RedAlpha updae. Evil PLC proof-of-concept . Cl0p gang hits English water utility. "SEABORGIUM" Russian cyberespionage activity.
Ukraine at D+173: OSINT for targeting; espionage and influence ops. (CyberWire) Ukrainian strikes are reported in Russian rear areas. Retaliatory Russian missile fire hits towns near the Belarusian border. Microsoft identifies and disrupts a Russian cyberespionage and influence operation.
Russia-Ukraine war: List of key events, day 174 (Al Jazeera) As the Russia-Ukraine war enters its 174th day, we take a look at the main developments.
Russia-Ukraine war: explosions reported in Crimea; Putin accuses US of trying to ‘drag out’ conflict in Ukraine – live (the Guardian) Blasts reported in Simferopol and Mayskoye; Russian president claims west was trying to build ‘Nato-like system’ in Asia-Pacific
Ukraine war: 'Multiple explosions' rock Russian military facilities in Crimea (The Telegraph) An ammunition depot exploded in northern Crimea, according to the administration in the village of Mayskoye.
Blasts rock Russian base in Crimea, Ukraine exults (Reuters) Explosions rocked an ammunition depot and disrupted trains in Russian-annexed Crimea on Tuesday, the latest such incident in a region Moscow uses as a supply line for its war in Ukraine.
Ukraine claims it has struck base used by Wagner Group paramilitaries (the Guardian) Kyiv says facility used by Russian group destroyed in ‘precision strike’, with bridge near Melitopol also hit
Stunning security blunder allows Ukraine to destroy Wagner Group mercenaries base (The Telegraph) Up to 100 fighters reportedly killed in strike, after photos posted by Russian state TV reporter appeared to give away location
42 countries and EU urge Russia to remove military from Ukrainian nuclear plant (Axios) Recent shelling damaged a power line and forced one of the plant's three reactors to be disconnected.
Russia building prison 'cages' to parade captured Ukrainian soldiers in Mariupol show trial (The Telegraph) The trial of the 'Azovstal' defenders could happen as soon as August 24 to give Moscow an appearance of a victory after months of failures
Six Weeks of ‘Hell’: Inside Russia’s Brutal Ukraine Detentions (New York Times) Thousands of Ukrainian civilians have suffered beatings and sometimes electrical shocks, while the U.N. says hundreds have disappeared into Russian jails.
Putin offers to share Russia’s advanced weapons with allies around the world (The Telegraph) Russian leader’s remarks are at odds with his army’s performance in Ukraine which is suffering from major shortages and production issues
Russia fails to pay military reservists, civilian laborers brought into Ukraine (UPI) Russia is reportedly failing to pay military reservists and volunteer units fighting in Ukraine as well as Russian laborers brought into occupied regions.
Disrupting SEABORGIUM’s ongoing phishing operations (Microsoft Security) The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017.
Microsoft disrupts Russian-linked hackers targeting NATO countries (Breaking Defense) The company said information collected during SEABORGIUM intrusions likely supports traditional espionage objectives and information operations as opposed to financial motivations.
Microsoft Announces Disruption of Russian Espionage APT (SecurityWeek) Microsoft disrupts Russian APT actor, cutting off access to accounts used for pre-attack reconnaissance, phishing, and email harvesting.
Microsoft disrupts Russia-linked hacking group targeting defense and intelligence orgs (The Record by Recorded Future) Microsoft on Monday published new details about a suspected Russian hacking group.
Microsoft shuts down accounts linked to Russian spies (Register) Seaborgium targeted dozens of orgs this year alone
Russian hackers target Ukraine with default Word template hijacker (BleepingComputer) Threat analysts monitoring cyberattacks on Ukraine report that the operations of the notorious Russian state-backed hacking group 'Gamaredon' continue to heavily target the war-torn country.
