Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+539: Drones, grain corridors, and combat-support hacking. (CyberWire) A look at lessons from cyber threats to satellite communications, and some apparent domestic hacktivim in Russia.
Russia-Ukraine war: List of key events, day 540 (Al Jazeera) As the war enters its 540th day, these are the main developments.
Ukraine Recaptures a Small Village as Russian Forces Retreat (New York Times) The announcement came on the same day that a cargo ship stranded in the Odesa port became the first to venture into the turbulent waters of the Black Sea despite Moscow’s threats to treat vessels in the area as hostile.
Russia hits Ukrainian grain depots again as a foreign ship tries out Kyiv's new Black Sea corridor (AP News) Officials say Russia has resumed its targeting of grain infrastructure in Ukraine’s southern Odesa region, using drones in overnight strikes on storage facilities and ports along the Danube River.
Russia hits Ukrainian grain depots again (Military Times) Kyiv has increasingly used those terminals for grain transport to Europe after Moscow broke off a key wartime export deal through the Black Sea.
Ukrainian ship carrying grain sails from Odessa, testing Russian threat (Washington Post) Kyiv officials said a first ship carrying Ukrainian agricultural cargo set sail Wednesday from the southern port of Odessa — despite threats by Russia to forcibly stop vessels in the Black Sea after Moscow unilaterally terminated a U.N.-sponsored agreement allowing safe passage of Ukrainian grain shipments.
First cargo ship leaves Ukraine port since end of grain deal despite Russian threats (the Guardian) Civilian vessel left port of Odesa and travelled down temporary corridor set up after Moscow pulled out of UN-backed Black Sea grain deal
Almost 10,000 Civilians Killed in Ukraine Since Start of War, UN Says (Military.com) A new report confirmed 9,444 civilian deaths and 16,940 people injured since Russia launched a full-scale invasion of its neighbor in February 2022.
Ukraine intelligence agency says sea drones carried out Kerch Bridge attack (the Guardian) Spy chief says remotely controlled drones, developed internally, were behind 17 July attack
Ukraine-Russia war: Four Ukrainian soldiers killed in Russia by spy agency (The Telegraph) Russia’s FSB security services have killed four Ukrainian “saboteurs” who crossed the border into the western Bryansk region, according to reports.
Ukraine modifies British Challenger 2 tanks to protect them from Russian drones (The Telegraph) Footage suggests that Kyiv is doubling down with its counter-offensive as it attempts to break front-line stalemate
North Korea’s Kim, in letter to Putin, vows solidarity with Russia (Washington Post) North Korean leader Kim Jong Un vowed to strengthen relations with Russia so the two countries could continue to “smash the imperialists’ arbitrary practices and hegemony,” according to a state media report.
The Return of Russian Ethnonationalism (Foreign Affairs) Chauvinism under—and after—Putin
Incident response lessons learned from the Russian attack on Viasat (CSO Online) At the Black Hat and DEF CON conferences, Viasat and the NSA offered detailed accounts about what went down when Russian hackers shut off tens of thousands of satellite broadband modems in the Ukraine war’s first significant cyberattack.
Russia fines Google US$32,000 for videos about the conflict in Ukraine (CTVNews) A Russian court on Thursday imposed a 3-million-ruble (US$32,000) fine on Google for failing to delete allegedly false information about the conflict in Ukraine.
Reports: Russia Opts Not To Impose Foreign Currency Controls Amid Sliding Ruble (RadioFreeEurope/RadioLiberty) Russian officials have reportedly opted not to impose new controls on buying and selling foreign currency, as officials try and stabilize the plummeting ruble.
Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps (Graham Cluley) Someone clearly isn't very impressed with Vladimir Putin, as the Russian economy continues to tank in the wake of sanctions.
Attacks, Threats, and Vulnerabilities
Hackers are increasingly hiding within services such as Slack and Trello to deploy malware (CyberScoop) A new analysis unpacks a wide array of malware abusing legitimate internet services and what defenders should do to stop it.
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector (SentinelOne) Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.
ProxyNation: The dark nexus between proxy apps and malware (AT&T Alien Labs) AT&T Alien Labs researchers recently discovered a massive campaign of threats delivering a proxy server application to Windows machines. A company is charging for proxy service on traffic that goes through those machines. This is a continuation of research described in our blog on Mac systems turned into proxy exit nodes by AdLoad.
In this research, Alien Labs identified a company that offers proxy services, wherein proxy requests are rerouted through compromise
Massive 400,000 proxy botnet built with stealthy malware infections (BleepingComputer) A new campaign involving the delivery of proxy server apps to Windows systems has been uncovered, where users are reportedly involuntarily acting as residential exit nodes controlled by a private company.
