cyber, EW, sanctions. More on the Lapsus$ group. DDoS in the Marshalls. CISA sets deadlines. | #macos | #macsecurity

Dateline: Moscow, Kyiv, Warsaw, Brussels, London, and Washington: Cyber phases of a hybrid war.

Ukraine at D+32: Reverses, and management of expectations. (The CyberWire) Continuing Russian combat difficulties are reported, and Western governments continue to warn against the possibility of Russian cyberattacks.

Russia-Ukraine war: what we know on day 31 of the invasion (the Guardian) Ukraine’s president again calls on Russia to negotiate while Emmanuel Macron is trying assemble a coalition to evacuate civilians from Mariupol

Russia-Ukraine war latest news: Kremlin says talks in Turkey may now start on Tuesday – live (the Guardian) Face-to-face talks to be hosted in Istanbul, as Ukraine says no humanitarian corridors to be opened Monday due to reports of possible ‘provocations’

Zelenskiy says Ukraine willing to discuss neutrality at Russia talks (the Guardian) Talks set to start in Turkey as Ukraine president seeks peace ‘without delay’ and Biden denies seeking regime change in Russia

Ukrainian Counterattacks Are Pushing Back Russian Troops (Foreign Policy) “As we see, their Army is bullshit,” one Ukrainian official said.

Legendary Stalingrad tank division destroyed as Ukraine reclaims key town (The Telegraph) Russia’s elite 4th Guards forged a fearsome reputation in Second World War battles but have been reduced to smoking wreckage in Trostyanets

Russia’s failures in Ukraine imbue Pentagon with newfound confidence (Washington Post) For more than a decade, the Pentagon, pinned down in Afghanistan, followed China’s rise as a global power and Russia’s ambitious military modernization program with growing alarm. The consensus in Beijing, Moscow and among some in Washington was that an era of U.S. global dominance was rapidly coming to an end.

Ukrainian forces advance east of Kyiv as Russians fall back (Reuters) Ukrainian troops are recapturing towns east of Kyiv and Russian forces who had been trying to seize the capital are falling back on overextended supply lines, Britain said on Friday, one of the strongest indications yet of a shift in momentum in the war.

Ukrainians push Russian forces more than 20 miles away from Kyiv (The Telegraph) UK’s Ministry of Defence says counter-attacks are proving successful

Satellite Images Confirm Russian Navy Landing Ship Was Sunk at Berdyansk (USNI News) The Russian landing ship attacked by Ukrainian forces this week at in the southern port city of Berdyansk has sunk, Pentagon officials confirmed on Friday. Satellite images provided to USNI News by Maxar Technologies prove the Alligator-class landing ship tank (LST) that was seen on video on Thursday was underwater at the side of the …

Russia-Ukraine latest news: ‘At least 300’ dead in Mariupol theatre bombing (The Telegraph) Some 300 people are now believed to have died in Russia’s bombing of a theatre sheltering civilians in the flattened Ukrainian city of Mariupol.

Russia claims Lviv strikes; Ukraine says it has detained 2 on suspicion of espionage (Washington Post) Russia’s Defense Ministry confirmed Sunday that it had struck what it said were military targets in the Ukrainian city of Lviv a day earlier, claiming it used both long-range and high-precision missiles.

Ukraine’s southern capital Odesa prepares to repel Russian invasion (Atlantic Council) Vladimir Putin must take Odesa if he wishes to subjugate the whole of Ukraine but the predominantly Russian-speaking Black Sea port city is in defiant mood amid preparations to repel the Russian invaders.

Ukrainian air defense forcing Russia to use more drones – British intelligence (Ukrinform) Ukrainian air defense has significantly limited Russia’s manned flights, so the aggressor country is planning to use more drones. — Ukrinform.

