Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+546: Yevgeny Prigozhin dies in a plane crash. (CyberWire) Yevgeny Prigozhin, Wagner Group mercenary impresario and founder of the Internet Research Agency troll farm, has died in the crash of a business jet. It's widely believed that his plane was shot down by Russian air defense missiles during a flight from Moscow to St. Petersburg, and shot down on the orders of President Putin.
Russia-Ukraine war: List of key events, day 547 (Al Jazeera) As the war enters its 547th day, these are the main developments.
Russia and Ukraine trade drone attacks as Kyiv claims it took out a key S-400 missile defense system (Federal News Network) Officials say that Russia and Ukraine have traded nighttime drone attacks again. They say Kyiv targeted Moscow and the Kremlin’s forces launched another bombardment of Ukrainian grain storage depots…
Ukraine-Russia war: Ukraine destroys Russian missile system in Crimea (The Telegraph) One of Russia’s most advanced air defence systems was destroyed in a huge explosion in occupied Crimea, Ukraine’s intelligence services said.
Разведка выманила в Украину российский вертолет Ми-8 с пилотом (Украинская правда) Недавно вертолет Ми-8 Вооруженных сил России оказался в Украине в результате длительной спецоперации Главного управления разведки Министерства обороны Украины.
Ukrainian intelligence says it lured Russian helicopter to land in Ukraine (Reuters) Ukraine's GUR military intelligence agency deliberately lured a Russian military pilot to land his Mi-8 helicopter at a Ukrainian airfield, spokesperson Andriy Yusov said on Wednesday, amid differing media reports of what happened.
Wagner chief Prigozhin listed as passenger on plane that crashed with no survivors, Russian authorities say (Reuters) Wagner mercenary chief Yevgeny Prigozhin was listed as a passenger on a private jet which crashed on Wednesday evening north of Moscow with no survivors, the Russian authorities said, raising fears among his allies that he had been killed.
Prigozhin plane crash latest: 'Body of Wagner boss' and other victims taken to mortuary (The Telegraph) The bodies of Yevgeny Prigozhin and his Wagner lieutenants have reportedly been taken to a local mortuary after their plane crashed north of Moscow.
A plane crash believed to have killed mercenary chief Prigozhin is seen as the Kremlin's revenge (AP News) Russian mercenary chief Yevgeny Prigozhin and top officers of his private Wagner military company were presumed dead in a plane crash that was widely seen as an assassination.
Prigozhin Presumed Dead After Wagner Plane Crashes With No Survivors North Of Moscow (RadioFreeEurope/RadioLiberty) A private jet belonging to the Wagner mercenary group has crashed en route to St. Petersburg from Moscow, with officials saying the company's chief, Yevgeny Prigozhin, was one of 10 people on the passenger list.
Who are the other Wagner group leaders presumed dead in plane crash? (the Guardian) Those said to have died alongside Yevgeny Prigozhin include Dmitry Utkin, whose call sign was ‘Wagner’
Business jet crashes in Tver Region killing ten (TASS) "There were three pilots and seven passengers on board. All of them died," the source reported
Prigozhin listed as passenger of plane crashed in Russia’s Tver region — aviation agency (TASS) An investigation of the Embraer plane crash that happened in the Tver Region this evening was initiated
Russian agency says mercenary leader Prigozhin was aboard plane that crashed, leaving no survivors (AP News) Mercenary leader Yevgeny Prigozhin, who led a brief armed rebellion against the Russian military earlier this year, was aboard a plane that crashed north of Moscow on Wednesday, killing all 10 people on board, according to Russia’s civil aviation agency.
Wagner chief Yevgeny Prigozhin presumed dead after Russia plane crash (BBC News) The Russian private military company boss was on the passenger list of the jet which came down near Moscow.
Prigozhin Listed Among Passengers of Crashed Jet, Interfax Says (Bloomberg) Wagner mercenary group founder Yevgeny Prigozhin was listed among passengers on a private jet that crashed in Russia’s Tver region on Wednesday, Interfax reported, citing the nation’s aviation authority.
Wagner Founder Prigozhin Reported Dead in Fiery Plane Crash (The Daily Beast) The mercenary group leader, who led an attempted coup in June, was on board a business jet that crashed in the Tver Region, Russia’s federal aviation agency confirmed.
