Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+582: Reintegrating mercenaries. (CyberWire) Russia and Ukraine exchange drone strikes. Russia seeks to reintegrate once-and-future mercenaries into the line. Disinformation and weapons of mass destruction.
Russia Strikes Mykolayiv As Ukrainian Drones Knock Out Power In Kursk Region (RadioFreeEurope/RadioLiberty) Russian troops launched a missile attack on September 29 on the southern Ukrainian city of Mykolayiv, damaging infrastructure, a regional official said, as the governor of Russia's Kursk region bordering Ukraine said a drone attack had cut off the energy supply of several settlements in the area.
Russia-Ukraine war at a glance: what we know on day 583 of the invasion (the Guardian) Putin met with a former top Wagner mercenary commander; Orbán sounds caution over Ukraine’s attempt to join EU
Russia-Ukraine war: List of key events, day 583 (Al Jazeera) As the war enters its 583rd day, these are the main developments.
Ukraine: The Latest (ART19) Russia's full-scale invasion of Ukraine has dominated world news since tanks, jets and troops first crossed Ukraine's borders in February 2022. Every weekday, the Telegraph's top journalists analyse the conflict from all angles.
The team consider military strategy, history, economics, the refugee crisis, Ukrainian culture, and daily life in Vladimir Putin's autocratic Russia and Volodymyr Zelensky's democratic Ukraine.
On 'Ukraine: The Latest', our correspondents on the ground talk to experts and civilians to cover every aspect of Russia's brutal invasion.
Ukraine’s new drone submarine will finish off Russia’s battered Black Sea Fleet (The Telegraph) It’s embarrassing to lose a naval battle to a nation without a navy
Putin has lost control of the war, says head of UK Armed Forces (The Telegraph) Admiral Sir Tony Radakin pledges continued support to President Zelensky during meeting also attended by Grant Shapps
NATO's secretary-general meets with Zelenskyy to discuss 'ending Russia’s aggression' (AP News) NATO Secretary-General Jens Stoltenberg has met with Ukrainian President Volodymyr Zelenskyy to discuss the status of the war and needs of troops.
Tanks and troops out in the open in Ukraine can't go 10 minutes without being spotted and fired upon, Ukrainian official says (Business Insider) A Ukrainian official told The Wall Street Journal that troops and tanks out in the open have a "survivability on the move" of no more than 10 minutes.
Russia’s Wagner troops are back on the battlefield, Ukraine says (POLITICO) Ukrainian reconnaissance and wiretaps expose the front-line return of Yevgeny Prigozhin’s old guard, colonel tells POLITICO.
Ukraine-Russia war: Ukraine 'gradually gaining ground' says Nato chief (The Telegraph) Ukrainian forces are “gradually gaining ground” in their counter-offensive against Russian forces, the head of Nato said during a visit to Kyiv.
Ukraine’s counteroffensive is making real progress on the Crimean front (Atlantic Council) Ukraine's escalating attacks in Crimea are steadily undermining Russia's invasion and are a reminder that the Ukrainian counteroffensive is not limited to the relatively static front lines of the war, writes Peter Dickinson.
Belarus says Polish helicopter violated its airspace, Warsaw denies (Reuters) Belarus on Thursday said a Polish helicopter had violated its airspace but Warsaw said none of its helicopters had crossed the border between the two countries.
What Did Zelensky Accomplish During His US Trip? (Wilson Center) Ukrainian President Volodymyr Zelensky began his second wartime visit to the United States with an address to world leaders at the United Nations General Assembly in New York on September 19 before traveling to Washington, DC to meet with audiences at the White House, Congress, and the Pentagon. We asked Kennan Institute and Global Europe Program experts for their analysis of Zelensky’s latest visit to the United States and what it tells us about Ukraine’s foreign policy goals.
Nothing is off table to get Ukraine into EU, says president of bloc’s parliament (the Guardian) Exclusive: Roberta Metsola warns ‘pushing the can down the road’ will fuel nationalism and the far right
The war in Ukraine is a powerful reason to enlarge—and improve—the EU (The Economist) Nine new countries, including Ukraine, are vying to join
The Promise and Peril of EU Expansion (Foreign Affairs) The bloc must add Ukraine—but it won’t be simple.
Kazakhstan Won't Help Russia to Bust Sanctions – President - The Moscow Times (The Moscow Times) Kazakhstan's leader said Thursday his country would not help Russia circumvent Western sanctions imposed over the war in Ukraine, amid suspicions that Moscow is still receiving vital goods via Central Asian nations.
Kazakhstan ready to increase oil supplies to Germany, president says (Reuters) Kazakhstan is ready to increase oil supplies to Germany, Kazakh President Kassym-Jomart Tokayev said on Thursday after talks with German Chancellor Olaf Scholz in Berlin.
