Dateline: Russia's hybrid warfare against Ukraine.
Ukraine at D+551: President Putin will not attend Mr. Prigozhin's funeral. (CyberWire) Ukraine slowly advances in the southern zone, while Poland recovers from DDoS attacks by Russian hacktivist auxiliaries and rail disruption by two men acting for reasons unknown. Russian propaganda blames the Anglo-Saxons for the destruction of Wagner PMC boss Prigozhin's plane.
Russia-Ukraine war: List of events, day 552 (Al Jazeera) As the war enters its 552nd day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 552 of the invasion (the Guardian) More than 1,300 schools destroyed in Ukraine since war began; Vladimir Putin to miss funeral of Yevgeny Prigozhin
Russia-Ukraine war live: Putin won’t attend Prigozhin’s funeral, says Kremlin; more than 1,300 schools destroyed in war, Unicef says (the Guardian) Kremlin says it does not know about funeral arrangements; Unicef says ‘about a third of school-age children are attending classes’
Number Of Civilians Killed By Russian Shelling Mounts In Eastern Ukraine As Fighting Rages (RadioFreeEurope/RadioLiberty) At least five civilians were killed over the past 24 hours by Russian shelling in eastern Ukraine, a regional official said on August 29 as fighting continued both in the east and southeast, where Ukrainian forces say are continuing to make advances toward the strategic city of Melitopol.
Dead, Wounded In Russian Attack On Poltava As Kyiv Confirms Liberation Of Robotyne (RadioFreeEurope/RadioLiberty) Russia struck Ukraine's eastern region of Poltava overnight, causing deaths and damage, regional authorities reported on August 28, as Russia reported more drone attacks on its territory.
‘I couldn’t take it any more’: holdouts quit Kupiansk after renewed Russian shelling (the Guardian) People who stayed through last year’s occupation are now abandoning the city amid fears of a ‘Bakhmut 2.0’
An evacuation order finds few followers in northeastern Ukraine despite Russia's push in the region (AP News) Neighborhood children frolic in a playground in the village of Kupyansk-Vuzlovyi, seemingly immune to the war unfolding a short distance away on a front line where Russia has assembled combat troops.
Ukraine-Russia war live: Poland threatens to shut Belarusian border in Wagner row (The Telegraph) Poland and the Baltic states said they will close their borders with Belarus if Russia’s Wagner forces “pose a serious threat to national security.
U.S., Allies Seek Long-Term Military Aid for Ukraine to Show West’s Resolve (Wall Street Journal) The pledges have been made, but weapons shortages and domestic political pressures are hampering the Western efforts.
Ukraine live briefing: U.N. investigates alleged wartime abuses; Russia probes cause of Prigozhin’s crash (Washington Post) Independent investigators from the United Nations are set to visit Ukraine on Monday as part of an ongoing probe into alleged human rights violations and abuses committed during Russia’s invasion.
Putin, stained by Prigozhin’s death, faces calls for military funeral (Washington Post) The Kremlin on Monday said a decision on the funerals of Wagner chief Yevgeniy Prigozhin, mercenary commander Dmitry Utkin and other members of the group rested largely with their families, after patriotic hard-liners called for Prigozhin to be buried with full military honors, in a sign of the ongoing fissures in Russia over the war in Ukraine.
Kremlin Says Putin's Not Planning To Attend Prigozhin's Funeral (RadioFreeEurope/RadioLiberty) Russian President Vladimir Putin is not planning to attend the funeral of mercenary chief Yevgeny Prigozhin following his death in a plane crash.
Polish stock exchange, banks knocked offline by pro-Russian hackers (Cybernews) The Warsaw Stock Exchange, several banks, and the Polish government’s website for public services were knocked offline Monday in the latest targeted campaign reportedly carried out by the pro-Russian hacktivist group NoName057(16).
Two Men Arrested Following Poland Railway Hacking (SecurityWeek) Polish police have arrested two men suspected of illegally hacking into the national railway's communications network
Century-old technology hack brought 20 trains to a halt in Poland (Cybernews) Recent cyberattacks against Polish State Railways lacked an essential feature. Rather than modern, cyber-based methods, saboteurs used old-fashioned radio to send stop signals, wreaking havoc on the state's transportation system. Two suspects were detained.
Poland investigates train mishaps for possible Russian connection (Washington Post) Polish authorities are investigating a series of sabotage attacks that brought dozens of trains to a standstill over the weekend amid heightened concerns about Russian attempts to disrupt the country.
What to Know About the Ukraine-War Propaganda Movie in Russian Theaters (Time) “The Witness” is the first feature film about the 18-month-old invasion. It depicts Ukrainian troops as violent neo-Nazis who torture and kill their own people.
