Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+223: Russia's 2022 grid attacks as foreshadowing. (CyberWire) Ukraine maintains its counteroffensive pressure. Russian milbloggers channel Tolstoi. And Sandworm's attacks on Ukrainian infrastructure in October 2022 suggest what may be in store for this winter.
Microsoft shares threat intelligence at CYBERWARCON 2023 (Microsoft Security) At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity.
Iran and Hamas showed no signs of cyber coordination in run-up to war, researchers say (Washington Post) There’s no sign that Iranian hackers attacking Israeli targets have coordinated with Hamas in that war, new Microsoft research out today concludes. Instead, the Iranian attacks have been opportunistic in their approach, the researchers say.
IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations (CrowdStrike) CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and technology sectors that occurred in October 2023.
MuddyC2Go – Latest C2 Framework Used by Iranian APT MuddyWater Spotted in Israel (Deep Instinct) The contents of this blog post were originally scheduled to be presented during an upcoming cybersecurity conference. However, interest in this topic has heightened due to the war in Israel and a suspected ongoing attack against Israeli targets. As such, we have decided to publish the relevant findings from the presentation now.
Israel-Hamas war live: talks under way on three-day ceasefire for hostage release; WHO says disease spreading in Gaza (the Guardian) Reported terms would enable more aid to enter territory in exchange for release of dozen hostages held by Hamas
The United States Applauds Germany’s Ban on Hamas Activities (United States Department of State) The United States welcomes Germany’s decision to ban activities supporting Hamas, which builds on the EU’s designation to fully restrict and criminalize support of the terrorist group. As the world witnessed on October 7, Hamas is a dangerous terrorist organization, which engages in barbaric actions and has compounded and perpetuated the suffering of the Palestinian people […]
US says it won’t tell space-imagery companies to stop showing Gaza photos (Defense One) But the satellite firms may be slowing the release of imagery anyway.
Putin calls for closer Russia-China cooperation on military satellites (C4ISRNet) “I mean space, including high-orbit assets, and new prospective types of weapons that will ensure strategic security" of both Russia and China, he said.
Ukraine criticizes calls for talks with Russia as ‘uninformed or misled’ (Al Arabiya News) Ukraine on Thursday criticized calls for Kyiv to hold negotiations with Russia, following reports its allies were pushing for talks in the wake of a underwhelming Ukrainian counter-offensive.
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (Mandiant) This ICS/OT attack represents the latest evolution in Russia's cyber physical attack capability.
Russian spies behind cyber attack on Ukraine power grid in 2022 - researchers (Reuters) Russian cyber spies were behind a hack which disrupted part of Ukraine's power grid in late 2022 in a rare and advanced form of cyberwarfare, U.S. cybersecurity firm Mandiant, part of Google, said in a report on Thursday.
Hackers Linked To Russian Intelligence Blamed For 2022 Ukraine Grid Disruption (RadioFreeEurope/RadioLiberty) Hackers affiliated with Russia’s military intelligence agency penetrated, and disrupted, parts of Ukraine’s electricity grid late last year using sophisticated new hacking tools, a new report said.
Ukraine updates: Russia hacked Kyiv's power grid — report – DW – 11/09/2023 (Deutsche Welle) A US firm says Russia was able to hack into Ukraine's electricity network in 2022, causing a power outage. Meanwhile, the US and South Korea voice concern about North Korea's links to Russia. Follow DW for the latest.
Russian Hackers Used OT Attack to Disrupt Power in Ukraine Amid Mass Missile Strikes (SecurityWeek) Russian hackers disrupted power in Ukraine using a novel OT cyberattack coincided with missile strikes on critical infrastructure.
