Dateline Moscow, Kyiv, and Minsk: Annexation as a way out for Russia?
Russia’s Repeat Failures (Foreign Affairs) Moscow’s new strategy in Ukraine is just as bad as the old one.
Ukraine at D+172: Regrouping along the Dnipro. (CyberWire) As Russian command elements withdraw east across the Dnipro River, Russian war aims become increasingly clear. Cyber threat actors Shuckworm and Killnet continue to hack (recently with indifferent success) in the Russian interest.
Russia-Ukraine war: what we know on day 172 of the invasion (the Guardian) Volodymyr Zelenskiy warns Russian troops against shooting from nuclear plant; blasts heard in Melitopol; Ukraine claims to have shot down Russian fighter jet
Russia-Ukraine war: what we know on day 173 of the invasion (the Guardian) Ukrainian forces report heavy Russian shelling in Donetsk; Moscow ‘likely to be in advanced stages of planning referendum for Donetsk to join Russia’
Russia-Ukraine war: Moscow’s forces attempt advance in Donetsk; Putin vows to expand relations with North Korea – live (the Guardian) Two people in serious condition after attack on Kharkiv; Vitali Klitschko talks about ‘harsh realities’ facing residents
What happened in the Russia-Ukraine war this week? Catch up with the must-read news and analysis (the Guardian) Fears over escalating crisis at Zaporizhzhia nuclear plant; Russian airbase deep behind frontline in Crimea damaged; anger over Amnesty report
Ukraine says it will target Russian soldiers at Zaporizhzhia nuclear power plant (the Guardian) Volodymyr Zelenskiy vows troops based at Europe’s largest nuclear plant will become ‘special targets’
Russia rejects UN calls for demilitarised zone around Ukraine nuclear plant (the Guardian) IAEA warns of ‘grave hour’ amid fresh shelling of Zaporizhzhia plant, with region set to become new frontline
‘A referendum is not right’: occupied Kherson looks to uncertain future (the Guardian) People in Russian-controlled region of Ukraine describe nervous atmosphere over Moscow’s next steps
Russia leaves 20,000 soldiers stranded in tactical withdrawal to the east (The Telegraph) Mykolayiv governor apologises to ‘stupid orcs’ now isolated on Dnipro’s west bank as MoD says they will be unable to defend their position
On the Kherson front lines, little sign of a Ukrainian offensive (Washington Post) Waiting on weapons deliveries, Ukrainian gains on the ground have stalled
Russians detain their own former spy chief on route to front line (The Telegraph) Igor Girkin was travelling on a fake passport after becoming frustrated with the the slow progress of the conflict
Russia’s Gone Nuclear in Ukraine—With Power Plants, not Missiles (Foreign Policy) The United States and United Nations have told Moscow to stop holding Europe’s biggest nuclear reactor hostage.
Ukraine accuses Russia of firing from Zaporizhzhia power station (The Telegraph) Russia's former president Dmitry Medvedev has issued a veiled threat to Ukraine's Western allies who have accused Russia of creating the risk of a nuclear catastrophe by stationing forces around the Ukrainian Zaporizhzhia power station.
Will an Attack on Crimea Change the Course of the Ukraine War? (Foreign Policy) Kyiv has shown that it can hit far behind enemy lines, but putting Crimea in play may deal a psychological blow without altering the territorial…
Ukrainian minister says Russia blocking access to medicines (AP NEWS) Ukraine’s health minister has accused Russian authorities of committing a crime against humanity by blocking access to affordable medicines in areas its forces have occupied since invading the country 5 1/2 months ago.
Tracking the Faceless Killers who Mutilated and Executed a Ukrainian POW (bellingcat) In a series of gruesome videos, a man wearing a cowboy hat mutilates a Ukrainian prisoner of war before murdering him. Open source evidence suggests the involvement of a Chechen-led paramilitary group.
