Dateline Moscow and Kyiv: Mobilization troubles and a bogus vote on annexation.
Ukraine at D+116: Sabotage, and disinformation as discipline. (CyberWire) Ukraine's counteroffensive continues, and some large-scale sabotage of a pipeline in the Baltic Sea is seen as a shot across the West's critical infrastructure bow. The staged vote in the Russian-occupied districts of Ukraine is developing as everyone expected, but then it doesn't have to be credible to have its desired effect.
Russia-Ukraine war: List of key events, day 217 (Al Jazeera) As the Russia-Ukraine war enters its 217th day, we take a look at the main developments.
‘Huge problem’: Iranian drones pose new threat to Ukraine (POLITICO) Recent attacks are prompting renewed calls for the U.S. to send more advanced weaponry.
Inside a liberated Ukrainian city, and how NATO tactics helped free it (Military Times) Before NATO countries began training Ukrainians, officers would shout orders and cared more about rank than results.
Digital clues and the stories Ukraine’s mass graves tell (The Record by Recorded Future) The town whose name has become synonymous with Russian atrocities in Ukraine is rushing to digitize information about the dead --- not just to identify them and give families closure --- but to hold Russians accountable for the wanton brutality in Bucha. Plus, scandal in the elite chess world.
Will Russia annex the occupied Ukrainian territories this week? (the Guardian) Now Moscow has the ‘results’ it wanted from its fake referendums, Putin and the west are considering next steps
Ukraine-Russia war: Separatist leaders call on Putin to annex regions after sham referendums (The Telegraph) The Russian-installed leaders of four Ukrainian provinces have called on Vladimir Putin to formally incorporate them into Russia, after holding what Kyiv and the West denounced as sham referendums held at gunpoint.
Staged referendums yield expected result as Russia readies annexations (Washington Post) Russian President Vladimir Putin’s plan to illegally annex four partially occupied regions in eastern Ukraine lurched forward Tuesday, as Russian officials and Kremlin proxy leaders claimed that staged referendums showed residents in favor of joining Russia by absurd margins of more than 95 percent.
Russia prepares to annex occupied Ukraine despite outcry (AP NEWS) Russia is poised to formally annex areas of Ukraine where it has military control after referendums there reportedly endorsed Moscow’s rule.
Ukraine war: Russia admits mobilisation errors, amid growing public opposition (BBC News) Reports say people with no military experience, or who are too old or disabled, are being enlisted.
‘Use tampons to staunch bullet wounds’, Russian army recruits told (The Telegraph) A video shows a female military doctor advising the young men they need to bring their own first aid supplies - or the next best thing
Over 194,000 Russians flee call-up to neighboring countries (AP NEWS) It took Vsevolod four days to drive from Moscow to Russia's southern border with Georgia. He had to abandon his car at one point and continue on foot. On Tuesday, he finally finished his 1,800-kilometer (1,100-mile) journey and crossed the frontier to escape being called up to fight in Russia's war in Ukraine.
Russian opposition activist beaten up and raped by police (The Telegraph) Artyom Kamardin had read poetry which criticised the Kremlin's puppet governments in Ukraine
Russia’s ‘partial mobilization’ of civilians is going about as well as you’d expect (Task & Purpose) Chaos has erupted in Russia as citizens flee or fight back against the government attempting to send them into war.
What Mobilization Means for Russia (Foreign Affairs) The end of Putin’s bargain with the people.
Putin’s Mobilization Hits Russia’s Economy in Its Weak Spots (Bloomberg) Call-up, exodus of workers seen worsening labor shortage. Economists see further drag on growth from militarization.
European officials investigate mysterious leaks in Nord Stream pipelines (Washington Post) European officials on Tuesday launched investigations into three mysterious leaks in the Nord Stream pipelines, built to carry Russian natural gas to Europe, after the system operator reported “unprecedented” damage to the lines in the Baltic Sea.
Mystery leaks hit Russian undersea gas pipelines to Europe (CNN) European countries on Tuesday raced to investigate unexplained leaks in two Russian gas pipelines running under the Baltic Sea near Sweden and Denmark, infrastructure at the heart of an energy crisis since Russia's invasion of Ukraine.
Sweden Detected Two Underwater Explosions Near Nord Stream Leak (Bloomberg) Two powerful underwater explosions were detected on Monday in the same area of sea as the gas leaks in the Nord Stream pipeline system, according to the Swedish National Seismic Network.
