Be the first to know about Arctic Wolf and Red Bull Racing Honda’s big plans for the upcoming Formula 1 season. Bringing world-class security operations to the racetrack and beyond in 2022. Learn more about this groundbreaking partnership.
Ukraine has now attributed last week’s cyberattacks to Russian operators, and Kyiv has found some support for its conclusion among other governments. Microsoft on Saturday released a report on the malware used in the attacks: it was a wiper that represented itself as ransomware. NATO considers its options for defense, deterrence, and response.
Kyiv has accused Russian services of carrying out last week’s cyberattacks (with some possible assistance from Belarus). “Moscow continues to wage a hybrid war and is actively building forces in the information and cyberspace,” Ukraine’s Ministry of Digital Transformation said this weekend. Kyiv’s view is that the operation is a continuation of a hybrid war Russian has waged against Ukraine since its 2014 invasion of Crimea. Ukraine’s State Service for Special Communications described the attacks as hitting seventy government “sites or resources,” ten of which were “subjected to unauthorized interference.” But the service claimed that no personal data were leaked, and that most affected sites were quickly restored to normal. The State Service added some details about how the attackers obtained access to the sites: it was a supply chain attack. “The attackers hacked the infrastructure of a commercial company that had administrative access to the web resources affected by the attack.” Which commercial vendor was hit remained unspecified. (It’s worth noting that a supply chain attack through M.E.Doc tax preparation software was used in 2017’s NotPetya attack, which has been generally attributed to Russian intelligence services.)
The cyber operations, coming as they do as Russian troops are reported to have marshaled in assembly areas near the Ukrainian border, have been received by NATO as battlespace preparation. The US has said that the cyberattacks have the hallmarks of a disinformation operation intended to afford Russia a pretext for military action. Foreign Policy quotes an anonymous US official at length on how this might be accomplished. “Russia is laying the groundwork to have the option of fabricating a pretext for invasion, including through sabotage activities and information operations, by accusing Ukraine of preparing an imminent attack against Russian forces in eastern Ukraine,” the source said. An attack against deniable, Russian-proxy forces that have been operating in the Donbass region of Eastern Ukraine since 2014 is thought most likely. The anonymous official added, “The Russian military plans to begin these activities several weeks before a military invasion, which could begin between mid-January and mid-February. We saw this playbook in 2014 with Crimea.”
Ukraine’s ministry of digital transformation agrees that the cyberattacks represented, at one level, disinformation in the service of influence operations. “Its goal is not just to intimidate society, but to destabilize the situation in Ukraine by stopping the public sector’s work and undermining Ukrainians’ confidence in their government.”
The cyberattacks may also have been intended to provide cover for other, more destructive operations. Microsoft said on Saturday that it hadn’t been able to draw connections between Friday’s cyberattacks against Ukraine and any of the threat actors it tracks. It is, however, confident that the attack involved the use of a wiper, that is, malware whose intent was the destruction of data, not their temporary denial (as in a conventional ransomware attack) or their theft. The operation is being called “WhisperGate.” and Microsoft has given the threat actor behind it the temporary tracking identifier DEV-0586. The attack is, Microsoft says, a two stage operation. Stage one overwrites the Master Boot Record “to display a faked ransom note.” Stage two of the attack installs a file-corrupter malware. That malware is still undergoing analysis. Microsoft has provided a set of indicators of compromise (IOCs) organizations can use to assess their risk.
Ukrinfor reports that NATO, having condemned last week’s cyberattacks, is working closer cooperation on cyber defense with Ukraine. According to Reuters, the US has offered Ukraine “whatever it needs” to recover from those attacks, and Interfax-Ukraine says that Franco-American talks have addressed common preparations to render such aid to Kyiv.
Russia denies any involvement in the cyberattacks, and disclaims any intention to invade Ukraine. Kremlin spokesman Dmitry Peskov, said, in a CNN interview, “We have nothing to do with it. Russia has nothing to do with these cyber-attacks. Ukrainians are blaming everything on Russia, even their bad weather in their country,”
That said, Russian President Vladimir Putin has given the US (and by implication NATO) a soft deadline for meeting Russia’s demands–it’s set to expire, roughly, on January 20th. He’s outlined three demands, Russia Matters reports:
The CyberWire’s continuing coverage of the crisis in Ukraine may be found here, with our most recent story at this link.
Trend Micro yesterday reported on an “elusive” threat actor it calls “Earth Lusca,” and that it’s been tracking since the middle of last year. Earth Lusca is assessed as a Chinese group, part of the “Winnti Cluster,” although it represents a distinct operation. Its interests include “government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, Covid-19 research organizations, and the media,” all predictable espionage targets, but Earth Lusca’s activities are mixed: they also extend to some apparently financially motivated operations against gambling and cryptocurrency outfits. Trend Micro’s technical analysis of the group’s activity describes its infrastructure, a distinctive strain of malware, and its extensive social engineering.
Researchers at Team Huntress, following up on warnings from the UK’s NIH, have confirmed that unpatched VMware Horizon servers are now being actively attacked with Cobalt Strike implants. This activity amounts to “exploitation of Horizon itself and not the abuse of web shells” that were observed earlier.
With more governments now requiring people to obtain, and under some circumstances present, evidence of vaccination against COVID-19, criminals are selling fraudulent PCR and test certificates. Check Point says the bogus certificates are for the most part being distributed by the Telegram messaging app, and that some regions have seen increases in such fraud of up to 600%.
US officials have said, according to the Record, that one of the members of REvil arrested last week by Russian authorities may have been responsible for the ransomware attack on Colonial Pipeline last spring.
Today's issue includes events affecting Armenia, Azerbaijan, Bahrain, Belarus, Canada, China, Cuba, the Czech Republic, the European Union, France, Germany, Hungary, India, Iran, Ireland, Israel, Japan, Jordan, Latvia, NATO/OTAN, the Netherlands, Pakistan, the Philippines, Poland, Russia, Ukraine, the United Arab Emirates, the United Kingdom, the United States, and Venezuela.
