Warning of Russian cyber ops. Ransomware notes. NIST’s secure engineering standards.

Dateline Moscow and Kiev (also Washington and Brussels): Russo-Ukrainian tensions.

Warnings of Russian cyber activity as Moscow continues preparations to invade Ukraine. (The CyberWire) The Russian threat to Ukraine prompts warnings of offensive cyber operations.

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure (CISA) Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture.
• Patch all systems. Prioritize patching known exploited vulnerabilities.
• Implement multi-factor authentication.
• Use antivirus software.• Develop internal contact lists and surge support.

CISA: Russian state-sponsored groups exploited vulnerabilities in Microsoft, Cisco, Oracle tools (ZDNet) The US cybersecurity agency said Russian APT actors targeted state, local, tribal, and territorial governments from September 2020 to at least December 2020.

US govt warns of Russian hackers targeting critical infrastructure (BleepingComputer) The FBI, CISA, and the NSA have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors orchestrated by Russian-backed hacking groups.

NSA, CISA, FBI Issue Joint Advisory Against Russian Hackers Amid Growing Tensions (Nextgov) The warning comes as a military build-up occurs at the Russian-Ukrainian border.

Feds alert to ongoing Russian cyber threats targeting critical infrastructure (SC Magazine) A joint federal alert urges critical infrastructure entities to be on high alert, as Russian-backed advanced persistent threat actors (APT) continue to target these networks, including those in healthcare.

CISA, NSA, and FBI Warn of Russian Threats to Critical Infrastructure (MeriTalk) The Cybersecurity Infrastructure Security Agency (CISA), National Security Agency (NSA), and FBI are warning critical infrastructure owners and operators of Russian threats to domestic critical infrastructure.

CISA issues advisory on state-sponsored hacking amid Russia, Ukraine tension (CyberScoop) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency Tuesday advised cybersecurity professionals to be on alert for attacks from Russian state-sponsored hackers.

US warns of Russian state-sponsored attacks on critical infrastructure (The Record by Recorded Future) Less than one day after Russia and the US held bilateral talks ​​over the deployment of troops near Ukraine, US intelligence and law enforcement agencies issued a warning to critical infrastructure operators about threats from Russian state-sponsored hackers.

FBI, NSA & CISA Issue Advisory on Russian Cyber Threat to US Critical Infrastructure (Dark Reading) Advisory explains how to detect, respond to, and mitigate cyberattacks from Russian state-sponsored hacking groups.

EU to Stage Large-Scale Cyberattack Exercise on Supply Chains (Bloomberg) Simulation starting this week to explore supply chain attacks. Stress test comes amid concerns about Russian plans in Ukraine

NATO head says differences with Russia will be hard to bridge (Reuters) The differences between Russia and NATO over Ukraine will be difficult to bridge, the head of the Atlantic alliance said on Wednesday after four hours of talks where Moscow pressed its demands for security guarantees from the West.

Putin’s Next Move on Ukraine Is a Mystery. Just the Way He Likes It. (New York Times) The contradictory, sometimes menacing messages from the Kremlin have stumped Western officials and Russia experts, showing the Russian leader’s desire to keep his rivals on edge.

U.S.-Russian Security Talks: What We Know (The Moscow Times) Talks on Moscow’s sweeping set of demands on NATO’s presence in Ukraine and other former Soviet countries lasted over seven hours.

Kremlin says Russia-US talks on Ukraine offer little optimism (Military Times) The negotiations were held amid soaring tensions over a Russian troop buildup near Ukraine’s border that has stoked fears of a possible invasion.

As the U.S. and Russia talk, Ukrainian troops brace for war, and they’re “ready for battle” (CBS News) A Ukrainian commander battling Russian-backed rebels tells CBS News they’re “ready for battle,” as Putin’s posturing brings echoes of the Cold War.

Ukraine and U.S. remain united to deter Russian aggression, Kyiv says (Reuters) Ukraine and the United States remain united in seeking to defuse a standoff with Moscow through diplomacy and are working closely to deter Russian aggression, Ukrainian Foreign Minister Dmytro Kuleba said after speaking to his U.S. counterpart.

