Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+561: Ukraine's advance continues. (CyberWire) Ukraine at D+561: Ukraine's advance continues.
Ukraine’s Counteroffensive Is Actually Succeeding (World Politics Review) The fog of war has raised questions about how successful Ukraine’s summer counteroffensive against Russia has been.
Russia-Ukraine war at a glance: what we know on day 562 of the invasion (the Guardian) Zelenskiy praises ‘very effective action’ in eastern and southern Ukraine; No evidence of deliberate attack on Romania, says Nato chief
Russian Missile Strike Hits Zelenskyy’s Hometown, Killing One Police Officer (VOA) Ukraine shoots down 16 out of 20 drones over Odesa
Russia Forces Shell Several Ukrainian Regions; Kyiv Claims Successes Near Bakhmut (RadioFreeEurope/RadioLiberty) Russian forces launched fresh attacks on several Ukrainian regions early on September 8, killing at least one person, local authorities said, as Kyiv claimed “partial success” near Bakhmut.
Funeral held for victims of Russian market attack amid more strikes, as Blinken visits Ukraine (AP News) Victims of a deadly Russian missile attack have been laid to rest in eastern Ukraine. The bodies of Mykola and Natalia Shyrai were laid to rest in a village outside of the city of Kostiantynivka on Thursday, in the Donestsk region, after an attack killed 16 people and wounded 33.
In northeast Ukraine, the Russians are coming — or maybe setting a diversion (Washington Post) As Russian invaders focus their fire on the strategic northeastern town of Kupyansk, a Ukrainian armor platoon, hidden under camouflage nets and the last embers of summer foliage, expressed nostalgia for the tank-on-tank battles last year that tested soldiers’ will and skill.
Ukrainians Embrace Cluster Munitions, but Are They Helping? (New York Times) The weapons, banned by most countries over human rights concerns, are “not a magic wand,” but some Ukrainian troops say they are making a difference in fighting Russian forces.
Russia holds elections in occupied Ukrainian regions in an effort to tighten its grip there (AP News) Russian authorities are holding local elections this weekend in occupied parts of Ukraine in an effort to tighten their grip on territories Moscow illegally annexed a year ago and still does not fully control.
Kyiv Decries Russia's Elections In Occupied Ukrainian Territories As 'Fake' (RadioFreeEurope/RadioLiberty) Russian authorities are holding local elections in occupied parts of Ukraine in an effort to tighten their grip on territories Moscow illegally annexed a year ago in a vote Kyiv and the West have condemned as "fake" and a "propaganda exercise."
Biden Administration Announces Additional Security Assistance for Ukraine (U.S. Department of Defense) The Defense Department announced a new security assistance package to support Ukraine's battlefield needs and demonstrate unwavering U.S. support for Ukraine.
US announces new $600 million aid package for Ukraine (Military Times) The announcement comes just a day after Secretary of State Antony Blinken visited Ukraine and pledged $1 billion in new military and humanitarian aid.
The U.S. Will Send $1 Billion More to Ukraine (New York Times) Also, a new Rolling Stones album. Here’s the latest at the end of Wednesday.
I was Ukraine’s defence minister. Here’s my message for our allies: we must not lose sight of victory | Oleksii Reznikov (the Guardian) To my defence ministers friends around the world, I say: thank you for the military support, but heed this advice, says Ukraine’s Oleksii Reznikov
How the Pentagon assesses Ukraine’s progress (The Economist) A rare interview with America’s Defence Intelligence Agency
Ukraine could break through rest of Russia's defensive lines by end of the year (The Telegraph) US intelligence chief predicts positive development in counter-offensive that would drive a wedge between Russia’s occupying forces
After Prigozhin’s Death, a High-Stakes Scramble for His Empire (New York Times) A shadowy fight is playing out on three continents for control of Yevgeny Prigozhin’s sprawling interests as head of the Wagner mercenary group. The biggest prize: His lucrative operations in Africa.
What the West Still Gets Wrong About Russia’s Military (Foreign Affairs) Moscow’s overlooked manpower problem—and how Washington can exploit it.
Russian War Report: A new recruitment push for fighters from Russia to Hungary (Atlantic Council) The Russian National Guard and a private Hungarian foreign legion have launched campaigns to recruit soldiers to fight in Ukraine.
Cuba arrests 17 for trafficking men to fight for Russia in Ukraine (Al Jazeera) Network based in Cuba and Russia alleged to have facilitated Cubans to join Russia’s war in Ukraine.
