Dateline Moscow and Kyiv: Drones and stalled ground units.
Ukraine at D+236: Buzzbombs and hacktivists-for-hire. (CyberWire) Russia continues its strikes against Ukrainian cities and infrastructure. Hacktivists-for-hire are contributing to Russian DDoS attacks against targets perceived as "anti-Russian."
Russia ‘hits energy facility’ near Kyiv in second day of strikes (Al Jazeera) Russian attacks hit ‘critical infrastructure’ north of Kyiv, Zhytomyr, while one person killed in raid in Mykolaiv.
Four killed as Iranian-made kamikaze drones target Kyiv (The Telegraph) Commuters flee through streets as Putin hits Ukrainian capital with second major attack in a week
Waves of ‘kamikaze’ drones strike Ukraine’s capital, 4 killed (Military Times) The concentrated use of the drones was the second barrage in as many weeks — after months in which air attacks had become a rarity in central Kyiv.
Ukraine-Russia war latest: Russian strikes take out 'third of power stations', says Zelensky (The Telegraph) Russian strikes have destroyed nearly a third of Ukraine's power stations, said Volodymyr Zelensky, as more missiles hit Kyiv.
Putin's use of Iranian kamikaze drones risks dragging another Middle Eastern power into the war (The Telegraph) Israel is facing immense pressure to provide military technology to Ukraine
Russia's kamikaze drone strikes against Ukraine aren't the sign of strength Putin thinks (Task & Purpose) The Russians have started using Iranian-made loitering munitions to target critical infrastructure in Ukraine as part of a strategy of terrorizing the civilian population.
How Iranian Kamikaze drones could help turn the tide of war in Russia's favour (The Telegraph) Their distinctive whine is enough to sow panic – and Russia has obtained scores of the cheap, plentiful and deadly drones
What are kamikaze drones? Here’s how Russia and Ukraine are using them. (Washington Post) This week, Russia struck deep into Ukraine and hit the capital, Kyiv, with kamikaze drones. These small and noisy airborne devices are designed to strike at a distance. They are nimble enough to avoid many air-defense systems.
Russian warplane crashes near apartment building, killing 13 (AP NEWS) A Russian warplane crashed Monday into a residential area in a Russian city on the Sea of Azov after suffering engine failure, leaving at least 13 people dead, three of whom died when they jumped from upper floors of a nine-story apartment building to escape a massive blaze.
Russia-Ukraine war latest: Moment Russian bomber crashes into block of flats as pilot ejects (The Telegraph) One of Russia's newest and most advanced warplanes has crashed in a residential area in the southern Russian city of Yeysk, after one of its engines caught fire during takeoff.
As Russia strikes power plants, Ukrainians brace for winter (AP NEWS) Nine-year-old Artem Panchenko helps his grandmother stoke a smoky fire in a makeshift outdoor kitchen beside their nearly abandoned apartment block. The light is falling fast and they need to eat before the setting sun plunges their home into cold and darkness.
Take more prisoners, Zelenskiy urges troops after big exchange (Reuters) Ukrainian President Volodymyr Zelenskiy on Monday urged his troops to take more prisoners, saying this would make it easier to secure the release of soldiers being held by Russia.
Prisoner swap with Russia sees 108 Ukrainian women released (the Guardian) Group released includes civilians and women captured during Azovstal steelworks siege, with 110 Russians also released
The world has a choice: act decisively now or face a larger conflict with Russia | Vladyslav Vlasiuk (the Guardian) Ukraine needs more support. This can and must be agreed this week, says Ukrainian presidential adviser Vladyslav Vlasiuk
EU Sanctions on Russia Are Here to Stay (World Politics Review) The events of the past month have called into question whether any deal on the war in Ukraine, and EU sanctions on Russia, can be found.
U.S. to penalize Iran, third parties for missile sales to Russia (POLITICO) A U.S. official issued the warning following reports that Tehran was expanding its military aid to Moscow.
India’s stance on the Ukraine war makes little sense (POLITICO) The country hasn’t just dumped its democratic principles but is providing crucial financial support for Russia’s brutal invasion.
