Dateline Moscow and Kyiv: a tactical pause around Bakhmut, and questions of morale.
Ukraine at D+379: A "tactical pause." (CyberWire) Low-level hacktivism and cyberespionage phishing continue against Ukraine as Russia's Wagner Group appears to have begun a "tactical pause" in the vicinity of Bakhmut.
Russia-Ukraine war at a glance: what we know on day 380 of the invasion (the Guardian) ISW claim Wagner group is taking ‘tactical pause’ in Bakhmut; Grossi reappointed as UN nuclear watchdog chief; Pope says war driven by interests of several ‘empires’
Russia-Ukraine war: List of key events, day 380 (Al Jazeera) As the Russia-Ukraine war enters its 380th day, we take a look at the main developments.
Russia ally Belarus brings in death penalty for high treason (the Guardian) Alexander Lukashenko signs bill allowing execution of officials and military personnel for harming national security
Gloom Envelops Putin’s TV Propagandists (CEPA) As Ukrainian forces fight back against Russia, Julia Davis detects an noticeable change in Kremlin TV mouthpieces, such as Vladimir Solovyov.
Will morale prove the decisive factor in the Russian invasion of Ukraine? (Atlantic Council) Putin is preparing for a long war in Ukraine and still believes he can outlast the West, but mounting signs of demoralization among mobilized Russian soldiers may pose a serious threat to the success of his invasion, writes Peter Dickinson.
Ukrainians will never surrender. How long can they count on the West? (Atlantic Council) Ukraine's remarkable resistance during the first days of the Russian invasion convinced the democratic world to back the country but with Putin now preparing for a long war, continued Western resolve is vital writes Serhiy Prytula.
Donald Trump: I’d have let Putin annex part of Ukraine to end the war (The Telegraph) Former US president says Russia ‘would have never’ invaded if he were still in power, but also claims he may have ‘made a deal’ if necessary
Calls to appease Putin in Ukraine ignore the lessons of history (Atlantic Council) While the desire for peace in Ukraine is perfectly understandable, mounting calls to appease Putin by handing him a partial victory ignore the lessons of history and would almost certainly lead to more war.
The moment when Putin turned away from the West (Washington Post) When people try to comprehend the catastrophe of President Vladimir Putin’s invasion of Ukraine, they often draw a straight line back to his apprenticeship as a KGB spy, his nostalgia for a fallen Soviet Union and his rage at NATO enlargement. And that may indeed be the way future historians read this tragic story.
Soldiers receive first permanent duty station in Poland (Army Times) The first soldiers to receive a permanent change of duty station to Poland arrived at Camp Kosciuszko in the west-central part of the country.
Radio Halychyna cyber-attacked following appeal by Russian hacker group (International Press Institute) On 2 March 2023, Halychyna FM, a highly popular radio station broadcasting in Western Ukraine, was targeted in a cyber attack likely initiated by Russian hackers. On its Facebook page, Halychyna FM posted screenshots from a pro-Kremlin Telegram channel known as The People’s Cyber Army (‘Narodnaya Cyber-Armiya’, in Russian), which on 1 March asked its …
Remcos Trojan Returns to Most Wanted Malware List After Ukraine Attacks (Infosecurity Magazine) Weekly attacks targeting Ukraine decreased by 44% between October 2022 and February 2023
February 2023’s Most Wanted Malware: Remcos Trojan Linked to Cyberespionage Operations Against Ukrainian Government (Check Point Software) Researchers report that Remcos Trojan was used by threat actors to target Ukrainian government entities through phishing attacks as part of wider
US cyber general accuses Moscow of callus conduct in digital war against Ukraine (Cybernews) Paul Nakasone, the army general in charge of United States Cyber Command and the National Security Agency, says Russia's military and intelligence cyber forces are a force to be reckoned with and has warned of ongoing disinformation campaigns aimed at destabilizing the West.
Pentagon Looking to Make Sure SpaceX Doesn’t Abandon Them in War (Defense One) Spooked by the company’s new limits in Ukraine, military leaders are mulling new types of contracts.
Seven steps to spread a conspiracy: How Russia promoted weapons trade allegations (Medium) Kremlin sources planted and amplified fake stories about Western weapons destined for Ukraine being sold in Germany
Attacks, Threats, and Vulnerabilities
Security vendor Acronis admits data breach (Computing) A hacker going by the alias 'Kernelware', who stole data from Acer last month, is now claiming to have hacked Swiss cybersecurity firm Acronis.
