Dateline Moscow, Kyiv: Notes on Russia's hybrid war.
Ukraine at D+190: Trimming expectations and calling for assassinations. (CyberWire) As Ukraine's counteroffensive continues, Russian media personalities blame NATO for setbacks and speculate about the need for a program of targeted assassination, in both Ukraine and NATO. Experts look at the mixed record of state cyber operations, hacktivism, and privateering in the hybrid war.
Russia-Ukraine war: List of key events, day 191 (Al Jazeera) As the Russia-Ukraine war enters its 191st day, we take a look at the main developments.
Ukraine retaking territory from Russians in the south, but at a heavy cost (The Telegraph) Well-equipped Russians are fighting hard, say Ukrainian soldiers wounded in the fierce fighting
Ukraine’s Drones Are Back—And Blowing Up Russian Artillery In The South (Forbes) Ukraine’s Turkish-made drones are blowing up Russian equipment in southern Ukraine, helping to clear a path for Ukrainian battalions as they fight their way toward Russian-occupied Kherson.
Could Ukraine’s new counteroffensive kick Russian troops out of Kherson? (Atlantic Council) We reached out to one of our active-duty military fellows to assess how events along Ukraine's southern front might play out in the coming weeks.
US war-gamed with Ukraine ahead of counteroffensive and encouraged more limited mission (CNN) In the buildup to the current Ukrainian counteroffensive, the US urged Kyiv to keep the operation limited in both its objectives and its geography to avoid getting overextended and bogged down on multiple fronts, multiple US and western officials and Ukrainian sources tell CNN.
Russian state TV host suggests total victory in Ukraine not possible (Newsweek) Another host on the Russian news program "The Meeting Place" mused about his "fantasy" that a Pentagon official dealing with Ukraine "chokes on a cherry pit."
UN inspectors arrive at Ukraine nuclear plant amid fighting (AP NEWS) A U.N. inspection team entered Ukraine's Zaporizhzhia nuclear power plant Thursday on a mission to safeguard it against catastrophe, reaching the site amid fighting between Russian and Ukrainian forces that prompted the shutdown of one reactor and underscored the urgency of the task.
U.N. Inspectors Gauge Risks at Nuclear Plant as Ukraine and Russia Trade Accusations (New York Times) Russia and Ukraine appeared to be trying to frame a visit by the U.N. nuclear agency before inspectors present their findings.
IAEA head ignores gunfire to visit Ukraine nuclear plant, says experts to stay (Reuters) The head of the U.N.'s atomic watchdog, ignoring gunfire he said had come uncomfortably close, visited the Russian-occupied Zaporizhzhia nuclear plant in Ukraine on Thursday and said his experts would stay at the facility.
Opinion: Don't wake the nuclear giant on our doorstep (CNN) Ukrainian teenagers know a thing or two about atomic anxiety. Writer Sasha Dovzhyk grew up not far from the Zaporizhzhia nuclear power plant -- the biggest in Europe and now the focus of mounting fears of nuclear disaster.
A Russian Oil Executive Dies Under Murky Circumstances (New York Times) The chairman of Lukoil, Russia’s second-largest oil company, fell to his death from a sixth-floor hospital window in Moscow.
New findings expose machinery of Russia’s ‘filtration’ of Ukrainians (Washington Post) Russia and its allies have subjected Ukrainians to an abusive “filtration” process and forcibly transferred hundreds of thousands to Russia, new reports say.
Hacks tied to Russia and Ukraine war have had minor impact, researchers say (The Record by Recorded Future) Although politicians and cybersecurity experts have warned about the potential for widespread hacks in the wake of Russia’s invasion of Ukraine, a new study finds that attacks linked to the conflict have had minor impact and are unlikely to escalate further.
