Dateline Moscow, Kyiv, and New York: Russia's efforts to pick up its faltering war.
Ukraine at D+111: International isolation and domestic discontent. (CyberWire) Ukraine's counteroffensive continues to progress. Russia begins staging referenda on annexation in territories it still controls. The Kremlin faces growing isolation internationally and increasing dissatisfaction with the war at home. Russian security and intelligence service forge closer ties with cyber criminals.
Russia-Ukraine war: List of key events, day 212 (Al Jazeera) As the Russia-Ukraine war enters its 212th day, we take a look at the main developments.
Russia-Ukraine war: Kyiv condemns ‘propaganda show’ as ‘voting’ begins in occupied areas – live (the Guardian) Voting in four regions under Moscow’s control has begun
Russia has committed war crimes in Ukraine, say UN investigators (the Guardian) Investigating teams reported evidence of executions, torture and sexual violence in civilian areas
World opinion shifts against Russia as Ukraine worries grow (AP NEWS) The tide of international opinion appears to be decisively shifting against Russia, as a number of non-aligned countries are joining the United States and its allies in condemning Moscow’s war in Ukraine and its threats to the principles of the international rules-based order.
Moscow-held regions of Ukraine in 'sham' vote to join Russia (AP NEWS) Voting began in Russian-held regions of Ukraine on referendums to become part of Russia, Moscow-backed officials there said Friday as Ukrainian and United Nations officials reported evidence of war crimes during the nearly seven-month war in the country.
What to know about Russia’s plans to stage referendums in Ukraine (Washington Post) Moscow-backed officials in occupied parts of Ukraine announced plans this week to hold “referendums” from Friday to Tuesday, on the prospect of joining Russia. The moves indicated an escalation in Russia’s apparent plans to annex swaths of Ukraine.
Staged Annexation Vote Starts in Russian-Occupied Areas of Ukraine (Wall Street Journal) Russian officials opened polling stations in a staged election to annex the territory Moscow controls in Ukraine, a move that Ukrainian and Western officials have derided as a sham by the Kremlin.
Here's Why Putin Is Calling Up Veterans to Fight in His Ukraine War (Military.com) Putin announced he will pull 300,000 troops from Russia's reserve forces -- veterans who have past military training -- and put them into the war.
Putin can call up all the troops he wants, but Russia can't train or support them (CNN) Vladimir Putin can call up all the troops he wants, but Russia has no way of getting those new troops the training and weapons they need to fight in Ukraine any time soon.
Putin faces fury in Russia over military mobilization and prisoner swap (Washington Post) Russian families bade tearful farewells on Thursday to thousands of sons and husbands abruptly summoned for military duty as part of President Vladimir Putin’s new mobilization, while pro-war Russian nationalists raged over the release of Ukrainian commanders in a secretive prisoner exchange.
Anger in Russia as Putin swaps 200 prisoners for his oligarch ally (The Telegraph) President accused of 'treason' for exchanging so many PoWs for a single captive, his personal friend Viktor Medvedchuk
Putin’s 'partial mobilization' has unleashed more turmoil at home than in Ukraine (Yahoo) Few observers or political stakeholders in the West think Russia's half-cocked call-up will fundamentally alter the calculus on the battlefield, where Ukraine’s counteroffensives have made surprising progress.
In Moscow, Putin’s ‘invisible war’ is now impossible to hide (The Telegraph) Protests and panic fleeing greet the Russian leader's mobilisation speech to the nation as it becomes obvious his war in Ukraine is failing
Ukraine War Comes Home to Russians as Putin Imposes Draft (New York Times) As Vladimir Putin’s “special military operation” enters a new chapter, Russians are being plucked from villages around the country for training and military service.
Putin ‘passes secret law to send one million Russians to fight in Ukraine’ (The Telegraph) Police beat up and detained men and women who took to the streets in towns across the nation on Wednesday following the Kremlin’s decree
Success denied: Finding ground truth in the air war over Ukraine (Defense News) If the U.S. Air Force clings to its offense-first, air-superiority vision it may share the fate of Russia's air force: surprised and largely sidelined.
