Dateline
Ukraine at D+420: The future of hacktivist auxiliaries. (CyberWire) Russia reports Ukrainian "probes" on the ground, as shake-ups in Russian security forces and hacktivist auxiliaries proceed.
Russia-Ukraine war: List of key events, day 421 (Al Jazeera) As the conflict enters its 421st day, we take a look at the main developments.
Ukraine attempts to break Russian lines with new equipment ahead of expected counter-offensive (The Telegraph) Ukrainian forces “probed” Russian lines in the south of the country in apparent preparation for an anticipated counter-offensive.
Russia-Ukraine war at a glance: what we know on day 421 of the invasion (the Guardian) Nato chief makes first Kyiv visit since start of full-scale invasion; Denmark and Netherlands to donate 14 Leopard tanks to Ukraine
Russian spy ships 'prepare sabotage of British wind farms' (The Telegraph) ‘Ghost’ vessels map wind farms and communication cables in preparation for full-scale conflict with West
‘Our Own Guys Are Shelling Us’: How Russian Propaganda Plagues Ukraine (New York Times) A year into the war, some residents of eastern Ukrainian towns still confound officials and the police with their support for Russia despite the constant bombardment from Russian forces.
NATO head defiantly says Ukraine belongs in alliance one day (AP NEWS) NATO chief Jens Stoltenberg has defiantly declared that Ukraine deserves to join the military alliance and pledged continuing support on his first visit to Kyiv since Russia’s invasion just over a year ago. Ukrainian President Volodymyr Zelenskyy urged Stoltenberg to push for even more from them, including warplanes, artillery and armored equipment. The NATO chief has been instrumental in marshaling support from members. The Kremlin has given various justifications for going to war, but repeated Thursday that preventing Ukraine from joining NATO was a key goal behind its invasion.
Russia-Ukraine war live: Nato chief says ‘Ukraine’s future is with us’ as Zelenskiy asks to be admitted in July (the Guardian) Jens Stoltenberg in Ukraine for first time since full-scale Russian invasion; 14 tanks expected to arrive early 2024 from Denmark and Netherlands donation
US defense secretary forecasts Sweden will join NATO by mid-July (Military Times) US Defense Secretary Lloyd Austin arrived in Stockholm Tuesday for the first leg of a four-day visit to Europe.
Denmark, Netherlands to donate 14 Leopard 2 tanks to Ukraine (Reuters) Denmark and the Netherlands will jointly donate 14 Leopard 2 tanks to Ukraine, the two countries said on Thursday.
Biden Administration Announces Additional Security Assistance for Ukraine (U.S. Department of Defense) The Defense Department announced critical new security assistance for Ukraine which is valued at up to $325 million.
Putin’s Russia is headed for a military dictatorship – and total collapse (The Telegraph) Even as he tightens his grip on power the end is visible. There have been a very great many military dictators; their end is seldom pleasant
Killnet Ostracizes Leader of Anonymous Russia, Adding New Chapter to Pro-Kremlin Hacktivist Drama (Flashpoint) The apparent head of Anonymous Russia, an 18-year-old Belarusian citizen, was recently arrested by local authorities, prompting Killnet to ostracize him from its inner circle.
Belarus-linked hacking group targets Poland with new disinformation campaign (Record) Poland's Ministry of National Defense issued a warning Wednesday about a recent disinformation campaign that has been traced back to the Belarusian hacking group known as Ghostwriter.
Trwa Operacja Dezinformacyjna Przeciwko RP - UNC1151 Dezinformuje o Rekrutacji do Litpolukrbrig (CSIRT-MON) W dniu 18 kwietnia 2023 roku CSIRT MON zaobserwował szeroką kampanię dezinformacyjną polegającą na dystrybucji informacji o potencjalnej rekrutacji do Litewsko-Polsko-Ukraińskiej Brygady im. Wielkiego Hetmana Konstantego Ostrogskiego.
UK says ‘Wagner-like cyber groups’ attacking critical infrastructure (Record) The UK's cyber agency is preparing to warn that “emerging Wagner-like cyber groups are attempting to cause maximum damage" to critical infrastructure, according to one government official.
Russia-based hackers ramping up attacks on Eastern European energy sector (Record) Russia-based hackers stepped up attacks on Eastern Europe’s energy sector during the first three months of the year, according to new research.
CyberUK 23: Ukraine offers masterclass in withstanding cyber war (ComputerWeekly.com) Russian cyber activity has seen an unprecedented evolution in scale and pace over the past year, but Ukraine’s resilience has enabled it to mount a masterful response, says the NCSC.
