Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+616: Understanding the positional nature of the war. (CyberWire) Learning lessons on the battlefield (and failing to learn them).
Israel-Gaza war sparks debate over TikTok’s role in setting public opinion (Washington Post) TikTok’s critics say the popularity of pro-Palestinian content proves the video app is a propaganda machine. The reality is more complicated.
MuddyWater eN-Able spear-phishing with new TTPs | Deep Instinct Blog (Deep Instinct) On the 30th of October, Deep Instinct identified two archives hosted on “Storyblok” containing a new multi-stage infection vector. It contains hidden files, an LNK file that initiates the infection, and an executable file designed to unhide a decoy document while executing Advanced Monitoring Agent, a remote administration tool.
After Years of Vowing to Destroy Israel, Iran Faces a Dilemma (New York Times) With Israel bent on crushing Iran’s ally Hamas, Tehran must decide whether it and the proxy militias it arms and trains will live up to its fiery rhetoric.
For Europe’s Jews, a World of Fear (New York Times) The Oct. 7 Hamas assault on Israel and a surge in acts of antisemitism have awakened a repressed horror in Jewish populations across the continent.
Russia-Ukraine war live: Moscow says Kyiv risking nuclear disaster after Ukrainian drones shot down near Zaporizhzhia (the Guardian) Nine drones shot down near nuclear power station that is now held by Russia after coming under attack from invading force
Russia-Ukraine war live: North Korea has sent a million artillery shells to Russia, says South Korea (the Guardian) Seoul says more than 10 shipments of ammunition sent from North Korea to Russia for use in Ukraine war
'We Need Something New': Ukraine Battlefield 'Complex,' As General Warns Of Stalemate (RadioFreeEurope/RadioLiberty) The operational situation in the east and south of Ukraine “remains complex,” the Ukrainian military said on November 1, as the commander of Ukrainian forces said the war is moving into a new phase that puts the opposing forces into a stalemate.
Putin’s Cannon Fodder (Foreign Affairs) A Conversation With Dara Massicot
Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla) (Unit 42) We examine a variant of the .NET backdoor Kazuar used by Pensive Ursa. This includes previously undocumented features from system profiling to injection modes.
Cyber Resistance hackers hacked a lieutenant colonel who maintains enemy aircraft – Центр національного спротиву (Центр національного спротиву) Lieutenant Colonel Ruslan Kazantsev, who maintains the A-50U long-range radar detection aircraft, decided to help the Defense Forces…
War crimes prosecutor says trials this time might be different (Record) Will there be justice for the atrocities in Bucha, Ukraine? Stephen Rapp, a former U.S. ambassador-at-large for war crimes, talks with the Click Here podcast team about the future of that case and others.
Putin is expected to seek reelection in Russia, but who would run if he doesn't? (AP News) Vladimir Putin is expected to seek another term in the Kremlin when Russia holds presidential elections next March.
Attacks, Threats, and Vulnerabilities
From Albania to the Middle East: The Scarred Manticore is Listening (Check Point Research) Key Findings Introduction Check Point Research, in collaboration with Sygnia’s Incident Response Team, has been tracking and responding to the activities of Scarred Manticore, an Iranian nation-state threat actor that primarily targets government and telecommunication sectors in the Middle East. Scarred Manticore, linked to the prolific Iranian actor OilRig (a.k.a APT34, EUROPIUM, Hazel Sandstorm), has persistently pursued […]
How a tiny Pacific Island became the global capital of cybercrime (MIT Technology Review) Despite having a population of just 1,400, until recently, Tokelau’s .tk domain had more users than any other country. Here’s why.
New DarkGate Variant Uses a New Loading Approach (Netskope) Summary In the past month, the Netskope Threat Labs team observed a considerable increase of SharePoint usage to deliver malware caused by an attack
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (The Hacker News) Cybersecurity experts uncover a critical flaw in Apache ActiveMQ. Hackers exploit it for ransomware attacks.
Elastic catches DPRK passing out KANDYKORN (Elastic Security Labs) Elastic Security Labs exposes an attempt by the DPRK to infect blockchain engineers with novel macOS malware.
North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware (The Hacker News) State-sponsored North Korean hackers are using a sneaky macOS malware called KANDYKORN to target crypto engineers via Discord.
Lazarus used ‘Kandykorn’ malware in attempt to compromise exchange — Elastic (Cointelegraph) The new Kandykorn malware allows its user to transfer any file from a victim’s computer to the attacker’s, including the victim’s private key.
