Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+544: Doxing and diversionary drone strikes. (CyberWire) Ukrainian hacktivist auxiliaries claim to have doxed a deputy chair of Russia's Duma, exposing evidence of corruption. Russian disinformation operattions targeted last month's NATO summit.
Russia-Ukraine war: List of key events, day 545 (Al Jazeera) As the war enters its 545th day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 545 of the invasion (the Guardian) Two people injured after Ukrainian drone falls on house in Moscow; Greece to train F-16 pilots
Ukraine-Russia war: Ukrainian forces 'reach centre of key village' amid fierce fighting (The Telegraph) Fierce fighting is reportedly taking place in a key village on the war’s southern front after Ukrainian troops forced their way into the centre of Robotyne.
Ukraine drone strike reportedly destroys Russian supersonic bomber (the Guardian) The TU-22M3 – used extensively in missile strikes on Ukraine – was seen burning in images shared on social media
Ukraine media say Kyiv saboteurs were behind drone attacks on air bases deep inside Russia (AP News) Ukraine media are reporting that a pair of recent drone attacks on air bases deep inside Russia that hit parked bomber aircraft were the work of Ukrainian saboteurs coordinated by Kyiv’s military intelligence services.
Ukraine’s Zelenskyy thanks Danes in person for F-16s (Military Times) Denmark and the Netherlands announced that they will provide Kyiv with F-16 warplanes that could be delivered around the end of the year.
Greece to train Ukrainian pilots to fly F-16 jet fighters, Zelenskyy says (Al Jazeera) Greece fighter pilot training offer comes after Denmark and the Netherlands announced they would supply F-16s to Kyiv.
U.S. Open to Training Ukrainian F-16 Pilots if Needed (U.S. Department of Defense) The U.S. would be willing to participate in the training of Ukrainian pilots, Deputy Pentagon Press Secretary Sabrina Singh said, if there were more Ukrainian pilots in need of training than what the
Wagner making ‘Africa even more free’, says Prigozhin in first post-rebellion video (the Guardian) Person who appears to be mercenary leader seen in desert area, saying his group is recruiting
Dueling Tours for Influence as Ukraine War Scrambles Alliances (New York Times) As Volodymyr Zelensky went on a diplomatic blitz of Europe, a top Iranian general made his way to Moscow.
The End of the Russian Idea (Foreign Affairs) What it will take to break Putinism’s grip.
Ukrainian hackers claim to leak emails of Russian parliament deputy chief (Record) Ukrainian hackers claim to have broken into the email account of a senior Russian politician and exposed documents that allegedly prove his involvement in money laundering and sanction evasion schemes.
Summit Old, Summit New (Graphika) Russia-Linked Actors Leverage New and Old Tactics in Influence Operations Targeting Online Conversations About NATO Summit
Summit Old, Summit New: Russia-Linked Actors Leverage New and Old Tactics in Influence Operations Targeting Online Conversations About NATO Summit (Graphika) Russia-linked actors engaged in a multi-pronged effort to influence online conversations around the July 2023 NATO Vilnius summit, using deceptive practices to advance narratives almost certainly intended to denigrate NATO and host nation Lithuania.
The Reconstruction of Ukraine Can Inform the West’s Digital Transformation (CIGI) The war has been a showcase for Ukraine’s whole-of-society approach to new technology.
Cyber Warfare in Ukraine: A Comprehensive Analysis of Global Digital Defense, Future Threats, and India's Role (Ground) In an era where warfare transcends physical boundaries, Ukraine stands as a testament to the power of digital resilience. The ongoing conflict with Russia has not only been fought on the ground but in the virtual realm, where cyberattacks and information warfare have become as critical as tanks and missiles. The war in Ukraine is multidimensional, happening not only on the battlefield but also in cyberspace. On February 24, 2022, the day Russia …
Elon Musk considered pulling plug on Ukraine’s Starlink access after ‘great conversation with Putin’ (The Telegraph) Tech billionaire worried about being seen ‘in Russia as enabling Ukrainian war effort’
Elon Musk’s Shadow Rule (The New Yorker) How the U.S. government came to rely on the tech billionaire—and is now struggling to rein him in.
Pope Francis discusses Ukraine war and peace with US military chief (Reuters) Pope Francis and General Mark Milley, the chairman of the U.S. Joint Chiefs of Staff, discussed the war in Ukraine and hopes for peace there during a private audience at the Vatican on Monday.
Attacks, Threats, and Vulnerabilities
Ecuador’s national election agency says cyberattacks caused absentee voting issues (Record) Absentee voters flooded social media to express their frustration at not being able to cast votes through an online system created by the government.
