Dateline Moscow and Kyiv: Leak investigations.
Ukraine at D+410: Static, sanguinary lines. (CyberWire) The war of attrition in the Donbas continues, as do Russian strikes against civilian targets. Leaks and doxing are claimed by both sides--the apparent leaks of US classified material remain under investigation.
Russia-Ukraine war: List of key events, day 411 (Al Jazeera) As the Russia-Ukraine war enters its 411th day, we take a look at the main developments.
Russia-Ukraine war at a glance: what we know on day 411 of the invasion (the Guardian) US assessing impact of alleged leaked intelligence documents as Russian shelling kills more civilians
Russia-Ukraine war live: Russia nearly shot down British spy plane near Ukraine, alleged leaked US document claims (the Guardian) Near miss occurred off coast of Crimea in September 2022, according to apparent leak of Pentagon documents
Fight for Roads Into Bakhmut Has Hit a Stalemate, Ukraine Says (New York Times) Even as Russian forces made some gains in the battered eastern city last week, Ukraine’s forces say they have thwarted Moscow’s efforts to sever supply lines. For now.
Ukrainian frontline troops so short of ammunition they are 'rationing shells' (The Telegraph) Some frontline artillery units are reportedly limited to firing only once or twice a day
Artillery usage could show the future course of the Ukraine war (The Hill) In the war in Ukraine, artillery has emerged as perhaps the signature weapon of war, and that reality is likely to continue for the foreseeable future. By watching trends in its use in the coming w…
Ukraine to cease to exist because it is not needed to anyone, Medvedev says (TASS) Russian Security Council Deputy Chairman called the current Ukrainian state a "misconception, created by the dissolution of the Soviet Union"
Pope Francis appeals to Russians over invasion of Ukraine in Easter message (the Guardian) Pope also calls for dialogue between Israelis and Palestinians, and for freedom of religious expression in Nicaragua
Abducted Ukrainian children rescued from ‘cockroaches and rats’ in Russia (The Telegraph) Children sent to Crimean camps last year say they were ‘treated like animals’ after successful rescue mission
Russia loses election to three UN bodies over Ukraine (AP NEWS) Russia has lost elections to three United Nations bodies, a sign that opposition to its invasion of Ukraine over a year ago remains strong. This week's votes in the 54-member U.N. Economic and Social Council follow approval of six non-binding resolutions against Russia by the 193-member U.N. General Assembly. In the ECOSOC votes Wednesday, Russia was overwhelmingly defeated by Romania for a seat on the Commission on the Status of Women. It lost to Estonia to be a member of the executive board of the U.N. children’s agency UNICEF. And it was defeated by Armenia and the Czech Republic in secret ballot votes for membership on the Commission on Crime Prevention and Criminal Justice.
Video catches moment Putin's speech met with awkward silence as he appears to wait for applause that never comes (Business Insider) Vladimir Putin blamed the United States for the current conflict in Ukraine during his speech, as the US ambassador to Russia awkwardly looked on.
Some Ukrainian Troops Are Still Using Soviet Methods, Despite US Training (Defense One) One year into the conflict, younger officers still strain against older leaders’ ways, military experts note.
Finnish naval officer talks NATO expectations, Russia's conduct at sea and Ukraine conflict's future (Breaking Defense) Commodore Jukka Anteroinen, the chief of staff of the Finnish Navy, talked with Breaking Defense at this week's Sea Air Space symposium outside Washington.
Leaked US battlefield intelligence on Ukraine is fake, says Kyiv (The Telegraph) Pentagon launches investigation into how ‘top secret’ material was published on Russian social media
Russia Claims Leaked Pentagon Intelligence on Ukraine is U.S. Disinformation (US News and World Report) The troubling leak of a U.S. and NATO intelligence assessment that forced a Pentagon investigation is actually an attempt to confuse the Kremlin, a surrogate for Putin says.
Leaked US secret NATO-Ukraine war docs likely altered, say experts (SC Media) As Pentagon investigates leaked classified war documents some are skeptical the documents haven't been tampered with.
