Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+603: Interdiction and denial-of-services. (CyberWire) Fighting on the ground continues as it has in recent weeks, but Ukraine's ATACMS strikes are assessed as highly damaging to Russian attack aviation.
Russia-Ukraine war: List of key events, day 604 (Al Jazeera) As the war enters its 604th day, these are the main developments.
Russia-Ukraine war live: UN probe finds new evidence of Russian war crimes; Zelenskiy ‘grateful’ to Biden for support (the Guardian) Russian forces have committed ‘indiscriminate attacks’ and war crimes in Ukraine, says UN committee of inquiry
Ukraine war latest: 'Pronounced concern' in Russia about Ukraine's moves in south (Sky News) Russian sources have expressed "pronounced concern" about ongoing Ukrainian activity in Kherson.
Israel-Hamas war live: Egypt blames Israel for blocking aid to Gaza as airstrikes continue (the Guardian) Egyptian foreign ministry says: ‘Rafah crossing is open and Egypt is not responsible for obstructing third-country nationals exit’
Israel briefing: Five key developments in the Israel-Hamas war on day 13 (The Telegraph) Rishi Sunak's arrival in Israel leads the news as Joe Biden strikes deal to allow aid into Gaza
Hamas-linked app offers window into cyber infrastructure, possible links to Iran (CyberScoop) The administrators of a news site linked to Hamas have struggled to keep it online amid fighting with Israel.
Instagram ‘Sincerely Apologizes’ For Inserting ‘Terrorist’ Into Palestinian Bio Translations (404 Media) The "see translation" feature for user bios was auto-translating phrases that included "Palestinian" and “alhamdulillah” into "Praise be to god, Palestinian terrorists are fighting for their freedom."
Intel, defense officials tell senators that Israel did not strike hospital (The Hill) U.S. intelligence and defense officials told senators at a classified briefing Wednesday that Israel is not responsible for a blast that reportedly killed hundreds of people at a hospital in Gaza, …
Early U.S. and Israeli Intelligence Says Palestinian Group Caused Hospital Blast (New York Times) U.S. officials cautioned that the analysis is preliminary and that the United States was continuing to collect and analyze evidence.
Cyberattacks linked to Israel-Hamas war are soaring (Fast Company) Some 500 recent attacks tracked by Cambridge University researchers have targeted Israeli websites.
NSO, Israeli cyber firms help track missing Israelis and hostages (Haaretz) From facial recognition to open source intelligence and offensive cyber, firms such as NSO, Rayzone and others like AnyVision helped map and track hostages, casualties
Key Crimean bridge now a 'security burden' for Russia (The Telegraph) The Kerch Bridge to annexed Crimea is “now almost certainly a significant security burden,” for Russia, the UK’s Ministry of Defence (MoD) said.
Trellix flags Discord APT exploitation, as hackers target Ukrainian critical infrastructures (Industrial Cyber) Trellix researchers flag Discord APT exploitation, as hackers target and abuse Ukrainian critical infrastructure sector.
Lithuanian interior minister says emailed bomb threats are coordinated regional cyber-attack (Baltic Times) VILNIUS – Interior Minister Agne Bilotaite said on Tuesday that the continuing barrage of emailed bomb threats is a cyberattack on a regio...
Russian War Report: Ukraine inflicts heavy damage on Russian positions (Atlantic Council) Ukraine used US-provided ATACMS missiles to strike two Russian-occupied airfields in Zaporizhzhia oblast and Luhansk.
Now Russia is fighting to gain territory in the east of Ukraine (The Economist) The battle for Avdiivka
Biden draws direct link between Putin and Hamas as he urges aid for Israel and Ukraine (the Guardian) US president said Americans must not walk away from their role as a ‘beacon to the world’ in rare Oval Office address
Biden asks Congress for Israel, Ukraine aid in giant defense package (Defense News) President Biden intends to ask Congress for nearly $100 billion in military aid to Ukraine and Israel amid heightened tensions throughout the Middle East.
Experts react to Biden’s ‘inflection point’ address on Ukraine and Israel (Atlantic Council) Biden tied together the conflicts in Israel and Ukraine as part of a larger struggle for democracy and freedom. Here's what Atlantic Council experts had to say about the Oval Office address.
