Russian disinformation at the UN. German police take down the Hydra Market. Compromise at Mailchimp. FIN7’s ransomware. | #cybersecurity | #cyberattack


Ukraine at D+40: Confronting disinformation at the UN. (The CyberWire) Russia recasts, on the ground, combat failure as all part of the plan. At the UN, it recasts that failure as humanitarian restraint.

U.S. National Security Adviser Says Russia Pivoting to Offensive in Ukraine’s East (Bloomberg) President Joe Biden’s national security adviser said the U.S. believes Russia is repositioning forces to focus on an offensive in Ukraine’s eastern Donbas and Luhansk provinces, in a major revision of Moscow’s war goals.

Russian troops readying for big attack in Luhansk region of eastern Ukraine (The Telegraph) Officials say ‘we understand that they are preparing for a full-scale big breakthrough’

Russia-Ukraine latest news: Volodymyr Zelensky addresses UN Security Council on Russian ‘war crimes’ – watch live (The Telegraph) Volodymyr Zelensky, the Ukrainian president, is addressing a United Nations Security Council meeting convened by Britain amid growing outrage over Russian atrocities.

Live Updates: U.N. Security Council to Meet as Evidence of War Crimes Mounts (New York Times) China and Russia are unlikely to support any measures that France, the U.S. and Britain propose. European leaders sought to impose more sanctions, but were divided on whether to ban Russian natural gas.

Ukraine’s leader to brief top UN body on alleged massacres (AP NEWS) Ukraine’s president planned to address the U.N.’s most powerful body on Tuesday after even more grisly evidence emerged of civilian massacres in areas that Russian forces recently withdrew from .

Russia-Ukraine war: Zelenskyy to address U.N. Security Council amid outrage over Bucha deaths (NBC News) Ukrainian President Volodymyr Zelenskyy will address the United Nations Security Council on Tuesday as Russia faces growing condemnation over alleged atrocities in Bucha.

Ukraine: Secretary-General calls for probe into Bucha killings (UN News) UN Secretary-General António Guterres on Sunday called for an independent investigation into the killing of civilians in the Ukrainian town of Bucha, a suburb of the capital, Kyiv.

Russia to insist on UN Security Council meeting on Bucha situation on April 4 — envoy (TASS) It was stated that the British presidency of the Security Council is trying to deny us Russia’s right to request a separate Security Council meeting on the terrible Ukrainian provocation in Bucha

US to seek Russia’s suspension from Human Rights Council (AP NEWS) The United States plans to seek a suspension of Russia from its seat on the U.N.’s top human rights body, pointing to increasing signs that Russian forces may have committed war crimes in Ukraine, U.S.

Debunking Russia’s Bucha massacre conspiracy theories (The Telegraph) Observers on social media have been quick to take down Moscow’s claims that the killings of civilians was a hoax

Bucha massacre: ‘We brought the dead here because the dogs were trying to eat them’ (The Telegraph) Under the domes of the Church of St Andrew Pervozvannoho All Saints is an open trench 45 feet long, filled with at least 60 bodies

Bucha survivor: One man was tortured … They cut out his cheek and shot him in the heart (The Telegraph) Vladislav Kozlovsky, a sommelier in Kyiv before the Ukraine war, describes the horrors of being trapped in the town for nearly a month

‘Sitting at Home and Trembling.’ A Town Emerges After a Russian Retreat. (New York Times) Badly frightened and hungry, residents of Nova Basan, a town east of Kyiv, emerged from their cottages and farmhouses on Monday, and described living through the terrifying ordeal of the Russian occupation — detentions, threats and a strict curfew that confined them to their homes with no outside communication for more than a month.

Photos: the Scene Inside Bucha, as Seen by a Post Photographer (Washington POst) Ukrainian forces found mass graves in Bucha…

Satellite images show bodies lay in Bucha for weeks, despite Russian claims. (New York Times) The images rebut Russia’s claim that the killing of civilians in Bucha, near Kyiv, took place after its soldiers had left town.

