Phishing themes. Emotet returns. Russian broadcast hacked. Hunting forward as an exercise in threat intelligence collection. | #cybersecurity | #cyberattack


Dateline

Ukraine at D+105: Fighting in Kherson and Sieverodonetsk; partisan and cyber warfare updates. (The CyberWire) Evenly matched, house-to-house fighting continues in Sieverodonetsk. Ukraine claims it’s advancing into Kherson. US Cyber Command describes its support for Ukraine as a “hunt forward” exercise in threat intelligence and information sharing. And Russia’s Foreign Minister says the only Black Sea blockade is one being run by Ukrainian “neo-Nazis.”

Russia-Ukraine latest news: Ukraine recaptures territory near Kherson in counter-offensive
(The Telegraph) Ukrainian forces have recaptured territory from Russian forces in Kherson, the country’s defence ministry has said.

Ukraine says troops holding on to Sievierodonetsk, advance in south (Reuters) Ukrainian forces claimed on Thursday to have pushed forward in intense street fighting in the eastern city of Sievierodonetsk, but said their only hope to turn the tide was more artillery to offset Russia’s massive firepower.

Fight for Sievierodonetsk will decide fate of eastern Ukraine, says Zelenskiy (the Guardian) President says battle in key city the ‘most difficult’ since start of the war, as Donbas leaders warn Ukrainian forces have been pushed to city’s outskirts

UK missiles help to chase Russian navy fleet from Black Sea coast (The Telegraph) Moscow has been forced to change tactics as British weapons have helped Ukraine push Russian ships 60 miles off shore

Key city’s fate in balance as fighting rages in east Ukraine (AP NEWS) Russian forces pounded an eastern Ukrainian city Thursday and the two sides waged pitched street battles that Ukrainian President Volodymyr Zelenskyy said could determine the fate of the critical Donbas region.

Belarus bluff? Putin’s only ally sparks fears of possible new Kyiv offensive (Atlantic Council) Intensifying military activity in southern Belarus is fueling speculation over a possible renewed Russian assault on Kyiv but the true objective may be to tie down Ukrainian troops and prevent redeployment to eastern Ukraine.

Lukashenka plays chief enabler as Putin threatens to expand Ukraine war (Atlantic Council) Alyaksandr Lukashenka has publicly sought to distance himself from the Russian invasion of Ukraine but the Belarusian dictator is now once again becoming deeply involved as Vladimir Putin threatens to escalate the war.

Ukraine resistance blows up cafe used by Russian leaders (The Telegraph) At least four people injured in explosion at a shop in Kherson frequented by the invaders, who called the blast a ‘terror attack’

British fighters Aiden Aslin and Shaun Pinner sentenced to death by Russian-backed court (The Telegraph) The two men, who were captured by separatists in Mariupol in April, were accused of fighting as mercenaries for Ukraine

Ukraine quagmire may push Putin to adopt policy he fears: conscription (Newsweek) “The question of mobilization only needs to be raised when the situation has gotten out of control,” a Russian military expert told Newsweek.

Putin resorting to drafted soldiers in Ukraine could come at a high price (Newsweek) Reports say Russia’s military may be having manpower issues. However, the potential use of conscripts could be a politically risky move.

NATO Allies Are Rethinking Russia’s Supposed Military Prowess (Foreign Policy) But Russia’s early military failures in Ukraine don’t make it any less dangerous, military analysts warn.

NATO-Russia: It’s time to suspend the Founding Act (The Hill) Putin’s actions have destroyed the basis for cooperation.

Biden Is Still Worried About Poking the Russian Bear (Foreign Policy) “If that’s our attitude, we’re never going to win a war again, ever,” said one U.S. source familiar with the debate.

Only total defeat in Ukraine can cure Russia of its imperialism (Atlantic Council) Despite collapsing in 1917 and 1991, today’s Russia remains an unapologetically imperialistic power. Unless Putin’s invasion of Ukraine ends in unambiguous defeat, we will soon witness a new round on imperial aggression.

Yulia Tymoshenko on war in Ukraine: ‘It’s a chance for the free world to kill this evil’ (the Guardian) Exclusive: Former PM discusses ‘cold, cruel’ Vladimir Putin and the west’s response to the Russian invasion

Putin’s War of Aggression Has Dimmed the Appeal of Neutrality (World Politics Review) Last Friday, Germany’s lower house held a historic vote to amend the country’s constitution to allow for a massive expansion of its military forces. It was one more sign that Russia’s war in Ukraine has upended not only the architecture of global security, but also the world’s fundamental thinking on defense.

