Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+655: GRU phishes humanitarian aid organizations. (CyberWire) Russia's military intelligence service is running a phishing campaign aimed at collecting against European humanitarian organizations.
Qatar says ‘narrowing window’ for freeing more hostages held in Gaza – as it happened (the Guardian) This blog is now closed.
Hamas’s Goal in Gaza (Foreign Affairs) How a strategy to reunify the Palestinian struggle led to a devasting war.
ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware (Security Intelligence) As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor.
FBI: Cyberattack against Aliquippa water authority was a targeted 'escalation' on overlooked technology (Pittsburgh Post-Gazette) In the wake of a cyberattack on a Western Pennsylvania water utility, federal officials are urging infrastructure operators to tighten their security —...
White House aide says Iranian hack of US waterworks is call to action (C4ISRNet) The hackers, who U.S. and Israeli officials said are tied to Tehran’s Islamic Revolutionary Guard Corps, breached multiple organizations in several states.
Russia-Ukraine war at a glance: what we know on day 656 (the Guardian) Zelenskiy to visit Washington in bid to break Senate deadlock on aid; Ukrainian president attends inauguration of Javier Milei in Argentina
Russia-Ukraine war at a glance: what we know on day 655 (the Guardian) Kyiv condemns plans to hold Russian elections in occupied territory; Volodymyr Zelenskiy heads to Argentina for inauguration of far-right counterpart Javier Milei
Putin’s Russia is closing in on a devastating victory. Europe’s foundations are trembling (The Telegraph) Kyiv’s counter-offensive has ended in failure. This could be Nato’s Suez moment
Dissent in Russia Grows Over War in Ukraine (Real Clear Defense) Russians have long viewed making direct appeals to their supreme leader as their last chance to achieve justice.
Republicans to meet allies of Hungary’s Viktor Orbán on ending Ukraine aid (the Guardian) Hungarian appearance at two-day event part of Orbán’s transatlantic attempt to bolster Russia’s war
Republican senator says Ukraine may have to cede land to Russia to end war (Guardian) JD Vance, one of GOP lawmakers who voted to block Ukraine aid package, asks ‘what $61bn would accomplish that $100bn hasn’t’
Ukraine’s Zelensky appears increasingly embattled as U.S. backing wavers (Washington Post) Anxiety is mounting in Ukraine as disagreements in Washington continue to stall billions of dollars of urgently needed wartime funding — aid that officials here say is crucial to keep the country running as the war with Russia grinds on.
Ukraine has won a major victory over Russia (Telegraph) Millions of tons of grain to feed the world's hungry shipped out via Snake Island
Cybercriminals send dangerous emails about "judicial claims" and "debts": Ukraine and Poland under attack (SSSCIP) The government computer emergency response team of Ukraine CERT-UA, which operates under the State Special Communications, discovered the fact that the UAC-0050 group was sending out dangerous e-mails supposedly on behalf of the state authorities of Ukraine.
UAC-0050 mass cyberattack using RemcosRAT/MeduzaStealer against Ukraine and Poland (CERT-UA#8218) (CERT-UA) The government computer emergency response team of Ukraine CERT-UA takes organizational and technical measures to prevent, detect and respond to cyber incidents and cyber attacks.
Hackers impersonated Ukrainian agencies in emails to Polish officials (Kyiv Independent) The hacker group UAC-0050 sent emails claiming to be from Ukrainian government agencies to Polish state authorities, the State Special Communications Service reported on Dec. 8.
Remcos RAT and Meduza Stealer Detection: UAC-0050 Group Launches a Massive Phishing Attack Against State Bodies in Ukraine and Poland (SOC Prime) Detect new UAC-0050 attacks against Ukraine and Poland spreading Remcos RAT and Meduza Stealer with Sigma rules from SOC Prime Platform.
The Russians are coming! Err, they've already infiltrated (Register) The Russians are coming! Err, they've already infiltrated UK, US inboxes
Russian military hackers target NATO fast reaction corps (BleepingComputer) Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps.
Strangling Putin’s legal system could bring about his downfall (The Telegraph) Sanctioning local prosecutors, and people running prisons and penal colonies, would paralyse Russia's criminal state
Vladimir Putin is running Russia’s economy dangerously hot (The Economist) Extravagant war spending is fuelling inflation
Ukraine cracks down on draft-dodging as it struggles to find troops (Washington Post) Soon after Russia’s invasion in February 2022, Ukraine beefed up its border defenses near this Carpathian mountain village.
Russian American journalist Masha Gessen put on Kremlin’s wanted list (the Guardian) Prominent journalist – who lives in the US – was placed on the list after discussing atrocities committed in Ukraine by Russian forces
Attacks, Threats, and Vulnerabilities
China’s cyber army is invading critical U.S. services (Washington Post) A utility in Hawaii, a West Coast port and a pipeline are among the victims in the past year, officials say
Sandman APT | China-Based Adversaries Embrace Lua (SentinelOne) SentinelLabs, Microsoft, and PwC threat intelligence researchers provide attribution-relevant information on the Sandman APT cluster.
