Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+537: Direct attacks on civilian targets, and realistic prospects for cyber ops. (CyberWire) Russian long-range strikes continue to hit civilian targets as Ukraine makes "incremental" progress on the battlefield. Realistic expectations of cyberwar look more like DDoS than they do Pearl Harbor.
Russia-Ukraine war: List of key events, day 538 (Al Jazeera) These are the main developments as the Russian invasion of Ukraine enters its 538th day.
Russia-Ukraine war at a glance: what we know on day 538 of the invasion (the Guardian) Odesa hit by three waves of missile strikes; Russia’s rouble falls to lowest point in almost 17 months
Russia Sharply Raises Interest Rates as Wartime Financial Problems Pile Up (New York Times) The country’s central bank raised interest rates 3.5 percentage points to stem rising prices and a weakening ruble. The move came after the national currency briefly fell below a key level with the U.S. dollar.
Russia’s central bank hikes interest rates by 3.5 percentage points as rouble falls (the Guardian) Emergency decision is intended to halt slide after currency dropped to weakest point in almost 17 months
Black Sea Clashes Grow as Russia Fires Warning Shots and Boards a Freighter (New York Times) Russia’s military made good on its threats to enforce its blockade of Ukraine, adding to the tensions in an increasingly active theater of war.
Ukraine's Zelenskiy Meets With Commanders In Donetsk Frontline Positions (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy on August 14 said he visited troops in the Donetsk region on the front line of the war against Russia.
Russia deploys new tactic as Ukrainian counter-offensive slowly makes gains (The Telegraph) Restaurants and accommodation popular with foreign journalists and aid workers close to the front line have become common targets
Ukraine Situation Report: Spring Counteroffensive May Be Needed (The Drive) With the current counteroffensive moving slowly, some Western officials say the timeline for success may shift to next year.
Power-Line Cut Raises Alarm Over Russian-Held Nuclear Plant In Ukraine, But Expert Says Little Has Changed (RadioFreeEurope/RadioLiberty) Fears about the fate of the Ukrainian nuclear plant in the crosshairs of Europe’s largest war in decades deepened when the main power line to the station was disconnected last week. An industry expert tells RFE/RL that his assessment of the risk of a catastrophe hasn’t changed.
Pentagon Announces $200M in Security Assistance for Ukraine (U.S. Department of Defense) The $200 million security assistance package includes critical munitions for U.S.-provided Patriot air defense systems and High Mobility Artillery Rocket Systems, among other items to help Ukraine
New $200M aid package to send missiles, mine-clearing hardware to Ukraine (Stars and Stripes) The United States will send Ukraine another package of military aid worth about $200 million that will include missiles, mine-clearing equipment and other vital hardware.
Allies send new reconnaissance drone, counter-UAS systems to Ukraine (Defense News) Rheinmetall Luna drones and Kongsberg CORTEX Typhon anti-drone weapons are slated to make their way to Ukraine.
How F-16s for Ukraine could harm Russia without taking a single shot (Defense News) In a protracted war, where one force tries to exhaust the other, it’s the total longevity of the military force that matters.
Wagner’s prisoner of war: A Ukrainian soldier’s 46-day nightmare (Washington Post) Russian mercenaries captured Ilia Mykhalchuk outside Bakhmut. They amputated his arms in a dark basement, he says, and subjected him to mind-bending psychological abuse.
Intel insiders go undercover revealing fresh details into NoName hacktivist operations (Cybernews) In a Black Hat exclusive interview with Cybernews, two Radware threat researchers turned 'undercover hacktivists' pose as pro-Russian sympathizers, revealing new insights into the inner workings of the cyberterrorist gang NoName057.
Why the US Military Wants You To Rethink the Idea of 'Cyber War' (The Messenger) People expected cyberattacks to play a big role in the war in Ukraine. A US military official says that’s because they don't understand what cyber conflict means
Minsk Shuts Down Opposition Belarusian Popular Front Party (RadioFreeEurope/RadioLiberty) The Supreme Court of Belarus on August 14 shut down the opposition Belarusian Popular Front Party (PBNF) amid an ongoing crackdown on dissent.