Eight bodies recovered after Yevgeny Prigozhin's jet crashes near Moscow - live updates (The Telegraph) Eight bodies have been recovered after a private jet reportedly containing Yevgeny Prigozhin crashed in the Tver region north of Moscow, Russian agencies have reported.
Prigozhin on Manifest of Plane That Crashed in Russia (Wall Street Journal) A business jet that had Yevgeny Prigozhin, owner of the Wagner paramilitary group, on its passenger list crashed northwest of Moscow, Russia’s state Tass news agency said.
Russia-Ukraine War: Prigozhin Listed as Passenger on Plane That Crashed, Killing All Aboard (New York Times) The authorities did not confirm whether the Wagner mercenary leader, Yevgeny V. Prigozhin, was on board when a private jet crashed north of Moscow on Wednesday, killing 10 people.
Prigozhin was a useful tool – until he made a move on ‘the king’ (The Telegraph) Plane crash reportedly involving Wagner chief shows that traitors are always dealt with in the gangster state of Russia
If Putin has eliminated Prigozhin, the result could be more – not less – instability for Russia | Samantha de Bendern (the Guardian) The Russian president has seemingly upped the stakes: anyone who challenges his regime will have to see it through to the end, says Samantha de Bendern, associate fellow at Chatham House
The biggest surprise is that Prigozhin survived for so long (The Telegraph) For an ordinary air crash it would be far too early to speculate about the causes but few will buy this was an accident
Why Putin Wanted Prigozhin Dead (Foreign Affairs) A conversation with Tatiana Stanovaya.
A Very Public Execution in Russia (The Atlantic) A jet plunging out of the sky sends an unmistakable message.
Prigozhin’s Death Heralds Even More Spectacular Violence (The Atlantic) What will others in the Russian president’s circle do now?
Yevgeny Prigozhin May Have the Last Laugh (The Atlantic) The Kremlin seems to be rid of a dangerous challenger. But at what price?
Without Prigozhin, expect some changes around the edges on Russian influence operations (Washington Post) Without Prigozhin, expect some changes around the edges on Russian influence operations
Yevgeny Prigozhin: The hotdog salesman who had Putin to thank for his rise – and his fall (The Telegraph) Wagner chief nicknamed the Russian president ‘papa’, but fell from grace after leading ill-fated mutiny in midst of Ukraine war
Russia’s goal is to end war that West unleashed in Ukraine — Putin (TASS) The Russian leader stressed that it was the wish of a number of Western countries to preserve their hegemony in the world that "has led to the grave crisis in Ukraine"
Deputy Secretary General stresses NATO’s unwavering support to Ukraine at Crimea Platform (NATO) NATO Deputy Secretary General Mircea Geoană participated in the Third Summit of the International Crimea Platform on Wednesday (23 August 2023). He outlined decisions taken by NATO leaders at the Vilnius Summit in July to move Ukraine closer to the Alliance than ever before.
Serbia joins Ukraine's Crimea platform, vows friendship with Kyiv (Reuters) Serbia on Wednesday joined a Ukraine-led platform on the reintegration of Crimea, signalling a swing away from Russia, a historical ally and its sole supplier of natural gas.
Russia’s Tech Giants — A Wartime Choice of Bad or Worse (CEPA) Russia’s invasion of Ukraine forced tech businesses to choose whether to do business as usual or leave Russia and avoid the taint of the war.
Russian Duma leader’s emails hacked and leaked (Cybernews) Ukrainian cyber soldiers have hacked into an email account belonging to Aleksandr Babakov, the deputy chairman of Russian parliament the State Duma.
Ukrainian hackers expose money laundering and sanction evasion by senior Russian politician (teiss) Ukrainian hackers, identifying themselves as Cyber Resistance, claim to have successfully infiltrated the email account of Alexander Babakov, a prominent Russian politician with deep ties to the Kremlin.
How Does Your Security Stack Up Against Russian Spies? (AttackIQ) The implications of not conducting security control testing are profound. Adversaries are relentless and will exploit vulnerabilities if given the chance. The potential impact includes data breaches, financial losses, damage to reputation, and regulatory penalties.
Attacks, Threats, and Vulnerabilities
Telekopye: Hunting Mammoths using Telegram bot (We Live Security) ESET researchers uncover a toolkit that operates as a Telegram bot and helps scammers target victims on online marketplaces, mainly in Russia.
