CISA recommends VMware, F5 patches. Liquidity mining fraud. Strapi issues patched. TDI clarifies data incident. Hybrid warfare.
Ukraine at D+84: Five months of cyber and info ops. (The CyberWire) With little change on the ground, Ukraine increases its combat capability while Russia seeks to reconstitute its forces for a renewed offensive. Mandiant issues a report on information operations conducted to date in support of Russia’s war against Ukraine. And someone’s robo-calling the Kremlin.
Red Cross registers hundreds of Ukrainian POWs from Mariupol (AP NEWS) The Russian military said Thursday that more Ukrainian fighters who were making a last stand in Mariupol have surrendered, bringing the total who have left their stronghold to 1,730, while the Red Cross said it had registered hundreds of them as prisoners of war.
Interrogation, uncertainty for soldiers abandoning Mariupol (AP NEWS) Russia said Wednesday that nearly 1,000 Ukrainian troops at a giant steelworks in Mariupol have surrendered, abandoning their dogged defense of a site that became a symbol of their country’s resistance , as the battle in the strategic port city appeared all but over.
Russian soldier pleads guilty at Ukraine war crimes trial (AP NEWS) A 21-year-old Russian soldier facing the first war crimes trial since Moscow invaded Ukraine pleaded guilty Wednesday to killing an unarmed civilian.
The US Plan to Document War Crimes in Ukraine (Wired) The government-funded Conflict Observatory will use open source tools and satellite imagery to gather evidence of human rights violations.
The Russian Army Is an Atrocity Factory (Foreign Policy) State weakness has created a callous and brutalized soldiery.
Vladimir Putin is micromanaging his way to military collapse (The Telegraph) Like Hitler and Stalin, the Russian president is over-estimating his ability to command
Vladimir Putin ‘weaponising’ world’s food supplies (The Telegraph) Kremlin ‘deliberately destroying’ farming infrastructure in Ukraine, the ‘breadbasket of Europe’
Information Operations Surrounding the Russian Invasion of Ukraine (Mandiant) New Mandiant research detailing the various IO activities seen by nation-state actors, resulting from the Russian invasion of Ukraine.
U.S. Saw Signs of Decline in Russian Ransomware Strikes at Start of Ukraine War (Wall Street Journal) Officials say sanctions and other disruptions have slowed ransomware schemes, but others fear relief is fleeting.
Cyberattacks quietly launched by Russia before its invasion of Ukraine may have been more damaging than intended (Business Insider) The US director of national intelligence told lawmakers that Russia’s cyberattack against Ukraine at the start of its attack “had an outsized impact.”
Mandiant Quietly Investigating Suspected Russian Intrusions (Bloomberg) If Russian hacking appears muted, just ask the cyber personnel responding to breaches right now.
Russian information agencies behind cyber-attacks in Romania, says intelligence chief (Romania Insider) Russian intelligence agencies are behind the recent uptick in cyber-attacks against Romania, said Anton Rog, the head of the Cyberint National Center within the Romanian Intelligence Service (SRI), at the BCR Expert Hub cyber security conference. …
This Hacktivist Site Lets You Prank Call Russian Officials (Wired) To protest the war in Ukraine, WasteRussianTime.today auto-dials Russian government officials, connects them to each other, and lets you listen in to their confusion.
The Changing Landscape of Hacktivism (Sec Alliance) Since the Russian invasion of Ukraine, there has been a significant increase in hacktivist activity, some of which is possibly state-sanctioned and happening in a highly permissive environment. This blog will investigate how hacktivism has changed since the conflict began, and how the unique nature of the ongoing cyberwar being fought between hacktivist elements on both sides may change the landscape of hacktivism and its role in future conflicts.
How Threat Actors Are a Click Away From Becoming Quasi-APTs (Dark Reading) As demonstrated in Ukraine and elsewhere, the battlefield for today’s warriors extends to the virtual realm with cyber warfare.