State and criminal actors are consistently targeting industrial networks. Join Dragos and IronNet on Jan. 26 to learn how a collective defense and visibility across IT and OT and the entire community can help protect your environment against threat actors. We’ll discuss how an attack on one of us is an attack we can all learn from and review top lessons learned from the field. Register today.
Cyberspace in multi-domain operations: the case of Ukraine. (The CyberWire) Ukraine has now attributed last week's cyberattacks to Russian operators, and Kyiv has found some support for its conclusion among other governments. Microsoft on Saturday released a report on the malware used in the attacks: it was a wiper that represented itself as ransomware. NATO considers its options for defense, deterrence, and response.
Russia Thins Out Its Embassy in Ukraine, a Possible Clue to Putin’s Next Move (New York Times) The slow evacuation may be part propaganda, part preparation for a conflict or part feint, Ukrainian and U.S. officials say. It could be all three.
Destructive malware targeting Ukrainian organizations (Microsoft Security Blog) Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine.
Microsoft Warns of Destructive Cyberattack on Ukrainian Computer Networks (New York Times) The malware was revealed as Russian troops remain massed at the Ukrainian border, and after Ukrainian government agencies had their websites defaced.
Microsoft discovers destructive malware on several Ukrainian government agency networks (Washington Post) Microsoft has discovered destructive malware on dozens of Ukrainian government and private-sector computers, raising the risk that government agencies could find it difficult to operate in a crisis.
Microsoft says it observed destructive malware in systems belonging to several Ukraine govt agencies (Reuters) Microsoft Corp said in a blog post on Saturday it observed destructive malware in systems belonging to several Ukrainian government agencies and organisations that work closely with the Ukrainian government.
Microsoft Uncovers Destructive Malware Used in Ukraine Cyberattacks (SecurityWeek) The Microsoft Threat Intelligence Center warned of WhisperGate, a new, destructive malware being used in cyberattacks against the Ukraine government that could be a Master Boot Record (MBR) wiper
Microsoft: Data-wiping malware disguised as ransomware targets Ukraine again (The Record by Recorded Future) Microsoft said today that it has observed a destructive attack taking place in Ukraine where a malware strain has wiped infected computers and then tried to pass as a ransomware attack, but without providing a ransomware payment and recovery mechanism.
Poroshenko, Ex-President, Returns to Ukraine, Roiling Politics (New York Times) Petro O. Poroshenko, a former president, returned to Kyiv on Monday facing possible arrest, adding internal political turmoil to a threat of Russian invasion.
Ukraine blames Russia for cyberattack against government agencies (TheHill) Ukrainian authorities have blamed Russia for a cyberattack on their government websites, alleging that Moscow is engaging in a “hybrid war” on it also masses troops along the border.
Russia behind website-defacing cyberattack, Ukrainian officials claim (Euronews) The statement from the ministry of digital development came a day after Microsoft said dozens of computer systems at an unspecified number of Ukrainian agencies had been infected with destructive malware disguised as ransomware.
Ukraine blames Russia for cyberattack targeting government agencies (UPI) Microsoft on Saturday said it has discovered malware with the capability to erase data on computer systems of dozens of government, non-profit and information technology organizations based in Ukraine.
Ukraine says evidence points to Russia being behind cyber-attack (the Guardian) Claim comes as Microsoft warns hack that hit government websites could be worse than first feared
Ukraine links cyberattack to Belarus (Computing) The attack defaced multiple websites belonging to Ukrainian government agencies and comes amid rising tensions in the region, stoked by Russia
EXCLUSIVE Ukraine suspects group linked to Belarus intelligence over cyberattack (Reuters) Kyiv believes a hacker group linked to Belarusian intelligence carried out a cyberattack that hit Ukrainian government websites this week and used malware similar to that used by a group tied to Russian intelligence, a senior Ukrainian security official said.
Destructive Hacks Against Ukraine Echo Its Last Cyberwar (Wired) A data wiper posing as ransomware bears a discomfiting resemblance to the earlier wave of Russian cyberattacks that ended with NotPetya.
Cyber war in perspective: Russian aggression against Ukraine (NATO Cooperative Cyber Defence Centre of Excellence) In mid-January 2014, the Ukrainian Rada passed tough anti-protest regulations that seemed to be designed to nip the emerging anti-government mood in the bud.
Opinion: Even if Putin doesn’t seize all of Ukraine, he has a larger strategy. The U.S. needs one, too. (Washington Post) Russia’s focus on Ukraine is certainly intense. The Kremlin has massed troops and equipment along their common border; launched major cyberattacks against Kyiv’s government computer systems; planted operatives in the eastern Donbas region who could stage false-flag operations as pretexts for Russian invasion; and escalated a long-standing insistence that Ukraine is not a legitimate sovereign state.
Ukraine's future looks bleak as Russia runs out of patience (Newsweek) A week of high-level talks between Moscow and the West have not produced a breakthrough to ease tensions over the Russian troop build-up next to Ukraine.
After crisis talks with Russia, the threat of war in Ukraine still looms. Here’s why. (Washington Post) Fears of a possible Russian attack on Ukraine have sharpened after no progress was made during talks in Europe seeking to deter Russia’s military buildup near Ukraine and convince Moscow to de-escalate.
Why would Putin invade Ukraine? (Washington Post) Troubles at home may be his strongest motive
Russia Planning Provocation in Ukraine as Pretext for War (Foreign Policy) Warnings from U.S. officials come amid a cyberattack on Ukrainian government websites.
U.S. intel suggests Russia is planning a false-flag operation (POLITICO) The Kremlin has operatives already in Ukraine, laying the groundwork for an invasion, say Biden officials.
Russia denies US claim it seeks ‘false flag’ pretext to invade Ukraine (Military Times) Russian Foreign Minister Sergey Lavrov dismissed the U.S. claim about a "false flag" pretext for invasion as “total disinformation.”
