Dateline
Ukraine at D+84: Five months of cyber and information ops. (The CyberWire) With little change on the bottom, Ukraine will increase its fight functionality whereas Russia seeks to reconstitute its forces for a renewed offensive. Mandiant issues a report on data operations carried out to this point in assist of Russia’s battle towards Ukraine. And somebody’s robo-calling the Kremlin.
Red Cross registers a whole lot of Ukrainian POWs from Mariupol (AP NEWS) The Russian army stated Thursday that extra Ukrainian fighters who have been making a final stand in Mariupol have surrendered, bringing the entire who’ve left their stronghold to 1,730, whereas the Red Cross stated it had registered a whole lot of them as prisoners of battle.
Interrogation, uncertainty for troopers abandoning Mariupol (AP NEWS) Russia stated Wednesday that almost 1,000 Ukrainian troops at a large steelworks in Mariupol have surrendered, abandoning their dogged protection of a website that grew to become an emblem of their nation’s resistance , because the battle within the strategic port metropolis appeared all however over.
Russian soldier pleads responsible at Ukraine battle crimes trial (AP NEWS) A 21-year-old Russian soldier dealing with the primary battle crimes trial since Moscow invaded Ukraine pleaded responsible Wednesday to killing an unarmed civilian.
The US Plan to Document War Crimes in Ukraine (Wired) The government-funded Conflict Observatory will use open supply instruments and satellite tv for pc imagery to assemble proof of human rights violations.
The Russian Army Is an Atrocity Factory (Foreign Policy) State weak point has created a callous and brutalized soldiery.
Vladimir Putin is micromanaging his solution to army collapse (The Telegraph) Like Hitler and Stalin, the Russian president is over-estimating his potential to command
Vladimir Putin ‘weaponising’ world’s meals provides (The Telegraph) Kremlin ‘intentionally destroying’ farming infrastructure in Ukraine, the ‘breadbasket of Europe’
Information Operations Surrounding the Russian Invasion of Ukraine (Mandiant) New Mandiant analysis detailing the assorted IO actions seen by nation-state actors, ensuing from the Russian invasion of Ukraine.
U.S. Saw Signs of Decline in Russian Ransomware Strikes at Start of Ukraine War (Wall Street Journal) Officials say sanctions and different disruptions have slowed ransomware schemes, however others concern reduction is fleeting.
Cyberattacks quietly launched by Russia earlier than its invasion of Ukraine could have been extra damaging than supposed (Business Insider) The US director of nationwide intelligence informed lawmakers that Russia’s cyberattack towards Ukraine firstly of its assault “had an outsized impact.”
Mandiant Quietly Investigating Suspected Russian Intrusions (Bloomberg) If Russian hacking seems muted, simply ask the cyber personnel responding to breaches proper now.
Russian data businesses behind cyber-attacks in Romania, says intelligence chief (Romania Insider) Russian intelligence businesses are behind the latest uptick in cyber-attacks towards Romania, stated Anton Rog, the pinnacle of the Cyberint National Center inside the Romanian Intelligence Service (SRI), on the BCR Expert Hub cyber safety convention. …
This Hacktivist Site Lets You Prank Call Russian Officials (Wired) To protest the battle in Ukraine, WasteRussianTime.as we speak auto-dials Russian authorities officers, connects them to one another, and allows you to hear in to their confusion.
The Changing Landscape of Hacktivism (Sec Alliance) Since the Russian invasion of Ukraine, there was a big improve in hacktivist exercise, a few of which is probably state-sanctioned and taking place in a extremely permissive surroundings. This weblog will examine how hacktivism has modified because the battle started, and the way the distinctive nature of the continued cyberwar being fought between hacktivist parts on either side could change the panorama of hacktivism and its function in future conflicts.
How Threat Actors Are a Click Away From Becoming Quasi-APTs (Dark Reading) As demonstrated in Ukraine and elsewhere, the battlefield for as we speak’s warriors extends to the digital realm with cyber warfare.
