Dateline Moscow and Kyiv: milblogging, assassination, and internal dissent.
Ukraine at D+403: A journalist remains under arrest. A milblogger is assassinated. (CyberWire) A prominent Russian pro-war blogger was killed in a bombing at a St. Petersburg cafe yesterday. Bakhmut remains contested.
Russia-Ukraine war: List of key events, day 404 (Al Jazeera) As the Russia-Ukraine war enters its 404th day, we take a look at the main developments.
Russia-Ukraine war live: Moscow to station nuclear weapons near Belarus’s western border, envoy says (the Guardian) Finland to become latest member of alliance next week; military commander says ‘they have not captured anything and are very far from doing that’
Russia-Ukraine war at a glance: what we know on day 403 of the invasion (the Guardian) ‘Absurd and destructive’ that Russia chairs security council , says Zelenskiy; top US general Milley says Ukraine unlikely to expel Russian forces this year
Russia-Ukraine War: Will There Be a Spring Counteroffensive? (Military.com) Here’s a look at how the fighting has evolved and how the spring campaign might unfold.
Russian Shelling Kills Six in Ukraine as Zelensky Criticizes Moscow’s U.N. Role (Wall Street Journal) The attack came a day after Russia took the monthlong rotating presidency of the U.N. Security Council, a development Ukraine’s president said harmed the body’s credibility.
Bomb kills Russian war blogger in St Petersburg cafe (Reuters) A leading Russian official pointed the finger at Ukraine, without providing evidence.
Influential Russian Military Blogger Is Killed in St. Petersburg Bombing (New York Times) Vladlen Tatarsky represented a radical wing of pro-invasion bloggers and activists who backed Moscow’s war but also criticized what they saw as the flaws in the Russian Army.
Russia pro-war blogger ‘killed in explosion in St Petersburg’ (the Guardian) Russian news agency reports Vladlen Tatarsky died in blast that also injured at least 16 people
‘War blogger’ Vladlen Tatarsky killed in explosion in a Petersburg cafe (Meduza) An explosion occurred on the evening of April 2 in the St. Petersburg cafe Street Food Bar No. 1, reports Interfax, citing local emergency services. The explosion killed one person and injured another 15. “According to the latest information, a gas cylinder may have exploded in the cafe,” said emergency services. There was no fire following the explosion.
Darya Trepova detained over killing of pro-Kremlin blogger Vladlen Tatarsky (BBC News) A 26-year-old woman is held after Vladlen Tatarsky died in an explosion at a St Petersburg cafe.
Russia blames Ukraine for bomb that killed military blogger (AP NEWS) Russian authorities blamed Ukrainian intelligence agencies for orchestrating a bombing at a St. Petersburg cafe that killed a Russian military blogger who fervently supported Moscow’s invasion of Ukraine. They also arrested a suspect in the attack. Ukrainian authorities did not directly respond to the accusation of involvement but President Volodymyr Zelenskyy said he doesn’t think about events in Russia. A senior Ukrainian official described the bombing as part of Russia’s internal turmoil. Officials said Vladlen Tatarsky was killed Sunday as he was leading a discussion at the cafe on the banks of the Neva River in the historic heart of Russia’s second-largest city. Tatarsky had filed regular reports from the front lines in Ukraine.
Surrounded and outgunned, Ukraine’s tank crews prepare for battle of Bakhmut (the Guardian) Western armour has begun to arrive – but many troops will still have to make do with old Soviet machines in the long-awaited counteroffensive
Bucha: Colour returns to site of war’s worst atrocities on anniversary of liberation (The Telegraph) Huge regeneration project makes swift progress with homes rebuilt and streets repaved as residents pay their respects in vigil
Russia Is Waging War on Ukraine’s Hospitals (WIRED) Missiles, mines, and supply shortages are testing the resilience of Ukraine’s medical staff, but they won’t back down.