Getting Bored of Cyberwar: Exploring the Role of the Cybercrime Underground in the Russia-Ukraine Conflict (arXiv:2208.10629v2) There has been substantial commentary on the role of cyberattacks, hacktivists, and the cybercrime underground in the Russia-Ukraine conflict. Drawing on a range of data sources, we argue that the widely-held narrative of a cyberwar fought by committed ‘hacktivists’ linked to cybercrime groups is misleading.
Why Russia's cyber war in Ukraine hasn't played out as predicted (New Atlas) With Russia's invasion of Ukraine dragging into its seventh month, a number of oddities are emerging from this odd war. One of the most perplexing is the question of why a major cyber warfare power like Russia has launched so few and such ineffective cyber attacks against Ukraine and its…
Cyber key in Ukraine war, says spy chief (The Canberra Times) The Ukraine conflict has opened the door for organised criminal groups to engage in cyber-crime, which took some...
Italy Says Cyber Attacks on the Rise Since Invasion of Ukraine (Bloomberg) Italy’s foreign minister said cyber attacks on western European companies have risen following the Russian invasion of Ukraine, as Rome deals with the fallout from hacker actions targeting energy companies earlier this week.
SSSCIP: Ukraine expands cooperation in cybersecurity with Poland (Odessa Journal) Oleksandr Potii, the SSSCIP Deputy Head, met Karol Molenda, the Commander of the Cyberspace Defense Forces of Poland. It is the first meeting aimed at
Montenegro Sent Back to Analog by Unprecedented Cyber Attacks (Balkan Insight) The US has sent a team of FBI investigators to NATO ally Montenegro following an unprecedented cyber assault on the country’s public administration.
Montenegro blames criminal gang for cyber attacks on government (EU Reporter) Broken ethernet cable is seen in front of binary code and words
Ransomware Attack Sends Montenegro Reaching Out to NATO Partners (Bloomberg) US warned of ‘persistent’ hack affecting the small country. ‘Cuba’ malware used to render websites, databases inoperable.
Сбой в работе «Яндекс Такси» вызвал пробки на Кутузовском проспекте Москвы (Forbes.ru) Массовые фейковые заказы в район Фили в Москве вызвали сбой в работе «Яндекс Такси», сообщила пресс-служба агрегатора. В результате искусственного скопления автомобилей на Кутузовском проспекте образовались пробки
Yandex Taxi hack creates huge traffic jam in Moscow (Cybernews) Hackers meddled with ride-hailing service Yandex Taxi to create a two-hour-long traffic jam in the Russian capital.
Anonymous hacked Russia's largest taxi firm and caused a massive traffic jam (Daily Star) An anonymous hacker reportedly caused a massive traffic jam in central Moscow by taking control of the country's largest cab firm and ordering all of them to the same place at once
“I’m tired of living in poverty” – Russian-Speaking Cyber Criminals Feeling the Economic Pinch (Digital Shadows) Cybercriminals are a hardy and adaptable breed. Our Photon Research Team keeps an eye on the latest activities as we enter the final quarter of 2022.
Russia must be held accountable for committing genocide in Ukraine (Atlantic Council) Efforts to hold Russia accountable for genocide in Ukraine will involve war crimes trials but must also focus on the broader challenge of addressing Russia's historical sense of impunity, writes Danielle Johnson
Flawed assumptions hamper Western response to Russia’s Ukraine War (Atlantic Council) The Western response to Russia's Ukraine invasion is being undermined by flawed assumptions over the danger of a possible nuclear escalation and the need to maintain a workable relationship with Russia.
Allies must ‘maintain our stamina’ in Ukraine, says Danish defense minister (Atlantic Council) It’s time for what Bødskov considers to be phase three of the West’s strategy of supporting Ukraine, which should include weapons donations, military training, demining, and more.
Russia looks set to restart gas supplies via Nord Stream 1 — a sign of relief for Europe in its energy crisis (Markets Insider) Network data suggest the flows will restart after a three-day halt with the pipeline operating at 20% of its normal capacity, as before the shutdown.
