Dateline Moscow and Kyiv: GPS jamming and cyber ops while forces wait for frozen ground.
Ukraine at D+295: Cold weather and reconstitution. (CyberWire) Long- and short-range strikes continue, as both sides wait for a harder freeze. GPS-jamming is reported in Russian cities.
Russia-Ukraine war: List of key events, day 296 (Al Jazeera) As the Russia-Ukraine war enters its 296th day, we take a look at the main developments.
Ukraine war: Deadly attack leaves retaken Kherson with no power (BBC News) Heavy shelling of critical infrastructure knocks out the power supply to the entire Ukrainian port.
The Russian Army Is Preparing for a Fresh Attack (Foreign Policy) Many of the problems from the initial draft have been solved.
Ukraine stalemate sets stage for possible winter escalation (AP NEWS) With the war in Ukraine grinding through its 10th month, both sides are locked in a stalemated battle of attrition, which could set the stage for a new round of escalation. Many observers see the current deadlock as beneficial to Ukraine, allowing it to receive more state-of-the-art weapons from the West and prepare for new counteroffensives.
Ukrainian drones are making life hell for Russian troops in Crimea (Task & Purpose) "Our main threat to Crimea is drones, everything else is under full control."
GPS Signals Are Being Disrupted in Russian Cities (WIRED) Navigation system monitors have seen a recent uptick in interruptions since Ukraine began launching long-range drone attacks.
Ukrainian Organizations Hit With New Supply Chain Attack (Decipher) Mandiant researchers recently discovered a new software supply chain attack that targeted Ukrainian government agencies with trojanized Windows installers.
NSA cyber director warns of Russian digital assaults on global energy sector (CyberScoop) The agency's cyber director, Rob Joyce, also said he's worried that TikTok has the ability to conduct 'large scale influence.'
Russia's cyber war machine in Ukraine hasn't lived up to Western hype. Report analyses why (ThePrint) Infancy of Moscow’s cyber command, operating in silos, poor performance by military, & differing understanding of cyber explain gap between West's expectations & performance.
Russia warns of ‘consequences’ if US missiles go to Ukraine (Military Times) U.S. officials said Tuesday that Washington was poised to approve sending a Patriot missile battery to Ukraine.
U.S.-Lithuanian Defense Leaders Consult at Pentagon (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III expressed gratitude for Lithuania's contributions to Ukraine self-defense and its support for U.S. rotational troops based in Lithuania during a meeting with
Vladimir Putin’s failing invasion is fueling the rise of Russia’s far right (Atlantic Council) As Vladimir Putin's disastrous invasion continues to unravel, battlefield defeats in Ukraine are having a radicalizing effect on Russian domestic audiences and fueling the rise of the country's ultra-nationalist far right.
Putin’s sudden capitulation is a real prospect (The Telegraph) With military defeat finally sinking in, the Russian president’s appetite for battle has begun to wane
Russian forces killed 'hundreds of civilians' in just first few weeks of invasion (The Telegraph) Russian forces killed hundreds of civilians in just the first few weeks of Vladimir Putin’s invasion of Ukraine, the United Nations said on Thursday.
Deserter reveals rape, torture and killing by 'Butchers of Bucha' (The Telegraph) Nikita Chibrin said fellow soldiers were given orders to shoot anyone with a phone as he offered to testify against infamous brigade
Individual Russians must be held accountable for war crimes in Ukraine (Atlantic Council) Unless steps are taken to hold individual Russians accountable for the war crimes they have committed in Ukraine we will witness similar atrocities elsewhere, warns Ukrainian author and journalist Stanislav Aseyev.
Memo to Macron: Russia doesn't need security guarantees but Ukraine does (Atlantic Council) French President Emmanuel Macron has been widely criticized for calling on Europe to offer Russia security guarantees at a time when the Kremlin is using fake security concerns to justify the invasion of Ukraine.
