Dateline
Ukraine at D+245: A shaky narrative and poorly coordinated cyber ops. (CyberWire) Russia's war effort continues to struggle, as a new internal security coordinator is appointed. Few, internationally, buy Russia's claims that Ukraine is working on a dirty bomb. And Ukraine characterizes ongoing Russian cyberattacks as opportunistic and largely ineffectual.
Russia-Ukraine war: List of key events, day 246 (Al Jazeera) As the Russia-Ukraine war enters its 246th day, we take a look at the main developments.
Ukraine-Russia war latest: Putin set to give 'very important' annual speech (The Telegraph) President Vladimir Putin is due to give his annual speech shortly in which he is expected to give “extensive report” on world politics.
Estonia’s PM: Russia nearing ‘breaking point’ in war (POLITICO) Russia is reaching its “breaking point,” according to Estonia’s prime minister.
Russia's chaotic draft leaves some out in cold, without gear (ABC News) Since Russian President Vladimir Putin announced a partial troop mobilization for the war in Ukraine, independent media outlets, human rights activists and draftees themselves have painted a bleak picture
Before-and-after satellite imagery will track Ukraine cultural damage, UN says (the Guardian) The project has already found damage at 200 sites and will assess the impact of Russia’s war on architecture, art, historic buildings and other cultural heritage
Putin monitors as Russia conducts nuclear weapons drills (Military Times) Russian President Vladimir Putin monitored drills of the country’s strategic nuclear forces involving practice launches of ballistic and cruise missiles.
Putin oversees exercise for 'massive nuclear strike' (The Telegraph) Kremlin leader looked on via video link as submarines and strategic bombers displayed Moscow’s readiness for conflict
The Moscow-Tehran Axis of Evil (Puck) An illuminating conversation with Jason Rezaian, the Iranian-American journalist and former hostage of the Rouhani regime, about the hijab revolution, the response in Bidenworld, and the deepening alliance between Tehran and the Kremlin.
Iran Is Now at War With Ukraine (Foreign Policy) Tehran has taken its fight against the West to Europe.
Iran and Russia’s ‘Partnership of Convenience’ Expands to Ukraine (World Politics Review) Iran’s sale of drones to Russia complicates its already rocky relationship with the West. For Iran, that’s the point.
Russia is reportedly trying to recruit former Afghan commandos to fight in Ukraine (Task & Purpose) U.S. officials are not saying whether Russia is reaching out to former Afghan commandos and offering them money to fight in Ukraine.
European allies worry U.S. could dial back support for Ukraine (Washington Post) ‘If America starts to blink, other nations might as well,’ said one British member of Parliament
The Power of Stigma (Foreign Affairs) Shaming Russian elites has helped weaken Putin.
Russian Intel Takes Another Hit - This Time in Norway (ClearanceJobs) Russia's neighbor, Norway continues to pushback on intel efforts, neutralizing a Russian illegal operating under a Brazilian identity.
Ukraine: Russian cyber attacks aimless and opportunistic (SearchSecurity) Victor Zhora, Ukraine's head of cybersecurity, shed light on the evolution of Russian cyber attacks during a keynote at the 2022 Blackberry Security Summit.
Russian State Media Amplify Kremlin’s ‘Dirty Bomb’ Accusations About Ukraine (Wall Street Journal) The statements amplify the Kremlin’s accusation that Ukraine plans to detonate a so-called dirty bomb as Moscow tries to rally domestic support for its campaign.
Russian Politician Calls for ‘Desatanization’ of Ukraine (Vice) Russian politicians and media are increasingly telling the story that Ukraine is actually full of Satanic covens.
NotPetya Came From State Actor, Not Vandalism, Jury Hears (Law360) The 2017 NotPetya malware attack that affected Mondelez International and several other businesses operating in Ukraine was not a simple act of cyber vandalism but instead a "destructive operation" likely carried out by Russia, an Illinois jury heard Wednesday.
