Dateline
Ukraine at D+183: Russia seeks more troops. (CvyberWire) As Russia's Defense Minister says the special military operation's optempo has been deliberately reduced for humanitarian reasons, President Putin issues a decree calling for 137,000 more troops. A nuclear accident at Zaporizhzhia has been narrowly averted, for now, and observers see fissures in what had been (by criminal standards) a relatively collegial Russophone cyber underworld.
Russia-Ukraine war: List of key events, day 184 (Al Jazeera) As the Russia-Ukraine war enters its 184th day, we take a look at the main developments.
Russia-Ukraine war: European support for Ukraine at risk due to energy crisis, says German ambassador – live (the Guardian) Germany’s representative to the UK says public support for Ukraine could diminish due to Putin ‘using gas as a weapon’
Zelenskiy says crisis averted as Russian-held Ukraine nuclear plant regains power (Reuters) President Volodymyr Zelenskiy said the world narrowly avoided a radiation disaster on Thursday as the last regular line supplying electricity to Ukraine's Russian-held Zaporizhzhia nuclear power plant was restored hours after being cut.
Ukraine war: Europe 'one step away from nuclear disaster', warns Zelensky (The Telegraph) Volodymyr Zelensky said the world narrowly avoided a radiation disaster as electricity to the Zaporizhzhia nuclear power plant was cut for hours because of Russian shelling in the area - allegations that Moscow denied.
Putin orders Russian military to beef up forces by 137,000 (AP NEWS) Russian President Vladimir Putin on Thursday ordered the Russian military to increase the number of troops by 137,000 to a total of 1.15 million amid Moscow’s military action in Ukraine.
Putin Orders a Sharp Expansion of Russia’s Hard-Hit Armed Forces (New York Times) The decree suggests that President Vladimir V. Putin expects a prolonged war in Ukraine, but he stopped short of full mobilization, and it was not clear how the military would reach his goal.
Putin Orders Russian Army to Expand as Battlefield Failures, Corruption Roil the Military (US News and World Report) The decree does not say how the Russian military should increase recruitment at a time its military is suffering from dramatic casualty rates in Ukraine – in part of its own making.
Ukraine recaptures territory larger than Denmark from Russian invaders (The Telegraph) Moscow has lost 17,375 square miles since March 21, the date of Russia's deepest advance into Ukraine
International Army Games makes a ‘mockery’ of Russian troops in Ukraine (The Telegraph) Critics accused military leaders of wasting valuable resources on the Olympics -style event and said it was ‘a feast in a time of plague’
Restraining Russian Ransomware (Foreign Policy Research Institute) Last May, Americans up and down the East Coast waited in long lines for gas. The panic wasn’t caused by a foreign war or sanctions—it was triggered by a
How the war in Ukraine is reshaping the dark web (New Statesman) As the war drags on, cracks are forming in the digital underworld
Enemy hackers attack Ukraine more than a thousand times since Feb 24 (Interfax-Ukraine) During the active military operations, the government response team to computer emergency events of Ukraine CERT-UA, operating under the State Service of Special Communications and Information Protection, registered 1,123 cyber attacks.
Organisations changing cyber strategy in response to war in Ukraine (SecurityBrief Australia) Nearly two-thirds suspect their organisation has been either directly targeted or impacted by a nation-state cyberattack.
The Disturbing Return of the Fifth Column (Foreign Affairs) How enemies within—real and imagined—are influencing geopolitics.
‘Vampire’ to transform Ukraine pickups into deadly missile launchers (Defense News) The L3Harris-made Vampire will be included in the nearly $3 billion in aid announced Wednesday.
Is the US mission to support Ukraine getting a named operation? (Military Times) Will Ukraine support be given its own Operation XYZ?