Chinese spies ‘used LinkedIn to lure me to Hong Kong’ (The Telegraph) UK’s adversaries are increasingly seeking to recruit British informants online
Threat Actors Get Creative with Building Block Style Attacks, Finds HP (GlobeNewswire News Room) Insider knowhow helps attackers evade detection and bypass security policies...
Asimily report highlights threats to connected healthcare devices (Internet of Things News) Asimily has released a report delving into the intricate challenges faced by healthcare delivery organisations (HDOs) when it comes to safeguarding their Internet of Medical Things (IoMT) devices from cyber threats.
Healthcare delivery organizations report concern over malware (Security Magazine) Healthcare delivery organizations' (HDOs) cybersecurity was analyzed in a recent report by Asimily, finding concerns over ransomware and malware.
Discord starts notifying users affected by March data breach (BleepingComputer) Starting on Monday, Discord has been reaching out to users affected by a data breach disclosed earlier this year to let them know what Personal Identifying Information (PII) was exposed in the incident.
MidFirst Bank Files Notice of Data Breach Impacting Consumers’ Social Security Numbers | JD Supra (JD Supra) On August 22, 2023, MidFirst Bank filed a notice of data breach with the Attorney General of Texas after discovering that consumer information that...
Hundreds of AI ‘news’ sites busily spew misinformation. Google and Meta’s Canadian news ban may make it worse (Toronto Star) As it becomes increasingly difficult to trust what we read online, experts say it’s critical to learn how to tell real media from fake — here’s how.
Donor Data Compromised in Charity Telemarketer Cyber Attack (Australian Cyber Security Magazine) A cyber attack on charity telemarketing firm ParetoPhone has compromised the personal data of thousands of Australians, leading to renewed claims that many organisations are not handling personal identifiable information safely and securely.
Proofpoint Research: 77% of Canadian Energy Companies are Exposing Themselves to Email Fraud | Proofpoint US (Proofpoint) Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research identifying that more than three in four leading Canadian energy co...
Security Patches, Mitigations, and Software Updates
Juniper Networks fixes flaws leading to RCE in firewalls and switches (Help Net Security) Juniper Networks has fixed four vulnerabilities that could allow attackers to achieve RCE on the company's SRX firewalls and EX switches.
Trends
Keeper Security Parental Practices Report Reveals Insights on Cybersecurity Conversations With Children (PR Newswire) Keeper Security today announces the release of the Keeper Security Parental Practices Report: Conversations on Cybersecurity, which explores...
Q2 2023 Threat Landscape: All Roads Lead to Supply Chain Infiltration (Kroll) In Q2 2023 Kroll observed a notable increase in supply chain risk, driven not only by the Clop ransomware gang’s exploitation of the MOVEit vulnerability, but also by a rise in email compromise attacks. Read more
Radware H1 2023 Report: Malicious Web Application Transactions Skyrocket 500% (Yahoo Finance) DoS attack patterns shift to layer 7, essential infrastructure and cloud-based operations. DNS Flood attacks surge. Government, business/economy, and travel websites face the most hacktivist claimed DDoS attacks worldwide
Microsoft Impersonated Most in Phishing Attacks Among Nearly 350… (Abnormal) It’s 2023 but not much has changed in phishing, as brand impersonation remains an attacker favorite.
Council Post: Phishing Bait: The AI-Fueled Social Engineering Tactics Plaguing SMEs (Forbes) Today, more and more hackers are leveraging AI-powered tools to automate and scale up reconnaissance tasks in order to prey upon unwitting employees.
Marketplace
The Purple Guys Continues to Expand with Two Strategic Acquisitions in Texas (Business Wire) Addition of two leading IT MSPs builds density and expands capabilities across key Texas markets
Pentagon approves higher cyber pay for NSA, other defense intelligence agencies (Federal News Network) The new supplemental pay rates are expected to help the NSA and other defense intelligence components compete with the private sector.
UK MOD awards £89m contract to boost battlefield communications (BAE Systems) The new five-year contract will see BAE Systems lead a consortium of trusted partners, including Kellogg, Brown and Root (KBR), PA Consulting and L3Harris, to design and manufacture a deployable tactical Wide Area Network (WAN) known as ‘Trinity’.
BILL.COM VP and CISO Rinki Sethi Joins Onyxia Cyber's Advisory Board (PR Newswire) Onyxia Cyber ("Onyxia"), a leading provider of AI-powered Cybersecurity Performance Management (CPM) solutions, is excited to announce...
