Dateline Moscow and Kyiv: Counteroffensive expected against Kherson.
Ukraine at D+238: Misdirection and lessons learned. (CyberWire) Observers believe Ukraine is ready to move on Kherson, and the commanding general of Russia's invading forces publicly says that the situation in that sector is difficult. DDoS against Bulgarian targets may have been misdirection. NSA looks for lessons in Russia's hybrid war.
Russia-Ukraine war: List of key events, day 239 (Al Jazeera) As the Russia-Ukraine war enters its 239th day, we take a look at the main developments.
Ukraine war latest: Russian jet fired missile 'in vicinity of' RAF spy plane (The Telegraph) A Russian aircraft on Sept.
Thousands evacuate Kherson after general says major battle set to begin (The Telegraph) Losing control of the city to Ukraine would be a major setback for Russian forces and another blow to the Kremlin’s prestige
Ukraine's utilities threatened by Russia in war's new phase (AP NEWS) When a missile struck a power station less than a mile from his apartment on the outskirts of Kyiv, Oleksander Maystrenko didn’t panic, run to a bomb shelter or consider evacuating, even though he lives close to what suddenly has become the Russian military's main target in the war : anything related to Ukraine’s vital infrastructure.
Ukrainians Urged to Ration Electricity as Russian Missiles Target Energy Infrastructure (Wall Street Journal) Moscow’s systematic targeting of the country’s energy infrastructure threatens residents’ ability to survive through the winter.
Ukraine plans power cuts after Russian strikes on plants (the Guardian) Local ‘stabilisation blackouts’ will take place around country at times between 7am and 10pm
Putin’s New Tools of Terror (Puck) Russia, which sees itself as an unjustly deposed military superpower reclaiming its rightful place on the world stage, views Iran as a small regional power that can be used as it sees fit. Ironic, then, that Russia has turned to a junior partner for basic weapons as it runs out of its own.
Don’t Judge Iran’s Drones by How Russia Is Using Them (World Politics Review) Russia’s use of drones from Iran in Ukraine won’t tell us much about their implications for military dynamics in the Middle East.
Russia, Iran defiant amid UN pressure over Ukraine drones (Al Jazeera) Russia and Iran insist UN has no mandate to inspect the ‘kamikaze’ drones, amid accusations they came from Tehran.
Liberation comes slowly in Ukraine's rural suburbs as Russia reinforces front line (The Telegraph) In the freshly recaptured territory around the city of Kherson, locals are left to mourn their destroyed homes
Russia Ramps Up Security Measures at Home and in Ukraine (Wall Street Journal) New orders give local officials enhanced authority to maintain public order in all regions of Russia and claimed areas of Ukraine.
What is martial law, and why did Putin impose it in Ukrainian areas? (Washington Post) Russian President Vladimir Putin declared martial law Wednesday in four Ukrainian territories illegally annexed by Russia last month.
Can Putin’s Center Hold? (Foreign Policy) The elites used to need the Russian president. Now he needs them.
Why Putin’s Nuclear Gambit Is a Huge Mistake (Foreign Policy) The only thing more terrifying than Russian nuclear use is letting fear drive Western strategy.
Russia Shrinks Forces in Syria, a Factor in Israeli Strategy There (New York Times) Moscow withdrew a key air defense system and some troops to bolster its war in Ukraine, officials said, potentially altering Israel’s calculations about striking Syria or arming Ukraine.
Pentagon replacing HIMARS launcher and rocket stocks sent to Ukraine (Defense News) The U.S. military in recent weeks took contracting actions favoring Lockheed Martin worth $179 million.
"As long as it takes": National Security Council spokesman John Kirby vows continued support for Ukraine (CBS News) "We are going to do everything we can ... to make sure that the Ukrainian armed forces have what they need in the field," John Kirby told "CBS Mornings."
