Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+631: Ukraine warns that Russia's cyberwar will spread. (CyberWire) Russia prepares for the arrival of F-16s in Ukraine, begins its winter missile and drone campaign, and expands cyber operations.
Israel-Hamas war live: IDF says it has retrieved body of soldier taken hostage by Hamas (the Guardian) Body found in a building near Gaza’s al-Shifa hospital, Israel’s military says
Ukrainian troops operate in occupied Kherson region after crossing river (Reuters) Ukrainian troops have crossed the vast River Dnipro into occupied areas of Kherson region and are operating in small groups, Russia conceded on Wednesday, saying it had dispatched more troops to stop them.
Ukraine vows to strike back if Russia resumes energy infrastructure attacks (Atlantic Council) Ukrainians are currently preparing for a repeat of Russia's winter bombing campaign targeting the country's civilian energy infrastructure, but this year Ukraine has the capacity to strike back, writes Marcel Plichta.
Russian War Report: Desperate for recruits, Russia offers one million rubles to join its military (Atlantic Council) The Russian army is struggling to fund equipment and recruit as they host fundraisers and drives offering pledges of one million rubles.
Staggering Russian Losses in Ukraine Eroding Popular Support at Home, as Putin Resorts to World War II Tactics and Begins Looking for Women Prepared To Fight (The New York Sun) While the world’s gaze swiveled to Israel’s war against Hamas, the fight at Avdiivka became Europe’s bloodiest battle since World War II.
Vladimir Putin's anti-colonial posturing should not fool the Global South (Atlantic Council) The countries of the Global South may have many good reasons for pursuing closer ties with Putin’s Russia, but a shared opposition to imperialism is most certainly not one of them, writes Taras Kuzio.
The Case for Supporting Ukraine Is Crystal Clear (Foreign Policy) Note to Congress: Ukraine aid is not charity but serves critical U.S. interests.
Essay | It’s Time to End Magical Thinking About Russia’s Defeat (Wall Street Journal) Putin has withstood the West’s best efforts to reverse his invasion of Ukraine, and his hold on power is firm. The U.S. and its allies need a new strategy: containment.
China’s support for Russia has been hindering Ukraine’s counteroffensive (Atlantic Council) A deep dive into trade data reveals how materials imported from China are vital for Russia’s ability to sustain its continued stubborn efforts to hold onto Ukrainian territory.
Estonian Prime Minister Kaja Kallas’s message to NATO: ‘Defending freedom has a price tag’ (Atlantic Council) “Stay firmly on the course and boost our long-term support" to Ukraine, Kallas said at the EU-US Defense & Future Forum.
Ukraine Tracks a Record Number of Cyber Incidents During War (Bank Info Security) Ukraine's national computer emergency response team, CERT-UA, says it sees an increase in cyber incidents as Russia's invasion continues. While wiper attacks are
Russia will target other countries for web attacks, Ukraine cyber defence chief warns (The Irish Times) Viktor Zhora tells Dublin conference cyberattacks now combining with conventional combat
Sandworm Linked to Attack on Danish Critical Infrastructure (Infosecurity Magazine) A report described the coordinated attack, in which 22 critical infrastructure firms were targeted
Why cyber war readiness is critical for democracies (Help Net Security) Once the war in Ukraine ends, Russia's offensive cyber capabilities will be directed towards other targets, Rik Ferguson, VP Security Intelligence for
Attacks, Threats, and Vulnerabilities
Ddostf Botnet Resurfaces in DDoS Attacks Against MySQL and Docker Hosts (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Researchers claim that the Chinese Ddostf botnet is specifically designed for launching DDoS attacks and that the threat actors are operating a DDoS-for-hire service.
FBI and CISA Release Advisory on Scattered Spider Group (Cybersecurity and Infrastructure Security Agency | CISA) Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. The advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023.
FBI warns on Scattered Spider hackers, urges victims to come forward (Reuters) The FBI warned organizations to guard against the Scattered Spider hacking group, which has breached dozens of American organizations over the past year, stealing their sensitive data for extortion.
U.S. officials urge more information sharing on prolific cybercrime group (CyberScoop) An aggressive ransomware group has hit a series of prominent targets in recent months without any arrests being made.