Inside the U.S. Effort to Arm Ukraine (The New Yorker) Since the start of the Russian invasion, the Biden Administration has provided valuable intelligence and increasingly powerful weaponry—a risky choice that has paid off in the battle against Putin.
Official: Cyber attack on Bulgarian government websites traced to Russia (Sofia Globe) The head of Bulgaria’s National Investigation Service, Borislav Sarafov, said on October 16 that the perpetrator of a cyber attack the previous day on several Bulgarian state, government and private websites had been identified, and the attack had come from a city in Russia.
Bulgaria hit by a cyber attack originating from Russia (Security Affairs) Government institutions in Bulgaria have been hit by a cyber attack during the weekend, experts believe it was launched by Russian threat actors. The infrastructure of government institutions in Bulgaria has been hit by a massive DDoS attack. The attack started on Saturday and experts believe that it was orchestrated by Russian threat actors. The […]
Project DDOSIA Russia's answer to disBalancer (Radwaare) Inspired by Newton's third law of physics, NoName057(16) published a Manifesto in July denouncing the West for waging an open information war against Russia. They consider their cyberattacks to be the reaction to western
Russian DDOSIA Project Pays Volunteers to Participate in DDOS Attacks on Western Companies (Gridinsoft Blogs) Radware experts discovered the DDOSIA DDoS project, in which a Russian-speaking hack group pays volunteers to participate in attacks.
Hillicon Valley — Risk of Russia cyber ops amps up before midterms (The Hill) Experts warn Russia could escalate its cyber efforts in the November midterms as retaliation for the United States’ ongoing military and economic aid to Ukraine. Meanwhile, Chinese hackers ar…
Russian Hackers May Be Gunning for Your Business (Hudson Reporter) The ongoing events in Ukraine continue to rivet the world’s attention – but while the military and human damage rightfully capture most of the attention, U.S.-based business owners and individuals should also consider the possible cyber-risk spillover to their operations. A Dangerous Time Even before the U.S. and Russia […]
Keeping watch over Ukraine’s humanitarian cyberspace - Ukraine (ReliefWeb) News and Press Release in English on Ukraine about Logistics and Telecommunications; published on 17 Oct 2022 by ETC
General Says Transcom Effectively Delivering Security Assistance to Ukraine (U.S. Department of Defense) U.S. Transportation Command's logistical prowess is on full display as its personnel balance the rigors of the command's global mission while ensuring Ukraine receives the aid necessary to defend
Siemens Canada tells MPs it never lobbied Ottawa for sanctions waiver on Russian turbine (CBC) A top official with Siemens Canada defended the energy company’s handling of sanctions involving repair work on turbines belonging to the Russian Nord Stream 1 pipeline before a parliamentary committee on Monday.
Attacks, Threats, and Vulnerabilities
Opinion | Mexico’s Military Gets Hacked (Wall Street Journal) Leaks show the army has information linking drug cartels with the ruling class.
China’s attack motivations, tactics, and how CISOs can mitigate threats (CSO Online) A Booz Allen Hamilton report outlines global cyberthreats posed by the People’s Republic of China and gives some guidance on how to counter them.
Dangerous hole in Apache Commons Text – like Log4Shell all over again (Naked Security) Third time unlucky. Time to put your patching boots on again…
LockBit 3.0 Ransomware Unlocked (VMware Security Blog) LockBit Black announced itself in July 2022 stating that it would now offer the data of its nonpaying victims online in an easy-to-use searchable form.
New UEFI rootkit Black Lotus offered for sale at $5,000 (Security Affairs) Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums. The powerful malware is offered for sale at $5,000, with $200 payments per new updates. The researcher warns that […]
New 'Black Lotus' UEFI Rootkit Provides APT-Level Capabilities (SecurityWeek) A threat actor is promoting on underground criminal forums a vendor-independent UEFI rootkit that can disable security software and controls.
Disinformation Attacks Threaten US Midterm Elections (Dark Reading) Foreign nations continue to target various US public entities and private industries with cyberattacks, but the coming midterms are driving more disinformation than hacking, say experts.
Optus says it needed to keep identity data for six years. But did it really? (CRN Australia) The big problem with Australia’s data retention laws.
Keystone Health Data Breach Impacts PHI of 235K Individuals (Health IT Security) Pennsylvania-based Keystone Health discovered a data breach in August that potentially impacted more than 235,000 individuals.