Stealing the LIGHTSHOW (Part One) — North Korea's UNC2970 (Mandiant) A campaign from a suspected North Korean espionage group.
Stealing the LIGHTSHOW (Part Two) — LIGHTSHIFT and LIGHTSHOW (Mandiant) How UNC2970 utilized Bring Your Own Vulnerable Device to further enable their operations.
Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices (Mandiant) A suspected Chinese campaign involving malware on unpatched SonicWall appliances.
Malware infecting widely used security appliance survives firmware updates (Ars Technica) Update-resistant malware is part of a pattern by highly motivated threat actors.
Iran-linked hackers used fake Atlantic Council-affiliated persona to target human rights researchers (CyberScoop) A persona dubbed Sara Shokouhi recycled photos of a Russian psychologist and tarot card reader to pose as a Middle East-focused researcher
Iranian APT Targets Female Activists With Mahsa Amini Protest Lures (Dark Reading) A top Iranian, state-sponsored threat is a spear-phishing campaign that uses a fake Twitter persona to target women interested in Iranian political affairs and human rights.
Iran threat group going after female activists, analyst warns (Cybernews) Female human rights activists are being targeted by a state-backed threat group posing as a fellow campaigner to steal their personal data, possibly with the intention of passing it on to the Islamist regime in Iran.
Lazarus group infiltrated South Korean finance firm twice last year (CSO Online) North Korea-linked Lazarus group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability.
IceFire Ransomware Returns | Now Targeting Linux Enterprise Networks (SentinelOne) New Linux version of the IceFire ransomware have been observed in recent network intrusions of media and entertainment enterprises.
IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks (The Hacker News) IceFire, a Windows-based ransomware strain, is now targeting Linux-powered enterprise networks by exploiting a vulnerability in IBM Aspera Faspex.
Recently discovered IceFire Ransomware now also targets Linux systems (Security Affairs) The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-based systems, with a focus on technology companies. IceFire was first detected in […]
IceFire ransomware targets Linux, exploits IBM vulnerability (TechTarget) SentinelOne researchers discovered IceFire ransomware is targeting Linux systems by exploiting a known IBM vulnerability.
DUCKTAIL: Threat Operation Re-emerges with New LNK, PowerShell, and Other Custom Tactics to Avoid Detection (Deep Instinct) WithSecure reported on the DUCKTAIL operation in two separate reports in 2022. Shortly after the first publication, which carefully detailed their TTPs, the threat operation went silent. After the publication revealed their tactics for a second time, they again went silent. Deep Instinct observed the operation becoming operational again at the beginning of February 2023.
Update: Financial Advisor Impersonation Ring Targets FINRA (DomainTools) We continue to track a well-organized financial advisor impersonation campaign now attempting to impersonate FINRA.
Ransomware Gang Ups the Ante by Publishing Naked Images of Patients (HIPAA Journal) In what is believed to be a first, the BlackCat ransomware gang has published naked images of patients that were stolen in one of its attacks on a The BlackCat ransomware group is known for its aggressive attacks on healthcare providers. In one of its latest attacks, the group published naked images of patients on its leak site to increase the pressure on the victim to pay the ransom.
Canadian military: Ransomware attack on contractor didn’t touch defense systems (The Record) A ransomware incident involving Black & McDonald, an engineering firm with Canadian military contracts, did not affect defense systems, a spokesperson said
AT&T alerts 9 million customers of data breach after vendor hack (BleepingComputer) AT&T is notifying roughly 9 million customers that some of their information has been exposed after one of its marketing vendors was hacked in January.
Hackers Use Stolen Student Data Against Minneapolis Schools in Brazen New Threat (The 74) Video posted online — and then removed — by ransomware gang claimed to highlight stolen files as criminals demand $1M after ‘encryption event’
Minneapolis Public Schools cyberattack: What to know and how to protect your data (Star Tribune) The district has not specified exactly what information was accessed, but there are steps people can take to protect their information.
Cyber attack shuts down Wilkes-Barre CTC (PAhomepage.com) One school is closed and seven other school districts are impacted by a cyber attack. It is still unclear how much damage was caused by that cyber atta…
Oakland still grappling to recover from ransomware attack (SC Media) Officials in the City of Oakland, California, are still facing challenges in facilitating recovery from a Play ransomware attack that has resulted in city service disruptions and extensive data leaks, Government Technology reports.
Dole Foods Cyber Attack Shows Importance of Cyber Resilience (GovTech) Preparedness is key for keeping operations moving in the event of a cyber incident, like when Dole Foods didn’t know it had been the victim of ransomware until customers complained they couldn’t find their favorite products.
