Dateline
Ukraine at D+203: Consolidation and counteroffensive. (CyberWire) Ukraine consolidates its hold on liberated territory as its counteroffensive continues. Russia seeks diplomatic support from China, but observers think such support unlikely to result in the military assistance Russia wants and needs. Nuisance-level deniable hacktivism continues in the Russian interest, and Primitive Bear is back and phishing for espionage marks.
Russia-Ukraine war: List of key events, day 204 (Al Jazeera) As the Russia-Ukraine war enters its 204th day, we take a look at the main developments.
Zelensky visits liberated Izyum as Ukraine aims to keep Russia on the run (Washington Post) Ukrainian President Volodymyr Zelensky made a bold visit Wednesday to the recently liberated city of Izyum in the eastern Kharkiv region, where he participated in a flag-raising ceremony to mark the nation’s most important military victory since Russian invaders were repelled from the suburbs of Kyiv in late March.
Ukrainian flag raised in retaken city after Russian retreat (AP NEWS) Hand on heart, Ukrainian President Volodymyr Zelenskyy watched his country’s flag rise Wednesday above the recaptured city of Izium, making a rare foray outside the capital that highlights Moscow’s embarrassing retreat from a Ukrainian counteroffensive.
The need for speed: Ukraine’s game-changing counter-offensive to recapture Kharkiv (The Telegraph) Traditional military strategies were cast aside as defending forces used speed, aggression and improvisation to penetrate Russian lines
Moscow’s local allies were told ‘Russia is here for ever’. Now they flee Ukraine (the Guardian) Supporters in shock as Kremlin reneges on vow that helped project power into captured towns and villages
In Russian Border City, Pro-Kremlin Ukrainians, Soldiers Regroup After Retreat From Ukraine (Wall Street Journal) Belgorod is on edge after Moscow’s forces vacate northeastern Ukraine. “We ourselves don’t understand what happened,” said one pro-Russian Ukrainian who fled to Russia.
Ukraine war latest: Russia launches cruise missiles at dam in bid to flood Zelensky's home town
(The Telegraph) Ukrainians were being evacuated from President Volodmyr Zelensky's home city on Thursday after a Russian missile attack on a dam caused major flooding.
'If you desert, we'll execute you': 'Putin's chef' recruits convicts for war (The Telegraph) Wagner Group founder tells prisoners: 'Troops will be issued two hand grenades to blow themselves up if needed'
Ukraine War Offers Clues to Future War, Joint Chiefs Chairman Says (Defense One) Don’t expect any more tank columns massing on highways like sitting ducks.
Fear and Loathing in Moscow (Puck) The former queen mother of the Russian opposition, now living in exile, reflects on the terror that drove her compatriots from the capital, the contempt among those left behind, and the oligarchs who are on the verge of revolt.
Pro-Russia hackers claim to have temporarily brought down Japanese govt websites (Asia News Network) Since Russia’s invasion of Ukraine, distributed denial of service attacks have been on the rise worldwide, in an attempt to paralyze computer systems.
Gamaredon APT targets Ukrainian government agencies in new campaign (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Russia-linked Gamaredon APT target Ukraine with a new info-stealer (Security Affairs) Russia-linked Gamaredon APT targets employees of the Ukrainian government, defense, and law enforcement agencies with a custom information-stealing malware. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) is targeting employees of the Ukrainian government, defense, and law enforcement agencies with a piece of a custom-made information stealer implant. The malicious code was designed to […]
Fears grow of Russian spies turning to industrial espionage (The Record by Recorded Future) Russia acknowledged this week that parts of its technology industry are dependent on foreign knowledge and lagging competitors by more than a decade, raising concerns that the country’s spies will be used for cyber espionage.
UN chief and Russia's Putin discuss war in Ukraine (AP NEWS) U.N. Secretary-General Antonio Guterres said he spoke to Russian President Vladimir Putin Wednesday about exporting Russian fertilizer through Ukraine's Black Sea ports to address a growing global food crisis that threatens multiple famines.
Putin, Zelenskyy court major allies as Ukraine makes gains (AP NEWS) Russian President Vladimir Putin and Ukrainian counterpart Volodymyr Zelenskyy are each courting major allies on Thursday, seeking to prop up their efforts in a war whose fortunes have tilted toward Ukraine in recent days.
