Dateline
Ukraine at D+250: Russia continues to strike civilian targets. (CyberWire) Russia completes its partial mobilization, cyberspace remains contested, and Russian disinformation takes on Black Sea grain shipments and the Nord Stream sabotage.
Russia-Ukraine war: List of key events, day 251 (Al Jazeera) As the Russia-Ukraine war enters its 251st day, we take a look at the main developments.
Russia Launches Barrage of Strikes Across Ukraine, Targeting Infrastructure (Wall Street Journal) The attacks in Kyiv and across Ukraine knocked out electricity and water supplies in parts of the country, as the Kremlin intensified its attacks on civilian infrastructure.
Russian attacks leave Ukraine hospitals without water, forcing surgeons to work with dirty tools (The Telegraph) Seriously ill patients unable to get hospital treatment as aerial bombardment targets energy supplies
Ukrainians grapple with power outages as winter approaches (AP NEWS) The decorative candles Yaroslav Vedmid bought more than a year ago were never meant to be lit, but the dried wax that now clings to them attests to how they've been used almost nightly — a consequence of power cuts across Ukraine.
Kyiv shot down 44 Russian cruise missiles during 'massive' strike (The Telegraph) Ukraine shot down 44 of the more than 50 Russian cruise missiles launched at the country today, officials have said.
U.N. says no ships in grain corridor when Russia says it was attacked (Reuters) The United Nations on Monday said no ships involved in a U.N.-brokered Ukraine grain export deal were transiting a Black Sea maritime humanitarian corridor on the night of Oct. 29, when Russia says its vessels in Crimea were attacked.
Database of 278 videos exposes the horrors of war in Ukraine (Washington Post) On Feb. 24, as Russian forces rolled into Ukraine and missiles began to strike Kyiv, civilians picked up their phones and pressed record. For eight months, they have documented the war, allowing the world to witness the conflict in Ukraine through the eyes of its people.
Hanging washing over the rubble: life in Mykolaiv as Russian bombs rain down (the Guardian) Residents forced to adjust to terrifying new normal in southern Ukrainian port city, with near-daily strikes
Ukraine war latest: Russia considering ‘further steps’ against Britain over Nord Stream ‘terror attack’
(The Telegraph) Russia is considering what "further steps" to take against Britain after alleging that the UK was responsible for an attack on the Nord Stream undersea gas pipelines.
Russia completes partial mobilisation of citizens for Ukraine war (Al Jazeera) President Putin announced Russia’s first enlistment since WWII in September but the process was chaotic.
US sending satellite antennas to Ukraine after Musk’s Starlink U-turn (C4ISRNet) Elon Musk at one point announced that SpaceX could no longer afford to provide Starlink service to Ukraine, but later reversed course.
Ukraine War: UK reveals £6m package for cyber defence (BBC News) Details have not been made public until now to protect operational security, officials say.
Votes in Slovakia's parliament suspended after alleged ‘cybersecurity incident’ (The Record by Recorded Future) The latest session of parliament in Slovakia was cut short this week after a cybersecurity incident allegedly crippled the body’s IT systems.
Ukraine’s Military Medicine Is a Critical Advantage (Foreign Policy) Russia’s outdated training and equipment are costing soldiers their lives.
US military conducting onsite weapons inspections in Ukraine (Military Times) The effort is part of a broader U.S. campaign announced last week by the State Department.
Appoint a Watchdog for Ukraine Aid (Bloomberg) More transparency over how billions are being spent would protect US taxpayers and sustain political support for the war.
Joe Biden ‘lost temper at Volodymyr Zelensky over ingratitude for US aid’ (The Telegraph) American president reportedly frustrated that his counterpart kept focussing on what was not being done
U.S. Aid to Ukraine Will Survive a GOP Congress (World Politics Review) For a number of reasons, concerns that a Republican majority in Congress will undermine US support to Ukraine are unfounded.
