Dateline
Ukraine at D+162: Ukraine's counteroffensive, and the story of a sub-JV Russian troll farm. (The CyberWire) Ukraine claims to have scored against Russian ammunition supply points, bridges, and air defense units as its counteroffensive gains urgency. Meta takes down a large Russian influence network whose "coordinated inauthenticity" hasn't risen above a stumblebum level.
Russia-Ukraine war: List of key events, day 163 (Al Jazeera) As the Russia-Ukraine war enters its 163rd day, we take a look at the main developments.
Russian ammo depots, missile systems wiped out in deadly fighting: Ukraine (Newsweek) Ukraine's military has reported more success against Russia as it presses forward with efforts to take back control of Kherson and other southern areas.
Zaporizhzhia nuclear plant ‘built to withstand terror attacks’, says official amid disaster fears (The Telegraph) Ukraine can still strike Russian targets around facility but ‘will consider very carefully how to avoid taking major risks’
Ukraine Braces for Attack as Russian Troops Mass in South (New York Times) As Ukraine has pushed forward around Kherson, Russia appears to be pouring forces in. With striking Republican support, the U.S. Senate voted to approve NATO’s expansion to include Finland and Sweden.
Ukraine Braces for Brutal Fight for Occupied Southern Regions as Referendum Looms (Wall Street Journal) Retaking Kherson has become Ukraine’s critical priority in the next phase of its war with Russia. Time is a factor as Moscow-appointed authorities are planning a mid-September referendum on annexing Kherson and other parts of occupied southern Ukraine.
Ukraine Fires on Bridges, Rail Lines in Bid to Loosen Russia’s Grip on Kherson (Wall Street Journal) Kyiv’s forces struck a railway bridge in the southern Kherson region, the Ukrainian military said, as it seeks to cut Moscow’s supply lines in preparation for a looming counteroffensive.
Zelenskyy slams Amnesty International over critical military report (POLITICO) Ukrainian leader says human rights organization is ‘playing into Russia’s hands.’
Ukraine under pressure in east as NATO chief says Russia must not win (Reuters) President Volodymyr Zelenskiy this week described the pressure his armed forces were under in the Donbas region in eastern Ukraine as "hell."
Death from above, printed at home: Ukrainians deploy DIY weapons against Russian troops (Yahoo) The three Russian soldiers, filmed from a weaponized Ukrainian drone from above, scramble into what looked like a worn-down sedan somewhere near the city of Kharkiv.
Russian army faces morale problems as Putin’s Ukraine invasion drags on (Atlantic Council) A new opinion poll indicates that the Russian public continues to strongly support their country's invasion of Ukraine but there are growing signs that Vladimir Putin's invading army is suffering from low morale.
Russia’s Shortfalls Create an Opportunity for Ukraine, Western Officials Say (New York Times) Severe equipment and manpower problems could slow President Vladimir V. Putin’s mission as the war enters its sixth month.
Zelenskyy advisor says Ukraine will hold peace talks when it has military might to repel Russia (Fox News) A top advisor to President Zelenskyy said Kyiv will engage in peace talks with Moscow once Ukraine has the military capabilities to repel Russian forces from its lands.
Only Ukraine Can Set the Terms to End the War With Russia (World Politics Review) It is understandable to want to end the war. But calls for the West to do so in Ukraine’s stead are misplaced.
The Senate emphatically backs NATO expansion. What’s next? (Atlantic Council) What political hurdles remain, and what will Sweden and Finland be up to in the meantime? Our experts break it all down.
Polish history shows Ukrainians how to avoid a major mistake (Washington Post) As they think about commemorating their struggle against Russia, Ukrainians can’t lose sight of the need to grow
The Paradoxes of Escalation in Ukraine (Foreign Affairs) Slowly but surely, Russia and the West are drawing their redlines.
Russia to launch spy satellite for Iran but use it first over Ukraine (Washington Post) The remote-sensing craft could give Tehran unprecedented capabilities, but Iran may have to wait its turn
Russia is forming an alliance of pariah states in the Middle East. It might put Israel in an awkward situation in Syria. (Atlantic Council) For lack of other options, Russia is opening to Iran and is preparing to establish a new alliance of pariah states with the Islamic Republic—to the detriment of Jerusalem.
Putin ally wanted China to shoot down Pelosi's plane: "Good" for Russia (Newsweek) State Duma member Aleksey Zhuravlyov said that an attack on Pelosi's plane from China would open up a "second front" in Putin's conflict with the West.