Centre's Cyber Watchdog CERT-In To Probe iPhone "Hacking" Attempt Charges (NDTV.com) Central online safety agency CERT-In (Indian Computer Emergency Response Team) will probe the opposition's claim of iPhone "hacking" attempts, IT Ministry sources have said.
An info-stealer campaign is now targeting Facebook users with revealing photos (Record) The NodeStealer malware, spotted earlier this year, is now being inserted into Facebook advertising aimed at average users — often men in their 40s or older — instead of business accounts, according to Bitdefender.
Noname Security Announces New Research Indicating a Surge in API Security Incidents Affecting the Government and Public Sector (Noname Security) Noname releases a viewpoint on the Government and Public Sector' as a follow-up report to the annual API security report, “The API Security Disconnect 2023.”
Mass Exploitation of 'Citrix Bleed' Vulnerability Underway (SecurityWeek) Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway.
Hackers Abuse Google Search Ads To Deploy Bonanza Malware (GBHackers) Cybercriminals are resorting to unscrupulous tactics to deploy Bonanza malware by exploiting Google Search Ads.
Massive ransomware attack hinders services in 70 German municipalities (Record) Hackers encrypted the servers of the municipal service provider Südwestfalen IT, leading the company to restrict access to its infrastructure for over 70 municipalities in western Germany.
Boeing says 'cyber incident' hit parts business after ransom threat (Reuters) Boeing , one of the world's largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.
Boeing Confirms Cyberattack, System Compromise (Dark Reading) The aerospace giant said it's alerting customers that its parts and distribution systems have been impacted by cyberattack.
Boeing admits cyberattack on parts and distribution biz (Register) Won't say if it's LockBit, but LockBit appears to have claimed credit. Maybe payment, too
Chatbots are so gullible, they’ll take directions from hackers (Washington Post) ‘Prompt injection’ attacks haven’t caused giant problems yet. But it’s a matter of time, researchers say.
Mozi Botnet Likely Killed by Its Creators (SecurityWeek) The recent shutdown of the Mozi botnet is believed to have been carried out by its creators, possibly forced by Chinese authorities.
Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India (Security Affairs) Data leaks containing Aadhaar IDs in India were caused by the insecurity of 3rd parties while aggregating such information for KYC.
California community college Río Hondo dealing with cybersecurity incident (Record) The LockBit ransomware gang added the school to its list of victims, giving officials until November 20 to pay an undisclosed ransom.
Probe of school surveillance software finds privacy abuses, inaccurate results (Record) The Electronic Frontier Foundation, a civil liberties group, took a hard look at the GoGuardian student surveillance software used by many U.S. schools.
Clorox bets on strong inventory to help overcome cyber attack hit (Reuters) Clorox said on Wednesday it expects to rebuild customer inventory levels by the end of the current quarter, as it recovers from an August cyberattack that threw its order fulfillment facilities out of gear for more than a month.
Dallas County Officials Say They Thwarted Recent Cyber Attack (GovTech) On Monday, the county issued a response to a cyber hacking group’s post on the dark web that said it had stolen county data. Officials have since reported that IT staff interrupted the attempt to steal data.
Security Patches, Mitigations, and Software Updates
Chrome 119 Patches 15 Vulnerabilities (SecurityWeek) Chrome 119 is rolling out to Linux, macOS, and Windows devices with patches for over a dozen vulnerabilities.
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities (Cybersecurity and Infrastructure Security Agency | CISA) Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI).
Trends
Money-motivated cyber attacks outnumber those carried out by nation-states - watchdog (RNZ) Major financially motivated cyber attacks in New Zealand have exceeded those launched by nation-states for the first time.
Cyber-threat Report: Biannual Vulnerability Roundup (ReliaQuest) In the second and third quarters of 2023 (Q2 and Q3 2023), cyber-threat actors exploited 133 new Common Vulnerabilities and Exposures (CVEs, or vulnerabilities) in the wild, 55% of them within two weeks of being publicly disclosed.
The New Era of Social Media Looks as Bad for Privacy as the Last One (WIRED) The slow-motion implosion of Elon Musk’s X has given rise to a slew of competitors, where privacy invasions that ran rampant over the past decade still largely persist.
More Than 4 In 5 Workers Exhibit Poor Security Behaviours: KnowBe4 TAPPED Out Study (KnowBe4) More Than 4 In 5 Workers Exhibit Poor Security Behaviours: KnowBe4 TAPPED Out Study
A Global Look at Password Health Scores in 2023 (Dashlane) Take a look at global password health in 2023 for insight into the password security landscape.
