Dateline Moscow ad Kyiv: Kinetic, but not cyber, attacks on Ukraine's infrastructure.
Russia-Ukraine war: List of key events, day 240 (Al Jazeera) As the Russia-Ukraine war enters its 240th day, we take a look at the main developments.
Ukraine war latest: Missiles rain down on key cities as Russian onslaught intensifies
(The Telegraph) Missiles rained down on the cities of Kharkiv and Zaporizhzhia on Friday as Russian forces stepped up their attacks, targeting electric power facilities.
'Atomic bomb' of water would be released by Russian false flag attack on Kherson dam (The Telegraph) Warning Kremlin is preparing ground to blow up facility and decimate villages and towns
‘We have a window’: Ukraine’s forces press their momentum on Kherson’s frontline (the Guardian) As they target a makeshift Russian HQ on the west bank of the Dnieper with drones and missiles, a recon unit of the Ukrainian army believe they are closing in on a prize city
Devastation on Ukraine's eastern front, where the notorious Wagner group is making gains (CNN) The weather in Bakhmut deceives the senses, sunny and warm -- almost peaceful.
Putin introduces martial law in illegally annexed Ukrainian regions (CNBC) President Vladimir Putin on Wednesday introduced martial law in the four regions of Ukraine that Russia illegally annexed last month.
‘It Was Horror’: Ukrainians Share Grim Tales of Russian Occupation (New York Times) With Russian soldiers pushed out of parts of the Kharkiv region, Ukrainian investigators have been overwhelmed with accounts of detentions, torture and missing relatives, as well as collaboration and property theft.
U.S. Sees Opportunity for Ukraine to Capitalize on Russian Weakness (New York Times) The next six weeks, before fall mud spreads, could allow Ukraine’s military to press forward in the Donbas and potentially retake Kherson, American officials said. But Russia may not be deterred.
Russian Air Attacks on Ukraine’s Power System (Wilson Center) In mid-October 2022, in the eighth month of the war, Russian forces conducted the most intensive air attacks against Ukraine, with the energy infrastructure as the key target.
Ukraine improvises with aging air defenses to counter Russian missiles (Washington Post) Dmytro Shumskyi stood in the middle of the field in northern Ukraine with the Stinger air defense missile perched on his shoulder. “It’s coming!” his comrades yelled from behind him. Through the clear-blue sky, a small black streak flew past, followed by a loud whoosh — part of a barrage of missiles earlier this month that Russia said was retaliation for an attack on the Crimean Bridge.
Russian weapons expert caught admitting Kremlin uses Iranian drones (The Telegraph) Ruslan Pukhov didn’t realise he was wired up to a live microphone when making the statement
Iranian drone trainers in Crimea to help Russians, White House says (Defense News) The White House accused Iran of sending its military personnel to Crimea to assist Russian pilots who bombarded Kyiv with Iranian kamikaze drone.
U.S. has viewed wreckage of kamikaze drones Russia used in Ukraine (Washington Post) Such information could prove crucial in helping the United States and its Ukrainian allies better identify and ultimately defeat the unmanned craft
Russian jets fired missile 'in vicinity' of RAF spy plane (The Telegraph) An unarmed RAF RC-135W Rivet Joint was on routine patrol when two Russian armed Su-27 fighter aircraft interacted with it
Bombing to Lose (Foreign Affairs) Airpower cannot salvage Russia’s doomed war in Ukraine.
Has Putin ended his mobilization? Moscow says goals of draft "achieved" (Newsweek) Moscow Mayor Sergey Sobyanin said on Monday that the goals of the partial mobilization "have been achieved in full."
As War Hits the Homefront, Russia’s Defeat Inches Closer (Foreign Policy) Battlefield losses, military corruption, and a disastrous mobilization drive have broken the social contract.