DOD Responds to Attacks, Continues Efforts to Deter Spread of Israel-Hamas War (U.S. Department of Defense) U.S. service members are looking to deter groups from using the Israel-Hamas war as an opportunity to launch conflict that could engulf the region, Pentagon Press Secretary Air Force Brig. Gen. Pat
Sweden edges closer to sending Gripen fighter jets to Ukraine (POLITICO) The Swedish jets are specifically designed to counter Russian air defenses.
Russian lawmakers vote to revoke ratification of nuclear test ban (Defense News) The bill will now go to the upper house, the Federation Council.
Modi and India Are Standing With Israel (World Politics Review) Indian Prime Minister Narendra Modi has compelling reasons to maintain strong relations with Israel amid its war against Hamas.
The Israel visit was just the start. Here's what Biden needs to do next. (Atlantic Council) The US and Israel should develop and publicly issue a joint set of common principles that will guide the future of Gaza, once Israel’s full military objectives against Hamas are reached.
US vetoes Security Council call for 'humanitarian pause' in Israel-Hamas war (CNN) The United States has vetoed a draft resolution at the UN Security Council which called for a humanitarian pause in besieged Gaza – sparking more criticism of political paralysis in the powerful global body.
Hamas’s Hostage-Taking Handbook Says to ‘Kill the Difficult Ones’ and Use Hostages as ‘Human Shields’ (The Atlantic) The document, which I obtained from an Israeli official, also suggests that Hamas did not plan to take hostages back to Gaza.
Opinion Hamas is emulating ISIS’s horrors. But ISIS lost. (Washington Post) The horrific attack carried out by Hamas on Oct. 7 (“Black Sabbath,” Israelis are calling it) resulted in 1,400 dead Israelis, 3,900 wounded and 199 taken hostage. Such mass-casualty attacks were once rare in the history of terrorism. Since Sept. 11, 2001, however, they have become disturbingly commonplace.
Opinion War crimes are part of the Russian playbook (Washington Post) Is there a specifically Russian way of war? The manner in which the Russian army has systematically flouted the Geneva Conventions in its brutal, unprovoked war of aggression against Ukraine inevitably prompts the question.
Ukraine’s Economy Starts to Rebound as It Adapts to War (New York Times) Economists predict a return to growth, but many challenges lie ahead, including the rebuilding of war-torn cities and labor shortages.
War risk insurance can contribute to Ukrainian victory over Putin's Russia (Atlantic Council) War risk insurance can play a key role in helping Ukraine to achieve victory on the economic front of the war with Russia, writes Ukraine’s First Deputy Prime Minister and Minister of Economy Yulia Svyrydenko.
Ukrainian parliament votes to ban Orthodox Church over alleged links with Russia (the Guardian) MPs overwhelmingly back move in initial vote, despite church claim it has cut ties with Moscow
Attacks, Threats, and Vulnerabilities
DarkGate attacks linked to Vietnam-based cyber criminals (News Powered by Cision) WithSecure researchers tie recent DarkGate attacks in the UK, US, and India back to threat actors
DarkGate malware campaign (WithSecure) Vietnamese cybercrime groups are using multiple different Malware as a Service (MaaS) infostealers and Remote Access Trojans (RATs) to target the digital marketing sector. These actors greatly value Facebook business accounts and hijacking these accounts appears to be one of their primary goals. The targeting and methods of these groups heavily overlap to an extent that suggests that they are a closely related cluster of operators/groups. It is possible to identify campaigns carried out by these groups through non-technical indicators, such as their lure topics, lure files, and associated metadata.
Crambus: New Campaign Targets Middle Eastern Government (Threat Hunter Team Symantec) Iran-linked attackers compromised multiple computers and servers over the course of eight months.
JetBrains vulnerability being exploited by North Korean gov’t hackers, Microsoft says (Record) Multiple groups of hackers tied to North Korea’s government are targeting a vulnerability that emerged earlier this year in a popular product from Czech software giant JetBrains, Microsoft says.
Exploited SSH Servers Offered in the Dark web as Proxy Pools (Aquasec) Aqua Nautilus researchers show how SSH tunneling is done in the context of cloud native environment and how they are use as proxy pools.
