Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+642: OSINT on morale, and a coming hacktivist shakeup. (CyberWire) Storms impede ground operations. Smartphones as intelligence sources (and as a security problem). Notes on hacktivist auxiliaries, both Russian and Ukrainian.
Israel-Hamas War: Second Hostage-Prisoner Exchange Is Completed After a Delay (New York Times) Israeli and Thai hostages held by Hamas and Palestinian prisoners in Israeli jails were freed after mediators broke an impasse over aid to northern Gaza.
Three year old Israeli twins released by Hamas in latest hostage exchange (The Telegraph) Three-year-old twins were among the eleven Israelis freed from Hamas captivity tonight as they had safely made it back to Israel, and to hospital for observation, after being held captive for seven weeks.
Freed Israeli hostage describes deteriorating conditions while being held by Hamas (AP News) An Israeli hostage freed by Hamas has said in an interview that she was initially fed well in captivity until conditions worsened and captives became hungry. She was kept in a “suffocating” room and slept on plastic chairs with a sheet for nearly 50 days.
Briefing: Musk Tours Israel, Amid Criticism for His Antisemitic Remarks (The Information) On a visit to Israel on Monday, Elon Musk toured the site of one of the Oct. 7 Hamas attacks on Israelis, accompanied by prime minister Benjamin Netanyahu, in a trip seemingly designed to blunt criticism of his endorsement of an antisemitic conspiracy theory and the resulting advertiser exodus from his social media company X.
As part of the visit, Musk and Netanyahu held an online discussion
Israel tells Elon Musk Starlink can only operate in Gaza with its approval (Financial Times) Entrepreneur meets country’s leaders amid furore over alleged antisemitism on his social platform X
Top Israeli intel unit wasn’t operational on October 7 due to personnel decision (Times of Israel) New report claims senior officer decided 2 years ago that Unit 8200 shouldn’t work overnight or on weekends, said warning of Hamas attack wouldn’t come from ‘classic sources’
WildCard: The APT Behind SysJoker Targets Critical Sectors in Israel (Intezer) Our research team has identified a new APT group, dubbed “WildCard,” initially detected through its use of the SysJoker malware, which targeted Israel’s educational sector in 2021. WildCard has since expanded its reach, creating sophisticated malware variants disguised as legitimate software, and a recently developed malware called ‘RustDown,’ written in Rust for potential operational advantages. […]
Shadowy hacking group targeting Israel shows outsized capabilities (CyberScoop) A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
New Rust-based SysJoker backdoor linked to Hamas hackers (BleepingComputer) A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker (Check Point Research) Key Findings Introduction Amid tensions in the ongoing Israel-Hamas war, Check Point Research has been conducting active threat hunting in an effort to discover, attribute, and mitigate relevant regional threats. Among those, some new variants of the SysJoker malware, including one coded in Rust, recently caught our attention. Our assessment is that these were used […]
Iran hits Pennsylvania water utility. (CyberWire) Iranian hacktivists claim an attack on a Pennsylvania water utility.
Cyber Command Should Tap on Iran’s Windows (The Messenger) Perhaps it’s time to send in the nerds to remind Iran of the full scope of American power
Russia-Ukraine war live: wife of Ukrainian military’s top intelligence official poisoned; Stoltenberg urges Nato to ‘stay the course’ (the Guardian) Marianna Budanova undergoing treatment in hospital; Nato’s secretary general says it is ‘our obligation’ to supply Ukraine with weapons
Russian forces advancing on Ukrainian town from all sides (Reuters) Russian forces are intensifying their drive to capture the eastern Ukrainian town of Avdiivka, trying to advance on all sides after weeks of fighting, the town's top official was quoted as saying on Monday.
Putin Has Staked Russia’s Resources on Victory in Ukraine. Can the West Match Him? (Wall Street Journal) The Russian president seeks to turn his nation’s advantage in manpower and munitions into battlefield progress, while Western will and assistance for Kyiv are wavering.
A Containment Strategy for Ukraine (Foreign Affairs) How the West can help Kyiv endure a long war.