Germany Stalls Delivery of Long-Range Cruise Missiles to Ukraine (Wall Street Journal) Berlin is holding off sending Taurus precision missiles because of concerns that German technicians would be needed on the ground to operate them.
Why Pakistan must side with Ukraine over Russia (Atlantic Council) Islamabad should look at the evolving global situation pragmatically and recognize that a strong Ukraine that defeats Russia is in its Pakistan’s interest.
Russia to strike massive blow on Ukraine with the help of Iranian UAVs and missiles (PravdaReport) Iran has advanced missile technology. A few days ago, Tehran successfully launched the Noor-3 satellite into space using a Qased launch vehicle
Kremlin Tasks Senior Ex-Wagner Commander With Forming Volunteer Corps (RadioFreeEurope/RadioLiberty) The Kremlin says Russian President Vladimir Putin has met with Andrei Troshev, the former chief of staff of the Wagner mercenary group, and handed him the responsibility for establishing new volunteer fighting units.
Russia's Harsh Prison System Is 'A Bottomless Reservoir Of Mercenaries,' Says Rights Advocate (RadioFreeEurope/RadioLiberty) Longtime Russian prisoner-rights advocate Olga Romanova tells RFE/RL that Russia's prisons are inefficient, archaic, and cruel, but they suit the social and political needs of President Vladimir Putin's authoritarian system. Particularly during the invasion of Ukraine.
Russian state hackers attempted to block Ukrainians from opening US bank accounts (SC Media) Russian actors were behind a surge in an effort to block money transfers of Ukrainian war refugees, said Morgan Stanley’s Rachel Wilson at the InfoSec World 2023 conference.
Cyber Attack Compromised the International Criminal Court’s Information Systems (CPO Magazine) The International Criminal Court (ICC) is investigating a cyber attack that compromised its systems with sensitive information about ongoing cases.
Russian flight booking system suffers ‘massive’ cyberattack (Record) The Leonardo system, which serves more than 50 Russian air carriers, was down for more than an hour, affecting the flagship airline Aeroflot and others, reports said.
'Hunt Forward' cyber teams have deployed to 24 countries, including Ukraine (Task & Purpose) The cyber teams monitor crucial networks in allied countries. Gen. Paul Nakasone also said the NSA is centralizing its AI mission.
Attacks, Threats, and Vulnerabilities
Iranian hackers hijacked websites to target Israelis in new attacks (The Jerusalem Post) The cyberattacks collected browsing history, cookies, and usernames and passwords stored on targeted devices.
Exclusive: DHS investigating whether floor plans and other security information were exposed in ransomware attack on contractor (CNN) Senior Department of Homeland Security officials are working to determine if a ransomware attack on government contractor Johnson Controls International has compromised sensitive physical security information such as DHS floor plans, according to internal DHS correspondence reviewed by CNN.
Chinese stole 60,000 State Department emails from Microsoft (Register) No classified systems involved apparently, but internal diplomatic notes, travel details, staff SSNs, etc
Suspected China-based hackers target Middle Eastern telecom, Asian government (Record) Hackers targeted a Middle Eastern telecom organization and an Asian government in a recent spying operation, according to a report published Thursday.
Malicious ad served inside Bing's AI chatbot (Malwarebytes) Users looking for software downloads may be tricked into visiting malicious websites via their interaction with Bing Chat.
Critical Vulnerability: WebP Heap Buffer Overflow (CVE-2023-4863) (Huntress) Huntress is tracking a new critical vulnerability seen in the wild that affects anything using the libwebp WebP image library. Here’s what we know so far.
Google gives WebP library heap buffer overflow a critical score, but NIST rates it as high-severity (SC Media) The vulnerability — CVE-2023-5129 — was given a critical 10.0 CVSS score by Google and a high-severity 8.8 score by NIST.
A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day (Ars Technica) If your software package involves VP8 video encoding, it's likely vulnerable to attack.
Google "confirms" that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) (Help Net Security) The exploited Chrome zero-day exploited recently patched by Google is actually in the libwebp library and has a new ID: CVE-2023-5129.
Google quietly corrects previously submitted disclosure for critical webp 0-day (Ars Technica) Previous CVE submission failed to mention that thousands of apps were affected.
MFA Bypass: Circumventing the Security Measure (ReliaQuest) MFA bypass methods pose a significant risk to organizations, and security teams must understand these techniques to effectively respond to the threat. This blog explains the common types of MFA bypass methods. Each comes with its own tactics, such as coercing users, stealing tokens, or exploiting misconfigurations and legacy systems. Learn how to counter these tactics, to mitigate the risk that MFA bypass attacks carry.
CL0P Seeds ^_- Gotta Catch Em All! (Unit 42) CL0P is distributing ransomware data via torrents. We investigate this new method, including seeds we’ve tracked — disguising victims with Pokemon. Catch them all!