Head of Ukraine’s Cybersecurity Says Russia Has Committed ‘Cyber War Crimes’ (Vice) Victor Zhora, head of Ukraine’s defensive cybersecurity agency, visited one of the biggest hacking conferences in the world this week.
Opinion | What Amnesty got wrong in Ukraine and why I had to resign (Washington Post) Far from protecting civilians, Amnesty's latest Ukraine report further endangered them by giving Russia a justification to continue its indiscriminate attacks.
Road to war: U.S. struggled to convince allies, and Zelensky, of risk of invasion (Washington Post) On a sunny October morning, the nation’s top intelligence, military and diplomatic leaders filed into the Oval Office for an urgent meeting with President Biden
Attacks, Threats, and Vulnerabilities
RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organizations (Recorded Future) China’s RedAlpha threat group dumps older infrastructure and expands cyber-espionage operations to target humanitarian, think tank, and government organizations
Hackers linked to China have been targeting human rights groups for years (MIT Technology Review) In a new report shared exclusively with MIT Technology Review, researchers expose a cyber-espionage campaign on “a tight budget” that proves simple can still be effective.
Yanluowang Ransomware: NCC-CSIRT urges stronger security measures (Blueprint) The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has urged organisations to adopt stronger cybersecurity measures like ensuring their employees use strong, unique passwords for every account and enabling multi-factor authentication (2FA) wherever it is supported to prevent ransomware attacks. It also advised organisations to ensure regular systems backup.
Argentina's Judiciary of Córdoba hit by PLAY ransomware attack (BleepingComputer) Argentina's Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new 'Play' ransomware operation.
Hackers attack UK water supplier but extort wrong victim (BleepingComputer) South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6 consumers daily, has issued a statement confirming IT disruption from a cyberattack.
South Staffordshire Water victim of cyber attack, customers not at risk (Computing) Gang claims to have a policy against harming critical infrastructure
South Staffordshire Water says it was target of cyber attack as criminals bungle extortion attempt (Sky News) The parent company for Cambridge Water and South Staffs Water stresses it is still supplying safe water for customers.
Evil PLC Attack: Using a Controller as Predator Rather than Prey (Claroty) Team82 has developed a novel attack that weaponizes programmable logic controllers (PLCs) in order to exploit engineering workstations and further invade OT and enterprise networks. We’re calling this the Evil PLC Attack.
Secure Boot Bypass Flaws Affect Bootloaders of Many Devices Made in Past Decade (SecurityWeek) Eurosoft, New Horizon Datasys, and CryptoPro Secure Disk bootloaders, which are present on many devices made in the past 10 years, are affected by Secure Boot bypass vulnerabilities.
A New Jailbreak for John Deere Tractors Rides the Right-to-Repair Wave (Wired) A hacker has formulated an exploit that provides root access to two popular models of the company’s farm equipment.
Updated threat actor to attack cryptocurrency and foreign exchange companies (ITP.net) DeathStalker is an infamous hack-for-hire APT actor that Kaspersky monitors since 2018, and which mainly targets law firms and organizations in the financial sector.
Increased data access opens wide medical device security vulnerabilities (FutureIoT) Cybersecurity spending in medical device sector will reach $1.2 billion by 2025 driven by escalating health data breaches, says GlobalData
Ski-Doo maker BRP resumes operations following cyber attack; shares fluctuate (MarketWatch) BRP has not revealed specific details of the cyber assault, but a cybersecurity expert thinks it could be a ransomware attack.
Twilio attacker 'explicitly' looked for 3 Signal numbers (Register) Bad guy also got SMS verification codes, and re-registered one of the numbers they searched for
1,900 Signal users exposed following Twilio breach - Help Net Security (Help Net Security) The attacker who pulled off the Twilio breach may have accessed phone numbers and SMS registration codes for 1,900 Signal users.
