Dateline Moscow and Kyiv: counteroffensive and referendum.
Ukraine at D+117: Mobilization, annexation, and low morale in the Russian ranks. (CyberWire) Enough Russians have fled the country to avoid conscription to raise concerns about the short- and long-term effect of their departure on the economy. Intercepted phone calls from the combat zones suggest serious morale problems in the Russian army's ranks.
Russia-Ukraine war: List of key events, day 218 (Al Jazeera) As the Russia-Ukraine war enters its 218th day, we take a look at the main developments.
Russian forces on brink of encirclement in Donetsk town (The Telegraph) The fall of Lyman would be another major military setback for the Kremlin
Russia’s Stripped Its Western Borders to Feed the Fight in Ukraine (Foreign Policy) But Finland and the Baltic states are still leery of Moscow’s long-term designs.
Kyiv slams staged referendum as Russian ‘propaganda show,’ vows retribution (Washington Post) The Ukrainian government on Wednesday denounced Russia’s staged referendums in four partially occupied regions as “a propaganda show” and vowed to track down and punish the organizers, including any Ukrainian citizens, while Moscow proclaimed the votes a major success and basis for annexation.
What to know about Russia’s plans to annex territory in Ukraine (Washington Post) Moscow is moving ahead with plans to annex large swaths of Ukraine, after staging referendums, illegal under international law, that resulted in an outcome that was never in doubt: supposed overwhelming support for joining Russia.
Russia prepares to annex occupied Ukraine despite outcry (AP NEWS) Russia is poised to formally annex areas of Ukraine where it has military control after referendums there reportedly endorsed Moscow’s rule.
The Russian men fleeing mobilization, and leaving everything behind (Washington Post) To escape fighting in Ukraine, the 42-year-old Russian construction worker flew through two countries in four days, spending so much on tickets, so quickly, he lost track of it all. Finally, he ended up in Turkey, where it was safe. As he stopped to breathe Tuesday, on plastic seats in the airport arrival hall, he conceded he had no idea where to go next.
Russians drafted to Ukraine by mistake ‘have only themselves to blame’ (The Telegraph) Recruitment chief claims ‘citizens did not comply with their obligations to keep military records up to date’
Fresh Evidence Emerges of Alleged Russian Atrocities in Once-Occupied Ukraine (Wall Street Journal) More than 400 bodies were found in a mass burial site when Ukrainians took back a town that Russians occupied.
The Nord Stream pipeline sabotage, explained (Vox) The undersea explosions in two gas pipelines from Russia exposed Europe’s vulnerabilities — just as the continent faces a looming energy crisis.
EU vows to protect energy systems after 'sabotage' on Russian gas pipelines (Reuters) Any deliberate disruption to the EU's energy infrastructure would meet a "robust and united response", its top diplomat said, after several states said two Russian pipelines to Europe that have been churning gas into the Baltic had been attacked.
Nord Stream: Sweden finds new leak in Russian gas pipeline (BBC News) The EU says the leaks are caused by sabotage and promises the "strongest possible response".
The Race to Find the Nord Stream Saboteurs (WIRED) Damage to the pipeline that runs between Russia and Germany is being treated as deliberate. Finding out what happened may not be straightforward.
'Everything is pointing to Russia': U.S., EU officials on edge over pipeline explosions (POLITICO) U.S. officials downplayed the potential for immediate impacts from the leaks hobbling the two Nord Stream natural gas lines. But the incidents are adding to worries about winter.
Nord Stream blasts could herald new phase of hybrid war, say EU politicians (the Guardian) Norway to make military visible at oil and gas installations as bloc rounds on Russia for suspected act of sabotage
Nord Stream pipeline leaks ‘an environmental crime’ (The Telegraph) Leaks began after unexplained ruptures on Monday, which several countries have suggested could be the work of Russia
Finland watching its waters closely after gas pipeline blasts, PM says (Reuters) Finland is watching its territorial waters very closely following explosions of two Nord Stream gas pipelines, Prime Minister Sanna Marin said on Wednesday.
