Dateline Moscow and Kyiv: Fighting continues in Bakhmut.
Ukraine at D+383: Hacktists squad up. (CyberWire) The horror of continued close combat in Bakhmut eclipse cyberespionage and desultory hacktivism.
Russia-Ukraine war: List of key events, day 384 (Al Jazeera) As the Russia-Ukraine war enters its 384th day, we take a look at the main developments.
Russia-Ukraine war: strike on Kramatorsk kills at least one; Poland ‘could give Ukraine fighter jets in weeks’ – live (the Guardian) One killed and three injured in attack on city in Donetsk region; Polish PM says MiG jets could arrive in four to six weeks
Russian Advance Stalls in Ukraine's Bakhmut, Think Tank Says (Military.com) A leading think tank says Russia’s advance seems to have stalled in Moscow’s campaign to capture the eastern Ukrainian city of Bakhmut.
Partisans blow up key railway used by Putin’s forces (The Telegraph) Pro-Ukrainian guerrillas claim the strike will hinder the supply of Russian troops in the southern Kherson and Zaporizhzhia regions
Ukrainian and Russian casualties mount as battle for central Bakhmut rages (the Guardian) Ukrainian general says it is using opportunity to kill as many Russian troops as possible and wear down its reserves
Ukraine short of skilled troops and munitions as losses, pessimism grow (Washington Post) The quality of Ukraine’s military force, once considered a substantial advantage over Russia, has been degraded by a year of casualties that have taken many of the most experienced fighters off the battlefield, leading some Ukrainian officials to question Kyiv’s readiness to mount a much-anticipated spring offensive.
Why Russia Will Lose (CEPA) Russia’s aggression against Ukraine is the act of a country with the landmass of a giant but the industrial potential of a dwarf.
Russia’s Collapse: Ringside Seat (CEPA) Putin's centralized government in Russia has brought catastrophic economic, cultural, and environmental results, as well as a disastrous war.
Putin’s Paranoia and Moldova (CEPA) Russia is raising the pressure on Moldova. There are underlying shifts in the Moldovan and Russian outlook on negotiations about Transnistria.
How to Prepare for Peace Talks in Ukraine (Foreign Affairs) Ending a war requires thinking ahead.
‘Morality Shouldn’t Get in the Way’ — Russia’s Genocidal State Media (CEPA) It occasionally occurs to Putin’s mouthpieces that they may one-day face charges in a war crimes tribunal for Russian war crimes in Ukraine.
International Court to Open War Crimes Cases Against Russia, Officials Say (New York Times) The cases before the International Criminal Court would accuse Russia of abducting Ukrainian children and of deliberately targeting civilian infrastructure.
Russia says it does not recognise Hague court amid reports of arrest warrants (the Guardian) International criminal court prosecutor is said to be preparing to formally open two war crimes cases
The 4-metre-wide board detailing the entire Russian military chain of command in Ukraine (the Guardian) Chart used by Ukrainian prosecutors maps hundreds of Russian soldiers all the way up to Vladimir Putin
Italy claims Wagner mercenaries behind latest migrant wave (The Telegraph) Senior Italian politicians accuse the Russian unit of being behind a surge of refugees crossing the Mediterranean
Talos uncovers espionage campaigns targeting CIS countries, including embassies and EU health care agency (Cisco Talos Blog) Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.
STALKER 2 game developer hacked by Russian hacktivists, data stolen (BleepingComputer) GSC Game World, the developer of the highly-anticipated 'STALKER 2: Heart of Chornobyl' game, warned their systems were breached, allowing threat actors to steal game assets during the attack.
GSC Game World suffers Stalker 2 leak after latest cyber attack (GamesIndustry.biz) Stalker developer GSC Game World has been the victim of "constant cyberattacks" over the past year, the studio said. In…
Attacks, Threats, and Vulnerabilities
Dark Pink APT group linked to new KamiKakaBot attacks in Southeast Asia (CSO Online) The latest APT cyberattacks on ASEAN countries use similar techniques as a previous Dark Pink KamiKakaBot campaign, including phishing.
Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects (The Hacker News) A malicious cyber operation has been redirecting visitors of thousands of websites aimed at East Asian audiences to adult-themed content.
Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising (The Hacker News) A fake ChatGPT Chrome browser extension has been found to hijack Facebook accounts and create rogue admin accounts.
Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware (The Hacker News) Threat actors have been using AI-generated YouTube Videos to spread stealer malware such as Raccoon, RedLine, and Vidar.
CatB Ransomware | File Locker Sharpens Its Claws to Steal Data with MSDTC Service DLL Hijacking (SentinelOne) CatB ransomware abuses MSDTC service for DLL hijacking and takes a swipe at victim's mail and browser data.
Shining a Light on Malware Beaconing (BlackBerry) Malware attacks come in many forms, from infostealers to ransomware. Despite their differences, many of these threats share similar tactics, and malware beaconing, which is extremely hard to detect, is one of those common threads.
Emotet Has Resumed Activity after a Three-Month Break (Gridinsoft Blogs) Experts noticed that this week Emotet resumed its activity and after a three-month "rest" began to send malicious spam again.
Ransomware Group Claims Hack of Amazon's Ring (Vice) The group is blackmailing Ring on its site: "There's always an option to let us leak your data," they posted.
InfoSec Handlers Diary Blog (SANS Internet Storm Center) Incoming Silicon Valley Bank Related Scams, Author: Johannes Ullrich
SYS01 stealer targets Facebook business accounts and browser credentials (TechRepublic) The SYS01 infection chain uses DLL sideloading to steal information. Learn how to protect your business from this cybersecurity threat.
Zoll Medical Data Breach Impacts 1 Million Individuals (SecurityWeek) Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year.
Death registry system in Hawaii had data breach, health department says (Record) Hawaii's Department of Health is notifying families that its Electronic Death Registry System was breached in January, but officials say the intruder wasn't able to create actual death certificates.
LA housing authority discloses data breach after ransomware attack (BleepingComputer) The Housing Authority of the City of Los Angeles (HACLA) is warning of a "data security event" after the LockBit ransomware gang targeted the organization and leaked data stolen in the attack.
Hospital in Brussels latest victim in spate of European healthcare cyberattacks (Record) Belgium's Centre Hospitalier Universitaire Saint-Pierre says it suffered a cyberattack but was prepared with an emergency plan to keep IT operations running.
Analysts tracking $197 million theft from DeFi lender Euler Finance (Record) Hackers reportedly stole $197 million in cryptocurrency from the decentralized finance (DeFi) platform Euler Finance in the latest flash loan attack to target the industry.
Hackers steal $197 million in crypto in Euler Finance attack (BleepingComputer) Lending protocol Euler Finance was hit by a cryptocurrency flash loan attack on Sunday, with the threat actor stealing $197 million in multiple digital assets.
Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms (SecurityWeek) Reports published by various industrial cybersecurity companies provide different numbers on ICS vulnerabilities — here’s why.
Threat Groups Offer $240k Salary to Tech Jobseekers (Security Intelligence) With the flood of laid-off tech workers scrambling to find work, threat groups are stepping up their recruitment efforts.
Security Patches, Mitigations, and Software Updates
OpenSea patches vulnerability that potentially exposed users’ identities (Cointelegraph) Cybersecurity firm Imperva detailed a now fixed vulnerability on OpenSea’s website that could have leaked potentially sensitive information about its users.
Trends
2023 Annual Identity Exposure Report (SpyCloud) Last year, more than half the credentials we recaptured from the darknet came from botnets, indicating a significant shift in the exposed credentials trend: threat actors continue to evolve beyond traditional account takeover tactics and are aggressively gaining entry with other forms of authentication data stolen straight from malware-infected devices.
Study Reveals 8 out 10 Security Professionals Use Unauthorized AI Tools In the Workplace (Devo.com) Read the results of a new survey commissioned by Devo that highlights how cybersecurity automation drives positive business outcomes.