Putin thanks China's Xi for his 'balanced' stand on Ukraine (AP NEWS) Russian President Vladimir Putin thanked Chinese leader Xi Jinping on Thursday for his “balanced” approach to the Ukrainian crisis and blasted Washington's “ugly" policies at a meeting that followed a major setback for Moscow on the battlefield.
Why Xi Jinping won't ride to Putin's rescue at first meeting since Ukraine war began (The Telegraph) Russian president desperately needs military support, but is likely to be disappointed at the 'Dictators' Club' summit
Opinion The China-Russia alliance is pushing Ukraine toward Taiwan (Washington Post) Almost seven months into the Russia-Ukraine war, China is still claiming to be a neutral party, despite the evidence. And when Vladimir Putin meets Xi Jinping this week, the falsity of that claim will come into full and dramatic view. China’s increasing support for Russia is driving some in Ukraine to push for closer cooperation with Taiwan, a fellow democracy under threat.
Putin’s gas blackmail risks backfiring disastrously (The Telegraph) It will be a painful winter – but Europe is finding a way to survive without Russian fuel
Attacks, Threats, and Vulnerabilities
You never walk alone: The SideWalk backdoor gets a Linux variant (WeLiveSecurity) ESET researchers have uncovered another tool in the already extensive arsenal of the SparklingGoblin APT group: a Linux variant of the SideWalk backdoor.
SparklingGoblin APT Hackers Using New Linux Variant of SideWalk Backdoor (The Hacker News) SparklingGoblin APT hackers have been spotted using a new Linux variant of the SideWalk backdoor, highlighting the implant's cross-platform.
Threat Alert: New Malware in the Cloud By TeamTNT (Aqua Security) Could TeamTNT be back? Our honeypots were attacked by malware that bears a resemblance to these threat actors and we analyze the possible connection.
OriginLogger: A Look at Agent Tesla’s Successor (Unit 42) We provide an overview of the OriginLogger keylogger, including info on a dropper lure and OriginLogger’s configuration and infrastructure.
Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware (The Hacker News) Researchers have detailed the inner workings of a malware called OriginLogger, which is being traded as a successor to the widespread malware.
Webworm: Espionage Attackers Testing and Using Older Modified RATs (Threat Hunter Team Symantec) The attackers are working on a number of malware threats, some of which have been used in attacks while others are in pre-deployment or testing stages.
User Alert as Phishing Campaigns Exploit Queen’s Death (Infosecurity Magazine) Experts urge the public not to fall for classic scams
Passengers Exposed to Hacking via Vulnerabilities in Airplane Wi-Fi Devices (SecurityWeek) Vulnerabilities found in Flexlan wireless LAN devices used for airplane Wi-Fi can be exploited by a passenger to hack other passengers.
Ransomware gang threatens 1m-plus medical record leak (Register) Criminals continue to target some of the most vulnerable
LAUSD approves emergency declaration after cyber attack (FOX 11 Los Angeles) The resolution allows Superintendent Alberto Carvalho to sign emergency contracts to "ensure the continuation of public education, and the safety and security of its data, networks and servers" without advertising or inviting bids for any dollar amount necessary, for a period of one year.
That new LinkedIn connection request may be a scam (NPR One) National on NPR One | 4:17
CISA Adds Two Known Exploited Vulnerabilities to Catalog (CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.
Trends
2022 US Cybersecurity Census (Keeper) Understand the transforming landscape of cybersecurity in the US – including the growing threats organizations face and the strategies used to overcome them.
Global CIO Report Reveals the Challenges Organizations Face as Cloud Complexity Rises (Business Wire) Software intelligence company Dynatrace (NYSE: DT) announced today the results of an independent global survey of 1,303 CIOs and senior cloud and IT o
New Research Released by Noname Security Reveals Disconnect Between Confidence in API Protection and Rise in API Security Incidents (Noname Security) Noname Security announces findings from the API security report, “The API Security Disconnect – API Security Trends in 2022”.
Coalition Releases 2022 Cyber Claims Report: Mid-year Update (GlobeNewswire News Room) New report finds increase in cost of claims for small businesses, decline in ransomware attacks, and decrease in overall claims cost and severity...