Is it worse than 'stalemate' in Ukraine right now? (Responsible Statecraft) Experts say Russia has the upper hand at a time when US aid is not coming fast enough
Intercepted calls from the front lines in Ukraine show a growing number of Russian soldiers want out (AP News) In audio intercepts from the front lines in Ukraine, Russian soldiers speak in shorthand. They describe 200s to mean dead, 300s to mean wounded, and 500s to describe people who refuse to fight.
Ukraine’s Volunteer IT Army Confronts Tech, Legal Challenges (CEPA) Ukraine’s volunteer IT army is growing in strength and audacity. Its independence also poses questions of legality.
Leader of Killnet 'unmasked' by Russian state media (Register) Also: NXP China attack, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month
«От него устали, но боятся»: что известно о лидере хакерской группировки Killnet - Газета.Ru (Газета.Ru) В пророссийском хакерском сообществе назрел новый конфликт. Более десяти хакеров и хактивистов публично выступили против российской группировки Killnet и ее лидера, известного под ником Killmilk. Его обвиняют в атаках на инфраструктуру РФ, мошенничестве и многочисленных нарушениях хакерской этики. «Газета.Ru» рассказывает, чем прославилась Killnet, и деанонимизирует личность главаря группировки.
Ukraine detains Victor Zhora, former top government cyber official (TechCrunch) Last week, the Ukrainian government fired two of its top cybersecurity officials, who are accused of embezzlement. Now, one of them has been detained.
Second top Ukrainian cyber official arrested amid corruption probe (Record) Viktor Zhora, the ex-deputy head of Ukraine’s State Service for Special Communications and Information Protection (SSSCIP), is accused of facilitating a corruption scheme involving the procurement of software.
Turkey’s exports of military-linked goods to Russia soarFinancial Times (Financial Times) Growth in shipments of restricted parts fuels western suspicions that Turkish companies are conduit for Moscow
Attacks, Threats, and Vulnerabilities
Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable for Takeover, Says Cybersecurity Company Hunters (Hunters) Hunters today announced it ranked 15 on the Deloitte Technology Fast 500™, a ranking of the fastest-growing tech companies in North America
DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover (Hunters) Team Axon discovered a severe design flaw in Google Workspace's domain-wide delegation feature that can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs. They also developed a tool to to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks.
Spyware in Serbia: civil society under attack (Access Now) Access Now and our partners have discovered that civil society in Serbia have been targeted with invasive spyware technology. Here’s what we know.
Spyware abuses travel to Serbia for first time (Washington Post) Investigators say they found evidence of attempted spyware infections targeting two people representing civil-society groups in Serbia, believed to be the first abuse of spyware in that nation.
Iran hacks US water system: Observation and implications of a terrorist attack on US soil (Control Global) An Iranian-backed cyber group recently launched an attack on the Municipal Water Authority of Aliquippa, Pennsylvania
Federal, state investigators probing Aliquippa Water Authority hack (Beaver County TImes) An Iran-aligned “hacktivist” group known for targeting the critical infrastructure sector reportedly hacked a Municipal Water Authority of Aliquippa water booster station Saturday.
Cyberattack on Pittsburgh-area water authority sends alarms to Department of Homeland Security (CBS News) KDKA-TV's Andy Sheehan breaks down what happened and what it means to our security.
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads (SentinelOne) Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.
How generative AI is assisting payment scams (American Banker) The rise of generative artificial intelligence is driving a sharp uptick in basic payment-card fraud tactics including bot attacks, card testing, credential stuffing and ordinary account phishing, according to a new Arkose Labs report.
Voting machine trouble in Pennsylvania county triggers alarm ahead of 2024 (POLITICO) Officials say the issue did not affect the outcome of the votes, but are nonetheless racing to restore voter confidence ahead of next year’s election.
The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI (Sophos News) Generative artificial intelligence technologies such as OpenAI’s ChatGPT and DALL-E have created a great deal of disruption across much of our digital lives. Creating credible text, images and even…
Cybercriminals can’t agree on GPTs (Sophos News) Despite concern over illicit applications of ChatGPT and similar models, Sophos X-Ops’ exploration of cybercrime forums suggests many threat actors are still skeptical – and wrestling with the same…
WSJ News Exclusive | Instagram’s Algorithm Delivers Toxic Video Mix to Adults Who Follow Children (Wall Street Journal) Content served to WSJ test accounts included risqué footage of kids, overtly sexual adult videos and ads from major brands.
