industry was among the primary targets for cyberattacks for the second consecutive year, seeing 16% of all attacks. The UK was the top-attacked country in Europe, accounting for 43% of the attacks X-Force observed, followed by Germany (14%), Portugal (9%), […]
Traditional underwriting won't cut it in "chaotic" cyber market (Corvus) Cyber moving beyond a "snapshot" view of risk, SVP says
Wiz becomes the world’s largest cybersecurity unicorn (Wiz Blog) Just three years since its launch, Wiz becomes the world’s largest cyber unicorn and fastest SaaS company to reach a $10B valuation
Immuta Secures Strategic Investment from ServiceNow as Global Expansion Continues | Immuta (Immuta) Strategic funding, product enhancements, and new key executives empower Immuta to meet growing data security demands
Cisco to Buy Startup Valtix to Guard Workloads Across Clouds (Gov Info Security) Cisco plans to buy cloud security startup Valtix to simplify network security and protect workloads no matter which cloud they're created or consumed in. The
Cybersecurity Acquisition: Nomios Group buys Aditinet (MSSP Alert) Nomios Group, a European provider of cybersecurity services and solutions, buys a majority stake in Italian cybersecurity company Aditinet.
Is It Too Late to Buy Palo Alto Networks Stock? (The Motley Fool) The cybersecurity specialist's impressive stock market rally seems set to continue.
Exits Mount at Crypto Venture Firm Paradigm (The Information) Paradigm, the crypto-focused venture firm founded by Coinbase co-founder Fred Ehrsam and former Sequoia partner Matt Huang, is shrinking quickly. At least eight employees, including two investment partners and four engineers, have left the firm since the start of October, according to The ...
SecurityBridge expands as it achieves 100% YOY growth in License Revenue (Security System News) SAP security provider SecurityBridge has been enjoying a banner year with its 2022 highlights showing a 100% year-over-year increase in license revenue.
Twitter Lays Off at Least 50 in Relentless Cost Cuts (The Information) Elon Musk’s Twitter laid off dozens of employees Saturday in what is at least the eighthround of job cuts since Musk took over the social network in late October. The cuts aim to offset a plunge in revenue following Musk’s takeover and further whittle down a staff that had shrunk by at least 70% ...
Twitter Blue head Esther Crawford is out at Twitter (The Verge) The company’s team is getting smaller.
Elon Musk’s Twitter Lays Off Top Lieutenant in Charge of Twitter Blue (The Information) As Elon Musk has driven cost cuts even deeper into Twitter, he’s shown even the most loyal lieutenants aren’t immune from the scalpel. Among those laid off in one of the biggest rounds of job cuts since Musk’s late October takeover was Esther Crawford, a product director at Twitter who rose to ...
Cybersecurity vendor Armis appoints new president (Channel Daily News) Armis, an asset visibility and security company, this week announced the promotion of Brian Gumbel to the position of president. Gumbel will provide enhanced go-to-market (GTM) strategic guidance across the entire business as it continues to accelerate its growth and prepares for a future IPO.
QBE builds out cyber leadership in line with growth moves (Intelligent Insurer) The re/insurer sees cyber as a key opportunity to accelerate growth.
Netskope Hires SASE Heavyweight Daniel Fouladi (Netskope) Fouladi will lead the Telco and Service Provider business across APAC, with a focus on sales and sales enablement SANTA CLARA, Calif. – February 27, 2023
As Cybercrime Soars in 2023, Texas Software Company Red Maple Offers Key Solutions for Retailers (GlobeNewswire News Room) Cloud technology offers best defense to cyberattacks....
Darktrace Newsroom Capability Shortens Time from News Headline to Cyber Security Action (Security Today) Darktrace today announces the general availability of Darktrace NewsroomTM, an AI-driven system that continuously monitors open-source intelligence sources for new critical vulnerabilities and assesses each organization’s exposure through its in-depth knowledge of their unique external attack surface.