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks (Aqua Security) We expose significant flaws in PowerShell Gallery's policy package names and owners, that open potential supply chain attacks on the registry's user base.
#NoFilter - Abusing Windows Filtering Platform for (Deep Instinct) Privilege escalation is a common attack vector in the Windows OS. There are multiple offensive tools in the wild that can execute code as “NT AUTHORITY\SYSTEM” (Meterpreter, CobaltStrike, Potato tools), and they all usually do so by duplicating tokens and manipulating services. This allows them to perform attacks like LSASS Shtinkering.
LockBit’s dirty little secret: ransomware gang is failing to publish victims’ data (Graham Cluley) The LockBit ransomware gang may be having more than a few headaches right now. According to a researcher who spent a year undercover gathering intelligence on the LockBit group, the ransomware gang is…
Raccoon Stealer malware back with updated version following administrator arrest (Record) The operators of the infamous Raccoon malware have announced their return after a six-month hiatus from hacker forums following the arrest of an administrator.
Beware the Emergence of Shadow AI (Tech Policy Press) Shadow AI is potentially a lot more pernicious and pervasive than Shadow IT, says Abhishek Gupta.
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (IC3) The FBI is warning the public that cyber criminals are embedding malicious code in mobile beta-testing applications (apps) to defraud potential victims. Beta-testing apps are online services for testing of mobile apps prior to official release. The beta apps typically are not subject to mobile operating systems' review processes.
FBI warns about scams that lure you in as a mobile beta-tester (Naked Security) Apps on your iPhone must come from the App Store. Except when they don’t… we explain what to look out for.
Jamf Threat Labs explains their discovery of possible exploit of Airplane Mode. (Jamf) Learn how Jamf Threat Labs researchers found a vulnerability in Airplane Mode and how it can be exploited to maintain internet connections for malicious applications.
Canadian marketing company hit by data breach, says Ontario liquor board (IT World Canada) A Canadian marketing company that counts some of the country's biggest corporations as its customers has been hit by a data breach. One of them is the Liquor Control Board of Ontario (LCBO), a Crown corporation that sells spirits and wine in stores across the province. In an email sent to customers today, the board
LCBO warns of data breach, some customers' personal information may be affected (CBC News) The Liquor Control Board of Ontario is warning subscribers to its promotional emails that their personal information may have been accessed by an "unauthorized party."
M&T Bank Files Notice of Data Breach Affecting Over 95k Massachusetts Residents (JD Supra) On August 14, 2023, M&T Bank filed a notice of data breach with the Attorney General of Massachusetts. In this notice, M&T explains that the incident...
Geico 'aware' of security issues, employees believe they were hacked (WKBW 7 News Buffalo) A Geico spokesperson confirmed with 7 News that MOVEit, an outside software program that Geico uses to transfer data to third-party vendors, was involved in a data breach.
File sharing site Anonfiles shuts down due to overwhelming abuse (BleepingComputer) Anonfiles, a popular service for sharing files anonymously, has shut down after saying it can no longer deal with the overwhelming abuse by its users.
Clorox Operations Disrupted By Cyber-Attack (Infosecurity Magazine) The cyber-attack disrupted manufacturing and distribution processes
Australian healthcare provider hacked, client medical data published (Cybersecurity Connect) An Australian preventative healthcare operator has had a swathe of employee and patient data posted – for free download – on the darknet.
It was the most reported scam in Australia last year. Here's how phishing works (ABC) Phishing is the most commonly reported scam in Australia, with scammers harvesting tens of millions of dollars every year from unsuspecting victims.
DEF CON 31: Robot vacuums may be doing more than they claim (We Live Security) DEF CON 31: Dennis Giese, a renowned expert in “hacking” robot vacuum cleaners, had presentation about privacy issues related to robot vacuums. After hearing shocking examples ESET's Tony Anscoble will rather stick to pushing his handheld vacuum around the house.
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-24489 Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
Security Patches, Mitigations, and Software Updates
Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution (SecurityWeek) Ivanti has patched critical- and high-severity vulnerabilities with the latest release of Avalanche enterprise MDM solution
Trends
Cyber Threat Intelligence Index: July 2023 (Flashpoint) Flashpoint’s monthly look at the cyber risk ecosystem affecting organizations around the world, including intelligence, news, data, and analysis about ransomware, vulnerabilities, data breaches, and insider threats.
Threat Labs Report — TELECOM 2023 (Netskope) Gain insights into the threats targeting telecommunications organizations. Learn how telecom organizations can defend against these threats.
Malicious links now top cyber attack threat globally: Report (ETTelecom.com) "Attackers primarily impersonate the brands and entities we trust and rely on. In the majority (60.1 per cent) of cases, attackers pose as one just 25 organisations -- including Microsoft, Google, Salesforce and Amazon," the findings showed.