US to provide advanced combined armed training to Ukraine (Breaking Defense) About 500 Ukrainians will move through the new training course per month.
Iran asking Russia to sell military ships, help build new designs: Israeli sources (Breaking Defense) According to multiple Israeli defense sources, officials from Iran have traveled to Russia to discuss the potential for naval cooperation - including building new ships.
Russia’s New Theory of Victory (Foreign Affairs) Christmas Day will be a grim milestone for the Ukrainian people. It will mark almost exactly ten months since Russian forces crossed into their country, bringing devastation on a scale not seen in Europe since World War II. Tens of thousands of Ukrainians have been killed. Millions have fled their homes. Most of the state has lost power, leading Kyiv to worry that—as winter sets in—many of its citizens will freeze.
A looming Russian offensive (The Economist) Ukraine’s chiefs, in an unprecedented series of briefings, tell The Economist about the critical months that lie ahead
“Anyone who underestimates Russia is headed for defeat” (The Economist) An interview with Colonel-General Oleksandr Syrsky, Ukraine’s second most senior soldier
Volodymyr Zelensky and his generals explain why the war hangs in the balance (The Economist) Our interviews with the men shaping Ukraine’s response to Russia’s aggression
An interview with Volodymyr Zelensky, president of Ukraine (The Economist) Edited highlights of our conversation with Ukraine’s leader
Ukraine’s top soldier runs a different kind of army from Russia’s (The Economist) Valery Zaluzhny wants to encourage initiative and devolve authority
Big Tech Goes to War (Foreign Affairs) To help Ukraine, Washington and Silicon Valley must work together.
America’s New Sanctions Strategy (Foreign Affairs) How Washington can stop the Russian war machine and strengthen the international economic order.
EU approves new sanctions against Russia over Ukraine war (AP NEWS) The European Union said Thursday it approved a new package of sanctions aimed at ramping up pressure on Russia for its war in Ukraine. The package, whose details had not been revealed, was approved after days of deliberations during a meeting of the 27-nation bloc's ambassadors in Brussels while EU leaders held a summit nearby.
Russia is destroying Ukraine’s economy, raising costs for U.S. and allies (Washington Post) Two months of relentless missile and drone attacks by Russia have decimated Ukraine’s critical infrastructure and blown a hole in projections for the country’s war-ravaged economy.
The Trouble With Russian Blacklisting (Foreign Policy) Moscow’s ban on Western academics and researchers makes the world a more dangerous place.
Why the Oil Price Cap Won’t Hurt Putin (Foreign Policy) The West wants to have its Russian oil price cake and eat it too.
Attacks, Threats, and Vulnerabilities
Nozomi Networks Researchers Track Malicious Glupteba Activity Through the Blockchain (Nozomi Networks) This blog presents how Glupteba hides its C&C domains in the bitcoin blockchain, presenting various campaigns over the years.
Zimperium teams discover new malware in Flutter developed apps (SecurityBrief Asia) Zimperium has discovered a novel predatory loan malware hiding in mobile apps developed with Flutter.
Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs (Databreaches.net) An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure and medical researchers – according to email security vendor Proofpoint.
Australian telecom company TPG hacked as threat actor got access to a server that hosts the email accounts of 15,000 clients (Information Security Newspaper | Hacking News) Australian telecom company TPG hacked as threat actor got access to a server that hosts the email accounts of 15,000 clients - Incidents - Information Security Newspaper | Hacking News
Credit Card Processing Company Exposed 9 Million Transaction Records Online (Website Planet) Security researcher Jeremiah Fowler together with the Website Planet research team discovered an open and non-password protected database that
Social Blade confirms breach after hacker posts stolen user data (BleepingComputer) Social media analytics platform Social Blade has confirmed they suffered a data breach after its database was breached and put up for sale on a hacking forum.