Yevhen Pronin: ‘If we do not kill them, they can kill our children’ (the Guardian) The acting president of Ukraine’s Athletics Federation has such a reputation for flying drones against Russian targets that he has a bounty on his head
Putin’s resolve hasn’t collapsed. He may be planning his most outrageous gambit yet (The Telegraph) Be prepared for Russia to halt hostilities and exploit European weakness in a brazen attempt to secure many of its objectives
Putin is redrawing the Iron Curtain. Europe’s geography tells us why (The Telegraph) War reveals many things, mostly tragic. Among them is how geography continues to have the power to cause conflicts, and to influence both how they are fought and their terrible consequences. The Ukraine–Russia conflict now takes its place in a grim pantheon of examples.
In Lukashenko’s dictatorship, enemies are shamed and the West is shunned (Washington Post) Despite a barrage of Western sanctions that followed Alexander Lukashenko’s claim of victory in a fraudulent presidential election two years ago, the Kremlin-backed dictator of Belarus continues to brutally — and bizarrely — repress political dissent.
BELARUS : Lukashenko fantasises about militarising the KGB (Intelligence Online) The Belarusian leader, continuing his tour of security structures to be reformed, intends to overhaul the intelligence agency that serves as the cornerstone of the regime.
Russia’s Brutal Honesty Has Destroyed the West’s Appeasers (Foreign Policy) Yet plenty of Western intellectuals and politicians still ignore what Moscow is saying loud and clear.
How to Prosecute Russia’s War Crimes (Foreign Policy) A new initiative centers justice in Ukraine itself.
“Don't treat our children like dogs!” Russia's military prosecutor's hacked archive reveals true state of affairs at the front (The Insider) The Insider has in its possession an archive of complaints addressed to the Russian military prosecutor's office, which reflects the true state of affairs during the war in Ukraine. Conscripts have been deceived or coerced into the war zone, soldiers have not been provided with normal food or medical care, contract servicemen have been deliberately violating every military regulation in order to be dismissed from service, and parents cannot obtain any information on whether their children have been taken prisoner or killed in action. From the Russian citizens' complaints one can also learn about the looting and atrocities perpetrated by Russian soldiers.
«Нам пообещали, что полгода — и амнистия». «Медиазона» поговорила с заключенным, вступившим в «ЧВК Вагнера» (Медиазона) На прошлой неделе «Медиазона» поговорила с заключенными из Ярославской и Тульской областей, которые рассказали, что в их...
Shuckworm: Russia-Linked Group Maintains Ukraine Focus (Symantec) Infostealer appears to be payload in recent activity aimed at Ukrainian organizations.
Killnet Releases 'Proof' of its Attack Against Lockheed Martin (SecurityWeek) Without a comment from Lockheed Martin or proof from Killnet, this is more likely to be a propaganda exercise from a pro-Russian hacking group than a successful attack against Lockheed Martin.
Killnet greift lettisches Parlament an (Tagesspiegel) Die pro-russische Hackergruppe Killnet hat laut Medienberichten am Donnerstag die Website des lettischen Parlaments mit einem DDOS-Angriff (Distributed Denial of Service) lahmgelegt.
China unleashes secret attack on Russia as Xi begins to abandon Putin in huge U-turn (Express) CHINESE hackers with links to the Communist Party are suspected of carrying out numerous cyberattacks on Russian defence industries.
Belarus: How Independent Media and Activists Keep Risking Everything (EUvsDisinfo) EUvsDisinfo has been regularly monitoring how the illegitimate Lukashenka regime abuses the country’s legal system and the security apparatus to shut down the very few remaining independent voices in the country. Targets include journalists, regional outlets, Telegram channels and their followers and readers.
Russia-Ukraine war: North Korea and Russia to expand 'bilateral relations', Putin tells Kim (The Telegraph) Vladimir Putin told Kim Jong-un that their two countries would "expand the comprehensive and constructive bilateral relations with common efforts", Pyongyang's state media reported on Monday.
