Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+228: Poor narrative control. (CyberWire) Russia continues to push infantry against prepared Ukrainian positions. Russian state media are castigated for saying Russian troops have "redeployed:" even that euphemism for "retreat" is unacceptable, and Russian authorities say its use was the work of Ukrainian disinformation.
‘We’re already in a wider war’ (POLITICO) One question is if the U.S. can keep itself out of the fray.
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (The Hacker News) Researchers warn of BiBi-Windows Wiper, a dangerous Windows version of a wiper malware used in cyber attacks on Israel.
BiBi Wiper Used in the Israel-Hamas War Now Runs on Windows (BlackBerry) BlackBerry has uncovered what appears to be a new malicious wiper variant targeting Israeli companies running Windows systems. We’ve labeled it the BiBi-Windows Wiper, because it appends the Israeli Prime Minister’s nickname “Bibi” to the extension of every destroyed file.
Citing the Israel-Hamas War, NSO Group Sought Urgent Meeting With Blinken (Wire) Quoting experts, The Intercept noted that the NSO was using the current crisis to make space for the group to return to the good books of Washington.
Designating Additional Hamas and Palestinian Islamic Jihad Officials and Supporters (United States Department of State) The United States is announcing today its third round of sanctions targeting Hamas-affiliated individuals and entities in connection with the October 7 terrorist attacks on Israel. The Department of State is designating Akram al-Ajouri as a Specially Designated Global Terrorist for being a leader of the Palestinian Islamic Jihad (PIJ). Ajouri is the PIJ Deputy […]
As a former US general, I know the West can and must stand against both Russia and Iran (The Telegraph) If we don't fight two wars, we may find ourselves fighting three
Enhanced EU-Ukraine cooperation in Cybersecurity (ENISA) The European Union Agency for Cybersecurity (ENISA) has formalised a Working Arrangement with Ukraine counterparts focused around capacity-building, best practices exchange and boosting situational awareness.
Russian Cyber Warfare Escalates: 2022 Attack on Ukrainian Power Grid Reveals Alarming Trends (SOFREP) Russia's cyber attack on Ukraine's power grid reveals a chilling trend—sophisticated, dual-threat tactics blending cyber and kinetic warfare.
National security concerns rise as Russian cyber actors employ LOTL in power outages (2Spyware) The evolution of Russian cyber tactics. The development of Russian cyber strategies, especially in the context of industrial control systems (ICS), demonstrates a dynamic and
Russian State News Agencies Retract Story On Troops 'Regrouping' East Of Dnieper
(RadioFreeEurope/RadioLiberty) Russian state-news agencies published, then abruptly retracted a news item suggesting Russian forces had ordered a tactical withdrawal in a location of intense fighting in southern Ukraine.
Ukraine War Marks 'Moral Bankruptcy Of The Russian Imperial Myth,' Says Exiled Journalist (RadioFreeEurope/RadioLiberty) Mikhail Zygar, a veteran Russian journalist who now lives in exile, tells RFE/RL’s Georgian Service that Vladimir Putin needs the war “to remain in power” and that he's waiting for Ukraine's Western support to fade.
Can America Win Over the World’s Middle Powers? (Foreign Affairs) How to push back against Russia’s persistent influence.
Attacks, Threats, and Vulnerabilities
TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities (Proofpoint) Key takeaways From July through October 2023, Proofpoint researchers observed TA402 engage in phishing campaigns that delivered a new initial access downloader dubbed IronWind.
How Denmark nulled record attacks on critical infrastructure (Register) Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record
In a first, cryptographic keys protecting SSH connections stolen in new attack (Ars Technica) An error as small as a single flipped memory bit is all it takes to expose a private key.
Uncovering thousands of unique secrets in PyPI packages (GitGuardian Blog) Security Researcher Tom Forbes worked with the GitGuardian team to analyze all the code committed to PyPi packages and surfaced thousands of hardcoded credentials.