Attacks, Threats, and Vulnerabilities
Hacking group abuses antivirus software to launch LODEINFO malware (BleepingComputer) The Chinese Cicada hacking group, tracked as APT10, was observed abusing security software to install a new version of the LODEINFO malware against Japanese organizations.
China Working To Undermine Midterm Elections, Cybersecurity Group Says (Washington Free Beacon) Communist China is behind a massive online disinformation campaign aimed at undermining the upcoming U.S. midterm elections, according to findings by a cybersecurity group.
Cranefly: Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign (Symantec) Group uses novel method of reading commands from legitimate IIS logs.
Cranefly threat group uses innocent-looking info-stealer (Register) Cranefly group unleashes nasty little technique using Microsoft Internet Information Services (IIS) logs
Cranefly hackers using Microsoft IIS logs to deliver malware (Computing) The aim appears to be intelligence gathering, rather than ransomware or data theft.
CosMiss: Azure Cosmos DB Notebook Remote Code Execution Vulnerability (Complete Cloud Security in Minutes - Orca Security) The Orca Research Pod has discovered CosMiss, a vulnerability in Microsoft Azure Cosmos DB where authentication checks were missing from Cosmos DB Notebooks.
Effectively Preparing for the OpenSSL 3.x Vulnerability (Akamai) On October 25th, the OpenSSL project team announced a security fix for a critical vulnerability in OpenSSL version 3.x. The patch is scheduled to be released tomorrow, on November 1, 2022 between 13:00-17:00 UTC.
How The OpenSSL 3 Vulnerability Will Really Affect Your Environment (Nucleus Security) What you need to know about OpenSSL's update Version 3.0.7, which addresses a “critical” security issue in OpenSSL versions 3.0 to 3.0.6.
New Critical Flaw in OpenSSL: How to Know if You're at Risk (Rezilion) Know if you're at risk for the new critical OpenSSL flaw. Access free tools to detect vulnerable & exploitable instances in your environment
Experts warn of critical security vulnerability discovered in OpenSSL (Application Security Blog) Understand what steps your organization needs to take now to prepare for the upcoming patch to address OpenSSL’s critical security vulnerability on Nov 1.
Who's Afraid of Digital Ghosts? Synthetic Fraud and the Identity Crisis (Forcepoint) The world is becoming increasingly more digital, and the metaverse is perhaps the most visible example of this digitization. But is an online identity crisis beginning to emerge?
Critical Vulnerability Disclosure: ConnectWise/R1Soft Server Backup Manager Remote Code Execution & Supply Chain Risks (Huntress) Huntress has validated an initial report for an authentication bypass and sensitive file leak present in the Java framework “ZK”, used within the ConnectWise R1Soft software Server Backup Manager SE.
Hackers selling access to 576 corporate networks for $4 million (BleepingComputer) A new report shows that hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fueling attacks on the enterprise.
Australia's Department of Defence becomes latest victim of regional ransomware attacks (IT PRO) Military information was not stolen in the breach, which may affect the records of 40,000 defence personnel
Zscaler's Cloud-Based Cybersecurity Outages Showcase Redundancy Problem (Dark Reading) While fewer cloud providers are suffering outages, customers should prepare for the uncommon event, especially when relying on cloud services for security.
BT outage cuts off smart devices (Computing) The issue affected Amazon Alexa speakers, Ring doorbells and other devices.
Titania | New Report Reveals U.S. Federal Government Exposed to Significant Cybersecurity Risks Due to Exploitable Network Misconfigurations (RealWire) Research shows an average of 51 network device misconfigurations were discovered in the last two years with 4% deemed to be critical vulnerabilities that could take down the network
World’s second largest copper producer recovering from cyberattack (The Record by Recorded Future) The second largest copper producer in the world said it is recovering from a cyberattack that forced it to shut off several IT systems.
Aurubis plant in Buffalo lays off employees following cyber attack (WGZR) Aurubis says this was part of a larger attack affecting the metals and mining industry.