Gorbachev was "shocked and bewildered" by war in Ukraine, interpreter says (Axios) Former Soviet leader Mikhail Gorbachev, who died earlier this week at the age of 91, was "shocked and bewildered" by Russia's war in Ukraine, his interpreter of 37 years, Pavel Palazhchenko, told Reuters Thursday.
The Gorbachev Vacuum (Foreign Affairs) How the Soviet leader’s legacy helps explain Russia’s wars.
Death of Mikhail Gorbachev highlights Europe’s lingering memory divide (Atlantic Council) The death of Mikhail Gorbachev has highlighted the memory divide between Western Europe and the countries of the former Eastern Bloc that also shapes contemporary attitudes toward Putin's imperial agenda.
What legacy does Mikhail Gorbachev, the last Soviet leader, leave behind? (Atlantic Council) Our experts examine Gorbachev's complicated legacy and wonder: What could have been?
Covering Gorbachev: AP remembers his wit, wisdom, warmth (AP NEWS) When news hit that Mikhail Gorbachev had died at age 91, Associated Press journalists around the world began sharing their “Gorby” stories from covering the last Soviet leader or interviewing him in Russia or abroad in the three decades that followed.
Without Gorbachev, Reagan wouldn’t have won the Cold War (Atlantic Council) Victory and success, the late Soviet leader once said, can only be found when all parties feel they have won something.
The war in Ukraine is an opportunity to upgrade the transatlantic architecture. Here’s how. (Atlantic Council) Atlantic leaders should treat the current conflict—just as they did the Cold War—as an opportunity to improve institutional capabilities.
Britain After Ukraine (Foreign Affairs) A new foreign policy for an age of great-power competition.
Attacks, Threats, and Vulnerabilities
REvil says they breached electronics giant Midea Group (Cybernews) Hackers claim to have stolen around 400 GB of data, including firmware source code and financial data.
Paralysed French hospital fights cyber attack as hackers lower ransom demand (RFI) A hospital southeast of Paris has been crippled by an ongoing cyberattack, drastically reducing the number of patients who can be admitted and forcing a return to pre-digital workflows. Security experts…
Threat Actor Phishing PyPI Users Identified (Dark Reading) "JuiceLedger" has escalated a campaign to distribute its information stealer by now going after developers who published code on the widely used Python code repository.
Raspberry Robin and Dridex: Two Birds of a Feather (Security Intelligence) Explore in-depth analysis on the Raspberry Robin worm, tying it to Russia-based cybercriminal group 'Evil Corp' — the same group behind the Dridex Malware.
Experts warn of more Ragnar Locker attacks, days after group targets airline (The Record by Recorded Future) The Ragnar Locker ransomware gang is likely to continue targeting critical infrastructure with attacks, according to Cybereason.
Italian Oil Giant Eni Hit by Cyber Attack (Insurance Journal) The Italian oil giant Eni SpA said Wednesday that its computer networks were hacked in recent days and that the consequences so far appeared to be minor.
Instagram Phishing Campaign: Hackers Exploit Social Verification (Vade Secure) Instagram phishing campaign targets specific users of the platform to steal personal information and account credentials.
Thousands lured with blue badges in Instagram phishing attack (BleepingComputer) A new Instagram phishing campaign is underway, attempting to scam users of the popular social media platform by luring them with a blue-badge offer.
FBI issues warning after crypto-crooks steal $1.3b in just 3 months (The State of Security) The FBI has warned that cybercriminals are increasingly targeting DeFi platforms and exploiting vulnerabilities in smart contracts.
Cyber Criminals Increasingly Exploit Vulnerabilities in Decentralized Finance Platforms to Obtain Cryptocurrency, Causing Investors to Lose Money (FBI IC3) The FBI is warning investors cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal cryptocurrency, causing investors to lose money.
American Express: This is a Secure Message from your Attacker (Armorblox) This blog examines a credential phishing attack, which impersonated the brand American Express. The email attack looked like a notification email from American Express, with a link that took victims to a malicious landing page that exfiltrated sensitive PII information.