Russia-Ukraine war advancing threat intelligence (SC Media) National Security Agency Cybersecurity Director Rob Joyce said that the ongoing war between Russia and Ukraine has emphasized the importance of rapid and proactive cyber threat intelligence with critical infrastructure and industry, CyberScoop reports.
A Vision of a Russian Cultural Transformation Comes Full Circle and Shatters (The War Horse) I left Moscow feeling as if we’d accomplished what we set out to do. Hope for a free ‘information architecture’ reigned—for a while, then shattered.
Another casualty of Russia's war: Some Ukrainians no longer trust their neighbors (NPR.org) The war in Ukraine hasn't only destroyed lives and buildings. It's also ripped apart trust in communities that endured Russian occupation. Neighbors now see each other as collaborators with the enemy.
'Putin's goddaughter' flees Russia hours before agents swoop to arrest her (The Telegraph) Ksenia Sobchak had her luxury Moscow mansion searched after YouTube videos criticised war
Attacks, Threats, and Vulnerabilities
Mapping out the election security threats officials are watching (Axios) It's no longer enough to properly secure a ballot box.
Chinese influence group claims by Mandiant played down by TAG head (ITWire) The Google-owned security outfit Mandiant Intelligence claims it has discovered a pro-China actor, which it has named DRAGONBRIDGE, trying to influence voting intentions in the forthcoming US mid-term elections. But Shane Huntley, director of Google's own Threat Analysis Group, has played down t...
China-Linked Internet Trolls Try Fueling Divisions in U.S. Midterms, Researchers Say (Wall Street Journal) Google’s cybersecurity arm says activity shows a new interest in sowing discord in American politics, though the impact has been minimal.
Researchers uncover new pro-China disinformation campaign targeting U.S. voters (Axios) The report adds to evidence that pro-China actors are interested in influencing the November elections.
Sending Trojans via Scanners (Avanan) Scanner notification messages are being used to send malicious Trojans.
Inside TheTruthSpy, the stalkerware network spying on thousands (TechCrunch) Leaked data obtained by TechCrunch reveals the notorious network of Android spyware apps tracked locations and recorded calls of Americans.
Attacking the Software Supply Chain with a Simple Rename (Checkmarx.com) Checkmarx SCS (Supply Chain Security) team found a vulnerability in GitHub that can allow an attacker to take control over a GitHub repository, and potentially infect all applications and other code relying on it with malicious code.
LinkedIn Email Attack: Welcome to your ProPHISHional Community (Armorblox) This blog examines a credential phishing attack, which impersonated the brand LinkedIn. This targeted, socially engineered email attack bypassed Google email security, replicated existing business workflows to exfiltrate user credentials.
Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions (Sysdig) Sysdig TRT uncovered an extensive and sophisticated active cryptomining operation using GitHub, Heroku, Buddy.works, and others. We are going to refer to this as PURPLEURCHIN.
Vulnerability in Atlassian Jira Align allows threat actor to access whatever the SaaS client has in their Jira deployment or simply take the entire thing down (Information Security Newspaper) Vulnerability in Atlassian Jira Align allows threat actor to access whatever the SaaS client has in their Jira deployment or simply take the entire thing down - Vulnerabilities - Information Security Newspaper | Hacking News
Jira Align flaws enabled malicious users to gain super admin privileges (The Daily Swig) Super admins can, among other things, modify Jira connections, reset user accounts, and modify security settings
US Coast Guard Cites Cyber Security Exposures At U.S. Ports (American Journal of Transportation) The U.S. Coast Guard is warning that U.S. ports and marine terminals remain exposed to cyber attacks on a number of different fronts.
Ghostly Greetings: Halloween Spam for Eager Trick or Treaters (Bitdefender) Cybersecurity Awareness Month always ends on a spooky note.
Hive Ransomware Group Leaks Data Stolen in Tata Power Cyber-Attack (Infosecurity Magazine) The leak reportedly affected several of Tata’s 12 million customers and included various PII
Australian pathology data stolen as hacking epidemic widens (CRN Australia) One of Australia's largest pathology providers discloses breach.