Ukraine’s air defences could soon run out of missiles, apparent Pentagon leak suggests (the Guardian) Documents dating from February suggest looming risk to Ukraine’s ability to protect troops and vital sites from Russian airpower
Russia nearly shot down British spy plane near Ukraine, leaked document says (Washington Post) The incident occurred months before a Russian fighter collided with an American MQ-9 drone over the Black Sea
Justice Dept. will investigate leak of classified Pentagon documents (Washington Post) The materials outline a wealth of information about the Ukrainian and Russian militaries, and include highly sensitive analyses about China and other nations
US investigating whether Ukraine war documents were leaked (Military Times) The Justice Department has launched an investigation into the possible release of Pentagon documents that were posted on several social media sites.
U.S. Reviewing Online Appearance Of Sensitive Documents Related To Ukraine, Pentagon Says (RadioFreeEurope/RadioLiberty) The U.S. government is investigating a leak of documents that include details of U.S. and NATO aid to Ukraine.
WSJ News Exclusive | Pentagon Investigates More Social-Media Posts Purporting to Include Secret U.S. Documents (Wall Street Journal) The Pentagon said it is reviewing posts on social media that purport to reveal highly classified U.S. government documents on Ukrainian preparations for a planned spring offensive against Russian forces.
New Details on Intelligence Leak Show It Circulated for Weeks Before Raising Alarm (Wall Street Journal) The secret documents were first posted in January to a small group on a messaging channel that trafficked in memes, jokes and racist talk.
Intelligence leak exposes U.S. spying on adversaries and allies (Washington Post) U.S. and European officials scrambled to understand how dozens of classified documents covering all manner of intelligence gathering had made their way online with little notice
Secret US Documents on Ukraine War Plan Spill Onto Internet: Report (SecurityWeek) Secret documents that provide details of US and NATO plans to help prep Ukraine for a spring offensive against Russia have been leaked
US hit by ‘worst leak of secret documents since Edward Snowden’ (The Telegraph) More than 100 classified items relating to Ukraine, China, the Middle East, the Pacific and terrorism published on social media
How Online Investigators Proved Video of Ukrainian Soldiers Harassing Woman was Staged (bellingcat) A video supposedly showing Ukrainian soldiers harassing a Muslim woman turns out to be filmed deep within Russian-controlled territory.
The Promise and Danger of Declassifying Intelligence for Effect (U.S. Naval Institute) Declassifying intelligence prior to Russia’s February 2022 invasion of Ukraine proved an effective information warfare strategy. But, it is risky and must be employed selectively.
DoJ: Estonian Man Tried to Acquire US-Made Hacking Tools for Russia (SecurityWeek) Andrey Shevlyakov was charged in the US for helping the Russian government and military purchase US-made electronics and hacking tools.
Will Russia use a U.S. reporter as a bargaining chip for its alleged spies? (NBC News) “The Russian intelligence services are under pressure, and they need to show that they are doing something,” said one intelligence expert.
Report: Russia charges Journal reporter with espionage (AP NEWS) Two Russian news agencies says jailed Wall Street Journal reporter Evan Gershkovich has been formally charged with espionage in Russia and has entered an official denial. State news agency Tass and Interfax news agency said Friday that a law enforcement source informed them that Russia’s Federal Security Service officially charged the American journalist. The news outlets didn’t say in what form Gershkovich was charged or when, but generally suspects are presented a paper outlining the accusations. Russian authorities arrested the 31-year-old reporter last week. He is the first U.S. correspondent since the Cold War to be detained for alleged spying. The FSB accused Gershkovich of trying to obtain classified information about a Russian arms factory.
Russia charges US reporter Evan Gershkovich with espionage (The Telegraph) Journalist for The Wall Street Journal is currently kept in solitary confinement for 23 hours a day at the notorious Lefortovo prison
Evan Gershkovich adored life in Russia. Now, the reporter waits in prison. (Washington Post) Inside a Moscow prison, Evan Gershkovich is waiting. He is joking about how the TV in his cell doesn’t carry the matches of his beloved Arsenal F.C., his friends say. And as the American journalist accused of spying remains imprisoned for what could be months or years, he is reading.