Social Blade Suffers Data Breach (Heimdal Security Blog) Social Blade, a statistics website that allows its users to track statistics and measure growth across multiple Social Media platforms such as YouTube, Instagram, and Twitch, notified its clients about a potential data breach affecting their personal information.
Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG (SecurityWeek) Australian telecoms firm TPG Telecom this week revealed unauthorized access to an Exchange service hosting the email accounts of 15,000 customers.
Salt Security Uncovers API Security Flaws Within The LEGO® Group Online Service Platform, Issues Remediated (PR Newswire) Salt Security, the leading API security company, today released new threat research from Salt Labs highlighting two API security...
RedAwning vacation booking service database allegedly leaked on clear web forum (SafetyDetectives) The SafetyDetectives cybersecurity team has discovered a leaked SQL database appearing to belong to the RedAwning vacation platform.
CMS Responding to Data Breach at Subcontractor (Centers for Medicare & Medicaid Services) CMS Notifying Potentially Involved Beneficiaries and Providing Information on Free Credit Monitoring
Soccer Technology Raises Privacy Risks for Players (Wall Street Journal) At the 2022 World Cup, in-stadium cameras and a sensor in the soccer ball collect information from 29 points on players’ bodies.
FuboTV goes kaput during World Cup semifinals, blames “criminal cyber attack” (Ars Technica) Streaming service goes dark during one of the most anticipated sporting matches.
FuboTV Says It Was Victim of “Criminal Cyber Attack” in World Cup Streaming Outage (The Hollywood Reporter) The attack on the streaming service happened during the critical France-Morocco semifinal match.
FuboTV outage during World Cup semifinal was caused by cyberattack (The Record by Recorded Future) A cyberattack knocked out access to FuboTV's platform during the World Cup semifinal between France and Morocco.
BREAKING: Cyberattack forces Catholic schools to close (SooToday.com) Huron-Superior Catholic District School Board students are being sent home early today — and schools are closed tomorrow — after cyber incident targeted board’s computer and phone systems
Little Rock School District finalizes deal to recover data after cyberattack (Arkansas Online) The Little Rock School District announced Thursday night that it has finalized a settlement to the recent cyberattack on the district's computer network systems, but officials divulged no details on any ransom that might have been paid.
LockBit Ransomware 101: Here’s What You Need to Know (Heimdal Security Blog) This article will help you learn about LockBit ransomware, what it does to your organization, and how to protect against it.
Number of command-and-control servers spiked in 2022: report (The Record by Recorded Future) The number of unique command-and-control servers increased 30% in 2022, an indication that cybercriminals are increasingly using them in attacks
Payment Declined: Carding Cyber Criminals Fear for Their Future (ReliaQuest) The future of web carding is looking grim. In this post, why it's gotten harder to use stolen credit card credentials online.
CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.
Security Patches, Mitigations, and Software Updates
Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths (CISA) Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update.
Trends
NSA Publishes 2022 Cybersecurity Year in Review (National Security Agency/Central Security Service) The National Security Agency published its 2022 Cybersecurity Year in Review today to share its mission focuses and demonstrate how it is producing cybersecurity outcomes for the nation.
Attackers expected to target Large Companies regardless of industry in (PRWeb) Titaniam, Inc., the industry’s most advanced data protection and ransomware immunity platform, recently surveyed corporate security professionals to gain t
If you’re sick of seeing your data get stolen, it’s time to invest in better cybersecurity (Stockhead) Senetas says cybersecurity needs to get proactive after this year exposed Australians to the extent that criminals will go to steal data.
Marketplace
Twitter Under Elon Musk Suspends Accounts of Several Journalists (Wall Street Journal) The social-media platform also blocked the official account of rival platform Mastodon, the latest instance of it making content or user decisions under Elon Musk without much transparency.
Twitter suspends journalists who wrote about owner Elon Musk (AP NEWS) Twitter on Thursday suspended the accounts of journalists who cover the social media platform and its new owner Elon Musk, among them reporters working for The New York Times, Washington Post, CNN, Voice of America and other publications.
