Dateline
Ukraine at D+166: Cyberespionage campaign is interested in both sides. (CyberWire) Long-range Ukrainian fires hit military targets in Crimea, and Ukrainian partisan activity in the occupied territory rises. A threat actor--and signs point to Chinese intelligence--is conducting cyberespionage against industrial targets in Russia, Belarus, and Ukraine.
Russia-Ukraine war: List of key events, day 167 (Al Jazeera) As the Russia-Ukraine war enters its 167th day, we take a look at the main developments.
Russia-Ukraine war: what we know on day 167 of the invasion (Guardian) US to provide another $4.5bn to Ukraine; Moscow suspends nuclear arms inspections under treaty with Washington
Russia-Ukraine war live news: Moscow suspends US inspections of nuclear arsenal; Ukraine reports intense shelling in Donbas (the Guardian) Ukraine says it arrested Russian intelligence agents planning to carry out three murders; Russia says sanctions mean it won’t restart arms inspection program
A nuclear power plant twice the size of Chernobyl has been shelled, sparking fears of a 'catastrophe' (NBC News) U.N. Secretary-General Antonio Guterres called for international inspectors to be given access to the Russian-controlled site, saying, “Any attack to a nuclear plant is a suicidal thing.”
Russia suspends US inspections of its nuclear weapons arsenal (the Guardian) Moscow blames Ukraine war sanctions for preventing mutual inspection of its nuclear arms under New Start treaty
Russian TV airs nuclear missile warning for U.S., Britain (Newsweek) Panelist on Vremya Pokazhet (Time Will Tell) Yuri Kot said missiles could hit Washington or London, as fears about a possible nuclear escalation grow.
Russia Has Suffered Up to 80,000 Military Casualties in Ukraine, Pentagon Says (Military.com) Russia is believed to have had 70,000 to 80,000 troops killed or wounded in fighting since it invaded Ukraine in February, a top Pentagon official confirmed Monday.
Ukrainian resistance grows in Russian-occupied areas (AP NEWS) n a growing challenge to Russia's grip on occupied areas of southeastern Ukraine, guerrilla forces loyal to Kyiv are killing pro-Moscow officials, blowing up bridges and trains, and helping the Ukrainian military by identifying key targets.
Ukraine partisans can block Russia's August "referendums": front-line mayor (Newsweek) Melitopol Mayor Ivan Fedorov told Newsweek guerrilla fighters would make the planned rigged vote "impossible."
Russia lures ‘volunteer’ army recruits with high salaries to make up for battlefield losses (The Telegraph) Local media reports say regional officials have offered troops up to £2,800 per deployment, the same as six months’ pay for a regular worker
Accounting of bodies in Bucha nears completion (Washington Post) After months of meticulous, painful and at times gruesome investigation, officials in Bucha said Monday that they had reached what may be the closest they will get to a final accounting of victims of the murderous rampage by Russian troops that set off worldwide outrage over alleged atrocities: 458 bodies, of which 419 bore markings they had been shot, tortured or bludgeoned to death.
Cyberspying Aimed at Industrial Enterprises in Russia and Ukraine Linked to China (SecurityWeek) A cyberespionage operation aimed at industrial enterprises and public institutions in Russia and Ukraine has been linked to a Chinese threat actor.
China-linked spies used six backdoors to steal defense info (Register) We're 'highly likely' to see similar attacks, Kaspersky warned
How Anton Gerashchenko is waging an ‘information war’ against Russia (The Record by Recorded Future) Over the last several months, Anton Gerashchenko has been on a mission to expose people living in Russia to the realities of the war in Ukraine.
How YouTube Keeps Broadcasting Inside Russia’s Digital Iron Curtain (Wall Street Journal) Russia has fined Google’s video site hundreds of millions of dollars but hasn’t blocked its access, allowing the country’s citizens to view one of the few sources of independent information about the war in Ukraine.
Deepfakes Grow in Sophistication, Cyberattacks Rise Following Ukraine War (Dark Reading) A rising tide of threats — from API exploits to deepfakes to extortionary ransomware attacks — is threatening to overwhelm IT security teams.