Putin accused of sabotage over Nord Stream gas pipeline explosions (The Telegraph) Ships warned to stay away from five-mile exclusion zone around Nord Stream 1 and 2 pipelines on bed of the Baltic Sea
Nord Stream leaks: Sabotage to blame, says EU (BBC News) Seismologists said there were underwater blasts before the leaks emerged near a Danish island.
E.U. warns of ‘strong response’ if energy infrastructure sabotaged (Washington Post) Although investigations into the simultaneous leaks in Nord Stream pipelines are in their early stages, European leaders, NATO and E.U. officials on Wednesday are firmly pointing to sabotage as the cause for the blasts.
EU vows to act if energy lines hit as firms ramp up security (AP NEWS) The European Union suspects that damage to two underwater natural gas pipelines was sabotage and is warning of retaliation for any attack on Europe’s energy networks, a senior official said Wednesday, as energy companies began ramping up security.
EU vows to protect energy systems after 'sabotage' on Russian gas pipelines (Reuters) Any deliberate disruption to the EU's energy infrastructure would meet a "robust and united response", its top diplomat said, after several states said two Russian pipelines to Europe that have been churning gas into the Baltic had been attacked.
Germany Suspects Sabotage Hit Russia’s Nord Stream Pipelines (Bloomberg) Denmark steps up security after unprecedented damage to links. Benchmark European gas prices rise as much as 12% on Tuesday.
Whether or not Russia was behind the Nord Stream blasts, little was at stake (the Guardian) Kremlin officials have talked up implications of the gas pipe explosions but there is no reason to expect a western military response
How Putin could have carried out Nord Stream pipeline attack (The Telegraph) The apparent sabotage of the pipeline between Russia and Germany may well have been set up months ago
Why Putin would want to blow up Nord Stream 2, and the advantages it gives him (The Telegraph) The Russian leader has a record of weaponising fuel supplies and believes his people can endure economic pain longer than western Europe
Ukrainian priest recounts escape from Russian siege of Mariupol (Atlantic Council) The Siege of Mariupol was the deadliest engagement so far in Russia's ongoing invasion of Ukraine. Ukrainian priest Father Pavel Kostel recounts his harrowing experience of escaping from the encircled city.
Russia's war in Ukraine is at a dangerous tipping point (CNN) The chaos of the past week might be incorrectly comforting. Despite Russia's continued disastrous handling of its war of choice in Ukraine, the conflict's most dangerous moment may be nearing.
From the UN to The Late Show, Ukraine’s diplomats are winning (Atlantic Council) Ukrainian Foreign Minister Dmytro Kuleba recently quipped at the UN that "Russian diplomats flee almost as aptly as Russian soldiers.” This one-liner was typical of the creative diplomacy that is bolstering Ukraine's war effort.
What’s at Stake for the U.S. in Ukraine (World Politics Review) At the root of the debate over U.S. involvement in the war in Ukraine is a fundamental question: What’s at stake for the U.S. in Ukraine?
The West Should Be Ready for All Scenarios in Russia and Iran (World Politics Review) Regime collapse can happen quickly, so while the West should stay cautious about Russia and Iran, it should also prepare for any scenario.
The Russian military might yet finish Putin off (The Telegraph) He is unable to accept the humiliation of losing the Ukraine war, but others can kick the ladder from under him
The West should not fear the prospect of a post-Putin Russia (Atlantic Council) Many in the West believe the fall of Vladimir Putin would pave the way for an even more extreme successor in Moscow but post-Putin Russia may actually reject the anti-Western policies of today's Kremlin.
Europe’s Disastrous Ban on Russians (Foreign Affairs) Putin’s exiles Are crucial to winning the war in Ukraine—and to building a better Russia
A conversation with Canadian Foreign Minister Mélanie Joly (Atlantic Council) AN #ACFRONTPAGE EVENT - What role does Canada play in continuing to aid Ukraine and maintaining Western pressure on Russia? What future challenges and opportunities does Ottawa see for Ukraine after its stunning counteroffensive against the Russian military?
Ukraine warned allies new Russian cyberattacks coming (Axios) Russia is expected to target energy companies and other critical infrastructure.
Russia plans massive cyberattacks on critical infrastructure, Ukraine warns (Cybernews) Ukraine said the Kremlin was planning cyberattacks against its energy sector to slow down the offensive operations of the Ukrainian military.
Removing Coordinated Inauthentic Behavior From China and Russia (Meta) We took down two unconnected networks in China and Russia for violating our policy against coordinated inauthentic behavior.