Emmanuel Macron postpones meeting with Olaf Scholz amid ‘fury’ over Germany’s energy aid scheme (The Telegraph) Decision to put off traditional government consultations signals growing divide between the EU states over energy and defence
Big Tech Goes to War (Foreign Affairs) To help Ukraine, Washington and Silicon Valley must work together.
A Musk monopoly? For now, Ukraine has few options outside Starlink for battlefield satcoms (Breaking Defense) "I think everyone agrees that if there's a reasonable cost-based argument that paying for use does make sense," industry analyst Tim Farrar said. But "I think Elon has made that more difficult rather than less difficult because you don't normally negotiate your weapons contracts on Twitter."
Pro-Russian Hacktivism and Its Role in the War in Ukraine (Intel471) Immediately before Russia invaded Ukraine in February 2022, pro-Russian actors began to conduct DDoS attacks against key Ukrainian government infrastructure and financial institutions.
Bulgarian cyberattack: Sabotage as a cover for spying? (Deutsche Welle) The Russian hacker group Killnet has attacked various Bulgarian government websites. Some experts believe hackers were looking to steal data from Bulgaria — a member of both the EU and NATO.
Bulgarian websites impacted by Killnet DDoS attack (SC Media) Bulgarian government websites were briefly disrupted following a "large-scale" distributed denial-of-service attack launched by Russian hacktivist group Killnet on Saturday, according to The Record, a news site by cybersecurity firm Recorded Future.
Meet NAFO: The Virtual Army Disarming Russian Disinformation (The National Interest) NAFO has shed light on new methods for countering state-sponsored disinformation, highlighting the importance of assembling and backing online movements seeking to set the message straight in the cyber world.
Lessons From Ukraine: NSA Cyber Chief Lauds Industry Intel (Meritalk) When the National Security Agency (NSA) – whose mission centers on signals intelligence and cybersecurity – tips its cap to the private sector for cyber intelligence, that’s a heady endorsement.
NSA Cybersecurity Director's Six Takeaways From the War in Ukraine (Infosecurity Magazine) Rob Joyce was invited to speak during the Mandiant Worldwide Information Security Exchange (mWISE) event on October 18, 2022
NSA cyber chief says Ukraine war is compelling more intelligence sharing with industry (CyberScoop) Rob Joyce, head of the NSA Cybersecurity Directorate, said "what we know is often not sensitive, it is how we know it."
EU to Impose New Sanctions on Iran for Supplying Drones to Russia (Wall Street Journal) Three top Iranian military officials and an Iranian drone-maker will be sanctioned, as the bloc enacts new measures against Tehran for supporting Russia’s war efforts.
Russians schemed to send U.S. military technology to Russian defense sector, Justice Department says (NBC News) “Some of the same electronic components obtained through the criminal scheme have been found in Russian weapons platforms seized on the battlefield in Ukraine,” prosecutors said.
British-Russian son of Putin ally arrested for flying drone in Norway (The Telegraph) Norway has blamed 'foreign intelligence' for mysterious air activity in recent weeks
Attacks, Threats, and Vulnerabilities
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware | WeLiveSecurity (WeLiveSecurity) APT-C-50’s Domestic Kitten campaign continues, targeting Iranian citizens with a new version of the FurBall malware posing as an Android translation app.
GPS interference caused the FAA to reroute Texas air traffic. Experts stumped (Ars Technica) Episode lasting almost 2 days prompted the closure of a runway at Dallas airport.
FAA Warns Airline Pilots as GPS Signals Disrupted Around Dallas - Bloomberg - RNTF (Resilient Navigation and Timing Foundation) Blog Editor's Note: This incident seems very similar, at the outset, to one that happened near the Denver airport in January. One
Iran's Internet Blackouts Are Part of a Global Menace (WIRED) Repressive regimes are teaching each other how to control protesters' web access with increasingly surgical precision.
