A Shuckworm update. Pegasus used against UK targets. New CISA advisories. C2C markets. Legal notes. | #cybersecurity | #cyberattack


Dateline

What Happened on Day 55 of the War in Ukraine (New York Times) Despite the Kremlin’s new methodical approach focusing on eastern Ukraine, the Russian military still faces some of the same problems that hampered it after the war began.

How Russia’s race to take the Donbas may give Ukraine the edge (Telegraph) The little time that Moscow’s depleted troops have left to rebuild and regroup could work to Kyiv’s advantage

Ukraine launches counterattacks to cut off Russian supply lines in the east (Telegraph) Bazaliyaka, one of three towns won back by Ukrainian troops, is on a road crucial to Moscow’s efforts to re-equip its forces

Children trapped underground in Mariupol bunkers beg to see sunlight (The Telegraph) After weeks hiding from the Russian onslaught, families claim their children are suffering from a lack of vitamin D

“They can either give up, or they can die,” former high-ranking Donbas official says (Newsweek) Ukraine outlined three possibilities for the Russians: try to hold onto occupied territory, leave Ukraine, or return to peace talks.

Ukrainian Troops Risk Being Encircled in New Russian Offensive (Bloomberg) Assault combined with massive air and artillery bombardment. Officials, analysts differ on whether lessons of Kyiv learned

Russia insists it won’t use nuclear weapons in Ukraine (Newsweek) Russia’s foreign minister, Sergei Lavrov, said his forces would only use “conventional weapons” during the conflict.

Moskva captain may have abandoned ship early, new images suggest (The Telegraph) Footage appears to blow a hole in Russia’s explanation about the sinking of its flagship, which was reportedly struck by Ukrainian missiles

What If the War in Ukraine Doesn’t End? (Foreign Affairs) The global consequences of a long conflict.

A New Iron Curtain Splits Russia From the West () Since 2004, Putin has been pushing against the norms and limits the West believed would restrain him. After the war in Ukraine, the rift now emerging between Russia and the West is likely to become permanent: a new Iron Curtain dividing the geopolitical landscape for as long as Putin’s regime remains in power.

Bucha Must Be Remembered (Foreign Policy) As Ukraine seeks accountability for the perpetrators of civilian killings, it must also process its collective trauma.

The 1 Percent Chance That Putin Will Be Prosecuted (Foreign Policy) The road to war crimes tribunals is exceedingly long—and full of dead ends.

Ukraine Needs a Whole Lot of Deadly Drones (Foreign Policy) Kamikaze swarms can overwhelm Russian defenses.

Putin’s Generation Z: Kremlin pro-war propaganda targets young Russians (Atlantic Council) Vladimir Putin’s Ukraine War is not going according to plan, with Ukrainian forces rebuffing attempts to capture Kyiv and forcing a general Russian retreat from the north of the country. Nevertheless, there remains no end in sight to hostilities, with every indication that Moscow is preparing for a long campaign. As the Russian military begins a new offensive in eastern Ukraine, the Kremlin is accelerating efforts to indoctrinate young Russians and consolidate the pro-war consensus on the domestic front for a further generation.

Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine (Symantec) Russia-linked group is continually refining its malware and often deploying multiple payloads to maximize chances of maintaining a persistent presence on targeted networks.

Ukraine War Stokes Concerns in Taiwan Over Its Fragile Internet Links (Wall Street Journal) Taiwan worries about how vulnerable its undersea cables are to any potential Chinese attack as the self-ruled island watches Kyiv use the internet to rally international resistance to Russia’s invasion.

Beijing Is Used to Learning From Russian Failures (Foreign Policy) The invasion of Ukraine is offering useful lessons for the PLA.

NATO Will Need a Transition Plan If Finland, Sweden Ask to Join (Defense One) Putin will threaten the applicant countries and seek to derail the process.

Putin Calls Time on Foreign Listings in Fresh Hit to Tycoons (Bloomberg) Billionaires used N.Y., London stocks to collect FX dividends. Number of Russian companies listed abroad fell since Crimea.

