Dateline Moscow, Kyiv, and Brussels: Preparing for sabotage and cyber war.
Ukraine at D+230: Escalation, but unlikely to be sustainable. (CyberWire) Russian missile strikes are widely condemned internationally, but domestically Russian deadenders cry for even harsher measures. NATO warns that sabotage could trigger Article 5, and the US warns that the Russian cyber threat is far from over.
Russia-Ukraine war: List of key events, day 231 (Al Jazeera) As the Russia-Ukraine war enters its 231st day, we take a look at the main developments.
Russia Resumes Strikes After Mass Bombardment of Ukraine (Wall Street Journal) Russia launched another round of strikes across Ukraine, many of which Kyiv said it intercepted, as the death toll rose from the previous day’s barrage, one of Moscow’s broadest assaults in nearly eight months of war.
Hopeless ‘kamikaze’ drones show Vladimir Putin’s war machine is floundering (The Telegraph) Iranian-made weapons easily gunned down by Ukrainian air defence systems in another sign of Russia’s weakening offensive
Ukrainian cybersecurity officer killed by Russian missile strike (The Record by Recorded Future) A 41-year-old Ukrainian cybersecurity officer was among more than 20 killed by Russian missile barrages Monday, according to Ukraine’s Cyber Police Department.
Down the Rabbit Hole on the Russia-Ukraine War #23 - Kerch Bridge and Putin's Tantrum (BruteCast) Today we caught up with Dr. Yuval Weber in the latest developments in the #Russia-#Ukraine War. We reviewed the status of the Kharkiv and Kherson counteroffensives, mobilization, internal struggles between the Russian military and Russian security services, and finally focused on the recent strike on the Kerch Bridge connecting Russia to occupied Crimea, and this morning's retaliatory attack on Ukrainian civilian targets.
Ukraine police say bodies of more than 500 civilians found in Kharkiv (CNN) The bodies of more than 500 civilians have been discovered in territory in northeast Ukraine recently retaken from Russian forces, Ukrainian police say.
Ukraine's Zaporizhzhia nuclear plant loses external power (AP NEWS) Russian missile attacks caused a crippled nuclear plant in Ukraine to lose all external power for the second time in five days, increasing the risk of a radiation disaster because electricity is needed to operate critical safety systems, Ukraine’s state nuclear operator said Wednesday.
Ukraine war: Liberating towns is a shot in the arm for Ukrainian troops (BBC News) The BBC's defence correspondent meets the people of a retaken town - and the soldiers who freed it.
Bombing Kyiv Into Submission? History Says It Won’t Work. (New York Times) Even though it creates misery and loss, the methodical bombing of civilian centers has more often been shown to rally support for resistance.
Opinion Russia’s terror bombing will fail if NATO helps Ukraine withstand it (Washington Post) Analogies between contemporary atrocities and those of previous wars are always risky; at times, commentary about Russia’s war on Ukraine has strained to make such analogies. Just now, though, it takes effort not to. Russian President Vladimir Putin’s launching of missiles against Kyiv, Kharkiv and other places Monday recalls past terror-bombing attempts ranging from the mutual attacks by Iraq and Iran during their War of the Cities in the 1980s to the V-2 terror-bombing of Western European cities by Germany in the final stages of World War II.
Zelenskyy asks for ‘air shield’ as G7 pledges continued support (Al Jazeera) Ukrainian president, G7 leaders meet a day after Russian missiles rain down on Ukrainian cities.
G-7 pledges ‘steadfast’ commitment to Kyiv; missile strikes reported across Ukraine (Washington Post) G-7 says Putin will be held accountable for ‘indiscriminate attacks,’ Russians kidnap nuclear power plant official, Ukraine’s energy firm says, NATO’s Stoltenberg: Ukraine has ‘urgent’ need for more air defense
Australia may provide military training to Ukraine forces: PM (Al Jazeera) Prime Minister Anthony Albanese says his government is considering a request from Ukraine’s President Zelenskyy.
Musk Denies Report He Spoke With Putin Before Peace Tweets (Bloomberg) Eurasia Group’s Bremmer wrote about Musk and Putin in a note. Musk said a call would be ‘pointless’ given divergent demands.
