Dateline: Russias hybrid war against Ukraine.
Ukraine at D+586: Seeking narrative control. (CyberWire) Ukrainian drones hit a missile factory in Smolensk and Russia shells homes and markets around Kherson. Ukraine prepares for cyberattacks on its power grid, and the US prepares for influence operations directed at the 2024 elections.
Russia-Ukraine war: List of key events, day 587 (Al Jazeera) As the war enters its 587th day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 587 of the invasion (the Guardian) EU promises another €5bn in military aid to Ukraine at surprise meeting in Kyiv; White House says it is in touch with allies about continued funding for Ukraine
Ukraine intel directorate confirms drone attack on Russian missile-producing factory (Al Arabiya) Ukrainian attack drones struck a Russian aircraft factory where Kh-59 missiles were produced, Ukraine’s Main Intelligence Directorate (GUR) confirmed on Monday.
EU foreign ministers convene in Kyiv in ‘historic’ show of support (the Guardian) Josep Borrell condemns Russia’s war as he says meeting is taking place ‘within the future borders of the EU’
Ukraine’s defense intel reveals details of Russian turncoat soldier operation (Ukrinform) The GUR defense intelligence thoroughly vetted Russian Lieutenant Danil Alfyorov before concluding it was possible to approach him. — Ukrinform.
Yevgeny Prigozhin’s son ‘takes over command of Wagner’ (The Telegraph) Military analysts believe the 25-year-old is the new leader of the mercenary group that was founded by his father
Rightsizing the Russia Threat (Foreign Affairs) Whatever Putin’s intentions are, he is hemmed in by limited capabilities.
Russians Unofficially Honor Wagner Mercenary Leader Prigozhin On 40th Day After His Death (RadioFreeEurope/RadioLiberty) Russians have commemorated the founder and leader of Wagner mercenary group Yevgeny Prigozhin on the 40th day since his death, a Russian Orthodox tradition to honor those who have passed away.
Ukrainian Lawmakers, Elon Musk Trade Barbs On Social Media (RadioFreeEurope/RadioLiberty) A simmering feud between Elon Musk and Ukraine neared a boil after the tech billionaire mocked Ukrainian President Volodymyr Zelenskiy's continued pleas for wartime aid from the West, triggering Kyiv to respond with accusations Musk had become a tool of Moscow by spreading its "propaganda."
Putin’s Pals Brag: Elon Musk ‘Really Is Our Agent!’ (The Daily Beast) Kremlin propagandists are rejoicing after Congress omitted aid to Ukraine from its most recent government funding bill.
Ukraine prepares for winter again as Russia targets its power grid (The Economist) Things may be tougher this time
Putin’s Next Target: U.S. Support for Ukraine, Officials Say (New York Times) Russian spy agencies and new technologies could be used to push conspiracy theories, U.S. officials say.
Interfax-Ukraine agency's website undergoes cyberattack (Interfax-Ukraine) On Sunday, October 1, the website of the Interfax-Ukraine News Agency underwent a cyberattack.
UK Royal Family Website Hit by DDoS Attack from KillNet (Hackread) The DDoS attack took place around 10 a.m. local time.
KillNet Claims DDoS Attack Against Royal Family Website (Dark Reading) The royal takedown was a brief but effective PR stunt for Russia's most notorious hacktivist group.
Royal family’s website suffers Russia-linked cyberattack (CSO Online) Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine.
Why the Royal Family website was the target of a cyber attack (Tatler) Russian hackers have claimed responsibility
Attacks, Threats, and Vulnerabilities
Mass exploitation attempts against WS_FTP have begun (Register) Early signs emerge after Progress Software said there were no active attempts last week
Cisco warns of attempted exploitation of zero-day in VPN software (Record) The bug, first published Sept. 27, affects the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software.
Bitsight identifies nearly 100,000 exposed industrial control systems (Bitsight) Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) potentially allowing an attacker to access and control physical infrastructure.
Number of Internet-Exposed ICS Drops Below 100,000: Report (SecurityWeek) The number of internet-exposed ICS has dropped below 100,000, a significant decrease from the 140,000 in 2019.
Malicious Packages Hidden in NPM (Fortinet Blog) FortiGuard Labs investigates several malicious packages hidden in NPM and provides an overview of these packages, grouping them on similar styles of code or functions. Learn more.…
Seaports in India were left vulnerable to takeover by hackers (Cybernews) The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors.
Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw (SecurityWeek) Rapid7 says attackers are targeting a critical pre-authentication flaw in Progress Software’s WS_FTP server just days after disclosure.
