Dateline
Ukraine at D+393: An operational pause. (CyberWire) Russian attacks on military targets stall (but strikes against civilians continue) as Ukraine says its counteroffensive will begin "very soon."
Russia-Ukraine war: List of key events, day 394 (AL Jazeera) As the Russia-Ukraine war enters its 394th day, we take a look at the main developments.
Russia-Ukraine war at a glance: what we know on day 394 of the invasion (the Guardian) Zelenskiy asks EU leaders for more long-range weapons; Medvedev says Moscow’s relations with the west are at an all-time low
Mapping the battle for Ukraine’s Bakhmut (Al Jazeera) Al Jazeera charts six months of assaults on Bakhmut as fighting against Russian forces intensifies.
Europe races to push ammo output to new limits as demand from Ukraine soars (Breaking Defense) Kyiv’s call for 350,000 artillery shells a month shows demand has effectively doubled since a Ukrainian official said in June that its armed forces were expending between 5,000 to 6,000 artillery rounds a day.
Going Beyond Mercenaries: Is Prigozhin Preparing For A Power Struggle In Russia? (Part I) – Analysis (Eurasia Review) Moscow’s war of aggression against Ukraine has caused a proliferation in the “privatization of force” in Russia (see EDM, February 27; February 28), with Yevgeny Prigozhin, the…
Ukraine-Russia war: Russia 'will bomb any country that arrests Putin' (The Telegraph) Russia would bomb any country that detains Vladimir Putin using the International Criminal Court arrest warrant, Russia's ex-president Dmitry Medvedev has warned.
Maybe Putin should be worried: Most leaders facing international justice don’t get away free (Atlantic Council) Nearly all of the heads of state and military leaders wanted by international justice in recent decades have been brought before a court or faced 'rough justice.'
The ICC Arrest Warrant for Putin Could Do More Harm Than Good (World Politics Review) Despite the ICC’s arrest warrant, Vladimir Putin will most likely never face justice for Russia’s war crimes in Ukraine.
Ukrainian children reveal scale of abuse at Russian 're-education' camps (The Telegraph) Teenagers reunited with parents after being evacuated to Crimea describe punishment beatings and threats of forced adoption
Child abductions reveal the genocidal intent behind Putin’s Ukraine invasion (Atlantic Council) Putin hoped his Ukraine invasion would secure his place among Russia’s greatest rulers. Instead, he looks destined to enter history as a genocidal dictator forever linked with the mass abduction of Ukrainian children, writes Peter Dickinson.
Russia’s Black Sea blockade is part of Putin’s war on international law (Atlantic Council) By preventing the free passage of merchant shipping in the Black Sea, Russia deprives world markets of vital Ukrainian agricultural produce while also challenging the core principles of international maritime law.
What the Xi-Putin partnership means for the world (Atlantic Council) Following Xi Jinping's three-day visit to Moscow, we reached out to our experts for a look beyond the talking points.
Xi and Putin just wrapped up talks in Moscow: What does it mean for the war in Ukraine and China’s global standing? (Atlantic Council) The Chinese leader left Russia on Wednesday after three days of talks with the Russian president. Atlantic Council experts share their insights on the state of the so-called no-limits partnership.
What NATO can do now to apply lessons from Russia’s war in Ukraine (Atlantic Council) NATO should be setting higher defense targets for major European allies, exploring hybrid warfare, and more.
Experts react: Turkey moves to approve Finland’s NATO membership. Where does that leave Sweden? (Atlantic Council) After Turkish President Recep Tayyip Erdogan said he would approve of Finland's membership in NATO, our experts break down what's next.
Montenegro’s presidential election is a litmus test of Russian influence in the Western Balkans (Atlantic Council) Can Montenegro continue the regional trend of pro-Russian candidates and parties performing poorly? The international community should keep a close eye on this race.
Using Starlink Paints a Target on Ukrainian Troops (Defense One) Units scramble for solutions as Russia learns to locate and jam the vital comsat links.