Putin ‘told Elon Musk he would use nuclear weapons if Ukraine tried to retake Crimea’ (The Telegraph) Technology billionaire denies claims that he spoke with the Russian president before publishing a ‘peace plan’ on Twitter
Ukraine Latest: Biden Sees Putin as Both Rational and Irrational (Bloomberg) President Joe Biden said he thinks President Vladimir Putin is a “rational actor” who behaved irrationally when he invaded Ukraine. Biden made the comments in an interview with CNN.
Joe Biden is playing with nuclear fire by posing as JFK (The Telegraph) It is the Russians, not the Western allies, who want this to be a global power contest of equals, with them taking on all of us
Nato warns Russian sabotage on Western targets 'could trigger Article 5' (The Telegraph) If the defence clause was activated the alliance's members would consider any sabotage an attack on them
US Not Ruling Out Russian Cyber Offensive (VOA) Top US cyber official warns recent denial of service attacks against major airports could be the ‘leading edge’ of a bigger, bolder Russian effort
Amid reports of JP Morgan cyberattack, experts call Killnet unsophisticated, ‘media hungry’ (SC Media) The day after launching airport DDoS attacks in 24 states, Killnet claimed to block J.P. Morgan’s infrastructure, but the bank says it did not impact its operations.
Hacktivists Force Companies to Respond to Low-Level Cyberattacks (Wall Street Journal) The Russian-language Killnet group took credit for attacks that briefly disrupted U.S. airport websites this week.
Ukraine's experience spurs allies' interest in 'resistance,' info war training (Breaking Defense) "There hasn't been a special operations international military that I have dealt with since the Ukraine crisis that has not talked to us about expanding information operations and psychological operations forces," said Lt. Gen. Jonathan Braga, head of US Army Special Operations Command.
Ukraine and Moldova move to disarm Vladimir Putin’s energy weapon (Atlantic Council) With the winter heating season now underway, Ukraine and neighboring Moldova both continue to make progress toward reducing dependence on Russian gas and disarming Vladimir Putin's energy weapon.
Biden warns Saudi Arabia will face "consequences" over OPEC oil production cut (Axios) OPEC+ decided to cut oil production by 2 million barrels per day starting next month.
Biden vows 'consequences' for Saudis after OPEC+ cuts output (AP NEWS) President Joe Biden said Tuesday there will be "consequences” for Saudi Arabia as the Riyadh-led OPEC+ alliance moves to cut oil production and Democratic lawmakers call for a freeze on cooperation with the Saudis.
Russian Oligarch’s Property Manager Charged With Helping Evade Sanctions (Wall Street Journal) Graham Bonham-Carter continued to manage Oleg Deripaska’s residential properties after the Russian oligarch was sanctioned by the U.S. in 2018, prosecutors say.
British businessman Graham Bonham-Carter charged with helping Russian oligarch evade US sanctions (The Telegraph) Briton is accused of conspiring to violate sanctions placed on Oleg Deripaska and faces extradition
Six things you (yes, you!) can do now to help Ukraine (Atlantic Council) With the winter season fast approaching and Vladimir Putin launching a campaign against Ukrainian civilian infrastructure, it is more important than ever to maintain support for Ukraine. Melinda Haring has some ideas.
Attacks, Threats, and Vulnerabilities
POLONIUM targets Israel with Creepy malware (WeLiveSecurity) ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group.
Hacking group POLONIUM uses ‘Creepy’ malware against Israel (BleepingComputer) Security researchers reveal previously unknown malware used by the cyber espionage hacking group 'POLONIUM,' threat actors who appear to target Israeli organizations exclusively.
Hacktivists seek to aid Iran protests with cyberattacks and tips on how to bypass internet censorship (CNBC) Anonymous and other hacking groups have organized online to orchestrate cyberattacks on Iranian officials and institutions.
The Russian SpyAgent – a Decade Later and RAT Tools Remain at Risk (Deep Instinct) SpyAgent is a malware that abuses legitimate, well-known remote access tools (RAT). The recent changes observed by our team allow the malware to stay stealthy while bypassing and evading many security products.
The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform (Mandiant) Bad actors are using a shared Phishing-as-a-Service platform called “Caffeine”.
Fresh Phish: Small Business COVID-19 Grants Designed for Disaster (INKY) COVID took its toll on small businesses. It’s estimated that 200,000 closed their doors for good. For those left fighting, government loans and grants were often a welcomed sight. Those same familiar grants are now being used as bait by cyber criminals in a sophisticated credential harvesting and brand impersonation scheme that uses Google Forms.
