Dateline
Ukraine at D+176: Action against rear areas. (The CyberWire) Attacks against Russian rear areas continue as front lines remain static (and Russian artillery strikes against towns also continue). Western cyber forces hint at contributions to defense against Russian cyberattacks in Eastern Europe and Ukraine. A DDoS campaign against Estonia seems to have fizzled.
Russia-Ukraine war: List of key events, day 177 (Al Jazeera) As the Russia-Ukraine war enters its 177th day, we take a look at the main developments.
Finland says Russian MiG-31 fighter jets violated its airspace (Al Jazeera) The Finnish air force deployed ‘an operational flight mission’ and identified the Russian planes.
Russia deploys hypersonic missiles to its Baltic exclave (AP NEWS) The Russian military said Thursday that it has deployed warplanes armed with state-of-the-art hypersonic missiles to the country's westernmost Baltic region, a move that comes amid soaring tensions with the West over Moscow's action in Ukraine.
Russian Offensive Campaign Assessment, August 18 (Institute for the Study of War) There were no claimed or assessed Russian territorial gains in Ukraine on August 18, 2022 for the first time since July 6, 2022. Russian and Ukrainian sources did not claim any new territorial gains on August 18. However, Russian forces still conducted
In Ukraine, a Russian mercenary group steps out of the shadows (Washington Post) For years, the Wagner private military company has done Moscow’s dirty work in eastern Ukraine, Libya, Syria and parts of Africa. The Kremlin always officially denied any relationship with Wagner, whose soldiers for hire have been accused of massacres and other human rights violations.
Ukraine has telegraphed its big counteroffensive for months. So where is it? (POLITICO) As Kyiv’s artillery starts to hit Russian forces in the south, analysts are left wondering whether there’s more to come.
Ukraine Chips Away at Russian-Held Region, but Task Is Daunting (New York Times) Ukrainian forces badly want to retake the southern region of Kherson from Russian invaders, but Moscow retains a potentially overwhelming advantage.
Ukraine war: Four powerful explosions rock major military airport in Crimea (The Telegraph) At least four explosions hit near a major Russian military airport on the Moscow-controlled Crimean peninsula on Thursday.
Why Crimea is so important in the Russia-Ukraine war (Washington Post) A series of blasts at Russian military sites in Crimea this month has put a spotlight on the contested peninsula, which until now had been spared the heavy fighting of the nearly six-month-long war in Ukraine.
How many Russian soldiers have been killed in Ukraine? What we know, how we know it and what it really means. (Grid News) The estimates range from 1,351 and 43,000, but this much is clear: Russia has a manpower problem.
US must arm Ukraine now, before it’s too late (The Hill) With the necessary weapons and economic aid, Ukraine can defeat Russia.
Biden administration readies about $800 mln in additional security aid for Ukraine -sources (Reuters) President Joe Biden's administration is readying about $800 million of additional military aid to Ukraine and could announce it as soon as Friday, three sources familiar with the matter said on Thursday.
No new military pledges to Ukraine in July begs the question: Has the West lost interest in the war? (The Telegraph) It marks the first month since the conflict began that major European governments failed to make a single new promise to send weapons
Russia and Ukraine trade accusations of a potential attack on a nuclear complex, terrifying its workers. (New York Times) Tensions around the nuclear power plant on the front lines of the war in Ukraine escalated sharply on Thursday, as the Russian and Ukrainian militaries traded charges that each was preparing to stage an attack on the plant in coming days, risking a catastrophic release of radiation.
Russia to stage ‘provocation’ at nuclear plant, warns Ukrainian military (the Guardian) UN secretary general calls for urgent withdrawal of Russian forces and equipment from Zaporizhzhia
Ukraine accuses Russia of plotting ‘false flag’ attack on nuclear power plant (The Telegraph) Video has emerged appearing to show Russian military trucks inside the plant despite denials that Zaporizhzhia is being used as a 'shield'
Russia allegedly tells nuclear plant workers to not go to work Friday amid concerns of a planned incident (NBC News) On Thursday, Russia threatened to shut down the Zaporizhzhia nuclear plant, warning that there was a risk of a human-made disaster due to alleged continued shelling by Ukraine.
Ukraine Presses U.N. Over ‘Nuclear Blackmail’ at Russian-Occupied Plant (Wall Street Journal) Ukrainian President Volodymyr Zelensky also discussed grain exports with Turkey’s Recep Tayyip Erdogan, and a series of explosions rocked Russian-held territory
Russia’s Repeat Failures (Foreign Affairs) Moscow’s new strategy in Ukraine is just as bad as the old one.