The drone operators who halted Russian convoy headed for Kyiv (the Guardian) Special IT force of 30 soldiers on quad bikes is vital part of Ukraine’s defence, but forced to crowdfund for supplies

Russian soldier deliberately runs over his commander with a tank in act of rebellion (The Telegraph) Col Yury Medvedev believed to have died in incident, in latest sign of Kremlin troops growing disgruntled with the war and senior officers

Russia begins to mobilize military reinforcements for Ukraine as casualties mount, Pentagon says (Washington Post) Russia has begun to mobilize military reinforcements to send into Ukraine as its combat losses continue to grow, the Pentagon said Friday, citing its latest intelligence assessments.

Putin Resorts to Syrian Mercenaries in Ukraine. It’s Not the First Time. (Foreign Policy) The Kremlin has been recruiting thousands of hardened Syrian fighters to join its war in Ukraine.

Why the Kremlin’s apparent retreat could be Ukraine’s moment of maximum peril (The Telegraph) The shape of European politics for many years to come could rest on the outcome of battle in a small corner of the country’s east

‘Diminishing returns’: What can change Putin’s course in the Ukraine war? (Washington Post) As Russian President Vladimir Putin enters his second month of war against Ukraine, questions are mounting about what limitations he could face as he presses ahead with an invasion that has already inflicted great costs on the Russian military and left the country deeply isolated.

Ukraine’s Cultural Heritage Is Desperate for Help (Foreign Policy) Russia could destroy Ukrainian history, unless the United States does something about it.

Russian forces are occupying city housing Chernobyl workers, mayor says (Washington Post) Russian forces have entered Slavutych, a city of about 25,000 people that serves as a housing community for workers from the nearby Chernobyl nuclear power plant, local officials said Saturday.

Ukraine and Russia closer to ending war as understanding reached in four areas (Newsweek) There is still no agreement on Crimea and Donbas, two eastern areas of Ukraine that Russia sees as its own territory.

Russia Says Donbas Is Ukraine Focus in Possible Shift in Aim (Bloomberg) Military comments may be effort to cover slow progress of war. Western officials say Russian advance has largely stalled.

Kremlin confusion as Moscow contradicts own generals with claim it still wants to take Kyiv (The Telegraph) The latest blast in Lviv, near the Poland border, contradicts the suggestion by the generals that Putin might be slowing his offensive

Russia, losing ground in Kyiv, now says “main goal” to free eastern Ukraine (Newsweek) Both Russian and U.S. officials are saying that the Russian army are changing their minds about claiming other Ukrainian cities.

Russians prepare to scale back invasion of Ukraine (The Telegraph) Kremlin says it will focus on ‘liberation’ of Donbas region in sign it may be looking to end military campaign after weeks of stalemate

Putin plans to split Ukraine in two a la Koreas: Ukraine intel chief (Newsweek) The comments come after Russia said it would focus its war efforts on “liberating” eastern Ukraine.

Russian War Report: Russia produces “evidence” claiming Ukraine will attack Crimea (Atlantic Council) A pro-Kremlin Telegram channel published suspect photos of alleged medals and certificates to reward Ukranian troops for recapturing Crimea.

Russian troops’ tendency to talk on unsecured lines is proving costly (Washington Post) Russian troops in Ukraine have relied, with surprising frequency, on unsecured communication devices such as smartphones and push-to-talk radios, leaving units vulnerable to targeting, and further underscoring the command-and-control deficiencies that have come to define Moscow’s month-long invasion, observers say.

Russian generals are getting killed at an extraordinary rate (Washington Post) The war in Ukraine is proving extraordinarily lethal for Russian generals, the gray men bedecked in service medals, who are being aggressively targeted by Ukrainian forces and killed at a rate not seen since World War II.

Ukraine claims it has killed seven Russian generals as they took risks along the frontline (The Telegraph) The most recent claimed kill was of Lieutenant General Yakov Rezantzev at the end of last week

How the Russian officer elite is being decimated in Ukraine – 15 generals and commanders who were killed in action (Business Insider) Since Russia began its invasion of Ukraine, it’s reported that Putin’s army has lost some of its most experienced senior commanders.

