Dateline Moscow and Kyiv: President Zelenskyy to address US Congress.
Ukraine at D+300: Solidifying allied support. (CyberWire) As fighting continues in Bakhmut, both sides continue diplomatic efforts, but only with their respective friends, not one another.
Russia-Ukraine war: List of key events, day 301 (Al Jazeera) As the Russia-Ukraine war enters its 301st day, we take a look at the main developments.
Ukraine-Russia war latest: Kremlin warns no chance of peace talks as Zelensky prepares to meet Biden (The Telegraph) The Kremlin said that it sees no chance for peace talks with Ukraine as Volodymyr Zelensky heads to the US to meet Joe Biden.
Russia-Ukraine war live: Zelenskiy heads to US as Putin promises to improve nuclear combat readiness (the Guardian) Ukrainian president expected to meet with president Joe Biden and Congressional leaders on Wednesday evening
Belarus says its Russian S-400, Iskander missiles enter ‘combat duty’ (Defense News) The move comes as analysts are seeing Moscow’s rising pressure on Minsk to increase the satellite nation’s involvement in the Russian invasion of Ukraine.
Belarus Is Inching Toward Invading Ukraine (Foreign Policy) Signs are growing that an invasion from the north could be imminent.
Putin Describes Situation in Occupied Ukrainian Territories as ‘Extremely Difficult’ (Wall Street Journal) The Russian president made a rare admission that the war in Ukraine is facing obstacles.
Vladimir Putin stays in Moscow as Volodymr Zelensky meets his soldiers on the frontline (The Telegraph) Even the most avid Kremlin supporters had a hard time hiding their disappointment with the Russian leader’s lack of touch
Surrender to a Drone? Ukraine Is Urging Russian Soldiers to Do Just That. (New York Times) Capitalizing on reports of low Russian morale, Ukraine has begun offering enemy troops detailed instructions on how to make their way over the battlefield and lay down their arms.
Russia-Ukraine War: Zelensky Is Expected to Visit Washington (New York Times) A risky trip to Washington would be the first time the Ukrainian leader left his country since Russia invaded in February.
Zelenskyy to meet Biden, address Congress as war rages on (AP NEWS) Ukrainian President Volodymyr Zelenskyy was making his way to Washington on Wednesday for a summit with President Joe Biden and to address Congress in his first known trip outside the country since Russia’s invasion began in February.
A Free World, If You Can Keep It (Foreign Affairs) Ukraine and American interests.
A ‘good’ war gave the algorithm its opening, but dangers lurk (Washington Post) To see the human face of the “algorithm war” being fought in Ukraine, visit a company of raw recruits during their five rushed weeks at a training camp here in Britain before they’re sent to the front in Ukraine.
US to send $1.8 billion in aid, including Patriot battery, to Ukraine (Military Times) Officials tell The Associated Press the U.S. will send $1.8 billion in military aid to Ukraine in a package expected to be announced Wednesday.
U.S. Sends Gear to Repair Ukraine's Electric Grid (U.S. Department of Defense) The U.S. has committed more than $53 million in support for Ukraine's electric grid which officials say will be critical for emergency repairs in the face of Russia's attacks.
The partition of Ukraine would only encourage Putin's imperial ambitions (Atlantic Council) Advocates of appeasement believe the best way to end the Russian invasion of Ukraine is by offering Ukrainian land in exchange for peace but this will only encourage Putin's imperial ambitions, writes Benton Coblentz.
2022 REVIEW: Why has Vladimir Putin’s Ukraine invasion gone so badly wrong? (Atlantic Council) Vladimir Putin hoped his invasion of Ukraine would result in a quick and historic victory. Instead, he ends 2022 with Russia's reputation as a military superpower in tatters. Why has the invasion of Ukraine gone so badly wrong?
In Ukraine, I saw the greatest threat to the Russian world isn’t the west – it’s Putin | Timothy Garton Ash (the Guardian) The Kremlin’s imperial war has made its own culture a common enemy for people across its former empire, says Guardian columnist Timothy Garton Ash
Our country of the year for 2022 can only be Ukraine (The Economist) For the heroism of its people, and for standing up to a bully
No One Would Win a Long War in Ukraine (Foreign Affairs) The West must avoid the mistakes of World War I.