Russia planning potential sabotage operations in Ukraine, U.S. says (Washington Post) The Russian government has sent operatives into eastern Ukraine in preparation for potential sabotage efforts that could serve as a pretext for a renewed Russian invasion, the Biden administration warned on Friday, escalating tensions with Moscow after preliminary diplomatic talks in Europe reached an impasse.
Missile systems and tanks spotted in Russian far east, heading west (Medium) Newly geolocated social media footage suggests redeployment began prior to US-Russia negotiations in Geneva
Following cyber attack, NATO to boost cyber defense cooperation with Ukraine (Ukrinform) NATO Secretary General Jens Stoltenberg has condemned the cyber attacks on the Ukrainian government.
Baerbock Visit Puts Ukrainian-German Relations in Spotlight (KyivPost) “Germany and Europe are ready to seek compromises in resolving the Ukrainian crisis, but they are not…
U.S. offers Ukraine 'whatever support it needs' to recover from cyberattack (Reuters) The United States and its allies have offered Ukraine their support as the investigation into the nature and impact of a cyberattack that targeted the country continues, a White House National Security Council (NSC) spokesperson said.
U.S., France discuss measures to support Ukraine after cyberattack on govt websites (Interfax-Ukraine) The United States and France during the January 13-14 Cyber Dialogue stressed the importance of transatlantic cooperation to promote security in cyberspace and discussed assistance to Ukraine, which suffered a cyberattack, the U.S. Department of State said.
With U.S. and Russia stalemate at Ukraine talks, moment of truth nears (Newsweek) A State Department spokesperson told Newsweek that "the coming days" will prove if diplomacy can succeed, while Russia's envoy warned his country was on the "edge of the precipice."
In the Thick of ItHot Take: If US/NATO-Russia Talks Are in ‘Dead End,’ What Does Putin Want in Writing Next Week? (Russia Matters) Near the end of this week’s marathon talks between Russia and the U.S., NATO and the OSCE on Russia’s three main security demands (and the West’s counter-demands), Russian negotiators said the talks had reached a “dead end” but simultaneously suggested that the American side has until Jan. 20 or so (one week from Jan. 13) to tell Moscow in writing what Western officials have already told their Russian counterparts face to face—namely, that the U.S. and its allies are rejecting the first two of the three main demands made by President Vladimir Putin…
Biden Plans U.N. Showdown if Russia Invades Ukraine (Foreign Policy) There’s lots of history at the Security Council, but few changes.
Cyberattack hits Ukraine as US warns Russia could be prepping for war (GMA) The United States said it feared Russia was preparing a pretext to invade Ukraine if diplomacy fails to meet its objectives, after a massive cyberattack splashed Ukrainian government websites with a warning to "be afraid and expect the worst".
Cyberattack Hits Ukrainian Websites as Russia Tensions Mount (Bloomberg) No word yet from Ukrainian authorities on who’s behind attack. EU countries condemn attack, point finger at the Kremlin.
Ukraine Government Websites Hit by Cyberattack (Wall Street Journal) A message posted on the Foreign Ministry’s home page in Ukrainian, Russian and Polish suggested users’ data had been compromised and uploaded online. “Be afraid and expect the worst,” the message read.
Cyberattack in Ukraine targets government websites (PBS NewsHour) The websites of the country's Cabinet, seven ministries, the Treasury, the National Emergency Service and the state services website, where Ukrainians' electronic passports and vaccination certificates are stored, were temporarily unavailable Friday as a result of the hack.
NATO, Kiev to sign agreement on enhanced cyber cooperation within days — NATO chief (TASS) The agreement will also include Ukrainian access to NATO’s malware information sharing platform
Swedes Step up Military Contingency over Russian Activity (Military.com) Sweden has noticed a number of landing craft from Russia’s northern navy which have been entering the Baltic Sea.
UK gives Ukraine anti-tank weapons as Canada sends special forces (Al Jazeera) Moves come as Russia denies US claims that the country is looking for a pretext to invade Ukraine.
No lights, no heat, no money – that's life in Ukraine during cyber warfare (Reuters) Hackers who defaced and interrupted access to numerous Ukrainian government websites on Friday could be setting the stage for more serious cyberattacks that would disrupt the lives of ordinary Ukrainians, experts said.
What will Putin do? An expert guide to this week’s high-wire diplomacy with Russia (Atlantic Council) As the tensions ratchet up, our experts parse through the details, signals, and developments to distill what this moment means for Europe and beyond.
‘We have to show strength’: Calls grow for U.S. to deter Russian hackers (POLITICO) Kremlin saber-rattling on the Ukrainian border is increasing worries that a confrontation could fuel cyberattacks on the U.S.
‘Part of Their Playbook’: Jake Sullivan Says Possible Russian Cyber Attacks on Ukraine May Be Part of an ‘Effort to Escalate’ (Mediaite) National Security Adviser Jake Sullivan warned on Sunday that “cyber attacks could be part of a broad-based Russian effort to escalate in Ukraine” and emphasized that the U.S. is working alongside Ukraine “to harden their defenses.” “We’re also coordinating with the private sector companies like Microsoft, both in Ukraine and here in the United States, […]
Background Press Call by a Senior Administration Official on Cybersecurity (The White House) Via Teleconference 4:33 P.M. ESTMODERATOR: Hey, everyone. Thanks for joining us closer to the end of the day on a Friday. So, as noted in the invite,
Time for NATO to Close Its Door (Foreign Affairs) The alliance is too big—and too provocative—for its own good.
White House reminds tech giants open source is a national security issue (BleepingComputer) The White House wants government and private sector organizations to rally their efforts and resources to secure open-source software and its supply chain after the Log4J vulnerabilities exposed critical infrastructure to threat actors' attacks.
Proactive Preparation and Hardening to Protect Against Destructive Attacks | Mandiant (mandianr) In light of the crisis in Ukraine, Mandiant is preparing for Russian actors to carry out aggressive cyber activity against our customers and community.