Ukraine Says Extension Of Grain Import Ban By Five EU Countries Violates 'Solidarity' (RadioFreeEurope/RadioLiberty) Restrictions on the import of Ukrainian grain imposed by five EU countries should not be extended, Ukrainian Foreign Minister Dmytro Kuleba said on August 28 during a visit to Prague.
WSJ News Exclusive | Russia Turns to Little-Known Shipping Companies to Secure Drone Supply Chain (Wall Street Journal) Russia is adapting to Western sanctions on its military supply chain by turning to a netherworld of shipping and logistics companies to bring in more armed drones from Iran.
Opinion | New Friends Changed My Mind About Ukraine (Wall Street Journal) A visit to Finland and the Baltic states helped me appreciate the Russian threat.
Belarusian Rights Organizations Protest 'Extremism' Label For Vyasna (RadioFreeEurope/RadioLiberty) Eight Belarusian rights organizations have jointly protested the government's decision to label the human rights group Vyasna as an "extremist organization," saying the move is part of a policy to destroy civil-society organizations in Belarus.
Belarusian Activist Goes On Hunger Strike In Prison (RadioFreeEurope/RadioLiberty) Belarusian activist Polina Sharendo-Panasyuk has gone on a hunger strike in protest against the unacceptable conditions in the detention center where she is being held in the city of Rechitsa, southeast of Minsk, the Vyasna human rights center said.
Russian Court Sentences Investigative Journalists To 11 Years In Prison In Absentia (RadioFreeEurope/RadioLiberty) The Basmanny Court in Moscow has sentenced Ruslan Leviev, the founder of the Conflict Intelligence Team (CIT), and journalist Maikl Naki to 11 years in prison each in absentia.
A Russian who worked at a US consulate is accused of collecting information for US diplomats (AP News) Russia’s top domestic security agency says a detained former employee of the U.S. Consulate in Vladivostok is accused of collecting information about Russian action in Ukraine and related issues on U.S. diplomats' orders.
Russia accused of intimidating US consulate staff with Ukraine war spying charges (the Guardian) State department says allegations against Robert Shonov are ‘wholly without merit’, as rare footage of detained US citizen Paul Whelan emerges
Sweden charges man arrested last year in predawn raid with spying for Russia (AP) A Russian-born Swedish citizen was charged on Monday with collecting information for the Russian military intelligence service GRU for almost a decade.
Attacks, Threats, and Vulnerabilities
What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS (Cisco Talos) Google introduced the new “.zip” Top Level Domain (TLD) on May 3, 2023, igniting a firestorm of controversy as security organizations warned against the confusion that was certain to occur.
A Global Cyber-Scam Industry Is Booming in Plain Sight in Cambodia (New York Times) Despite announcing a crackdown last year, the illegal operations have continued to flourish, protected by powerful officials with close ties to the government.
The Emergence of Ransomed: An Uncertain Cyber Threat in the Making (Flashpoint) Ransomed, originally an illicit forum, is a ransomware collective that is finding new ways to extort victims by leveraging GDPR laws.
Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack? (We Live Security) Here are six valuable lessons to learn from a recent campaign that targeted the 3CX communication software but actually started with a trojanized version of the X_TRADER financial software.
Think Before You Scan: The Rise of QR Codes in Phishing (Trustwave SpiderLabs) QR Codes, the square images that contain coded information that can be scanned by a smartphone, are becoming increasingly popular.
Spain warns of LockBit Locker ransomware phishing attacks (BleepingComputer) The National Police of Spain is warning of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails.
Lockbit leak, research opportunities on tools leaked from TAs (SecureList) In September of 2022, multiple security news professionals wrote about and confirmed the leakage of a builder for Lockbit 3 ransomware. In this post we provide the analysis of the builder and recently discovered builds.
Notice of Data Event - PurFoods (PurFoods) As part of our mission of improving life through better nutrition at home, PurFoods, LLC [doing business as Mom’s Meals (“PurFoods”)] takes the protection and proper use of personal information very seriously. Unfortunately, earlier this year we experienced a cyberattack that may involve some of our clients’ personal information.
Mom’s Meals discloses data breach impacting 1.2 million people (BleepingComputer) PurFoods, which conducts business in the U.S. as 'Mom's Meals,' is warning of a data breach after the personal information of 1.2 million customers and employees was stolen in a ransomware attack.
Microsoft blames ‘unsupported processor’ blue screens on OEM vendors (BleepingComputer) Microsoft says the recent wave of blue screens impacting some Windows users is not caused by issues in its August 2023 optional updates.
PoC for no-auth RCE on Juniper firewalls released (Help Net Security) WatchTowr Labs Researchers have released a PoC exploit that allows no-auth RCE on Juniper Networks' SRX firewalls.
