Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+554: Taking the war into occupied territory. (CyberWire) Drone wars, long-range strike, obstacle breaches, and cyber lessons learned. As Ukraine continues its push in the south, observers marvel at the success Russia's nuclear saber-rattling has achieved.
Russia-Ukraine war: List of key events, day 555 (Al Jazeera) As the war enters its 555th day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 555 of the invasion (the Guardian) Russia-installed authorities hold elections in occupied parts of Ukraine; Kuleba hits out at critics of counteroffensive
WSJ News Exclusive | Ukrainian Counteroffensive Pierces Main Russian Defensive Line in Southeast (Wall Street Journal) After three months of grinding advances in its Western-backed counteroffensive, Kyiv has accelerated its thrust along its main line of attack.
Ukrainian forces advance towards 'first line' of Russian defenses in southern Zaporizhzhia region (CNN) Ukrainian forces said they had penetrated the “first line” of Russian strongholds in the Zaporizhzhia region, in a sign that Kyiv is edging closer to Moscow’s sprawling network of fortified trenches along the southern front.
With a Village Recaptured, Ukraine Takes the Next Step in Its Counteroffensive (NYTimes) After penetrating Russian defenses to retake the village of Robotyne, Ukrainian forces have pushed the fight a few miles east, but formidable obstacles lie ahead.
Russian official claims 'unidentified object' over Pskov Oblast (The Kyiv Independent) Pskov Oblast Governor Mikhail Vedernikov claimed that an unknown aerial object was detected in the region on Aug. 31.
Zelenskiy Says Ukraine Has Developed A Long-Range Weapon, A Day After A Strike Deep Inside Russia (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy says his country has developed a weapon that hit a target 700 kilometers away, in an apparent reference to the previous day’s strike on an airport in western Russia.
Ukraine live briefing: Zelensky touts new Ukrainian-made long-range weapons (Washington Post) Ukrainian President Volodymyr Zelensky claimed that Ukraine has successfully used new domestically made long-range weapons, saying in his nightly address that they hit a target 700 kilometers, about 435 miles, away on Thursday. Zelensky didn’t say what the weapons were or whether they were used in a test or against an enemy target.
Ukraine Defense Ministry asks for ‘ammunition, not advice’ in new video (The Hill) The Ukraine Defense Ministry asked for “ammunition, not advice” in a new video Thursday, following recent criticism from U.S. officials over Kyiv’s strategy amid a slow-moving counteroffensive.
Kazakh Aviation Authorities Warn Of Threat To Flight Safety In Russia (RadioFreeEurope/RadioLiberty) The Russian Defense Ministry has repeatedly confirmed drone attacks that have affected flights at Russian airports.
Russian War Report: Russia deploys revamped cruise missile warship (Atlantic Council) Russia has deployed one of its biggest warships, which serves as a cruise missile launch platform, from a Black Sea port.
Ukrainians complete training on Abrams tanks as Kyiv makes battlefield gains (POLITICO) Ten of 31 promised U.S. tanks are expected to arrive in the country by mid-September.
The Three Fingers of Death Have Arrived in Ukraine (Popular Mechanics) The Czech Republic’s notorious Kub air defense vehicles are now active on the ground against Russia. Could they use Western missiles?
What’s Stopping Ukraine From Flying F-16s (New York Times) Ukraine’s sense of urgency in obtaining the fighter jet reflects concerns about the war against Russia, but also the political calendar in the West. But training pilots and support crew is a lengthy process.
Ukraine could get '5th-gen' AMRAAM weapons in 3 years (Defense One) Raytheon completed the first flight test of a new variation of the air-to-air missile in June.
Russia is losing in Ukraine but winning in Georgia (Atlantic Council) If Putin is able to reassert Russian dominance over Georgia while continuing to occupy 20% of the country, he will be encouraged to believe that a similar outcome will eventually prove possible in Ukraine, writes Giorgi Kandelaki.
Putin’s Russia must not be allowed to normalize nuclear blackmail (Atlantic Council) Vladimir Putin has used nuclear threats to intimidate the West and reduce the flow of military aid to Ukraine. If this trend does not change, Russia will succeed in normalizing nuclear blackmail as a foreign policy tool, writes Olivia Yanchik.
How Russia Globalized the War in Ukraine (Foreign Affairs) The Kremlin’s pressure-point strategy to undermine the West.
