Dateline Moscow, Kyiv, Berlin, Brussels, Paris, London, Washington: Fear of a provocation.
Ukraine at D+243: Dirty bomb disinfo. (CyberWire) Russia braces for Ukraine's counteroffensive in Kherson and the Donbas. Bellingcat describes the Russian targeting cell responsible for the recent long-range strike campaign. CERT-UA warns of phishing emails from the Cuba ransomware group. And SpaceX says it will continue to deliver Starlink connectivity to Ukraine.
Russia-Ukraine war: List of key events, day 244 (Al Jazeera) As the Russia-Ukraine war enters its 244th day, we take a look at the main developments.
Expert: Russia wants a breather to prepare for major offensive (ERR) Russia is looking for a breather in its war in Ukraine and is trying to pressure the West into stopping Ukraine arms aid so it could mobilize for a major offensive, security analyst Rainer Saks said on the "Välisilm" foreign policy program.
The Remote Control Killers Behind Russia’s Cruise Missile Strikes on Ukraine (bellingcat) Bellingcat has identified a secretive group of Russian military engineers involved in missile strikes on Ukraine.
Investigation reveals ‘remote control killers’ behind Russia’s missile strikes (The Hill) As Russia ramps up its airstrikes against Ukraine, a new investigation has revealed that “remote control killers” allegedly programmed Moscow’s missile attacks. Russia has been hitting Ukraine wi…
Russian Troops Not Fleeing Kherson, But Preparing For Defense - Defense Intelligence (Ukrainian News) The Russian occupiers only create the illusion that they are leaving Kherson, but in fact they are moving new military units there and preparing for defense.
Russia is planning major battle in Kherson despite creating ‘illusion of withdrawal’ (The Telegraph) Ukraine’s military spy chief has said that invading forces are intent on drawing the local army into urban combat in the city
Ukraine war latest: Kherson's pro-Russian occupiers launch militia to defend city (The Telegraph) Moscow forces have issued a call to arms amid a looming Ukrainian counteroffensive to recapture Kherson city.
Ukraine war latest: US warns of consequences if Russia deploys 'dirty bomb'
(The Telegraph) The US warned of severe consequences if Russia used a nuclear weapon in Ukraine as Moscow prepares to take its claim to the UN that Kyiv is planning a 'dirty bomb' attack.
'Dirty Bomb' Allegations Spark Fears About Putin's Plans (Time) Western government say Moscow could be attempting to create pretext for its own attacks
Officials: US Nuclear Posture Unchanged Despite Russian 'Dirty Bomb' Claims (Air & Space Forces Magazine) The U.S expressed concern over Russia's allegations that Ukraine plans to use a dirty radioactive bomb but had no reason to change its nuclear posture.
Here's what a 'dirty bomb' is and how it fits into Russia's invasion of Ukraine (Task & Purpose) Russia is accusing Ukraine of planning to detonate a “dirty bomb.” Here's what that means and why it matters.
What is a dirty bomb? The tool of terror that may be the next trick up Putin's sleeve (The Telegraph) Russia says Ukraine is on the brink of deploying such a weapon, a claim roundly rejected by Western governments
NATO Allies Warn Russia Against ‘Dirty Bomb’ Plot in Ukraine (Wall Street Journal) Western officials are trying to decipher Moscow’s motives after Russia alleged that Kyiv is preparing to deploy a ‘dirty bomb’ in Ukraine.
DOD Official Says Ukraine Not Preparing to Use Dirty Bomb (U.S. Department of Defense) The Defense Department remains focused on continuing to work with the international community to provide Ukraine with the security assistance and support it needs to defend itself, a senior DOD
Ukraine Latest: Russia Presses Warning of ‘Dirty Bomb’ by Kyiv (Bloomberg) Russian Defense Minister Sergei Shoigu called his counterparts in the UK, France and Turkey warning of a drift toward “uncontrolled escalation” in Ukraine and the potential for Kyiv to detonate a radioactive “dirty bomb.” The US called the allegation “transparently false” as Shoigu and US Secretary of Defense Lloyd Austin spoke for the second time in three days. Austin’s office “rejected any pretext for Russian escalation.”
Top U.S., Russian generals hold first talks since May-official (Reuters) The top U.S. and Russian generals held talks by phone on Monday for the first time since May, a U.S. official told Reuters, speaking on condition of anonymity.
