Dateline
Ukraine at D+124: Russia struggles to resist Ukraine's counteroffensive. (CyberWire) Ukraine advances in the Donbas and the south. Killnet continues nuisance operations against soft targets.
Russia-Ukraine war: List of key events, day 225 (Al Jazeera) As the Russia-Ukraine war enters its 225th day, we take a look at the main developments.
Russia-Ukraine war: at least three people killed in Russian strike on Zaporizhzhia apartments – latest (the Guardian) Russia hits southern Ukrainian city of Zaporizhzhia with seven rockets, flattening apartment building
Russia-Ukraine war latest: Liberation of Luhansk begins as Ukraine recaptures several settlements (The Telegraph) Ukrainian troops have started liberating eastern Luhansk, the region’s top official said on Wednesday, as Vladimir Putin for the first time publicly acknowledged military setbacks in the annexed territories.
Ukraine is now within striking distance of key Russian supply road (The Telegraph) Ukrainian troops are 20km east of the Oskil river where Russia tried to establish a line of defence and are poised to cross Luhansk border
A more strategic Russian retreat signals long fight ahead in Kherson (Washington Post) The drone operator ignored the occasional thunder of outgoing artillery in the distance and kept his eyes focused on the computer monitor in front of him, waiting for the burst of smoke to appear. His thumbs pushed the joystick left, then right, before moving to his cellphone screen to report where the artillery should aim next.
EXPLAINER: Russia's military woes mount amid Ukraine attacks (AP NEWS) Even as the Kremlin moved to absorb parts of Ukraine in a sharp escalation of the conflict, the Russian military suffered new defeats that highlighted its deep problems on the battlefield and opened rifts at the top of the Russian government.
Russia Uses Iranian-Made Drones to Strike Military Base Deep Inside Ukraine (Wall Street Journal) Russia used hard-to-track suicide drones to strike a military base, posing a growing challenge for Kyiv as its forces pressed advances in the south and east of the country.
Russian rockets slam into Ukrainian city near nuclear plant (NPR) Seven Russian rockets slammed into residential buildings in Zaporizhzhia early Thursday, killing two people in the city close to Europe's biggest nuclear power plant, the governor of the region said.
Russia-Ukraine war latest: Three-year-old girl pulled from rubble after deadly Russian strikes on Zaporizhzhia (The Telegraph) A three-year-old girl has been pulled from the rubble alive after Russia launched a series of deadly missile strikes on the Ukrainian city of Zaporizhzhia overnight.
Ukraine's three likely routes of attack as the brain-dead Russian army collapses (The Telegraph) Putin's forces have shown themselves incapable of defending the territories they have taken
Ukraine could recapture Crimea as fleeing Russians continue to flounder (The Telegraph) Taking territory annexed by Vladimir Putin in 2014 is now a ‘very real possibility’, says a senior US official
Putin’s Shadow Recruits (Puck) Ramzan Kadyrov has long ruled Chechnya with the aid of Kremlin money and firepower. But if the war in Ukraine is putting some cracks in Putin’s image, it hasn’t spared his viceroy, either.
Putin makes Chechnya's Kadyrov an army general (Insider Paper) Chechen leader Ramzan Kadyrov, an ally of President Vladimir Putin, said Wednesday he was granted a top rank in Russia's army, just as.
Russian forces shot comrade trying to surrender, says Ukrainian soldier (The Telegraph) A 20-year-old fighter describes the moment he came face to face with invading forces on the frontline in Kherson
US splashes $290m on anti-radiation drugs after Putin ups nuclear threats (The Telegraph) Washington denies purchase of Nplate is linked to Russia, saying it was part of ‘ongoing work for preparedness'
U.S. Believes Ukrainians Were Behind an Assassination in Russia (New York Times) American officials said they were not aware of the plan ahead of time for the attack that killed Daria Dugina and that they had admonished Ukraine over it.
How do we know when cyber defenses are working? (Brookings) Assessing the effectiveness of cyber defenses is a crucially important part of developing cybersecurity policy.
Russian-speaking hackers knock US state government websites offline (CNN) Russian-speaking hackers on Wednesday claimed responsibility for knocking offline state government websites in Colorado, Kentucky and Mississippi, among other states -- the latest example of apparent politically motivated hacking following Russia's invasion of Ukraine.
Relentless Russian Cyberattacks on Ukraine Raise Important Policy Questions (Dark Reading) Microsoft cybersecurity executive John Hewie explained cyberwar developments and what they mean for Western democratic policy going forward.
