Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+652: FSB and GRU cyber operations aim at influence. (CyberWire) The Five Eyes jointly expose (and condemn) a long-running FSB cyberespionage and influence campaign.
Israel’s Failed Bombing Campaign in Gaza (Foreign Affairs) Collective punishment won’t defeat Hamas.
Cyber Av3ngers Hacktivist Group Targeting Israel-Made OT Devices (Dragos) Learn more about recent hacktivist activity targeting operational technology (OT) and what you can do to fortify your cyber defenses.
TikTok Plans Anti-Hate Speech Efforts After Complaints Over Israel-Hamas Videos (The Information) TikTok is preparing a slew of initiatives to defuse growing complaints that antisemitism and other hate speech has proliferated in videos about the Hamas-Israel war. The ByteDance-owned app is planning a social media campaign this month called “Swipe Out Hate” that will involve creators to ...
Nikki Haley says TikTok makes people ‘17% more antisemitic, more pro-Hamas’ (the Guardian) Republican presidential contender mocked for claim about Chinese-owned app during primary debate on Wednesday night
The UN secretary-general invoked 'Article 99' to push for a Gaza cease-fire. What exactly is it? (AP News) U.N. Secretary-General Antonio Guterres invoked a rarely exercised power to warn the Security Council of an impending “humanitarian catastrophe” in Gaza.
Russia-Ukraine war: Kremlin says engaging in peace talks on Kyiv’s terms ‘unrealistic’ – as it happened (the Guardian) Moscow plays down media report about possible peace negotiations
Ukraine war latest: Putin to run for president again, moving to extend his two-decade rule to 2030 (Sky News) Vladimir Putin is to seek another presidential term in Russia in a bid to extend his rule of more than two decades, state media is reporting.
How Russia’s opposition uses QR codes to spread anti-Putin messages (Record) Opposition activists in Russia launched a campaign against President Vladimir Putin this week, using cleverly-placed QR codes to direct people to subversive websites.
Putin claims Russia-Iran alliance has turned tide of Ukraine war (The Telegraph) President thanked Ayatollah Ali Khamenei for catalysing ‘good momentum’ while speaking in Tehran on Thursday
Defend Democracy or Prepare to Relive the 1930s (Barron's) The 21st century will challenge democracy. Climate change, excessive wealth gaps, the impact of artificial intelligence, cyber attacks, misinformation, disinformation and, ultimately, domestic discontent—all threaten open society. But one challenge, a traditional one, stands head and shoulders above the rest.
Russia luring migrants from Finnish border for war in Ukraine (BBC) The BBC has seen evidence of foreigners without valid visas being sent to a military camp near Ukraine.
Ukraine assassinates ‘traitor’ ex-MP in Russia (The Telegraph) Illia Kyva, a former pro-Russian member of Kyiv’s parliament, fled to Russia after the invasion and had been found guilty of high treason
CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard (Cybersecurity and Infrastructure Security Agency | CISA) Today, the Cybersecurity and Infrastructure Security Agency (CISA)—in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cyber Command Cyber National Mission Force (CNMF)—released a joint Cybersecurity Advisory (CSA) Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods used by this Russia-based threat actor group to target individuals and organizations.
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns (Cybersecurity and Infrastructure Security Agency | CISA) The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest.
US, Allies Highlight Russian-State Cyber Actor “Star Blizzard” Spear-phishing Campaigns (U.S. Cyber Command) U.S. Cyber Command’s Cyber National Mission Force, alongside interagency and foreign partners, issued a joint Cybersecurity Advisory highlighting advanced spear-phishing campaigns from Russia-based
U.S. Takes Action to Further Disrupt Russian Cyber Activities (United States Department of State) The United States government is taking a series of actions today against cyber actors Callisto Group, Star Blizzard, and COLDRIVER, which are connected to Russian Federal Security Service (FSB) Center 18 for long-running cyber espionage campaigns that targeted numerous U.S.-based entities and individuals. The actions build on our longstanding efforts to disrupt Russian cyber activities, […]
Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign (U.S. Department of Justice) A federal grand jury in San Francisco returned an indictment on Tuesday charging two individuals with a campaign to hack into computer networks in the United States, the United Kingdom, other North Atlantic Treaty Organization member countries, and Ukraine, all on behalf of the Russian government.
