Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+663: Legislating for influence in the Near Abroad. (CyberWire) Shell shortages afflict both sides of the war, and a Russian wonder weapon disappoints its users. Medical treatment of casualties in Russian militias, mercenary formations, and penal battalions falls markedly short of the care regulars receive (and that's already mediocre by modern army standards). The Duma considers criminalizing "Russophobia" abroad, and Kyivstar continues progress toward full restoration of services.
Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (Symantec) MuddyC2Go framework and custom keylogger used in attack campaign.
Iranian cybercriminals cut off water supply in two Irish towns (InCyber) The Iranian cybercriminal group Cyber Av3ngers attacked a water pumping station in Ireland in early December 2023, causing a water outage in two towns for a couple of days. The group claims it disconnected the industrial tool manufactured and operated by an Israeli company, in support of Palestine.
Iran, Israeli media say cyber attack disrupts petrol stations across Iran (Reuters) A hacking group that Iran accuses of having links to Israel claimed it carried out cyberattacks that disrupted services at petrol stations across Iran on Monday, Iranian state TV and Israeli local media reported.
Israel-linked group claims cyberattack that shut down 70% of Iran’s gas stations (Times of Israel) Tehran cites ‘software problem’ as cause for shutdown; group known as Gonjeshke Darande takes responsibility, says attack is response to Iranian aggression
A suspected cyberattack paralyzes the majority of gas stations across Iran (AP News) Iran’s state TV says nearly 70% of the nation’s gas pumps are out of service after possible sabotage — a reference to cyberattacks.
Iran confirms nationwide cyberattack on gas stations (Record) A cyberattack claimed by an Israeli hacking group affected about 70% of gas stations throughout Iran.
Ukraine-Russia war latest: Zelenskyy to give 'major' news conference - as Russia warns NATO it will retaliate over US military deal (Sky News) Volodymyr Zelenskyy will hold what Ukrainian media is describing as a major news conference this afternoon - currently expected at around 4pm. Listen to a Sky News Daily podcast special on the standoff over future funding for Ukraine's war effort while you scroll.
Russia-Ukraine war: List of key events, day 664 (Al Jazeera) As the war enters its 664th day, these are the main developments.
Russia-Ukraine war live: Russia is upgrading its nuclear arsenal as west wages ‘hybrid war’ against it, says Vladimir Putin (the Guardian) The president said all attempts to inflict strategic defeat on Russia had crumbled
Russia mocked for rudimentary counter-drone ‘wig’ (The Telegraph) ‘Hairy vehicles’ are latest disguise attempt against Ukrainian heat-detection drones
Britain ramps up naval support for Ukraine to ‘keep Kyiv in the fight’ (The Telegraph) Initiative is part of a 10-year security pact to be signed in the coming weeks
Pentagon Warns Ukraine Military Aid Funds Will Run Out Dec. 30 (Bloomberg) US is spending its last $1.07 billion to replenish weapons. Planners have enough for one more aid package to Ukraine.
Biden to use last of Ukraine funds this month if Congress fails to act (Defense News) A notification obtained by Defense News shows how Biden plans to spend the last $1 billion in Ukraine military aid, unless Congress passes new assistance.
UK officials gauge long-term defense business ties with Ukraine (Defense News) European companies have begun setting up local support plants for repairing and maintaining weapon donations closer to the front lines.
Germany orders artillery shells for Ukraine for over $400 million (Defense News) One order is from a French ammo vendor, in keeping with a German pledge to award urgent contracts to companies of partner nations.
Cannon-repair deal is the latest foreign arms-maintenance-and-production effort inside Ukraine (Defense One) Kyiv's supporters are looking to boost local industry as other aid grows more precarious.
Finland Signs Military Cooperation Agreement With U.S. After Putin Threat (RadioFreeEurope/RadioLiberty) Finland on December 18 signed an agreement to enhance military cooperation with the United States, a day after Russian President Vladimir Putin warned the neighboring country over its entrance into NATO.