China on the Offensive (Foreign Affairs) How the Ukraine war has changed Beijing’s strategy.
Meta took down Russian troll farm that supported country’s invasion of Ukraine (The Hill) Meta on Thursday announced it took down two cyber espionage operations in South Asia and a Russian troll farm that sought to prop up support for the country’s invasion of Ukraine. Meta, which owns …
Russia's Infamous Troll Farm Is Back -- and Sh*tting the Bed (Rolling Stone) Despite their fearsome reputation after meddling in the 2016 election, a Russian “online army” is floundering mightily in its attempts to whip up support for Vladimir Putin’s late…
Meta’s threat report highlights clumsy attempt to manipulate Ukraine discourse (TechCrunch) Meta’s quarterly “Adversarial Threat Report” paints a somewhat depressing picture of the once feared global troll ecosystem: A number of outfits “relatively low in sophistication” attempting fruitlessly to spam their way to relevance. But just because they’re bad…
The Russo-Ukrainian War rewrites the laws of cyber-warfare (Dataconomy) The laws of cyber-warfare are being rewritten in Europe. The Russo-Ukrainian War is not limited to the hot conflict at fire zones of the front. It is possible
The Russia-Ukraine Grain Deal Is Skating on Thin Ice (World Politics Review) The first ship exporting grain from Ukraine since February left Odessa’s port this week thanks to a deal brokered by Turkey and the U.N. The agreement aims to ease the global food crisis triggered by Russia’s invasion of Ukraine, but there are doubts as to whether it will hold for long enough to make a difference.
Can the Grain Shipments Agreement Deliver Peace? (Wilson Center) Unable to transit the Black Sea under threat of Russian attack, more than 20 million tons of Ukrainian grain have been trapped in Ukrainian ports since Russia’s invasion began in February. Ukraine estimates that another 70 million tons from this year’s harvest will be similarly trapped.
Ukraine grain deal: World must still confront Putin’s Black Sea blackmail (Atlantic Council) The recent UN-brokered agreement to end Russia's Black Sea blockade and renew Ukrainian grain shipments is a step in the right direction but the only way to truly safeguard global food security is via military measures.
Understanding Sanctions Properly (Wilson Center) It has become commonplace among journalists, experts, and even politicians to think that economic sanctions do not work, although politicians defend the measure’s utility as a tool. Sanctions against Russia that looked crushing in the beginning are now seen as a major disappointment. They failed to stop Russia’s war against Ukraine by undermining the Kremlin’s economic potential and setting the public against the regime. Instead, the sanctions’ side effects are destabilizing the world’s economy and, by extension, its politics.
Why the proposed prisoner swap may not quickly free detainees in Russia: Analysis (ABC News) Secretary of State Antony Blinken announced that the U.S. had put a “substantial offer” on the table for Russia aimed at bringing home two Americans imprisoned in Russia.
Massive queues in Moscow as shoppers take last chance to shop at H&M (the Guardian) Retailer halted operations in Russia after invasion of Ukraine but has reopened for limited time to sell remaining stock
Russian teacher sentenced for telling students about war crimes in Ukraine (The Telegraph) Irina Gen received a five-year suspended sentence and has been barred from working in state schools
Attacks, Threats, and Vulnerabilities
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations (Mandiant) Mandiant attributes the ransomware attack against the Albanian government network in July of 2022 to an Iranian threat actor.
Disruptive Cyberattacks on NATO Member Albania Linked to Iran (SecurityWeek) Evidence suggests that a recent disruptive cyberattack aimed at the Albanian government was conducted by Iranian threat actors.
Taiwan Defense Ministry says DDoS incident briefly took down network after Pelosi visit (The Record by Recorded Future) Taiwan’s Ministry of National Defense said its network was taken offline after a DDoS incident interrupted service for about two hours following a visit to the island from U.S. House Speaker Nancy Pelosi.
Pro-PRC “HaiEnergy” Information Operations Campaign Leverages Infrastructure from Public Relations Firm to Disseminate Content on Inauthentic News Sites | Mandiant (Mandiant) New pro-PRC IO campaign that's disseminating content on inauthentic news sites and fabricating content to discredit critics of the Chinese Government.
As China Tightens Controls on Social Media, Some Users Seek Refuge Under the Radar (Wall Street Journal) A wave of Chinese-speaking users has left the country’s top social-media sites, driven in part by new rules that require users to confirm their identities and display their IP locations.
