Dateline Moscow and Kyiv: Fighting continues for Bakhmut.
Ukraine at D+375: Bakhmut remains Russian's main objective. (CyberWire) Intense fighting for Bakhmut continues as the Wagner Group criticizes the support it's receiving from Russia's Ministry of Defense. Cyber ops remain apparently uncoordinated with conventional operations.
Russia-Ukraine war: List of key events, day 376 (Al Jazeera) As the Russia-Ukraine war enters its 376th day, we take a look at the main developments.
Russia-Ukraine war at a glance: what we know on day 376 of the invasion (the Guardian) Russian troops continue attempts to surround Bakhmut; Ukrainian special forces destroy Russian observation tower in Bryansk
Russian military source: 'The battle for Bakhmut is close to its end' (The Telegraph) There are reports Russian troops have advanced in the destroyed city but that Ukrainian special forces were counter-attacking
Wagner: ‘Whole front will collapse’ in Ukraine as supplies stall (Al Jazeera) Lack of ammunition could force disastrous Bakhmut retreat of mercenaries fighting on the front line, Prigozhin says.
Ukrainian forces cling to Bakhmut as Russia attacks from three sides (Washington Post) Ukrainian forces clung to their positions in Bakhmut on Sunday, fiercely resisting a Russian push to encircle the city in the eastern Donetsk region and prolonging a fight that has become a symbol of Ukraine’s battlefield defiance.
Watch: Ukrainian troops blow up bridges before withdrawal from ‘encircled’ Bakhmut (The Telegraph) Yevgeny Prigozhin claims ‘pincers are closing’ as Ukrainian troops prepare to surrender eastern city known as the ‘meat grinder’
Russia-Ukraine war live: street fighting in Bakhmut as battle rages for control of the city (the Guardian) UK intelligence says Ukraine attempting to reinforce contested city with elite units but resupply lines increasingly limited
Ukrainians defending Bakhmut under severe pressure from Russian onslaught (the Guardian) Regular army and Wagner units advancing into northern suburbs of north-east Donetsk city, MoD reports
Heavy fighting as Russians advance in Bakhmut, but Ukrainian units hold on (Washington Post) The battle for Bakhmut in eastern Ukraine continued to rage Friday, with Russian forces “constantly hitting the city randomly with artillery, Grads and mortars,” Ukrainian soldier Yuriy Syrotyuk, 46, who is stationed in the north of the city with Ukraine’s Fifth Independent Assault Brigade, said by phone.
Race to get last children out of Bakhmut as city becomes ‘hell on earth’ (the Guardian) With Russian forces closing in, police try to persuade remaining citizens to get out and access routes come under fire• Russia–Ukraine war: latest updates
In liberated Ukraine city, civilians still pay price of war (AP NEWS) In this war-scarred city in Ukraine's northeast, residents scrutinize every step for land mines. Behind closed doors, survivors wait in agony for the bodies of loved ones to be identified.
Russia’s Halfway to Hell Strategy (Foreign Affairs) Why Putin has not yet launched a total war in Ukraine.
Vladimir Putin keeps making the same basic mistakes (The Telegraph) The Russian president is either deeply troubled or badly guided. Why else is he acting as he still is?
Russia’s Lavrov elicits cheers and groans at Indian political dialogue (Washington Post) A boisterous international audience of academics, diplomats and business executives both cheered and groaned as Russian Foreign Minister Sergei Lavrov presented Moscow’s view of the war in Ukraine, reflecting global splits on the crisis.
Biden’s triumphant visit to Kyiv gives way to a sober war reality (POLITICO) The pageantry and defiance of the president’s covert trip masks what is an increasingly bloody, difficult to end war.
Belarus sentences Nobel Peace laureate Ales Bialiatski to 10 years in jail (Washington Post) A Belarusian court on Friday sentenced one of last year’s Nobel Peace Prize winners, the human rights activist Ales Bialiatski, to 10 years in prison — continuing a brutal crackdown on dissent that began in response to pro-democracy protests in 2020.
