Dateline
Ukraine at D+110: A Sandworm sighting as Russia faces the UN. (CyberWire) Russia's partial mobilization draws international criticism at the United Nations. Domestically, it's proving unpopular with those who face either conscription or recall to active service, and hardliners snort that it's another half-measure. In cyberspace, the GRU's Sandworm appears to have undertaken a new campaign against Ukrainian targets.
Ukraine's Zelenskyy lays out his case against Russia to UN (AP NEWS) Ukraine’s president laid out a detailed case against Russia's invasion at the United Nations and demanded punishment from world leaders in a speech delivered just hours after Moscow made an extraordinary announcement that it would mobilize some reservists for the war effort.
In a Defiant Address, Zelensky Says, ‘Russia Should Pay for This War’ (New York Times) “A crime has been committed against Ukraine, and we demand just punishment,” President Volodymyr Zelensky of Ukraine said in a recorded speech to the U.N. General Assembly.
Can Ukraine Break Through Again? (New York Times) A surprise advance this month exposed deep vulnerabilities in Russia’s overstretched military. As Russia calls for more troops, can Ukraine keep gaining ground?
Putin drafts up to 300,000 reservists, backs annexation amid war losses (Washington Post) Russian President Vladimir Putin declared a partial military mobilization Wednesday to call up as many as 300,000 reservists in a dramatic bid to reverse setbacks in his war on Ukraine, including Russia’s recent humiliating retreat in the northeastern Kharkiv region.
Hundreds of protesters detained in Russia, as men flee in panic to avoid fighting in Ukraine (The Telegraph) Airline tickets sell out after Vladimir Putin announced the country will draft 300,000 reservists, amid mounting losses in the war
Ukraine war latest: Russia could use nuclear weapons to defend new territories, warns Medvedev (The Telegraph) Former Russian president Dmitry Medvedev has warned that strategic nuclear weapons could be used to defend new territories incorporated into Russia, as widespread protests against Vladimir Putin's military mobilisation continued on Thursday.
Russians rush for flights out amid partial reservist call-up (AP NEWS) Large numbers of Russians rushed to book one-way tickets out of the country while they still could Wednesday after Russian President Vladimir Putin announced a partial mobilization of military reservists for the war in Ukraine.
Baltic nations say they will refuse refuge to Russians fleeing mobilisation (Reuters) European Union members Latvia, Lithuania and Estonia, which border Russia, will not offer refuge to any Russians fleeing Moscow's mobilisation of troops, their ministers said on Wednesday.
As mobilization begins in Russia, sold-out flights, protests and arrests (Washington Post) Within hours of President Vladimir Putin’s speech declaring a partial military mobilization on Wednesday, men all over Russia — including some who had tried for months to ignore the messy war in Ukraine — suddenly found their lives thrown into chaos as they were summoned to duty.
I’m abroad staying with friends… but I may never return to Russia (The Telegraph) Here one Russian army reservist speaks of the bleak future he potentially faces after Putin orders a partial mobilisation
Putin Calls Up More Troops, Resumes Nuclear Threat Over Ukraine (Bloomberg) Russia orders mobilization of as many as 300,000 reservists. US says Kremlin’s moves are ‘signs of weakness,’ failure.
Putin's 'partial mobilisation' will send tens of thousands to their deaths (The Telegraph) Ukrainian forces have killed or wounded 80,000 professional Russian soldiers - what will they do with this mobilised reserve?
'I'm not bluffing on nuclear weapons', Putin warns West (The Telegraph) President tells nation in televised speech that hostilities in Ukraine now threaten the very existence of Russia
NATO’s Stoltenberg Decries ‘Sham’ Referendums in Ukraine (Bloomberg) Alliance chief urges support to Kyiv for ‘as long as it takes.’ Stoltenberg spoke to Bloomberg TV in interview in New York.
U.S. and Allies Condemn Putin’s Troop Mobilization and Nuclear Threats (New York Times) Biden administration officials vowed to continue sending military, economic and humanitarian aid to help Ukraine defend itself against Russia.
‘Desperate’ Vladimir Putin will be defeated in Ukraine, vows Liz Truss (The Telegraph) PM condemns Russia’s nuclear threats as British hostages are released
Joe Biden: Putin will not win a ‘reckless’ nuclear war (The Telegraph) Joe Biden has issued a stark warning to Vladimir Putin that Russia would not win a nuclear war.
Putin’s War in Ukraine Should Make Your ‘Blood Run Cold,’ Biden Says (Bloomberg) US president warns against dangers of nuclear proliferation. Biden aims to keep allies united as Europe faces energy crisis.