Ukraine’s Three-to-One Advantage (The Atlantic) It’s not technology or tactics that has given Ukrainian fighters their greatest edge.

Ukraine reports 300 dead in airstrike on Mariupol theater (AP NEWS) About 300 people were killed in the Russian airstrike last week on a Mariupol theater that was being used as a shelter, Ukrainian authorities said Friday in what would make it the war’s deadliest known attack on civilians yet.

Ukraine War: Civilians abducted as Russia tries to assert control (BBC News) The UN has documented almost 40 cases of politicians, journalists and activists being abducted.

What Putin’s Aleppo playbook tells us about his plan of attack in Ukraine (The Telegraph) With his invasion faltering and progress slow, the Russian president is counting on the suppressive tactics deployed by Assad in Syria

Ukraine claims that Russia is using white phosphorus (Washington Post) Ukraine’s president has accused invading Russian forces of using white phosphorus, a controversial chemical substance that can cause severe and indiscriminate harm to civilians.

Inside the Wagner Group: ‘Death is our business – and business is good’ (The Telegraph) Who are the Russian mercenaries, famed for their bloody reputation, that have been sent to Ukraine to kill President Zelensky?

Russia reasserts right to use nuclear weapons in Ukraine (the Guardian) Senior politician Dmitry Medvedev says Moscow’s nuclear doctrine does not require enemy state to use such weapons first

When, Why and How Putin Might Use Nukes (Bloomberg) The newly prominent role of so-called tactical nuclear weapons puts the world in the greatest danger since the Cuban Missile Crisis.

FAST THINKING: What will the West do if Putin uses chemical weapons? (Atlantic Council) Is transatlantic unity enough to rescue Ukraine? Our experts are here to break down Joe Biden’s Eurotrip.

Joe Biden ready to use nuclear weapons first in ‘extreme circumstances’ (The Telegraph) US president abandons plans to water down policy to ‘retaliation only’ amid fears Vladimir Putin might deploy nuclear arsenal

Zelenskyy’s chief of staff: Ukraine needs ‘more bravery’ from NATO (Atlantic Council) In this exclusive Atlantic Council event, Andriy Yermak called for more weapons, wider sanctions against Russia, and a tougher global stance against Russian President Vladimir Putin.

Would a Peace Deal Between Russia and Ukraine Do More Harm Than Good? (Foreign Policy) While a serious negotiated settlement could end Ukrainians’ suffering, a premature peace deal could be the worst possible outcome for Kyiv.

Sergei Shoigu Reappears After Missing Russian Minister Prompts Speculation (Newsweek) Video of the Russian defense minister, who had not been seen in public since March 11, has been released by the Kremlin.

Russian MP accuses Poland of planning to take Kaliningrad back from Moscow (The Telegraph) Maria Butina escalates war of words between countries as former army chief claims Poland has a right to historic city

In a Fiery Speech, Biden Warns of a Battle Between ‘Liberty and Repression’ (New York Times) The president warned Western nations that the fight against autocracy would be costly and could be lengthy.

Biden departs Europe with message for Putin: West is more united than ever (Newsweek) Biden also said, “This battle will not be won in days or months either. We need to steel ourselves” for a long fight.

Biden summons history in sweeping call for renewed alliance of democracies (the Guardian) President seeks to re-establish US as a leader in global affairs after years of Trump-led disengagement

How Biden sparked a global uproar with nine ad-libbed words about Putin (Washington Post) By declaring that the Russian leader ‘cannot remain in power,’ the U.S. president seemed to suggest a drastic change in U.S. policy — prompting a scramble by White House officials

Chaos as Joe Biden says Vladimir Putin ‘cannot remain in power’ (The Telegraph) US policy in disarray as White House is forced to row back president’s call for Russian leader to be removed

Russia attacks “sick” Biden over Putin remarks, warns of damaging relations (Newsweek) A Kremlin spokesperson said that “a state leader should keep their temper” in response to the president’s comments.