This Is a Reminder That You’re Probably Oversharing on Venmo (New York Times) The mobile wallet service is a cautionary tale of how apps born at least a decade ago may be exposing more information than you would like.
Flight chaos ‘to last for days’ after air traffic control failure (The Telegraph) Holidaymakers have been warned to expect flight chaos until the end of the week following “a network-wide failure” of the UK’s air traffic control system on one of the busiest days of the year.
UK flight chaos could last for days, airline passengers warned (the Guardian) Technical meltdown in air traffic control causes bank holiday misery, with 500 flights cancelled and others delayed
Government can’t rule out cyber attack caused air traffic chaos (MSN) The Government has not ruled out a cyber attack being behind the failure of air traffic control systems which has led to major delays to flights into and out of the UK.
Personal Data Leaked After Cyber Attack on Maryland Schools (GovTech) The school system in Prince George’s County, Md., suffered a cyber attack on Aug. 14, mainly affecting staff’s user accounts. Now, school officials believe some personal information has been leaked.
Vulnerability Summary for the Week of August 21, 2023 (Cybersecurity and Infrastructure Security Agency CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Trends
Cyber Threat Intelligence Index: 2023 Midyear (Flashpoint) Data, insights, and analysis on the most impactful events and threats of 2023 so far—from ransomware and vulnerabilities to data breaches and insider threat.
CYFIRMA Industry Report : MANUFACTURING (CYFIRMA) The CYFIRMA Industries Report delivers original cybersecurity insights and telemetry- driven statistics of global industries, covering one sector...
78% of Healthcare Organizations Experienced Cyber Incidents in Past Year, 60% of Which Impacted Patient Care (Claroty) Claroty’s Global Healthcare Cybersecurity Study 2023 reveals priorities and challenges amid escalating cyber-physical connectivity
Marketplace
MISI Joins Maryland’s Global Gateway Soft Landing Program (Business Wire) As a formal partner to the Maryland Department of Commerce’s Global Gateway program, MISI will start hosting companies looking to explore the U.S. market on Sept. 1, 2023
CYE Announces the Acquisition of "Baseline" - The Vulnerability Analysis and Prioritization Platform by Cyberillium (PR Newswire) CYE, the industry leader in cybersecurity optimization, today announced the company has acquired Baseline, a vulnerability analysis platform by...
Wiz and SentinelOne merger will create a global cyber giant - What stands in its way? (CTech) Market estimations suggest that SentinelOne will not agree to a deal for less than $18-20 per share, equating to around $6 billion and 25% above the current value
Double Acquisition Highlights How Legal Industry Is Slowly Embracing AI (Wall Street Journal) Legal technology vendor Reveal uses AI and analytics tools to help the legal discovery process.
Radware and Spark NZ Sign Cybersecurity Partnership Agreement (GlobeNewswire News Room) Provide application and network security for organizations in New Zealand, including those in banking, transport, health, and the public sector...
What do you really need for a career in cybersecurity? It's probably not what you think. (CyberScoop) You don’t need to be a programmer, developer, hacker, technocrat, legal expert or even have a college degree to get a job in cybersecurity.
Products, Services, and Solutions
Housing.com ties up with BOXX to provide insurance plan from cyber fraud (Business Standard) This added safeguard protects financial transactions and contributes to an overall secure online environment
Ciphertex Officially Unveils SecureNAS CX-160KSSD-X with Up To 490 TB at The Department of Air Force Information Technology and Cyberpower Education & Training Event (DAFTIC) (PR Newswire) Ciphertex Data Security®, a GSA contract holder (GS-35-487DA), introduces the new durable SecureNAS® CX-160KSSD-X to contribute to the...
Descope Announces No-Code User Journey Orchestration Using Third-Party Connectors (GlobeNewswire News Room) Customers can drag-and-drop actions from a wide variety of external services – such as Google reCAPTCHA Enterprise and Traceable – in their user journeys...
Varonis Opens UK Data Center to Support SaaS Customers (Globe Newswire) Expansion allows Varonis customers to achieve automated data security outcomes while following data privacy principles
Enterprise-Level Cybersecurity for All: Reintroducing OPSWAT Security Score - OPSWAT (OPSWAT) OPSWAT Security Score is a free computer security scan app that helps anyone scan, remediate, and defend computers and/or tablets from cyberthreats.
Keeper Security Announces Seamlessly Integrated Billing with Gradient MSP (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, privileged access, secrets...
Tanium Vulnerability Risk and Compliance Solution Provides ServiceNow Customers with End-to-End Security Response Automation (Tanium) Tanium today announced Tanium Vulnerability Risk and Compliance for ServiceNow – a new solution enabling ServiceNow customers to identify security risks from vulnerabilities and non-compliant configurations and remediate all from within the ServiceNow platform.