Standing with Russia, or staying silent, protects genocide (The Hill) This month, in a unanimous vote, the Senate Foreign Relations Committee passed Senate Resolution 713, which correctly identifies and designates Russian atrocities in Ukraine as genocide. Led by Ran…
Telegram Hack Exposes Growing Russian Cyber Threat in Moldova (Balkan Insight) A Moldovan minister tells BIRN that the cyber-attacks facing Moldova since Russia’s invasion of Ukraine are on a whole new level.
Kremlin-linked hackers tried to spy on oil firm in NATO country, researchers say (CNN) A Kremlin-linked hacking group known for focusing on Ukraine has stepped up its spying efforts against Ukraine's NATO allies in recent months -- in part by trying to hack a big oil firm in a NATO country in August, according to US cybersecurity firm Palo Alto Networks.
Russian hackers attempted to breach petroleum refining company in NATO country, researchers say (CyberScoop) The Russian hacking group Trident Ursa is mostly known for phishing campaigns targeting organizations in NATO states.
Ukraine attacks changed Russian GPS jamming (GPS World) Two Russian airbases deep inside the country were attacked on the December 5: the Engels-2 base in the Saratov region and Dyagilevo near Ryazan. The next day an oil tank at the Kursk airfield closer to the border with Ukraine was hit and set on fire.
Russian oligarch who criticised Ukraine war has $1bn hotel complex seized (The Telegraph) The court order came after Oleg Deripaska was asked by the Kremlin to stop publicly condemning the invasion
Sewing for Ukraine: volunteers make army uniforms for women (Reuters) Yuliia Mykytenko smiles as she adjusts her new trousers, confident she's finally found a Ukrainian army uniform that fits after 10 months of war with Russia.
Attacks, Threats, and Vulnerabilities
Godfather: A banking Trojan that is impossible to refuse (Group-IB) Group-IB discovers banking Trojan targeting users of more than 400 apps in 16 countries
Okta source code stolen in GitHub hack (Computing) Security provider Okta has been breached, with attackers apparently stealing the company's source code.
Okta's source code stolen after GitHub repositories hacked (BleepingComputer) In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code.
Elastic IP Hijacking — A New Attack Vector in AWS (Mitiga) Mitiga Researchers found a new post-exploitation attack method, a novel way in AWS that may enable adversaries to hijack static public IP addresses for malicious purposes.
ChatGPT: Emerging AI Threat Landscape (Trustwave) ChatGPT has been available to the public since November 30, 2022. Since then, it has made headlines – from being temporarily banned from Stack Overflow because...
OpwnAI: AI That Can Save the Day or HACK it Away (Check Point Research) Latest Research by our Team
ChatGPT can be used to generate malicious code, finds research (mint) Researchers at Check Point used ChatGPT and Codex used standard English instructions to create code that can be used to launch spear phishing attacks
Cybersecurity firms examine ChatGPT threat model (TechHQ) Among the millions of users who have joined OpenAI’s chat bot preview are security experts keen to probe the ChatGPT threat model in detail.
The scammers who scam scammers on cybercrime forums: Part 3 (Sophos News) A shadowy sub-economy is more than just a curiosity – it’s booming business, and also an opportunity for defenders. In the third part of our series, we look at the curious case of twenty fake marke…
OWASSRF: CrowdStrike Identifies New Method for Bypassing ProxyNotShell Mitigations (CrowdStrike) Learn how CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.
Ransomware gang uses new Microsoft Exchange exploit to breach servers (BleepingComputer) Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web Access (OWA).
“RisePro” Stealer and Pay-Per-Install Malware “PrivateLoader” (Flashpoint) RisePro's presence on Russian Market, and the appearance of the stealer as a payload for a pay-per-install service, may indicate its growing popularity—and viability—within the threat actor community.
New 'RisePro' Infostealer Increasingly Popular Among Cybercriminals (SecurityWeek) A new information stealer called RisePro is being distributed by pay-per-install malware downloader service ‘PrivateLoader’.