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Advisory for IOS XR Software (Cybersecurity and Infrastructure Security Agency CISA) Cisco has released a security advisory for a vulnerability affecting IOS XR Software for ASR 9000 Series Routers. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Fortinet Releases March 2023 Vulnerability Advisories (Cybersecurity and Infrastructure Security Agency CISA) Fortinet has released its March 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.
CISA Releases Five Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA released five Industrial Control Systems (ICS) advisories on March 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Akuvox E11 (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Akuvox
Equipment: E11
Vulnerabilities: Generation of Predictable IV with CBC, User of Hard-coded Cryptographic Key, Missing Authentication for Critical Function, Storing Passwords in a Recoverable Format, Weak Password Recovery Mechanism for Forgotten Password, Command Injection, Reliance on File Name or Extension of Externally-Supplied File, Missing Authorization, Improper Access Control, Exposure of Sensitive Information to an Unauthorized Actor, Improper Authentication, Use of hard-coded Credentials, Hidden Functionality
B&R Systems Diagnostics Manager (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 6.1
ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
Vendor: B&R Industrial Automation
Equipment: Systems Diagnostics Manager (SDM)
Vulnerability: Cross-site Scripting
ABB Ability Symphony Plus (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 8.8
ATTENTION: Low attack complexity
Vendor: ABB
Equipment: Ability Symphony Plus
Vulnerability: Improper Authentication
Step Tools Third-Party (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 2.2
ATTENTION: Low attack complexity
Vendor: Step Tools, Inc
Equipment: STEPTools ifcmesh library
Vulnerability: Null Pointer Dereference
Hitachi Energy Relion 670, 650 and SAM600-IO Series (Cybersecurity and Infrastructure Security Agency CISA) CVSS v3 4.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Hitachi Energy
Equipment: Relion 670, 650, and SAM600-IO Series
Vulnerability: Insufficient Verification of Data Authenticity
Trends
Ransomware tracker: the latest figures [March 2023] (The Record) Hospitals and other healthcare providers have gotten a break from ransomware groups in recent months, but other sectors weren't spared.
Osterman Survey: Navigating the SaaS Landscape (Obsidian Security) Osterman Research explores the tools and processes security leaders use to protect their SaaS applications and valuable data.
Marketplace
Cybersecurity is a ‘resilient industry’ in spite of recession fears: CrowdStrike CEO (Yahoo Finance) CrowdStrike CEO George Kurtz says that cybersecurity should prove resilient in a recession.
Silicon Valley Bank: All the latest developments (Silicon Valley Business Journal) Here's the latest news concerning Silicon Valley Bank as it shores up its cash in the face of a rush on deposits.
SVB Stock Price Slides Another 68% Premarket (Wall Street Journal) Shares of SVB Financial Group were halted Friday after a sharp premarket selloff that came as the bank scrambled to raise fresh capital. Shares of SVB, the parent of Silicon Valley Bank, were halted due to pending news shortly after 8:30 a.m. ET, according to a...
SVB Races to Prevent Bank Run as Funds Advise Pulling Cash (Bloomberg) Founders Fund and others advise companies to limit exposure. Panic spreads in tech circles about bank’s financial situation.
Silicon Valley Bank’s Troubles Threaten a Key Bridge Between Chinese Startups and U.S. Investors (The Information) The panic over the status of Silicon Valley Bank intensified on Friday, as the stock of SVB’s parent fell another 66% in pre-trading hours. Meanwhile, anxieties spread to China overnight, prompting local venture capitalists and entrepreneurs to follow their U.S. counterparts and look for ...
Silicon Valley Bank Is Exploring a Sale, but a Big Bank Buyer Looks Unlikely (The Information) Bankers have been evaluating a potential sale of Silicon Valley Bank, according to a person familiar with the matter, though it’s unlikely a big bank would step forward as a potential suitor at this point to buy a troubled institution whose shareholders and customers are fleeing. Shares of SVB ...
The tech sector's go-to banks are getting squeezed on all sides (Quartz) A day after Silvergate Bank said it's closing, Silicon Valley Bank acknowledged problems of its own
authID® Completes New Financing Round and Announces New Directors (GlobeNewswire News Room) Financing intended to meet projected working capital requirements through Q1 2024.
