Dateline Moscow and Kyiv: Exchanging drones and attack traffic.
Ukraine at D+285: Exchanging drone strikes and cyberattacks. (CyberWire) Ukrainian deep strikes hit Russian airfields. DDoS against a Russian state-owned bank, privateering and influence ops against Ukraine.
Heavy Fighting Continues In East As Ukraine Races To Restore Electricity After Russian Strikes (RadioFreeEurope/RadioLiberty) Ukrainian forces have fought off a fresh round of Russian attacks in the east, Ukraine's General Staff said, as technicians race to restore electricity following Moscow's latest wave of missile strikes that caused power disruptions across the country amid dropping temperatures.
Ukrainians face emergency blackouts after Russian missile attacks (Al Jazeera) Outages will be most severe in the Kyiv region, as teams work to repair damaged infrastructure in freezing conditions.
Russia claims Kyiv hit its air bases, fires more missiles (AP NEWS) Ukrainian drones struck two air bases deep inside Russian territory, the Kremlin said Monday, shortly before Russian forces unleashed a massive missile barrage in Ukraine that struck homes and buildings and killed civilians.
Drone attack hits oil storage tank at airfield in Russia’s Kursk region (the Guardian) No casualties reported as facility set on fire, one day after Russia blames Ukraine for two other drone strikes
Ukraine: Drone strikes hit Russia as Zelenskyy travels east (AP NEWS) In a new display of defiance from Kyiv, Ukrainian President Volodymyr Zelenskyy traveled to an eastern city near the front line Tuesday while two more strategic sites inside Russia were reportedly hit by drone attacks.
Russia-Ukraine War: Ukrainian Drones Hit 2 Bases Deep in Russia (New York Times) The brazen attacks escalated the war. Hours later, Ukraine said that Moscow had launched a new barrage of airstrikes.
Drone Strikes Airfield In Russia's Kursk Region, Governor Says (RadioFreeEurope/RadioLiberty) A drone has struck an airfield in the Russian region of Kursk bordering Ukraine, setting fire to an oil storage tank, the regional governor said.
Blasts Hit Russian Air Bases, Moscow Launches Missile Barrage on Ukraine (Wall Street Journal) Ukrainian drones hit two Russian air bases on Monday, Russia’s defense ministry said, and Russian missiles killed two people and injured at least two others in the Zaporizhzhia region.
Ukraine war latest: Russian deserter fleeing Ukraine opens fire on police with machine gun
(The Telegraph) A Russian deserter opened fire on police in the southern Russian town of Novoshakhtinks, wounding one officer.
Satellite images show new Russian military facility in Mariupol (Military Times) Newly released satellite imagery shows a new Russian military compound in Mariupol, Ukraine, according to Maxar Technologies.
It’s No Crime to Be a Russian Soldier in Ukraine (Foreign Policy) Moscow’s war is unjust, but there’s no moral obligation for soldiers to refuse to fight.
Readout of Secretary of Defense Lloyd J. Austin III's Call With Ukrainian Minister of Defense (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke with his Ukrainian counterpart to reinforce the unwavering U.S. commitment to support Ukraine's ability to counter Russia's war of aggression.
Macron’s Gone From ‘Strategic Autonomy’ to ‘Strategic Intimacy’ (Foreign Policy) What a difference a war makes.
Opinion How Putin’s war in Ukraine has moved Germany into a new era (Washington Post) An American friend called me the other day, having just returned from Berlin.
WSJ News Exclusive | U.S. Altered Himars Rocket Launchers to Keep Ukraine From Firing Missiles Into Russia (Wall Street Journal) The U.S. secretly modified the advanced Himars rocket launchers it gave Ukraine so they can’t be used to fire long-range missiles into Russia, U.S. officials said, a precaution the Biden administration says is necessary to reduce the risk of a wider war with Moscow.