United States and the United Kingdom Sanction Members of Russian State Intelligence-Sponsored Advanced Persistent Threat Group (U.S. Department of the Treasury) Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC), in coordination with the United Kingdom, designated two individuals associated with an advanced persistent threat (APT) group that is sponsored by the Russian Federal Security Service (FSB) and has targeted individuals and entities in the United States, United Kingdom, and other allied and partner countries.
US charges two Russians in hacks of government accounts (Record) The Justice Department said that two members of Center 18 within the Russian FSB were part of a long-running campaign "to gain unauthorized, persistent access into victims’ computers and email accounts.”
UK and US Accuse Russian FSB of 'Hack and Leak' Operation (Bank Info Security) The U.K. government accused Russia's domestic intelligence agency of running a yearslong campaign to interfere in British politics. U.S. federal prosecutors
U.S. and U.K. Accuse Russia of Global Hacking Spree Targeting British Elections (Wall Street Journal) The cyberattacks also allegedly took aim at U.S. energy networks and American spies.
Russian spies targeting UK MPs and media with ‘cyber interference’ (the Guardian) Foreign Office minister tells MPs that FSB is ‘behind sustained effort to interfere in our democratic processes’
Cyberactivity targeting elections on rise, says report from Canada's e-spy service (Daily Guardian) OTTAWA -
A new federal report says cyberthreat activity targeting elections is increasing worldwide, and is now more likely to be seen in Canada's
GCSB Minister Judith Collins condemns Russian cyber attacks (RNZ) New Zealand is joining other nations, including Britain, in condemning Russian government malicious cyber-attacks.
Russian Star Blizzard hackers linked to efforts to hamper war crimes investigation (the Guardian) Group ‘harvesting sensitive material’ via social media part of FSB unit leaking data to serve Kremlin
Russian hackers targeted NATO forces and diplomats to aid Ukraine war effort (CNN) Hackers linked with Russian military and spy agencies have been on a spree in recent months to gather up intelligence that could help the Kremlin’s war effort in Ukraine by trying to infiltrate NATO, US and European government networks, cybersecurity experts who have responded to the hacks told CNN.
Russian influence and cyber operations adapt for long haul and exploit war fatigue (Microsoft On the Issues) Since July 2023, Russia-aligned influence actors have tricked celebrities into providing video messages that were then used in pro-Russian propaganda, according to the latest biannual report from the Microsoft Threat Analysis Center.
Fancy Bear targets Nato entities via critical Outlook flaw (Computer Weekly) A vulnerability patched in March has likely been exploited by the Russian state actor Fancy Bear, for over two years, according to new intelligence
Russian information operation uses U.S. celebrity Cameos to attack Zelensky (CyberScoop) Kremlin propagandists tricked a half dozen celebrities into recording videos urging Ukraine's president to seek treatment for substance abuse.
Russia doctors custom videos by US actors to create anti-Ukraine propaganda (Record) The source videos came from sites like Cameo — where celebrities can record and send personalized messages to users for a fee — according to researchers at Microsoft.
Actors Recorded Videos for ‘Vladimir.’ It Turned Into Russian Propaganda. (Wall Street Journal) Microsoft found that celebrities were tricked into making videos used to attack Ukrainian President Volodymyr Zelensky.
Leader of Russian hacktivist group Killnet ‘retires,' appoints new head (Record) In a post on Telegram, the agitator known as Killmilk said he is handing over the reins of the Killnet group. Russian journalists reportedly uncovered his identity recently.
Analysis: As Western unity on Ukraine falters, Putin eyes a slow-burn win (CNN) This is the moment Russian President Vladimir Putin has been waiting for: when he doesn’t really need to do much, and can call it a win.
Ukraine aid nears zero while supplemental remains stalled (Defense News) Without further aid, Ukraine's battlefield plans will have to adjust, a military official told Defense News
While the West dithers, the future of the world is being decided in Ukraine (Atlantic Council) If Western leaders choose to stop arming Ukraine against Russia's invasion, future generations will view their decision as one of the great geopolitical turning points of the twenty-first century, writes Peter Dickinson.
Don’t stop now. US aid to Ukraine continues to be a wise investment. (Atlantic Council) Cutting off aid to Ukraine now, as some in Congress propose, would undermine the immediate war effort in Europe and diminish the deterrent power of US military force globally.