Fidelity National Financial Takes Down Systems Following Cyberattack (SecurityWeek) Fidelity National Financial is experiencing service disruptions after systems were taken down to contain a cyberattack.
Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial (Record) The AlphV/Black Cat group claimed it breached Fidelity National Financial, a Fortune 500 provider of title insurance for property sales.
Ransomware group claims responsibility for another Florida attack (The Capitolist) Ransomware group BlackCat has targeted Florida-based Fidelity National Financial (FNF), a major title insurance provider, accessing systems and obtaining credentials. FNF has launched an investiga…
Nation's biggest title company hit by ransomware attack (Inman) Fidelity National Financial acknowledges that a "cybersecurity incident" disrupted the provision of title and escrow services and other technology and mortgage services.
DP World says hackers stole Australian ports employee data (Reuters) DP World Australia, one of the country's largest ports operators, said on Tuesday hackers had accessed files containing personal details of employees after a cyber incident early this month forced it to suspend operations for three days.
GE investigates alleged data breach into confidential projects: Report (CSO Online) General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker.
Alleged GE hack raises concerns about US national security (SiliconANGLE) General Electric Co. has allegedly been hacked, and the hacker is offering stolen data, including Defense Advanced Research Projects Agency documents for sale on a hacking forum, raising national security concerns.
Ardent hospital ERs disrupted in 6 states after ransomware attack (BleepingComputer) Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday.
Ardent Health Services Reports Information Technology Security Incident (Ardent Health Services) Ardent Health Services and its affiliated entities (“Ardent”) became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack. The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality.
2 N.J. emergency rooms diverting patients after Hackensack Meridian Health hit with potential cyber attack (CBS News) Patients in need of emergency care were being diverted away from hospitals impacted by the network outage.
Portneuf Medical Center experienced ransomware attack. Hospital is adapting with pencils and paper (East Idaho News) Portneuf Medical Center is the latest hospital in eastern Idaho to experience a cyber-attack. Services are currently curtailed.
UT Health East Texas back on divert status after ransomware attack (KETK.com | FOX51.com) TYLER, Texas (KETK) – UT Health East Texas is asking ambulance services to transport emergency patients to other hospitals as they deal with a cyberattack. UT Health East Texas first announce…
Criminal hacking group breaches data, including Premier Health (WDTN) A recent data breach could impact thousands of people who use Premier Health services in the Miami Valley. Denver-based patient engagement company Welltok confirmed that…
Lovelace Health System in New Mexico impacted by ransomware attack (KRQE NEWS 13) The parent company of the Lovelace Health System, which has six hospitals and more than one dozen medical centers in New Mexico, was hit with a ransomware attack Thurs…
Rivers Casino joins the club of hacked casinos (Panda Security Mediacenter) Cyber-attacks on gambling companies appear to be a trend among hackers, as last week, Rivers Casino Des Plaines reported a cyber incident.
KyberSwap recovers $4.7 million after exploit (The Block) Decentralized exchange protocol KyberSwap has recovered approximately $4.67 million in funds following a recent security attack.
Google investigating missing files on Drive, caused by desktop app (9to5Google) The missing file issue affecting Google Drive users is caused by the desktop app, Google has confirmed, and the company is investigating.
Trends
DataDome Research Discovers That 2 in 3 US Websites Are Unprotected Against Simple Bot Attacks (PR Newswire) Today, DataDome, a leading provider of AI-powered online fraud and bot mitigation, unveiled insights from its US Bot Security Report, which...
BlackBerry Quarterly Global Threat Report — November 2023 (BlackBerry) The latest report by the BlackBerry Threat Research and Intelligence team provides actionable and contextualized cyber intelligence to increase your organization's cyber resilience.