Russian disinformation spreading in new ways despite bans (Washington Post) After Russia invaded Ukraine last February, the European Union moved to block RT and Sputnik, two of the Kremlin’s top channels for spreading propaganda and misinformation about the war.
Fact Check: Is North Korea sending 100K soldiers to fight against Ukraine? (Newsweek) Several Western media outlets repeated the claim about the alleged Kim Jong Un offer of support to Putin, but what is the basis for the claim?
Live Ukraine war: Russia launches Iranian satellite 'to spy on Ukraine' (Telegraph) An Iranian satellite launched by Russia blasted off from Kazakhstan early this morning and went into orbit amid fears Moscow might use it to improve its surveillance of military targets in Ukraine.
U.S. to Send Ukraine More Weapons in Latest Round of Aid (New York Times) The new shipments, coming directly from the Pentagon’s stockpiles, will bring the total amount of U.S. military aid to more than $9 billion. The World Bank announced an additional $4.5 billion in financing for Ukraine’s government through a U.S.A.I.D. grant.
Ukraine Could Get Western Fighters, Pentagon Official Says—‘Down the Road’ (Air Force Magazine) While Ukraine continues to push for Western fighters like the F-16, the U.S. is not putting the most immediate priority on the issue.
Stop Tiptoeing Around Russia (Foreign Affairs) It is time to end Washington’s decades of deference to Moscow.
China’s New Vassal (Foreign Affairs) The war in Ukraine turned Moscow into Beijing’s junior partner.
Germany Has Confronted Its Past. Now It Must Confront the Present. (Foreign Policy) Accepting—or rejecting—historical guilt for past evils doesn’t absolve nations of present-day responsibility.
Georgia’s Ruling Party Is Tanking Its Own NATO Bid (Foreign Policy) Accusing the U.S. ambassador of blackmail is just the start.
U.S. Issues Warrant to Seize Sanctioned Russian Oligarch’s $90 Million Private Jet (Wall Street Journal) A judge has authorized U.S. prosecutors to seize a $90 million Airbus plane owned by sanctioned Russian oligarch Andrei Skoch, federal prosecutors in Manhattan said on Monday.
Attacks, Threats, and Vulnerabilities
Chinese hackers attack National Taiwan University's website; warn of more cyber-strikes (Republic World) With Chinese military drills taking place in background, Taiwan has seen an increase in cyberattacks, with National Taiwan University being most recent victim.
Meta Disrupted Two Cyberespionage Operations in South Asia (SecurityWeek) Facebook’s parent company says it has taken action against two cross-platform cyberespionage networks operating out of South Asia.
Meta Takes Action Against Cyber Espionage Operations Targeting Facebook in South Asia (Infosecurity Magazine) The groups' attacks were reportedly relatively low in sophistication but persistent and well-resourced
Notorious Lazarus Group Attempted Cyber-Attack, Alleges deBridge Co-Founder (CryptoPotato) The suspicious emails consisted of a malicious file that would collect information from the infected machine and send it to the attacker.
Twilio hacked by phishing campaign (TechCrunch) TechCrunch has learned that the same actor also targeted another U.S. internet company and several international IT companies.
Twilio, a texting platform popular with political campaigns, reports breach (CyberScoop) The company says it became aware of the hack on Aug. 4 but it declined to say how many customers were affected by the incident.
Twilio Hacked After Employees Tricked Into Giving Up Login Credentials (SecurityWeek) Twilio has been hacked by a relentless threat actor who successfully tricked employees into giving up login credentials that were then used to steal third-party customer data.
Hackers Compromise Employee Accounts to Access Twilio Internal Systems (HackRead) Twilio says the threat actors behind the attack had “sophisticated abilities to match employee names from sources with their phone numbers.”
Incident Report: Employee and Customer Account Compromise - August 4, 2022 (Twilio Blog) On August 4, 2022, Twilio identified accounts of employees who were compromised by a social engineering attack. The attacker then gained access to data for a limited number of customers.
Open Redirect Flaws in American Express and Snapchat Exploited in Phishing Attacks (SecurityWeek) Open redirect vulnerabilities in American Express and Snapchat were exploited in phishing attacks for months.