With Lavrov in Turkey, a different war may dominate talks (Atlantic Council) The Russian and Turkish foreign ministers could discuss Ankara’s intent to carry out a new operation against Kurdish forces in northern Syria.

EU Mulls Putting Ukraine on Track for Membership (Foreign Policy) Official candidacy for the bloc is unlikely, but even a lesser accession status would send a powerful signal.

Ukraine Successfully Defends Its Cyberspace While Russia Leans Heavily on Guns, Bombs (CNET) The country’s success so far seems to be a combination of its own cyber savvy and Russia’s focus on conventional weapons.

Ukraine war: US cyber chief on Kyiv’s advantage over Russia (Sky News) General Paul Nakasone, the head of US Cyber Command, told Sky News that “the brutal unjust invasion of Ukraine, by Russia, is tantamount to something that democratic nations just cannot stand for” and hailed the “really powerful” partnerships that are responding to it.

NSA Director Confirms Cyber Command ‘Hunt Forward’ Approach Applies to Russia (ClearanceJobs) General Paul Nakasone confirmed that the U.S. had “conducted a series of operations” in response to Russia’s invasion of Ukraine.

Hacked Russian radio station broadcasts Ukrainian anthem (Washington Post) Russian radio station Kommersant FM’s news bulletin was interrupted by the Ukrainian anthem and antiwar songs.

Ukraine at 360/OS: How Russian disinformation is fueling the war (Atlantic Council) The Digital Forensic Research Lab’s 360/Open Summit dug into the online ramifications of Russia’s war in Ukraine, and what democracies should do now.

Ukrainian journalist confronts Russia’s Sergei Lavrov with grain theft claim (the Guardian) Unscripted question appears to catch foreign minister off guard in Turkey, where he was discussing plans for a grain export corridor from Ukraine

The Black Sea blockade: mapping the impact of war in Ukraine on the world’s food supply – interactive (the Guardian) From vast grain stores stuck in Odesa to famine risk in Yemen, a visual guide to the far-reaching effects of Russia’s block on exports

Microsoft Slashes Russia Operations After War Clouds Outlook (Bloomberg) More than four hundred employees to be affected

Attacks, Threats, and Vulnerabilities

Experts, NSA cyber director say ransomware could threaten campaigns in 2022 (CyberScoop) Hackers are also widening their net to candidates’ families and friends, experts say.

Ransomware, botnets could plague 2022 midterms, NSA cyber director says (The Record by Recorded Future) The National Security Agency is concerned that ransomware and botnet attacks could be used against the upcoming midterms and further erode confidence that the U.S. can conduct safe and secure elections, a senior official said Wednesday.

Chinese hackers exploited years-old software flaws to break into telecom giants (MIT Technology Review) A multi-year hacking campaign shows how dangerous old flaws can linger for years.

Chinese hackers breach ‘major’ telecoms firms, US says (CNN) Chinese government-backed hackers have breached “major telecommunications companies,” among a range of targets worldwide, by exploiting known software flaws in routers and other popular network networking gear, US security agencies warned Tuesday.

Chinese attackers use unpatched network kit to loot telcos (Register) NSA, FBI and CISA issue joint advisory that suggests China hardly has to work for this – flaws revealed in 2017 are among their entry points

US: Chinese govt hackers breached telcos to snoop on network traffic (BleepingComputer) Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data.

Hackers using Follina Windows zero-day to spread Qbot malware (The Record by Recorded Future) Hackers are using a recently disclosed Windows zero-day named Follina to spread a widely-used banking trojan with ties to several ransomware groups.

How Cyber Criminals Target Cryptocurrency (Proofpoint) As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies.

Crypto stealing campaign spread via fake cracked software (Avast) Users who download cracked software risk sensitive personal data being stolen by hackers. This is how the FakeCrack campaign is doing its business.

Emotet Malware Returns in 2022 (Deep Instinct) Emotet malware has returned with a vengeance in 2022. How dangerous are new emotet variants? Learn more about the newest Emotet threats & how Deep Instinct can help.

Threat Actors Prepare Travel-Themed Phishing Lures for Summer Holidays (Hot for Security) Vacation season is almost here, and we’re all in need of some vitamin D after
pandemic lockdowns and travel restrictions ruined the plans of many vacationers.

1 in 10 Twitter accounts posting Spam, claims research (Tech Digest) A mathematical model designed by GlobalData has estimated that around 10% of Twitter’s active accounts are posting spam content.

Poisoned CCleaner search results spread information-stealing malware (BleepingComputer) Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program.