4 Phishing Schemes to Watch Out For During 2022 Holiday Travel (PCMag UK) Those who have spent the past couple of holiday seasons away from loved ones are excited to return to travel. But with the influx in travel plans comes a spike in travel-related schemes and scams.
CISA Has Added One Known Exploited Vulnerability to Catalog (CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
Vulnerability Summary for the Week of October 24, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
You Need to Update Chrome, Windows, and Zoom Right Now (WIRED) Plus: Important patches from Apple, VMWare, Cisco, Zimbra, SAP, and Oracle.
Chrome issues urgent zero-day fix – update now! (Naked Security) We’ve said it before/And we’ll say it again/It’s not *if* you should patch/It’s a matter of *when*. (Hint: now!)
Trends
DNS Threat Report — Q3 2022 (Akamai) Akamai researchers observed that 14% of all protected devices communicated with a malicious destination at least once in Q3 2022.
LastPass Research Finds False Sense of Cybersecurity Running Rampant (Business Wire) LastPass today released findings from its fifth annual Psychology of Password findings, which revealed even with cybersecurity education on the rise,
Download The Free 2022 Duo Trusted Access Report (Duo Security) Protecting the individual through to the enterprise has taken on a greater sense of urgency. Learn how companies responded to complex global challenges — or missed the mark — and more!
New report reveals the form of cyber attack on the rise (Insurance Business) Research highlights up-to-the-moment data on cyber claims
Ransomware Victims and Network Access Sales in Q3 2022 (KELA) The most prolific ransomware and data leak actors in Q3 were LockBit, Black Basta, Hive, Alphv (aka BlackCat) and BianLian, with the last one being a relatively new ransomware gang.
Bitdefender Threat Debrief (Bitdefender) For the month of October, we focus on MDR and threat modeling along with the top ransomware offenders and countries impacted.
APAC Cyber Threat Landscape 2022 | Kroll Cyber Risk (Kroll) Information security executives in APAC identified how many cyber incidents they suffered, key causes, and their pressing concerns. Read more.
Deloitte says more AI being deployed, but is it working? (Register) Businesses that achieve full-scale deployment don't always get the outcomes they hoped for, says Deloitte
Nearly a Third of Cybersecurity Leaders Considering Quitting (BlackFog) Research commissioned by BlackFog shows that work life balance is most disliked part of the job for cybersecurity leaders.
CISA Kicks Off Infrastructure Security Month (CISA) WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) kicks off Infrastructure Security Month today. Throughout the month, the agency will use the theme “Build It In” to remind people of the importance of considering infrastructure security and resilience from design concept all the way through development and implementation.
Marketplace
The Mirage of Mandiant: Post-Acquisition Follow-Up (Security Boulevard) Revisiting the strategic implications of Google Cloud and Mandiant following the Google Cloud Next conference.
Musk appoints himself CEO of Twitter as employees brace for mass layoffs (the Guardian) Reports that Musk will let go of 25% of its workforce, or nearly 2,000 employees, come as tech billionaire overhauls company
Absolute Software Welcomes New CFO and CISO to Executive Team (Absolute) Absolute Software™ (NASDAQ: ABST) (TSX: ABST), the only provider of self-healing, intelligent security solutions, today announced the appointments of Jim Lejeal as Chief Financial Officer (CFO) and Samir Sherif as Chief Information Security Officer (CISO).
Corelight Welcomes Paul Kleinschnitz as Chief Revenue Officer (Corelight) Corelight welcomes first Chief Revenue Officer Paul "PK" Kleinschnitz
Products, Services, and Solutions
Infosec products of the month: October 2022 (Help Net Security) The featured infosec products this month are from: ABBYY, ARMO, Array, AuditBoard, AuthenticID, AwareGO, Code42, Corelight, and more.