US quietly authorized 200 million dollars for Ukraine security (CNN) The United States and Russia held talks lasting more than seven hours in Geneva, Switzerland. This follows months of tension near the Ukraine-Russia border, where there are more than 100,000 Russian soldiers. CNN’s Alex Marquardt has more.

Russia holds tank drills near Ukraine, sounds downbeat on talks (Reuters) Russia staged live-fire exercises with troops and tanks near the Ukrainian border on Tuesday while sounding a downbeat note over the prospects for talks with the United States that Washington hopes will remove the possible threat of an invasion of Ukraine.

‘Sanctions don’t work on Russia’: Why there’s skepticism over U.S. warnings on Ukraine (CNBC) Slapping sanctions on Russia may not be helpful in resolving tensions with the U.S. over Ukraine, two experts said on Tuesday.

Defending Ukraine Sovereignty Act of 2022 (US Senate) A bill to counter the aggression of the Russian Federation against Ukraine and Eastern European allies, to expedite security assistance to Ukraine to bolster Ukraine’s defense capabilities, and to impose sanctions relating to the actions of the Russian Federation with respect to Ukraine, and for other purposes.

Attacks, Threats, and Vulnerabilities

Night Sky ransomware uses Log4j bug to hack VMware Horizon servers (BleepingComputer) The Night Sky ransomware gang has started to exploit the critical CVE-2021-4422 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems.

Log4Shell zero day vulnerability most significant security threat of past decade (Security Brief) Its effects will be felt far into 2022 and beyond, according to Imperva Research Labs.

Cybersecurity: Last year was a record year for attacks, and Log4j made it worse (ZDNet) Check Point Research said that among its customers, there was a 50% increase in overall attacks per week on corporate networks compared to 2020.

Hackers Can Cut the Lights With Rogue Code, Researchers Show (Bloomberg Law) As Ang Cui added more juice to the power grid, overhead electric lines began to glow bright orange. Then, within seconds, the power lines evaporated in a flash of smoke, leaving an entire section of Manhattan in the dark.

Hacking group accidentally infects itself with Remote Access Trojan horse (Graham Cluley) Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really cock…

Home routers with NetUSB support could have critical kernel hole (Naked Security) Got a router that supports USB access across the network? You might need a kernel update…

YouTube Shorts: Stolen TikTok Videos Manipulated in Adult Dating, Dubious Products Scams for Views and Subscribers (Tenable®) As Google’s TikTok competitor YouTube Shorts gains viewers, hordes of scammers are quick to follow.

Inside a Ransomware Hit at Nordic Choice Hotels (Wall Street Journal) Hotel staff escorted guests to their rooms when digital keycards stopped working.

Hotel chain switches to Chrome OS to recover from ransomware attack (The Record by Recorded Future) A Scandinavian hotel chain that fell victim to a ransomware attack last month said it took a novel approach to recover from the incident by switching all affected systems to Chrome OS.

EA blames support staff for recent hacks of high-profile FIFA accounts (The Record by Recorded Future) American video game company Electronic Arts confirmed today that hackers used social engineering to trick some of its customer support staff into transferring high-profile FIFA accounts from their legitimate owners.

What happens if a hacker manages to mess up an artificial intelligence algorithm (Federal News Network) DARPA has launched a program to develop defenses against that possibility. It’s called Guaranteeing AI Robustness against Deception, or GARD.

Brazil’s Localiza says systems partially affected by ‘cyber incident’ (Reuters) Brazilian car rental company Localiza said on Tuesday it suffered a partial interruption of some of its systems due to a cyber security incident, according to a securities filing.

Neenah schools investigating apparent cyberattack; classes canceled Wednesday (WLUK) Neenah schools had to close unexpectedly Tuesdayafter the superintendent said it had what sounds like a cyberattack. The Neenah Joint School District discovered various technology systems down early Monday morning. Internet and phones are down at all schools in the district. Holly Van Zeeland has three kids in the district. They’re home Tuesday, due to what the district is calling a ‘technology security situation.

Finalsite Recovering from Cyber Attack That Impacted 5K Schools (GovTech) Websites went offline last week after the college and K-12 digital communications and marketing platform was hit by a cyber attack. The firm said that there is no evidence that data was compromised in the attack.