Products, Services, and Solutions
New zero trust and digital sovereignty controls in Workspace, powered by AI (Google Workspace Blog) We’re unveiling new zero trust, digital sovereignty, and threat defense controls powered by Google AI to help organizations keep their data safe.
DoControl Launches SaaS to SaaS Remediation Workflows (PR Newswire) DoControl, the leading SaaS Security Platform (SSP), today announced the launch of its SaaS to SaaS Remediation Workflows. The new expansion...
SpaceX Working with Cloudflare to Speed Up Starlink Service (The Information) Space Exploration Technologies, Elon Musk’s rocket company, is working with Cloudflare to boost the performance of SpaceX’s satellite internet service Starlink, according to a person with direct knowledge of the project. The two companies are working on a way to increase Starlink’s terrestrial ...
UHY Consulting Announces Pci Pfi Cybersecurity Certification (UHY) UHY Consulting today announced that it has attained Payment Card Industry Forensic Investigator (PCI PFI) certification.
Shadow IT: We Made It Dope (Medium) Go beyond basic Shadow IT with dope.security
GM Sectec and Sumo Logic Partner to Simplify PCI Compliance (PR Newswire) GM Sectec, a global leader in payment security, and Sumo Logic, a SaaS analytics platform to enable reliable and secure cloud-native...
VirnetX Announces Partnership and Equity Position in OmniTeq | VirnetX (VirnetX) VirnetX Holding Corporation (NYSE: VHC) today announced it has signed an agreement for an equity investment in OmniTeq, a prominent provider of customized military and government Artificial Intelligence (AI) solutions.
KnowBe4 Selected as an Excellence Award Winner for the 2023 SC Awards (PR Newswire) /PRNewswire-PRWeb/ -- KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has been...
ImmuniWeb introduces ImmuniWeb Neuron Mobile, an automated mobile app security testing solution (Help Net Security) ImmuniWeb Neuron Mobile is an automated testing for mobile app security. It includes DAST, SAST, and SCA scans with zero false-positives SLA.
Data Theorem Receives 2023 Cloud Computing Security Excellence Award for its Industry-Leading Cloud Security Protections for Cloud-Native Applications (Business Wire) Cloud Secure Recognized for its Cloud-Native Application Protection Platform (CNAPP) with Hacker Toolkits to Help Expose Potential Data Breaches
Technologies, Techniques, and Standards
Who’s Your Next Cyber Chief? Good Question. (Wall Street Journal) The role has evolved from primarily tech-focused to risk management as hacking proliferates. But CISO succession-planning is lacking, recruiters say.
One simple way to cut ransomware recovery costs in half (Security Intelligence) Ransomware attacks remain a top threat to organizations. But with a single step, you can cut down the average cost of an attack by 50%.
The Bot Mitigation Game Has Changed, Again (Kasada) As the battle between bot creators and defenders rages on, the ability to consistently collect untampered data becomes a pivotal factor in the effectiveness of bot mitigation.
How the cybersecurity sector could shake off its reputation for fearmongering - Raconteur (Raconteur) Some cybersecurity providers use unsubstantiated research to scare up custom. Would the sector benefit from a regulatory clampdown?
Academia
Pikes Peak Small Business Development Center, National Cybersecurity Center, and University of Colorado Colorado Springs Unite to Drive Impactful Cybersecurity Initiatives with $927,236 Grant (National Cybersecurity Center) The Pikes Peak Small Business Development Center (SBDC), in partnership with the National Cybersecurity Center (NCC) and the University of Colorado Colorado Springs (UCCS), is excited to announce a significant $927,236 Cybersecurity Grant awarded by the United States Small Business Administration (SBA). […]
Legislation, Policy, and Regulation
Final negotiations on UN cybercrime treaty underway in New York (Record) The final document probably won't be ambitious, diplomatic sources said, but negotiators are keen to produce something that can at least get a vote in the General Assembly next year.
Australia’s New Anti-Encryption Law Is Unprecedented and Undermines Global Privacy (Foundation for Economic Education) If firms don't have the power to intercept encrypted data for authorities, they will be forced to create tools to allow law enforcement or government to have access to their users’ data.