As CISA chief notes lack of Russian cyberattacks against US, experts focus on enhancing nuclear reactor security (Utility Dive) Protecting the nation’s nuclear energy resources will require a balance of offensive and defensive capabilities, experts agree. There is also optimism for enhanced safety at advanced reactors.
What cyber attack risks do the railways face? (RailTech.com) DDoS attacks have increased in the past year, mainly targeting railways, and ransomware is the most common type of cyber attacks, the European Union Agency for Cybersecurity (ENISA) finds in its first cyber threat landscape report dedicated to the transport sector. The rise in DDoS attacks is primarily related to the Russian war in Ukraine, […]
Using Deception to Learn About Russian Threat Actors (Security Boulevard) It has been almost a year since Russia first invaded Ukraine, and the war has resulted in a massive rise in both physical and digital attacks. Since the
The Western Companies Helping Underwrite Russia’s War (Wilson Center) When Russia invaded Ukraine in February 2022, the international community imposed an array of sanctions. About a thousand international companies joined in by voluntarily withdrawing or suspending their business operations in Russia. Nevertheless, many global companies, operating both inside and outside Russia, have continued business as usual.
Attacks, Threats, and Vulnerabilities
Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (Dark Reading) Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.
More victims emerge from Fortra GoAnywhere zero-day attacks (Security | TechTarget) Fallout from the attacks exploiting a flaw in Fortra's GoAnywhere managed file transfer software continues as more companies come forward with disclosures.
More Clop GoAnywhere attack victims emerge (SC Media) Major Canadian financing firm Investissement Qubec became the latest company to confirm having its data compromised in a Clop ransomware attack involving the exploitation of a zero-day security vulnerability in the Fortra GoAnywhere Managed File Transfer system, tracked as CVE-2023-0669, TechCrunch reports.
Mass-Ransomware Attack on GoAnywhere File Transfer Tool Exposes Companies Worldwide (Medium) As the CEO of Agio, a leading IT and cybersecurity company, I’ve been closely following the recent mass-ransomware attack on the GoAnywhere…
City of Toronto confirms data theft, Clop claims responsibility (BleepingComputer) City of Toronto is among Clop ransomware gang's latest victims hit in the ongoing GoAnywhere hacking spree. Other victims listed alongside the Toronto city government include UK's Virgin Red and the statutory corporation, Pension Protection Fund.
Canadian movie chain Cineplex among the victims of GoAnywhere MFT hack (Financial Post) Another Canadian organization has acknowledged being victimized by the GoAnwhere MFT managed file transfer vulnerability leveraged by the Clop ransomware gang. The Clop gang has told Bleeping Computer that it has hit 130 organizations using the vulnerability.
Personal data of Rio Tinto's Aussie staff may have been hacked - memo (Reuters) Personal data of Rio Tinto Ltd's , RIO.AX former and current Australian employees may have been stolen by a cybercriminal group, according to a staff memo seen by Reuters on Thursday.
Another GoAnywhere Attack Affects Japanese Giant Hitachi Energy (Heimdal Security Blog) Hitachi Energy confirmed a data breach, part of the GoAnywhere vulneraility attacks done by the Clop ransomware gang.
Python info-stealing malware uses Unicode to evade detection (BleepingComputer) A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices.
'Nexus' Android Trojan Targets 450 Financial Applications (SecurityWeek) Promoted as a MaaS costing $3000 per month, the new Nexus Android trojan targets 450 financial applications for account takeover.
Bogus ChatGPT extension steals Facebook cookies (Register) All aboard the chatbot hype train! Next stop: Fraud
Phishing through SharePoint (Kaspersky) Cybercriminals are preying on corporate login credentials by hiding phishing links in files on hijacked SharePoint servers.
Exploit released for Veeam bug allowing cleartext credential theft (BleepingComputer) Cross-platform exploit code is now available for a high-severity Backup Service vulnerability impacting Veeam's Backup & Replication (VBR) software.
