Ukraine at D+392: Assessing hacktivist claims. (CyberWire) Hacktivists of various allegiances are making exaggerated claims of effective attacks against OT networks and systems. Disinformation continues, recently emanating from Belarus.
Russia-Ukraine war: List of key events, day 393 (Al Jazeera) As the Russia-Ukraine war enters its 393rd day, we take a look at the main developments.
Ukraine: Russia hits apartments and dorm, killing civilians (AP NEWS) Russia stepped up its missile and drone attacks against Ukraine on Wednesday, killing students and other civilians, in a violent follow-up to dueling high-level diplomatic missions aimed at bringing peace after 13 months of war .
US Military Offers First Glimpse of Training for Ukrainian Troops in America (Military.com) In a few days, Americans training Ukrainian missile defense soldiers will send their students back into war, aware of what they are facing.
Russia-Ukraine war live: Moscow says relations with west ‘worse than ever’ after Putin arrest warrant (the Guardian) Deputy chair of Russia’s security council says ICC’s arrest warrant for Putin added ‘colossal negative potential’ to already strained ties
Vladimir Putin’s health may be disintegrating and it should terrify us all (The Telegraph) A man fighting for his life and increasingly devoid of logical thinking would be much more likely to press the red button
Prepare for the disintegration of Putin’s Russia (The Telegraph) As Beijing has recognised, there are opportunities for everyone in a catastrophic defeat for Vladimir Putin
Putin’s Forever War (Foreign Affairs) The invasion empowers Russia’s president.
Xi’s Visit to Russia Was About China’s Interests, not Ukraine (World Politics Review) In visiting Putin in Moscow, Xi Jinping underscored China’s potential role in ending the Russia-Ukraine war.
A Propaganda Group is Using Fake Emails to Target Ukrainian Refugees (Bloomberg) ‘Ghostwriter’ specializes in hack-and-leak operations and forged documents, researchers say.
We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems | Mandiant (Mandiant) We offer a comprehensive analysis of recent hacktivist activity targeting OT systems.
Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online (CyberScoop) Hacktivist are increasingly turning toward targeting operational technology in critical infrastructure systems.
The 5×5—Conflict in Ukraine's information environment (Atlantic Council) Experts provide insights on the war being waged through the Ukrainian information environment and take away lessons for the future.
How the Russia-Ukraine conflict has impacted cyber-warfare (teiss) Politics have penetrated the cyber-underworld and business is set to feel the aftershocks of this in targeted, retaliatory attacks in the months to come
CommonMagic APT gang attacking organisations in Ukraine (Tech Monitor) CommonMagic is using novel methods to attack Ukrainian organisations, and is likely to be politically motivated.
Russian Sanctions Evasion Puts Merchants and Banks at Risk (Recorded Future) Uncover how prepaid cryptocurrency cards and mail forwarding services may enable sanctions evasion, putting financial institutions and merchants at risk of secondary sanctions.
Attacks, Threats, and Vulnerabilities
How Okta Passwords Can Be Compromised: Uncovering a Risk to User Data (Mitiga) Mitiga's research team uncovered a data risk to Okta users due to passwords that can be present in logs. This article outlines the risk and attack method.
New victims come forward after mass-ransomware attack (TechCrunch) The list of victims mass-hacked thanks to a security flaw in Fortra's GoAnywhere software is growing — but the known impact is murky at best.
The Microsoft Reply Attack (Avanan) The Reply-to address is not always what it seems.
Windows 11 also vulnerable to “aCropalypse” image data leakage (Naked Security) Turns out that the Windows 11 Snipping Tool has the same “aCropalypse” data leakage bug as Pixel phones. Here’s how to work around the problem…
Microsoft investigating reports of ‘aCropalypse’ image-crop vulnerability in Windows (Record) First discovered in Google Pixel phones, the "aCropalypse" bug allows for the redacted parts of an image to be recovered as part of the file. Researchers say it happens in Windows, too.
