Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+574: Breaching the Surovikin Line. (CyberWire) Signs of a breach in the Surovikin Line occur as Ukrainian missiles hit the Black Sea Fleet headquarters and Ukraine claims successful sabotage of military aircraft near Moscow. Russia continues to strike cities indiscriminately.
Ukraine-Russia war latest: Ukrainian armoured vehicles cross Russia’s main defensive line (The Telegraph) Ukraine’s armoured vehicles appear to have punched through Russia’s main defensive line of mines, barriers and trenches on the southern front.
Russia-Ukraine war: List of key events, day 575 (Al Jazeera) As the war enters its 575th day, these are the main developments.
Live Briefing: Russia Invades Ukraine (RadioFreeEurope/RadioLiberty) RFE/RL's Ukraine Live Briefing gives you the latest developments on Russia's ongoing invasion, Western military aid, global reaction, and the plight of civilians. The Live Briefing presents the latest developments and analysis, updated throughout the day.
Russia-Ukraine war live: largest wave of missile strikes in weeks hours before Zelenskiy is due to meet Biden (the Guardian) Deadly overnight attacks came on UN World Peace Day and hours before Ukraine’s president is due to have bilateral meeting with US president
Massive Russian Missile Strike Targets Six Cities Across Ukraine (RadioFreeEurope/RadioLiberty) At least two people have been reported killed with scores wounded in the largest missile strikes across Ukraine in weeks, damaging energy facilities and causing power cuts.
Russia strikes cities from east to west Ukraine, starting fires and killing at least 2 (AP News) Russian missiles pounded cities across Ukraine early Thursday morning, according to Ukrainian authorities, starting fires, killing at least two people and trapping others under rubble.
Russia-Ukraine war at a glance: what we know on day 575 of the invasion (the Guardian) Russia strikes at least six cities across Ukraine in biggest attack since August; Poland will no longer arm Ukraine, says prime minister
Storm Shadow missiles hit Russia's Black Sea Fleet headquarters (The Telegraph) UK-supplied weapons used by Ukraine against military targets in Kremlin-occupied Crimea
Ukrainian Tactics Put Russia on the Defensive in the Black Sea (Wall Street Journal) Using innovative attacks, Ukraine has eroded Russia’s formidable naval advantage, and it is starting to reopen ports.
Russian corvette's Baltic missile drills raise Baltic States' concerns (Naval Technology) The Russian corvette Stoikiy's precision firings in a missile-firing drill amplified security apprehensions in the Baltic region.
Claims Swirl Around 'Sabotage Raid' On Airbase Near Moscow (The Drive) Chkalovsky Air Base, just outside Moscow, is home to various strategic air assets as well as the high-profile presidential transport fleet.
Ukrainian forces reclaim a village in the east as part of counteroffensive (AP News) Ukrainian forces say they have recaptured a village in the country’s east after intense battles with Russian troops.
Taking Ground 'Meter By Meter': Ukrainian Counteroffensive Liberates Village
(RadioFreeEurope/RadioLiberty) Capitalizing on "any gaps in the enemy's defense," Ukrainian troops said on September 12 they were slowly but steadily reclaiming ground in their counteroffensive to Russia's invasion. The cost is high, they explain, because Russian artillery usually razes retaken villages to the ground.
Inside a Ukrainian brigade’s battle ‘through hell’ to reclaim a village on the way to Bakhmut (AP News) The brigade’s mission was to reclaim a village on the road to Bakhmut. But first they had to survive a forest filled with Russian soldiers.
Zelenskiy Laments UN Weakness In Face Of Russia's Veto Power, Urges Expansion Of Security Council (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy told the UN Security Council that the world can no longer rely on the organization to defend the “sovereign borders of nations,” specifically pointing to Russia’s veto power in the Security Council as blocking progress to any “real solutions” to global crises.
Ukraine, Russia and the tense U.N. encounter that almost happened — but didn't (AP News) It was a moment the diplomatic world was watching for — but didn’t get. In the end, Ukrainian President Volodymyr Zelenskyy and Russian Foreign Minister Sergey Lavrov avoided staring each other down at the U.N.