‘Tortured, executed civilians’: Reaction to Ukraine war dead (AP NEWS) Global reaction Monday to what appears to be deliberate killings of civilians in Ukraine in areas north of Kyiv, the capital, where Russian soldiers have either retreated or been pushed back:

Pictured: The Bucha mass grave that is so large it can be seen by satellites (The Telegraph) Photos taken from the ground have confirmed that this is a mass grave containing the bodies of Ukrainian civilians

Ukraine mayor’s tortured body found alongside husband and son in mass grave (The Telegraph) Olga Sukhenko’s corpse was discovered face down with ‘broken arms and fingers’ in a burial pit near the town of Motyzhyn

Russia’s Urban Warfare Predictably Struggles (Foreign Policy) Fighting in cities is hard for any military.

Russia is incapable of fighting a ‘long war’ (The Telegraph) The received wisdom that the country’s greater size makes victory over Ukraine inevitable is misguided

The Meaning of Ukraine’s Coming Neutrality (Foreign Policy) History offers clear examples of what neutral status means—and what it doesn’t.

Russia faces growing outrage amid new evidence of atrocities (AP NEWS) Russia faced a fresh wave of condemnation on Monday after evidence emerged of what appeared to be deliberate killings of civilians in Ukraine. Some Western leaders called for further sanctions in response to the alleged atrocities, even as Moscow continued to press its offensive in the country’s east.

Outrage widens over Russian attacks Zelensky now calls a ‘genocide’ (Washington Post) Haunting images of dead bodies littering the streets of a Kyiv suburb and reports of civilian executions are triggering new international condemnation against Russia, as Ukrainian President Volodymyr Zelensky demanded accountability for what he said amounts to “genocide.”

Allies want Vladimir Putin to face justice for war atrocities in Ukraine (The Telegraph) Boris Johnson condemns murder of hundreds by Russian troops and promises help in bringing charges at The Hague

Biden: Putin should face war crimes trial for Bucha killings (AP NEWS) President Joe Biden on Monday called for Vladimir Putin to be tried for war crimes and said he’ll seek more sanctions against Russia after what he described as “outrageous” atrocities around Kyiv.

Biden calls for a Putin ‘war crimes trial’ (Washington Post) President Biden once again called Russian President Vladimir Putin a “war criminal” and noted the grim scenes emerging as Russian troops pull out of northern areas of Ukraine. He called for gathering more details toward a “war crimes trial.”

Liz Truss: We must inflict ‘new wave’ of punishments on Vladimir Putin after Bucha atrocities (The Telegraph) Foreign Secretary warns only ‘being tough’ on Moscow will end war, as Germany rules out immediate ban on Russian gas imports

Building a war crimes case against Putin’s forces must start immediately (The Telegraph) It is vital that Russia’s atrocities are documented for the whole world to see

FAST THINKING: How will the West punish Russia for its war crimes? (Atlantic Council) Gruesome images of murdered Ukrainian civilians—evidence of apparent Russian war crimes uncovered in Bucha and other newly liberated towns north of Kyiv—have shocked the world.

War Crimes Watch: Hard path to justice in Bucha atrocities (AP NEWS) The horrific images and stories tumbling out of Ukrainian towns like Bucha in the wake of the withdrawal of Russian troops bear witness to depravity on a scale recalling the barbarities of Cambodia, the Balkans, World War II.

Exiled oligarch calls on other Russian tycoons to break with Putin (Washington Post) Mikhail Khodorkovsky says they must denounce the invasion of Ukraine if they want to be above suspicion of collaborating with the Kremlin.

Bucha’s Atrocities Are Not Russia’s First. They Must Be the Last (Bloomberg) Retreating soldiers are leaving behind evidence of brutal civilian killings. Absent further action to make this war too costly for the Kremlin, this will not be a one-off.