Novel Rust-based Agenda ransomware variant discovered (SC Media) Ransomware-as-a-service operation Qilin has developed a novel Rust-based variant of the Agenda ransomware strain, which was originally based in the Go programming language and was used to compromise the healthcare and education sectors in Indonesia, Thailand, Saudi Arabia, and South Africa, The Hacker News reports.
Clop ransomware group targeting provider-patient trust, infecting medical images (SC Media) Hold Security has observed the Clop ransomware group interacting with providers as if they were patients in order to send them medical images infected with malware.
Guardian hit by serious IT incident believed to be ransomware attack (the Guardian) Incident has hit parts of media company’s technology infrastructure, with staff told to work from home
Eufy camera security breach admission leaves many questions unanswered (9to5Mac) Brand owner Anker has finally responded to proof of a major Eufy camera security breach, but its official statement still leaves a great many questions unanswered. The company has now admitted that it lied to users about all footage and images being stored locally, and never sent to the cloud, after a security researcher proved […]
Germany's Thyssenkrupp Hit By Cyberattack (Barron's) German industrial giant Thyssenkrupp on Tuesday said it was fending off a cyberattack against two of its divisions, but that no data appeared to have been lost.
Play Ransomware Gang Claims Responsibility for Cyber Attack on H-Hotels (Information Security Buzz) H-Hotels (h-hotels.com) have recently been the target of a cyber-attack, which has led to disruptions in the company’s communication systems. The Play ransomware gang has claimed responsibility for the attack. At this point, it is unclear whether the claims made by the Play criminal gang are genuine; however, H-Hotels is looking into the matter as quickly as possible.
Report: World-Renowned Education Company Exposes Details of Over 100,000 Students Worldwide in Massive Data Breach (vpnMentor) vpnMentor's research team has discovered a data breach related to McGraw Hill, an education publishing company based in the USA. McGraw Hill’s online education platform is used by
McGraw Hill exposed student data and grades, online privacy firm says (Higher Ed Dive) VpnMentor said the data breach exposed over 117 million files filled with hundreds of thousands of grades and email addresses.
McGraw Hill confirms data exposure of students' emails and grades (EdScoop) Education publisher McGraw Hill misconfigured a cloud storage device, exposing the emails and grades of students across the U.S. and Canada.
McGraw Hill's S3 buckets exposed 100,000 students' grades (Register) Educator gets an F for security
Ransomware hackers take demands directly to college students: ‘For you, it’s a sad day’ (NBC News) A hacker group broke into Knox College's computer system and gained access to student data, a common ransomware tactic. But this group had a new wrinkle for Knox students.
Timeline: San Diego Unified Waited 5 Weeks to Notify Employees and Families of Data Breach (NBC 7 San Diego) The San Diego Unified School District has confirmed new details regarding the timeline of its “cybersecurity incident,” in a report it filed with the state Attorney General’s office on Dec. 12.
Cybersecurity Pros Bracing for Possible Holiday Cyber Event (Channel Futures) Is a major cyber event about to occur, creating a nightmare for cyber defenders? Major cyber events occurred around the holidays in 2020 and 2021.
The terrifying ways employers can spy on your online life (New York Post) Got a spicy side hustle? They’ll find out.
Security Patches, Mitigations, and Software Updates
Fuji Electric Tellus Lite V-Simulator (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code.
Rockwell Automation GuardLogix and ControlLogix controllers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: GuardLogix, ControlLogix, Compact Logix, and Compact GaurdLogix controllers Vulnerability: Improper Input Validation 2.
ARC Informatique PcVue (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: ARC Informatique Equipment: PcVue Vulnerabilities: Cleartext Storage of Sensitive Information, Insertion of Sensitive Information into Log File 2.
Rockwell Automation MicroLogix 1100 and 1400 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100 and 1400 Vulnerabilities: Cross-site Scripting, Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create a denial-of-service condition or allow for remote code execution.
Delta 4G Router DX-3021 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Industrial Automation Equipment: 4G Router DX-3021 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to add files, delete files, or change file permissions.
Prosys OPC UA Simulation Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Prosys OPC Equipment: UA Simulation Server Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain credentials and gain access to system data.
Trends
2022's 4 Most Common Cyberattack Patterns (Security Intelligence) 2022 was a challenging year for cybersecurity teams. Learn the four most common cyberattack patterns and how to deal with them in the future.