Energy security at forefront of NATO-Ukraine Council meeting (NATO) The NATO-Ukraine Council (NUC) met on Wednesday (8 November 2023) at NATO Headquarters to discuss energy security. The meeting was chaired by Deputy Secretary General Mircea Geoană, with the participation of Ukrainian Deputy Minister of Energy Farid Safarov, Deputy Chairman of the State Service of Special Communications and Information Protection of Ukraine Oleksandr Potii, and Deputy Chief of Staff of Ukrainian Air Force Hennadii Sheludko.
BLACK SEA GRAIN DEAL : A GEOPOLITICAL ETLM PERSPECTIVE (CYFIRMA) EXECUTIVE SUMMMARY Ukraine has famously some of the best farmland in the world, and before the invasion, Russia and Ukraine...
The new ‘Geneva code’ for hackers on the cyber battlefield (The Strategist) There’s been plenty of debate about why Russia’s invasion of Ukraine never devolved into the full-blown cyber Armageddon many expected at the start of the war, and what that suggests about the role of cyber ...
Russian ‘influence-for-hire’ firms spread propaganda in Latin America: US State Department (Record) The U.S. government has uncovered an ongoing Russia-funded disinformation campaign across Latin America aimed at undermining support for Ukraine and discrediting the U.S. and NATO.
Stars of David tags in Paris linked to pro-Russia interference: reports (POLITICO) Paris graffiti aimed to sow unrest in French society — a classic Russian move.
Attacks, Threats, and Vulnerabilities
QR Code Phishing: 4 Ways Scanners are Being Scammed (ReliaQuest) QR code phishing is a growing threat that attackers use to deceive targets into clicking on malicious links that elicit their personal information.
Spammers abuse Google Forms’ quiz to deliver scams (Cisco Talos Blog) Cisco Talos has recently observed an increase in spam messages abusing a feature of quizzes created within Google Forms.
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan (Computing) ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region
Hive Ransomware's Offspring: Hunters International Takes the Stage (Bitdefender Blog) In January 2023, the FBI collaborated with law enforcement agencies in Germany and the Netherlands to successfully dismantle one of the most notorious ransomware groups known as Hive.
MOVEit hackers Cl0p exploit SysAid zero-day – Microsoft (Cybernews) The notorious Cl0p ransomware gang has been caught exploiting a new zero-day vulnerability in the SysAid IT support software.
Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms (SentinelOne) An emerging infostealer being sold on Telegram looks to harness generative AI to streamline cyber attacks on cloud services.
Hacker Leaks 35 Million Scraped LinkedIn User Records (Hackread) The hacker responsible for this leak is the same individual who previously leaked databases from InfraGard and Twitter.
Python obfuscation traps (Checkmarx.com) In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example involves developers being targeted by seemingly legitimate Python obfuscation packages that harbor malicious code.
Highly invasive backdoor snuck into open source packages targets developers (Ars Technica) Packages downloaded thousands of times targeted people working on sensitive projects.
Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools (FBI) As of July 2023, the FBI noted several trends emerging or continuing across the ransomware environment and is releasing this notification for industry awareness. New trends included ransomware actors exploiting vulnerabilities in vendor-controlled remote access to casino servers, and companies victimized through legitimate system management tools to elevate network permissions.
Phishing Attack Driven by Bittrex Bankruptcy (Abnormal) Attackers capitalize on the Bittrex bankruptcy by targeting customers with a convincing credential phishing attack.
Confluence flaw severity raised amid mass exploitation (Register) Attackers secure admin rights after vendor said they could only steal data
Sumo Logic Urges Users to Change Credentials Due to Security Breach (SecurityWeek) Cloud monitoring and SIEM firm Sumo Logic is urging users to rotate credentials following the discovery of a security breach.
How a tiny Pacific Island became the global capital of cybercrime (MIT Technology Review) Despite having a population of just 1,400, until recently, Tokelau’s .tk domain had more users than any other country. Here’s why.
Black Friday warning as ‘grinch bots’ target retailers (Cybernews) Advanced bots, which mimic human shoppers to snap up bargains for resale at higher prices, make up more than half of automated retail traffic for the first time ever, a cybersecurity analyst says.