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers (The Hacker News) Researchers uncover three related but distinct campaigns that spread malware such as ModernLoader, RedLine stealer, and cryptocurrency miners.
Snake Keylogger Returns with New Malspam Campaign Targeting IT Firms (Hacking News) The IP addresses used in the attack originated from Vietnam, while the campaign’s primary targets were located in the USA.
San Francisco 49ers: Blackbyte ransomware gang stole info of 20K people (BleepingComputer) NFL's San Francisco 49ers are mailing notification letters confirming a data breach affecting more than 20,000 individuals following a ransomware attack that hit its network earlier this year.
Twitter is down showing ‘Something went wrong’ errors (BleepingComputer) If you're experiencing issues on Twitter, you are not the only one as the social network is currently going through an outage that makes it impossible for users to read tweets and tweet replies on the web.
The Inevitability of Cloud Breaches: Tales of Real-World Cloud Attacks (Dark Reading) While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. (First of two parts.)
Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation (Dark Reading) Cloud breaches are inevitable — and so is cloud ransomware. (Second of two parts.)
Social media's role in spreading U.S. election disinformation in the spotlight (CSO Online) Before Twitter's former CISO sounded the alarm bell, the U.S. government defined steps to counter misinformation and disinformation at the state, local and federal levels.
CorrectHealth Suffers Email Account Data Breach, 54K Impacted (Health IT Security) Georgia-based CorrectHealth (CH), which provides healthcare to individuals inside correctional facilities, reported a data breach to the Maine Attorney General’s Office that impacted 54,000 individuals.
Tulsa Tech Hit By Data Breach (News 9) Tulsa Tech says someone stole data belonging to students who were enrolled in its classes between 1986 and 1999.
University warns of fraudulent job offer scam (The University Record) Imagine receiving an email from a professor or a colleague asking if you are interested in a job or an internship, perhaps right at the time when job-search stress is setting in.
Stolen credentials selling on Dark Web for price of 3 litres of fuel (Intelligent CIO Africa) New HP Wolf Security report exposes ironic ‘honour among thieves’ as cybercriminals rely on dispute resolution services, R50 000 vendor bonds and escrow payments to ensure ‘fair’ dealings. HP has released The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back – an HP Wolf Security Report. […]
Security Patches, Mitigations, and Software Updates
Apple Releases Security Updates for Multiple Products (CISA) Apple has released security updates to address a vulnerability (CVE-2022-32893) in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Exploitation of this vulnerability could allow an attacker to take control of affected device. CISA encourages users and administrators to review Apple’s advisory HT213428 and apply necessary updates.
Contec Health CMS8000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Contec Health Equipment: CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor Vulnerabilities: Improper Access Control, Uncontrolled Resource Consumption, Use of Hard-Coded Credentials, Active Debug Code 2.
Delta Electronics DOPSoft (CISA) 1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Out-of-bounds Read 2.
Trends
Indian firms get serious about cybersecurity only when ‘attacked’, shows study (Techcircle) Indian firms remain passive in their cybersecurity approach, and in most cases, it takes an attack (or multiple attacks) to change their strategy or mindset, according to a new study.
Marketplace
Why cybersecurity stocks are beating the market (CNBC) Security spending remains robust as the war in Ukraine and emergence of hybrid workplaces keeps companies on edge.
Local cyber risk solutions company announces merger (Nashville Post) Clearwater adds Austin firm to bolster its health IT data services offerings
How threat intelligence became key to Microsoft's computer security (Globes) Microsoft global head of threat intel and security research John Lambert charts the tech giant's transformation into a cybersecurity superpower.