Andrea Baggio, CEO of ReputationUP Group: “CryptedPhone was born from our experience in online privacy” (PR Distribution) The ReputationUP Group specializes in online privacy, through the application of the right to be forgotten, and in protection against cyber-attacks, through the elimination and decryption of ransomware....
CyberPeace Institute launches ‘Humanitarian Cybersecurity Center (CyberPeace Institute) The Humanitarian Cybersecurity Center provides Non Governmental Organizations with free tools, workforce and knowledge to face cyber threats.
Checkly Introduces Monitoring as Code Workflow, Enabled By a New CLI, (PRWeb) Company also unveils additional innovations including general availability of Playwright Test and selects Playwright as its preferred testing and monitoring frame
Does Your Cybersecurity Software Have These Key Features? (CSO Online) As the number of cybersecurity tools on the market continues to rise, here are some key features to consider when auditing the tools in your arsenal.
What Executives Should Know About Shift-Left Security (CIO) Next in our Beyond the Cyber Buzzwords series, this article focuses on shift-left security. Protect your next great idea by establishing a strong security posture—from code to cloud.
Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space (Security Intelligence) Discover the measures taken to secure systems in the New Space.
How The Navy Trains Its Info Warfare Officers Needs Work (Defense One) The goal is to expand the training into virtual and synthetic environments in the next few years.
How to Accelerate your AWS Security Maturity in 2023 - Cloud Security Podcast (Pocket Casts) Cloud Security Podcast - This month we are talking about "Building on the AWS Cloud" and next up on this series, we spoke to Chad Lorenc (Chad's Linkedin) about AWS Security Reference Architecture, Cloud Adoption Framework & Security Maturity Model are 3 ways to level up the maturity you have in Cloud..
This is your brain on fraud apologetics (Pluralistic) In 1998, two Stanford students published a paper in Computer Networks entitled "The Anatomy of a Large-Scale Hypertextual Web Search Engine," in which they wrote, "Advertising funded search engines will be inherently biased towards the advertisers and away from the needs of consumers."
Tech’s hottest new job: AI whisperer. No coding required. (Washington Post) 'Prompt engineers’ are being hired for their skill in getting AI systems to produce exactly what they want. And they make pretty good money.
For Chat-Based AI, We Are All Once Again Tech Companies’ Guinea Pigs (Wall Street Journal) Even the people behind new artificial intelligence systems say their buzzy products are “somewhat broken.” They’re relying on us to fix them.
The right’s new culture-war target: ‘Woke AI’ (Washington Post) ChatGPT and Bing are trying to stay out of politics — and failing
Introducing LLaMA: A foundational, 65-billion-parameter language model (Meta AI) Today, we’re releasing our LLaMA (Large Language Model Meta AI) foundational model with a gated release. LLaMA is more efficient and competitive with...
Planning for AGI and beyond (OpenAI) Our mission is to ensure that artificial general intelligence—AI systems that are generally smarter than humans—benefits all of humanity.
GPT-powered deepfakes are a ‘powder keg' (Fast Company) Dozens of startups are using generative AI to make shiny happy virtual people for fun and profit. Large language models like GPT add a complicated new dimension.
Who Should You Believe When Chatbots Go Wild? (WIRED) Microsoft and others ask us to ignore their glitchy bots’ pleas for personhood. But we need better explanations—and guardrails.
Experts predict how AI will energize cybersecurity in 2023 and beyond (VentureBeat) From behavioral analytics to endpoint and patch management, experts predict the many ways AI will boost cybersecurity this year and beyond.
AI image generator Midjourney blocks porn by banning words about the human reproductive system (MIT Technology Review) Midjourney says it’s a temporary measure to stop people from using its system to create shocking or gory images.
AI-generated fiction is flooding literary magazines — but not fooling anyone (The Verge) The stories are bad, and they’re coming in droves.
On the internet, nobody knows you’re a human (The Verge) “Jeez, this is not a real human,” one commenter wrote. “No legit she’s AI,” another said.