Ukraine’s partners cannot remove Putin but they can stop legitimizing him (Atlantic Council) As long as Vladimir Putin is in power, Russia will remain a rogue state. Western policies that legitimize him through fear of a potential post-Putin Russia are perverse, writes Richard Cashman.
Belarus dictator weaponizes passports in new attack on exiled opposition (Atlantic Council) Belarusian dictator Alyaksandr Lukashenka has banned the country's embassies from issuing or renewing passports in a move that critics see as his latest escalation against Belarus's exiled pro-democracy opposition, writes Hanna Liubakova.
Belarus Condemned By U.S., EU For Depriving Citizens Abroad Of Fundamental Right (RadioFreeEurope/RadioLiberty) The United States and European Union have condemned a decree signed by authoritarian Belarusian leader Alyaksandr Lukashenka prohibiting the renewal of passports by Belarusians living abroad.
Musk 'switched off Starlink in Ukraine over nuclear fears' (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
CNN Exclusive: 'How am I in this war?': New Musk biography offers fresh details about the billionaire's Ukraine dilemma | CNN Politics (CNN) Elon Musk secretly ordered his engineers to turn off his company’s Starlink satellite communications network near the Crimean coast last year to disrupt a Ukrainian sneak attack on the Russian naval fleet, according to an excerpt adapted from Walter Isaacson’s new biography of the eccentric billionaire titled “Elon Musk.”
Kolomoyskiy Arrest Seen As A 'Key Test' Of Zelenskiy's Anti-Corruption Campaign (RadioFreeEurope/RadioLiberty) The 60-day detention handed to Ukrainian tycoon Ihor Kolomoyskiy is the highest-profile jailing in the current graft crackdown and comes weeks before a crucial U.S. congressional vote on whether to approve another round of massive aid to the embattled country.
Justice Department’s Oligarch Hunters Widen Scope to Include Facilitators (Wall Street Journal) A year and a half into its existence, Task Force KleptoCapture is looking beyond flashy assets such as yachts and planes as it seeks to shut down the network of facilitators that oligarchs rely on to move money.
French President Macron: 'There can't, obviously, be a Russian flag at the Paris Games' (AP News) French President Emmanuel Macron says the Russian flag has no place at next year’s Paris Olympics because of the war crimes committed by Vladimir Putin’s regime in Ukraine.
Attacks, Threats, and Vulnerabilities
CISA, FBI, and CNMF Release Advisory on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA, Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023.
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 (Cybersecurity and Infrastructure Security Agency CISA) The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023. Analysts confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus), establish persistence, and move laterally through the network.
AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 (Tenable®) AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors.
CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities (The Hacker News) CISA Warns of Nation-State Cyber Threats. Numerous actors leveraging vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho.
Active North Korean campaign targeting security researchers (Google) Threat Analysis Group shares findings on a new campaign by North Korean actors targeting security researchers.
Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers (SecurityWeek) Google again catches a North Korean APT actor using using zero-days and rigged software tools to take control of their computers.
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (The Citizen Lab) Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
How to Protect Yourself From the New Kubernetes Attacks in 2023 (KSOC) Understand where you are most likely to be exposed to the new attacks targeting Kubernetes in 2023
CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells (Cybersecurity and Infrastructure Security Agency (CISA)) The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells.
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells | CISA (Cybersecurity and Infrastructure Security Agency CISA) This Cybersecurity Advisory has been updated with new tactics, techniques, and procedures (TTPs) as well as indicators of compromise (IOCs) received from an additional victim and trusted third parties.
New Ransomware Strains - CryptNet, Mallox, and Xollam (Avertium) CryptNet, Mallox, & Xollam are new ransomware strains with operators that have intensified the way they attack, posing new challengers for cyber experts.
5 macOS Infostealers Making Waves Right Now (ReliaQuest) Over the past year, the rapid development of infostealers has focused on macOS environments. This growing trend highlights an escalating demand for macOS-specific malware capabilities
Surge in Hospital Hacks Endangers Patients, Cyber Official Says (Wall Street Journal) A record year for cyberattacks on U.S. hospitals is putting patients in danger, as hospitals struggle to cope with disabled equipment and frozen data, an official from the American Hospital Association warned.
Alleged LockBit attack shuts down city networks in Seville (Record) The city council of Seville, Spain, was still recovering Thursday from a cyberattack that officials have attributed to the LockBit cybercrime gang.
Hackers claim to publish prominent Israeli hospital’s patient data (Record) Ragnar Locker ransomware gang claimed responsibility for the attack on Mayanei Hayeshua Medical Center, which has served top government officials and senior rabbis.