Japan PM calls for UN reforms to address Russian aggression (AP NEWS) Japanese Prime Minister Fumio Kishida expressed disappointment Tuesday over the failure of the United Nations Security Council to respond to the Russian invasion of Ukraine because of Russia’s right of veto, calling for reforms that would allow the U.N.
UN General Assembly: RO president says consequences of the war in Ukraine are global, calls for further solidarity (Romania Insider) Romania’s president Klaus Iohannis addressed the general debate of the 77th Session of the UN General Assembly on September 20, talking about the “unprovoked and illegal war” started by Russia in Ukraine and its global consequences. He also called for further unity and solidarity, saying...
North Korea denies sending arms to Russia amid Ukraine war (AP NEWS) North Korea says it hasn’t exported any weapons to Russia during the war in Ukraine and has no plans to do so, and said U.S.
Putin Doubles Down on a Bad Hand With Mobilization (Foreign Policy) The war in Ukraine is going so bad, he’s willing to risk domestic unrest.
Opinion | Putin Is in Trouble (New York Times) The ground beneath his feet has started to shift.
Putin is like a playground bully: 'Do what I want or I’ll hurt you' (The Telegraph) President had to address increasingly bellicose language from those he fears the most - Russia's ultra-Right
Putin cannot afford to lose: we must prepare for the war to turn even uglier (The Telegraph) Ukraine’s recent military success requires us to think more strategically about what happens next. This is far from over
What would happen if Putin unleashed a nuclear strike (The Telegraph) Russian president's latest threat of tactical nuclear weapons has revived fears he could drop an atomic bomb on Ukraine
A Decision Tree for Biden If Putin Goes Nuclear (Bloomberg) One question is how to retaliate against a Russian nuclear strike. Another is whether to announce it clearly or vaguely, publicly or privately.
As Russia Retreats, a Question Lingers: Who Counts as a Collaborator? (New York Times) In towns reclaimed from Russian occupation, Ukrainian officials are working to identify — and punish — those who helped the enemy. It’s dividing some communities.
Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine (Recorded Future) Recorded Future continues to monitor cyber espionage operations targeting government and private sector organizations across multiple geographic regions including Ukraine.
Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers (SecurityWeek) Russian cyberespionage group UAC-0113 is using dynamic DNS domains masquerading as telecoms providers in ongoing attacks targeting entities in Ukraine.
Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine (WIRED) But as Ukrainians retake ground, some of the firms are erasing their online presence.
Europe Steps up Cybersecurity Efforts in Response to the War in Ukraine (Via Satellite) “Cyber has arrived in space and here is stay. What happened in Ukraine with Viasat, means it is here to stay. We need to look at new approaches
EU Battles Russian Narrative Over Global Food Crisis (Wall Street Journal) The move made it clear that fertilizer and some other products from Russia can be transferred to the rest of the world via the bloc.
How the gas industry capitalized on the Ukraine war to change Biden policy (the Guardian) Biden promised to tackle climate crisis but administration’s rhetoric ‘changed substantially’ after the onset of the Ukraine war and it adopted the industry’s major demands
Attacks, Threats, and Vulnerabilities
Internet disrupted in Iran amid protests over death of Mahsa Amini (NetBlocks) Network data from NetBlocks confirm a near-total disruption disruption to internet service in parts of Kurdistan province in west Iran from the evening of Monday 19 September 2022.
CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania. (CyberWire) In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. An FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware.
Iranian State Actors Conduct Cyber Operations Against the Government of Albania (CISA) CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), Iranian State Actors Conduct Cyber Operations Against the Government of Albania, detailing malicious cyber operations that included ransomware and disk wiper, rendering websites and services unavailable. The advisory indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack, periodically accessing and exfiltrating email content.
Morocco used Hacking Team to spy on the UN (Maroc Confidentiel) Before the Israeli Pegasus, Morocco used the computer control software of the private company Hacking Team to spy on the activities of the UN Secretariat General, related to the Western Sahara issue. According to confidential documents, Morocco is the third largest client of
Singtel’s Optus warns cyberattack may have exposed Australian client details (Business Inquirer) Optus, the Australian unit of telecoms firm Singapore Telecommunications, said it was investigating the possible unauthorized access of home addresses, passport numbers and phone numbers of customers after a cyberattack.
Singtel's Australian Unit Optus Hit by Cyberattack (MarketWatch) By Clarence Leong Singapore Telecommunications Ltd.'s Australian unit Optus said it is investigating a cyberattack that potentially exposed customers'...