Cyber attack hits council computer systems at Comhairle nan Eilean Siar (BBC News) The Scottish government and Dell are helping Western Isle Council with a suspected ransomware attack.
Council for Scottish islands faces IT outage after ‘incident’ (Record) The Comhairle nan Eilean Siar — which governs the more than 470,000 people living on the chain of islands — said access to its IT system “has been affected by an incident which has caused significant disruption.”
Kansas' electronic courts system still down weeks after cyber incident | StateScoop (StateScoop) The continued shutdown follows similar cybersecurity incidents in recent years affecting other state courts systems.
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency | CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-29552 Service Location Protocol (SLP) Denial-of-Service Vulnerability
Security Patches, Mitigations, and Software Updates
GitHub Enhances Security Capabilities With AI (SecurityWeek) GitHub adds AI-powered security features to help developers identify and address code vulnerabilities faster.
Trends
Cyber attackers and defenders are racing to up their AI game (CSO Online) As AI technology advances, cyber defenders are spending more on the technology to defend against malicious actors who currently hold an asymmetric advantage in deploying new AI-generated threats.
Generative AI could erode customer trust, half of business leaders say (CSO Online) Businesses leaders admit their company needs to improve security and compliance measures as demands of customers, investors, and suppliers increase.
Survey Finds Data Governance and Security are Top Priorities for 2024, Ahead of AI (PR Newswire) Immuta, a data security leader, today announced the findings of its fourth annual State of Data Security Report, which highlights the current...
The 2024 State of Data Security Report (Immuta) The 2024 State of Data Security Report surveyed 700+ data leaders for their views on AI, data security, visibility, and more. Get your copy.
Marketplace
Winners announced at UK IT Industry Awards 2023 (Computing) The UK IT Industry Awards 2023, held last night in Battersea, London, celebrated the top achievements in the tech world over the last 12 months.
Protecto Joins Cadre of Startups in AI Data Protection Space (SecurityWeek) Silicon Valley startup is pitching APIs to help organizations protect data and ensure compliance throughout the AI deployment lifecycle.
Tidal Cyber Announces $5 million in Seed Funding led by Squadra Ventures to bring threat-informed defense to security operators (PR Newswire) Tidal Cyber, the threat-informed defense company, announced today the company raised $5 million, led by Squadra Ventures with participation...
Protecting society from an unprecedented cyberattack will require more than insurance, says Geneva Association report | The Geneva Association (The Geneva Association) Growing geopolitical tensions and the use of digital technologies are amplifying cyber risks, with cyberattacks increasing by 38% in 2022 compared to 2021, globally.[1] Although the dedicated cyber insurance market has grown rapidly over recent years, a huge protection gap persists, especially if an unprecedented, extreme cyber incident – striking multiple, large segments of the global economy – were to occur.
Cyber Risk Accumulation: Fully tackling the insurability challenge | The Geneva Association (The Geneva Association) Cyber incidents have the potential to strike different, large segments of the global economy at the same time and lead to severe financial and even physical damage. Growing geopolitical tensions and reliance on digital technologies are amplifying cyber risks considerably, and the threat of an unprecedented, extreme cyber incident looms large.
Juniper is laying off more than 100 at its Sunnyvale headquarters (Silicon Valley Business Journal) The network equipment company's Silicon Valley cuts follow its announcement that it planned to lay off 440 people worldwide.
Visa launches cybersecurity training program (Cybersecurity Dive) The card giant rolled out a cybersecurity apprenticeship program last year amid a talent deficit highlighted by the Biden administration.