The Return of Medvedchuk (Wilson Center) The man who failed to create “The Other Russia” in Ukraine now tries to establish “The Other Ukraine” in Russia
Putin’s Crimea Mythmaking (Wilson Center) The successful retaking of Crimea in 2014 became a watershed moment for a rising Russian nationalism with an imperial consciousness. The lackluster Western response fed into Putin’s belief that he could seize territory from Ukraine and get away with it, eventually leading to the full-scale invasion of February 2022 following eight years of hybrid warfare in the Donbas.
U.S. Sends Ukraine $400 Million in Military Equipment (U.S. Department of Defense) The United States will transfer military equipment worth up to $400 million to Ukraine to aid its defense against the Russian invasion, Defense Department officials said.
Biden Administration Announces Additional Security Assistance for Ukraine (U.S. Department of Defense) The Defense Department announces the authorization of a Presidential Drawdown of security assistance to meet Ukraine's critical security and defense needs. This package features more ammunition and
US generals and Ukrainian officers meet in Germany for tabletop war exercise (Stars and Stripes) Gen. Mark Milley, chairman of the Joint Chiefs of Staff, and U.S. European Command’s Gen. Christopher Cavoli met with dozens of members of the Ukrainian military for drills in Wiesbaden, a U.S. military official said.
Two Ukrainian pilots are in the U.S. for training assessment on attack aircraft, including F-16s (NBC News) They are the Ukrainian pilots to have traveled to the U.S. to have their skills evaluated by American military trainers.
Biden, Scholz pledge to punish Russia over Ukraine war (Al Jazeera) An EU official also said China providing arms to Russia would be an ‘absolute red line’ and lead to sanctions: Report
U.S. intel on China considering lethal aid for Putin's war was gleaned from Russian officials (CNBC) The White House publicly warned of China possibly supplying weapons to Russia after corroborating the initial intelligence with other sources, officials say.
Inside the Chinese war machine plotting to transform Putin’s invasion (The Telegraph) Support for Russia would boost the invading armies in Ukraine - and allow China to test weapons systems as it menaces Taiwan
Nato faces an all-out fight with Putin. It must stop pulling punches | Simon Tisdall (the Guardian) Having catastrophically failed to deter Russian aggression in Ukraine, the western alliance needs a plan to win the war, writes Simon Tisdall
Meloni Might Pay a Political Cost on Italy’s Support for Ukraine (World Politics Review) Far-right Prime Minister Giorgia Meloni might pay a political cost for Italy’s tough stance on the Russia-Ukraine War.
Come Test Your Gear Against Russian Forces, Ukrainians Urge US Defense Firms (Defense One) That’s just one request by special operators at a SOF conference in Florida.
Coming to Terms with Putin Requires a “Process,” Not Just a “Trial” (Wilson Center) Vladimir Putin’s decision to invade Ukraine runs deeper than a single event. As a recent Ukrainian-German theatrical collaboration underlines, coming to terms with Putin requires a process involving everyone. This frame empowers the actors to explore the war and Putinism from multiple perspectives, ranging from that of the individual to those of official institutions.
Russian noodle stunt MP summoned to court for ‘discrediting the army’ (The Telegraph) Mikhail Abdalkin, who hung the food from his ears to mock Putin’s state of the nation address, faces a hefty fine if found guilty
Why Ukraine is wary of the Russian opposition (Al Jazeera) Ukrainians have many reasons to distrust Navalny and his movement.
‘Putin has gone mad from power’: Kremlin critic Ilya Yashin speaks out from Russian prison (the Guardian) Sentenced to eight years in jail, Yashin discusses the war in Ukraine, Russian opposition and how the west can help
A year of wipers: How the Kremlin-backed Sandworm has attacked Ukraine during the war (The Record from Recorded Future News) The Kremlin-affiliated Sandworm is perhaps Russia's most visible hacker group, with an emphasis on disruptive cyberattacks.
Cybercrime site shows off with a free leak of 2 million stolen card numbers (The Record from Recorded Future News) A recent payment-card leak by the dark web shop BidenCash might be mostly a marketing ploy, experts say, but there are still dangers.