Russia’s spies misread Ukraine and misled Kremlin as war loomed (Washington Post) In the final days before the invasion of Ukraine, Russia’s security service began sending cryptic instructions to informants in Kyiv. Pack up and get out of the capital, the Kremlin collaborators were told, but leave behind the keys to your homes.
Before Russian invasion, US made novel use of intelligence-as-strategy (Breaking Defense) Usually a tool to inform policy, the US government used intelligence itself for strategic effects – which could have implications for the future of conflict and diplomacy, writes Joshua Huminski.
The head of GCHQ says Vladimir Putin is losing the information war in Ukraine (The Economist) Britain’s signals-intelligence service has helped to protect critical infrastructure, says Sir Jeremy Fleming
Estonia says it repelled major cyber attack after removing Soviet monuments (Reuters) Estonia has repelled "the most extensive cyber attacks since 2007", it said on Thursday, shortly after removing Soviet monuments in a region with an ethnic Russian majority.
There’s a chance regular people didn’t even notice: expert on Russian cyber attack (TVP World) Aleksandra Kuczyńska-Zonik, an expert on the Baltic States, discusses the most recent attack of Russian hackers on Estonia.
Estonia says it repelled a major cyberattack claimed by Russian hackers. (New York Times) The hacking group, Killnet, said the attack was in retaliation for Estonia’s removal of a Soviet tank from a World War II memorial.
Cyber Command deployed 'hunt forward' defenders to Croatia to help secure systems (The Record by Recorded Future) U.S. Cyber Command recently sent a team of "elite defensive cyber operators" to Croatia for the first time as part of its hunt forward operations aimed at collecting information on adversary activity and bolstering partner defenses.
U.S. Cyber Command completes defensive cyber mission in Croatia (CyberScoop) Cyber National Mission Force deployed to Croatia recently, the latest example of a so-called "hunt forward" operation.
Russian cyber attacks on Ukraine driven by government groups (SearchSecurity) Russian cyber attacks on Ukraine were almost entirely the work of government agencies such as the FSB and GRU, according to Trustwave researchers.
5 Russia-Linked Groups Target Ukraine in Cyberwar (Dark Reading) Information on the attributed cyberattacks conducted since the beginning of the Russia-Ukraine war shows that a handful of groups conducted more than two dozen attacks.
Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West (SecurityWeek) New study from Trustwave analyzes the Russian state cyberattacks against Ukraine since the war began, tying the attack groups back to their controlling state agencies.
ICEYE to supply Ukraine with SAR satellite imagery via Ukrainian foundation (Breaking Defense) “This agreement is a significant step in responding to the Government of Ukraine’s urgent request for critical earth observation data and it will greatly benefit our Armed Forces," said Serhiy Prytula, whose eponymous foundation crowdsources kit for the Ukrainian military.
Russia’s Ukraine War is forcing the Belarus opposition to rethink strategy (Atlantic Council) Representatives of the Belarusian opposition gathered in Vilnius on August 8-9 for a conference that highlighted a mood of growing militancy as they respond to the new realities created by Russia’s invasion of Ukraine.
‘London says hi’: Britons put personalised messages on Ukrainian missiles (The Telegraph) Donors pay up to £2,500 to inscribe their own words – such as ‘from Nato with love’ – on weapons bound for Russian targets
‘We were turned into feral savages’, says ex Russian soldier of his time in Ukraine (The Telegraph) Pavel Filatyev has published a personal account of his experiences on the frontline, one of the most detailed by any serving Russian soldier
Putin’s Ukraine genocide is rooted in Russian impunity for Soviet crimes (Atlantic Council) Failure to hold anyone accountable for the crimes of the Soviet era has fostered a climate of impunity in modern Russia that has paved the way for the genocidal invasion of Ukraine, writes Alexander Khara.
Putin Took Russia Hostage. Russians Allowed It to Happen (Wilson Center) In the 1990s, one of the dominant attitudes in the West with respect to Russia’s future was skepticism: consumed by the trauma of its own collapse, post-Soviet Russia would never transform into a developed democracy and a responsible player on the global stage. A former superpower haunted by the imperial syndrome, Russia had to be contained, as it would always be a danger to the world.
Time to question Russia’s imperial innocence (NV) President Vladimir Putin has successfully mobilized a sense of militant patriotism in the Russian public to wage war in Ukraine.
How long can Turkey play both sides in the Ukraine war? (Atlantic Council) Since Russia’s full-scale invasion of Ukraine, Turkey has been caught in a geopolitical jam, carefully balancing ties with both Moscow and Kyiv.