‘A success for Kremlin propaganda’: how pro-Putin views permeate Italian media (the Guardian) With pro-Russia commentators regularly appearing on TV, Italians are less likely to back Ukraine than people in most other EU states
New Russian High School Textbooks Seek to Justify War in Ukraine (New York Times) The textbooks, which cover Russian history from 1945 to present, also reimagine the brutality of Joseph Stalin’s policies.
Government Agencies Report New Russian Malware Targets Ukrainian Military (National Security Agency/Central Security Service) U.S. federal agencies and international partners published a report warning of a new malware campaign from Russian military cyber actors known publicly as Sandworm.
Russian military hackers take aim at Ukrainian soldiers' battle plans, US and allies say (CNN) Russian military hackers have been targeting Ukrainian soldiers’ mobile devices in a bid to steal sensitive battlefield information that could aid the Kremlin’s war on Ukraine, the US and its allies warned Thursday.
Anonymous Sudan hits X, La Poste and AO3 with fresh DDoS cyberattacks (Tech Monitor) Anonymous Sudan has been busy on recent days, making a string of claims and demands on its Telegram channel including a new attack on AO3.
The Return of Hacktivism: A Temporary Reprise or Here for Good? (ReliaQuest) The revival of hacktivism has largely been facilitated by one event: Vladimir Putin’s “special military operation,” or Russia’s invasion of Ukraine.
Ukraine: The First Cyber Lessons (AFCEA International) As Russia advanced toward Kyiv, the country mounted a massive digital evacuation while sustaining vital digital services to minimize the looming humanitarian crisis.
Ultra-nationalist military blogger arrested in Moscow | CNN (CNN) A Russian military blogger who has written critically of Russia’s conduct in Ukraine was arrested in Moscow Thursday, according to state news agency RIA Novosti.
Belarus Sentences Journalist To 3 1/2 Years In Prison For 'Extremism' (RadioFreeEurope/RadioLiberty) A court in Belarus has sentenced journalist Larysa Shchyrakova to 3 1/2 years in prison after finding her guilty of "facilitating extremist activities" and "discrediting" Belarus as a crackdown on dissent by the country's authoritarian ruler Alyaksandr Lukashenka continues.
Ukraine Ready To Store And Re-Export Gas To EU This Winter, Operator Says (RadioFreeEurope/RadioLiberty) Ukraine is ready to store and re-export European gas for the 2023/2024 winter, the country's gas transmission operator said.
Turkish Foreign Minister Stresses Importance Of Reviving Grain Deal In Meeting With Lavrov (RadioFreeEurope/RadioLiberty) Turkey's foreign minister has emphasized how important reviving the Black Sea Grain Initiative is to global food security during a meeting in Moscow with Russian Foreign Minister Sergei Lavrov.
North Korea and Russia meet over arms deal, U.S. intel reveals (POLITICO) The White House says Vladimir Putin and Kim Jong-Un exchanged letters about working together.
U.S. Sanctions Russian Company Over Alleged Support for North Korean Weapons Programs (Wall Street Journal) The move, coordinated with South Korea and Japan, came after a summit with the countries at Camp David.
British defence firm BAE sets up Ukrainian base (Reuters) British defence company BAE Systems said on Thursday it had set up a local entity in Ukraine and signed deals with the government there to help ramp up Kyiv's supply of weapons and equipment.
Attacks, Threats, and Vulnerabilities
SapphireStealer: Open-source information stealer enables credential and data theft (Cisco Talos Blog) SapphireStealer, an open-source information stealer, has been observed across public malware repositories with increasing frequency since its initial public release in December 2022. Information-stealing malware like SapphireStealer can be used to obtain sensitive information, including corporate credentials, which are often resold to other threat actors who leverage the access for
Hackers modify open-source ‘SapphireStealer’ malware, leading to multiple variants (Record) Hackers are modifying the open source code of a popular malware strain, adding tools and functions that make it easier to steal data.
Threat Actors Adopt, Modify Open Source 'SapphireStealer' Information Stealer (SecurityWeek) Cisco has observed multiple threat actors adopting the SapphireStealer information stealer after its source code was released on GitHub.
GhostSec Breaches And Exposes Iranian Surveillance System (TechWorm) A hacktivist collective, “GhostSec,” has claimed credit for successfully taking down Iran’s FANAP Behnama software, a privacy-invading tool allegedly used
VMConnect supply chain attack continues, evidence points to North Korea (ReversingLabs) ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, and evidence linking the campaign to North Korean threat actors.