The Ragtag Army That Won the Battle of Kyiv and Saved Ukraine (Wall Street Journal) Citizen volunteers teamed up with soldiers to turn the tide in the most consequential European battle since World War II.
The Baltics Hunker Down for the Long Game Against Russia (Foreign Policy) The Kremlin is down but not out in Ukraine, and the Baltic states want to make sure they’re not next.
US top diplomat calls on every Security Council member to send 'clear message' that Russian nuclear threats must stop (AP NEWS) US top diplomat calls on every Security Council member to send 'clear message' that Russian nuclear threats must stop.
U.S. has sent private warnings to Russia against using a nuclear weapon (Washington Post) The Biden administration has been sending messages to Moscow about the grave consequences that would follow the use of a nuclear weapon in Ukraine
Putin’s nuclear threat shows a desperate man out of options | Simon Jenkins (the Guardian) Using such weapons has no tactical purpose – it would only lose the Russian president support at home and abroad, says Guardian columnist Simon Jenkins
Opinion To confront Putin, Biden should study the Cuban missile crisis (Washington Post) As Russian President Vladimir Putin tries to salvage his failing invasion of Ukraine, there is a small but growing chance that he will use nuclear weapons. Historians will wonder how this war could have veered toward such insanity, but it’s now inescapably part of the landscape.
Putin’s nuclear ultimatum is a desperate bid to freeze a losing war (Atlantic Council) Vladimir Putin's threat to use nuclear weapons in the war against Ukraine is a sign of the Russian dictator's mounting desperation as his invasion continues to unravel and his country's geopolitical isolation deepens.
Putin just escalated his war in Ukraine. Here's your expert guide to what’s coming next. (Atlantic Council) As Putin mobilizes his reserves, moves to annex Ukrainian territory, and doubles down on his nuclear threats, our experts weigh in.
Why Is Putin Escalating the War in Ukraine? (Foreign Affairs) A Conversation With Fiona Hill
Coups in the Kremlin (Foreign Affairs) What the history of Russia’s power struggles says about Putin’s future.
Will Ukraine invasion condemn Putin to place among Russia’s worst rulers? (Atlantic Council) Vladimir Putin has long dreamed of securing his place among the titans of Russian history but his disastrous Ukraine invasion now leaves him destined to be remembered as one of the country’s worst rulers.
Russia Is Losing India (Foreign Affairs) Putin’s Ukraine gambit doomed a long partnership.
Putin Is Turning Armenia Into a Russian Outpost (Foreign Policy) Moscow is losing regional influence—but it's shoring up its position in Yerevan.
WSJ News Exclusive | Google Sees Russia Coordinating With Hackers in Cyberattacks Tied to Ukraine War (Wall Street Journal) Evidence suggests pro-Russian hackers and online activists are working with the country’s military intelligence agency, according to Google’s cybersecurity group. A handful of incidents targeted the U.S.
GRU: Rise of the (Telegram) MinIOns (Mandiant) Multiple self-proclaimed hacktivist groups are conducting attacks in support of Russian interests.
Void Balaur | The Sprawling Infrastructure of a Careless Mercenary (SentinelOne) The Void Balaur cyber mercenary group has thrived throughout 2022, attacking targets on a global scale with new phishing campaigns.
‘They Are Watching’: Inside Russia’s Vast Surveillance State (New York Times) A cache of nearly 160,000 files from Russia’s powerful internet regulator provides a rare glimpse inside Vladimir V. Putin’s digital crackdown.
Ukraine asks Israel to share intel on Iranian support to Russian military (Axios) The U.S. and Ukraine have accused Iran of sending hundreds of attack drones to Russia — an allegation Tehran denied.
Sweden Tests Cyber Defenses as War and NATO Bid Raise Security Risks (Wall Street Journal) Military, government and corporate cyber defense experts participated in an exercise this week focused on protecting the internet infrastructure.
