Dateline Moscow and Kyiv: Partisans and hackers.
Ukraine at D+294: OSINT and partisans. (CyberWire) The hybrid war finds partisans: information gathering in occupied Ukrainian territory, and repurposed cybercriminals acting in the Russian interest.
Russia-Ukraine war live: Kherson city without electricity after Russian shelling, says regional chief (the Guardian) Power grid reportedly down after heavy shelling; Zelenskiy adviser says ‘unknown drone’ struck a military facility in western Russia
Russian security teams are scrambling to hunt down Ukrainian spies as locals in captured towns direct fire and gather critical intel (Business Insider via Yahoo) Behind enemy lines, civilians and soldiers alike have helped Ukraine uncover Russian positions and target for them for strikes.
The Infrared Hunt for Russian Troops in the Battle for Bakhmut (New York Times) On a frigid December night, The New York Times accompanied members of a surveillance team for the Ukrainian Army as they used a thermal sight to find enemy positions miles away.
Vladimir Putin is hiding from his own people (The Telegraph) The Russian leader doesn't have the answers, so he feels safer if nobody asks him the questions. It's a sign of how bad things are going
“Putin’s Chef”: The Man Behind Russia’s Shadow Army (Puck) Evgeny Prigozhin, the terrifying muscle behind Putin’s most notorious mercenary group, is an increasingly vocal threat to Putin, himself.
Why Crimea is Volodymyr Zelenskiy’s greatest bargaining chip (the Guardian) As Boris Johnson makes an intervention on the status of the peninsula, will Ukraine really insist on Russia giving it back?
The old is dying and the new cannot be born: A power audit of EU-Russia relations (ECFR) ECFR’s new EU-Russia power audit reveals a picture of success in decoupling from Moscow – and suggests the bloc could emerge stronger from the crisis
Congress Wants to Boot Russia From U.N. Security Council (Foreign Policy) The Biden administration is also interested in watering down Russia’s influence at the United Nations.
EXPLAINER: What can the Patriot missile do for Ukraine? (AP NEWS) Patriot missile systems have long been a hot ticket item for the U.S. and allies in contested areas of the world as a coveted shield against incoming missiles. In Europe, the Middle East and the Pacific, they guard against potential strikes from Iran, Somalia and North Korea.
An Alternate Reality: How Russia’s State TV Spins the Ukraine War (New York Times) Leaked emails detail how Russia’s biggest state broadcaster, working with the nation’s security services, mined right-wing American news and Chinese media to craft a narrative that Moscow was winning.
Russia-Ukraine war reaches dark side of the internet (Al Jazeera) The darknet has become another, quiet front in the war as Russian and Ukrainian hackers, once united, drift apart.
Putin to choose cyber warfare before nuclear weapons, former NSA chief says (The Hill) Retired Gen. Keith Alexander, the former National Security Agency director and head of U.S. Cyber Command, said on Tuesday that Russian President Vladimir Putin is likely to continue using cyberatt…
Famous Australian hacker calls Russian cyberpunks ‘regime slaves’ (Yahoo) Robert Potter is a cyber-security expert and part-time hacker working with the Australian government. He also works with Ukraine and knows everything about the main threat to its digital space – Russian hackers.
Russian Sanctions: Rossiya Airlines Reportedly Plans To Furlough 100 Airbus Pilots (Simple Flying) The Russian carrier is looking to pick parts from multiple aircraft, leading to the lay-off of up to 100 Airbus pilots.
WSJ News Exclusive | Russian Oligarch Vladimir Potanin, Nornickel Shareholder, Faces U.S. Sanctions (Wall Street Journal) Washington is moving to sanction the businessman, his wife and holding company, but are keeping the metals giant Nornickel off the list.
Attacks, Threats, and Vulnerabilities
Protecting People From Online Threats In 2022 (Meta) We’re sharing a number of updates on our work to protect people globally from online threats.
AIIMS cyber attack may have originated in China, Hong Kong (The Times of India) India News: The cyberattack on the servers of AIIMS, Delhi is suspected to have originated from locations in China and Hong Kong, official sources said on Wednesd
AIIMS Delhi Servers Were Hacked By Chinese, Damage Contained: Sources (NDTV.com) AIIMS data breach came up in Parliament this week, when Congress's Shashi Tharoor called for a thorough investigation and questioned the government
GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites (Fortinet Blog) FortiGuard Labs encountered an unreported CMS scanner and brute forcer written in the Go programming language. Read our analysis of the malware and how this active botnet scans and compromises webs…
Crooks use HTML smuggling to spread QBot malware via SVG files (Security Affairs) Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a phishing campaign distributing the QBot malware using a new technique that leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 […]
You’ve Crossed the Line — Disturbing a Host’s Rest (Akamai) Akamai researcher Ben Barnea found two important vulnerabilities in a Microsoft Windows RPC service that were assigned CVE-2022-37998 and CVE-2022-37973 with a base score of 7.7.