Thales pioneers Post Quantum Cryptography with a successful world-first pilot on phone calls (Thales Group) Thales, as a worldwide cybersecurity leader, has created the first real-world application of Post Quantum Cryptography (PQC) in its flagship secure ‘Cryptosmart’ mobile app, leveraging 5G SIM for PQC. In the pilot, hybrid cryptography (pre and post quantum crypto) was used in a phone call between two devices to protect the information exchanged during the call. Thales has invested and tested post-quantum cybersecurity technologies over the last decade in order to prepare for these emerging threats.
Louisiana Tech students receive positive recognition for hacking (Magnolia Reporter) Cyber engineering, computer science team publishes a paper and presents research on popular app vulnerabilities
Federal government to rewrite cyber laws after Optus, Medibank hacks (ABC) Australia's home affairs minister says the nation's cyber laws were "bloody useless" during the Optus hack, as the federal government announces an overhaul of cyber policy.
Australia plans to reform cyber security rules, set up agency (Reuters) The Australian government on Monday said it planned to overhaul its cyber security rules and set up an agency to oversee government investment in the field and help coordinate responses to hacker attacks.
Govt mulls Cyber Security Act as part of strategy update (InnovationAus.com) An advisory board led by former Telstra boss Andy Penn is pressing the federal government to consider a Cyber Security Act as part of the Cyber Security Strategy refresh in order to harmonise Australia’s patchwork of cybersecurity laws.
Biden finds breaking up Big Tech is hard to do (Washington Post) Google is hiring teams of former DOJ lawyers to fight antitrust lawsuits as the battle over tech firms’ power shifts to the courts
White House to Take Aggressive Stance Mandating Private Industry Make Systems Cyber Safe (MSSP Alert) The U.S. is weighing a new strategy to regulate security by private industry while endorsing a policy to counter-hack cyber adversaries.
Biden admin's push for cyber regulations could clash with skeptical Republicans (SC Media) Potential efforts by the Biden administration to move new cybersecurity regulations through Congress could run headlong into a Republican-controlled House.
US-CERT and ICS-CERT Transition to CISA | CISA (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA retired US-CERT and ICS-CERT, integrating CISA’s operational content into a new CISA.gov website that better unifies CISA's mission.
Is It Time To Ban AI Chatbots From Using Social Media? (Forbes) Any normal person can tell the Lia chatbot on Twitter is not real.
We must treat cyber wars the same as we treat conventional military encounters (The Hill) Pictures and videos emanating from Ukraine show the widespread destruction wrought by Russian troops during a year-long war that continuously generates news coverage. But there is another side to t…
Task Force KleptoCapture Unseals Two Cases Charging Evasion of Russian Economic Countermeasures (U.S. Department of Justice) From the outset of Russia’s unprovoked, full-scale invasion of Ukraine, one year ago today, the Department of Justice has prioritized enforcing the sweeping sanctions, export restrictions, and economic countermeasures that the United States has imposed alongside our global partners. Today, the Department continues that work by actions in two separate federal cases to disrupt sanctions evasion and smuggling networks supporting the Russian regime.
Treasury Department hits Russian disinformation operators with sanctions (The Record from Recorded Future News) The Treasury announced sanctions on Russian companies, including some connected to disinformation operations with links to intelligence.
Fake Russian diplomats revealed as heart of ‘hive’ spy ring (The Sydney Morning Herald) ASIO would not name the country behind the spy operation but sources confirm it was run out of Russia’s embassy.
Smuggler provided sensitive US tech to Russian, N. Korean governments, prosecutors say (The Record from Recorded Future News) Ilya Balakaev worked on behalf of the FSB intelligence agency to bring U.S. counterintelligence tech into Russia, according to an indictment.
Dutch Police arrest three ransomware actors extorting €2.5 million (BleepingComputer) The Amsterdam cybercrime police team has arrested three men for ransomware activity that generated €2.5 million from extorting small and large organizations in multiple countries.
Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme (The Hacker News) Dutch police arrest three hackers in connection with a large-scale criminal operation involving data theft, extortion, and money laundering operation.
DNA testing service to pay $400k for data breach it ignored (HackRead) DNA Diagnostics Center (DDC), a US-based DNA testing service suffered a data breach in November 2021, in which hackers managed to access highly sensitive and personal data of users, including payment card details.