Russia is spoofing mainstream media to smear Ukraine, Meta says (Protocol) Russian agents impersonated websites including those of The Guardian and Der Spiegel to smear Ukraine, according to a new Meta report.
Adversaries Continue Cyberattack Onslaught with Greater Precision and Innovative Attack Methods According to 1H2022 NETSCOUT DDoS Threat Intelligence Report (NETSCOUT) NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) today announced findings from its 1H2022 DDoS Threat Intelligence Report.
‘Patriotic Hacking’ Is No Exception (Lawfare) Ukraine’s offensive cyber hacking against Russia, though perhaps for aims that the international community may agree with, is nonetheless a violation of cyber norms—which should be enforced without exceptions.
EU-wide ban proposed for Kaspersky (Cybernews) The Russian antivirus provider has been named by five EU nations as warranting a ban throughout the region for its ambiguous stance on the invasion of Ukraine, although as yet no evidence has emerged that it is spying for the Kremlin.
Scammers exploit victims' pro-Russian sentiment (Cybernews) Fraudsters impersonate Putin’s close allies and ask for your help to move millions around – a mission impossible for Russian businesses since the invasion of Ukraine.
US sees chance to gain arms market share from sanctioned Russia (Defense News) A White House official said Tuesday that Russia’s sanctions-struck defense industry is opening an “opportunity” for U.S. and western defense firms to take
Attacks, Threats, and Vulnerabilities
China alleges U.S. spy agency hacked key infrastructure and sent user data back to headquarters (CNBC) China accused the U.S. National Security Agency of carrying out an attack on a university allowing the American hackers to break into the country's infrastructure.
Researchers Crowdsourcing Effort to Identify Mysterious Metador APT (SecurityWeek) SentinelLabs researchers are crowdsourcing an effort to understand a new mysterious APT hitting hitting telcos, ISPs and universities in the Middle East and Africa.
Meaningful Learnings from the Uber Breach (Infosecurity Magazine) What lessons should cybersecurity professionals take from the recent Uber breach?
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA) CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) has updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include additional Malware Analysis Reports and indicators of compromise.
Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA) Actions for ZCS administrators to take today to mitigate malicious cyber activity: • Patch all systems and prioritize patching known exploited vulnerabilities. • Deploy detection signatures and hunt for indicators of compromise (IOCs). • If ZCS was compromised, remediate malicious activity.
Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks (BleepingComputer) The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies.
Optus cyber attack could have long-lasting impact on customers (Today) As the fallout from the Optus cyber attack continues, more customers are coming forward with their stories.
Optus hacker apologizes and allegedly deletes all stolen data (BleepingComputer) The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum.
Oxford Health: Cyber attack continues to hit NHS trust's services (BBC News) The CEO of Oxford Health Foundation Trust says it has done all it can to maintain services.
Media company hacked, racist push notifications sent to Apple iPhones (Washington Post) The distribution of messages supposedly from Fast Company magazine marked one of the largest breaches ever of Apple’s content controls
How Underground Groups Use Stolen Identities and Deepfakes (Trend Micro) The growing appearance of deepfake attacks is significantly reshaping the threat landscape. These fakes brings attacks such as business email compromise (BEC) and identity verification bypassing to new levels.
Vulnerability Summary for the Week of September 19, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
WhatsApp discloses critical vulnerability in older app versions (The Verge) The bug was given a severity score of 9.8 out of 10.
WhatsApp fixes 'critical' security bug that put Android phone data at risk (Yahoo Finance) WhatsApp has published details of a "critical"-rated security vulnerability affecting its Android app that could allow attackers to remotely plant malware on a victim’s smartphone during a video call. This happens when an app tries to perform a computational process but has no space in its allotted memory, causing the data to spill out and overwrite other parts of the system's memory with potentially malicious code. The critical-rated memory vulnerability is similar to a 2019 bug, which WhatsApp ultimately blamed on Israeli spyware maker NSO Group in 2019 to target 1,400 victims' phones, including journalists, human rights defenders and other civilians.
Hitachi Energy AFS660/AFS665 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS660/AFS665 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overflow an internal buffer and fully compromise the target device.
Hitachi Energy APM Edge (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity/public exploits are available Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management (APM) Edge Vulnerabilities: Out-of-Bounds Write and Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow users to escalate privileges from a user account to root.
Rockwell Automation ThinManager ThinServer (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the software crashing; a buffer overflow condition may allow remote code execution.