Indianapolis Housing Agency responds to massive system-wide ransomware attack (Indianapolis Star) The agency responsible for providing housing to low-income Indianapolis tenants has been battling a cyber-attack that compromised their entire system.
Health lab hacked, Medicare numbers posted on dark web (Australian Financial Review) Australian Clinical Labs says the health records and credit card information of about 223,000 patients and staff were stolen in a cyberattack in February.
Security Patches, Mitigations, and Software Updates
VMware Patches Critical Vulnerability in End-of-Life Product (SecurityWeek) VMware has released patches for a critical remote code execution vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere.
OpenSSL to Patch First Critical Vulnerability Since 2016 (SecurityWeek) On November 1, 2022, OpenSSL will release an update that will patch a critical vulnerability, the first since 2016.
Apple Releases Security Updates for Multiple Products (CISA) Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
Samba Releases Security Updates (CISA) The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba Security Announcements and apply the necessary updates and workarounds. • CVE-2022-3437 • CVE-2022-3592
Malwarebytes crippled by macOS Ventura update (AppleInsider) The new macOS Ventura release has killed the real-time protection feature in Malwarebytes, but the company has a solution.
Trends
Q3 2022 Vulnerability Roundup (Digital Shadows) The curtain has fallen on the third quarter (Q3) of 2022, and it’s time to report the trends and highlights gleaned from Digital Shadows’ vulnerability intelligence. Q3 was characterized by dozens of zero-day vulnerabilities, including the continued exploitation of the high-profile Follina vulnerability (CVE-2022-30190) that debuted in the second quarter of 2022. For more on
SlashNext's State of Phishing Report Reveals More Than 255 Million Attacks in 2022, Signaling a 61% Increase in Phishing Year-Over-Year (PR Newswire) SlashNext, the leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile today released the SlashNext State of...
Uber Verdict Raises New Risks for Ransom Payments (Coveware) The conviction of a high profile security executive who paid to suppress a data leak has created a new dimension of risk for security executives.
Marketplace
DataTribe Insights - Q2 2022: Economic Storm Makes Landfall (DataTribe) In this issue of Insights, we highlight industry trends such as more accessible cyber solutions for SMBs, security for machine learning models, and the continued focus on AppSec. In venture specifically, 2021 marked a record number of deals closed, at record valuations in seed, series A, and series B rounds.
CyberWire and CyberVista are merging to form a 'news-to-knowledge' network (Technical.ly) The new company, known as N2K Networks, will feature both a media arm and a cybersecurity training division to grow talent. Its operations are supported by a $5.4 million Series A.
Arlington cybersecurity firm spun out of Graham Holdings merges with another, raises funding (DCInno) An Arlington cybersecurity training and education platform that spun out of Graham Holdings Co. (NYSE: GHC) years ago is now merging with a Maryland firm to create a cyber media and education brand that's already raised a $5.4 million round of funding.
Cybersecurity Merger: CyberWire, CyberVista Join Forces, Launch "News to Knowledge" Network (MSSP Alert) "News to Knowledge (N2K) Network will offer news, education and workforce training solutions to MSSPs and other organizations.
B2B Podcaster CyberWire Merges With Training Firm To Create N2K Networks. (Insideradio.com) The B2B podcast and audio network CyberWire is merging with the cybersecurity training company CyberVista to form N2K Networks, what it describes as a “news to knowledge” network. As part
SaaS Startup BluSapphire Raises $9.2 Mn To Help Companies Prevent Cyberattacks (Inc42 Media) Cybersecurity startup BluSapphire Cyber Systems has raised $9.2 Mn in a Series A funding round led by Barings Private Equity India
Cylance’s McClure Lands $13M for New AI Venture - Orange County Business Journal (Orange County Business Journal) Orange County cybersecurity pioneer Stuart McClure has launched a new business incubator and accelerator for artificial intelligence
Cybereason Lays Off Another 200 Workers Amid Report of Sale (Gov Info Security) Cybereason has carried out another round of layoffs, axing 200 workers just days after a report that the endpoint security vendor is pursuing a sale. The company
Seagate Technology Layoffs Hit 3,000 Workers, Cybereason Cuts 200 (Channel Futures) Seagate Technology and Cybereason are the latest businesses in the channel to announce layoffs amid continuing economic headwinds.