Leading Ukrainian Diplomat Drowns in Armenia (RadioFreeEurope/RadioLiberty) Ukraine’s charge d’affaires in Armenia, Oleksandr Senchenko, has died in an apparent drowning incident at the high-altitude Lake Sevan in the country’s east on August 13, Armenian officials said.
Russian-African Security Gathering Exposes Kremlin's Reduced Influence (Dark Reading) Messaging from joint summit in Saint Petersburg amounts to little more than "diplomatic subterfuge," observers note.
Russian Ruble at Weakest Level Since Early Days of Ukraine War (Wall Street Journal) The currency’s fall points to mounting financial anxiety and has revealed divisions among top Russian officials over how to manage the situation.
Russia Sharply Raises Interest Rates as Wartime Financial Problems Pile Up (New York Times) The country’s central bank raised interest rates 3.5 percentage points to stem rising prices and a weakening ruble. The move came after the national currency briefly fell below a key level with the U.S. dollar.
Russia’s central bank hikes interest rates by 3.5 percentage points as rouble falls (the Guardian) Emergency decision is intended to halt slide after currency dropped to weakest point in almost 17 months
U.S. Ambassador To Russia Visits WSJ Journalist Gershkovich In Jail (RadioFreeEurope/RadioLiberty) U.S. Ambassador to Russia Lynne Tracy met with jailed Wall Street Journal reporter Evan Gershkovich on August 14, a State Department spokesperson said, in her third such visit since his March detention on espionage charges he denies.
Attacks, Threats, and Vulnerabilities
Microsoft reveals severe vulnerabilities in CODESYS industrial software (Record) Sixteen new vulnerabilities have been uncovered by Microsoft researchers affecting tools used widely in industrial operations around the world.
Multiple high severity vulnerabilities in CODESYS V3 SDK could lead to RCE or DoS (Microsoft Security) Microsoft’s cyberphysical system researchers recently identified multiple high-severity vulnerabilities in the CODESYS V3 software development kit (SDK), a software development environment widely used to program and engineer programmable logic controllers (PLCs).
Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile (Netskope) From February to July 2023, Netskope Threat Labs has been tracking a staggering 61-fold increase in traffic to phishing pages hosted in Cloudflare R2. The
FortiGuard AI Detects Continued OSS Supply Chain Attacks Hidden in the Python Package Index (Fortinet Blog) Read how supply chain attacks in PyPI are detected by an AI engine assistant. See how a threat author distributes malicious python packages using different PyPI account IDs.…
Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability (The Hacker News) E-commerce sites using Adobe's Magento 2 software are under attack. Ongoing campaign called Xurum exploits critical flaw.
Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking (SecurityWeek) Several vulnerabilities discovered in Iagona ScrutisWeb ATM fleet monitoring software could be exploited to remotely hack ATMs.
Monti ransomware targets VMware ESXi servers with new Linux locker (BleepingComputer) The Monti ransomware has returned to action after a two-month hiatus, now targeting primarily legal and government organizations, and VMware ESXi servers using a new Linux variant that is vastly different from its predecessors.
CyRC Vulnerability Advisory: CVE-2023-0871 Vulnerability in OpenNMS Horizon (Application Security Blog) CVE-2023-0871 is an XML External Entity injection vulnerability in OpenNMS Horizon.
Dark AI tools: How profitable are they in the underground ecosystem? (Outpost24) Learn how threat actors are using artificial intelligence tools to exploit vulnerabilities, and the growing popularity of these tools.
Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles (SecurityWeek) Ford says a critical vulnerability in the TI Wi-Fi driver of the SYNC 3 infotainment system does not pose a safety risk
Brace for Impact: Clop MoveIT Breach Continues (ReliaQuest) Brace for impact: the Clop MoveIT breach continues with more companies facing ransom demands. Learn about their tactics and what to do next.
Discord.io confirms breach after hacker steals data of 760K users (BleepingComputer) The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members.
A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight (WIRED) The wide-ranging scams, often disguised as game promotions, can all be linked back to one network.
Clorox says certain business operations disrupted in cyber attack (Reuters) Clorox said on Monday it had taken certain systems offline after unauthorized activity disrupted some business operations.
