Dateline Moscow and Kyiv: Roots of combat failure.
Ukraine at D+292: Successful brutality, but combat failure. (CyberWire) Why did Russian cyber ops fail? Maybe because of the same military incompetence and poor preparation that's characterized Russian kinetic combat operations.
Russia-Ukraine war: List of key events, day 293 (Al Jazeera) As the Russia-Ukraine war enters its 293rd day, we take a look at the main developments.
Russia-Ukraine war live: Moscow rejects Zelenskiy peace proposal, saying Kyiv must accept new ‘realities’ (the Guardian) Kremlin spokesperson claims people in Kherson, Zaporizhzhia, Donetsk and Luhansk provinces of Ukraine were Russia’s ‘new subjects’
Ukraine war latest: Russia forced to use 40-year-old shells and rockets (The Telegraph) A key bridge supplying Russia's military in Ukraine was partially destroyed in a mystery attack deep behind enemy lines.
Ukrainian forces damage key bridge near Melitopol, reports say (the Guardian) Supply lines to Russian troops likely to be affected after bridge over Molochna River partly collapsed
Official Says Fighting Remains Intense in the Donbas (U.S. Department of Defense) There continues to be fighting in Ukraine along the forward line of troops, with particularly intense combat in the Donbas region as Russian forces conduct a ground offensive amid attempts to take the
Russia Is Running Out of Fresh Ammo and May Need to Use 40-Year-Old Shells (Military.com) Moscow is faced with relying more heavily on degraded rockets and shells, which could ratchet up risks to its own troops and leave unexploded ordnance strewn across Ukraine.
The End of the New Peace (The Atlantic) Vladimir Putin is pushing humanity toward an era of war that might be worse than anything we have seen before. It could threaten the very survival of our species.
Our support for Ukraine (Uber Newsroom) We’re launching a new donation campaign and providing an update on our key support initiatives to help Ukraine in 2022.
Ukrainian railway, state agencies allegedly targeted by DolphinCape malware (The Record by Recorded Future) Ukrainian government agencies and the state railway are the latest victims of a new wave of phishing attacks, Ukraine’s CERT reported.
Cyber Operations in Ukraine: Russia’s Unmet Expectations (Carnegie Endowment for International Peace) Russia has achieved far less via cyber warfare in Ukraine than many Western observers expected. Many aspects of Moscow's approach to cyber operations have been misunderstood and overlooked.
In a Wary Arctic, Norway Starts to See Russian Spies Everywhere (New York Times) Other European countries are, too, blurring the line between vigilance and paranoia.
Russia’s Quiet Riot (Foreign Affairs) Learning to outlast Putin's autocracy.
Donors meet in Paris to get Ukraine through winter, bombing (AP NEWS) Dozens of countries and international organizations threw their weight and more than 1 billion euros (dollars) in aid pledges behind an urgent new push Tuesday to keep Ukraine powered, fed, warm and moving amid the onset of winter.
Attacks, Threats, and Vulnerabilities
Android app signing keys leaked and used to sign malware (Avast) A member of Google’s Android Security Team has posted a message on the Android Partner Vulnerability Incident issue tracker detailing leaked platform cert keys being used to create malware.
Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT (Trend Micro) We intercepted a cryptocurrency mining attack that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool.
New Ransomware Strain Discovered Lurking in Open-Source Packages (Medium) Checkmarx and Phylum reported on a Typosquatting campaign targeting the NPM and PyPi package managers. This campaign targets the popular…
Ransomware campaign targets popular open-source packages with cleverly hidden payload (SC Media) Unlike most open-source attacks where malicious packages are being executed upon installation, researchers at Checkmarx, told SC Media that the payload is hidden in multiple strategic locations and only executes when the victims use the actual functions of the packages, which makes the campaign hard to detect by many security scanners.
Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware (The Hacker News) Cryptocurrency mining attacks against Linux systems are leveraging the open-source CHAOS remote access trojan to gain unauthorized access.