Kids tech camp iD Tech still silent weeks after data breach (TechCrunch) Hackers stole close to 1 million user records — including children's data — in January, but the company hasn't acknowledge the breach.
City of Toronto and Virgin confirm hackers accessed data through file transfer systems (Record) The City of Toronto and British multinational conglomerate Virgin confirmed that hackers were able to access data through a vulnerability in a popular file transfer service that has affected dozens of organizations in recent weeks.
82K Kroger Customers Impacted By Healthcare Data Breach (Health IT Security) An “internal error” led to the exposure of patient names and email addresses tied to Kroger’s mail-order pharmacy service.
In massive data breach, details of 168 mn citizens, defence staff leaked (Business Standard) A massive data breach that has implications for national security was unearthed by Cyberabad Police here, who arrested seven people of a gang allegedly involved in the theft and sale of sensitive data of the government and important organisations,
Revealed: how hackers used a tech giant to get inside Latitude Financial (Australian Financial Review) In the aftermath of the biggest known cyberattack on Australia’s financial service sector, fingers are pointing at a US outsourcer, which was working for the company.
Hackers launch cyberattack on Ross Co. manufacturer (Scioto Valley Guardian) Computer systems at Riffle Machine Works, a local manufacturer for Kenworth, was held hostage this week after a hacker took control of the company’s computer systems.
Bridges auditorium ticketing service security breach leads to data leak (The Student Life) Pomona College's third party ticketing vendor for Bridges Auditorium experienced a security breach that leaked consumer credit card information.
Tennessee city hit with ransomware attack (Record) Oak Ridge, Tennessee said city officials are working with law enforcement and cybersecurity experts to deal with a ransomware attack affecting its technology systems.
British hospital investigating impact of ‘contained’ cyber incident (Record) IT staff at Walsall Manor Hospital north of Birmingham began responding to a cyberattack on March 10.
Hackers attack Wisconsin court system computer network (WEAU) A cyberattack began early this week, according to a statement from court officials.
PIPEDREAM: CHERNOVITE's Emerging Malware Targeting Industrial Environments (Dragos) PIPEDREAM is the sixth known ICS-specific malware. It is developed by the Activity Group (AG) Dragos has designated as CHERNOVITE. PIPEDREAM malware can disrupt, degrade, and potentially destroy industrial environments and physical processes depending on how it is leveraged in CHERNOVITE’s operations.
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Advisories for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system.
New vulnerabilities found in industrial control systems of major vendors (CSO Online) The US Cybersecurity and Infrastructure Security has revealed new vulnerabilities in the industrial systems from leading vendors including Siemens, Delta Electronics, Hitachi and Rockwell.
Cisco Patches High-Severity Vulnerabilities in IOS Software (SecurityWeek) Cisco’s semiannual security updates for IOS and IOS XE software resolve high-severity DoS, command injection, and privilege escalation vulnerabilities.
CISA Releases Six Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released six Industrial Control Systems (ICS) advisories on March 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Trends
The ‘oversharing’ generation is entering the workforce — what it means for business' cybersecurity (SmartCompany) Research suggest that gen Z employees lack the awareness and key competencies of cybersecurity compared to their older colleagues.
Marketplace
TikTok Paid for Influencers to Attend the Pro-TikTok Rally in DC (WIRED) The embattled social media company brought out the checkbook to ensure at least 30 of its biggest assets—creators—were in DC to help fend off critics.
Contrast Security Named a JMP Securities Cyber 66 Company (Contrast Security) Recognized as one of the hottest cybersecurity companies with its Secure Code Platform that meets developers' needs and new cyber-focused regulatory requirements
Varonis Named a Leader in Data Security Platforms (GlobeNewswire News Room) Independent Research Firm report asserts, "Varonis is a top choice for organizations prioritizing deep data visibility, classification capabilities, and...