Doxbin Leak Includes Criminals' Data, Could Boost Hacking (Gov Info Security) Threat actors who use data-sharing website Doxbin have had passwords, decryptor keys, multifactor authentication codes and stealer log information leaked online,
Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques (Trend Micro) Our technical brief provides an in-depth look at Earth Lusca’s activities, the tools it employs in attacks, and the infrastructure it uses.
Delving Deep: An Analysis of Earth Lusca’s Operations (Trend Micro) Numerous factors have made attribution more difficult today than it has ever been, especially when it comes to attributing cyberespionage operations to threat actors.
Earth Lusca threat actor targets governments and cryptocurrency companies alike (The Record by Recorded Future) Cybersecurity researchers said they discovered a Chinese cyber-espionage group that, besides spying on strategic targets, also dabbled in financially-motivated attacks for their own profits.
The Perfect Cyber Crime (Safebreach) Criminals may steal victims’ most sensitive data using infection-free attacks that require minimal effort and carry little risk of being caught
Threat Advisory: VMware Horizon Servers Actively Being Hit With Cobalt Strike (Huntress) Huntress is monitoring an incident in which VMware Horizon Servers are being hit with Cobalt Strike. Read our up-to-date blog to learn more.
China-Based Ransomware Operator Exploiting Log4j Vulnerability (JD Supra) Microsoft has issued frequent updates on the Log4j vulnerability that we have been hearing so much about. The vulnerability is a serious problem that…
El Salvador journalists’ cell phones were targeted by Pegasus hundreds of times in two years, analysis shows (ICIJ) Staff members of El Faro, an ICIJ partner, were among 35 journalists and activists hacked by spyware made by the NSO Group.
Unsafe anywhere: women human rights defenders speak out about Pegasus attacks (Frontline Defenders) A new investigation led by Front Line Defenders reveals the hacking of two women human rights defenders (WHRDs) from Bahrain and Jordan using NSO Group’s notorious Pegasus spyware.
Two female activists in Bahrain and Jordan hacked with NSO spyware (the Guardian) Investigation finds mobile phones of human rights defenders were hacked multiple times
Women human rights defenders speak out after Pegasus spyware attacks (The Record by Recorded Future) A new report shows spyware sold to governments was used to target women human rights defenders in the Middle East, leaving victims isolated and anxious that their most personal moments might be used against them.
New Requirements in the Wake of Omicron have led to Increased Dark Market Activity Around Fake Covid Certificates (Check Point Software) As nations around the world brace for the fallout from the new Omicron variant of COVID-19, Check Point Research warns of a global surge in the supply of
Safari 15 Vulnerability Allows Cross-Site Tracking of Users (SecurityWeek) A vulnerability in Apple’s implementation of the IndexedDB API in Safari 15 allows websites to track users’ activity on other sites and even to reveal their identity
Safari 15 Bug Can Expose Your Browsing Activity, Personal Identifiers (NDTV Gadgets 360) The Safari vulnerability was reported to the WebKit Bug Tracker in November, though Apple has not yet released its fix.
Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors (SecurityWeek) A critical vulnerability in IDEMIA biometric identification devices can be exploited to unlock doors and turnstiles.
Positive Technologies Uncovers Vulnerability in IDEMIA Biometric Identification Devices That Can Unlock Doors and Turnstiles (Positive Technologies) The problem concerns IDEMIA biometric readers designed to organize access control, in which privileged commands can be executed via the management protocol
Security Flaws Seen in China’s Mandatory Olympics App for Athletes (New York Times) Researchers said the app, which will store sensitive health data on participants at the Winter Games, has serious encryption vulnerabilities.
Report: Going to the Beijing Olympics? Leave anything with an electron home (The Record by Recorded Future) According to a new report, visitors to China during the Olympics who use local VPN software could unwittingly hand their user data over to the authorities.
New RCE bug is making APAC businesses vulnerable to Log Injection attacks — Barracuda (Back End News) A new remote code execution (RCE) bug could be making businesses in Asia-Pacific vulnerable to Log4Shell log injection attacks, according to Barracuda, a provider of cloud-enabled security solution…
Clare County Council Confirms Data Breach Involving Release Of Personal Information Of Former Tenants (Clare FM) Clare County Council has confirmed a data breach which involved the release of personal information of 72 people, as well as 13 who have passed away. The local authority says the data was released in error, as part of a response to a Freedom of Information request about vacant Council houses and that those affected …
Defense contractor Hensoldt confirms Lorenz ransomware attack (BleepingComputer) Hensoldt, a multinational defense contractor headquartered in Germany, has confirmed that some of its UK subsidiary's systems were compromised in a ransomware attack.
Personal Information Compromised in Goodwill Website Hack (SecurityWeek) Goodwill is informing customers that their personal contact information was compromised as a result of a website hack.
Hackers disrupt payroll for thousands of employers — including hospitals (NPR) Hundreds, if not thousands, of workers have missed out on overtime and holiday pay in recent weeks. In Cleveland, city administrators set up a "war room" to deal with the paycheck backlog.
'Lock it down and piss people off': How quick thinking stopped a ransomware attack from crippling a Florida hospital (CNN) It was approaching midnight on Sunday and the head of IT at a Florida hospital had a problem.
4 common cybersecurity flaws in healthcare organizations (Security Magazine) Cybersecurity training, two-factor authentication, updating communication strategies and developing an attack strategy can help healthcare organizations bolster their cybersecurity strategy.
How open banking benefits customers, banks – and cybercriminals (Security Brief) While open banking benefits banks, fintechs, and consumers, its promise to deliver innovative services and spur competition does not come without security cautions.
DHL dethrones Microsoft as most imitated brand in phishing attacks (BleepingComputer) DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.
DHL Replaces Microsoft as Most Imitated Brand in Phishing Attempts in Q4 2021 (GlobeNewswire News Room) Check Point Research issues Q4 Brand Phishing Report, highlighting the leading brands that hackers imitated in attempts to lure people into giving up…
The 12 red flags (Professional Security) The 12 red flags. Professional Security magazine online – an essential read for everyone in the security industry.