Trends
WatchGuard Threat Lab Reports Decrease in Malware Volume, Surge in Encrypted Malware and Actively Exploited Office Vulnerabilities (WatchGuard Technologies) WatchGuard® Technologies, a global leader in unified cybersecurity, today announced findings from its most recent Internet Security Report, which details the top malware trends and network security threats analyzed by WatchGuard Threat Lab researchers in Q2 2022.
SailPoint Unveils "The Horizons of Identity" Research Report to Examine the Maturity of Enterprise Identity Programs (SailPoint) New data reveals nearly half of businesses are just beginning to address identity security despite growing threat of identity-based attacks AUSTIN, TX –
The Horizons of Identity Security (SailPoint) Nobel prize-winning author John Steinbeck once said, “…to find where you are going, you must know where you are.” Having a starting point in whatever
Marketplace
Microsoft’s M12 led $20M investment in web3 platform Space and Time (TechCrunch) Space and Time wants to help web3 dApp developers simplify their data ecosystems and architectures.
Pathlock Expands SAP Capabilities with Acquisition of Grey Monarch (PR Newswire) Pathlock, the leading provider of application security and controls automation for critical business applications, today announced the...
Optus smart to get cyber insurance (Australian Financial Review) Optus will be able to mitigate a portion of the costs of a cyberattack that looks to have left the details of up to 9.8 million customers floating around on the dark web.
Bitdefender Launches Multi-Year Formula One Partnership with Scuderia Ferrari (Business Wire) Bitdefender announced it has entered into a multi-year partnership with Ferrari S.p.A., to become Cybersecurity global partner of Scuderia Ferrari.
Coalfire Names New CFO and General Counsel (PR Newswire) Coalfire, the largest global cybersecurity firm, recently appointed Merri Chandler as chief financial officer, and Aparna Dasai Williams as...
Two Leading MDR Pros Join Revelstoke's New Advisory Board (Revelstoke SOAR | Security Orchestration Automation & Response) Discover what led Ben Christensen and John Sharpe of Pondurance to be the first to join Revelstoke’s technical advisory board.
Products, Services, and Solutions
Milton Security Selects TrueNAS Enterprise Storage to Safeguard Data with Complete Redundancy (EIN Presswire) TrueNAS Enterprise Protects and Encrypts Data In-Flight and At-Rest
Latest Delinea Product Update Streamlines DevOps Security (PR Newswire) Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today announced the latest release of DevOps...
Israel Cybersecurity Enterprise (ICE) Teams with CybeReady to Deliver World-Class Security Training (EIN News) Leading Security Service Provider Selects Award-Winning Cybersecurity Training Platform to Safeguard Enterprises in LATAM
YouMail, Inc. and WMC Global Partner to Deliver Voice and SMS Phishing Disruption Services (PR Newswire) YouMail, the leading provider of call protection services for consumers, enterprises, and service providers, and WMC Global, a 16-year leader...
Veristor Partners with SANS Security Awareness to Deliver Employee Security Awareness Training (Veristor) Companies Collaborate to Strengthen Organizations’ First Line of Security Defense – End Users ATLANTA – September 27, 2022 - Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and SANS Security Awareness, the global leader in providing security awareness training, today announce that Veristor has become a certified provider of SANS Security Awareness’
Aunalytics Launches Security Patching Platform as a Service (GlobeNewswire News Room) Expedited Software Patching and Updating Recognized as One of the Most Important Processes to Protect Against System Compromise from Cyberattacks...
Varonis Adds Secrets Discovery to Industry-Leading Data Classification Solution (Varonis) The data security leader announces enhancements that detect and remediate overexposed private keys, encryption certificates, API keys, and authentication tokens
Deloitte Australia launches managed security services offering (CRN Australia) MXDR backed by tech from AWS, Crowdstrike, Splunk and more.
Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface (GlobeNewswire News Room) Illumio Endpoint extends Zero Trust Segmentation to see risk and set policy across macOS and Windows devices...
Soldo Delivers More Secure Digital Interactions and Boosts Customer Satisfaction with Dynatrace (Business Wire) Software Intelligence company Dynatrace (NYSE: DT) announced today that leading fintech company, Soldo, is using Dynatrace® Application Security to he
CybeReady Publishes Interactive Learning Kit For Cybersecurity Awareness Month (EIN News) Company Joins in Global Collaboration Between Governments and Private Industries to Prioritize the Protection of Personal Data from Cybercrime
Technologies, Techniques, and Standards
Energy, Finance and Telecoms Corporations Test Their Cyber Mettle (Wall Street Journal) Cyber teams from AT&T, Southern Co., Mastercard and others attacked and defended networks in a ‘cyber-range’ exercise ultimately aimed at protecting critical infrastructure.