Russia’s antiwar movement goes far beyond street protests (Washington Post) Our research finds evidence of Russian ‘stealth resistance’ to the war in Ukraine — including acts of sabotage, resistance art and other forms of activism
General who led Syrian bombing is new face of Russian war (AP NEWS) The general carrying out President Vladimir Putin's new military strategy in Ukraine has a reputation for brutality — for bombing civilians in Russia's campaign in Syria. He also played a role in the deaths of three protesters in Moscow during the failed coup against Mikhail Gorbachev in 1991 that hastened the demise of the Soviet Union.
Vladimir Putin’s Game of Chicken (Wilson Center) In recent weeks, Russia has been forced to surrender some of the territories it had seized previously. Vladimir Putin cannot undermine Ukrainians' high morale, cause a crisis in the Ukrainian government, or force it to cave. Volodymyr Zelensky and his team are not becoming more accommodating. They are more vehemently demanding that all Russian-occupied regions be freed.
Russian threats revive old nuclear fears in central Europe (AP NEWS) Two stories beneath a modern steel production plant on Warsaw's northern edge lies an untouched Cold War relic: a shelter containing gas masks, stretchers, first aid kits and other items meant to help civil defense leaders survive and guide rescue operations in case of nuclear attack or other disasters.
How to respond if Putin goes nuclear? Here are the economic and political options. (Atlantic Council) Conversations about responding to Russian nuclear use should not end with military options. Here's an economic plan for the West to respond.
Russia Failing to Reach Cyber War Goals, Ukrainian Official Says (Meritalk) After more than eight years of trying, Russia has yet to realize its strategic cyber war-fighting goals in Ukraine, a top Ukrainian government technology official said on Oct. 19 at Mandiant’s Worldwide Information Security Exchange event in Washington.
Putin’s energy war against Europe also targets the US. Here’s how Washington can fight back. (Atlantic Council) Washington can do more to mitigate this crisis by boosting crude oil supply, increasing cleaner gas production, and reforming the way it grants permits for new energy projects.
Ukraine’s true detectives: the investigators closing in on Russian war criminals (the Guardian) The long read: Across the country, fact-finding teams are tirelessly gathering evidence and testimony about Russian atrocities, often within hours of troops retreating. Turning this into convictions will not be easy, or quick, but the task has begun
Ukraine in direct contact with Musk amid Starlink drama (POLITICO) “I know that we will not have a problem” keeping the service going, the country's defense minister says.
EU supports cybersecurity in Ukraine with over €10 million - EU NEIGHBOURS east (EU NEIGHBOURS east) The EU will spend €10 million on strengthening cyber security in Ukraine until February 2023.
Russia Still Using Israeli Tech to Hack Detainees’ Cellphones (Haaretz) Cellebrite announced last year it was halting operations in Russia following use of its tech against anti-Putin activists. Putin’s ‘Investigative Committee’ boasts it's still using the tools
Winning the peace through democratic progress in post-war Ukraine (Atlantic Council) As Ukraine’s army continues to liberate the country from Russian occupation, it is critical that Ukraine’s military success is buttressed by continued democratic progress. Ukraine must not only win the war, but also win the peace.
Nearly a dozen face charges for sending military tech, oil to Russia (Military Times) Nearly a dozen people were arrested and charged in a scheme to send military tech to Russia, some of which was allegedly found on battlefields in Ukraine.
Classical concert captures Ukraine’s defiant response to Russian invasion (Atlantic Council) Ukraine's defiant spirit was on display on October 18 at a Kennedy Center concert organized by the Chopivsky Family Foundation and featuring the New Era Orchestra of Kyiv together with celebrated violinist Joshua Bell.
Attacks, Threats, and Vulnerabilities
TikTok Parent ByteDance Planned To Use TikTok To Monitor The Physical Location Of Specific American Citizens (Forbes) The project, assigned to a Beijing-led team, would have involved accessing location data from some U.S. users’ devices without their knowledge or consent.