BlackFog State of Ransomware Report (BlackFog) We recorded sixty-four publicly disclosed ransomware attacks in this month, the busiest October
As Companies Eye Generative AI to Improve Productivity and Growth, Two-thirds Admit to GenAI-related Security or Misuse Incident in the Last Year (PR Newswire) Portal26, the award-winning Generative AI (GenAI) visibility and data security tech leader formerly known as Titaniam, today announced the...
Marketplace
MACH37 Cyber Accelerator Reveals Startups for 10th Anniversary Cohort (PR Newswire) MACH37, the premier accelerator for information security entrepreneurs and cyber startups, has announced the launch of its 16th cohort. Since...
Redhorse Expands Cyber Capabilities With A2I Acquisition; John Zangardi Quoted (GovCon Wire) Looking for the latest GovCon News? Check out our story: Redhorse Expands Cyber Capabilities With A2I Acquisition. Click to read more!
Investors Funnel Capital into Xage as Demand for Zero Trust Cybersecurity Mesh Skyrockets (GlobeNewswire News Room) $20M in Additional Funding To Accelerate Go-To-Market and Product Investments...
SpiderSilk raises $9 million led by Wa’ed Ventures (Wamda) UAE-based cybersecurity startup SpiderSilk has raised a $9 million funding round led by Wa’ed Ventures, with participation from STV and Global Ventures.
Splunk Lays Off Another 7% of Workers Amid Purchase by Cisco (Data Breach Today) Splunk has executed its second round of layoffs since February, axing 7% of its workforce weeks after Cisco announced plans for a $28 billion acquisition. Splunk
With its exit from Russia complete, Group-IB plans its US expansion (TechCrunch) The threat intelligence company tells TechCrunch that it's also in talks with investors for the first time since 2016.
NSO Group hires high-powered lobbyists to help navigate US market (Record) The Israel-based maker of Pegasus spyware reported hiring two lobbyists from the Washington-based law firm Steptoe & Johnson.
Data Theorem Named an Industry Leader in API Security and Management by Industry Analyst Firm KuppingerCole (Data Theorem) API Secure Product Earns Highest Possible Scores for Security, Functionality, Deployment, Usability, Innovativeness, and Ecosystem
Cybersecurity Innovator Blumira Bolsters Executive Team for Next Growth Phase (Blumira) Cybersecurity innovator Blumira expands executive team with new CMO and SVP of Sales to drive growth, appointing SaaS veterans Pam Cory as CMO and Andrew Donato as SVP of Sales.
Ballistic Ventures appoints federal cyber officials Chris Inglis and Kiersten Todt as advisors (Ballistic Ventures) Former National Cyber Director Chris Inglis and Cybersecurity and Infrastructure Security Agency (CISA) Chief of Staff Kiersten Todt joined Ballistic Ventures as federal advisors.
BCR Cyber Names Michael Spector as President (PR Newswire) BCR Cyber, a leading provider of comprehensive cybersecurity training and job placement services, today announced that Michael Spector has been...
Hub Security Announces New CFO, a Key Appointment in Its Leadership Team (GlobeNewswire News Room) HUB Cyber Security Ltd (Nasdaq: HUBC), a developer of Confidential Computing cybersecurity...
vArmour Strengthens Executive Team on the Way to Series B Fundraising to Deliver Ground Truth to Enterprise IT Leaders (Newswire) New CFO, Liz Brittain, CPO, Dave Berg, and CMO, Jennifer Carole, Bring Decades of Business Experience
Products, Services, and Solutions
Infosec products of the month: October 2023 (Help Net Security) The featured infosec products this month are from: Appdome, Arcitecta, AuditBoard, BackBox, Cloaked, ComplyCube, Darktrace, and more.
Elon Musk’s Unrecognizable App (The Atlantic) X has become a tool for its owner to do whatever he wants.
Redis Cloud Gains Payment Card Industry Data Security Standard Certification (Business Wire) Redis Cloud Flexible and Annual plans across all Amazon Web Services and Google Cloud regions achieve certification
Action1 Automates Enterprise Vulnerability Remediation (Action1) Enterprises can leverage existing IT infrastructure to rapidly enable automated vulnerability remediation to reduce MTTR and achieve quick time to value.