Ransomware hackers have a new worst enemy: themselves (Washington Post) Sometimes, ransomware hackers rat out their gangs
Microsoft Warns of New Zero-Day; No Fix Yet For Exploited Exchange Server Flaws (SecurityWeek) Microsoft patches more than 90 security defects affecting products in the Windows ecosystem but there's no fix yet for a pair of exploited Exchange Server bugs.
Microsoft investigating alleged Exchange zero-day (The Record by Recorded Future) Microsoft said it is looking into reports of a new zero-day vulnerability affecting Exchange servers after it was used in a ransomware attack.
Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns (SecurityWeek) Intel has confirmed that some of its UEFI source code has been leaked, and while the chipmaker says it’s not concerned, security experts warn that it could have serious implications.
Threat Report: Refund Fraud-as-a-Service (Netacea) Detect, identify and mitigate more malicious bot activity with less false positives using Netacea's revolutionary Intent Analytics™ solution.
Threat Alert: Private npm Packages Disclosed via Timing Attacks (Aquasec) Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages
Cryptoverse: Hack jitters push bitcoin investors back to the future (Reuters) It's not easy being a crypto investor.
Siemens Not Ruling Out Future Attacks Exploiting Global Private Keys for PLC Hacking (SecurityWeek) Malicious actors could obtain global private keys that protect Siemens PLCs, and the industrial giant has warned that the likelihood of exploitation is increasing.
Blizzard Temporarily Pulls Two Overwatch 2 Heroes, Gets Hit with Another DDoS Attack (Push Square) If it ain't one thing, it's the other
2K confirms some personal data obtained in recent data breach (Eurogamer.net) Following a data breach last month, 2K has now confirmed that some personal data has been recorded. Hackers were able t…
Mars Area School District investigates network data breach (Pittsburgh Post-Gazette) The Mars Area School District continues to investigate a data security incident from late September, the district said in a statement Tuesday night.
DDoS attacks get smaller -- but there are more of them (BetaNews) The amount of DDoS attacks increased by 75.6 percent compared to the second half of 2021, but the average (0.59 Gbps) and maximum (232.0 Gbps) attack sizes each decreased by 56 percent and 66.8 percent, respectively.
CISA Has Added One Known Exploited Vulnerability to Catalog (CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
Vulnerability Summary for the Week of October 3, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Patch Tuesday: Critical Flaws in ColdFusion, Adobe Commerce (SecurityWeek) Adobe ships security patches for 29 documented vulnerabilities across multiple enterprise-facing products.
October Patch Tuesday 2022: What You Need to Know - Syxsense Inc (Syxsense Inc) Microsoft released 85 fixes this month including 15 Critical, one Public Aware and one Weaponised Threat.
October 2022 Security Updates (Microsoft Security Response Center) This release consists of security updates for the following products, features and roles.
SAP Security Patch Day: October 2022 (Onapsis) SAP's October Patch Day includes two HotNews notes with a high CVSS score in SAP Manufacturing Execution and SAP Commerce, along with multiple updated notes in SAP Business Objects.
Altair HyperView Player (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Altair Equipment: HyperView Player Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Uninitialized Resource, Improper Validation of Array Index 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device accessed.
Daikin Holdings Singapore Pte Ltd. SVMPC1 and SVMPC2 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Daikin Holdings Singapore Pte Ltd. Equipment: SVMPC1, SVMPC2 Vulnerabilities: Use of Hard-coded Password, Improper Access Control 2.
Sensormatic Electronics C-CURE 9000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. Equipment: C-CURE 9000 Vulnerability: Observable Response Discrepancy 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to enumerate user accounts.
Trends
Does working in cybersecurity pose risks to mental health? | Netacea (Netacea) Find out how your cybersecurity career can impact your mental health, and how you, your colleagues, and your employer can make sure everyone is happy and healthy at work.
Marketplace
Oort Raises $15 Million for Identity Threat Detection and Response Platform (SecurityWeek) Oort raises $15 million in Seed and Series A funding for its Identity Threat Detection and Response (ITDR) platform.
Endor Labs Launches with $25M Seed Financing to Tackle Massive Sprawl of Open Source Software (OSS) (Endor Labs) Solution from category-defining entrepreneurs and world-renowned experts helps developers spend less time dealing with security issues, more time accelerating their development through safe code reuse.