Security Patches, Mitigations, and Software Updates

Johnson Controls VideoEdge (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 5.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc.
Equipment: VideoEdge
Vulnerability: Improper Handling of Syntactically Invalid Structure=

Running a vulnerability scanner against VideoEdge NVRs can cause some functions to stop.

The Global Risks Report 2022 17th Edition (World Economic Forum) A divergent economic recovery from the crisis created by the pandemic risks deepening global divisions at a time when societies and the international community urgently need to collaborate to check COVID-19, heal its scars and address compounding global risks.

Riverside Compliance Chief Sees Cybersecurity as Emerging Challenge for Private Equity (Wall Street Journal) Jennifer Boyce talks about the evolving role of compliance chiefs at private-equity firms as well as the impact of the pandemic on her workload.

The rise of the CISO: The escalation in cyberattacks makes this role increasingly important (TechRepublic) As the digital landscape has grown, the organizational need for cybersecurity and data protection has risen. A new study takes a look at where CISOs stand in businesses.

DDoS Attack Trends for Q4 2021 (Cloudflare) The first half of 2021 witnessed massive ransomware and ransom DDoS attack campaigns that interrupted aspects of critical infrastructure around the world (including one of the largest petroleum pipeline system operators in the US) and a vulnerability in IT management software that targeted schools, public sector, travel organizations, and credit unions, to name a few.

3 Tech Industry Trends to Watch in 2022 (Foreign Policy) Fringe players take on Big Tech, governments start regulating, and AI could finally prove its worth.


Flashpoint Acquires Vulnerability Intelligence Leader Risk Based Security (Flashpoint) Flashpoint will deliver unparalleled visibility into critical vulnerabilities and breaches, enabling security, vendor risk management, and DevSecOps teams

Eureka Receives $8M from YL Ventures to Drive Secure Cloud Data Growth (Business Wire) Eureka receives $8M from YL Ventures to drive secure cloud data growth.

Meta Removes 7 Surveillance-for-Hire Operations From Its Platforms (Wired) While NSO Group gets most of the attention, the takedowns underscore how insidious the industry has become.

Huntress Donates $100,000 to DIVD Bug Bounty Program to Elevate SMB Cybersecurity, Calls on MSP Vendors to Follow Suit (Huntress) We believe it’s time for MSP vendors to level up cybersecurity community efforts, so we’re taking the first step with a $100,000 contribution to DIVD.

Darktrace shares glow as UK cyber group lifts outlook (The Star) British cyber security firm Darktrace lifted its full-year revenue and margin guidance on Tuesday after it enjoyed a near 40% jump in customers, driving its shares higher after a recent slump.

Huawei reportedly working with Thai government for 5G (Thaiger) Thailand has taken the next step in the 5G scene by joining hands with Huawei Technologies, although the Chinese tech giant remains on the blacklist of the US government’s cyber-security list.Last

Akamai Technologies, Inc. Named One of America’s Most Just Companies by JUST Capital and CNBC (PR Newswire) Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s most trusted solution to power and protect digital experiences, was named one of…

A-LIGN Welcomes Paul J. Loftus as CRO to Drive Exponential Growth and Expand Market Reach (A-LIGN) Loftus joins A-LIGN to accelerate top-line growth and increase share in the rapidly expanding cybersecurity audit and assessment market.

Iron Bow Names Former Cisco Exec Sean Robertson VP of Sales Operations; Rene LaVigne Quoted (Executive Gov) Looking for the latest Government Contracting News? Read about Iron Bow Names Former Cisco Exec Sean Robertson VP of Sales Operations; Rene LaVigne Quoted.

Terry Phillips appointed Chief Security Officer at Leidos (Security Magazine) Terry Phillips, a U.S. Air Force veteran and security expert, has been named SVP and Chief Security Officer (CSO) at Leidos, where he will direct the Leidos Global Security Organization.