Absolute Software New Application Health Monitoring Extends Cyber Resilience to Leading Endpoint Security and Productivity Applications (Business Wire) Customers Can Monitor More than 2,000 Top Endpoint Applications, Ensuring Always-On Security and Optimized Productivity
Backslash Security Launches Application Security Posture Management (ASPM) Platform to Fuse In-Depth Reachability Analysis with Cloud-Native Context (GlobeNewswire News Room) By bringing Package Reachability, SCA, SAST, SBOM and other core AppSec capabilities together in a single, visualized ASPM platform, Backslash cuts 99% of...
Abnormal Security Announces Enhanced Capabilities to Detect QR Code… (Abnormal) Information extracted from QR codes enhances Abnormal’s AI detection engine, providing increased protection against evolving email attacks
SSH's Secure Messaging 2024: Interact via Messages, Files, Videos and Calls Securely (SSH) SSH Communications Security announces Secure Messaging 2024, a real-time, modern, secure instant messaging solution for businesses.
Appdome Partners with JetBrains TeamCity to Automate Delivery of Secure Mobile Apps (PR Newswire) Appdome, the mobile app economy's one-stop shop for mobile app defense, today announced it has integrated its Cyber Defense Automation Platform...
CISO Global Licenses Cutting Edge Proprietary AI and Neural Net Intellectual Property to New Partner (CISO Global) CISO Global (NASDAQCM: CISO), an industry leader as a managed cybersecurity and compliance provider, has announced the signing of a licensing agreement to provide its entire suite of next generation intellectual property to CRG Research, LLC. “Licensing our full intellectual property portfolio to providers who then create wholly separate […]
Red Sift Launches Suite of Interoperable Applications to Enable Organizations to Achieve Cyber Resilience (Business Wire) Cyber Resilience Applications Built on API-driven Red Sift Pulse Platform Help Organizations Prevent Intrusions that Disrupt Businesses
TrustCloud Becomes HITRUST Readiness Licensee, to Make HITRUST Accessible and Affordable for Healthcare Technology Companies (TrustCloud) TrustCloud™ announced today that they are an authorized HITRUST readiness licensee. TrustCloud can help companies prepare for a HITRUST e1, i1 or r2 assessment, in addition to many other frameworks including HIPAA, SOC 2, ISO 27001 and more.
OneSpan Unveils Quantum-Safe Blockchain Storage (OneSpan) OneSpan™, the digital agreements security company, today announced a unique new capability to its market-leading e-signature solution, OneSpan Sign, to give organizations a better way to safeguard the provenance of a document against emerging security threats.
Bieases, an International Fintech Provider, Selects authID to Secure Digital Wallet (GlobeNewswire News Room) Adding best-in-class identity fraud and account takeover prevention with a secure, frictionless customer onboarding and authentication experience Denver,...
Xage Security and SAIC to Accelerate Zero Trust Adoption in Critical Infrastructure (GlobeNewswire News Room) SAIC and Xage address urgent need to provide distributed edge security for federal agencies...
Qualys Announces TruRisk, FixIT and ProtectIT Packages in AWS Marketplace (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security, and compliance solutions, today announced...
Technologies, Techniques, and Standards
CISA Launches Critical Infrastructure Security and Resilience Month 2023 (Cybersecurity and Infrastructure Security Agency) This November CISA is asking everyone to “Resolve to be Resilient”
Next-Generation Cybersecurity Defenses Coalesce for Space Systems (Satellite Today) Experts are optimistic about the future of cybersecurity as it relates to space, despite growing concern over the modern threat environment.
State Of Generative AI Survey [2023] | Portal26 (Portal26) Welcome to Portal26’s State of Generative AI Survey. The survey—conducted in partnership with CensusWide—polled 400+ C-suite and IT professionals, Its results depict an environment in which companies are optimistic about the potential of Generative AI, yet struggle to gain visibility into the operations of their AI programs, creating significant risks around governance, data security and … State Of Generative AI Survey [2023] | Portal26 Read More »
Design and Innovation
Adapt or Die: Generative AI & The Revolution of American Cyber Defense (Wraithwatch) First-Movers Since the Wraithwatch founding team first met at SpaceX, we have lamented that cyber defense teams are caught in a desperate, infinite loop of being reactive second movers. We lack proactive understanding about the nature of novel and emerging attacks unless we read about them from third party sources or we are their victim (through breach or red team). The defenses we engineer, the security products we buy, and the threat models we develop are all based on the past...