Estonia buys HIMARS, as eastern allies boost artillery arsenals (Defense News) Lockheed Martin is booking orders from a growing number of countries, as U.S. Army officials promote joint operational concepts for artillery in Europe.
Putin drives Mercedes over Crimea bridge weeks after explosion
(The Telegraph) Russian President Vladimir Putin has driven a Mercedes over the bridge that links Moscow-annexed Crimea to the Russian mainland weeks after the vital link was partially blown up.
Putin’s Warriors (Foreign Affairs) The Kremlin has co-opted its critics and militarized the home front.
Russia's No. 2 bank VTB suffers largest DDoS in history (Computing) Russia's state-owned bank VTB has been hit by the most intense distributed denial of service (DDoS) it has ever suffered.
Russia’s online attacks target Ukrainians’ feelings (POLITICO) ‘We have a new method of cyberattack: to influence political processes, social processes,’ Ukraine cyber chief says.
Russia compromises major UK and US organisations to attack Ukraine (Lupovis) We deployed decoys on the internet, which were used to lure Russian threat actors so we could analyse their tactics.
Russian Hackers Use Western Networks to Attack Ukraine (Infosecurity Magazine) Lupovis used decoys to find out more about threat actors
Russia says oil price cap won't stop it from financing Ukraine war effort (Reuters) Russia said on Monday that a Western price cap on its oil would destabilise global energy markets but would not affect its ability to sustain what it calls its "special military operation" in Ukraine.
Sanctions on Russia Are Working. Here’s Why. (Foreign Policy) The Kremlin’s ability to wage war is already constrained, but the worst is yet to come.
Europeans Have Weapons but Aren’t Warriors (Foreign Policy) Military spending can’t make up for the continent’s lack of military culture.
Attacks, Threats, and Vulnerabilities
BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign (Bitdefender Labs) Bitdefender researchers have uncovered a new cyber-espionage campaign targeting a telecommunications firm in the Middle East.
Cyber attack widens, via third party, affecting government agencies (Stuff) A widening circle of government departments is emerging as victims of a third-party cyber attack.
Amnesty International Canada target of sophisticated cyber-attack linked to China (Amnesty International Canada) The organization is speaking out to warn other human rights defenders about the rising threat of digital security breaches.
Amnesty International Canada hit by cyberattack out of China, investigators say (CBC News) The Canadian branch of Amnesty International was the target of a sophisticated cyber-security breach this fall — an attack forensic investigators believe originated in China with the blessing of the government in Beijing.
Security breach detected in October, believed to be sponsored by the Chinese state (Yahoo) The Canadian branch of human rights organization Amnesty International says it was the target of a cyberattack it believes was sponsored by the Chinese state. In a statement posted on its website, Amnesty International Canada said the digital security breach was first detected on Oct. 5, 2022, when suspicious activity was spotted on Amnesty's IT infrastructure. An investigation by forensic investigators and cybersecurity experts was immediately launched, and steps were taken to protect the organ
Iran: State-Backed Hacking of Activists, Journalists, Politicians (Human Rights Watch) Hackers backed by the Iranian government have targeted Human Rights Watch and at least 18 other high-profile journalists, researchers, and politicians working on Middle East issues in an ongoing social engineering and credential phishing campaign.
NCC warns of phishing attack exploit (Daily Post Nigeria) The Nigerian Communications Commission's Computer Security Incident Response Team (NCC-CSIRT) has warned that a new phishing, attacks exploit windows
Polonium APT Group: Uncovering New Elements (Deep Instinct) The Polonium APT group activity was first detected by Microsoft in June 2022. The group is based in Lebanon and exclusively attacks Israeli companies.
Rackspace email outage continues as migrations prove hard (Register) Hosting company has nothing to say on data loss, restore times, or root cause
Vice Society: Profiling a Persistent Threat to the Education Sector (Unit 42) Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.