Critical SAP Vulnerability Allows Supply Chain Attacks (SecurityWeek) A critical vulnerability in SAP NetWeaver AS ABAP and ABAP Platform could be abused in supply chain attacks.
Zoho plugs another critical security hole in Desktop Central (BleepingComputer) Zoho has addressed a new critical severity vulnerability found to affect the company's Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions.
Oracle to Release Nearly 500 New Security Patches (SecurityWeek) Oracle is set to release nearly 500 new security patches with its January 2022 Critical Patch Update (CPU).
Vulnerability Summary for the Week of January 10, 2022 | CISA (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Serious Security: Linux full-disk encryption bug fixed – patch now! (Naked Security) Imagine if someone who didn’t have your password could sneakily modify data that was encrypted with it.
Emails from Uber may not have been from Uber (Avast) An easy-to-exploit vulnerability allowing a bad actor to send emails from Uber’s official account has finally been fixed, seven years after it was first reported.
New Chrome security measure aims to curtail an entire class of Web attack (Ars Technica) Hackers have long used browsers as a beachhead. Google aims for PNA to change that.
Prioritize These January Microsoft Security Patches (Commercial Integrator) The patches include fixes for several remote code execution flaws and a critical elevation of privilege bug in Active Directory.
Global Cybersecurity Outlook: 2022 Insight Report, January 2022 (World Economic Forum) At the time of writing, digital trends and their exponential proliferation due to the COVID-19 pandemic have thrust the global population onto a new trajectory of digitalization and interconnectedness.
Research Shows the Move to Modern Multicloud Environments Has Broken Traditional Approaches to Infrastructure Monitoring (Business Wire) Software intelligence company Dynatrace (NYSE: DT) today announced the findings of an independent global survey of 1,300 CIOs and senior IT practition
Crypto Enthusiasts Meet Their Match: Angry Gamers (New York Times) Game publishers are offering NFTs, but skeptical gamers smell a moneymaking scheme and are fighting back.
The Cyber Security Attack Divide: Grandparents Targeted By Ransomware, Young Adults By TikTok Scams (Scoop) New research from Avast (LSE: AVST), a global leader in digital security and privacy, today revealed that older and younger generations are being targeted by different online threats based on the primary device that they use to go online. …
Survey: Czech companies faced growing number of cyberattacks last year (Radio Prague International) Czech companies faced over 1,000 cyberattacks per week last year, the Czech News Agency reported this week, citing newly released data by the security company Check Point.
Doubts face UK businesses looking to get proactive about cybersecurity (Digit) New research from Kaspersky has warned that over half of UK businesses don’t know how to be more proactive about cybersecurity.
US data protection: Online habits and data breaches (ProtonVPN Blog) We asked 1,000 Americans questions about their online habits to reveal what they are doing to keep their online data secure.
Cybersecurity M&A Roundup for January 1-16, 2022 (SecurityWeek) Fifteen acquisitions were announced in the first half of January 2022.
Top cybersecurity M&A deals for 2022 (CSO Online) The hot cybersecurity mergers and acquisition market continues into 2022 as vendors look to solidify their positions and expand their offerings.
Security Desperation Is Causing Businesses – Especially SMEs – To Look To Partners To Deliver Effective, Low-Resource Security Solutions (ARN) The cyber security threats that have been facing enterprises across Australia have been accelerating throughout 2021, and there is no indication that it will slow from here. Furthermore, the stresses around security that organisations are facing are difficult to solve within the business, leading to greater reliance on channel support than ever.
DigiCert Acquires Mocana (Infosecurity Magazine) IoT cybersecurity firm purchased, backed by Clearlake Capital Group, Crosspoint Capital and TA Associates
Former FireEye Executives Emerge from Stealth with $10M Seed Round to Tackle Cloud Detection and Response (Permiso) Permiso.io provides runtime visibility for identities in the public cloud, giving engineering and security teams a holistic view of their cloud environments
Banyan Security Raises $30M in Growth Financing to Support Increased Demand for Innovative Zero Trust Network Access Platform (GlobeNewswire News Room) New funding, led by Third Point Ventures, will expand the company’s go-to-market strategy, sales and marketing efforts, and customer success…
DigiCert Has Acquired IoT Cybersecurity Provider Mocana (ARC Advisory Group) DigiCert, Inc., announced that it has acquired IoT cybersecurity provider Mocana. The combination of DigiCert and Mocana technologies provides IoT manufacturers and operators with a comprehensive platform for managing security across the full IoT device lifecycle.
Israeli cybersecurity start-up Eureka receives $8m. from YL Ventures (Jerusalem Post) Israeli startup Eureka has received $8 million in seed funding from YL Ventures. They have created a data cloud security solution, which has become a game changing platform.
Short seller launches assault on tech star Darktrace (The Telegraph) ShadowFall bets against the cyber security specialist as it doubts it "will stand the test of time"
Darktrace falls 5% as confusion reigns over shorting attack (Shares) Investors have been left scratching their heads over after reports at the weekend suggested that Darktrace (DARK) has come under a shorting attack.
Security platform Pentera becomes newest Mass. unicorn (Boston Business Journal) CEO Amitai Ratzon said Pentera chose the Greater Boston area as headquarters for its North American operations due to "the large and diverse cyber security workforce located in the immediate area."