NATO cyber coordinators hold first-ever meeting amid Russia’s invasion (The Hill) Senior cyber coordinators from NATO held their first-ever meeting in Brussels on Wednesday to discuss the cyber threat landscape following Russia’s invasion of Ukraine. The coordina…
First meeting of NATO national cyber coordinators (NATO) Senior cyber coordinators from all NATO Allies met in Brussels today (18 May 2022) for the first time. They discussed the new strategic environment following Russia’s invasion of Ukraine and its implications for the cyber threat landscape. They also reviewed progress in the area of cyber defence, including efforts to increase resilience to cyber threats.
Chinese TikTok Users Are in Love With ‘Daddy Putin’ (Foreign Policy) Popular videos paint the Russian president as a widely admired figure.
NATO talks with Finland, Sweden falter but will continue (AP NEWS) NATO envoys failed to reach a consensus Wednesday on whether to start membership talks with Finland and Sweden, diplomats said, as Turkey renewed its objections to the two Nordic countries joining.
Turkey blocks start of NATO talks on Finland’s and Sweden’s applications (Washington Post) Turkey blocked the start of Finland and Sweden’s accession talks to NATO on Wednesday shortly after the Nordic nations submitted their formal applications, a signal of what could be a bumpy process to expand the alliance and reshape Europe’s post-Cold War security architecture.
What Are Sweden and Finland Thinking? (Foreign Policy) European leaders have reassessed Russia’s intentions and are balancing against the threat that Putin poses to the territorial status quo.
How Russia Would Respond to Finnish and Swedish NATO Membership | RANE (Stratfor) While Moscow will respond with disruptive measures, direct conflict between Russia and Sweden or Finland is unlikely at this time.
Western Companies Still in Russia Are Making a Big Mistake (Foreign Policy) The moral, legal, and public relations risks of staying are huge.
EU rushes out $300 billion roadmap to ditch Russian energy (AP NEWS) The European Union’s executive arm moved Wednesday to jump-start plans for the 27-nation bloc to abandon Russian energy amid the Kremlin’s war in Ukraine , proposing a nearly 300 billion-euro ($315 billion) package that includes more efficient use of fuels and faster rollout of renewable power.
Yellen: Ukraine war fallout threatens ‘stagflation,’ hunger (AP NEWS) Treasury Secretary Janet Yellen warned Wednesday that Russia’s February invasion of Ukraine has produced a sharp increase in food and energy prices that is contributing to a slowdown in growth and creating greater risk of global stagflation.
Russia’s Economy Slowed Down More Than Expected in First Quarter (Bloomberg) GDP growth slipped to 3.5%, missing median forecast of 3.7%. Economy heads into deep recession amid sanctions over Ukraine.
Google Moves Employees Out of Russia (Wall Street Journal) The departure of employees comes as the Russian subsidiary prepares to declare bankruptcy, effectively ending the company’s commercial operations in the country.
The Ukraine war is creating a jobs crisis in Russia (Quartz) As companies flee Russia after its invasion of Ukraine, tens of thousands of their Russian employees are feeding a growing jobs crisis in the country.
Russia’s disastrous isolation leaves Putin on a road to nowhere (The Telegraph) Revival of the Moskvich reflects a return to a Soviet-era economy destined for failure
Attacks, Threats, and Vulnerabilities
IOTW: Costa Rica embroiled in severe, ongoing cyber-attack (Cyber Security Hub) A total of 27 Costa Rican institutions are now affected by the Conti ransomware attacks
CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities (CISA) CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.
Emergency Directive 22-03 (CISA) May 18, 2022 This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 22-03, “Mitigate VMware Vulnerabilities.”
Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
Threat Actors Exploiting F5 BIG IP CVE-2022-1388 (CISA) CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released the joint Cybersecurity Advisory Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 in response to active exploitation of CVE-2022-1388, which affects F5 Networks BIG-IP devices. The vulnerability allows an unauthenticated actor to gain control of affected systems via the management port or self-IP addresses.
CISA Alert AA22-138A – Threat Actors Exploiting F5 BIG-IP CVE-2022-1388. (The CyberWire) CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP.
Over 380,000 Kubernetes API Servers Exposed to Internet: Shadowserver (SecurityWeek) Shadowserver has conducted an internet scan and found more than 380,000 exposed Kubernetes API instances.