TikTok's Chinese parent company reportedly intended to use the app to surveil specific Americans' locations (Business Insider) Forbes reported that a China-based team at ByteDance planned to use TikTok to monitor the locations of specific US citizens.
TikTok parent company ByteDance planned to track Americans' locations through TikTok: report (Fox News) TikTok parent company ByteDance, which is based in China, reportedly planned to track individual U.S. citizens' locations, according to Forbes.
Israel's Sygnia links 2 ransomware groups to larger Chinese threat actor “Emperor Dragonfly” (Israel Defense) In a new report, Sygnia’s Incident Response (IR) team connects Night Sky and Cheerscrypt activity to one unified threat group targeting Windows and VMWare ESXi environments
Exbyte: BlackByte Ransomware Attackers Deploy New Exfiltration Tool (Symantec) Exbyte is the latest tool developed by ransomware attackers to expedite data theft from victims.
OldGremlin hackers use Linux ransomware to attack Russian orgs (BleepingComputer) OldGremlin, one of the few ransomware groups attacking Russian corporate networks, has expanded its toolkit with file-encrypting malware for Linux machines.
OldGremlin, which targets Russia, debuts new Linux ransomware (Computing) It is one of the few ransomware groups in the world that prefer to target Russian organisations, but this may change experts advise
More Russian Organizations Feeling Ransomware Pain (Bank Info Security) More Russian-speaking, ransomware-wielding attackers are gunning for Russian businesses and government agencies, researchers report. The unwritten rule of Russian cybercrime has historically been to never attack inside Russia or neighboring allies.
Israeli cyber intel firm shines bright light on new, shadowy cybercrime collective (Times of Israel) Petah Tikva-based Cyberint dives deep into the unusual set-up and modus operandi of a successful group of cyber-mercenaries
How Vice Society Got Away With a Global Ransomware Spree (WIRED) Vice Society has a superpower that’s allowed it to quietly carry out attacks on schools and hospitals around the world: mediocrity.
A Text Scam Called ‘Pig Butchering’ Cost Her More Than $1.6 Million (Wall Street Journal) Scammers are swindling professionals with friendship to generate fake cryptocurrency investments.
CVE-2022-42889: Text4shell Vulnerability Breakdown (Checkmarx.com) The vulnerability may cause some panic in the wake of Log4shell. Despite it being less used in the wild, and despite requiring specific implementation for exploitation to be viable, it is still an important vulnerability since it is easy to exploit.
Contrast Security Exposes Weak API Security Programs that Leave Enterprises Vulnerable to Cyber Attacks at API World 2022 (Contrast Security) Code security leader addresses key components of a successful API security program to meet modern-day application security demands.
Thousands of publicly exposed API tokens discovered by Xray (JFrog) JFrog's new Xray Secrets Detection uncovered active access tokens in some of the most common open-source software registries, like Docker and PyPl. Get the findings.
Deadbolt Ransomware Extorts Vendors and Customers (OODA Loop) The deadbolt ransomware has launched an ongoing campaign targeting NAS devices from the Taiwanese vendor QNAP such as those deployed in schools, individual home users, and other organizations by leveraging zero-day vulnerabilities as an initial
Microsoft is disputing just how big its customer data leak was (Protocol) While a cybersecurity vendor claimed that the data of more than 65,000 companies was exposed, Microsoft called this characterization "greatly exaggerated."
How bad is it? Researchers and Microsoft wrangle over seriousness of customer data breach (SC Media) Microsoft acknowledged that a misconfigured Microsoft server wound up exposing sensitive data for customers, but accused researchers of “exaggerating” the scope of the impact and further exposing customer data – claims SOCRadar CISO Ensar Seker disputed in an interview with SC Media.
Malicious Office files: 20+ Years of Microsoft Office Exploits (Deep Instinct) Weaponized Office documents pose a large risk to organizations. From embedded active content, such as scripts and HTML code in Word and PowerPoint files to Excel macros, this is an attack vector every organization must pay attention to.
