Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+558: Drone strikes and Ukraine's push against Russia's prepared defenses. (CyberWire) Ukraine now occupies ground past Russia's main defensive line. Drone strikes disrupt flights at Moscow airports. Russia hits Danube ports as it refuses to restore the Black Sea grain deal.
Ukraine at D+557: Ukraine works to exploit local breaches in Russian lines. (CyberWire) Ukraine works to exploit local breakthroughs as Russia resumes drone strikes against grain facilities on the Danube.
Ukraine at D+556: Breakthroughs and the potential for mobile action. (CyberWire) Ukraine claims to have breached the main Russian defense lines in Zaporizhzhia. Russia works to control the wartime narrative for a domestic audience.
Ukraine at D+555: Russia seeks to stop Ukrainian advance in the south. (CyberWire) Ukraine claims breakthroughs, and Russia insists it remains "invincible."
Russia-Ukraine war: List of key events, day 559 (Al Jazeera) As the war enters its 559th day, these are the main developments.
Ukraine-Russia war latest: Ukraine approaching 'final layer' of key defensive line (The Telegraph) Ukrainian troops have reached the third and “final layer” of a key Russian line of defence, according to war analysts.
Russia-Ukraine war live: footage appears to show British Challenger 2 tank destroyed in combat for first time (the Guardian) Battlefield video appears to show destruction of British tank, which would be first time one has been destroyed in combat
Russia Says It Downed Ukraine-Launched Drones Targeting Moscow (RadioFreeEurope/RadioLiberty) Russia shot down at least three Ukraine-launched drones early on September 5 that were targeting the country's capital, the Russian Defense Ministry said.
View From The Front Amid Ukrainian 'Breakthrough' Claims (RadioFreeEurope/RadioLiberty) Intense fighting is under way in southern and northeastern Ukraine as Kyiv claims that the first line of Russian defense in one sector has been broken. Russian forces, meanwhile, are reportedly piling pressure on other areas.
Russia-Ukraine war at a glance: what we know on day 559 of the invasion (the Guardian) No evidence of Black Sea grain deal breakthrough; Russian general Surovikin resurfaces
Ukraine-Russia war live: Ukraine says it has 'evidence' drones landed inside Nato territory (The Telegraph) Ukraine’s foreign minister said Kyiv has “photographic evidence” that Russian drones landed in Nato territory early on Monday, directly contradicting Romania’s denial of the incident.
Ukraine Has Won the Battle to Penetrate Russia’s First Defensive Belt (What Happens Now?) (19FortyFive) Ukraine revealed that their forces finally broken through the first line of Russia’s vaunted main line of defense in the Zaporezhia region. A careful analysis of the tactical situation, however, reveals the situation for the UAF remains tenuous.
Ukraine Wants to Break Through Russian Defenses. That’s Only the First Step. (Wall Street Journal) Breaching Russian lines would be only the start. Flooding Ukrainian troops into a gap could prove even harder.
Russia Pulls Armata Tanks From Ukraine (The Defense Post) Russia has reportedly pulled its T-14 Armata tanks from Ukraine. The tanks were deployed earlier this year as part of their combat assessment.
Russian Drones Target Ukrainian Port Ahead Of Putin-Erdogan Meeting On Grain Exports (RadioFreeEurope/RadioLiberty) Russia launched a massive drone strike on a major Ukrainian grain-exporting port in the southern Odesa region early on September 4, damaging warehouses and production buildings just hours before Russian President Vladimir Putin was set to hold talks with Turkish counterpart Recep Tayyip Erdogan.
Russia-Ukraine war: List of key events, day 557 (Al Jazeera) These are the main developments as the Russian invasion of Ukraine enters its 557th day.
Russia-Ukraine war at a glance: what we know on day 558 of the invasion (Guardian) Volodymyr Zelenskiy to dismiss defence minster Oleksii Reznikov; Russia strikes port infrastructure in Odesa critical to grain exports
Live updates: Russia's war in Ukraine (CNN) Ukrainian President Volodymyr Zelensky said his country's counteroffensive is pushing forward despite "what anyone says." Follow here for live updates.
Ukraine Claims Big Breakthrough, Says Russian Lines Breached In South (NDTV.com) Kyiv's army has made an important breakthrough by breaching Russian lines in southern Ukraine, a key general told British media this weekend, saying he now expected faster progress in the Zaporizhzhia area.
How the Ukraine Counteroffensive Can Still Succeed (Time) The Ukrainian counteroffensive is going slow, but success is still possible
Romania's fury over Russian strike on Ukrainian port near its border (The Telegraph) Russian drones hit Danube River port infrastructure critical to Ukraine's grain exports
Russia Attacks Ukrainian Port in Odesa Region, Injuring at Least 2 (New York Times) The assault came as Ukraine’s president announced that two more ships had traveled through a temporary corridor established by Kyiv after Moscow pulled out of the Black Sea grain deal.
