Dateline
Ukraine at D+397: Cyberespionage and battlespace preparation. (CyberWire) Russian attacks show little progress in either Bakhmut or Avdiivka. British and German tanks arrive in Ukraine. The cyber phase of Russia's hybrid war has shifted toward espionage, with disruptive attacks largely in the hands of hacktivist auxiliaries.
Russia-Ukraine war: List of key events, day 398 (Al Jazeera) As the Russia-Ukraine war enters its 398th day, we take a look at the main developments.
Russia-Ukraine war live: frontline city ‘being wiped off the face of the Earth’, says local official (the Guardian) Russian shelling of Ukrainian city of Avdiivka has intensified, says head of military administration
Ukraine Allies See a Way War Can End but Lack Plan to Achieve It (Wall Street Journal) Hope is that a Ukrainian counteroffensive this spring gives Kyiv’s forces such a battlefield advantage that Russia’s Vladimir Putin is nudged into peace talks.
Russia Fails At UN To Get Nord Stream Blast Inquiry (RadioFreeEurope/RadioLiberty) Russia failed on March 27 to get the UN Security Council to ask for an independent inquiry into explosions in September on the Nord Stream gas pipelines connecting Russia and Germany.
Pictured: First British Challenger 2 tanks arrive in Ukraine (The Telegraph) Arms from abroad welcomed by Kyiv as MoD praises courage of soldiers who have been training in Britain
German Leopard 2 tanks now in Ukraine, Berlin confirms (the Guardian) Eighteen German vehicles handed over at border to bolster military supplies from Britain and EU countries
Ukraine war: Germany sends much-awaited Leopard tanks (BBC News) The first 18 of the cutting-edge tanks are sent, amid reports UK Challenger 2s have also arrived.
Xi Jinping’s plan to annex Russian territory is there for all to see (The Telegraph) Parts of Siberia are already falling under the Chinese sphere of influence
Putin and Xi’s plot to control the internet will leave the West in the dust (The Telegraph) Britain’s creaking framework risks being left behind by the leaders’ technology pact
Hungarian Parliament Approves Finland's Bid To Join NATO (RadioFreeEurope/RadioLiberty) Hungary's parliament on March 27 approved Finland’s bid to join NATO, putting an end to months of delays and bringing the Nordic country one step closer to becoming a full member of the Western military alliance.
Russian Hackers Target French National Assembly Website (Privacy Affairs) The Russian hacker group NoName announced today that it had carried out a successful DDoS attack against the French National Assembly’s website.
Pro-Russian Hacktivists: A Reaction to a Western Response to a Russian Aggression | Radware Blog (Radware Blog) The emergence of pro-Russian hacktivists is a reaction to the western cyber response against the aggression of Russia’s invasion in Ukraine. Western hackers volunteering for the IT Army of Ukraine started conducting attacks against Russian targets, joined by factions of Anonymous under their battle tag #OpRussia, on the first day following the invasion by Russia. As a reaction, several opposite groups formed, amongst them a faction of Anonymous calling itself ”Anonymous Russia.” Soon a cluster of pro-Russian hacktivist allies and affiliates started to form around a group called Killnet.
Russia can't meet India arms deliveries due to Ukraine war, Indian Air Force says (CNN) Russia is unable to honor its arms delivery commitments to India because of the war in Ukraine, the Indian Air Force (IAF) said, placing a potential strain on New Delhi's relationship with its largest defense supplier as Moscow attempts to ramp up weapons production.
Attacks, Threats, and Vulnerabilities
Android app from China executed 0-day exploit on millions of devices (Ars Technica) Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
Expression DoS Vulnerability Found in Spring - CVE-2023-20861 (Code Intelligence) CVSS Base Score: 5.3 | Affected versions: all versions <= 2.7.0. | Update your settings
QSnatch infections are the leading cause of malicious DNS traffic in Asia Pacific, according to latest findings by Akamai (PR Newswire) Akamai Technologies, Inc. (NASDAQ: AKAM), the cloud company that powers and protects life online, today announced a new State of the Internet...
APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations | Mandiant (Mandiant) Mandiant assesses with high confidence that APT43 is a moderately-sophisticated cyber operator that supports the interests of the North Korean regime. Campaigns attributed to APT43 include strategic intelligence collection aligned with Pyongyang’s geopolitical interests, credential harvesting and social engineering to support espionage activities, and financially-motivated cyber crime to fund operations.
GitHub Suspends Repository Containing Leaked Twitter Source Code (SecurityWeek) Twitter sent a copyright notice to code hosting service GitHub to request the removal of a repository that contained Twitter source code.