German Chambers of Industry and Commerce hit by 'massive' cyberattack (BleepingComputer) The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.
'Massive' cyberattack targets the German Chambers of Industry and Commerce (Computing) The impact of the attack is widespread across Germany
Meta cracks down on cyberespionage, warns of 'perception hacking' ahead of midterm elections (ABC News) In a new report from Meta, the social media giant details how it disrupted two espionage operations and removed three networks.
SMBs Exposed to Attacks by Critical Vulnerability in DrayTek Vigor Routers (SecurityWeek) A critical vulnerability that can allow unauthenticated remote code execution affects hundreds of thousands of DrayTek Vigor routers.
Critical Vulnerabilities Allow Hacking of Cisco Small Business Routers (SecurityWeek) Critical vulnerabilities patched by Cisco in its small business routers can be exploited remotely for code execution and DoS attacks.
CyRC Vulnerability Advisory: Local privilege escalation in Kaspersky VPN (Application Security Blog) CVE-2022-27535 is a local privilege escalation vulnerability in Kaspersky VPN Secure Connection for Microsoft Windows.
Ousaban: LATAM Banking Malware Abusing Cloud Services (Netskope) Summary Ousaban (a.k.a. Javali) is a banking malware that emerged between 2017 and 2018, with the primary goal of stealing sensitive data from financial
Microsoft email users targeted in new phishing campaign that can bypass MFA (Computing) Fintech, insurance, accounting, lending and credit union entities in the US, UK, New Zealand and Australia have been targeted in what seems to be an effort to steal funds
DHS warns of critical flaws in Emergency Alert System devices (BleepingComputer) The Department of Homeland Security (DHS) warned that attackers could exploit critical security vulnerabilities in unpatched Emergency Alert System (EAS) encoder/decoder devices to send fake emergency alerts via TV and radio networks.
Known Exploited Vulnerabilities Catalog (CISA) CVE-2022-27924 Zimbra Collaboration (ZCS) Command Injection Vulnerability (2022-08-04) Zimbra Collaboration (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. Apply updates per vendor instructions. [Action no later than] 2022-08-25.
CISA Alert AA22-216A – 2021 top malware strains. (The CyberWire) This joint Cybersecurity Advisory was coauthored by CISA and the Australian Cyber Security Centre, or ACSC. This advisory provides details on the top malware strains observed in 2021.
2021 Top Malware Strains (CISA) Immediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication (MFA). • Secure Remote Desktop Protocol (RDP) and other risky services. • Make offline backups of your data. • Provide end-user awareness and training about social engineering and phishing.
Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021 (Tenable®) International cybersecurity agencies issue a joint alert outlining the top malware strains of 2021. We identified vulnerabilities associated with these strains.
Cybersecurity agencies reveal last year’s top malware strains (BleepingComputer) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a list of the topmost detected malware strains last year in a joint advisory with the Australian Cyber Security Centre (ACSC).
U.S. and Australian security agencies release list of 2021's 'top' malware strains (The Record by Recorded Future) The most commonly seen malware strains in 2021 include Agent Tesla, Qakbot, TrickBot, GootLoader and several others, according to a new list released by CISA and the Australian Cyber Security Centre.
Hackers try to extort survey firm QuestionPro after alleged data theft (BleepingComputer) Hackers attempted to extort the online survey platform QuestionPro after claiming to have stolen the company's database containing respondents' personal information.
An anonymous source leaked 4TB of data from Israeli intelligence company Cellebrite (The Tech Outlook) An anonymous source leaked 4TB of proprietary data from Cellebrite an Israeli digital intelligence company. Cellebrite provides cybersecurity tools for federal, state, and local law enforcement as well as for companies and enterprises. The company provides services to collect, review, analyze, and manage digital data. Cellebrite Universal Forensic Extraction Device, a product of Cellebrite used …
More than 21,000 affected in Healthback data breach (Becker's Hospital Review) Healthback Holdings, an Edmond, Okla.-based home healthcare provider, suffered an email breach that exposed the personal data of more than 21,000 individuals.
Central Maine Medical Center data breach affects 11,938 patients (Becker's Hospital Review) Lewiston-based Central Maine Medical Center filed a data breach notice about a cyberattack that compromised the protected health information of 11,938 patients, JD Supra reported Aug. 1.