Government breaches - can you trust the US Government with your data? (Comparitech) In 2020, the US government suffered 87 data breaches that affected over 3.3 million people. Based on an average cost of $146 per affected record, we estimate that these breaches cost government entities almost $487 million last year alone. Despite a 25 percent year-on-year decrease in the number of breaches targeting government entities (down from […]
Our embrace of the end of privacy comes at a costFinancial Times (Financial Times) I was wrong to assume that liberal indifference to our actions would be the ultimate consequence of online living
Marketplace
Jacobs to Spin-off and Merge its Critical Mission Solutions and Cyber & Intelligence Businesses (Dallas Innovates) Jacobs announced it will combine the businesses with Virginia-based Amentum, a global engineering and technology solutions provider—creating a new, publicly traded player in the government services sector with nearly $13 billion in annual revenue.
Godspeed Capital launches Crimson Phoenix (Intelligence Community News) On November 27, Godspeed Capital Management LP announced the formation of Crimson Phoenix, a data and intelligence solutions platform designed to support critical mission requirements of the U.S. Intelligence Community and U.S. Special Operations Command.
Layoffs engulf VMware after Broadcom close, 'chaos' for partners in sales trenches (CRN) VMware layoffs are creating ‘significant concern and chaos’ among customers and partners in the sale trenches, said C.R. Howdyshell, CEO of Advizex, a Fulcrum IT Partners company
HII wins Air Force contract for Five Eyes information sharing (APDR) HII announced that its Mission Technologies division was awarded a three-year task order under the Analytical and Technical Services contract to provide information-sharing capabilities to the Five Eyes intelligence alliance […]
Microsoft Needs a Better Seat at OpenAI’s Table (Wall Street Journal) The leadership crisis exposed Microsoft’s reliance on the AI startup, showing a need for a greater role.
DevTernity conference collapses amid claims of fake speakers (Register) Anna? Oh, she was just a demo persona, says organizer
Male Tech Conference Founder Is Behind Popular Woman Coding Influencer Account (404 Media) IP logs show that accounts for Coding Unicorn, a female tech influencer who's built a following based on her coding advice and Instagram influencer posts, are run by a male developer and conference organizer.
Products, Services, and Solutions
Infinigate UK&I Launches Next-Gen Cyber Observability Solution for Customers (SME Bulletin) Infinigate UK&I has launched an integrated, interoperable offering to provide reseller partners with a complete cyber-observability package to face today’s escalating cyber-threats. The ‘Next-Gen Cyber Observability’ (NGCO) framework draws from the best tools from five specialist vendors – Anomali, Cybereason, Gigamon, LogRhythm and Vectra – for comprehensive risk visibility across extended hybrid networks.
Trend Micro Delivers Visibility to Entire Kill Chain by Uniting Global Threat Feeds and Generative AI-Powered Platform (PR Newswire) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, announced today its latest evolution in generative AI: the...
Datadobi Announces Enhancements to StorageMAP for the Most Comprehensive Unstructured Data Management at Massive Scale (Datadobi) StorageMAP Minimizes Risk and Transforms Unstructured Data From A Cost Center Into A Profit-Generating Competitive Advantage
CardinalOps Contributes to MITRE ATT&CK for Fourth Consecutive Release (PR Newswire) CardinalOps, the detection posture management company, announced today that it contributed updates to the latest version of MITRE ATT&CK, a...
Infinigate UK&I Launches Next-Gen Cyber Observability Solution (Pressat) Infinigate UK&I is launching a composite, multi-vendor offering to provide reseller partners with a complete cyber-observability package to face today’s escalating cyber-threat.
Deepwatch Standardizes on Torq Hyperautomation Platform Across Its Global Security Infrastructure (Torq) Deepwatch harnesses enterprise-grade Torq Hyperautomation platform to increase flexibility, enhance visibility across the attack surface, and respond to emerging threats
Securonix Joins Wiz Integrations (WIN) to Provide a Unified Approach to Protecting Complex Cloud Environments (Business Wire) Collaboration Creates a Single Pane of Glass for Monitoring Security Events and Incidents Across Cloud Platforms and On-Premises Infrastructure
Skyhawk Security Announces a Paradigm Shift in Cloud Security, Introduces AI-based Autonomous Purple Team for Continuous Proactive Protection (GlobeNewswire News Room) AWS re:Invent -- Skyhawk Security, the originator of cloud threat detection and response (CDR, now also...