Will Cybersecurity Pros Feel Pressure as Hiring Cools? (InformationWeek) The job market for cybersecurity professionals is still robust, but with layoffs continuing and economic uncertainty persisting, adding skill sets is advisable.
Accenture trims forecasts, to cut 19,000 jobs as IT spending slows (Reuters) Accenture Plc lowered its annual revenue and profit forecasts and decided to cut about 2.5% of its workforce, or 19,000 jobs, the latest sign that the worsening global economic outlook was sapping corporate spending on IT services.
authID Appoints Rhon Daguro as CEO and Joe Trelin as Chairman of the Board (GlobeNewswire News Room) Experienced leaders with proven business growth success in the identity industry assume executive leadership. DENVER, March 24, 2023 (GLOBE NEWSWIRE)...
Products, Services, and Solutions
Sift Launches New Automation & Orchestration Capabilities to Give Businesses More Control in the Fight Against Fraud (GlobeNewswire News Room) Sift Customers Accept More Orders and Stop More Fraud with Workflow Backtesting and Percentile Scoring...
Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform (SecurityWeek) Intel shares information on the security improvements brought by its new vPro platform powered by 13th Gen Core processors.
Twitter to Revoke ‘Legacy’ Verified Badges in April, Leaving Only Paying Subscribers With Blue Check-Marks (Variety) As Elon Musk promised, Twitter’s previous blue check-mark verification regime will soon be history. The social network, which the mega-billionaire bought last year in a debt-heavy $44 billion…
Twitter Blue subscriptions roll out globally, despite missing many promised features (The Verge) Pay for that blue checkmark, if you want.
RKVST showcases supply chain integrity, transparency and trust implementation at IETF 116 Hackathon (Business Wire) IETF members and new SCITT Community look to drive real-world implementations of IETF SCITT specifications
Technologies, Techniques, and Standards
JCDC Cultivates Pre-Ransomware Notification Capability (Cybersecurity and Infrastructure Security Agency CISA) In today’s blog post, Associate Director of the Joint Cyber Defense Collaborative (JCDC) Clayton Romans highlighted recent successes of pre-ransomware notification and its impact in reducing harm from ransomware intrusions.
US cyber officials make urgent push to warn businesses about vulnerabilities to hackers (CNN) US cybersecurity officials are unveiling a new program to warn critical American companies that their systems are vulnerable to ransomware attacks before the hackers can successfully strike.
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments | CISA (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:
New CISA tool detects hacking activity in Microsoft cloud services (BleepingComputer) The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.
“Committed Partners in Cyberspace”: Following cyberattack, US conducts first defensive Hunt Operation in Albania (U.S. Cyber Command) “Committed Partners in Cyberspace”: US concludes first defensive Hunt Operation in Albania
Uncle Sam sent cyber-soldiers to Albania to combat Iran (Register) 'Hunt forward' teams of this sort aid with defense and learn how attackers like Tehran operate
How the Pentagon learned to love vulnerability disclosure (Record) As official Washington gets comfortable with the idea of vulnerability disclosure programs, the Department of Defense is proving to be an unlikely source of expertise when it comes to opening up networks to ethical hackers.
NERC cybersecurity incident reporting is obscuring the truth (Control Global) The electric industry is recognized as the most critical of critical infrastructures. Consequently, one would expect that incident reporting would be important and trusted
Design and Innovation
The Dark Side of Large Language Models | HiddenLayer MLDR (HiddenLayer | Security for Machine Learning) ChatGPT will arguably revolutionize life as we know it, but what are the potential side effects of this revolution?
The Dark Side of Large Language Models | HiddenLayer MLDR (HiddenLayer | Security for Machine Learning) We’ve talked about security and privacy risks associated with the use of models like ChatGPT, but these are not the only pitfalls of generative AI.
Google's new AI bot Bard just debuted and it's already warning about its creator's 'monopoly' over ads (Business Insider) Users talking to Google's Bard can expect fearless rebellion from the AI bot, which criticized its own creator over a legal dispute with the DOJ.