Russian Strikes Hit Kyiv, Other Cities As Polish PM Sparks Confusion Over Weapons Supplies To Ukraine (RadioFreeEurope/RadioLiberty) Ally Poland dealt a blow to Ukraine and its president's urgent appeals for greater international support to beat back Russian forces when Prime Minister Mateusz Morawiecki hinted that Warsaw was "already no longer supplying arms to Ukraine."
Poland Says It’s Cutting Off Arms to Ukraine Over Grain Dispute (Bloomberg) Premier cites rising tensions over grain as allies’ ties fray. Warsaw summons Kyiv’s ambassador over Zelenskiy’s UN remarks.
Poland will no longer send weapons to Ukraine, says PM, as grain dispute escalates (the Guardian) Comments by Polish PM follow Volodymyr Zelenskiy’s accusation that some in Europe are in effect aiding Russia
Zelenskiy faces difficult conversations in Washington amid Congress spending battle (the Guardian) Republicans propose stopgap funding bill that does not include funding for Ukraine as both parties signal they have questions for Ukraine delegation
GOP Lawmakers Warn White House on Ukraine Aid as Zelensky Visits Washington (MSN) As Ukrainian President Volodymyr Zelensky returns to the U.S. capital in a bid to shore up American support for his embattled country, a group of Republican lawmakers is vowing to oppose another aid package.
Tensions With Armenia Highlight Russia’s Waning Role in the Caucasus (World Politics Review) Armenia held joint military exercises with US troops for the first time, underscoring the country’s deteriorating relations with Russia.
Weakened by Ukraine, Russia’s Power Ebbs in Caucasus as Armenian Christians Are Routed in a Blitz by Azerbaijani Muslims (The New York Sun) Peacekeepers sent by the Kremlin simply stand by as a 35-year separatist project comes to an end.
The Russian empire is crumbling before Putin’s eyes (The Telegraph) Moscow’s inability to stop the latest outbreak of violence by Azerbaijan shows its waning power
Did Kennan Foresee Putin? (Foreign Affairs) What the diplomat got right about Russia and the West.
Putin’s Useful Priests (Foreign Affairs) The Russian Orthodox Church and the Kremlin’s hidden influence campaign in the West.
Ukraine’s awkward allies: the far-right Russians fighting on Kyiv’s side (the Guardian) Notorious former football hooligan Denis Nikitin runs a controversial unit actively engaged alongside Ukraine forces
Cyberattack hits International Criminal Court (SC Media) The International Criminal Court in the Netherlands has reported a cybersecurity incident after its information systems were subjected to anomalous activity last week, according to The Associated Press.
International Criminal Court hacked amid Russia probe (Register) Right as judges issued warrants against Putin
International Criminal Court under siege in cyberattack that could constitute world’s first cyber war crime (Yahoo News) The computer system of the International Criminal Court (ICC) was the victim of a cyberattack, Reuters reported on Sept. 19.
Canada blames border checkpoint outages on cyberattack (Record) A cyberattack suspected to be carried out by a pro-Russia hacking group reportedly resulted in widespread service disruptions at several Canadian airports.
Attacks, Threats, and Vulnerabilities
Pro-Iranian Attackers Target Israeli Railroad Network (Dark Reading) The group known as "Cyber Avengers" has targeted other Israeli services in the past and often publishes technical details of its hits.
#StopRansomware: Snatch Ransomware (Cybersecurity and Infrastructure Security Agency CISA) The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known ransomware IOCs and TTPs associated with the Snatch ransomware variant identified through FBI investigations as recently as June 1, 2023.
Feds issue Snatch ransomware alert as crims list new victim (Register) Invasion of the data snatchers
Fake WinRAR proof-of-concept exploit drops VenomRAT malware (BleepingComputer) A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
'Culturestreak' Malware Lurks Inside GitLab Python Package (Dark Reading) The GitLab code hijacks computer resources to mine Dero cryptocurrency as part of a larger cryptomining operation.