Putin might just win his giant bet against a fractured West (The Telegraph) European leaders now face the unenviable task of persuading their voters that the economic distress they will suffer is a price worth paying
Are sanctions on Russia working? (The Economist) The lessons from a new era of economic warfare
Russia divestment promises by US states largely unfulfilled (AP NEWS) Driven by moral outrage over Russia’s invasion of Ukraine earlier this year, U.S. governors and other top state officials made it clear: They wanted to cut their financial ties with Russia. A few states quickly followed through.
Attacks, Threats, and Vulnerabilities
Cyberattack Raises Pressure on European Water Providers During Drought (Wall Street Journal) A cyberattack on a British company that supplies drinking water to 1.6 million customers has raised security concerns about the vulnerability of such utilities across drought-stricken Europe.
Hackers adopt Sliver toolkit as a Cobalt Strike alternative (BleepingComputer) Threat actors are dumping the Cobalt Strike penetration testing suite in favor of similar frameworks that are less known. After Brute Ratel, the open-source, cross-platform kit called Sliver is becoming an attractive alternative.
Automatic Execution of Code Upon Package Download on Python Package Manager (Checkmarx.com) A worrying feature in pip/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.
Threat Assessment: Black Basta Ransomware (Unit 42) Black Basta is ransomware as a service (RaaS) that first emerged in April 2022. However, evidence suggests that it has been in development since February. The Black Basta operator(s) use the double extortion technique, meaning that in addition to encrypting files on the systems of targeted organizations and demanding ransom to make decryption possible, they also maintain a dark web leak site where they threaten to post sensitive information if an organization chooses not to pay ransom.
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone (Microsoft Threat Intelligence Center (MSTIC)) Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised environments.
Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers (The Hacker News) Microsoft has uncovered "MagicWeb," a new "highly targeted" post-exploitation malware used by Nobelium APT hackers to gain persistent access.
Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass (ZDNET) Isolate your Active Directory Federation Server, because the Kremlin's top hackers prize them for authentication after compromising a target's network.
Researchers Uncover Kimusky Infra Targeting South Korean Politicians and Diplomats (The Hacker News) Researchers uncover malware and infrastructure of North Korean Kimusky hackers targeting South Korean politicians and diplomats.
Quantum ransomware attack disrupts govt agency in Dominican Republic (BleepingComputer) The Dominican Republic's Instituto Agrario Dominicano has suffered a Quantum ransomware attack that encrypted multiple services and workstations throughout the government agency.
Notice of Recent Security Incident (The LastPass Blog) We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.
LastPass Says Source Code Stolen in Data Breach (SecurityWeek) Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information.
LastPass developer systems hacked to steal source code (BleepingComputer) Password management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company's source code and proprietary technical information.
Detecting Scatter Swine: Insights into a relentless phishing campaign (Okta Security) Summary
Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.
Twilio hackers hit over 130 orgs in massive Okta phishing attack (BleepingComputer) Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts.
Twilio says breach compromised Authy two-factor app users (TechCrunch) Hackers gained access to the accounts of 93 Authy users and registered additional devices.
How Are Ransomware Groups' Shakedown Tactics Evolving? (Bank Info Security) The latest edition of the ISMG Security Report discusses how ransomware groups continue to refine their shakedown tactics and monetization models, highlights from
LockBit ransomware accuses Entrust for DDoS attacks against leak sites and showed proof that may make you smile also (The Tech Outlook) A distributed denial-of-service (DDoS) attack that appears to have been undertaken in retaliation to the cybercriminals disclosing data they had obtained from security firm Entrust has put the leak website of the LockBit ransomware operation offline. Entrust began notifying consumers about the incident on July 6, after it was detected on June 18. The attack …
Scripting Attacks on E-Commerce Sites Hit Ally Bank Accounts (Gov Info Security) Cyber criminals are running scripting attacks on e-commerce sites that attempt to complete small payments by automatically inputting payment card numbers based on
Websites Can Identify If You’re Using iPhone’s New ‘Lockdown’ Mode (Vice) Lockdown Mode disables a series of features that can be used to hack iPhone users. But the lack of these features also makes it easier to figure out who is using Lockdown Mode.
Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million (SecurityWeek) Leaked documents appear to show a spyware firm offering Android and iOS exploits and other services for $8 million.
Alleged cyber attacks on MLA Leela Aheer's Facebook accounts lead to RCMP investigation (CBC) Aheer wrote on Twitter that her Facebook accounts had been hacked and were "being used for sexual exploitation."
NHS Cyber Attack, August 2022: What's the Fallout? (Axio) Hear from Axio’s Brendan Fitzpatrick, CISSP, CRISC on the fallout, and what you must know for your own cyber risk plan.
Cyber-Attack Disrupts Public Services in Fremont County, Colorado (The National Law Review) Government offices and public services in Freemont County, Colorado, have been disrupted since August 17, 2022, due to a “cybersecurity event affecting our county computer systems.”
As
911 ring times double during JSO cyber attack, not related according to representative (Action News Jax) the average ring time jumped to 22 seconds and then 40 seconds on Sunday when the city’s network issues prompted the JSO to shut down parts of its computer system used by dispatchers
Security Patches, Mitigations, and Software Updates
Palo Alto warns of firewall vulnerability used in DDoS attack on service provider (The Record by Recorded Future) Palo Alto Networks is urging customers to patch a line of firewall products after finding that the vulnerability was used in a DDoS attack.
FATEK Automation FvDesigner (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: FATEK Automation Equipment: FvDesigner Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the FvDesigner software tool are affected:
Instagram sets new users under 16 to restrictive content setting (TechCrunch) Instagram is updating a critical set of features that will now default users under the age of 16 to the app's most restrictive content setting.
Trends
NCC Group Monthly Threat Pulse - July 2022 (Mynewsdesk) The ransomware threat scene continues to evolve following the disbanding of Conti, as ransomware attacks rose from 135 in June to 198 in July, representing a...
2022 Trustwave SpiderLabs Telemetry Report (Trustwave) As organizations go about their regular routine of finding and adding new technologies to help increase their overall success, each organization must keep in mind the security implications of each move, along with the fact that much of their current technology stack has to be maintained with a well-thought out and quickly implemented patching program.
As governments shun ransomware payments, cyberattacks may cost taxpayers even more (The Hill) Nearly half of the world’s government entities paid ransom in 2021.
Marketplace
Cyberstarts Closes $60M in Seed Fund III (Dark Reading) Venture firm hires former Splunk CEO to spearhead new GTM advisory board and help portfolio companies scale up.
Johnson Controls Invests in Nozomi Networks and Signs Framework Agreement for Providing Nozomi Networks Cybersecurity Services (Johnson Controls) Investment reinforces Johnson Controls' commitment to best-of-breed cybersecurity for smart buildings, facilities automation and managed services
Security company Tufin completes acquisition, makes layoffs (Boston Business Journal) An Israeli-Boston security company that was acquired by a software-focused private equity firm completed its acquisition today by Turn/River Capital in a deal valued at approximately $570 million.
Flashpoint Approved As DOD SkillBridge Provider, Will Help Service Members Transition to Civilian Work (Business Wire) Flashpoint, the globally trusted leader in actionable intelligence, today announced that it is now an authorized provider of the Department of Defense
QuintessenceLabs Chosen as Inaugural Member of the Quantum Security Alliance (PR Newswire) QuintessenceLabs, an industry leader in quantum cybersecurity, today announced it has been named the first private-sector member of the Quantum...
Huawei founder sparks alarm in China with warning of ‘painful’ next decade (the Guardian) Ren Zhengfei writes in leaked memo that ‘chill will be felt by everyone’ and company must focus on survival
Embattled spyware firm becomes ‘cautionary tale’ for industry (The Hill) The embattled Israeli spyware firm NSO Group is replacing its CEO and cutting 13 percent of its workforce as it tries to recover from being blacklisted by the U.S. government. Experts say the…
Sonatype Names Mitchell Johnson as Chief Product Development Officer (Sonatype) Sonatype bolsters its leadership team with the addition of Mitchell Johnson as Chief Product Development Officer.