What's at stake when Turkey's leader meets Putin in a bid to reestablish the Black Sea grain deal (AP News) Turkish President Recep Tayyip Erdogan will meet with Vladimir Putin in a bid to persuade the Russian leader to rejoin the Black Sea grain deal that Moscow broke off from in July.
A Brutal Path Forward, Village by Village (New York Times) As Ukraine pushes slowly forward in its counteroffensive, it’s relying heavily on the effort of hundreds of small-scale assault groups, each tasked with attacking a single trench, tree line or house.
Ukraine’s victory is closer than ever – but a shattered Russia is nothing to celebrate (The Telegraph) Superior weapons and strong morale are giving Ukrainian troops a crucial edge in battle
‘Everything is ahead of us’: Ukraine breaks Russian stronghold’s first line of defence (the Guardian) In an exclusive interview, a leading Ukrainian general says his forces have made a vital breakthrough in near Zaporizhzhia
Ukraine counteroffensive breaks through Russia’s strongest defense line in south (New York Post) The breakthrough came after weeks of slow progress as Ukrainian forces cleared minefields in the near Zaporizhzhia amid the counter-push, a high-ranking military official said.
Ukrainian counteroffensive has made ‘notable’ progress in south over past three days, US says (the Guardian) White House spokesman John Kirby also said reports quoting anonymous US officials criticising Ukrainian effort were ‘not helpful’
Ukraine-Russia war: Drone strike sets fire to Moscow factory making missile microchips (The Telegraph) The United States has praised Ukraine for making “notable progress” in its counter-offensive.
Ukraine war: Drone attack on Pskov airbase from inside Russia - Kyiv (BBC News) Ukraine's military intelligence chief says two planes were damaged and two destroyed in Tuesday's attack.
Ukrainian Defense Minister Reznikov Submits Resignation Letter (Radio Free Europe | Radio Liberty) Defense Minister Oleksiy Reznikov has submitted his resignation, paving the way for Rustem Umerov, a Ukrainian politician of Crimean Tatar origin, to take his place.
Zelensky to replace Ukraine’s wartime defense minister (The Hill) Ukrainian President Volodymyr Zelensky announced Sunday that he would replace Minister of Defense Oleksiy Reznikov with Rustem Umerov.
Rustem Umerov: who is Ukraine’s next defence minister? (the Guardian) The Crimean Tatar, who is set to replace Oleksii Reznikov, has played a key role in negotiations with Russia
The era of the tank is far from over (The Telegraph) Like all military capability, it is about how you use it. The Russians are doing so extremely poorly
Putin Races Against the Clock (Foreign Affairs) The dangers of a desperate Russia.
Prigozhin Is Dead. The Culture He Represented Lives On (Time) Prigozhin was both a model for Russian criminals and a manifestation of a fundamental truth about Russia
Russian Nationalist Igor Girkin Announces Plan To Challenge Putin in Next Year’s Presidential Elections (The New York Sun) Jailed critic calls the Russian president a 'lowlife' and 'cowardly bum.'
Russia-led alliance holds military drills in Belarus (Military Times) Belarus’ defense ministry said the exercises, lasting through Wednesday, are to prepare for joint operations, including responses to a nuclear accident.
Putin is waging a forever war. The west can’t pull the plug on Ukraine now (the Guardian) Moscow won’t stop short of subjugation of Kyiv. That’s why the Nato allies must ignore talk of talks and start fighting to win
What Tolstoy Can Teach Us About Geopolitics (Time) To understand what might happen next in this tumultuous world, one needs a literary imagination, writes Robert D. Kaplan
Why the US will decide Ukraine’s fate (The Spectator) As Ukraine marked its 32nd national holiday since independence, news from the front lines and the wider world appeared better than perhaps in any week since the recapture of Kherson in November. In Zaporizhzhia, the hard-fought front lines moved a few miles forward. In Crimea, a missile strike took out a Russian S-400 anti-aircraft complex
As Ukraine Prepares to Get F-16s, US Provides AMRAAM Missiles (Air & Space Forces Magazine) Ukraine will receive AIM-120 AMRAAM advanced air-to-air missiles from the U.S. use on its aircraft, Ukrainian officials said.
Netherlands, Romania and Lockheed agree to open F-16 training center (Breaking Defense) The letter of intent comes after the Biden administration approved the re-export of the fourth generation jets to Ukraine.
Russia claims its Sarmat ICBM is on ‘combat duty' (The Japan Times) Russian military analysts said the announcement meant that the missile had been deployed in a silo and was ready to be used.
Putin henchman Medvedev pinpoints the next nation Russia may target for invasion (Express.co.uk) Dmitry Medvedev warned Russia "will not hesitate" to act if Moscow deemed it necessary.
Kosovo's President Accuses Serbia Of Following 'Putin's Plan' By Destabilizing Balkans (RadioFreeEurope/RadioLiberty) Kosovar President Vjosa Osmani has accused Serbia of trying to destabilize the Western Balkans in a similar fashion to how she said Russia acted against Ukraine in 2014.