CyRC Vulnerability Advisory: CVE-2023-25828 Authenticated Remote Code Execution in Pluck CMS (Application Security Blog) Synopsys Cybersecurity Research Center discovers new RCE vulnerability that can leave Pluck Content Management System vulnerable.
NetSPI Finds Azure Function Apps Vulnerability (NetSPI) Cloud penetration testing leader identifies privilege escalation flaw in Azure’s popular solution for building cloud-native applications.
Operation Tainted Love | Chinese APTs Target Telcos in New Attacks (SentinelOne) Cyber espionage actor deploys custom credential theft malware in new campaign targeting the telecoms sector.
North Korean hackers using Chrome extensions to steal Gmail emails (BleepingComputer) A joint cybersecurity advisory from the German Federal Office for the Protection of the Constitution (BfV) and the National Intelligence Service of the Republic of Korea (NIS) warn about Kimsuky's use of Chrome extensions to steal target's Gmail emails.
Joint Cyber Security Advisory (Korean) (BundesamtfuerVerfassungsschutz) The German Bundesamt für Verfassungsschutz (BfV) and the National Intelligence Service of the Republic of Korea (NIS) issue the following Joint Cyber Security Advisory to raise awareness of KIMSUKY’s (a.k.a. Thallium, Velvet Chollima, etc.) cyber campaigns against Google's browser and app store services targeting experts on the Korean Peninsula and North Korea issues.
North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign (Record) German and South Korean government agencies have warned about a new spearphishing campaign from a notorious North Korean group targeting experts on the peninsula.
ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (The Hacker News) North Korean APT37 ScarCruft group is weaponizing file formats such as CHM, HTA, LNK, XLL, and macro-based documents to deploy additional malware.
The Unintentional Leak: A glimpse into the attack vectors of APT37 (Zscaler) An operational security failure by the North Korean threat actor - APT37, led to the discovery of many previously unknown tools and techniques used by them
CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (ASEC BLOG) ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage of the RedEyes group’s M2RAT malware attack, which was reported back in February, has the same format as the command used in this attack.
Peeking at Reaper’s surveillance operations (SEKOIA.IO Blog) Our analysts uncovered a cyberespionage campaign by reaper and using chinotto malware to target North Korean defectors in South Korea.
Cannabis regulators putting out ‘a series of fires’ involving a Russian oligarch and data breach (WGBH News) Massachusetts regulators are scrambling after a mistaken release of data amid a sensitive investigation.
Department of Internal Affairs' advice to New Zealanders as thousands of passport details, driver's licenses stolen in Latitude security breach (Newshub) "There's a pattern here of organisations where New Zealanders' data is being compromised and that is a great concern."
Dole discloses employee data breach after ransomware attack (BleepingComputer) Fresh produce giant Dole Food Company has confirmed that the information of an undisclosed number of employees was accessed during a February ransomware attack.
UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 FORM 20-F (Dole plc) We are subject to risks relating to our handling of information, operation of our information systems, and the information systems of third parties.
Facebook accounts hijacked by new malicious ChatGPT Chrome extension (BleepingComputer) A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts.
The hidden danger to zero trust: Excessive cloud permissions (Graham Cluley) Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! What is one of the leading causes of breaches in the cloud? OMG…
Personal data of Rio Tinto's Aussie staff may have been hacked - memo (Reuters) Personal data of Rio Tinto Ltd's , RIO.AX former and current Australian employees may have been stolen by a cybercriminal group, according to a staff memo seen by Reuters on Thursday.
Oakland finds no evidence of second ransomware attack despite LockBit claims (Record) The City of Oakland is denying that it was hit with a second ransomware attack after it was added to the LockBit group’s leak site on Tuesday.
New Survey By HID Reveals Five Pressing Themes Reshaping The Security Industry (Security Informed) HID, a pioneer in trusted identity and physical security solutions announced its inaugural State of the Security Industry Report, which gathered responses from 2,700 partners, end users, and security and IT personnel across a range of titles and organization sizes representing over 11 industries.