Macron warns against inflammatory words after Biden’s Putin remark (the Guardian) French president cautions against verbal escalations after US is forced to deny it is seeking regime change

Backlash against Joe Biden over Vladimir Putin ‘cannot remain in power’ comment (The Telegraph) Emmanuel Macron leads international rebukes, while Antony Blinken denies US wants regime change

Joe Biden’s gaffe is ‘a gift’ to an isolated and increasingly erratic Vladimir Putin (The Telegraph) US president’s off-the-cuff remark will only help a Russian government that is ‘willing to use anything as a propaganda tool’

Neither Nato nor Ukraine can de-Putinise Russia. We Russians must do it ourselves | Mikhail Shishkin (the Guardian) A new, democratic Russia is impossible without a change of national mindset – and an acknowledgment of national guilt, says novelist Mikhail Shishkin

What fantasies of a coup in Russia ignore | Rajan Menon (the Guardian) Let’s assume for a moment that Putin does fall. What happens next? Here are three scenarios

The Making of Vladimir Putin (New York Times) Tracing Putin’s 22-year slide from statesman to tyrant.

Over half of Americans say US will be—or is—at war with Russia: Poll (Newsweek) Only 28 percent said that they have “a great deal” or “quite a bit” of confidence in President Joe Biden’s response to Russia’s invasion of Ukraine.

Why hasn’t Russia used its ‘full scope’ of electronic warfare? (Breaking Defense) “The Ukrainians still have good command and control over their forces in the field in ways that the Russians actually don’t have,” Pentagon press secretary John Kirby told reporters last week.

When Nokia Pulled Out of Russia, a Vast Surveillance System Remained (New York Times) The Finnish company played a key role in enabling Russia’s cyberspying, documents show, raising questions of corporate responsibility.

The hard truth behind Biden’s cyber warnings (POLITICO) Hackers from Russia and elsewhere have repeatedly breached companies and agencies critical to the nation’s welfare. “We should consider every sector vulnerable,” one of the president’s top cyber aides says.

‘Preparation, not panic’: Top US cyber official asks Americans to look out for Russian hacking efforts (CNN) The US government is wary about the possibility of a Russian cyberattack on US critical infrastructure paired with Kremlin attempts to spread disinformation about any incident’s effects to sow panic among Americans, a top US cyber official told CNN.

Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (The Hacker News) Another Chinese hacker group has entered the fray of the Ukraine conflict and is attacking victims with the HeaderTip backdoor malware.

Chinese cyberattacks on NATO countries increase 116% since Russia’s invasion of Ukraine: study (Fox Business) Cyber attacks against NATO countries originating from Chinese IP addresses have increased 116% since Russia invaded Ukraine on Feb. 24, new research shows.

JSC BIFIT Breached by GURMO Hackers (Inside Cyber Warfare) Remote banking network “iBank” serves over 2 million corporate and private clients

The breakdown of Shuckworm’s continued cyber attacks against Ukraine. (The CyberWirew) Guest Dick O’Brien from Symantec joins Dave Bittner on this episode to discuss how “Shuckworm Continues Cyber-Espionage Attacks Against Ukraine.” The Russia-linked Shuckworm group (aka Gamaredon, Armageddon) has been active since 2013 and is known to use phishing emails to distribute either freely available remote access tools.

Anonymous leaked 28GB of data stolen from the Central Bank of Russia (Security Affairs) Anonymous announced that the affiliate group Black Rabbit World has leaked 28 GB of data stolen from the Central Bank of Russia This week the Anonymous hacker collective claims to have hacked the Central Bank of Russia and stole accessed 35,000 documents. The group of hacktivists announced that will leak the stolen documents in 48 […]

Real chance that Rotterdam port could be targeted in cyber attack (NL Times) If the war in Ukraine flares up further, the Port of Rotterdam – the largest port in Europe – will likely play a significant role in the supply of military equipment. There is, therefore, a real chance that the Rotterdam port will be targeted in disruptive cyberattacks, Claudia de Andrade, director of Digital & IT at the Port of Rotterdam, said to NRC. 