Download Here: Coalition's 2022 Mid-year Update Report on Cyber Claims (Coalition) This report aims to help educate brokers on the most prevalent cyber incidents, how to help their clients reduce cyber risk exposure, and why Active Insurance is a better model of protection for evolving digital risks.
Marketplace
Chinese Investment Flows to Silicon Valley Venture Funds (Wall Street Journal) Chinese investment in U.S. venture-capital funds is demonstrating that economic ties between Silicon Valley and China remain deep despite political and national security risks.
ManTech’s acquisition by Carlyle is complete (Intelligence Community News) On September 14, Herndon, VA-based ManTech International Corporation announced the completion of its sale to funds managed by global investment firm Carlyle in an all-cash transaction representing a total enterprise value of approximately $4.2 billion.
Compliance startup heyData bags €3.3 M seed (Finextra Research) Berlin-based compliance startup heyData today announced the closing of a €3.3 million seed financing.
Aliro Quantum Expands Executive Team With First Chief Marketing Officer (PR Newswire) Aliro Quantum, the first pure play quantum networking company, today announced the appointment of its first Chief Marketing Officer (CMO),...
NinjaOne Appoints Shay Mowlem as Chief Marketing and Strategy Officer (PR Newswire) NinjaOne, the first unified IT management platform for MSPs and IT departments, today announced that Shay Mowlem has joined as the company's...
Products, Services, and Solutions
DIGISTOR® EXTENDS COMMERCIALLY PRICED SELF-ENCRYPTING DRIVE PRODUCTS WITH KEY PRE-BOOT AUTHENTICATION FEATURE TO SECURE DATA AT REST (DAR) (DIGISTOR) Security conscious civilian agencies and commercial enterprises can rely on DIGISTOR secure Citadel™ C Series drives with pre-boot authentication powered by Cigent® to meet a wide range of data protection requirements at commercial pricing
Technologies, Techniques, and Standards
Readout of the First Joint Ransomware Task Force Meeting (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) co-chaired the first meeting of the Joint Ransomware Task Force (JRTF), an interagency body established by Congress to unify and strengthen efforts against the ongoing threat of ransomware.
US Cyber-Defense Agency Urges Companies to Automate Threat Testing (Bloomberg) The US government’s cyber defense agency is recommending for the first time that companies embrace automated continuous testing to protect against longstanding online threats.
2022 Black Hat USA Survey - What I need to be a SOC Rock Star (Gurucul) Gurucul conducted a survey of attendees at the 2022 Black Hat USA security conference focused on the Security Operations Center (SOC).
Ending the Era of Security Control Failure (AttackIQ) A data analytic study of historic security control failures against top MITRE ATT&CK techniques – and what to do to improve security program performance.
Design and Innovation
The Merge is here: Ethereum has switched to proof of stake (MIT Technology Review) No one knows exactly what the cryptocurrency platform’s big upgrade has in store for the industry.
Academia
CISA floats plan to partner with local universities for '311' cyberattack triage service (The Record by Recorded Future) CISA held its fourth Cybersecurity Advisory Committee meeting yesterday, kicking off the latest round of recommendations from cyber experts.
Popular school messaging app hacked to send explicit image to parents (NBC News) School districts in Illinois, New York, Oklahoma and Texas all said the photo was sent through the app Seesaw to parents and teachers in private chats.
Legislation, Policy, and Regulation
EU Proposes Strict Cybersecurity Rules for Digital-Product Makers (Wall Street Journal) Security guarantees and five years of patches would be required for a range of products, from home appliances and connected toys to computers and software, under European Union plan.
5 Reasons Taiwan Is a Growing Source of US-China Tension (Flashpoint) Five key indicators that may represent current and future escalations in US-China tensions related to Taiwan.
Enhancing the Security of the Software Supply Chain through Secure Software Development Practices (The White House) The Federal Government relies on information and communications technology (ICT) products and services to carry out critical functions. The global supply chain for these technologies faces relentless threats from nation state and criminal actors seeking to steal sensitive information and intellectual property, compromise the integrity of Government systems, and conduct other acts that impact the United States Government’s ability to safely and reliably provide services to the public.
