Dateline Moscow and Kyiv: Latest developments in Russia's war.
Ukraine at D+399: Slaughterhouse Bakhmut. (CyberWire) Russian leaders apparently feel they cannot afford to cut their losses in Bakhmut. As ground forces falter, Moscow turns its attention to cyberespionage.
Russia-Ukraine war: List of key events, day 400 (Al Jazeera) As the Russia-Ukraine war enters its 400th day, we take a look at the main developments.
The Biggest Battle in Ukraine (New York Times) Why Russia and Ukraine are fighting for a city with little strategic value.
Ukraine-Russia war: Wagner mercenary group 'badly damaged' in battle for Bakhmut (The Telegraph) The head of Russia's Wagner Group has acknowledged that fighting in the Ukrainian city of Bakhmut has inflicted severe losses on his mercenary forces.
Live blog: Biden calls Putin's nuclear deployment talk 'dangerous' (TRT World) The Russia-Ukraine conflict is now in its 399th day.
On a 48-hour train trip with Zelenskyy as he shuttled across Ukraine to rally his nation (AP NEWS) The caravan of unmarked vehicles tears across the muddy grass next to the playground. On the merry-go-round, the children stop swinging and spinning. The curious — parents and other residents of this southeastern town — gather around.
Ukraine's Zelenskyy is 'ready' for Chinese leader to visit (AP NEWS) Ukraine's president invited his powerful Chinese counterpart, Xi Jinping, to visit his nation, saying they haven't been in contact since the war began and he is “ready to see him here.”
What US weapons tell us about the Russia-Ukraine war (Vox) The debate around which weapons to send to Ukraine, explained.
Biden’s Private Ukraine Deadline (Puck) The D.C. foreign policy establishment is growing restless as the Biden White House resists calls to articulate a more specific strategy if Ukraine fails to make significant gains by the fall.
Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe (Proofpoint) Key Takeaways
Proofpoint has observed recent espionage-related activity by TA473, including yet to be reported instances of TA473 targeting US elected officials and staffers.
ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine (WeLiveSecurity) ESET experts give their takes on the cyber-elements of the first year of the war in Ukraine and how destructive malware tried to rip through critical Ukrainian systems.
Russia Ramping Up Cyberattacks Against Ukraine (VOA) Ukrainian cyber official says Moscow on pace to launch 4,800 cyberattacks this year, 300 more than in 2022
A new age of spying gives Kyiv the upper hand (The Telegraph) Open-source intelligence won’t replace traditional espionage, but it is an area that Britain can exploit
Russia arrests Wall Street Journal reporter on spying charge (AP NEWS) Russia’s top security agency arrested an American reporter for the Wall Street Journal on espionage charges, the first time a U.S. correspondent was put behind bars on spying accusations since the Cold War.
Russia detains a Wall Street Journal reporter, accusing him of espionage. (New York Times) The newspaper said it “vehemently denies the allegations” against Evan Gershkovich, an American, and called for his immediate release.
Fugitive Russian father convicted of insulting army detained in Belarus (Reuters) Alexei Moskalyov, a Russian who has been sentenced to two years in prison for discrediting the army and seen his daughter taken into care, has been detained in Belarus after fleeing house arrest, lawyer Dmitry Zakhvatov told Reuters on Thursday.
The unusually frank call between two Russian socialites and what they said about Putin (The Telegraph) Recording purportedly involves Iosif Prigozhin, a music producer, and Farkhad Akhmedov, an Azerbaijan-born energy billionaire
Attacks, Threats, and Vulnerabilities
Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife (SentinelOne) A sophisticated new toolset is being used to harvest credentials from multiple cloud service providers, including AWS SES and Microsoft Office 365.
Supply Chain Attack Against 3CXDesktopApp (Cybersecurity and Infrastructure Security Agency CISA) CISA is aware of open-source reports describing a supply chain attack against 3CX software and their customers. According to the reports, 3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app.
Hackers compromise 3CX desktop app in a supply chain attack (BleepingComputer) A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack.
3CX: Supply Chain Attack Affects Thousands of Users Worldwide (Symantec) North Korean-sponsored actors believed to be linked to attack that Trojanized several versions of 3CX DesktopApp
3CX VoIP Software Compromise & Supply Chain Threats (Huntress) The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.
Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign (Rapid7) On Wednesday, March 29, 2023, multiple security firms issued warnings about malicious activity coming from a legitimate, signed binary from communications technology company 3CX. The binary, 3CXDesktopApp, is popular video-conferencing software available for download on all major platforms. Several analyses have attributed the threat campaign to state-sponsored threat actors, and security firms have observed malicious activity in both Windows and Mac environments.
3CX users under DLL-sideloading attack: What you need to know (Sophos News) A Trojanized version of the popular VOIP/PBX software is in the news; here’s what hunters and defenders are doing
Supply-chain attack on business phone provider 3CX could impact thousands of companies (Record) In a statement published on the company’s community forum, founder and chief executive Nick Galea confirmed that “the 3CX DesktopApp has a malware in it.”
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware (The Hacker News) Beware of Trojanized TOR installers targeting Russia & Eastern Europe with clipper malware designed to steal cryptocurrencies.
The Most Common Combosquatting Keyword Is “Support” (Akamai) Cybersquatting (aka domain squatting and URL hijacking) is often used during phishing campaigns, identity theft, and malware install attempts.
Azure Vulnerability Disclosure (NetSPI) Learn how NetSPI VP of Research found a cross-tenant compromise in popular Azure automation tool and worked with Microsoft to remediate the issue.
AI chatbots making it harder to spot phishing emails, say experts (the Guardian) Poor spelling and grammar that can help identify fraudulent attacks being rectified by artificial intelligence
Spyware vendors use 0-days and n-days against popular platforms (Google) Google’s Threat Analysis Group (TAG) tracks actors involved in information operations (IO), government backed attacks and financially motivated abuse. For years, TAG has been tracking the activities of commercial spyware vendors to protect users. Today, we actively track more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government backed actors.
Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits (Dark Reading) Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
Google: Spyware campaigns exploiting security holes in Android, iOS (Computing) Highly targeted campaigns are a reminder that 'the commercial spyware industry continues to thrive,' researchers warn
Hackers used spyware made in Spain to target users in the UAE, Google says (TechCrunch) Security researchers say they have seen hackers targeting victims using spyware developed by a Spanish company.
Hack-for-Hire Groups Provide Corporate Espionage (Security Intelligence) Hack-for-hire groups provide corporate espionage and individual attack services targeting journalists, political activists and other high-risk users.
Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife (SentinelOne) A sophisticated new toolset is being used to harvest credentials from multiple cloud service providers, including AWS SES and Microsoft Office 365.
Lumen Technologies says ransomware attack disrupted call centers (Cybersecurity Dive) The company has restored basic services, and is working to get operations fully back to normal.
The Replier Attack (Avanan) Email messages aren’t always what they seem. We talk often about how hackers obfuscate text and code within messages. That can be an effective way to bypass security services.
Toyota scrambles to patch customer data leak (Cybernews) A Japanese multinational accidentally leaked access to its marketing tools, enabling attackers to launch phishing campaigns against its vast pool of customers in Italy.
Toyota Italy leaked sensitive data for over 1.5 years (Cybersecurity Help) The researchers discovered an environment file hosted on the official Toyota Italy website.
What we know about the Latitude Financial hack (ABC) The fallout from the cyber attack on non-bank lender Latitude Financial, which exposed the details of current and former customers, is continuing.
Glenn was a customer of GE Money. Now he's one of millions of Australians caught up in the Latitude hack (ABC) With confirmation that millions of personal data files were stolen in Latitude Financial's cyber hack, customers past and present are growing tired of the company's lack of communication.
Florida city water cyber incident allegedly caused by employee error (GCN) Al Braithwaite, the former city manager of Oldsmar, Florida, said the 2021 episode was not caused by outside hackers but was instead a “non-event” sparked by user error.
What Is LLMNR Poisoning and How Can You Prevent It? (MUO) The Windows PCs connected to your local network could be vulnerable. Should you secure your LLMNR usage or do without the feature entirely?
Ransomware crooks are exploiting IBM file-exchange bug with a 9.8 severity (Ars Technica) If you haven't patched your Aspera Faspex server, now would be an excellent time.
Microsoft Defender mistakenly tagging URLs as malicious (BleepingComputer) Microsoft Defender is mistakenly flagging legitimate links as malicious, with some customers having already received dozens of alert emails since the issues began over five hours ago.