New Ukraine aid will buy 18 HIMARS and weapons to ‘disrupt’ drones (Defense News) The Pentagon announced Wednesday it will contract with industry for $1.1 billion in military aid to Ukraine.
With a mix of donated weapons, Ukraine’s defenders adapt in war (Air Force Times) Gen. James Hecker, the head of U.S. Air Forces in Europe, told reporters Sept. 19 that Russia has lost more than 60 fighter jets in the war so far.
Opinion Putin is limping toward an endgame in Ukraine. Should the West go along? (Washington Post) Sycophancy is the curse of authoritarians. Vladimir Putin has wielded so much power for so long that all streams of information have become polluted. The inner circle draws its comforts and privileges from its skill at telling the leader what he wants to hear; the outer circle — wishing to move inward — observes, and learns to lie.
‘Putin Is a Fool’: Intercepted Calls Reveal Russian Army in Disarray (New York Times) In phone calls to friends and relatives at home, Russian soldiers gave damning insider accounts of battlefield failures and civilian executions, excoriating their leaders just weeks into the campaign to take Kyiv.
Cyber Warfare Rife in Ukraine, But Impact Stays in Shadows (SecurityWeek) Cyber warfare campaigns are being intensely deployed by both sides as Russia's invasion of Ukraine grinds on, though the covert operations have not yet proved decisive on the battlefield.
Russian hackers' lack of success against Ukraine shows that strong cyber defences work, says cybersecurity chief (ZDNET) In the face of the 'most sustained and intensive cyber campaign on record', Ukraine shows that a sound cybersecurity strategy can protect assets in even the most trying circumstances, says NCSC boss.
Failure of Russia’s cyber attacks on Ukraine is most important lesson for NCSC (ComputerWeekly) Russia has so far failed in its attempts to destabilise the Ukraine through cyber attacks due to strength of Ukrainian, security industry and international efforts.
Russia demands answers after Apple kicks VK apps from App Store (BleepingComputer) Russian telecom watchdog Roskomnadzor demanded explanations today from Apple regarding the removal of all VK apps, including the app for the country's largest social network VKontakte, from its App Store on Monday.
Can Kaspersky survive the Ukraine war? (CyberScoop) The Ukraine war continues to cause problems for Kaspersky, a titan of the antivirus industry accused of having ties to Russian intelligence.
Russia plans transition to home-grown IT (Computing) The Government's import substitution policy aims to counter Western sanctions by relying on domestic alternatives to software like Windows.
Russia Announces Dubious Plans For Aviation Industry Without Boeing and Airbus (Nasdaq) By most accounts, it's just another flight of fancy for Russian President Vladimir Putin.
Russia forced to use its own accident-prone jet technology as sanctions hit airlines (The Telegraph) State engineer Rostec moves to end reliance on Boeing and Airbus
UK firm comes to rescue of Russia's dairy industry (The Telegraph) When milk producers were left crippled, London-listed paper and packaging giant Mondi Group came to the rescue
Attacks, Threats, and Vulnerabilities
North Korea-linked voice phishing campaign nets over $600M: UN report (NK News - North Korea News) Voice-phishing hacking applications sold by North Korean IT workers have led to over half-a-billion dollars in losses, a forthcoming U.N. report states, and many victims may be based in South Korea. An unnamed member state told the Panel of Experts that DPRK tech workers have earned funds selling phishing applications overseas. Voice-phishing cases linked to […]
Hacker Groups take to Telegram, Signal and Darkweb to assist Protestors in Iran (Check Point Software) Check Point Research (CPR) sees multiple hacker groups using Telegram, Signal and the darkweb to aid anti-government protestors in Iran bypass regime
Hackers Use Telegram and Signal to Assist Protestors in Iran (Infosecurity Magazine) Key activities are data leaking and selling, including officials' phone numbers and emails
Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks (The Hacker News) Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions.
Hackers seek to help — and profit from — Iran protests (The Record by Recorded Future) The safety of censorship evasion assistance offered by some hacker groups is unclear.