Attacks, Threats, and Vulnerabilities
No fix in sight for mile-wide loophole plaguing a key Windows defense for years (Ars Technica) Lazarus is latest group to pull off "bring your own vulnerable device" attack.
Microsoft warns of potential escalation for Exchange server zero days (Cybersecurity Dive) The actor, which Microsoft says is state sponsored, installed Chopper web shells to gain hands-on-keyboard access, conduct Active Directory reconnaissance and exfiltrate data.
Microsoft Exchange Zero-Day Vulnerabilities May Impact Healthcare Cybersecurity (Health IT Security) Because Microsoft Exchange is so commonly used, the two recently discovered zero-day vulnerabilities may have an impact on healthcare cybersecurity.
Colombia National Food and Drug Surveillance Institute hit with cyberattack (The Record by Recorded Future) Colombia’s National Food and Drug Surveillance Institute (INVIMA) said it is dealing with a cyberattack limiting access to its systems.
Analysis of LilithBot Malware and Eternity Threat Group (Zscaler) ThreatLabz analysis of LilithBot, a multifunction malware sold as-a-service by the Eternity threat group.
NSA: Someone hacked military contractor and stole data (Register) Tell us it’s Russia without telling us it’s Russia
Hackers maintained deep access inside military organization's network, U.S. officials reveal (CyberScoop) A U.S. government cybersecurity advisory includes details about the sophisticated attack on an unnamed defense industrial base organization.
We Smell A RatMilad Android Spyware (Zimperium Mobile Security Blog) The Zimperium zLabs research team discovered spyware targeting Middle Eastern enterprise mobile devices and began monitoring the activity of a novel Android spyware family that we have since named RatMilad. Learn how Zimperium zIPS customers are protected against RatMilad spyware. Read more.
Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting (FBI and CISA) The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) assess that any attempts by cyber actors to compromise election infrastructure are unlikely to result in largescale disruptions or prevent voting.
FBI: Cyberattacks targeting election systems unlikely to affect results (BleepingComputer) The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) in a public service announcement says that cyber activity attempting to compromise election infrastructure is unlikely to cause a massive disruption or prevent voting.
NullMixer Dropper Delivers a Multimalware Code Bomb (Dark Reading) In one shot, Trojan dropper NullMixer installs a suite of downloaders, banking Trojans, stealers, and spyware on victims' systems.
DDoS attack on 'Overwatch 2' servers prevents fans from playing the game on launch day | Engadget (Engadget) Players report getting stuck in queue behind tens of thousands of other people also waiting to get in..
Zoom: 1 Phish, 2 Phish Email Attack (Armorblox) This blog examines a credential phishing attack, which impersonated the brand Zoom. The email attack looked like a notification email from Zoom, urging victims to follow a link that redirected to a malicious landing page that exfiltrated sensitive PII information.
Lloyd's of London investigates possible cyber attack (Reuters) Lloyd's of London is investigating a possible cyber attack, the commercial insurance market said on Wednesday, with companies on high alert for intrusions as a result of the conflict between Russia and Ukraine.
Insurance giant Lloyd’s of London investigating cyberattack (The Record by Recorded Future) Insurance giant Lloyd’s of London said on Wednesday that it is investigating a possible cyberattack.
The Optus Breach: If I Could Turn Back Time (Digital Shadows) The fallout of the recent Optus breach got me thinking about a common occurrence: seller’s remorse… Most of us have experienced it. You feel like you’re getting a good deal, and then bang! You realize you could have got more for your money if you’d only just waited that extra day. Although this might be
CommonSpirit takes IT systems offline amid cybersecurity incident (MedCity News) "An IT security issue” has been impacting several of CommonSpirit Health's facilities across the country. Some of its hospitals in Nebraska, Iowa and Washington have taken their EHRs offline due to the incident. Experts say the incident serves as an important reminder that providers need to go all in on cybersecurity, as healthcare organizations remain a prime target for hackers.
Massive U.S. nonprofit health care system grappling with 'IT security issue' (The Record by Recorded Future) One of the largest nonprofit healthcare systems in the U.S. is dealing with a security incident forcing them to shut off some systems.
Statement: IT Security Issue (CommonSpirit) CommonSpirit Health has identified an IT security issue that is impacting some of our facilities.
MercyOne shuts down e-health records after 'IT security incident' affects online systems (Des Moines Register) MercyOne's parent company CommonSpirit Health was hit Monday by an unspecified \
Qakbot: Analysing a Modern-Day Banking Trojan (Infosecurity Magazine) Attackers are using increasingly innovative methods to launch the Qakbot Trojan
Sydney MSSP DVULN uncovers vulnerability exposing data of 200,000 Aussie job seekers (CRN Australia) Sydney MSSP says vuln similarly affected Optus in its recent data breach.