Royal Ransomware Targets US Healthcare (Infosecurity Magazine) Requested ransom payment demands ranged from $250,000 to over $2m
Rackspace says more than two-thirds of customers regained email access (Cybersecurity Dive) The cloud company continued efforts to transition customers to Microsoft 365 following a Dec. 2 ransomware attack.
Hive ransomware gang claims responsibility for attack on Intersport that left cash registers disabled (Hot for Security) Sports retail giant Intersport, which boasts some 6000 stores worldwide in 57 countries, has fallen victim to a ransomware attack which disabled checkouts in France during what should have been one of the busiest times of the year.
Why you've been getting so much Gmail spam about Yeti coolers (CNBC) This phishing campaign uses several sophisticated techniques, including IP filters, re-directs, personalized links, and other tricks.
Latest maritime cyber attack targets Voyager Worldwide (Lloyd's List) <p>Company says it has launched an investigation into the attack, and that there has been no evidence of attacker activity since Sunday, December 3</p>
Uber suffers new data breach after attack on vendor, info leaked online (BleepingComputer) Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident.
Uber has been hacked yet again with code and employee data released online (SiliconANGLE) Uber has been hacked yet again with code and employee data released online - SiliconANGLE
Uber hit by new data breach — what you need to know (Tom's Guide) Cybercriminal leaked corporate Uber data online
Breach Notification Statement - Teqtivity (Teqtivity) 12/12/2022 We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third party. The third party was able to gain access to our Teqtivity AWS backup server that housed Teqtivity code and data files related to Teqtivity customers. A third-party forensics firm has been retained to […]
Security update (Uber Newsroom) Updates on security incident
US utility bills, a catchy hook for international SMS scammers (Cybernews) Crooks outside the US launched targeted SMS-based campaigns, targeting Americans wary of skyrocketing utility bills.
Dark Web Profiles | The most prolific ransomware groups of 2022 (Searchlight Security) Look ahead to 2023's emerging ransomware groups and threats as well as review 2022's most prolific ransomware groups so you can stay one step ahead.
Play ransomware claims attack on Belgium city of Antwerp (BleepingComputer) The Play ransomware operation has claimed responsibility for a recent cyberattack on the Belgium city of Antwerp.
A fake company, unsuspecting 'money mules' and bitcoin: How a Manitoba municipality lost $430K (CBC) In early 2020, the Municipality of WestLake-Gladstone became the victim of a sophisticated cyberattack — one that involved a fake company tricking over a dozen students and new Canadians into acting as intermediaries to bilk the municipality out of more than $470,000.
Travis Central Appraisal District hit with ransomware attack (Austin American-Statesman) The incident shut down the agency's phone lines and online chat system, county officials say.
Schools probe over personal data breach (DevonLive) Dartmoor Multi Academy Trust teaches just under 5,000 children and employs more than 850 staff
Statement on Cybersecurity Incident (State of California) The California Cybersecurity Integration Center (Cal-CSIC) is actively responding to a cybersecurity incident involving the California Department of Finance.
LockBit ransomware crew claims attack on California Department of Finance (CyberScoop) The ransomware crew claims to have stolen nearly 76 gigabytes of files, and has given the agency until Christmas Eve to respond.
CareFirst Administrators Impacted By Phishing Scam at RCM Vendor (Health IT Security) CareFirst Administrators notified more than 14,000 individuals of a phishing scam that impacted Conifer, its revenue cycle management vendor.
Credit Card Processing Company Exposed 9 Million Transaction Records Online (Website Planet) Security researcher Jeremiah Fowler together with the Website Planet research team discovered an open and non-password protected database that
Cyberattack Hits Brooklyn Hospitals That Serve Poor New Yorkers (New York Times) Since late November, medical professionals have been using pen and paper as experts work to get the facilities fully back online.
Little Rock School District leaders still mum on cyberattack details (Arkansas Online) The Little Rock School District on Monday continued to keep a tight lid on a possible resolution to the breach of district data networks that began Nov. 11 and prompted an unannounced School Board meeting Nov. 21.