Russia hacked Ukrainian satellite communications, officials believe (BBC News) Western officials think the attack on US company Viasat hit military and government communications.

‘Don’t Leave the Space Open’ — How the West Can Defeat Putin in Cyberspace and Beyond (POLITICO) Victories in cyber and information warfare should be a model for confronting the Russian military, says Molly McKew, a longtime adviser to former Soviet republics on information warfare.

The Kremlin tries to stifle Radio Free Europe — and its audience surges (Washington Post) As the U.S.-funded broadcaster is forced to shut most of its Russian operations, its Web traffic indicates that Russian people are eagerly consuming its stories

TikTok Must Not Fail Ukrainians (Wired) To protect frontline creators and preserve evidence, the platform needs to learn from the wartime failings of other social media companies.

Spotify ‘Fully Suspends’ Operations in Russia Due to Ukraine Invasion (Variety) Spotify, which suspended its paid subscription service in Russia earlier this month due to that country’s unprovoked and bloody invasion of Ukraine, has announced it will “fully suspend our service…

Six key things Zelensky said in Russian interview banned by Kremlin (Newsweek) The lengthy interview was almost immediately banned by the Kremlin’s telecommunications regulator, Roskomnadzor.

J.K. Rowling Slaps Down Vladimir Putin’s Embrace Over Cancel Culture (Bloomberg) Vladimir Putin’s latest attack on cancel culture, in which he likened the ostracism of Russian writers to the treatment of JK Rowling, prompted a swift rebuff from the author of the Harry Potter books.

Expelling Russia from Multilateral Forums Is Tempting but Unwise (World Politics Review) Outrage over Putin’s illegal war of aggression in Ukraine has prompted calls to eject Russia from the G-20 and U.N. Security Council. Rather than tilt at windmills, the United States and its allies would be better off using these forums to shame Moscow for its criminal actions, while sharpening their sanctions.

Finland halts rail cargo from Russia; last passenger trains nearly sold out (Yle) State rail operator VR is suspending freight traffic across the eastern border due to sanctions against Russia.

‘Crippling’ sanctions could be lifted if Russia withdraws from Ukraine, says Liz Truss (The Telegraph) Foreign Secretary indicates a possible ‘off ramp’ for Vladimir Putin, provided he agrees to ‘no further aggression’

Supply chain implications of the Russia-Ukraine conflict (Deloitte Insights) Disruption to upstream suppliers in Russia and Ukraine will further weaken global supply chains. Visibility into this extended network thus becomes key to tackle potential risks.

U.S., EU Reach LNG Supply Deal to Cut Dependence on Russia (Bloomberg) Target of 15 billion cubic meters is fraction of Russia supply. Biden is discussing Ukraine war with NATO, EU and G-7 allies.

FCC puts Kaspersky on security threat list, says it poses “unacceptable risk“ (Ars Technica) Moscow-based firm joins Huawei and ZTE on the same US security threat list.

U.S. FCC adds Russia’s Kaspersky, China telecom firms to national security threat list (Reuters) The Federal Communications Commission (FCC) on Friday added Russia’s AO Kaspersky Lab, China Telecom (Americas) Corp and China Mobile International USA to its list of communications equipment and service providers deemed threats to U.S. national security.

FCC adds Kaspersky to its list of national security threats (The Verge) The FCC deems Kaspersky an “unacceptable risk.”

US says Kaspersky poses unacceptable risk to national security (BleepingComputer) The Federal Communications Commission (FCC) added Russian cybersecurity firm Kaspersky to its Covered List, saying it poses unacceptable risks to U.S. national security.