Russia’s Scholars Are Silenced at Home and Isolated Abroad (Wilson Center) Russia’s war in Ukraine has divided life for Russians who disagree with official policy and actions into “before” and “after.” Russia’s scholars and scientists, its most independent minded and globally integrated group, are facing the kinds of choices they have never confronted.
Opinion | Who Will Get Rid of Putin? The Answer Is Grim. (New York Times) Terror is always more persuasive than anything else.
‘He was special’: the story of Zelenskiy told by his home town (the Guardian) Studying in Kryvyi Rih in the 1990s, Ukraine’s wartime leader often skipped class to focus on his standup
Attacks, Threats, and Vulnerabilities
You Can’t Audit Me: APT29 Continues Targeting Microsoft 365 (Mandiant) Mandiant has found APT29 using new TTPs and demonstrating advanced tactics targeting Microsoft 365.
Flash Notice: Zeppelin Ransomware Targets Healthcare (Avertum) Zeppelin ransomware is targeting the healthcare sector with a new campaign that involves multi-encryption tactics.
Reservations Requested: TA558 Targets Hospitality and Travel (Proofpoint) TA558 is a likely financially motivated small crime threat actor targeting hospitality, hotel, and travel organizations. Since 2018, this group has used consistent tactics, techniques, and procedures to attempt to install a variety of malware including Loda RAT, Vjw0rm, and Revenge RAT. TA558’s targeting focus is mainly on Portuguese and Spanish speakers, typically located in the Latin America region, with additional targeting observed in Western Europe and North America.
Cybercrime Group TA558 Ramps Up Email Attacks Against Hotels (Decipher) The small cybercrime actor is upping its operational tempo in 2022 against hospitality organizations like hotels and travel companies.
More than 200 cryptomining packages flood npm and PyPI registry (Sonatype) More than 200 malicious packages have flooded npm and PyPI registries to install cryptominers on Linux hosts.
LockBit claims ransomware attack on security giant Entrust (BleepingComputer) The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust.
Inflexible schedule: Group-IB reveals malicious APT41 campaigns involving new tactics and tools (Group-IB) Group-IB, one of the global leaders in cybersecurity, has released new research on the state-sponsored hacker group APT41. The Group-IB Threat Intelligence team estimates that in 2021 the threat actors gained access to at least 13 organizations worldwide. While analyzing the group’s malicious campaigns, Group-IB experts uncovered interesting adversary techniques and artifacts left by the hackers that point to their origin. The report also reveals details of their “working days“.
APT41 group: 4 malicious campaigns, 13 victims, new tools and techniques (Help Net Security) The state-sponsored attacker group APT41, whose goals are cyber espionage and financial gain, has been active since at least 2007.
Active Adversaries Increasingly Exploit Stolen Session Cookies to Bypass Multi Factor Authentication and Gain Access to Corporate Resources, Sophos Reports (GlobeNewswire News Room) With Stolen Session Cookies, Attackers can Impersonate Legitimate Users and Move Freely Around the Network...
China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure (Dark Reading) The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.
Suspected Chinese hackers spied on gov’ts, NGOs, media: Report (Al Jazeera) Cybersecurity firm says Amnesty International and Taiwan’s ruling party among organisations targeted in campaign.
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control (Cybereason) The Cybereason Global Security Operations Center (GSOC) Team issues Cybereason Threat Analysis Reports to inform on impacting threats. The Threat Analysis Reports investigate these threats and provide practical recommendations for protecting against them.
A Sticky Situation Part 2 (DomainTools | Start Here. Know Now.) In Part II of our CaramelCorp series, we discuss how the group doesn’t limit its cybercrime activities to skimming, rather they and groups like them will pivot to profitable new lines of business.
How Google Cloud blocked largest Layer 7 DDoS attack yet, 46 million rps (Google Cloud Blog) By anticipating a DDOS attack, a Google Cloud customer was able to stop it before it took down their site. They just weren’t expecting it to be the biggest known Layer 7 DDOS attack so far, at 46 million rps.
WestJet customers report data breach, leaked personal information (Toronto Star) WestJet app users say they were able to see personal details and account information associated with complete strangers.
How Safe Is Your VPN? (Cyber Security Works) Did you know hackers can exploit 125 weaponized vulnerabilities in VPN products to attack their targets? CSW analysts deep dive into exposures in VPNs that could compromise organizational networks.
How Much Does Your Home Know About You? (TechShielder) TechShielder dives deep into the world of the Internet of Things. How much does your home know about you and what does it know exactly?
CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA) CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.
Old laptop hard drives will allegedly crash when exposed to Janet Jackson music (Ars Technica) Problem has been assigned an official CVE ID, despite lack of specifics.