Windows devices with newest CPUs are susceptible to data damage (BleepingComputer) Microsoft has warned today that Windows devices with the newest supported processors are susceptible to "data damage" on Windows 11 and Windows Server 2022.
10 Malicious Code Packages Slither into PyPI Registry (Dark Reading) The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute malware in software supply chain attacks.
How older security vulnerabilities continue to pose a threat (TechRepublic) Security flaws dating back more than 10 years are still around and still pose a risk of being freely exploited, says Rezilion.
Data of thousands of immigrants under risk as Canada discovers privacy breach (The Economic Times) International students, whose permits expired or will expire between September 20th, 2021 and December 31, 2022 would be able to avail the new extension. These students would be eligible to receive an additional open work permit of 18 months.
A new SolidBit ransomware variant targeting users of games, social media (The HinduBusinessline) Experts at Trend Micro say SolidBit ransomware is compiled using .NET and is actually a variant of Yashma ransomware
Slack admits to leaking hashed passwords for five years (Naked Security) “When those invitations went out… somehow, your password hash went out with them.”
Email marketing firm hacked to steal crypto-focused mailing lists (BleepingComputer) Email marketing firm Klaviyo disclosed a data breach after threat actors gained access to internal systems and downloaded marketing lists for cryptocurrency-related customers.
Hacker Finds Kill Switch for Submachine Gun–Wielding Robot Dog (Vice) The submachine gun–firing robot dog can be remotely shut down with an AI dolphin branded hacker’s tool.
Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore (The Hacker News) A sophisticated scam-as-a-service scheme known as Classiscam is now targeting Singapore.
NCC warns users on new ways hackers infiltrate, jeopardise privacy through Google Play Store (Daily Post Nigeria) The Nigerian Communications Commission's Computer Security Incident Response Team (NCC-CSIRT) has flagged a new malware, HiddenAds, which has infiltrated
NHS Cyber-Attack Delays Ambulances (Infosecurity Magazine) Digital supplier hit by suspected ransomware
Zero-Day Bug Responsible for Massive Twitter Breach (Infosecurity Magazine) Over five million accounts were exposed
Twitter Confirms Zero-Day Security Breach Exposed Anonymous Accounts (CPO Magazine) A July security breach at Twitter that resulted in the hidden profile information of anonymous accounts being exposed was confirmed to be the result of a zero-day exploit, according to Twitter’s HackerOne bug bounty program.
New Orchard Botnet Uses Bitcoin Founder’s Account Info to Generate Malicious Domains (The Hacker News) A new botnet named Orchard has been observed using Bitcoin creator Satoshi Nakamoto's account transaction information to generate domain names.
Orchard botnet uses Bitcoin Transaction info to generate DGA domains (Security Affairs) Experts spotted a new botnet named Orchard using Bitcoin creator Satoshi Nakamoto’s account information to generate malicious domains. 360 Netlab researchers recently discovered a new botnet named Orchard that uses Satoshi Nakamoto’s Bitcoin account (1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa) transaction information to generate DGA domain name. “Another change relates to the use of the DGA algorithm employed in the […]
Data breach at Booster SuperScheme (NBR) The National Business Review Online is New Zealand's authority in breaking business news and analysis.
Black hat SEO operators sabotage PH news sites with toxic backlinks (RAPPLER) EXCLUSIVE: Spammy domains have been attacking news websites with toxic backlinks since late 2021. A possible motive: to get these sites downranked in search results.
7-Eleven Closes Stores in Denmark After Hacker Attack (SecurityWeek) Convenience store chain, 7-Eleven, said that it had closed its outlets in Denmark after a suspected hacker attack knocked out their cash tills.
Trends
Pipeline Operators Are Headed in the Right Direction, With or Without TSA's Updated Security Directives (Dark Reading) A worsening threat landscape, increased digitization, and the long-term positive effects of modern security strategies are pushing critical infrastructure operators to do better.
Dragos Industrial Ransomware Analysis: Q2 2022 | Dragos (Dragos | Industrial (ICS/OT) Cyber Security) Based on our ongoing threat analysis, ransomware groups continue to target industrial organizations & disrupt operational technology (OT) operations in Q2 2022.