FCC says Russian anti-virus firm Kaspersky poses risk to U.S. national security (UPI) The Federal Communications Commission on Friday added products from the Russian firm Kaspersky to its “Covered List” and said the company poses a risk to the national security of the United States.

HackerOne Blocks Kaspersky From Using Its Bug Bounty Platform (PCMAG) An FAQ from HackerOne says it’s had to suspend bug bounty programs for companies in Russia, citing the US sanctions. But Kaspersky says it shouldn’t be subjected to the restriction.

HackerOne kicks Kaspersky’s bug bounty program off its platform (BleepingComputer) Bug bounty platform HackerOne disabled Kaspersky’s bug bounty program on Friday following sanctions imposed on Russia and Belarus after the invasion of Ukraine.

“We don’t know how to survive”—Russian oligarch sanctioned over Ukraine war (Newsweek) Petr Aven is among the businessmen the U.K. targeted over their alleged links to Vladimir Putin.

Abramovich’s Dubai House Hunt Shows Russian Diaspora Widening (Bloomberg) Chelsea owner’s private jet was spotted in Dubai, as the sanction-free Middle-Eastern city state attracts Russians.

The secret life of Alina Kabaeva – the star gymnast who became Putin’s ‘Eva Braun’ (The Telegraph) Thousands want her extradited from Switzerland to Russia, but the Kremlin insists rumours of their marriage and children are misguided

Raytheon CEO Gregory Hayes: How Ukraine Has Highlighted Gaps in US Defense Technologies (Harvard Business Review) How does a company that gets two million hack attempts each week think about security?

Ukraine is selling a timeline of the Russian invasion as NFTs (The Verge) Cryptocurrency remains a major war fundraising channel.

Who’s Buying Russian Stocks? (New York Times) Trading has resumed after the market closed for a month, but it’s not business as usual.

Attacks, Threats, and Vulnerabilities

Marshall Islands telecom service hit by cyber attack (RNZ) When internet systems in the Marshall Islands went on the blink in mid-March, it wasn’t immediately clear what was causing the rolling outages.

Marshalls internet service hit by cyber attack (Marianas Variety News & Views) When internet systems in the Marshall Islands went on the blink in mid-March, it wasn’t immediately clear what was causing the rolling outages.

North Korean hackers target employees of news outlets, software vendors and more through Chrome vulnerability (The Record by Recorded Future) Google has released a report identifying two North Korean government hacking campaigns that exploited a Google Chrome 0-day.

Malware disguised as cryptocurrency wallets used to steal from iOS and Android users (Android Police) Are your tokens safe?

Npm maintainers remove malicious packages after typosquatting attempt (The Record by Recorded Future) Analysts at DevOps security firm JFrog said this week that they found 218 malicious packages targeting the Microsoft Azure npm scope. npm maintainers were quickly notified and the packages were removed, the researchers said. 

Okta: “We made a mistake” delaying the Lapsus$ hack disclosure (BleepingComputer) Okta has admitted that it made a mistake delaying the disclosure of hack from the Lapsus$ data extortion group that took place in January. Additionally, the company has provided a detailed timeline of the incident and its investigation activities.

Honda downplays vulnerability allowing hackers to lock, unlock and start Civics (The Record by Recorded Future) Honda said it has no plans to update its older vehicles after researchers with the University of Massachusetts and cybersecurity firm Cybereason released a proof-of-concept for CVE-2022-27254 – a replay vulnerability affecting the Remote Keyless System in Honda Civics made between 2016 and 2020. 

Cyberattacks still threaten home networks, two years after the COVID-19 pandemic spurred the work-from-home boom (Business Insider) Organizations have been wrestling with WFH cybersecurity issues for more than two years, but cyberattackers are still compromising at-home systems.

Ransomware Can Encrypt 100,000 Files in Minutes (PCMAG) Splunk reports that the fastest ransomware can encrypt roughly 100,000 files in just four minutes and nine seconds.