Ukraine’s Economy Will Collapse Without More Aid Now (Foreign Policy) Losses are building up far faster than Kyiv can manage.
‘The west doesn’t want Russians partying in the streets of Europe’: calls grow for a visa ban (the Guardian) As EU politicians debate a ban from the beaches, Russian exiles fear a return to Soviet-style isolation will be dangerous for them
Tbilisi club target of cyber attack after launching "Russian visa" (Mixmag) Dedaena Bar received hundreds of threats and negative reviews
Russia and the EU’s messy energy divorce places both sides in a race against time (Modern Diplomacy) The debate over Russian gas is heating up across Europe. For instance, Nord Stream’s turbine maintenance procedures would have been a routine issue before, but now it has turned into a major political problem. And then there’s the situation regarding pumping gas through the parts of the Ukrainian pipeline system that are not currently controlled […]
Russia's car industry shudders to a halt as Western sanctions bite (The Telegraph) At least ten foreign-owned factories have suspended operations and thousands of workers have been furloughed
Attacks, Threats, and Vulnerabilities
3 ways China's access to TikTok data is a security risk (CSO Online) The security community weighs in on real-world scenarios in which China or other nations could operationalize data collected by online platforms and how to mitigate the risk.
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users (Trend Micro) We found APT group Iron Tiger's malware compromising chat application Mimi’s servers in a supply chain attack.
Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi (Security Affairs) China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems. Trend Micro researchers uncovered a new campaign conducted by a China-linked threat actor Iron Tiger that employed a backdoored version of the cross-platform messaging app MiMi Chat App to infect Windows, Mac, and Linux systems. The Iron Tiger APT (aka Panda Emissary, […]
This Android banking malware now also infects your smartphone with ransomware (ZDNet) Sova malware adds new features that make it more dangerous to a wider range of Android payment and banking app users.
Over 9,000 VNC servers exposed online without a password (BleepingComputer) Researchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks.
A Flaw in the VA’s Medical Records Platform May Put Patients at Risk (Wired) The Veterans Affairs’ VistA software has a vulnerability that could let an attacker "masquerade as a doctor," a security researcher warns.
AT&T denies connection to database of 23 million SSNs, says it may be tied to credit agency breach (The Record by Recorded Future) AT&T denied any connection to a database of stolen information that included the social security numbers of 23 million Americans.
FBI, CISA warn over ransomware gang that can make million dollar demands (ZDNet) Zeppelin is a well organized ransomware actor that spends two weeks mapping a network - before infecting it with multiple instances of malware.
A Single Flaw Broke Every Layer of Security in MacOS (Wired) An injection flaw allowed a researcher to access all files on a Mac. Apple issued a fix, but some machines may still be vulnerable.
CERT-In detects multiple vulnerabilities in Chrome, Edge browsers and Android OS (The Hindu) Indian computer emergency response team (CERT-In) that tracks cyber security threats, on Wednesday, issued alerts on multiple vulnerabilities detected in Chrome and Edge browsers, and Android OS
Microsoft admits it can't stop scammers fooling you with their latest tricks (ZDNet) The scammers are, apparently, just too good.
Zoom’s Auto-Update Feature Came With Hidden Risks on Mac (Wired) The popular video meeting app makes it easy to keep the software up to date—but it also introduced vulnerabilities.
Ransomware attack blamed for closure of all 7-Eleven stores in Denmark (The State of Security) The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the ransomware attack.
Hacker offers to sell data of 48.5 million users of Shanghai's COVID app (Reuters) This is the second claim of a breach of the Chinese financial hub's data in just over a month.
UK accidentally leaks personal data on Afghan teacher in hiding from Taliban (The Star) The man, who has worked abroad, has been in hiding in Afghanistan with his wife and two children since the Taliban takeover in August last year.