Microsoft Defender is flagging legit URLs as malicious (Register) Those hoping to use nefarious websites like, er, Zoom are overrun by alerts. Redmond 'investigating'
WSJ News Exclusive | Exxon’s Climate Opponents Were Infiltrated by Massive Hacking-for-Hire Operation (Wall Street Journal) A charity created by some Rockefeller heirs is among the groups targeted by hackers. The oil giant hasn’t been accused of wrongdoing.
P&G confirms data breach (Global Cosmetics News) Procter & Gamble has confirmed that several employees have been affected by a data breach of its GoAnywhere MFT file-sharing platform, according to a report published by Bleeping Computer.
Private financial, health information exposed in Meriton data breach (Brisbane Times) The property giant contacted around 1900 staff and guests to inform them their data may have been accessed in the latest cyber incident involving an Australian company.
Understanding Credit Washing: Risks, potential losses and signals associated with this type of First Party Fraud (SentiLink) For financial institutions focused on attacking fraud in all its forms, it’s not enough to think of “identity” through the narrow view of attributes like a consumer’s name, DOB and Social Security number. For most financially active consumers, a key piece of “who you are” is your credit history, as measured by a credit score.
New Research Reveals Millions of Systems Remain Exposed to Known Exploited Vulnerabilities (Rezilion) Rezilion new research finds that although KEV catalog vulnerabilities are frequent targets a attack surface remains due to inaction.
Security Patches, Mitigations, and Software Updates
WSJ News Exclusive | Microsoft Patched Bing Vulnerability That Allowed Snooping on Email and Other Data (Wall Street Journal) The issue was fixed days before the company launched a new AI-powered version of the search engine.
QNAP warns customers to patch Linux Sudo flaw in NAS devices (BleepingComputer) Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability.
BitSight Research Finds Organizations Failing to Keep Pace with the Increase in Cyber Vulnerabilities (BitSight) BitSight, a leader in detecting and managing cyber risk, today unveiled new research which found that the cybersecurity vulnerability remediation rate for over
Trends
Think ransomware gangs won't thrive this year? Think again, experts say (Washington Post) Big majority of the Network expects ransomware to be more dangerous in 2023 than in 2022
Cyber Storm Predicted at the 2023 World Economic Forum (Security Intelligence) The majority of leaders expect a catastrophic cyber event is likely in the next two years. How can organizations weather this cyber storm?
2023 Identity Fraud Study: The Butterfly Effect (Javelin) Dollar losses to identity fraud are decreasing, Javelin’s landmark study shows, but the number of victims of these financial crimes is staying steady.
Latest Salt Security State of API Security Report Shows 400% Increase in Attackers, Finds API Security has Become a C-level Discussion (PR Newswire) Salt Security, the leading API security company, today released the Salt Labs State of API Security Report, Q1 2023. This fifth edition of the...
Laminar - Public Cloud Data Breaches, Shadow Data Concerns Show Steep Rise Over Last 12 Months (Laminar) To tackle skyrocketing cloud data security issues, 97% of organizations now have a dedicated data security team
Inadequate Healthcare Cybersecurity Maturity Jeopardizes Patient Privacy (Health IT Security) CYE found that the healthcare cybersecurity maturity score lags behind other sectors, putting patient privacy and sensitive data at risk due to weak EHR systems, telemedicine, and other security vulnerabilities.
Marketplace
DataDome Closes $42 Million in Series C Funding to Advance the Fight Against Bot-Driven Cyberattacks and Fraud (DataDome) Investment will fund global commercial rollout and R&D efforts to debilitate fraudsters.
Votiro Raises $11.5 Million in Series A Funding (Business Wire) Funds will advance the cloud-based prevention, detection, and analytics of file-borne threats and to accelerate company global expansion.
Cisco To Scoop Up Lightspin In Second Cloud Security Purchase Of 2023 (CRN) Cisco Systems announced plans to acquire cloud security software company Lightspin as the networking giant works to unify its security portfolio through its Cisco Security Cloud platform.
Total Network Services (TNS) Secures $9M in Series A Funding (PR Newswire) Total Network Services (TNS) today announced a $9M Series A investment led by Deal Box Ventures, to accelerate deployment of its Universal...
Right-Hand Cybersecurity raises $5 million to expand its global operations (Help Net Security) The funding will enable Right-Hand Cybersecurity to expand its global operations and Human Risk Management platform.