Ransomware, email compromise are top security threats, but deepfakes increase (CSO Online) While ransomware and business email compromise are leading causes of cybersecurity threats, geopolitics and deepfakes play an increasing role, according to reports from VMware and Palo Alto.
Data privacy regulation a top three challenge for IoT adopters (Help Net Security) While IoT security is becoming less challenging than it used to be, companies are facing growing fears over data privacy issues.
What Black Hat USA 2022 attendees are concerned about (Help Net Security) When asked about the threats and challenges of greatest concern today, 39% of Black Hat USA 2022 attendees in the survey cited phishing.
The World Is Moving Beyond Big Data, According to Ocient Survey of 500 Data and Technology Leaders (Business Wire) Ocient, the leading hyperscale data analytics solutions company serving organizations that derive value from analyzing trillions of data records in in
Marketplace
Australian first as cybersecurity company becomes B Corp (Pro Bono Australia) B Corp Australia has welcomed Phronesis Security, which has funded anti-malaria bed nets, scholarships and carbon offsets.
Flashpoint acquires Echosec Systems, elevates OSINT capabilities (IT Brief Australia) Flashpoint has acquired Echosec Systems, a provider of open-source intelligence and publicly available information.
Booz Allen says acquisition aimed at Lockheed, Raytheon, ‘billions’ in contracts (Defense News) "The government’s narrative is not only inaccurate — it makes no sense," reads one document filed in Maryland federal court.
Fortune and Great Place to Work® Name Forward Networks One of the 2022 Best Small Workplaces™, Ranking #20 Nationally (PR Newswire) Great Place to Work® and Fortune magazine have honored Forward Networks as one of the 2022 Best Small Workplaces. This is Forward Networks'...
Brillio Appoints Camie Shelmire as Chief People Officer (APN) Industry veteran joins from Capgemini to drive the company’s rapid growth
Products, Services, and Solutions
HYAS Unveils New Tool for Continuous DNS Monitoring (SecurityWeek) Canadian security firm HYAS Infosec has released a new DNS protection tool dubbed HYAS Confront that was designed to provide clear visibility into DNS transactions into production networks
Balbix Announces New Integrations with ServiceNow to Further Automate and Improve Cyber Risk Quantification (PR Newswire) Balbix, the leader in cybersecurity posture automation, announced today new integrations with ServiceNow (NYSE: NOW), the leading digital...
Emerson and Nozomi Networks partners to meet demand for OT security (ITP.net) The agreement combines Nozomi Networks’ OT & IoT security and visibility capabilities with Emerson’s DeltaV distributed control system (DCS), consulting and professional services.
Ohio cybersecurity firm licenses CyberKnight software from US Navy (TechLink) A fast-growing cybersecurity company recently signed a patent license agreement with the U.S. Navy for a security compliance checker known as CyberKnight.
NetRise Platform provides continuous monitoring of XIoT firmware vulnerabilities (Help Net Security) NetRise released the NetRise Platform, which is providing insights into shared vulnerabilities across XIoT firmware images in an organization.
Serenity Shield Launches First Cryptographic Sensitive Data Storage and Succession Solution on Blockchain (Yahoo) Serenity Shield, a decentralized application platform that offers an innovative, revolutionary approach to crypto inheritance and secure storage solutions for sensitive data, is launching the Minimum Viable Product (MVP) of its StrongBox®. The MVP is already available (email to register: beta-dapp@serenityshield.io) and the final solution will be implemented further, offering full usage of the StrongBox®. ⦁ store, preserve, and restore their data in case of loss of access to their sensitive information.
Cybersixgill Delivers the Industry’s First End-to-End Vulnerability Exploit Intelligence Solution (Cybersixgill) Cybersixgill, the leading threat intelligence provider, announced today its new Dynamic Vulnerability Exploit (DVE) Intelligence solution, delivering the cybersecurity industry’s first end-to-end intelligence across the entire Common Vulnerabilities and Exposures (CVE) lifecycle.