The West must choose: Either arm Ukraine or enable Putin’s genocide (Atlantic Council) Revelations of Russian war crimes outside Kyiv underscore the urgency of providing the Ukrainian military more weapons.

U.S. Drones for Ukraine Will Include Latest Tank Killers (Bloomberg) Newest model versions can destroy Russian tanks, artillery. ‘Flying Shotgun’ is part of new $300 million Pentagon order.

Putin’s War: Ukraine can defeat Russia but urgently needs more weapons (Atlantic Council) Western leaders must urgently rethink their cautious attitude towards arming Ukraine and provide the country with the offensive weapons it needs in order to defeat Putin on the battlefield, argues Oleksandr Danylyuk.

Biden doubles down on calling Putin a war criminal: “This guy is brutal” (Newsweek) Images showing civilian bodies dead in the streets of Bucha, Ukraine have sparked international outrage.

‘Mindless’ Killing in Ukraine Won’t Stop Until Biden Changes Strategy (Newsweek) As gruesome scenes showing the human cost of the Ukraine war emerge with the withdrawal of Russian troops north of Kyiv, Vladimir Putin’s armed forces are unable to move forward on any front, and are ineffective in the air.

Joe Biden is calling for regime change in Russia and this time it isn’t a gaffe (Newsweek) As President Joe Biden challenges Russian counterpart Vladimir Putin’s legitimacy, professor Rajan Menon warns of two consequences that could prolong or even deepen the war in Ukraine.

Russian anger at Vladimir Putin can “explode” any time: Alexei Navalny aide (Newsweek) Leonid Volkov, Navalny’s chief of staff, told Newsweek that public polls in Russia that show broad support for the war in Ukraine are “pure and simple propaganda.”

‘Two Russian soldiers dead and 28 in hospital’ after eating poisoned pastries from Ukrainian villagers (The Telegraph) Ukrainian intelligence describes the action as an ingenious way to ‘offer resistance to the occupying troops by all means possible’

Russia’s war in Ukraine: How it started and where it could lead (European Leadership Network) Russia’s invasion of Ukraine is set to fundamentally transform the international order. Mykola Kapitonenko argues that the Kremlin’s miscalculations could prove devastating not only for Russia but for international security as a whole, and he offers some suggestions as to how these global ramifications could be eased.

Bristling Against the West, China Rallies Domestic Sympathy for Russia (New York Times) China’s Communist Party is mounting an ideological campaign aimed at officials and students. The message: The country will not turn its back on Russia.

Ukraine Crisis Tests Cyber Warfare’s Red Lines, Bitdefender Says (BNN Bloomberg) Russia’s invasion of Ukraine has ushered in a new era of cyber warfare, raising the risks of spillover from conventional conflicts, according to the chief executive officer of Bitdefender Holding BV.

Elephant Framework Delivered in Phishing Attacks against Ukrainian Organizations (Intezer) Malware using the elephant malware framework was delivered via phishing emails from spoofed Ukrainian email addresses.

New Android Spyware Uses Turla-Linked Infrastructure (SecurityWeek) Lab52 security researchers have dissected a new piece of Android malware that they discovered while analyzing infrastructure associated with Russian cyberespionage group Turla.

The ruble has bounced back. Are sanctions not working? (Quartz) Barely a month into sanctions on Russia, the ruble has bounded back up against the US dollar. Energy prices and capital controls are propping the currency up.

U.S. stops Russian bond payments, raising risk of default (Reuters) The United States stopped the Russian government on Monday from paying holders of its sovereign debt more than $600 million from reserves held at U.S. banks, in a move meant to ratchet up pressure on Moscow and eat into its holdings of dollars.

Ukraine Update: U.S. Readies More Russian Sanctions This Week (Bloomberg) Ukraine’s Defense Ministry said Russia is regrouping its troops to gain a tactical advantage in the south of the country, storing fuel and organizing hospitals for an influx of wounded as it prepares for a new offensive. Kyiv officials also warned of a coming attack on Kharkiv in the north.