Fast Company is back online (Fast Company) Thank you for your patience and understanding during our darkest week.
Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast (Dark Reading) With just one malformed Zigbee frame, attackers could take over certain Ikea smart lightbulbs, leaving users unable to turn the lights down.
Beware of chat apps: Your security and brand reputation are on the line (Security Magazine) Customer data is not the only thing on the line, as fraudsters utilize chat apps for scams. Businesses’ reputations are at risk too.
Cyberattack on Australian bank could threaten financial system, but risk is low (The Sydney Morning Herald) Banks are an attractive target for hackers given the amount of personal information they store, with regional banks the most exposed.
Giant Optus hack may swallow a quarter of SingTel profits (The Star) The cost for Singapore Telecommunications Ltd (SingTel) of making good customers exposed to one of Australia’s worst data breaches risks wiping out more than one quarter of its annual profit.
Vulnerability Summary for the Week of September 26, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker.
Microsoft updates guidance for ‘ProxyNotShell’ bugs after researchers get around mitigations (The Record by Recorded Future) Microsoft updated the guidance it provided for CVE-2022-41040 and CVE-2022-41082 but researchers are concerned it still not enough.
Microsoft Updates Mitigation for Exchange Server Zero-Days (Dark Reading) Researchers had discovered that Microsoft's original mitigation steps for the so-called "ProxyNotShell" flaws was easily bypassed.
Microsoft updates mitigation for ProxyNotShell Exchange zero days (BleepingComputer) Microsoft has updated the mitigation for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell.
Trends
SCADA Systems Involved in Many Breaches Suffered by US Ports, Terminals (SecurityWeek) SCADA systems were involved in many of the breaches suffered by ports and terminals in the United States, according to Jones Walker’s 2022 Ports and Terminals Cybersecurity Survey.
Delivery of Malware: A Look at Phishing Campaigns in Q3 2022 | FortiGuard Labs (Fortinet Blog) FortiGuard Labs continues to track many malware families, including Emotet, Qbot, and Icedid. Read more about some of the most common details and techniques used by these malicious campaigns for ma…
Exposed cloud data a $28 million cyber risk for the average company (IT Brief Australia) The average company with data in the cloud faces $28 million in data-breach risk, according to a new report from Varonis.
New IDology Research Reveals 60% of Consumers Don't Believe Companies Do Enough To Protect Their Data as Demand for Security Grows (PR Newswire) IDology, a GBG company, today released its Fifth Annual Consumer Digital Identity Study, providing valuable insights into consumer expectations...
Marketplace
CrowdSec announces €14M in Series A funding to combat cybercrime (CrowdSec) We are happy to announce that CrowdSec has closed a €14M Series A round led by Supernova Invest and accompanied by CrowdSec’s historic investor, Breega. Our ambition with this round is to combat cybercrime by strengthening our position as the world’s largest crowdsourced CTI network in the world.
European cybersecurity firm Infinigate merges with Dubai's Starlink (Reuters) Cybersecurity company Infinigate Group said on Tuesday it was merging with Dubai-based cybersecurity and cloud firm Starlink to create a company with estimated annual revenues of about $2.2 billion.
Qunnect Raises $8M in Series A Funding, Led by Airbus Ventures (PR Newswire) Qunnect, the leader in quantum internet technologies, today announces its Series A financing of over $8M, led by Airbus Ventures, with...
Deloitte acquires AI consultancy SFL Scientific (Consulting) Deloitte US has acquired SFL Scientific, a Boston-area consulting firm focusing on artificial intelligence strategy and data science.
DXC confirms talks with potential buyer (CRN Australia) With undisclosed “financial sponsor” amid rumours.
Chris Veith Heads Global Systems Integrator (GSI) Program (Strata.io) Chris Veith joins Strata Identity to lead the global systems integrator partner program and manage relationships with GSIs including EY, Deloitte, and Wipro.
Products, Services, and Solutions
Contrast Security Launches Expanded Security Testing Tools for JavaScript and Popular Angular, React and jQuery Frameworks (Contrast Security) New language and framework support empowers developers to analyze front-end code for vulnerabilities throughout the development lifecycle.
DDLS brings Offensive Security training to ANZ (CRN Australia) Offering pen testing, cloud security, security operations and more.