Vietnamese Hackers Reinvent the Ducktail Malware Twice in Three Months (Spiceworks) According to ZScaler, the latest iteration of the Ducktail malware is designed to carry out infostealing attacks like its predecessor but with certain operational differences.
This sneaky kind of cybercrime rules them all (Washington Post) This little-discussed kind of cybercrime accounts for billions in losses — and might still be growing
Medibank data breach continues to worsen (CRN Australia) Medical claims information in hands of attackers.
Australia's Data Breach Debacle Expands (Bank Info Security) Australia's data breach debacle expanded on Thursday. Cyber extortionists who attacked Australian health insurer Medibank provided proof of their hack of medical data. Also, stolen data from Australian wine retailer Vinomofo was put up for sale on a Russian-language forum.
Medibank hack: what do we know about the data breach, and who is at risk? (the Guardian) It is thought someone gained access to the insurer’s systems using fake or compromised credentials to steal customer data, including medical information
Health system data breach due to Meta Pixel hits 3 million patients (BleepingComputer) Advocate Aurora Health (AAH), a 26-hospital healthcare system in the states of Wisconsin and Illinois, is notifying its patients of an unintentional data breach that impacts 3,000,000 individuals.
Health care system says tracking pixel breach may have affected 3 million patients (The Record by Recorded Future) Health care systems are realizing their web design can leak patient information.
Fishing vessel, not sabotage, to blame for Shetland Island submarine cable cut (The Record by Recorded Future) Damage to a submarine cable which cut connectivity Thursday to the remote Shetland Islands north of Scotland is believed to have been accidentally caused by a fishing vessel and not sabotage.
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Updates for Firefox (CISA) Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox ESR 102.4 and Firefox 106 for mitigations and updates.
B. Braun Infusomat Space Large Volume Pump (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: B. Braun Melsungen AG Equipment: Infusomat Space Large Volume Pump Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, and Improper Input Validation 2.
B. Braun Infusomat Space Large Volume Pump (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: B. Braun Melsungen AG Equipment: Infusomat Space Large Volume Pump Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, and Improper Input Validation 2.
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low and high skill level to exploit Vendor: B.
Trends
Losses from Synthetic Fraud to Reach Nearly $5B by 2024 (Socure) If synthetic fraud continues to go unchecked, losses will double from the estimated $2.48 billion this year to nearly $5 billion in 2024, the research shows.
Zerto Research Reveals Organizations Have Incomplete Ransomware Strategies but Intend to do Better (Business Wire) Zerto, a Hewlett Packard Enterprise company, today released findings from its 2022 Ransomware Strategy Survey conducted at VMware Explore US in August
Majority of Board Members Feel Their Organization Is at Risk of a Cyber Attack, but Almost Half Feel They Are Unprepared (CPO Magazine) Cybersecurity firm Proofpoint’s “2022 Board Perspective” finds that while most executive boards are now aware of the risks to their companies from cyber attacks, a worrying amount remain unprepared.
Marketplace
Palo Alto deal to acquire Apiiro falls through (CTech) Negotiations between the cybersecurity giant and the Israeli startup had been ongoing over recent months, but differences regarding Apiiro’s valuation in the deal ultimately proved to be too difficult to overcome
Documents detail plans to gut Twitter’s workforce (Washington Post) Previously unreported details shed new light on Twitter’s motivations for selling the company — and Elon Musk’s plans to transform it
IronNet Launches Cyber Defense Capabilities Into Space (MSSP Alert) IronNet joins the Space Information Sharing and Analysis Center (ISAC) to help keep space travel safe from cyberattacks.
Columbia University CISO and Enterprise IT CRO Joins Inspira Enterprise's Advisory Board (PR Newswire) Inspira Enterprise, Inc. ("Inspira"), a global cybersecurity services organization, today announced that Medha Bhalodkar, chief information...