Specops Software Significantly Increases Client Base and Achieves 30% (PRWeb) Specops Software, a leading provider of password management and user authentication solutions, today announced record customer and revenue
Jumio Closes 2021 with Record-Shattering 130% Revenue Growth and Profitability (Business Wire) Jumio, the leading provider of AI-powered end-to-end identity orchestration, eKYC and AML solutions, today announced the record-breaking close to a su
Celebrities push cryptocurrencies, but their fans carry all the risk (Quartz) Crypto is a volatile, risky, and unregulated investment
Onapsis Taps Rocco Donnino as Senior Vice President of Global Strategic Alliances and Channels (Onapsis) Proven Security Executive Hailing from McAfee, Microsoft, Unbound Security, and More to Scale the Onapsis nCase Partner Program to Meet Demand of Business-Critical Application Protection and Compliance
Trulioo appoints Michael Ramsbacker as chief product officer (Information Age) Identity verification provider Trulioo has announced the appointment of Michael Ramsbacker as its first chief product officer
QinetiQ US appoints new president and CEO (Army Technology) QinetiQ US has appointed Shawn Purvis as the new president and CEO of QinetiQ US effective 17 January 2022.
SentinelOne Integrations Target Zero Trust, Threat Simulation and More (MSSP Alert) SentinelOne integrations with Remediant, Blue Hexagon, Keysight & Automox may help MSSPs to further automate detect & remediate cyberattacks & ransomware.
Israeli startup Spott launches e-commerce liability insurance platform (Jerusalem Post) Founded in 2021 by veterans of the IDF's 8200 military intelligence unit, Spott aims to be at the forefront of the $5 billion e-commerce liability insurance market.
Kyndryl named 'certified strategic' service provider for Govt's cloud services (CRN Australia) With focus on its Government zCloud offering.
Hillstone Networks sets new standard in intelligent, reliable and automated security solutions with StoneOS 5.5R9 (Antara News) Hillstone Networks, a leading provider of infrastructure protection solutions, today introduced the latest iteration of its flagship StoneOS …
UAE cyber security council collaborates with Injazat to improve detection & response of cyber attacks (Zawya) Confronting cyber-attacks in a proactive and highly efficient manner is at the forefront of the council's strategy, says Head of UAE Cybersecurity Council
Elisity Launches Micro Edge for its Cognitive Trust™ Solution (Business Wire) Elisity, Inc., the pioneer of Cognitive Trust™, the new platform for identity and behavior-based enterprise network security, today announced the avai
Apiiro's Code Risk Platform Now Available on Google Cloud Marketplace (Apiiro) We are reinventing the Secure Software Development Lifecycle with complete risk visibility for every change from design to code to cloud.
DataSecOps Pioneer Satori Sees Six-Fold Increase in Users, Twenty-Five-Fold Increase in Queries, Joins AWS Partner Network (GlobeNewswire News Room) Satori closes 2021 with a 650+% surge in users, increased utilization, and a steadily rising profile, highlighted by the company’s entry into Amazon’s…
Summary Report 2021 (AV-Comparatives) Read the Summary Report 2021 to learn more about the various AV products tested over the year and the high-scoring products in these tests.
A Complex Threat Landscape Muddles Attribution (Decipher) While increased research and information-sharing have improved the process of attribution, a complex threat landscape is also making it more difficult.
The Cybersecurity Measures CTOs Are Actually Implementing (Dark Reading) Companies look to multifactor authentication and identity and access management to block attacks, but hedge their bets with disaster recovery.
The Boardroom Isn't Ready for the Next SolarWinds (AttackIQ) Attacks like Log4j, SolarWinds and Colonial Pipeline have board rooms across the nation questioning their preparedness in combating cybersecurity risks. What can boards do now to be more effective for the next big attack?
The Supply Chain Needs Better Cybersecurity and Risk Management (The State of Security) The supply chain is under a historic amount of pressure, but the strain on its cybersecurity and risk management may be even worse.
How does the cyberattack hotline work? (HiTech Wiki) Definitely, this week is placed under the sign of cybersecurity in government announcements. Emmanuel Macron went to Nice on Monday and took the opportunity to present certain objectives. The outgoing president is not yet an official candidate but he behaves as such by outlining ideas that could see the light of day in the years […]
Cybersecurity in the digital payments ecosystem (ETCIO.com) Cybersecurity is not a one-time solution but an ongoing process that must be integrated into the core of FinTech applications. With the employment of ..
Do you know what your child is doing online? Key tips for cyber hygiene (Parent) From cyberbullying to malicious content, the internet is filled with potential threats.
MSU selected to join U.S. Cyber Command Academic Engagement Network (Mississippi State University) Mississippi State University is among 84 institutions across the country selected to join a new Academic Engagement Network facilitated by the U.S. Cyber Command, known as CYBERCOM.
The near future of international law in cyberspace: Contentions and realities (ORF) International stability can be endangered if the fine points of how international law applies to cyber operations are not determined
Russia’s other European invasion (Atlantic Council) From London to Athens and far beyond, bankers, lawyers, lobbyists, and former officials have all been snapped up by the Kremlin and its allies.
Russia Is Worried About Challenges in the Caucasus (Foreign Policy) The Nagorno-Karabakh war’s aftermath is still impacting Moscow’s plans.
This year, Russia’s internet crackdown will be even worse (Atlantic Council) As the world watches Putin's moves in and around Ukraine, the Kremlin's internet crackdown is no less worthy of attention.
China Seen Backing ‘Digital Authoritarianism’ in Latin America (VOA) Insiders and experts say Chinese technology has been key to controlling digital communications in Venezuela and Cuba
Chinese spy: Alerts about foreign interference in British politics will become more common, Priti Patel tells MPs (Sky News) Delivering a statement to MPs in the Commons, Priti Patel says the government will introduce new legislation to give the security services and agencies the "tools they need to disrupt the full range of state threats".
Britain needs to be braced for more Chinese-style spy scandals, Priti Patel warns (LBC) The UK is expected to see more alerts about foreign interference with politics, the Home Secretary has warned, after MI5 uncovered a Chinese spy trying to influence MPs in Westminster.
Conveyancers might be forced to buy cyber-insurance in PII rejig (Legal Futures) The Council for Licensed Conveyancers has mooted requiring law firms to purchase standalone cyber-insurance as “evolving forms of cyber-risk” become more complex.