DNA Diagnostics Center to pay $400,000 fine for 2021 data breach (The Record from Recorded Future News) One of the largest commercial DNA testing companies in the world agreed to pay a $400,000 fine after a massive 2021 data breach involving 2 million people.
Ozy Media’s Founder, Carlos Watson, Arrested on Fraud Charges (New York Times) Mr. Watson had founded the troubled digital-media start-up Ozy, which unraveled after The New York Times examined its business practices.
Retired U.S. Air Force Officer Pleads Guilty To Unlawful Retention Of Classified National Defense Information (U.S. Attorney's Office, Middle District of Florida) United States Attorney Roger B. Handberg announces that Robert L. Birchum (55, Tampa) has pleaded guilty to unlawfully possessing and retaining classified documents relating to the national defense of the United States. Birchum faces a maximum penalty of 10 years in federal prison.
Binance’s Asset Shuffling Eerily Similar To Maneuvers By FTX (Forbes) When you’re the world’s largest crypto exchange in a largely unregulated market, it is easy to make up the rules as you go.
For a complete running list of events, please visit the Event Tracker.
SGF-Cybersecurity Week 2023 (Amsterdam, Netherlands, May 15 - 19, 2023) This week-long conference draws together power grid CISOs together with their IT and OT security teams for a week-long review of the latest prevention, detection and response solutions and strategies, in the context of increased geopolitical tensions. The week begins with a Risk Management briefing to guide the technical discussions taking place later in the week. The main conference includes a series of plenary sessions on the big organisational issues such as Regulation, Workforce development and data management, and afternoon technical tracks show-casing technical cybersecurity innovations in IT and OT domains. A solution zone running alongside the conference provides a focused display of power grid specific IT and OT cybersecurity solutions, and the extensive networking programme enables IT and OT colleagues to collaborate and seek new partnership opportunities with greater ease.
3rd Annual Nunn School Symposium: Lessons from Russia’s War in Ukraine for the West (Atlanta, Georgia, USA, Feb 28, 2023) This half-day program explores what lessons the West should draw a year after Russia’s invasion of Ukraine. It will consider both what can be learned about warfighting and about the broader role of statecraft. While what has happened and what might happen are clearly relevant, the focus will be on what lessons can be drawn from what has happened thus far.
SecureWorld Charlotte (Charlotte, North Carolina, USA, Mar 2, 2023) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational elements learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.
Certified CMMC Professional (CCP) 2.0 Exam Prep (Virtual, Mar 13 - 17, 2023) This 5-day CCP course covers the foundational required curriculum along with CMMC Level 2 scoping and the full 110 practices. Edwards Cyber AB approved CCP 2.0 courses enable participants to sit for the CCP exam – making you a valuable resource to a consultancy providing CMMC preparation, C3PAO providing certified assessor support, or organization interested in having in-house CMMC trained resources. Edwards all-star lineup of Provisional Instructors (PIs) includes several of the CMMC industry’s most respected consultants along with Edwards’ internal SMEs to deliver their action packed bootcamps. Learn more and register now.
Security & Policing (Farnborough, England, UK, Mar 14 - 16, 2023) Security & Policing, the official Government global security event, returns to the Farnborough International Exhibition and Conference Centre between 14-16 March 2023. Hosted by the Home Office’s Joint Security & Resilience Centre (JSaRC), Security & Policing offers a world‐class opportunity to meet and discuss the latest advances in delivering national security and resilience with leading UK suppliers, UK and overseas Government officials and senior decision makers across the law enforcement and security sectors. There is no general admittance to Security & Policing and all visitors and exhibitors are subject to Home Office approval.
GISEC Global (Dubai, UAE, Mar 14 - 16, 2023) With the ever-changing global landscape, it is increasingly essential to strengthen cybersecurity across industries. GISEC Global offers a platform for key industry leaders and names to come together in order to stay ahead of potential threats, discover innovative strategies and remain secure from major disruptions.