Gluware Adds Eight Industry Leaders to its Executive Leadership Boards to Define a New Era in Automated Enterprise Networking (PR Newswire) Gluware, the leader in intelligent network automation, today announced the appointment of Michael J. Donahue and John Frazer to the Board of...
Products, Services, and Solutions
Sift Unveils New Platform Upgrades to Improve Efficiency, Data Connectivity, and Decision-making for Fraud Fighters (GlobeNewswire News Room) Latest Enhancements Include Connectors with Checkout.com and Jumio in Sift Connect App Gallery...
Presidio Bolsters Comprehensive Cybersecurity Solutions with Active Response (Presidio) To further address the increasing cybersecurity threat landscape, Presidio, a leading global digital services and solution provider, today announced a new cybersecurity Active Response Solution Set to help clients ready themselves for a ransomware event with Assessments, Preparedness, Active Response, and Recovery.
Protect data in use with OCI Confidential Computing (Oracle) At Oracle, we’re constantly working to help our customers create a more robust security posture for their compute infrastructure.
Inspira and Trellix Enter Strategic Alliance to Provide Integrated Approach to Cybersecurity (PR Newswire) Inspira Enterprise, Inc., a provider of business outcome-based cybersecurity solutions and digital transformation, today announced a strategic...
Bolster Deepens Platform with Dark Web Threat Intelligence and 24/7 Support (PR Newswire) Bolster, Inc., the automated digital risk protection company, today announced the addition of Dark Web Intelligence and 24/7 support. Bolster's...
BlueVoyant Recognized with Microsoft Verified Managed XDR Solution… (BlueVoyant) BlueVoyant has achieved Microsoft verified Managed Extended Detection and Response (MXDR) solution status.
HP Launches Sure Access Enterprise to Protect High Value Data and Systems (HP) HP Inc. (NYSE: HPQ) today announced enhancements to its HP Wolf Security endpoint protection portfolio, with the launch of Sure Access Enterprise (SAE) . SAE protects users with rights to access sensitive data, systems, and applications. It prevents attackers from hi-jacking these privileged sessions – even if the users’ endpoint device is compromised, the access to high value data and systems can remain secure. This stops minor endpoint breaches turning into major security incidents.
Keeper Launches Share Admin To Streamline Sharing Between Privileged Users (Keeper Security Blog) Keeper launches share admin feature to streamline folder and record sharing between privileged users. Learn about Share Admin and what it includes.
Technologies, Techniques, and Standards
CISA Requests for Comment on Microsoft 365 Security Configuration Baselines | CISA (CISA) CISA has issued requests for comment (RFCs) on eight Microsoft 365 security configuration baselines as part of the Secure Cloud Business Application (SCuBA) project to secure federal civilian executive branch agencies’ (FCEB) cloud environments. The baselines: • Build on and integrate previous security configuration baselines developed by the Federal Chief Information Officers Council’s Cyber Innovation Tiger Team (CITT). • Initiate a series of pilot efforts to advance cloud security practices across the FCEB.
Understanding Cloud Data Security and Priorities (CSA) BigID commissioned CSA to develop a survey and report to better understand the industry’s knowledge, attitudes, and opinions regarding data security in the cloud. The survey was conducted online by CSA in July 2022 and received 1663 responses. The goals of this study were to understand the following.
SBOMs are coming for medical devices. Prof. Kevin Fu explains what to expect (ReversingLabs) The medical device sector is under pressure to improve software supply chain security, and software bills of materials (SBOMs) are front and center. ReversingLabs talks with Dr. Kevin Fu of the Archimedes Center at University of Michigan about what to expect.
It’s SBOM time! | Software Bill of Materials for federal government compliant software (Contrast Security) Learn more about OMB requirements for federal agency software and how Contrast Security can help achieve this compliance with SBOMs in real-time.