HSE Cyber-Attack Costs Ireland $83m So Far (Infosecurity Magazine) A total of roughly 100,000 people had their personal data stolen during the cyber-attack
CISA Warns of Serious Flaws in Rockwell Automations PLCs (Decipher) CISA is warning about a denial-of-service flaw in several lives of Rockwell Automation controllers, as well as a SQL injection bug in Advantech iView.
Vulnerability Summary for the Week of December 5, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Fortinet Releases Security Updates for FortiOS (CISA) Fortinet has released security updates to address a heap-based buffer overflow vulnerability (CVE-2022-42475) in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-368, apply the necessary updates, and validate systems against the IOCs listed in the advisory.
Fortinet Ships Emergency Patch for Already-Exploited VPN Flaw (SecurityWeek) Fortinet issues an emergency patch to cover a critical-level vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the flaw in the wild.
Trends
‘Cyber risk is no different than any other risk’ (Lawyers Weekly) With a number of recent data breaches and other incidents, cybersecurity will remain a key issue for organisations across a range of sectors moving into 2023 – but there are a number of things boar
Computing's top tech predictions for 2023 (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
Report: 79% of Employees Are Distracted at Work Amid a Year of Permacrisis (PR Newswire) 1Password, the leader in human-centric security and privacy, today released its annual State of Access Report, Distraction on overdrive:...
Marketplace
Booz Allen divests part of its commercial cyber business (Washington Technology) The government technology services company will maintain a business relationship with that team.
Nillion raises over $20 million to build new web3 infrastructure (TechCrunch) Nillion, a web3 startup aiming to build a non-blockchain decentralized network, closed an oversubscribed round of more than $20 million.
Snyk Closes $196.5 Million Series G Funding at $7.4 Billion Valuation (GlobeNewswire News Room) Investment Reflects Company’s Current Financial Strength and Will Drive Continued Efficient Growth and Product Innovation in 2023 and Beyond...
Cybersecurity Startup Snyk to Raise a Down Round Led by Qatari Fund (The Information) Snyk, a prominent cybersecurity startup, is nearing a deal to raise money from Qatar’s sovereign wealth fund at a valuation of roughly $7 billion—a slightly lower price than the firm’s previous round of funding—according to people familiar with the matter. The deal would make Boston-based Snyk ...
Elon Musk’s Twitter Disbands Trust and Safety Council (Wall Street Journal) The role of the coalition that worked with Twitter before Mr. Musk took ownership of the company had become unclear.
Amazon’s Security Chief Keeps Focus on Recruiting and Retaining Talent (Wall Street Journal) Amid a broader hiring freeze and news of job cuts at the company, Amazon’s security team is still hiring, says Stephen Schmidt
GroupSense Recognized by Gartner® in 2022 Emerging Tech Impact Radar: Security Report (PR Newswire) GroupSense, a digital risk protection services (DRPS) company, today announced that Gartner, a company that delivers actionable, objective...
Object Management Group Appoints Dan Isaacs as Chief Strategy Officer (Digital Twin Consortium) Unifying OMG consortia across industries worldwide
Horizen Labs Appoints Zain Cheng as Chief Technology Officer (Business Wire) Horizen Labs, a leading blockchain innovator securing the world’s transition to Web3, announced today the appointment of Zain Cheng, an accomplished e
Retired U.S. Army Cyber Command Leader Stephen Fogarty Joins Booz Allen Hamilton (Business Wire) Booz Allen announced today that Stephen Fogarty has joined Booz Allen as a senior executive advisor to help support of the firm's cyber capabilities.
Skybox Security Strengthens Leadership Team with Appointment of Corey Williams as Chief Marketing Officer (Business Wire) Skybox Security today announced the appointment of Corey Williams as Chief Marketing Officer. The seasoned marketing executive brings 25 years of expe
Spin Technology Hires Former Salesforce CTO as Strategic Technology Advisor (AccessWire) Industry veteran Steven Tamm will oversee technical strategy for the SpinOne platform PALO ALTO, CA / ACCESSWIRE / December 13, 2022 / Spin Technology, Inc., developer of the ultimate all-in-one SaaS data protection platform ‘SpinOne' for mission-critical SaaS apps, today announced that former Salesforce CTO Steven Tamm has joined the company as its first-ever strategic technology advisor. Steven Tamm will advise on Spin Technology's
Barracuda appoints new Chief Financial Officer (Barracuda Networks) Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, today announced Joe Billante as its new Chief Financial Officer. Billante brings more than 20 years of executive leadership and finance experience to Barracuda, and has successfully led companies through business transformations, international expansion, and accelerated growth.