Attacks, Threats, and Vulnerabilities
Iran shutters mobile networks, Instagram, WhatsApp amid protests (The Record by Recorded Future) Officials in Iran appear to be limiting access to mobile networks and communication platforms like Instagram and WhatsApp amid widespread protests over the alleged police killing of 22-year-old Mahsa Amini. Several internet access watchdogs reported nationwide outages for people using MCI (First Mobile), Iran’s leading mobile operator, and Rightel, as well as partial outages for […]
‘Death to the dictator’: Videos show growing protests in Iran (Washington Post) Anger is spreading across the country after the death of 22-year-old Mahsa Amini in the custody of the ‘morality police’
Anonymous takes down Iranian government websites amid protests following death of Mahsa Amini (The Record by Recorded Future) Anonymous hackers have claimed to be behind attacks on several websites affiliated with the Iranian government amid protests following the death of 22-year-old Mahsa Amini.
Cyberwar Bulletin: Iran and Albania (Cyber Security Works) As the world still reels under the impact of the Ukraine-Russia cyberwar, yet another Cyberwar has started between Iran and Albania. CSW experts provide insights into Iranian threats that organizations need to watch out for.
Researchers Uncover Years-Long Mobile Spyware Campaign Targeting Uyghurs (The Hacker News) Researchers have discovered a new wave of mobile surveillance targeting the Uyghur community, part of an ongoing spying operation that has been active
Suspected Chinese Hackers Target Tibet Media, Politicians (Bloomberg) Journalists say espionage from Beijing has become normal. Spies posed as Tibet government, sending malicious emails.
Chinese state media claims U.S. NSA infiltrated country's telecommunications networks (CNBC) The U.S. National Security Agency (NSA) gained access to China's telecommunications network after hacking a university, state media alleged.
U.S. Election Interference Comes of Age (AFCEA International) Adversares' interests move from hacking machines to "hacking" people.
HUMAN Discovers and Disrupts Ad Fraud Scheme Impacting 89 Apps with More Than 13 Million Downloads from Google Play and Apple App Stores (HUMAN Security) Modern defense strategy enables disruption of sophisticated ad fraud operation, part of an ongoing attack with new adaptations designed to target codes and spoofing
Poseidon’s Offspring: Charybdis and Scylla (HUMAN Security) HUMAN's Satori Threat Intelligence and Research Team uncovered a network of 89 Android and iOS apps committing various flavors of ad fraud.
Gootloader Poisoned Blogs Uncovered by Deepwatch’s ATI Team (Deepwatch) Imagine a threat actor so determined to sound authentic, that they write hundreds of blog posts just to get your attention. Now imagine the author (or more than one) hosting those blogs to a legitimate site that translates them into three different languages, then sends victims to a fake forum page with “helpful” links to… Continue reading Gootloader Poisoned Blogs Uncovered by Deepwatch’s ATI Team
A Multimillion Dollar Global Online Credit Card Scam Uncovered (ReasonLabs) Malwares make no distinction between corporate and personal devices. Therefore, past perceptions of different levels of antivirus for businesses and households must be challenged. ReasonLabs is the first endpoint protection based on a multilayered machine-learning engine, that provides enterprise-grade security for all your personal devices.
The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities (SentinelOne) An elusive adversary is attacking high-value targets with impunity using novel malware frameworks and custom-built backdoors.
New Metador APT Discovered Targeting ISPs, Telcos (Decipher) Researchers have discovered a new APT actor called Metador that has been targeting ISPs, telcos, and universities in the Middle East and Africa.
Mysterious New Hacking Group Leaves Researchers Baffled (Zero Day) The group, called Metador by the SentinelLabs researchers who discovered them, appears to be well-resourced and engaged in long-term espionage. But who is behind their operation is unclear.
Malicious OAuth applications used to compromise email servers and spread spam (Microsoft 365 Defender Research Team) Microsoft researchers recently investigated an attack where malicious OAuth applications were deployed on compromised cloud tenants and then used to control Exchange servers and spread spam.
Health apps share your concerns with advertisers. HIPAA can’t stop it. (Washington Post) From ‘depression’ to ‘HIV,’ we found popular health apps sharing potential health concerns and user identifiers with dozens of ad companies
Critical Magento bug used in fresh round of attacks (Computing) Improper input validation vulnerability has a CVSS score of 9.8 out of 10
Colonial Pipeline hackers add startling new capabilities to ransomware operation (The Record by Recorded Future) The ransomware gang behind the Colonial Pipeline hack added a startling slate of new tactics, tools, and procedures to its operation.