KAZAKHSTAN : Kazakh intelligence generates local cyber industry with Kazdream (Intelligence Online) After years of off-the-shelf purchases of cyberoffensive tools from abroad, Nur-Sultan's interception sector is producing local private providers. Local company Kazdream is at the forefront of these
Rubrik passes subscription milestone, launches research unit (iTWire) Security specialist Rubrik has reported more than doubling its annual recurring revenue from software subscriptions, passing $400 million. The company claims more than 4,500 customers including some big names including Citigroup, Estee Lauder, and The Home Depot. Rubrik also announced the launch of...
Kim Anstett Appointed Trellix Chief Information Officer (Business Wire) Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today announced Kim Anstett has joined Trellix as C
Barracuda names Chris Ross as Chief Revenue Officer (PR Newswire) Barracuda, a trusted partner and leading provider of cloud-first security solutions today announced that security, storage and channel veteran...
GreyNoise Intelligence Adds Proven Industry Leaders to its Executive M (PRWeb) GreyNoise Intelligence, the cybersecurity company analyzing internet scanning traffic to separate threats from background noise, today announced key addition
Products, Services, and Solutions
NormCyber awarded a place on CCS Cyber Security Services 3 dynamic purchasing system (Norm) NormCyber has announced its services are now available on the CCS Cyber Security Services 3 dynamic purchasing system
New CyberRes Voltage File Analysis Suite Enables Proactive Data Protection with SmartScan (PR Newswire) CyberRes, a Micro Focus (LSE: MCRO; NYSE: MFGP) line of business, today announced a new version of Voltage File Analysis Suite (FAS), a cloud...
Avertium protects Fusion MXDR clients with Detection-as-Code Content Packs through utilization of SnapAttack (SnapAttack) Sept. 1, 2022 – Avertium, a cyber fusion company that offers solutions for mid-to-enterprise organizations to protect assets and manage risk, today, announced a partnership with SnapAttack to better protect its Fusion MXDR customers. Avertium will utilize SnapAttack’s detection-as-code platform to offer its clients an innovative solution that enables commercial and nation-state-level cyber operations the […]
Avertium announces new Detection-as-Code Content Packs in Fusion MXDR by leveraging SnapAttack (Avertium) By bringing offensive tradecraft into the defensive process, Avertium is taking one of many steps forward on the journey towards enabling proactive cybersecurity for each and every one of the clients we serve.
Intel and Check Point form new partnership for IoT security (CEN) The move will see Check Point's Quantum IoT Protect Nano agent embedded within Intel’s new platform
Intel Selects Check Point Quantum IoT Protect for RISC-V Platform (Infosecurity Magazine) IoT device manufacturers can now incorporate security at the start of the product life-cycle
Kyndryl Achieves Coveted Cisco Global Gold Integrator Certification: Exclusive (CRN) Kyndryl, one of the largest global solution providers that spun out of IBM, has achieved Cisco Global Gold Integrator status, the company told CRN.
Dashlane is ready to replace all your passwords with passkeys (The Verge) The end of the password is coming, one app at a time
Technologies, Techniques, and Standards
NSA, CISA, ODNI Release Software Supply Chain Guidance for Developers (National Security Agency/Central Security Service) The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) released Securing the Software Supply Chain
NSA, CISA and ODNI release new software supply chain guidelines for developers (FCW) An interagency, public-private working group “strongly encouraged” software developers to begin implementing a suite of best practices aimed at further securing the software development lifecycle.
New guidance on software supply chain attacks released (Computing) Linux Foundation's OpenSFF releases npm security guide while US agencies NSA and CISA advise on hardening the component supply chain
BSP to watch banks with cyber software (Philippine Daily Inquirer) The Bangko Sentral ng Pilipinas (BSP) has cued the rollout of a software solution at selected BSP-supervised entities as part of efforts to further enhance banking and financial industry resilience against cybersecurity attacks.
Aiman Mazahreh, STS: “everyone should be trained on cybersecurity skills and have cybersecurity digital literacy” (Cybernews) In today’s digital world, all organizations are at risk of cyberattacks. However, smaller businesses tend to be vitally more vulnerable as they lack the security infrastructure of bigger companies.