Sanctioned Billionaire Tinkov Slams ‘Insane War’ in Ukraine (Bloomberg) Banker says 90% of Russians are against the war with neighbor. Few Russian businessmen have condemned Putin’s invasion.

For Russian tech firms, Putin’s crackdown ended their global ambitions (Washington Post) Yandex, VKontakte and Kaspersky all ran afoul of the Kremlin’s need to control Internet access, despite the efforts of their founders

Why the World Isn’t Really United Against Russia (Foreign Policy) Global institutions have long relegated much of the world to second-class status.

Vladimir Putin Played Germany’s Aging Patriarchs for Fools (World Politics Review) In the 1990s, German leaders hoped that Russia could be drawn deeper into a shared European political order by deepening business ties, leading to German dependence on Russian energy exports. Today, entrenched attitudes may make it difficult to come to terms with the reality that they have been played for fools by Vladimir Putin.

The Real Reason Germany Is Always Afraid (Foreign Policy) Berlin hesitates on everything because of its ruling party’s identity problems.

Putin’s War Threatens Microchips, Teeth, and Beer (Foreign Policy) Russia’s invasion has torn asunder oil and agricultural markets. But there’s lots more economic carnage on the way.

Attacks, Threats, and Vulnerabilities

Modern Bank Heists 5.0: The Escalation from Dwell to Destruction (VMware News and Stories) Modern Bank Heists 5.0 findings should serve as a warning to the financial sector that attackers are moving from dwell to destruction.

Even the most complex cyberattacks are too easy (Washington Post) The most complex and time-consuming cyberattacks are still far too easy to pull off, according to a new report from Google’s Project Zero division.

The More You Know, The More You Know You Don’t Know (Google Project Zero) A Year in Review of 0-days Used In-the-Wild in 2021 Posted by Maddie Stone, Google Project Zero This is our third annual year in rev…

UK Government Reportedly Infected With NSO Group Spyware (Bank Info Security) The British government has been alerted multiple times in recent years that officials’ smartphones appeared to have been infected with spyware built by Israel’s NSO

‘CatalanGate’ Spyware Infections Tied to NSO Group (Threatpost) Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia.

Pegasus Spyware and Citizen Surveillance: What You Need to Know (CNET) NSO Group’s software targeted activists, journalists, politicians and executives. The US government, WhatsApp and Apple have taken action against it.

South Africa’s private surveillance machine is fueling a digital apartheid (MIT Technology Review) As firms have dumped their AI technologies into the country, it’s created a blueprint for how to surveil citizens and serves as a warning to the world.

Modern Bank Heists 5.0: The Escalation from Dwell to Destruction (VMware News and Stories) Modern Bank Heists 5.0 findings should serve as a warning to the financial sector that attackers are moving from dwell to destruction.

4 Bad Bots Likely to Cause Problems for the Remainder of 2022 (Imperva) A short primer on internet bots An Internet bot (bot, for short) is a software application that runs automated tasks over the internet. Bots typically run simple tasks which they can perform at a dramatically greater rate than any human. Beneficial or anodyne bots are characterized as legitimate, or good. Common legitimate bots include Googlebot, […]

Stalkerware Detection Trends: Monitor and Spyware Findings (MSSP Alert) The stalkerware tidal wave of 2020 triggered improved awareness in 2021 — though it’s too early to celebrate progress against such malware.

Cyberattack cripples Puerto Rico toll collection system (NBC News) It wasn’t immediately clear when the system, known as the AutoExpreso, would be back online. It comes months after other entities in the island have been targeted the same way.

Retailer WH Smith suspends online orders after cyber attack (InfotechLead) British retailer WH Smith has suspended orders from its online greetings card and gift business following a cyber-security incident

USHJA Warns Members Of Email Phishing Scam (Chronicle of the Horse) The U.S. Hunter Jumper Association is warning its members about a phishing scam in which an email about a “charity campaign” is being sent to members from an address that appears to belong to the organization.