Arctic Wolf Hires Sophos Veteran for Security Operations Cloud, IPO Push (MSSP Alert) Arctic Wolf, preparing for potential security IPO, hires former Sophos, RSA & Microsoft executive Dan Schiappa as chief product officer.

vArmour Appoints Corey Williams as SVP Marketing (GlobeNewswire News Room) Former Cyberark and Centrify Leader Joins vArmour Executive Team to Drive Market Awareness and Adoption of Application Relationship Management…

ThreatX Names Libby Merrill as Chief Financial Officer (Business Wire) ThreatX today announced the hiring of Chief Financial Officer Libby Merrill, CPA.

Alef Adds Senior Technical Leadership to Advance Innovation in 5G Edge Market (Business Wire) Alef appoints Dean Bogdanovic as Chief Technology Officer and Ritesh Johar as Executive Vice President of Engineering.

Products, Services, and Solutions

SentinelOne Integrates with ServiceNow to Unify IT and Security (Business Wire) Joint Workflows Deliver Automation Efficiency and Broad Response Actions

Apple’s Private Relay Roils Telecoms Around the World (Wired) Security experts say there’s little reason for the criticism from Europe’s mobile operators and US limitations over the VPN-like iCloud tool.

T-Mobile says it has ‘not broadly blocked’ iCloud Private Relay, blames iOS 15.2 bug for errors (9to5Mac) T-Mobile has officially acknowledged a bug that has blocked some subscribers from using iCloud Private Relay when connected to cellular networking. In a statement to 9to5Mac, T-Mobile blamed this situation on a bug in iOS 15.2 and said that it has “not broadly blocked” iCloud Private Relay. It’s also important to note that this bug […]

UNITED KINGDOM : Airbus to install new ciphering system for British Foreign Office (Intelligence Online) The Franco-German company has won a contract for a new ciphering system for Britain’s Foreign, Commonwealth & Development Office (FCDO) as London looks to deal with a growing espionage threat.

Avast Launches New Firewall Feature in Avast Free Antivirus (PR Newswire) Avast (LSE:AVST), a global leader in digital security and privacy, today announced an update to its Avast Free Antivirus and Avast Premium…

Keeper Security Launches Keeper Secrets Manager, the First Zero-Trust, Zero-Knowledge and Cloud-Native Solution for Securing Infrastructure Secrets (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software covering password management, dark web…

This top password manager is seriously cheap for a limited time only (TechRadar) Keep all your account credentials safe with one of the best password managers around

Data Theorem API Attack Surface Calculator Earns CyberSecured Award (Yahoo Finance) Data Theorem, Inc., a leading provider of modern application security, today announced that 1105 Media’s Security Today brand, a leading industry media brand providing technology, education and solutions for security professionals, recognized its API Attack Surface Calculator with a 2021 CyberSecured Award in the Application Security awards category last month.

Technologies, Techniques, and Standards

NIST Updates Cybersecurity Engineering Guidelines ( Amid constant cybersecurity threats, NIST added more insight for engineers and programmers on how to mitigate system vulnerabilities.

How the Pentagon enlisted ethical hackers amid the Log4j crisis (The Record by Recorded Future) The Pentagon last month pivoted an ongoing bug bounty program to track down Log4j vulnerabilities on potentially thousands of public-facing military websites, the first time the Defense Department marshaled the ethical hacker community to tackle an emerging digital crisis.

How to protect your website from Log4j (Computing) Follow these six rules to insure yourself against becoming the low-hanging fruit

Detecting log4j using ShiftLeft CORE (Medium) Over the last few weeks, log4j has been the focus in most organizations. Let’s see how you can easily detect it using ShiftLeft CORE.

Log4J Cyber Threat Requires New Approach to Design Flaws (War on the Rocks) Information security professionals have spent the past month battling one of the most significant cyber threats to the computer systems that control

Lawmakers see ‘real opportunity’ to modernize federal cyber playbook (Federal News Network) Lawmakers see an opening this year to reform the Federal Information Security Modernization Act, with major updates including the assignment of clear roles and responsibilities for federal…

Three steps to good security hygiene (Computing) Organisations need to harmonise people and technology, not focus on one or the other

Deep Instinct BrandVoice: Make False Positive Reduction A New Year’s Resolution (Forbes) SecOps professionals are some of the most in-demand, under pressure, and prized workers in the world — and they’re also in very short supply, with nearly 600,000 open cybersecurity positions in the U.S. alone.