Ransomware Attacks Have Entered a ‘Heinous’ New Phase (WIRED) With victims refusing to pay, cybercriminal gangs are now releasing stolen photos of cancer patients and sensitive student records.
The changing face of ransomware attacks (Panda Security Mediacenter) Ransomware attacks are becoming less common – and a lot more expensive
Brand Names in Finance, Telecom, Tech Lead Successful Phishing Lures (Dark Reading) AT&T, PayPal, and Microsoft top the list of domains that victims visit following a link in a phishing email, as firms fight to prevent fraud and credential harvesting.
A Face Recognition Site Crawled the Web for Dead People’s Photos (WIRED) PimEyes appears to have scraped a major ancestry website for photos, without permission. Experts fear they could be used to identify living relatives.
Young government workers show poor password management habits (Help Net Security) Only 27% of government workers feel fully ready to identify and report cybersecurity threats such as malware while working.
SpyCloud Report: Malware Infections the Most Prolific & Persistent Threat to Businesses (Business Wire) 721.5 million credentials exposed and over 22 million unique devices infected by malware in 2022 alone
Marketplace
Optiv More Than Doubles Federal Presence with ClearShark Acquisition (Optiv) Optiv, the cyber advisory and solutions leader, today announced it has acquired Maryland-based ClearShark LLC and ClearShark Services Inc. (collectively ClearShark), a premier advisor and top value-added reseller of cybersecurity and modernization technology to the United States federal government.
Osborne Clarke advises cybersecurity start-up Edgeless Systems on seed funding round (Osborne Clarke) Osborne Clarke has advised Bochum-based cybersecurity company Edgeless Systems on its recent EUR 5 million seed funding round.
How Biden saved Silicon Valley startups: Inside the 72 hours that transformed U.S. banking (POLITICO) A historic rescue of a distressed industry came together rapidly, reshaping the government’s relationship with banks in far-reaching ways.
After Bank Debacle, Silicon Valley Reckons With Its Image (New York Times) Even as start-ups and investors began recovering their money from Silicon Valley Bank, the episode exposed the tech industry’s vulnerabilities.
Silicon Valley Firms Gird for Change After U.S. Backing of SVB (Wall Street Journal) Startups and venture investors voice relief at federal decision to protect depositors, but see need for new banking practices.
After two historic US bank failures, here’s what comes next (AP NEWS) Two large banks that cater to the tech industry have collapsed after a bank run , government agencies are taking emergency measures to backstop the financial system, and President Joe Biden is reassuring Americans that the money they have in banks is safe.
Biden says 'the banking system is safe' after Silicon Valley Bank shutdown (NBC News) The president addressed the federal efforts to prevent economic ripples.
Bank shares sink as Joe Biden fails to reassure markets - latest updates (The Telegraph) Joe Biden said "Americans can have confidence that the banking system is safe" as small bank shares crashed as markets opened in the US.
UK channel breathes sigh of relief as Silicon Valley Bank 'bloodbath' averted (CRN) Collapsed bank is used by thousands of tech start-ups, including smaller vendors
Private Equity Giant Talks to VC Firms About SVB Bid (The Information) A large private equity firm has been talking to General Catalyst, Redpoint Ventures, Upfront Ventures and other venture capitalists as the PE firm considers bidding for part of the bank, according to four people with knowledge of the discussions. The identity of the private equity firm couldn’t ...
SVB Held Money for Nearly 1,000 Private Tech Investors (The Information) The failure of Silicon Valley Bank sent shockwaves through the tech financing universe. Roughly 1,000 firms, from big names such as Sequoia Capital, Andreessen Horowitz and Benchmark to key crypto and China tech investors, had disclosed that SVB was a custodian for their funds’ capital, ...
SVB’s Failure Means ‘Easiest Money’ for Startups Is Gone (The Information) After Chris Herndon raised $9 million from venture capitalists for his travel startup The Guild five years ago, he wanted to take out a loan to pad the firm’s finances. He went with Silicon Valley Bank over JPMorgan, which had more onerous lending terms. SVB also had a closer relationship with ...