New Cassie research reveals 3 in 4 US consumers are concerned about the security of their data online (Cassie) New Cassie research "Data myths and misconceptions" report reveals 3 in 4 US consumers are concerned about online data security.
Arctic Wolf Annual Threat Report Highlights Broad Attacks and Innovative Tactics Become the Norm in Tumultuous Cybercrime Landscape - Arctic Wolf (Arctic Wolf) Report shines a light on the significant impact ransomware, business email compromise, and unpatched vulnerabilities continue to have on organizations of virtually any size
Arctic Wolf Labs Threat Report 2023 (Arctic Wolf) The 2023 Arctic Wolf Labs Threat Report features our predictions and recommendations for 2023, and our industry-leading insights into the current threat landscape.
2023 Cloud Security Threat Report (Wiz) Agentless cloud security and compliance for AWS, Azure, Google Cloud, and Kubernetes.
Castellum, Inc. Announces Closing of GTMR Acquisition (GlobeNewswire News Room) BETHESDA, Md., March 23, 2023 (GLOBE NEWSWIRE) -- Castellum, Inc. (NYSE-American: CTM), a cybersecurity and electronic warfare services company focused...
XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud workloads to Extend CNAPP Capabilities (PR Newswire) XM Cyber, the leader in hybrid cloud security, announced today the acquisition of Confluera, a pioneer in next-generation cyber attack...
TikTok CEO Goes to Washington With a Disparate Band of Allies (The Information) TikTok is one of the most popular entertainment services in the U.S., used monthly by nearly half of the population. Yet as the app battles for its life, it has remarkably few allies to provide support. Even those that directly benefit from TikTok, such as music labels and creators, have mixed ...
Radware Wins Two Golds for Application Security in the 2023 Cybersecurity Excellence Awards (GlobeNewswire News Room) Recognized for its industry-leading API discovery and protection and application security architecture...
Products, Services, and Solutions
Nozomi Networks Releases New Content Pack for ISA/IEC 62443 Compliance Reporting and Security Checks (Nozomi Networks) Nozomi Networks Releases New Content Pack for ISA/IEC 62443 Compliance Reporting and Security Checks – press release from Nozomi Networks
Introducing Advanced DDoS Protection with Cloud Armor (Google Cloud Blog) Our Cloud Armor advanced network DDoS protection can provide always-on attack detection and mitigation to defend against volumetric DDoS attacks.
Trustwave Supports United States Patent and Trademark Office’s Zero Trust Architecture with Leading Database Security (Trustwave) Trustwave Government Solutions (TGS), a Federally-focused cybersecurity provider and the wholly-owned subsidiary of Trustwave Holdings, Inc., today announced it has been awarded an expanded database security contract with the United States Patent and Trademark Office (USPTO).
SecureAuth Announces Partnership with HashiCorp to Deliver Next-Generation Authentication to Protect Critical Assets in Multi-Cloud Environments (SecureAuth) Simplified Passwordless Continuous Authentication Will Protect Rapid Cloud DevOps
Aryaka's Expanded SD-WAN and SASE Offerings Bring Simplicity and Affordability to Small and Medium-Sized Enterprises (PR Newswire) Aryaka®, the leader in Unified SASE solutions, today announced enhanced SD-WAN and SASE offerings specifically designed to meet the needs of...
SecurityBridge Introduces The SAP Management Dashboard (SecurityBridge) SAP security provider SecurityBridge—now operating in the U.S.—today announced the latest addition to the SecurityBridge Platform.
XM Cyber Partners Get Extended Cloud Security with Confluera Purchase (Channel Futures) XM Cyber partners can provide all aspects of cloud security with the hybrid cloud security provider's acquisition of Confluera.
Incode Technologies Partners with Advanced Living Technologies & At-visions to Transform Player and Guest Onboarding in EMEA (PR Newswire) Incode Technologies, the revolutionary ID proofing company, has announced a strategic partnership with leading guest technology services...