Patients begin to learn of data breaches that affected New Mexico health care providers (New Mexico Inno) Over the past month, New Mexico health care providers have begun to notify patients that some personal identifying information may have been accessed by unauthorized third parties.
Thousands affected by cyberattack on P.E.I.'s Confederation Centre of the Arts (CBC) The investigation of a cyberattack on Prince Edward Island's Confederation Centre of the Arts earlier this year has found that about 3,000 individuals were affected.
Security Patches, Mitigations, and Software Updates
Inductive Automation Ignition (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Inductive Automation Equipment: Ignition Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain file contents.
Digi ConnectPort X2D (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Digi International, Inc. Equipment: ConnectPort X2D Gateway Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious actions resulting in code execution.
Cisco Releases Security Updates for RV Series Routers (CISA) Cisco has released security updates to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Trends
One-third of organizations experience weekly ransomware attacks (Security Magazine) One-third of organizations experience at least one ransomware attack per week, with 9% of enterprises experiencing one daily, according to a report from Menlo Security.
Marketplace
KnowBe4 Announces the Establishment of KnowBe4 Ventures (Business Wire) KnowBe4 Inc (Nasdaq: KNBE), the provider of the world’s largest security awareness training and simulated phishing platform, has announced the formati
Cybersecurity Company Lumu Raises $8M, Signs Partnership with KnowBe4, the World's Largest Integrated Platform for Security Awareness Training (Yahoo Finance) Lumu, creators of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real time, today announced it has closed an $8 million investment round, bringing total funding to $15.5 million. Led by Panoramic Ventures, the investment will serve as growth capital for sales and marketing initiatives to further Lumu's mission of helping organizations operate cybersecurity proficiently. Other investors include KnowBe4 Ventures, Lane Bess, former Zsca
Talon Cyber Security Announces $100M in Series A Funding to Redefine Security for the Future of Work - Talon Cyber Security (Talon Cyber Security) Capitalizing on Unprecedented Market Need and Traction, Investment to Accelerate Adoption of Secure Enterprise Browser TEL AVIV, Israel—August 4, 2022 – Talon Cyber Security, the leading secure enterprise browser provider, today announced $100 million in Series A funding, led by Evolution Equity Partners, with participation from Ballistic Ventures, CrowdStrike’s Falcon Fund, Merlin Ventures, SYN Ventures...
Axio Raises $23 Million Series B Investment Round Led by ISTARI (Business Wire) Axio, the SaaS leader in cyber risk quantification solutions, today announced the raise of a $23 million Series B investment round. The round is led b
BitSight Announces Intent to Acquire ThirdPartyTrust to Simplify and Modernize Third-Party Risk Management Throughout the Entire Vendor Lifecycle (PR Newswire) BitSight, the Standard in Security Ratings, announced today its intent to acquire ThirdPartyTrust, a comprehensive Third-Party Risk Management...
IT security company ZeroFox goes public despite concerns over market conditions (SC Magazine) Security industry analysts pointed out that ZeroFox may be the only “pure” cyber threat intelligence (CTI) company to have ever gone public.
Can Cybersecurity Bring Back The Missing Software IPO? (SeekingAlpha) ZeroFox Holdings begins trading on the Nasdaq on Thursday, following its SPAC merger with L&F Acquisition at an enterprise value of $1.3 billion. Read more here.
Why Mark Zuckerberg and Sundar Pichai Are Worried About Productivity (The Information) Executives at Facebook parent Meta Platforms and Google parent Alphabet are feeling the pressure, so they’re giving employees a kick in the pants. After years of rapid hiring, productivity at the tech giants is suffering, as revenue and free cash flow per employee decline. The reason for falling ...
Defending NSO Group an easy fit for pro-Israel Democratic lobbyist (Mondoweiss) Well-known lobbyist Steve Rabinowitz has only been able to maintain his reputation as a progressive due to Washington’s cognitive dissonance on Israel.
ESET Australia head of sales Luke Holland departs (CRN Australia) After more than two years in the role.
Backstop Solutions appoints Michael Neuman as the firm’s first Chief Information Security Officer (Backstop Solutions) Backstop has announced the appointment of Michael Neuman as the company’s first Chief Information Security Officer (CISO). Read the press release now!
Products, Services, and Solutions
New infosec products of the week: August 5, 2022 (Help Net Security) The featured infosec products this week are from: Claroty, Fortinet, Qualys, Scrut Automation, Sony, and VIPRE Security.