The First World War tactic helping Ukraine fight a modern conflict (The Telegraph) Trench warfare is synonymous with the front lines of the Great War, but today they offer a vital defence against Russia’s troops
Preliminary Lessons from Russia’s Unconventional Operations During the Russo-Ukrainian War, February 2022–February 2023 (Royal United Services Institute) An early analysis of the evidence sheds light on Russia's unconventional operations in its war against Ukraine.
Munitions, anti-tank rockets in next $2.6 bln US pledge for Ukraine -sources (Reuters) A new $2.6 billion U.S. military aid package that could include air surveillance radars, anti-tank rockets and fuel trucks for Ukraine's fight against Russia is expected to be announced as soon as Monday, three U.S. officials said on Friday.
Ukraine Victory Unlikely This Year, Milley Says (Defense One) “I'm not saying it can't be done. I'm just saying it's a very difficult task,” says top U.S. general.
Ukraine Calls Russia’s UN Security Council Presidency ‘Slap In The Face’ (RadioFreeEurope/RadioLiberty) Ukraine expressed outrage as Russia assumed its month-long presidency of the UN Security Council on April 1.
Russia will never recover from this devastating collapse (The Telegraph) Moscow’s assumption of the chair of the Security Council shows what a parody the UN has now become
Putin's nuclear war threat: ‘The bullseye he’s aiming for is fear' | Defence in Depth (The Telegraph) We know that when the Russian army fails on the battlefield, the state rattles a tired nuclear sabre
Russia Might Put Strategic Nukes in Belarus, Leader Says (Military.com) The president of Belarus says Russian strategic nuclear weapons might be deployed in his country along with part of Russia’s tactical nuclear arsenal.
Opinion | Why Do Russians Still Want to Fight? (New York Times) The war in Ukraine may be a horror, but it’s also an opportunity.
'Empty Promises': Wives Of Russian Soldiers Fighting In Ukraine Say Pay Is Not What Was Promised (RadioFreeEurope/RadioLiberty) More and more Russian soldiers fighting in Ukraine are complaining of not receiving their salaries on time, in full, or at all, leaving their wives at home to struggle with getting by and, in many cases, raising kids.
‘My country has fallen out of time’: Russian author Mikhail Shishkin’s letter to an unknown Ukrainian (the Guardian) A year after Putin’s invasion, the award-winning novelist reflects on the silence of his compatriots, the betrayal of his mother tongue, and his hopes for the future
Putin, Law, and Power (Wilson Center) The arrest warrant for Putin’s war crimes can be seen as a framing of attitudes toward Putin in much of the world. It is a shift from words (condemnation) and deeds (assistance to Ukraine) to a legal assessment.
Russia's President Vladimir Putin could be a 'dead man walking,' a former CIA counterintelligence chief told an interviewer (Business Insider) Due to the vast loss of life suffered by Russia's troops, there is a "strong undercurrent of opposition to Putin," James Olson told The Sun.
Blundering on the Brink (Foreign Affairs) The secret history and unlearned lessons of the Cuban missile crisis.
Welcome to NATO: Finland clears Turkish hurdle, will join military alliance in coming weeks (Breaking Defense) Sweden, meanwhile, remains on the outside looking in, as Turkey and Hungary have not moved to approve its membership.
Xi’s Moscow Visit Was More Than a Symbolic Victory for Putin (World Politics Review) Xi Jinping’s visit to Moscow and meeting with Putin made clear that China-Russia relations will only grow stronger.
Political Competition in Wartime Ukraine (Wilson Center) Ukraine continues manifesting its hardiness under the least favorable conditions.
The Ukrainian hoax that revealed the Russian pilots who bombed Mariupol theatre (The Telegraph) Hackers trick bombers' spouses into posing for military wives calendar
Ukrainian Hacktivists Trick Russian Military Wives for Personal Info (HackRead) Follow us on Twitter @Hackread - Facebook @ /Hackread
America’s Looming Munitions Crisis (Foreign Affairs) How to fill the missile gap.