Another InfoStealer Enters the Field, ExelaStealer (Fortinet Blog) FortiGuard Labs analyzes ExelaStealer, a relatively new, open-source InfoStealer. Written in Python, and capable of stealing sensitive information from users.…
Business-oriented threat involving ‘several types of malware all at once’ remains active (Record) A malware campaign that the U.S. warned about in April is still dumping cryptominers, keyloggers and more on organizations worldwide, Kaspersky said.
Casio Issues Apology and Notice Concerning Personal Information Leak Due to Unauthorized Access to Server | CASIO (CASIO Official Website) Casio Computer Co., Ltd. disclosed today that an external party gained unauthorized access to the server for the company’s education web application “ClassPad.net,” resulting in the leak of personal information of some registered customers in and outside Japan.
Human Error: Casio ClassPad Data Breach Impacting 148 Countries (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) If you are a Casio ClassPad customer, it is strongly recommended that you change your ClassPad password immediately to protect yourself.
Casio data breach 2023 caused worldwide panic (Dataconomy) Casio Data Breach 2023: Global impact, customer data exposure - a stark reminder of cybersecurity challenges. Keep reading and explore now!
Casio discloses data breach impacting customers in 149 countries (BleepingComputer) Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.
Cisco IOS XE Web UI Vulnerability: A Glimpse into CVE-2023-20198 (Horizon3.ai) On 16 October, Cisco reported a critical zero-day vulnerability in the web UI feature of its IOS XE software actively being exploited.
Less Phishing, More Cat Pictures (DomainTools) In this post for CISA’s Cybersecurity Awareness Month, we’ll review what phishing is including the underlying issue of social engineering, complete with examples throughout history.
Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyberattack (SecurityWeek) Healthcare solutions giant Henry Schein has disclosed a cybersecurity incident that disrupted operations and possibly led to a data breach.
MGM suffers a major cyber-attack (Panda Security Mediacenter) Today we will analyze the cyber-attack that MGM suffered, the economic losses and the strategy adopted in order to face the attack.
CISA Adds Two Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency | CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-4966 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
CVE-2021-1435 Cisco IOS XE Web UI Command Injection Vulnerability
Security Patches, Mitigations, and Software Updates
Oracle Releases October 2023 Critical Patch Update Advisory (Cybersecurity and Infrastructure Security Agency | CISA) Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA Releases One Industrial Control Systems Advisory (Cybersecurity and Infrastructure Security Agency | CISA) CISA released one Industrial Control Systems (ICS) advisory on October 19, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-143-02 Hitachi Energy’s RTU500 Series Product (UPDATE B)
Trends
Uptycs Quarterly Threat Bulletin Details WinRAR Zero-Day Vuln and More (Uptycs) In the latest 2023 Quarterly Threat Bulletin, Uptycs saw threat groups leveraging the WinRAR zero-day vulnerability to attack organizations globally.
Q3 Report: Email Threat Trends Latest edition: PDF Popularity, Callback Phishing and Redline Malware (VIPRE) Email threats are out there, and we make it our business to know the latest tactics, statistics, and attack trends…
2023 Elastic Global Threat Report (Elastic) Read the 2023 Elastic Global Threat report for trends in malware, endpoint, and cloud security with recommendations for security teams, analysts, and CISOs.
Top Cyber-Threat Techniques in Q3 2023: What We’re Seeing (ReliaQuest) In July, we reported on ReliaQuest’s most commonly observed attacker techniques. Now, three months on, it’s time to revisit and reflect on what we’ve observed across our customer networks and ask: what can we do to manage risk?
Cybersecurity Awareness Month: Plume IQ Detects 80% Spike in Malware Attacks Across the United States (VMblog) Cybersecurity Awareness Month, held each October, is the world's foremost initiative aimed at promoting cybersecurity awareness and best practices.
Marketplace
Google announces job cuts in news division (Computing) Google's news division has become the latest target of layoffs in what seems like a year of continuous downsizing for the tech giant.
Embroker Cyber Risk Index Finds Startup Founders More Likely to get Funding with Cyber Coverage in 2023 (Business Wire) Study finds cyber protection allows founders to close contracts and comply with new SEC rules
Products, Services, and Solutions
New infosec products of the week: October 20, 2023 (Help Net Security) The featured infosec products this week are from: Arcitecta, AuditBoard, BackBox, Prevalent, and Thales.