Optus says customer information compromised in cyber attack (ABC) Optus is hit by a cyber attack that compromises customer information. Customers' names, dates of birth, phone numbers and email addresses have been exposed.
Customers’ personal data stolen as Optus suffers massive cyber-attack (the Guardian) Personal information of potentially millions of customers exposed, including names, dates of birth, addresses, and contact details
Capital One Phishing Campaign Exploits Authentication App (Vade) A new Capital One phishing attack is exploiting the bank’s collaboration with an identity authentication service to steal PII.
Redis server under unknown attack while trying to install a cryptocurrency miner (Worldakkam) Information security analysts at Censys reported unauthorized installation of SSH public keys on 15,526 out of 31,239 unauthenticated Redis servers. Redis is the fourth most used database engine after MySQL, PostigreSQL and Microsoft SQL. Unlike traditional relational databases, Redis was not designed with security in mind, it was designed to be accessed by trusted clients …
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics (Symantec) New version of Exmatter, and Eamfo malware, used by attackers deploying the Rust-based ransomware.
2K Games says hacked help desk targeted players with malware (BleepingComputer) American video game publisher 2K has confirmed that its help desk platform was hacked and used to target customers with fake support tickets pushing malware via embedded links.
2K Games helpdesk hacked to spread malware to players (TechRadar) Company urges gamers not to open any support emails
Rockstar parent company hacked again as 2K Support sends users malware (Dexerto) Take-Two Interactive have suffered a major hack to their 2K Support. Users are being urged to be cautious of fake emails being sent out.
‘Grand Theft Auto VI’ leak is Rockstar’s nightmare, YouTubers’ dream (Washington Post) For the past several years, impatient Grand Theft Auto fans have attempted to pull off their own heist, aiming to extract even a morsel of concrete information about “Grand Theft Auto VI,” the inevitable sequel to the second best-selling game of all time. Over the weekend, they finally succeeded — in a manner of speaking.
LockBit ransomware builder leaked online by “angry developer” (BleepingComputer) The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang's newest encryptor.
New Report: Exmatter Points to Potential Future of Data Extortion (Cyderes) Cyderes and Stairwell discovered signs of a new data extortion technique that uses Exmatter to destroy rather than encrypt data. Learn about the up-and-coming tactic.
Okta: Credential stuffing accounts for 34% of all login attempts (BleepingComputer) Credential stuffing attacks have become so prevalent in the first quarter of 2022 that their traffic surpassed that of legitimate login attempts from normal users in some countries.
The Auto Delete Attack (Avanan) A tricky credential harvesting scam has multiple steps to it.
Antivirus Used by Millions Blocked All Google Sites by Mistake, Sowing Chaos (Vice) Windows users of Malwarebytes antivirus software had trouble browsing the web on Wednesday morning because of a mistake.
Hackers demand ransom from LAUSD weeks after cyberattack that triggered system shutdown (ABC7 Los Angeles) The hackers who targeted the Los Angeles Unified School District, leading to major technical issues for students and staff and systems being shut down, are now demanding a ransom.
Vulnerability Summary for the Week of September 12, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager (CISA) Microsoft has released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisory for CVE-2022-37972 and apply the necessary updates.
Windows 11 gets better protection against SMB brute-force attacks (BleepingComputer) Microsoft announced that the Windows 11 SMB server is now better protected against brute-force attacks with the release of the Insider Preview Build 25206 to the Dev Channel.
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird (CISA) Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
Trends
Top Insights From Our 2022 State of Secure Identity Report (Auth0 - Blog) Attackers are getting better at compromising customer accounts. Here's how to stop them
2022 State of Secure Identity Report (Auth0) Attackers are getting better at compromising customer accounts. Here’s how to stop them
Are children safe in cyberspace? - A new global report provides answers (TechRadar) 81% of kids worldwide use internet daily
Ransomware statistics (January 2020 - July 2022) (Nord Locker) With ransomware cases growing every year, we wanted to know who is being targeted the most. This research analyzes 5,000+ ransomware cases recorded since January 2020.
Marketplace
Malwarebytes lands a $100M cash injection weeks after laying off 125 employees (TechCrunch) The cybersecurity giant says Vector Capital's minority investment will allow it to grow its team.
The $8.6 Billion Startup That Helps Governments Trace Crypto (Bloomberg) Chainalysis software puts the lie to the idea that Bitcoin guarantees anonymity.
CrowdStrike CEO George Kurtz bets on community immunity for breach protection (SiliconANGLE) Should cybersecurity companies offer warranty protection in the event of a breach?
