Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+547: Russia works on a plane crash narrative. (CyberWire) The world looks at the crash of the Wagner Group boss's business jet and sees the hand of President Putin. Russian state mouthpieces see the work of the Anglo-Saxons (with "Anglo-Saxon" interpreted expansively).
Ukraine marks Independence Day and vows to keep fighting Russia (Military Times) Ukraine is marking its second Independence Day since Russia’s full-scale invasion.
Russia-Ukraine war live: I told Prigozhin to watch out, says Belarusian president (the Guardian) Alexander Lukashenko says he warned Wagner bosses Prigozhin and Dmitry Utkin to be aware of threats to their lives
Russia-Ukraine war: List of key events, day 548 (Al Jazeera) As the war enters its 548th day, these are the main developments.
Ukraine says it launched 'special operation' in Russian-occupied Crimea (Reuters) Ukraine's navy and military intelligence carried out a "special operation" overnight in which units landed on Russian-occupied Crimea, the defence ministry's Main Directorate of Intelligence (HUR) said on Thursday.
Ukrainian special forces land on Crimea to take down Russian missile launcher (The Telegraph) Defence ministry says Ukrainian flag raised in occupied territory after ‘special operation’
Opinion Ukraine’s counteroffensive might yet surprise critics (Washington Post) The rapid Ukrainian breakthrough and advance that many hoped for has not occurred. Media coverage has grown gloomier in recent weeks on the back of fragmentary journalistic accounts from the front and reported intelligence assessments from Western analysts. The news has not been great. The fight against Russia has proved to be bloody and slow — a very hard slog. But observers would be wise to temper their pessimism.
A plane crash believed to have killed mercenary chief Prigozhin is seen as the Kremlin's revenge (AP News) Russian mercenary chief Yevgeny Prigozhin and top officers of his private Wagner military company were presumed dead in a plane crash that was widely seen as an assassination.
Putin breaks silence after Wagner boss Prigozhin's plane crashes (Reuters) Russian President Vladimir Putin sent his condolences to the family of Yevgeny Prigozhin on Thursday, breaking his silence after the mercenary leader's plane crashed with no survivors two months after he led a mutiny against army chiefs.
WSJ News Exclusive | The Last Days of Wagner’s Prigozhin (Wall Street Journal) On the run, the paramilitary chief crisscrossed his global business empire, stopping in Central African Republic and Mali, desperate to show he was still in control; ‘I need more gold.’
Prigozhin plane crash latest: 'Body of Wagner boss' and other victims taken to mortuary (The Telegraph) The bodies of Yevgeny Prigozhin and his Wagner lieutenants have reportedly been taken to a local mortuary after their plane crashed north of Moscow.
The Last Hour of Prigozhin’s Plane (WIRED) Russia tightly controls its information space—making it hard to get accurate information out of the country. But open source data provides some clues about the crash.
Experts react: What the Prigozhin plane crash reveals about Putin, the Wagner Group's future, and the war in Ukraine (Atlantic Council) Experts weigh in on what the mercenary leader's apparent death will mean for the Russian state and Wagner's operations abroad.
Why Putin Wanted Prigozhin Dead (Foreign Affairs) A conversation with Tatiana Stanovaya.
Mercenary Challenge to Putin Is Put Paid — for the Moment — in What Americans Believe Was a Carefully Choreographed Assassination (The New York Sun) ‘Prigozhin had many violent friends in the military, mercenaries and jails,’ warns an analyst at London. ‘I think Russia is now going to get very bloody.’
Putin has signed his name on the wrong piece of paper this time (The Telegraph) Get ready for the flood of kompromat
Prigozhin’s Treason & the Price of Betrayal (Puck) Putin’s inner circle has always abided by an unwritten code—“ponyatie,” or understandings—about the rewards of loyalty and the fate of traitors. Prigozhin, lured into thinking that he might be special, was never an exception.