Detecting the Manjusaka C2 framework (Corelight) In this blog post, the Corelight Labs team shares some of the detection methods available for the Manjusaka C2 framework.
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East (Symantec) Espionage group begins using new backdoor that leverages rarely seen steganography technique.
Witchetty espionage group uses updated toolkit. (CyberWire) Espionage group Witchetty has been seen using a backdoor Trojan that utilizes steganography, along with other new tools.
‘Witchetty’ group targeted Middle Eastern gov'ts, stock exchange of African nation (The Record by Recorded Future) An espionage group is targeting several Middle Eastern governments and the stock exchange of an African country.
Securonix Threat Labs Security Advisory: Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors (Securonix) Securonix Threat Research team recently discovered a new covert attack campaign targeting multiple military/weapons contractor companies, including likely a strategic supplier to the F-35 Lightning II fighter aircraft. The stager mostly employed the use of PowerShell and while stagers written in PowerShell are not unique, the procedures involved featured an array of interesting tactics, persistence methodology, counter-forensics and layers upon layers of obfuscation to hide its code.
Steep#Maverick cyberespionage campaign. (CyberWire) Securonix researchers give an account of Steep#Maverick, an unusually carefully crafted, evasive, and persistent cyberespionage effort.
Stealthy hackers target military and weapons contractors in recent attack (BleepingComputer) Security researchers have discovered a new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier.
Sophisticated Covert Cyberattack Campaign Targets Military Contractors (Dark Reading) Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors (Mandiant) A malware ecosystem impacting VMware ESXi and more.
Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors (Mandiant) We describe ESXi detection methodologies and discuss how to harden hypervisors.
Mandiant has identified new malware that targets VMware ESXi, Linux vCenter servers, and Windows virtual machines. (CyberWire) Novel malware discovered targeting VMware SXi hypervisors.
Ransomware and Wholesale Access Markets: A $10 investment can lead to millions in profit (Cybersixgill) Major ransomware attacks can start with endpoint access purchased for cheap by bad actors on underground markets.
Selling access wholesale in the C2C market. (CyberWire) This corner of the C2C market has both high-end auction houses and flea markets.
IRS reports significant increase in texting scams; warns taxpayers to remain vigilant (US Internal Revenue Service) IR-2022-167, September 28, 2022
WASHINGTON — The Internal Revenue Service today warned taxpayers of a recent increase in IRS-themed texting scams aimed at stealing personal and financial information.
So far in 2022, the IRS has identified and reported thousands of fraudulent domains tied to multiple MMS/SMS/text scams (known as smishing) targeting taxpayers. In recent months, and especially in the last few weeks, IRS-themed smishing has increased exponentially.
Did you get an email saying your personal info is for sale on the dark web? (Consumer Advice) People are telling us they’ve gotten emails warning that their sensitive personal information is being sold in the shadowy marketplaces of the dark web. Some emails list the stolen information, like all or part of the person’s Social Security number, date of birth, and driver’s license number. If you’ve gotten one of these emails, take steps to help protect yourself against financial loss from identity theft.
A cracked copy of Brute Ratel post-exploitation tool leaked on hacking forums (Security Affairs) The Brute Ratel post-exploitation toolkit has been cracked and now is available in the underground hacking and cybercrime communities. Threat actors have cracked the Brute Ratel C4 (BRC4) post-exploitation toolkit and leaked it for free in the cybercrime underground. The availability of the cracked version of the tool was first reported by the cybersecurity researcher Will […]
Optus breach – Aussie telco told it will have to pay to replace IDs (Naked Security) Licence compromised? Passport number burned? Need a new one? Who’s going to pay?
Australia demands Optus pay for new customer ID documents (Yahoo) Australia’s federal and state governments on Wednesday called for Optus to pay for replacing identification documents including passports and driver’s licenses to avoid identity fraud after 9.8 million of the telecommunications company’s customers had personal data stolen by computer hackers. The Australian government has blamed lax cybersecurity at Optus for last week's unprecedented breach of current and former customers' personal information.