“The email to which we were al…

DuckDuckGo insists it didn’t ‘purge’ piracy sites from search results (Verge) Blank site search results for The Pirate Bay gave users reason to believe otherwise

Vulnerability Summary for the Week of April 11, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates. 

Security Patches, Mitigations, and Software Updates

Lenovo Releases Fixes For UEFI Firmware Flaws (Decipher) Lenovo has released security advisories addressing a trio of flaws that impact dozens of laptop models.

Oracle Releases April 2022 Critical Patch Update (CISA) Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the Oracle April 2022 Critical Patch Update and apply the necessary updates. 

Interlogix Hills ComNav (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Interlogix is a part of Carrier Global Corporation Equipment: Hills ComNav Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to log in to modify the system.

Automated Logic WebCTRL (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Low attack complexity/exploitable remotely Vendor: Automated Logic is a part of Carrier Global Corporation Equipment: WebCtrl Server Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to redirect the user to a malicious webpage or to download a malicious file.

FANUC ROBOGUIDE Simulation Platform (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: FANUC Corporation / FANUC America Corporation Equipment: ROBOGUIDE  Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Improper Access Control, Path Traversal, Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2.

Elcomplus SmartPPT SCADA (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elcomplus Equipment: SmartPPT Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Authorization, Cross-site Scripting 2.

Elcomplus SmartPPT SCADA Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elcomplus Equipment: SmartPPT SCADA Server Vulnerabilities: Cross-site Scripting, Unauthorized Exposure to Sensitive Information, Unrestricted Upload of File with Dangerous Type, Path Traversal, Cross-site Request Forgery 2.

Multiple RTOS (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendors: Multiple Equipment: Multiple Vulnerabilities: Integer Overflow or Wraparound CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.

M-Trends 2022: Metrics, Insights and Guidance From the Frontlines (Mandiant) Global median dwell time is down, but we started tracking several hundred new threats.

Mandiant® M-Trends® 2022 Report Provides Inside Look at Threat Landscape (Mandiant) Global median dwell time continues to decline, but new threats have emerged.

Reports – 2022 Attack Resistance Report (HackerOne) Several trends in the way we work and consume technology have resulted in an ever-expanding cyberattack surface for organizations of all sizes.

As API Use Grows Over 200%, Security Concerns from Developers and Enterprise Users Loom (Business Wire) In the wake of the digital transformation wave, web application program interfaces (APIs) have experienced exponential growth as the rise of integrate

Marketplace

ThreatLocker Raises $100M Series C to Bring Zero Trust Endpoint Security to More Organizations (Business Wire) ThreatLocker, a global cybersecurity leader that offers a Zero Trust endpoint security solution, today announced it has raised $100M in Series C fundi

Cybersecurity M&A Roundup for April 1-15, 2022 (SecurityWeek) Twenty-one cybersecurity-related M&A deals have been announced in the first half of April 2022.

SPHERE Named 2022 TAG Cyber Distinguished Vendor (PR Newswire) SPHERE, a woman-owned cybersecurity business focused on providing best-of-breed software and services for access governance across data,…

One Identity Builds Upon Partner Program Growth with Focus on Partner Needs, Partner Business Model Development (GlobeNewswire News Room) Nearly 60 percent of FY2022 (ended January 31) global field bookings linked to channel, highlighting demand for identity-centered security to address the…

CrowdStrike: On A Path To $5.0B In Revenues (NASDAQ:CRWD) (SeekingAlpha) CrowdStrike is projected to grow to $5.0B in annual recurring revenues by 2025. Customer acquisition and monetization are strong. Read more on CRWD stock here.

Kaspersky relocates to Zurich cyberthreat data processing (Trade Arabia) Kaspersky has expanded the scope of its cyberthreat-related data relocation, which now covers users in Latin America and the Middle East, to Zurich.