Why consumer drones represent a special cybersecurity risk (Security Intelligence) Consumer drones are evolving quickly to become increasingly valuable to cyber attackers. Learn how to protect against drone-enabled attacks.
Dymocks warns customer records may be on dark web after possible data breach (the Guardian) Bookseller’s managing director says potential hack was detected on Wednesday and investigation has been launched
Traderie, a marketplace for in-game items, alerts users to data breach (TechCrunch) The data breach also affects Akrew’s Nookazon website, which allows gamers to trade and sell in-game items from Animal Crossing: New Horizons.
Bienville Orthopaedic Specialists Data Breach Leaks as Many as 240,000 Social Security Numbers (JD Supra) On September 1, 2023, Bienville Orthopaedic Specialists LLC (“BOS”) filed a notice of data breach with the Attorney General of Maine after discovering...
Security Patches, Mitigations, and Software Updates
September 2023 Patch Tuesday forecast: Important Federal government news (Help Net Security) Todd Schell from Ivanti offers his forecast for September 2023 Patch Tuesday, along with an overview of what happened in August.
Apple issues software updates after spyware discoveries (Washington Post) Apple rolled out rare emergency patches Thursday to fix iPhone, Mac and Apple Watch security flaws, some of which were apparently being used to install Pegasus, the notorious spyware sold to national governments by NSO Group.
Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) (Help Net Security) Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware.
CISA Releases Four Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released four Industrial Control Systems (ICS) advisories on September 7, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-250-01 Dover Fueling Solutions MAGLINK LX Console
ICSA-23-250-02 Phoenix Contact TC ROUTER and TC CLOUD CLIENT
ICSA-23-250-03 Socomec MOD3GP-SY-120K
ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft (Update)
Cisco Releases Security Advisories for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Cisco has released security advisories to address vulnerabilities affecting multiple Cisco products. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition.
Google’s cookie-replacing Privacy Sandbox reaches major milestone (Verge) Privacy Sandbox for the Web has reached general availability as the browser prepares to ditch third-party cookies for good next year.
Trends
Visa Research Highlights Emerging Fraud Schemes in Retail and eCommerce (Business Wire) Latest edition of Visa Biannual Threats Report Show Increasingly Sophisticated Fraud Landscape for Consumers.
Marketplace
Compliance and risk management startup Certa raises $35M (TechCrunch) Certa, a startup offering a platform for managing risk, compliance and governance, has raised $35 million in a funding round.
Security M&A: Dataprise Acquires Cohere Cyber Secure (ChannelE2E) Managed cloud and cybersecurity services provider Dataprise has acquired Cohere, a security-focused MSP in New York City.
ThetaRay raises $57m anti-money laundering detection tools (Verdict) ThetaRay, an artificial intelligence (AI)-powered fraud detection solutions provider, has raised $57m in a funding round led by Portage.
The Team8 Foundry Method for Selecting Investable Startups (SecurityWeek) Team8 uses its CISO Village discussions to uncover these new areas of concern, and to determine what cybersecurity solutions are necessary.
Major US cyber security firm which once employed ‘world's most famous hacker’ moves to Leeds (Yorkshire Post) A major US cyber security firm which once employed the “world's most famous hacker” has moved its UK headquarters to Leeds, with plans to roughly double its workforce over the next year.
Products, Services, and Solutions
PrizePicks Integrates Socure's Leading Identity Verification Platform (PR Newswire) Socure, the leading provider of digital identity verification and fraud solutions, today announced that PrizePicks, the largest skill-based...
castLabs and Wowza strengthen live streaming security through key rotation (GlobeNewswire News Room) castLabs’ DRMtoday plug-in newest release on Wowza Streaming Engine software now supports single and multi-key rotation for live streaming, a best practice...
SecurityBridge Introduces Privileged Access Management (PAM) (SecurityBridge) SecurityBridge Introduces Privileged Access Management (PAM): Advanced SAP SecurityEnhanced With Seamless Superuser Oversight
Technologies, Techniques, and Standards
CISA creates voluntary ed tech pledge to boost K-12 cybersecurity (Cybersecurity Dive) Companies signing the agreement are urged to commit to encouraging the use of multifactor authentication and public vulnerability disclosure.
Passkeys: A Year of Progress and Innovation (Dashlane) Dashlane's innovation in the passkey space gives users an easy way to log into sites without a password across devices and browsers.