CyRC Vulnerability Advisory: Sensitive data exposure in JSON enables account compromise in Strapi | Synopsys (Application Security Blog) CVE-2022-30617 and CVE-2022-30618 are sensitive data exposure vulnerabilities that may lead to account compromise in the admin panel of the headless CMS software Strapi.
Microsoft Flags Attack Targeting SQL Servers With Novel Approach (Dark Reading) Attackers appear to have found a way around PowerShell monitoring by using a default utility instead.
Sophos Lifts the Lid Off Liquidity Mining CryptoCrime (Yahoo Finance) Example of Crypto Liquidity Scam Above, a screen shot of an initial stage conversation from a scammer luring in a target. As spammy as this Direct Message seems, people are falling prey to what ensues: liquidity mining CryptoCrime. OXFORD, United Kingdom, May 17, 2022 (GLOBE NEWSWIRE) — Sophos, a global leader in next-generation cybersecurity, today released threat research about nascent cybercrime in the article, “Liquidity Mining Scams Add Another Layer to Cryptocurrency Crime.” The article i
Liquidity mining scams add another layer to cryptocurrency crime (Sophos News) Organized rings use fake apps, malicious smart contracts, and lure of big returns to swindle victims out of their savings.
Hackers Compromise a String of NFT Discord Channels (Vice) Hackers used a popular Discord bot to trick users into clicking on malicious links inside the Discord servers of several popular NFT projects.
Critical Jupiter WordPress plugin flaws let hackers take over sites (BleepingComputer) WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw.
The Vulnerable Maritime Supply Chain – a Threat to the Global Economy (SecurityWeek) An inside look at how merchant vessels and ports are extraordinarily vulnerable to increasingly sophisticated cyberattacks against unmanaged OT systems
Ransomware Attackers Get Short Shrift From Zambian Central Bank (Bloomberg) Bank of Zambia refused to pay ransom to cyberattack group Hive. Hive attacks have become prolific since being detected in June.
National bank hit by ransomware trolls hackers with dick pics (BleepingComputer) After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination).
Pharmacy Giant Hit By Data Breach Affecting 3.6 Million Customers (Infosecurity Magazine) Pharmacy retailer Dis-Chem announced that an unauthorized party gained access to its customer database
Notification of Security Compromise in Terms of Section 22 of the Protection of Persoanl Information Act of 2013 (Dis-Chem) Dis-Chem Pharmacies Limited (“Dis-Chem” / “our” / “we”) provides this notification of a personal information security compromise in terms of section 22 of the Protection of Personal Information Act, 4 of 2013 (“POPI”).
Washington Local Schools hit with cyber attack (WTOL) The attack impacted the district’s phones, email accounts, internet, WiFi networks and Google Classroom.
Apparent cyber attack suspends KVCC online classes (mlive) All campus locations remain open for in-person portions of courses.
DeKalb student newspaper exposes data leak in district’s online network (Atlanta Journal-Constitution) The district acknowledged the problem in a statement to The Atlanta Journal-Constitution.
Security Patches, Mitigations, and Software Updates
VMware Releases Patches for New Vulnerabilities Affecting Multiple Products (The Hacker News) VMware has issued patches to address two new vulnerabilities affecting Workspace ONE Access, Identity Manager and vRealize Automation.
NVIDIA Patches Code Execution Vulnerabilities in Graphics Driver (SecurityWeek) NVIDIA has announced the roll-out of updates for its graphics drivers to address multiple vulnerabilities, including four CVEs rated “high severity.”
APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days (Threatpost) Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.
The Ponemon Institute: Data Loss Prevention on Email in 2022 Report (Tessian) This study, independently conducted by the Ponemon Institute, focuses on the rising need for a behavioral intelligence approach to proactively prevent email data loss.