#StopRansomware: Royal Ransomware (Cybersecurity and Infrastructure Security Agency | CISA) This CSA is being re-released to add new TTPs, IOCs, and information related to Royal Ransomware activity.
FBI: Royal ransomware asked 350 victims to pay $275 million (BleepingComputer) The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.
Your Stolen Data for Sale (Trend Micro) In today’s rapidly evolving digital landscape, the risk of personal and professional data being stolen by nefarious actors looms larger than ever. This report lays bare the stark reality of this threat, with a specific focus on the unequal risks associated with data theft and its subsequent misuse.
Scam or Mega Chatbot? Investigating the New AI Chatbot Called Abrax666 (SlashNext) An in-depth investigation of a new AI chatbot called Abrax666 advertised on cybercrime forums reveals multiple red flags suggesting it's likely a scam.
Malicious Abrax666 AI Chatbot Exposed as Potential Scam (Hackread) Abrax666 AI Chatbot is being boasted by its developer as a malicious alternative to ChatGPT, claiming it’s a perfect multitasking tool for both ethical and unethical activities.
Ransomware Group RansomedVC Closes Shop (SecurityWeek) Ransomware and data extortion collective RansomedVC announces shut down, sells operation’s infrastructure.
Ducktail Malware Targets the Fashion Industry (Dark Reading) Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
DP World cyberattack blocks thousands of containers in ports (BleepingComputer) A cyberattack on international logistics firm DP World Australia has severely disrupted the regular freight movement in multiple large Australian ports.
Operations at Major Australian Ports Significantly Disrupted by Cyberattack (SecurityWeek) A cyberattack on Australian shipping giant DP World, which may have been a ransomware attack, has resulted in serious disruptions at major ports.
Australian Ports Recover From Cyber Incident (Bank Info Security) Operations resumed Monday at four major Australian ports incapacitated by a cybersecurity incident. Dubai-based DP World took systems offline Friday, provoking what
DP World: Australia sites back online after cyber-attack (BBC News) Work at DP World ports in Melbourne, Sydney, Brisbane and Perth were suspended on Friday due to a cyber-attack.
Australian ports resume some operations after major cyberattack (CNN) One of Australia’s biggest port operators has restarted some operations after a crippling cyberattack that led to a huge backup of cargo.
Australia Cyberattack Leaves 30,000 Containers Stuck at Ports (Bloomberg) DP World Plc is struggling to work through a backlog of 30,000 shipping containers piled up at ports across Australia as the company resumes operations after a cyberattack.
Stellantis production affected by cyberattack at auto supplier (Detroit News) Production at the maker of Chrysler, Dodge, Jeep and Ram models is being affected after a cyberattack on an automotive supplier disrupted its operations, the automaker said Monday.
Hacking Gang Behind Attack on Largest Global Lender Says It Got Ransom Payment (Bloomberg) The hacking group behind a recent ransomware attack on the largest global lender, Industrial & Commercial Bank of China Ltd., said it received a ransom payment.
Gang says ICBC paid ransom over hack that disrupted US Treasury market (Reuters) China's biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify.
After a surprise cyberattack, the world's largest bank had to shuffle a USB stick around Manhattan to do business (PC Gamer) Sometimes the old ways are still the best.
WSJ News Exclusive | ICBC Hackers Used Methods Previously Flagged by U.S. Authorities (Wall Street Journal) The attack stemmed from Lockbit 3.0 ransomware and two tactics targeting the users of services managed by Citrix, Treasury officials say.
Inside Wall Street's scramble after ICBC hack (Reuters) The cyber hack of Industrial and Commercial Bank of China's U.S. broker-dealer was so extensive on Wednesday, even the corporate email stopped working and forced employees to switch to Google mail, according to two people familiar with the situation.
