Complex cyber threats in two hybrid wars.

Announcement

Cybersecurity and IT practice tests - now just $39 each.

Make 2024 the year you earn a new professional certification. For a limited time, N2K is offering our full catalog of certification practice tests for just $39 each. Choose from our extensive library of certification titles from leading vendors like AWS, CompTIA, Microsoft, CISCO, and more. Visit n2k.com/certify to view our practice test catalog and get started today.

Quarterly Industry Insights Analyst Call - open to the public.

This quarter’s analyst call is open to the public, so join us on Tuesday, December 19, 2023 at 2pm EST for this live and interactive event. N2K’s resident expert, Rick Howard, will be joined by Merritt Baer, Field CISO at Lacework, and Caroline Wong, CSO at Cobalt, to break down the most impactful news and events from the last 90 days, and dive into why it matters to organizations and our industry. Register now.

Summary

By the CyberWire staff

At a glance.

Apache Struts vulnerability exploited in the wild.
USPS impersonation.
SEC disclosure rules go into effect Monday.
FCC promulgates disclosure rules.
AI in the US Federal Government.
Iran's record against Israeli targets.
An Israeli company claims to have organized an international cyber militia against Hamas.
Kyivstar continues its recovery.

Apache Struts vulnerability exploited in the wild.

Sonatype describes a newly discovered remote code execution vulnerability in Apache’s Struts2 Framework (CVE-2023-50164). Sonatype explains, “At its core, this vulnerability allows attackers to exploit a flaw in Apache Struts's file upload system. It lets them manipulate the file upload parameters and perform path traversal. This exploitation can result in arbitrary code execution on the server, leading to various outcomes like unauthorized data access, system compromise, or even complete control over the affected systems, including placing malicious files within systems.”

Gridinsoft notes, “The vulnerability affects the following versions of Apache Struts 2.3.37 (End of Life), 2.5.0 to 2.5.32 and Struts 6.0.0 to 6.3.0. Apache released patches in Struts versions 2.5.33 and 6.3.0.2 or later to address this issue. The developer does not offer any workarounds to mitigate the issue, so applying the patch update as soon as possible is crucial.”

USPS impersonation.

Researchers at Uptycs are tracking a smishing campaign that’s impersonating the US Postal Service in order to steal victims’ personal and financial information. The text messages inform recipients that a USPS delivery requires their attention, and direct them to click on a link in order to resolve the issue. The link leads to a fake USPS website that asks the user to enter their name, address, and billing information.

The researchers have tied this campaign to over a thousand active phishing sites. Uptycs believes the scammers are based in China, and are targeting users around the world.

Build an Effective Endpoint Detection and Response Strategy

Are you ready to simplify your endpoint security? Join the live virtual event to discover how you can safeguard your AWS environment with tools available in AWS Marketplace. Register now.

SEC disclosure rules go into effect Monday.

The US Securities and Exchange Commission’s (SEC’s) cybersecurity disclosure rules take effect on Monday. The rules require publicly traded companies to disclose cybersecurity incidents within four business days after the company determines an incident to be material.

Erik Gerding, Director of the SEC’s Division of Corporation Finance, said in a statement yesterday, “These rules will provide investors with timely, consistent, and comparable information about an important set of risks that can cause significant losses to public companies and their investors. This disclosure can help investors evaluate those risks as they make investment and voting decisions.”

The FBI has issued guidance for victims of cyber incidents who want to submit a request to delay SEC-mandated public disclosures in cases where national security or public safety are concerned.

The Wall Street Journal sees determining materiality as likely to be the most problematic challenge publicly traded companies will encounter as they seek to comply with the new disclosure rules.

FCC promulgates disclosure rules.

The US Federal Communications Commission (FCC) on Wednesday voted to expand breach notification requirements for telecoms, GovInfoSecurity reports. The Commission says the “action would hold phone companies accountable for protecting sensitive customer information, while enabling customers to protect themselves in the event that their data is compromised.” The new rules cover all personally identifiable information held by telecoms, and “expand[s] the definition of ‘breach’ to include inadvertent access, use, or disclosure of customer information, except in those cases where such information is inadvertently acquired by an employee or agent of a carrier or TRS provider, and such information is not used improperly or further disclosed.”