Novant warns patients of data breach; 1.3 million notification letters mailed (Winston-Salem Journal) Certain Novant Health Inc. patients are being notified that their protected health information may have improperly disclosed through a tracking tool linked to Facebook as part of a marketing campaign
Anonymous poop gifting site hacked, customers exposed (BleepingComputer) ShitExpress, a web service that lets you send a box of feces along with a personalized message to friends and enemies, has been breached after a "customer" spotted a vulnerability.
WRDSB confirms employee information dating back to 1970 accessed during cyber incident (CTV News Kitchener) Waterloo Region's public school board has confirmed that "certain student information was accessed" during a cyber incident last month.
Lee County Emergency Medical Services notifies past customers of third-party security breach (Data Breaches) Cape Coral Breeze reports: Lee County Emergency Medical Services reports that on Aug. 4 staff received notification of a customer data breach related to a...
Kiplepay alerts users to potential third-party data breach, investigations ongoing (The Star) The company said users will be contacted if they have been affected by the potential data breach or if any unusual activities have been spotted in their account during the forensic investigation.
Morristown health center alerting customers to ransomware attack (WCAX) A Morristown health center is alerting patients that their personal information could have been affected by a ransomware attack.
How this affects you: Gulfshore Playhouse part of international arts data breach (Naples Daily News) A ransomware attack on Wordfly hit a number of major arts organizations around the country, and Gulfshore Playhouse locally.
Security Patches, Mitigations, and Software Updates
CISA orders civilian agencies to patch Zimbra bug after mass exploitation (The Record by Recorded Future) CISA added two vulnerabilities found in products from digital collaboration platform Zimbra after a cybersecurity firm reported mass exploitation of the bugs throughout July and in early August.
Zoom’s latest update on Mac includes a fix for a dangerous security flaw (The Verge) The flaw could let a hacker take over your system
Zoom fixes dangerous flaw on Mac - for the third time (Computing) Security researcher finds that the squeaky wheel gets the grease
Potential hack for some Boeing planes fixed -researchers (Reuters) A digital vulnerability in the computer systems used on some Boeing Co aircraft that could have allowed malicious hackers to modify data and cause pilots to make dangerous miscalculations has been fixed, security researchers said on Friday.
Sloppy Software Patches Are a ‘Disturbing Trend’ (Wired) The Zero Day Initiative has found a concerning uptick in security updates that fail to fix vulnerabilities.
Trends
IT industry guilty of ‘lack of imagination’ in failure to anticipate cyber-attack evolution (The Daily Swig) ‘We have a habit of reacting to threats after they occur, rather than preparing for them,’ journalist Kim Zetter tells Black Hat
NZ isn't ready for quantum hackers (Stuff) OPINION: Everything you send online now could be in the public domain in a decade.
Marketplace
Why quantum computing companies like D-Wave are using SPACs to IPO (Fast Company) ‘SPACs are ideal for of a company that has huge potential but is going to take some time to mature,’ says D-Wave CEO Alan Baratz.
Blackstone Plans to Back Tech Startups in $2 Billion–Plus Lending Push (The Information) Private equity giant Blackstone is gearing up to make its first major push into lending to startups and technology companies—joining a corner of the debt market that’s quickly heating up. The firm expects to invest at least $2 billion in technology debt deals over the next few years, including ...
Blockchain Analytics Platform Merkle Science Raises $19M to Take on Bridge Exploits (CoinBase) The threat detection company added funding to its Series A round, which now totals more than $24 million.
The road to the apprenticeship (Trail of Bits Blog) By Josselin Feist, Principal Security Engineer Finding talent is hard, especially in the blockchain security industry. The space is new, so you won’t find engineers with decades of experience with …
GDIT Appoints Justin DePalmo as CISO (HS Today) DePalmo will be responsible for all aspects of cybersecurity, including strategy, operations, implementation and management of cybersecurity compliance, training, vulnerability management, risk mitigation, incident response, and cyber threat intelligence. DePalmo will be responsible for all aspects of cybersecurity, including strategy, operations, implementation and management of cybersecurity compliance, training, vulnerability management, risk mitigation, incident response, and cyber threat intelligence.