SVCReady Malware Emerges in Phishing Campaigns (Decipher) A newly discovered malware loader is under active development and is executed via shellcode stored in a Word document.

Phishing tactics: how a threat actor stole 1M credentials in 4 months (Pixm Anti-Phishing) It is rare that the identities of participants and ringleaders in criminal phishing schemes are uncovered. But in many cases, when untangling the web of a cyber criminal group (particularly with financially motivated e-crime actors), there are enough OSINT breadcrumbs left behind by a threat actor, on forums, in code, or elsewhere, to point investigators in the right direction.

Report: Document Verification Platform Exposes 10,000s Students in India and Israel in Massive Data Breach (vpnMentor) Over 50,000 Indian and Israeli students were exposed to fraud and online attacks via massive data breach. Find out who was exposed, and how.

OnDeck Announces Data Breach Impacting Social Security Numbers and Financial Account Information (JD Supra) Recently, the business lending company OnDeck announced that the company experienced a data breach after an unauthorized party gained access to the…

E-skimming attack at US gun shops impact over 90,000 customers (Hot for Security) US gun retailers Rainier Arms and Numrich Gun Parts have disclosed data breach
incidents resulting from card skimmer attacks on their websites,
rainierarms[.

Final exams canceled in N.J. school district after ransomware attack cripples computers (nj) Teachers broke out old-school projectors, paper, pencils and hands-on activities to replace online lessons.

Security Patches, Mitigations, and Software Updates

Ethereum’s Merge Upgrade Goes Live Today on Ropsten Testnet (Decrypt) In a historic move, Ethereum’s longest-running testnet called Ropsten is transitioning to a proof-of-stake algorithm today.

DogWalk Zero-day Windows MSDT Vulnerability Gets Unofficial Patch (HIPAA Journal) Another zero-day vulnerability has been identified that affects the same Windows tool as Follina. While the vulnerability is not known to have been Another zero-day vulnerability has been identified in the same application that is affected by the Follina vulnerability. Free micropatches have been released by 0Patch.

Google rolling out automatic updates in August for Cloud vulnerability (The Record by Recorded Future) Google said it is rolling out automatic updates to address a vulnerability affecting Authorized Networks and Cloud Run/Functions on Google Kubernetes Engine (GKE).

Mitsubishi Electric Air Conditioning Systems (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Air Conditioning Systems Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Exposure of Sensitive Information to an Unauthorized Actor, Channel Accessible by Non-Endpoint 2.

#RSAC: The Cybersecurity Industry is Costing Employees Their Mental Health (Infosecurity Magazine) Eleanor Dallaway sat down with Chloé Messdaghi to discuss the mental health deterioration that is worryingly synonymous with the cybersecurity industry

RSA – Digital healthcare meets security, but does it really want to? (WeLiveSecurity) For understandable reasons, healthcare folks view technology as a nuisance to be managed in pursuit of the health organizations’ primary mission.

Sophos uncovers latest cyber attack trends in Playbook report (SecurityBrief Asia) Research finds that there has been a 36% increase in cyber attack dwell time, with a median intruder dwell time of 15 days in 2021 versus 11 days in 2020.

GRIT Ransomware Report: May 2022 (GuidePoint Security) In April of 2022, the GuidePoint Research and Intelligence Team (GRIT) released a white paper outlining ransomware trends in Q1 2022, how they compare to trends from 2021, and discussed how threat intelligence can be a huge asset for improving and sustaining effective cyber defense operations in organizations across all industry verticals.

11 infamous malware attacks: The first and the worst (CSO Online) Whether by dumb luck or ruthless skill, these malware attacks left their mark on the internet.

Marketplace

Photos: RSA Conference 2022, part 1 (Help Net Security) In this RSAC 2022 photos gallery we feature the following vendors: Acronis, Concentric, Votiro, Cynet and Mend.

Radiflow Awarded Two Global InfoSec Awards at RSA 2022 (StartupHub) Global InfoSec awarded Radiflow with the Editor’s Choice Breach & Attack Simulation and Editor’s Choice ICS/SCADA Security awards. “We are honored by Cyber Defense Magazine’s recognition as we strive to make these technologies the industry standard,” said Ilan Barda, Founder & CEO of Radiflow.

Whistic Raises $35 Million in Series B Funding for Vendor Security Network (SecurityWeek) Vendor security assessment company Whistic has raised $35 million in Series B funding, which brings the total investment in the company to $51 million.