Meta-Phish: Facebook Infrastructure Used in Phishing Attack Chain (Trustwave) Meta has two of the largest social media platforms today, Facebook and Instagram. These platforms became the modern gateway for people not just to socialize and eavesdrop on the lives of famous personalities, but more importantly, to stay connected with their friends and loved ones.
'Third-party incident' impacted Gemini with 5.7 million emails leaked (Cointelegraph) The leak did not include sensitive KYC information as phone numbers were partially obfuscated.
Crypto users claim Gemini email leak occurred much earlier than first reported (Cointelegraph) Cointelegraph previously reported that a “third-party incident” impacted Gemini, with 5.7 million emails leaked.
TPG Telecom joins list of hacked Australian companies, shares slide (CRN Australia) Emails of up to 15,000 corporate customers accessed.
Twitter Suspends the Accounts Tracking Musk’s Jet and The Man Behind It (Bloomberg) Accounts used public data to follow Elon Musk’s plane. Musk said last month Twitter wouldn’t ban the account.
Australia at increased risk of cyber attack: Microsoft report (NCA Newswire) The nation’s critical infrastructure is “severely vulnerable” to attacks from cyber criminals, according to a new report by Microsoft.
Security Patches, Mitigations, and Software Updates
Apple patches everything, finally reveals mystery of iOS 16.1.2 (Naked Security) There’s an update for everything this time, not just for iOS.
Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware (Naked Security) Tales of derring-do in the cyberunderground! (And some zero-days.)
Trends
2022 State of the Threat: A Year in Review (Secureworks) After the global uncertainties of 2020, I think we all hoped that 2021 would shape into a degree of normality. But when it comes to cybersecurity, that has not been the case. We started the year looking at the aftermath of SolarWinds, and we haven’t looked back. From HAFNIUM to Colonial Pipeline to Kaseya, the headlines have kept coming all year long.
What's Next in Cyber 2022 Global Survey (Palo Alto Networks) Global survey of 1300 C-level executives on what’s next in cybersecurity – focused on security trends and needs.
78 Percent of Americans Report Unsafe Behavior Online in New Comcast Cyber Health Report (Comcast) Today Comcast released its Xfinity Cyber Health Report that found that more than three in four Americans (78 percent) report risky online behaviors that open them up to cyber threats, such as reusing or sharing passwords, skipping software updates and more – a 14 percent increase from just two years ago.
6 IBM cybersecurity predictions for 2023: Ransomware and CaaS will spike (VentureBeat) IBM Security and X-Force research team analysts share 6 predictions for how cybersecurity threats will evolve in 2023.
Marketplace
AppOmni Adds to Series C Funding with New Investment From TSG (Business Wire) AppOmni, the leading provider of SaaS security, has received follow-on investments from TSG, as well as other funds. The capital will bolster AppOmni’
Twitter takes extreme steps to cut costs (Computing) Twitter is allegedly considering not paying severance packages to former employees and has stopped paying the rent on offices as it looks to cut costs.
With Record Growth in 2022, Traceable AI Achieves Significant Milestones and Adds Top Executives to Drive 2023 Expansion (PR Newswire) Traceable, the industry's leading API security and observability company, today announced significant milestones for 2022, including record...
Plume Appoints Board of Advisors (PR Newswire) Plume®, the personalized communications services pioneer, announced today that it has appointed and formed a new board of advisors comprising...
Ballistic Ventures Names David Hahn as Inaugural CISO-in-Residence (PR Newswire) Ballistic Ventures, the venture capital firm dedicated exclusively to funding and incubating entrepreneurs and innovations in cybersecurity,...
Rubrik Appoints John W. Thompson as the Lead Independent Board Director (Rubrik) Former Microsoft Chairman and Former CEO of Symantec expands board role; further strengthens Rubrik’s cybersecurity leadership
Products, Services, and Solutions
Mark43 achieves premier FedRAMP High “In Process” designation (Business Wire) Mark43, the leading cloud-native public safety software company, today announced that it has achieved Federal Risk and Authorization Management Progra
Solvo Joins AWS ISV Accelerate Program to Enhance Customer Experience (PR Newswire) Solvo, a provider of adaptive cloud infrastructure security solutions, today announced it has joined the Amazon Web Services (AWS) Independent...
Tigera Introduces Calico Security Policy Recommender Improvements and FIPS Compliance to Help Reduce Application Attack Surface (PR Newswire) Tigera, provider of the industry's only active Cloud-Native Application Protection Platform (CNAPP) with full-stack observability for...