China's Winnti Group Seen Targeting Governments in Sri Lanka, Hong Kong (SecurityWeek) Over the past months, Chinese state-sponsored threat group Winnti has been observed targeting governmental entities in Sri Lanka and Hong Kong.
Hackers compromised Hong Kong govt agency network for a year (BleepingComputer) Researchers at Symantec have uncovered cyberattacks attributed to the China-linked espionage actor APT41 (a.k.a. Winnti) that breached government agencies in Hong Kong and remained undetected for a year in some cases.
China's Winnti Group Seen Targeting Governments in Sri Lanka, Hong Kong (SecurityWeek) Over the past months, Chinese state-sponsored threat group Winnti has been observed targeting governmental entities in Sri Lanka and Hong Kong.
China-Linked Cyber-Espionage Team Homes In on Hong Kong Government Orgs (Dark Reading) The Winnti APT was spotted dropping several variants of Spyder Loader and other malware as part of the so-called Operation Cuckoobees.
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA) CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to reference the addition of a new Malware Analysis Report, MAR-10398871.r1.v2.
Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA) Actions for ZCS administrators to take today to mitigate malicious cyber activity: • Patch all systems and prioritize patching known exploited vulnerabilities. • Deploy detection signatures and hunt for indicators of compromise (IOCs). • If ZCS was compromised, remediate malicious activity.
Gremlins’ prey, secrets, and dirty tricks: the ransomware gang OldGremlin set new records (Group-IB) Group-IB, one of the global leaders in cybersecurity, headquartered in Singapore, released a first threat report detailing the operations of a Russian-speaking ransomware group OldGremlin: “OldGremlin Ransomware. Never ever feed them after the Locknight”.
OldGremlin Ransomware: Never ever feed them after the Locknight (Group-IB) The case of OldGremlin illustrates how the ransomware industry has evolved in recent years. In this report, you will find the history of the “gremlins”, descriptions of the tactics and tools they use, and recommendations on how to secure your organization from these threat actors.
Apache Commons Text vulnerability not as serious as Log4Shell, researchers say (Computing) The newly disclosed RCE bug stems from the insecure implementation of Commons Text's variable interpolation feature, but it is hard to exploit
Investigation Regarding Misconfigured Microsoft Storage Location (Microsoft Security Response Center) Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint.
Microsoft provides guidance after bug found affecting Azure inspection tool (The Record by Recorded Future) Microsoft published guidance to address a recently discovered vulnerability affecting a tool used to inspect and manage Azure Service Fabric clusters.
Microsoft data breach exposes customers’ contact info, emails (BleepingComputer) Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet.
Potential Remote Code Execution Vulnerability Discovered in HSQLDB (Code Intelligence) CVSS Base Score: 9.8 | Affected versions: all versions <= 2.7.0. | Update your settings
Cyber Security Works reveals 13 vulnerabilities have become newly associated with Ransomware (Business Wire) Cyber Security Works (CSW) latest Ransomware Index Report reveals that 13 vulnerabilities have become newly associated with Ransomware in 2022 Q2 and
Internet Crime Complaint Center (IC3) | Potential Fraud Schemes Targeting Individuals Seeking Federal Student Loan Forgiveness (FBI) The FBI warns of the potential for fraudulent websites, e-mails, texts, or phone scams aiming to defraud individuals seeking federal student loan forgiveness. Scammers will aim to solicit personally identifiable information, financial information, or payment from potential victims.
Verizon admits prepaid accounts hijacked by SIM swap crooks (Register) Nightmare for those with one-time security codes texted to their phones
Whitworth confirms it was victim of ransomware attack; warns thousands of students, staff of data breach (Spokesman.com) Whitworth said the breach may have affected 5,182 residents of Washington state, though it's unclear how many more out-of-state residents employed or attending the school could be affected.
After telco hack, Australia faces a wave of data breaches (Reuters) A data breach at Australia's second-largest telco may have raised the country's profile as a hacking target, cybersecurity experts said on Thursday, as federal police began investigating a separate breach at the country's top health insurer.