NATO cyber coordinators maintain first-ever assembly amid Russia’s invasion (The Hill) Senior cyber coordinators from NATO held their first-ever assembly in Brussels on Wednesday to debate the cyber menace panorama following Russia’s invasion of Ukraine. The coordina…
First assembly of NATO nationwide cyber coordinators (NATO) Senior cyber coordinators from all NATO Allies met in Brussels as we speak (18 May 2022) for the primary time. They mentioned the brand new strategic surroundings following Russia’s invasion of Ukraine and its implications for the cyber menace panorama. They additionally reviewed progress within the space of cyber defence, together with efforts to extend resilience to cyber threats.
Chinese TikTook Users Are in Love With ‘Daddy Putin’ (Foreign Policy) Popular movies paint the Russian president as a extensively admired determine.
NATO talks with Finland, Sweden falter however will proceed (AP NEWS) NATO envoys failed to succeed in a consensus Wednesday on whether or not to start out membership talks with Finland and Sweden, diplomats stated, as Turkey renewed its objections to the 2 Nordic international locations becoming a member of.
Turkey blocks begin of NATO talks on Finland’s and Sweden’s purposes (Washington Post) Turkey blocked the beginning of Finland and Sweden’s accession talks to NATO on Wednesday shortly after the Nordic nations submitted their formal purposes, a sign of what might be a bumpy course of to develop the alliance and reshape Europe’s post-Cold War safety structure.
What Are Sweden and Finland Thinking? (Foreign Policy) European leaders have reassessed Russia’s intentions and are balancing towards the menace that Putin poses to the territorial established order.
How Russia Would Respond to Finnish and Swedish NATO Membership | RANE (Stratfor) While Moscow will reply with disruptive measures, direct battle between Russia and Sweden or Finland is unlikely at the moment.
Western Companies Still in Russia Are Making a Big Mistake (Foreign Policy) The ethical, authorized, and public relations dangers of staying are enormous.
EU rushes out $300 billion roadmap to ditch Russian vitality (AP NEWS) The European Union’s government arm moved Wednesday to jump-start plans for the 27-nation bloc to desert Russian vitality amid the Kremlin’s battle in Ukraine , proposing an almost 300 billion-euro ($315 billion) bundle that features extra environment friendly use of fuels and quicker rollout of renewable energy.
Yellen: Ukraine battle fallout threatens ‘stagflation,’ starvation (AP NEWS) Treasury Secretary Janet Yellen warned Wednesday that Russia’s February invasion of Ukraine has produced a pointy improve in meals and vitality costs that’s contributing to a slowdown in progress and creating better threat of worldwide stagflation.
Russia’s Economy Slowed Down More Than Expected in First Quarter (Bloomberg) GDP progress slipped to three.5%, lacking median forecast of three.7%. Economy heads into deep recession amid sanctions over Ukraine.
Google Moves Employees Out of Russia (Wall Street Journal) The departure of staff comes because the Russian subsidiary prepares to declare chapter, successfully ending the corporate’s industrial operations within the nation.
The Ukraine battle is making a jobs disaster in Russia (Quartz) As corporations flee Russia after its invasion of Ukraine, tens of 1000’s of their Russian staff are feeding a rising jobs disaster within the nation.
Russia’s disastrous isolation leaves Putin on a highway to nowhere (The Telegraph) Revival of the Moskvich displays a return to a Soviet-era financial system destined for failure
Attacks, Threats, and Vulnerabilities
IOTW: Costa Rica embroiled in extreme, ongoing cyber-attack (Cyber Security Hub) A complete of 27 Costa Rican establishments at the moment are affected by the Conti ransomware assaults
CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities (CISA) CISA has issued Emergency Directive (ED) 22-03 and launched a Cybersecurity Advisory (CSA) in response to lively and anticipated exploitation of a number of vulnerabilities within the following VMware merchandise: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.
Emergency Directive 22-03 (CISA) May 18, 2022 This web page incorporates a web-friendly model of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 22-03, “Mitigate VMware Vulnerabilities.”
Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
Threat Actors Exploiting F5 BIG IP CVE-2022-1388 (CISA) CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released the joint Cybersecurity Advisory Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 in response to active exploitation of CVE-2022-1388, which affects F5 Networks BIG-IP devices. The vulnerability allows an unauthenticated actor to gain control of affected systems via the management port or self-IP addresses.
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. (The CyberWire) CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP.
Over 380,000 Kubernetes API Servers Exposed to Internet: Shadowserver (SecurityWeek) Shadowserver has conducted an internet scan and found more than 380,000 exposed Kubernetes API instances.