Hackers say they stole 1.4TB of data from UK’s Kingfisher Insurance (Cybernews) Ransomware group LockBit posted Kingfisher Insurance’s name on their leak site, saying the stolen data included personal details of employees and customers.
Ransomware attack halts circulation of some German newspapers (BleepingComputer) German newspaper 'Heilbronn Stimme' published today's 28-page issue in e-paper form after a Friday ransomware attack crippled its printing systems.
Vinomofo data breach: 500,000 customers at risk after wine dealer hit by cyber-attack (the Guardian) Vinomofo warns customers to remain alert to scam activity after the hack
Shares in Australia’s Medibank drop despite foiling ransomware attack (The Record by Recorded Future) Shares in Medibank, an Australian health insurance business with more than 3 million customers, dropped despite the company announcing on Monday that an attempted ransomware attack it stopped last week had not impacted business.
Notice of Security Incident (Keystone Health) At Keystone Health, we are committed to protecting the privacy and security of our patients’ information.
Survey: What makes you more likely to click on a phishing email? (ITWeb) Distraction, multi-tasking and stress significantly and negatively impact people’s online security behaviour, a recent survey found.
Security Patches, Mitigations, and Software Updates
Zoom for macOS Contains High-Risk Security Flaw (SecurityWeek) Zoom has rolled out a high-priority patch for macOS users with a warning that hackers could abuse the software flaw to connect to and control Zoom Apps.
Zimbra Patches Under-Attack Code Execution Bug (SecurityWeek) Zimbra has rushed out patches to provide cover for a code execution flaw that has already been exploited to plant malware on target machines.
Trends
The Cyber Wild West (The Cipher Brief) Cipher Brief Senior National Security Columnist Walter Pincus shares revelations into today's Cyber Wild West
Cybersecurity Tops the CIO Agenda as Threats Continue to Escalate (Wall Street Journal) Chief information officers say cybersecurity will once again be their top investment priority in 2023, a sign of how companies are racing to manage their business risk posed by escalating threats.
Marketplace
Cybersecurity M&A Roundup for October 1-15, 2022 (SecurityWeek) Nineteen cybersecurity-related merger and acquisition (M&A) deals were announced in the first half of October 2022.
NINJIO Expands Services With Strategic Acquisition Of Innovative Behavior-based Cybersecurity Company DCOYA (NINJIO) Award-winning cybersecurity company NINJIO will help organizations move toward the next phase of security awareness with cutting-edge, AI-powered cybersecurity technology
HYCU Secures New Strategic Investment from Okta Ventures (GlobeNewswire News Room) Series B extended to include Industry-Leading SSO Platform Integration to provide Secure, Safe Functionality to ease Data Mobility across On-Premises,...
The Purple Guys Announces Sixth Acquisition Through Strategic Partnership with IT Leader Golden Tech (Yahoo) The Purple Guys, a leading provider of managed IT services to small and mid-sized businesses, completed the acquisition of Golden Tech, a Valparaiso, Indiana-based IT managed services provider. Combined with the acquisition of Indianapolis-based Accelerate earlier this year, The Purple Guys is now even better positioned to deliver best-in-class IT support and services to the broader Indiana and Chicago-area regions.
MPC Alliance | MPC Alliance more than doubles membership (RealWire) Innovators with a shared interest of increasing data privacy and security find common ground with secure Multiparty Computation (MPC)
San Francisco, 18 October 2022 – Meta, Bosch and nearly three dozen other companies have recently joined the MPC Alliance
Announcing the 2022 CyberScoop 50 award winners (CyberScoop) The awards celebrate and honor the accomplishments of cybersecurity leaders in both the public and private sectors.
From Tel Aviv to the Bay — scaling the Lightspeed enterprise team (Medium) Security industry vet Mike Carpenter and new partners Lisa Han and Yonit Wiseman join the enterprise team
Wi-Fi Alliance® Names Kevin Robinson as Chief Executive Officer (GlobeNewswire News Room) Robinson brings a track record of success driving the advancement of Wi-Fi®...