United Healthcare Services Files Notice of Data Breach Following Hacking/IT Incident (JD Supra) On July 28, 2023, United Healthcare Services, Inc. filed a notice of data breach with the U.S. Department of Health and Human Services Office for...
EMS billing company for Augusta Fire Rescue experiences data breach (WMTW) "All individuals who were directly affected will receive a mailed notification from the company EMS Management Consultants."
Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach (Security Affairs) The Colorado Department of Health Care Policy & Financing (HCPF) disclose a data breach after MOVEit attack on IBM. The Colorado Department of Health Care Policy & Financing (HCPF) disclosed a data breach that impacted more than four million individuals. The incident is the result of a MOVEit attack on IBM, threat actors accessed the […]
Health Data of 4M Stolen in Cl0p MOVEit Breach of Colorado Department (Dark Reading) State's Department of Health Care Policy & Financing is the latest to acknowledge an attack by the Russian group's ongoing exploitation of third-party systems.
Millions of Americans' health data stolen after MOVEit hackers targeted IBM (TechCrunch) At least 4 million Americans had health data stolen after hackers raided a MOVEit file transfer server operated by tech giant IBM.
The MOVEit mass hacks hold a valuable lesson for the software industry (TechCrunch) While zero-day exploits are hard to defend against, the software industry must come together and do more to improve security across the board.
Ransomware group with Russian ties behind Indiana’s Medicaid data security breach (Fox 59) INDIANAPOLIS – A massive security breach of Indiana’s Medicaid system has put more than 744,000 Hoosiers at risk. Personal information like names, addresses, Medicaid numbers…
Data breach exposes information of 744,000 Hoosiers in Indiana Medicaid (WDRB) The names, addresses, case numbers and Medicaid numbers of people were exposed.
Details of 1,230 victims and witnesses released in Norfolk and Suffolk Police data breach (The Telegraph) Raw crime report data was included in 'very small percentage' of FoI responses owing to a 'technical issue', forces say
Cyberattack on Bay area vendor cripples real estate industry (The Real Deal) BAREIS reported that a cyberattack on a vendor, Rapattoni Corporation, has prevented agents from logging into their systems
Prince George's County Public Schools hit by cyberattack (BeyondMachines) Prince George's County Public Schools (PGCPS) in Maryland experienced a cyberattack impacting around 4,500 out of 180,000 user accounts, primarily staff accounts, with all users required to reset passwords. While essential systems seem unaffected, the nature of the breach and compromised data remain unknown.
Watch Out for LinkedIn Job Scams (Trend Micro News) A college graduate said she was scammed by individuals falsely impersonating Bold Business on LinkedIn, which turned out to be a job scam.
Vulnerability Summary for the Week of August 7, 2023 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Trends
Acronis Cyberthreats Report, August 2023 (Acronis) In July, ransomware attacks remained prominent, exemplified by the MOVEit campaign — which impacted over 545 organizations and their customers, and exposed the PII of more than 32.7million individuals. Notably, MOVEit is the third significant case this year involving zero-day vulnerabilities exploited in file-transfer services, with Cl0p being responsible for similar attacks on Fortra's GoAnywhere and IBM Aspera Faspex.
Only 67% of Federal Government Agencies Are Confident on Zero Trust order (Swimlane) Federal agencies are turning to low-code security automation to lighten the load of implementing requirements of the Zero Trust executive order.
2023 Security Automation Report for Federal Agencies (Swimlane) Swimlane and Dimensional Research surveyed 100 security professionals at federal agencies to learn if they are ready to meet the Zero Trust requirements.
Most DDoS attacks tied to gaming, business disputes, FBI and prosecutors say (Record) The majority of distributed denial-of-service (DDoS) attacks are launched in response to disputes over business or gaming, according to federal officials investigating the incidents.
Medical breaches accounted for 342 million leaked records from 2009 to 2022 (Comparitech) Since 2009, medical organizations in the US have suffered nearly 5,000 data breaches, affecting over 342 million medical records. Our team of researchers analyzed data from 2009 to June 2022 to find out which US states suffer the most medical breaches and how many records have been affected each year. We also took an in-depth […]
Delinea Survey from 2023 BlackHat USA Conference Reveals Momentum Toward a Passwordless Future (PR Newswire) Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced results from a survey at...