Concentric AI Data Security Posture Management Solution Honored in Black Unicorn Awards Program for 2022 (Business Wire) Concentric AI, a leading vendor of intelligent AI-based solutions for autonomous data security posture management, today announced that it has earned
Code42 Appoints Key Leadership to Drive the Next Phase of Partner Growth (Business Wire) Code42, Inc., the Insider Risk Management (IRM) leader, today announced that it has unified its channel, advisory and technology partner programs unde
Salt Security Strengthens Executive Leadership Team as Demand for API Security Accelerates (PR Newswire) Salt Security, the leading API security company, today announced additions to the leadership team to support growth in employees and customers...
Federal Technology Leader Dan Smith Joins Executive Leadership Team at LookingGlass Cyber Solutions (PR Newswire) LookingGlass Cyber Solutions, the leader in actionable threat intelligence, today announced the addition of Daniel Smith as the company's...
Cado Security Announces Board Appointments (Business Wire) Cado Security, the cloud investigation and response automation company, today announced the appointment of Chris Corde to its Board of Directors and C
Salt Security Strengthens Executive Leadership Team as Demand for API Security Accelerates (PR Newswire) Salt Security, the leading API security company, today announced additions to the leadership team to support growth in employees and customers...
Products, Services, and Solutions
Launches Cyber Threat Intelligence Service to Strengthen Cyber Defenses (BlackBerry) New service from BlackBerry’s Threat Research and Intelligence Team reduces unknowns to enhance detection and response
Armis Announces APEX Manage Program (Armis) APEX Manage Program empowers MDRs/MSPs to expand beyond the traditional endpoint security services to Managed-XDR.
OTORIO Meets IEC 62443 Cybersecurity Standard for Critical Infrastructure (OTORIO) See what the International Electrotechnical Commission’s (IEC) awarding OTORIO IEC 62443 certification means.
SecurityScorecard Unveils Sophisticated Cyber Intelligence Powering New Solutions to Counter Threat Actors (Business Wire) SecurityScorecard, the global leader in cybersecurity ratings, today announced the launch of two cyber threat intelligence solutions to deliver an unr
Silobreaker unveils new 24/7 Brand Threat Protection and managed takedown service (Silobreaker) Latest update offers organisations protection against digital fraud and brand abuse as part of Silobreaker’s integrated threat intelligence platform Silobreaker, a leading security and threat intelligence firm, today announced a new Brand Threat Protection managed service, capable of safeguarding companies from digital threats and brand reputation risk. From online brand abuse and phishing attacks...
LogRhythm Announces Integration with the Gigamon Hawk Deep Observability Pipeline (LogRhythm) LogRhythm and Gigamon are working together to help organizations around the globe increase visibility and protect against modern cyberattacks.
Orca Security’s FedRAMP Ready Platform Brings Improved Security to U.S. Government Agency and Contractor FedRAMP Cloud Estates (Orca Security) The Orca Cloud Security Platform achieves FedRAMP ready designation.
SPHEREboard 6.3 Introduces Unparalleled Visibility and Discovery with CyberArk Worker (PR Newswire) SPHERE, a woman-owned cybersecurity business focused on providing best-of-breed software for access governance across data, platforms and...
Searchlight Security Launches New Multi-Tenancy Capability for Dark Web Monitoring Solution DarkIQ (Business Wire) Searchlight launches new multi-tenancy capability for DarkIQ so enterprises and MSSPs can manage multiple company profiles on a single account
SyncDog Announces Partnership with 3Eye Technologies to Expand Access to Mobile Endpoint Security Technology (PR Newswire) SyncDog, Inc., the leading Independent Software Vendor (ISV) for next generation mobile security and data loss prevention, today announced a...