The Russo-Ukrainian war and the illegal arms trade (Global Initiative) This report explores the current situation in Ukraine in terms of the spread of weapons into non-state hands and clandestine supply chains. It considers the prospects for more serious levels of proliferation after the end of hostilities, and makes practical recommendations for Ukraine and its foreign partners.
The U.S. imposes sanctions on a Slovakian accused of trying to broker a Russia-North Korea arms deal. (New York Times) A White House spokesman said the man would be in violation of several U.N. Security Council resolutions.
Blinken: Russia must immediately free 2 detained Americans (AP NEWS) The State Department says Secretary of State Antony Blinken urged his Russian counterpart, in a rare phone call between the diplomats since the Ukraine war, to immediately release a Wall Street Journal reporter who was detained last week as well as another imprisoned American, Paul Whelan. In the call with Russian Foreign Minister Sergey Lavrov, Blinken conveyed “grave concern” over the Kremlin’s detention of journalist Evan Gershkovich on espionage allegations, according to a State Department summary. Blinken called for his immediate release. Blinken also sought the immediate release of Whelan, a Michigan corporate security executive. He's been imprisoned in Russia since December 2018 on espionage charges that his family and the U.S. government have said are baseless.
My friend Evan Gershkovich is no spy. Just a brave reporter jailed in Moscow | Pjotr Sauer (the Guardian) The US journalist arrested last week is the first to be accused of espionage in Russia since the cold war
Attacks, Threats, and Vulnerabilities
Fake ransomware gang targets U.S. orgs with empty data leak threats (BleepingComputer) Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.
More evidence links 3CX supply-chain attack to North Korean hacking group (Record) Researchers at Sophos added more evidence to back up what CrowdStrike suspected about the hack on 3CX: The software supply-chain intrusion appears to be the work of the hacking operation known as Lazarus Group.
3CX supply chain attack: the unanswered questions (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
3CX Desktop App Compromised (CVE-2023-29059) (Fortinet Blog) FortiGuard Labs highlights how a digitally signed 3CX desktop app was reportedly used in a supply chain attack against 3CX Voice over Internet Protocol (VoIP) customers. Check back for analysis and…
LockBit leaks data stolen from the South Korean National Tax Service (Security Affairs) The LockBit ransomware gang announced the publishing of data stolen from the South Korean National Tax Service. On March 29, 2023, The Lock Bit ransomware gang announced the hack of the South Korean National Tax Service. The group added the South Korean agency to its Tor leak site and announced the release of stolen data […]
New Cylance Ransomware Targets Linux and Windows, Warn Researchers (HackRead) For now, Cylance ransomware is still in its early stages, yet it has already claimed several victims.
New Cylance Ransomware strain emerges, experts speculate about its notorious members (IT PRO) The emerging threat actor shares the name of Blackberry's cyber security spinoff for unknown reasons
‘Tactical Octopus’ hackers using tax-related phishing scams to spread malware (Record) A group of hackers known as TACTICAL#OCTOPUS are using tax-related email lures to spread dangerous malware.
Lewis & Clark College cyberattack claimed by notorious ransomware gang (Record) The Vice Society cybercrime group took credit for the attack, posting samples of passports as well as documents that included Social Security numbers, insurance files and W-9 forms.
Failed IT systems at Capita fuel fears of cyber-attack on crucial NHS provider (the Guardian) Staff unable to access computers and local authority phone lines knocked out as outsourcing giant investigates possible data breach
Staff at NHS outsourcer Capita locked out of computers amid cyber attack fears (The Telegraph) Company that collects BBC licence fee investigating issue that left staff unable to log in
Capita hit by IT meltdown fuelling fears of cyber attack (Proactiveinvestors UK) Shares in Capita PLC (LSE:CPI) (Capita PLC (LSE:CPI)) have fallen after reports the outsourcing group is experiencing a major IT incident. The Times...