The Putin confidant touted as the next Russian president (The Telegraph) The man once dubbed the 'Kinder Surprise' prime minister is a fierce loyalist who could be rewarded with the top job
When would a cyberattack trigger a NATO response? It’s a mystery (The Hill) Cyberattacks are increasingly a key part of modern warfare, but NATO’s treaty that says an attack on one nation represents an attack on all has not covered these aggressive actions. Several NATO me…
Cuba ransomware affiliate targets Ukrainian govt agencies (BleepingComputer) The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert about potential Cuba Ransomware attacks against critical networks in the country.
Elon Musk says SpaceX won't turn off Starlink satellite regardless of Defense Department funding (CNN) Elon Musk said Sunday that SpaceX's satellite internet service Starlink, which provides crucial telecommunication services in Ukraine, would not be shut off regardless of whether the company receives funding from the US Defense Department.
What Iran stands to gain from helping Russia in Ukraine (Breaking Defense) From Syria to a new strategic balance, Israeli experts describe concerns over Tehran's new value to Moscow.
Ukraine needs foreign aid to build a future apart from Russia, says Kyiv mayor (the Guardian) Vitali Klitschko hopes to follow Poland and Hungary on path to greater prosperity and European integration
German president visits Kyiv as West mulls rebuilding plan (AP NEWS) Germany’s president arrived in Kyiv on Tuesday for his first visit to Ukraine since the start of Russia’s invasion, as Western countries mulled a massive plan for Ukrainian rebuilding when the war eventually ends.
Attacks, Threats, and Vulnerabilities
Treasure trove. Alive and well point-of-sale malware (Group-IB) Analysis of months-long MajikPOS and Treasure Hunter campaign that infected dozens of terminals
The Logging Dead: Two Event Log Vulnerabilities Haunting Windows (Varonis) You don't have to use Internet Explorer for its legacy to have left you vulnerable to LogCrusher and OverLog, a pair of Windows vulnerabilities discovered by the Varonis Threat Labs team.
Malicious packages: security threats in your software supply chain (JFrog) Malicious packages are prevalent today in PyPI and npm package repositories. Learn how to detect and defend against software supply chain attacks in your SDLC.
Novel PURPLEURCHIN attack uses multiple clouds for cryptojacking (Computing) 'This is nothing we have seen before' say security researchers at Sysdig
She clicked sign-in with Google. Strangers got access to all her files. (Washington Post) Should you log in with Facebook or Google on other sites or apps? Short answer: No.
Medibank hack started with theft of company credentials, investigation suggests (the Guardian) View forming within Medibank that details were then sold on a Russian-language cybercrime forum
Australia's No. 1 health insurer warns more patient data stolen in hack (CRN Australia) Medibank Private Ltd reveals policy records of a further 1,000 customers had been stolen.
Medibank CEO apologises, should his cyber security providers also fess up? (Insurance Business) What can insurers learn from this cyber incident?
Pendragon car dealer refuses $60 million LockBit ransomware demand (BleepingComputer) Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them.
CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
Vulnerability Summary for the Week of October 17, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Ransomware group claims attack on Wisconsin school district (The Record by Recorded Future) A ransomware group took credit for a cyberattack on a school district in Wisconsin serving nearly 20,000 students.
WhatsApp says service back after outage disrupts messages (AP NEWS) WhatsApp said service on the popular chat app has been restored following a brief outage Tuesday that left people around the world complaining that they couldn't send or receive messages.
Trends
These 9 industries see the highest ransomware demands (PropertyCasualty360) Review how much forensic services cost in the aftermath of a ransomware attack, according to cyber insurance claims data.
The State of Ransomware Readiness 2022: Reducing the Personal and Business Cost (Mimecast) Ransomware has become one of the primary threats to organizations of all types over the past few years. It has become so widespread and costly that many insurance companies are even
reconsidering payouts and excluding some forms of ransomware attacks from their coverage – making the need to prevent attacks in the first place all the more pressing.
2022 Modern Communications Compliance and Security Report (Theta Lake) Theta Lake’s fourth annual global survey shows that both the adoption of productivity-boosting modern communications, and the associated risks and regulatory scrutiny over their usage, show no signs of slowing.
U.S. Employees Feel Little Concern for Data Theft at Work, New Research Reveals (PR Newswire) Terranova Security, a global leader in security awareness training, is today launching a report that showcases the level of cyber security...