Products, Services, and Solutions
onShore Security Partners With Palo Alto as MSSP (onShore Security) onShore Security, a leader in MDR services with its Panoptic Cyberdefense® platform, is pleased to announce that the company has […]
US Law Firm Bolsters Cyber Defense with BlackFog (BlackFog) US Bankruptcy Law Firm Bolsters Cyber Defense with BlackFog to protect client data and maintain the integrity of their business.
Technologies, Techniques, and Standards
What Cisco did right: A CISO's perspective on the breach (SC Magazine) How might a chief information security officer digest the incident? SC Media connected with Dan Meacham, the vice president of global security and corporate operations and CISO/CSO at Legendary Entertainment to get his take on the Cisco breach, and what lessons emerge for security teams.
Tech Firms Rallying Around Open Specs for Security Telemetry (Meritalk) Leading technology and security companies are banding together to share tools and products to better guard against cyberattacks, saying their security teams are spending more time correlating a blitz of unintegrated data than detecting and responding to threats.
Object Management Group Unified Architecture Framework Specification Now ISO/IEC Standard (Object Management Group) UAF Domain Metamodel now ISO/IEC 19540-1:2022; Unified Architecture Framework Profile now ISO/IEC 19540-2:2022 .
The Default Tech Settings You Should Turn Off Right Away (New York Times) These controls, which are buried inside products from Apple, Google, Meta and others, make us share more data than we need to.
These are the Tools Open Source Researchers Say They Need (bellingcat) Over 500 open source researchers filled out our survey. Here's what they want tool developers to know.
Cyber-war game case study: Preparing for a ransomware attack (SearchSecurity) Get advice and lessons learned in this cyber-war game case study of a company that conducted an exercise to specifically address ransomware preparedness.
Design and Innovation
Facebook testing end-to-end encryption as a default on Messenger (The Record by Recorded Future) Facebook has long been criticized for not using end-to-end encryption as a default option for its messaging service, but that might change soon.
Inside Facebook's encryption conundrum (Platformer) The company is moving quickly to make Messenger more secure — but selling it to average users could prove to be a challenge
The problem with our cybersecurity problem (VentureBeat) We’ve got a cybersecurity problem, but it’s not the one we think we have. The problem is how we think about cybersecurity problems.
Research and Development
Self-Taught AI Shows Similarities to How the Brain Works (Quanta Magazine) Self-supervised learning allows a neural network to figure out for itself what matters. The process might be what makes our own brains so successful.
VR is as good as psychedelics at helping people reach transcendence (MIT Technology Review) On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.
Academia
How Champlain College students help auto companies focus on cybersecurity (WCAX) Champlain College is creating job opportunities for its students worldwide, and one is working to ensure that everyone knows the importance of cybersecurity in the automotive world.
Australian National University student bags $5,000 Eset Australia cybersecurity scholarship (iTWire) Australian National University student Alaina Lawson has won a $5,000 women cybersecurity scholarship sponsored by Eset Australia. Lawson is taking up Bachelor of IT major in cybersecurity. Lawson’s foray in cybersecurity started when she first worked with cybersecurity firm Ionize as a year 12 stud...
Legislation, Policy, and Regulation
How Frustration Over TikTok Has Mounted in Washington (New York Times) National security concerns over the Chinese-owned viral video app remain unresolved. Lawmakers and regulators are increasingly pushing for action.
White House Cyber Director: ‘Defense is the New Offense’ for Cyber (Nextgov.com) At DEF CON, National Cyber Director Chris Inglis discussed the nuances of cyber defense.