Large Alabama school system hit by ransomware attack (WVTM) Officials do not believe there was a breach of sensitive information from Jefferson County Schools.
Jefferson County Schools hit with ransomware attack (WBMA) Jefferson County Schools says
Maryland Hospital Reveals 30K Individuals Impacted by Ransomware Attack (Health IT Security) Atlantic General Hospital disclosed that a January ransomware attack tied to reported IT outages also potentially impacted the PHI of over 30,000 patients.
A hacker ripped me off for $10,000. The scam turned out to be brilliant — and terrifying. (Business Insider) Verizon, Chase, and the police were all useless when my identity got hacked. Then Psycho Bunny came to the rescue.
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Update for Thunderbird 102.9.1 (Cybersecurity and Infrastructure Security Agency CISA) Mozilla has released a security update to address vulnerabilities in Thunderbird 102.9.1. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Samba Releases Security Updates for Multiple Versions of Samba | CISA (Cybersecurity and Infrastructure Security Agency CISA) The Samba Team has released security updates addressing vulnerabilities in multiple versions of Samba. An attacker could exploit these vulnerabilities to take control of an affected system.
You Need to Update to Apple iOS 16.4 for More Than a Goose Emoji (WIRED) Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.
The State of Patch Management in the Digital Workplace Report (Adaptiva) The most recent Ponemon Institute report paints a grim picture of enterprise patching. Read the report to hear from 660+ IT practitioners.
Trends
State and Local Governments Struggle to Defend Against Ransomware and Business Email Compromise (KnowBe4) State and Local Governments Struggle to Defend Against Ransomware and Business Email Compromise
Marketplace
Aqua Security Doubles Channel-Driven Revenue Year Over Year (Aqua) Aqua Security doubled channel-driven revenue year over year. This growth follows the launch of a new partner program, Aqua Advantage.
JFrog Welcomes Seasoned Technology and Security Leader Aran Azarzar as Chief Information Officer (JFrog) Appointment helps bolster the company’s existing executive technical leadership, solidifying its commitment to operational excellence, business infrastructure systems resilience, security, and scalability
Products, Services, and Solutions
New infosec products of the week: March 31, 2023 - Help Net Security (Help Net Security) The featured infosec products this week are from: BreachLock, HackNotice, LOKKER, Nile, and Tausight.
Everlaw is Approved by Virginia IT Agency as Ediscovery Vendor (PR Newswire) Everlaw, the cloud-native investigation and litigation platform, announced today it has been selected and approved by The Virginia Information...
Network Perception and GrayMatter Partner to Deliver OT Cybersecurity Solutions for Administrators of Critical Infrastructure (Business Wire) Network Perception, innovators of operational technology (OT) solutions that protect mission-critical assets, today announced a distribution agreement with GrayMatter, a technology and consulting company committed to transforming operations and empowering people in critical infrastructure environments.
How AWS Wickr's encryption service is helping at-risk Afghan citizens (US About Amazon) For a nonprofit that needs secure communications as it works to evacuate at-risk Afghan citizens, AWS Wickr provides an encrypted lifeline.
Palo Alto Networks Recognised by the German Federal Cybersecurity Authority as a Trusted Partner to Government Institutions and Critical Infrastructure Operators (Palo Alto Networks) German Federal Office for Information Security (BSI) lists Palo Alto Networks as a Qualified APT Response Service Provider
EQT and Context Labs Announce Strategic Partnership (Context Labs) New Collaboration Will Enable Greater Trust and Transparency in the Tracking, Reporting and Verification of Critical Emissions Data
Sonatype Launches New Partner Acceleration Program to Help Partners Scale and Secure their Customers’ Software Supply Chains (Sonatype) Sonatype announces a new Partner Acceleration Program, offering partners a wider range of benefits and increased go-to-market value.