Ukraine’s success in cyberwarfare could create ‘concerning precedents’ – study (NewsChain) A report by the European Cyber Conflict Research Initiative said that Ukraine is facing an ‘unprecedented’ volume of Russian-linked cyber attacks.
What Happens Next in the Leaked Documents Case (New York Times) Airman Jack Teixeira is expected to face a court hearing in two weeks in which prosecutors may reveal new details of their case against him.
Guardsman charged in Pentagon intel leak briefly in court (Military Times) A hearing to determine whether Airman 1st Class Jack Teixeira should remain jailed while awaiting trial was delayed.
Air National Guardsman age not key in Pentagon leaks, Austin says (Military Times) Defense Secretary Lloyd Austin said Wednesday in Sweden that the “vast majority” of the U.S. military is young.
Tighten Access to Classified Info, Air Force Secretary Says (Defense One) As the Pentagon responds to a classified document leak, officials should focus on enforcing “need to know,” according to Frank Kendall.
The Next Intel Leak May Not Resemble the Most Recent One, Expert Warns (Air & Space Forces Magazine) The military is reviewing its security practices after an intel leak. But what will the next leak look like, and how can officials prepare?
'Gobbledygook': Senators react to classified briefing on Pentagon leak (NBC News) Senators from both parties said they left the briefing with unanswered questions almost a week after the FBI arrested a suspect in connection with the leak investigation.
Group-IB exits Russia to focus exclusively on expanding global Digital Crime Resistance network (Group-IB) Group-IB, a global cybersecurity leader headquartered in Singapore, announced today that it will no longer be present in the Russian market.
US Reporter Held by Russia to Stay in Jail (Military.com) A Russian judge on Tuesday upheld the detention of jailed American journalist Evan Gershkovich, who was arrested in March on spying charges. (Apr. 18) AP
Attacks, Threats, and Vulnerabilities
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible (Mandiant) A software supply chain attack led to another software supply chain attack.
The 3CX cyberattack was the result of two supply-chain hacks, Mandiant says (Washington Post) Mandiant for the first time sees a ‘software supply chain attack lead to another software supply chain attack’
Pakistani Hackers Use Linux Malware Poseidon to Target Indian Government Agencies (The Hacker News) Pakistan-based APT36 hackers are reportedly using a new Linux backdoor called Poseidon to target Indian government agencies.
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (The Hacker News) Blind Eagle, a cyber espionage group known for sophisticated attack techniques, linked to new multi-stage attack chain deploying NjRAT trojan
APT Blind Eagles Malware Arsenal Technical Analysis (ThreatMon) APT Blind Eagles Malware Arsenal Technical Analysis
Medusa ransomware crew boasts of Microsoft code leak (Register) 'Does have a somewhat Lapsus$ish feel' we're told
Avast uncovers new scam scaring employees into paying big (SecurityBrief Australia) Targets receive an email from senders claiming to be from a ransomware group, like “Silent Ransom, or “Lockffit, addressing them by their full name.
Jamf Threat Labs examines mobile spyware attacks affecting iPhones. (Jamf) JTL discusses the results of their examination of sophisticated spyware attacks that targeted sensitive users.
‘AuKill’ EDR killer malware abuses Process Explorer driver (Sophos News) Driver based attacks against security products are on the rise
ChatGPT-Themed Scam Attacks Are on the Rise (Palo Alto Networks Unit 42) Unit 42 researchers are monitoring the trending topics, newly registered domains and squatting domains related to ChatGPT, as it is one of the fastest-growing consumer applications in history. The dark side of this popularity is that ChatGPT is also attracting the attention of scammers seeking to benefit from using wording and domain names that appear related to the site.
ChatGPT-Themed Scam Attacks Are on the Rise (Unit 42) ChatGPT is attracting the attention of scammers, who use cybersquatting and other methods to capitalize on its ever-increasing popularity.
Phishing Links via Linktree (Avanan) Hackers are using Linktree to send phishing links.
Ransomware & Data-Leak Extortion (ReliaQuest) In the first quarter of 2023 (Q1 2023), the ReliaQuest Threat Research Team observed 838 organizations falling victim to ransomware attacks and being named on dark-web data-leak sites. This is a 29.9% increase from the previous quarter.
GRIT Ransomware Report – Q1 (GuidePoint Security) Q1 of 2023 closed with an increase in publicly posted ransomware victims, continuing to impact worldwide and organizations agnostic of industry.