Cyberattacks hit military, Parliament websites as India hacker group targets Canada (CTVNews) The federal government is coping with cyberattacks this week, as a hacker group in India claims it has sowed chaos in Ottawa, but Canada's signals-intelligence agency says the 'nuisance' attacks likely haven't put private information at risk.
How "Antiquated Infrastructure" Undermines Crypto Security (BeInCrypto) Explore the cybersecurity challenges in the crypto market, where outdated infrastructures and human errors threaten assets and data.
ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year (CSO Online) Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations
Protecting against FraudGPT, ChatGPT's evil twin (Help Net Security) In this video, Mike Newman discusses the risks that FraudGPT poses and the techniques criminals use to target organizations.
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (The Hacker News) APIs are under attack! Explore the top API security concerns and why healthcare and manufacturing sectors are targeted
CYFIRMA RESEARCH - CHIT-CHAT WITH A RANSOMWARE OPERATOR - CYFIRMA (CYFIRMA) INTRODUCTION Recently, CYFIRMA Research published a report on a new threat actor group known as FusionCore. In a follow-up, we...
Hackers steal user database from European telecommunications standards body (Record) The European Telecommunications Standards Institute (ETSI) said it brought in French authorities to investigate. ETSI has more than 900 member organizations from over 60 countries.
Furry hackers claim to have breached NATO, stolen 3,000 files (The Daily Dot) The hacking group SiegedSec says it leaked what are claimed to be more than 3,000 files from the North American Treaty Organization (NATO).
"Phantom Hacker" Scams Target Senior Citizens and Result in Victims Losing their Life Savings (FBI) The FBI is warning the public of a recent nationwide increase in "Phantom Hacker" scams, significantly impacting senior citizens.
FBI warns of surge in 'phantom hacker' scams impacting elderly (BleepingComputer) The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States.
New BunnyLoader threat emerges as a feature-rich malware-as-a-service (BleepingComputer) Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard.
Phishing via Dropbox (Check Point Blog) A burgeoning attack involving Dropbox is making the rounds. In the first two weeks of September, we saw 5,440 of these attacks. Hackers are using Dropbox
Feds hopelessly behind the times on ransomware trends (Register) Better late than never, we guess
South African insurance clients hit in massive global cyberattack (MyBroadband) Aon South Africa has warned customers that the Cl0P ransomware gang likely compromised their personal information during a mass-exploitation campaign earlier this year.
Motel One Newsroom (Motel One Press) The Motel One Group has become the target of a hacker attack.
Motel One discloses data breach following ransomware attack (BleepingComputer) The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards.
CISA Adds One Known Exploited Vulnerability to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-5217 Google Chrome libvpx Heap Buffer Overflow Vulnerability
Vulnerability Summary for the Week of September 25, 2023 | CISA (Cybersecurity and Infrastructure Security Agency CISA) High Vulnerabilities Primary Vendor -- Product Description Published
Security Patches, Mitigations, and Software Updates
Progress, the company behind MOVEit, patches new actively exploited security flaws | TechCrunch (TechCrunch) Security researchers say thousands of WS_FTP servers are vulnerable and hackers are already taking advantage.
Trends
New Study by CR, Aspen Digital, and GCA Reveals Consumer Attitudes Towards Cybersecurity and Online Privacy (GCA | Global Cyber Alliance) Consumer Reports, Aspen Digital, and GCA released the 2nd Consumer Cyber Readiness report, marking the start of Cybersecurity Awareness Month.
Marketplace
Is Your AI Model Going Off the Rails? There May Be an Insurance Policy for That (Wall Street Journal) The many ways a generative artificial intelligence project can go off the rails poses an opportunity for insurance companies, even as those grim scenarios keep business technology executives up at night.
Tenable Completes Acquisition of Ermetic (Tenable®) Tenable® Holdings, Inc., the Exposure Management company, today announced it has closed its acquisition of Ermetic, Ltd. (“Ermetic”), an innovative cloud-native application protection platform (CNAPP) company, and a leading provider of cloud infrastructure entitlement management (CIEM). The acquisition combines two cybersecurity innovators and marks an important milestone in Tenable’s mission to shift organizations to proactive security.
Cohesity Forms Industry’s Largest Alliance of DSPM Vendors To Reduce Customer Risks of Cloud Transformation and Data Democratization (Cohesity) Six Data Security Posture Management Partners Join Cohesity’s Data Security Alliance, Representing the Vast Majority of Solutions in the Industry that Identify and Locate Previously Unknown Data Repositories and Mitigate Associated Security and Privacy Risks
MEF Launches Enterprise Leadership Council with Esteemed Corporate Leaders (GlobeNewswire News Room) MEF formed a council of senior executives from all major enterprise vertical markets to bring important end user perspective and involvement to MEF....