5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips (Security Affairs) A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems impacts Android and iOS devices.
New 5G attack named 5Ghoul can exploit Qualcomm, MediaTek chips (BeyondMachines) The "5Ghoul" attack exploits critical vulnerabilities in Qualcomm and MediaTek 5G modems, affecting numerous 5G smartphones, routers, and USB modems, with risks including service disruptions and unauthorized network access, and responses from vendors include security bulletins and patches, though their distribution may be delayed.
AutoSpill attack steals credentials from Android password managers (BleepingComputer) Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation.
Android password managers vulnerable to 'AutoSpill' attack, researchers warn (Computing) Researchers have developed a new attack named "AutoSpill," affecting several popular Android password managers.
Flaws in Delta OT Monitoring Product Can Allow Hackers to Hide Destructive Activities (SecurityWeek) Critical vulnerabilities in a Delta OT monitoring product can allow hackers to hide their destructive activities from the victim.
MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF (Fortinet Blog) FortiGuard Labs uncovers a sophisticated phishing campaign deploying MrAnon Stealer via fake booking PDF. Learn more.…
Analysis: Fake hotel reservation scam seen spreading info stealer malware (CyberDaily) A new phishing scam is doing the rounds, tricking hotel owners into installing malware called MrAnon Stealer.
Getting gooey with GULOADER: deobfuscating the downloader (Elastic Security Labs) Elastic Security Labs walks through the updated GULOADER analysis countermeasures.
Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques (The Hacker News) Threat hunters have discovered new tactics used by the GuLoader malware to evade analysis.
Be wary of QR code scams, warns the FTC (The Verge) QR codes can steal personal info or money.
Over 30% of Log4J apps use a vulnerable version of the library (BleepingComputer) Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years.
Verizon fell for fake “search warrant,” gave victim’s phone data to stalker (Ars Technica) Verizon tricked by fake cop, fake search warrant despite obvious warning signs.
HTC confirms cyber attack (Cyber Security Hub) BlackCat/ALPHV ransomware group leaked photos of what appears to be stolen passports, contact lists, emails and confidential documents
Seattle cancer center confirms data breach, cyber criminals threatening patients (WPDE) A Seattle cancer center confirms it has been the victim of a cyber attack and some patients have received email threats as a result.
Cancer patients face blackmail threats after Fred Hutch data breach Seattle cancer patients face blackmail threats after recent Fred Hutch data breach (MyNorthwest.com) As if battling cancer isn’t hard enough, now patients at UW's Fred Hutchinson Cancer Center are being extorted.
Giving Platform for Nonprofit Organizations Exposed Donor Records in Major Data Breach (vpnMentor) Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained just under 1 million records, which included
Central Virginia transit system affected by cyber incident (Record) The Greater Richmond Transit Company (GRTC) was hit with a cyberattack in late November which "temporarily" impacted its network.
HTX's Troubles Continue: $258 Million Flows Out (Finance Magnates) Investors are withdrawing their assets from HTX after an exploit on November 22 that forced the exchange to halt services and incurred a loss of $30 million.
University of Wollongong says data ‘likely’ accessed in cyber attack (CyberDaily) The University of Wollongong (UOW) has confirmed a cyber incident affecting its systems that has likely resulted in data being accessed by unauthorised users.
Beyond phishing: The top employee security risks you're probably not measuring (BetaNews) While we all know email is a big target for attackers, it’s important to remember that email is not the only risk vector. As companies use more tools and features, the risks grow too. Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviors to get a holistic view of your risks. By doing so, you can focus resources more efficiently.
CISA adds Qlik bugs to exploited vulnerabilities catalog (Record) The federal agency added the two bugs affecting Qlik Sense to its list and gave federal civilian agencies until December 28 to patch the issues.
Security Patches, Mitigations, and Software Updates
Atlassian Releases Security Advisories for Multiple Products (Cybersecurity and Infrastructure Security Agency | CISA) Atlassian has released security updates to address vulnerabilities affecting multiple Atlassian products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
Google shares “fix” for deleted Google Drive files (BleepingComputer) Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. However, the fix isn't working for all affected users.
Trends
Cyfirma Industry Report : TELECOMMUNICATIONS & MEDIA (CYFIRMA) EXECUTIVE SUMMARY: The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each...