Data Shows Enterprise SIEMs Detect Fewer Than 5 of the Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild (PR Newswire) CardinalOps, the AI-powered detection engineering company, today released its 2022 Report on the State of SIEM Detection Risk. The company’s…
Tessian | 3 in 5 Organizations Experienced Accidental Data Loss Over Email in the Past Year (RealWire) New report from Tessian and the Ponemon Institute reveals that email has become the riskiest channel for data security in today’s organizations
SAN FRANCISCO – May 18, 2022 – New research from email security company Tessian and the Ponemon Institute reveals that nearly 60% of organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months
Imply Announces $100M Investment Led by Thoma Bravo to Drive the Market Shift to Modern Analytics Applications – Imply (Imply) New funding round validates Imply’s leadership position in the real-time analytics database category
Dig emerges from stealth to help organizations secure their data in public clouds (TechCrunch) Dig, a Tel Aviv-based cloud data security startup, has emerged from stealth with an $11 million investment to help organizations protect data stored in public cloud environments. It’s no secret that data is often the ultimate target for some cybercriminals, yet so many organizations don’t have visi…
Socure Reports Hypergrowth with 236% Increase in Customers, Rapid Scale Across web3, Online Gaming, FinTech, Marketplaces, and Public Sector (Business Wire) Socure, the leading provider of digital identity verification and fraud solutions, today announced record customer growth of 236% for its graph-define
Here are the top tech leaders in Boston (Boston Globe) The list compiles the most influential – and interesting – people in the Massachusetts technology scene, as ranked by the Globe’s business journalists and an external advisory committee.
Illumio Appoints Mario Espinoza as Chief Product Officer (GlobeNewswire News Room) Former Palo Alto Networks and Symantec Executive to Lead Product Strategy and Engineering as Market Demand for Zero Trust Segmentation Accelerates…
Varonis Expands Asia-Pacific Operations with Appointment of Country Executives (Varonis) Varonis hires cybersecurity industry professionals in India, Singapore, and Japan to lead sales and business development initiatives
Beth Gaspich joins Forcepoint Board of Directors (Help Net Security) Forcepoint announced the appointment of Beth Gaspich, CFO at NICE, to serve as an independent director on the company’s Board of Directors.
QinetiQ hires United Utilities CEO Mogford as non-executive director (AJ Bell Youinvest) QinetiQ Group PLC on Wednesday said it ha…
Products, Services, and Solutions
Skybox Security unveils the industry’s most advanced vulnerability management solution that quantifies cyber risk exposure in financial terms (Skybox Security) Pinpoint cyber exposure with the highest financial impact. Quantify risk in financial terms. Prioritize vulnerabilities and remediation across hybrid environments. Read press release.
Lacework Integrates Kubernetes Features to Enhance Security Across Multi-Cloud Environments (PR Newswire) Lacework®, the data-driven cloud security company, today announced new features added to the Polygraph® Data Platform which provide enhanced…
Wellspring Receives FedRAMP Authorization for IP Management Platform (insideHPC) CHICAGO, May 18, 2022 — Wellspring, developer of Innovation Ops software, today announced it has achieved Federal Risk and Authorization Management Program (FedRAMP) Authorization at a Moderate impact level for its Sophia Knowledge Management System. With FedRAMP Authority to Operate (ATO) now in place, Wellspring will be able to offer its Innovation and IP Management […]
New Relic Introduces Vulnerability Management (New Relic) New Relic Vulnerability Management will allow every engineer to contextualize and prioritize security risk at every stage of the software development lifecycle (SDLC).
New Relic Announces Product Integrations and Multi-Year Commercial Partnership with Microsoft Azure (New Relic) New Relic Announces Product Integrations and Multi-Year Commercial Partnership with Microsoft Azure Azure customers can use New Relic as a fully-integrated, Azure-native observability platform to accelerate enterprise cloud migration and multi-cloud initiatives.