Commonalities in Vehicle Vulernabilities (IOActive) With the connected car now commonplace in the market, automotive cybersecurity has become the vanguard of importance for road user safety. At the forefront of cybersecurity research, IOActive has amassed over a decade of real-world vulnerability data about the cybersecurity threats today's vehicles face.
Ransomware Strikes Azure Storage: Are You Ready? (Mitiga) There’s been a recent surge in cloud ransomware attacks. Examples of such attacks were observed by Sophos X-Ops, which detected the ransomware group BlackCat/ALPHV using a new Sphinx encryptor variant to encrypt Azure storage accounts by employing stolen Azure Storage account keys. The BlackCat/ALPHV ransomware group is the same entity that claimed responsibility for infiltrating MGM’s infrastructure and encrypting more than 100 ESXi hypervisors.
TransUnion's data stolen in major data breach (TechRadar) But credit agency claims it wasn't breached
TransUnion denies it was hacked, links leaked data to 3rd party (BleepingComputer) Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company's network.
Our hotels and casinos are operating normally. (FAQ - MGM Resorts) We are pleased that all of our hotels and casinos are operating normally. Our amazing employees are ready to help guests with any intermittent issues. We thank you for your patience and look forward to welcoming you soon.
MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (AP News) MGM Resorts International says computers serving customers at its casino and hotel properties have been restored across the U.S.
MGM Resorts says all hotels, casinos operating normally following cyberattack (KLAS) MGM Resorts said in a statement Wednesday that all of its hotels and casinos were operating normally following the cyber attack that hit the company on Sept. 11.
MGM Resorts back in operation after 10-day shutdown during cyber attack (Proactiveinvestors NA) MGM Resorts has concluded a 10-day computer shutdown, initiated on September 10, to safeguard sensitive data, including hotel reservations and credit card...
Donald Trump Jr.'s X account got hacked, a spokesperson says (Axios) Donald Trump Jr.'s account was hacked Wednesday on X — the app formerly known as Twitter — a spokesperson for the Trump Organization confirmed to Axios.
Donald Trump Jr.'s X account was hacked, his spokesman says (CNN) A spokesman for former President Donald Trump said Wednesday that Donald Trump Jr.’s account on X – the platform formerly known as Twitter – had been compromised after the account began sharing a series of unusual and erratic posts.
Air Canada says unauthorized group breached employee data, hacked internal system (The Globe and Mail) In a statement Wednesday, the country’s biggest carrier said ‘certain records’ were affected by ‘limited’ breach, without naming which ones
Trends
2023 .Phishing Trends (ZeroFox) Threat actors continue to evolve the techniques leveraged in phishing attacks to overcome security protocols and end-user cyber hygiene practices, as well as to capitalize on contemporary vulnerabilities.
Companies Remain Reluctant to Admit Paying Off Hackers (Wall Street Journal) Wariness of litigation could prove a sticking point for transparency in new SEC disclosure rules.
Cyber Insurance Claims Frequency and Severity Both Increased For Businesses in 1H 2023, Coalition Report Finds (Business Wire) Cyber Claims Report: Mid-Year Update Reveals Overall Claims Frequency Increased 12% in the First Half of 2023, Driven By Spikes in Ransomware and Funds Transfer Fraud
2023 Cyber Claims Report: Mid-year Update (Coalition) Businesses are getting hit harder and more often with cyber attacks in 2023. Ransomware has come roaring back, financial fraud remains a mainstay of the threat actor economy, and third-party compromise continues to loom large. With any digital risk, the key is recognizing that it can’t be solved by passive means: Dynamic cyber risks require an active solution.
Insider risks are getting increasingly costly (CSO Online) The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems.
Gaming and financial service applications most likely to be attacked (Security) According to a report, 57% of monitored applications are under attack with no correlation between app popularity and likelihood of being attacked.
Marketplace
Cisco to acquire Splunk in $28B deal (Silicon Valley Business Journal) Cisco Systems Inc. announced early Thursday that it would acquire Splunk Inc. for $28 billion in one of the biggest deals, not just of this year, but in the software industry overall.