Machine Learning becomes the New Launchpad for Ransomware | HiddenLayer MLDR (HiddenLayer | Security for Machine Learning) AI can be used as a new launchpad for ransomware
Syntax errors are the doom of us all, including botnet authors (Ars Technica) A command typo might have dismantled most of an advanced malware's network.
Global State of Exposure: OpenSSL Vulnerabilities (BitSight) New BitSight research finds that many organizations are still affected by the OpenSSL vulnerabilities, tracked as CVE-2022-3786 and CVE-2022-3602.
How hackers can access potential ‘gold mine’: AIIMS cyberattack a case in point (The Federal) Two weeks after a cyberattack crippled the servers at the All India Institute of Medical Sciences, the administration continues to describe the breakdown as a 'cyber-security incident'.
Hackers hijack Linux devices using PRoot isolated filesystems (BleepingComputer) Hackers are abusing the open-source Linux PRoot utility in BYOF (Bring Your Own Filesystem) attacks to provide a consistent repository of malicious tools that work on many Linux distributions.
W4SP continues to nest in PyPI: Same supply chain attack, different distribution method (ReversingLabs) Here's ReversingLabs' discoveries and indicators of compromise (IOCs) for W4SP, as well as links to our YARA rule that can be used to detect the malicious Python packages in your environment.
Supply Chain Vulnerabilities Put Server Ecosystem At Risk (Eclypsium) BMC&C Eclypsium Research has discovered and reported 3 vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software. We are referring to these vulnerabilities collectively as BMC&C. MegaRAC BMC is widely used by many leading server manufacturers to provide “lights-out” management capabilities for their server products. Server manufacturers…
Three vulnerabilities found in popular baseboard software (The Record by Recorded Future) Three vulnerabilities have been found in a popular brand of baseboard software used by many of the leading server manufacturers
The Story of a Ransomware Turning into an Accidental Wiper | FortiGuard Labs (Fortinet Blog) FortiGuard Labs provides a deeper analysis of an open-source Cryptonite ransomware sample that never offers a decryption window, but instead acts as wiper malware. Read to find out more.…
SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars (The Hacker News) Researchers have discovered a security vulnerability in SiriusXM services that allows remote hacking of connected cars from Honda, Nissan, Infiniti an
Ransomware attack forces French hospital to transfer patients (BleepingComputer) The André-Mignot teaching hospital in the suburbs of Paris had to shut down its phone and computer systems because of a ransomware attack that hit on Saturday evening.
French Hospital Hit By Crippling Cyber Attack (HackRead) The Andre-Mignot Hospital in Versailles, near Paris, had to cancel operations and transfer patients after being hit by a cyber attack.
Stop Before You Shop - Are Your Shopping Apps Sharing Access to Your Device? (Incogni Blog) In a recent consumer survey, 88% of respondents reported having at least one shopping app installed on their mobile device1. Given their popularity, you might
CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
CISA orders agencies to patch exploited Google Chrome bug by Dec 26th (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) has added one more security vulnerability to its list of bugs known to be exploited in attacks.
Vulnerability Summary for the Week of November 28, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Technical debt: The cybersecurity threat hiding in plain sight (C4ISRNet) The Biden Administration’s executive order on cybersecurity in May 2021 jump started the movement toward a zero trust architecture.
Dark web recruiting techniques: Malware, phishing, and carding (Help Net Security) In this Help Net Security video, Roman Faithfull, Cyber Intelligence Analyst at Digital Shadows, talks about dark web recruiting techniques.
Despite word of 'radical malware attack,' it took hours to shut down Suffolk's computer network (Newsday) Whether the delay exacerbated one of the most devastating ransomware attacks faced by a U.S. municipality is still open to debate.
Trends
Deloitte Future of Cyber Survey 2023 (Deloitte ) Find out how leaders across industries are building long-term value by putting cyber at the heart of the business. Explore findings from Deloitte’s latest survey based on input from cyber executives around the world.