Health insurer's infosec incident diagnosis worsens (Register) Australia's Medibank says it's been shown stolen data that includes details of treatments administered to customers
Does the price of Bitcoin impact ransomware attacks and ransoms? (Comparitech) In 2021, the average monthly bitcoin price was just over $47,000 and the average number of monthly publicly-confirmed ransomware attacks was 106. Switch to 2022 (so far) and the average monthly bitcoin price is $31,000 and the average number of monthly ransomware attacks is just over 51.5. Did the falling price of bitcoin result in […]
Security Patches, Mitigations, and Software Updates
Microsoft Patches Vulnerability Allowing Full Access to Azure Service Fabric Clusters (SecurityWeek) Microsoft has patched a vulnerability tracked as FabriXss and CVE-2022-35829 that can allow an attacker to gain full admin permissions on Azure Service Fabric clusters.
WordPress Security Update 6.0.3 Patches 16 Vulnerabilities (SecurityWeek) The WordPress 6.0.3 security release patches 16 vulnerabilities, including several issues with a high severity rating.
Oracle Releases October 2022 Critical Patch Update (CISA) Oracle has released its Critical Patch Update for October 2022. This update addresses 366 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s October 2022 Critical Patch Update and apply the necessary mitigations.
Trends
Defenders-Advantage-Cyber-Snapshot-Report-Issue-2.pdf (Mandiant) The Defender’s Advantage Cyber Snapshot was developed with one overarching goal: to provide insights into cyber defense topics of growing importance based on Mandiant frontline observations and real-world experiences. This issue covers a wide range of topics, from threat analysis to cyber defense best practices.
Cyber attacks cost small firms €2.3bn in last three years (independent) Smaller Irish firms have lost a collective €2.3bn to cyber attacks over the last three years.
Supply chain attacks increased over 600% this year and companies are falling behind (CSO Online) Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.
Leading Ransomware Variants Q3 2022 (Intel471) This report examines the leading ransomware variants related events for Q3 2022 specifically observed by Intel 471.
Marketplace
Endor Labs Launches with $25M Seed Financing to Tackle Massive Sprawl of Open Source Software (OSS) (Business Wire) Endor Labs launches with $25mm funding and a Dependency Lifecycle Management Platform that’s foundational for supply chain and open source security.
From cloud security to code security: why we've raised $25M to take on OSS dependency sprawl (Endor Labs) From cloud security to code security - The story of Endor Labs.
NetRise Officially Accepted into MITRE CNA Program (Netrise) Establishment as CNA Recognizes NetRise’s Commitment to XIoT Security and Vulnerability Reporting
(ISC)² Research Reveals the Cybersecurity Profession Needs to Grow by 3.4 Million People to Close Global Workforce Gap (PR Newswire) (ISC)² – the world's largest nonprofit association of certified cybersecurity professionals – today highlighted a stark increase in the...
(ISC)2 Cybersecurity Workforce Study 2022 ((ISC)2) A critical need for cybersecurity professionals persists amidst a year of cultural and workplace evolution
DoControl Appoints John Chester as Vice President of Sales (PR Newswire) DoControl, the automated Software as a Service (SaaS) security company, announced today that John Chester, former Vice President of Sales at...
DigiCert Appoints Industry Veteran Amit Sinha as Chief Executive Officer (PR Newswire) DigiCert, Inc., ("DigiCert" or the "Company") a leading global provider of digital trust, has named Amit Sinha as the Company's Chief Executive...
Dug Song leaves Cisco to contemplate next act (and catch up on skateboarding) (Crain's Detroit Business) In an exclusive interview, the Duo Security co-founder said he feels the time has come to move on, but that the team he helped build is "in good hands."
Products, Services, and Solutions
JupiterOne Celebrates Cybersecurity Awareness Month with Pre-Release of New Capability, MySecurity (PR Newswire) JupiterOne, the industry's leading provider of cyber asset attack surface management (CAASM) technology, today announced the pre-release of...