‘A generational shift’: war prompts Ukrainians to embrace their language (the Guardian) Kremlin has banned Ukrainian from occupied territory schools but elsewhere language is on the rise
Attacks, Threats, and Vulnerabilities
WSJ News Exclusive | Pentagon Sees Giant Cargo Cranes as Possible Chinese Spying Tools (Wall Street Journal) Chinese-made cranes at U.S. ports, including at several ports used by the military, could pose a security risk hiding in plain sight, officials say.
New TPM 2.0 flaws could let hackers steal cryptographic keys (BleepingComputer) The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys.
Online travel giant says it was not compromised through recently-discovered vulnerability (The Record from Recorded Future News) Booking.com said it was not compromised through a vulnerability recently discovered by researchers from Salt Security.
City of Oakland Targeted by Ransomware Attack, Work Continues to… (City of Oakland) The official website of the City of Oakland. Find out about meetings, request City services through OAK 311, or contact the Mayor and City Council.
Ransomware gang leaks data stolen from City of Oakland (BleepingComputer) The Play ransomware gang has begun to leak data from the City of Oakland, California, that was stolen in a recent cyberattack.
Ransomware hackers release some stolen Oakland data (CBS News) An ongoing cyber attack on the city of Oakland, allegedly by the group Play Ransomware, may have left city residents' personal information vulnerable to fraud.
Oakland officials say ransomware group may release personal data on Saturday (The Record from Recorded Future News) Oakland acknowledged that the ransomware group behind the cyberattack on their systems is planning to publish the information it stole.
Hacker Group Claims Responsibility for Oakland Cyberattack, Says It's Leaking Data (The San Francisco Standard) Hacker group Play ransomware has claimed responsibility for a cyber attack against Oakland, and could leak hacked data as soon as today.
Bitdefender Labs warns of fresh phishing campaign that uses copycat ChatGPT platform to swindle eager investors (Hot for Security) ChatGPT, the AI-powered chatbot developed by OpenAI lab, rocketed to fame within
just four months of its launch.
Hatch Bank data breach caused by the exploitation of the GoAnywhere MFT zero-day (Security Affairs) Fintech platform Hatch Bank disclosed a data breach, hackers exploited a recently discovered zero-day in Fortra GoAnywhere MFT secure file-sharing platform. Hatch Bank is a fintech firm that provides services to other fintech companies. The company disclosed a data breach and revealed that the attackers have exploited a recently discovered zero-day vulnerability in the company’s […]
Hacker steals bank account, Social Security numbers of Colorado school district employees (KUSA.com) Denver Public Schools said a hacker stole employees' personal information in December and January.
Ransomware group behind Indigo hack says it released stolen employee data, but nothing has appeared yet (CBC) A cyberattack group says it has released data from Canadian retailer Indigo after the company refused to pay a ransom, but that data did not actually appear on the LockBit 3.0 forums as promised after a deadline passed.
'Inappropriate': Indigo refuses to pay ransom in cyberattack possibly linked to Russians (Financial Post) Indigo says cybercriminals may make data they have stolen available using the dark web as early as Thursday. Find out more.
US public transport service struck by ransomware attack (CyberSecurity Connect) A Washington state public transport service has been forced to put in place “temporary workarounds” in place after falling victim to a ransomware attack on February 14.
Mining giant Rio Tinto exposed after invasive tech breach (The West Australian) Mining giant Rio Tinto has been caught up in a concerning technology breach that has exposed the private communications of some of its employees.
How dog tracker apps are snooping on humans, according to cyber security experts (The Telegraph) Several apps designed to keep an eye on pets record the login details and locations of their owners, study warns
Are apps for your pets leaking information about you to cyber criminals? (Study Finds) You might want to avoid sharing your deepest secrets around your pets -- they could be leaking the info to hackers!
Are our pets leaking information about us? (Royal Holloway) Pet and animal-related apps are creating cybersecurity risks to their owners, new research has shown.
They thought loved ones were calling for help. It was an AI scam. (Washington Post) Scammers are using artificial intelligence to sound more like family members in distress. Loved ones are falling for it and losing thousands of dollars.