CyRC Vulnerability Advisory: Sensitive data exposure in JSON enables account compromise in Strapi | Synopsys (Application Security Blog) CVE-2022-30617 and CVE-2022-30618 are sensitive data exposure vulnerabilities that may lead to account compromise in the admin panel of the headless CMS software Strapi.
Microsoft Flags Attack Targeting SQL Servers With Novel Approach (Dark Reading) Attackers appear to have found a way around PowerShell monitoring by using a default utility instead.
Sophos Lifts the Lid Off Liquidity Mining CryptoCrime (Yahoo Finance) Example of Crypto Liquidity Scam Above, a screen shot of an initial stage conversation from a scammer luring in a target. As spammy as this Direct Message seems, people are falling prey to what ensues: liquidity mining CryptoCrime. OXFORD, United Kingdom, May 17, 2022 (GLOBE NEWSWIRE) — Sophos, a global leader in next-generation cybersecurity, today released threat research about nascent cybercrime in the article, “Liquidity Mining Scams Add Another Layer to Cryptocurrency Crime.” The article i
Liquidity mining scams add another layer to cryptocurrency crime (Sophos News) Organized rings use fake apps, malicious smart contracts, and lure of big returns to swindle victims out of their savings.
Hackers Compromise a String of NFT Discord Channels (Vice) Hackers used a popular Discord bot to trick users into clicking on malicious links inside the Discord servers of several popular NFT projects.
Critical Jupiter WordPress plugin flaws let hackers take over sites (BleepingComputer) WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw.
The Vulnerable Maritime Supply Chain – a Threat to the Global Economy (SecurityWeek) An inside look at how merchant vessels and ports are extraordinarily vulnerable to increasingly sophisticated cyberattacks against unmanaged OT systems
Ransomware Attackers Get Short Shrift From Zambian Central Bank (Bloomberg) Bank of Zambia refused to pay ransom to cyberattack group Hive. Hive attacks have become prolific since being detected in June.
National bank hit by ransomware trolls hackers with dick pics (BleepingComputer) After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination).
Pharmacy Giant Hit By Data Breach Affecting 3.6 Million Customers (Infosecurity Magazine) Pharmacy retailer Dis-Chem announced that an unauthorized party gained access to its customer database
Notification of Security Compromise in Terms of Section 22 of the Protection of Persoanl Information Act of 2013 (Dis-Chem) Dis-Chem Pharmacies Limited (“Dis-Chem” / “our” / “we”) provides this notification of a personal information security compromise in terms of section 22 of the Protection of Personal Information Act, 4 of 2013 (“POPI”).
Washington Local Schools hit with cyber attack (WTOL) The attack impacted the district’s phones, email accounts, internet, WiFi networks and Google Classroom.
Apparent cyber attack suspends KVCC online classes (mlive) All campus locations remain open for in-person portions of courses.
DeKalb student newspaper exposes data leak in district’s online network (Atlanta Journal-Constitution) The district acknowledged the problem in a statement to The Atlanta Journal-Constitution.
Security Patches, Mitigations, and Software Updates
VMware Releases Patches for New Vulnerabilities Affecting Multiple Products (The Hacker News) VMware has issued patches to address two new vulnerabilities affecting Workspace ONE Access, Identity Manager and vRealize Automation.
NVIDIA Patches Code Execution Vulnerabilities in Graphics Driver (SecurityWeek) NVIDIA has announced the roll-out of updates for its graphics drivers to address multiple vulnerabilities, including four CVEs rated “high severity.”
Trends
APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days (Threatpost) Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.
The Ponemon Institute: Data Loss Prevention on Email in 2022 Report (Tessian) This study, independently conducted by the Ponemon Institute, focuses on the rising need for a behavioral intelligence approach to proactively prevent email data loss.