Software Quality Issues in the U.S. Cost an Estimated $2.41 Trillion in 2022 (PR Newswire) Synopsys, Inc. (Nasdaq: SNPS) today revealed that software quality issues may have held the U.S. economy back to the tune of $2.41 trillion in...
Global Consumer Mobile App Security Survey 2022 (Appdome) Get the Results - Global Mobile App Security Consumer Survey. Learn the top fears and protections consumers in 11 countries demand in their mobile apps.
The State of Software Supply Chain Security 2022-23 (ReversingLabs) Attacks on software supply chains surged in 2022. Here's what you need to know about the state of supply chain security.
Veriff's 2023 Identity Fraud Report Reveals Continued Rise in Global Fraud, with Greatest Leap in Recurring Fraud (PR Newswire) Veriff, a global identity verification provider, today released its 2023 Identity Fraud Report which examines top global fraud trends and...
BlackBerry/Make UK Research Reveals UK Manufacturing Sector Under Threat as Almost Half Suffer Cyberattack in the Last 12 Months (BlackBerry) Nearly half of Britain’s manufacturers (42%) have been a victim of cyber-crime over the last 12 months according to new research, Cyber Security: UK manufacturing, published today by Make UK, the manufacturers’ organisation and BlackBerry Limited. Over a quarter of respondents (26%) reported substantial financial loss as the result of an attack, with losses ranging from £50,000 to £250,000.
Most School Districts Still Lack Data-Privacy Personnel (EdSurge News) Only a few years ago, before the pandemic, finding a school district with a dedicated leadership position focused on data privacy was like spotting a ...
Marketplace
The new reality: Cybersecurity firms revert to the mean (SiliconANGLE) The new reality: Cybersecurity firms revert to the mean - SiliconANGLE
Rezonate Emerges from Stealth with $8.7M to Disrupt How Enterprises Protect Cloud Identities and Access (Business Wire) Rezonate emerged from stealth today with $8.7 million in financing for its disruptive cloud identity protection platform that prevents access risk and
senhasegura Raises $13M to Drive Growth Primarily in North America and the Middle East (Business Wire) senhasegura Raises $13 Million from Graphene Ventures to Drive Privileged Access Management Growth Primarily in North America and the Middle East
Apple Faces Critics Over Its Privacy Policies (SecurityWeek) Developers claimed that Apple was tracking users' every tap on the App Store, with no way of disabling the function.
SonarSource Posts Record Growth with its Clean Code Solution in 2022 (Business Wire) SonarSource Posts Record Growth with its Clean Code Solution in 2022
Aryaka Certified as an "Attractive Employer" by Great Place to Work® in the United States, India, and Germany (PR Newswire) Aryaka®, the leader in Unified SASE solutions, announced today that it has been certified as an "Attractive Employer" by Great Place to Work®...
SecureAuth Wins 2022 Top 50 Best Workplaces of Year (SecureAuth) SecureAuth, a leader in access management and authentication, today announced it has been awarded the Top 50 Best Workplaces of Year by The Silicon Review. “We are honored to receive this recognition alongside some of the best organizations in the world. With a remote-first culture and global workforce, […]
What to Know About Getting a Job in Cybersecurity (Wall Street Journal) There are lots of openings. But what kinds of applicants are they looking for?
Lookout Appoints Dan Donovan as Chief Revenue Officer (PR Newswire) Lookout, Inc., the endpoint to cloud security company, today announced the appointment of sales veteran Dan Donovan as its chief revenue...
Securonix Appoints Nayaki Nayyar to Chief Executive Officer (Business Wire) Securonix, Inc. today announced the appointment of Nayaki Nayyar to CEO and member of its Board of Directors, effective immediately.
Sentra Appoints Ambassador Dan Gillerman to Advisory Board (PR Newswire) Sentra, a data security company, today announced that Dan Gillerman, Israel's former ambassador to the United Nations, has joined its advisory...