Seoul's spy agency says Russia has likely proposed North Korea to join three-way drills with China (AP News) Russia has likely proposed that North Korea participate in three-way naval exercises with China, according to a lawmaker who attended a closed-door briefing with the director of South Korea’s top spy agency.
Kremlin silent on Chinese map claiming part of Russia's territory (Newsweek) The Russian Far East was part of the Qing Empire until 1860, Steve Tsang of the School of Oriental and Africa Studies in London, told Newsweek.
The West is tantalisingly close to crushing its biggest security threat - so why hesitate? (The Telegraph) As Ukraine continues to erode Russia's military machine, those who call for Putin to not be humiliated must be disregarded
Putin Opens School Year In Russia But New History Textbook Given Failing Grade (RadioFreeEurope/RadioLiberty) Russian students began the first day of a new school year with words of encouragement from President Vladimir Putin and a revised history textbook that critics say is intended to “incite anger toward Ukrainians” and explain to future conscripts “why they are putting on uniforms and boots.”
Who Assassinated Prigozhin? Duh, the English (CEPA) Russia’s belief in the cunning of UK spies and saboteurs is a go-to explanation when things go wrong for the Kremlin.
Tech firms fail to tackle Russian propaganda - EU (BBC News) Russian disinformation has increased on X since Elon Musk's takeover, according to a report.
Elon Musk’s New Twitter Policies ‘Helped Spread Russian Propaganda’ (Kyiv Post) A report released by the EU says a number of social media platforms “failed to implement” new rules designed to combat Kremlin disinformation.
What is Anonymous Sudan about? The mysterious group behind latest X outage (Republic World) Anonymous Sudan emerged as the hacktivist group behind the outage that impacted social media platform X on Tuesday. It also had a message for Elon Musk.
An inside look at Ukraine's cyber war with Russia (NPR) Ukraine is also fighting a cyber-war against Russia as the battlefield counter-offensive grinds on. A top Ukrainian intelligence official gives NPR an inside look.
Pro-Russian cyber terrorists hack and leak UK security information (Express) The United Kingdom's National Cyber Security Centre (NCSC) issued an "official threat notice" to companies operating critical national infrastructure over fears of "increased" instances of cyber attacks from mercenaries sympathetic to Russia.
Russian cyber-attacks ‘relentless’ as threat of WW3 grows, expert warns (The Independent) An attack on security firm Zaun, which holds information on militarily sensitive sites, has been described as ‘serious and of huge concern’
Breaking: UK MoD attacked by LockBit (Computing) The compromise of a third-party supplier has exposed sensitive information about British intelligence.
Kremlin hackers leak UK Ministry of Defence data in 'very damaging' attack (Express.co.uk) Kevan Jones MP described the hack as "potentially very damaging to the security of some of our most sensitive sites".
Russia 'likely' sponsored cyber-attack on UK to steal military secrets (Mail Online) A professor of cybersecurity said that last month's attack, which saw a Russia-linked hacker group steal 10GB of sensitive military data was 'likely' sponsored by the Russian state
Russia linked hackers hit UK Ministry of Defence as security secrets leaked (Mirror) Hackers targeted the database of a firm which handles the security for some of Britain's most secretive sites - including a nuclear submarine base and a chemical weapon lab
Ministry of Defence hit by Russia-linked hackers as security secrets leaked (The Sun) THE Ministry of Defence has been hit by hackers with links to Russia, as security secrets have been leaked and the data posted online. Hackers have released thousands of pages of information with c…
Putin's regime 'likely' sponsored cyber-attack on Britain by Russia-linked hackers who acquired secrets about military sites then leaked them onto the dark web amid tensions over Ukraine, expert warns (Daily Mail) A top cybersecurity expert says that the Kremlin likely sanctioned the attack The hack saw sensitive information about the UK's military leaked online Sensitive information about the home of the Trident nuclear programme was leaked
German financial agency site disrupted by DDoS attack since Friday (BleepingComputer) The German Federal Financial Supervisory Authority (BaFin) announced today that an ongoing distributed denial-of-service (DDoS) attack has been impacting its website since Friday.
Russian cyber-attacks ‘relentless’ as threat of WW3 grows, expert warns (Yahoo News) An attack on security firm Zaun, which holds information on militarily sensitive sites, has been described as ‘serious and of huge concern’.
When Elon Musk’s ‘flying sofas’ give Ukraine internet access, we can’t sit comfortably | John Naughton (the Guardian) The Starlink system has been vital to Zelenskiy’s forces, but it can’t be good to have a volatile billionaire playing a crucial role in a major European war
Russian Taxi Law Requiring Companies To Share Data With FSB Goes Into Effect (RadioFreeEurope/RadioLiberty) A law requiring taxi companies to provide the Federal Security Service (FSB) with data on riders' trips has come into force.
Zelenskiy, Macron Discuss Grain, Odesa Security In Phone Call (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy’s office said he discussed the transport of Ukrainian grain exports and the security of the Odesa region in a phone call with French leader Emmanuel Macron on September 3.