Thoma Bravo buys third identity company this year with $2.3B ForgeRock acquisition (TechCrunch) Thoma Bravo is acquiring identity access management company ForgeRock for $2.3 billion, the third IAM startup it bought this year.
Thales closes acquisition of important cybersecurity players Excellium and S21sec (Thales Group) With the acquisition of Excellium and S21Sec, Thales will accelerate its cybersecurity development roadmap and expands its footprint in Luxembourg, Belgium, Spain and Portugal
Listed Intercede swoops for fellow cyber firm (BusinessCloud) Leicestershire company with offices in United States reports increase in revenues alongside purchase of Bracknell's Authlogics
Immersive Labs Secures $66 Million in New Capital and Expands its Leadership Team to Accelerate Growth (Business Wire) Immersive Labs today announced it has raised $66 million in capital to continue its growth and investment in its Cyber Workforce Resilience platform.
Mandiant propels Google Cloud’s security prospects (Cybersecurity Dive) With Mandiant officially under his wing, Google Cloud CISO Phil Venables expects the incident responders to help Google become a proactive force.
‘Unprecedented’ Google-Mandiant Integration In Full Swing: Cloud Security VP (CRN) Google Cloud and Mandiant security integration is underway around threat intelligence and incident response, cybersecurity cloud leader Jeff Reed explains at Google Next.
How Google Cloud and its $5b Mandiant acquisition will work (Register) Automating infosec knowhow, essentially
Execs Say Google-Mandiant Deal to Merge Threat Intel, SecOps (GovInfo Security) The Google-Mandiant marriage will combine Google's security monitoring tools with Mandiant's threat intel and attack surface management solutions, plus new SOAR and
Traceable Named 'Leader' in New GigaOm Radar Report on API Security (PR Newswire) Traceable, the industry's leading API security and observability company, announced that it was named a "Leader" by GigaOm in its "2022 GigaOm...
America’s Oldest Bank, BNY Mellon, Will Hold That Crypto Now (Wall Street Journal) It is the first large U.S. bank to safeguard digital assets alongside traditional investments on the same platform.
Skybox Security names Netpoleon as new Australian distributor (CRN Australia) Expands existing deal with distie’s Southeast Asian unit.
Armorblox Appoints Illumio Co-Founder and CEO Andrew Rubin to its Board of Directors (Business Wire) Armorblox, a cloud delivered email security platform company, today announced the appointment of Andrew Rubin to its board of directors. Rubin, who cu
Embroker Names David Derigiotis as New Chief Insurance Officer (Business Wire) Embroker, the digital platform making it radically simple to get business insurance, announced that David Derigiotis has joined as Chief Insurance Off
Baffle Appoints Joe Dillon as Executive Vice President of Sales (GlobeNewswire News Room) Veteran sales leader in cybersecurity and cloud markets to grow Baffle’s sales force and expand global partnerships...
Contrast Security's Alliance Team Prepares for its Anticipated Growth with the Hiring of Three Industry Veterans and The Promotion of an Industry Expert (Contrast Security) Expanded Partner Alliance Team to drive best-in-class, partner-centric application security initiatives and revenue growth fostered by a culture of collaboration and cybersecurity transparency.
Vade Announces New VP of Sales, Americas (PR Newswire) Vade, a global leader in threat detection and response with more than 1.4 billion protected mailboxes worldwide, today announced that Mike Pate...
Products, Services, and Solutions
Skybox Security Unveils Industry's First SaaS Solution for Security Policy and Vulnerability Management Across Hybrid Environments (Business Wire) Skybox Security today announced the next generation of its award-winning Security Posture Management Platform – including the industry's first Softwar
Appgate and Illumio Announce the Industry’s First Joint Zero Trust Network Access and Zero Trust Segmentation Solution to Reduce Risk Across Hybrid Infrastructure (Business Wire) Appgate (OTC: APGT), the Zero Trust secure access company, and Illumio, Inc., the Zero Trust Segmentation company, today announced the industry’s firs
Outpost24 Announces Expansion of Penetration Testing Offerings to Nort (PRWeb) Today, Outpost24 announced the introduction of its Penetration Testing as a Service (PTaaS) solutions to the North American market to better empower businesses to
Keyfactor Signum Strengthens Software Supply Chain Security Without Slowing Productivity (Business Wire) New service allows developers to use native signing tools for easy, secure code signing
Symmetry Systems and Trace3 Partner to Secure Data and Reduce Risk in Hybrid Cloud Environments (PR Newswire) Symmetry Systems, the industry's first hybrid cloud data security platform, today announced its partnership with Trace3, a premier provider of...