Marketplace
Cybersecurity jobs vacancies are a 'problem,' Crowdstrike CEO on millions of positions available (The Global Herald) Yahoo Finance published this video item, entitled "Cybersecurity jobs vacancies are a 'problem,' Crowdstrike CEO on millions of positions available" - below
OpenAI leaders warned of abusive behavior before Sam Altman’s ouster (Washington Post) The senior employees described Altman as psychologically abusive, creating chaos at the artificial-intelligence start-up — complaints that were a major factor in the board’s abrupt decision to fire the CEO
Inside OpenAI’s Crisis Over the Future of Artificial Intelligence (New York Times) Split over the leadership of Sam Altman, board members and executives turned on one another. Their brawl exposed the cracks at the heart of the A.I. movement.
Elon Musk restores X account of conspiracy theorist Alex Jones (AP News) Elon Musk has restored the X account of conspiracy theorist Alex Jones. It comes after Musk posted a poll this weekend on the social media platform formerly known as Twitter that came out 70% in favor of the Infowars host, who repeatedly has called the 2012 Sandy Hook school shooting a hoax.
Darktrace non-exec director rejected by investors over Lynch connection (Reuters) Shareholders in British cyber security firm Darktrace (DARK.L) on Thursday voted against the election of non-executive director Patrick Jacob over concerns about his connection to Mike Lynch, the entrepreneur extradited to the United States to face fraud charges.
Dallas' Skybox Datacenters Appoints SVP of Design and Construction (Dallas Innovates) Ken Clausen brings more than 25 years of comprehensive experience in corporate real estate, encompassing design, construction, and property management across diverse sectors including data center, industrial, medical, manufacturing, retail, and corporate office to his new role.
Products, Services, and Solutions
Apple responds to the Beeper iMessage saga: ‘We took steps to protect our users’ (The Verge) Beeper Mini made Android users blue bubbles. Apple shut it down after only a few days.
Meet Fortinet Advisor, a Generative AI Assistant that Accelerates Threat Investigation and Remediation (Fortinet) Fortinet harnesses more than a decade of AI innovation and deep threat expertise to empower customers with a cutting-edge GenAI tool that upskills cybersecurity teams.
Versa Networks Achieves Common Criteria EAL4+ Certification Further Validating the Security and Controls of its SASE and Secure SD-WAN Operating System (Business Wire) Versa Operating System (VOS) Independently Certified to Meet Stringent EAL4+ Security Requirements Used in High-Assurance Deployments
Technologies, Techniques, and Standards
US Army eyes overhaul of theater-level signals intelligence tools (C4ISRNet) The Pentagon is putting a premium on digital weaponry and sensors, including jammers, hacking tools and devices that can quickly cue onto communications.
Design and Innovation
Google’s Gemini Looks Remarkable, But It’s Still Behind OpenAI (Bloomberg) The tech giant’s latest AI model is only marginally better than the one from OpenAI that’s been out for eight months.
Anthropic's latest tactic to stop racist AI: Asking it 'really really really really' nicely (TechCrunch) The problem of alignment is an important one when you're setting up AI models to make decisions in matters of finance and health. But how can you reduce
Academia
USM Earns National Designation as Center of Academic Excellence in Cyber Defense (WXXV News 25) Through its diligent efforts in cybersecurity education, The University of Southern Mississippi (USM) has earned distinction as a Center of Academic Excellence in Cyber Defense (CAE-CD). The prestigious honor is earned via a program established by The National Security Agency and the Department of Homeland Security. USM’s School of Computing Sciences and Computer Engineering (CSCE) initiated the award process that...
Legislation, Policy, and Regulation
E.U. Agrees on Landmark Artificial Intelligence Rules (New York Times) The agreement over the A.I. Act solidifies one of the world’s first comprehensive attempts to limit the use of artificial intelligence.
EU agrees world's first legal AI regulations (Computing) EU negotiators have announced the world's first comprehensive set of rules to regulate artificial intelligence, described as a "launch pad" to lead the global AI race.
The European Parliament has an election security problem (POLITICO) EU elections are coming but the institution’s cybersecurity isn’t up to scratch to fight off the imminent deluge of attacks, insiders warn.
Greece Moves to Enhance Cyber Security Amid Frequent Attacks (Balkan Insight) On paper, Greece has what it needs to tackle a growing number of cyber-attacks. In practice, it’s behind the curve, experts warn.
NSA Focuses on Talent as Pace of Technology Quickens (U.S. Department of Defense) The National Security Agency's ability to recruit and retain top talent is key to meeting the demands of the future, agency director Army Gen. Paul M. Nakasone said.
With new threats, 'CYBERCOM 2.0' must push past 'status quo': Nakasone (Breaking Defense) "We’ve had tremendous experience. But the scope, scale, sophistication of the threat has changed," US Cyber Command chief Gen. Paul Nakasone said.
Cyber Command’s Nakasone urges renewal of foreign spy law (C4ISRNet) Section 702 allows the government to collect and review communications like emails and text messages of foreigners abroad. Critics say it's ripe for abuse.