Zscaler to fortify cloud security with two new AI positions (CRN) Former Salesforce and Advantest AI veterans join to strengthen the vendor’s AI investment
Products, Services, and Solutions
Stack Identity Launches Identity Risk Management Platform on AWS Marketplace to Eliminate Unauthorized Access (Business Wire) Provides customers with direct access to procure the industry's leading identity security solution that automates manual and siloed processes to continuously detect, eliminate and govern the 10 types of Shadow Access
Palo Alto Networks Launches Strata Cloud Manager, Industry's First AI-Powered Zero Trust Management and Operations Solution (Palo Alto Networks) Additional innovations include advanced security capabilities and new Next-Generation Firewalls SANTA CLARA, Calif., Nov. 8, 2023 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW) today introduced...
Onapsis Unveils New Enhancements to Its AI-Driven Security Advisor and Broader Platform, Advancing Greater SAP Visibility and Attack Surface Management (Onapsis) New features offer an enhanced approach for addressing the expanding SAP threat landscape, backed by proprietary data from hundreds of SAP customers and 14 years of security best practices and threat research.
Cybersecurity at a Crossroads: New Implications on Business Risk (Qualys Security Blog) During our 2023 Qualys Security Conference (QSC) taking place in Orlando, Florida, November 6-9, 2023, I unveiled an exciting new milestone for the company – the release of our new Qualys Enterprise…
SentinelOne® Sets New Standard for Cybersecurity with Singularity™ Platform Unity Release (SentinelOne) Next generation of market-leading platform unleashes power of data and AI to drive faster, smarter security decisions
Introducing AI-powered application security testing with GitHub Advanced Security (The GitHub Blog) Learn about how GitHub Advanced Security’s new AI-powered features can help you secure your code more efficiently than ever.
NetRise Releases Industry’s First AI-Powered Semantic Search for Software Supply Chain Security (Netrise) New solution finds compromised, vulnerable assets across firmware & cyber-physical systems using AI.
Introducing Trace: AI Powered Semantic Search for the NetRise Platform (Netrise) NetRise Trace is a first of its kind, AI-powered semantic search solution enabling users to query the entire system based on intent.
CompTIA Security+ certification exam update released (Yahoo Finance) Globally recognized certification validates baseline skills needed to perform core security functionsDowners Grove, IL, Nov. 08, 2023 (GLOBE NEWSWIRE) -- CompTIA, the nonprofit association for the information technology (IT) industry and its workforce, today launched the latest version of CompTIA Security+, a global certification that validates the baseline skills necessary to perform core security functions and pursue a career in IT security.“Cybersecurity jobs are continuing to grow across the
Bitdefender Selected as an Official Partner of the San Antonio Spurs (Bitdefender) Famed NBA Franchise Leverages Bitdefender Managed Detection and Response and Advanced Endpoint Security Technology to Secure its Operations and Stop Cyberthreats Faster
SentinelOne® Enhances Cloud Security with Snyk (SentinelOne) Singularity™ Cloud Workload Security paired with the Snyk Developer Security Platform, helping customers secure cloud-native applications.
Netskope Delivers the Next Gen SASE Branch, Powered by Borderless SD-WAN (Netskope) Expanded solution empowers organizations to eliminate complicated, inefficient legacy branch infrastructure, optimize performance, and unlock massive cost
Akamai and Deloitte Announce Strategic Alliance to Deliver Zero Trust Segmentation and Managed Incident Response (Akamai) The alliance will deliver a unified product and services approach to mitigate ransomware attacks in an enterprise-ready solution
Aqua Security Delivered $5.45M in Benefits for a 207% ROI, According to Independent Study (Aqua) BOSTON—Nov. 9, 2023—Aqua Security, the pioneer in cloud native security, today published the results of a commissioned study conducted by Forrester Consulting titled The Total Economic Impact™ (TEI) Of Aqua Platform, which illustrates the cost savings and business benefits delivered by the Aqua Platform. The study revealed $5.45 million in benefits over three years with […]
QuSecure Earns Select Admission into Amazon Web Services Partner Network’s Highly Respected AWS Global Startup Program (Business Wire) As AWS Global Startup Program’s Only PQC Member, QuSecure Expands Reach and Capabilities with AWS to Bring Singular Orchestrated Cryptographic Agile Cybersecurity Solution to Public and Private Sectors
Tanium and VetsinTech Partner to Train and Develop Military Veterans to Close Tech Talent Gap (Tanium) Tanium and VetsinTech will work to develop, certify, and connect U.S. military veterans with open IT and security positions while simultaneously filling a widening talent gap.