Russian Airlines Have Imported Over $1 Billion In Parts For Airbus & Boeing Aircraft Since May 2022 (Simple Flying) Sanctions by the West were imposed in February 2022 following Russia's invasion of Ukraine.
Indonesia’s economy will surpass Russia’s sooner than expected. Here’s what that says about the global economy. (Atlantic Council) In 2026, Indonesia is expected to surpass Russia to become the world’s sixth largest economy
Nobel Foundation reverses decision to invite Russia to prize ceremony following backlash (CNN) The Nobel Foundation has U-turned on a controversial decision to invite the ambassadors of Russia, Belarus and Iran to the Nobel Prize award ceremony after facing widespread criticism.
Nobel Committee Says Russia Is 'Trying To Silence' Peace Laureate Dmitry Muratov (RadioFreeEurope/RadioLiberty) Russia is trying "to silence" the 2021 Nobel Peace Prize laureate Dmitry Muratov by branding the journalist a "foreign agent," the body in charge of the prestigious award said on September 2.
Tens of Thousands of Ukrainians Scarred by Amputations and Trauma (Time) Ukraine is facing a future with upward of 20,000 amputees—many soldiers who are also suffering psychological trauma from their time at the front.
Top Russian General Detained After Wagner Mutiny Is Released (New York Times) Gen. Sergei Surovikin, who was seen as an ally of the mercenary leader Yevgeny V. Prigozhin, has re-emerged in public.
Russian helicopter pilot says he defected because of ‘genocide’ in Ukraine (The Telegraph) In his first interview since crossing over Maksim Kuzminov says he feels sorry for all the bloodshed that has occurred since the invasion
Attacks, Threats, and Vulnerabilities
India warns of malware attacks targeting its Android users (TechCrunch) India has warned its citizens of an advanced malware targeting Android users, capable of accessing sensitive data and allowing hackers control over India has issued a cautionary note about a sophisticated malware campaign targeting Android users in the country, carrying the potential to gain access to sensitive user data and allowing hackers to take control of infected devices.
New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists (The Hacker News) Did you know about SuperBear? A recent phishing attack in South Korea exposed this dangerous remote access trojan. Read how this remote access trojan
How Ducktail capitalizes on compromised business, ad accounts (Help Net Security) Quite some money can be made from selling compromised business and ad accounts on social media platforms, and Ducktail specializes in that.
Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers (Morphisec) Morphisec uncovers and details a new Chaes malware variant targeting banking and logistics industries and their customers.
Threat Profile: Chae$ 4 Malware (Morphisec) Morphisec Uncovers a New Chaes Malware Variant Targeting Financial and Logistics Industries
Ransomware attackers are targeting exposed Microsoft SQL databases, report says (Record) Securonix said that it found examples of hackers cracking into Microsoft SQL (MSSQL) databases and then launching malware payloads once inside.
New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services (Security Joes) Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023. Surprisingly, these vulnerabilities have received little to no media coverage regarding their ease of exploitation and the potential security implications they pose to any cluster running a non-native object storage. Object Storage is a data storage architecture for storing unstructured data, which sections data into units—objects—and stores them in a structural
Hackers exploit MinIO storage system to breach corporate networks (BleepingComputer) Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers.
"Smishing Triad" Targeted USPS and US Citizens for Data Theft (Resecurity) Resecurity has identified a large-scale smishing campaign targeting US Citizens. Previous incidents have impacted victims from the U.K, Poland, Sweden, Italy, Indonesia, Japan, and other countries.
'Smishing Triad' Targeted USPS and US Citizens for Data Theft (Security Affairs) Resecurity has identified a large-scale smishing campaign, tracked as Smishing Triad, targeting the US Citizens.
Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges (The Hacker News) Beware! Okta warns of social engineering attacks aimed at admin credentials. Threat actors are manipulating multi-factor authentication settings.
More Okta customers trapped in Scattered Spider's web (Register) Oktapus phishing campaign criminals are back in action
Cross-Tenant Impersonation: Prevention and Detection (Okta Security) Okta has observed attacks in which a threat actor used social engineering to attain a highly privileged role in an Okta customer Organization (tenant).
Chrome extensions can steal plaintext passwords from websites (BleepingComputer) A team of researchers from the University of Wisconsin-Madison has uploaded to the Chrome Web Store a proof-of-concept extension that can steal plaintext passwords from a website's source code.
Thwarting Muddled Libra. (CyberWire) Kristopher Russo and Stephanie Regan from Palo Alto Networks Unit 42 join Dave to talk about Threat Group Assessment: Muddled Libra. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses.
Exploit Code Published for Critical-Severity VMware Security Defect (SecurityWeek) Exploit code and root-cause analysis released by SinSinology documents the problem as a case where VMWare “forgot to regenerate” SSH keys.