A ransomware gang innovates, putting pressure on victims but also exposing itself (Washington Post) A change in how Cl0p publishes victim data is a trade off for the group
New Mexico insurance agency faces cyber attack (KRQE) The state agency overseeing New Mexico’s insurance industry is fighting a crippling cyber-attack. The Office of the Superintendent of Insurance has been shut down all week because of the attack.
Dallas: Royal ransomware gang infiltrated networks weeks before striking (Record) A post-mortem of the incident shows that over nearly a month hackers exfiltrated about 1.17 terabytes of data from the city of Dallas before deploying ransomware.
Progress Software says business impact ‘minimal’ from MOVEit attack spree (Cybersecurity Dive) While the company reported $951,000 in cyber incident and vulnerability response expenses for its third quarter, they represent just a sliver of its revenue.
Progress Announces Third Quarter 2023 Financial Results (SEC) Progress (Nasdaq: PRGS), the trusted provider of infrastructure software, today announced financial results for its fiscal third quarter ended August 31, 2023.
CS2AI podcast on control system cybersecurity (Control Global) A discussion on control system cybersecurity from CS2AI's podcast "96: Exploring the Depths of Industrial Cybersecurity with Joe Weiss: A Legendary Return to the Podcast"
CISA Adds One Known Exploited Vulnerability to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2018-14667 Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Security Patches, Mitigations, and Software Updates
Google Rushes to Patch New Zero-Day Exploited by Spyware Vendor (SecurityWeek) Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor.
Google patches zero-day exploited by commercial spyware vendor (TechCrunch) Google patched a zero-day vulnerability that the company said it was used to install spyware made by a commercial surveillance tech vendor.
Cisco urges admins to fix IOS software zero-day exploited in attacks (BleepingComputer) Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild.
Apple Releases Security Updates for Multiple Products | CISA (Cybersecurity and Infrastructure Security Agency CISA) Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply the necessary updates.
Safari 17
macOS Sonoma 14
Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product (SecurityWeek) Critical flaws in Progress Software's WS_FTP product allows pre-authenticated attackers to wreak havoc on the underlying operating system.
Cisco Releases Security Advisories for Multiple Products | CISA (Cybersecurity and Infrastructure Security Agency CISA) Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates
CISA Releases Three Industrial Control Systems Advisories | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA released three Industrial Control Systems (ICS) advisories on September 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-271-01 Rockwell Automation PanelView 800
ICSA-23-271-02 DEXMA DexGate
ICSA-23-143-02 Hitachi Energy’s RTU500 Series Product (UPDATE A)
Microsoft ends free upgrades to Windows 10/11 from 7/8 (Computing) Microsoft has quietly closed the loophole that allowed people to upgrade from Windows 7 and 8 to Windows 10 or 11 for free.
Trends
U.S. Businesses See Cyberattacks Tick Down–But They’re Still At Unsustainably High Level (Business Wire) GetApp’s 5th Annual Data Security Report reveals a drop in phishing and ransomware attacks, but fallout from the Las Vegas attacks underscores the massive social engineering vulnerabilities still plaguing businesses
KnowBe4 Finds U.S. Healthcare a Top Target For Cyber Attacks (KnowBe4) KnowBe4 Finds U.S. Healthcare a Top Target For Cyber Attacks
BioCatch's 2023 LATAM Digital Banking Fraud Trends Research Reveals a 90% Surge in Stolen Devices and 100% Spike in Mule Accounts (PR Newswire) BioCatch, a global leader in digital fraud detection powered by behavioral biometric intelligence, today unveiled its anticipated 2023 Digital...
Report | Digital Banking Fraud Trends in APAC 2023 (Biocatch) Welcome to the frontlines of financial security. BioCatch, the global leader in behavioral biometric intelligence, brings you an illuminating report on digital banking fraud trends in LATAM. This essential read reveals the harsh reality of cybercrimes plaguing the financial industry today.
Marketplace
Cyber budgets increase, executive overview improves, but challenges lurk under the surface (Moody’s Cyber Survey) Spending on cyber risk has risen fast and attention paid to the issue by top management has markedly increased, according to Moody’s 2023 cyber survey. But the news is not all good. Advanced cyber practices remain out of reach for many issuers, and survey responses raise questions about the effectiveness of some cyber initiatives. Companies and organizations are also facing other looming challenges, including a growing cybersecurity talent shortage and the advent of generative AI, which will introduce new risks.
Cybersecurity Budgets Grow, But at a Slower Pace (Wall Street Journal) The double-digit jumps of the last few years are over, but cybersecurity spending has been spared the worst of corporate cutbacks.