Like mercenaries throughout history, Prigozhin became a threat to his client (The Telegraph) With dictators like Vladimir Putin, you only get one try
The Mercenary Always Loses (The Atlantic) Any real success is its own guarantee of failure.
Wagner's brutal work in Africa will be tough for the Kremlin to replace (The Telegraph) Yevgeny Prigozhin’s death will be a huge blow to the mercenary machine, but Russia will still find its activities abroad useful
NATO member Norway to donate F-16 fighter jets to Ukraine (Military Times) Norway would be the third country after the Netherlands and Denmark to donate F-16 planes.
U.S. Will Train Ukrainian F-16 Pilots, Ground Crews (U.S. Department of Defense) The Defense Department will begin training Ukrainians to fly and maintain F-16 fighter jets in the coming months, Pentagon Press Secretary Air Force Brig. Gen. Pat Ryder said.
Ukrainian pilots to train on F-16s in US in weeks: Pentagon (Breaking Defense) Flight training is to begin in October, following language training for what's expected to be "several" Ukrainian pilots and more maintainers.
How soon will Ukraine be able to use its F-16s? (The Economist) The Danish and Dutch will send dozens, but it will take months
China helping to arm Russia with helicopters, drones and metals (The Telegraph) Russian firms have received tens of thousands of Chinese shipments since the war in Ukraine began
Putin's Russia is trapped in genocidal denial over Ukrainian independence (Atlantic Council) Russia’s longstanding denial of Ukrainian national identity and refusal to accept the reality of Ukrainian independence are now fueling an invasion that many view as genocidal in nature, writes Mercedes Sapuppo.
Born in the Bloodlands (Foreign Affairs) Ukraine and the future of the European project.
Ukraine’s fight against Russian imperialism is Europe’s longest independence struggle (Atlantic Council) The war unleashed by Vladimir Putin eighteen months ago is best understood as the latest chapter in a dark saga of Russian imperial aggression against Ukraine that stretches back centuries, writes Peter Dickinson.
Brics is now a motley crew of failing states (The Telegraph) From Russia to China and Brazil, these nations face major problems, with the notable exception of India
Hacking group KittenSec claims to 'pwn anything we see' to expose corruption (CyberScoop) The newly emerged hacking collective has hit targets in a range of NATO countries amid an overall increase in hacktivism.
Ukraine cops bust online trading scammers (Cybernews) Cyber police in Ukraine have arrested a 21-year-old suspected of masterminding a fake financial exchange online that he allegedly used to defraud victims.
The case for seizing Putin regime assets (Atlantic Council) A coordinated asset-seizure program connected to Russian aggression and atrocities can build international consensus—increasing the effectiveness of economic responses to Russia's war, eighteen months in.
Attacks, Threats, and Vulnerabilities
Flax Typhoon using legitimate software to quietly access Taiwanese organizations (Microsoft Security) Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage.
Chinese-backed APT 'Flax Typhoon' Hacks Taiwan with Minimal Malware Footprint (SecurityWeek) Microsoft warns that Chinese spies are hacking into Taiwanese organizations with minimal use of malware and by abusing legitimate software.
China-based hackers target dozens of Taiwanese organizations in espionage operation, Microsoft warns (Record) A newly identified espionage operation run by hackers linked to China’s government has targeted dozens of organizations in Taiwan since the middle of 2021.
Lazarus Group's infrastructure reuse leads to discovery of new malware (Cisco Talos Blog) Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.
Lazarus APT exploits Zoho ManageEngine flaw to target an Internet backbone infrastructure provider (Security Affairs) The North Korea-linked Lazarus group exploits a critical flaw in Zoho ManageEngine ServiceDesk Plus to deliver the QuiteRAT malware. The North Korea-linked APT group Lazarus has been exploiting a critical vulnerability, tracked as CVE-2022-47966, in Zoho’s ManageEngine ServiceDesk in attacks aimed at the Internet backbone infrastructure provider and healthcare organizations. The state-sponsored hackers targeted entities […]
Profile Stealers Spread via LLM-themed Facebook Ads (Trend Micro) In this entry, we discuss how a threat actor abuses paid Facebook promotions featuring LLMs to spread malicious code, with the goal of installing a malicious browser add-on and stealing victims’ credentials.