North Korean hackers behind malicious VMConnect PyPI campaign (BleepingComputer) North Korean state-sponsored hackers are behind the VMConnect campaign that uploaded to the PyPI (Python Package Index) repository malicious packages, one of them mimicking the VMware vSphere connector module vConnector.
Exploitation of Juniper Networks SRX Series and EX Series Devices | Rapid7 Blog (Rapid7) On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices
New MaaS Prysmax Launches Fully Undetectable Infostealer (CYFIRMA) EXECUTIVE SUMMARY The CYFIRMA research team has discovered a new malware-as-a-service known as Prysmax. The developer behind Prysmax claims that...
CISA Warns of Hurricane-Related Scams (Cybersecurity and Infrastructure Security Agency CISA) CISA urges users to remain on alert for malicious cyber activity following natural disasters, such as hurricanes, as attackers target disaster victims and concerned citizens by leveraging social engineering tactics, techniques, and procedures (TTPs).
Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware (Securonix) Securonix Threat Labs Security Advisory: Threat Actors Target MSSQL Servers in DB#JAMMER to Deliver FreeWorld Ransomware
LockBit Builder Leak Leads to Flood of Ransomware Variants (Security Boulevard) The leak 11 months ago of the builder for the LockBit 3.0 ransomware opened the door for any threat actor to create their own customized versions of the
Fresh Phish: The Case of the PepsiCo Procurement Ploy (INKY) When a company generating more than $86 billion in net revenue reaches out to do business with you, chances are they’ll have your full attention.
Decrypting Key Group Ransomware: Emerging Financially Motivated Cyber Crime Gang (EclecticIQ) EclecticIQ researchers assess that Key Group is primarily a Russian speaking, financially motivated threat group using Telegram to negotiate ransom.
Unmasking Trickbot, One of the World’s Top Cybercrime Gangs (WIRED) A WIRED investigation into a cache of documents posted by an unknown figure lays bare the Trickbot ransomware gang’s secrets, including the identity of a central member.
Montreal electricity organization latest victim in LockBit ransomware spree (Record) The LockBit ransomware gang continues to dominate headlines and cause concern among cybersecurity experts with a spate of attacks on critical organizations, governments and businesses.
LockBit ransomware gang targets electrical infrastructure organization in Montreal (teiss) The LockBit ransomware gang has again caught the attention of cybersecurity experts and organizations worldwide through new attacks on the Commission des services électriques de Montréal (CSEM).
Forever 21 data breach: hackers accessed info of 500,000 (BleepingComputer) Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had their personal information exposed to network intruders.
Forever 21 data breach affects half a million people (TechCrunch) The clothing giant said it had "taken steps" to ensure the hacker no longer has the stolen data, but would not say if it paid a ransom.
PBI Data Breach Due to MOVEit Vulnerability Affects Customers of Continental Casualty Company (JD Supra) On August 25, 2023, Pension Benefit Information, LLC (“PBI”) filed a notice with the Attorney General of Maine on behalf of Continental Casualty...
Paramount confirms data breach after cyberattack (Record) The movie studio and streaming giant Paramount confirmed a data breach this week involving the personal information of fewer than 100 people.
University of Sydney Discloses Third-Party Data Breach (Gizmodo) The University of Sydney has disclosed a data breach potentially affecting international students.
'Ransomware event' kept Chambersburg Area schools closed for three days (Fox43) All schools will be open on a regular schedule for Friday, Sept. 1 with heavy limitations on internet usage due to the "ransomware event."
Pennymac, RoundPoint clients exposed to global data breach (National Mortgage News) The customers were affected by an incident involving a Progress Software program used by Sovos Compliance.
Cyberattack hits Suffolk school (Computing) A cyberattack has hit a secondary school in Suffolk, taking down computer facilities before the new term begins.
Lidl recalls Paw Patrol snacks after website on packaging displayed porn (TechCrunch) Superstore giant Lidl recalled Paw Patrol snacks after a website listed on the packaging displayed explicit content unsuitable for children.
Important Notice Product Recall (Lidl) Lidl GB is recalling the above-mentioned branded product as we have been made aware that the URL of the supplier which is featured on the back of the packaging has been compromised and is being directed to a site that is not suitable for child consumption.
Why Are Healthcare Data Breaches So Expensive? (Health IT Security) The complexity and volume of health data, paired with its status as a highly regulated critical infrastructure sector, make healthcare data breaches more expensive than those in other sectors.