Threat actors exploiting unpatched Juniper Networks devices (ComputerWeekly.com) A series of vulnerabilities in Juniper Networks firewalls and switches appear to be being exploited in the wild to enable remote code execution, with thousands of devices thought to be exposed.
Yes, there's an npm package called @(-.-)/env and some others like it (BleepingComputer) Strangely named npm packages like -, @!-!/-, @(-.-)/env, and --hepl continue to exist on the internet's largest software registry. While not all of these may necessarily pose an obvious security risk, some were named before npm enforced naming guidelines and could potentially break tooling.
Why is .US Being Used to Phish So Many of Us? (KrebsOnSecurity) Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the…
Beware: Deepfake Scams Could Target Your Next Zoom Meeting (Entrepreneur) Cybercriminals are increasingly using AI-driven voice and video technology to create convincing deepfakes, posing dangerous potential harm to individuals and organizations.
Your non-employee “identity junk drawer” could lead to major security issue (SC Media) Most organizations house their non-employees and non-humans in their identity junk drawer: The contractor with the two-month assignment, the new third-party partner you’re starting business with, the consultant that requires a lot of access, an RPA with assigned privileges, the seasonal help hired around the holidays.
LogicMonitor customers hacked in reported ransomware attacks (BleepingComputer) Network monitoring company LogicMonitor confirmed today that some users of its SaaS platform have fallen victim to cyberattacks.
LogicMonitor customers hit by hackers, because of default passwords (TechCrunch) An unknown number of LogicMonitor's customers have been hacked due to the fact that the company set weak default passwords.
Students and alumni possibly affected by third party data breach (The Times-Delphic) In June, Drake University was alerted that its students and staff may have been affected by a data breach involving
UnitedHealthcare reveals data breach, says some NC residents may be affected (ABC11) UnitedHealthcare said Friday that a data breach may affect some North Carolina residents.
Golf gear giant Callaway data breach exposes info of 1.1 million (BleepingComputer) Topgolf Callaway (Callaway) suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers.
Golf club maker Callaway says 1 million affected by data breach (Record) The company that sells the Callaway brand of golf gear reported a data breach that affected more than 1 million people.
Cyber criminals threaten 'catastrophe' after claiming data theft from Australian businesses (ABC) A notorious Russian ransomware gang which infiltrated one of Australia's largest law firms has now targeted a string of Victorian businesses, including a pathology company.
University of Sydney data breach impacts recent applicants (BleepingComputer) The University of Sydney (USYD) has announced it has suffered a data breach through a third-party service provider, exposing the personal data of recently applied and enrolled international applicants.
University of Sydney suffered a security breach caused by a third-party service provider (Security Affairs) The University of Sydney suffered a security breach caused by a third-party service provider that exposed PI of recent applicants
USG provides update on data breach (The Red and Black ) The University System of Georgia released a statement today regarding a data breach that occurred in June.
Ex newsreader Angela Rippon among BBC stars targeted by Russian cyber attack (Mirror) Strictly star Angela Rippon had her email address and National Insurance number stolen in a payroll software hack which also affected British Airways and Boots
Pennsylvania school district to stay open despite ransomware attack (Record) A school district in Pennsylvania kept its doors open on Friday despite announcing a ransomware attack that caused disruptions to its computer systems.
Debenham High School IT system hit by cyber attack (BBC News) Debenham High School in Suffolk has informed police and is working to get its systems back online.
Minneapolis Public Schools sending cyber attack notification letters (FOX 9 Minneapolis-St. Paul) Following a cyber attack and ransom that the district says has affected over 100,000 people, Minneapolis Public Schools (MPS) says it is in the process of notifying individuals of their exposed personal information.
Carthage, Claxton-Hepburn hospitals target of cyber attack (WWNY) Two north country hospitals have been targeted in a cyber attack, but officials say there appears to be no breach of patient information. Officials say Carthage Area Hospital and Claxton Hepburn Medical Center in Ogdensburg discovered the incident Thursday.
New ‘YouPorn’ sextortion scam threatens to leak your sex tape (BleepingComputer) A new sextortion scam is making the rounds that pretends to be an email from the adult site YouPorn, warning that a sexually explicit video of you was uploaded to the site and suggesting you pay to have it taken down.
Freecycle users told to change passwords after data breach (Graham Cluley) Freecycle, an online community that encourages sharing unwanted items with eachother than chucking them in the bin or taking them to landfill, has told users to change their passwords after it…
Hacked business at centre of Met breach sent BBC employee details to print cards (The Sun) THE hacked business at the centre of the Met data breach also printed ID cards for the BBC. Digital ID was sent employee details by the broadcaster, which is being kept informed by the National Cri…
HSHS, Prevea confirm systemwide outage was caused by cyber attack (WLUK) Leaders from HSHS and Prevea confirmed that the ongoing systemwide outage impacting clinical and administrative communications was caused by a cyber attack.