Frontegg Appoints Enterprise Sales Leader Dane Mustola as Head of Global Sales (GlobeNewswire News Room) Okta, Auth0 and Workday Veteran Will Oversee the Company’s Global Sales Team and Drive Frontegg’s Next Era of Growth...
Products, Services, and Solutions
Visa Enters Strategic Partnership with Expel to Help Clients Manage Cybersecurity Risk (Business Wire) Expel brings Managed Detection and Response (MDR) capabilities, which Visa uses to augment its own security team, to Visa’s Value-Added Services portfolio, helping to protect global clients from emerging cyberthreats
NINJIO gives companies free access to next-gen training resources for National Cybersecurity Awareness Month (NINJIO) NINJIO is making its SENSE Training Pack free to the public through the end of October.
LogRhythm Unveils Major Advancements to Cloud-Native SIEM Platform, LogRhythm Axon (LogRhythm) New platform automations and optimizations empower SOC team to more efficiently mitigate threats and reduce the skills gap LogRhythm, the company helping security teams stop breaches by turning disconnected data and signals into trustworthy insights, today announced its 6th consecutive…
Cerby and Okta partnership announcement (Cerby) Cerby partners with Okta to secure nonstandard applications, expanding the reach of modern identity-powered security.
McAfee's AI technology strengthens privacy and identity protections for users (Help Net Security) McAfee’s AI technology addresses the rise in AI-generated phishing scams by detecting suspicious URLs in texts before they’re opened.
AWS stirs the MadPot – busting bot baddies and eastern espionage (Register) Security exec Mark Ryland spills the tea on hush-hush threat intel tool
Quanergy Integrates Q-Track into Milestone Systems’ XProtect® VMS (GlobeNewswire News Room) Quanergy Integrates Q-Track into Milestone Systems’ XProtect® VMS...
Akamai Client-Side Protection & Compliance Introduces New Capabilities to Help Organizations Comply with PCI DSS v4.0 (Akamai) New capabilities simplify PCI DSS v4.0 compliance and help achieve the latest JavaScript security requirements: 6.4.3 and 11.6.1.
Virtru Releases Data Security Integration for Zendesk (GlobeNewswire News Room) Virtru Secure Share now offers a direct integration with Zendesk, which protects data flowing in and out of Zendesk without disrupting usability....
ThreatQuotient Bridges Artificial Intelligence with Threat Intelligence in the SOC (Business Wire) Security operations teams work smarter, not harder, with the latest enhancements to the ThreatQ Platform including ThreatQ TDR Orchestrator and a data-driven approach to automation
Say (an encrypted) hello to a more private internet. (The Mozilla Blog) As web users, what we say and do online is subject to pervasive surveillance. Although we typically associate online tracking with ad networks and other th
Concentric AI Introduces Industry’s First Data Lineage Functionality in a Data Security Posture Management Solution for Improved Data Protection and Management (Business Wire) Organizations Can Now Make Better Business Decisions to Secure their Data by Understanding Data’s Entire Journey and How it is Sourced, Processed, Modified, Entitled and Consumed
Technologies, Techniques, and Standards
DISARMing cyber threats with ATT&CK: A winning combination (C4ISRNet) As this framework gains recognition, it holds the potential to evolve into a universal language for identifying and countering influence, the authors say.
Sauce Labs Survey Reveals: Majority of Developers Are Pushing Code to Production Without Testing, Circumventing Security Protocols, Relying on ChatGPT (GlobeNewswire News Room) Sauce Labs surveyed 500 developers to quantify how pervasive bad behavior is; such as using ChatGPT, bypassing security and quality protocols for...
Sonatype’s 9th Annual State of the Software Supply Chain Report Reveals Ways to Improve Developer, DevSecOps Efficiency (Sonatype) Sonatype's new 9th Annual State of the Software Supply Chain Report highlights alarming open source software and software supply chain security trends.
About | SMICI Data Portal (SMICI Data Portal) Welcome to the Significant Multi-domain Incidents against Critical Infrastructure (SMICI) Data Portal
What Cyber Response Can Learn from Traditional Disasters (GovTech) Government has battle-tested playbooks for dealing with hurricanes, tornadoes and wildfires. As cyber emergencies become both more common and more devastating, what can cyber reponders learn from physical emergency response?