ThreatModeler Survey: IT Leaders Confident in Effectiveness of Tools, Though Many are Looking for More Proactive, Automated Solutions (News Direct) Research finds that enterprises that leverage threat modeling report more confidence in their security and development tools
Ethical principles governing emerging tech are lacking in most organizations (TechRepublic) A Deloitte report discusses the importance of ethics, the types of misuse of new technologies, & how companies can operationalize standards.
Google outlines 6 cybersecurity predictions for 2023 (VentureBeat) Google security leaders share 6 cybersecurity predictions for 2023, anticipating an increase in ransomware and broader adoption of passkeys.
What's Next in Cyber 2022 Global Survey (Palo Alto Networks) Global survey of 1300 C-level executives on what’s next in cybersecurity – focused on security trends and needs.
Marketplace
Germany's VMRay ties up $34 million series B to expand threat detection and analysis (Tech.eu) VMRay is spearheaded by the malware analysis and detection pioneers Dr. Carsten Willems and Dr Ralf Hund.
Cybersecurity M&A Roundup for December 1-15, 2022 (SecurityWeek) A dozen cybersecurity-related merger and acquisition (M&A) deals were announced in the first half of December 2022.
Cybersecurity firms hunker down for hard times (Axios) In a tough economy, customers are buying services like incident response over longterm investments.
Cybersecurity Firms Cut Staff as Fears About Economy, Funding Mount (Wall Street Journal) The wave of layoffs started this summer and has spanned departments, including workers in technical roles.
Twitter Blue for Business now allows companies to identify their employees (TechCrunch) Twitter Blue for Business now provides an additional badge that helps organizations identify brands and people associated with it.
Elon Musk Says He Will Resign as Twitter C.E.O. When He Finds Successor (New York Times) Mr. Musk, who asked his Twitter followers on Sunday if he should step down as head of the service, will remain the company’s owner.
Tech’s Bust Delivers Bruising Blow to Hollowed-Out San Francisco (Bloomberg) Job cuts and remote work are colliding to reshape the center of American innovation.
Channel Futures Names Arlin Sorensen of ConnectWise as one of the Top 20 Managed Services Channel Leaders for 2022 (GlobeNewswire News Room) Channel Futures’ Channel Leaders of the Year list features some of the biggest managed services suppliers in the industry who are stepping up to move the...
Jacques Boschung Appointed as Head of Kudelski Security (Yahoo Finance) The Kudelski Group (SIX:KUD.S), the world leader in digital security, today announced the appointment of Mr. Jacques Boschung as head of Kudelski Security, the Group's cybersecurit
CyberArk Appoints Omer Grossman Global Chief Information Officer (Business Wire) CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced the appointment of Omer Grossman as Global Chief Information Officer
Contrast Security Executives to Help Defend Cyberspace as Active Participants of a Leading Tech Group the Company Co-Founded (Contrast Security) Cybersecurity Tech Accord and its membership of global enterprises continue to partner for a safer and more secure world.
Products, Services, and Solutions
PlainID Launches The PlainID Technology Network to Enable Identity Aware Security for Advanced Access Control (PR Newswire) PlainID, The Authorization Company™, the leading provider of authorization and policy-based access control, officially announces its PlainID...
Aisera Announces Integration of its AI-powered Service Experience Solution with Zendesk's Sunshine Platform (PR Newswire) Aisera, the world's leading AI-driven service experience platform for automated customer experiences (CX), announced today that its solutions...
How CyberCube helps assess risk for cyber insurance (VentureBeat) With the risk of cybercrime at an all-time high, cyber insurance company, CyberCube, announced $50M additional raised, for over $100M total.
Technologies, Techniques, and Standards
US Might Have Targeted Iran Cyber Infrastructure Before Midterm Vote (Iran International) The US military’s Cyber Command disrupted foreign adversaries’, including Iran’s potential interference in the mid-term elections, it said on Monday.
Army network plan will offset contested comms with multi-path transport-agnostic capabilities (Breaking Defense) “You have to be able to operate with challenges to comms at times, whether it's jamming, lack of available fiber, geography impacting your line of sight, or host-nation spectrum restrictions.”