Nucleus Security Achieves FedRAMP in Process While Accelerating Federal Adoption (Business Wire) Adoption of NucleusGov accelerates within the federal government with FedRAMP in-process status achieved.
Cyral Debuts New Features to Secure Data Democratization, Prevent Data Leaks (GlobeNewswire News Room) Data security leader fortifies databases with new features, including MFA, data masking, and application-level network constraints...
Cado Security Launches Free Community Edition (Business Wire) Cado Security, provider of the cloud investigation platform, today announced a free Community Edition of its Cado Response platform. The Cado Response
Contrast Security's API Security Solution Further Enhances Protection Against Vulnerabilities and Zero Day Attacks (PR Newswire) Contrast Security (Contrast), the leader in code security that empowers developers to secure as they code, today announced its enhanced...
Mimecast Announces Mimecast X1™ Platform Providing Customers with Advanced Email and Collaboration Security to Work Protected (Mimecast) Platform engineered to empower organizations to mitigate risk and manage complexities with easy-to-deploy cybersecurity solutions
The Anomali Platform Advances Intelligence-Driven Detection and Response Capabilities and Prevents Business Disruptions While Optimizing Security Expense (Business Wire) Anomali, the leader in intelligence-driven cybersecurity solutions, announced the general availability today of its quarterly platform update to meet
Cycode Launches Next-gen SCA Featuring Full Pipeline Composition Analysis to Deliver Complete Software Supply Chain Security (GlobeNewswire News Room) Addition of SCA, SAST and container scanning consolidates and improves the top eight AppSec tools on Cycode’s market-leading platform Enables AppSec teams...
Expel Unveils Threat Research and Cloud Detection, Response and Remediation Capabilities and Resources (Expel) Quarterly Threat Report and defender’s cheat sheet for Google Cloud Platform help organizations stay ahead of cybersecurity threats
MITRE ATT&CK in GCP (Expel) A handy resource to help you identify potential attacks in GCP and map them to MITRE ATT&CK tactics.
Technologies, Techniques, and Standards
NIST’s Post-Quantum Cryptography Standards (Schneier on Security) Quantum computing is a completely new paradigm for computers. A quantum computer uses quantum properties such as superposition, which allows a qubit (a quantum bit) to be neither 0 nor 1, but something much more complicated. In theory, such a computer can solve problems too complex for conventional computers.
Researchers ask Census to stop controversial privacy method (AP NEWS) Prominent demographers are asking the U.S. Census Bureau to abandon a controversial method for protecting survey and census participants' confidentiality, saying it is jeopardizing the usability of numbers that are the foundation of the nation's data infrastructure.
SBOM formats SPDX and CycloneDX compared (CSO Online) Understanding the differences between these widely used software bill of materials format standards is important, but your tools will likely need to support both.
Lawyers may be limiting threat info sharing (GCN) A new study examines how attorney-client privilege and work product immunity impacts cybersecurity.
Design and Innovation
NSA Launches New Codebreaker Challenge for 2022 (National Security Agency/Central Security Service) Today, National Security Agency kicks off the 2022 NSA Codebreaker Challenge which gives participants an opportunity to sharpen their technical skills through, mission-centric scenarios, similar to
Microsoft Turns a Double Flip-Flop Over Malware Macros (TechHQ) Microsoft has been a a battle for most of the year, after discovering that macros - a key part of its Office package - can carry malware.
Research and Development
IU cybersecurity researchers awarded grants to protect data, privacy (News at IU) The effort is one of two federally supported cybersecurity projects involving IU researchers.
Academia
Illuminate Ed Pulled from ‘Student Privacy Pledge’ After Massive Data Breach (The 74 Million) The unprecedented move follows allegations that Big Tech’s self-regulatory effort has failed to hold companies accountable for security lapses
DHS Grant Offers Free Cybersecurity Training to Veterans and Military Spouses (ClearanceJobs) A new DHS grant intends to train veterans and their spouses for free with the cybersecurity skills needed in this high demand digital time.
Lack of oversight raises questions about how cyber attacks are prevented at Middle Tennessee schools (WSMV) Investigative reporter Lindsay Bramson found out there’s no oversight when it comes to cyber attacks in Tennessee schools.