Ransomware reinfection and its impact on businesses (Help Net Security) Destructive ransomware attacks impact businesses worldwide. This video with Malwarebytes talks about the dangers of ransomware reinfection.
If you have a tell-a-friend feature on your website, disable it right now (ZDNET) Despite all the best efforts, bad things can happen. Read our cautionary tale.
Ransomware group behind Oakland attack strengthens capabilities with new tools, researchers say (CyberScoop) The group known as PLAY is using custom tools researchers say allow it to be faster and more efficient when carrying out ransomware attacks.
Forensic report on Suffolk cyberattack shows 71 systems encrypted by ransomware (News 12 - Long Island) Suffolk County has announced it has completed the forensic investigation into the cyberattack that happened on Sept.8.
Data breach affects more than 150,000 Webster Bank customers in CT, officials say (CT Insider) More than 150,000 Webster Bank customers in Connecticut were affected by a data breach...
System Update (Point32Health) On April 17, Point32Health identified a cybersecurity ransomware incident that impacted systems we use to service members, accounts, brokers and providers. At this time, most systems impacted are on the Harvard Pilgrim Health Care side of our business. After detecting the unauthorized party, and out of an abundance of caution, we proactively took certain systems offline to contain the threat.
Capita reveals evidence of data breach in cyber attack (The Independent) The outsourcer has restored staff access to Microsoft Office 365 after the attack and ‘virtually all’ the impacted client services.
St. Louis suburb investigating network security incident (Record) The local government of a St. Louis, Missouri suburb is investigating a “network security incident” that is believed to have started last month but is still affecting systems.
ADP Rescues Water Resources From Russian Cyber-Attack (Geauga County Maple Leaf | Your News Resource in Geauga County) After a recent cyber-attack on its email server, the Geauga County Water Resources Department has relinquished authority over its information technology systems to the county Automatic Data Processing board.
The Hacker Who Hijacked Matt Walsh’s Twitter Was Just ‘Bored’ (WIRED) The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.
Security Patches, Mitigations, and Software Updates
Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released (The Hacker News) Google rolls out emergency fixes to tackle another high-severity zero-day flaw in Chrome web browser.
Trends
Cyber Threat Intelligence Report March 2023 (NCC Group) Welcome to NCC Group’s monthly Cyber Threat Intelligence Report, bringing you exclusive insight into the latest Threat Intelligence, updates on recent and emerging advances in
the threat landscape and a deep understanding of the latest Tactics, Techniques and Procedures (TTPs) of threat actors.
New BlackBerry Research Finds Manufacturers Increasingly Wary of Nation State Threats (BlackBerry) At Hannover Messe, Germany, BlackBerry Limited (NYSE: BB; TSX: BB) today released the BlackBerry Manufacturing Cybersecurity Study with a warning that outdated and unsupported legacy operational technologies (OT) are exposing substantial vulnerabilities for manufacturers facing escalating threats from nation-state attacks.
Op-Ed: Operational technology under attack from rising cyber security threats (CyberSecurity Connect) The past few months have seen cyberattacks hit nearly every single industry in Australia, across government and the private sector.
Marketplace
Cequence Security Secures Investment from Prosperity7 Ventures (Business Wire) Investment will fuel further expansion in the Middle East
Forcepoint explores sale of government cybersecurity unit - sources (Reuters) Cybersecurity firm Forcepoint is exploring a sale of its government security unit for more than $2 billion, five people familiar with the matter said.
QuaDream’s demise may be the canary in the spyware coal mine (Register) NSO and others are still out there, but pariahs find it hard to do business
WatchGuard Technologies to hire cybersecurity experts, people in support functions (Moneycontrol) The company will be hiring across several functions to support its growth plans in 2023 and has launched pre placement drives with various colleges apart from lateral hiring.
F5 to lay off 9 per cent staff, trims fiscal revenue guidance (CRN Australia) Washington-based cloud and security services firm downsizing.
Meta dismissals reach tech teams (Computing) Meta has begun to contact employees who are up for dismissal, as part of the cuts it announced last month.
Briefing: Meta Begins Next Round of Layoffs (The Information) Meta has begun notifying employees working in technical roles that they have lost their jobs—part of a staggered plan to lay off a total of 10,000 employees in the second round of cuts since November.
The world needs cybersecurity experts – Microsoft expands skilling effort with a focus on women (Microsoft On the Issues) Today, Microsoft is expanding our Cybersecurity Skills Initiative, and delivering grants to nonprofits to help skill people for the cybersecurity workforce. With this expansion, we are now working in 28 countries, partnering with nonprofits and other educational institutions to train the next generation of cybersecurity professionals.