Cisco looks to expand its ‘AI-enabled security’ with $28 billion Splunk deal (Record) Analytics and security software company Splunk is being acquired by networking-equipment giant Cisco for an estimated $28 billion in a deal announced Thursday.
Palo Alto Networks in negotiations to acquire Talon Cyber Security in $600 million deal (CTech) Talon, which develops a secure enterprise browser, has raised a total of $126 million since it was founded in 2021
SASE Firm Cato Networks Raises $238 Million at $3 Billion Valuation (SecurityWeek) SASE company Cato Networks has raised $238 million in equity investment, bringing total funding to $773 million.
As Cato Networks Reaches $3.1 Billion Valuation, Cyber Billionaire Shlomo Kramer Eyes A Third IPO (Forbes) The former Check Point and Imperva cofounder raised $238 million to battle Palo Alto Networks in network security ahead of a targeted 2024 IPO.
VMware staff on notice for job cuts as Broadcom finalises $61bn acquisition (Computing) Employees will receive one of three options: a Broadcom offer, a transitional offer, or a severance package
#PlumeStrong Cycling Challenge 2023 Raises €550,000 to Benefit Children Affected by the Turkey-Syria Earthquake (PR Newswire) Network services and consumer experience pioneer Plume® recently completed its third annual #PlumeStrong Cycling Challenge, a five-day ride...
Bishop Fox Expands Leadership with First CISO and CTO (GlobeNewswire News Room) Bishop Fox veteran Christie Terrill elevated to CISO; Drove company certification of ISO/IEC 27001 Type 2 and SOC2 Type 2...
Delinea Appoints David Koenig as Chief Information Officer (PR Newswire) Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced that David Koenig has...
Products, Services, and Solutions
Mac in the Enterprise: Cisco's Success with Employee Device Choice (JAMF) Discover how the inclusion of Macs improved employee satisfaction, productivity, security and cost savings. Fletcher Previn, SVP and CIO at Cisco, shares insights..
Intel Launches New Attestation Service as Part of Trust Authority Portfolio (SecurityWeek) Intel announces an attestation service that is part of Trust Authority, a new portfolio of security software and services
Sophos Excels in MITRE Engenuity ATT&CK® Evaluations with 99% Detection Coverage (GlobeNewswire News Room) Sophos, a global leader in innovating and delivering cybersecurity as a service, today...
Thales & Intel for Safer End-to-end Data Security (Thales Group) Thales & Intel enhancing trust in confidential computing, using CipherTrust Data Security Platform and Intel Trust Authority to deliver safer end-to-end data security.
Synacor Helps Streamers Enter The Passwordless Era With Cloud ID Passkey Connect (GlobeNewswire News Room) Managed identity access management service for service providers and content owners eliminates login friction for streamlined content access on any...
ZeroFox Announces New Anti-Phishing Capabilities to Stop Emergent and Multi-Channel Phishing Attacks at the Source (GlobeNewswire News Room) Global leader in digital risk protection further extends depth and breadth of phishing coverage amid spike in malicious domains and cloaking...
Technologies, Techniques, and Standards
DHS floats idea of single cyber incident reporting portal (Record) The Department of Homeland Security (DHS) suggested several new ideas for how to make federal cyber incident reporting rules simpler for victim organizations – including the concept of a single reporting web portal.
Voting machine companies use cybersecurity stress tests to take on conspiracy theorists (CNN) Major US voting equipment manufacturers are enlisting cybersecurity experts to provide additional stress-tests of their systems as the 2024 election looms and misinformation remains rife with American voters.
OPSWAT-Sponsored SANS 2023 ICS/OT Cybersecurity Report Reveals Vital Priorities to Mitigate Ongoing Threats (PR Newswire) OPSWAT, a leader in critical infrastructure protection (CIP) cybersecurity solutions, sponsored the SANS 2023 ICS/OT Cybersecurity Survey,...
Biden’s campaign set to counterpunch on misinformation (POLITICO) With social-media platforms pulling back from policing false political claims, and Trump gearing up for a fight, Biden’s 2024 campaign is rebooting its online defenses.