SCADAfence raises $16 million, adds Fujitsu and Mitsubishi Electric as new investors (CTech) The Israeli startup’s platform enables organizations with complex OT networks to integrate industrial IoT by reducing cyber risks and mitigating operational threats
REPORT: Canadian Cybersecurity Start-ups Collectively Grew Workforce by 72 Per Cent and Fundraised $100 million Amid Global Headwinds (PR Newswire) Rogers Cybersecure Catalyst today announced the release of the Catalyst Cyber Accelerator Report, a benchmark publication tracking the growth of...
Top 6 California companies buying up data brokers (Incogni Blog) Personal information is more valuable than ever, with the data broker industry expected to reach $365.71 billion by 2029.1 It’s a rapidly growing and evolving
Layoff Uncertainty at Meta Makes 2023 a Year of Distraction (The Information) Meta Platforms CEO Mark Zuckerberg has branded 2023 the “year of efficiency” for his employees. But rolling layoffs and restructuring aimed at streamlining the company are proving to be a major distraction for many anxious employees. Most of the 10,000 people to be laid off in the second round ...
Lacework Celebrates Inspiring "Secured by Women" Leaders (PR Newswire) Lacework®, the data-driven cloud security company, today announced five inspirational CISOs and security leaders selected as part of the...
Dig Security Welcomes Team8 Co-Founder Nadav Zafrir as Chairman of the Board (PR Newswire) Dig, the cloud data security leader, today announced that Nadav Zafrir is joining as Chairman of the Board. As Chairman, Zafrir will provide...
Products, Services, and Solutions
Introducing Masked-AI, An Open Source Library That Enables the Usage of LLM APIs More Securely (Cado Security | Cloud Investigation) Cado Security introduces Masked-AI, an open source tool that enables the usage of public LLM APIs such as OpenAI/GPT4 more securely.
RDK Unveils New Wi-Fi Management Software for Broadband Operators (PR Newswire) Newest RDK-B software component designed to unify Wi-Fi software used in residential gateways, access points, and Wi-Fi extenders for advanced Wi-Fi management...
Virtru Announces First Ever FIPS 140-2 Validated JavaScript Cryptographic Module (GlobeNewswire News Room) Virtru brings FIPS 140-2 validated cryptography natively into the browser runtime environment...
Xcitium Awarded AV-TEST Best Advanced Protection 2022 Award under Windows (GlobeNewswire News Room) Xcitium recognized for its state-of-the-art endpoint protection solution for corporate users...
ThreatX Partners with Cyversity and ICIT to Advance Cybersecurity Training Opportunities (Business Wire) ThreatX Providing Cyversity and ICIT Members Access to ThreatX Academy Content at No Cost
OpenText Voltage Data Security Platform Recognized as a Leader by Independent Research Firm (OpenText) OpenText Voltage cited for standing out with data discovery and classification in Data Security Platforms Report
Tanium Delivers Millions of Dollars in ROI, Saves ABB Hundreds of Thousands of Staff Hours, with the Power of Converged Endpoint Management | Tanium (Tanium) Tanium today shared the massive return on investment (ROI) achieved by its customers.
AttackIQ Launches Breach and Attack Simulation-as-a-Service, Delivering Breach and Attack Simulation Solutions to Everyone (Business Wire) AttackIQ Ready! gives security teams a clear portrait of their security program performance, allowing teams to maximize return on investment and operate with greater confidence
Graylog and BitLyft Partner to Deliver Cutting-Edge Managed Detection and Response Solution (Business Wire) Join Forces to Provide Small-to-Midsize Companies with Real-Time Threat Detection and Response Services
Manufacturing Company Saves Big With Rezilion (Rezilion) From complex systems to seamless patching this manufacturing company saves big with Rezilion. This company was using a variety of tools for software security, including multiple tools for SCA and Software Bill of Materials (SBOM) generation. Rezilion’s platform was able to simplify their systems and patching for a huge savings.
Technologies, Techniques, and Standards
Creating Trust in an Insecure World: Strategies for Cybersecurity Leaders in the Age of Increasing Vulnerabilities (BitSight) How cybersecurity leaders can manage an expanding attack surface, increasing vulnerabilities, and growing demands from stakeholders.
Design and Innovation
Pause Giant AI Experiments: An Open Letter (Future of Life Institute) We call on all AI labs to immediately pause for at least 6 months the training of AI systems more powerful than GPT-4.
