There’s a maneuver lull in Russia’s hybrid war against Ukraine, but fire and cyber ops continue. The US provides cyber assistance to Ukraine. The Cicada call of Stone Panda. Phony e-commerce sites seek to harvest banking credentials. CISA offers some advice and some guidance. Hydra Market sanctioned. Awais Rashid from Bristol University on anonymous communication systems. Our guest is Armaan Mahbod of DTEX Systems with a look at supermalicious insiders. And the most popular password is...

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/11/66

Selected reading.
Russian military ‘weeks’ from being ready for new push as war takes its toll (The Telegraph)
Russia's failure to take down Kyiv was a defeat for the ages (AP NEWS)
U.S. Cyber Command providing cyber expertise and intelligence in Ukraine's fight against Russia (FedScoop) 
Cyber Command chief: U.S. has 'stepped up' to protect Ukraine's networks (The Record by Recorded Future) 
How Ukraine has defended itself against cyberattacks – lessons for the US (FIU News) 
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity (Symantec) 
Fake e‑shops on the prowl for banking credentials using Android malware (WeLiveSecurity) 
CISA adds Spring4Shell vulnerability, Apple zero-days to exploited catalog (The Record by Recorded Future) 
LifePoint Informatics Patient Portal (CISA) 
Rockwell Automation ISaGRAF (CISA) 
Johnson Controls Metasys (CISA) 
Philips Vue PACS (Update A) (CISA)
Treasury Sanctions Russia-Based Hydra, World’s Largest Darknet Market, and Ransomware-Enabling Virtual Currency Exchange Garantex (U.S. Department of the Treasury)
Most Common Passwords 2022 - Is Yours on the List? (CyberNews)