SNP leadership contest at risk of being HACKED as cyber chiefs issue warning (Scottish Daily Express) Humza Yousaf, Kate Forbes and Ash Regan are in the running to replace Nicola Sturgeon and the party has been told to take steps to make sure the online poll is secure
Trends
At Least 30% of "Cyber-Criminals" Are Women: Report (Infosecurity Magazine) New study uses AI to analyze text of dark web forum users
6 Cyber Threat Trends to Watch This Year as Forecast by MS-ISAC (Hstoday) Developments in artificial intelligence (AI), including the rapid availability of open AI, are highly likely to enhance CTAs’ offensive operations against victims over the next two years. Developments in artificial intelligence (AI), including the rapid availability of open AI, are highly likely to enhance CTAs’ offensive operations against victims over the next two years.
Over 50% of personal devices were exposed to a mobile phishing attack (Security Magazine) According to a recent report, mobile phishing is on the rise with 2022 having the highest percentage of mobile phishing encounter rates.
Spying, AI and Hacking, Oh My ... (Insurance Journal) 7 Agent Technology Trends to Watch in 2023 Technology is a double-edged sword that can drive fear as much as excitement for the future. Game-changing
Kaspersky: SEA should brace for election-related cyberespionage (Back End News) One of Kaspersky’s predictions, which may shape the cybersecurity landscape this year, is the continued hunt for geopolitical intelligence and this is not only because of the continuing war in Ukra…
One-third of the Arab population used VPNs in 2022 (Atlas VPN) According to VPN Adoption Index by Atlas VPN, Virtual Private Network downloads reached 353 million in 2022.
Marketplace
Akamai acquires Ondat to strengthen its cloud computing offerings (Help Net Security) Akamai Technologies reached a definitive agreement to acquire Ondat, a cloud-based storage technology provider.
Kaspersky Acquires Major Stake in Container Security Solutions Developer Ximi Pro (Fast Mode) Kaspersky acquires 49% of container security solutions developer Ximi Pro
What Happens When Cybersecurity Unicorns Lose Their Horns? (Bank Info Security) In the 21-month stretch from October 2020 to June 2022, a whopping 48 cybersecurity startups received ten-figure valuations as investors evaluated prospects on potential rather than performance. Now that the financial boom has gone bust, what happens to these unicorns from a different economic era?
Zscaler Lays Off 3% of Staff Amid Delays Closing Large Deals (Gov Info Security) Zscaler has axed nearly 180 workers after more deliberation from new customers around large purchasing decisions led to reduced billings growth. The company
Zscaler stock sheds more than 10% as cybersecurity company has 'a lot more explaining to do' (Morningstar, Inc.) Analysts debate whether revenue or billings more important for cloud-software company in tough environment for big tech deals
The Top 3 Growth Stocks in Cybersecurity (InvestorPlace) These cybersecurity stocks have been exhibiting tremendous growth, and trading in the green while the market remains in a fix.
Amazon’s Project Kuiper Hires Former Microsoft Executive to Lead Satellite Internet SecurityCityLife (CityLife) How Amazon’s Project Kuiper Leverages Microsoft Executive Experience to Strengthen Satellite Internet Security
ThreatX Welcomes New Chief Revenue Officer Michael Connolly to Executive Bench, Reports Strong 2022 Momentum (Business Wire) The leading API and application protection platform reports record number of new customers, responding to demand for powerful protection that doesn’t burden overworked security teams
CybSafe Appoints Hylton Southey and Geraint Owen as VPs of Sales and Finance (CybSafe) These new appointments reinforce the CybSafe's commitment to expanding its global reach and accelerating growth in the US market.
Products, Services, and Solutions
New infosec products of the week: March 3, 2023 (Help Net Security) The featured infosec products this week are from: Appdome, Fastly, Forescout, ManageEngine, and Veeam Software.
Fighting Fraud as a Consortium:
Introducing Forter’s Partner Program (LinkedIn) Digital commerce sales are projected to increase by $1.84 trillion by 2026, and the market is increasingly becoming more competitive and complex.