Several Republican senators, as well as two of the FCC’s commissioners, have challenged the ruling, arguing that the FCC doesn’t have the authority to issue data security rules, MediaPost reports.

Optimize the value of your biggest investment – your cyber talent.

Gain actionable insights to continuously build and maintain high-performance teams, climb the knowledge curve, and stay ahead in a rapidly changing world. CyberVista’s Strategic Cyber Workforce Intelligence is a comprehensive solution designed to identify current capabilities and develop a data-driven framework to enrich hiring, upskilling, and career mobility efforts in your people strategy that evolves with ongoing organizational transformation. Learn more.

AI in the US Federal Government.

Splunk has published a report on the use of artificial intelligence in the public and private sectors, finding that 79% of public sector and 83% of private sector organizations have started to use AI in production. The researchers state, “Automation is the biggest priority with respect to AI technology at both public and private sector organizations over the next 12 months (44% at public sector organizations and 53% in the private sector are using or will use AI to increase productivity through automation). Other top priorities include improving innovation and idea generation (30% of all respondents), improving goods or services (30%), improving citizen/customer experiences (29%), and detecting and assessing cyber risk (26%).”

The report also determined that a lack of trust in AI systems is the top obstacle to expanding the use of these tools in the public sector.

Iran's record against Israeli targets.

While the Gaza Cybergang, the threat group most closely associated with Hamas, retains its long-standing preoccupation with intra-Palestinian targeting, Iranian groups have been active against Israel. ESET describes the techniques one of them, OilRig (also tracked as APT34, Lyceum, Crambus, and Siamesekitten), has used against Israel since the most recent wave of attacks began in 2022. During that campaign OilRig employed four new downloaders--SampleCheck5000 (SC5k v1-v3), ODAgent, OilCheck, and OilBooster--all of them relatively noisy and unsophisticated, but often effective nonetheless. The attacks used legitimate cloud services for command-and-control. OilRig is a cyberespionage operation, interested principally in collection as opposed to theft or sabotage.

An Israeli company claims to have organized an international cyber militia against Hamas.

Israeli law prohibits private companies from attacking international cyber systems, but according to the Jerusalem Post one Israeli company, CyTaka, believes it's found a way to hit back at Israel's enemies in cyberspace without running afoul of the law: engage international partners. "Their efforts target disinformation distribution, psychological warfare, and offensive cyberoperations that fund terrorist organizations." The CyTaka-organized operators are empowered to undertake targeted cyber counterattacks. "By identifying and neutralizing hacker networks," the Jerusalem Post writes, "economic losses from attacks can be mitigated."

Kyivstar continues its recovery.

The Russian cyberattack that knocked telco and ISP Kyivstar out this week was, according to Ukrinform, one of the largest successful cyberattacks ever seen in Europe. Kyivstar reports that it's now largely restored voice service, and is in the process of restoring mobile data service. "According to the latest updates from Kyivstar," the company's Netherlands-based corporate parent VEON said in a media release, "in the territory controlled by Ukraine:

"More than 90% of mobile base stations are now operational
"Voice services have been switched on across the country
"Data connectivity on the fixed network is now active and available
"Re-activation of mobile data connectivity has also begun, starting with Ivano-Frankivsk in Western Ukraine – the first region where mobile internet is restored."

Late last night Developing Telecoms reported that Kyivstar had substantially restored broadband Internet service, but, as Reuters observed some hours earlier, full recovery is probably still a matter of weeks away.

The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.

Notes.

Today's issue includes events affecting the European Union, Gaza, the Holy See, Iran, Israel, Russia, Ukraine, the United Kingdom, and the United States.

Creating Connections: Looking back to look ahead.

The current issue of Creating Connections is out, with notes and coverage of the contributions women are making to cybersecurity.

Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.

Ukraine at D+659: Russian attrition tactics count on war-weariness in the West. (CyberWire) A battle of attrition continues in Marinka as Russia sees hope in Western war-weariness. Kyivstar works toward full restoration of service, but it will be a long process.

Israel-Hamas War: Washington Urges Israel to Scale Back Ground War in Gaza by Year’s End (New York Times) The Biden administration has called on Israeli officials to move to a more precise and targeted strategy.

Opinion | What Worries Me About the Gaza War After My Trip to Arab States (New York Times) A legitimate Palestinian partner and a commitment to negotiating a two-state solution are key.