Obsidian Security Unveils Next-Gen SaaS Security Posture Management (SSPM) Solution Bringing Together Security and Compliance Teams for Enterprise Risk Reduction and Continuous Compliance Monitoring (Business Wire) Obsidian Next-Gen SSPM will include three modules that together help organizations reduce third-party SaaS integration risk by over 80% and map technical controls in SaaS to regulatory requirements 90% faster.
Design and Innovation
The race to develop AI is out of control – and as dangerous as the Manhattan Project (The Telegraph) Like the creation of the atomic bomb, artificial intelligence will change everything – the problem is we just don’t know how
ChatGPT is about to revolutionize the economy. We need to decide what that looks like. (MIT Technology Review) New large language models will transform many jobs. Whether they will lead to widespread prosperity or not is up to us.
Twitter reveals some of its source code, including its recommendation algorithm (TechCrunch) As promised by CEO Elon Musk, Twitter has open sourced a portion of the source code powering various parts of the social network.
Google updates Bard to better answer math and logic questions, coding coming soon (9to5Google) To date, Bard has used the LaMDA model focused on conversational dialogue, and Google is now incorporating PaLM for improved math and...
Search Has Its Goliath. Could Richard Socher Be Its David? (The Information) On a rare rain-free afternoon this spring, Richard Socher stood atop a hill, surveying the direction of the wind. The wind often interests Socher, the 38-year-old co-founder and CEO of search engine You.com, because in his spare time he likes to fly around on a paramotor, a parachute-like ...
Twitter's algorithm specifically tracks how Elon Musk's tweets are doing (Mashable) Musk said he had no idea it was doing that!
Space Force major to Pentagon: Mine Bitcoin! (POLITICO) Maybe Bitcoin isn’t really internet money. Maybe it’s a weapon for waging a new form of 21st-century cyber warfare.
Research and Development
Inside the bitter campus privacy battle over smart building sensors (MIT Technology Review) These computer scientists were trying to create privacy-preserving smart sensors. But then they were accused of violating their colleagues’ privacy.
Academia
UNCP earns cyber designation from the National Security Agency (Robesonian) The National Security Agency (NSA) — the nation’s leading cybersecurity agency — has designated The University of North Carolina at Pembroke as a National Center of Academic Excellence in…
Legislation, Policy, and Regulation
ChatGPT Banned in Italy Over Data-Privacy Concerns (Wall Street Journal) Privacy regulator’s order calls on OpenAI to suspend processing the data of Italian users, which could effectively mean OpenAI must block access to its chatbot from Italy.
Italian privacy regulator bans ChatGPT (POLITICO) Calls have grown to suspend new releases of popular AI tool.
ChatGPT privacy and safety concerns lead to temporary ban in Italy (Record) Open AI, the company that owns ChatGPT, does not alert people that it is collecting their data and lacks age verification for users, Italian officials said.
Pentagon cyber policy post may stay unfilled during review (C4ISRNet) Rep. Mike Gallagher said he was disappointed by the timing, citing "many conversations" he's had that indicate an appetite for quick confirmation.
Litigation, Investigation, and Law Enforcement
China Opens Cybersecurity Probe of Micron Amid Competition With U.S. Over Technology (Wall Street Journal) The move is likely to put global firms operating in China further on edge at a time of escalating tension between Beijing and Washington.
A Front Company and a Fake Identity: How the U.S. Came to Use Spyware It Was Trying to Kill. (New York Times) The Biden administration has been trying to choke off use of hacking tools made by the Israeli firm NSO. It turns out that not every part of the government has gotten the message.
BetterHelp shared customer data while promising it was private, says FTC (The Verge) The company shared data with companies like Facebook and Snapchat.
DISH slapped with multiple lawsuits after ransomware cyber attack (BleepingComputer) Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day "network outage." The legal actions aim to recover losses faced by DISH investors who were adversely affected by what has been dubbed a "securities fraud."