Dateline
Ukraine at D+411: US leaks remain under investigation. (CyberWire) Governments continue to focus on the provenance and implications of the US intelligence documents, many of them having to do with Russia's war against Ukraine, that leaked into Discord servers.
Russia-Ukraine war: List of key events, day 412 (Al Jazeera) As the Russia-Ukraine war enters its 412th day, we take a look at the main developments.
Russia-Ukraine war at a glance: what we know on day 412 of the invasion (the Guardian) Leaked US documents appear to indicate Egypt was planning to covertly supply Russia weapons; US says reporter Evan Gershkovich ‘wrongfully detained’
Ukraine Says Russia Is Using ‘Scorched Earth’ Tactics in Bakhmut (Wall Street Journal) A top Ukrainian military commander described the situation in the city, where Ukrainian forces have been largely pushed out of its center, as “difficult but under control.”
'More comfortable than a Rolls-Royce': Ukrainian tank drivers eagerly await Western rides (Los Angeles Times) As anticipation builds for a counteroffensive, Ukrainian forces are desperate to lay their hands on Western tanks that could help turn the war's tide.
Biden administration doesn't know extent of classified Pentagon document leak (CBS News) NSC spokesman John Kirby said the administration doesn't know whether the national security threat has been contained.
Ukraine ‘alters counter-offensive plans’ after Pentagon leak (The Telegraph) Ukrainian air force spokesman says, ‘We need jets here, and now’, as leaked documents raise fresh questions over RAF Black Sea incident
Ukraine had to change military plans because of US Pentagon leak, source says (CNN) Highly classified Pentagon documents leaked online suggest key weaknesses in Ukrainian weaponry, air defense, and readiness, and reveal US penetration of Russia's Defense Ministry and the mercenary organization Wagner Group.
Leaked Pentagon documents claim that hackers breached a Canadian gas network. Here’s what to know. (Washington Post) Hackers claimed to have breached a Canadian pipeline. Their assertions lie somewhere between dangerous and doubtful.
Pro-Russia Hackers Say They Breached Canadian Pipeline, but Experts Are Skeptical (Wall Street Journal) Leaked Pentagon documents show hackers bragged to Russia’s FSB about allegedly compromising industrial control systems at an unnamed Canadian gas-pipeline operator.
Leaked US intel: Russia operatives claimed new ties with UAE (AP NEWS) A leaked document suggests U.S. spies caught Russian intelligence officers boasting that they had convinced the oil-rich United Arab Emirates “to work together against US and UK intelligence agencies." The purported document was posted online as part of a major U.S. intelligence breach. U.S. officials have declined to comment on the document, which had top-secret markings and was viewed by The Associated Press. The Emirati government dismissed the allegations that the UAE had deepened ties with Russia as “categorically false.” But the allegation comes at a time of growing U.S. concerns about companies in the UAE helping Russia thwart international sanctions imposed over Russia’s invasion of Ukraine.
Egypt secretly planned to supply rockets to Russia, leaked U.S. document says (Washington Post) President Abdel Fatah El-Sisi in February planned to produce 40,000 rockets for Russia and instructed officials to keep production and shipment secret ‘to avoid problems with the West’
How the Latest Leaked Documents Are Different From Past Breaches (New York Times) The freshness of the documents — some appear to be barely 40 days old — and the hints they hold for operations to come make them particularly damaging, officials say.
How U.S. friends and foes have responded to leaked Pentagon documents (Washington Post) Washington’s appetite for intelligence on friends and adversaries alike is well known to foreign governments — and should they ever forget, periodic leaks of classified information serve to remind them.
Pentagon leaks: US seeks to mend ties after claims Washington spied on key allies (the Guardian) Defence secretary speaks to South Korean counterpart after leak suggesting US was spying on Seoul’s internal discussions on arms sales
Pentagon Probe Under Way in Leaks Case (Wall Street Journal) A Pentagon team is looking into how the purported classified documents were exposed, as the U.S. seeks to contain diplomatic fallout.