Pakistan Releases Public Version Of First Ever National Security Policy (Overt Defense) NSP is meant for a five-year period from 2022-26. It will be reviewed annually and aims for a secure, prosperous Pakistan while blaming India for increased
Should Pakistan have a cyber army? (Express Tribune) Could our country’s security apparatus do with a force of professionals well versed in state-of-the-art IT knowledge?
Iranians on #SocialMedia (Atlantic Council) This report by the Future of Iran Initiative and Digital Forensic Research Lab (DFRLab) explores the social media habits of Iranian netizens and how the Islamic Republic is repressing the online space.
Are you ready for the Data Protection Bill? (ETCIO.com) India’s data protection bill could have a far-reaching impact on enterprise operations and how they look at data management
Fourth U.S.-France Cyber Dialogue (United States Department of State) The United States and France held the fourth U.S.-France Cyber Dialogue virtually on January 13-14, 2022. Representatives of the two countries emphasized the importance of transatlantic cooperation to promote security and stability in cyberspace and discussed France’s plans to elevate cyber issues during its presidency of the Council of the European Union for the first […]
Amidst the escalating great power contest for cyberspace, President Biden’s Indo-Pacific strategy gears up for cyber security challenges (Times of India Blog) In 2022, among many strategic flashpoints and security issues, cyberspace is going to be one of the contested spaces where the world powers’ strategic rivalry will be intense. Despite being the world leader in artificial…
Senate Clears Supply Chain Security Bill (MeriTalk) The Senate this week approved bipartisan legislation that would create a cyber training program for Federal employees, aimed to help protect the Federal government against cyberattacks and supply chain security vulnerabilities.
U.S. Names Official to Counter Foreign Election Interference (New York Times) The director of national intelligence appointed a C.I.A. veteran to the post amid delays in congressional approval of money for a new office to oversee threats to American politics from abroad.
Key U.S. lawmakers urge AT&T, Verizon to delay some 5G deployments (Nasdaq) The chairman of the House Transportation Committee and the head of an aviation subcommittee urged AT&T and Verizon Communications to delay some 5G deployments set for Wednesday around key U.S. airport runways.
Launch of 5G tomorrow will bring US air commerce to a halt, say airlines (The Loadstar) US commerce by air will “grind to a halt” tomorrow, with airlines forced to ground aircraft, unless there is a two-mile radius around major airports free from the planned 5G roll-out. A group of airlines, including Atlas, FedEx and UPS, has warned the US government, that otherwise they will have to cancel more than 1,000 flights, with some aircraft grounded “indefinitely”. The 5G problem, which airlines and telecoms companies have been debating for …
The Pentagon’s new cybersecurity model is better, but still an incremental solution to a big challenge (Federal News Network) The Pentagon announced in November a new “strategic direction” for its Cyber Maturity Model Certification, calling it CMMC 2.0 and essentially admitting the first iteration was overly complex and…
The Hidden Toll of Sanctions (Foreign Affairs) Why Washington must reckon with the devastating inflation its policies cause.
Revealed: UK Gov't Plans Publicity Blitz to Undermine Privacy of Your Chats (Rolling Stone) The Home Office has hired a high-end ad agency to mobilize public opinion against encrypted communications — with plans that include some shockingly manipulative tactics
Why cyber defense in Japan is so unreliable (The Japan Times) Despite its technological advances, the country lags in global cybersecurity rankings, having failed to follow a solid policy for embracing modernization.
Europol takes down VPNLab, a service used by ransomware gangs (The Record by Recorded Future) An international law enforcement operation has seized the servers of VPNLab.net, a virtual private network provider that advertised its services on the criminal underground and catered to various cybercrime groups, including ransomware gangs.
Polish government downplays leak of military logistics data (The Record by Recorded Future) The Polish government said today that a recent leak of a military database does not contain any classified or sensitive military information and that the incident "does not pose a threat to state security or the functioning of the Polish Armed Forces."
Russia charges 8 suspected REvil ransomware gang members (BleepingComputer) Eight members of the REvil ransomware operation that have been detained by Russian officers are currently facing criminal charges for their illegal activity.
Russia Arrests Alleged REvil Ransomware Members at U.S. Urging (Decipher) The Russian FSB has arrested 14 alleged members of the REvil ransomware group after U.S. officials urged the country to move against the group.
REvil ransomware crew allegedly busted in Russia, says FSB (Naked Security) The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous “REvil” ransomware crew.
White House: Arrested Russian hacker was behind Colonial Pipeline attack (The Record by Recorded Future) A senior Biden administration official on Friday said one of the Russian hackers arrested earlier in the day by that country’s security service is responsible for the ransomware attack that temporarily crippled the Colonial Pipeline last year.
Law Enforcement Collaboration Has Eastern-European Cybercriminals Questioning Whether There Is A Safe Haven Anymore (Trustwave) Through the active Dark Web research that Trustwave SpiderLabs conducts for its clients, we have observed new communications on various Dark Web forums between Eastern-European cybercriminals.
Russia's REvil Takedown Sets Stage for Several Scenarios (TechNewsWorld) Russian authorities on Friday reported that they shut down the REvil ransomware operations and arrested a dozen or more gang members. The Federal Security Service of the Russian Federation said it quashed the REvil ransomware gang after U.S. authorities reported on the leader.
Russia's "politically motivated" REvil raid could be used as leverage, experts warn (IT PRO) The cyber security industry says the FSB's arrests are “unlikely” to signal a change in Russia’s policy
Exclusive: U.S. examining Alibaba's cloud unit for national security risks (Reuters) The Biden administration is reviewing e-commerce giant Alibaba's cloud business to determine whether it poses a risk to U.S. national security, according to three people briefed on the matter, as the government ramps up scrutiny of Chinese technology companies' dealings with U.S. firms.
Germany's federal cybersecurity body fails to find any proof of built-in censorship inside Xiaomi phones (Notebookcheck) The Federal Cyber Security Authority, Germany's cybersecurity watchdog, has failed to find any evidence that Xiaomi is censoring certain words from its smartphones. In September 2021, Lithuania alleged that Xiaomi smartphones automatically censor words such as "Free Tibet" and "democracy movement".