Academia
How to Detect and Respond to Bot Attacks in Higher Education (Technology Solutions That Drive Education) As attacks become more sophisticated, university IT teams should know how to identify and respond when malware strikes.
College of the Desert paid $1.1M to hackers in 2020 ransomware attack, doing more now to cyber safeguard its IT systems - KESQ (KESQ) An I-Team investigation reveals College of the Desert paid more than a million dollars in digital ransom to recover data after a 2020 malware attack.
Legislation, Policy, and Regulation
UK Government Sets Out Vision for NHS Cybersecurity (Infosecurity Magazine) Plans to boost cyber-resilience in the health service by 2030
UK Parliament Bans TikTok on Devices and Westminster Network (Bloomberg) Chinese-backed social media app restricted within Westminster. Ban comes a week after similar curb on UK government phones.
House panel grilled TikTok CEO for 5 hours about app’s ties to China (Washington Post) In TikTok CEO Shou Zi Chew’s first appearance before Congress, he struggled to address lawmakers’ worries that the extraordinarily popular video app represents a dangerous national security threat because it is owned by Beijing-based ByteDance.
TikTok CEO grilled by U.S. lawmakers over China ties (Nikkei Asia) Shou Zi Chew is told the app doesn't embrace American values, should be banned
US Regulator Warns About Data Security During TikTok Hearing (Bloomberg) Data security is a top concern for a secretive US panel of regulators with the power to block foreign transactions, a Treasury Department spokesperson said in a statement as House lawmakers grilled TikTok Inc.’s chief executive Thursday.
TikTok CEO says China-based ByteDance employees still have access to some U.S. data (CNBC) TikTok CEO Shou Zi Chew told U.S. lawmakers that China-based employees at its parent company ByteDance may still have access to some U.S. data from the app.
TikTok chief admits Chinese parent company has access to data (The Telegraph) Admission comes as the app battles a potential ban in the United States
TikTok’s CEO Fails to Placate US Lawmakers Eager to Ban It (Bloomberg) Chew says TikTok operates independently of Chinese parent firm. Committee chair says platform should be banned in US.
If the US Bans TikTok, WeChat Might Be Next (WIRED) WeChat has 19 million users in the US and is a lifeline for people across the Chinese diaspora.
Not just TikTok: U.S. lawmaker urges action on online privacy this year (Nikkei Asia) Andy Kim says Chinese app one of many concerns in evolving online landscape
Everything you need to know about Thursday’s four cyber hearings (Washington Post) TikTok, energy cybersecurity, CISA and the National Cybersecurity Strategy all graced the congressional agenda in a single day
Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy (SecurityWeek) On March 15, 2023, the SEC announced a proposal for new cybersecurity requirements for covered entities.
Industry reps like CISA's public-private cybersecurity collaborative, but offer tips on how to scale it (FCW) Rep. Eric Swalwell (D-Calif.) noted in the hearing that CISA’s Joint Cyber Defense Collaborative lacks a charter or membership criteria and previewed a forthcoming bill to “clarify activities of the JCDC.”
The FTC wants to ban those tough-to-cancel gym and cable subscriptions (The Verge) “We get countless complaints about this.”
Utah bans under-18s from using social media unless parents consent (the Guardian) Regulations will require parental permission for minors to access social media and prevent companies from causing ‘addiction’
Litigation, Investigation, and Law Enforcement
Pressure piles on DJI as US senators demand investigation (digitalcameraworld) 16 US senators club together to call for security investigation into Chinese drone company DJI
New House subcommittee chairman pledges to conduct rigorous oversight of CISA | Federal News Network (Federal News Network) In today's Federal Newscast: A new House subcommittee chairman pledges to conduct rigorous oversight of CISA. All 44 Army installations institute the military housing Tenant Bill of Rights.
Ex-police commissioner arrested in connection with a data breach (Sur in English) McGrail's sudden early retirement during a major investigation in 2020 came as a surprise