SVB Meltdown: What It Means for Cybersecurity Startups' Access to Capital (Dark Reading) The implosion of Silicon Valley Bank will impact investors, startups, and enterprise customers as they become more cautious over the near term, security experts say.
The Silicon Valley Bank Contagion Is Just Beginning (WIRED) The collapse of SVB isn’t just a tech industry problem—as the rest of the world is about to find out.
The Fed’s tightening is a recipe for global volatility. Silicon Valley Bank’s collapse is just the start. (Atlantic Council) In this volatile environment, it may take less than a historic shock to cause severe disruption. Governments and central banks around the world better be prepared.
Crypto’s 24/7 Trading Disrupted By Bank Crisis (The Information) Crypto in many ways used to be a 24/7 market, but the escalating crisis among a set of small U.S. banks has upended that. Regulators’ abrupt closure Sunday of Signature Bank following Silvergate’s shuttering last week knocked out the two biggest crypto-friendly banks and also means the ...
Y Combinator to End Late-Stage Startup Fund, Lays Off Staff (The Information) Silicon Valley startup accelerator Y Combinator won’t raise another continuity fund, which backs mature private tech companies, two people familiar with the matter said. The partners who led the fund, AnuHariharan and Ali Rowghani, plan to leave the firm, the two people said. The pair plan to ...
Why CrowdStrike Stock Rallied on Monday (The Motley Fool) The endpoint security specialist's banking relationships were in focus this morning.
CrowdStrike’s SVB Credit Line ‘Remains Undrawn,’ Stock Price Climbs (CRN) CrowdStrike’s stock price climbed as the company said its credit line with Silicon Valley Bank (SVB) will not be needed.
Meta to Lay Off Another 10,000 Workers (New York Times) It would be the tech company’s second round of cuts since November. Mark Zuckerberg, its chief executive, has declared 2023 the “year of efficiency.”
Silobreaker named Most Innovative Security Company of the Year in the 19th Annual 2023 Globee® Cybersecurity Awards (Silobreaker) Silobreaker honoured as Gold Globee® Winner in the Best Security Companies Category for its ground-breaking threat intelligence solution Silobreaker, a leading security and threat intelligence firm, announced today that The Globee® Awards, organisers of the world’s premier business award programmes and business ranking lists, have named Silobreaker a winner in the 19th Annual 2023 Globee Cybersecurity...
CISA and Girl Scouts of the USA Strengthen Collaboration to Bring More Young Women into Cybersecurity (Cybersecurity and Infrastructure Security Agency) The Cybersecurity and Infrastructure Security Agency (CISA) and Girl Scouts of the USA (GSUSA) announced a new memorandum of understanding (MOU) today that formalizes the collaboration between the two organizations in their pursuit to bridge the gender gap in cybersecurity.
Code42 Appoints New Channel Leader to Drive ‘Channel-First’ Go-To-Market Strategy (Business Wire) Established SaaS executive Michael Guglielmi joins as Vice President of Channel Sales and Consulting Partners to lead Code42’s Accelerate channel partner program
Products, Services, and Solutions
Sophos improves cyberthreat defenses with endpoint security advancements (Help Net Security) Sophos endpoint security advancements improve protection and operational efficiency, as well as speed up detection and response.
Radware Introduces a Next-Gen Cloud Application Security Center in Israel (GlobeNewswire News Room) Continues to deliver on global cloud security service expansion strategy...
Datadobi Introduces StorageMAP - The Future of Unstructured Data Management (Datadobi) Announcing the launch of StorageMAP, a new solution that provides a single pane of glass for organizations to manage unstructured data across their complete data storage estate. Built upon Datadobi’s best-in-class vendor-neutral unstructured data mobility engine, the software enables enterprises to visualize, organize, and act on their data in hybrid vendor and cloud environments. StorageMAP puts companies in control of their data’s cost, carbon footprint, risk, and value.