Go-based Chaos malware is rapidly growing targeting Windows, Linux and more (Security Affairs) A new multifunctional Go-based malware dubbed Chaos is targeting both Windows and Linux systems, experts warn. Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux. The malicious code was developed to target a broad range of devices, […]
The Dire Warnings in the Lapsus$ Hacker Joyride (WIRED) The fun-loving cybercriminals blamed for breaches of Uber and Rockstar are exposing weaknesses in ways others aren't.
Fast Company’s Apple News access hijacked to send an obscene push notification (The Verge) A “Thrax was here” alert popped up on many iPhones.
Internet outage in Tucson area was due to cyber attack, Cox says (KVOA) An internet outage that affected Tucsonans over the weekend was due to a cyber attack, according to Cox Communications.
Flagging 13 Million Malicious Domains in 1 Month with Newly Observed Domains (Akamai) Akamai researchers have flagged almost 79 million domains as malicious in the first half of 2022, based on a newly observed domain dataset. This equals approximately 13 million malicious domains per month, and represents 20.1% of all the NODs that successfully resolved.
The web gains 13 million malicious new domains per month (Register) Or so Akamai is dying to tell us
LMPD, FBI warn of social media extortion scam targeting teens (WNKY News 40 Television) A social media warning has been issued after a social media scam.
Protecting teens from sextortion: What parents should know (WeLiveSecurity) As online predators increasingly trick youth into sharing explicit videos and images of themselves, it’s time parents wised up to the risks facing their kids.
Social media challenges pose dangers to even the most well-adjusted kids, experts say (Medical Express) A recent FDA warning about the latest social media challenge to go viral has brought renewed focus on the dangerous trend that endangers impressionable children and teens.
Fears of an EMP attack are overblown. It's what comes next that should worry you (Task & Purpose) An electromagnetic pulse attack could leave portions of the U.S. without power. It is unclear for how long.
Illinois School District Purges Old Tech After Cyber Attack (GovTech) Dixon Public Schools officials are clearing out old computers and servers to make way for more secure technology. The decision comes just days after a breach of the widely used communication app, Seesaw.
Swachh City Platform Suffers Data Breach Leaking 16 Million User Records (The Hacker News) Indian Swachh City platform has suffered a data breach leaking 16 million user records of its users.
After Storms, Watch Out for Scams (US Federal Communications Commission) Natural disasters and severe weather can create opportunities for fraud in their wake, occurring at a time when people may be especially vulnerable, or targeting charitable intentions.
Security Patches, Mitigations, and Software Updates
Microsoft Exchange Online to Retire Client Access Rules Support (Petri) Microsoft is getting ready to end support for Client Access Rules (CARs) in Exchange Online. The Exchange team has warned customers that support for this feature will be removed from the service in September 2023. Client Access Rules allow IT admins to control access to their Exchange servers ba ...
Trends
Bitdefender Threat Debrief | September 2022 (Bitdefender) This month we focus on hybrid attacks, corporate espionage, RaaS and the current top ransomware families impacting organizations.
Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report (CybSafe) How much does attitude impact behaviour — and increase cyber security risk? To answer that question and more check CybSafe's report.
The state of BIMI readiness in 2022: room to run (Red Sift Blog) DMARC and BIMI hold real value in stopping phishing attacks and securing the email ecosystem. But what does BIMI adoption look like today?
Brand Indicators for Message Identification (BIMI) and DMARC. (CyberWire) An overview on rates of adoption of email security technologies.
Most Attackers Need Less Than 10 Hours to Find Weaknesses (Dark Reading) Vulnerable configurations, software flaws, and exposed Web services allow hackers to find exploitable weaknesses in companies' perimeters in just hours, not days.
Keeper Security: UK Citizens Losing Millions From Personal Accounts Due to Poor Password Protection (Business Wire) In an all-exposing report, Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software, has uncovered the UK’s passw
Marketplace
NSA Announces Date of the National Cryptologic Museum Grand Opening (National Security Agency/Central Security Service) he National Security Agency (NSA) is pleased to announce the Grand Opening of the National Cryptologic Museum (NCM) at 10:00 a.m. on Saturday, October 8, 2022. As NSA’s principal gateway to the
CyberOwl raises US$5.1M in funding to expand cyber-security support in shipping industry (Hellenic Shipping News) Maritime and offshore system cyber risk management specialists, CyberOwl have successfully secured US$5.1M of investor funding to support the accelerated adoption of their Medulla cyber risk monitoring solution.