Ivanti and Veeam bugs fall under attack (The Stack) CISA has sounded the alarm over a pair of actively targeted vulnerabilities in Ivanti and Veeam software
Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants (Netenrich) Netenrich threat researchers discuss the methods and techniques used to discover and classify a newly found ransomware strain of the ADHUBLLKA family.
Ransomware ecosystem targeting individuals, small firms remains robust (Record) Ransomware attacks on major companies and large government organizations have dominated the headlines in 2023 but researchers from several companies are warning that smaller-scale attacks on individuals and small businesses are causing significant harm and damage too.
Ransomware With an Identity Crisis Targets Small Businesses, Individuals (Dark Reading) TZW is the latest version of Adhubllka, which has been active since 2019 but has gone largely unreported due to its lower ransom demands.
eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot (Dark Reading) Thanks to a simple Telegram bot that democratizes phishing, ordinary Russians can conduct full-fledged phishing attacks with zero technical knowhow.
Traders' Dollars in Danger: CVE-2023-38831 zero-Day vulnerability in WinRAR exploited by cybercriminals to target traders (Trukno) Spoof extensions help cybercriminals target users on trading forums as 130 devices still infected at time of writing
Rockwell ThinManager Vulnerabilities Could Expose Industrial HMIs to Attacks (SecurityWeek) Rockwell Automation ThinManager ThinServer vulnerabilities could allow remote attackers to take control of servers and hack HMIs.
FBI fingers China for attacks on Barracuda email appliances (Register) Joins in the chorus of advice to bin the gear instead of trying for a fix
Suspected PRC Cyber ActorsContinue to Globally Exploit Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) (FBI) As a part of the FBI investigation into the exploitation of CVE-2023-2868, a zero-day vulnerability in Barracuda Network’s Email Security Gateway (ESG) appliances, the FBI has independently verified that all exploited ESG appliances, even those with patches pushed out by Barracuda, remain at risk for continued computer network compromise from suspected PRC cyber actors exploiting this vulnerability.
Belgium's Econocom confirms cyber attack, no sensitive data disclosed (Reuters) Belgian IT services firm Econocom on Thursday confirmed it is investigating a cyber attack it believes originated from a service provider working with some of its clients in France.
University of Minnesota Confirms Data Breach, Says Ransomware Not Involved (SecurityWeek) University of Minnesota confirms data was stolen from its systems, says no malware infection or file encryption has been identified.
The Pareto data breach: What has actually been published, and why data retention is is such an issue (Cybersecurity Connect) The big headlines regarding the recent Pareto Phone hack all involve the possibility of data belonging to the company’s various charity partners being leaked – but what’s actually inside LockBit’s 150 gigabyte data dump?
Amnesty International latest victim of widening telemarketer breach (iTnews) Provides detailed chronology of events.
South African News Website Says it Faced Cyber Attack After Publishing Report on Modi (Wire) According to Daily Maverick's report on Tuesday, when Modi landed at the Waterkloof Air Force Base, he refused to leave the plane because a cabinet minister, rather than President Cyril Ramphosa, had come to welcome him.
English council warns residents after suspected ransomware attack (Record) St Helens Borough Council posted an alert about the incident on its website and also warned residents to be careful about potential phishing emails that appear to be from a bank.
Security Patches, Mitigations, and Software Updates
CISA Releases Six Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA released six Industrial Control Systems (ICS) advisories on August 24, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-236-01 KNX Protocol
ICSA-23-236-02 Opto 22 SNAP PAC S1
ICSA-23-236-03 CODESYS Development System
ICSA-23-236-04 CODESYS Development System
ICSA-23-236-05 CODESYS Development System
ICSA-23-236-06 Rockwell Automation Input/Output Modules
Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks (SecurityWeek) Cisco has released patches for three high-severity vulnerabilities in NX-OS and FXOS software that could lead to DoS attacks.