Twitter suspends accounts of several journalists who had reported on Elon Musk (the Guardian) Many at CNN, Washington Post and the New York Times who had written critically of the new owner found their handles suspended
Twitter suspends several journalists' accounts without warning (Computing) On Wednesday, the social networking platform modified its policies regarding accounts that tracked private jets
Elon Musk is now banning journalists and competitors on Twitter (Quartz) Musk's campaign for "free speech" has meant silencing his critics this week
KuppingerCole Names SailPoint a Leader in Identity Governance Administration Security for 2022 (Business Wire) SailPoint ranked highest across the board for product, innovation, market position, and leadership for the fifth consecutive year
Cyber Security Firm Volexity Expands Into Maryland (Commercial Observer) Volexity, a cyber security solutions company headquartered in Reston, Va., is expanding into Maryland
Michael Wons and John Valente Join Ridgeback Network Defense as Special Advisors (Business Wire) Ridgeback Network Defense (www.ridgebacknet.com) announces that Michael Wons, former CTO for the State of Illinois, and John Valente, former CISO of 3
Products, Services, and Solutions
F5 Expands SaaS-Based Security Portfolio with Launch of F5 Distributed Cloud App Infrastructure Protection (F5) F5 announced the launch of F5 Distributed Cloud App Infrastructure Protection (AIP), a cloud workload protection solution that expands application observability and protection to cloud-native infrastructures.
Avertium Advances its Cyber Fusion Capabilities by Adding Microsoft Security Expertise (Avertium) Today, Avertium has announced the addition of Microsoft Security expertise to its team of threat defense professionals.
Axonius Bolsters SaaS Management Offering with New Capabilities (Axonius) Axonius announces the release of two new capabilities within Axonius SaaS Management to help organizations better understand their overall SaaS application risk.
Socure Named a Leader in Inaugural Identity Verification Solutions Report by Independent Research Firm (Business Wire) Socure, the leading provider of digital identity verification and fraud solutions, today announced it has been named a Leader in The Forrester Wave™:
Symmetry Systems Achieves SOC 2 Type 2 Certification (PR Newswire) Symmetry Systems, the industry's first hybrid cloud data security posture management (DSPM) solution provider, announced it has successfully...
Anomali Delivers Enhanced Solutions and Capabilities that Enable Organizations to More Accurately and Efficiently Defend Against Cyberattacks (Anomali) New Attack Surface Management Offering Extends Visibility to Strengthen Cyber Resiliency
AllEasy Selects AU10TIX's IDV Technology to Securely and Rapidly Verify Banker's Identity (PR Newswire) AU10TIX, a leading global provider of identity verification (IDV) technology, and AllEasy, Inc. a forerunner in the rapid-growth Filipino...
Technologies, Techniques, and Standards
NIST Retires SHA-1 Cryptographic Algorithm (NIST) The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable.
NIST retires an early cryptographic algorithm (FedScoop) Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government.
SP 800-63-4 (Draft) Digital Identity Guidelines (NIST) NIST requests comments on the draft fourth revision to the four-volume suite of Special Publication 800-63, Digital Identity Guidelines. This publication presents the process and technical requirements for meeting the digital identity management assurance levels specified in each volume. They also provide considerations for enhancing privacy, equity, and usability of digital identity solutions and technology.
IBM Helps Financial Services Industry Manage Risk and Regulations with CSA (PR Newswire) Today, IBM (NYSE: IBM) announced it is working with the Cloud Security Alliance -- a global not-for-profit dedicated to defining standards,...
IBM to work with nonprofit on a cloud security framework for financial services (SC Media) Companies that have adopted the Cloud Security Alliance’s controls can now use services or transact with SaaS providers on IBM’s cloud framework for financial services
CISA Consolidates Twitter Accounts (CISA) CISA has consolidated its social media presence on Twitter. Three accounts — @ICSCERT, @Cyber, and @CISAInfraSec — are no longer active. Additionally, the @USCERT_gov Twitter account is now renamed @CISACyber. The following current active Twitter accounts will include posts on content previously covered on the now-inactive accounts.