Lacework Launches Generative AI Assistant to Level-Up Cloud Security Teams (PR Newswire) Lacework, a data-driven cloud security company, today announced a generative artificial intelligence (AI) assistant that gives enterprise...
Armis Releases Q4 Update to Its Armis Centrix™ Platform (Armis) Armis today announced the availability of version 23.3 of the Armis Centrix™️ platform.
Data Theorem Expands Ecosystem Partnerships, Bolsters Technical Integrations with Industry-Leading API Gateway Platforms and WAAP/WAF Service Providers (Business Wire) Company Integrates Leading API Solutions with Growing Partner Ecosystem, Including Akamai, Axway, CloudFlare, Google Cloud (Apigee), Imperva, Ideatec, and Kong
RapidFort’s Platform Now Available in Microsoft Azure Marketplace (Business Wire) Marketplace inclusion improves access to industry-leading software attack surface management technology
Technologies, Techniques, and Standards
Guidelines for secure AI system development (NCSC) This document recommends guidelines for providersof any systems that use artificial intelligence (AI), whether those systems have been created from scratch or built on top of tools and services provided by others. Implementing these guidelines will help providers build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.
AI threat demands new approach to security designs -US official (Reuters) The potential threat posed by the rapid development of artificial intelligence (AI) means safeguards need to be built in to systems from the start rather than tacked on later, a top U.S. official said on Monday.
Trellix, Illumio team up with advice on how to defeat ransomware (ITWeb) Trellix is partnering with Illumio on a series of Ransomware Detection and Response Workshops this December in the US.
Incognito Mode Isn’t Doing What You Think It’s Doing (Wall Street Journal) Private browsing, for one thing, may be giving holiday shoppers a false sense of privacy.
Design and Innovation
Superintelligent AI: can chatbots think? (Financial Times) When you interact with a chatbot, it seems like it’s reasoning. But are we being fooled?
Legislation, Policy, and Regulation
Resilience in a Time of Uncertainty: National Chemical Security During the CFATS Lapse (Cybersecurity and Infrastructure Security Agency | CISA) But 2023 is not a normal November for CISA Chemical Security. This summer, Congress allowed the Chemical Facility Anti-Terrorism Standards program’s statutory authority to expire, leaving our nation without a regulatory chemical security program for the first time in 15 years.
Swiss army takes part in NATO cyber defense exercise in Estonia (SWI swissinfo.ch) This week, the Swiss Armed Forces are taking part in the NATO Cyber Coalition exercise to defend against cyber attacks.
A Controversial US Surveillance Program May Get Slipped Into a ‘Must-Pass’ Defense Bill (WIRED) Congressional leaders are discussing ways to reauthorize Section 702 surveillance, including by attaching it to the National Defense Authorization Act, Capitol Hill sources tell WIRED.
Cyber Insurers Warn Catastrophic Hacks Will Require Government Help (Wall Street Journal) U.S. officials and insurers plan to meet in April to discuss options for a federal cyber insurance backstop.
Litigation, Investigation, and Law Enforcement
Police dismantle ransomware group behind attacks in 71 countries (BleepingComputer) In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
Inside U.S. Efforts to Untangle an A.I. Giant’s Ties to China (New York Times) American spy agencies have warned about the Emirati firm G42 and its work with large Chinese companies that U.S. officials consider security threats.
Meta Loses Bid to Push FTC Into Court on Privacy Deal (Bloomberg) Meta, under FTC order on privacy, sought federal court review. Agency opened proceeding on alleged new privacy violations.
A Bank Watchdog Crowned Its First Chief Fintech Officer. His Work History Was A Web Of Lies. (The Information) In March, the Office of the Comptroller of the Currency—the powerful federal banking regulator—tapped Prashant Kumar Bhardwaj as the first person to lead its mission to police fintech firms and the banks that power them. On the surface, Bhardwaj seemed to be well qualified to be the OCC’s new ...