Products, Services, and Solutions
CRITICALSTART® Delivers Threat Detection and Response Actions in Tandem with Palo Alto Networks Cortex XSIAM (PR Newswire) Critical Start, a leading provider of Managed Detection and Response (MDR) cybersecurity solutions, today announced the availability of its MDR...
Mandiant Breach Analytics for Google Cloud’s Chronicle Helps Automate the Link Between Threat Intelligence and Real-Time Detection | Mandiant (Mandiant) Our SaaS-based offering operationalizes Mandiant’s frontline threat intelligence.
Imperva's Data Security Fabric now available on Oracle Cloud Marketplace (SecurityBrief Asia) Imperva DSF has achieved Powered by Oracle Cloud Expertise status and is now available on Oracle Cloud Marketplace, offering added value.
Mandiant CEO pledges to automate threat intel under Google (Cybersecurity Dive) Google’s chops in artificial intelligence, cloud computing and analytics play a central role in Mandiant’s emboldened vision.
Check Point Launches New Global Managed Security Service Provider Program (Fast Mode) Check Point Software Launches New Global Managed Security Service Provider (MSSP) Program to Accelerate Partner Growth
ESET to bring its unique cybersecurity solutions to large corporations via a new business unit (EIN News) ESET, a global leader in cybersecurity, today announces a new strategic thrust to reshape the company’s diverse digital security offerings and go-to-market
Fime’s CPV test tool supports the latest biometric, cryptographic and security requirements. (Fime Group) Fime’s Card Personalization Validation tool has been updated to meet the latest requirements defined by major international and domestic payment schemes.
Corelight Unveils Cloud Sensor SaaS for AWS to Help SOCs Turn Cloud Traffic into Comprehensive, Correlated Evidence (Corelight) Corelight’s latest offering generates custom insights that can be streamed real time into Corelight Investigator, SIEM and XDR solutions
Security Compass Releases New Developer-Centric Threat Modeling Capabilities in SD Elements in Support of New Secure Software Development Guidelines (Business Wire) Security Compass today announced the release of new developer-centric threat modeling capabilities to support new software development guidelines.
Cobalt Iron Introduces Free Data Protection Maturity Assessment
(WallSt.com) Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced the availability of its free Data Protection Maturity Assessment created in partnership with independent data center analyst DCIG.
Cavelo Announces Data Access Capabilities to Mitigate Security Breach (PRWeb) Attack surface management technology provider Cavelo Inc. today announced the release of data access and data permissions capabilities to support...
JFrog Advanced Security Unifies Developer, Security, and Operations Teams with Enterprise-wide Automation and Control of the Software Delivery Flow (JFrog) JFrog introduced the world’s first binary-focused, DevSecOps solution - JFrog Advanced Security - providing holistic security coverage from any source to any destination.
Conceal Partners with Virtual Graffiti to Expand into Australia and New Zealand (Business Wire) Conceal, the leader in Zero Trust isolation and ransomware prevention technology, today announced it is expanding into the Australian and New Zealand
Styra Delivers Comprehensive Policy Bundle Management Ensuring Stronger Software Supply Chain Security (Business Wire) Styra Inc. introduces a comprehensive set of policy bundle management capabilities to Styra DAS.
Technologies, Techniques, and Standards
Cybersecurity Awareness Month 2022: Updating Software (NIST) Cybersecurity Awareness Month is flying by, and today’s blog identifies different security vulnerabilities that can be exposed if you are unable to keep up w
Applying IP network guidance has harmed control system field devices and legacy control systems (Control Loop) OT control system field device cyber security issues are different from those that affect Internet Protocol (IP) networks. These differences need to be understood by all organizations making OT/ICS cyber security policy or recommendations.
Why security teams are losing trust in the term ‘zero trust’ (Protocol) A key framework for how to secure against modern cyberattacks, zero trust has seen surging interest from business leaders — and been prone to misuse by many vendors.
Design and Innovation
A Crypto Alchemist Made Me an Accidental Billionaire (WIRED) Valentin Broeksmit tried to exploit crypto vulnerabilities to squeeze money out of thin air. The catch is, he couldn’t cash out.
TikTok is raising the age requirement for going live and introducing adult-only streams (The Verge) Only users 18 and up will be able to go live on TikTok.