Lacework Expands Partnership with Google Cloud to Deliver Enterprise Flexibility in the Cloud (PR Newswire) Lacework, the data-driven cloud security company, today announced an expansion of its partnership with Google Cloud. Several new features will...
Veridas Voice Biometrics Now Available on Genesys AppFoundry (Veridas) Veridas Voice Biometrics Now Available on Genesys AppFoundry Veridas Voice Biometric solution combined with Genesys Cloud CX™ provides customers with a secure and streamlined authentication experience while reducing fraud and improving operational efficiency in your contact center, both in IVR and live-agent interactions. Veridas, a Spanish technology company specializing in digital identity and biometrics, today […]
Better together with GitLab and Google Cloud (GitLab) GitLab’s DevSecOps workflow now integrates with Google Cloud secure Artifact Registry, security scanning, and deployment toolchains.
Introducing Okta for Global 2000: Identity Solution to Give CEOs and Board of Directors Flexibility to Centralize or Decentralize their Business Strategy (Okta) SAN FRANCISCO — August 29, 2023 — Okta, Inc. (NASDAQ: OKTA), the leading independent identity partner, today announced Okta for Global 2000, an industry ...
Technologies, Techniques, and Standards
ChatGPT breaks its own rules on political messages (Washington Post) A Washington Post analysis found that the chatbot will draft political messages tailored for demographic groups, like suburban women or rural men
Academia
University of Tulsa opens cyber research institute (Security) The growing significance of cybercrime and the deficit of cybersecurity workforce fuel the launch of the Oklahoma Cyber Innovation Institute.
Brand New B.S. Degree in Cybersecurity @ RIC (RIC) While the demand for cybersecurity experts is high, the number of qualified professionals is low. In Rhode Island alone, there are currently 2,700 job openings for cybersecurity-related positions. Nationwide there are more than 600,000 unfilled cybersecurity positions.
Legislation, Policy, and Regulation
China Blames US Intelligence Agencies for Cyber Attack on Wuhan Emergency System, Claims Spies Were Probing for Underground Facilities (CPO) China is publicly blaming US intelligence agencies for a late July cyber attack on the Wuhan Earthquake Monitoring Center, claiming that they left evidence behind in the form of unique and complex malware.
Cybercrime set to threaten Canada's security, prosperity - spy agency (Reuters) Organized cybercrime is set to pose a threat to Canada's national security and economic prosperity over the next two years, the national signal intelligence agency said on Monday.
Moscow helping cybercriminals operate with 'near impunity': Canadian Cyber Centre (Toronto Sun) The cybercrime forecast is the latest assessment from the Canadian Centre for Cyber Security, with support from the RCMP.
Cybercriminals in Russia and Iran will threaten Canada’s security and economic prosperity, say intelligence agency and RCMP (The Globe and Mail) Many big Canadian companies have already been hit by ransomware and other malware this year, but these attacks are expected to become more common
Presidential council recommends launching a Department of Water to confront cyberthreats, climate change (CyberScoop) The National Infrastructure Advisory Council is calling for drastic changes to increase the resiliency of U.S. water systems.
US water infrastructure ‘unsustainable’ amid rapidly evolving crisis, report warns (Nextgov.com) The United States is facing an unsustainable demand for water and lacks the security posture to defend the nation’s water systems from emerging threats, according to a new report.
Litigation, Investigation, and Law Enforcement
SEC Settles First NFT Enforcement Action, Against Media Company Impact Theory (Wall Street Journal) The Securities and Exchange Commission on Monday announced its first enforcement action against an issuer of non-fungible tokens, a corner of the digital-asset market that regulators had not yet touched.
The SEC said a Los Angeles-based media and entertainment company, Impact Theory, raised $30 mil
NFTs Are Securities, SEC Alleges (Information) Podcast firm Impact Theory agreed to a cease and desist order and to pay a $6.1 million fine to settle Securities and Exchange Commission charges that it offered and sold unregistered securities in the form of NFTs. The settlement marks the first SEC enforcement action alleging that digital collectibles are securities, and signals the potential for a broader regulatory crackdown on NFTs....
Ignored by police, twin sisters took down their cyberstalker themselves (Washington Post) Weak laws discouraged police from investigating a serial cyberstalker who was spreading nude photos of several women online
Crypto regulatory affairs: US Court of Appeals upholds Tornado Cash sanctions | Elliptic (Elliptic Connect) The 5th Circuit Court of Appeals’ decision is a major victory for the US government in its efforts to crack down on the use of crypto for illicit activities. Read more.