Hamas plot to attack Jewish sites across Europe foiled by police (The Telegraph) Seven suspected members of the terror group have been arrested during raids in Germany, Denmark and the Netherlands

Images of stripped and humiliated Palestinians draw condemnation (Washington Post) The images of the Palestinian men, stripped to their underwear, forced to kneel, some bound, some blindfolded in the custody of Israeli soldiers, were certain to provoke extreme emotions.

Hungry, thirsty and humiliated: Israel's mass arrest campaign sows fear in northern Gaza (AP News) The Israeli military has rounded up hundreds of Palestinians across the northern Gaza Strip, separating families and forcing men to strip to their underwear before trucking some to an undisclosed location.

OilRig’s persistent attacks using cloud service-powered downloaders (We Live Security) ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications.

Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over (Dark Reading) The prolific APT repeatedly compromised targets in healthcare, manufacturing, and government with new lightweight downloaders that blend into network traffic for evasion.

OilRig targets Israel organizations with new lightweight downloaders (Help Net Security) ESET researchers analyzed a growing series of new OilRig downloaders that the group used in several campaigns in the past two years.

Israeli CEO recruits Muslim hackers to fight Hamas in cyberwarfare (The Jerusalem Post) Doron Amir, CEO of CyTaka, successfully recruited hackers from Muslim countries to combat Hamas. In this interview, he explains their motivations.

Israeli Company Hires Overseas Attackers in 'Hack Back' Effort (Dark Reading) CEO of CyTaka says offensive actions would create a deterrent against cyberattacks.

Putin says there will be no peace in Ukraine until his goals, still unchanged, are achieved (AP News) Russian President Vladimir Putin says his objectives with the Ukraine war remain unchanged, with 617,000 Russian soldiers currently there.

Russia and China are part of the same problem for the United States (Atlantic Council) China and Russia act together as an autocratic axis to endanger the United States and its democratic allies, writes Glenn Chafetz. Any attempt to appease Russia in Ukraine would only benefit China and weaken the US.

Historic breakthrough for Ukraine as EU agrees to begin membership talks (Atlantic Council) European leaders have agreed to officially start EU membership talks with Ukraine in a morale-boosting victory for Ukrainians as they defend their country against Russia’s ongoing invasion, writes Peter Dickinson.

Hungary blocks Ukraine aid deal but EU opens door to membership talks (CNN) European leaders agreed to open EU membership talks with Ukraine, in a move hailed as a “victory” by the country’s President Volodymyr Zelensky, but the regional group was unable to pass a crucial aid package for Kyiv after Hungary blocked it.

Ukraine war live: EU to open membership talks with Kyiv as Putin admits heavy losses (The Independent) Vladimir Putin held first major news conference in two years as Ukrainian leader Volodymyr Zelensky headed to Brussels

Against the odds, European Union agrees to open membership negotiations with Ukraine (AP News) The European Union has decided to open accession negotiations with Ukraine and Moldova. European Council President Charles Michel called it “a clear signal of hope for their people and our continent.”

Ukrainian troops unable to respond to Russian attacks, says lawmaker (ABC News) "We can’t win the war single-handed."

Ukraine war: Shell shortages force us to limit firing, Ukrainian troops tell BBC (BBC) The BBC visits a front line where ammunition is low and hears troops' fears of wavering Western support.

U.S. Aid to Ukraine by the Numbers (New York Times) Here’s a look at the assistance the United States has provided for Ukraine’s defense and the political debate about whether more should be sent.

How the US keeps funding Ukraine's military — even as it says it's out of money (AP News) The White House says funding for Ukraine has run out and it has been increasing pressure on Congress to pass stalled legislation to support the war against Russia.

Opinion | This Is the World If Ukraine Loses (POLITICO) If the West doesn’t help Ukraine beat back Russia, your lives will not be the same.

The High Price of Losing Ukraine Military-Strategic and Financial Implications of Russian Victory (Institute for the Study of War) The United States has a much higher stake in Russia's war on Ukraine than most people think. A Russian conquest of all of Ukraine is by no means impossible if the United States cuts off all military assistance and Europe follows suit.