OneLayer Opens 5G Security Lab for Network Security Companies to Research Threats to Private Cellular Networks (PR Newswire) OneLayer, a pioneer in securing private LTE/5G networks for enterprises, announced today the launch of one of the world's first 5G private...
Technologies, Techniques, and Standards
Cross-Sector Cybersecurity Performance Goals (CISA) In July 2021, President Biden signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. This memorandum required CISA, in coordination with the National Institute of Standards and Technology (NIST) and the interagency community, to develop baseline cybersecurity performance goals that are consistent across all critical infrastructure sectors.
CISA unveils voluntary cybersecurity performance goals (Federal News Network) The goals are voluntary, but the Biden administration is separately pressing certain critical infrastructure sectors to adopt minimum cyber standards.
Credit-Raters Look More Carefully at How Companies Respond to Cyberattacks (Wall Street Journal) The big rating firms are giving more weight to the fallout of breaches in determining a company’s creditworthiness. S&P has downgraded some organizations months or even a few years after a hack.
Cyber Trends and Credit Risks (S&P Global) Cyberthreats are no longer an emerging risk and as such, need to be an embedded part of an entity’s overall risk management profile, updated as threats evolve.
Directors ‘trying to work out where to play’ on cybersecurity: AICD (Australian Financial Review) Australian Institute of Company Directors boss Mark Rigotti says leaders are trying to determine how much detail about cybercrime they need to grasp.
Legislation, Policy, and Regulation
Cooley Privacy Talks: Key Things to Know About Data Protection Laws in China (cyber/data/privacy insights) This post relates to Cooley’s Privacy Talks series – a webinar program featuring Cooley practitioners discussing practical guidance and best practices around managing data protection-related issues. Sessions range from the European General Data Protection Regulation (GDPR) to the California Consumer
Is Biden’s chip ban a tipping point in US-China relations? (The Hill) Semiconductors are the DNA of the digital economy, enablers of the still unfolding technology revolution.
FACT SHEET: Biden-Harris Administration Expands Public-Private Cybersecurity Partnership to Chemical Sector (The White House) A keystone of the Biden-Harris Administration’s cybersecurity commitment is strengthening the resilience of the United States’ critical infrastructure to safeguard the services Americans rely on every day. Today, the Administration continued to deliver on this commitment by expanding the Industrial Control Systems (ICS) Cybersecurity Initiative to a fourth sector – the chemical sector. The majority…
White House announces 100-day cyber sprint for chemical sector (CyberScoop) The sprint is the latest effort from the White House to improve cybersecurity and monitoring in industrial control systems.
White House announces 100-day sprint on chemical sector cybersecurity (The Record by Recorded Future) The Biden administration on Wednesday launched an effort to protect the country’s chemical sector from cyberattacks, the latest bid to shore up the nation’s critical infrastructure against digital assault.
Administration Expands Public-Private Cybersecurity Partnership to Chemical Sector (HS Today) The Chemical Action Plan will serve as a roadmap to guide the sector’s assessment of their current cybersecurity practices over the next 100 days.
Harden the cybersecurity of US nuclear complex now (Defense News) Buried in both the Senate and House versions of the 2023 National Defense Authorization Act are provisions augmenting the cybersecurity of the NC3.
State and local governments continued to buy Chinese telecom gear despite warnings (Axios) U.S. officials have warned Chinese telecom equipment could make the U.S. vulnerable to economic espionage or digital sabotage.
Litigation, Investigation, and Law Enforcement
Medibank says data of 4 million customers accessed by hacker (CRN Australia) Warns of a $25 million to $35 million hit to first-half earnings.
What You Need to Know About the Medibank Cyber Attack (Insider Guides) If you're navigating the Medibank cyber attack, we're here to help. Here, we explain the details and what to do if you're affected.
Notorious hacker Daniel Kaye arraigned for allegedly running dark web marketplace (The Record by Recorded Future) The Justice Department arraigned a notorious hacker for connections to The Real Deal, a dark web market that sold U.S. government login credentials and hacking tools.