Legislation, Policy, and Regulation
Prescribing a New Paradigm for Cyber Competition (War on the Rocks) Michael P. Fischerkeller, Emily O. Goldman, and Richard J. Harknett, Cyber Persistence Theory: Redefining National Security in Cyberspace (Oxford
Lawmakers propose changes to SBIR as program renewal deadline nears (Breaking Defense) However the tech-focused small business program proceeds, some lawmakers are calling for change in how SBIR operates, according to documents obtained by Breaking Defense.
Senate Questions How Pentagon Uses 'Controlled Unclassified Information' Label (USNI News) The Senate is raising questions about how the Pentagon uses a label for unclassified information that some officials say makes it more difficult to access public information. In its version of the Fiscal Year 2023 National Defense Authorization Act, the Senate Armed Services Committee wants to better define how the Defense Department can use the …
In Army, worry follows Senators' proposed cuts to network, comms upgrades: Official (Breaking Defense) The cuts suggested by the committee will set back progress made by the Army on its network and radio modernization efforts, a service official told Breaking Defense.
New York State Department of Financial Services Meaningfully Rachets Up Cyber Requirements with New Draft Amendments (Gibson Dunn) On July 29, 2022, the New York Department of Financial Services released Draft Amendments to its Part 500 Cybersecurity Rules; the Draft Amendments would update the Cybersecurity Rules in a manner consistent with the “catalytic” role it took in 2017 as the first state to codify certain cybersecurity best practices and guidance into explicit regulatory requirements for covered entities.
Don’t Forget About Other Data Laws When It Comes to Connecticut Privacy Requirements (The National Law Review) While the federal government attempts to move forward with a more uniform national law, Connecticut joined California, Colorado, Utah, and Virginia in passing a comprehen
Social media is polluting society. Moderation alone won’t fix the problem (MIT Technology Review) Companies already have the systems in place that are needed to evaluate their deeper impacts on the social fabric.
Litigation, Investigation, and Law Enforcement
RCMP has used spyware to access targets’ communications as far back as 2002: Senior Mountie (Global News) RCMP Commissioner Brenda Lucki told Commons ethics committee in a written document Monday that use of controversial spyware is ‘extremely limited’ to serious cases.
RCMP says it has not used Pegasus spyware (POLITICO) Canada's national police force acknowledges it has used spyware to hack 49 mobile devices since 2017, and similar technology has been in use for two decades.
U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash (U.S. Department of the Treasury) Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer Tornado Cash, which has been used to launder more than $7 billion worth of virtual currency since its creation in 2019.
U.S. Sanctions Crypto Platform Tornado Cash, Says It Laundered Billions (Wall Street Journal) The Treasury Department accuses the firm of laundering more than $7 billion in virtual currency in the past few years.
Treasury Dept. blacklists crypto platform used in money laundering. (New York Times) The crackdown was the government’s latest effort to rein in the crypto industry.
Treasury penalizes crypto service that laundered funds for North Koreans (Washington Post) Tornado Cash, a crypto ‘mixer,’ has laundered more than $7 billion worth of digital assets since its launch in 2019
U.S. sanctions Tornado Cash cryptocurrency mixer (The Record by Recorded Future) The U.S. blacklisted Tornado Cash Monday, adding the virtual currency mixer to a sanctions list for allegedly helping launder the proceeds of cybercrimes — including nearly half a billion dollars stolen by the North Korean state-sponsored Lazarus Group.
Truss' Foreign Office ahead in the data breach stakes (The New European) There is one area in which Rishi Sunak leads Liz Truss - the lack of data breaches reported in his former department
Privacy and antitrust experts voice concerns over Amazon's Roomba acquisition (Computing) But blocking the $1.7bn deal won't be easy
California hospital system reaches $340K settlement over data breach (Becker's Hospital Review) Salinas (Calif.) Valley Memorial Healthcare System agreed to pay $340,000 as part of a class-action settlement over claims its security system did not protect patients from a data breach, according to court documents.
Councillor concerned about 'bizarre circumstances' which led to data breach claims (Northern Times) Personal details about north patients and staff were received by Thurso man in an NHS Highland file