Opinion | The Arrest of Evan Gershkovich Is Further Evidence of Putin’s Brutality (New York Times) The detention of a journalist is yet another sign of his willingness to wage all-out war.
The Cold War Mystery The U.S. Military Can’t Afford to Forget (POLITICO) Russia downing a U.S. drone last month wasn’t the first time tensions between the two countries boiled over mid-air.
Putin’s plundered aircraft not our problem, insurance chief says (The Telegraph) Interview: David Howden on dealing with Covid and war insurance claims – and not making kitchens
Attacks, Threats, and Vulnerabilities
MERCURY and DEV-1084: Destructive attack on hybrid environment (Microsoft Threat Intelligence) Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments.
Oops: Samsung Employees Leaked Confidential Data to ChatGPT (Gizmodo) Employees submitted source code and internal meetings to ChatGPT just weeks after the company lifted a ban on using the chatbot.
Hardware giant MSI confirms cyberattack after new ransomware group issues demand (Record) Taiwan-based MSI confirmed an attack through a statement and a regulatory filing. Researchers have attributed the incident to a new group they're calling Money Message.
QUT employees' tax file numbers could have been sold on the internet, but there's no way they can find out (ABC) Hackers accessed nearly 4,000 tax file numbers as well as bank accounts, super details and home addresses in the December cyber attack.
CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Security Patches, Mitigations, and Software Updates
Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days (SecurityWeek) iOS 16.4.1 and iPadOS 16.4.1 patch two vulnerabilities (CVE-2023-28205 and CVE-2023-28206) that have already been exploited in the wild.
About the security content of macOS Ventura 13.3.1 (Apple Support) This document describes the security content of macOS Ventura 13.3.1.
Trends
Report Finds 90% of IT Professionals Have Experienced a Cybersecurity Breach (Skyhigh Security) Global research from Skyhigh Security spotlights cloud data security challenges across key industries, indicating the need for stronger security controls
The Data Dilemma: Cloud Adoption and Risk Report (Skyhigh Security) The challenge of protecting data that is used, shared, and stored beyond the corporate network, beyond endpoint devices, and throughout...
XM Cyber Research Finds Small Number of Exposures Put More Than 90% of Critical Assets at Risk (PR Newswire) XM Cyber, the leader in hybrid cloud security, today released the findings of its second annual research report, Navigating the Paths of Risk:...
Opinion: the cyber “wild west”: How do we monitor the chaos? (Review) On Feb. 10, experts from the United Nations released a report detailing cyberattacks potentially sponsored by North Korea. The hackers targeted the American and South Korean healthcare industries, as well as their critical infrastructure.
Marketplace
The Week’s 10 Biggest Funding Rounds: HeartFlow And Cybereason Lead Another Down Week (Crunchbase News) For the third week in a row, rounds were down in the U.S. Only two rounds hit nine figures, and we wonder if there are other factors than SVB's collapse.
FREQUENTIS Strengthens Cyber Security Competence With The Acquisition Of FRAFOS (Security Informed) "Software solutions in virtualized environments require enhanced security and network monitoring, to protect against potential cyber-attacks. With FRAFOS we have found an expert in VoIP Firewalls to support us in our solutions for safety-critical domains, allowing advanced prevention of denial-of-service attacks (DoS) and fraud attempts on the border of communication networks,” says Norbert Haslacher, CEO of Frequentis.
Keeper Security and KnowBe4 Sponsor European Cybersecurity Blogger Awards 2023 (IT Security Guru) The European Cybersecurity Blogger Awards 2023 are back for a tenth successive year. This year’s sponsors include KnowBe4, provider of the leading security aw
TikTok Struggles to Enlist U.S. Merchants for Shopping Service (The Information) As TikTok tries to win over U.S. politicians, it may have kneecapped its shopping service, TikTok Shop. Relatively few U.S. merchants are showing interest in signing up for the nascent service, both because they’re more focused on expanding in bricks and mortar and because they’re concerned the ...