Druva Supercharges Autonomous Protection With Generative AI (Druva) Data resiliency pioneer launches Dru, the industry’s first AI copilot for backup, to increase productivity and support better IT decision-making
FortMesa Commemorates Cyber Awareness Month with Internal Use NFR for Free (FortMesa) FortMesa is excited to announce its commitment to the IT service provider community by offering a one-year, internal use of NFR access to its most popular features exclusively.
BackBox Introduces Network Vulnerability Manager (BackBox Software) BackBox announces its Network Vulnerability Manager (NVM), the first platform to offer deep integration of network automation with vulnerability management.
ABS Consulting and Dragos Expand Strategic Partnership to Strengthen OT Defenses (Business Wire) The organizations will offer a robust suite of integrated solutions and services to meet the growing cyber needs of critical infrastructure industries
Verint Launches New Specialized Bot to Help Protect Sensitive Customer Data and Reduce Compliance Risk (Verint) MELVILLE, N.Y. , October 17, 2023 — Verint® (NASDAQ: VRNT), The Customer Engagement Company®, today announced the launch of the Verint Personal Identifiable Information (PII) Redaction Bot giving organizations a way to automate compliance, reduce risk, and protect their customers’ sensitive personal data such as credit card and social security numbers, dates of birth, etc. “With […]
Immuta announces integration with Data Fabric Security on AWS (PR Newswire) Immuta, a data security leader, today announced its integration with Data Fabric Security (DFS) on Amazon Web Services (AWS), a solution...
J.P. Morgan Payments Selects Trulioo to Power Global Identity Verification Services (Business Wire) World’s leader in payments taps identity expert to support a more simplified payment experience
\We're thrilled to announce that Agency is now officially partnering with CrowdStrike! (LinkedIn) Together, we’re pushing the boundaries of cybersecurity and ensuring…
Elon Musk’s X removes the New York Times’ verification badge (Washington Post) The unexplained decision removes the only symbol distinguishing the news organization from impostors and comes amid a flood of false information related to the Israel-Gaza war, some of which Musk has personally endorsed.
Technologies, Techniques, and Standards
CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide | CISA (Cybersecurity and Infrastructure Security Agency CISA) Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated version of the joint #StopRansomware Guide. The update includes new prevention tips such as hardening SMB protocols, revised response steps, and added threat hunting insights.
How to defend your organization against GenAI-enabled threats (Pluralsight) AI tools like ChatGPT can be used to revolutionize your business, but it can also be used by bad actors to attack your systems. Here's how to mitigate that risk.
GCA and the National Democratic Institute Join Efforts to Boost Election Security (Global Cyber Alliance) The Global Cyber Alliance (GCA) and the National Democratic Institute (NDI) announced a partnership today to continue promoting their work around the digital safety of elections and other democratic political processes.
Calculated Approach to Cybersecurity Risk (Verve Industrial) Explore Verve's innovative approach to cybersecurity risk. Our white paper introduces Calculated Impact Rating (CIR) and Risk Ratings (CRR) for precise CVE assessment..
Research and Development
lowRISC Announces Expansion of OpenTitan Project with New Hardware (Business Wire) New Boards Allow Leading Developers and Organizations Globally to Contribute to the Project
Legislation, Policy, and Regulation
What the Defense Department’s Cyber Strategy Says About Cyber Conflict (Lawfare) Experience is refining the Defense Department’s approaches to key issues like cyber campaigning, escalation, and public-private relations in cybersecurity
How the US DOD Cyber Strategy changes national cyber defense (CSO Online) The 2023 Cyber Strategy takes a more realistic approach to the private sector's role in protecting the nation against cyber threats.
Philippine military ordered to stop using artificial intelligence apps due to security risks (AP News) The Philippine defense chief has ordered all defense personnel and the 163,000-member military to refrain from using digital applications that harness artificial intelligence to generate personal portraits, saying they could pose security risks.
CFPB Proposes Rule to Jumpstart Competition and Accelerate Shift to Open Banking (Consumer Financial Protection Bureau) The Consumer Financial Protection Bureau (CFPB) proposed a rule that would accelerate a shift toward open banking, where consumers would have control over data about their financial lives and would gain new protections against companies misusing their data.