Marketplace
Akamai Announces Proposed Offering of Convertible Senior Notes (PR Newswire) Akamai Technologies, Inc. (NASDAQ: AKAM) ("Akamai"), the cloud company that powers and protects life online, today announced that it proposes...
SecureWorks layoffs affect 15% staff (TechCrunch) It's the cybersecurity company's second round of layoffs this year, following an earlier 9% workforce reduction in February.
Secureworks Lays Off Another 322 Staffers to Improve Margins (Bank Info Security) Secureworks has executed its second round of layoffs since February, axing 15% of its workforce as the company pursues high-growth products and improved operating
Abnormal Security Crosses $100M in ARR in Four Years (Abnormal) AI-native company appoints cybersecurity veterans Michael DeCesare and Maya Marcus to executive team to fuel company’s hypergrowth
Army struggling to recruit cyber experts (Computing) Intense competition from the private sector is making it difficult to find cybersecurity experts to join the Army, says its lead recruiter.
Expanding the security candidate pool (Security Magazine) As the role of enterprise security shifts, how can the industry expand the security candidate pool to meet the evolving needs of the profession?
Forescout Appoints Channel Industry Veteran David Creed as Vice President of Worldwide Channel Sales (Business Wire) Forescout, a global cybersecurity leader, today announced that David Creed has joined the company as its Vice President of Worldwide Channel Sales. Creed is responsible for shepherding the next phase of growth across the company’s channel ecosystem and creating new alliances that unlock more revenue opportunities for partners and service providers around the globe.
Illumio Appoints L. David Kingsley as Chief People Officer (GlobeNewswire News Room) Former Alteryx, Intercom, and Salesforce Human Resources Executive to Accelerate Growth and Foster Employee Engagement...
Products, Services, and Solutions
Temenos Named Trusted Cloud Provider by Cloud Security Alliance (Temenos) Recognition from global leading cloud security organization demonstrates Temenos’ ongoing commitment to holistic security
EY Launches Intelligent Extended Detection Response Solution to Combat Cyber Threats (MSSP Alert) EY IXDR is a service providing 24x7 threat monitoring, detection and response on an open XDR platform to slash response time down to minutes.
Radware Defends Israeli Media Website Rotter from Tsunami-Size Web DDoS Attacks (GlobeNewswire News Room) Combats aggressive layer 7 DDoS attacks without disrupting legitimate traffic...
Theori unveils "Xint", the automated vulnerability detection solution shaped by world-class hackers (Yahoo Finance) Theori, a fast-growing cybersecurity startup known for recently raising $15 million in pre-Series A financing, has announced the coming launch of its latest exposure management solution, Xint. Developed from an offensive attacker's perspective, the platform unites penetration testing expertise from Theori's world-class hackers into an accessible SaaS model.
Fortra Introduces New Integrations for Offensive Security (Fortra) Fortra today announced new integrations for its offensive security solutions that streamline capabilities for vulnerability management, penetration testing, and red teaming. Working together, the solutions apply the same techniques used by threat actors to identify and exploit gaps in an organizations’ security. With this proactive security approach, customers can find and fix weaknesses in their security posture before they are exploited.
SentinelOne® and Netskope Team to Secure Modern Workforce (Business Wire) Companies integrate market-leading XDR and SASE capabilities to protect remote employees and access to critical data from endpoint to cloud
Bitdefender Enhances Security for iOS Devices with Proactive Protection Against Text Messaging and Calendar Scams (Bitdefender) New Scam Alert Technology Helps Prevent iPhone and iPad Users from Clicking on Malicious Links Distributed via Calendar Invites and SMS/MMS Messages
Technologies, Techniques, and Standards
How businesses and governments can work together to stop cyberattacks before they start (VentureBeat) The time is now for governments to form a cybersecurity alliance wholly dedicated to working cooperatively.
Design and Innovation
Following Pushback, Zoom Says It Won't Use Customer Data to Train AI Models (Dark Reading) Company's experience highlights the tightrope tech organizations walk when integrating AI into their products and services.