Microsoft blames outage on small staff, automation failures (Register) Just three people were on duty in Australia when 'power sag' struck and software failures left them blind
Security Patches, Mitigations, and Software Updates
Experts Urge Immediate Juniper Firewall and Switch Patching (Bank Info Security) Security experts are warning organizations with Juniper Networks SRX firewalls and EX switches to update them immediately to patch multiple vulnerabilities
WithSecure, Mend.io patch vulnerability in popular application security platform (News Powered by Cision) Vulnerability could have exposed potentially compromising security information about Mend.io
Trends
Armis Identifies the Riskiest Assets Introducing Threats to Global Businesses (Armis) The data demonstrates clear need for comprehensive security strategies that account for all managed and unmanaged connected assets.
Ransomware and Data Breaches: Impacts Continue to Grow Louder (GovTech) Reports from cybersecurity companies in 2023 show mixed trends regarding the number of global data breaches, ransomware attacks, records affected and government costs. But one thing is clear: Cyber attack impacts steadily grow.
With Phishing Getting Harder to Spot, How Can Users Stay Protected? (Infosecurity Magazine) Learn about five phishing techniques attackers are using to work around defenses and trick users
The Less-Obvious Fallout From a Cyber Attack (IoT For All) The consequences of data breaches can be massive. Implementing good cyber security practices allows businesses to protect themselves.
Deep-fake Imposter Scams Are Driving a New Wave of Fraud (Treasury & Risk) What was once pure science fiction is now fact as criminals are leveraging AI advances to swindle billions of dollars.
Cybercrime will cost Germany $224 billion in 2023 (Security Affairs) Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters.
Nearly half of Switzerland's large companies victims of cyber attacks (euronews) While 45% of large Swiss companies have suffered a cyber attack, only 18% of small businesses say the same, according to a study.
50% of financial services orgs have suffered website data breach (Scottish Business News) HALF of organisations in the financial services industry have suffered a data breach through their content management system (CMS) in the past three years, according to a new report by next-generation CMS provider Forrit which also advises on how to increase your platform’s security. The report, The Content Management System market in 2023: what marketers in financial services […]
Marketplace
Rapid7 Announces Proposed Private Offering of $250 Million of Convertible Senior Notes (GlobeNewswire News Room) Rapid7, Inc. (“Rapid7”) (Nasdaq: RPD) today announced that it intends to offer, subject to market conditions...
SentinelOne raises full-year forecast, adds partnership with Wiz still on (Reuters) SentinelOne Inc raised its annual revenue forecast on Thursday, riding on resilient adoption of its AI-backed security offerings as macroeconomic fears abate.
SentinelOne Shuts Down Wiz Acquisition Talk: Reports (CRN) SentinelOne is severing its partnership with Wiz after the cloud security firm had said it might be interested in an acquisition of public cybersecurity vendor SentinelOne, reports say.
Cybersecurity firm Rubrik aims for IPO this year - report (Seeking Alpha) Cybersecurity firm Rubrik Inc. is expected to file for an initial public offering this year, with a road show that could come as early as next month. The Microsoft-backed (MSFT) data...
CrowdStrike soars on security tool consolidation demand (Cybersecurity Dive) CEO George Kurtz said the company will consider potential acquisition targets as M&A discussions heat up across the industry.
Malwarebytes, within a week, acquires a company and reportedly cuts staff (Cybersecurity Dive) The layoffs underscore significant alterations afoot in the security sector, as the industry’s largest vendors claim share from smaller rivals.
Understand the fine print of your cyber insurance policies (Help Net Security) Skipping the insurance fine print potentially puts organizations in a tough place when they need to use it as a safety net.
De-Bengalurued: Why India's tech industry is now rushing to 26 smaller cities (ETCIO.com) India's IT industry is shifting away from primary technology hubs like Bengaluru, with six other cities emerging as mature technology hubs: Delhi NCR, Hyderabad, Chennai, Kolkata, Mumbai, and Pune. However, the growth of these hubs is tapering due to factors like remote work and infrastructure challenges. As a result, companies are exploring alternative locations in 26 tier 2 cities.
Egress adds Best Workplaces for Tech award 2023 (Egress) This is the second time the cybersecurity firm has been awarded in the tech category, having previously been classified as a medium company.
Vortex 6 Hires Industry Heavyweight in Business Growth, Customer and Market Development (Vortex 6) Vortex 6, a leading cloud and services solutions provider, announces the appointment of Andy Macleod as VP of Customer Experience, EMEAR.
Cloud Security Trailblazer Mukesh Gupta Joins Infoblox as Chief Product Officer (PR Newswire) Infoblox Inc., the company that delivers a simplified, cloud-enabled networking and security platform for improved performance and protection,...
Vortex 6 Hires Industry Heavyweight in Business Growth, Customer and Market Development (Vortex 6) Vortex 6, a leading cloud and services solutions provider, announces the appointment of Andy Macleod as VP of Customer Experience, EMEAR.