Linux distros need to take more responsibility for security (InfoWorld) Between the rapid release of open source software, and modern OSes preloaded with packages, enterprises are vulnerable to attacks they aren’t even aware of.
Why every company should include threat intelligence in their cybersecurity strategy (BetaNews) In the fast-evolving digital landscape, the prevalence of cyber threats has become a stark reality for businesses and individuals. While essential, conventional cybersecurity measures are often reactive and inadequate against sophisticated attacks. This is where Cyber Threat Intelligence (CTI) emerges as a proactive and complementary approach to cybersecurity.
16 Leading Technology and Service Providers Launch Industry's First SASE Product and Services Certification (GlobeNewswire News Room) MEF launched beta certification program of SASE products and services with Cisco, Fortinet, Juniper Networks, Palo Alto Networks, Versa Networks, VMware....
Design and Innovation
Levan Center of Innovation and iQ4 Corporation Unite to Bridge Florida's Cyber Talent Gap (NewsBreak Original) In a significant move to address the surging demand for cybersecurity professionals, theAlan B. Levan | NSU Broward Center of Innovation (Levan Center of Innovation) has announced a strategic partnership with iQ4 Corporation and its Cybersecurity Workforce Alliance (CWA) division. This collaboration aims to align with the Biden-Harris National Cybersecurity Workforce and Education Strategy to catalyze the development of America's next-generation cybersecurity talent. Florida, in particular, faces a pressing need, with 34,377 open cybersecurity positions as of September 2023, according to Cyberseek.org.
CIOs Feel Heat From CEOs on Generative AI (Wall Street Journal) The rise of generative AI within companies often starts at the top with chief executives, making it different from other business tech booms typically led by technologists.
Why Big Tech’s bet on AI assistants is so risky (MIT Technology Review) Tech companies have not solved some of the persistent problems with AI language models.
Legislation, Policy, and Regulation
New SEC Cyber Rules to Push Publics and Their Third Parties to Strengthen Programs (PR Newswire) Following the Securities and Exchange Commission's (SEC) adoption of new rules for cybersecurity risk management, strategy, governance, and...
New cyber rules aim to standardize requirements for federal contractors (Nextgov.com) The proposed rules would create new information sharing and incident reporting requirements.
Senators push for USPS identity proofing to thwart AI-generated deepfakes (Nextgov.com) The U.S. Postal Service already offers identity proofing services for some government agencies.
Citizen Cyber Brigades Held Promise — Have They Delivered? (GovTech) Amid struggles to fill open cybersecurity positions, some states have looked toward volunteer citizen brigades trained to respond when smaller jurisdictions need help. Experts consider whether the benefits outweigh the risks.
National Security Agency to create an artificial intelligence center (C4ISRNet) China has in recent months stepped up cyber operations focused on U.S. and allied institutions that may include pre-positioning malware.
Don’t Say ‘Skynet’ — NSA’s AI Security Center is New Hub for Agency Efforts (Security Boulevard) COME WITH ME IF YOU WANT TO LIVE: Nothing suspicious to see here—move along.
What do US Spies Do? Don’t Ask America’s Espionage Chiefs (Bloomberg) Spy chiefs miss deadline to define intelligence terms. Civil liberties rest on spying terms’ definitions, Wyden says.
Litigation, Investigation, and Law Enforcement
Watchdog says pipeline security regulations, data collection safeguards not up to snuff at DHS (Washington Post) Pipeline security regulations, device data collection safeguards not up to snuff at DHS, watchdog says
Better TSA Tracking and Follow-up for the 2021 Security Directives Implementation Should Strengthen Pipeline Cybersecurity (REDACTED) (Office of Inspector General, Department of Homeland Security) The Transportation Security Administration’s (TSA) fiscal year 2021 pipeline security directives, if implemented, should strengthen pipeline operators’ posture against cyber threats.
CBP, ICE, and Secret Service Did Not Adhere to Privacy Policies or Develop Sufficient Policies Before Procuring and Using Commercial Telemetry Data (REDACTED) (Office of Inspector General, Department of Homeland Security) U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement (ICE), and the United States Secret Service (Secret Service) did not adhere to Department privacy policies or develop sufficient policies before procuring and using commercial telemetry data (CTD).
DHS Investigating Extent of Johnson Controls Security Breach - Campus Safety Magazine (Campus Safety Magazine) CNN reports Homeland Security is investigating if attack on Johnson Controls compromised sensitive physical security information.
Sam Bankman-Fried must now convince a jury that the former crypto king was not a crook (Quartz) For a while, Sam Bankman-Fried tried to convince politicians and the public that he was the next J