How a Ukraine Conflict Could Reshape Europe’s Reliance on Russia (New York Times) Europe needs Russian natural gas to help heat homes, generate electricity and power factories — a crucial factor in the crisis.

Lithuania says it has stopped importing gas from Russia. (New York Times) Although tiny, Lithuania is the largest economy in the Baltic States and a eurozone member, giving the decision significance to European nations. “If we can do it, the rest of Europe can do it too,” the president said.

Germany main roadblock to tougher Russian sanctions, says Poland’s PM (The Telegraph) Berlin is resisting mounting pressure for an embargo on Russian energy imports amid recession fears

Metals World Agonizes Over War But Keeps Buying From Russia (Bloomberg) Companies with long-term deals are still buying Russian metal. A pile-up of Russian metal on the LME could create dislocation.

Fortnite raised $144 million for Ukraine relief (The Verge) A two week effort

Attacks, Threats, and Vulnerabilities

New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials (The Hacker News) Researchers have observed a new “Transparent Tribe” hacking campaign targeting Indian government and military entities.

Vendors Assessing Impact of Spring4Shell Vulnerability (SecurityWeek) Companies have started assessing the impact of the Spring vulnerability dubbed Spring4Shell on their products.

SpringShell (Spring4Shell) Zero-Day Vulnerability: All You Need to Know (JFrog) Understand SpringShell (Spring4Shell) vulnerability CVE-2022-22965 exploitation vectors, learn what’s vulnerable & discover remediations to this zero-day vulnerability

Spring4Shell – by the numbers (Sonatype) Spring4Shell, a new 0-day RCE, is not quite as bad as Log4shell but has a wide blast radius. We dive into the numbers on how the world is fixing the issue.

Preventing the initial Spring4Shell exploit, a demonstration (Security Boulevard) The hits keep coming. Spring4Shell is the latest zero-day security issue that takes advantage of a vulnerability in a widely adopted application framework for Java – the Spring Framework. Our own data shows 74% of Java applications use Spring Core. This vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+.  So far, the issue has been confirmed for Spring applications packaged as WAR files running on Tomcat servers. CVE-2022-22965 has more specifics. Contrast Security has written an initial blog that has been picked-up widely by other publications for its timely and practical information.

TOTOLINK Routers, Other Device Exploits Added to Beastmode Botnet (SecurityWeek) The Mirai-based DDoS botnet known as Beastmode continues to expand its arsenal with at least five new exploits added over the last two months.

FIN7 hackers evolve toolset, work with multiple ransomware gangs (BleepingComputer) Threat analysts have compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the actor is still very active, evolving, and trying new monetization methods.

Notorious hacking group FIN7 adds ransomware to its repertoire (CyberScoop) Ransomware strains such as Maze, Ryuk and BlackCat have increasingly been part of FIN7’s playbook in recent years, Mandiant says.

Hackers breach MailChimp’s internal tools to target crypto customers (BleepingComputer) Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.

Email marketing giant Mailchimp has confirmed a data breach (TechCrunch) Email marketing giant Mailchimp said hackers targeted customers in the cryptocurrency and finance sectors.

Emma Sleep Company admits attack on online checkout (Register) Customers wake to a nightmare as payment data pilfered from UK website

Hive ransomware gang strikes Indonesian gas giant PGN (Tech Monitor) With two victims in a matter of days, Hive is one of the most active ransomware gangs around. Businesses should beware.

Wind turbine maker Nordex shuts down systems as cyber attack hits (Wind Power Monthly) Wind turbine maker Nordex shuts down systems as cyber attack hits and other wind energy news & analysis on Windpower Monthly

The Works forced to shut some shops after cyber-attack (Yahoo) The retailer said that five of its 526 shops have temporarily been shut since the attack last week.