Twitter takes down source code leaked online, hunts for downloaders (BleepingComputer) Twitter has taken down internal source code for its platform and tools that was leaked on GitHub for months. Now it's using a subpoena to search for those who leaked and downloaded its code.
The Cost of Tax Season Fraud: How Threat Actors Target Your Data and Money (Flashpoint) Tax season has arrived, marking a particularly high risk period for threat actors leveraging PII to strike.
Found through Google, bought with Visa and Mastercard: Inside the deepfake porn economy (NBC News) The nonconsensual deepfake economy has remained largely out of sight, but it's easily accessible, and some creators can accept major credit cards.
Crown Casinos investigates as ransomware group claims to have breached data (News) The business group has been swept up in a larger global data breach after hackers said they had obtained company files.
Associates in Dermatology Announces Data Breach Stemming from Ransomware Attack at VPN Solutions, LLC. (JD Supra) On March 17, 2023, Associates in Dermatology (“AID”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for...
A hospital went dark after it was hacked. It’s still reeling two years later (Side Effects | Health and Medical News) U.S. hospitals have seen a record number of cyberattacks in recent years. Such attacks can upend hospital operations, costing millions of dollars and putting patients' lives at risk.
Prank exploits Trump’s social media platform to annoy former president (MSNBC) One TikTok user concluded that Truth Social is “really easy to break into” because its audience is vastly smaller than its better known rivals.
Students and teachers at English high school impacted by ransomware attack (Record) Tanbridge House School in West Sussex is the latest school in the United Kingdom to announce a ransomware attack.
Louisiana colleges restoring systems after state police find ‘indicators of compromise’ (Record) Several colleges and universities in Louisiana are restoring their networks after the Louisiana State Police said it found evidence that their systems had been compromised.
Telecom giant Lumen suffered a ransomware attack and disclose a second incident (Security Affairs) Telecommunications giant Lumen Technologies discovered two cybersecurity incidents, including a ransomware attack. In a filing to the Securities and Exchange Commission, on March 27, 2023, Lumen announced two cybersecurity incidents. One of the incidents is a ransomware attack that impacted a limited number of its servers that support a segmented hosting service. The company did […]
Latitude Cyber Incident Update (Latitude) Latitude is responding to a cyber-attack and regretfully we're experiencing service disruption as we secure our IT platforms. We’re sorry for the inconvenience and appreciate your patience and understanding as we continue to investigate this crime.
What we know about the Latitude Financial hack (ABC) The fallout from the cyber attack on non-bank lender Latitude Financial, which exposed the details of current and former customers, is continuing.
Millions of hacked customers could sue Latitude (Breaking Australian and World News Headlines - 9News) The scale of the hack has grown dramatically since it was first revealed on March 16, and almost 8 million ...
“Sleeper Cells” Likely Within our Energy Grid, Experts Warn Senator King | (Senator Angus King) U.S. Senator Angus King (I-Maine), Co-Chair of the Cyberspace Solarium Commission (CSC), today asked energy security experts from the Department of Energy (DOE), and the private sector, if they believe there are cyber “sleeper cells” that have infiltrated the nation’s energy grid and may be positioned for a future attack.
Europol: 'Dark LLMs' may become a key criminal business model (Computing) Services like ChatGPT will make many types of crimes easier to commit
Europol details ChatGPT's potential for criminal abuse (Help Net Security) As the capabilities of LLMs such as ChatGPT are actively being improved, the potential of criminal abuse provides a grim outlook.
BEC scammers are after physical goods, the FBI warns (Help Net Security) BEC scammers are usually after money or valuable information, but they are also increasingly trying to get their hands on physical goods.
Trends
92% of Network Operations and Security Professionals Say There are More Network Updates Needed Than They Can Keep Up With (BackBox Software) 98% agree that automated network operations will allow their team to focus on more impactful work DALLAS, TX – March 28, 2023 — BackBox, the world’s most trusted network automation company, has released the results of its “2023 Network Operations and Security Survey,” conducted by Wakefield Research. This survey of 250 Network Operations and
2023 Network Operations and Security Survey (BackBox Software) 2023 Network Operations and Security Survey An online survey of 250 Network Security and Operations Professionals at companies with 500+ employees, conducted between January 26th and February 2nd, 2023. Methodology notes at bottom of page. 1. What is your company's current approach to network automation? *Data under "QuickFacts" were derived from the responses, not included An online survey of 250 Network Security and Operations Professionals at companies with 500+ employees
New Immersive Labs Study Uncovers Concerning Disconnect between Confidence in Cyber Resilience and Proven Capabilities (Business Wire) 82% of cyber leaders agree they could have mitigated some to all of the damage of their most significant cyber incident in the last year if they were better prepared
Cyber Leaders Need a More Effective Approach to Building Cyber Resilience (Immersive Labs) Cyber leaders are facing mounting pressure to build and prove cyber resilience – the acumen to respond effectively to cyber threats across the workforce.