ConnectWise Unveils Robotic Process Automation and New Asio™ Workflow Orchestration (GlobeNewswire News Room) ConnectWise, the world’s leading software company dedicated to the success of IT solution providers...
ConnectWise Announces ConnectWise Sidekick™, the World’s First Purpose-Built AI Companion for Technology Providers (GlobeNewswire News Room) Designed for faster problem resolution, automation of complex tasks, and increased efficiency...
ConnectWise RMM Evolves to Unified Monitoring and Management Solution, Unveiling Cloud and Backup Monitoring Capabilities Alongside New Real-time Interactive Dashboard (GlobeNewswire News Room) ConnectWise, the world’s leading software company dedicated to the success of technology solution...
ConnectWise Delivers Revolutionized Experiences Across Business Management Solutions (GlobeNewswire News Room) ConnectWise, a leading provider of software solutions and services for technology solution providers...
ConnectWise Announces New SaaS Security Workflow Engine and Enhanced SIEM Features (GlobeNewswire News Room) Cybersecurity Management Reimagined to more Efficiently Protect Security Tech Stacks...
Technologies, Techniques, and Standards
Shields Ready | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA’s Shields Ready campaign is about making resilience during incidents a reality by taking action before incidents occur. As a companion to CISA’s Shields Up initiative, Shields Ready drives action at the intersection of critical infrastructure resilience and national preparedness.
DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (FEMA) Today, the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and FEMA launched the new “Shields Ready” campaign to encourage the critical infrastructure community to focus on strengthening resilience. Resilience is the ability to prepare for, adapt to, withstand and rapidly recover from disruptions caused by changing conditions. The new campaign was unveiled during a joint press conference at the Port of Long Beach, alongside speakers from the Long Beach, California, community and members of the U.S. Coast Guard.
US Urges Critical Infrastructure Firms to Get “Shields Ready” (Infosecurity Magazine) Government campaign aims to promote cyber-resilience
US launches “Shields Ready” campaign to secure critical infrastructure (CSO Online) Shields Ready initiative outlines strategies for preparing critical infrastructure organizations for potential disruption and building more resilience into systems, facilities, and processes.
DHS Launches New Critical Infrastructure Security and Resilience Campaign (SecurityWeek) DHS launches Shields Ready, a new campaign promoting security and resilience for critical infrastructure organizations.
Offense Intended: How Adversarial Emulation Went From State Secret To Board Bullet Point (SecurityWeek) Offensive security ("Hacking Back”) as a category has blown past its tipping point, and is in danger of becoming an overused term.
UL Solutions and the Telecommunications Industry Association Launch SPIRE 2.0 to Enhance Smart Building Performance in Cybersecurity, Connectivity and Sustainability (PR Newswire) UL Solutions, a leading global safety science company and the Telecommunications Industry Association (TIA), the trusted industry association...
Key Takeaways from the 2023 Kubernetes Security Report (Wiz Blog) Get the key highlights from the 2023 Kubernetes Security Report, which analyzed 200,000+ cloud accounts to to break down the state of Kubernetes security.
Design and Innovation
Helping People Understand When AI Or Digital Methods Are Used In Political or Social Issue Ads (Meta for Government and Nonprofits) We’re requiring advertisers to disclose when they digitally create or alter a political or social issue ad in certain cases
Meta to Require Campaigns to Disclose AI-Altered Political Ads (Wall Street Journal) Facebook parent said new policy to be in effect at the beginning of next year and ahead of U.S. presidential primaries
Research and Development
Imagining the Future of Quantum Computing for Space (Satellite Today) Space is one of the sectors that could benefit from experimenting with and adopting cutting-edge quantum technologies. This article explores the applications of quantum technologies for space.