Rate hikes and misconceptions limiting cyber insurance take-up by Australian businesses (CRN Australia) New paper examines reasons for low Australian take-up, despite cyber losses.
Google Ventures shelves its algorithm (Axios) The stoplight system had become a de facto investment committee.
Darktrace CEO Says ‘Unfounded Criticism’ Is ‘Deeply Frustrating’ (Bloomberg) Darktrace Plc Chief Executive Officer Poppy Gustafsson said the level of “unfounded criticism” the company comes under is “deeply irritating,” if inevitable for a publicly traded business.
Australia's massive data breach risks eroding Singtel's profits (The Straits Times) One week after the hack was disclosed, the scale and the fallout - as well as the potential costs for Optus - are growing.
Read more at straitstimes.com.
CrowdStrike Named One of the Best Workplaces for Women (Yahoo) CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced its recognition as one of the Great Place to Work® and Fortune magazine 2022 Best Workplaces for Women. This is CrowdStrike’s first time being named to this prestigious list, adding to the growing list of awards and recognition that CrowdStrike has recently garnered for its culture and leadership.
Radware Opens New Cloud Security Center in Italy (GlobeNewswire News Room) Continues to expand its attack mitigation capacity and global cloud footprint...
Swimlane Expands Into Middle East, Turkey and Africa (Yahoo) Security automation leader names Ashraf Sheet VP of META to accelerate regional growth
Products, Services, and Solutions
Palo Alto Networks Selected to Secure Cloud-Native 5G Networks in Canada (Palo Alto Networks) Palo Alto Networks (NASDAQ: PANW) today announced that it has been selected by communications technology company TELUS to assist with securing one of the largest and fastest 5G networks in Canada.
Kong Deepens Performance, Security and Extensibility Capabilities Across Its Industry-Leading API Platform (Business Wire) Today at the fifth annual Kong Summit 2022 conference, Kong Inc., the cloud native API company, introduced a number of new performance, security and e
Independent Attestation as a Service: Leidos Health Pilots Intel Project Amber (Intel) Trust is the core of security, and attestation — proving the identity and integrity of software and hardware to a remote server — is the core of trust. Intel’s new verification service, codenamed Project Amber, uncouples this critical assurance process from cloud providers, instead delivering independent, agnostic and portable attestation as a service-based implementation.
GuidePoint Security releases ICS Security Services to address OT security challenges - Help Net Security (Help Net Security) With GuidePoint’s ICS Security Services, organizations can ensure they have visibility across their OT environment and organization.
Votiro collaborates with Owl Cyber Defense to prevent file-borne threats from entering secure networks (Help Net Security) Votiro collaborates with Owl Cyber Defense to ensure secure file transfers into isolated government ministry networks.
Everything Blockchain Inc. Partners with NSION to Provide Data Security Solution (Business Wire) EBI's proprietary, zero-trust data access technology EB Control will provide NSION customers additional options to secure, manage and control files.
Technologies, Techniques, and Standards
How Rural Hospitals Can Tackle Healthcare Cybersecurity Risks (Health IT Security) Rural hospitals are up against the same healthcare cybersecurity risks as larger organizations but may have limited resources to combat them.
You probably don’t need to worry about public WiFi anymore (Washington Post) Here’s what a creep in a coffee shop could actually learn about you
The 13 Deadly Sins of APT Incident Response — Part 1 (BlackBerry) Incident response puts security teams, operations teams, and executives under extreme pressure, as the response process involves many elements of crisis management. This is especially true when fighting an Advanced Persistent Threat because multiple attackers may be battling against you to complete their objective.