How ubiquitous keyboard software puts hundreds of millions of Chinese users at risk (MIT Technology Review) Third-party keyboard apps make typing in Chinese more efficient, but they can also be a privacy nightmare.
Spin.AI Reveals SaaS Security Insights in New Report: Unveiling the Hidden Risks Lurking in Browser Extensions (Business Wire) Study showcases the potential security threats posed by browser extensions, calls for proactive risk management in the digital age
Browser Extension Risk Report: High # Risks for SaaS Data (Spin.ai) Our SaaS App Risk Report showed 75% of SaaS apps are high or medium risk. This article provides a deeper look into the browser extension risks in 2023.
EOL Cyber Incident and Update (Energy One Limited) On Friday, 18 August 2023, Energy One Limited established that certain corporate systems in Australia and the United Kingdom had been affected by a cyber-attack.
Australian software provider Energy One hit by cyberattack (Record) The global software company Energy One has been hit by a cyberattack affecting its systems in Australia and the U.K.
Energy One Investigates Cyberattack (Dark Reading) Energy One is trying to determine the initial point of entry and whether personal information has been compromised.
Cyber attack on energy software provider affects corporate systems (Business Insurance) Wholesale energy software provider Energy One Ltd. confirmed that a cyber attack on Aug. 18 had affected certain corporate systems in Australia and the U.K., forcing it to disable certain links between corporate and customer-facing systems as it investigates the extent of the attack, CSO Online reported. The company is presently running an analysis to identify if any additional systems were affected in the attack. It is also investigating if and what personal data or customer-facing systems were affected.
Exploitation of Openfire CVE-2023-32315 (VulnCheck) CVE-2023-32315 was first exploited in the wild in June 2023. However, VulnCheck has discovered an new approach to exploiting this vulnerability, streamlining the attack process and adeptly bypassing the generation of log entries. In addition, VulnCheck analyzes the remaining indicators of compromise and shares network detections.
FBI urges US space industry to safeguard technologies (Register) If spies aren't swiping designs via joint ventures, they're breaking into IT networks and mulling sat hijackings
Resolution of cyber incident
(auDA) auDA has completed its investigation into the alleged cyber incident, which indicates that there is no evidence that cyber criminals have accessed auDA systems or have auDA data.
HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack (The Hacker News) #HiatusRAT malware creators return, targeting Taiwan-based orgs & U.S. military procurement system.
New HiatusRAT campaign targets Taiwan and U.S. military procurement system (Security Affairs) HiatusRAT malware operators resurfaced with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system. In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “HiatusRAT” that infected over 100 edge networking devices globally. Threat actors leveraged edge routers, or “living on the edge” access, to passively collect […]
HiatusRAT Returns after a Hiatus in a Fresh Wave of Attacks (Cyware Labs) The HiatusRAT malware group reemerged to target Taiwan-based organizations and a U.S. military procurement system allegedly to snoop on military contracts. Know further!
No rest for the wicked: HiatusRAT takes little time off in a return to action (Lumen) After publishing our initial research, Black Lotus Labs continued to track the HiatusRAT cluster resulting in new malware samples and infrastructure.
Ongoing Duo outage causes Azure Auth authentication errors (BleepingComputer) Cisco-owned multi-factor authentication (MFA) provider Duo Security is investigating an ongoing outage that has been causing authentication failures and errors starting three hours ago.
Sneaky Amazon Google ad leads to Microsoft support scam (BleepingComputer) A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.
Japanese watchmaker Seiko breached by BlackCat ransomware gang (BleepingComputer) The BlackCat/ALPHV ransomware gang has added Seiko to its extortion site, claiming responsibility for a cyberattack disclosed by the Japanese firm earlier this month.
What is WormGPT? (Panda Security Mediacenter) What is WormGPT and what does it do? Like all technologies, hackers have found a way to use AI to commit online crime.
The simple typo that stopped bank robbers from stealing $1 billion (LAD Bible) A group of cyber criminals who were behind the mind-blowing Bangladesh Bank heist were thwarted from stealing $1 billion because of a simple typo.
Scammers Used ChatGPT to Unleash a Crypto Botnet on X (WIRED) A botnet apparently connected to ChatGPT shows how easily, and effectively, artificial intelligence can be harnessed for disinformation.