ThreatModeler Achieves 50% Customer Growth in FY2023 as it Increases Automated Attack Surface and Threat Discovery, Reducing Threat Modeling Friction in DevSecOps (News Direct) Achievements Accelerate Substantial Momentum in Addressing Compounding Regulatory Mandates for Complex Multi-Cloud Environments
Products, Services, and Solutions
KnowBe4 Launches How-To Guide To Help Organizations Strengthen Security Culture (KnowBe4) KnowBe4 Launches How-To Guide To Help Organizations Strengthen Security Culture
Introducing At-Bay Stance, the World’s First InsurSec Solution to Help SMBs Mitigate Cyber Risk (At-Bay) No one ever intended for small businesses to be in the eye of the storm; battling nation states and organized criminal groups, operating complex security solutions that they can’t afford, by cyber security experts that they can’t hire. But this is their new reality, and why, despite best efforts by the security industry and the […]
Armorblox Launches Graymail and Recon Attack Protection to Stop Malicious Emails and Enhance Productivity Across Security Teams (Armorblox) Powerful combination of machine learning, large language models such as GPT, and user behavior analysis improves productivity for teams across integrated email, graymail, and data loss prevention platform.
Dashlane Integrates AWS Nitro Enclaves to Deliver Enhanced Security to Businesses (Business Wire) Starting with a new SSO offering, Dashlane is the first password manager to integrate confidential computing technology into its security architecture
New Blackpoint University Educates, Empowers Managed Service Providers to Grow (Business Wire) The new elite learning platform from Blackpoint Cyber provides managed service providers education in cybersecurity and core pillars of business
Cigent Announces First-Ever Self-Defending Storage Device with Built-i (PRWeb) Cigent® Technology, Inc., the leader in embedded cybersecurity in storage devices, today unveiled the Cigent Secure SSD+™, the world’s first Solid State Dr
Arkose Labs Adds Advanced Phishing Protection to Its Industry-Leading Bot Management Platform, Arkose Bot Manager (PR Newswire) Arkose Labs, the global leader in bot management and account security, today announced that its flagship platform now detects and alerts...
Arkose Labs Guarantees Success Against SMS Toll Fraud Attacks with $1 Million Warranty (PR Newswire) Arkose Labs, the global leader in bot management and account security, today announced a commercial guarantee against SMS toll fraud attacks....
Announcing Mandiant Executive Cybersecurity Services (Mandiant) This offering provides awareness to senior leaders on impacts of cyber threats to businesses.
Chiron Investigations Launches New Bitcoin Recovery Services to Help Victims of Theft (Digital Journal) Chiron Investigations, a renowned company specializing in cryptocurrency and asset recovery, has announced the launch of its new services aimed at helping individuals and businesses recover their lost digital assets resulting from bitcoin theft.
Barracuda makes it easy to secure websites, applications, and APIs with comprehensive enterprise-grade protection (PR Newswire) Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, today introduced new Application Protection...
Dashlane Integrates AWS Nitro Enclaves to Deliver Enhanced Security to Businesses (Business Wire) Starting with a new SSO offering, Dashlane is the first password manager to integrate confidential computing technology into its security architecture
Noname Security Partners with Fastest-Growing Software Company Wiz To Secure Cloud APIs and Advance Cyber Resilience (Wiz) Noname Security announces partnership with Wiz, the leading cloud security platform and world’s fastest-growing software company to help customers improve security posture.
Bitsight Expands into Integrated Cyber Risk Management Empowering Risk Leaders to Address Rising Threats to Business Operations
(Bitsight) Market expansion bolstered by an expanded partnership with Moody’s Corporation, New Third-Party Vulnerability Detection & Response solution, Improvement to prop
Technologies, Techniques, and Standards
U.S., U.K., Australia, Canada and New Zealand Release Cybersecurity Best Practices for Smart Cities (Cybersecurity and Infrastructure Security Agency) Cybersecurity officials provide recommendations and resources to help communities balance efficiency and innovation with cybersecurity, privacy protections, and national security
CISA Announces Plans to Establish Logging Made Easy Service (Cybersecurity and Infrastructure Security Agency) The U.S. agency plans to build on successful service formerly offered by U.K. National Cyber Security Centre
Electrical Grid Security: NERC CIP, Cyber Threats and Key Challenges () NERC CIP reporting revolves around changes to the NERC CIP baseline, so Tripwire is a natural way to find the information required and build reports.