Did a ransomware gang mess up by attacking a U.S. arm of China’s biggest bank? (Washington Post) China (and maybe Russia and the United States) could have revenge in mind for LockBit over ICBC incident
Boeing investigating leaked data after LockBit allegedly publishes stolen info (Record) Airplane maker Boeing said it is investigating data leaked by a prominent Russia-based ransomware gang that was allegedly stolen from the company.
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party (SecurityWeek) Dragos finds no evidence of a data breach after the BlackCat ransomware group claimed to have hacked the security firm via a third party.
Dragos again targeted by ransomware group, this time from AlphV (Cybersecurity Dive) The industrial cybersecurity specialist previously thwarted a shakedown attempt in May and says the current threat has not been substantiated.
If you created a bitcoin wallet before 2016, your money may be at risk (Washington Post) A company that helps recover cryptocurrency discovered a software flaw putting as much as $1 billion at risk from hackers. Now it’s going public in hopes people will move their money before they get robbed.
Hackers claim to have stolen user data from defunct crypto ATM firm Coin Cloud (Cointelegraph) The hackers claim to also have 70,000 customer selfies, along with social security numbers and physical addresses of Coin Cloud users.
LinkedIn says spy firm targeted Hungarian activists, journalists before 2022 election (Reuters) Private spy firm Black Cube was behind a hidden video campaign that used LinkedIn to target Hungarian activists and journalists leading to last year's election in the central European country, the professional networking site said on Thursday.
SCAM ALERT: I Just Got Suckered to Be a Guest on a Podcast for $3,000 But I Didn't See the Actual Scam Coming - (Johnny Jet) I was invited to be a guest on a podcast but there were red flags all along and I should have trusted my gut instinct. Here's how the scam went down.
4 Surprising Findings in our New Deepfake and Voice Clone Consumer Report (Pindrop) Our new Deepfake and Voice Clone Consumer Report has some interesting findings. Here are four key things that stood out!
Web browsing data collected in more detail than previously known, report finds (Financial Times) Campaigners warn proliferation of categories describing sensitive professions could leave users open to blackmail
Canadian banking tech giant Moneris says it prevented ransomware attack (Record) The joint venture of the Royal Bank of Canada and Bank of Montreal said its cybersecurity team “prevented access to critical data and no ransom request was made.”
Report: Over 90,000 McGraw Hill Users Allegedly Exposed by Hacker in Web Forum in 2023 (vpnMentor) A hacker shared a database allegedly stolen from McGraw Hill, which contained information from 90,875 users.
The vpnMentor research team discovered a web forum post exposing
CISA Adds Six Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency | CISA) CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story (WIRED) Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.
Trends
NCSC Annual Review 2023 (National Cyber Security Centre) Looking back at the National Cyber Security Centre's seventh year and its key developments and highlights, between 1 September 2022 and 31 August 2023.
Verizon Business 2023 Mobile Security Index: Balancing security with business imperatives (Verizon) The Verizon Business released the 2023 Mobile Security Index (MSI) report provides insights and best practices to help organizations achieve flexibility and security across business practices.
New Rubrik Cyber Report Finds that One of Every Two Organizations Suffered Loss of Sensitive Data in the Last Year (Rubrik) Rubrik Zero Labs Research reveals stark realities about defending data today, threats to our data, and a growing need for different data security & cyber resiliency strategies.
ThreatQuotient Publishes 2023 State of Cybersecurity Automation Adoption Research Report (ThreatQuotient) ThreatQuotient™, a leading security operations platform innovator, today released the State of Cybersecurity Automation Adoption 2023. Based on survey results from 750 senior cybersecurity professionals, this global research report examines the drivers and challenges for implementing cybersecurity automation in today’s enterprises.
Privacera's State Of AI and Data Security Governance Survey: Majority of Businesses (57%) Plan to Utilize a Data Security Platform to Secure Generative AI Models (PR Newswire) Privacera, the AI and data security governance company founded by the creators of Apache Ranger™, today announced the results of its latest...