6 Steps To Prepare For Post-Quantum Cryptography (Security Boulevard) Preparing for post-quantum cryptography is essential to ensure the security of digital communications and data ahead of when quantum computers can potentially break current today’s cryptographic algorithms. Here are six steps to help you to start preparing for post-quantum cryptography: Assessment and Awareness: Start by assessing your organization’s current cryptographic infrastructure and understanding the potential
Research and Development
Keeping secrets in a quantum world (Nature) Cryptographers are preparing for new quantum computers that will break their ciphers.
This is how AI image generators see the world (Washington Post) AI image generators like Stable Diffusion and DALL-E amplify bias in gender and race, despite efforts to detoxify the data fueling these results.
Academia
Two UC Berkeley Research Centers Collaborate to Expand Cybersecurity Internships to Meet Growing Cyber-Workforce Demand - CLTC UC Berkeley Center for Long-Term Cybersecurity (CLTC) The Center for Information Technology Research in the Interest of Society and the Banatao Institute (CITRIS) at the University of California has partnered with the UC Berkeley Center…
Legislation, Policy, and Regulation
The Bletchley Declaration by Countries Attending the AI Safety Summit, 1-2 November 2023 (GOV.UK) Artificial Intelligence (AI) presents enormous global opportunities: it has the potential to transform and enhance human wellbeing, peace and prosperity.
US Vice President Harris calls for action on "full spectrum" of AI risks (Reuters) U.S. Vice President Kamala Harris on Wednesday called for urgent action to protect the public and democracy from the dangers posed by artificial intelligence, announcing a series of initiatives to address safety concerns about the technology.
FACT SHEET: Biden-Harris Administration Convenes Third Global Gathering to Counter Ransomware (The White House) The Biden-Harris Administration remains committed to taking bold actions to combat ransomware. Ransomware is a global scourge requiring international cooperation to disrupt. This week, the White House convened International Counter Ransomware Initiative (CRI) for its third meeting in Washington, D.C., bringing together 50 members, including 48 countries and representatives from the European Union and INTERPOL,…
Politicians commit to collaborate to tackle AI safety, US launches safety institute (TechCrunch) The world is locked in a race, and competition, over dominance in AI, but today, a few of them appeared to come together to say that they would prefer to
AI Safety Summit: What to expect as global leaders eye AI regulation (CIO) The UK government has grand ambitions for the event this week, but its place among other similar summits and the absence of key heads of state may undo the main focus of addressing urgent AI risks.
Biden Administration Issues Sweeping AI Executive Order (cyber/data/privacy insights) On October 30, 2023, the Biden administration issued a long-awaited executive order (EO) on artificial intelligence (AI). The EO expands on previous AI initiatives, such as the Blueprint for an AI Bill of Rights, and lays out the most comprehensive set of directions to date for federal agencies and
Why Congress Keeps Failing to Protect Kids Online (The Atlantic) Americans are broadly united in support of laws to make the internet safer for kids. So why doesn’t Congress act?
FBI: Ending 702 spying powers may cause more cyber attacks (Register) Of course, he would say that, wouldn't he?
Should the US reform a key foreign intelligence program? ABA members join the debate (ABA Journal) In his five years as general counsel of the National Security Agency, Glenn Gerstell became deeply familiar with Section 702, a provision of the Foreign Intelligence Surveillance Act that allows the government to obtain electronic communications from foreigners outside of the United States.
Intelligence Official Underscores Importance of Partnerships (U.S. Department of Defense) The United States' ability to rely on a growing network of allies and partners is key to maintaining its advantage in the Indo-Pacific and beyond, a senior defense intelligence official said.
WSJ News Exclusive | New York Adds Stiffer Requirements to Cybersecurity Rules (Wall Street Journal) Financial companies must now report ransom payments and strengthen board oversight.
It may be time for new office to oversee cyber rules, some industry groups say (Washington Post) It might be time for an office to oversee cyber rules, some industry groups suggest
Litigation, Investigation, and Law Enforcement
Federal prosecutor raises alarm about Chinese election interference (POLITICO) In a closed-door congressional interview, the U.S. attorney for central California identified a growing threat from abroad.
High court struggles on whether officials may block social media critics (Washington Post) The Supreme Court will decide several cases this term that impact the future of free speech on social media platforms
Sam I Am (Puck) The financial trial of the century is wrapping up the only way it ever could: with Sam Bankman-Fried betting big on himself.
Republic seeks almost $690K in legal fees, agrees to settle Cyber Ninjas records case (Arizona Republic) The Arizona Republic is seeking nearly $690,000 in legal fees from the state Senate and Cyber Ninjas after a two-year public records fight over documents from the so-called "audit" of the Maricopa County 2020 election.