Pentagon assessing damage after 'highly classified' US secrets leaked online (Breaking Defense) “The Department of Defense is working around the clock to look at the scope and scale of the distribution, the assessed impact and our mitigation measures,” said Chris Meagher, the assistant to the secretary of defense for public affairs.
The Pentagon’s Purported Classified-Document Leak: The Biggest Takeaways and Questions So Far (Wall Street Journal) The U.S. is seeking to assess the damage from an intelligence breach after officials discovered images of purportedly classified U.S. documents circulating online.
The ongoing scandal over leaked US intel documents, explained (Vox) What you need to know about those top-secret files that got posted on Discord.
Leaked documents a 'very serious' risk to security: Pentagon (AP NEWS) The Pentagon says online leaks of scores of highly classified documents about the Ukraine war present a “very serious” risk to national security and senior leaders are quickly taking steps to mitigate the damage. In the days since Defense Secretary Lloyd Austin became aware of the leaks, he's reached out to top allies, convened daily meetings to assess the damage and set up a group not only to assess the scope of the information lost but review who has access to those briefings. And as the public airing of the data sends shockwaves across the U.S. government, the White House says there are concerns there could be additional leaks.
The Discord servers at the center of a massive US intelligence leak (CyberScoop) The intelligence files related to the Ukraine war that appeared online aren't the first sensitive military documents shared on video game forums.
Social-Media Platform Discord Emerges at Center of Classified U.S. Documents Leak (Wall Street Journal) The company started as an online space for gamers to gather and has grown to attract all sorts of users.
Why Leaked Pentagon Documents Are Still Circulating on Social Media (New York Times) Twitter and the social media platform Discord have policies about how they would handle the material. But those rules have gray areas and can be unevenly enforced.
Clues Left Online Might Aid Leak Investigation, Officials Say (New York Times) A large number of people potentially had access to the Pentagon intelligence documents posted on social media.
KillNet Claims Creating Gay Dating Profiles with NATO Logins (HackRead) KillNet claims it carried out cyberattacks that resulted in the “paralysis” of 40% of NATO’s electronic infrastructure.
The Russians Took Their Children. These Mothers Went and Got Them Back. (New York Times) Making a nerve-wracking 3,000-mile journey from Ukraine, into Russia-occupied territory, and back again, a group of mothers managed to recover their children from the custody of the Russian authorities.
Attacks, Threats, and Vulnerabilities
GuLoader Targeting the Financial Sector Using a Tax-themed Phishing… (eSentire) Learn more about a new cyber threat, the GuLoader malware, and get security recommendations from our Threat Response Unit (TRU) to protect your business from this cyberattack.
Supporters of Indian separatists using Twitter bots to promote violence (Washington Post) The messages are too numerous for Twitter’s reduced moderation teams to delete
Threat Actor Spotlight: RagnarLocker Ransomware (Sygnia) The Windows DPAPI mechanism is exploited by attackers to extract data.
Defenders can replace their DPAPI backup key to fully remediate their organization.
From ChatGPT to RedLine Stealer: The Dark Side of OpenAI and Google Bard (Veriti) The rise of malware-as-a-service campaigns leveraging OpenAI ChatGPT and Google Bard platforms and strategies to mitigate the risks.
TN IPS officer flags 'serious data breach issue' on Twitter (DT next) CHENNAI: A Tamil Nadu cadre IPS (Indian Police Service) officer has flagged an alleged data breach after he placed an order on an online cosmetic shopping porta
Attackers are starting to target .NET developers with malicious-code NuGet packages (JFrog) Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically – there was no public evidence of severe malicious activity in the NuGet repository other than spam packages used for spreading phishing links. As with other repositories, the JFrog Security Research team regularly monitors the …
Analysis of the First NuGet (.Net) Malicious Package Attack (JFrog) Analyzing Impala Stealer, a custom crypto stealer, and the payload of the first NuGet malicious package attack on .net developers
Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. (CyberScoop) Statements from the FBI and former Oldsmar city manager indicate what happened at the plant may not have been the work of an outside hacker.