Design and Innovation
Honeywell Leverages Quantum Computing Encryption Keys To Bolster Utilities’ Data Security Against Cyber Threats (Honeywell) Honeywell announced that it is the first company to integrate quantum-computing-hardened encryption keys into smart utility meters, helping protect end-user data from advanced cybersecurity threats. Honeywell will utilize Quantinuum’s Quantum Origin technology to help increase reliability and trust in the digitally transforming utilities sector.
Vitalik Buterin co-authors paper on Tornado Cash alternative (The Block) Ethereum co-founder Vitalik Buterin co-authored a research paper on a privacy protocol named Privacy Pools.
We tested ChatGPT in Bengali, Kurdish, and Tamil. It failed. (Rest of World) Outside of English, ChatGPT makes up words, fails logic tests, and can't do basic information retrieval.
Legislation, Policy, and Regulation
Britain is leading the battle to save our broken internet (The Telegraph) The technology exists to go further and make the web a safer, better place for all of us. We just need to harness it
Risch Leads Effort to Improve Small Businesses' Access to Cyber Security Resources (James E Risch, U.S. Senator for Idaho) Today, U.S. Senator Jim Risch (R-Idaho), former chairman of the Senate Committee on Small Business and Entrepreneurship, introduced the Small Business Cyber Resiliency Act to provide small businesses with improved access to top of the line cybersecurity tools and information.
Cooperation Across DOD, Private Sector Critical Amid Emerging Cyber Threats (U.S. Department of Defense) Maintaining a robust defense against emerging cyberthreats requires collaboration and cooperation throughout the Defense Department and across industry partners, a top Pentagon information security
Senate votes to approve Anna Gomez as 5th FCC Commissioner (Fierce Wireless) Today, the U.S. Senate finally approved a nominee to fill the vacant, fifth seat on the Federal Communications Commission (FCC). The Senate voted 55 to 43 to approve Anna Gomez as the fifth FCC Commissioner. Her term will be for five years from July 1, 2021, so effectively about three years.
Litigation, Investigation, and Law Enforcement
The International Criminal Court Will Now Prosecute Cyberwar Crimes (WIRED) And the first case on the docket may well be Russia’s cyberattacks against civilian critical infrastructure in Ukraine.
Technology Will Not Exceed Our Humanity (Digital Front Lines) We must renew our efforts to ensure that justice is not outpaced by the changing character of war.
Polish Senate investigation recommends potential criminal charges for politicians implicated in Pegasus scandal (Record) Poland's Senate on Thursday released the results of a commission’s investigation into the use of Pegasus spyware to hack an opposition politician in 2019, describing "gross violations of constitutional standards.”
Canada announces public inquiry into whether China, Russia and others interfered in elections (AP News) Canada has announced that a judge will lead a public inquiry into whether China, Russia and other countries interfered in Canadian federal elections in 2019 and 2021 that re-elected Prime Minister Justin Trudeau’s Liberals.
Multiple Foreign Nationals Charged in Connection with Trickbot Malware and Conti Ransomware Conspiracies (US Department of Justice) Three indictments in three different federal jurisdictions have been unsealed charging multiple Russian cybercrime actors involved in the Trickbot malware and Conti ransomware schemes.
US indicts 9 Russians behind Trickbot malware (South China Morning Post) The cybercrime group used ransomware to attack hundreds of targets worldwide, particularly hospitals amid the Covid-19 pandemic.
United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang (U.S. Department of the Treasury) Today, the United States, in coordination with the United Kingdom, sanctioned eleven individuals who are part of the Russia-based Trickbot cybercrime group. Russia has long been a safe haven for cybercriminals, including the Trickbot group.
U.S., U.K. Impose New Sanctions Against Russian Hacking Group (RadioFreeEurope/RadioLiberty) The United States and Britain have expanded sanctions on members of a Russian hacking gang known as Trickbot, targeting people involved in management and procurement for the group.
Russian man with Kremlin ties gets 9 years in US prison for hacking and insider trading scheme (AP News) A federal judge in Boston has sentenced a wealthy Russian businessman with ties to the Kremlin to nine years in prison for his role in a nearly $100 million insider trading scheme that relied on stolen company earnings information hacked through U.S. computer networks.
TMG Health Faces Class Action Over Data Breach Affecting 192,000 (Bloomberg Law) TMG Health Inc. failed to protect the personal health information of more than 192,000 people that was exposed in a June data breach, a proposed federal class action said.
Former FTX Executive Ryan Salame Pleads Guilty in Crypto Exchange’s Collapse (Wall Street Journal) Salame is the fourth associate of FTX founder Sam Bankman-Fried to admit criminal wrongdoing.