Data Shows Enterprise SIEMs Detect Fewer Than 5 of the Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild (PR Newswire) CardinalOps, the AI-powered detection engineering company, today released its 2022 Report on the State of SIEM Detection Risk. The company’s…
Tessian | 3 in 5 Organizations Experienced Accidental Data Loss Over Email in the Past Year (RealWire) New report from Tessian and the Ponemon Institute reveals that e-mail has change into the riskiest channel for data safety in as we speak’s organizations
SAN FRANCISCO – May 18, 2022 – New analysis from e-mail safety firm Tessian and the Ponemon Institute reveals that almost 60% of organizations skilled data loss or exfiltration attributable to an worker mistake on e-mail within the final 12 months
Marketplace
Imply Announces $100M Investment Led by Thoma Bravo to Drive the Market Shift to Modern Analytics Applications – Imply (Imply) New funding spherical validates Imply’s management place within the real-time analytics database class
Dig emerges from stealth to assist organizations safe their data in public clouds (TechCrunch) Dig, a Tel Aviv-based cloud data safety startup, has emerged from stealth with an $11 million funding to assist organizations defend data saved in public cloud environments. It’s no secret that data is usually the final word goal for some cybercriminals, but so many organizations don’t have visi…
Socure Reports Hypergrowth with 236% Increase in Customers, Rapid Scale Across web3, Online Gaming, FinTech, Marketplaces, and Public Sector (Business Wire) Socure, the main supplier of digital id verification and fraud options, as we speak introduced file buyer progress of 236% for its graph-define
Here are the highest tech leaders in Boston (Boston Globe) The listing compiles essentially the most influential – and attention-grabbing – individuals within the Massachusetts know-how scene, as ranked by the Globe’s enterprise journalists and an exterior advisory committee.
Illumio Appoints Mario Espinoza as Chief Product Officer (GlobeNewswire News Room) Former Palo Alto Networks and Symantec Executive to Lead Product Strategy and Engineering as Market Demand for Zero Trust Segmentation Accelerates…
Varonis Expands Asia-Pacific Operations with Appointment of Country Executives (Varonis) Varonis hires cybersecurity trade professionals in India, Singapore, and Japan to guide gross sales and enterprise growth initiatives
Beth Gaspich joins Forcepoint Board of Directors (Help Net Security) Forcepoint introduced the appointment of Beth Gaspich, CFO at NICE, to function an impartial director on the corporate’s Board of Directors.
QinetiQ hires United Utilities CEO Mogford as non-executive director (AJ Bell Youinvest) QinetiQ Group PLC on Wednesday stated it ha…
Products, Services, and Solutions
Skybox Security unveils the trade’s most superior vulnerability administration resolution that quantifies cyber threat publicity in monetary phrases (Skybox Security) Pinpoint cyber publicity with the very best monetary affect. Quantify threat in monetary phrases. Prioritize vulnerabilities and remediation throughout hybrid environments. Read press launch.
Lacework Integrates Kubernetes Features to Enhance Security Across Multi-Cloud Environments (PR Newswire) Lacework®, the data-driven cloud safety firm, as we speak introduced new options added to the Polygraph® Data Platform which give enhanced…
Wellspring Receives FedRAMP Authorization for IP Management Platform (insideHPC) CHICAGO, May 18, 2022 — Wellspring, developer of Innovation Ops software program, as we speak introduced it has achieved Federal Risk and Authorization Management Program (FedRAMP) Authorization at a Moderate affect stage for its Sophia Knowledge Management System. With FedRAMP Authority to Operate (ATO) now in place, Wellspring will be capable of supply its Innovation and IP Management […]
New Relic Introduces Vulnerability Management (New Relic) New Relic Vulnerability Management will enable each engineer to contextualize and prioritize safety threat at each stage of the software program growth lifecycle (SDLC).
New Relic Announces Product Integrations and Multi-Year Commercial Partnership with Microsoft Azure (New Relic) New Relic Announces Product Integrations and Multi-Year Commercial Partnership with Microsoft Azure Azure prospects can use New Relic as a fully-integrated, Azure-native observability platform to speed up enterprise cloud migration and multi-cloud initiatives.
New Relic Expands Instant Observability Ecosystem (New Relic) Momentum consists of new contributions from main enterprise applied sciences similar to Akamai, Atlassian, CircleCI, Cloudflare, Netlify, PagerDuty, and Postman
New Relic Introduces Low-Overhead Kubernetes Monitoring (New Relic) New Relic reinforces dedication to open observability by saying assist for Pixie plugin to simply combine data from open requirements into New Relic
New Relic Brings Logs into Application Performance Monitoring (New Relic) Bundling log assortment, correlation, and visualization into single APM agent makes it simpler for builders to search out and repair issues quicker while not having to put in third-party configurations
Enea Launches Enea AdaptiveMobile Security (Fast Mode) Enea introduces Enea AdaptiveMobile Security model
Armis launches Critical Infrastructure Protection Program (Help Net Security) Armis unveils its Critical Infrastructure Protection Program with three months of complimentary service to assist SHIELDS UP initiative.