Top US Cyber Agency Pushing Toward First Hack Reporting Rule (Bloomberg Law) A new US notification requirement for victims of malicious hacks could push in-house counsel to disclose cyberattacks when faced with ransomware and other network compromises.
FCC Revives ‘Net Neutrality,’ Proposes New Regulations for Internet Service (Wall Street Journal) The Federal Communications Commission wants to apply utility-like regulations to America’s internet-service providers.
FCC begins second quest for net neutrality (TechCrunch) The FCC has begun its effort to re-establish net neutrality. It faces a legal and political battle, but the new rule benefits from 8 years of hindsight.
U.S. Targets Crypto Mixers Over Money Laundering Risks (Wall Street Journal) The Biden administration designated international cryptocurrency platforms commonly known as “mixers” as primary money-laundering hubs that threaten national security.
Litigation, Investigation, and Law Enforcement
EU gives Meta, TikTok one week to detail measures against disinformation (Computing) The European Commission is intensifying its efforts to combat the spread of hate speech and disinformation during the Israel-Hamas war by demanding that Meta and TikTok provide detailed information about their strategies to address these issues.
Meta, TikTok given a week by EU to detail measures against disinformation (Reuters) Meta and TikTok have been given a week by the European Commission to provide details on measures taken to counter the spread of terrorist, violent content and hate speech on their platforms, a week after Elon Musk's X was told to do the same.
Chainalysis says some reports might be overestimating crypto's role in terrorist financing (The Block) Blockchain-research firm Chainalysis said may reports about the supposed use of crypto by terrorist groups might be overstating metrics.
Feds seize 17 web domains used by North Korean tech workers in fraud scheme (Record) The action by the Department of Justice is the latest operation against a network of North Korean IT workers sent abroad to secretly facilitate funding for Pyongyang's weapons program.
Justice Department Announces Court-Authorized Action to Disrupt Illicit Revenue Generation Efforts of Democratic People’s Republic of Korea Information Technology Workers (US Department of Justice) On Oct. 17, pursuant to a court order issued in the Eastern District of Missouri, the United States seized 17 website domains used by North Korean information technology (IT) workers in a scheme to defraud U.S. and foreign businesses, evade sanctions and fund the development of the Democratic People’s Republic of Korea (DPRK) government’s weapons program.
RagnarLocker ransomware dark web site seized in international sting (TechCrunch) The FBI said in 2022 that dozens of U.S. entities, including manufacturing, energy and government, had been hit by RagnarLocker ransomware.
Ragnar Locker ransomware site taken down by FBI, Europol (Record) The leak site of the prolific ransomware gang Ragnar Locker was replaced with a takedown notice from the FBI, Europol and several law enforcement agencies in Europe on Thursday.
One of the most destructive ransomware gangs is being taken down by law enforcement (Axios) International law enforcement authorities are actively working to take down a ransomware gang known for targeting critical infrastructure.
SEC Retreats From High-Stakes Lawsuit Over XRP Cryptocurrency (Wall Street Journal) Agency agrees to dismiss allegations against Ripple Labs executives after earlier losing part of its case against the company
New York attorney general hits Gemini, Genesis, and Digital Currency Group with lawsuit for defrauding investors of more than $1 billion (Fortune Crypto) Letitia James’s action adds to the legal headaches for the reeling crypto heavyweights.
Crypto Groups Gemini, Genesis, and DCG Sued for $1.1 Billion ‘Fraud’ (WIRED) New York’s attorney general has filed a lawsuit against crypto companies, including the Winkelvoss twins’ Gemini, alleging they misled investors.
Microsoft May Face FTC Investigation Over Chinese Email Hack (Exclusive) (The Messenger) A letter from the FTC’s chair to a Democratic senator hints at coming legal action.
Moldovan accused of running cybercrime marketplace to face charges in US (Record) A Moldovan national has been extradited from the United Kingdom to face charges related to allegedly running an online marketplace selling access to compromised computers.
Man sentenced to prison for tweeting to suppress votes for Trump (CNBC) A Trump-supporting social media influencer was sentenced to seven months in prison for conspiring to suppress votes in the 2016 presidential election.
French officials suspect pranksters in a rash of fake bomb threats and warn of heavy punishments (AP News) The Palace of Versailles was forced to evacuate visitors for the fourth time in less than a week for a security check after a bomb alert.