UK regulators issue warning over website designs (Computing) The Information Commissioner's Office (ICO) and Competition and Markets Authority (CMA) have urged businesses to stop using "harmful" website designs that can compromise personal data.
Research and Development
RTI Awarded $1.25M Defense Research Contract to Develop Data-Centric Threat Detection Capabilities for Real-Time Networks (Globenewswire) RTI will leverage the power of its secure, data-centric networking technology to drive major innovations in semantic level understanding of networked systems
Academia
Carnegie Mellon’s hacking team wins 7th DEF CON Capture-the-Flag title (Cylab) The winningest team in DEF CON’s Capture-the-Flag (CTF) competition history, Carnegie Mellon University’s Plaid Parliament of Pwning (PPP), was back at it again, as the team defended its title, earning its seventh victory in the past eleven years.
Legislation, Policy, and Regulation
China to disclose secret US ‘global reconnaissance system,’ claims official (Record) The claim is the latest in a series of attempts by the People’s Republic of China to highlight alleged U.S. intelligence-gathering operations.
Chinese security ministry attacks ‘selfish, hegemonic and disingenuous’ US (South China Morning Post) The ministry posts a rare commentary directly attacking Washington as it continues efforts to defend new legislation that expands definition of spying.
China would consider attacks on US railroads, pipelines if it invades Taiwan, Easterly says (Record) CISA Director Jen Easterly did not hold back at the DEF CON conference in describing the threat from China. She openly confirmed concerns raised by White House officials in news reports in July.
US watchdog to announce plans to regulate 'surveillance industry' (Reuters) The top U.S. agency for consumer financial protection will announce plans at the White House on Tuesday to regulate companies that track and sell people's personal data, part of the Biden administration's widening scrutiny of that industry's privacy practices, officials said.
White House cyber office has its eye on workforce data (Nextgov.com) Data on the cybersecurity workforce is fragmented and inconsistent. A top White House official is looking to change that.
CISA expects upcoming industry rules to show ‘scope and scale’ of ransomware problem (Record) Speaking at DEF CON in Las Vegas, CISA Directory Jen Easterly said new incident reporting rules will help the agency understand how well the government and industry are doing in the fight against cybercrime.
Improving the Quality of Cybersecurity Risk Management Disclosures (U.S. Securities and Exchange Commission) Today, the Commission is voting to adopt a rule that will require public companies to enhance and standardize their disclosures on cybersecurity risk management, strategy, and governance, as well as incident reporting. I am pleased to support this rule because it will strengthen the quality, consistency, and timeliness of cybersecurity-related disclosures to investors.
Litigation, Investigation, and Law Enforcement
Chinese spies who read State Dept. email also hacked GOP congressman (Washington Post) Rep. Don Bacon said he was told of the hacking Monday; he pledged to 'work overtime’ to win passage of an aid package for Taiwan
Binary Ballet: China’s Espionage Tango with Microsoft (SecurityHQ) CISA have disclosed a major security incident which impacted customers of Exchange Online & Outlook. SecurityHQ provides steps to safeguard.
Microsoft Exchange hack to be investigated by US Cyber Safety Board (Computing) A review to be conducted by the US Department of Homeland Security's Cyber Safety Review Board (CSRB) will focus on malicious attacks against cloud computing environments.
Spy agency caught up in KPMG consulting scandal (ABC) Australia's cyber spy agency has been caught up in the KPMG consulting scandal.
How alleged computer crimes figure into latest indictment of Trump, allies (Washington Post) Trump allies face charges over alleged Coffee County voting equipment breaches
The charges against Trump and allies in Fulton county – full text of indictment (the Guardian) A grand jury in Georgia has issued an indictment accusing Trump of efforts to overturn the 2020 election – read the full text here
Why Trump’s Indictment in Georgia Carries the Most Risk (Time) The Georgia case may be the most threatening one facing Trump because he can’t resolve it by paying a fine or pardoning himself.
Sextortion suspects on trial after one victim dies (Register) Trio alleged to have blackmailed over 100 targets after threats of intimate image release
Orrick Hit With Class Action Lawsuit Over Data Breach (Above the Law) The complaint alleges the Biglaw firm failed to keep data safe.