B-More Partners with CybeReady to Support Customers in Latin America with Autonomous Cybersecurity Training Platform (EIN News) Consulting Service Provider Establishes Cybersecurity Training Program and Solutions with CybeReady as the Foundational SaaS-Based Platform
Carlton Fields Launches Privacy & Cybersecurity Compliance Consultancy in Ever-Changing Landscape (Carlton Fields) CTRL Will Help Companies Comply With State & Federal Privacy and Cybersecurity Regulations Affecting Multiple Industries
Finite State and RKVST Announce Partnership to Accelerate Software Transparency (Business Wire) Finite State, the leader in product and supply chain security, and RKVST announce a partnership to bring together Finite State's industry-leading prod
Lookout and HPE Aruba Announce Integrated SASE Architecture (Lookout) With this partnership, customers can leverage two best-of-breed solutions to create an integrated, modern SASE architecture.
AppOmni Welcomes Eden Data as New Technology Partner for SaaS Security (Business Wire) AppOmni, the leader in SaaS security, announced today that Eden Data, an IT services and consulting organization focused on supporting startups and SM
Tenacity Launches Cloud Cost Management and Optimization Platform | Transforming Data with Intelligence (Transforming Data with Intelligence) Cloud cost anomaly alerts, budget forecasting, and reserved instance management eliminate unnecessary cloud use, helps enterprises cut costs.
Varonis Launches Its Flagship Data Security Platform as a SaaS (GlobeNewswire News Room) New cloud-native deployment model offers rapid time-to-value and groundbreaking new automation capabilities...
Cryptomathic Launches Cloud-Based ‘Bring Your Own Key’ Encryption Key Management Service for Users of Amazon Web Services (Global Banking & Finance Review) 27 October 2022 – Cryptomathic, a leading encryption key management specialist, today launches the Cryptomathic AWS BYOK Service, a cloud-based service that enables security-conscious users of Amazon Web Services globally to harness enterprise-class Bring Your Own Key (BYOK) encryption key management capabilities on demand. BYOK encryption management offers enterprises the opportunity to forego influence a […]
Cisco Showcases Latest Innovations to Secure Organizations Wherever Work Happens (Cisco) Cisco today announced new capabilities across its security portfolio so teams can be more productive and protected wherever they are working from. Unveiled at Cisco’s annual Partner Summit conference, the news demonstrates continued progress towards the strategic vision of the Cisco Security Cloud that will protect the integrity of an organization’s entire IT ecosystem.
Network Perception and Check Point Software Technologies Partner to Tighten the Security of OT Firewall Environments (Business Wire) Network Perception, innovators of operational technology (OT) solutions that protect mission-critical assets, and Check Point Software Technologies Lt
Nucleus Security Releases Free CISA KEV Enrichment Dashboard and Research, Providing Further Insight Into Vulnerability Prioritization (Business Wire) Nucleus Security today launched the CISA KEV Enrichment Dashboard, a free tool for vulnerability researchers.
Technologies, Techniques, and Standards
CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication (CISA) CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement phishing-resistant MFA, CISA recommends using number matching to mitigate MFA fatigue.
Space Attack Research & Tactic Analysis (SPARTA) (Aerospace Corporation) The Aerospace Corporation created the Space Attack Research and Tactic Analysis (SPARTA) matrix to address the information and communication barriers that hinder the identification and sharing of space-cyber Tactic, Techniques, and Procedures (TTP).
NSA shares supply chain security tips for software suppliers (BleepingComputer) NSA, CISA, and the Office of the Director of National Intelligence (ODNI) have shared a new set of suggested practices that software suppliers (vendors) can follow to secure the supply chain.
Army diving ‘headfirst’ into SBOMs to secure software supply chain (Federal News Network) The Army says SBOMS are “going to happen” and is now asking for feedback on how to use them as part of the acquisition process.
Why culture is the foundation of your cybersecurity strategy (Microsoft News Center Canada) By Chris Barry, President, Microsoft Canada The evolving sophistication of the global threat landscape, along with our almost overnight adoption of the hybrid work model has caused a paradigm shift…
Cryptologic museum reopens | PHOTOS (Baltimore Sun) NSA's National Cryptologic Museum reopens near Fort Meade.