CFPB Announces Plans to Extend FCRA to Data Brokers through Rulemaking (cyber/data/privacy insights) At an August 15, 2023, White House roundtable, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra announced plans to issue rules that would extend the Fair Credit Reporting Act (FCRA) to certain “data broker practices.”
This announcement and a concurrently issued fact sheet come on
Securing critical infrastructure with the carrot and stick (Security Intelligence) Critical infrastructure is a top target for threat actors. Now, the federal government has rolled out new initiatives to protect it.
Litigation, Investigation, and Law Enforcement
Lapsus$: Court finds teenagers carried out hacking spree (BBC News) The 18 year old leaked clips of the unreleased Grand Theft Auto 6 game while on police bail.
British court convicts two teen Lapsus$ members of hacking tech firms (Record) Two teenagers, ages 18 and 17, were found guilty of hacking into major corporations. The cases involved Uber, Nvidia and more.
Treasury Designates Roman Semenov, Co-Founder of Sanctioned Virtual Currency Mixer Tornado Cash (U.S. Department of the Treasury) Concurrent Treasury sanctions and DOJ indictments hold to account founders of mixing service that laundered stolen virtual assets for North KoreaWASHINGTON — Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Roman Semenov, one of three co-founders of the sanctioned virtual currency mixer Tornado Cash, for his role in providing material support to Tornado Cash and to the Lazarus Group, a state-sponsored hacking group that is an instrumentality of the Democratic People’s Republic of Korea (DPRK or North Korea).
Tornado Cash Founders Charged With Money Laundering And Sanctions Violations (U.S. Attorney for the Southern District of New York) Damian Williams, the United States Attorney for the Southern District of New York, Merrick B. Garland, the Attorney General of the United States, Christopher A. Wray, the Director of the Federal Bureau of Investigation (“FBI”), Nicole M. Argentieri, the Acting Assistant Attorney General of the Justice Department’s Criminal Division, Matthew G. Olsen, the Assistant Attorney General of the Justice Department’s National Security Division, James Smith, the Assistant Director in Charge of the New York Field Office of the FBI, and Bryant Jackson, the Special Agent in Charge of the Cincinnati Field Office of the Internal Revenue Service, Criminal Investigation (“IRS-CI”), announced today the unsealing of an Indictment charging ROMAN STORM and ROMAN SEMENOV with conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money transmitting business.
DOJ arrests Tornado Cash co-founder Roman Storm, OFAC sanctions Roman Semenov (Blockworks) Tornado Cash co-founder Roman Semenov's inclusion on OFAC’s sanctions list marks an escalation of US probes into the crypto mixer.
US arrests Tornado Cash co-founder, sanctions another who remains at large (Record) The Department of Justice unsealed an indictment against two founders of Tornado Cash, a cryptocurrency mixer that was accused of helping North Korean hackers launder hundreds of millions of dollars in stolen funds.
FBI Identifies Cryptocurrency Funds Stolen by DPRK (Federal Bureau of Investigation) The FBI is warning cryptocurrency companies of recent blockchain activity connected to the theft of hundreds of millions of dollars in cryptocurrency. Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People's Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38). The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars.
FBI warns North Korean hackers poised to cash out more than $40 million in bitcoin (The Block) The Federal Bureau of Investigation today warned crypto operators that entities tied to North Korea are poised to sell more than $40 million worth of bitcoin.
Tech advocacy groups press FTC to investigate Google for alleged children's privacy violations (CyberScoop) The request follows calls from members of Congress for the FTC to investigate whether YouTube violated a federal children's privacy law.
More SEC Fines for Improper Use of Signal, WhatsApp and iMessage: can Financial Institutions offer secure and compliant communications in the place of consumer apps? - Salt | Secure Communications (Salt | Secure Communications) Is there a way to provide a secure and compliant communication system within the financial industry? Continuous collaboration and communication is at the heart of every bank in the world, from the smallest community banks, to the biggest financial institutions. These varied threads of chat relate to every aspect of the business from strategic priorities, […]
McGuireWoods to Utilize CoCounsel, Casetext’s Groundbreaking Legal AI Platform (McGuireWoods) Partnership Further Enhances Law Firm’s Client Service Capabilities
Watchdog uncovers ‘inappropriate access’ to Biden’s personal data (E&E News by POLITICO) The Department of Energy's inspector general discovered that a contractor violated rules for counterintelligence reviews of the president and vice