Udacity Launches Cybersecurity for Business Leaders Program to Address Top Enterprise Threats (PR Newswire) Udacity, the digital talent transformation platform, today announced the launch of its Cybersecurity for Business Leaders Program, designed to...
Rewrite the Identity Governance Playbook with SailPoint Identity Security (Business Wire) SailPoint Technologies Holdings, Inc., the leader in enterprise identity security, today announced—during its annual Navigate conference—new innovatio
Sumsub launches 1-click - document-free verification for over 2 billion users (PR Newswire) Sumsub, a global tech company providing anti-fraud and compliance solutions, announces the launch of one click-KYC for users in India, Brazil,...
Contrast Security Launches Expanded Security Testing Tools for JavaScript and Popular Angular, React and jQuery Frameworks (Contrast Security) New language and framework support empowers developers to analyze front-end code for vulnerabilities throughout the development lifecycle.
MSAB launches a flagship feature – a new MTK Exploit that allows investigators to access data in more locked devices (News Powered by Cision) MSAB, a world leader in mobile forensics, announces its third major software release for 2022.
LogRhythm unveils Axon cloud-native security solution (SC Media) Security intelligence provider LogRhythms Axon security operations platform saw its official launch with the aim of reducing the burden on security teams, according to SiliconANGLE.
CyberSaint Joins Powered by Snowflake Program to Elevate Cyber Risk Reporting (MSSP Alert) In partnership with Snowflake, CyberSaint will transform and automate the way organizations manage cyber risk via the CyberStrong platform.
Illumio Joins AWS ISV Accelerate Program to Advance Zero Trust Segmentation Adoption (GlobeNewswire News Room) Illumio Zero Trust Segmentation Platform available on AWS to help organizations see risk and reduce the hybrid attack surface...
Netskope, Orange collaborate on new SSE solution (SC Media) Netskope will lend its infrastructure in a new partnership with Orange Business Services and Orange Cyberdefense, a cybersecurity services provider, to roll out a new security service edge product for deployment in the Orange Telco Cloud Platform, SDxCentral reports.
Rewrite the Identity Governance Playbook with SailPoint Identity Security (Business Wire) SailPoint Technologies Holdings, Inc., the leader in enterprise identity security, today announced—during its annual Navigate conference—new innovatio
The Latest Update to the ReversingLabs Threat Analysis and Hunting Solution (ReversingLabs) ReversingLabs customers rely on our threat analysis and hunting solution to provide them with an instant malware lab, delivering both static and dynamic analysis. Here, we break down the newest improvements with A1000 version 7.0.
Technologies, Techniques, and Standards
7 Practical Considerations for Effective Threat Intelligence (Dark Reading) If your security team is considering, planning, building, or operating a threat intelligence capability, this advice can help.
Avast releases free decryptor for Hades ransomware variants (BleepingComputer) Avast has released a decryptor for variants of the Hades ransomware known as 'MafiaWare666', 'Jcrypt', 'RIP Lmao', and 'BrutusptCrypt,' allowing victims to recover their files for free.
'Pig butchering' crypto scams spotlight need for an evolution in fraud prevention for finance (SC Media) An FBI warning Monday about a scheme that convinces victims to invest in fake cryptocurrency platforms spotlights the need for financial institutions to implement more sophisticated fraud detection programs to flag suspicious transactions, growing their own awareness of crypto trading practices in the process.
Crows take AFA: Advocate EMS superiority (Air Combat Command) In a room of nearly 200 people at the Air, Space & Cyber Conference, U.S. Air Force Col. Josh Koslov, 350th Spectrum Warfare commander, headed the Electromagnetic Warfare (EW) Panel aimed to spark
Legislation, Policy, and Regulation
Australia unveils privacy rule changes after Optus data breach (Reuters) Australia on Thursday proposed an overhaul of consumer privacy rules that will help facilitate targeted data sharing between telecommunication firms and banks following a massive data breach at Optus, the country's second largest mobile operator.
Popular censorship circumvention tools face fresh blockade by China (TechCrunch) More than half of China’s netizens who circumvent online censorship use some sort of TLS-based tools.
Albania weighed invoking NATO’s Article 5 over Iranian cyberattack (POLITICO) Albanian Prime Minister Edi Rama talks about the recent massive cyberattacks on his nation and when an attack warrants a NATO response.
Taiwan Pledges to Keep Advanced Chips From Chinese Military (Bloomberg) Taiwan banned Alchip semiconductor exports to China’s Phytium. Taiwan weighs business and security as US-China tensions grow.