CISA Launches its Protective DNS Resolver with General Availability for Federal Agencies (CISA) By Eric Goldstein, Executive Assistant Director for Cybersecurity
Satellite Operators Respond to Cyber Threats in a Rapidly Changing Environment (Satellite Today) With the satellite ground segment increasingly in the attack zone, industry leaders debate cyber strategy in a rapidly changing threat environment
Space Force Official Col. Krolikowski Examines the Cybersecurity Mindset (Satellite Today) Ahead of CyberSatGov, Col. Jennifer Krolikowski, director of the Chief Information Office (CIO) for Space Systems Command, talks about the current geopolitical environment, cybersecurity challenges and how the U.S. Space Force aims to stay one step ahead of adversaries.
Securing your internet of things: What business needs to know (Kaspersky) Industry has made great leaps in efficiency and productivity thanks to the internet of things (IoT.) But smart devices can be dim on security.
Design and Innovation
Quantum hype accusations: the industry hits back (Computing) Significant challenges remain, but quantum computing is advancing faster than its classical counterpart
Legislation, Policy, and Regulation
Iran’s Crisis of Legitimacy (Foreign Affairs) Early this month, the Iranian rumor mill cranked into overdrive amid reports that Iran’s 83-year-old supreme leader, Ayatollah Ali Khamenei, who survived prostate cancer surgery in 2014, was again gravely ill. On September 16, The New York Times reported that emergency bowel surgery had left Khamenei bedridden and too frail to sit upright, citing four anonymous sources said to be “familiar with his health situation.” In the wilder corners of Persian-language social media, claims that Khamenei was on his deathbed gave way to speculation that he had already died.
Taiwanese citizens prepare for possible cyber war (Axios) A Taiwanese semiconductor magnate is helping fund new cyber defense training for Taiwanese citizens.
2022 Annual Report on Implementation (Cyberspace Solarium Commission) The past two years have been witness to significant improvements in U.S. cybersecurity.
Cyberspace Solarium Commission Report: At Least 30% of 2020 Recommendations Reach Full Implementation (ExecutiveGov) The Cyberspace Solarium Commission listed 82 policy recommendations in March 2020 to implement a layered cyber deterrence strategy and transform how the U.S. government responds to cyberthreats and of these recommendations, 30.5 percent are now fully implemented.
Senators Push to Reform Police's Cellphone Tracking Tools (SecurityWeek) Civil rights lawyers and senators are pushing for legislation that would limit U.S. law enforcement agencies’ ability to buy cellphone tracking tools to follow people’s whereabouts.
FCC advances plan to require blocking of spam texts from bogus numbers (Ars Technica) Robotext plan approved after a year, but FCC still needs to adopt final rules.
US expected to publish Privacy Shield executive order next week (POLITICO) The order is designed to address European concerns over surveillance practices in the US.
Camille Stewart Gloster shares her plans for new White House cyber gig (Washington Post) The White House brought in a big cyber name. Here’s what she wants to do
Litigation, Investigation, and Law Enforcement
Federal government under pressure to reveal Optus data breach plan as FBI called in to help (the Guardian) Sources say Labor is considering options including a parliamentary review or inquiry into massive cyber-attack
BREAKING: SEC, CFTC Messaging Probes Net $1.8B In Big Bank Penalties (Law360) Federal regulators said Tuesday that a slew of major Wall Street firms have agreed to pay nearly $2 billion in penalties for recordkeeping failures related to their employees' use of personal messaging apps to discuss business matters.
Wall Street Banks Settle SEC's WhatsApp Probe for $1.1 Billion (Bloomberg) Banking giants including Goldman Sachs Group Inc. and Citigroup Inc. agreed to pay regulators $1.1 billion in penalties for failing to monitor employees using unauthorized messaging apps.
Ransom Demand Probed After Data Hack, Australia’s Optus Says (Bloomberg) Hack exposed personal details of up to 10 million customers. Optus faces growing pressure from customers, government.
Delaware Chancery Court Decision Dismissing Claims Against SolarWinds Corporation's Board Illuminates Contours of Director Oversight Liability (JD Supra) The Delaware Chancery Court’s recent opinion in Construction Industry Laborers Pension Fund et al. v. Bingle et al., C.A. No. 2021-0494-SG (Del. Ch.)...