Cloud Data Access Firm Immuta Raises $100 Million (SecurityWeek) Boston-based cloud data access and security firm Immuta has raised $100 million in a Series E round led by NightDragon, Snowflake Ventures, with participation from existing investors.

OSINT Authentication Firm 443ID Emerges From Stealth with $8 Million Seed Funding (SecurityWeek) Identity and access management firm 443ID has emerged from stealth with $8 million seed funding in a round. 443ID focuses on open source intelligence (OSINT) for authentication and authorization.

Access Management Firm Opal Launches With $10 Million Series A Investment (SecurityWeek) Access management provider Opal has launched this week with a $10 million Series A funding round led by Greylock.

CyberArk Ventures launches with $30m fund to fuel innovative cyber security technologies (ITWeb) The company announces joint investments in Dig Security, Enso Security and Zero Networks.

DoD Awards Forcepoint Federal $89M Contract (MeriTalk) The Department of Defense (DoD) has awarded Forcepoint Federal an $89 million firm fixed contract aimed at building a “user activity monitoring enterprise solution” for the Pentagon’s combatant commands and Fourth Estate components.

Deloitte denies exploring business split (ARN) Big four consulting giant Deloitte has come out denying it was considering splitting its business, following media reports.

Exclusive: Cybersecurity Company Deep Instinct Cuts Staff As Tech Layoffs Continue (Crunchbase News) Cybersecurity company Deep Instinct went through layoffs this week, according to two people familiar with the company.

Commvault CEO: We’re a data protection, not security, company (SearchDataBackup) Commvault CEO Sanjay Mirchandani talks trends in data protection and why focusing more heavily on security may not be the best approach for data backup vendors.

1Password Hires First Chief Legal Officer (PR Newswire) 1Password, the leader in human-centric security and privacy, has appointed Erin Zipes as its first Chief Legal Officer to help the company…

Products, Services, and Solutions

Cequence Security Introduces World’s First Unified API Protection Solution to Protect the Entire API Lifecycle (Cequence) Cequence Security, the API Protection Innovator, announced today the Unified API Protection solution, a new approach that helps security teams discover, detect and defend APIs.

Code42 Provides Security Teams with Visibility to the Data Movements of High Risk Insiders (Business Wire) Code42 Software, Inc., the Insider Risk Management leader, today announced it expanded the data risk detection capabilities in the Code42® Incydr™ pro

Tidal Cyber Announces Early Access to Tidal Community Edition (Tidal Cyber) Tidal Cyber is announcing early access to the freely available Community Edition of their threatinformed defense platform. Tidal’s Community Edition enables security analysts to efficiently explore the advanced knowledge of adversary behaviors as defined by the MITRE ATT&CK® knowledge base, additional open-source threat intelligence, and a Tidal-curated registry of security product capabilities mapped to specific adversary techniques.

Malwarebytes Continues to Expand Endpoint Protection Platform with DNS Filtering Module (PR Newswire) MalwarebytesTM, a global leader in real-time cyberprotection, today announced the expansion of its Nebula platform with a new DNS Filtering…

SentinelOne Unveils Skylight to Power Machine-Speed XDR (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today unveiled SentinelOne Skylight. Skylight unifies security and enterprise dat

WISeKey announces secure supply chain management product integrating IoT devices, Satellite technology, and Blockchain (GlobeNewswire News Room) WISeKey announces secure supply chain management product integrating IoT devices, Satellite technology, and Blockchain Video https://youtu.be/ut5eJ6fChhU …

Kali Linux team to stream free penetration testing course on Twitch (BleepingComputer) Offensive Security, the creators of Kali Linux, announced today that they would be offering free access to their live-streamed ‘Penetration Testing with Kali Linux (PEN-200/PWK)’ training course later this month.

Offensive Security to offer free streaming series to assist cybersecurity learning (SiliconANGLE) Offensive Security to offer free streaming series to assist cybersecurity learning – SiliconANGLE

Fortinet launches anti-risk service, powered by ML and automation (SecurityBrief Australia) FortiRecon is a complete Digital Risk Protection Service offering that uses a combination of ML, automation capabilities and cybersecurity experts.

DigiCert Acquires DNS Made Easy, Extending its Leadership in Digital Trust with Enterprise-Grade Managed DNS Services
(DigiCert) DigiCert, Inc., a leading provider of Digital Trust, today announced that it has acquired DNS Made Easy, a global provider of enterprise-grade managed Domain Name System (DNS) services, as well as affiliated brands, including Constellix.

