Dateline Moscow and Kyiv: Waiting for the counter-offensive.
Ukraine at D+421: Reviewing the cyber phases of Russia's hybrid war. (CyberWire) Ukraine keeps Russia guessing about the spring counter-offensive. In cyberspace, the situation remains largely unchanged.
Russia-Ukraine war: List of key events, day 422 (Al Jazeera) As the war enters its 422nd day, we take a look at the main developments.
Russia-Ukraine war at a glance: what we know on day 422 of the invasion (the Guardian) Russian warplane accidentally strikes city of Belgorod near Ukraine, injuring two; Zelenskiy calls on Nato to give timeframe for Ukraine accession
Emergency release of air ordnance occurred during Su-34 flight above Belgorod — ministry (TASS) The Ministry of Defense said that an unspecified number of buildings were damaged, there were no casualties
Russia warplane accidentally fires into city near Ukraine, injuring three -Tass (Reuters) A Russian Sukhoi-34 supersonic warplane accidentally fired a weapon into the city of Belgorod near Ukraine late on Thursday, causing an explosion and injuring three people.
Russia tells taxi drivers and supermarket stackers to join the army in latest advert (The Telegraph) The clip targets men working in menial jobs and suggests they are wasting their lives
Putin looks back to WWII with refurb of Stalin-era bomb shelters (the Guardian) Although a missile attack deep into Russia is unlikely, bunkers built long ago are being made ready for use
What to Expect From Ukraine’s Counter-Offensive (Time) What's next for Ukraine? An expert from the Institute for the Study of War weighs in.
There can be no lasting peace with Russia until Ukraine liberates Crimea (Atlantic Council) Some skeptics question the feasibility and wisdom of a military campaign to de-occupy Crimea, but no lasting peace with Putin's Russia will be possible until the Ukrainian peninsula is liberated, argues Mariia Zolkina.
Postimperial Empire (Foreign Affairs) How the war in Ukraine is transforming Europe.
Stoltenberg Visits Kyiv, Says 'NATO Stands With Ukraine' (U.S. Department of Defense) NATO Secretary General Jens Stoltenberg praised Ukrainian President Volodymyr Zelenskyy's personal leadership and said the courage of Ukraine's armed forces and the resilience of the Ukrainian people
All Nato members have agreed Ukraine will join, says Stoltenberg (the Guardian) Secretary general says countries have agreed Kyiv will join military alliance when war with Russia is over
U.S.-Led Ukraine Defense Contact Group Convenes for 11th Discussion (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III met with Ukrainian Defense Minister Oleksii Reznikov for a bilateral discussion in advance of the 11th meeting of the Ukraine Defense Contact Group at Ramstein
Opening Remarks by Secretary of Defense Lloyd J. Austin III at the 11th Ukraine Defense Co (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III delivered welcome remarks during the 11th meeting of the Ukraine Defense Contact Group in Ramstein, Germany.
Austin seeks to stem discord with allies over document leaks (AP NEWS) Defense Secretary Lloyd Austin has sought to tamp down any discord between the U.S. and its allies over the massive U.S. leak of classified documents. Austin met with defense leaders from around the globe on Friday to coordinate additional military aid to Ukraine. Acknowledging that the other nations have been closely following the issue, Austin hit the subject head on in his opening remarks at Ramstein Air Base in Germany. The move underscored the gravity of the situation. Many of the documents distributed online revealed details on the status of the war in Ukraine and the ongoing delivery of weapons to Ukrainian forces in battle, intelligence matters the other defense officials are keenly involved in.
Implications of the Ukraine War for UK Munitions Supply Arrangements (RUSI) The situation in Ukraine has demonstrated the difficulty of balancing munitions requirements in peacetime with the need for large stocks and to surge production when conflict erupts. How the UK can best manage this equation in the future is unresolved but will likely involve extra costs.
Russia slams S Korean suggestion to arm Kiev as 'anti-Russia' move (PressTV) Russia slams South Korea
China 'snubbed Wagner weapon request', says Pentagon leak (The Telegraph) The Wagner group unsuccessfully asked China for supplies of weapons earlier this year, according to leaked intelligence.
Putin’s propagandists are about to have a field day with the US intelligence leaks (The Telegraph) All they have to do now is click the share button, sit back and watch as international anger with the US mounts
Intelligence Leaks Cast Spotlight on a Recurring Insider Threat: Tech Support (Wall Street Journal) IT specialists like Jack Teixeira and Edward Snowden pose a challenge to government control of classified information, officials say.