CISA expands efforts to fight election disinformation ahead of 'challenging' 2024 vote (CyberScoop) CISA Director Jen Easterly said election security has grown more complex as disinformation and threats against election workers have surged.
Tornado Cash Crackdown Shows Limits of Regulating Cryptocurrency Services (Wall Street Journal) The U.S. sanctioning of a prominent cryptocurrency platform exposes technical gaps in the government’s ability to prevent criminals, national adversaries and extremist groups from using the services.
California Bill Targeting Social-Media Giants for Harm to Children Dies in Legislature (Wall Street Journal) The measure, which would have allowed government lawyers to file lawsuits against companies like Facebook, Snapchat and Tiktok, was killed without a public vote.
Litigation, Investigation, and Law Enforcement
China regulator says Alibaba, Tencent have submitted app algorithm details (Reuters) China's top internet watchdog said on Friday tech giants such as Tencent Holdings and Alibaba Group have submitted details of algorithms used in some of their products, complying with a drive by authorities to tighten oversight of platform algorithms.
Arrest of suspected developer of Tornado Cash (FIOD) On Wednesday 10 August, the FIOD arrested a 29-year-old man in Amsterdam. He is suspected of involvement in concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies through the decentralised Ethereum mixing service Tornado Cash. Multiple arrests are not ruled out. These advanced technologies, such as decentralised organisations that may facilitate […]
Tornado Cash Developer Arrested After U.S. Sanctions the Cryptocurrency Mixer (The Hacker News) Dutch authorities have arrested a Tornado Cash developer.
Arrested Tornado Cash developer is Alexey Pertsev, his wife confirms (The Block) The arrested Tornado Cash developer by Dutch authorities is Alexey Pertsev, his wife has confirmed to The Block.
Cyberattacks targeting ag co-ops, Nebraska hospital thwarted by FBI (KTIV) In an announcement made at the FBI’s Omaha field office, FBI Director Christoper Wray said Wednesday that the feds had stopped a cyberattack in Nebraska.
India seizes $46M from crypto exchange Vauld in money-laundering probe (TechCrunch) India’s anti-money laundering agency has frozen assets worth $46.4M from the local entity of Vauld for facilitating “crime-derived” proceeds from predatory lending firms.
Ex-Qualcomm research vice president and three others charged in $150-million fraud scheme (Los Angeles Times) Indictment alleges San Diego tech giant was duped into purchasing a startup for technology that was secretly created by a research engineer on its payroll.
Google to pay $60m fine for misleading Australians about collecting location data (the Guardian) The tech giant kept track of some Android phone owners even when their location history was set to ‘off’
FBI seized top secret documents in Trump estate search (AP NEWS) The FBI recovered “top secret” and even more sensitive documents from former President Donald Trump’s Mar-a-Lago estate in Florida, according to court papers released Friday after a federal judge unsealed the warrant that authorized the sudden, unprecedented search this week .
Exclusive: Trump Raid Documents Could Reveal Informants on U.S. Payroll (Newsweek) The FBI sought to retrieve above-Top-Secret documents dealing with "sources and methods"—which Donald Trump does not have the authority to declassify.
Here’s What Trump’s ‘Nuclear Documents’ Could Be (Wired) FBI agents reportedly searched Mar-a-Lago for “nuclear documents.” That can fall into one of these four categories.
Presidential Power to Declassify Information, Explained (New York Times) While it is legally irrelevant, former President Donald J. Trump claims he had declassified the top secret files the F.B.I. seized at his Florida residence.
Trump's history of playing loose with intelligence (Yahoo) Court documents unsealed Friday showed that FBI agents retrieved a number of highly classified documents in a raid on ex-President Donald Trump's Florida home.
Trump may be a special case, but others have paid for mishandling classified material (CBC) As the fallout from the removal of potentially classified documents from Donald Trump's Florida home plays out, here's a look at some recent cases where individuals in and connected to the U.S. government have been convicted for possessing or passing on classified material.