Novant Health Facebook marketing campaign leads to data breach (WCNC) The healthcare provider says personal information was disclosed to Facebook through a marketing campaign on the social media site.
Whitworth University urges patience after data breach, reported ransomware attack: 'This process does take time' (Spokesman.com) Whitworth University is taking steps to shore up its cyberdefenses following a reported ransomware attack that has left the university’s network crippled since late last month.
Security Patches, Mitigations, and Software Updates
Apple security updates fix 2 zero-days used to hack iPhones, Macs (BleepingComputer) Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs.
Cisco Releases Security Update for Cisco Secure Web Appliance (CISA) Cisco has released security updates to address vulnerabilities in Cisco Secure Web Appliance. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Siemens Linux-based Products (Update G) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Linux based products
Vulnerability: Use of Insufficiently Random Values
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update F) that was published November 11, 2021, to the ICS webpage at www.cisa.gov/uscert.
Siemens Industrial Products LLDP (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Classic Buffer Overflow, Uncontrolled Resource Consumption 2.
Siemens OpenSSL Affected Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Multiple industrial products Vulnerability: Infinite Loop 2. RISK EVALUATION Successful exploitation of this vulnerability could create a denial-of-service condition in the affected products.
Mitsubishi Electric MELSEC Q and L Series (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC Q and L Series Vulnerability: Improper Resource Locking 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service condition for Ethernet communication. A system restart would be required to restore functionality.
Mitsubishi Electric GT SoftGOT2000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GT SoftGOT2000 Vulnerabilities: Infinite Loop, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create a denial-of-service condition or enable arbitrary code execution.
Trends
Trend Micro predicts a "darkverse" of criminality (Technology Decisions) The emerging "metaverse" will bring with it a new "darkverse" of criminal activity hidden from law enforcement, Trend Micro has predicted.
Organizations Struggle to Fend Off Cloud and Web Attacks (Infosecurity Magazine) The study queries more than 950 IT and security professionals across the Americas, EMEA and APAC
Security and Fraud Protection Top List of Priorities for Banking Consumers in 2022 (Business Wire) Security and Fraud Protection Top List of Priorities for Banking Consumers in 2022
VXI Banking report 2022 (VXI) The Pandemic’s “Halo Effect” Appears to be Over
Palo Alto Networks’ Unit 42 Publishes 2022 Response Report (The New Stack) Palo Alto Networks' Unit 42 has released its 2022 response report, which is a culmination of findings from more than 600 incident response cases that aided in the analysis of threat trends and cybersecurity predictions.
Marketplace
BlastWave Accelerates Its Go-to-Market Strategy, Expands Its Management Team (PR Newswire) BlastWave today announced the appointment of Keao Caindec as Chief Marketing Officer (CMO) and Vince Zappula as Chief Revenue Officer (CRO),...
Winners Announced in Best in Biz Awards 2022 International (PRWeb) Best in Biz Awards, the only independent global business awards program judged each year by prominent editors and reporters from top-tier publications from around
onShore Security CEO Stel Valavanis to Join Private Directors Association Cybersecurity Committee (onShore Security) Cyberleader and CEO of onShore Security Stel Valavanis has been asked to join the cybersecurity committee of the Private Directors […]
Formic Hires Amazon, Coco, and BeyondTrust Alums Amid Hyper-growth Trajectory (RoboticsTomorrow) Formic’s risk-free, affordable, full-service pay-by-the-hour rental model removes traditional barriers to automation, helping small and mid-sized manufacturers
PIXM Adds Cybersecurity Industry Veteran Julian Waits to Board of Directors (Business Wire) PIXM, a computer vision cyber security startup, today announced an expansion of its Board of Directors with the addition of seasoned business executiv
Cisco’s Longtime Marketing Guru Jumps To VMware | CRN (CRN) Cisco’s marketing executive Prashanth Shenoy leaves the networking market leader to join VMware as vice president of cloud platform, infrastructure and solutions marketing.
BlueVoyant Welcomes Seasoned Executives to Advance Commercial Relationships and Strategic Initiatives (PR Newswire) BlueVoyant, an industry-leading cyber defense company converging internal and external security, today announced that Shane Akeroyd is joining...
Products, Services, and Solutions
IronNet to Collaborate with CISA to Strengthen the Nation’s Cyber Defense (IronNet) IronNet, Inc., member of the Joint Cyber Defense Collaborative (JCDC), today announced it has entered into an agreement with the Cybersecurity and Infrastructure Security Agency (CISA) to share information from IronNet’s Collective Defense platform to help the agency defend against increased global cyber threats.
Drata Adds Risk Management Solution to Further Integrate Security and Compliance Automation (PR Newswire) Drata, a security and continuous compliance automation platform, today announced the launch of Risk Management, enabling customers to manage...