Twilio Incident: What Signal Users Need to Know (Signal) Recently Twilio, the company that provides Signal with phone number verification services, suffered a phishing attack. Here's what our users need to know:
Thomas More University hacked in multiple ways after cyber attack on Facebook account (WLWT) A local university was hit with a cyberattack that has left it with embarrassing and inappropriate pictures on their social media account that they can’t take down.
Egnyte AEC Data Insights Report Shows Rapid Increase in Data Storage and Signals Potential Challenges (Egnyte) Egnyte, the most secure platform for content collaboration and governance, today released its AEC Data Insights Report. The study is based on an analysis of data trends among more than 3,000 customers in the Architecture, Engineering, and Construction (AEC) industry, which has experienced exploding growth in data volume and usage. On average, Egnyte’s AEC customers increased storage by 31.2 percent compound annual growth rate (CAGR) from 2017 to 2021.
The Digital Trust Index - Callsign (Callsign) Conducted by Cebr, this Callsign-commissioned report quantifies the true value of digital trust, and the relationship between trust in the digital and physical realms.
Hybrid working: How cyber secure are accountancy firms? (Accountancy Age) The pandemic has severely compromised cybersecurity around the world, and this is a problem that businesses of all sizes now face
Coalition Completes Acquisition of Insurance Carrier With Licenses In All 50 States (PR Newswire) Coalition, the world's first Active Insurance provider designed to prevent digital risk before it strikes, announced today that it has received...
Coalition to Now Offer Cyber Policies With Acquisition of Admitted Carrier (Insurance Journal) Coalition said it received regulatory approval and completed the acquisition of Digital Affect Insurance Company from Munich Re Digital Partners US
BackBox Reinforces Focus on Network Security Automation with Launch of Managed Service Provider Program and Key Executive Hires (BackBox Software) BackBox announced two key executive hires and the launch of a formal Managed Service Provider (MSP) and Managed Security Services Provider (MSSP) Program.
Contrast Security Makes Its Debut on the Inc. 5000 List of America’s Fastest Growing Companies (Contrast Security) Leading code and application security provider achieves three-year revenue growth of 157%, doubles global headcount, expands executive leadership team and rolls out new product offerings.
Cybersecurity firm Darktrace confirms talks with private equity firm Thoma Bravo (CRN Australia) Confirms it was in early stages of discussions.
Thoma Bravo is holding talks to acquire cybersecurity firm Darktrace (SiliconANGLE) Thoma Bravo is holding talks to acquire cybersecurity firm Darktrace - SiliconANGLE
Torch.AI wins Pentagon ‘insider threat’ cybersecurity contract (C4ISRNet) The Pentagon will use the software as part of its System for Insider Threat Hindrance, or “SITH,” in another apparent military reference to Star Wars.
Tanium Expands Collaboration with Microsoft as It Joins the Microsoft Intelligent Security Association (MISA) (Tanium) Tanium joins the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed security service providers (MSSPs) that have integrated their solutions with Microsoft security technology to help customers better defend themselves against increasingly sophisticated cyber threats.
Forescout names Nextgen as sole ANZ distie (CRN Australia) Replacing Westcon-Comstor.
Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities (SecurityWeek) Google is offering up to $130,000 rewards for vulnerabilities in the latest Linux kernel that bypass certain mitigations.
BitSight Appoints Catherine Harrell as Chief Marketing Officer (PR Newswire) BitSight, the Standard in Security Ratings, today announced it has appointed Catherine Harrell as Chief Marketing Officer (CMO). Catherine...
Products, Services, and Solutions
Celebrus Releases World’s First No-Party Data Technology (PRWeb) Today, Celebrus releases the world’s first no-party data technology. Celebrus CX Vault will allow customers to keep their informa
Trend Micro : Fast-Tracks Industrial IoT Security with Schneider Electric Partnership | MarketScreener (SURPERFORMANCE) DALLAS, August 15, 2022 - Trend Micro Incorporated , a global cybersecurity leader, today announced another landmark in its continued drive to secure Industry 4.0 and industrial IoT projects... | August 16, 2022
Teneo Boosts its Security Portfolio with Akamai Guardicore Segmentation (Fast Mode) Teneo, the IT services company, has announced that it is strengthening its security portfolio with Akamai Guardicore Segmentation
Huntress Launches New Managed Endpoint Detection & Response Capabilities, Strengthening its Position as the Leading Security Platform for the 99% (GlobeNewswire News Room) The company’s new Process Insights feature—backed by its global 24/7 threat hunting team—enables teams to identify, isolate and remediate active...