CISA Adds 66 Known Exploited Vulnerabilities to Catalog (CISA) CISA has added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.

A massive DDoS attack leaves ‘Among Us’ unplayable in North America and Europe (Engadget) Since late Friday afternoon, Among Us developer Innersloth has been trying to contain a massive DDoS attack against both its North American and European servers..

School district offering identity protection services after December ransomware attack (RiverheadLOCAL) The Riverhead school district says it is offering identity protection services “out of an abundance of caution” since personal information, including names, addresses and Social Security numbers were “potentially exposed” in a Dec. 3 ransomware attack on the district.

Ransomware actors steal detention slips in Illinois K-12 hack (StateScoop) A detention slip from 2014 exposed in a recent ransomware attack shows the risks of organizations not deleting or archiving old data.

Irvine-based company at the center of a huge education hack (Orange County Register) Personal data for roughly 820,000 current and former New York City public school students was compromised in the hack of a widely used online grading and attendance system earlier this year, city E…

Security Patches, Mitigations, and Software Updates

CSA | SingCERT | High-Severity Zero-Day Bug in Google Chrome (The Singapore Computer Emergency Response Team) Google has released Chrome 99.0.4844.84 for Windows, Mac, Linux and Chrome 99.0.4844.88 for Android users to address a high-severity zero-day bug (CVE-2022-1096).

Google Patches This Year’s Second Actively Exploited Chrome Zero-Day (PCMAG) Farewell, CVE-2022-1096.

Emergency Google Chrome update fixes zero-day used in attacks (BleepingComputer) Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild.

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability (The Hacker News) Google has rolled out an urgent out-of-band update to the Chrome browser for millions of Windows, macOS and Linux users to patch a zero-day flaw.

Western Digital fixes critical bug giving root on My Cloud NAS devices (BleepingComputer) Western Digital has fixed a critical severity vulnerability in the Samba vfs_fruit VFS module that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.

Trellix and CSIS Find Organizations Outmatched by Nation-State Cyber Threat Actors (Business Wire) Report Highlights Increased Government Support Required to Defend Against Sophisticated Nation-States

SINET Silicon Valley Conference – CISOs and Engineering often don’t mix (Control Global) The SINET Silicon Valley 2022 Conference was held March 24, 2022 with the agenda at The attendees were CISOs and senior cyber security personnel from industry and government capped by an appearance by US Secretary of Homeland Security Alejandro Mayorkas. Additionally, there were many venture capitalists funding, or looking to fund, cyber security and data analytics organizations. However, there were no engineering executives participating even though there were CISOs from manufacturing and utility organizations.

Bad Actors Can Now Obtain Dangerous Cyber Attack Kits On The Dark Web For Less Than $50 (Digital Information World) A leading number of cyber-attack kits such as DDoS, Phishing, and ransomware could actually be bought with ease on the dark web.


Backblaze Doubles Down on Security With Open Bug Bounty Program (GlobeNewswire News Room) Enhancing Security Testing, Backblaze’s Bugcrowd Bug Bounty Program Is Now Open to All Security Researchers…

Products, Services, and Solutions

New infosec products of the week: March 25, 2022 (Help Net Security) The featured infosec products this week are from: AvePoint, DTEX Systems, ExtraHop, NICE Actimize, and Sonrai Security.

Technologies, Techniques, and Standards

How Firewalls are Used by Deakin University, Black Box, Palo Alto Networks, Modis, and Keysight: Case Studies (Datamation) How are firewalls being used by companies and cybersecurity pros? See how in these 5 case studies.

Cybersecurity Analysis: Why it’s Important for your e-Commerce Business? (GlobalSign GMO Internet, Inc.) e-commerce businesses are the ultimate target for cybercriminals. Find out how you can take precautionary measures by performing an in-depth cybersecurity analysis.

How to Set Healthy Boundaries Around What You Share Online (Wired) The pull between wanting to protect privacy and still engage with others meaningfully is real. Here’s how to choose and stick to your guns.