Palo Alto Networks Takes On Identity Attacks, Extends its Cortex XSIAM Platform with AI-driven Identity Threat Detection and Response (Palo Alto Networks) XSIAM enables security teams to further consolidate disparate SOC products
Technologies, Techniques, and Standards
Gone spear phishing: how to protect from email threats (Technology Magazine) Increasingly sophisticated phishing attacks are on the rise. With an increase in remote working, email accounts are proving a vulnerability for businesses
Cyber attack surface widened by new ways of working, says Coalition (ReinsuranceNe.ws) London decoy computers were attacked 91 million times in January, of which 77 million were attempts to hack into remote desktop connections used by
Design and Innovation
A Privacy Hero's Final Wish: An Institute to Redirect AI's Future (WIRED) Peter Eckersley did groundbreaking work to encrypt the web. After his sudden death, a new organization he founded is carrying out his vision to steer artificial intelligence toward “human flourishing.”
The inside story of how ChatGPT was built from the people who made it (MIT Technology Review) Exclusive conversations that take us behind the scenes of a cultural phenomenon.
Academia
Rapid7 Brings Threat Intel Data to USF Cybersecurity Lab (Dark Reading) The Rapid7 Cyber Threat Intelligence Laboratory at the University of South Florida will provide data on real-world threats for faculty and students to use in their research.
Legislation, Policy, and Regulation
Australia to overhaul cyber security laws: the legal implications coming down the line (Law Society Journal) The Federal Government plans to overhaul the country’s cybersecurity agenda in the wake of last year’s disastrous data breaches on Optus and Medibank.
Key American Allies Aren’t Following Governmentwide TikTok Bans (Wall Street Journal) Bans on TikTok on government-issued devices in the U.S., the EU and Canada are prompting lawmakers in some of Washington’s main intelligence-sharing allies to demand that their countries follow suit.
The EU's new Cyber Resilience Act is about to tell us how to code (Bert Hubert's writings) The EU’s new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online – the Biden administration has just released its National Cybersecurity Strategy that has similar aims.
Cyberattacks put spotlight on weak Canadian laws, says cybersecurity expert (CTV) A New Brunswick cybersecurity expert says high profile data breaches at Sobeys and Indigo point to weak Canadian laws, as vulnerabilities grow against critical infrastructure.
China Releases Standard Contract for Cross-Border Transfer of Personal Information (cyber/data/privacy insights) On February 24, 2023, the Cyberspace Administration of China (CAC) released the final version of the Measures on the Standard Contract for the Cross-Border Transfer of Personal Information, accompanied by a standard contract as a schedule. The measures will take effect on June 1, 2023, and provide a
How will the US counter cyber threats? Our experts mark up the National Cybersecurity Strategy (Atlantic Council) On March 2, the White House released the 2023 US National Cybersecurity Strategy. Read along with CSI staff, fellows, and experts for commentary on the document and its relationship with larger cybersecurity policy issues.
White House National Security Strategy Puts New Focus on Identity (AppViewX) White House National Security Strategy Puts New Focus on Identity - As the Biden-Harris Administration called for tech vendors to unite, align and strengthen our cyber defenses, we must all do our part to provide solutions to keep us protected.
National Cybersecurity Strategy (Contrast Security) Contrast Security experts are thrilled with the feds’ new, aggressive stance on cybersecurity practices as laid out in the National Cybersecurity Strategy.
'This War Exists in Cyberspace': How the Russia-Ukraine War Led to the National Cyber Strategy (Government CIO) The strategy calls on software developers to assume more responsibility for cyberattacks due to poorly developed code, common to the open-source community.
New Cybersecurity Strategy Shifts Breach Responsibility to Vendors, Software Providers (Australian Cyber Security Magazine) US President Joe Biden said the stakeholders best placed to prevent bad cyber outcomes needed to take more of the burden to prevent them.
We Have a New National Cybersecurity Strategy. Now What? (Real Clear Defense) The new National Cybersecurity Strategy is clear and concise, laying out the case for a more robust and engaged approach to defending our national critical infrastructure from a growing list of threats in cyberspace. Implementing it is the next big challenge.