FBI warns of public 'juice jacking' charging stations that steal your data. How to stay protected (ZDNET) Public power outlets are being illegally modified to steal your phone's data, the FBI suggests. I walk you through options to keep your information safe.
Juice jacking: FBI warns against using free charging stations at airports, hotels, shopping centers (ABC7 Chicago) According to the FBI, hackers have figured out how to use public USB ports to install malware and monitor software on your device.
FBI warns against using public phone charging stations (CNBC) The law enforcement agency said bad actors had figured out how to infect phones with malware using public charging cables.
Hikvision Alerts Technology Partners to Vulnerability in Some Products (Security Sales & Integration) Hikvision has issued a notice to its technology partners about a vulnerability in some Hikvision Hybrid SANcluster storage products.
Massive Balada Injector campaign attacking WordPress sites since 2017 (BleepingComputer) An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor that researchers named Balad Injector.
KFC, Pizza Hut owner discloses data breach after ransomware attack (BleepingComputer) Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed number of individuals whose personal information was stolen in a January 13 ransomware attack.
SD Worx shuts down UK payroll, HR services after cyberattack (BleepingComputer) Belgian HR and payroll giant SD Worx has suffered a cyberattack causing them to shut down all IT systems for its UK and Ireland services.
Scope of CommonSpirit massive data breach is revealed (Crain's Chicago Business) The full extent of last year's ransomware attack, which involved more than 600,000 patients, is now known.
Tennova patients' personal data leaked after Community Health Systems software breach | ClarksvilleNow.com (ClarksvilleNow.com) Between January 28 and January 30, 2023, an unauthorized party accessed personal information on CHS's system, according to Fortra, LLC, a hired cyber security company.
Reports of Data Breach at PharMerica Corporation Leave Customers Worried About Their Personal Information (JD Supra) On April 8, 2023, reports of a PharMerica Corporation data breach began to surface after the Money Message ransomware group added PharMerica to its...
HawaiiUSA Federal Credit Union Confirms Recent Data Breach Affected Over 20k Customers (JD Supra) On April 7, 2023, HawaiiUSA Federal Credit Union (“HawaiiUSA”) filed a notice of data breach with the Attorney General of Maine after a cybersecurity...
Minnesota school district cancels classes for 42 schools after alleged cyberattack (Record) A public school system in Rochester, Minnesota announced this weekend that it was canceling classes at all 42 schools it operates on Monday after it was hit by a suspected cyberattack that began late last week.
Rochester Public Schools to close Monday after possible cyber attack (FOX 9 Minneapolis-St. Paul) Rochester Public Schools will be closed Monday due to a possible cyber attack. The district plans to re-open Tuesday with reduced network access.
Amazon sends warning and tells customers 'check 'your orders' section urgently' (Manchester Evening News) The tech giant has sent a clear warning to customers
Big Pharma-partnered Evotec on high alert after cyber attack takes systems offline (Fierce Biotech) German biotech Evotec is on high alert after a late-week cyber attack prompted the company to shut down its network. | German biotech Evotec is on high alert after a late-week cyber attack prompted the company to shut down its network.
Evotec SE provides update on cyber attack (Evotec) Business continuity upheld at all global sites after cyber attack. Forensic examination ongoing with external experts.
How LockBit Changed Cybersecurity Forever (Security Intelligence) LockBit has pioneered a disturbing new trend in ransomware. What caused the gang's rise to prominence, and how can organizations protect themselves?
Breached shutdown sparks migration to ARES data leak forums (BleepingComputer) A threat group called ARES is gaining notoriety on the cybercrime scene by selling and leaking databases stolen from corporations and public authorities.