A Spy Agency Leaked People's Data Online—Then the Data Was Stolen (WIRED) The National Telecommunication Monitoring Center in Bangladesh exposed a database to the open web. The types of data leaked online are extensive.
Elephant Hunting | Inside an Indian Hack-For-Hire Group (SentinelOne) Exploring the technical intricacies of Appin, a hack-for-hire group, revealing confirmed attribution and global threat activity, both old and new.
How an Indian startup hacked the world (Reuters) Appin was a leading Indian cyberespionage firm that few people even knew existed. A Reuters investigation found that the company grew from an educational startup to a hack-for-hire powerhouse that stole secrets from business titans, politicians, military officials and wealthy elites around the globe. Appin alumni went on to form other firms that are still active today.
Scama: Uncovering the Dark Marketplace for Phishing Kits (Vade Secure) Learn about scama, or phishing kits, including details on how the threat works and the malicious marketplace for it.
A deep dive into Phobos ransomware, recently deployed by 8Base group (Cisco Talos Blog) Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations.
Understanding the Phobos affiliate structure and activity (Cisco Talos Blog) Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust are the most common variants
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures (Aquasec) Nautilus researchers evaluated the disclosure process of open-source projects and found flaws that allowed harvesting the vulnerabilities before patched
Zimbra Zero-Day Exploited to Hack Government Emails (SecurityWeek) Google says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails.
AI disinformation campaigns pose major threat to 2024 elections (Help Net Security) AI, post-quantum cryptography, zero trust, and ongoing cryptography research will shape cybersecurity strategies in the present and for 2024.
Bitdefender Antispam Lab reveals the 2023 Black Friday scam agenda. Stay in the know to avoid getting phished this shopping season (Hot for Security) Although the Black Friday shopping frenzy has already begun in some parts of the
world, million of consumers are still updating online shopping and wish lists in
anticipation of 2023’s best shopping deals.
Toyota recovering from cyberattack on its financial services division (Record) The company acknowledged the cyberattack hours after the Medusa ransomware gang claimed to have stolen data from Toyota Financial Services.
Vietnam Post Exposes 1.2TB of Data, Including Email Addresses (Security Affairs) Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses to external cyber threats
Royal Mail ransomware recovery to cost at least $12 million (Register) First time hard figure given on recovery costs for January incident
Official City of Long Beach Statement Regarding a Network Security Incident Targeting City Systems (City of Long Beach) On Nov. 14, 2023, the City of Long Beach learned that it was subject to a potential cybersecurity incident. The City’s Department of Technology and Innovation immediately initiated an investigation, engaged with the City’s contracted cyber security consultant firm, and notified the Federal Bureau of Investigation. Through the initial investigation, the City determined a network security incident occurred.
CISA warns of actively exploited Windows, Sophos, and Oracle bugs (BleepingComputer) The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
Vulnerability Summary for the Week of November 6, 2023 (Cybersecurity and Infrastructure Security Agency | CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
CISA Releases Fourteen Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) CISA released fourteen Industrial Control Systems (ICS) advisories on November 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Citrix Releases Security Updates for Citrix Hypervisor (Cybersecurity and Infrastructure Security Agency | CISA) Citrix has released security updates addressing vulnerabilities in Citrix Hypervisor 8.2 CU1 LTSR. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.
Juniper Releases Security Advisory for Juniper Secure Analytics | CISA (Cybersecurity and Infrastructure Security Agency CISA) Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
Trends
Dragos Industrial Ransomware Analysis: Q3 2023 (Dragos) The Dragos Ransomware Analysis for Q3 2023 evaluated variants used against industrial organizations worldwide. Learn more about our assessments and findings.
Trellix Detects Collaboration by Cybercriminals and Nation-States (Business Wire) Report Highlights New Programming Languages in Malware Development, Adoption of Malicious GenAI, and Acceleration of Geopolitical Threat Activity
Shred-it® Annual Data Protection Report Finds Vulnerable Small Businesses Risk Losing More than Money (PR Newswire) Shred-it®, a leading secure information destruction service by Stericycle, Inc. (Nasdaq: SRCL), announced today the release of its 13th annual...
Bad Bots Account for 73% of Internet Traffic: Analysis (SecurityWeek) A new report estimates that 73% of all internet traffic currently (Q3, 2023) comprises bad bots and related fraud farm traffic.