Russia’s invasion of Ukraine is also being fought in cyberspace (Atlantic Council) While the war in Ukraine often resembles the trench warfare of the twentieth century, the battle for cyber dominance is highly innovative and offers insights into the future of international aggression, writes Vera Mironova.
CFP European Cybersecurity Seminar 2023-2024 (European Cyber Conflict Research Initiative) On the 28th of February 2023, the European Cyber Conflict Research Initiative (ECCRI) held a workshop to reflect on wartime cyber operations in Ukraine, supported by the UK National Cyber Security Centre.
#CYBERUK23: Russian Cyber Offensive Exhibits ‘Unprecedented’ Speed and Agility (Infosecurity Magazine) Russia’s cyber operations since the invasion of Ukraine have been deployed with remarkable speed and flexibility, a new NCSC report shows
WSJ News Exclusive | Europe’s Air-Traffic Agency Under Attack From Pro-Russian Hackers (Wall Street Journal) Air traffic isn’t at risk but the attack is ongoing, Eurocontrol said, amid fears about the safety of Europe’s critical infrastructure.
How business-friendly Hong Kong became a hub of Russian chip trade (Nikkei Asia) Ease of setting up companies makes dodging sanctions easier, experts say
Attacks, Threats, and Vulnerabilities
Daggerfly: APT Actor Targets Telecoms Company in Africa (Symantec) New MgBot malware framework plugins deployed in recent campaign.
African telecom company targeted by alleged China-backed hacking group (Record) An African telecommunications company is the latest target of an alleged Chinese government-backed hacking group, according to a new report from Symantec.
CISA Releases Malware Analysis Report on ICONICSTEALER (Cybersecurity and Infrastructure Security Agency CISA) CISA has released a new Malware Analysis Report (MAR) on an infostealer known as ICONICSTEALER. This trojan has been identified as a variant of malware used in the supply chain attack against 3CX’s Desktop App.
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack | WeLiveSecurity (WeLiveSecurity) Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the 3CX attack was carried out by Lazarus.
The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks (WIRED) The mass compromise of the VoIP firm’s customers is the first confirmed incident where one software-supply-chain attack enabled another, researchers say.
Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App (SecurityWeek) 3CX hack is the first known cascading supply chain attack, after an employee downloaded compromised software from a different firm.
First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters (Aqua Security) For the first time evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors.
Capita admits customer data may have been breached during cyber-attack (the Guardian) Hack caused major outages for some clients including local councils and ‘potentially accessed public sector data ‘
Chinese-language threat group targeted a dozen South Korean institutions (Record) A Chinese-language threat group targeted a dozen South Korean research and academic institutions with data exfiltration attacks in late January, according to a new report.
Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan (Recorded Future) Insikt Group shares research on Xiaoqiying (Genesis Day, Teng Snake), a Chinese hacktivist group, targeting South Korean, Japanese, and Taiwanese organizations.
Code Intelligence Uncovers New Vulnerability in MySQL Connector/J (CVE-2023-21971) (Code Intelligence) We have found a new vulnerability in MySQL Connector/J (CVE-2023-21971). Oracle issued a critical path update that fixed the issue on April 18, 2023.
EvilExtractor – All-in-One Stealer (Fortinet Blog) FortiGuard Labs examines the initial attack method used to deliver EvilExtractor and its malicious activities as an infostealer.…
New AuKill hacking tool gaining traction among threat actors (SC Media) New AuKill hacking tool gaining traction among threat actors More ransomware operations and state-sponsored threat groups have been leveraging the new AuKill hacking tool to deactivate targets' endpoint detection and response software prior to backdoor deployment, reports BleepingComputer.
This evil malware disables your security software, then goes in for the kill (TechRadar) What good is antivirus if it's turned off before the infection?
Wired Journalist Banned From Twitter For Reporting On Hack Of Anti-Trans Activist Matt Walsh (Forbes) A reporter at Wired has been banned from Twitter after he wrote about the fact that anti-trans activist Matt Walsh had his Twitter account hacked. Walsh’s account was hacked on Tuesday and started posting offensive tweets about other popular right-wing figures like Andrew Tate and Ben Shapiro.