Security Patches, Mitigations, and Software Updates
VMware Releases Security Update for Tools (Cybersecurity and Infrastructure Security Agency CISA) VMware has released a security update to address a vulnerability in VMware Tools. A cyber threat actor can exploit this vulnerability to obtain sensitive information.
Trends
A Brief History of ICS-Tailored Attacks (Dark Reading) It's on the cyber defenders to learn from the past and make industrial control system networks hostile to attackers.
Numbers Don't Lie: Exposing the Harsh Truths of Cyberattacks in New Report (The Hacker News) BlackBerry Global Threat Intelligence Report unveils eye-opening stats from 90 days of real-world data analysis. Uncover the truth behind cyber threat
Marketplace
SentinelOne Drops Wiz Alliance After Citing Cyber Startup’s ‘Lack of Execution’ (Bloomberg) Firm says Wiz partnership was not material to business. Wiz said last week it is considering a bid for SentinelOne.
SentinelOne terminates cooperation with Wiz amidst takeover talk (CTech) Wiz expressed its intention to acquire SentinelOne this past weekend despite being a relatively young startup while the latter is a decade-old public company employing almost three times its workforce
Fortinet Recommends Stockholders Reject TRC Capital Investment Corporation's (financialpost) Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced it has been notified of an unsolicited “mini-tender” offer by TRC Capital Investment Corporation (TRC) to purchase up to 2,000,000 shares of Fortinet’s common stock at a price of $55.55 per share in cash.
Essay | The Real Story of Musk’s Twitter Takeover (Wall Street Journal) In an exclusive excerpt from his new biography ‘Elon Musk,’ Walter Isaacson offers a behind-the-scenes look at one of the most surprising and controversial decisions of the mogul’s career.
Qrypt Appoints Christopher Moretti to Board of Advisors (Business Wire) Qrypt, the pioneering quantum-secure encryption company, today announced Christopher Moretti, vice president of global technology and cloud transformation at Evernorth Health Services, a division of The Cigna Group, is joining Qrypt’s esteemed board of advisors (BoA).
Products, Services, and Solutions
Softprom signs distribution agreement with Votiro, Zero Trust Content Security (Softprom) Softprom, a Value-Added IT Distributor announces a distribution agreement with Votiro, the category leader in disarming and delivering safe, fully-functional content.
Tufin Enhances Channel Program With New Community and Collaboration Tools to Support Growing Partner Base (Business Wire) Company Launches New Partner Portal, Deal Registration Enhancement, Updated Demo Tools, Lead Sharing, Improved Training and Certification Tracks and Interactive Community Tools
X Plans to Collect Biometric Data, Job and School History (Bloomberg) In policy shift, X will expand the type of data it gathers. Employment, education history will be used to recommend jobs.
Xcitium partners with AquaOrange to cut cyber crime in Pakistan (Daily The Azb) Xcitium has named AquaOrange as its sole distributor for Pakistan, one of the fastest-growing markets in Asia. – Daily The Azb
ZeroFox Enhances Physical Security Intelligence with Powerful Interactive Mapping Capabilities and Comprehensive Threat Research (GlobeNewswire News Room) New features give security teams greater visibility into types of threats and geographic locations, allowing them to research, track, and assess physical...
SentinelOne® Launches on Google Cloud Marketplace (SentinelOne) Customers using Google Cloud can now purchase SentinelOne’s autonomous cybersecurity solutions to improve enterprise protection
LogRhythm Announces Partnership with Cimcor for Enhanced Cybersecurity Capabilities (Business Wire) LogRhythm SIEM combined with CimTrak provides the ability to immediately detect and remediate threats across the enterprise
Technologies, Techniques, and Standards
[Analyst Report] SANS 2023 DevSecOps Survey (Synopsys) The latest SANS DevSecOps Survey addresses the key success factors in DevSecOps, current challenges organizations face, industry trends, and critical focus areas for a successful DevSecOps program.
SANS 2023 DevSecOps Survey (Application Security Blog) New 2023 SANS DevSecOps Survey explores DevSecOps challenges and trends.
The misalignment between business leaders and security staff (Security Info Watch) As the adoption of multi-cloud environments continues to expand, a strong cybersecurity program will only become more important
The power of passive OS fingerprinting for accurate IoT device identification (Help Net Security) Passive OS fingerprinting involves analyzing network traffic patterns and behaviors generated by the devices to determine their OS.