Products, Services, and Solutions
Palo Alto Networks looks to shore up healthcare IoT security (CSO Online) Machine-learning based visibility and monitoring are at the heart of the cybersecurity company’s new healthcare-focused, add-on application to its core firewall products.
AppOmni Announces Partnership With Veeva to Provide Enhanced Data Protection for Life Sciences (Business Wire) AppOmni, the leading provider of SaaS security, today announced a partnership with Veeva Systems to expand SaaS coverage and provide enhanced security
ThreatHunter.ai Announces New Core Threat Hunting Services, TH-Core (Newswire Today) ThreatHunter.ai, the global leader of Dynamic Threat Hunting combining high throughput from their ARGOS ML and AI systems with Elite Human Threat Hunters, announced today the new TH-Core service package
CRITICALSTART® Recognized with Microsoft Verified Managed XDR Solution Status (PR Newswire) Critical Start, a leading provider of Managed Detection and Response (MDR) cybersecurity solutions today announced it has achieved Microsoft...
OpenText Adds Allstate Identity Protection to Webroot® Helps Protect People's Digital Lives (PR Newswire) OpenText™ (NASDAQ: OTEX), (TSX: OTEX), has partnered with Allstate Identity Protection (AIP) to offer identity protection services to Webroot...
Technologies, Techniques, and Standards
When blaming the user for a security breach is unfair – or just wrong (CSO Online) Training non-tech savvy users to recognize phishing and other credential-based attacks is essential but expecting employees to man the front lines against intrusions is a mistake, experts say. Harmony between staff psychology and frictionless security technology is the ideal to shoot for.
What is antivirus used for? (TechRadar) Learn how your antivirus program can give you the best overall protection
Design and Innovation
Biometrics are even less accurate than we thought (Computerworld) Biometrics are supposed to be a fundamental pillar of modern authentication. Unfortunately, for a wide range of reasons and in a variety of ways, many biometric implementations are wildly inaccurate.
Biometric authentication could be an achilles heel for Metaverse security (Intelligent CIO North America) Trend Micro, a global cybersecurity leader, has released a new report, Leaked Today, Exploited for Life: How Social Media Biometric Patterns Affect, warning that exposed biometric data creates a serious authentication risk across a wide range of digital scenarios, including the Metaverse. William Malik, Vice President of Infrastructure Strategies at Trend Micro, said: “The use of biometrics […]
Legislation, Policy, and Regulation
WSJ News Exclusive | Meta’s Targeted Ad Model Faces Restrictions in Europe (Wall Street Journal) European Union privacy regulators say Facebook and Instagram shouldn’t use their terms of service to require users to accept ads based on their digital activity.
China Helps With US Tech Firm Scrutiny in Sign of Easing Tension (Bloomberg) US will not blacklist unverified Chinese firms right away. China’s chip firm YMTC added to US unverified list in October.
DHS secretary says US faces 'a new kind of warfare' (CyberScoop) DHS Secretary Alejandro Mayorkas said in a speech that the convergence of international and national threats is unprecedented.
Fighting and Winning in the Electromagnetic Spectrum (War on the Rocks) Starlink has proved critical for combat operations in Ukraine, and the system appears nimble enough to withstand sophisticated Russian electromagnetic
Doxxing and deficiencies in Indonesia’s cybersecurity framework (East Asia Forum) Lack of policy proficiency in Indonesia’s public sector has left the country with a ‘half-built, hollow and poorly designed’ cybersecurity governance framework
DHS Announces Extension of REAL ID Full Enforcement Deadline (Department of Homeland Security) The Department of Homeland Security (DHS) announced its intent to extend the REAL ID full enforcement date by 24 months, from May 3, 2023 to May 7, 2025. Under the new regulations published to execute this change, states will now have additional time to ensure their residents have driver’s licenses and identification cards that meet the security standards established by the REAL ID Act.