The Akeyless State of Secrets Management Report: 96% of Organizations are Vulnerable to Breach Due to Mismanaged Secrets (PR Newswire) Akeyless Security, provider of Vaultless™ Secrets Management Platform, today released the "2024 State of Secrets Management Survey Report,"...
The Song Remains the Same: The 2023 Active Adversary Report for Security Practitioners (Sophos News) The remarkable decline in attacker dwell time is now well-documented, but what does that mean for those doing the hands-on work of infosecurity?
97% of Consumers Predict Cyberattacks Will Get Worse – or at Best, Stay Consistent – in 2024: ThreatX Data Reveals (Business Wire) Survey finds 69% of consumers across the US and UK believe cyberattack methods will become more sophisticated in the year ahead, while only 6% feel defenses will improve to protect against them
Q3 2023 Cyber Threat Report (Nuspire) Q3 maintained the surging levels of cyberattacks we saw in Q2 in all three of our tracked sectors: malware, botnets and exploits.
[Analyst Report] 2023 Software Vulnerability Trends (Synopsys) An Analysis by Synopsys Application Security Testing Services
Why 93% of Security Leaders Say Cloud Security Requires Zero Trust Segmentation (Illumio Cybersecurity Blog) Get insight from new research on the current state of cloud security and why Zero Trust Segmentation is the key to cloud resilience.
Malwarebytes Labs Reveals 50% Uptick in Credit Card Skimming in Advance of the Holiday Shopping Season (PR Newswire) Malwarebytes, a global leader in real-time cyber protection, today released new threat research revealing credit card skimming is on the rise...
Credit card skimming on the rise for the holiday shopping season (Malwarebytes) We've seen a particular card skimming campaign really pick up pace lately. With hundreds of stores compromised, you may come across it if you shop online this holiday season.
Marketplace
Radiant Security Secures $15 Million to Meet Growing Demand for AI-Enhanced Security (Business Wire) Fresh off the launch of its SOC co-pilot, the company will utilize the funding to expand the team and drive technical innovation in the market
MISI Changes Name to Technology Advancement Center to Reflect Evolving Mission and Value Offered to the Community (Business Wire) Rebrand from MISI to TAC highlights the nonprofit’s commitment to supporting innovation across the entire technology landscape, including facilitating the delivery of cutting-edge defense and cyber technology to our nation
Google to invest millions in another AI startup (Computing) Google is reportedly investing hundreds of millions of dollars in AI chatbot standout Character.AI just weeks after the world’s third-largest cloud company agreed to pour $2 billion into AI startup Anthropic. The move shows that the generative AI wars between tech giants like Google, Microsoft and Amazon will likely continue to heat up in 2024.
Breakingviews - Palantir’s mythology is far too precious (Reuters) Palantir Technologies has cultivated a powerful mythos worthy of being named for a crystal ball from “The Lord of the Rings.” The data-analysis company co-founded by Peter Thiel and run by Alex Karp fetches a big premium to most of its peers. Financial realities, however, suggest the valuation is the stuff of science fiction.
Exabeam Appoints Steve Wilson to Chief Product Officer (Business Wire) Wilson brings over 20+ years of experience in AI, cybersecurity, and cloud computing to the role
Infosec Institute Welcomes Bret Fund as SVP and General Manager (Infosec Institute) Bret Fund brings more than two decades of experience leading education companies through transformative growth and will guide Infosec through its current growth phase.
Securonix Appoints Mark Stevens as Vice President of Strategic Alliances (Business Wire) Veteran Channel Chief with Proven Success in Growing Global Partner Ecosystems Joins Securonix to Help Channel Partners Thrive in an Evolving Competitive Landscape
Products, Services, and Solutions
Can true crime stories about the internet keep individuals safe from cybercrime? (Technical.ly) These Columbia-based podcasters are giving it a shot, with over 200 episodes that offer insight into the social and economic dimensions of cybersecurity.