LockBit Ransomware Attack Costs CRM Services Provider Over $42 Million (MSSP Alert) Atento, a CRM services provider, experiences $42.1 million in financial losses due to a LockBit ransomware attack dating back to October 2021.

CISA Adds Four Known Exploited Vulnerabilities to Catalog (CISA) CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.

Vulnerability Summary for the Week of March 28, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Account Takeover Attacks Predicted to Increase in 2022 (PerimeterX) CyberEdge Group released the 2022 Cyberthreat Defense Report detailing the top threats that online organizations are facing. Here are four key takeaways.

WatchGuard | New WatchGuard Threat Lab Report Shows Network Attacks at Highest Point Over Last Three Years (RealWire) Network detections in EMEA quadrupled, with malware detections occurring at nearly twice the rate as the rest of the world.
5 April 2022 – WatchGuard® Technologies’ latest quarterly I

Feedzai Q2 2022 FinCrime Report: The RiskOps Age (Feedzai) Download the Feedzai Q2 2022 Financial Crime Report, based on over 18 billion exclusive transactions to learn how fraudsters are thriving in the online ecosystem


What SentinelOne’s Big Deal Means for Investors (The Motley Fool) SentinelOne’s significant acquisition is the next chapter in its growth.

Synopsys and Juniper Networks Invest in New Company to Pursue Fast-Growing Silicon Photonics Market (PR Newswire) Synopsys, Inc. (Nasdaq: SNPS) and Juniper Networks (NYSE: JNPR) today announced that they have closed a transaction to form a new, separate…

SolarWinds CEO: Here’s what my company learned after facing one of the most sophisticated cyberattacks in history (Fortune) SolarWinds CEO Sudhakar Ramakrishna on how the company moved on from the famous cyberattack attributed to Russia.

Okta: Credibility Has Been Smashed (NASDAQ:OKTA) (SeekingAlpha) Okta shocked investors and customers by delaying a response to a Lapsus$ hack by two months. We believe that OKTA stock could remain in the penalty box in the near term. Read more here.

This Cybersecurity Stock Is a Bargain in Plain Sight (The Motley Fool) Okta has seen its valuation nearly halved, despite its strong business performance.

SINET16 Process & Benefits – SINET (SINET) Key benefits of the SINET16 Innovator Award: The SINET16 Innovator award is a prestigious honor, and is widely recognized and valued within the Cybersecurity industry. SINET16 Innovators are invited to deliver their value proposition on our virtual stage. SINET16 Innovators are promoted in SINET press releases and marketing material. SINET16 Innovators enjoy additional opportunities to present at other SINET supported global venues throughout the year

Renowned Data Privacy Lawyer Dominique Shelton Leipzig Joins Mayer Brown’s Growing Los Angeles Office (Benzinga) Veteran data privacy lawyer Dominique Shelton Leipzig has joined Mayer Brown as a partner in the Cybersecurity & Data Privacy practice in Los Angeles, continuing Mayer Brown’s strategic expansion efforts on the West Coast.

Dragos Appoints Dawn Cappelli as Director for New OT CERT Program (Business Wire) Dragos Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, today announced the ap

BlackSky forms a Strategic Advisory Group and appoints three prominent leaders (Help Net Security) BlackSky announced the formation of a Strategic Advisory Group and the appointment of three prominent U.S. leaders with diverse backgrounds.

Microsoft hires former Seattle Police Chief Carmen Best in global security role (Puget Sound Business Journal) Carmen Best stepped down as Seattle Police chief in September 2020, after just over two years. She’ll be a director at Microsoft, responsible for global security risks.