Sketching Out the Rules for Offensive Cyber Operations (Defense One) The White House released the first-ever National Cybersecurity Strategy this week. It leaves the door open for more defined use cases for cyber operations.
New National Cybersecurity Strategy Features Regulation, Liability, and National Power Tools (Via Satellite) The Biden administration on Thursday released a new National Cybersecurity Strategy that builds on work of previous administrations but goes in new
What banks need to know about the White House's cybersecurity strategy (American Banker) The strategy document identifies potential avenues for cutting cybercriminals off from financing, as well as other actions banks can take.
National Cyber Strategy Draws Strong Initial Reviews (Meritalk) The National Cybersecurity Strategy released on Thursday by the White House is drawing strong initial reviews from across government and the private sector on a number of fronts, including its spur to modernizing technology, harnessing the full power of the Federal government to promote better security, and wrapping private sector interests more fully into the effort.
EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems (US EPA) EPA News Release: EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems
EPA presses states to include cybersecurity in water safety reviews (SC Media) States must now also evaluate whether cybersecurity weaknesses or vulnerabilities pose a threat to safe drinking water where water utilities rely on remote or automated systems.
EPA Calls on States to Improve Public Water Systems’ Cybersecurity (Meritalk) The Environmental Protection Agency (EPA) released a new memo today that calls on states to bolster their cybersecurity practices in order to mitigate the risk of cyberattacks and protect U.S. public drinking water.
EPA issues water cybersecurity mandates, concerning industry and experts (CyberScoop) The Environmental Protection Agency's water cybersecurity standards follow the Biden administration's new national cyber strategy.
On FISA reauthorization, intel leaders combat growing mistrust in Congress (The Hill) The Justice Department this week ignited its lobbying effort with a hesitant Congress to secure renewal of a spy tool that has become one of its most controversial surveillance authorities. T…
In Blacklisting Inspur, US Targets Partner Used by Intel and IBM (Bloomberg) Washington banned Inspur from accessing certain US technology. Firm partners with US companies seeking to expand in China.
WSJ News Exclusive | U.S. Prepares New Rules on Investment in China (Wall Street Journal) The Biden administration is preparing a new program that could prohibit American investment in certain sectors in China, a step to guard U.S. technological advantages amid a growing competition between the world’s two largest economies.
Surveillance program needs new protections, oversight board member says (Washington Post) Spying program needs more safeguards for Americans, privacy board member says
U.S. Government to Explore Cyber Insurance Backstop (Wall Street Journal) Catastrophic hacks that overwhelm insurers may require the government to step in, the White House said, pledging to assess how it might construct a backstop under the Biden administration’s National Cybersecurity Strategy.
State Announces Major Investments In Cybersecurity (Los Alamos Daily Post) Gov. Michelle Lujan Grisham announced that New Mexico is set to receive nearly $13 million in federal funding over the next four years for Cybersecurity enhancements to better protect networks from outside attacks and bolster the protection of Personally Identifiable Information.
Municipal CISOs grapple with challenges as cyber threats soar (CSO Online) Municipal CISOs grapple with challenges as they become targets for nation-state threat actors, cope with regulations, and pursue funding from resource-constrained governments.
Litigation, Investigation, and Law Enforcement
European police, FBI bust international cybercrime gang (AP NEWS) German police said Monday that they have disrupted an international cybercrime gang which has been blackmailing large companies and institutions for years, raking in millions of euros.
Secret Service and ICE break the law with fake phone towers (Register) Investigations 'at risk' from sloppy surveillance uncovered by audit probe
WSJ News Exclusive | Crypto Companies Behind Tether Used Falsified Documents and Shell Companies to Get Bank Accounts (Wall Street Journal) Tether Holdings and a related crypto broker used “cat and mouse tricks” to obscure identities, documents show.
FTC to ban BetterHelp from sharing mental health data with advertisers (BleepingComputer) The Federal Trade Commission (FTC) has proposed to ban the online counseling service BetterHelp from sharing its customers' sensitive mental health data with advertising networks and marketers.