ARES Leaks - Emerging Cyber Crime Cartel (CYFIRMA) INTRODUCTION As part of CYFIRMA Research team’s continuous external threat landscape monitoring efforts, the team has identified the emergence of...
47% of Workers Admit to Hacking Accounts With Former Employers’ Passwords (Password Manager) 47% say they have used at least one of these passwords to access accounts belonging to a previous employer.
Security Patches, Mitigations, and Software Updates
Apple fixes recently disclosed zero-days on older iPhones and iPads (BleepingComputer) Apple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs.
Apple zero-day spyware patches extended to cover older Macs, iPhones and iPads (Naked Security) That double-whammy Apple browser-to-kernel spyware bug combo we wrote up last week? Turns out it applies to all supported Macs and iDevices – patch now!
CISA orders govt agencies to update iPhones, Macs by May 1st (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch two security vulnerabilities actively exploited in the wild to hack iPhones, Macs, and iPads.
Trends
Pindrop Voice Intelligence & Security Report Finds Consumers Living in States Restricting Biometrics are Twice as Likely to Experience Fraud (PR Newswire) Pindrop, a global leader in voice technology, today released its annual Voice Intelligence & Security Report. Through an analysis of five...
2023 Email Security Threat Report (Armorblox) Download the second, annual Armorblox 2023 Email Security Threat Report.
Nearly 4 in 5 Ransomware Attacks Include Threats Beyond Data Encryption, Finds “2023 Cyberthreat Defense Report” (Business Wire) Yet Survey Results Point to Unusual Optimism About 2023 Among IT Security Professionals
Marketplace
Trellix Appoints Ash Parikh to Chief Marketing Officer (Business Wire) XDR leader’s addition brings three decades of marketing strategy and execution
Global Secure Partners Launches to Strengthen Security Team Resiliency and Retention, Improve Operations for Cybersecurity’s First Responders (Business Wire) At Any Time, Approximately Half of All CISOs and Security Pros Are Considering New Roles. GSP Helps Organizations Identify and End Ineffective Practices, Improve Job Satisfaction and Retain Talent.
Sevco Security Expands Leadership Team with Appointment of Brian Contos as Chief Strategy Officer (Business Wire) Former ArcSight, Imperva, and Verodin Security Leader Brings More Than 25 Years of Experience to Disruptive CAASM Platform Company
Very Good Security Appoints Chuck Yu as CEO (GlobeNewswire News Room) Very Good Security (VGS), the leading provider of payment security and compliance solutions for...
Products, Services, and Solutions
CrowdStrike Falcon® Insight for IoT: Breakthrough XIoT protection (CrowdStrike) The world’s only extended detection and response (XDR) platform purpose-built to stop breaches for the extended Internet of Things (XIoT)
Phosphorus Showcases Game-Changing Enterprise xIoT Security Management Platform at RSAC 2023 (GlobeNewswire News Room) The world leader in xIoT breach prevention is also unveiling the industry’s first Intelligent Active Discovery (IAD) solution that safely and accurately...
Netskope Revolutionizes Hybrid Work with Industry-First Unified SASE Client and Integrated Endpoint SD-WAN (Netskope) Endpoint SD-WAN extends Netskope Borderless SD-WAN and SASE innovations to deliver consistent security and superior user experience for the hybrid worker,
ZeroFox Partners with Google Cloud to Disrupt Phishing Attacks and Malicious URLs (GlobeNewswire News Room) As one of the first external cybersecurity organizations contributing to Google Cloud’s Web Risk Submission API, ZeroFox will continuously provide Google...
GitGuardian Launches Honeytoken (GlobeNewswire News Room) With this new solution, GitGuardian expands the platform's capabilities to safeguard the entire software supply chain...