How to Embed Gen Z in Your Organization's Security Culture (Security Intelligence) Gen Z is comprised of digital natives, yet the generation has the highest victim rates for scams. Empower Gen Z through cybersecurity education.
Legislation, Policy, and Regulation
Congress moves to ban TikTok from US government devices (Federal Times) Rule applies to the executive branch — with exemptions for national security, law enforcement and research — and doesn't appear to cover Congress itself.
FDA pushing for medical device cybersecurity funding, regulations (The Record by Recorded Future) The Food and Drug Administration is pushing for Congress to provide more funding and support to address the cybersecurity of medical devices.
CISA Lined up for 12 Percent Funding Boost in FY2023 (Meritalk) The Cybersecurity and Infrastructure Security Agency (CISA) is in line to receive a 12 percent funding increase under Fiscal Year 2023 appropriations legislation unveiled today – a spending hike that Capitol Hill leaders said will help the agency boost its ability to prevent cyberattacks and secure critical infrastructure.
Congress moves to reauthorize CISA’s cyber defense program (Federal News Network) The Cybersecurity and Infrastructure Security Agency is in line for a budget boost, while the Einstein cyber defense system gets its reauthorization.
Rep. Katko worries CISA will become a 'regulatory behemoth' (Washington Post) Rep. John Katko talks about what’s done and still undone as his congressional career wraps up
Tech Companies Make Final Push to Head Off Tougher Regulation (Wall Street Journal) The industry has spent more than $100 million to fight antitrust measures and other bills in Congress.
Elizabeth Warren's New Financial Surveillance Bill Is a Disaster for Privacy and Civil Liberties (CoinDesk) The proposal would turn blockchains into permissioned ledgers surveilled by centralized gatekeepers.
Litigation, Investigation, and Law Enforcement
Russian hackers accessed JFK airport taxi software: Port Authority (The Record by Recorded Future) Two have been arrested on charges that they conspired with Russian hackers to tamper with JFK airport’s taxi queuing software.
FTX founder Sam Bankman-Fried will fly from Bahamas to U.S. Wednesday to face criminal charges (CNBC) Sam Bankman-Fried is set to return to the U.S., where he faces multiple criminal charges tied to the collapse of his crypto exchange FTX.
Scoop: ProPublica to return SBF funds (Axios) The initial $1.6 million grant was the first of three payments, totaling $5 million over three years.
FTX’s Bankman-Fried Gave Ex-Jane Street Traders Who Formed Modulo Capital $400M (CoinDesk) Founded in early 2022, Modulo operated out of the same luxury Bahamian condominium community where Sam Bankman-Fried and other FTX employees lived.
EU to Probe Broadcom’s $61 Billion Planned Takeover of VMware (Wall Street Journal) Europe’s competition regulator said it is concerned that the deal could limit competition for some hardware.
Broadcom’s $61 Billion VMware Deal Faces In-Depth EU Probe (Bloomberg) EU cites concerns it could raise prices, hurt innovation. EU commission sets new May 11 deadline to review the deal.
European regulators: Broadcom-VMware merger 'would lead to higher prices, lower quality' (CRN) The European Commission has announced an “in depth” investigation of the merger between the two companies
Amazon Agrees to Settle EU Antitrust Cases, Avoiding Fines (Wall Street Journal) The online retail giant settled two antitrust cases related to allegations about its treatment of third-party sellers on its platform, ending some of the bloc’s most advanced cases targeting a U.S. tech company.
Musk’s Twitter Draws Deeper FTC Scrutiny Over Rising Privacy, Security Concerns (Bloomberg) FTC questioned two former senior executives on data security. Review could lead to millions of dollars in fines, Musk order.
Billionaires Are A Security Threat (WIRED) Elon Musk’s Twitter takeover is a case study in destruction. It doesn’t have to be this way.
Zuckerberg weighed naming Cambridge Analytica as a concern in 2017, months before data leak was revealed | CNN Business (CNN) Mark Zuckerberg considered disclosing in 2017 that Facebook was investigating "organizations like Cambridge Analytica" alongside Russian foreign intelligence actors as part of an election security assessment before ultimately removing the reference at his advisers' suggestion, according to a 2019 deposition conducted by the Securities and Exchange Commission and reviewed by CNN.