Academia
FHSU creates Cybersecurity Institute and Technology Incubator (Hays Post) As cybersecurity threats continue to grow, Fort Hays State University has launched a program that hopes to help alleviate the damaging nature of online attacks and take advantage of the market opportunity in the growing cybersecurity industry.
IBM Teams With 20 Historically Black Colleges and Universities to Address Cybersecurity Talent Shortage (AccessWire) During the National HBCU Week Conference convened by the U.S. Department of Education and the White House, IBM...
Cyberattacks Hitting School Districts (JD Supra) The recent ransomware attack targeting Los Angeles Unified School District is another frightening reminder school districts are especially vulnerable...
Legislation, Policy, and Regulation
The Not-So Secret Cyber War: 5 Nations Conducting the Most Cyberattacks (ClearanceJobs) The cyber threat vector continues worsen, and hacking is now a domain where a not-so-secret war is being waged.
The UN Cybercrime Treaty Has a Cybersecurity Problem In It (Just Security) Proposals for an international cyber crime treaty could have unintended consequences that undermine the very purpose for its existence.
The proposed EU Cyber Resilience Act: what it is and how it may impact the supply chain (Data Protection Report) On 15 September 2022, the European Commission published its proposal for a new Regulation which sets out cybersecurity related requirements for products
White House cyber director defends 'tough' national cybersecurity strategy ahead of release (CyberScoop) National Cyber Director Chris Inglis defended the need for a "tough" strategy that compels industry to enhance cybersecurity protocols.
China's surveillance ecosystem and the global spread of its tools (Atlantic Council) This paper seeks to offer insights into how China’s domestic surveillance market and cyber capability ecosystem operate, especially given the limited number of systematic studies that have analyzed its industry objectives.
Apple freezes plan to use China's YMTC chips amid political pressure (Nikkei Asia) Company previously planned to put Chinese-made memory in some iPhones
Biden declares economic war on the Chinese semiconductor industry (Noahpinion) Now it's on.
DOJ demands lobbyists for Chinese surveillance firm Hikvision register as foreign agents (Axios) The move comes amid a broader Biden administration crackdown on Chinese companies deemed national security threats.
Litigation, Investigation, and Law Enforcement
International crackdown on West-African financial crime rings (Interpol) The INTERPOL-coordinated operation, yielding more than 70 arrests, confirms the global footprint of Black Axe and similar organized crime groups.
Giant online scamming syndicate 'Black Axe' destroyed in Interpol-led operation (teiss) The INTERPOL has arrested more than 70 suspects associated with the ’Black Axe’ cybercrime syndicate, including two criminals who extorted $1.8 million from victims through online scams.
INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organization (The Hacker News) Interpol has announced the arrest of 75 people as part of a coordinated global operation against an organised cybercrime syndicate called Black Axe.
Operation Jackal: Interpol arrests Black Axe fraud suspects (Register) 75 collars felt, $1.2m seized in bid to cut off crime network’s financial lifeline
When the Black Axe falls: cybercrime suspects detained in global bust (Cybernews) More than 70 suspects have been arrested during an Interpol-led crackdown on Black Axe, a West African outfit believed to be an increasingly big player on the cybercrime scene.
International Police Action Blunts Black Axe Criminal Group - HS Today (Hstoday) Operation Jackal marks the first time INTERPOL has coordinated a global operation specifically against Black Axe, which is rapidly becoming a major security threat worldwide. Operation Jackal marks the first time INTERPOL has coordinated a global operation specifically against Black Axe, which is rapidly becoming a major security threat worldwide.
31 arrested for stealing cars by hacking keyless tech | Europol (Europol) The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized. The...
European gang that sold car hacking tools to thieves arrested (The Record by Recorded Future) Police have arrested 31 members of an organized crime group in Europe that sold technology allowing thieves to hack and steal keyless entry cars.
Californians deserve extra recovery in data breach settlement: Texas judge (Reuters) Maybe the critics are right.
'Relentless': Ex-K&L Gates Partner Found Guilty of Cyberstalking Colleagues (New York Law Journal) Each of the three counts of cyberstalking carries a maximum five-year sentence, though judges rarely impose the top sentence prescribed by statute.