GRIT Ransomware Report: July 2023 (Guidepoint Security) July revealed several interesting changes in trends, with an observed increase in number of active threat groups, impacted industries, and impacted countries, despite a considerable decrease in activity attributed to seven of June’s top ten threat groups.
Marketplace
Cynomi Study Reveals Number of MSPs Providing Virtual CISO Services Will Grow Fivefold By Next Year | Cybersecurity Dive (Cybersecurity Dive) Cynomi, the leading AI-powered virtual Chief Information Security Officer (vCISO) platform vendor for Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs) and consulting firms, has published the results of its first annual report, “The State of the Virtual CISO 2023”. The report, conducted by Global Surveys on behalf of Cynomi, reveals critical insights into MSPs and MSSPs’ recent shift towards vCISO services.
Zurich Holding Company of America acquires cyber firm SpearTip (ReinsuranceNe.ws) Zurich Holding Company of America, a subsidiary of Zurich Insurance Group, has acquired SpearTip, a cyber counterintelligence firm that helps protect
Fastly Expands Domains API and TLS Capabilities with Domainr Acquisition and General Availability of Certainly Certification Authority (Business Wire) Advancements propel Fastly’s mission to enhance trust and security for its customers and across the internet
Akamai Technologies sells new jumbo convert after IG rating (GlobalCapital) The US cloud and cyber security company is placing a new $1bn convertible bond
Orders flooding in on Pentagon’s $9 billion cloud contract (Defense News) The Pentagon in late 2022 tapped Amazon, Google, Microsoft and Oracle for its potential $9 billion Joint Warfighting Cloud Capability, or JWCC.
ISC2 Announces Major Milestone as Community Grows to Half a Million Strong (PR Newswire) The world's leading nonprofit member organization for cybersecurity professionals, formerly known as (ISC)², has today announced that it is now...
More Cyber Companies Announce Layoffs (Wall Street Journal) Vendors have cut hundreds of employees in recent weeks.
Why is Palo Alto Networks reporting earnings Friday afternoon? The strange timing draws speculation. (MarketWatch) Wall Street wonders why the cybersecurity company decided to report earnings and hold its conference call after the close of markets on a Friday.
Vectra AI Appoints Scott Dussault as Chief Financial Officer (GlobeNewswire News Room) Vectra AI, the leader in AI-driven cyber threat detection and response, today announced the...
Products, Services, and Solutions
Beyond Identity Launches New Passkey Adoption Tool, The Passkey Journey (Business Wire) Tool Provides Advanced Insights to Accelerate Passkey Deployment and Optimize User Experience
Google Releases Security Key Implementation Resilient to Quantum Attacks (SecurityWeek) Google has released the first quantum-resilient FIDO2 security key implementation as part of its OpenSK project.
Claroty Brings Operational Technology Security to Expanded Deloitte Managed Extended Detection and Response Platform (Claroty) Collaboration to bring prevention, detection, and response capabilities to business-critical systems and assets across cyber-physical environments
Oracle Achieves Top Secret Cloud Authorization (Yahoo Finance) Oracle today announced the U.S. Intelligence Community has authorized Oracle Cloud Infrastructure (OCI) to host Top Secret/Sensitive Compartmented Information (TS/SCI) missions.
Carlsberg Group Selects Cato Networks for Massive Global SASE Deployment (PR Newswire) Cato Networks, provider of the world's leading single-vendor SASE platform, announced Carlsberg Group as its latest enterprise customer. The...
Fortra Security Solutions Go on the "Offensive" (MSSP Alert) Fortra has repositioned its portfolio to advance its package of offensive security solutions, which are now interoperable.
Axiad Launches New Passwordless Authentication Package for Government, Critical Infrastructure and Defense Industrial Base (PR Newswire) Axiad, a leading provider of organization-wide passwordless orchestration, today announced a new Unified Credential Management System (UCMS)...
ConnectWise and CompTIA Celebrate First Graduating Class from Ticket to Tech Program (GlobeNewswire News Room) Partnership Takes on Industry’s Hiring Crisis with Training Initiative That Bridges the Skills Gap ...
Technologies, Techniques, and Standards
Wall Street Turns to AI to Solve WhatsApp Compliance Nightmare (The Information) The Securities and Exchange Commission’s latest crackdown on Wall Street bankers and traders’ use of encrypted apps is sparking interest in whether large-language models and other artificial intelligence tools can catch Wall Street workers talking in code about something they shouldn’t be—or ...
CISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense Plan | CISA (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA released the Remote Monitoring and Management (RMM) Cyber Defense Plan, the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC).