Microchip Expands its Secure Authentication IC Portfolio (GlobeNewswire News Room) Six new security-focused products aim to optimize and scale embedded security across a wide range of industries including IoT, consumer, industrial and...
BIO-key and BeyondTrust Announce Integrated Partnership to Offer Identity-Bound Biometrics to Enhance Security for Privileged Remote Access (GlobeNewswire News Room) BIO-key International, Inc. (NASDAQ: BKYI) an innovative provider of Identity and Access Management (IAM)...
Mobile Operator 2degrees adopts BroadForward's Signaling Transfer Point (STP), Firewall and Mobile Number Portability solution (PR Newswire) Following the successful deployment of the BroadForward DRA, New Zealand operator 2Degrees has gone live with the BroadForward STP. Deployment...
Xage Security selected by Kinder Morgan to Cyber-Harden Critical Infrastructure (GlobeNewswire News Room) Xage Security teams up with one of the largest North American energy infrastructure companies to support cybersecurity resilience and digital...
AvePoint Adds New Solutions to its FedRAMP (moderate) Authorization (GlobeNewswire News Room) Demonstrating its commitment to security for public sector customers, AvePoint continues to assess its solutions against high security standards...
ShorePoint, Inc. Awarded Zero Trust Architecture BPA from the Department of Education (Business Wire) ShorePoint Inc., a cybersecurity services company that protects customers’ critical assets from cyber threats, announced that the Department of Education (ED) has awarded the company a single-award Blanket Purchase Agreement (BPA), with a base and 4 optional ordering periods, to provide Zero Trust Architecture (ZTA) Program and Enterprise Services.
CyberArk Workforce Password Management Delivers Advanced Protections for Enterprise Users (Business Wire) New Capabilities for Securing Access to High-Risk, High-Value Business Applications Help Organizations Improve Security and Reduce Risk
Viakoo and Presidio Announce Partnership to Deliver Best-in-Class IoT/OT Enterprise Security (PR Newswire) Viakoo, the leader in IoT/OT vulnerability remediation, today announced a partnership with Presidio, a global digital services and solutions...
ThreatBlockr Partners with the Retail and Hospitality Industry on the 2023 RH-ISAC Regional Workshop Series in Atlanta - ThreatBlockr (ThreatBlockr) ThreatBlockr provides the RH-ISAC with unique insights and an interactive threat briefing session for all attendees Tysons Corner, VA, March 14, 2023 – Today, ThreatBlockr, the autonomous cyber intelligence and active threat defense platform, is partnering with The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) to sponsor the RH-ISAC Regional Workshop hosted by […]
Tanium Launches Certificate Manager and Expands XEM Platform with Enhanced Device and Policy Management (Tanium) Tanium today announced the release of its new certificate manager and enhanced policy management capabilities.
Semperis Joins Microsoft Intelligent Security Association, Expanding Collaboration to Combat Identity-Related Cyber Threats (Business Wire) Identity-first cybersecurity leader’s Directory Services Protector solution for Microsoft Sentinel, available in the Microsoft Azure Marketplace, provides seamless integration to bring critical cyber threats to the forefront in Sentinel views
Technologies, Techniques, and Standards
CISA Establishes Ransomware Vulnerability Warning Pilot Program (Cybersecurity and Infrastructure Security Agency) Recognizing the persistent threat posed by ransomware attacks to organizations of all sizes, the Cybersecurity and Infrastructure Security Agency (CISA) announces today the establishment of the Ransomware Vulnerability Warning Pilot (RVWP) as authorized by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022.
CISA Announces Ransomware Vulnerability Warning Pilot (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA is announcing the creation of the Ransomware Vulnerability Warning Pilot (RVWP).
CISA to warn critical infrastructure of ransomware-vulnerable devices (BleepingComputer) Today, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) announced a new pilot program designed to help critical infrastructure entities protect their information systems from ransomware attacks.
Resources | CISA (Cybersecurity and Infrastructure Security Agency CISA) Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent months, ransomware has dominated the headlines, but incidents among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations have been growing for years.