Don't Forget Hardware in IoT Security (ReadWrite) Software options keep IoT devices secure, but hardware in IoT security is often overlooked. Here's why hardware is crucial for IoT safety.
Design and Innovation
Elon Musk says he will launch a ChatGPT rival called ‘TruthGPT’ (Fortune) Just weeks after calling for A.I. development to be stalled.
What could go wrong with Elon Musk's AI? Well, everyone could die (The Telegraph) Ego-driven billionaire is messing with a terrifying force that could threaten mankind
Google’s Rush to Win in AI Led to Ethical Lapses, Employees Say (Bloomberg) The search giant is making compromises on misinformation and other harms in order to catch up with ChatGPT, workers say
Inside the secret list of websites that make AI like ChatGPT sound smart (Washington Post) AI chatbots have exploded in popularity over the past four months, stunning the public with their awesome abilities, from writing sophisticated term papers to holding unnervingly lucid conversations.
People Are Using AI for Therapy, Even Though ChatGPT Wasn’t Built for It (Bloomberg) Some users see it as a way to supplement traditional mental health services, despite troubling privacy implications.
Research and Development
DHS S&T and CISA Forge Deep Partnership in Emerging Tech R&D (Nextgov.com) The Department of Homeland Security components are working more closely than ever to understand emerging technologies’ prospects and threats.
Academia
Almost all UK higher education institutions report cyberattacks - Research Professional News (Research Professional News) Government survey finds vast majority of providers targeted by criminals online
Legislation, Policy, and Regulation
Western cybersecurity must advance to counter China's cyberspace progress, says NCSC director (Computing) China's goal is to achieve global technological dominance, according to Lindy Cameron.
Britain sounds alarm on spyware, mercenary hacking market (Reuters) British officials are sounding the alarm over the widespread abuse of surveillance software and hackers-for-hire, saying that thousands of people were being targeted each year by an industry they described as posing an increasingly unpredictable threat.
More than 80 countries have purchased spyware, British cyber agency warns (Record) More than 80 countries have purchased spyware over the past decade, Britain’s cyber agency warned in an intelligence assessment released Wednesday.
Decoding the U.N. Cybercrime Treaty (Electronic Frontier Foundation) As the fifth session of the UN Cybercrime Convention commenced in Vienna this week, EFF is in attendance to raise concerns that the document lacks strong commitments to human rights and detailed conditions and safeguards that are needed to protect the rights of individuals and organizations around...
The EU’s Cyber Solidarity Act: Security Operations Centers to the rescue! (WeLiveSecurity) The legislation aims to enhance the Union’s cyber-resilience by enhancing its capabilities to detect, prepared for and respond to digital incidents.
Lawmakers Reintroduce Bill to Bolster Cybersecurity of K-12 Schools (Nextgov.com) The bipartisan, bicameral legislation directs CISA to provide primary and secondary schools with more targeted cyber information and resources to combat a rise in ransomware attacks.
Top Air Force officer visits 179th Wing ahead of cyberspace transition (Air Force Times) The 179th Wing was selected by the service in August 2021 to become the Air National Guard’s first-ever cyberspace wing.
Litigation, Investigation, and Law Enforcement
FBI and others urge Meta to halt encryption plans, citing child abuse risk (Ars Technica) Global task force claims tech firms "blindfold themselves to child sexual abuse."
FBI Struggles to Find Secret Foreign Police Stations in U.S. (The Daily Beast) The FBI is having trouble hunting down foreign government campaigns to stalk and threaten critics, partly because of “trust issues” in diaspora communities, a senior official said.
WSJ News Exclusive | CFPB Says Staffer Sent 250,000 Consumers’ Data to Personal Account (Wall Street Journal) The agency described the breach to U.S. lawmakers as a major incident.
Reflections on the DoD General Counsel's Cyber Law Address (Lieber Institute) On Tuesday, the General Counsel of the Department of Defense, the Honorable Caroline Krass, addressed the annual United States Cyber Command Legal Conference.
Lawyers Essential to Integrated Deterrence in Cyberspace (AFCEA International) Both domestic and international laws influence the cyber domain.
DHS Official Has Office Raided, Covered in Crime Scene Tape (Rolling Stone) The head of the office that tracks cross-border threats — including fentanyl and cartel activity — was walked out by security and questioned on Monday, sources tell Rolling Stone
DHS official's office searched after alleged security violation: Report (Washington Examiner) An intelligence official working for the Department of Homeland Security reportedly had his office searched and was escorted from the workplace on Monday.