13 Deadly Sins When Dealing With APT Incidents — Part 2 (BlackBerry) Incident responders are likely to commit one of the “13 deadly sins,” potentially grave and needless mistakes that can sabotage efforts and give attackers the advantage — when preparing for a data breach. In Part 2, we move past the preparation stage and into an active breach that is underway and where additional mistakes are likely.
How LAUSD families can protect student data after district cyberattack (LA School Report) A Labor Day weekend cyber attack affecting thousands of Los Angeles Unified School District students has families questioning what they can do to keep their information safe. According to an LA Times report hackers used ransomware to freeze and disable some LAUSD systems. “The student management system was touched,” said LAUSD superintendent Alberto Carvalho. Authorities...
Design and Innovation
Turnstile is Cloudflare’s latest attempt to rid the web of CAPTCHAs (The Verge) This tech tests your browser to see if you’re a bot.
Intel Accelerates Developer Innovation with Open, Software-First Approach (Business Wire) At Intel Innovation 2022, Intel accelerates developer innovation with open, software-first approach.
This Chatbot Aims to Steer People Away From Child Abuse Material (WIRED) Pornhub is trialing a new automated tool that pushes CSAM-searchers to seek help for their online behavior. Will it work?
EXCLUSIVE Brands blast Twitter for ads next to child pornography accounts (Reuters) Some major advertisers including Dyson, Mazda, Forbes and PBS Kids have suspended their marketing campaigns or removed their ads from parts of Twitter because their promotions appeared alongside tweets soliciting child pornography, the companies told Reuters.
No, Tumblr is not bringing back porn (TechCrunch) Tumblr's new "community labels" feature helps filter sensitive content, but the underlying community guidelines have not changed.
Academia
IBM looks to universities for cybersecurity talent (Verdict) IBM is looking to universities to address the scarcity of security talent and to increase diversity in the technology industry.
Texas A&M University Opens Center for Cybersecurity Innovation (Security Intelligence) Texas A&M University received a $4.2 million government contract for a cybersecurity training center. Reaching students is one way to close the skills gap.
Legislation, Policy, and Regulation
The future of the internet is up for vote at the U.N. (The Record by Recorded Future) Europe is this week hosting a contest for world power, but one that few people are aware of. Hundreds of miles south of Ukraine delegates from every country recognized by the United Nations are gathering in the Romanian capital of Bucharest. They will on Thursday elect five officials who will head an obscure U.N. agency […]
22 notable government cybersecurity initiatives in 2022 (CSO Online) Countries across the globe are taking on cybersecurity threats. Here are the most notable initiatives they've introduced in 2022.
What next to combat ransomware following the Optus attack? (G+T) We look at law reforms and harsher penalties surrounding ransomware attacks and explain if outcomes will change for Australian businesses.
Secret Service Plays a Role on the Cyber Team Too (ClearanceJobs) If you have an interest in cybersecurity and a security clearance, a job with the Secret Service could be good stop on your career journey.
Coast Guard Must Address Cyber Workforce Needs, Watchdog Says (Nextgov.com) The agency is only fully implementing seven out of 12 best practices, according to the Government Accountability Office.
Equifax Chief Information Security Officer Jamil Farshchi Appointed as a Strategic Engagement Advisor for the FBI (PR Newswire) Equifax (NYSE: EFX) today announced that Chief Information Security Officer Jamil Farshchi has been appointed as a Strategic Engagement Advisor...
Litigation, Investigation, and Law Enforcement
Gov commits 'hundreds' of people to Optus hack response (iTnews) As new cyber security rules loom for 'large' telcos.
Israeli firm to sell social media-tracking software to Orban’s Hungary (Times of Israel) Official at Avnon Group says sale to Budapest, which has been accused of using Israeli spyware against journalists, was approved by the Defense Ministry
A chess scandal brings fresh attention to computers’ role in the game (The Record by Recorded Future) When the world’s top-rated chess player, Magnus Carlsen, lost in the third round of the Sinquefield Cup earlier this month, it rocked the elite chess world. How a player could use an engine to cheat online is obvious: open the chess match on one tab while plugging your opponent’s moves into Stockfish on the side.