U.S., Baltic States Sign Bilateral 5-Year Roadmaps for Defense Cooperation (U.S. Department of Defense) Dr. Celeste Wallander, Assistant Secretary of Defense for International Security Affairs, hosted a triple signing ceremony for the bilateral defense cooperation roadmaps with the defense policy
Kyivstar plans to achieve full stabilization in provision of services by end of week - company president (Interfax) The largest Ukrainian telecom operator Kyivstar expects to achieve complete stabilization in the provision of services by the end of the week, after which it will announce a compensation program, company president Oleksandr Komarov said in a video message on Facebook.
Ukraine-Russia war: Office used by top Ukrainian general ‘bugged’ (The Telegraph) An office used by the commander in chief of Ukraine’s armed forces was “bugged”, according to local media reports.
EU Adopts 12th Package Of Sanctions Against Russia (RadioFreeEurope/RadioLiberty) The European Union Council on December 18 adopted a 12th package of sanctions against Russia, the European Commission said in a statement.
Finland To Hold Russian Ultranationalist On Suspicion Of War Crimes In Ukraine (RadioFreeEurope/RadioLiberty) A court in Helsinki on December 18 ordered pretrial detention for a Russian ultranationalist and former commander of the Rusich saboteur group that fights alongside Russia's armed forces against Ukraine.
The Pro-Kremlin, Far-Right Figure Vowing To Take Down Moldova's Government (RadioFreeEurope/RadioLiberty) Alexandr Kalinin, a pro-Kremlin Moldovan political figure, has cheered Russia's invasion of Ukraine and claims to have fought with Moscow's forces. For that, Chisinau stripped him of his citizenship. But he has said he will gather a force of thousands to depose President Maia Sandu's government.
Attacks, Threats, and Vulnerabilities
Phishing in Organizations: Findings from a Large-Scale and Long-Term Study (IEEE) In this paper, we present findings from a largescale and long-term phishing experiment that we conducted in collaboration with a partner company. Our experiment ran for 15 months during which time more than 14,000 study participants (employees of the company) received different simulated phishing emails in their normal working context.
Uncovering AI-Generated Email Attacks: Real-World Examples from 2023 (Abnormal) See how attackers are using generative AI in their email attacks to bypass email security solutions and trick employees.
Millions of Microsoft Accounts Power Lattice of Automated Cyberattacks (Dark Reading) Crimeware-as-a-service (CaaS) gang flies past CAPTCHAs, creating fraudulent accounts to sell to the likes of Scattered Spider; Microsoft mounts a counterattack.
Microsoft Warns about Gift Card Fraud (Spiceworks) Microsoft has published warnings about gift card fraud through a popular authentication technology. Find out more.
Malware leveraging public infrastructure like GitHub on the rise (ReversingLabs) ReversingLabs researchers uncovered two previously unseen techniques running on GitHub — the first abuses GitHub Gists, and the second issues commands through git commit messages.
Little-used mobile phone feature exposes new scam threat (Australian Financial Review) A newly discovered security risk that exploits 19-year-old mobile phone technology might let scammers bypass identity checks for banking and email.
“Quishing” you a Happy Holiday Season (Netcraft) QR Code phishing scams — What they are and how to avoid them.
Apparel giant VF reports cyberattack on first day of SEC disclosure rule (Record) The owner of brands like Vans, Timberland, North Face and Jansport filed with the U.S. government about a "material" cyber incident.
The ransomware attack on Westpole is disrupting digital services for Italian public administration (Security Affairs) Alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider Westpole disrupted multiple services govt orgs and municipalities
1.5 Billion Records Leaked in Real Estate Wealth Network Data Breach (vpnMentor) Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password protected database that held 1.5 billion records containing real estate
MongoDB investigating security incident that exposed data about customer accounts (TechCrunch) The database management giant says hackers accessed information about customers during a compromise of its corporate systems.