Design and Innovation
Toshiba, Chicago Quantum Exchange Partner to Activate Quantum Network between University of Chicago, Argonne National Laboratory (Toshiba) Toshiba and the Chicago Quantum Exchange (CQE) announced the launch of a Quantum Key Distribution (QKD) network link between the University of Chicago and U.S. Department of Energy’s Argonne National Laboratory using Toshiba’s multiplexed QKD units.
Academia
Student Insights on Cybersecurity Careers (NIST) Hi, our names are Aubrie, Kyle, and Lindsey!
Chicago high schoolers become first members of U.S. public to use ultra-secure quantum technology in mock voting event (University of Chicago) Kenwood Academy High School students visited the Chicago Quantum Exchange, where they cast unhackable votes over a quantum network—with a special visit from former President Barack Obama.
Legislation, Policy, and Regulation
Building societal resilience to cyber threats focus of annual OSCE conference (OSCE) ŁÓDŹ, 20 October 2022 – Increasing societal resilience to cyber threats through enhanced public awareness and education is the focus of the OSCE’S annual cyber/ICT security conference held on 20 and 21 October in Łódź, Poland. “The organization of the OSCE conference on cyber security is now more important than ever.
US, other countries push for threat intelligence sharing in combating cyber threats (SC Media) Officials from the U.S. and other countries have emphasized the importance of multilateral partnerships and intelligence sharing in combating cybersecurity threats at the Singapore International Cyber Week conference, according to ZDNET.
US Eyes Expanding China Tech Ban to Quantum Computing and AI (Bloomberg) Early discussions follow restrictions on semiconductors. US seeking to stifle China’s military, surveillance capacities.
Statement by NSC Spokesperson Adrienne Watson on the Biden-Harris Administration’s Effort to Secure Household Internet-Enabled Devices - The White House (The White House) Yesterday, the White House convened leaders from the private sector, academic institutions, and the U.S. Government to advance a national cybersecurity labeling program for Internet-of-Things (IoT) devices. The Biden-Harris Administration has made it a priority to strengthen our nation’s cybersecurity, and a key part of that effort is ensuring the devices that have become a…
Antony Blinken’s Silicon Valley visit underscores US cybersecurity concerns (the Guardian) Secretary of state met tech executives to discuss national security even as US public is increasingly skeptical of industry
TSA unveils new railroad cybersecurity directive (The Record by Recorded Future) TSA unveiled new cybersecurity regulations for passenger and freight railroad carriers this week.
CISA to focus on hospital, school, and water cybersecurity over the next year (The Record by Recorded Future) The Cybersecurity and Infrastructure Security Agency over the next year will focus its efforts on improving the digital defenses of three critical infrastructure sectors, the organization's chief said Thursday.
Litigation, Investigation, and Law Enforcement
Cash is king for sanctioned Russian, Venezuelan oligarchs (AP NEWS) It was a deal that brought together oligarchs from some of America's top adversaries. “The key is the cash," the oil broker wrote in a text message, offering a deep discount on Venezuelan crude shipments to an associate who claimed to be fronting for the owner of Russia's biggest aluminum company.
Indian Spy Agency Bought Hardware Matching Equipment Used for Pegasus (OCCRP) Indian officials have dismissed reports that it purchased the Pegasus spyware in 2017 as “sensationalism.” Trade data shows a hardware shipment to its main domestic intelligence agency was made matching specifications in a Pegasus brochure.
Texas AG Accuses Google Of Biometric Privacy Violations (Law360) Google is facing a lawsuit in Texas state court alleging it unlawfully captures the faces and voices of millions of Texans without their informed consent, state Attorney General Ken Paxton announced Thursday.
Amazon faces £900m antitrust lawsuit in UK (Computing) The company is accused of using secretive algorithms to promote its own goods
Customers battle to regain billions in bitcoin the DOJ recovered in its largest seizure of stolen crypto (CNBC) When the feds seized billions in stolen crypto earlier this year, it seemed like great news for victims of a 2016 hack, but they were soon disappointed.