CSO vs. CISO: What’s the difference and does it matter? (Cybersecurity Dive) The person in charge of physical security used to monitor keys and supervise guards. Now, the physical and digital are colliding.
IRS plans to approve use of Login-dot-gov as Tax Day nears (FCW) The tax agency intends to add Login-dot-gov this filing season—and as early as next week—as the integration is in final rounds of testing.
The Ethical Use of Social Media in Mental Health (Psychology Today) Caution is necessary to ensure proper treatment.
Academia
The Cost of Unsafe Technology and What We Can Do About It | CISA (Cybersecurity and Infrastructure Security Agency CISA) Strong security should be a standard feature of virtually every technology product, and especially those that support the critical infrastructure that Americans rely on daily.
Shift to secure-by-design must start at university level, CISA director says (Cybersecurity Dive) Jen Easterly says secure coding and memory safety should be incorporated into computer science curriculum.
Legislation, Policy, and Regulation
National Protective Security Authority Begins Work (MI5) A new body has been created to help the UK combat national security threats.
Cyber Resilience Must Focus On Marginalized Individuals, Not Just Institutions (Carnegie Endowment for International Peace) Vulnerable or marginalized people in Africa depend on the digital economy to maintain their livelihoods and access critical services. Yet they could be driven from that economy if their cyber resilience isn’t strengthened.
UK launches new agency to tackle state-sponsored threats to business (Record) The new National Protective Security Authority (NPSA) will be part of the MI5, the U.K.'s domestic intelligence service.
MI5 to oversee new National Protective Security Authority (Computer Weekly) The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets
The UK's bad encryption law can't withstand global contempt (Register) Any sufficiently stupid technology is indistinguishable from magical thinking
Building From the 2023 National Cybersecurity Strategy: Reshaping the Terrain of Cyberspace (Lawfare) If executed well, the strategy will serve as a strong pivot into a better vision for U.S. policy in cyberspace; if not, much of its promise will lack punch.
The Liberal Cyber Order (War on the Rocks) This month the Biden administration released its National Cybersecurity Strategy, ending months of speculation about its contents. The document focuses on
U.S. government provides cyber budget specifics (Washington Post) Biden administration proposes billions for federal cyber budget
White House proposes $74B topline for civilian agencies' IT in 2024 budget (FedScoop) The topline would constitute a nearly $9 billion and 13% increase over requested levels for fiscal 2023.
Cyber regulations can make our nation safer (The Hill) With the current cyber threat landscape growing in sophistication, scale, and impact, it’s clear that a voluntary approach is insufficient.
Biden Administration Plans for Sweeping Cybersecurity Regulation for Critical Infrastructure (Baker Botts) Cybersecurity Update
Pentagon seeks 21% boost in cyberspace spending (C4ISRNet) The fiscal 2024 budget blueprint arrives days after the Biden administration shared its latest national cybersecurity strategy.
US Navy wants $192 million for secretive Overmatch networking effort (C4ISRNet) Project Overmatch is the U.S. Navy’s contribution to Joint All-Domain Command and Control, the Pentagon's vision of seamless military connectivity.
Litigation, Investigation, and Law Enforcement
Pegasus affair shows Israel's judicial reform may violate privacy (The Jerusalem Post) “In my eyes, this is a clear example of how the lack of adequate legal support can lead to a violation of authority and a violation of rights,” said Deputy Attorney General Amit Merari.
UK Probing TikTok’s Ownership, Security Minister Tugendhat Says (Bloomberg) Concerns over whether social media app poses cyber risk. TikTok’s parent company ByteDance is based in Beijing.
House GOP launches investigation into DHS' domestic intelligence gathering (POLITICO) The probe comes after POLITICO reported last week that, under the Department of Homeland Security program, officials are collecting information by questioning people within the U.S.
A third former House GOP candidate alerted to unapproved military records request (POLITICO) Five Republicans have confirmed what the Air Force calls an unauthorized disclosure of personnel files. Colin Schmitt's case indicates that the pursuit of records extended to the Army National Guard.