New CISA guidance looks to guard against supply chain hacks (Nextgov.com) The Cybersecurity and Infrastructure Security Agency advocates constant communication and education as cyber threat mitigative measures.
CISA publishes plan for remote monitoring tools after nation-state, ransomware exploitation (Record) A collaboration between the U.S.’s cybersecurity defense agency and private companies published its first plan to address security issues with remote monitoring and management (RMM) tools on Wednesday.
Cybersecurity in the cloud coming into focus with CISA configurations, CSRB review (Federal News Network) The Cyber Safety Review Board will investigate what agencies and industry can do to "strengthen identity management and authentication in the cloud.”…
SCARF – A Low-Latency Block Cipher for Secure Cache-Randomization (USENIX) Randomized cache architectures have proven to significantly increase the complexity of contention-based cache side channel attacks and therefore present an important building block for side-channel secure microarchitectures.
Design and Innovation
Foretrace Announces Launch of "Tim", Generative AI Analyst for Assessing and Responding to Data Leaks (PR Newswire) Foretrace, the leader in data leak and exposure management, today announced the release of "Tim", a generative AI analyst that will...
Research and Development
Nubeva Files U.S. Patent for AI-Powered Decryptor Builder to Further Enhance Proven Ransomware Reversal Offering (GlobeNewswire News Room) Nubeva Technologies (TSX-V: NBVA), a cybersecurity company specializing in ransomware decryption, has...
Legislation, Policy, and Regulation
Inside the messy ethics of making war with machines (MIT Technology Review) AI is making its way into decision-making in battle. Who’s to blame when something goes wrong?
White House orders federal agencies to shore up cybersecurity, warns of potential exposure (CNN Politics) The White House ordered federal agencies to shore up their cybersecurity after agencies have lagged in implementing a key executive order President Joe Biden issued in 2021, according to a memo first obtained by CNN.
Cyber experts say regulators aren't going far enough with their rules (Washington Post) The Network: It’s time to step up cyber regulations even more
Breaking Down the New SEC Cybersecurity Rules (JD Supra) On July 26, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules. Organizations will need to disclose material cyber incidents...
SEC cyber rules ignite tension between reputation and security risk (Cybersecurity Dive) The rules, which take effect Sept. 5, encountered mixed reactions. Some champion board-level cyber accountability. Others say the rules are too big of a lift.
NYC bans TikTok on city-owned devices (The Verge) States all across the country have banned the app in recent months.
Litigation, Investigation, and Law Enforcement
Pentagon Compromise | The Most Effective Insider Threat Sensors Are People (DTEX Systems Inc) DTEX i3 team confirms people are the most effective insider threat sensors; identifies several other early warning indicators.
Man arrested and questioned after searches over PSNI data breach (BelfastLive) The Police Service of Northern Ireland revealed a document had mistakenly been shared online
Man, 39, arrested in data leak probe suspected of collecting info for terrorists (The Irish Sun) A MAN has been arrested in connection with last week’s PSNI data breach. The 39-year-old was arrested on suspicion of collecting information likely to be useful to terrorists. Detectives made the a…
Detectives investigating major PSNI data leak arrest man after search in County Armagh (inews.co.uk) The 39-year-old is being held on suspicion of collection of information likely to be useful to terrorists
Is Johns Hopkins the bad guy in patient data breach? Or a victim? (The Baltimore Banner) Experts say Johns Hopkins’ patient data could have been stolen by hackers even if security measures were impeccable. So why are so many people suing the institution?
Clues point to identities of ‘unindicted co-conspirators’ in alleged Coffee County breach (Washington Post) The wide-ranging indictment of former president Donald Trump in Georgia accuses four of his supporters of conspiring to copy and distribute data from elections equipment in rural Coffee County, and it leaves unnamed seven “unindicted co-conspirators” who the grand jury said participated in that effort.
ALERT: The Hartford Hit with Data-Breach Class Action (Connecticut Law Tribune) Data security breaches have dominated the headlines for the last two decades, the complaint said. And it doesn’t take an IT industry expert to know it. ... The Hartford should certainly have been aware, and indeed was aware, that it was at risk for a data breach that could expose the PII that it collected and maintained.
Special counsel obtained Trump DMs despite ‘momentous’ bid by Twitter to delay, unsealed filings show (POLITICO) Judge Beryl Howell lit into Twitter for taking steps to give Donald Trump advance notice about the search warrant.
A former fundraiser for Rep. George Santos has been charged with wire fraud and identity theft (AP News) A former fundraiser for U.S. Rep. George Santos has been indicted on federal charges that he impersonated a high-ranking congressional aide while soliciting contributions for the New York Republican’s campaign.