The U.S. Government’s Most Powerful Spying Tool Is Fighting for Its Life (Wall Street Journal) The Biden administration’s efforts to renew legislation that allows the U.S. to track the electronic communications of terrorists, spies and hackers overseas face increasing opposition.
Cyber Victim Requests to Delay Securities and Exchange Commission Public Disclosure Police Notice 1297N. (FBI Policy Notice) This Policy Notice (PN) establishes procedures by which Federal Bureau of Investigation (FBI) personnel will document cybersecurity incident public disclosure display requests...
FBI explains how companies can delay SEC cyber incident disclosures (Record) The FBI document follows controversial new rules that the SEC approved in June requiring companies to quickly disclose “material” cybersecurity incidents.
HHS proposes new cybersecurity requirements for hospitals through HIPAA, Medicaid and Medicare (Record) The United States Department of Health and Human Services (HHS) said it is planning to take a range of actions in an effort to better address cyberattacks on hospitals, which have caused dozens of outages across the country in recent months.
Congress might act on AI-generated content in 2024 (CIO | TechTarget) While Congress might be hesitant to act on some facets of artificial intelligence, it could advance legislation targeting AI-generated content in 2024.
Litigation, Investigation, and Law Enforcement
UK and allies sanction human rights abusers (GOV.UK) UK and allies have sanctioned human rights abusers 75 years after Universal Declaration of Human Rights.
UK sanctions nine linked to cyber trafficking in Southeast Asia (Record) The United Kingdom on Friday sanctioned 14 individuals and entities connected to Southeast Asia’s sprawling online scamming industry — the first such designation directly targeting the human traffickers who con workers into carrying out fraud.
Cyber scam call center slavery expands beyond southeast Asia (Register) Interpol increasingly concerned as abject abuse of victims scales far beyond Asia origins
23andMe changes terms of service amid legal fallout from data breach (Axios) Days after a data breach allowed hackers to steal 6.9 million 23andMe users' personal details, the genetic testing company changed its terms of service to prevent customers from formally suing the firm or pursuing class-action lawsuits against it.
Microsoft’s OpenAI Ties Face Potential UK Antitrust Probe (Bloomberg) CMA seeking views on whether the relationship should be probed. Move is less than two months since watchdog cleared Activision.
ALPHV/BlackCat Site Downed After Suspected Police Action (Infosecurity Magazine) Notorious ransomware collective ALPHV/BlackCat may have been disrupted by law enforcement
ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related (Dark Reading) Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement.
ALPHV ransomware site outage rumored to be caused by law enforcement (BleepingComputer) A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours.
AlphV (BlackCat) leak site reportedly taken down by law enforcement (1) (DataBreaches.net) When the AlphV site went offline yesterday, rumors started. Now intel firm RedSense has tweeted that they can confirm it was a law enforcement takedown: Today,...
ALPHV Ransomware Site Outage: What We Know So Far (ReliaQuest) The ALPHV ransomware data-leak site has been offline for 30 hours, raising speculation of disruption by law enforcement activity. Here's what we know so far.
Briefing: UK Regulator and U.S. FTC Examine Microsoft-OpenAI Deal (The Information) The UK’s antitrust regulator is weighing whether to investigate Microsoft’s deal with OpenAI on antitrust grounds, the agency said on Friday. Meanwhile, the Federal Trade Commission in the U.S. is also looking into the partnership between the two companies to see whether it violates antitrust law, Bloomberg reported. The FTC’s inquiry isn’t yet a formal investigation, the report said.
Briefing: Amazon Asks Court to Dismiss FTC Antitrust Suit (The Information) Amazon on Friday asked a federal court to dismiss the Federal Trade Commission’s antitrust lawsuit accusing the company of exploiting online sellers and squashing competition, saying the FTC misrepresented its practices and failed to identify anticompetitive behavior.
HHS’ Office for Civil Rights Settles First Ever Phishing Cyber-Attack Investigation (HHS.gov) OCR cyber attack investigation settlement
SEC Probes Investment Advisers’ Use of AI (Wall Street Journal) The Securities and Exchange Commission is asking investment advisers how they use and oversee artificial intelligence, as agency head Gary Gensler continues to express skepticism about the technology.
Amazon Says Thieves Swiped Millions by Faking Product Refunds (Bloomberg) Shoppers took gaming consoles, smartphones, tires and gold. Scammers live in US, five other countries, according to suit.
‘Ego and resentment’: what led former US diplomat to spy for Cuba? (the Guardian) Manuel Rocha, ambassador who became turncoat, may have harboured ill feelings towards establishment elite
How The Federal-Private Speech Police Operated In Election 2020: With Radar Highly Attuned To The Right (ZeroHedge) "A few examples of the tickets EIP produced..."