A Bard’s Tale – how fake AI bots try to install malware (We Live Security) Fake ads are flooding Facebook & Co. offering downloads of the latest AI tools. Instead of smart helpers you'll only get malware
Deepfake Imposter Scams Are Driving a New Wave of Fraud (Yahoo Finance) Computer-generated children’s voices so realistic they fool their own parents. Masks created with photos from social media that can penetrate a system protected by face ID. They sound like the stuff of science fiction, but these techniques are already available to criminals preying on everyday consumers.Most Read from BloombergBorrowers With $39 Billion in Student Loans Finally See ReliefMusk Told Pentagon He Spoke to Putin Directly, New Yorker SaysNasdaq 100 Climbs 1% as
Employees and Sensitive Data Take Summer Vacation; Exposing Companies to Increased Risk (Next DLP) With summer vacation comes access to sensitive data outside of the home office or corporate office, creating the phenomenon of sensitive data going “to the beach”.
How a Christie’s website revealed where people kept their art (Washington Post) The British auction house inadvertently published location data on its website for hundreds of images of items owners were seeking to sell
Tesla's Huge Data Breach Was Caused by Internal Whistleblowers (Tech.co) Tesla has begun notifying the 75k former and current employees impacted by the May 'Tesla Files'.
CISA Adds One Known Exploited Vulnerability to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-26359 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Security Patches, Mitigations, and Software Updates
Ivanti Issues Fix for Critical Vuln in Its Sentry Gateway Technology (Dark Reading) Security vendor will not say if attackers are already actively exploiting the flaw, as some reports have claimed.
Ivanti: Customers ‘impacted’ by new zero-day vulnerability (Record) The bug occurs in Ivanti Sentry, formerly known as MobileIron Sentry, but “does not impact other Ivanti products, the company said.
Pinterest rolls out new teen safety features, including wiping followers from users 15 and under (TechCrunch) Pinterest today introduced a series of new safety features aimed at better protecting teens using its service. The features -- which include things like
Trends
Ransomware Takes Center Stage in Q2 2023 (PR Newswire) Nuspire, a leading managed security services provider (MSSP), today announced the release of its Q2 2023 Cyber Threat Report. The quarterly...
Critical Insight Releases H1 2023 Report (Critical Insight) Record 40 Million Individuals Exposed in Healthcare Cyber Breaches Despite Overall Decline
PrivacyHawk releases 2023 personal data, privacy and AI report highlighting consumer alarm and sentiment about privacy and AI (Business Wire) Americans have grave concerns about their personal data, bipartisan demand for a national privacy law, and a bleak, pessimistic view of an AI-dominated future
Quarterly Threat Bulletin #8: Harness Cybersecurity Intelligence Power (Uptycs) Uptycs’ Quarterly Cyber Threat Bulletin spotlights threats from Q2 of 2023: May, June, and July. With great data comes great responsibility!
National Privacy Test: Check your online privacy and security IQ (National Privacy Test) Take this short test to get your personal digital privacy score. Find out how your country compares to the global scores.
Marketplace
Exclusive: Cybersecurity firm SentinelOne explores sale -sources (Reuters) SentinelOne Inc , a cybersecurity company with a market value of about $5 billion, has been exploring options that could include a sale, according to people familiar with the matter.
Grip Security Raising $41 Million Series B Led by Third Point Ventures (Business Wire) SaaS security leader plans to accelerate growth and extend its market leadership
Press release: Cerby announces Series A (Cerby) Cerby secures $17 million in Series A funding round led by Two Sigma Ventures and Outpost Ventures.
BIRD to strengthen critical cybersecurity infrastructure with $3.8m. (The Jerusalem Post) Hailing from both Israeli and American tech hubs, four projects have been given the green light by the Cyber Project.
Fortinet Named a Challenger in the 2023 Gartner® Magic Quadrant™ for Single-Vendor SASE (Fortinet) Fortinet delivers unified management using a single console while delivering seamless integration of SD-WAN and cloud-delivered AI-powered security to secure the hybrid workforce
Resecurity Recognized for Ethical Vulnerability Disclosure in Products of Apple, Oracle and Schneider Electric (Yahoo Finance) Resecurity, Inc. (USA), a global cybersecurity solutions provider protecting Fortune 500 and government agencies worldwide, is proud to announce that its esteemed HUNTER unit experts have been acknowledged for their exemplary ethical vulnerability disclosure in software products of major tech giants including Apple, Oracle, and Schneider Electric. These recognitions underline Resecurity's commitment to fostering a safer digital landscape through responsible collaboration with software vendors an
Qualys Drives Responsible Business Practices and Sustainability Through Inaugural ESG Report (Qualys) Qualys, Inc (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced the publication of its inaugural Environmental, Social, and Governance (ESG) Report, showcasing its robust adherence to responsible business practices and sustainable operations.