CISA warns of critical ManageEngine RCE bug used in attacks (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Java deserialization vulnerability affecting multiple Zoho ManageEngine products to its catalog of bugs exploited in the wild.
Experts fear LockBit spread after ransomware builder leaked (The Record by Recorded Future) Tools to create your own version of the Lockbit ransomware have been leaked, raising alarms among incident responders and experts warning of more widespread use.
Twitter discloses it wasn't logging users out of accounts after password resets (TechCrunch) Twitter disclosed a bug that had allowed Twitter accounts to stay open across devices even after the user reset their password.
The Ungodly Surveillance of Anti-Porn ‘Shameware’ Apps (WIRED) Churches are using invasive phone-monitoring tech to discourage “sinful” behavior. Some software is seeing more than congregants realize.
Cyberattack steals passenger data from Portuguese airline (AP NEWS) Portugal’s national airline TAP Air Portugal says hackers obtained the personal data of some of its customers and have published the information on the dark web. No payment data was taken in the cyberattack, the flag carrier said in a statement late Wednesday.
Australia phones cyber-attack exposes personal data (BBC News) Optus is looking into the unauthorised access of data including names, addresses and passport numbers.
What we know about the Optus cyber attack, and how to strengthen your online security (ABC) Optus says both current and former customers may have potentially been involved in a cyber attack. So which information has been impacted, and how can you boost your online security?
Optus cyber-attack could involve customers dating back to 2017 (the Guardian) CEO says company has not yet confirmed how many people were affected by hack, but 9.8 million was ‘worst case scenario’
Denver suburb won’t cough up millions in ransomware attack that closed city hall (The Denver Post) The demand was big: $5 million to unlock Wheat Ridge’s municipal data and computer systems seized by a shadowy overseas ransomware operation. The response was defiant: we’ll keep our mo…
Cellebrite Accidentally Leaked Thousands Of Sensitive Documents During Handover To Japanese Corporate Partner (Techdirt) When a Cellebrite device is hooked up to a seized phone, the operator presses a few buttons to pull pretty much every bit of data from the device. From there, investigators can try to find the evid…
Security Patches, Mitigations, and Software Updates
ISC Releases Security Advisories for Multiple Versions of BIND 9 (CISA) The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories addressing lower severity vulnerabilities, see the BIND 9 Security Vulnerability Matrix.
Trends
Intelligence Insights: September 2022 (Red Canary) AdSearch remains number 1, SocGholish returns to the top 5, and malicious ISOs take hold as an increasingly popular delivery method
Insider Threats: Your employees are being used against you (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Researchers say insider threats play a larger role in security incidents (SC Media) Researchers say the cybercrime underground has become a hot spot for insider threat recruitment because of the low barrier of entry.
Untrained Employees Pose Major Risk to Organizations Due to Uncertainty of Security Reporting (PR Newswire) KnowBe4, provider of the world's largest security awareness training and simulated phishing platform, announced the release of a report from...
Healthcare Sector Leads the Way for Fix Rate of Software Security Flaws (Veracode) Still, 77 percent of healthcare apps contain vulnerabilities and 21 percent of these are categorized as “high severity”
Marketplace
WSJ News Exclusive | Proton CEO Is Shutting Down India VPN Servers to Protest Cybersecurity Rules (Wall Street Journal) Switzerland’s Proton VPN is pulling its servers from India, the latest provider to protest the country’s new cybersecurity rules.
Nordic private equity firms pursue cyber security acquisitions (ComputerWeekly) Increasing interest in the security sector from Nordic private equity firms is a reflection of growing threats and increasing enterprise security budgets.
Allurity Acquires Spanish Multinational Aiuken Cybersecurity (Dark Reading) Allurity has acquired Spanish multinational Aiuken Cybersecurity, as an important step in its journey to becoming Europe's leading cybersecurity provider. Aiuken brings an entire SOC platform spanning three continents, as well as its Cloud Security and SOC-as-a-Service platforms.