How Should We Discuss Cyber With the C-Suite? (CISO Series) How detailed do we get in our conversation with business leaders? Do we dumb it down? Or is that a recipe for trouble?
Fumbling the Crystal Ball (Foreign Affairs) Policymakers can’t afford to spurn the science of prediction.
Academia
A long-running national security entrepreneurs network keeps growing (Federal News Network) A collegiate-level course in national security is about to expand the number of colleges where it's taught. Hacking for Defense started at Stanford University back in 2016.
Legislation, Policy, and Regulation
Musk Faces European Anger Over Twitter Ban of Journalists (Bloomberg) Backlash against Elon Musk suspending journalists from Twitter Inc. has spread among senior European politicians, with threats of future sanctions and lawmakers leaving the platform.
Greek Government Responds To Domestic Surveillance Controversy By Making Things Worse (Techdirt) Malware and exploit developers are generating a seemingly endless number of headlines, thanks to misuse of their products by government entities. Israel’s NSO Group has made the most headline…
Saudi welcomes China's controversial tech giant Huawei, ignores US concerns (Business Standard) The China-Saudi deal came a little after the US recently imposed a ban on approvals of new telecommunications equipment from China's Huawei Technologies and ZTE, citing national security risks
U.S. blacklists China chipmaker YMTC, AI champion Cambricon, others (Nikkei Asia) Chip tool maker intended as alternative to ASML also added to Washington's list
Historic activation of the U.S. Army’s 11th Cyber Battalion (DVIDS) The historic activation ceremony of the 11th Cyber Battalion (Leviathans) and the uncasing of the organization’s unique colors took place in a ceremony steeped in Army tradition and hosted by Col. Benjamin Sangster, commander of the 780th Military Intelligence Brigade (Cyber), at the Gordon Catering and Conference center, December 15. The 11th Cyber Battalion (CYB) is the Army’s premiere expeditionary Cyber Electromagnetic Activity (CEMA) battalion. Officially activated on October 16, 2022, the 11th CYB can deliver a range of non-lethal, non-kinetic effects—including offensive cyberspace operation (OCO) and electronic warfare (EW) capabilities.
New York Financial Regulator Issues Crypto Guidance for Banks (Wall Street Journal) The New York Department of Financial Services reminded banks looking to branch out into cryptocurrency to first seek approval from the regulator.
Massachusetts Establishes Cyber Incident Response Team (GovTech) Gov. Charlie Baker has created the Cyber Incident Response Team in a Dec. 14 executive order. The group will be comprised of members from state government public safety and cybersecurity organizations.
Litigation, Investigation, and Law Enforcement
The S.E.C.’s Treatise on S.B.F. (Puck) In short, the S.E.C. is alleging that S.B.F. out-Madoffed Madoff, who at least had the decency to keep his market-making operations on the 19th floor of the Lipstick Building, separate from his money management Ponzi scheme two floors below. S.B.F. mixed them all together.
FTX Executives Used ‘Korea’ Account to Mask Giant Alameda Liabilities (Bloomberg) GitHub account authored code that hid Alameda’s liabilities, Account beared name of former FTX executive Nishad Singh,
Report: Nearly 1 in 4 Consumers Who File Chargebacks Admit to “Friendly” Fraud (GlobeNewswire News Room) Sift’s Q4 2022 Digital Trust & Safety Index Reveals Chargeback Disputes are up as Economic Conditions Tighten Globally...
Woman admits to unwittingly funding Iran critic kidnap plot (MyNorthwest.com) A California woman pleaded guilty on Thursday in connection with her unwitting role in a foiled plot to kidnap a prominent Iranian