Half of staff might quit after a cyber attack, report says (ComputerWeekly.com) New findings from a survey of CISOs, IT leaders and staffers reveals how experiencing a cyber incident may take a larger-than-thought toll on employee retention
Marketplace
Revert Inc. Launches New Company, Verity ES, to Deliver Intelligent Data Eradication Software and Support That Maximize the Value, Security and Ease of End-of-Life Asset Disposition (Business Wire) Verity ES delivers data eradication software and support to meet governance, legal and compliance mandates and ESG objectives, saving time and money.
Cyber unicorn Snyk to sack 198 employees, 14% of workforce (ctech) The Israeli-founded company raised $530 million at an $8.5 billion valuation last year
Snyk Lays Off 198 Staffers Including Cloud Defense Leader (Gov Info Security) Snyk has made another round of layoffs, axing 14% of its workforce including former cloud security leader Aner Mazur and top legal officer Karyn Smith. The company
Cybereason explores sale after scrapped IPO, layoffs: report (CRN Australia) Less than a year after exploring plans to go public, according to The Information.
Analyst: Cybereason Good Acquisition Target As It Reportedly Drops IPO (Channel Futures) Cybereason reportedly has ditched its IPO plans and instead is looking for a buyer, and one analyst says its a good acquisition target.
Why Cybereason Went From IPO Candidate to Seeking a Buyer (Gov Info Security) Cybereason has abandoned its IPO plans altogether and hired JPMorgan Chase to find a buyer, The Information reported Friday. Why is Cybereason no longer poised to make it to the IPO Promised Land? An unfavorable competitive environment and a muddled go-to-market strategy provide some clues.
Arctic Wolf expands security ops sales to ANZ (CRN Australia) Has 1,100 solution providers worldwide.
ESET's Brent McCarty Named Executive of the Year by San Diego Business Journal and Cyber Center of Excellence (Yahoo) ESET, a global leader in digital security, today announced that Brent McCarty, president of ESET North America, has been named Executive of the Year for the San Diego Business Journal and Cyber Center of Excellence's Cybersecurity Stewardship Awards. Now in its second year, the awards recognize a local leader, as well as public, private and nonprofit organizations, driving innovation, workforce development, and community resiliency in San Diego.
Fortress Names Cybersecurity Industry Leader as Chief Revenue Officer (PR Newswire) Nick Nilan has been named Chief Revenue Officer (CRO) of Fortress Information Security, America's leading supply chain cybersecurity provider...
Products, Services, and Solutions
Jumio Helps Businesses Stay Ahead of Fast-evolving Threat Landscape with Dramatically Enhanced KYX Platform (Business Wire) Jumio Helps Businesses Stay Ahead of Fast-evolving Threat Landscape with Dramatically Enhanced KYX Platform
SecurityScorecard Unveils Sophisticated Cyber Intelligence Powering New Solutions to Counter Threat Actors (Business Wire) SecurityScorecard, the global leader in cybersecurity ratings, today announced the launch of two cyber threat intelligence solutions to deliver an unr
StorageMAP Combats Top Unstructured Data Growth Challenges, New ESG Technical Validation Report Finds (Datadobi) Datadobi’s announced a new technical validation report from Enterprise Strategy Group Global, that validates the capabilities of StorageMAP.
CybSafe launches SebDB 2.0 to help organizations measure and change security behaviors (CybSafe) CybSafe launches SebDB 2.0 to help organizations measure and change security behaviors. Read more...
Prevent potential problems quickly and efficiently with Davis exploratory analysis (Dynatrace news) Dynatrace saves time for site reliability engineers (SREs) by bringing the full power of Davis® AI to exploratory and proactive analyses.
Introducing Identity and Endpoint Protection with Microsoft Zero Trust (Dell Technologies) Dell announces a new suite of services to protect Microsoft ecosystems leveraging Zero Trust principles.
Saxo Bank Partners with Baffle To Customize a Data Encryption Solution Globally (GlobeNewswire News Room) Cloud Data Mesh Secures Multi-Tenant Data Hub...
Trustwave Launches Enhanced Co-Managed SOC Capabilities to Maximize Value from SIEM Investments (Business Wire) Trustwave adds enhanced Co-Managed SOC capabilities to maximize the threat detection and response value of SIEMs and reduce alert noise by up to 90%.