Launching an Open Source Flight Database for Kazakhstan in Wake of Protests (bellingcat) After a week of protests in Kazakhstan, Bellingcat has created a database to help researchers and journalists track private and military aircraft movement to and from the country.
Polish senators question cyber experts in hacking inquiry (Independent) A Polish Senate commission has opened an investigation into the use of powerful spyware against government critics
More Polish NSO Group phone-hacking victims likely – researcher (Jerusalem Post) Late last year, Canadian researchers said phones of a senior opposition politician and two prominent government critics were hacked using Israeli Pegasus spyware.
Israeli phone-hacking tech is helping Duterte's war on drugs, media (haaretz.com) Israeli digital forensics firm Cellebrite has a new campaign praising its support for police forces across the world – however, in some case it seems the real heroes are those fighting their clients
In a further blow to the China Initiative, prosecutors move to dismiss a high-profile case (MIT Technology Review) MIT professor Gang Chen was one of the most prominent scientists charged under the China Initiative, a Justice Department effort meant to counter economic espionage and national security threats.
States ask U.S. court to reinstate Facebook antitrust lawsuit (Reuters) Dozens of states led by New York asked a U.S. federal appeals court on Friday to reinstate an antitrust lawsuit filed against Facebook.
Teaching Council fined €60,000 after teacher data leaked in phishing scam (Irish Examiner) Teaching Council fined €60,000 after teacher data leaked in phishing scam
Former acting DHS IG pleads guilty to charges on stealing federal software, databases (Federal News Network) Charles Edwards pleaded guilty to charges after prosecutors alleged he stole government software so he could sell it back to agencies at a profit.
Former Acting Inspector General for the U.S. Department of Homeland Security Pleads Guilty to Scheme to Defraud the U.S. Government (US Department of Justice) A former Acting Inspector General for the U.S. Department of Homeland Security, Office of Inspector General (DHS-OIG) pleaded guilty today to federal charges stemming from the theft of proprietary software and sensitive databases from the U.S. government.
Man tasked with preventing fraud at DHS pleads guilty to defrauding the government (The Record by Recorded Future) A former top watchdog for the US Department of Homeland Security pleaded guilty on Friday to defrauding the government by stealing proprietary software and sensitive databases, which he used to develop a commercial case management system that he offered for sale to federal agencies.
COLUMN: Big fine over old servers proves risk of poor asset management (The Business Journal) A significant fine this month over a data leak caused by improperly decommissioned technology showcases how costly breaches of this kind can be. Morgan Stanley announced earlier this month it would pay a $60 million
Tether Freezes $160M of USDT Stablecoin on Ethereum Blockchain (CoinDesk) The last time Tether froze an account was in late December.
Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt (CNBC) EU data protection authorities have handed out a total of $1.2 billion in fines over breaches of the bloc's GDPR law since Jan. 28, 2021.
Romance scammer who targeted 670 women gets 28 months in jail (Naked Security) Found love online? Sending them money? Friends and family warning you it could be a scam? Don’t be too quick to dismiss their concerns…
How the Denver Shooter’s Digital Trail Exposes the Violent Fantasies of the ‘Manosphere (bellingcat) The shooter had already described his deeds and victims in a graphic self-published novel series — just one part of a revealing digital trail.
For a complete running list of events, please visit the Event Tracker.
Intersec (Dubai, UAE, Jan 16 – 18, 2022) With participants from 120 countries, government, industry leaders and practitioners making their way into Dubai, we look forward to uniting the world's leading specialists at Intersec once again. With exciting world class conferences and international speakers, workshops, award presentations, networking, thousands of brands on show PLUS robust safety and hygiene measures in place to keep you safe – everything is set to welcome you back to a world of fire, police, emergency, security, cybersecurity and safety.
SINETLive: Behind the Inner Workings of Criminal and Nation State Tradecraft (Virtual, Jan 18, 2022) Nation State cyber actors, Regional Organized Criminal Groups, and Transnational Organized Groups primarily from Russian, Nigerian, Asia Pac, Eastern Europe, Iran, China etc. There is no shortage of cyber enemies both here in the United States and abroad. The tradecraft of these groups is complex, and the work of our intelligence agencies and private industry threat intel teams are challenging, demanding and continuous as they compose evolving profiles of the various international criminals. Join our panel of esteemed government and industry subject matter experts as they discuss the various enemies they detect and defend against in their efforts to protect our nation’s critical infrastructures and national and economic security.
The 4 Qualities of Good Cyber Threat Intelligence (Virtual, Jan 21, 2022) Join Dr. Tom Winston, Director of Intelligence at Dragos, for an educational webinar about the four characteristics of good cyber threat intelligence. He’ll take you through the foundational principles and describe how to make intelligence actionable in your industrial environment.
Sharing over the Long Run: Celebrating 5 Years of Enduring Collaboration (Virtual, Jan 24, 2022) Join Cyber Threat Alliance President and CEO Michael Daniel, Broadcom Vice President of Engineering Joe Chen, Check Point Vice President of Products Dorit Dor and Sophos Chief Technology Officer Joe Levy to celebrate the Cyber Threat Alliance’s (CTA) 5th anniversary at the webinar. As cyber threats grow in their sophistication and impact, increasing collaboration within the cybersecurity industry has become essential in combating the threats we face. In this webinar, these cyber experts will discuss how CTA has helped this important shift in the industry’s approach to sharing threat intelligence and the benefits it brings to society as a whole.
MENA Cyber Security Conference (Dubai, UAE, Jan 24 – 25, 2022) CS4CA MENA summit will explore all aspects of IT & OT security with a focus on digitally transforming critical infrastructures. The summit will bring together some of the brightest minds in the industry, uniting 100+ IT & OT security leaders online for 2 days of insight building, strategy planning and expert knowledge exchange.