10 corporate cybersecurity blogs worth your time (Help Net Security) This curated list of insightful corporate cybersecurity blogs provides analysis and actionable advice to help you keep your company secure.
Network Perception and Claroty Integrate Technology for Continuous OT Cybersecurity Threat Detection (Business Wire) Combined audit platform proactively alerts network administrators to at-risk changes or vulnerabilities
Tarsus On Demand, Sophos sign cyber defence pact (ITWeb) In a strategic move, the partnership aims to provide a one-stop shop for cloud services and cyber security.
Teradata Completes IRAP Assessment (Australian Cyber Security Magazine) Teradata has announced the completion of the Information Security Registered Assessors Program (IRAP) for VantageCloud Enterprise. The PROTECTED security evaluation shows that Teradata’s complete cloud analytics and data platform has achieved the highest standard for securing sensitive government and broader industry data and systems. Developed by the Australian Signals Directorate (ASD), IRAP is a requirement to provide
Concentric AI Joins Cohesity Data Security Alliance to Enhance Data Security Posture Management for Joint Customers (Business Wire) New Semantic Intelligence™ Integration Will Seamlessly Protect Data, Meets Mandates for Privacy Data Protection, and Mitigates Risk across Cohesity Data Cloud
SlashNext Delivers Industry's First Multi-Channel Quishing Protection to Block Malicious QR Codes in All Business and Personal Messaging Channels with 99% Accuracy (PR Newswire) SlashNext, the leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile, today announced the release of QR Code...
DirectDefense Launches ThreatAdvisor 3.0 to Streamline Security Operations with SOAR Technology (Business Wire) Major Platform Updates and Advanced Features Boost Speed, Efficiency and Accuracy Based on Customers’ Needs
Veeam Announces Updates to Backup for Salesforce on Salesforce AppExchange, the World's Leading Enterprise Cloud Marketplace (Veeam Software) Veeam Announces Updates to Backup for Salesforce on Salesforce AppExchange, the World's Leading Enterprise Cloud Marketplace
Stream Security Expands into CloudSecOps Market with Launch of Real-time Cloud Security Solution (PR Newswire) Stream Security, previously known as Lightlytics, today announced a significant expansion into cloud security, ushering in a new era for the...
Eclypsium Collaborates With Intel to Provide Enhanced Visibility Into Infrastructure Supply Chains (Business Wire) Eclypsium’s Supply Chain Security Platform Creates Trust Through Transparency With Insights From Intel
LastPass Launches Enhanced User Interface for Mobile Vault (LastPass) New UI on iOS and Android mobile apps makes it easier for users to access their data from anywhere
Lacework Code Security Extends Platform's Coverage to the Full Application Lifecycle (PR Newswire) Lacework, the data-driven cloud security company, today announced its release of code security, which provides Lacework customers full...
Cycode Introduces Complete Approach to Application Security Posture Management (ASPM) (GlobeNewswire News Room) With the launch of ConnectorX, a click and connect platform for 3rd party security tools, and Risk Intelligence Graph enhancements, Cycode delivers the...
Security Journey Announces New AI/LLM and API Learning Paths to Teach Development Teams How to Build Software Securely (GlobeNewswire News Room) New training efficiently addresses the industry’s identified risks in API and AI/LLM software....
OneSpan Launches Passwordless, Phishing-Resistant Authentication for a Secure Workforce (OneSpan™) OneSpan™, the digital agreements security company, today introduced its latest innovation to the Digipass Authenticators product line, with DIGIPASS FX1 BIO. This cutting-edge physical passkey with fingerprint scan, empowers organizations to embrace passwordless authentication while providing the utmost security against social engineering and account takeover attacks.
Skyhigh Security Expands Global Points of Presence with Oracle Cloud Infrastructure (Business Wire) Skyhigh Security’s Growing User Base to Benefit from Additional Points of Presence for Fast Access to Cloud Services
Technologies, Techniques, and Standards
A Simplified Overview of the MITRE ATT&CK Framework (Tripwire) MITRE ATT&CK, short for “MITRE Adversarial Tactics, Techniques, & Common Knowledge”, serves as a freely accessible global repository of adversary behavior.