Buoyant Announces Linkerd 2.13 with New Reliability and Security Featu (PRWeb) New release introduces dynamic request routing, circuit breaking, automated health monitoring, vulnerability alerts, proxy upgrade assistance, and FIPS compat
Delinea's Latest Product Update Reduces the Risk of Backdoor Threats on Servers (PR Newswire) Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced the latest release of...
ThreatX Delivers First Cloud-Native Solution to Detect & Block Runtime Threats to APIs and Applications (Business Wire) Patent-Pending Capability Leverages eBPF to Extend Protection to Egress, “East/West” Traffic; Supports Transition from Legacy to Cloud Environments
Hopr Selected for Google for Startups Cloud Program (Business Wire) Company receives Google Cloud training and support, among other Google-wide offerings
Technologies, Techniques, and Standards
Gaps in agency cybersecurity measures (Security Magazine) Federal governments across the globe work to better their security measures against cyberattacks.
Meta Verified is under fire in sex work circles for revealing users' legal names (TechCrunch) Meta's new paid verification system is raising concerns among sex workers, trans creators and other privacy advocates.
Design and Innovation
AI’s Breaking Point: What Happens When We Push Machines Too Far? (Softonic)
Everyone is going crazy testing ChatGPT and the possibilities of artificial intelligence. It has come to break the patterns we had established for th
Research and Development
Inca Digital awarded DARPA contract to map crypto contagion risk (Axios) The same government agency credited with developing GPS, Siri and the internet, is digging in to further its understanding of digital assets.
Legislation, Policy, and Regulation
New Director GCHQ announced (GCHQ) Anne Keast-Butler to succeed Sir Jeremy Fleming as the 17th Director of GCHQ
Anne Keast-Butler: Britain appoints first woman to lead spy agency GCHQ (Record) Anne Keast-Butler comes to GCHQ from the U.K.’s domestically focused intelligence service MI5, where she has been serving as deputy director general.
National Cyber Threat Assessment 2023-2024 (Canadian Centre for Cyber Security) Over the last two years, cyber security has become a top concern for Canadians. Ransomware incidents hit the headlines on an almost daily basis both in Canada and around the world. Our essential services are being disrupted, from hospitals and schools to municipalities and utility providers. Our personal and financial data are being stolen, traded, or leaked online. Our online spaces are being flooded with false information and divisive rhetoric.
China Mandates Security Reviews for AI Services Like ChatGPT (Bloomberg) Alibaba, SenseTime just unveiled AI services this week. Regulators have already asserted control over algorithms.
Beijing chooses targets carefully as it goes on offensive in US chip wars (Financial Times) Analysts see memory-chip maker Micron as obvious first choice but say China will tread cautiously on further retaliation.
State Dept wants 'cyber assistance fund' to aid allies and partners against hackers (Breaking Defense) The special fund is part of a three-part plan floated by Nate Fick, the State Department’s roving ambassador for cybersecurity, to help bolster allied cyber skills before — and during — crises.
Litigation, Investigation, and Law Enforcement
Inside the international sting operation to catch North Korean crypto hackers (CNN) A team of South Korean spies and American private investigators quietly gathered at the South Korean intelligence service in January, just days after North Korea fired three ballistic missiles into the sea.
ChatGPT is entering a world of regulatory pain in Europe (POLITICO) AI chatbot makes itself an easy target for privacy regulators as fears around artificial intelligence grow.
‘I didn’t give permission’: Do AI’s backers care about data law breaches? (the Guardian) Regulators around world are cracking down on content being hoovered up by ChatGPT, Stable Diffusion and others
Illegal bitcoin mining by Suffolk County employees suspected years before discovery, records show (Newsday) Bitcoin miner delayed security upgrade that might have prevented ransomware attack, Suffolk County executive said.
Search for military hacker escalates as police give seven day deadline (Bangkok Post) The army is keen to interrogate a hacker alleged to have worked in its ranks after the Royal Thai Police (RTP) on Saturday submitted a letter to the suspect's supervisor and the army staff judge advocate to have him brought in for questioning within seven days.