Research and Development
BREAKING: Upcoming DARPA Program to Allay 5G Security Concerns (National Defense) A soon-to-be-announced Defense Advanced Research Projects Agency program will seek to make communicating over 5G networks more secure.
Academia
Here’s 5 free online cybersecurity courses hosted by top universities (Fortune) During the past year, 80% of organizations have suffered data breaches that the company could attribute to a lack of cybersecurity skills.
To Get a Job With NSA, Here's What to Study (US News & World Report) Many liberal arts degrees can lead to jobs with the National Security Agency.
Cerebrum Launches Identity Pittsburgh Initiative in Partnership with Carnegie Mellon University's ETIM Program (Yahoo) Cerebrum is proud to announce the launch of Identity Pittsburgh, an initiative to explore the real-world applications of Self-Sovereign Identity technology in regulated industries. The initiative, launched in partnership with Carnegie Mellon University's Engineering & Technology Innovation Management Program (CMU ETIM), will include an open to the public event series and a capstone project opportunity for CMU students.
The Russian Spy in My Econ Class (WIRED) Johns Hopkins' long history with student-spies suggests this most recent incident will not lead to much change—but maybe that's OK.
Legislation, Policy, and Regulation
Global VPN Providers Pull India Servers Over New Cybersecurity Rules (Wall Street Journal) Companies say the new rules threaten users’ privacy and are like those imposed in Russia and China.
Nvidia says U.S. government allows A.I. chip development in China (CNBC) Nvidia said Thursday that the U.S. government told it that it can continue to develop its H100 artificial intelligence chip in China.
Here’s What Biden’s New National Security Strategy Should Say (Foreign Policy) Tossed and rewritten after Russia invaded Ukraine, the document still hasn’t been released.
Tech Tool Offers Police 'Mass Surveillance on a Budget' (SecurityWeek) Fog Reveal software is a powerful used by police that gives them the power to follow people’s movements months back in time
Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police (Electronic Frontier Foundation) A data broker has been selling raw location data about individual people to federal, state, and local law enforcement agencies, EFF has learned. This personal data isn’t gathered from cell phone towers or tech giants like Google — it’s obtained by the broker via thousands of different apps on Android and iOS app stores as part of the larger location data marketplace.
FTC's Broad Privacy Rulemaking Faces Bumpy Path Forward (Law360) The Federal Trade Commission has kicked off a yearslong effort to craft privacy and data security rules that could upend how companies use and disclose consumer data, but the breadth of the undertaking and looming legal challenges will likely make the process an uphill climb, experts say.
Pelosi Raises Flag On Data Privacy Bill's State Law Override (Law360) House Speaker Nancy Pelosi on Thursday threw a wrench into efforts to enact federal privacy legislation that was recently sent to the House floor, saying that more work needs to be done to prevent the proposal from overriding California's more stringent privacy protections.
National Cyber Director’s Office Elevates Key Personnel (Nextgov.com) Nick Leiserson helped develop legislation that created the cyber director’s office. A year after its establishment, he’s moving to a position where he can use it to shape policy.
Check Point CISO appointed to Scotland’s National Cyber Resilience Advisory Board (Scottish Business News) Deryck Mitchelson, Field CISO EMEA at Check Point Software, to provide strategic cyber advice to Scottish Ministers and Government Check Point® Software Technologies Ltd., a leading provider of cyber security solutions globally, has announced that Deryck Mitchelson, Field CISO EMEA at Check Point, has become a member of Scotland’s National Cyber Resilience Advisory Board (NCRAB). […]
Litigation, Investigation, and Law Enforcement
CEO of collapsed Turkish crypto exchange Thodex faces extradition from Albania following arrest (The Block) The CEO of Turkish crypto exchange Thodex, which collapsed in 2021, faces extradition to Turkey after his arrest in Albania.