Aryaka Announces Appointment of Shailesh Shukla to Board of Directors (PR Newswire) Aryaka®, the leader in Unified SASE solutions, today announced the appointment of Shailesh Shukla, a company builder and leader with deep...
Products, Services, and Solutions
New infosec products of the week: September 1, 2023 (Help Net Security) The featured infosec products this week are from: Ciphertex Data Security, ComplyCube, Fortinet, and MixMode.
How to Use Proton Sentinel to Keep Your Accounts Safe (WIRED) If you want the highest possible level of protection, this is it.
LogRhythm partners with Cimcor to enhance cybersecurity capabilities (Channel Daily News) LogRhythm has announced a partnership with Cimcor in which the companies will work together to help organizations around the globe increase visibility and protect against modern cyberattacks.
Onsurity launches Cyber Insurance for India’s SMEs, expands its suite of products to help businesses mitigate risks (Express Computer) Onsurity, a monthly subscription-led employee healthcare benefits provider, has launched Cyber Insurance for SME businesses, its first non-health product under Onsurity Plus. With Onsurity Plus, the company aims to redefine […]
Juniper and Savant Systems strike global alliance (ARN) Juniper Networks has signed a global partnership with home automation software firm Savant Systems.
Aqua Security Achieves FedRAMP® “In Process” Milestone (GlobeNewswire News Room) Aqua in process of joining Google, Microsoft, Okta and other top cybersecurity providers to earn exclusive FedRAMP high impact authorization...
Software SCS Leaders Collaborate and Build Browser Extension to Help Developers Choose Open Source (Checkmarx.com) To keep the developer’s experience as native and intuitive as possible, while assisting the developer in being aware of such tools and free information related to open-source packages, software supply chain leaders Checkmarx and Illustria, members of the SCAR forum, joined their research forces for the good and created Overlay - an open-source browser extension.
Technologies, Techniques, and Standards
The Intersection of OT and IT: Why Unified Cybersecurity is More Important than Ever. (Cyber Defense Magazine) By Craig Burland, CISO, Inversion6 Computer-controlled devices are all around us. From delivery robots to smart buildings to shipping and transportation, computer-controlled devices that affect the physical – not digital – domain are embedded in
How to Remove Your Personal Info From Google by Using Its ‘Results About You’ Tool (WIRED) You can now set up alerts for whenever your home address, phone number, and email address appears in Search.
Announcing ‘The Cyber Savvy Boardroom: Essentials Explained’ (Netskope) Board directors, Homaira Akbari and Shamla Naidoo, create an indispensable cybersecurity reference book for fellow board directors and senior executives
MITRE & CISA Release Open-Source MITRE Caldera™ Extension for Operational Technology (MITRE) Security teams will now be better equipped to increase resiliency of critical infrastructure.
NIST’s Planned Updates to Implementing the HIPAA Security Rule (National Institute of Standards and Technology (NIST)) Healthcare organizations face many challenges from cybersecurity threats. This can have serious impacts on the security of patient data, the quality of patient care, and even the organization’s financial status.
Design and Innovation
X's privacy policy confirms it will use public data to train AI models (TechCrunch) X's recently updated privacy policy informed its users it would now collect biometric data as well as users' job and education history, Bloomberg spotted
X will collect user biometric data, job and school history (Cybernews) X has updated its privacy policy and will require users to consent to it collecting their biometric data, as well as education and employment history.
Academia
Students, teachers to get cyber security training through online course in Odisha (The New Indian Express) The purpose of the training series is to implement robust cyber security measures, including strong network defences, regular software updates, and user education.
India’s Elite Tech Schools Are a Golden Ticket With a Dark Side (WIRED) The Indian Institutes of Technology are a production line for global tech CEOs, but critics say they promote a toxic, discriminatory work culture.
Meet the Cybersecurity Threat Haunting Community Colleges: ‘Ghost Students’ (Chronicle of Higher Education) There’s a rising trend that’s been especially scary for community colleges lately, beyond declining enrollments: “ghost students.”
Legislation, Policy, and Regulation
Controversial merger of CERT NZ and the NCSC gets under way (Reseller News) CERT NZ has now joined the National Cyber Security Centre in a move designed to create a one-stop-cyber security shop and to protect users' data.
PM Modi says cyber crimes can have social, geopolitical implications; need global cooperation to deal with it (Deccan Herald) Terrorist organisations are using technology for radicalisation and capitalising on emerging digital avenues such as the dark net, metaverse and cryptocurrency platforms, Prime Minister Narendra Modi has said while seeking global cooperation to deal with cybercrimes.
Terrorists Using Darknet, Metaverse, Crypto...Can Impact Social Fabric Of Nations: PM Modi (ABP Live) Prime Minister Narendra Modi has said that global cooperation is needed to battle the menace of cybercrime and cyberterrorism.