Russia is exploiting JetBrains TeamCity users at large scale (Register) National security and infosec authorities band together to help victims sniff out stealthy Russian baddies hiding in networks

Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach (Hackread - Latest Cybersecurity News, Press Releases & Technology Today) Polish authorities and FortiGuard Labs have issued a warning to customers about a new wave of cyberattacks associated with TeamCity.

US Officials Say Russian Hackers Are Launching Potential SolarWinds-Style Operations (Insurance Journal) U.S. officials say that Russian hackers are targeting servers hosting outdated versions of software made by the Czech tech company JetBrains for potential

Cyberattack on Ukraine’s telecom giant Kyivstar one of largest ever recorded in Europe (Ukrinform) The cyberattack on Kyivstar was one of the most powerful telecom breaches seen in Europe in its entire history.

Kyivstar restores voice services across Ukraine, starts the reactivation of mobile data services (GlobeNewswire News Room) VEON Ltd. (NASDAQ: VEON, Euronext Amsterdam: VEON), a global digital operator that provides converged connectivity and online...

Stunned Putin double-takes as he is confronted with AI deepfake (Mail Online) A student from Saint Petersburg State University had constructed a 'deepfake' likeness of the Russian President, and took the opportunity to ask the real Putin his thoughts on dangers of AI

Why Putin’s awkward Q&A may not be all it seemed (The Telegraph) Text messages on a live feed seemed to pose tough questions, but the Kremlin is not averse to manufacturing manageable criticism

‘They’re also learning’: Russia, Ukraine race to out-innovate each other (Breaking Defense) Tactics and technology advance so fast that a drone that’s cutting-edge today will be obsolescent in two months, Ukrainian and NATO officers say.

Ukraine’s innovative edge counters Russian mass, official says (C4ISRNet) "With whatever capabilities we have now, with whatever capabilities we can be provided by our partners, we are going to fight."

Putin says Russia, U.S. in talks over jailed Wall Street Journal reporter (Washington Post) Russian President Vladimir Putin said Thursday that Moscow and Washington are in contact over U.S. journalist Evan Gershkovich, who has been jailed in Russia since March on espionage charges that the Biden administration and the Wall Street Journal have denounced forcefully as baseless.

Attacks, Threats, and Vulnerabilities

Zscaler ThreatLabz Finds Most Cyberattacks Hide In Encrypted Traffic (GlobeNewswire News Room) 86% of Cyberattacks Are Delivered Over Encrypted Channels, with Manufacturing Being The Most Targeted Industry...

'Disrupt or destroy’: China-linked hackers have targeted U.S. infrastructure ‘to cause societal chaos,’ officials warn — are your finances also vulnerable? (Yahoo Finance) Banks have upped their security in response to new threats.

Rhadamanthys v0.5.0 - a deep dive into the stealer’s components (Check Point Research) Research by: hasherezade Highlights Introduction Rhadamanthys is an information stealer with a diverse set of modules and an interesting multilayered design. In our last article on Rhadamanthys [1], we focused on the custom executable formats used by this malware and their similarity to a different family, Hidden Bee, which is most likely its predecessor. In […]

CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component (Sonatype) The recent identification of CVE-2023-50164 in Apache Struts is quite similar to other vulnerabilities Sonatype has seen and covered in the past.

Vulnerabilities Now Top Initial Access Route For Ransomware (Infosecurity Magazine) More ransomware attacks now start with vulnerability exploitation than phishing, says Corvus Insurance

USPS Smishing Scam 2023 (Uptycs Threat Advisory) Uptycs has uncovered an increase in the phishing campaign targeting the United States Postal Service (USPS). The severity has been deemed critical, with more than 1,400 live phishing websites discovered globally.

U.S. nuclear research lab data breach impacts 45,000 people (BleepingComputer) The Idaho National Laboratory (INL) confirmed that attackers stole the personal information of more than 45,000 individuals after breaching its cloud-based Oracle HCM HR management platform last month.

Hacker Hits One of Crypto Industry’s Biggest Names in Security (Bloomberg) Ledger is one of the largest makers of digital wallets. The hack saw hundreds of thousands of dollars stolen.

Kraft Heinz launches investigation after ransomware gang claims to have stolen data (SiliconANGLE) Kraft Heinz launches investigation after ransomware gang claims to have stolen data - SiliconANGLE

Kraft Heinz investigates hack claims, says systems ‘operating normally’ (BleepingComputer) Kraft Heinz has confirmed that their systems are operating normally and that there is no evidence they were breached after an extortion group listed them on a data leak site.