AttackIQ Strengthens Leadership Team with Appointment of John Brown as Head of Global Channel (PR Newswire) AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) systems, today announce the appointment of John Brown as Head...
Products, Services, and Solutions
Adding the Save in 1Password button to your website just got way easier (1Password Blog) You can now add the Save in 1Password button to your website without anyone from 1Password getting involved with the process.
Coinbase, whose CEO called most politics a 'distraction', launches voter registration tool (Cointelegraph) Coinbase's voter registration tool is part of an initiative to get the crypto community engaged in policy discussions.
Kaspersky and Microsoft partner to deliver Threat Intelligence to Microsoft Sentinel users (ANI News) New Delhi [India], August 25 (ANI/Bloomingdale): Kaspersky Threat Data Feeds are now integrated with Microsoft Sentinel, a cloud-native SIEM and SOAR solution to help Microsoft Sentinel users with actionable context for attack investigation and response. With this integration, enterprise security teams can extend cyber threat detection capabilities and increase the effectiveness of initial alert triage, threat hunting or incident response.
MOXFIVE Partner Ecosystem Achieves Key Milestone Further Scaling Its P (PRWeb) MOXFIVE, a technical advisory firm specializing in cybersecurity and information technology, announced a key milestone of the MOXFIVE Partner Ecosystem eclipsin
AWS Preps ‘Bastion’ Cloud Service for Advertisers (The Information) Amazon Web Services is preparing to unveil a cloud service to help companies improve the way they target ads to potential customers without violating data privacy laws, according to three people with knowledge of the product. The move comes as advertisers try to recover from, and get ahead of, ...
Technologies, Techniques, and Standards
How U.S. Cyber Command, NSA Are Defending Midterm Elections: One Team, One Fight (U.S. Department of Defense) With 75 days until the midterm elections, the Defense Department is fully engaged to defend the U.S. electoral system from foreign interference and foreign influence alongside interagency partners.
US 'actively defending against foreign interference and influence' in midterms, Cyber Command says (CNN) US military and intelligence officials are stepping up their efforts to defend the electoral process from foreign hacking and disinformation as the November midterms approach, officials said Thursday.
Cyber Command, NSA tout election security group ahead of midterms (The Record by Recorded Future) U.S. Cyber Command and National Security Agency officials on Thursday said their joint election security task force is already engaged in keeping the upcoming midterm elections free from foreign interference by adversaries like Iran, China and Russia.
Five years to zero trust: Pentagon has 'no choice' but to sprint toward network goals (Breaking Defense) “I can tell you at DoD, we’re taking this very seriously,” DoD CIO John Sherman said. “And we are committed to implementing zero trust at scale for our four-million-person-plus enterprise that we lead.”
TEFCA promises true data interoperability, but industry must address security challenges (MedCity News) There’s no doubt that a full rollout of Trusted Exchange Framework and Common Agreement (TEFCA will save lives and improve patient care and outcomes. Challenges remain, however, centered on how to maintain data privacy and security as the number of electronic connections increases exponentially among data networks.
PCI DSS v4.0 is Coming: Here’s How to Achieve Compliance (PerimeterX) In March, the Payment Card Industry Security Standards Council published Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 to address emerging threats and market changes. PCI DSS v4.0 is set to go into full effect in March 2025, replacing PCI DSS Version 3.2.1. Learn how this will impact your business and what you can do to achieve compliance.
How a threat-informed defense delivers the visibility security teams need (SC Media) Here’s how a threat-informed defense can help the team leverage its security tools.
Meta makes the case for creating a privacy red team (IT World Canada) 'Offensive security' in the form of a security red team is a capability that some IT leaders have created in their organizations to test the protection of their IT environment. But what about 'offensive privacy? Why not create a privacy red team? Scott Tenaglia, engineering manager of Meta's privacy red team thinks it's time more
What is doxing and how to protect yourself (WeLiveSecurity) Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you.