BlackRock backs CyberTech Deep Instinct (FinTech Global) Deep Instinct, a US threat prevention technology business, has raised $62.5m in new funding.
Mandiant, Google, And The Future Of Cloud Cybersecurity (Forbes) Google recently acquired Mandiant for $5.4 billion as they continue to invest heavily in the cloud cybersecurity sector. Let’s break down Mandiant, Google Cloud, Amazon AWS, Microsoft Azure and the future of securing the cloud.
Meet Cobalt’s New Chief Sales Officer, Jeri Allan (Cobalt) Jeri Allan has joined Cobalt as Chief Sales Officer. Her resume shows an obsession with driving alignment and transformation throughout sales orgs.
Former U.S. Ambassador to NATO and Deputy National Security Advisor Douglas Lute Appointed to Blackbird.AI Advisory Board (PR Newswire) Today, Blackbird.AI, a global leader in narrative analytics and risk intelligence, is pleased to announce the appointment of Douglas Lute to...
Robert Cardillo Among Notable Intelligence Executives to Join Seerist Federal Board of Directors; Jim Brooks Quoted (ExecutiveBiz) Looking for the latest Government Contracting News? Check out our story: Robert Cardillo Among Notable Intelligence Executives to Join Seerist Federal Board
Products, Services, and Solutions
Orange and Netskope partner on carrier-class connectivity and SSE services for a secure, cloud-smart platform (PR Newswire) Orange Business Services, a global network-native digital services company, Orange Cyberdefense, a leading cybersecurity services provider, and...
Authomize Expands Connectivity with New API Framework and Remediation Automation for Identity and Access Security Incidents (PR Newswire) Authomize, the first Cloud Identity and Access Security Platform, today announced a significant expansion of its REST API framework that...
Global Firm TryHackMe Launches Unique Hands-On Red Teaming Security Training (Yahoo) Global cyber security platform TryHackMe has launched unique training that allows users to emulate a potential adversary attack. The London-based company bases its new 'Red Teaming' interactive lessons on real-world scenarios, to help businesses expose vulnerabilities across their networks and systems.Figure 1To view an enhanced version of Figure 1, please visit:https://images.newsfilecorp.com/files/8443/137957_28173cbda4870a09_001full.jpg
ESET Delivers Gaming-Optimized Cybersecurity Solutions for HUE Invitational Championship (Yahoo) ESET, a global leader in digital security, today announced its partnership with the Hue Invitational, including sponsorships and technology integration. Created and hosted annually by Harrisburg University of Science and Technology, this year's HUE Invitational, which takes place Sept. 24-25, had more than 120 college and university teams participating in Rocket League, Overwatch, and League of Legends. The final eight teams in each game title will converge at HUE Invitational this weekend to pl
Enveil Announces The Continuation And Advancement Of Its Contract To Support The HSA Program (Security Informed) Enveil, the pioneering Privacy Enhancing Technology company protecting Data in Use, announces the continuation and advancement of its contract to support the Hybrid Space Architecture (HSA) program.
Trellix launches Advanced Research Center to improve global threat intelligence (Help Net Security) Advanced Research Center produces actionable intelligence and threat indicators to help customers detect, respond and remediate threats.
Beyond security software: say hello to the first ExpressVPN router (TechRadar) ExpressVPN Aircove seeks to reinvent digital home protection
Sumo Logic Delivers Blueprint to Advance Innovation with Reliability Management (Sumo Logic) Sumo Logic today announced the general availability of Sumo Logic Reliability Management. Reliability Management enables developers, SREs, and DevOps teams to manage the reliability of their mission-critical apps by adopting a Service Level Objective (SLOs) methodology.
Technologies, Techniques, and Standards
CISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense (CISA) CISA and the National Security Agency (NSA) have published a joint cybersecurity advisory about control system defense for operational technology (OT) and industrial control systems (ICSs). Control System Defense: Know the Opponent is intended to provide critical infrastructure owners and operators with an understanding of the tactics, techniques, and procedures (TTPs) used by malicious cyber actors.