OpenText Unveils Cloud Editions 22.3, Unleashing Exponential Innovation as Project Titanium Roadmap Takes Off (PR Newswire) Today, OpenText™ (NASDAQ: OTEX), (TSX: OTEX), announced Cloud Editions 22.3 (CE 22.3). Building on its 90-day release cycles for new...
Seraphic Launches Enterprise-Grade Browser Security Solution (Seraphic) Seraphic Launches First-of-its-Kind, Enterprise-Grade Browser Security and Governance Solution that Works Across Any Browser
ConnectWise Brings Home the Gold in Three ChannelPro SMB Readers’ Choice Award Categories (GlobeNewswire News Room) ChannelPro readers name ConnectWise Best PSA Vendor for fourth year in a row; Company also awarded gold for Best RMM Vendor and Best Quoting Vendor...
Palo Alto debuts Unit 42 team for managed detection and response (CSO Online) Live expert service builds on Palo Alto’s Cortex extended detection and response (XDR) platform provide, offering a managed detection and response (MDR) team for more personalized cybersecurity management and incident response.
Technologies, Techniques, and Standards
Software Will Likely Decide Who “Wins the Next War” (Warrior Maven: Center for Military Modernization) Software upgrades, increasingly able to increase performance, security and precision without needing to completely rebuild new hardware configurations, continues to explode with success across DoD
Cyber insurance guidance outlines how firms can be protected in the event of a cyber attack (The Law Society) To help the legal profession renew or purchase cyber insurance, the Law Society of England and Wales has today published revised and updated guidance outlining how firms can cover costs and losses in the event of a cyber attack.
Cyber threats targeting community and health organisations (Lexology) Since reporting began in 2018, the health sector has been in the number one or two spot for data breaches, compared with other industries such as…
FIRST Releases Traffic Light Protocol Version 2.0 with important updates (FIRST — Forum of Incident Response and Security Teams) The Forum of Incident Response and Security Team (FIRST) has updated the globally renowned Traffic Light Protocol (TLP) for the cybersecurity industry - a vital system used by organizations all around the world to share sensitive information. The new version of the TLP results from a thorough consultation with over 50 security industry experts over three years with the goals to standardize, unify and modernize the content and language and provide improved supporting materials.
Legislation, Policy, and Regulation
Classic Internet Censorship (New York Times) New regulations in Indonesia show that strict online controls are no longer confined to autocratic countries like China.
Money and Partnerships Matter in Cybersecurity (The Cipher Brief) TCB Expert and Fmr Exec Dir of the Cyberspace Solarium Commission Mark Montgomery explains how money and partnerships matter in cyber
Seeing the Dots, Connecting the Dots: How Government Can Unify Cybersecurity Efforts (Lawfare) The U.S. is the largest cybersecurity services market in the world, yet cybersecurity vendors servicing the defense industrial base have not been leveraged at scale to support U.S. national security. To effectively tap into the domestic cybersecurity ecosystem, Congress should enact legislation to establish a marketplace of accredited cybersecurity vendors that defense industrial base companies would be contractually required to use.
Precise National Cyber Metrics Could Guide Real Change (GovTech) The U.S needs defined metrics and more data about cyber happenings across the nation, experts say. Otherwise, it’ll struggle to understand which practices and policies are most effective and where to invest more heavily.
Proposed New Data Security Rules Could Prove Duplicative, Forcing Banks to Turn Over Dangerous Amounts of Secured Data (JD Supra) An amendment to the National Defense Authorization Act passed by the House in July would create a “systemically important entity” designation,...
Opinion: The intellectual mistakes that crippled U.S. cyber policy (CyberScoop) The U.S. will never successfully address cyberspace attacks against the U.S. private sector if it considers it outside the Pentagon’s purview.
New York Becomes First State to Mandate CLE in Cybersecurity, Privacy and Data Protection (LawSites) New York has become the first U.S. state to mandate that attorneys take continuing legal education courses in cybersecurity, privacy and data protection. Under the new requirement, all attorneys must...
Litigation, Investigation, and Law Enforcement
Federal courts left Americans' data exposed, senator tells Supreme Court chief justice (CyberScoop) Sen. Ron Wyden said privacy rules aren't being followed, putting thousands of Americans at risk of having their most sensitive data exposed.
Sen. Wyden to chief justice: Americans’ sensitive data exposed by courts (The Record by Recorded Future) Senator Ron Wyden urged Court Chief Justice John Roberts to take action in a Thursday letter.