Design and Innovation

Peter Cochrane: Metaverse versus the meta-pundits (Computing) The Metaverse concept is deliberately vague to cover for the lack of hardware support, demand and practical applications, but hacks have lapped it up

Web3 Just Had Its Emperor’s-New-Clothes Moment (Washington Post) Web3, or Web 3.0, has become the latest craze for investors who fear missing out. Hotter than Bitcoin, harder to understand than artificial intelligence and also painfully abstract, Web3 points to a more transparent, decentralized and equitable web, which in principle is better than an internet controlled by a handful of mega corporations.

Research and Development

Huawei Ranks No. 5 in U.S. Patents in Sign of Chinese Growth (Bloomberg) IBM retained No. 1 position in getting U.S. patents last year. Huawei networking equipment is shut out of U.S. market.


Norwich University invited to join U.S. Cyber Command’s Academic Engagement Network (Norwich University Newsroom) Colleges tapped by Defense Department-directed agency come from 34 states and the District of Columbia

Universities Partner With Cybint for Cyber Impact Bootcamps (GovTech) Following its acquisition by HackerU last year, the cybersecurity education company Cybint is partnering with more than a dozen higher ed institutions across the U.S. to implement expedited workforce training programs.

Legislation, Policy, and Regulation

Russian troops to quit Kazakhstan, says president, taking aim at the elite (Reuters) Russian-led forces will begin withdrawing from Kazakhstan in two days’ time after stabilising the Central Asian nation following serious unrest, the president said on Tuesday, in a speech that took aim at wealthy associates of his predecessor.

Nazarbayev’s Fate in Kazakhstan Is a Cautionary Tale for Putin and Xi (World Politics Review) The unrest this week in Kazakhstan underlines a fundamental predicament that comes with strict authoritarian rule. The more power is invested in an individual, the more uncertain and insecure the transition to a successor inevitably becomes. Cautionary examples of this truth abound, and yet few authoritarians heed them.

Hong Kong to draw up own ‘national security’ law (Al Jazeera) Leader Carrie Lam tells new legislature the move will ensure territory complies with Article 23 of mini-constitution.

ICT Supply Chain Risk Management Task Force Announces new members and Working Group (CISA) Government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force gathered today to announce new members and map out the Task Force’s 2022 workplan. 

Hearing: Cyber Experts Push for Sweeping FISMA Changes (Bank Info Security) As the U.S. Congress continues to push for a strengthening of FISMA, lawmakers held a hearing with former government cybersecurity officials on Tuesday, all of whom

NASS Announces Relaunch of #TrustedInfo Effort Ahead of 2022 Midterm Elections (NASS) Today, the National Association of Secretaries of State (NASS) is pleased to announce the continuation of its landmark, nonpartisan initiative highlighting state and local election officials as trusted sources for election information entitled #TrustedInfo2022.

Google intensifies lobbying efforts to limit impact of EU tech regulation (Computing) The company argues that restrictions placed on Google would be detrimental to small businesses

Litigation, Investigation, and Law Enforcement

Poland’s phone spyware scandal raises doubts over 2019 election (TechCrunch) Pegasus spyware was used to spy on three critics of the Polish government, including an opposition lawmaker.

Uber, Lyft Drivers Want More Protection as Rising Crime Keeps Many Off the Roads (Wall Street Journal) Ride-sharing drivers are wearing bulletproof vests. Others are avoiding nights, exacerbating the ongoing labor shortage.

‘Second time lucky?’ FTC’s case against Facebook can move forward, federal judge rules. (Washington Post) The decision is a reversal of fortune for the agency after its first complaint was thrown out last year

EBay Accused Of Using Stalking Probe As ‘Sword And Shield’ (Law360) A former eBay executive fighting criminal charges over an alleged cyberstalking scheme said Monday that the e-commerce giant used an internal Morgan Lewis & Bockius LLP investigation as a “sword and a shield” to protect the company and its top brass from prosecution while scapegoating lower-level employees.

Leave a Comment