CISA aims to expand cyber defense service across fed agencies, potentially further (Federal News Network) CISA’s Protective DNS will help prevent phishing and other cyber incidents by blocking agency web traffic from known malicious websites.
GAO: Communication Breakdowns Hurt Otherwise Positive View of Federal Ransomware Support (Nextgov.com) State, local, tribal and territorial governments have “generally positive views” of agencies’ ransomware assistance, but cited “inconsistent communication” from the FBI as a challenge.
White House Seeks Advice on Cyber Workforce Development (Nextgov.com) The Office of the National Cyber Director is looking for input in a new request for information and will eventually quiz respondents about their ideas.
The Coast Guard Leaves Cyber Unguarded (AFCEA International) The Coast Guard's problems attracting and retaining cyber talent cause concern on Capitol Hill.
Governor Hogan announces new state, local directors of cybersecurity (Nottingham MD) Governor Larry Hogan on Tuesday announced that the State of Maryland has hired John A. Bruns as the Director of State Cybersecurity and Netta Squires, Esq. as the Director of Local Cybersecurity. These positions were created as part of an overarching cybersecurity legislative package passed early this year. Both directors will work at the Department of Information Technology and … Continue reading "Governor Hogan announces new state, local directors of cybersecurity"
Litigation, Investigation, and Law Enforcement
How A British Teen’s Death Changed Social Media (WIRED) An inquest found content on Pinterest and Instagram contributed to the 2017 death of Molly Russell. The sites say they’ve changed—with opposing strategies.
Former Uber Security Chief Found Guilty of Obstructing FTC Probe (Wall Street Journal) Joe Sullivan covered up a 2016 data breach by paying hackers a $100,000 “bug bounty,” prosecutors said.
Former Uber security chief convicted of covering up 2016 data breach (Washington Post) Surprise verdict on charges that predated rampant ransomware and extortion payoffs in more recent hacking cases
Uber’s Former Security Chief Convicted of Data Hack Coverup (Bloomberg) Joe Sullivan found guilty by jury of concealing 2016 breach. He argued other executives were to blame for tardy disclosure.
Former Uber Security Chief Found Guilty of Hiding Hack From Authorities (New York Times) A jury found Joe Sullivan, who led security at the ride-hailing company, guilty on two different counts. The case could change how security professionals handle data breaches.
Former Uber CISO Joe Sullivan Found Guilty Over Breach Cover Up (SecurityWeek) A San Francisco jury on Wednesday found former Uber security chief Joe Sullivan guilty of covering up a 2016 data breach and concealing information on a felony from law enforcement.
Hacker Gets Probation for Massive Capital One Data Breach (CNET) The judge cites the hacker's mental health and transgender status in declining to sentence her to prison.
DoJ ‘very disappointed’ with sentence for Capital One hacker (Register) ‘This is not what justice looks like’ says official on sanction for leak of 100 million records
Third servicer entangled in massive data breach litigation (National Mortgage News) The class action complaint includes 23 plaintiffs accusing the firms of failing to protect their information, including Social Security numbers, in a cyberattack which lasted 41 days.
Canadian Netwalker Ransomware Affiliate Sentenced to 20 Years in U.S. Prison (The Hacker News) A Canadian national convicted for his role as a Netwalker ransomware affiliate has been sentenced to 20 years in prison.
NetWalker ransomware affiliate sentenced to 20 years by Florida court (Naked Security) Judge tells the accused that if he hadn’t pleaded guilty, “I would have given you life.”
CEO of election software firm held on ID info theft charges (AP NEWS) The founder and CEO of a software company targeted by election deniers was arrested Tuesday on suspicion of stealing data on hundreds of Los Angeles County poll workers. Konnech Corporation's Eugene Yu, 51, was arrested in Meridian Township in Michigan and held on suspicion of theft of personal identifying information, while computer hard drives and other “digital evidence" were seized by investigators from the county district attorney's office, according to the office.
Election Software CEO Arrested Over Suspected Poll Worker Data Theft (Gizmodo) Eugene Yu, the head of Konnech, has been accused of mishandling poll workers' personal information and violating the company's contract with LA County.
Serial cyberstalker who harassed dozens of women has jail term cut (the Guardian) Matthew Hardy’s jail term reduced by a year owing to legal oversight in original sentencing at Chester crown court
Chess Investigation Finds That U.S. Grandmaster ‘Likely Cheated’ More Than 100 Times (Wall Street Journal) An internal report reviewed by The Wall Street Journal alleges a previously unknown pattern of likely widespread cheating by Hans Moke Niemann, the player whose September victory over Magnus Carlsen has rocked the chess world.