Mr. Cooper hackers stole personal data on 14 million customers (TechCrunch) Hackers stole a huge trove of sensitive personal information on 14 million Mr. Cooper customers, including Social Security numbers.
Mr Cooper now says 15M people's data exposed in cyberattack (Register) Mortgage lender says no evidence of identity theft (yet) after SSNs, DoBs, addresses, more swiped
Vans, North Face Parent VF Warns Cyberattack May Snarl Holiday Deliveries (Wall Street Journal) Ransomware attack on clothes maker stymies online order fulfillment
Scammers Are Tricking Anti-Vaxxers Into Buying Bogus Medical Documents (WIRED) On Telegram, scammers are impersonating doctors to sell fake Covid-19 vaccination certificates and other products, showing how criminals are taking advantage of conspiracy theories.
The age of weaponized LLMs is here (VentureBeat) LLMs are the new power tool of choice for rouge attackers, cybercrime syndicates, and nation-state attack teams.
Worried About Deepfakes? Don’t Forget “Cheapfakes” (WIRED) Generative AI is only one way of creating deceptive and manipulated media—and experts are concerned that not enough attention is paid to “cheapfakes” and other forms of digital manipulation.
‘It’s totally unhinged’: is the book world turning against Goodreads? (the Guardian) The influential user review site has suffered a year of controversies, from cancelled book deals to review-bombing, and exposed a dark side to the industry
Publisher drops author for using fake accounts to ‘review-bomb’ peers (the Guardian) Cait Corrain, whose book Crown of Starlight was due to be published next year, admits to leaving notices ‘that ranged from kind of mean to downright abusive’
Vulnerability Summary for the Week of December 11, 2023 (Cybersecurity and Infrastructure Security Agency | CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Trends
How cybersecurity roles are changing and what to look for when hiring (CSO Online) AI, automation, and the increasing need for cybersecurity professionals with good soft skills are some of the things to look out for when hiring the next incident responder, GRC specialist, and SOC analyst.
CYFIRMA Industry Report : INFORMATION TECHNOLOGY (CYFIRMA) EXECUTIVE SUMMARY The CYFIRMA Industry Report delivers original cybersecurity insights and telemetry-driven statistics of global industries, covering one sector each...
SANS Institute Research Shows What Frameworks, Benchmarks, and Techniques Organizations Use on their Path to Security Maturity (Expel) Expel-sponsored research unveils how companies measure SOC performance and the frameworks they rely on to assess and guide their security strategies
SANS Institute: Operational Security Maturity (Expel) This survey report from SANS Institute shares insights into how IT and cybersecurity professionals navigate frameworks, benchmarking and SOC KPIs.
Marketplace
Turngate Raises $5M Seed Funding Round Led by Paladin Capital Group (Paladin Capital Group) User-Friendly Interface Offers Novel Visibility into User Activity, Distills Complex Logs
Halcyon Closes $40M Series B to Scale Mission of Defeating Ransomware (Business Wire) Bain Capital Ventures leads investment to build first ever dedicated anti-ransomware platform; Enrique Salem joins Board of Directors and Jeff Williams joins as CRO
Optiv Hits $1 Billion In Sales With CrowdStrike: ‘We’re Both Hungry’ (CRN) Optiv announced hitting $1 billion in CrowdStrike sales, including through the AWS Marketplace.
Horizon3.ai Recognized as a Fastest-Growing Cybersecurity Company on the Fortune Cyber 60 List (Business Wire) Horizon3.ai, a leading provider of autonomous security solutions, today announced that it has been named to the Fortune Cyber 60 2023 list.
TikTok staff told to avoid flagging problems with Amazon accounts (the Guardian) Exclusive: Internal communications suggest video platform working to protect its lucrative relationship with e-commerce firm
Products, Services, and Solutions
From Certification Training to Cyber Workforce Intelligence: Fostering Continuous Growth with a Fortune 100 Retail Giant (N2K) Transformative journey with a Fortune 100 retailer: From SOC training to holistic workforce development strategy with N2K's Cyber Workforce Intelligence.