GitLab Inc. Launches Cloud Seed in Collaboration with Google Cloud to Bolster Cloud Adoption (GlobeNewswire News Room) Self-service capability complements the One DevOps Platform; accelerates cloud adoption and app modernization...
Armis Now Available on Google Cloud Marketplace (Armis) The relationship between Armis and Google Cloud will further enable customers to securely accelerate their digital transformations by scaling solutions, utilizing committed spend, consolidating purchases, and simplifying the overall procurement process.
Control Plane for Machine Identity Management (Venafi) Venafi introduces the control plane for machine identity management. Read on to find out more.
Immuta Releases Platform Updates to Drive Improved Data Security and Monitoring Across Google, Snowflake, and Databricks | Immuta (Immuta) Product release features key integrations and capabilities for enhanced data security and monitoring
Immuta Launches Native Google BigQuery Integration for Enhanced Secure Data Access | Immuta (Immuta) New integration provides automated data discovery, dynamic access, and security controls, and always-on monitoring and reporting for Google BigQuery users.
Cybersecurity Consultancy Alias Gets Dark Web Threat Intelligence Boost With Searchlight Security (Business Wire) Searchlight Security partners with cybersecurity consultancy Alias to enhance its security assessment offering with dark web intelligence.
NetSPI Introduces Deployment-Inclusive Blockchain Security Services (PR Newswire) NetSPI, the leader in enterprise penetration testing and attack surface management, today announced its new deployment-inclusive blockchain...
SecondSight enters cyber insurance market with AI-driven platform for ‘inside-out’ underwriting (VentureBeat) SecondSight emerged from stealth with $3M seed funding, offering an AI-driven platform for “inside-out” cyber insurance underwriting.
Technologies, Techniques, and Standards
DigiCert Root CA First Approved for Matter Device Attestation by Connectivity Standards Alliance (PR Newswire) DigiCert, Inc., the world's leading provider of digital trust, announced today that its Root Certificate Authority (CA) is approved by the...
Research and Development
Patent Filed for Satellite Cryptography (PR Newswire) St. Pölten UAS Project among Best Inventions and Discoveries in "100 Years of Lower Austria" The province of Lower Austria presented the best inventions and...
Academia
California schools seek to fend off cyberattacks (EdSource) California school districts are working to protect data and student records as they evaluate risk of hacking.
Legislation, Policy, and Regulation
Chinese Tech Threatens Future Global Security, U.K. Spy Chief Warns (Wall Street Journal) Beijing’s efforts to exert control over technology both internationally and within China’s borders threaten global security and freedom, according to Jeremy Fleming, the director of Britain’s Government Communications Headquarters.
China’s Cyberattack Strategy Explained (Booz Allen Hamilton) China’s cyberattacks threaten U.S. security and critical infrastructure. Here’s how to spot and counter these threats.
Justice Department Money-Laundering Team Names Leaders as Ukraine War Raises Its Profile (Wall Street Journal) A team of federal prosecutors who specialize in tracing the flow of dirty money will assume new leadership as the Justice Department ramps up its efforts to police sanctions on Russia and to seize assets held by Russian oligarchs.
Litigation, Investigation, and Law Enforcement
Ex-NSA worker accused of selling secrets ordered detained (AP NEWS) A former National Security Agency employee from Colorado accused of trying to sell classified information to Russia will remain behind bars while he is prosecuted, a magistrate judge ruled Tuesday.
Judge Rebuffs DOJ Request to Block Booz Allen Hamilton’s Cybersecurity Deal (Wall Street Journal) Booz Allen in March moved to acquire EverWatch, a company it had been competing against to win a five-year contract to support the NSA’s mission of collecting foreign communications.
U.S. judge declines to halt Booz Allen's purchase of EverWatch (Reuters) A federal judge in Maryland ruled on Tuesday against the government's effort to stop Booz Allen Hamilton's planned purchase of EverWatch Corp over competition concerns, according to a court filing.
Bored-Ape Creator Yuga Labs Faces SEC Probe Over Unregistered Offerings (Bloomberg) Wall Street regulator is examining whether NFTs are securities. Regulator’s inquiry may not lead to allegations of misconduct.