Camelot’s Offensive Approach To Cybersecurity (Camelot Secure360) Camelot’s Offensive Approach To Cybersecurity Makes Its Debut at The […]
TikTok’s Plan to Stay in the U.S. Could Pose a Threat—to U.S. Tech Companies (The Information) In a bid to avoid a U.S. ban, TikTok is embarking on a project to restructure its product and operations in the country. It plans to store local citizen data on local servers, create a domestic entity to house that data, comply with local legal and law enforcement requests for data, limit the ...
CardinalOps Honored as Winner in 2023 Cybersecurity Excellence Awards (PR Newswire) CardinalOps, the detection posture management company, today announced that the 2023 Cybersecurity Excellence Awards have selected the...
Netsurion Secures Top Honors for Managed Detection and Response and Threat Hunting in 2023 Cybersecurity Excellence Awards (GlobeNewswire News Room) Netsurion, a leading provider of Managed XDR, has been named a winner in three categories in...
Censys Expands Executive Team Through Strategic Investments in Revenue and Sales (PR Newswire) Today, Censys, the leader in Attack Surface Management (ASM), announced three new executive leadership hires: Sarah Ashburn as Chief Revenue...
Zscaler Poaches Palo Alto Networks Veteran To Lead All-Out Channel Charge: Exclusive (CRN) Zero-trust security powerhouse Zscaler has hired Palo Alto Networks’ channel veteran Karl Soderlund as its new top channel executive.
Products, Services, and Solutions
New infosec products of the week: March 10, 2023 (Help Net Security) The featured infosec products this week are from: 1Password, GrammaTech, Kensington, Palo Alto Networks, and Persona.
Intrusion Partners with NetFoundry to Support the U.S. Federal Government’s Zero Trust Cybersecurity Standards (ACCESSWIRE News Room) Intrusion, Inc. (NASDAQ:INTZ) announced its partnership with NetFoundry, creator of the world's most used open source zero trust networking platform, to build a leading Zero Trust Network Access Solution. Intrusion Shield Endpoint helps businesses protect vital data - using zero trust architecture.
Norwegian Public Welfare Agency Chooses Omada to Strengthen Identity Governance (PR Newswire) Omada A/S ("Omada"), a global leader of Identity Governance and Administration (IGA), today announced that the Norwegian Labor and Welfare...
NCC joins three-year cybersecurity partnership in Ireland (Morningstar) NCC Group PLC announced on Thursday a three-year cybersecurity partnership with HEAnet, Ireland's Education & Research Network.
Tenable Bolsters Tenable OT Security to Deliver the Broadest Coverage for Operational Technology and Industrial Control Systems (GlobeNewswire News Room) Updates to core functionality make it easier than ever for IT security teams to gain visibility, security and compliance for their OT environments...
Technologies, Techniques, and Standards
How to Tackle the Prevailing Cybersecurity Skills Gap in Society (MUO) Not enough people are educated about cybersecurity and that leaves everyone vulnerable. Here's why and how we can address this issue.
ECB To Test Banks' Cyber Defences As Risks Grow (Barron's) The European Central Bank will next year test eurozone lenders' defences against cyberattacks, a top official said Thursday, as the risk of hacking attempts is seen to have increased since the pandemic and Russia's invasion of Ukraine.
ECB Will Hold Cyber Attack Stress Test for Banks Next Year (Bloomberg) The European Central Bank will test lenders next year on their ability to recover from a successful cyber attack as tensions with Russia over the war in Ukraine push the issue further up the list of priorities for regulators.
European Central Bank to Test Cyber Resilience of Banks (Insurance Journal) The European Central Bank plans to test the cyber resilience of the euro zone's top banks after a sharp rise in cyberattacks, including after Russia's
Design and Innovation
Meet the AI expert who says we should stop using AI so much (MIT Technology Review) Meredith Broussard argues that the application of AI to deep-rooted social problems is already producing disastrous results.
QuSecure Pioneers First-Ever U.S. Live End-to-End Satellite Quantum-Resilient Cryptographic Communications Link Through Space (Business Wire) Unprecedented Breakthrough in Secure Satellite-to-Earth Communications Using Starlink Satellite Sets the Pace for Post-Quantum Cryptography Innovation and Development
Academia
Turning kids away from cybercrime (Computing) As cybercrime continues to rise so do efforts to divert young people from the dark side, but are they doing enough?
Legislation, Policy, and Regulation
China getting bolder and better in cyberspace, spy chiefs warn (Washington Post) An emboldened China hones its craft and gets more aggressive in cyberspace
Russia, China anxieties dominate annual hearing on global security threats (Washington Post) Putin’s strategic patience in prolonging the war in Ukraine concerns U.S. officials
Cybersecurity in the US President's Budget for Fiscal Year 2024. (CyberWire) The US President's Budget for FY 2024 includes substantial increases for cybersecurity, and does so in the context of the National Cybersecurity Strategy.