DuckDuckGo for Mac beta now open to the public! (Spread Privacy) Enjoy browsing again with an app that cleans up the web as you use it, thanks to DuckDuckGo's unique privacy protections.
Sophos’ Industry-Leading Managed Detection and Response (MDR) Service Launches Compatibility with Third-Party Cybersecurity Technologies (GlobeNewswire News Room) Now Integrates Telemetry from Third-Party Endpoint, Firewall, Cloud, Identity, Email, and Other Security Solutions with Sophos Adaptive Cybersecurity...
Revelstoke Teams Up with BreachRx – Offering Users Automated Incident Response and Compliance Solutions - Revelstoke SOAR | Security Orchestration Automation & Response (Revelstoke SOAR) Revelstoke has partnered with BreachRx to unify automated incident response and compliance with the Revelstoke next-generation SOAR.
Code42 Incydr Automates File Source Labeling to Elevate Events Involving Sensitive Business Data (Business Wire) Code42, Inc., the Insider Risk Management (IRM) leader, today announced it has enhanced its Incydr Risk Indicators (IRIs) within the Code42® Incydr™ p
GroupSense Delivers New Ransomware Negotiation Training Service (GroupSense) In our latest offering, GroupSense will offer Ransomware Negotiation Training to law firms and legal professionals.
New RSA® Innovation Enhances Mobile Security (Business Wire) RSA Mobile Lock detects critical threats to a mobile device and can restrict the user’s ability to authenticate until the threat is resolved.
Mandiant and SentinelOne Integrate, Enriching XDR with Threat Intelligence (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced an integration with Mandiant to improve threat detection, triage,
Excelpoint and Bkav sign strategic collaboration to develop and commercialise AIoT platform (Edge) Excelpoint Systems and Bkav Hardware Solution (BHS), a member of Vietnam-based Bkav Corporation have announced the signing of a strategic collaboration to develop and commercialise an Artificial Intelligence of Things (AIoT) platform built on Qualcomm chipsets and technology ecosystem.
Technologies, Techniques, and Standards
Strong Asset Management Is a Must for Successful Continuous Monitoring (State Tech) To defend against cyberattacks, state and local governments should survey all IT systems, including those in the cloud.
Transcom completes zero trust implementation across its classified network (CyberScoop) U.S. Transportation Command also released a new strategy to ensure it can remain ready now and in the future.
A software bill of materials (SBOM): What it is — and why it matters for software supply chain security (ReversingLabs) Software bills of materials (SBOMs) have become key to mitigating threats to the software supply chain. Here's what you need to know to put them to work.
Academia
Trinity Professor Receives NSF Grant to Study and Improve Cybersecurity (Trinity College) Associate Professor of Computer Science Ewa Syta will conduct a four-year research project focused on strengthening internet communications safeguards.
Legislation, Policy, and Regulation
China’s Surveillance State Pushes Deeper Into Citizens’ Lives (Wall Street Journal) Xi Jinping has taken government tracking to new levels during the pandemic, testing the faith of Chinese in a government that is no longer delivering supercharged economic growth.
Belgian defence to set up Cyber Command (Euractiv) A Cyber component to Belgian defence should be operational before the end of the legislature in 2024, Defence Minister Ludivine Dedonder announced on Wednesday.
‘One of the most dangerous times’ in cyber nears (Washington Post) The U.S. is entering a high-risk period with China and Russia in the cyber domain
Russia and China may both be eyeing retaliatory cyberattacks against the West (Protocol) The likelihood that the West could see increased cyberattacks from the two countries is growing as a result of developments in Ukraine and the U.S. chip blockade, Dmitri Alperovitch said Wednesday.
US, China, Russia, more meet at Singapore infosec event (Register) Suffice to say things got a little awkward
After the Optus data breach, Australia needs mandatory disclosure laws (CRN Australia) We rarely learn about anything other than the most spectacular and most criminal of security incidents.