Cyber Security Ranks as Top Risk for Enterprises in 2024 (Business Wire) New study finds that as the digital transformation of business accelerates, risk and internal audit leaders shift their focus to managing technology-driven risk.
Avast warns of AI-driven scams in Q3 Threat Report ahead of holiday season (SecurityBrief Australia) Avast's Q3 Threat Report reveals a surge in cyber threats, including adware, spyware, finance scams and AI-driven dating scams, during the holiday season.
Marketplace
Washington Harbour Buys Cybersecurity Services Provider SIXGEN - GovCon Wire (GovCon Wire) Looking for the latest GovCon News? Check out our story: Washington Harbour Buys Cybersecurity Services Provider SIXGEN. Click to read more!
Palo Alto windfall: Founders of Talon and Dig set for lucrative paydays after acquisitions (CTech) The founders of Talon are expected to receive over $200 million from the sale to Palo Alto Networks, while the founders of Dig Security will net several tens of millions of dollars. Both companies were established only two years ago
Palo Alto Networks sustains $1B M&A with twin acquisitions amid market volatility (SDxCentral) Palo Alto Networks revealed its two recent deal prices — about $232 million for Dig Security and $435 million for Talon Cyber Security.
Elon Musk Said Antisemitic Social-Media Post Was ‘the Actual Truth’ (Wall Street Journal) The billionaire had agreed with a post on X that said Jewish communities push hatred of white people.
Aiden Technologies Adds Joe Fousek as Law Firm Technology Expert to Bolster IT and Security Expertise (PR Newswire) Aiden Technologies, the provider of modern, intelligent software packaging and deployment for Microsoft Windows, today announced that law...
Securonix Appoints Scott Sampson as Chief Revenue Officer (Business Wire) Unified Defense SIEM Leader Taps Proven Enterprise Software Executive to Guide Global Go-to-Market Organization
FireTail Advisory Board Expands With Cybersecurity Luminaries Mikko Hypponen and Sounil Yu (Business Wire) Internationally-renowned computer security experts, speakers and authors lend their expertise to help steer development of FireTail’s innovative API security platform
Products, Services, and Solutions
New infosec products of the week: November 17, 2023 (Help Net Security) The featured infosec products this week are from: Devo Technology, Illumio, Kasada, Lacework, OneSpan, and ThreatModeler.
Redgate introduces automated test data management solution to simplify workflows, enable efficient software delivery, and reduce risk (Business Wire) Redgate Test Data Manager provides an at-a-glance view of clones created, highlighting where sensitive data has been replaced, and their name and size. The clones can be deleted or shared instantly.
Open Systems Secure Web Gateway as a Service Brings New Security and SaaS Simplicity to Zero Trust Access (Business Wire) Cloud-based secure web gateway controls and protects users’ web traffic anywhere, anytime. Blocks malware including threats concealed in encrypted traffic, protects resilience with scale.
Socure Launches the Industry's Most Accurate Synthetic Fraud Solution (PR Newswire) Socure, the leading provider of Artificial Intelligence for digital identity verification, fraud prevention, and sanctions screening has...
DoControl Enhances Microsoft Integration With Swift Account Scanning and Onboarding Across Millions Of Files In Just Hours (PR Newswire) DoControl, the leading SaaS Security Platform (SSP), today announced new capabilities to its data security protection offering for Microsoft...
CyberArk Joins the Microsoft Security Copilot Partner Private Preview (Busines Wire) CyberArk (NASDAQ: CYBR), the identity security company, today announced its participation in the Microsoft Security Copilot Partner Private Preview. CyberArk was selected based on its proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.
Vectra AI Adds Advanced Hybrid Attack Detection, Investigation and Response Capabilities for Amazon Web Services (AWS) (GlobeNewswire News Room) The Vectra AI Platform Extends Attack Coverage, Signal Clarity and Intelligent Controls for AWS to Arm SOC Teams to Move at the Speed and Scale of Hybrid...
Sherweb teams with SentinelOne® to simplify cybersecurity for Managed Service Providers (Business Wire) Sherweb, an award-winning cloud marketplace leader, today announced that it is joining forces with SentinelOne, a global leader in AI security, to better serve the cybersecurity needs of Managed Service Providers (MSPs).