Legislation, Policy, and Regulation

Xinhua Commentary: U.S. mounts sneaky cyberattack, while crying stop thief (Xinhua) Xinhua Commentary: U.S. mounts sneaky cyberattack, while crying stop thief-

What the United Arab Emirates Sees in Huawei (The National Interest) Technical cooperation between China and the UAE goes beyond 5G.

U.S.-EU Data Privacy Deal Faces Key Questions on Surveillance (Wall Street Journal) A preliminary data-transfer deal between the U.S. and EU outlines a new mechanism for how Europeans can challenge U.S. surveillance but offers few details about the way it would work.

New EU Data Transfer Pact Hinges On US Privacy Pledges (Law360) U.S. and European Union officials touted the strength and durability of a new pact they announced Friday to enable personal data to again flow freely between them, but questions remain over whether the privacy and surveillance policy changes the U.S. has vowed to make are enough for the deal to survive yet another legal challenge. 

NSA Leader Promotes Industry Collaboration on Cyber Issues (Via Satellite) The National Security Agency (NSA) is seeking collaboration with the private sector on cybersecurity issues, David Luber, deputy of the Cybersecurity Directorate, said Wednesday at CyberSatGov in Reston, Virginia.  Luber highlighted the agency’s Cybersecurity Collaboration Center, an engagement hub with the private

Adversaries Capitalize While US Debates Space as Critical Infrastructure, Panelists Say (Via Satellite) The United States is still in the discussion phase of whether or not space systems should be considered a critical infrastructure sector, while adversary China reportedly tested a nuclear-capable hypersonic missile, Dr. Dawn Beyer, Lockheed Martin senior fellow, said Tuesday during the Value of Space Summit hosted by

Cyber Advisor to President Biden Details Cybersecurity Points for Space (Via Satellite) Invoking a famous quote about the United States and Great Britain, the U.S. cybersecurity advisor to President Joe Biden said that cyber and space

US Air Force establishes new information warfare detachment (C4ISRNet) Dubbed Detachment 1, the new group is a hybrid wing-level organization designed to connect airmen from multiple locations as they accelerate readiness.

Army gets new principal cyber adviser (FedScoop) Michael Sulmeyer began the role as principal cyber adviser this week after recently serving as an adviser to U.S. Cyber Command Commander Gen. Paul Nakasone.

Litigation, Investigation, and Law Enforcement

High Court rules against Home Office over data being extracted from migrants’ mobile phones (Sky News) It comes as the home secretary faces increasing pressure over small boat crossings in the English Channel which have risen exponentially despite her pledging to halve them.

Who is LAPSUS$, the Big, Bad Cybercrime Gang Hacking Tech’s Biggest Companies? (Gizmodo) They’re the new kids on the block, and their “extortion and destruction” hacks are swiping gigabytes of sensitive data. Their leader also might be 16.

Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison (KrebsOnSecurity) An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career…

Congress Eyeing ‘Dumpster Fire’ of Hate Talk in Spy Agency Chat Rooms (The Daily Beast) CIA veterans said partisan political talk exploded after Trump appointed Mike Pompeo as its director.

Spy Agency Chat Room Hate Speech Draws Hill Scrutiny (Spy Talk) Intelligence committees ‘looking into’ classified chat rooms ‘dumpster fire’ of hate and pro-insurrection commentary

Cybercriminal Connected to Multimillion Dollar Ransomware Attacks Sentenced for Online Fraud Schemes (HS Today) Berezan was an active member of an exclusive online forum designed for Russian-speaking cybercriminals to gather safely and exchange their criminal knowledge, tools, and services.

TransUnion hack sucks in Experian as civil claims loom (ITWeb) The hacking group continues to exert pressure, while a legal expert foresees TransUnion facing civil claims.

Original Source link

Leave a Reply

Your email address will not be published.

one + two =