Niels Provos Joins Lacework as Head of Security Efficacy (PR Newswire) Lacework®, the data-driven cloud security company, today announced the appointment of Niels Provos as the company's first Head of Security...
Acalvio Appoints Anand Akela as Chief Marketing Officer (Business Wire) Acalvio Technologies, the leader in cyber deception technology, today announced the appointment of Anand Akela as chief marketing officer. Akela will
Products, Services, and Solutions
BackBox Supports Technology Services Partners with Customized Product Features (BackBox Software) BackBox, the world’s most trusted network automation company, today announced the general availability of new and enhanced features to their network and security device automation platform. These updates will deliver faster time-to-value and better
Cycode collaborates with CodeSee to secure the pipelines of thousands of open-source projects (Cycode) Cycode collaborates with CodeSee to fix vulnerabilities affecting thousands of open-source projects allowing any user to hijack the build
Veracode Adds Advanced Dynamic Analysis Capability With Acquisition of Crashtest Security Solution (Business Wire) Veracode acquires Crashtest Security, a Germany-based developer-oriented dynamic application security testing (DAST) tool.
Cobalt Recognizes Partners in Second Annual Partner of the Year Awards (Cobalt) Cobalt Recognizes Partners in Second Annual Partner of the Year Awards
Cellebrite Signs an Over $10 Million Deal with Major West European National Police Force; Marking One of the Largest Digital Intelligence Deals Ever and Further Validating Digital Intelligence as Essential Accelerator for Investigations (GlobeNewswire News Room) The police force will combine Cellebrite’s Pathfinder with existing Cellebrite collect & review solutions to maximize efficiency and resources; also set to...
Cloudflare Offers Free Zero Trust Security Tools to At-Risk Public Interest Groups (MSSP Alert) Cloudflare One zero trust security tools are now available for free to select at-risk public interest groups & local and state election sites.
Juniper Networks Selected as Preferred Technology Partner for Deutsche Telekom’s Universal Managed Services Infrastructure (Yahoo) Juniper Networks (NYSE: JNPR), a leader in secure, AI-driven networks, today announced that it has been selected by Deutsche Telekom (DT) as the first network technology partner for Magenta Business Networks SD-X. By leveraging the Juniper AI-driven Enterprise solution, DT’s innovative new universal managed services platform will power exceptional user experiences with simplified zero touch deployments, proactive self-driving automation, connected security a
DH2i Collaborates with Red Hat to Accelerate the Delivery of Intelligent Applications Across the Multi Cloud (DH2I) DH2i Earns Red Hat OpenShift Certification on Red Hat Enterprise Linux FORT COLLINS, CO – December 13, 2022 – DH2i® a world leading provider of always-secure and always-on IT infrastructure solutions, today announced that DH2i’s DxEnterprise multi-platform smart high availability clustering software has earned Red Hat OpenShift certification on Red Hat Enterprise Linux. This certification...
SecurityGen launches 5G Cyber-security Lab (Global Security Mag Online) SecurityGen launches 5G Cyber-security Lab New training platform enables telecom security teams to study 5G technology, enriching their ability to understand threats, verify security…
Axis Unveils 2022 Atmos Winter Release to Help CxOs Make a Clear Business Case for Adopting Security Service Edge (Axis Security) Axis Unveils 2022 Atmos Winter Release to Help CxOs Make a Clear Business Case for Adopting Security Service Edge
Technologies, Techniques, and Standards
Process sensors are different than IOT and IIOT devices (Control Global) December 2022, the US Government Accountability Office (GAO) issued Critical Infrastructure Actions Needed to Better Secure Internet-Connected Devices (GAO-23-105327).