Giving Platform for Nonprofit Organizations Exposed Donor Records in Major Data Breach (vpnMentor) Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that contained just under 1 million records, which included

Security Patches, Mitigations, and Software Updates

CISA Releases Seventeen Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) SA released seventeen Industrial Control Systems (ICS) advisories on December 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

FortiGuard Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency | CISA) FortiGuard has released security updates to address vulnerabilities in multiple FortiGuard products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products (SecurityWeek) Dell is informing PowerProtect DD product customers about 8 vulnerabilities, including many rated ‘high severity’, and urging them to install patches.

Trends

2024 Cyber-threat Predictions: Scanning the Horizon (ReliaQuest) The ReliaQuest Threat Research Team reveals predictions about prominent cyber threats in 2024, to help cybersecurity professionals prioritize and assign resources.

Dragon's Byte: Securing the AI Realm in 2024 (Harmonic) Curious to understand how security teams will adapt to the changing AI landscape in 2024? Me too. In this blog, I outline my top five predictions for the next 12 months.

Global Mobile App Survey: Consumers Want Better Fraud Protections and App Maker Accountability to Ensure Safe Experiences (PR Newswire) Appdome, the mobile app economy's one-stop shop for mobile app defense, today announced the results of its new 2023 Global Consumer...

Appdome Mobile Consumer Security Survey (Appdome) Read the opinion of 25,000 consumers globally on mobile app security.

THE CHANGING CYBER THREAT LANDSCAPE: ASIA-PACIFIC (APAC) REGION - CYFIRMA (CYFIRMA) EXECUTIVE SUMMARY This Asia Pacific (APAC) Threat Landscape Report provides a comprehensive overview of the evolving cybersecurity landscape in the...

Marketplace

Politics and the Future (Andreessen Horowitz) Technology startups need a voice. We are non-partisan, one issue voters: If a candidate supports an optimistic technology-enabled future, we are for them. If they want to choke off important technologies, we are against them.

Coro Named to Inaugural Fortune Cyber 60 List of the Fastest Growing Companies in Cybersecurity (Business Wire) Coro, the leading provider of cybersecurity for the midmarket, today announced that it was named to the inaugural Fortune Cyber 60 list of the fastest growing companies in cybersecurity.

The People OpenAI Should Consider for Its New Board (The Information) Sam Altman’s sudden ouster and revolving-door return as CEO of OpenAI was the result of a boardroom power struggle between Altman and board members like Helen Toner who raised concerns about the unbridled power of artificial intelligence. The debacle shows that when a board is not aligned with ...

ColorTokens' Momentous 2023 Milestones Pave the Way for Continued Success in 2024 (PR Newswire) ColorTokens Inc., a leading Unified Zero Trust Platform provider, today announced its strong finish to 2023 with key strategic partnerships,...

Jack Berkowitz joins Securiti as its Chief Data Officer (Business Wire) Previously the CDO of ADP, Berkowitz brings deep expertise in enabling Safe use of Data & AI in large-scale environments

Noname Security Expands Leadership Team to Drive Company's Next Phase of Growth (GlobeNewswire News Room) Appointment of Chief Financial Officer, Chief of Staff, and Vice President of R&D sets the stage for momentous growth and increased innovation in 2024...

Products, Services, and Solutions

New infosec products of the week: December 15, 2023 (Help Net Security) The featured infosec products this week are from: Censys, Confirm, Drata, Safe Security, and SpecterOps.

CybeReady Introduces the 2023 Holiday CISO Toolkit to Bolster Cybersecurity During the Season (EIN Presswire) Ensure Employee Safety with CybeReady's Holiday Guidance

Symmetry Systems' Feature-Packed Year: A Milestone in Modern Data Security (PR Newswire) Symmetry Systems, a modern AI-powered data security company, is proud to celebrate a successful 2023 filled with great customer outcomes,...

World’s first cybersecurity marketplace powered by hackers, developed for commercial use (Daily Host News) Zerocopter’s cybersecurity marketplace is backed by the combined intelligence of hackers expert in vulnerability detection.