Enhancing the Security of the Software Supply Chain to Deliver a Secure Government Experience (The White House) By Chris DeRusha, Federal Chief Information Security Officer and Deputy National Cyber Director The Biden-Harris Administration is committed to delivering a Government that works for all Americans – and technology powers our ability to do so. In order for Federal agencies to provide critical services, information, and products to the American people, they need access…
White House releases post-SolarWinds federal software security requirements (Federal News Network) OMB wants to avoid a future SolarWinds by requiring federal software vendors to self-certify that they’re following secure development practices.
Senate committee advances Fick nomination as State Department’s top cyber diplomat (The Record by Recorded Future) The Senate Foreign Relations Committee on Wednesday advanced President Joe Biden’s pick to be the country’s first cyber ambassador in a bipartisan voice vote.
The biggest election disinformation event of the 2022 midterm primaries: Text messages (NBC News) While there’s now a cottage industry and federal agencies that target election disinformation when it’s on social media, there’s no comparable effort for texts.
California governor signs law requiring social networks to post moderation rules (The Verge) It’s one of several California social media regulations.
Air and Space Forces raise bonus amounts for technically trained cyber troops (Stars and Stripes) The Air Force and Space Force are prepared to pay a premium to keep their cyber-trained professionals wearing blue, according to the updated list of bonus-eligible career fields.
Litigation, Investigation, and Law Enforcement
Current, former social media execs address national security issues at Senate hearing (Fox Business) Current and former executives from Twitter, Facebook, TikTok and others will address social media national security concerns at a Senate Homeland Security Committee hearing.
Senators Have Stopped Embarrassing Themselves at Tech Hearings (Slate Magazine) Well, except one.
Three Iranian Nationals Charged with Engaging in Computer Intrusions and Ransomware-Style Extortion Against U.S. Critical Infrastructure Providers (US Department of Justice) An indictment was unsealed today charging three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims.
Treasury Sanctions IRGC-Affiliated Cyber Actors for Roles in Ransomware Activity (U.S. Department of the Treasury) Action Part of U.S. Government Response to the Continuous Malicious Cyber Activities Conducted by Iranian Actors
Index – Rewards For Justice (US Department of State) Critical Infrastructure - Individual
Ahmad Khatibi Aghda
Global| Near East (North Africa and the Middle East)
Up to $10 million
Critical Infrastructure - Individual
Amir Hossein Nickaein Ravari
Global| Near East (North Africa and the Middle East)
Up to $10 million
Critical Infrastructure - Individual
Mansour Ahmadi
Global| Near East (North Africa and the Middle East)
Up to $10 million
US Indicts Iranians Who Hacked Power Company, Women's Shelter (SecurityWeek) The US Department of Justice announced an indictment against three Iranian hackers who used ransomware to extort a battered women's shelter and a power company.
U.S. gov’t unveils sanctions, charges, bounties on Iranian ransomware actors (The Record by Recorded Future) The U.S. government unveiled a slate of sanctions, charges and bounties related to a group of Iranian nationals accused of launching ransomware attacks in the U.S. and abroad.
Iranian hackers moonlight their expertise (Washington Post) Nation-state hacker, cybercriminal, government employee or freelance contractor? Lines are blurry
FBI seizes Mike Lindell’s phone in probe of Colo. voting machine breach (Washington Post) FBI agents seized a cellphone belonging to Mike Lindell, the MyPillow founder and prominent election denier, as part of a federal investigation into an alleged breach of voting machines in Colorado, according to Lindell.
Twitter Investors Say They Were Misled On Security Concerns (Law360) Twitter Inc. shareholders lodged a proposed class action in California federal court Tuesday in the wake of a whistleblower complaint by former Twitter security chief Peiter Zatko, claiming they were misled and kept in the dark about the platform's security concerns.
Fired Uber Atty Tells Jury He Lied To WilmerHale Investigators (Law360) A fired Uber in-house attorney who was given government immunity for testifying in the criminal obstruction trial of former security chief Joseph Sullivan said Wednesday that he lied to the WilmerHale lawyers hired by the company to investigate a massive undisclosed data breach to "protect" Sullivan and the rest of the security team.
NSA seeks proposals for contract at heart of Booz Allen antitrust case (C4ISRNet) “The timing of the release of the RFP was a surprise to plaintiff’s counsel,” the Justice Department stated in a memo.
Virginia ‘Tinder Swindler’ who preyed on sailors pleads guilty (Navy Times) Posing as women on Tinder, conspirators demonstrated romantic interest in sailors. Then they swindled them.