Vanta Names Stevie Case Company’s First Chief Revenue Officer (PR Newswire) Vanta, the leader in automated security and compliance, today announced the hire of Stevie Case as the company’s first Chief Revenue Officer…

Cloudflare appoints Wendy Komadina as APJC channel lead (Reseller News) Cloudflare has appointed former AWS director of Asia Pacific and Japan channel programs Wendy Komadina to lead its channel efforts in Asia Pacific, Japan and China.

authID.ai Appoints Joe Trelin to Board of Directors (GlobeNewswire News Room) Trelin Joins With Deep Industry Experience As Former CLEAR and NBC Universal Executive LONG BEACH, NY , April 19, 2022 (GLOBE NEWSWIRE) –…

CybeReady Appoints Bonnie Hampton as Vice President of Sales… (Enterprise IT World) CybeReady, named Bonnie Hampton as the Vice President of Sales, North America to lead the organization’s sales operations in the region.

Andrew Swett appointed CEO of Zentry Security to accelerate growth and deployment of zero trust network access in small-to-medium enterprises (GlobeNewswire News Room) MILPITAS, Calif., April 19, 2022 (GLOBE NEWSWIRE) — Zentry Security, a leading next-generation zero trust network access vendor, announces the…

Invicti Security Announces Alex Bender as Chief Marketing Officer and John Mandel as Senior Vice President of Engineering (PR Newswire) Invicti Security™ today announced two key additions to its leadership team: Alex Bender as Chief Marketing Officer and John Mandel as Senior…

PKWARE Promotes Tonya Cannady to President and Chief Revenue Officer (PKWARE) PKWARE, a global leader in automated data security, today announced the promotion of Tonya Cannady to president and chief revenue officer.

Valimail Expands Leadership Team to Support Strategic Growth in DMARC (PR Newswire) Valimail, the global leader in zero-trust, authentication-based solutions, welcomed two new executives, Brian Craig and Kuldip Pabla, to its…

Products, Services, and Solutions

DOE Joins Dragos Neighborhood Keeper as a Trusted Advisor to Strengthen ICS/OT Cybersecurity in the Energy Sector (Business Wire) Dragos, Inc., a provider of cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, has announced an initiative

Stop Crypto Kleptos in Their Tracks (Domain Tools) Using tools such as DomainTools Iris Detect, Iris Investigate, and DNSDB underscore the need for cryptocurrency companies to engage with domain detection and passive DNS. Our recent research illustrates that early detection of phishing campaigns and other malicious, brand-threatening behavior are crucial as these organizations continue to gain in popularity.

Microsoft rebrands its compliance and data-governance products as ‘Microsoft Purview’ (ZDNet) Microsoft is bringing together its Microsoft 365 compliance and Azure Purview data-governance products into a suite now known as ‘Microsoft Purview.’

Entelar Signs Reseller Agreement with Radware (GlobeNewswire News Room) Entelar to offer Radware’s application and network security solutions…

Protean InfoSec, a Protean subsidiary, formerly NSDL e-Gov and TAC Security Enter Into Alliance to Offer Next-Gen Vulnerability Management With Cyber Score to Businesses in India (Business Wire) Protean InfoSec, a Protean subsidiary, formerly NSDL e-Gov and TAC Security Enter Into Alliance to Offer Next-Gen Vulnerability Management With Cyber Score to Businesses in India

CrowdStrike’s chief product officer on identity security, zero trust and XDR (VentureBeat) In an interview, CrowdStrike chief product officer Amol Kulkarni discussed the firm’s offerings around zero trust identity security and XDR.

Telos Corporation Launches Telos Advanced Cyber Analytics (Telos Corporation) Telos® Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, today announced the launch of its Telos Advanced Cyber Analytics (ACA) solution, which will provide automated, actionable threat intelligence and attribution of malicious activity at speed and scale…. Read more

Arcanna.ai Introduces AI-Assisted Cybersecurity Platform for the Global Market (PR Newswire) Arcanna.ai today announced general availability of its AI-Assisted Cybersecurity platform that captures and merges institutional expert…

Security Compass’ SD Elements Platform Delivers 332% ROI According to Independent TEI Study (Business Wire) Security Compass released the results of a commissioned Total Economic Impact™ (TEI) study that evaluates the benefits of deploying SD Elements.