Splunk Enterprise Security 7.3 Delivers a Refined Analyst Experience and Enhanced Risk Context for Seamless Incident Triage (Splunk-Blogs) Announcing Splunk Enterprise Security 7.3, delivering a refined analyst experience and enhanced risk context for seamless incident triage.

Technologies, Techniques, and Standards

OASIS Launches Initiative to Standardize Machine-Readable End-of-Life Information Exchange for Software and Hardware (EIN News) Cisco, Dell, Huawei, Microsoft, Qualys, Red Hat, Sophos, and Others Collaborate on a Unified Framework for Automated Product Lifecycle Management

Survey: AI Adoption Among Federal Agencies Is Up But Trust Continues to Be An Obstacle to Future Adoption and Use | Splunk (Splunk) Findings Reveal 80% of Public and Private sector Organizations are using AI and that Clear Acceptable Use, Privacy and Security Policies Need to be Set Early For AI Success GovSummit23 – New research from Splunk Inc . (NASDAQ: SPLK), the cybersecurity and observability leader, suggests that while

DOD Chief Digital and Artificial Intelligence Office Hosts Last Global Information Dominan (U.S. Department of Defense) The Chief Digital and Artificial Intelligence Office launched the Global Information Dominance Experiment to provide a Minimum Viable Capability of Combined Joint All Domain Command and Control to the

Design and Innovation

Intel CEO attacks Nvidia on AI: 'The entire industry is motivated to eliminate the CUDA market' (Tom's Hardware) Reframing the AI framework, away from CUDA and toward more open standards.

Academia

Cheating Fears Over Chatbots Were Overblown, New Research Suggests (New York Times) A.I. tools like ChatGPT did not boost the frequency of cheating in high schools, Stanford researchers say.

Legislation, Policy, and Regulation

Sunak Considers UK Crackdown on Young Teens’ Social Media Use (Bloomberg) Prime Minister Rishi Sunak’s UK government is studying a crackdown on social media access for children under the age of 16, including potential bans, according to people familiar with the discussions.

Pope, once a victim of AI-generated imagery, calls for treaty to regulate artificial intelligence (AP News) Pope Francis, once a victim of AI-generated imagery, is calling for an international treaty to ensure it is developed and used ethically.

We’re still in a fight for survival when it comes to AI safety (Vox) President Biden’s executive order on artificial intelligence was criticized by many for overreaching, but the danger from uncontrolled AI progress is real.

Cybersecurity Disclosure (U.S. Securities and Exchange Commission) As is customary, I am expressing my views today in my official capacity as Director of the SEC’s Division of Corporation Finance, and my views do not necessarily reflect the views of the Commission, any of the Commissioners, or any other Commission staff.

Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (U.S. Securities and Exchange Commission) The Securities and Exchange Commission (“Commission”) is adopting new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934.

House passes NDAA, ducking culture wars, sending bill to White House (Breaking Defense) The $886 billion policy bill will go to President Joe Biden's desk for final signature, but final passage of the annual spending bills remains unclear.

Senate passes defense bill despite culture-war pushback from GOP hardliners (Axios) The Senate on Wednesday passed a $886 billion defense bill, advancing funding and setting policy for the Pentagon.

Litigation, Investigation, and Law Enforcement

Four Individuals Charged for Laundering Millions from Cryptocurrency Investment Scams (U.S. Department of Justice) A seven-count indictment was unsealed yesterday in Los Angeles charging four individuals for their alleged roles in a scheme to launder the proceeds of cryptocurrency investment scams and other fraudulent schemes involving millions of dollars in victim funds.

US detains suspects behind $80 million 'pig butchering' scheme (BleepingComputer) The U.S. Department of Justice charged four suspects (two of them already detained) for their alleged involvement in a pig butchering fraud scheme that resulted in more than $80 million in victim losses.

Four men indicted in $80 million ‘pig butchering’ scheme (CNBC) LA federal prosecutors said four indictments and two arrests had been made in an international "pig butchering" scheme that caused $80 million in damages.

Ofcom investigating TikTok's parental controls (Computing) The UK media regulator, Ofcom, has launched an investigation into social video platform TikTok over concerns that the app provided "inaccurate" information about its parental controls.

Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts (SecurityWeek) Microsoft disrupts Storm-1152, a cybercrime-as-a-service business facilitating phishing, identity theft, and DDoS attacks.