Rulemaking in privacy legislation can help dial in ad regulation (Brookings) Adding a provision to allow FTC rulemaking on advertising would fit within the bipartisan compromises of the ADPPA and could preemptively address issues before the law is on the books.
The Privacy War Is Coming (Dark Reading) Privacy standards are only going to increase. It's time for organizations to get ahead of the coming reckoning.
BODs: Hot or not? How a DHS initiative to improve federal cybersecurity is working out (Washington Post) The Department of Homeland Security has authority to issue “binding operational directives” – known in the cybersecurity world as BODs – to try to pressure federal agencies to bolster their cyber defenses.
Industry has lots to say about the Homeland Security plan for cyber incident reporting (Federal News Network) For nearly a quarter century, the government has been coaxing industry to report cyber security incidents. Now it's the law, and the Cybersecurity and Infrastructure Security Agency has the task of…
CrowdStrike urges CISA to develop guidance for determining ‘reasonable belief’ in incident reporting regulation (Inside Cybersecurity) CrowdStrike is proposing the creation of guidance to help critical infrastructure owners understand what should be considered “reasonable belief” to start the 72-hour reporting clock under CISA’s upcoming incident reporting regulation.
FTX’s Collapse Could Spell the End for Unregulated Cryptocurrencies (World Politics Review) After the collapse of the FTX exchange, it’s likely that governments will move to regulate the cryptocurrency market.
Location, Location, Location (Reason) Episode 433 of the Cyberlaw Podcast
Michigan considering legislation to prevent cyber attacks (State of Reform) Especially following the COVID-19 pandemic, healthcare organizations face added pressure on how to share their patients’ health information to promote better outcomes for patients. At the same time, organizations need to think of cyber programs to protect their patients and clients because they are being targeted by cyber-attackers trying to access their data.
France’s top cybersecurity official to leave post (The Record by Recorded Future) Guillaume Poupard, the director of France’s national cybersecurity agency, confirmed he is leaving his role at the end of the year.
Litigation, Investigation, and Law Enforcement
Sam Bankman-Fried takes aim at FTX CEO John Ray in new interview (The Block) Sam Bankman-Fried admitted he had "embarrassingly little knowledge" of his firm's financial status.
Tens of thousands still in the dark after 'targeted' attacks on North Carolina power substations (CNN) With no suspects or motive announced, the FBI is joining the investigation into power outages in a North Carolina county believed to have been caused by "intentional" and "targeted" attacks on substations that left around 40,000 customers in the dark Saturday night, prompting a curfew and emergency declaration.
WSJ News Exclusive | FTX Effort to Save Itself Failed on Questionable Assets (Wall Street Journal) The assets, which consisted largely of four thinly traded crypto tokens, likely were worth less than the $6.4 billion FTX was claiming.
Italy’s privacy watchdog fines COVID lockdown-era party app (POLITICO) Regulator finds ‘numerous violations’ of the GDPR.
Four indicted after hacking US businesses, filing false tax returns (The Record by Recorded Future) Four men based in the UK and Sweden have been indicted for stealing personal information and using it to file fake tax returns.
NSO Says Gov't Brief Backs High Court Taking Spyware Case (Law360) NSO Group has argued that a government brief urging the U.S. Supreme Court to reject the Israeli security company's petition seeking sovereign immunity against WhatsApp's hacking claims in effect supports the need for the justices to resolve the case.
Apple Sued by Women Over ‘Dangerous’ AirTag Stalking by Exes (Bloomberg) Ex-boyfriend allegedly hid tracking device in car’s wheel well. Company upgraded safeguards this year to protect privacy.
Little Rock School Board authorizes settlement on cyber attack; agreement to cost district at least $250,000 (Arkansas Online) The Little Rock School Board on Monday authorized Superintendent Jermall Wright to enter into a settlement agreement to end as favorably as possible the current cyber attack on the 21,000-student school system's data networks.