Cyware and GuidePoint Security Partner to Accelerate Threat Intelligence Sharing (Business Wire) GuidePoint Security joins Cyware’s Technology Partner Program to provide its actionable threat intelligence and incident response solutions.

Vicarius Unlocks Nmap for Vulnerability Remediation (Business Wire) Vicarius, developers of the industry’s first fully autonomous end-to-end vulnerability remediation platform, has announced the release of a new free o

Sentry Delivers Real-time Asset Monitoring in Unmanned, Remote Spaces (RF Code) The leader in automated physical asset intelligence for data centers launches Sentry to thwart environmental risks at unmanned edge locations.

Incognia Introduces New Location-Based Device Authorization Solution (GlobeNewswire News Room) Location-based Device Authorization module enables apps to establish trust in new devices without adding user friction…

Calico Open Source, the Most Widely Adopted Container Networking Interface (CNI), Is Now Available for Azure Kubernetes Service (AKS) (PR Newswire) Tigera, creator and maintainer of Calico Open Source, the most widely used container networking and security solution and foundation for…

Technologies, Techniques, and Standards

Public Safety Threat Alliance Created (Motorola Solutions) Public Safety Threat Alliance created as the cybersecurity services hub for info sharing & threat intel collaboration for the global public safety community

Hillicon Valley — NATO cyber summit kicks off (The Hill) NATO began its annual cyber defense simulation this week amid looming Russian cyber threats. Meanwhile, Uber and Lyft removed their mask mandates for all rides in the U.S. following a court decisio…

CISA Releases Secure Cloud Business Applications (SCuBA) Guidance Documents for Public Comment (CISA) CISA has released draft versions of two guidance documents—along with a request for comment (RFC)

Kaspersky offers free decryptor for Yanluowang ransomware (Register) Step one, get some scrambled files back. Steps two through 37…

Legislation, Policy, and Regulation

Pipeline Security: Biden Administration Begins Promulgating Rules to Protect Critical U.S. Infrastructure from Cyberattacks (Holland & Knight) Attacks on critical U.S. infrastructure have been on the rise. On April 13, 2022, the U.S. Department of Energy (DOE), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI) warned that certain advanced persistent threat actors have exhibited the capability to gain full system access to multiple industrial control system/supervisory control and data acquisition devices. The agencies encouraged energy companies to enhance their cyber defenses.

One-on-one with the Air Force’s cyber chief (The Record by Recorded Future) It would almost be easier to list the operations Timothy Haugh isn’t involved in. As the head of Sixteenth Air Force (Air Forces Cyber) the three-star lieutenant general oversees a number of missions that the service consolidated into a single information warfare entity in 2019.

Litigation, Investigation, and Law Enforcement

EU commission won’t probe ‘Pegasus’ spyware abuse (EUobserver) The European Commission says people should file their complaints with national authorities in countries whose governments are suspected of using an Israeli-made Pegasus spyware against them.

Julian Assange extradition order issued by London court, moving WikiLeaks founder closer to US transfer (CNN) WikiLeaks founder Julian Assange has moved one step closer to being extradited to the United States, where he is set to be tried under the Espionage Act, after a London court sent his handover order to the British government for approval.

Former eBay executive to plead guilty to cyberstalking campaign targeting couple (Reuters) A former eBay Inc security executive intends to plead guilty to federal charges that he planned a cyberstalking campaign that targeted a Massachusetts couple whose online newsletter was seen as critical of the e-commerce company.

Former EBay Security Director to Plead Guilty to Cyberstalking (Bloomberg) Jim Baugh had been scheduled to face trial next month. He was charged with targeting bloggers critical of company.

The evolving role of the lawyer in cybersecurity (Help Net Security) Cybersecurity is one of the most dynamic fields of law. Long gone are the days when orgs could rely entirely on their defensive measures.



Original Source link

Leave a Reply

Your email address will not be published.

ninety one − ninety =