Control System Defense: Know the Opponent (CISA) Traditional approaches to securing OT/ICS do not adequately address current threats.
NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It (National Security Agency/Central Security Service) The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory today that highlights the steps malicious actors have commonly
NSA shares guidance to help secure OT/ICS critical infrastructure (BleepingComputer) The National Security Agency (NSA) and CISA have issued guidance on how to secure operational technology (OT) and industrial control systems (ICSs) part of U.S. critical infrastructure.
Companies Should Treat Cyber Threats as Core Business Risk, U.S. Cyber Official Says (Wall Street Journal) Brandon Wales, executive director of CISA, said boards need to push their companies to invest more on digital defense, adding that insurers and shareholders will be exerting pressure as well.
Design and Innovation
Project Liberty To Help Launch Frances Haugen's "Duty of Care" Initiative Aimed at Combating Social Media Harms (PR Newswire) Today Project Liberty announced a collaboration with Frances Haugen's "Beyond The Screen" nonprofit to advance a new, open-source effort aimed...
Darktrace: We're not here to get rid of security teams (Computing) Darktrace is seeking to help humans operate at machine speed, says director of analyst operations Alex Marsden
Research and Development
Twitter allows more researchers to access platform data (TechCrunch) Twitter has expanded the Twitter Moderation Research Consortium, allowing more researchers to apply for access to its platform data.
Legislation, Policy, and Regulation
The world is moving closer to a new cold war fought with authoritarian tech (MIT Technology Review) At the Shanghai Cooperation Organization summit, Iran, Turkey, and Myanmar promised tighter trade relationships with Russia and China.
Sign the Pledge - Tech for Democracy (Tech for Democracy) The Pledge is the overall value framework for the Tech for Democracy initiative.
Together for an Equal, Just and Democratic Digital World (Global For Us) Action Programme for Tech for Democracy – Civil society recommendations
Joining the Copenhagen Pledge: a call to action for technology to empower democracy (Microsoft On the Issues) Microsoft is proud to support the Copenhagen Pledge on Tech for Democracy, which aligns efforts of governments and organizations around the world in their commitment to defending human rights and democracy in cyberspace.
Senators Wyden, Warren urge NTIA to protect ‘highly sensitive’ domain registration info (The Record by Recorded Future) Several members of Congress called on the NTIA on Wednesday to do more to protect the privacy of domain registration information.
New review will examine NSA and Cyber Command’s ‘dual hat’ structure (The Record by Recorded Future) Former Joint Chiefs of Staff chairman Joseph F. Dunford Jr. has been tapped by the Biden administration to guide a review of the leadership arrangement governing U.S. Cyber Command and the National Security Agency, an examination that could trigger lasting ramifications for the country’s digital and intelligence operations.
Litigation, Investigation, and Law Enforcement
A little-seen watchdog report revealed big cybersecurity shortcomings for an HHS program (Washington Post) The Department of Health and Human Services (HHS) failed to implement basic protections against hackers when it developed a system to track covid-19 data in 2020, according to an internal watchdog report it never made publicly available.
Convicted Twitter Spy Says US Hid Whistle-Blower Report (Bloomberg) Abouammo says report undermines prosecution’s case against him. Government misconduct claims follow August conviction by jury.
OAIC statement on Optus data breach (Office of the Australian Information Commissioner) The OAIC has been contacted by Optus and made aware of their data breach.
After Prison, Hackers Face Tech Restrictions, Limited Job Prospects (Wall Street Journal) Security leaders may confront the decision to hire or reject a postprison job candidate as cybercrime grows and more hackers move through the justice system.
Jamal Khashoggi’s wife to sue NSO Group over Pegasus spyware (the Guardian) Hanan Elatr also plans to sue Saudi and UAE governments over alleged surveillance attempts on her
SC inmate sentenced for ‘sextortion’ scheme that targeted military (Stars and Stripes) Darnell Kahn was sentenced to seven years in federal prison for his role in a “sextortion” scheme that targeted dozens of members of the military and netted over $60,000.