WatchGuard appoints HoJin Kim as new SVP and chief revenue officer (IT PRO) The channel veteran will lead WatchGuard’s global sales organisation as it looks to its next phase of growth
Orca Security Appoints James Love as President of Field Operations (Business Wire) Former Illumio, Arxan Technologies and Imperva Global Sales Leader Brings Over 25 Years of Experience Driving Channel-Led Hypergrowth
Products, Services, and Solutions
What Is Personal Cyber Insurance—and Should You Buy It? (Wall Street Journal) Before you do, make sure you know the answers to these common questions.
1Kosmos integrates with ForgeRock to add biometric passwordless authentication to apps (Help Net Security) ForgeRock customers can now seamlessly integrate 1Kosmos BlockID into all their user journeys without any coding.
IONIX Wins Best Attack Surface Management (ASM) Solution in the 2023 Cybersecurity Excellence Awards Program (PR Newswire) IONIX, the leader in Attack Surface Management, announced today that it has won the Best Attack Surface Management (ASM) solution award in the...
Technologies, Techniques, and Standards
How New York City is training cyber liaisons in agencies (StateScoop) On the Priorities podcast, New York City CISO Kelly Moan says the city’s Cyber Academy taught 21 city workers to serve as cyber liaisons.
Design and Innovation
Ambient computing is coming; security teams may not be ready (VentureBeat) We've already welcomed smart devices into our homes and lives. Ambient computing is just the next step — but it comes with security risks.
Company that launched 2FA is pioneering AI for digital identity (TechRepublic) Joe Burton, CEO of digital identity company Telesign, discusses how AI can fuel global, fast, accurate identity.
In A.I. Race, Microsoft and Google Choose Speed Over Caution (New York Times) Technology companies were once leery of what some artificial intelligence could do. Now the priority is winning control of the industry’s next big thing.
Behind the curtain: what it feels like to work in AI right now (Substack) Fear, FOMO, and the scientific exodus driven by ChatGPT
Why ChatGPT and Bing Chat are so good at making things up (Ars Technica) A look inside the hallucinating artificial minds of the famous text prediction bots.
Bad Actors Will Use Large Language Models — but Defenders Can, Too (Dark Reading) Security teams need to find the best, most effective uses of large language models for defensive purposes.
Legislation, Policy, and Regulation
Japan launches new intel division for economic security (The Japan Times) Japan's office for economic security was upgraded to a division in the agency's organizational reform for fiscal 2023, which began this month, according to sources.
China and the U.S. Are Struggling Over Data Security. A Breaking Point May Be Near. (Barron's) Advancements in artificial intelligence have kicked a geopolitical obsession with the data economy into high gear, writes Reva Goujon.
Internet access must become human right or we risk ever-widening inequality (University of Birmingham) We're so dependent on the internet to exercise our socio-economic human rights that online access must be considered a basic human right.
Defense contractors must prepare for ‘trust but verify’ era (C4ISRNet) The upcoming contract requirement known as the DFARS 7021 clause adds a “trust but verify component” to existing federal contract data protection.
CrowdStrike Congressional Testimony: 5 Recommendations to Secure the Public Sector (CrowdStrike) This blog offers guidance for public sector organizations to improve their cybersecurity, defend against the threats of today and prepare for the threats of tomorrow.
Bill to strengthen privacy of health data passes state House, Senate (KING 5) If the House concurs on the bill and the Governor signs it into law, it would break new ground on privacy law in Washington.
Litigation, Investigation, and Law Enforcement
US weighs action against Russian cybersecurity firm Kaspersky Lab -WSJ (Reuters) The U.S. Department of Commerce is weighing an enforcement action against Russian cybersecurity company Kaspersky Lab, the Wall Street Journal reported on Friday citing people familiar with the matter.
WSJ News Exclusive | Biden Administration Weighs Action Against Russian Cybersecurity Firm (Wall Street Journal) The potential action against Kaspersky Lab could become a model for similar action against TikTok or other Chinese-controlled technologies.
Ex-Wells Fargo executive Carrie Tolstedt shows up in court (American Banker) Carrie Tolstedt, the former Wells Fargo executive facing criminal charges for the phony accounts scandal, entered a "not guilty" plea at an arraignment hearing Friday afternoon.