Design and Innovation
‘Point solutions just need to die’: The end of the one-trick security tool (Cybersecurity Dive) The deconstruction of security products has foisted many avoidable challenges upon organizations and the industry at large.
Spy agency embraces meme culture and the internet is here for it (CyberScoop) The NSA cybersecurity director's memes suggest the Pentagon may have finally figured out how to use internet culture to its advantage.
Academia
CISA funds expanding access to cybersecurity programs at HBCUs, K-12 schools (The Record by Recorded Future) Funding from CISA is making its way to underserved communities and HBCUs thanks to workforce development organization CYBER.ORG.
Three Missouri universities announce plans for a $2.5 million intelligence center (KRCG) Just two weeks after announcing a cybersecurity partnership with Jefferson City High Schools, Lincoln University is partnering with Saint Louis and Harris-Stowe
Cyber security center in Union Station nets $1.5M (masslive) U.S. Rep. Richard Neal helps secure funding for cyber range lab to be overseen by Springfield Technical Community College and consortium of Greater Springfield colleges, universities
Legislation, Policy, and Regulation
The Election That Saved the Internet From Russia and China (WIRED) Open-internet advocates are breathing a sigh of relief after a recent election for the International Telecommunications Union's top leadership.
Cyber officials from 37 countries, 13 companies to meet on ransomware in Washington (Reuters) The White House will host officials from 37 countries and 13 global companies in Washington this week to address the growing threat of ransomware and other cyber crime, including the illicit use of cryptocurrencies, a senior U.S. official said.
US convenes over 30 countries to address ransomware as hacks of hospitals, critical infrastructure continue (CNN) The Biden administration will convene three-dozen allied governments on Monday and Tuesday for a fresh round of talks on how to stem the tide of ransomware attacks that have disrupted critical infrastructure firms around the world and cost businesses many millions of dollars.
Deciphering the Biden Administration’s and CISA’s Effects on Cybersecurity and National Security (Security Boulevard) The US president and Cybersecurity and Infrastructure Security Agency, or CISA, has steadily followed through with plans to implement new mandates intended, hone regulations, and improve the nation’s security posture. The post Deciphering the Biden Administration’s and CISA’s Effects on Cybersecurity and National Security appeared first on Flashpoint.
Litigation, Investigation, and Law Enforcement
Democrat Murphy Urges Security Review of Saudi Twitter Backing (Bloomberg Law) Democratic Senator Chris Murphy said Saudi Arabian backing for Elon Musk’s purchase of Twitter Inc. should be scrutinized by a government panel that reviews national security risks from foreign investments in the US.
Suella Braverman admits sending official documents to personal email six times (The Telegraph) Review of phone use found Home Secretary transferred material, but she says the items 'did not pose any risk to national security'
FTC Brings Action Against Ed Tech Provider Chegg for Careless Security that Exposed Personal Data of Millions of Customers (Federal Trade Commission) The Federal Trade Commission is taking action against education technology provider Chegg Inc.
F.T.C. Accuses Ed Tech Firm Chegg of ‘Careless’ Data Security (New York Times) Chegg, a homework help app, exposed the data of 40 million users, including details about some students’ sexual orientation and religion, regulators said in a legal complaint.
Psychotherapy extortion suspect: arrest warrant issued (Naked Security) Wanted! Not only the extortionist who abused the data, but also the CEO who let it happen.
In Texas, facial recognition is becoming a way of life (Fast Company) In The Lone Star State, companies can’t collect your biometric identifiers without your consent. But the law doesn’t give you another option if you say no.
German student arrested for running darknet marketplace (Computing) The marketplace had about 16,000 registered users and 72 active traders when it was closed earlier this year.
Mondelez and Zurich reach settlement in NotPetya cyberattack insurance suit (The Record by Recorded Future) Mondelez International and Zurich American Insurance reached a settlement late last week in their multi-year legal battle over the food company’s $100 million claim regarding damage from the NotPetya cyberattack in 2017.