In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT (WIRED) Tech luminaries, renowned scientists, and Elon Musk warn of an “out-of-control race” to develop and deploy ever-more-powerful AI systems.
Top Tech Talent Warns of AI's Threat to Human Existence in Open Letter (Dark Reading) Elon Musk, Steve Wozniak, and Andrew Yang are among more than 1,000 tech leaders asking for time to establish human safety parameters around AI.
'AI doom' letter sparks a backlash (Computing) Musk-signed moratorium appeal adds to AI hype, aims at the wrong targets and is signed by many of those causing the problems, say opponents
Red Teaming Improved GPT-4. Violet Teaming Goes Even Further (WIRED) Reducing harmful outputs isn't enough. AI companies must also invest in tools that can defend our institutions against the risks of their systems.
Alphabet’s Google and DeepMind Pause Grudges, Join Forces to Chase OpenAI (The Information) OpenAI’s success in overtaking Google with an artificial intelligence–powered chatbot has achieved what seemed impossible in the past: It has forced the two AI research teams within Google’s parent, Alphabet, to overcome years of intense rivalry to work together. Software engineers at Google’s ...
Legislation, Policy, and Regulation
Joint Statement on the Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression (Cybersecurity and Infrastructure Security Agency) The following is the text of a joint statement committed to by the governments of Australia, Canada, Denmark, Estonia, France, Japan, New Zealand, Norway, the United Kingdom, and the United States.
Security by design: incoming UK and EU legislation to tackle cybersecurity risks in IoT devices (JD Supra) In December 2022, the UK Product Security and Telecommunications Infrastructure Act (“PSTI Act”) became law. Along with setting out requirements for...
EU mandated interoperable messaging not so simple: Paper (Register) Digital Market Act interoperability requirement a social challenge as well as a technical one
Latin American companies, governments need more focus on cybersecurity (CSO Online) A new report shows the growing impact cyberattacks have on Latin American economies. Governments and organizations can do more.
U.S. grants Costa Rica government $25M to bolster cybersecurity after ransomware attacks (Axios) The U.S. is increasingly providing assistance to allied nations facing attacks from foreign cyber adversaries.
‘Stone Ghost’ secret intel network may expand to more nations: DIA (C4ISRNet) The system is used to share intelligence among “Five Eyes” partners, but DIA wants the ability to add and remove other users "on the fly."
U.S. touts export curbs on surveillance tools at democracy summit (Nikkei Asia) Participant list shows focus on Africa amid competition for clout with China, Russia
White House Takes Spyware Efforts to the International Stage (Nextgov.com) The Summit for Democracy will launch and fortify several global partnerships aimed at offering some regulation for emerging tech usage.
Under a new law, FDA submissions must prove that medical devices meet cybersecurity standards (Fierce Biotech) Already this year, major medtech makers including BD,
FCC proposes rules to reassess foreign-owned US telecom services authority (Reuters) The head of the Federal Communications Commission (FCC) on Wednesday proposed new rules to periodically reassess existing authorizations for foreign-owned companies to provide telecommunications services in the United States.
CISA director sees progress on hiring at growing agency (Federal News Network) CISA hired hundreds last year, and it plans to hire even more this year, as the agency looks to keep up with a growing stack of cyber responsibilities.
Online voting provider paid for academic research in attempt to sway U.S. lawmakers (CyberScoop) Democracy Live directed academic research to demonstrate its product's security and used that material in lobbying campaigns.
FDIC Seeks Signet Sale, Wants Signature Bank’s Crypto Clients Out by April 5 (Bloomberg) NYCB deal didn’t include Signature’s crypto business. Crypto companies face difficulties accessing bank services.
In creating a new top cyber job, Pentagon seeks outside help (Register) The RAND Corporation will report to the Pentagon on how to best integrate a congressionally mandated assistant secretary of Defense for cyber policy into the department's existing structure.
Litigation, Investigation, and Law Enforcement
The DEA Bought Customer Data from Rogue Employees Instead of Getting a Warrant (Vice) For years the DEA has used paid informants inside airline, bus, and parcel companies to bypass needing to get a warrant. A pair of bipartisan Senators now want the DOJ to put an end to it.
SEC brings charges against Beaxy for not registering as securities exchange (The Block) The SEC brought charges against crypto platform Beaxy on Wednesday as it continues to go after unregistered parts of the crypto industry.