Deep Instinct Appoints Former Palo Alto CEO and Zscaler COO Lane Bess as CEO (Deep Instinct) NEW YORK, NY – September 20, 2022 – Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, today announced that Lane Bess, former Palo Alto Networks CEO and Zscaler COO, is taking over as CEO, effective immediately.
AttackIQ Grows Leadership Team with Appointment of George Tomic as Chief Development Officer (Business Wire) AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) systems, today announced the appointment of George Tomic as Chief Deve
NetWitness Names Tod Ewasko as Chief Product Officer (NetWitness.com) NetWitness, a globally trusted provider of cybersecurity technologies and incident response services, today announced Tod Ewasko as the new Chief Product Officer.
Deep Instinct appoints Lane Bess as CEO (Help Net Security) Deep Instinct has named Lane Bess as CEO, and he will lead the company to further its disruptive threat-prevention technology.
BioCatch Appoints Jonathan W. Daly Chief Marketing Officer (PR Newswire) BioCatch, the global leader in fraud detection and pioneer of behavioral biometrics, today announced that Jonathan W. Daly has joined the...
Forter Appoints High-Growth Tech Executive Eran Vanounou as Chief Technology Officer (Business Wire) Eran Vanounou joins Forter as Chief Technology Officer.
Stephen Gorham Promoted to Chief Operating Officer at OPSWAT (GlobeNewswire News Room) New role reflects Gorham’s security initiatives and operational impact to global critical infrastructure protection organization over the past year...
SecurityScorecard Appoints Former U.S. National Intelligence Deputy Director and Cybersecurity Expert Susan M. Gordon to Board of Directors (Business Wire) SecurityScorecard, the global leader in cybersecurity ratings, today announced that The Honorable Susan M. Gordon, former Principal Deputy Director of
Optiv Becoming Market Leader in Federal Services, Names John Trauth General Manager of Optiv Federal (Optiv) Optiv Becoming Market Leader in Federal Services, Names John Trauth General Manager of Optiv Federal.
Products, Services, and Solutions
Securing Industrial Control Systems (ICS) Against Cyber Threats with Dragos & Palo Alto Networks Integration (Dragos | Industrial (ICS/OT) Cyber Security) Read more about the integration of the Dragos Platform with Palo Alto Networks' Next-Generation Firewall (NGFW) to better manage IT/OT industrial cyber threats.
Cybereason Redefines Next-Generation Antivirus by Delivering Nation-St (PRWeb) Cybereason, the XDR company, today announced new advancements in Cybereason NGAV (Next-Generation Antivirus) that deliver nation-state level protection for organ
Lookout Extends Partnership With Verizon to Bring Data-Centric Cloud Security to Business Customers (PR Newswire) Lookout, Inc., a leading provider of endpoint and cloud security solutions, today announced the expansion of its partnership with Verizon to...
GroupSense Significantly Expands its Partner Ecosystem (GroupSense) We are proud to announce the expansion of our partner ecosystem to include service providers and value-added resellers.
Erase the Unknown with AI-Driven Threat Detection and Response with Vectra® for CrowdStrike (PR Newswire) Vectra AI, the leader in AI-driven cyber threat detection and response for hybrid and multi-cloud enterprises, today announced its...
NetWitness Announces New Managed Detection and Response Service (NetWitness) Small to mid-size enterprises can now leverage more comprehensive threat detection & response technology delivered remotely
Cinchy Launches Data Liberation Solution for Credit Unions (Business Wire) Cinchy, the dataware pioneer that reduces organizational complexity by liberating data, today launched a solution to help credit unions maximize limited resources, reduce operating and project costs, and optimize the member experience.
Prancer Enterprise announces today the release of the Zero Trust Secur (PRWeb) Prancer Enterprise, a visionary cloud security startup specializing in offensive and defensive security tools, announced today the release of the Zero Trust S
RackTop Named Leader for File-Based Primary Storage Ransomware Protection in GigaOm Sonar Report (Business Wire) RackTop Systems, a leading and innovative provider of Cyberstorage, an unstructured data solution which actively defends against ransomware and inside
NetWitness Announces New Managed Detection and Response Service (Business Wire) NetWitness, a globally trusted provider of threat detection and response technology and incident response services, today announced the availability o
Secure Code Warrior Unveils Coding Labs (Business Wire) Coding Labs, an industry-first experiential learning mechanism enabling developers to write and test code in an integrated development environment.