Veracode Unveils Velocity Partner Program™ (Veracode) Veracode, a leading global provider of application security testing solutions, today announced the launch of the Veracode Velocity Partner Program. The objective of the program is to enable partners to grow their security practice quickly and profitably around Veracode’s cloud-native Continuous Software Security Platform, offering opportunities to accelerate deal closure, expand market share, and grow revenue.
Cerby Announces Successful Completion of SOC 2 Type II Security Audit (Business Wire) Cerby completed a System and Organization Controls 2 Type II audit, demonstrating its priority for security controls and customer data protection.
Technologies, Techniques, and Standards
New Report Reveals Fraud Management Is Vital to the Business Strategy of Most Organizations (GlobeNewswire News Room) Companies are most concerned about account takeover, phishing, new account fraud and fake users, according to study sponsored by Telesign...
A tale of two breaches: Comparing Twilio and Slack’s responses (Avast) We recently learned about major security breaches at Twilio and Slack. The manner in which these two organizations responded is instructive.
CMU Hacking Team Wins Super Bowl of Hacking for 6th Time (Carnegie Mellon University) A Carnegie Mellon University team won DEF CON's Capture the Flag competition, the "Super Bowl of hacking," for the sixth time.
Legislation, Policy, and Regulation
Editorial | Israel Tightly Oversees the Weapons It Exports. It Should Do the Same for Spyware (Haaretz) The head of Greece’s National Intelligence Service resigned last week following yet another political scandal involving Israeli surveillance software.
Inglis: People, companies need to replicate collective cyber defense seen in Ukraine (The Record by Recorded Future) U.S. Cyber Director Chris Inglis said the cyberdefense tactics used in Ukraine by residents, government agencies and companies is something the U.S. needs to replicate going forward.
Cyberspace Solarium Co-Chairs Call For HHS Briefing on Healthcare Cybersecurity (Health IT Security) In a letter to HHS Secretary Becerra, Senator Angus King and Representative Mike Gallagher urged HHS to disclose the current status of healthcare cybersecurity efforts.
Surprise, kill, vanish: ‘Jedburghs’ led way for US cyber, special ops (Defense News) WWII's "Jedburghs" show how an unconventional take on cross-functional partnerships can operate effectively in politically sensitive environment.
Litigation, Investigation, and Law Enforcement
Spyware Scandals Are Ripping Through Europe (Wired) The latest crisis that rocked the Greek government shows the bloc’s surveillance problem goes beyond the notorious NSO Group.
NSO Group Finally Figures Out How Many European Countries It Does Business With (Techdirt) European lawmakers wanted answers after months of investigations and reporting made it clear exploit developer NSO Group was involved with some seriously shady customers. Facing lawsuits, sanctions…
Pompeo sued for CIA surveillance of Assange that swept up Americans' data. (Newsweek) Lawsuit: CIA spying on Wikileaks founder included illegal taping of conversations with US lawyers, journalists and doctors, and copying data from their phones.
Cisco Gets Email Security Patent Tossed Amid Infringement Suit (Bloomberg Law) Cisco Systems Inc. succeeded Friday in getting most of a competitor’s patent for email security systems thrown out at an administrative tribunal, invalidating one of two patents asserted against it in a federal district court infringement case.
Capital One Data Breach Settlement: Who Is Eligible for a Payment and How Much Could They Get? (CNET) Customers can collect up to $25,000, according to a preliminary settlement.