Trends
The 3 Malware Loaders Behind 80% of Incidents (ReliaQuest) Loader malware is working behind the scenes in many organizations' environments, doing the heavy lifting that helps an infection spread. ReliaQuest has picked out the most commonly observed loaders and outlined why SOC analysts should worry about them, plus how to defend against them.
Download the 2023 Domain Impersonation Report for the latest domain impersonation trends and website spoofing attacks. (Fortra) The 2023 Domain Impersonation Report analyzes current domain impersonation threats and trends to help companies protect one of their most valuable digital assets.
Bitdefender Threat Debrief | August 2023 (Bitdefender) The Bitdefender Threat Debrief (BDTD) for July 2023 shares new ransomware insights and touches on the importance of considering the threat landscape.
How culture drives foul play on the internet, and how new “upcode” can protect us (MIT Technology Review) Three new books explore the various scams, frauds, and hacks that plague online life.
Marketplace
Unrealistic expectations exacerbate the cybersecurity talent shortage (Help Net Security) The lack of cybersecurity education and training in schools and degree expectations are to blame for the cybersecurity talent shortage.
GoTo announces new Chief Marketing Officer, Peter Mahoney (GoTo) Mahoney brings over three decades of leadership experience to GoTo, including former CMO role at multi-billion-dollar Nuance Communications
Products, Services, and Solutions
CYRISMA Joins the Pax8 Marketplace to Offer MSPs Consolidated Risk Management Platform (GlobeNewswire News Room) Pax8, the leading cloud commerce marketplace, announced today its partnership with CYRISMA (Cyber Risk...
Foundations of Operationalizing MITRE ATT&CK v13 (AttackIQ) This comprehensive course will teach you the fundamentals of the ATT&CK Framework, a knowledge base of adversary tactics, techniques, and common knowledge. You'll learn how to use the ATT&CK Matrices to identify and mitigate threats, leverage data sources, threat intelligence, and tools to operationalize ATT&CK. Additionally, you'll learn how ATT&CK can be used to create detection and analytics, and the relevance of ATT&CK to adversary emulation.
Versa Networks Receives Highest Score for Network-Driven SASE Use Case in the Gartner® Critical Capabilities for Single-Vendor SASE Report (Business Wire) Versa Networks Also Recognized as a Challenger in the Gartner® Magic Quadrant™ for Single-Vendor SASE
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-38035 Ivanti Sentry Authentication Bypass Vulnerability
CVE-2023-27532 Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability
Technologies, Techniques, and Standards
CISA’s VDP Platform 2022 Annual Report Showcases Success | CISA (Cybersecurity and Infrastructure Security Agency CISA) Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch (FCEB).
Cloud Native Application Protection Platform Report (CSA) Understand the current state of security posture management, cloud workload protection, and the adoption of CNAPP for securing multi-cloud environments.
Legislation, Policy, and Regulation
China Casts CIA as Villain in New Anti-Spying Push (Wall Street Journal) The state-security ministry is accusing two Chinese citizens of spying for the U.S. as espionage fears grip both countries.
Philippines' cybersecurity a major problem, says Babe Romualdez (GMA News Online) "Many of our communication systems, our emails, and our telephones, and all kinds of communications are now severely compromised. That is the real issue there," Romualdez said.
Information law and policy: the reform agenda (OAIC) Keynote address to the Australian Government Solicitor National Information Law Conference 2011, Canberra, 23 March 2011 (updated June 2011) by John McMillan, Australian Information Commissioner
Privacy regulators tell social media companies to fear the scrapers (Record) Social media companies and other businesses have an obligation to protect users’ publicly available information from data scrapers that gather it for unintended purposes, an international group of privacy regulators said Thursday.
Litigation, Investigation, and Law Enforcement
What the Hive Ransomware Case Says About RaaS and Cryptocurrency (Dark Reading) Hive tells us a lot about ransomware-as-a-service trends and the best ways to defend against attacks.