IBM: employees who use AI will replace those who don't (Computing) The impact of AI on the global workforce will be significant, and will result in shifts in employee roles and skill requirements in the coming years.
Next Joins the MITRE Engenuity Center for Threat-Informed Defense (Next DLP) Next DLP Joins MITRE Engenuity Center for Threat-Informed Defense to enhance the center's ability to develop resources to protect against cyberattacks.
Telos Corporation Awarded Five-Year Contract with Defense Information Systems Agency - Telos Corporation (Telos Corporation) Ashburn, Va. – August 22, 2023 – Telos Corporation (NASDAQ: TLS), a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, announced today a five-year contract with the Defense Information Systems Agency (DISA) for the Telos Automated Message Handling System (AMHS) to support the distribution and processing of various... Read more
LogicGate Strengthens Executive Team with New Chief Marketing Officer to Drive Strategic Growth Initiatives (PR Newswire) LogicGate, a leading provider of next-generation Governance, Risk, and Compliance (GRC) solutions through its acclaimed Risk Cloud®...
Cyversity Announces Advisory Board to Shape the Future of the Cybersecurity Industry (PR Newswire) Cyversity, a 501(c)3 non-profit association dedicated to the academic and professional success of women, underrepresented minorities, and...
Products, Services, and Solutions
Paperclip SAFE® Adds Data Masking to its Breakthrough Searchable Encryption Solution (GlobeNewswire News Room) Paperclip, Inc. (OTCMKTS:PCPJ) announced today that its SAFE® searchable encryption solution now...
Veridas Drives Biometric Inclusivity Mission by Joining OIX Community • Veridas (Veridas) Veridas Drives Biometric Inclusivity Mission by Joining OIX Community Veridas looks to play a key role in developing biometric adoption Veridas, a leading global provider of AI-driven identity verification solutions, is pleased to announce it has joined Open Identity Exchange (OIX), a global community driving positive and inclusive developments for trusted digital identities. Veridas Digital […]
CrowdStrike Dominates SC Awards 2023 Winning Best Enterprise Security Solution and Best Managed Detection and Response Service (Business Wire) CrowdStrike (Nasdaq: CRWD) today announced that the company took home two key wins in the 2023 SC Awards as the CrowdStrike Falcon® platform won Best Enterprise Security Solution and CrowdStrike Falcon® Complete won for best Managed Detection and Response Service.
Dragos Honored With Two Prestigious 2023 SC Media Awards for Best Industrial Security Solution and Most Promising Unicorn (Business Wire) Dragos recognized for Operational Technology, global expansion, and technical excellence
BeyondID Launches BeyondID Security Operations Center (IT News Online) BeyondID, a leading managed identity services provider, today announced the BeyondID Security Operations Center (SOC). This 24/7/365 security monitoring and threat detection service is designed to help organizations maintain the security of their systems in real-time.
Forescout Joins MISA and Announces Integration with Microsoft Sentinel to Provide Automated Threat Management Across the Extended Enterprise (Forescout) Forescout, a global cybersecurity leader, today announced integrations with Microsoft Sentinel as part of a broader initiative to support the Microsoft Security portfolio. These integrations will deliver real-time visibility, threat management, and incident response across the extended enterprise: campus, datacenter, remote workers, cloud, mobile, IoT, OT and IoMT endpoints.
MDR & Gen AI Cybersecurity Leader eSentire Announces New Cyber… (eSentire) eSentire’s LLM Gateway implementation framework, available now on GitHub, enables security teams with visibility and control to improve their governance and operational monitoring of ChatGPT and other LLMs
SentinelOne® Leads the Way in XDR (Business Wire) Company ranked as clear Growth Index Leader in Frost Radar™: Extended Detection and Response, 2023 ahead of Microsoft, Crowdstrike, Palo Alto Networks and others
Aryaka Hits the Road to Celebrate New PoP Launches in the USA and Europe (PR Newswire) Aryaka®, the leader in Unified SASE solutions, today announced that it is organizing a global roadshow to coincide with the launches of its...
Security Journey Attains SOC 2 Type II Compliance Setting Industry Benchmark (GlobeNewswire News Room) Security Journey, a leading secure coding training provider, announces its achievement of SOC 2 Type...