Products, Services, and Solutions

Citrix® Modernizes Security to Accommodate Hybrid Work (Business Wire) Employees used to come to the office every day and work from company-managed assets. Today, they may be working at home, in the office, on the road an

SecurityScorecard Selects CrowdStrike to Deliver Powerful, Unified and Continuous Monitoring Solution with Visibility of Real-Time Risk Scores (SecurityScorecard) SecurityScorecard Joins the CrowdStrike Store to Help Organizations Reduce Risk of External and Insider Threats NEW YORK – April 4 , 2022 – SecurityScorecard , the global leader in cybersecurity ratings, today announced an integration with CrowdStrike, a leader in cloud-delivered protection of…

Omagh’s Loughtec announces six-figure cyber partnership with Darktrace (News Letter) Omagh IT and cyber security company LoughTec has announced its partnership with Darktrace, a global leader in cyber security AI.

Incode Technologies Redefines Event Experiences With a Single, Portable ID That Unifies Fan Interactions (Business Wire) Incode, the next-generation identity verification and authentication platform for global enterprises, is redefining event experiences and how stadiums

Technologies, Techniques, and Standards

NIST Seeks Input on International Aspects of the Cybersecurity Framework, Other Resources (NIST) Addressing global needs is a critical part of NIST’s work in the evolution of the Cybersecurity Framework, especially as we continue to see international ada

Council Post: In Cybersecurity, Strengthening Encryption Is Vital (Forbes) Complex systems can break in complex ways.

Council Post: Why Zero Trust Is All About Identity (Forbes) Attack methods are increasingly sophisticated.

Legislation, Policy, and Regulation

Debate erupts at news the White House may scale back DOD cyber-ops authorities (CyberScoop) Cybersecurity and homeland security experts are split on the wisdom of scaling back broad authorities the Department of Defense now has to launch cyber operations.

It’s a big day at the State Department for U.S. cyberdiplomacy (Washington Post) Nearly 100 people will staff a new cyber bureau at the State Department

State Department kicks off new cyber bureau (SC Magazine) For the first time in years, the State Department has a dedicated bureau focused on cyberspace that will “address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy.”

State Department formally launches new cyber bureau (The Hill) The State Department launched its new Bureau of Cyberspace and Digital Policy on Monday in what it says is a modernization of the agency aimed at emerging technology issues in diplomacy. A statemen…

State Dept launches new bureau in broader effort to elevate its cyber mission (Federal News Network) The State Department is elevating its cybersecurity mission and is focusing on setting international norms for cyber through its newest bureau.

Litigation, Investigation, and Law Enforcement

Germany takes down Hydra, world’s largest darknet market (BleepingComputer) The servers of Hydra Market, the most prominent Russian darknet platform for selling drugs and money laundering, have been seized by the German police.

LAPSUS$ hacks continue despite two hacker suspects in court (Naked Security) Do you know where in your company to report security anomalies? If you receive such reports, do you have an efficient way to process them?

Court largely refuses to dismiss D&O litigation against SolarWinds (Business Insurance) A Texas federal court largely refused to dismiss directors and officers securities litigation filed against SolarWinds Corp. in connection with a December 2020 cybersecurity breach.

Cisco cites judge’s family stock holdings in bid to wipe out $2.7 bln award (Reuters) Cisco Systems Inc told a U.S. appeals court Monday that a $2.7 billion patent award against it should be thrown out because the presiding judge’s wife owned stock in the company.

Cisco Finds Panel Skeptical of Judge Who Dropped $2 Billion Hit (Bloomberg Law) Two Federal Circuit judges heavily questioned arguments that a $1.9 billion judgment levied against Cisco Systems Inc. should remain in place despite claims the district court judge failed to recuse himself after learning his wife owned Cisco stock.

Cisco Wants $2 Billion Patent Hit Axed Over Judge’s Wife’s Stock (Bloomberg Law) The next steps in Cisco Systems Inc.’s appeal of a $1.9 billion patent infringement award will hinge on whether the district judge should have recused himself after finding out his wife owned stocks in the company.

Original Source link

Leave a Reply

Your email address will not be published.

twenty − = twelve