Colombian Navy Leads First Cyber Operations Exercise in UNITAS (Diálogo Américas) The Colombian Navy led the first cybersecurity, cyber defense, and cyber intelligence exercise as part of international exercise UNITAS LXIV, held in Cartagena July 11-21. This was the first time in the history of UNITAS that such an exercise was carried out.
What We Know About Email Aliases Biden Used While VP (Time) A White House official tells TIME Biden's use of email aliases is a common practice among senior government officials. Here's what we know.
Free Decryptor Available for 'Key Group' Ransomware (SecurityWeek) EclecticIQ has released a free decryption tool to help victims of the Key Group ransomware recover their data without paying a ransom.
Design and Innovation
Companies Will Use Generative AI. But Will They Tell You About It? (Wall Street Journal) Business leaders are divided on whether customers always need to know the technology has been used.
Meta releases a dataset to probe computer vision models for biases | TechCrunch (TechCrunch) Meta has released a new dataset, FACET, to probe computer vision models for biases against certain 'classes' of people.
PRESS RELEASE: Forging a Quantum-Secure Future - SSH Communications Security Joins NIST PQC Migration Consortium (GlobeNewswire News Room) Leading Defensive Cybersecurity Company SSH Communications Security has become part of the US National Institute of...
Apple explains why it backed away from scanning for abuse materials (Computing) In an exchange between a child safety group and Apple, the tech giant's has explained why the company abandoned its 2021 plans to scan the contents of customers iCloud accounts for child sexual abuse materials (CSAM).
Research and Development
Protecting the protectors: Virginia Tech researchers work to secure power grid communication on military bases. (Newswise) For months, U.S. officials have been sniffing out malicious computer code that they suspect to be planted inside the power grid and communication control system
Legislation, Policy, and Regulation
Algorithmic Warfare: NATO Ponders Using Article Five for Cyber Attacks (National Defense) The North Atlantic Treaty Organization in July announced its endorsement of a “new concept” for cyber defense to counter a rise in threats to member nations and the alliance as a whole.
UK government urged to accelerate AI regulatory regime, cybersecurity principles (CSO Online) UK House of Commons Science, Innovation and Technology Committee identifies 12 challenges of artificial intelligence governance that policymakers and frameworks must meet.
Australia Will Not Force Adult Websites To Bring In Age Verification Due To Privacy and Security Concerns (Slashdot) The federal government of Australia will not force adult websites to bring in age verification due to concerns around privacy and security of the technology. The Guardian reports: On Wednesday, the communications minister, Michelle Rowland, released the eSafety commissioner's long-awaited roadmap f...
Insecure Code: Software Makers May Be Held Liable with New Legislation (Software Development Times) The ongoing debate in the United States regarding software developers’ responsibility for bugs in code that lead to security breaches has gained significant attention as cybersecurity incidents increase. In an effort to address the growing cybersecurity challenges the nation faces, the Biden administration has taken a stance on this issue.
CISA still working with some agencies to fully follow federal vulnerability disclosure policy rules (FedScoop) A small number of federal agencies are still working with CISA on fully following rules concerning vulnerability disclosure requirements.
NSA insider to succeed George Barnes as agency’s deputy director (Record) Wendy Noble will take over the top civilian job at the NSA after a long career within the agency and the Defense Department.
Navy Cyber Defense Operations Command awarded Meritorious Unit Commendation (Military News) Navy Cyber Defense Operations Command (NCDOC) was recently awarded a Meritorious Unit Commendation for unit achievements between Jan. 1, 2021 and Feb. 10, 2023.
Litigation, Investigation, and Law Enforcement
Q&A With Silicon Valley Prosecutor Taking Aim at Crypto ‘Pig-Butchering’ Scams (Wall Street Journal) Erin West, a Santa Clara deputy district attorney, is known in crypto law-enforcement circles for raising awareness on the scams and helping victims get their money back.
The Inventor Behind a Rush of AI Copyright Suits Is Trying to Show His Bot Is Sentient (WIRED) Stephen Thaler’s series of high-profile copyright cases has made headlines worldwide. He’s done it to demonstrate his AI is capable of independent thought.
Texas law requiring age verification on porn sites ruled unconstitutional [Updated] (Ars Technica) Texas was supposed to start enforcing the law tomorrow.
Industry Reactions to Qakbot Botnet Disruption: Feedback Friday (SecurityWeek) Industry professionals comment on the law enforcement operation targeting the Qakbot botnet and its implications.