Microsoft cracks down on group operating ‘cybercrime-as-a-service’ (CSO Online) Microsoft has aggressively pursued legal measures to dismantle Storm-1152’s network, seizing its US-based infrastructure, shutting down key websites, and rigorously investigating to identify the individuals responsible for the group’s activities.

Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime (WIRED) Ten years in, Microsoft’s DCU has honed its strategy of using both unique legal tactics and the company’s technical reach to disrupt global cybercrime and state-backed actors.

Is This the End of Geofence Warrants? (Electronic Frontier Foundation) Google announced this week that it will be making several important changes to the way it handles users’ “Location History” data. These changes would appear to make it much more difficult—if not impossible—for Google to provide mass location data in response to a geofence warrant, a change we’ve been asking Google to implement for years.

Prince Harry was victim of phone hacking by Mirror newspapers, judge rules (The Telegraph) Duke of Sussex awarded £140,600 in damages as court rules some articles about him were result of unlawful information gathering

Prince Harry phone hacking: Duke 'on mission to destroy monarchy', says Piers Morgan (The Telegraph) Piers Morgan has claimed Prince Harry and his wife Meghan are on a mission to “destroy the monarchy” as he issued a response to a High Court ruling that found the Duke was a victim of phone hacking.

Suffolk Exec Calls For IT Chief's Termination In Relation To Cyberattack: Document (Sachem, NY Patch) In a letter Wednesday to the Legislature, he says there were "serious instances of misconduct and incompetence."

East Point city manager fired amid phishing scam controversy (Fox5 Atlant) East Point has fired its city manager months after the city lost hundreds of thousands of dollars in an email phishing scam.

Ten Years Later, New Clues in the Target Breach (KrebsOnSecurity) On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included…

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Insider Threat Program Development, Management & Optimization Live Web Based Training Course (Virtual, Jan 17 - 18, 2024) This highly sought after and very comprehensive 1 day training course will ensure that the Insider Threat Program (ITP) Manager and others who support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group.

Insider Threat Program Development, Management & Optimization Training Course (Laurel, Maryland, USA, Jan 30 - 31, 2024) This highly sought after and very comprehensive 2 day training course will ensure that the Insider Threat Program (ITP) Manager and others who support the ITP (Insider Threat Analyst, FSO, CSO, CISO, Human Resources, CIO - IT, Network Security, Counterintelligence Investigators, Behavioral Science Professionals, Legal Etc.), have the Core Knowledge, Blueprint, Resources needed for developing, managing, enhancing an ITP / ITP Working Group.

Trellix Public Sector Cybersecurity Summit (Washington, DC, USA, Feb 27, 2024) Public sector organizations continue to face a constant barrage of sophisticated cyber threats. And with new cybersecurity mandates and guidance — from recent executive orders to the release of the 2023 National Cyber Strategy — public sector leaders must make considerable decisions about their cyber enterprise that will have lasting impacts for years to come. On top of this, the emergence of novel security capabilities built on machine learning, AI, predictive analytics and extended detection and response has given security leaders a new arsenal of tools to defend against the next sophisticated attack. Join top technology leaders from across the public sector at the Trellix Public Sector Cybersecurity Summit as they discuss emerging topics in cybersecurity like ransomware, zero trust, global security and XDR. Throughout the summit, you’ll have the opportunity to engage in conversations about how the arrival of AI will intersect with public sector cybersecurity, evolving partnerships to strengthen threat intelligence, how to navigate, take action on and go beyond new cybersecurity policy directives, and much more.

Events

SANS Cyber Defense Initiative Washington DC 2023 (Washington, DC, USA, Dec 11 - 16, 2023) At SANS Cyber Defense Initiative Washington DC 2023, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

The International Conference on Cyber Security 2024 (New York, New York, USA, Jan 8 - 10, 2024) The International Conference on Cyber Security (ICCS) is the premier global cybersecurity event spanning three days, with over 50 distinguished speakers from the government, the private sector, and academia. It is an unparalleled opportunity for global cyber threat analysis, operations, research, and law enforcement leaders to coordinate and share their efforts to create a more secure world.

SANS Cloud Defender 2024 (Virtual, Jan 8 - 13, 2024) At SANS Cloud Defender 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

SANS Classic 2024 (Virtual, Jan 15 - 20, 2024) At SANS Classic 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.