New Relic Expands Instant Observability Ecosystem (New Relic) Momentum includes new contributions from leading enterprise technologies such as Akamai, Atlassian, CircleCI, Cloudflare, Netlify, PagerDuty, and Postman
New Relic Introduces Low-Overhead Kubernetes Monitoring (New Relic) New Relic reinforces commitment to open observability by announcing support for Pixie plugin to easily integrate data from open standards into New Relic
New Relic Brings Logs into Application Performance Monitoring (New Relic) Bundling log collection, correlation, and visualization into single APM agent makes it easier for developers to find and fix problems faster without needing to install third-party configurations
Enea Launches Enea AdaptiveMobile Security (Fast Mode) Enea introduces Enea AdaptiveMobile Security brand
Armis launches Critical Infrastructure Protection Program (Help Net Security) Armis unveils its Critical Infrastructure Protection Program with three months of complimentary service to support SHIELDS UP initiative.
Nozomi Networks extends partnership with Siemens to bring scalable cybersecurity to industrial automation (Help Net Security) Nozomi Networks and Siemens have extended their partnership to bring scalable cybersecurity to industrial automation.
Hexnode ties up with Keeper Security to strengthen cyber security software (The HinduBusinessline) Keeper Security monitors the dark web for any breaches and promptly alerts the administrator
Legislation, Policy, and Regulation
China has signaled easing of its tech crackdown — but don’t expect a policy U-turn (CNBC) Following a meeting with top executives, Liu He, China’s vice-premier, pledged support for the technology sector and plans for internet companies to go public.
Singapore sets up cybersecurity assessment, certification centre (ZDNet) Manufacturers and developers will be able to test and certify their products at the new SG$19.5 million ($13.99 million) facility, which is launched by Cyber Security Agency of Singapore and Nanyang Technological University.
5 Things to know about the UK’s National Cyber Security Centre (NCSC) (The State of Security) The NCSC provides a single point of contact for organisations of all sizes, government agencies and departments, and the general public.
New SEC Rules Highlight the Importance of Cybersecurity (ETF Database) Russia’s invasion of Ukraine underscored the importance of cybersecurity after Western sanctions on Russia forced nations to be on high security alert.
House sends state and local cyber coordination bill to Biden (StateScoop) Lawmakers approved a cyber coordination bill firming up CISA’s information-sharing relationships with state and local governments.
U.S. needs new ‘Manhattan Project’ to avoid cyber catastrophe | Opinion (Newsweek) Without dramatic action, a cyber catastrophe is nearly inevitable—whether it happens now or in the future.
Government’s finally getting its own cybersecurity in order (Washington Post) The federal government’s top cyber agency is finally getting the tools it needs to spot and thwart hacking threats in real time.
Litigation, Investigation, and Law Enforcement
Additional facts: TDI data security event (Texas Department of Insurance) TDI would like to provide clarification of information that appears in several recent news stories about our January 2022 data security event.
Texas, 12 states fire back at tech industry in Supreme Court filings (Washington Post) Texas attorney general Ken Paxton argues social media platforms are the ‘twenty-first century descendants of telegraph and telephone companies’ and should be regulated as ‘common carriers,’ subject to government regulation
Julian Assange should not be extradited to US to face espionage charges, Council of Europe tells Priti Patel (The Telegraph) Dunja Mijatovic writes to Home Secretary asking her not to extradite Assange because of ‘wider human rights implications’
Senators Urge FTC to Probe ID.me Over Selfie Data (KrebsOnSecurity) Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on…
IRS Selfie-Tech Provider Stirs Senate Ire Over Face Recognition (Bloomberg) Identity firm facing growing scrutiny over facial recognition. ID.me now claims to have more than 80 million users in the US.
Amazon’s Twitch, Discord, 4chan face New York AG probe after Buffalo shooting (CNBC) Amazon’s Twitch, Discord, 4chan and 8chan will be among the platforms her office will probe.
Darktrace denies it is under investigation over 2011 Autonomy sale (Proactiveinvestors UK) One of the company’s executive directors was yesterday named in a High Court ruling on the sale of Autonomy to Hewlett Packard
Darktrace shares hit as executive Nicole Eagan is named in Autonomy ruling (Times) Darktrace fell sharply on the stock market yesterday after a senior executive at the cybersecurity group was named in a High Court judgment as being part of a “small clique” of “loyal lieutenants” behind a British software tycoon embroiled in a fraud case.Nicole Eagan, chief strategy officer, was