CFPB says employee breached data of 250,000 consumers in ‘major incident’ (POLITICO) CFPB spokesperson Sam Gilford said the bureau has referred the matter to the inspector general and is “taking appropriate action to address this incident.”
American Bar Association data breach hits 1.4 million members (BleepingComputer) The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.
Cyber attack reportedly hits Montana State University (KBZK News) "Montana State University is currently experiencing a cyberattack...we are working to restore service as quickly as possible," an email to the MSU community stated.
Security Patches, Mitigations, and Software Updates
CISA Releases One Industrial Control Systems Advisory (Cybersecurity and Infrastructure Security Agency CISA) CISA released one Industrial Control Systems (ICS) advisory on April 20, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA- 23-110-01 INEA ME RTU
Trends
The continuing threat of ransomware: some trends. (CyberWire) Two recent studies highlight the continuing threat of ransomware.
Manual processes are undermining DevSecOps maturity (Dynatrace) In a global survey of 1,300 CISOs, the takeaway is clear: observability and security are critical to achieving DevSecOps success. Read the free report here.
New GitLab Research Reveals Rising Demand for Security and Efficiency in Software Development, Increasing Use of AI/ML in Security (EIN News) ALL REMOTE – GitLab Inc., the most comprehensive DevSecOps Platform for software innovation, today released its 7th annual Global DevSecOps Report: Security
2023 Global DevSecOps Report Series: What’s next in DevSecOps (GitLab) Dive into the data for a complete picture of the state of DevSecOps in 2023.
Marketplace
Halcyon Closes $50M in Series A Funding to Accelerate Adoption of Ransomware Resilience Platform (Business Wire) SYN Ventures Leads Funding Round in Company Delivering the First-Ever Cyber Resilience Platform
FiVerity Raises $4 Million to Launch Anti-Fraud Collaboration with Ban (PRWeb) FiVerity, creators of the Anti-Fraud Collaboration platform, today announced a $4 million seed financing round, led by Mendon Venture Partners, a venture capital
Lookout Recognized Amongst Highest Three Scoring Vendors Across All Use Cases in 2023 Gartner® Critical Capabilities for Security Service Edge Report | Lookout News (Lookout) Lookout, Inc. today announced it scored among the highest three vendors in the 2023 Gartner Critical Capabilities for Security Service Edge.
Quorum Cyber Sets Sights on North American Market (Quorum Cyber) Quorum Cyber has announced its intention to focus on the North American market after achieving impressive year-over-year growth.
Quorum Cyber Named Microsoft Security Excellence Awards Finalist as a Security Services Innovator and Security Changemaker (PRWeb) Quorum Cyber, founded to help organizations defend themselves in an increasingly hostile digital landscape, today announced the company had achieved
Iron Bow Technologies Recognized as a Top Workplace by Richmond Times-Dispatch (Business Wire) Iron Bow Technologies, the leading technology solutions provider to government, commercial, and healthcare markets, announced today that it has been selected by the Richmond Times-Dispatch as a winner in its tenth annual Top Workplaces Awards.
Elon Musk's Twitter begins purge of blue check marks (CNN) Elon Musk's Twitter on Thursday began a purge of blue verification check marks from users who have not signed up for its subscription service, with the checks disappearing from the accounts of journalists, academics and celebrities.
‘Legacy blue checks’ disappear from Twitter as Musk’s changes take effect (the Guardian) Checkmark denoted accounts verified for authenticity, which can now be bought for an $8 a month subscription called Twitter Blue
Twitter begins removing blue checkmarks from all legacy users (The Verge) On one of Elon Musk’s favorite dates.
Twitter’s old blue checks are finally gone (Vox) The ridiculous but important Twitter check mark fiasco, explained.
LeBron James didn’t pay for his Twitter checkmark, but Elon Musk gave it to him anyway (The Verge) The perks of being a celebrity.
Elon Musk personally pays for celebrities to keep blue ticks as Twitter cull begins (The Telegraph) The proportion of legacy verified accounts signed up to Twitter subscription remains at just 5pc
Lookout Appoints Nicholas Warner to Its Board of Directors | Lookout News (Lookout) Lookout, Inc. today announced the appointment of Nicholas Warner to its board of directors.
Quorum Cyber Appoints Ricky Simpson As U.S. Solutions Director; Simpso (PRWeb) UK-based cybersecurity firm Quorum Cyber announced Ricky Simpson is joining the company as its new U.S. Solutions Director. Simpson has over ten years...