Design and Innovation
China's Baidu reveals its first quantum computer called Qianshi (Reuters) Chinese search engine giant Baidu Inc revealed its first quantum computer on Thursday and is ready to make it available to external users, joining the global race to apply the technology to practical uses.
Legislation, Policy, and Regulation
Taiwan Is Ground Zero for Disinformation—Here’s How It’s Fighting Back (Wall Street Journal) Chinese disinformation campaigns against Taiwan are being countered by the island’s nimble fact-checking groups, which find and debunk what they identify as disinformation before it spreads too widely.
Chemical Sector Next in Line for White House Plan to Incentivize Cybersecurity (Nextgov.com) Operators of chemical facilities will follow those of electric utilities, gas pipelines and water treatment plants in being asked to facilitate visibility into their systems.
NSTAC Urges CISA Action to Boost Security of Feds’ OT Systems (MeriTalk) The National Security Telecommunications Advisory Committee (NSTAC) voted on August 23 to approve a report recommending that the Cybersecurity and Infrastructure Security Agency (CISA) issue an order requiring all Federal civilian agencies to catalog all of their operational technology (OT) devices and systems as one of many steps to improve OT cybersecurity in government and the private sector.
FTC Proposes Change in Regulation, Enforcement of Data Collection and Security (cyber/data/privacy insights) Key Takeaways
On August 11, 2022, the Federal Trade Commission announced an advance notice of proposed rulemaking (ANPR) to initiate a process that would allow it to develop and enforce rules on what the FTC has termed “commercial surveillance,” which it broadly defines as the “collection, aggreg
DHS Eyes Cybersecurity Self-Assessments for Vendor Base; Ken Bible Quoted (Executive Gov) The Department of Homeland Security is working on a rule that would allow contractors to evaluate their compliance with cybersecurity requirements through self-assessments instead of implementing a program that relies on third-party assessors, Federal News Network reported Wednesday.
Litigation, Investigation, and Law Enforcement
Nato investigates hacker sale of missile firm data (BBC News) Hackers are selling classified documents online after obtaining data belonging to missile maker MBDA.
CPJ joins letters urging U.S. government to hold NSO Group accountable on spyware (Committee to Protect Journalists) The Committee to Protect Journalists joined human rights and press freedom organizations in separate actions in August urging the United States government to hold NSO Group accountable for providing Pegasus spyware to governments that have used the tool to secretly surveil journalists around the world. In a joint letter to Acting Solicitor General Brian Fletcher...
An Instagram Sextortionist Tricked 30 Boys Into Sharing Intimate Photos, FBI Says. One Took His Own Life (Forbes) Sextortion, in which explicit imagery of victims is used to blackmail them, is spiking across America, much of it targeting teenage boys on Instagram and Snapchat.
Coinbase Security Issues Persist Despite Regulatory Intervention, Lawsuit Claims (The Recorder) A lawsuit filed in San Francisco federal court Tuesday alleges that security issues persist despite Coinbase paying “large fines” to regulators for prior vulnerabilities. Matthew Borden, of BraunHagey & Borden, said a law passed in 1978 could be the answer to address the new waves of fintech institutions.
Judge OKs Robinhood $20M data breach settlement (Compliance Week) Online stock trading platform and broker-dealer Robinhood Financial moved closer to paying $20 million as part of a class-action settlement with thousands of customers whose accounts were allegedly accessed by unauthorized users.
Scans of Students’ Homes During Tests Are Deemed Unconstitutional (WIRED) An Ohio judge ruled that such surveillance to prevent cheating could form a slippery slope to more illegal searches.
Twitter Ordered to Give Musk Additional Bot Account Data (SecurityWeek) A judge told Twitter to surrender more data to Elon Musk on fake accounts, a key issue the billionaire is using to try to cancel his buyout bid.
Pinterest is facing a civil rights investigation in California (Protocol) California’s Civil Rights Department has reached out to former Pinterest employees, including whistleblower Ifeoma Ozoma, as possible witnesses.