Annual Data Exposure Report 2023 (Code 42) Latest findings show Insider Risk is becoming increasingly complex to solve, but awareness is growing and companies are making investments to solve the problem.
Cymulate Releases Findings from Over One Million Security Assessments (Cymulate) Cymulate’s 2022 Cybersecurity Effectiveness Report says organizations are leaving attack paths exposed in their quest to combat threats.
A visual history of data breaches in Australia reveals a problem of staggering scale (ABC) New revelations show the scale of data breaches in Australia — though even this isn't the full picture.
Is your social media use making you angrier? (Toronto Star) Thirty five per cent of Canadians have quit a social media site “because they found the tone too angry and toxic,” a new poll suggests.
Marketplace
Cybersecurity Workers Demand Higher Salaries (Wall Street Journal) Some corporate cyber chiefs are writing broader job ads and are allowing employees to work from different locations.
Former IBM CEO on AI, layoffs, women leaders in tech (Washington Post) The buzz surrounding artificial intelligence and the mass layoffs roiling the technology industry resonates with Ginni Rometty, whose nearly 40-year career at IBM culminated in her becoming CEO in 2012.
KnowBe4 Named a 2023 Tampa Bay Area Top Workplace by Tampa Bay Times for Eighth Consecutive Year (Yahoo Finance) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has been awarded a Top Workplaces 2023 honor by Tampa Bay Times Top Workplaces.
Deep Instinct Appoints Ed Carter as Chief Revenue Officer to Scale Growth of Prevention-first Cybersecurity (Business Wire) Deep Instinct, the prevention-first cybersecurity company that stops unknown malware pre-execution with a purpose-built, AI-based deep learning (DL) framework, announced that Ed Carter has joined the company as Chief Revenue Officer.
Products, Services, and Solutions
PwC and ReversingLabs Form Strategic Alliance to Bring Software Supply Chain Security to Third Party Risk Management Programs (ReversingLabs) PwC and ReversingLabs Partner to Operationalize Detection and Mitigation of Software Threats as Key Component of Third Party Risk Assessment Service
Reciprocity Transforms to RiskOptics, Delivers Contextual Risk Management to Fulfill the Promise of GRC (Business Wire) Company unveils the next generation of its ROAR platform including features to quantify the financial impact of risk and automate workflows
CyberArrow and Mobily Announce Partnership to Strengthen Cyber Security Compliance in Saudi Arabia (GlobeNewswire News Room) CyberArrow, a leading cyber security compliance automation provider, and Mobily, one of the...
Aware brings AwareID® to AWS Marketplace (GlobeNewswire News Room) By Leveraging AWS Marketplace’s Reach and with SoftwareONE's help, Aware Will Further Expand Access to World Class Biometric Authentication Capabilities...
Cybersecurity Leader Netsurion Enhances Partner Program to Accelerate Channel Sales (GlobeNewswire News Room) Innovative Pricing and Partnership Models Offer Easy On-ramps to New Channel Partners...
BIO-key Partners with Ethnos IT Solutions, Expanding the Reach of its Identity and Access Management Solutions Across Africa (GlobeNewswire News Room) BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of Identity and...
alphaMountain Launches threatYeti, a Cybersecurity Research Platform for Domains and IPs (24-7 Press Release Newswire) March 28, 2023 -- One-Click Threat Intelligence and Real-Time Verdicts Empower Security Researchers and Analysts of All Skill Levels
Technologies, Techniques, and Standards
U.S. Helps NATO Ally Albania Combat Iranian Cyberattacks (FDD) Latest Developments American cyber forces concluded a three-month deployment to Albania to aid its government after an Iranian cyberattack, U.S. Cyber Command announced on Thursday. At the request of its...
The First Line of Defense | Crafting an Impactful Incident Response Plan (SentinelOne) Learn about the essential elements of an effective cyber incident response plan and how to minimize the disruption and losses caused by cyber attacks.