Pindrop Releases a Wave of Intelligence and Investigation Tools for Its Customer Authentication and Fraud Prevention Platform (Business Wire) Pindrop, a global leader in voice technology, announced its latest deployment of product features at RSA Conference 2022 — advancing voice security ev

Technologies, Techniques, and Standards

NIST International Outreach Strengthened through Additional Translations and Engagement (NIST) With the update to the Cybersecurity Framework in full swing, NIST continues to prioritize international engagement through conversations and collaborations

The Challenges of Phishing Detection (Part 1) (Vade Secure) This article is the first of a series of three related to the challenges that we faced with phishing detection.

Design and Innovation

How a Saxophonist Tricked the KGB by Encrypting Secrets in Music (Wired) Using a custom encryption scheme within music notation, Merryl Goldberg and three other US musicians slipped information to Soviet performers and activists known as the Phantom Orchestra.

Research and Development

ThreatModeler Announces New Patent for IaC-Assist (Yahoo) First of its kind, ThreatModeler’s newly patented technology solution makes the IaC-Assist a proprietary technology – allowing users to truly shift left.

Academia

GRF Foundation Receives a Gula Tech Foundation Grant for Cybersecurity Education (Yahoo) GRF Foundation has received a grant in the Gula Tech Foundation competition “Incorporating Cyber Expertise in Corporate Governance.”

IBM Establishes First 6 HBCU Cybersecurity Leadership Centers (Technology Solutions That Drive Education) The partnership is part of broader initiative to offer education and employment opportunities to underrepresented communities.

Legislation, Policy, and Regulation

Cyberspace Solarium congressman, water officials decry EPA inaction on cybersecurity (CyberScoop) There are about 52,000 drinking water systems in the U.S. and that fragmentation makes the sector harder to defend, experts say.

CISA director promotes collaboration and trust at RSAC 2022 (SearchSecurity) At RSA Conference 2022, CISA Director Jen Easterly said public-private collaboration on cybersecurity has improved following Russia’s invasion of Ukraine.

CISA exec: Lack of ransomware incident reporting is crippling defense efforts (The Record by Recorded Future) CISA said the severe lack of ransomware incident reporting in the US is crippling efforts to defend organizations and impose costs on gangs.

Will the United States Enact a National Data Privacy Law? (OODA Loop) Mandatory security requirements, information handling restrictions, and security accountability are standards all organizations should be able and willing to implement, and which can be supervised by an oversight body like the FTC. It might not be a complete fix, but it would be a necessary start, and one that is desperately needed given the complexity and dynamic evolution that occurs in the digital space. The fact that China has already implemented a national data privacy law before the United States has raised eyebrows, given China’s reputation as a perpetrator of theft and exploitation of the very data it is now protecting.

Litigation, Investigation, and Law Enforcement

Israeli officials push U.S. to remove NSO from blacklist (Axios) Reports emerged last year that found NSO’s Pegasus software had become a tool for governments to spy on journalists and critics.

Spain questions Israel’s NSO CEO over Pegasus hacking scandal (Middle East Monitor) Spain’s High Court has called the CEO of Israel’s notorious NSO Group for questioning over hacking Spanish officials’ mobile phones using Pegasus, a spyware product of the Israeli firm, news age…

Fraud and Identity Theft Trial to Test American Anti-Hacking Law (New York Times) A woman is accused of downloading data of more than 100 million Capital One customers. Her lawyers argue a conviction would criminalize legitimate research practices.

Apple defeats class action over Meltdown, Spectre security flaws (Reuters) A U.S. judge on Wednesday dismissed a proposed class-action lawsuit accusing Apple Inc of defrauding customers by selling iPhones and iPads whose processors proved vulnerable to two cybersecurity flaws first disclosed in 2018.

Telegram gibt Nutzerdaten an das Bundeskriminalamt (Spiegel) Auch wenn das Unternehmen das Gegenteil behauptet: Telegram hat nach SPIEGEL-Informationen Nutzerdaten an das BKA gegeben. Die Regierung verbucht das als Erfolg, trotzdem missachtet Telegram weiter deutsche Vorschriften.

Der Spiegel Says Telegram Gave User Data to German Police in Fight against Terrorism, Child Abuse (Hot for Security) Messaging service Telegram has reportedly surrendered user data to German
authorities despite maintaining on its website that it never ceded to such
requests.

Websites Need Consent To Share User Info, 3rd Circ. Told (Law360) Websites need to gather users’ consent to share their information with third-party trackers and advertisers — and stay in compliance with Pennsylvania’s wiretapping law — counsel for an online shopper told the Third Circuit on Wednesday.



Original Source link

Leave a Reply

Your email address will not be published.

1 + one =