Ukraine Funding Fight Stokes New Fears Over US Reliability (Bloomberg) Biden makes fresh appeal, but Senate Republicans block new aid. Zelenskiy tells G-7 leaders that fading support delights Putin.
New aid pledges for Ukraine fall to lowest levels since the start of the war, report says (CBS News) "The dynamics of support to Ukraine have slowed," the German-based Kiel Institute says.
The Biden administration finally has a Black Sea security strategy. It’s what comes next that matters. (Atlantic Council) The Biden administration’s strategy on Black Sea security is coming into focus. It will take time and strong partnerships to execute.
Biden Says ‘We’re Not Giving Up’ on Push to Secure Evan Gershkovich’s Release (Wall Street Journal) The president said the U.S. has made several offers aimed at freeing Americans detained in Russia.
Russia’s invasion cannot derail Ukraine’s rule of law reforms (Atlantic Council) As Ukraine defends itself against Russia's invasion, the country is also pursuing an ambitious reform agenda that is primarily focused on transforming the Ukrainian legal system and establishing the rule of law, write MPs Denys Maslov and Oleksandr Vasiuk.
EU plans to give members option to bar Russian gas imports (Upstream Online) European Parliament is expected to approve the authority to ban gas imports on Friday
Attacks, Threats, and Vulnerabilities
Exclusive | Nationwide alert sounded as hacker group plans ‘cyber party’ to attack India’s critical digital infra (CNBCTV18) Central agencies are particularly vigilant, anticipating that the health sector’s cyber infrastructure might be the primary target. This heightened concern is attributed to the sector remaining on the radar of such hacker groups, especially in the aftermath of the global pandemic.
North Korea targets South’s defence technology as cyberattacks become ‘bolder’ (South China Morning Post) A probe showed that a hacker group, known as Andariel, had stolen 1.2TB worth of technical data from dozens of South Korean entities.
Apple says it is not aware anyone using Lockdown Mode got hacked (TechCrunch) Last year, Apple launched a special new protection for at-risk users — such as journalists and activists — called Lockdown Mode, designed to limit some
Report: 2.6B records compromised by data breaches, underscoring need for E2EE (Apple Newsroom ) Today Apple published an independent study that shows an increasing number of data breaches worldwide.
State of Log4j Vulnerabilities: How Much Did Log4Shell Change? (Veracode) Discover new research about the state of Log4j vulnerabilities. What we found illustrates how unaddressed security technical debt exposes organizations to numerous risks.
Future Intel, AMD and Arm CPUs Vulnerable to New ‘SLAM’ Attack: Researchers (SecurityWeek) Security features that major CPU vendors plan on integrating into their future products can increase the surface for certain types of attacks.
Your mobile password manager might be exposing your credentials (TechCrunch) Researchers say the "AutoSpill" bug can exposes mobile-stored credentials. One password manager company said they plan to make changes.
Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials (Hackread) Intruder.io, a London, England-based cybersecurity firm, conducted a self-hack using a DNS rebinding attack, enabling them to extract low-privileged AWS credentials.
Trustwave SpiderLabs Uncovers Critical Cybersecurity Vulnerabilities Exposing Manufacturers to Costly Attacks (Trustwave) Chicago – December 6 – Trustwave, today unveiled comprehensive research highlighting the distinct cybersecurity threats confronting manufacturers.
Ransomware Attacks on Industrial Orgs Increasingly Impact OT Systems: Survey (SecurityWeek) Ransomware attacks aimed at industrial organizations are increasingly impacting OT systems, according to a Claroty report.
F5 BIG-IP Remote Code Execution - CVE-2023-46747 - Vulnerability Analysis and Exploitation (CYFIRMA) EXECUTIVE SUMMARY CYFIRMA’s Research team present this extensive analysis, a critical vulnerability, CVE-2023-46747, analyzed within F5 BIG-IP Traffic Management User...
Researchers automated jailbreaking of LLMs with other LLMs (Help Net Security) AI security researchers have designed a technique that can speedily jailbreak large language models (LLMs) in an automated fashion.
Socso allegedly hit by cyberattack; agency to release statement today (Updated) (The Star) "We are aware and will be releasing a full statement," a representative said when contacted by LifestyleTech.
Carpet cleaning giant Stanley Steemer reports data breach affecting 68,000 individuals (teiss) Stanley Steemer, a prominent carpet cleaning company, disclosed that nearly 68,000 individuals fell victim to a cyberattack the firm encountered in March.