Design and Innovation
From marketing to design, brands adopt AI tools despite risk (AP NEWS) Even if you haven’t tried artificial intelligence tools that can write essays and poems or conjure new images on command, chances are the companies that make your household products are already starting to do so.
Generative AI will disrupt white collar workers in US and Europe, report warns (Computing) A Goldman Sachs report estimates that automation could replace around one-fifth of all current jobs around the world
The Jobs Most Exposed to ChatGPT (Wall Street Journal) A new study finds that AI tools could more quickly handle at least half of the tasks that auditors, interpreters and writers do now.
Legislation, Policy, and Regulation
Office of the Director of National Intelligence highlights cyber threats in 2023 Intelligence Threat Assessment (CSO Online) CISOs everywhere should pay attention when ODNI outlines cybersecurity threats coming from nation-states and independent groups around the world.
France bans all recreational apps from government devices (Register) Meanwhile the US contemplates drastic action
Belgian intelligence puts Huawei on its watchlist (POLITICO) Senior Huawei lobbyists in Brussels are under the microscope of the country’s state security.
US Spy Agency Cyber Chief Warns TikTok Is China’s ‘Trojan Horse’ (Bloomberg) Rob Joyce, the head of the US National Security Agency’s cybersecurity arm, said popular video-sharing app TikTok is China’s “Trojan horse” and poses a long-term, strategic cybersecurity concern.
It’s the great TikTok panic – and it could accelerate the end of the internet as we know it (the Guardian) Democracies should be maturely debating online safety and data, not making kneejerk responses, says Emily Taylor of the International Security Programme, Chatham House
Biden Restricts Use of Commercial Hacking Tools by U.S. Agencies (Wall Street Journal) The president restricted the use of commercial hacking tools throughout the federal government as officials said they believed high-powered spyware had compromised devices belonging to at least 50 U.S. personnel working overseas.
Biden Admin Targets ‘Misuse’ of Spyware with New Executive Order (Nextgov.com) The White House followed through on previous promises to pursue stronger oversight of commercial spyware companies and how their products are used in the U.S.
Biden executive order bans federal agencies from using commercial spyware (TechCrunch) U.S. officials confirmed that commercial spyware was also used to hack into the phones of federal employees working oversees.
US president Biden kind of mostly bans commercial spyware (Register) Executive Order has loopholes for government spyware or American-made commercial spyware
Biden administration seeks to tamp down the spyware market with a new ban (CSO Online) The Biden administration issued an executive order to outlaw the federal government's use of commercial foreign spyware--with some caveats.
Executive order sets up guardrails for US use of commercial spyware (CyberScoop) At least 50 devices belonging to U.S. personnel have been targeted by commercial spyware.
Biden’s spyware executive order gets mostly good reviews (Washington Post) How experts and lawmakers are sizing up a spyware executive order
Senators Reintroduce Bill to Bolster Federal Data Center Security (Nextgov.com) The bipartisan legislation seeks to protect federal data centers from physical and digital threats by establishing minimum requirements to enhance the security of these critical facilities.
Litigation, Investigation, and Law Enforcement
At least 50 U.S. government employees targeted with phone spyware overseas (Washington Post) White House bans federal agencies from using spyware that poses national security and human rights risks in the U.S.
Oakland city officials commit to meeting with police union over data breach (KTVU FOX 2) Oakland officials responded Monday to a threat of litigation from the Oakland Police Officers' Association over what it said was a lack of response and transparency by the city following a ransomware attack last month.
Oakland police union says Mayor Thao is 'stonewalling' crucial info about ransomware attack (ABC7 San Francisco) Donelan says police officers have already had new credit cards opened in their name, their social security numbers hijacked, and others are saying they can't file police reports properly because some systems are still down.
N.Y. law firm to pay state $200K over data breach (Reuters) New York Attorney General Letitia James said Monday that midsize law firm Heidell, Pittoni, Murphy & Bach has agreed to pay $200,000 to the state over data security lapses that led to a 2021 data breach.
Cybersecurity Conference Addresses the Threat Within (Fordham Newsroom) The Hollywood version of a hacker who infiltrates a computer system may look like someone hunched over a laptop in a dark remote location. In fact, according to the FBI, between a quarter and half of all daily cyberthreats come from “insider threats.” On March 16, law enforcement, private industry, and academic leaders convened atRead More
Law firm fined $200,000 over ‘poor data security’ that led to ransomware attack (Record) New York Attorney General Laetitia James accused Heidell, Pittoni, Murphy & Bach (HPMB) of having “poor data security,” resulting in the leak of more than 100,000 people's information.