Beyond Identity and World Wide Technology Announce Strategic Partnership (Beyond Identity) After Deploying Beyond Identity’s Passwordless MFA Internally, WWT Will Resell the Advanced Zero Trust Authentication Solution To Its Customers
Fortanix Data Security Manager (DSM) Available to UK Public Sector on G-Cloud 13 (Fortanix) Fortanix Data Security Manager (DSM) is Now approved for the G-Cloud Framework and Available to UK Public Sector on G-Cloud 13.
DerScanner 3.12 with a static and dynamic software security analysis correlation module (DerScanner) DerSecur has updated DerScanner, a comprehensive solution for monitoring the security of software and information systems. The new version allows correlating the results of static code analysis (SAST) with the results of dynamic code analysis (DAST).
Safe Security Launches First Cybersecurity MGA to Underwrite Cyber Insurance Based on Continuous "Inside-Out" Cyber Risk Telemetry (Yahoo Finance) PALO ALTO, Calif., December 15, 2022--Safe Security today launched SafeInside Insurance, the first cybersecurity Managing General Agent (MGA) utilizing API based cyber risk telemetry.
Armorblox Announces Significant Enhancements to its NLU-based Data Protection Platform (Armorblox) Support for selective encryption of emails, broad range of user access privileges reduce data blindspots for organizations
TransUnion Named a Leader in Identity Verification Solutions by Independent Research Firm (GlobeNewswire News Room) TransUnion (NYSE: TRU) announced today that it has been named as a Leader in The Forrester Wave™ Identity...
Technologies, Techniques, and Standards
Why the manufacturing sector must make zero trust a top priority in 2023 (VentureBeat) How and why manufacturing CISOs should get started now implementing a zero-trust framework in their organization.
Census Bureau tables controversial privacy tool for survey (AP NEWS) The U.S. Census Bureau on Wednesday said it was putting on hold plans to apply by 2025 a controversial method for protecting the privacy of participants in its most comprehensive survey of Americans after facing pushback from prominent researchers and demographers.
Design and Innovation
Council Post: The Quantum Computing Threat: The Road To Quantum Insecurity (Forbes) There is one way to protect data from a quantum computer, and it uses quantum technology to do it.
Legislation, Policy, and Regulation
China to ban deepfakes that aren’t properly labeled (The Record by Recorded Future) Beijing will prohibit the publication of so-called deepfakes without proper disclosure that they were created by AI.
Australian Cyber Security Centre takes aim at web API vulnerabilities (CRN Australia) Also addresses “compliance culture”.
Here's what's next in the Senate on cybersecurity (Washington Post) Where the Senate’s cyber agenda-setters want to go in 2023
U.S. Senate passes bill to bar federal employees from using TikTok on government-owned devices (Reuters) The U.S. Senate late on Wednesday passed by voice vote a bill to bar federal employees from using Chinese-owned short video-sharing app TikTok on government-owned devices.
Proposed US Law Seeks To Silence TikTok's Data Flow to China (E-Commerce Times) The law aims to protect Americans by blocking and prohibiting all transactions from any social media company in, or under the influence of, China, Russia, and several other foreign countries of concern.
Marketplace Tech: How the NSA and private sector are working together on cybersecurity on Apple Podcasts (Apple Podcasts) Show Marketplace Tech, Ep How the NSA and private sector are working together on cybersecurity - Dec 15, 2022
Let’s Make It Easier to Share Top-Secret Data With Allies, Intel Leader Says (Defense One) The Defense Intelligence Agency’s CIO wants to expand collaborative workspaces—and resist the urge to mark everything NOFORN.
North Dakota governor bans TikTok in executive agencies (AP NEWS) North Dakota Gov. Doug Burgum has banned the popular social media app TikTok from devices owned by the state government's executive branch, joining several other Republican governors who have done so citing the platform's Chinese ownership and growing national security worries.
Governor Baker Signs Executive Order to Establish Massachusetts Cyber Incident Response Team (Mass.gov) Team will advise on policies and strategies to manage the risk of cyber threats and will lead the Commonwealth’s response to cyber incidents
Litigation, Investigation, and Law Enforcement
GAO warns government agencies: focus on IoT and OT within critical infrastructure (CSO Online) Several key US departments are falling woefully short on cybersecurity measures for infrastructure connected to the internet of things and operational technologies, the GAO said in a scathing report.
Readout of Second Joint Ransomware Task Force Meeting (Cybersecurity and Infrastructure Security Agency) The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) co-chaired the second meeting today of the Joint Ransomware Task Force (JRTF), an inter-agency body established by Congress to unify and strengthen efforts against the ongoing threat of ransomware. The first JRTF meeting was held in September 2022.