Legislation, Policy, and Regulation
How India tamed Twitter and set a global standard for online censorship (Washington Post) For years, a committee of executives from U.S. technology companies and Indian officials convened every two weeks in a government office to negotiate what could — and could not — be said on Twitter, Facebook and YouTube.
US, South Korea and Japan to form council to counter North Korean cyber threats (NK News) The U.S., South Korea and Japan will establish a new forum to coordinate responses to illicit North Korean cyber operations that fund its nuclear program, Seoul’s presidential office announced Monday. The Office of National Security said in a press release that the high-level trilateral consultative body will seek to strengthen “practical joint response capabilities” against […]
Palantir: David Davis MP raises privacy concerns over potential NHS data contract (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
Response of the Information Technology industry Council to the Request for Information on Open Source Software Security: Areas of Long-Term Focus and Prioritization (ITI) The Information Technology Industry Council (ITI) appreciates the opportunity to provide its perspective on the Request for Information on Open Source Software (OSS) Security: Areas of Long-Term Focus and Prioritization (the RFI). We welcome ONCD’s decision to explore ways in which the government can contribute to the active OSS security ecosystem.
ACLU warns of free-speech risks in FEC oversight of AI-generated election ads (Nextgov.com) The civil liberties group expressed concern over a possible Federal Election Commission rulemaking that would call out content generated by artificial intelligence in the agency’s regulations on fraudulent misrepresentation.
New York Department of Financial Services Amends Its Cybersecurity Regulations (cyber/data/privacy insights) On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized its proposed cybersecurity rules, which build upon existing NYDFS cybersecurity requirements in the Part 500 Cybersecurity Rules.
New class of covered entities
The updated rules finalize a new class of financi
Litigation, Investigation, and Law Enforcement
Court rules automakers can record and intercept owner text messages (Record) A Seattle-based appellate judge ruled that the practice does not meet the threshold for an illegal privacy violation under state law, handing a big win to automakers Honda, Toyota, Volkswagen and General Motors.
WSJ News Exclusive | SolarWinds Denies SEC Charges Over Cyber Disclosures (Wall Street Journal) The business software maker is denying charges that it lacked adequate cybersecurity controls in the build up to a significant hack of its products in 2020, and accused the U.S. Securities and Exchange Commission of misrepresenting facts in its complaint.
Australia to investigate Optus internet and phone outage (INQUIRER.net) Australia said on Thursday it would launch an investigation into a 12-hour national outage at telco Optus that cut off internet and phone connections to nearly half of its population,
Google and prominent telecom groups call on Brussels to act over Apple’s iMessage (Financial Times) Companies want chat app designated a ‘core’ service that would require it to be fully compatible with rivals
FTC takes shots at AI in rare filing to US Copyright Office (VentureBeat) Critics are accusing the FTC of overstepping its bounds and ultimately undermining the long-held legal doctrine of Fair Use.
New Jersey Keeps Newborn DNA for 23 Years. Parents Are Suing (WIRED) All US states take pinpricks of blood from newborns to test for diseases. New Jersey stores them for decades and may allow them to be used in police investigations.
Approximately 150 Business and Public Sector Leaders Participate in Cybersecurity Conference Co-Hosted By The Maryland U.S. Attorney’s Office And The University Of Maryland (Maryland U.S. Attorney’s Office) On November 6, 2023, approximately 150 business and public sector leaders participated in a cybersecurity conference co-hosted by the U.S. Attorney’s Office for the District of Maryland and the University of Maryland. The conference included panels of cybersecurity experts from government and the private sector discussing the emerging threats, best practices, and effective collaboration between federal, state, and local agencies, the private sector, and law enforcement.