'Splunk feels like the icing on the cake of Cisco's recent acquisitions' - Andrew Want, Trustmarque chief technologist (CRN) Andrew Want discusses the potential impact of the buyout for MSP partners, competitors and the Cisco ecosystem
X Fires Its Election Team Before a Huge Election Year (WIRED) The “last man standing” in X’s threat intelligence team has been fired, as the company guts its election integrity response ahead of a year in which more than 50 countries go to the polls.
Optiv Appoints Key Executives to Drive Continued Growth and Innovation (PR Newswire) Optiv, the cyber advisory and solutions leader, has appointed two executives to fuel the company's financial growth and advance innovative...
Products, Services, and Solutions
Mercedes-Benz and Mastercard introduce native in-car payments (Mastercard) Customers will be able to use a fingerprint sensor in their car to make convenient and secure digital payments at more than 3,600 service stations in Germany.
Fortinet brings in new Network Security Expert certification program (ARN) Fortinet has completely revamped its Network Security Expert certification program in a bid to foster more cyber skills within the market.
Technologies, Techniques, and Standards
NIST Unveils Newly Named Human-Centered Cybersecurity Program (NIST) The Human-Cent
The R Street Institute Launches Cybersecurity-Artificial Intelligence Working Group (R Street Institute) Contact: Corie Whalen, Media Relations Director, cwhalen@rstreet.org The rapid development of artificial intelligence (AI)-driven technologies has opened the floodgates to novel opportunities and applications. Alongside these opportunities, attendant cybersecurity threats are also expected to rise. The R Street Institute is launching a six-month-long working group bringing together experts from government, the private sector, academia and...
Design and Innovation
Get Ready with IonQ (IonQ) The Era of Enterprise-Grade Quantum Computers is Near
IonQ Announces New $25.5M Quantum Deal with United States Air Force Research Lab (IonQ) Working to build the world's best quantum computers to solve the world's most complex problems
IonQ and Hyundai Motor Company Expand Quantum Computing Partnership, Continuing Pursuit of Automotive Innovation (IonQ) Working to build the world's best quantum computers to solve the world's most complex problems
IonQ, Airbus Sign Agreement to Collaborate on Aircraft Loading Project using Quantum Computing (IonQ) Working to build the world's best quantum computers to solve the world's most complex problems
Legislation, Policy, and Regulation
China Is Investing Billions in Global Disinformation Campaign, U.S. Says (Wall Street Journal) Fake authors, bot armies and lawsuits are among the tactics Beijing employs to reshape the information landscape, according to a State Department assessment.
Mayorkas warns Latin American leaders of Beijing's technology influence (CyberScoop) The Biden administration sees Chinese investments in Latin America as a potential precursor to cyber operations.
Tech industry leaders and White House clash over plan for improved cloud security (Record) A presidential advisory panel produced a report criticizing the Biden administration's push for Know Your Customer rules for cloud computing providers. The White House is sticking with the plan.
Government Shutdown Could Bench 80% of CISA Staff (SecurityWeek) Roughly 80% of CISA staff will be sent home at the end of the week in case of a government shutdown, the DHS said.
NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry (Breaking Defense) "We must build a robust understanding of AI vulnerabilities, foreign intelligence threats to these AI systems and ways to counter the threat in order to have AI security," Gen. Paul Nakasone said. "We must also ensure that malicious foreign actors can't steal America’s innovative AI capabilities to do so.”
NSA starts AI security center with eye on China and Russia (Fortune) The center will promote the secure adoption of AI within "our national security systems," said U.S. Army Gen. Paul Nakasone.
NSA is creating a hub for AI security, Nakasone says (Record) The Artificial Intelligence Security Center will serve as a “focal point” for various activities related to AI, including the security of the technology, the spy agency's director said.
Congressional Cyber Policy with former Rep. Jim Langevin (Spotify) Listen to this episode from Distilling Cyber Policy on Spotify. In our latest episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by former U.S. Congressman Jim Langevin. Jim spent more than 22 years representing Rhode Island’s 2nd Congressional District in the U.S. House of Representatives. The discussion focuses on his enormous influence the development of U.S. congressional cyber policy.
Litigation, Investigation, and Law Enforcement
State health insurer ordered to report on ransomware attack (Record) Onsite investigation to also be conducted
MGM, Caesars face class-action lawsuits over cyberattacks (Las Vegas Review-Journal) Plaintiffs say Caesars Entertainment and MGM Resorts International failed to protect customer data during attacks revealed this month.
The Trial of Sam Bankman-Fried, Explained (WIRED) White-collar defendants use three main defenses: “It wasn’t me, I didn’t mean it, and the people that say I did are lying.” FTX's Sam Bankman-Fried is likely to go for “I didn’t mean it,” experts say.
Security researcher stopped at US border for investigating crypto scam (BleepingComputer) Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Curry was further served with a 'Grand Jury' subpoena that demanded him to appear in court for testimony.