US finds its ‘center of gravity’ in the fight against ransomware (The Record by Recorded Future) Momentum is building around a recently created Biden administration task force meant to unite the federal government against ransomware.
Federal Prosecutors in Los Angeles and Alaska Charge 6 Defendants with Operating Websites that Offered Computer Attack Services (US Department of Justice) The Justice Department today announced the court-authorized seizure of 48 internet domains associated with some of the world’s leading DDoS-for-hire services, as well as criminal charges against six defendants who allegedly oversaw computer attack platforms commonly called “booter” services.
Global crackdown against DDoS services shuts down most popular platforms | Europol (Europol) Known as Operation Power Off, this operation saw law enforcement in the United States, the United Kingdom, the Netherlands, Poland and Germany take action against these types of attacks which can paralyse the internet. The services seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines. One such service taken...
US Is Seizing 48 Websites in Sting of Cyberattack-for-Hire Services (Bloomberg) Domains sold the ability to knock victims offline, US says. Six people charged by DOJ in connection with running the sites.
FBI seized 48 domains linked to DDoS-for-Hire service platforms (Security Affairs) The U.S. Department of Justice (DoJ) seized forty-eight domains that offered DDoS-for-Hire Service Platforms to crooks. The U.S. Department of Justice (DoJ) this week announced the seizure of 48 domains associated with the DDoS-for-Hire Service platforms (aka Booter services) used by threat actors. Below is the list of domains seized by the FBI: The authorities […]
Eight Men Indicted for $114 Million Securities Fraud Scheme Orchestrated Through Social Media (US Department of Justice) A federal grand jury in the Southern District of Texas returned an indictment that was unsealed yesterday charging eight men with conspiracy to commit securities fraud for a long-running, social media-based “pump and dump” scheme.
Eight charged in alleged 'pump and dump' social media influence stock scheme (The Record by Recorded Future) Eight men who allegedly made at least $114 million from a “pump and dump” stock manipulation scheme have been charged by federal prosecutors.
How to Do Fraud at a Futures Exchange (Bloomberg) Futures, risk, fraud, securities fraud and Wirefraud.
SEC says social media influencers used Twitter and Discord to manipulate stocks (NBC News) The regulatory agency charged them in what it says was a $100 million securities fraud scheme run by people who portrayed themselves as successful stock traders.
Bankman-Fried Accused of Record US Campaign-Finance Violations (Bloomberg) Indictment alleges FTX head ran straw man donor scheme. FTX’s big three political donors gave $76 million since 2020.
Sam Bankman-Fried’s Alleged Campaign Finance Violations Explained (Wall Street Journal) U.S. authorities accuse the FTX founder of violating rules prohibiting direct corporate donations to candidates.
An S.B.F. Campaign Finance Whodunnit (Puck) Inside the Bankman-Fried indictment is a tantalizing footnote to its most explosive allegations: a massive money-in-politics scandal. Here’s how to decode the various theories making the rounds over the last 24 hours—what’s real, what’s bullshit, and what we still don’t know.
FTX Digital Executive Warned of Client Fund Transfers to Alameda, Documents Show (Wall Street Journal) A top executive of FTX’s Bahamas subsidiary warned that country’s securities authority days before the company filed for bankruptcy Nov. 11 of customer fund transfers to Alameda Research, a cryptocurrency trading firm tied to FTX, according to documents made public Wednesday.
Caroline Ellison Was Alameda’s CEO, but Officials Say Sam Bankman-Fried Ran It (Wall Street Journal) Sam Bankman-Fried has tried to shift the blame for FTX’s collapse to Alameda. Regulators said it was really he who was running the crypto trading firm.
Prosecution of Sam Bankman-Fried Could Rise or Fall on Intent (Wall Street Journal) The Justice Department will need to persuade a jury that the FTX founder intended to defraud customers, lenders and investors.
Kevin O’Leary Points Finger At Binance For FTX Crash In Senate Testimony (Forbes) The Shark Tank star and one-time FTX spokesperson O’Leary parroted Bankman-Fried’s theory on his exchange’s demise during congressional testimony.
U.K. Quantum Cybersecurity Firm Discloses SEC Investigation Over Merger (Wall Street Journal) Arqit Quantum said it is cooperating with a probe into its combination with a special-purpose acquisition company last year.
Ex-Twitter Employee Convicted of Spying Gets 3 1/2 Years in Prison (Bloomberg.com) A former Twitter Inc. employee convicted of spying for Saudi Arabia was ordered to serve 3 1/2 years in prison, capping a yearslong case that showed how the social media giant was vulnerable to security breaches perpetrated from within its own ranks.