StackHawk Launches Deeper API Security Test Coverage to Improve the Security of APIs (PR Newswire) StackHawk, the company making application security testing part of software delivery, today announced its Deeper API Security Test Coverage...
UserTesting’s New Templates Help Companies Humanize Data Privacy and Security (Business Wire) UserTesting’s New Templates Help Companies Humanize Data Privacy and Security
Technologies, Techniques, and Standards
Three ways to take an empathetic approach to an insider security incident (SC Media) For best results, security teams should take an empathetic approach to insider security risk.
What Is Ransomware? A Guide to Ransomware Prevention and Removal (Trend Micro News) Ransomware is a type of malware that uses encryption to hold a victim’s data or device to ransom. It is a growing threat, inflicting significant damage and cost to businesses and governmental organizations.
Research and Development
Brown mathematicians’ algorithm to serve as cryptography standard for quantum computing era (Brown University) The federal government selected four algorithms to serve as standards for public key security in the pending era of quantum computers, three of which are based on technology devised by a team of Brown experts.
Academia
CYBER.ORG Expands Project REACH HBCU Feeder Program to Diversify the Cybersecurity Workforce (Business Wire) CYBER.ORG – a workforce development organization funded by Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Education and Train
SCSU re-designated a National Center of Academic Excellence in Cyber Defense through 2027 (St. Cloud Times) SCSU has been re-designated a National Center of Academic Excellence in Cyber Defense by NSA program. Leading to possible future scholarships.
Legislation, Policy, and Regulation
Senators ask for review of Apple’s plan to use Chinese chips (Washington Post) Senators from both parties on Wednesday asked the nation’s top intelligence official to lead a review of the security threat posed by Apple’s reported plan to use memory chips from a major Chinese chipmaker for its new iPhone 14.
Senators introduce a bill to protect open-source software (Washington Post) Exclusive: Senate panel leaders push legislation to tackle issues raised by the sweeping log4j vulnerability
FTC’s Bedoya Calls for Congress to Update Kids’ Privacy Law (Bloomberg Law) Federal Trade Commissioner Alvaro Bedoya called for new protections focused on children and teens online, favoring legislative action first before updating agency rules.
How state regulators supplanted the feds in policing crypto markets (Washington Post) Joe Borg, Alabama’s chief financial watchdog, has emerged as a captain of a state-led push to protect investors from crypto fraud
Litigation, Investigation, and Law Enforcement
European spyware investigators criticize Israel and Poland (AP NEWS) European Parliament members investigating the use of surveillance spyware by European Union governments sharply criticized Israel on Wednesday for a lack of transparency in allowing the sale of powerful Israeli spyware to European governments that have used it against critics.
Senator slams U.S. courts agency for 'stonewalling' inquiry into cyberattack (CyberScoop) Sen. Ron Wyden said the courts administrators' lack of answers about the breach "is a major red flag about the state of the courts’ systems."
Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data (Vice) The “Augury” platform includes highly sensitive network data that Team Cymru, a private company, is selling to the military. “It’s everything. There’s nothing else to capture except the smell of electricity,” one cybersecurity expert said.
Whistleblower: DoD Purchased Access to Americans' Internet Browsing (Gizmodo) Sen. Ron Wyden urged inspectors general at three departments to investigate the military's purchases of large swaths of data.
US making progress on cyber defense, but up against some 'significant hurdles': Commission report (Breaking Defense) In discussing the new Cyberspace Solarium Commission 2.0 report, Sen. Angus King speculated some cyber deterrence against Russia is already paying off, with Putin "afraid" of the NSA.
Press release: Use of Google Analytics for web analytics (Datatilsysnet) The Danish Data Protection Agency has looked into the tool Google Analytics, its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.
Denmark Is Latest To Deem Use Of Google Analytics Unlawful (Law360) Denmark's data protection regulator has become the fourth national authority to find that the way companies are currently using Google Analytics violates European Union law that requires heightened protections for personal data that is transferred outside the bloc.
Florida brings battle over social media regulation to Supreme Court (Washington Post) The state attorney general filed a petition to the court Wednesday, after two lower courts split on decisions about social media laws
Uber's $100K Hacker Payout 'A Great Deal,' Jury Told (Law360) Uber's former security chief kicked off his criminal defense Wednesday with testimony from two onetime subordinates who explained how Uber stalled as it tried to identify the hackers behind a 2016 breach before paying them $100,000 via a "bug bounty" program — a payout one witness called "a great deal."
SIM Swapper Abducted, Beaten, Held for $200k Ransom (KrebsOnSecurity) A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen's captives held guns to his head while forcing him to…