Aware Announces Dan Kaltenbach as Its First Chief Financial Officer (PR Newswire) Aware, the leading AI Data Platform for the employee experience, today announced the appointment of Dan Kaltenbach as its first Chief Financial...
Sift Appoints Fraud Prevention and Identity Industry Veteran Armen Najarian as Chief Marketing Officer (GlobeNewswire News Room) Award-winning CMO Has Scaled Marketing Teams Through Three Acquisitions and Successful Public Offering...
Why I joined Cloudflare as Chief Security Officer (The Cloudflare Blog) As someone who is passionate about technology, security, and its potential to improve our lives, I knew that I wanted to work for a company that shared those values.
Products, Services, and Solutions
New infosec products of the week: April 21, 2023 (Help Net Security) The featured infosec products this week are from: Armorblox, Cofense, D3 Security, Sotero, Venafi, Veracode, Versa Networks, and Zyxel Networks.
HYAS Protect At Home Gives Cybersecurity Professionals Free, Best-in-Class Protective DNS To Prevent, Thwart Attacks on Home Networks (Business Wire) Protecting the Protectors At Home. Unmatched Threat Intelligence and Protective DNS Blocks Adversarial Domains Before Attacks Can Strike.
Expel Announces New Vulnerability Prioritization Solution (Business Wire) Expel Vulnerability Prioritization uses a risk-based model to identify vulnerabilities that pose the greatest organizational threats
Contrast Security’s New MSSP Program Empowers Partners to Protect Customers’ Applications Against Next-Generation Cyber Threats (Contrast Security) Code security leader’s MSSP program will help partners and their customers augment overall application security infrastructure and further bolster their security posture.
Entara Further Expands Incident Response Offering with Launch of IR Retainer Service (Entara Blog) eXtended Service Provider and industry-leading incident response firm launches IR retainer
Center for Internet Security, Google Cloud Announce Strategic Alliance (CIS) The strategic alliance will advance the security and resilience of the public sector
Vaultree’s success showcases high demand for its real-time, breach-disarming, encryption solutions (Vaultree) The company’s rapid growth validates its Fully Functional Data-In-Use Encryption solution
Dashlane Integrates AWS Nitro Enclaves to Deliver Enhanced Security to Businesses (Business Wire) Starting with a new SSO offering, Dashlane is the first password manager to integrate confidential computing technology into its security architecture
Expel Announces New Vulnerability Prioritization Solution (Business Wire) Expel Vulnerability Prioritization uses a risk-based model to identify vulnerabilities that pose the greatest organizational threats
Bitsight Expands into Integrated Cyber Risk Management Empowering Risk Leaders to Address Rising Threats to Business Operations (Bitsight) Market expansion bolstered by an expanded partnership with Moody’s Corporation, New Third-Party Vulnerability Detection & Response solution, Improvement to prop
Xage Delivers Industry-first Multi-layer Identity and Access Management to Block Attacks on Critical Infrastructure (GlobeNewswire News Room) Extends Defense-in-Depth To Every Asset in Every Layer of OT and ICS Environments...
Xage Partners with Joint Cyber Defense Collaborative and CISA to Advise on Critical Infrastructure Protection (GlobeNewswire News Room) Collaborative will tap Xage’s expertise on zero trust-based approaches to cyber-physical systems protection to defend against cyberattacks ...
Satori Announces Availability of Contextual Data Access to Cut Time-to-Data from Weeks to Seconds for Analytics, Data Science and Engineering (GlobeNewswire News Room) New capability enables automatic access to data that employees need, as they need it, based on context and actions in popular business applications...
Lookout Launches Mobile Endpoint Detection and Response for MSSPs (Fast Mode) FW: Ditto lands $45M Series A to sync enterprise + defense data, no internet required
MixMode Selects CrowdStrike as Cybersecurity Partner, Joins CrowdStrike Elevate Partner Program (PR Newswire) MixMode, the only generative AI-based real-time, risk detection platform in cybersecurity, announced today that it has joined the CrowdStrike...
CrowdStrike (CRWD) Extends MDR Capabilities With MXDR Launch (Nasdaq) CrowdStrike Holdings CRWD recently introduced a new Managed eXtended Detection and Response (“MXDR”) service, CrowdStrike Falcon Complete XDR. The company claims that MXDR is designed to help organizations address the cybersecurity skill gap.