Merry Phishmas: Beware US Postal Service Phishing During the Holidays (DomainTools) DomainTools is monitoring several USPS phishing campaigns, including activity that aligns with known tactics, techniques, and procedures of the China-based “Chenlun” phishing actor and their affiliates
Security Patches, Mitigations, and Software Updates
CISA Releases Five Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) CISA released five Industrial Control Systems (ICS) advisories on December 7, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-341-01 Mitsubishi Electric FA Engineering Software Products
ICSA-23-341-02 Schweitzer Engineering Laboratories SEL-411L
ICSA-23-341-03 Johnson Controls Metasys and Facility Explorer
ICSA-23-341-05 ControlbyWeb Relay
ICSA-23-341-06 Sierra Wireless AirLink with ALEOS firmware
Gmail Quietly Rolls Out Massive Security Update For 1.8 Billion Users (Forbes) Google has quietly introduced what it says is the largest security upgrade in years for Gmail users. Here’s what the AI-powered update will do.
Trends
Ransomware, Data Breaches Inundate OT & Industrial Sector (Dark Reading) Because of the criticality of remaining operational, industrial companies and utilities are far more likely to pay, attracting even more threat groups and a focus on OT systems.
Ransomware-as-a-Service: The Growing Threat You Can't Ignore (The Hacker News) Ransomware-as-a-Service (RaaS): The Rising Threat in Cybersecurity. Learn how this alarming trend is transforming the cybercrime landscape.
Marketplace
The Cyber Insurance Outlook: How coverage is evolving with the current cyber threat landscape (Arctic Wolf) Organizations see cyber insurance as essential, and as policies evolve the process for gaining and retaining coverage requires increased resources and coordination. In this report, CyberRisk Alliance and Arctic Wolf investigate findings from a recent survey of more than 500 IT security professionals to understand how organizations are evaluating cyber insurance policies – from decoding new coverage requirements and controls to quantifying risk so that leadership can make informed buying decisions.
IBM Consulting and Palo Alto Networks Announce Expansion of Key Strategic Cybersecurity Partnership (Telecom Reseller) IBM (NYSE: IBM) Consulting and Palo Alto Networks (NASDAQ: PANW) today announced that they will expand their strategic partnership to better enable clients to strengthen their end-to-end security postures and navigate evolving security threats.
The OpenAI Board Member Who Clashed With Sam Altman Shares Her Side (Wall Street Journal) In an interview, Helen Toner, an AI academic from Australia, explains her posture in the power struggle at OpenAI.
Bank of America Executive Joins FS-ISAC as Chief Information Security Officer (FS-ISAC) FS-ISAC today announced the appointment of John Denning as Chief Information Security Officer (CISO). Denning’s appointment will be effective as of January 1, 2024.
Ryan LaSalle Joins Nisos®, The Managed Intelligence Company™ as Chief Executive Officer (PR Newswire) Nisos, the leader in Managed Intelligence™, today announced that Ryan LaSalle has joined the company as Chief Executive Officer. Ryan has over...
ASIS International Announces 2024 Global and Regional Board Appointments and Other Governing Boards (ASIS) ASIS International Announces 2024 Global and Regional Board Appointments, including the newly added Latin America Caribbean Region
Products, Services, and Solutions
New infosec products of the week: December 8, 2023 (Help Net Security) The featured infosec products this week are from: Atsign, Daon, Global Integrity, Living Security, Panther Labs, Searchlight Cyber, and Varonis.
QuSecure’s QuProtect Named Best Quantum Cyber Security Solution of 2023 (QuSecure) QuProtect Honored as Industry’s Only Fully Orchestrated Solution Delivering Validated Post-Quantum Cryptography with Managed Deployment that is Monitored for Attack and Actively Defended
Alan B Levan | NSU Broward Center of Innovation Announces Strategic Partnership with Telefónica Tech (NewsBreak Original) In a move set to bolster cybersecurity capabilities and promote innovation in South Florida, the Alan B. Levan | NSU Broward Center of Innovation (Levan Center of Innovation) has announced a strategic partnership with Telefónica Tech, a global leader in tech services for the B2B market.