Nozomi Networks extends partnership with Siemens to convey scalable cybersecurity to industrial automation (Help Net Security) Nozomi Networks and Siemens have prolonged their partnership to convey scalable cybersecurity to industrial automation.
Hexnode ties up with Keeper Security to strengthen cyber safety software program (The HinduBusinessline) Keeper Security displays the darkish internet for any breaches and promptly alerts the administrator
Legislation, Policy, and Regulation
China has signaled easing of its tech crackdown — however do not anticipate a coverage U-turn (CNBC) Following a gathering with prime executives, Liu He, China’s vice-premier, pledged assist for the know-how sector and plans for web corporations to go public.
Singapore units up cybersecurity evaluation, certification centre (ZDNet) Manufacturers and builders will be capable of take a look at and certify their merchandise on the new SG$19.5 million ($13.99 million) facility, which is launched by Cyber Security Agency of Singapore and Nanyang Technological University.
5 Things to know concerning the UK’s National Cyber Security Centre (NCSC) (The State of Security) The NCSC offers a single level of contact for organisations of all sizes, authorities businesses and departments, and most of the people.
New SEC Rules Highlight the Importance of Cybersecurity (ETF Database) Russia’s invasion of Ukraine underscored the significance of cybersecurity after Western sanctions on Russia compelled nations to be on excessive safety alert.
House sends state and native cyber coordination invoice to Biden (StateScoop) Lawmakers permitted a cyber coordination invoice firming up CISA’s information-sharing relationships with state and native governments.
U.S. wants new ‘Manhattan Project’ to keep away from cyber disaster | Opinion (Newsweek) Without dramatic motion, a cyber disaster is sort of inevitable—whether or not it occurs now or sooner or later.
Government’s lastly getting its personal cybersecurity so as (Washington Post) The federal authorities’s prime cyber company is lastly getting the instruments it wants to identify and thwart hacking threats in actual time.
Litigation, Investigation, and Law Enforcement
Additional information: TDI data safety occasion (Texas Department of Insurance) TDI want to present clarification of data that seems in a number of latest information tales about our January 2022 data safety occasion.
Texas, 12 states fireplace again at tech trade in Supreme Court filings (Washington Post) Texas legal professional basic Ken Paxton argues social media platforms are the ‘twenty-first century descendants of telegraph and telephone companies’ and must be regulated as ‘common carriers,’ topic to authorities regulation
Julian Assange shouldn’t be extradited to US to face espionage costs, Council of Europe tells Priti Patel (The Telegraph) Dunja Mijatovic writes to Home Secretary asking her to not extradite Assange due to ‘wider human rights implications’
Senators Urge FTC to Probe ID.me Over Selfie Data (KrebsOnSecurity) Some of extra tech-savvy Democrats within the U.S. Senate are asking the Federal Trade Commission (FTC) to analyze identity-proofing firm ID.me for “deceptive statements” the corporate and its founder allegedly revamped how they deal with facial recognition data collected on…
IRS Selfie-Tech Provider Stirs Senate Ire Over Face Recognition (Bloomberg) Identity agency dealing with rising scrutiny over facial recognition. ID.me now claims to have greater than 80 million customers within the US.
Amazon’s Twitch, Discord, 4chan face New York AG probe after Buffalo taking pictures (CNBC) Amazon’s Twitch, Discord, 4chan and 8chan will probably be among the many platforms her workplace will probe.
Darktrace denies it’s below investigation over 2011 Autonomy sale (Proactiveinvestors UK) One of the corporate’s government administrators was yesterday named in a High Court ruling on the sale of Autonomy to Hewlett Packard
Darktrace shares hit as government Nicole Eagan is known as in Autonomy ruling (Times) Darktrace fell sharply on the inventory market yesterday after a senior government on the cybersecurity group was named in a High Court judgment as being a part of a “small clique” of “loyal lieutenants” behind a British software program tycoon embroiled in a fraud case.Nicole Eagan, chief technique officer, was