National cyber strategy possibly 'months' away, Inglis says (The Record by Recorded Future) The release of the Biden administration's national cybersecurity strategy is still potentially months away, National Cyber Director Chris Inglis said Wednesday.
Biden to Release National Cyber Strategy in Months (Correct) (Bloomberg Law) Work on President Joe Biden’s first national cybersecurity strategy will wrap up as soon as next month, National Cyber Director Chris Inglis said Wednesday. But finalizing the strategy could take up to two or three months.
Privacy Executives Hope Trans-Atlantic Deal Withstands Court Challenges (Wall Street Journal) A new agreement is expected to be in place in early 2023, making it easier to move data about EU citizens to the U.S., though many worry the deal could be short-lived.
Rail Cybersecurity Mitigation Actions and Testing (TSA) The Transportation Security Administration is issuing this directive...
TSA Issues New Cybersecurity Requirements for Passenger and Freight Railroad Carriers (Hstoday) The security directive requires that TSA-specified passenger and freight railroad carriers take action to prevent disruption and degradation to their infrastructure. The security directive requires that TSA-specified passenger and freight railroad carriers take action to prevent disruption and degradation to their infrastructure.
White House rallies industry support for Internet of Things labeling effort (CyberScoop) Executives from consumer electronic companies along with advocates and academics joined officials from the White House and FCC the meeting.
Local governments try to cope with expensive cyber insurance, IT system upgrades, defenses (Daily Sentinel) The increasing frequency and sophistication of cyber attacks is translating into higher insurance costs for New York’s local governments trying to protect their networks from breaches and ransomware.
Litigation, Investigation, and Law Enforcement
Democracies are having a reckoning with mercenary spyware (The Record by Recorded Future) Investigations continue around the world about the use of Pegasus spyware.
Mexico president backs defense ministry's refusal to account for massive data leak (Yahoo) Mexican President Andres Manuel Lopez Obrador has shaken off criticism against the country's defense ministry for refusing to appear before legislators to explain a major cyber hack, resulting in a massive data breach. Lopez Obrador asked the opposition to calm down and have some tea, during a regular news conference on Tuesday, describing the criticism as politically motivated. "It's politics, don't give importance to that, it's not news," Lopez Obrador said when asked about whether General Luis Sandoval, who heads the defense ministry, enjoys privileges.
Brazil arrests suspect believed to be a Lapsus$ gang member (BleepingComputer) Today, the Brazilian Federal Police arrested a Brazilian suspect in the city of Feira de Santana, Bahia, believed to be part of the Lapsus$ extortion gang.
Brazilian police announce arrest of alleged Lapsus$ member (The Record by Recorded Future) Federal Police in Brazil said they arrested an alleged member of the notorious Lapsus$ hacking group on Wednesday.
Medibank cyber attack and ransom demand referred to police (ABC) Cyber Security Minister Clare O'Neil says a ransomware attack on Medibank and the alleged removal of customer data has been referred to the Australian Federal Police for investigation.
Medibank begins negotiations with hackers who claim to have stolen data in last week’s cyber attack (IT PRO) The company had originally said that no customer data had been taken
Medibank admits personal data stolen in cyber attack (MSN) The private health insurance company admits that the personal data of some of its customers — including names, addresses, Medicare numbers and phone numbers — has been stolen in a cyber attack.
What we know about the Medibank cyber attack and what to do if you're a customer (ABC) Medibank, which has more than 3.7 million customers, says a hacker claims to have stolen 200GB of data and given 100 policies as proof. Here's what we know.
How the FBI Stumbled in the War on Cybercrime (ProPublica) In this excerpt from “The Ransomware Hunting Team: A Band of Misfits’ Improbable Crusade to Save the World From Cybercrime,” the authors reveal how unprepared the nation’s top federal law enforcement agency was to combat online crime.