Brivo Expands Mobile Credentials With Employee Badge in Apple Wallet (Brivo) Brivo, a leading provider of cloud-based access control and smart building technologies, today announces it is launching support for employee badge in Apple Wallet
The Lightspin Remediation Hub: The Ultimate Centralized Solution for Root Cause Analysis & Remediation at Scale (Lightspin) Lightspin's Remediation Hub is the ultimate centralized solution for Root Cause Analysis & Remediation at scale.
Technologies, Techniques, and Standards
Burnout in Cybersecurity - Can It Be Prevented? (SecurityWeek) Preventing burnout, especially in the cybersecurity industry, is not just an ethical nicety: it is a business necessity.
Design and Innovation
Ubisoft Proudly Announces 'AI' Is Helping Write Dialogue (Kotaku) Ubisoft Ghostwriter is described by the company as 'an AI tool'
Legislation, Policy, and Regulation
UK issues strategy to protect National Health Service from cyberattacks (Record) The British government wants to make the country’s healthcare sector “significantly hardened to cyber attack, no later than 2030.”
China Says It Opposes Forced Sale of TikTok (Wall Street Journal) Beijing responded for the first time to a Biden administration demand that the short-video app divest itself from its Chinese parent or face a U.S. ban.
The Threat of TikTok (New York Times) U.S. officials say TikTok is a national security risk. They’re trying to turn it into their advantage.
Opinion: Why the U.S. will probably never ban TikTok (Los Angeles Times) Despite Biden's recent threat to the Chinese-owned app, a national ban is unlikely, and a forced sale would get messy.
Lawmakers Propose Civilian Cyber Reserve to Bolster DOD and DHS (Nextgov.com) The bipartisan package of two bills would address the government’s shortage of skilled cyber personnel by allowing DOD and DHS “to recruit qualified civilian cybersecurity personnel to serve in reserve capacities.”
House Intel working group formed to push for surveillance statute’s renewal (The Hill) The House Intelligence Committee has launched a working group to address renewing one the country’s most controversial spy tools, a heavy lift made more challenging by growing GOP distrust of the i…
Lineup set for House talks on Section 702 surveillance law (Record) Democratic Reps. Andre Carson, Joaquin Castro and Jason Crow will join three Republicans colleagues from the Intelligence Committee to produce a reauthorization of the surveillance law that can appeal to a majority of members of Congress.
The Spy Law That Big Tech Wants to Limit (Bloomberg) Apple, Google, Meta want to limit US user data they hand over. Section 702 of FISA law expires this year if not reauthorized.
FTC Seeks Comment on Business Practices of Cloud Computing Providers that Could Impact Competition and Data Security (Federal Trade Commission) The Federal Trade Commission staff are seeking information on the business practices of cloud computing providers including issues related to the market power of these companies, impact on competit
Litigation, Investigation, and Law Enforcement
House cyber panel looks at CISA in first oversight hearing with new chairman (Washington Post) House panel will look at the successes and failures of a top cyber agency today
Canberra health worker sacked and two others suspended over 'serious breach' of privacy (ABC) Health authorities say staff emailed the clinical records of 13 mental-health patients to an "industry partner", which they have refused to name.
The TikTok CEO’s Face-Off With Congress Is Doomed (WIRED) On Thursday, Shou Zi Chew will meet a rare united front in the US Congress against the Chinese-owned social media app that has lawmakers in a tizzy.
A US Agency Rejected Face Recognition—and Landed in Big Trouble (WIRED) Officials working on Login.gov, used to access dozens of government sites, worried about algorithmic bias. Their decision breached federal security rules.
SEC charges Tron founder Justin Sun, celebrities Lindsay Lohan, Jake Paul with crypto violations (CNBC) The SEC unveiled charges against diplomat Justin Sun for fraud and securities violations, while charging celebrity backers including Jake Paul and Lindsay Lohan.
Tron Founder Justin Sun Sued by U.S. SEC on Securities, Market Manipulation Charges (CoinDesk) The regulator alleged TRX and BTT are unregistered securities, and claimed Sun created an "extensive wash trading" program to boost their trading volume.