India’s new Data Privacy Law: an overview (Lexology) India has finally enacted its data privacy law, the Digital Personal Data Protection Act. The legislation is slated to come into force in about 10…
UGC bars universities from using Aadhaar number on degrees and certificates (The Times of India) India News: The UGC directive comes amid reports that state governments are considering printing of full Aadhaar number on provisional certificates and degrees is
UK cyber chief urges ‘Security by Design’ in AI development (UK Defence Journal) Lindy Cameron, CEO of the UK’s National Cyber Security Centre (NCSC), has emphasised the crucial need for artificial intelligence (AI) to be developed with security as a foundational element.
Raimondo says she confronted Chinese on email hacking: ‘I didn’t pull any punches’ (The Hill) Commerce Secretary Gina Raimondo said on Sunday that she was “firm” in confronting the Chinese during a recent visit to Beijing on the issue of having her email hacked.
National Cyber Strategy’s call to modernize OT is about controlling the future of conflict (Federal News Network) Colby Proffitt, a cybersecurity strategist at Shift5, explains why observability is so important to improving the security and modernizing operational technology.
Corruption, Crime and Compliance - SEC Adopts Robust New Cybersecurity Disclosure Rules (JD Supra) In this episode of Corruption, Crime and Compliance, Michael Volkov delves into the SEC’s groundbreaking adoption of robust cybersecurity disclosure...
New SEC hedge fund rules not expected to trouble crypto firms (crypto.news) The SEC overstepped its legal mandate when it issued sweeping new rules, plaintiffs said.
Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities (SecurityWeek) Small electric utilities in the US offered $9 million as part of a competition whose goal is to help them boost their cybersecurity posture.
UK cyber agency announces Ollie Whitehouse as its first ever CTO (Record) Britain’s National Cyber Security Centre (NCSC) has hired Ollie Whitehouse as the agency’s first Chief Technology Officer. He will start in late October at the agency, which is a part of Britain’s Government Communications Headquarters (GCHQ).
Remind Me Again...What Were We Deterring? Cyber Strategy and Why the United States Needed a Paradigm Shift (The Strategy Bridge) Persistent engagement is a strategic paradigm for cyberspace born out of failure. Deterrence theory proved neither flexible enough nor well adapted to the domain. A new domain called for a new strategy. Rather than prevent cyber-attacks by convincing the attacker the cost is not worth the risk, pers
U.S. government to deploy surveillance software to detect 'problematic sentiment and emotion' (American Thinker) The U.S. Customs and Border Protection (CBP), under the umbrella of the Department of Homeland Security (DHS), has purportedly partnered with AI tech firm Fivecast to deploy social media surveillance software that, according to its proprietor, can detect “problematic” emotions of social media users and subsequently report them to law enforcement for further action.
California lawmakers kill bill aimed at making social media safer for young people (Los Angeles Times) Lawmakers ditched a bill that would hold social media companies liable for promoting harmful content but advanced another focused more narrowly on child sexual abuse material.
Litigation, Investigation, and Law Enforcement
Twitter accused of helping Saudi Arabia commit human rights abuses (the Guardian) Lawsuit says network discloses user data at request of Saudi authorities at much higher rate than for US, UK and Canada
Two men arrested by officers investigating NI police data breach (the Guardian) Suspects aged 21 and 22 arrested under Terrorism Act after leak of names of 10,000 PSNI officers and staff
IBM Hit With Class Action Over MOVEit File-Transfer Data Breach (Bloomberg Law) International Business Machines Corp. failed to protect the personal information of millions of people that was exposed in a data breach connected to a cyberattack on Progress Software Corp.‘s MOVEit file-transfer app, a proposed federal class action said.
Electoral Commission failed basic security test before hack (BBC News) Whistleblower tells the BBC the election watchdog failed the government-backed Cyber Essentials test.
Electoral Commission failed basic cybersecurity audit close to time it was attacked (Computing) Electoral Commission confirms it failed Cyber Essentials audit in 2021
Northern Irish police release 2 after weekend arrests (Register) Came in wake of the force publishing their own people's data in botched FoI
PSNI data breach: Two men arrested under Terrorism Act in investigation over 'linked criminality' (Sky News) The arrests are "not related to the data breach itself", says Sky's senior Ireland correspondent. An independent review has been ordered into how the names of 10,000 officers and staff were mistakenly released.
Northern Ireland police chief resigns after controversies including huge data breach (ABC News) Northern Ireland’s top police officer has resigned following a series of controversies that plagued the police force, including what he described as an “industrial scale” data breach
Cops drill into chat apps to thwart coke-smuggling ring (Register) Big blow to blighters' blow-by-the-boatload blueprint
Optus Requests Deloitte Cyber Attack Investigation Not Be Released by Federal Court (Cyber Security Connect) Optus is working overtime to keep the details of the cyber attack it suffered last year under wraps, with the telco never intending to release a report it commissioned on the data breach.
Insurer fined $3M for exposing data of 650k clients for two years (BleepingComputer) The Swedish Authority for Privacy Protection (IMY) has fined Trygg-Hansa 35 million Swedish krona ($3,000,000) for exposing the sensitive data of hundreds of thousands of customers on its online portal.