Effective federated cybersecurity requires balancing situational awareness and response (Federal News Network) As government and critical infrastructure sectors prepare to confront a rapidly evolving threat landscape, coordinating security across organizations has become a critical imperative.
Cybersecurity Now A Business Imperative, says LogRhythm (Fast Mode) LogRhythm announced the release of its report, “The State of the Security Team 2022: Can Security Teams Meet Internal and External Stakeholders’ Requirements
As a new CISO, the first 100 days on the job are critical (Security | TechTarget) For a new CISO, the first 100 days set the stage for success. Explore how to make the most of your initial months on the job.
Legislation, Policy, and Regulation
Australia, Vanuatu strike security pact covering policing, defence, cyberspace (The Straits Times) This comes amid concern over China’s military ambitions for the strategically important region.
Read more at straitstimes.com.
Japan to Join US Effort to Tighten Chip Exports to China (Bloomberg) Japan and the Netherlands have agreed in principle to join the US in tightening controls over the export of advanced chipmaking machinery to China, according to people familiar with the matter, a potentially debilitating blow to Beijing’s technology ambitions.
EU to Advance Its Data-Flow Deal After U.S. Makes Surveillance Changes (Wall Street Journal) Brussels is set to give tentative approval to U.S. surveillance-rule changes, as part of pending deal to allow businesses to transfer European data across the Atlantic.
Risk and compliance: GDPR and a cookie-less future (AdNews) "Compliance today is very different to what compliance will probably look like in the future."
China’s top cyberspace regulator issues rules to regulate application of ‘deepfake’ technology to protect personal info, safeguard national security (Global Times) China’s top cyberspace regulator issued new rules to regulate the application of “deepfake” technology and services that alter facial and voice data with deep learning or virtual reality in a bid to curb risks that might arise from activities provided by related platforms.
Phishing Attacks: The FTC Steps Up Its Standards (JD Supra) Phishing schemes encompass fraudulent emails, text messages, phone calls, or web sites designed to manipulate people into downloading malware, sharing...
Top 10 Compliance Points for New FTC Safeguards Rule (JD Supra) Under the updated Rule, FIs are obligated to implement data security measures that will protect against data breaches and cyberattacks in order to...
FCC Warns Broadcasters of Specific Cybersecurity Flaw in One EAS Provider’s Equipment – Why Broadcasters Need to Pay Attention (Broadcast Law Blog) In our summary of this week’s regulatory actions of importance to broadcasters, we noted that the FCC sent an email to broadcasters last week warning them
National Guard Invests in Cyber Capabilities (AUSA) As global threats continue to evolve, the National Guard is investing in its cyber capabilities to fight on the digital front and keep those threats at bay. The National Guard is “at the nexus” of cyber efforts at the state and federal levels, and fills that nexus well, said Col. Joed Carbonell, chief of the National Guard Bureau’s cyber division.
An open call to the visionaries in government to change DoD culture (Defense News) Are we willing to let go of the culture and policies that stifle significant progress in advancing military capability?
Pentagon, private sector must partner to fight new era of cyberattacks (Federal Times) Over the past six months, there have been 10,666 ransomware variants identified, almost twice the total in the previous six months.
Gordon: Wyoming Needs Millions To Address Evolving Cyberattack Threat | Cowboy State Daily (Cowboy State Daily) A cybersecurity threats grow more common and sophisticated, Gov. Mark Gordon wants more than $7 million to beef up its cyber defenses, including a dedicated law enforcement officer in Wyoming.
After cyberattacks, Ridgefield to ramp up internet security system (The Ridgefield Press) Hackers attacked Ridgefield's network earlier this year, prompting the selectmen to...
Beyond Local: Cybersecurity attack proving costly for Alberta town (CochraneToday.ca) Read the full story and comment on CochraneToday.ca
Litigation, Investigation, and Law Enforcement
The Government Workers Facing Seven Years in Prison for Not Updating Software (Slate Magazine) Their mistake appears to have had enormous consequences, but this seems like overkill.