NCC Group appointed as global auditor for GSMA Network Equipment Security Assurance Scheme (NESAS) (NCC Group) We are delighted to announce our recent appointment as one of only two global auditors for the GSMA Network Equipment Security Assurance Scheme (NESAS)
Optiv Canada Awarded First Enterprise Contract Under Federal Government's Cybersecurity Procurement Vehicle (PR Newswire) Optiv, the cyber advisory and solutions leader, today announced it has been awarded the first major enterprise contract under Shared Services...
Cobalt Iron Ranks High Among Leaders in GigaOm 2022 Radar Report for Enterprise Hybrid Cloud Data Protection
(WallStreet.com) Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced that GigaOm has named Cobalt Iron an industry Leader in its 2022 GigaOm Radar Report for Hybrid Cloud Data Protection: Large Enterprises. The company earned the ranking based on the features and capabilities of the Cobalt Iron Compass® enterprise SaaS backup platform.
Technologies, Techniques, and Standards
Three Best Practices for State Agencies to Strengthen Identity Protection (State Tech) According to the CrowdStrike Global Threat Report, 80 percent of security breaches use compromised identities.
Securing OAuth for Microsoft Environments (Obsidian Security) Cutting-edge detections for securing OAuth in Microsoft. Identify internal app compromises, supply chain risks, and device code flow abuse.
AFCLC and Air Force Cyber College Host Second Annual Cyber Training Event (DVIDS) The ability to disrupt U.S. military and civilian operations is no longer a hypothetical exercise perpetrated by bad actors. In fact, the number of cyber threats to our nation’s security increase exponentially each year. In response, 29 Language Enabled Airman Program scholars – including two U.S. Space Force Guardians, two U.S. Marine Corps Foreign Area Officers, and two U.S. Air Force crypto-linguists – gathered at Maxwell Air Force Base from bases worldwide for 10 days of advanced training during the Air Force Culture and Language Center’s Second Annual Cyber Language Intensive Training Event from June 6-17, 2022.
Design and Innovation
Spyware Hunters Are Expanding Their Toolset (WIRED) This invasive malware isn’t just for phones—it can target your PC, too. But a new batch of algorithms aims to weed out this threat.
Academia
Capella University's Bachelor of Science in Information Technology Redesignated as a National Center of Academic Excellence in Cyber Defense (Business Wire) Redesignation of Capella University’s Information Assurance and Cybersecurity BSIT program as a CAE-CD.
Back to school: 7 tips for improving your middle schooler's digital literacy (Avast) As our kids grow over the summer, so does their online fluency. Here are seven tips for working digital literacy into your back to school plans this year.
Legislation, Policy, and Regulation
Darktrace sale heightens fears over future of Britain’s tech sector (Times) Opposition is mounting to a potential sale of Darktrace, with shareholders and MPs speaking out over worries that it undervalues the Cambridge-based cybersecu
Solomon Islands secures $100m China loan to build Huawei mobile towers in historic step (the Guardian) This will be the first loan from China since the Pacific country switched allegiance from Taiwan in 2019
Statement on U.S.-Mexico Working Group on Cyber Issues (Mirage News) Following is the text of a joint statement by the Governments of the United States and Mexico: Begin Text: On August 10, the U.S.-Mexico Working Group
US government set to outlaw leaky software in the military (IT PRO) The 'secure-by-design' approach has been met broadly positively by experts and will aim to prevent high-profile security incidents
Senators Press FCC to Reconsider Ligado Decision (Via Satellite) A bipartisan group of seven senators sent a letter to the FCC this week, asking the commission to reconsider Ligado Networks license modification request
Senators launch last-minute push to overturn Ligado 5G decision (Defense News) A bipartisan group of senators urges the FCC to overturn the 2020 Ligado decision establishing a new 5G network that critics say could interfere with GPS.
Cyber Command's rotation 'problem' exacerbates talent shortage amid growing digital threat (CyberScoop) Many former Cyber Command and NSA officials say the military's rotation system and approach to retirement robs the military of cyber talent.
Litigation, Investigation, and Law Enforcement
U.S. Extradited Russian Accused of Money-Laundering Tied to Ryuk Ransomware Gang (Wall Street Journal) Denis Dubnikov, a 29-year-old Russian, was extradited this week from the Netherlands to the U.S. to face charges of laundering more than $400,000 in Ryuk proceeds.
Criminal complaint reveals new details in Dubuque university social media threats incident (KCRG) The Dubuque Police Department has released the criminal complaint, revealing new details in an incident that caused the lockdown of Clarke University earlier this month.