Seclore and Nagarro Unveil Joint Secure Collaboration Solution for Enhanced Data Security and Compliance (Seclore) Today Seclore, the leading provider of data-centric security solutions, announced in partnership with Nagarro, a
Thales Launches Cloud-based Payment HSM Service to Help Accelerate Adoption of Cloud Payments Infrastructure (Business Wire) Cloud-based payment HSM delivers greater flexibility, scalability and speed-to-market
Technologies, Techniques, and Standards
CISA, NSA and NIST Publish New Resource for Migrating to Post-Quantum Cryptography (Cybersecurity and Infrastructure Security Agency) Factsheet provides necessary steps to begin planning for migration to PQC
British intelligence is tipping off ransomware targets to disrupt attacks (Record) The Early Warning service is free for U.K. companies and organizations, and officials say that more participation will only make it more effective.
Plugin focus: Generating signatures for Nim and other non-C programming languages (Hex Rays) Adversaries are increasingly writing malware in programming languages such as Go, Rust, or Nim, likely because these languages present challenges to investigators using reverse engineering tools designed to work best against the C family of languages.
Quick Heal's Vishal Salvi on fighting malware to keep India cyber safe (Digit) An interview with Vishal Salvi, CEO, Quick Heal and SEQRITE on their recent breakthrough against the Expiro virus and trends in the cyber security world
Design and Innovation
The internet’s ‘original sin’ means AI will be a nightmare (The Telegraph) The future has yet to be written, but only Big Tech can write it
Innovation and Its Discontents (Foreign Affairs) Societies get the technology they deserve.
What Does The Role Of Gamification In Online Casino Security Do? (GG2) What Does The Role Of Gamification In Online Casino Security Do? Table of ContentsThe Of Should I Visit A Local Casino In Canada Or Play Online?Little Known Facts About Staying Safe While Playing Online Casino Games 2021.More About How To Stay Safe And Secure While Gambling Online In ...Not known Facts About 10 Best Online
Academia
90% of Consumers Worry Cybersecurity’s Future Is in Jeopardy if Students Aren’t Exposed to the Field at an Earlier Age: New ThreatX Survey (Business Wire) Data finds 62% of consumers across the US and UK agree if they or their child had more established education around cybersecurity they would have considered entering the field
Legislation, Policy, and Regulation
How EU lawmakers can make mandatory vulnerability disclosure responsible (Help Net Security) Requiring mandatory vulnerability disclosure from companies before they’re patched, could make organizations and EU citizens less secure.
Somalia bans TikTok, Telegram over ‘horrific' content (Record) Somalia announced on Sunday a ban against social media platforms TikTok and Telegram, as well as the online betting platform 1XBet, saying they’re used by “terrorists” to spread “horrific images and misinformation.”
British firms quizzed on Chinese tech links as US-style clampdown looms (POLITICO) Survey covering everything from robotics to cryptography sent to British firms as UK considers moving closer to Joe Biden’s curbs on Chinese investment.
Field Roundtable: Improving Federal Collaboration to Protect Our K-12 Schools from Cyberattacks - Committee on Homeland Security & Governmental Affairs (Committee on Homeland Security & Governmental Affairs) Date: August 21, 2023
Time: 11:00am
Location: The NH Institute of Politics at St. Anselm’s College, 100 St. Anselm Drive, Manchester, NH 03102
Schools need more help preparing for cyberattacks, experts say (WMUR) Experts told a U.S. Senate field panel in New Hampshire on Monday that one out of every three school districts in the country has had to deal with a cyberattack or data breach.
CISA prioritizing on-site K-12 cybersecurity reviews this school year (Nextgov.com) The nation’s cyber defense agency is aiming to work with schools “where they’re at instead of where they should be.”
Four questions for Ed Barker, Army’s new electronic warfare executive (C4ISR) During a season of leadership shakeups across U.S. Army acquisition offices, Brig. Gen. Ed Barker feels right at home.
Newly created Army cyber/space office to focus on streamlining efforts, building out talent (Breaking Defense) “I think our focus right now is we have to grow fast…And that’s done through good hiring actions…it’s also the retention of employees that we have," Christopher Green said. "I want to make sure we build a culture where people want to come to work everyday, they want to stay with us and they want to help us build our capabilities.”
Litigation, Investigation, and Law Enforcement
Tesla is suing two former employees over a massive data breach (Quartz) The ex-employees are accused of leaking data of 75,000 users to a German media outlet
Fidelity & Guaranty Hit With Class Suit Over MOVEit Data Breach (Bloomberg Law) Fidelity & Guaranty Life Insurance Co. failed to protect more than 873,000 people’s personal information that was exposed in a data breach connected to a cyberattack on Progress Software’s MOVEit file-transfer application, a proposed federal class action said.