Google refused Hong Kong request over protest anthem - HK official (Reuters) Google has refused to change its search results to display China's national anthem, rather than a protest song, when users search for Hong Kong's national anthem, the city's security chief said on Monday, expressing "great regret" at the decision.
Hong Kong condemns Google's handling of protest anthem (Nikkei Asia) City officials pressure search giant to scrub search results
Sam Bankman-Fried Charged With Lying from Start of FTX: Live Updates (New York Times) U.S. prosecutors unveiled a criminal case against the founder of the crypto exchange FTX after his arrest in the Bahamas. He also faces civil securities fraud charges. A House committee is holding a hearing on FTX’s collapse.
FTX Founder Sam Bankman-Fried Arrested in Bahamas, U.S. Likely to Seek Extradition (Wall Street Journal) The former FTX chief executive was arrested after the U.S. Attorney for the Southern District of New York filed a sealed indictment, the U.S. attorney’s office said in a statement.
Sam Bankman-Fried Arrested in Bahamas After US Files Charges (Bloomberg) Detention follows investigation into FTX implosion last month. The Bahamas said on Monday that he faces extradition to the US.
FTX founder Sam Bankman-Fried arrested in the Bahamas after U.S. files criminal charges (CNBC) Sam Bankman-Fried's arrest is the first concrete move by regulators to hold individuals accountable for the multibillion-dollar implosion of FTX last month.
SEC Says Bankman-Fried Defrauded Investors of $1.8 Billion (Bloomberg) FTX co-founder ‘built a house of cards,’ SEC’s Gensler says. Sam Bankman-Fried is also facing US criminal charges.
Sam Bankman-Fried: FTX founder charged with defrauding investors (the Guardian) SEC says investigation into other alleged misconduct by former CEO of crypto exchange is ongoing
The Parents in the Middle of FTX’s Collapse (New York Times) The FTX founder Sam Bankman-Fried’s mother and father, who teach at Stanford Law School, are under scrutiny for their connections to their son’s crypto business.
FTX Founder Sam Bankman-Fried Live Interview (Forbes) Watch Forbes Digital Assets Director Of Research’s live interview FTX Founder Sam Bankman-Fried
Exclusive Transcript: The Full Testimony Bankman-Fried Planned To Give To Congress (Forbes) Before he was arrested, Forbes obtained a draft of Bankman-Fried's full testimony and is publishing it here, verbatim
The 11 Juiciest Parts From Sam Bankman-Fried’s Draft Testimony To Congress (Forbes) Before Bankman-Fried was arrested by Bahamian authorities on Monday, he prepared 18 pages of testimony for his appearance on Capitol Hill. Here are the key takeaways.
Everyone SBF Planned To Blame In Front Of Congress Today — Before He Was Arrested (Forbes) In the testimony Sam Bankman-Fried intended to give in front of Congress before he was arrested, obtained by Forbes, the former FTX CEO says he “fucked up” — and then goes on to target others involved in the company's demise and bankruptcy proceedings.
Exclusive: U.S. Justice Dept is split over charging Binance as crypto world falters (Reuters) Splits between U.S. Department of Justice prosecutors are delaying the conclusion of a long-running criminal investigation into the world's largest cryptocurrency exchange Binance, four people familiar with the matter have told Reuters.
Binance Is Trying to Calm Investors, but Its Finances Remain a Mystery (Wall Street Journal) The crypto exchange has begun releasing data to shore up investor confidence following the collapse of FTX.
Four accused in business email compromise scheme which reaped millions from victims (The Record by Recorded Future) Four men accused of participating in credit card fraud and business email compromise (BEC) schemes were arrested on Friday.
The LinkedIn Data Scraping Verdict — and Its Reversal (Radware Blog) The courts now rule that LinkedIn may enforce its User Agreement against data scraping by companies like HiQ.
US Seizes 55 Websites for Illegally Livestreaming World Cup (VOA) FIFA holds exclusive rights to the World Cup
New York Comptroller: Cayuga County Mishandled Personal Data (GovTech) A recent audit of the Cayuga County Health Department by the state comptroller’s office found that half of the devices assigned to personnel contained some form of sensitive personal data.