Intelligence for Good Pursues Justice for Victims of Internet-Enabled Crimes (Business Wire) Built on over a decade of research and intelligence about online frauds and scammers, the newly launched nonprofit will ensure that criminals receive the attention from our justice system that their crimes demand
Design and Innovation
Microsoft Teams With UN Nonprofit To Spot Terrorist Content Online (Forbes) Tech Against Terrorism says it's archived more than 5,000 pieces of AI-generated content shared in terrorist and violent extremist spaces.
Legislation, Policy, and Regulation
US Privacy Groups Urge Senate Not to Ram Through NSA Spying Powers (WIRED) An effort to reauthorize a controversial US surveillance program by attaching it to a must-pass spending bill has civil liberties advocates calling foul.
If entities continue to obfuscate and lie, it’s time to mandate more transparency in breach disclosures (Data Breaches) When it comes to data breach disclosures, the very same entities who claim to take our privacy and security very, very...
FTC Imposes New Data Breach Notification Requirements (JD Supra) On October 27, 2023, the Federal Trade Commission (the “FTC”) adopted a final rule (“Final Rule”) to amend the Standards for Safeguarding Customer...
U.S. Shift on Global Tech Rules Jeopardizes Effort to Counter China (Wall Street Journal) Some Asian allies see rules facilitating digital trade as crucial to a trade agreement among Pacific nations, but the U.S. is retreating.
ITI Testifies Before the U.S. House of Representatives on AI Policy (Information Technology Industry Council) In testimony before the U.S. House of Representatives Commerce Subcommittee on Communications and Technology today, global tech trade association ITI’s Vice President of Policy Courtney Lang reiterated the importance of taking a risk-based approach to AI policymaking, facilitating public trust in AI through transparency measures, and ensuring privacy and security.
WSJ News Exclusive | New York Plans Cyber Rules for Hospitals (Wall Street Journal) New York regulators Monday announced plans to issue cybersecurity regulations for hospitals, after a series of attacks crippled operations at medical facilities.
Litigation, Investigation, and Law Enforcement
Google sues scammers behind AI chatbot Bard malware (Register) Plus: Chocolate Factory launches second lawsuit against false DMCA takedowns
Google takes to the courts to stop AI scammers (Axios) Google is suing a group of online scammers who appear to be using its logos in a scheme targeting the general public's interest in artificial intelligence.
Russian and Moldovan National Pleads Guilty to Operating Illegal Botnet Proxy Service that Infected Tens of Thousands of Internet-Connected Devices Around the World (US Department of Justice) A Russian and Moldovan national pled guilty to three counts of violating 18 U.S.C. § 1030(a)(5)(A) Fraud and Related Activity in Connection with Computers.
FBI struggled to disrupt dangerous casino hacking gang, cyber responders say (Reuters) The U.S. Federal Bureau of Investigation (FBI) has struggled to stop a hyper-aggressive cybercrime gang that's been tormenting corporate America over the last two years, according to nine cybersecurity responders, digital crime experts and victims.
Federal officials seize $1.1 million lost in the cyberattack on CT school district (WSHU) The city of New Haven lost more than $6 million in multiple cyberattacks on its public school district earlier this summer and has so far managed to recover at least $4.7 million.
Alleged RCMP leaker says he was tipped off that police targets had 'moles' in law enforcement (CBC News) Cameron Ortis, the former RCMP intelligence official on trial in Ottawa, said he was tipped off by a counterpart at a "foreign agency" that the people he's accused of leaking secrets to had "moles" inside Canadian police services.
Intel accused of hiding the 'Downfall' CPU bug, faces class action (Computing) Intel chose to sell vulnerable products despite identifying the Downfall bug in its processors in 2018, leaving owners with vulnerable Intel CPUs.