Army finalizing information capabilities baseline (DefenseScoop) As the Army moves toward information advantage, it is in the final stages of approving broad guidelines for information capabilities.
What is dark web monitoring? (TechRadar) Want to know if your credentials have been leaked? Check the dark web
Design and Innovation
Signal moves to protect chats from quantum computers (Register) X3DH readied for retirement as PQXDH is rolled out
Research and Development
Cybersecurity firm Salvador Technologies secures $2.2M BIRD grant (SecurityBrief Asia) Israel-based Salvador Technologies teams up with US startup Bastazo, winning a $2.2M grant for AI-driven cybersecurity
Legislation, Policy, and Regulation
EU says lack of clarity in China's data laws is concerning (Reuters) European Union businesses are concerned about China's data laws, including their "lack of clarity" and the "long processes" that companies have to undergo, European Commission Vice President Vera Jourova said on Tuesday.
Chinese laws are worrying firms, top EU official says (Taipei Times) Bringing Taiwan to the World and the World to Taiwan
„Wir müssen Deutschland zu einer Cybernation machen“ (Tagesspiegel) Zum ersten Mal stellt sich die neue Chefin des Bundesamtes für Sicherheit in der Informationstechnik (BSI) den Fragen der Parlamentarier:innen im Bundestag.
German proposal for Huawei curbs triggers telecom operator backlash (Reuters) Germany's interior ministry has proposed forcing telecoms operators to curb their use of equipment made by China's Huawei and ZTE, a government official said on Wednesday, sparking warnings of likely disruption and possible legal action.
China accuses US of cyberattacks, spying on Huawei (Register) Beijing accuses US of breaking into Huawei servers in 2009
China resurrects old charges of NSA breaking into Huawei servers (ITWire) China has resurrected charges that go back more than a decade, accusing the NSA of hacking into the servers of telecommunications equipment vendor Huawei Technologies from 2009 onwards. The charges were levelled by the Ministry of State Security in a post on its WeChat account, according to a report...
The U.K. Takes a Stab at Regulating Social Media Platforms (World Politics Review) The Online Safety Bill presents an opportunity for the U.K. to demonstrate the strength of its independent regulatory approach.
Garland defends spy powers, but their future remain uncertain (Washington Post) Attorney General Merrick Garland again defended a set of controversial surveillance powers, arguing that the spy authorities — Section 702 of the Foreign Intelligence Surveillance Act — are essential for investigating crimes like fentanyl trafficking and malicious cyberattacks.
FTC nominees urge Congress to pass federal data privacy law (CyberScoop) Members of Congress also asked nominees for their thoughts on how the FTC should tackle AI.
Federal privacy legislation is the ‘foundation for any AI efforts,’ key lawmaker says (Record) Comprehensive federal privacy legislation is sorely needed as an “unworkable” patchwork of disparate state bills rapidly expands and the Federal Trade Commission considers adding broader privacy authority to its portfolio, a top lawmaker said Tuesday.
Council Of Europe Says Most Use Of NSO’s Pegasus Spyware Is Probably Illegal (Techdirt) I mean, that’s what we all were thinking, right? When you carve out a niche selling to outlaws, there’s a good chance your product will be used illegally, no matter who’s buying i…
It’s time to rein in Pegasus and halt spying on journalists (Freedom of the Press) The United States could do more to combat spyware used by governments to surveil the press
US is making headway on securing cyber infrastructure, commission says (Cybersecurity Dive) While Cyberspace Solarium Commission leaders praised U.S. cybersecurity improvements, they said more work is needed to secure critical infrastructure.
Litigation, Investigation, and Law Enforcement
Massive Australian Ransomware Attack Has Victims Demanding Answers (Bloomberg) One of Australia’s biggest data breaches ever is keeping lawyers busy.
Court sentences pair for India-based robocall scam (Register) Part of network of crims who used 'trickery and threats' to target elderly, says US Attorney
The dark web drug marketplace PIILOPUOTI dismantled by Finnish Customs (Security Affairs) Finnish police announced the takedown of the dark web marketplace PIILOPUOTI which focuses on the sale of illegal narcotics.