Biden’s budget proposal underscores cybersecurity priorities (Washington Post) Biden’s budget proposal shows the president’s cyber priorities
Biden Budget Proposal: $200M for TMF, CISA With 4.9% Budget Boost (Meritalk) The Biden administration’s fiscal year (FY) 2024 budget request issued today by the White House features a proposed $200 million addition to the Technology Modernization Fund (TMF), and a 4.9 percent annual budget increase for the Cybersecurity and Infrastructure Security Agency (CISA).
Cybersecurity Poised for Spending Boost in Biden Budget (Gov Info Security) An overview of the White House's spending blueprint for the coming federal fiscal year shows big proposed increases for cybersecurity. CISA would receive $145
POSTURE STATEMENT OF GENERAL PAUL M. NAKASONE (U.S. Cyber Command) POSTURE STATEMENT OF GENERAL PAUL M. NAKASONE
Four ways to give the national cybersecurity strategy some teeth (SC Media) Here are four steps Congress should take to give the Biden administration's national cybersecurity strategy teeth.
Deputy Secretary of Defense Signs 2023-2027 DoD Cyber Workforce Strategy (U.S. Department of Defense) On Feb. 27, 2023, Deputy Secretary of Defense Dr. Kathleen H. Hicks signed the 2023-2027 DOD Cyber Workforce (CWF) Strategy, which sets the foundation for how the department will foster a cyber
In new cyber workforce strategy, DoD hopes 'bold' retention initiatives keep talent coming back (Breaking Defense) "Everyone recognizes our shortages and our problem," Mike Gorak said. "So we're going to try new things and we're going to try innovative things, which, not all will work. and that's okay."
Pentagon pursues remote work, employee training programs to attract cyber workers (Axios) The federal government has struggled to compete with private sector cybersecurity roles.
U.S. Chamber of Commerce calls for AI regulation (Reuters) The U.S. Chamber of Commerce on Thursday called for regulation of artificial intelligence technology to ensure it does not hurt growth or become a national security risk, a departure from the business lobbying group's typical anti-regulatory stance.
Proposed FCC Rule Redefines Data Breaches for Communications Carriers (Dark Reading) If the proposed rule is approved, organizations would need to disclose all data breaches, even one that does not cause any harm, to affected customers.
Lawmaker: Schools need federal advocate to negotiate cyber contracts (GCN) Sen. Ron Wyden penned a letter to Education Secretary Miguel Cardona, asking the agency to assist U.S. schools in drafting cybersecurity and data protection contracts with technology firms.
US must revive, dominate electronic warfare, Pentagon CIO Sherman says (C4ISRNet) "As we get ready for China," CIO John Sherman told Congress, "we better be able to fight and dominate in this space."
A former TikTok employee is secretly fighting the company on Capitol Hill (Washington Post) His claims of data-security flaws, which the company disputes, underscore how seriously Congress has begun taking the wildly popular short-video app with more than 100 million users nationwide.
Litigation, Investigation, and Law Enforcement
Inadvertent Data Destruction After a Cyberattack Can Violate EU Privacy Rules (Wall Street Journal) An Irish healthcare group was recently fined almost half a million dollars for unintentionally destroying patient records as it worked to recover from a ransomware attack.
FBI investigates data breach impacting U.S. House members and staff (BleepingComputer) The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and personal information was stolen from DC Health Link's servers.
Congressman says his name was wrongly searched by FBI (Washington Post) Rep. Darin LaHood says a classified report indicates Section 702 authority was wrongly used against him
Congressman says he was target of ‘wrongful’ data searches by FBI (The Record) Rep. Darin LaHood (R-Ill.) revealed on Thursday that he had been the target of data searches by the FBI.
Who’s Behind the NetWire Remote Access Trojan? (KrebsOnSecurity) A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of…
Catholic group spent millions on app data that tracked gay priests (Washington Post) A group of philanthropists poured money into a Denver nonprofit that obtained dating and hookup app data and shared it with bishops around the country, a Post investigation has found
Blackbaud To Pay SEC $3M Over Ransomware Disclosures (Law360) Blackbaud Inc. has agreed to pay $3 million to resolve the U.S. Securities and Exchange Commission's allegations that the cloud-computing company crafted misleading disclosures about the massive ransomware attack that affected thousands of its customers in 2020, the SEC announced Thursday.