NATO clears BlackBerry SecuSUITE for global NATO secure communications (BlackBerry) BlackBerry Limited (NYSE: BB; TSX: BB) announced today that the NATO Communications and Information Agency (NCI Agency) has awarded security accreditation to BlackBerry’s SecuSUITE® for Government for global use in official NATO secure communications.
Intel Foundry Services Forms Alliance to Enable National Security, Government Applications (Business Wire) IFS USMAG Alliance combines a trusted design ecosystem with U.S.-based manufacturing to enable assured chip design and production at leading nodes.
Technologies, Techniques, and Standards
What the industry wants to improve on NIST Cybersecurity Framework 2.0 (Tripwire) NIST has released an RFI to garner suggestions for enhancing the Framework's efficacy and its compatibility with other cybersecurity resources.
A Little Calm Goes a Long Way After a Cyber Attack (FTI Consulting) FTI Cybersecurity expert Tracy Wilkison preaches patience and preparation to mitigate potential compliance issues before rushing to get back online.
Cybersecurity Awareness Month 2022: Recognizing & Reporting Phishing (NIST) This blog will officially wrap up our 2022 Cybersecurity Awareness Month blog series — today we have a special interview from Marian Merritt, deputy director
How Is the Air Force Doing at Cyber? (Defense One) To answer the question, a new task force is working to map the service’s networks.
Design and Innovation
How self-healing endpoints are a solution to identities under siege (VentureBeat) Cyberattackers breach endpoints to gain access to human and machine identities for admin rights to create new accounts and logins.
Legislation, Policy, and Regulation
Clampdown on chip exports is the most consequential US move against China yet (The Conversation) Historians will pinpoint Biden’s decision on 7 October 2022 as the moment at which US and Chinese technology decoupling became inevitable.
Australian cyber governance principles published (CRN Australia) Australian Institute of Company Directors touts “practical framework”.
A Global Wake Up Call: Critical Infrastructure Security Fund Roll-Out Announced (BlackFog) The Department of Homeland Security announced that it would begin distributing funds for critical infrastructure security as part of the new law.
Litigation, Investigation, and Law Enforcement
Two Arrested and 13 Charged in Three Separate Cases for Alleged Participation in Malign Schemes in the United States on Behalf of the Government of the People’s Republic of China (US Department of Justice) In three separate cases in the U.S. Attorneys’ Offices for the Eastern District of New York and the District of New Jersey, the Justice Department has charged 13 individuals, including members of the People’s Republic of China (PRC) security and intelligence apparatus and their agents, for alleged efforts to unlawfully exert influence in the United States for the benefit of the government of the PRC.
U.S. Justice Department Fires Warning Shot at Chinese Spies (Foreign Policy) The United States announced a slew of indictments of Chinese espionage.
Chinese spies charged with trying to thwart Huawei investigation (Quartz) The spies paid $61,000 in bitcoin to an agent working for the US government
DOJ Charges 13 Over Chinese Interference In US Affairs (Law360) U.S. Department of Justice officials announced Monday that it had indicted 13 people allegedly working on behalf of the Chinese government in the U.S., including two accused of trying to impede the ongoing criminal prosecution of a Chinese telecommunications company, likely Huawei.
U.S. Says Chinese Tried to Obstruct Huawei Prosecution (Wall Street Journal) The failed scheme included an effort by two alleged Chinese intelligence officers to bribe a U.S. law-enforcement official who acted as a double agent, U.S. officials say.
U.S. charges Chinese nationals with schemes to steal info, punish critics and recruit spies (CBS News) The Justice Department unsealed charges in three separate cases charging more than a dozen defendants, including 10 Chinese officials.
FTC brings action against CEO of alcohol delivery company over data breach (Washington Post) The agency’s rare decision to single out Drizly chief executive James Cory Rellas signals a new approach to data security abuses
British company Interserve fined £4.4 million over ransomware attack (The Record by Recorded Future) A British construction company has been fined £4.4 million (about $5 million) by the U.K.’s data protection regulator after a ransomware group accessed sensitive data on 113,000 employees.
Hot on the Trail of a Mass-School-Shooting Hoaxer (WIRED) For months, an anonymous caller has terrorized communities around the US by reporting false shooting threats. We know how they did it. The question is, why?
Cyber officials may have to testify about alleged social media collusion (Washington Post) A Louisiana judge orders some cyber feds to be dragged in to testify