Contrast Security Recognized by the 2023 Gartner® Peer Insights™ Voice of the Customer (Contrast Security) Contrast Security Recognized by the 2023 Gartner® Peer Insights™ Voice of the Customer for Application Security Testing
Experian Integrates Behavioral Analytics Tech From NeuroID (Find Biometrics) Experian has partnered with Montana-based NeuroID, integrating the latter’s behavioral biometrics technology into its CrossCore and PreciseID anti-fraud solutions.
Phylum integrates with Sumo Logic to identify software supply chain attacks (Help Net Security) With the Phylum App for Sumo Logic, users can know if their organization has been impacted by software supply chain risks.
Technologies, Techniques, and Standards
Burn and Churn: CISOs and the Role of Cybersecurity Automation (SecurityWeek) Organizations need to listen to their CISOs and start turning to cybersecurity automation for the qualitative benefits of employee satisfaction and well-being.
Chief Digital and Artificial Intelligence Office to Host Hackathon in Hawaii (U.S. Department of Defense) The DOD will host a hackathon in February 2024, on the island of Oahu, Hawaii.
DOD Recognizes Top Technology, Cyber Performers (U.S. Department of Defense) DOD recognized more than a dozen individuals and teams who contributed in exceptional ways to the advancement of the department's information technology goals during 2023.
Design and Innovation
Early impressions of Google's Gemini aren't great (TechCrunch) Google released a flagship generative AI model this week. The early impressions aren't great, unfortunately.
If ChatGPT is an 'iPhone moment' how should IT leaders respond? (Computing) At the end of 2023 a big question for IT leaders is how and where to start rolling out AI. It’s not as if they have a choice.
These robots know when to ask for help (MIT Technology Review) Large language models combined with confidence scores help them recognize uncertainty. That could be key to making robots safe and trustworthy.
Research and Development
Qrypt Partners with Los Alamos National Labs to Advance Quantum Random Number Generation Technology (Qrypt) Qrypt achieves quantum breakthrough with LANL, delivering true randomness for robust cloud-based security against quantum threats.
Academia
Big Tech funds the very people who are supposed to hold it accountable (Washington Post) As big technology companies like Google and Meta face increasing criticism from researchers, they are expanding their influence in academia
Legislation, Policy, and Regulation
China seeks public opinion on regulation of cybersecurity incident reporting (China Daily) China's internet watchdog on Friday released a draft regulation on the management of the reporting of cybersecurity incidents and began soliciting public opinion on the matter.
US and EU infosec bodies sign intel-sharing pact (Register) As Cyber Solidarity Act edges closer to full adoption in Europe
Final defense bill drops Cyber Force study (Record) The proposal would have mandated the Defense Department hire the National Academy of Public Administration to examine the feasibility of creating a seventh, cyber-specific military service.
House committee approves bill that would renew Section 702 surveillance (Record) The House Intelligence Committee on Thursday unanimously approved legislation to reauthorize a controversial surveillance program, setting up a clash with a competing congressional panel.
Litigation, Investigation, and Law Enforcement
Governments forcing Apple and Google to share notification data (Computing) Governments around the world have been using smartphone push notifications to spy on users, according to a letter US Senator Ron Wyden sent to the Department of Justice.
US police agencies took intelligence directly from IDF, leaked files show (the Guardian) Analysis of BlueLeaks trove also shows police received training on domestic ‘Muslim extremists’ from pro-Israel groups
A man accused of helping North Korea evade US sanctions using crypto once said he wanted to help create a 'paradise society' (Business Insider) Alejandro Cao de Benós is accused of helping North Korea evade US sanctions using crypto. In 2015 he said he wanted to create a paradise society there.
Russian citizen pleads guilty to operating Bitzlato crypto exchange used by cybercriminals (Record) A Russian citizen pleaded guilty to running the cryptocurrency exchange Bitzlato, which became “a haven for illicit transactions by ransomware criminals,” according to the U.S. Department of Justice.
HHS’ Office for Civil Rights Settles First Ever Phishing Cyber-Attack Investigation (HHS.gov) OCR cyber attack investigation settlement
Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme (The Hacker News) Founder of Bitzlato cryptocurrency exchange pleads guilty to running an unlicensed money-transmitting business that aided money launderers
Premier Health Partners Hit With Latest Suit Over MOVEit Hack (Bloomberg Law) Premier Health Partners allegedly failed to protect the information of more than 2 million people that was exposed in a May data breach that resulted from a cyberattack on Progress Software’s MOVEit file-transfer service, according to a lawsuit.