Noname Security Announces Technology Integrations with Leading SOAR Platforms (Noname Security) Noname Security announces integrations with leading Security Orchestration, Automation, and Response (SOAR) platform providers Swimlane, Tines, and Palo Alto Networks.
Flare Launches Enhanced MSSP Partner Program (Newswire) Flare, the leading continuous threat exposure management solution provider, today announced the launch of their new tiered Managed Security Service Provider (MSSP) program, giving partners additional assets and support to help them grow their businesses and deliver value to their customers.
Demand surges for Palo Alto's XSIAM security tool (CRN) Palo Alto Networks added $500m to sales pipeline for XSIAM security operations tool last quarter, boosting total pipeline to $1bn
Technologies, Techniques, and Standards
CISA Requests Comment on Draft Secure Software Development Attestation Form (Cybersecurity and Infrastructure Security Agency | CISA) CISA has opened a 30-day Federal Register notice to receive public comment on the draft Secure Software Development Attestation Form. CISA developed this form in coordination with the Office of Management and Budget.
So, You Think of Cybersecurity Only as a Cost Center? Think Again. (National Law Review) Introduction: Basis of the Current Risk Profile – “How Did We Get Here?” U.S. manufacturers face a multitude of cybersecurity challenges that threaten their operations, reduce productivity, and jeopardize their intellectual property and data. For the past two years, the manufacturing sector has been the most targeted industry for ransomware attacks,1 with manufacturers spending an average of US$1.82 million per attack in 2023, not including any ransom payments.2
Air Forces Cyber turns focus to information operations (Defense One) New training effort will teach how to target disinformation campaigns and how to influence audiences.
ChatGPT for Malware Analysis: Enhancing GPT’s Ability to Guide Malware Analyst (Cyber Security News) GPT excels in verbal thinking, skillfully choosing precise words for optimal responses. Understanding this key property is crucial, as much of its subsequent behavior stems from this ability.
Research and Development
Now that Maven is a program of record, NGA looks at LLMs, data labeling (Breaking Defense) "We’ve hit our milestones and you’ll start seeing as we look to the next few months a lot more activity from the Maven office in terms of contracting," Rachel Martin said.
Legislation, Policy, and Regulation
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' (WIRED) A new report by an oversight committee in the US House of Representatives says the FBI has routinely violated rules governing FISA's Section 702 surveillance program and must be reined in.
CISA turns 5 and looks to the future (Nextgov.com) The Cybersecurity and Infrastructure Security Agency is growing up as its mission to protect against cyber threats becomes ever more complex.
Litigation, Investigation, and Law Enforcement
AI Risks Force Corporate Privacy Officers to Expand Oversight (Wall Street Journal) The growth of artificial intelligence is forcing corporate privacy leaders to work closely with their cybersecurity, data analytics and other business units as they address risks in new technology projects.
SolarWinds And A Controversial New Era For CISOs (HolistiCyber) The SEC filed charges against SolarWind's and its CISO in connection with a 2020 breach. What CISOs should do next.
Ukrainian and Czech police bust $9 million bank fraud gang (Record) The scammers pretended to be bank security officers, telling victims that their accounts had been hacked, police said. The scheme escalated from there.
Musk fails in legal bid to void Federal Trade Commission consent order (Washington Post) A federal judge on Thursday rejected an attempt by Elon Musk’s social media company to overturn a May 2022 order by the Federal Trade Commission that imposed requirements for safeguarding the personal data of its users.
Morgan Stanley to Pay Another $6.5 Million Tied to Client Data Breach (AdvisorHub) Morgan Stanley will pay a combined $6.5 million in fines as part of a settlement with six state attorney generals based on allegations that it compromised around 15 million customers’ personal information.
NSO Group’s Request to Dismiss WhatsApp Spyware Case Rejected (Bloomberg Law) A federal judge denied Israeli spyware company NSO Group’s request to dismiss a years-long case against the company for allegedly violating anti-hacking laws brought by WhatsApp.
WSJ News Exclusive | Regulators Say Wells Fargo Isn’t Doing Enough to Police Customer Crimes (Wall Street Journal) The bank is facing a lawsuit claiming that it failed to detect an alleged Ponzi scheme.
FTC targets telecom provider for inmates after massive data breach (Record) The federal agency wants Virginia-based Global Tel*Link Corp. to improve its security practices and incident reporting policies.