High Wire Signs $1.6 Million Contract Renewal to Deliver Full Range of Tech Managed Services for Leading National Environmental Solutions Provider (GlobeNewswire News Room) High Wire Networks, Inc. (OTCQB: HWNI), a leading global provider of managed cybersecurity and...
Nuspire Teams with Qualys to Offer Comprehensive Security Services Across North America (PR Newswire) Nuspire, a leading managed security services provider (MSSP), today announced it is expanding its partnership with Qualys, a pioneer of...
FireMon and Nuspire Collaborate to Eliminate Complexity of Firewall Po (PRWeb) FireMon, the leading network security policy management company that brings visibility, control and automation to enterprise cloud and hybrid
Cengage Work Expands Ready to Hire to Close Critical Cybersecurity Skills and Talent Gaps (Cengage) Ready to Hire for Cybersecurity, with Training and Verified Talent from Infosec Institute, will Help Employers Fill Open Cybersecurity Roles
Design and Innovation
QuSecure Collaborates with Red Hat to Deliver Enhanced Post-Quantum Cryptography Modernization (Business Wire) QuSecure Provides a More Easily Deployed Crypto-Agile Cybersecurity Solution Using Red Hat Open-Source Technologies
Google Looks to Turbocharge AI Efforts With Combined Brain, DeepMind Unit (Wall Street Journal) The search giant is merging AI resources to accelerate progress in technology that is reshaping business.
Corelight to Expand AI Usage Across Portfolio, Including Industry Leading GPT-Driven Integrations (PR Newswire) Corelight, the leader in open network detection and response (NDR), today announced a broad expansion in the integration of artificial...
How to worry wisely about artificial intelligence (The Economist) Rapid progress in AI is arousing fear as well as excitement. How worried should you be?
Artificial intelligence is infiltrating health care. We shouldn’t let it make all the decisions. (MIT Technology Review) AI paternalism could put patient autonomy at risk—if we let it.
ChatGPT and AI Will Make Humans More Necessary, Not Replace Them (World Politics Review) While concerns about artificial intelligence’s effects on the economy and job market are understandable, we shouldn’t overreact.
Legislation, Policy, and Regulation
Brussels forces crypto companies to say how much energy they use (The Telegraph) The European Union has launched a crackdown on crypto trading following the collapse of several major players in the scandal-hit industry, including Sam Bankman-Fried’s FTX.
Cybersecurity still 'high risk' in GAO’s book after over 25 years (FCW) The management of the government’s IT acquisitions and operations is also on the Government Accountability Office’s biennial high risk list update this year, as it has been since 2015.
Lawmakers introduce bill to counter Chinese cyber threats against Taiwan (The Hill) Senate and House lawmakers introduced bipartisan legislation on Thursday that would boost cybersecurity collaboration between the U.S. and Taiwan to counter cyberattacks from China. The bill, calle…
Acting US National Cyber Director: ‘We're allowing the adversary to set our agenda’ (Record) The Record sat down with Kemba Walden to discuss her mandate in her new job and her vision for cyberspace.
NEW Blog | NIST Expands Outreach to the Small Business Community (National Institute of Standards and Technology (NIST)) Did you know that 99.9% of businesses in America are small businesses? Small businesses are a major source of innovation for our country—but they’re often faced with limited resources and budgets. Many of them need cybersecurity solutions, guidance, and training so they can cost-effectively address and manage their cybersecurity risks. Hmmm…where can you find guidance like this all in one place?
U.S Cyber Command’s Evolution Is Underwritten by Legal Authorities (AFCEA International) In its 13-year history, the nation’s cyber military has advanced to be a premier force, especially in the last three years, thanks in part to its attorneys.
NSA deputy plans to step down, creating possible leadership openings (Record) The longtime No. 2 at the National Security Agency will retire soon, a move that could trigger a domino effect of leadership changes at the world's most powerful electronic spying agency and U.S. Cyber Command.
Litigation, Investigation, and Law Enforcement
OpenAI’s hunger for data is coming back to bite it (MIT Technology Review) The company’s AI services may be breaking data protection laws, and there is no resolution in sight.
Singtel-owned Optus hit with class-action lawsuit over 2022 cyber-security breach (The Straits Times) More than 100,000 current and former customers have joined a class-action lawsuit against Optus. Read more at straitstimes.com.