Investigation Workbench (Mitiga) Mitiga dramatically accelerates investigation, response, and time to recovery for cloud and hybrid environments, lowers the impact of cyber breaches, and optimizes cloud security incident readiness and resilience.
VISO TRUST Announces Netskope Integration for Enhanced Third-Party Cyber Risk Management (Business Wire) AI-Powered TPRM and New Netskope Integration Yields Unprecedented Ability to Identify and Address Third-Party Shadow IT, Streamline Third-Party Cyber Risk Management, and Demonstrate Compliance.
Experience True, Cloud Cyber Resilience – Available now in Commvault Cloud (Commvault) We're excited to announce our latest platform release, which includes the availability of key features revealed at our Commvault Cloud launch.
AV-TEST Confirms Skyhigh Security Service Edge Delivers Superior Threat Protection in All Test Categories (Business Wire) Scores Close to 100% on Malware Detection and Prevention Confirm Skyhigh Security’s Effectiveness as a Defense-in-Depth Enterprise Solution
Jscrambler Achieves PCI-DSS 4.0 Compliance: Elevate Security (Jscrambler) Jscrambler’s External Assessment Reinforces Commitment to Client-Side Protection and Providing Secure Environments as a PCI-DSS Service Provider.
Silverfort, First to Deliver Automated Identity Protection of Thousands of Service Accounts With a Single Click—Securing Machine-to-Machine Communications (Silverfort) Customers can now discover, monitor, and protect their service accounts with fully automated visibility, risk analysis, and adaptive access policies to bolster the protection of an entire class of identities that previously went unprotected. Tel Aviv & Boston – Dec 18, 2023 — Silverfort, the Unified Identity Protection leader, announced today the first and only...
Data Theorem CNAPP and Mobile SDK Named Top Cloud Security and Mobile API Threat Protection Solutions of the Year (Data Theorem) Panel of Cybersecurity Industry Judges Names Data Theorem’s Cloud Secure as Leading Cloud Security Solution; Mobile Protect SDK as Best Mobile API Threat Protection
Dell’Oro Group Again Ranks Versa Networks as the Current Worldwide Unified SASE Market Share Leader (Versa Networks) Dell’Oro Group Research Ranked Vendors Based on 3Q 2023 Worldwide Revenue; Reveals Worldwide SASE Market Annual Revenue will Increase to More Than $10B in 2024.
Aryaka Wins Fierce Telecom Award for SD-WAN, SASE (Aryaka) Aryaka triumphs in Fierce Telecom Innovation Awards for its managed SD-WAN & SASE services, showcasing excellence in Unified SASE solutions.
Technologies, Techniques, and Standards
FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware | CISA (Cybersecurity and Infrastructure Security Agency CISA) Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Play Ransomware, to disseminate Play ransomware group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as October 2023.
#StopRansomware: Play Ransomware | CISA (Cybersecurity and Infrastructure Security Agency CISA) Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
FBI: Play ransomware breached 300 victims, including critical orgs (BleepingComputer) The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities.
HHS Reveals Strategy for Addressing Healthcare Sector Cybersecurity (JD Supra) The U.S. Department of Health and Human Services ("HHS") issued a concept paper describing its overarching strategy to address healthcare...
Microsoft, Cyberspace Solarium Commission propose measures to strengthen water sector cybersecurity (Industrial Cyber) Microsoft, Cyberspace Solarium Commission put forward measures to strengthen cybersecurity across the water and wastewater sector.
Design and Innovation
OpenAI outlines AI safety plan, allowing board to reverse decisions (Reuters) Artificial intelligence company OpenAI laid out a framework to address safety in its most advanced models, including allowing the board to reverse safety decisions, according to a plan published on its website Monday.
Quantum Xchange Joins Migration to Post-Quantum Cryptography Project Consortium (Business Wire) The National Cybersecurity Center of Excellence, Global Tech Leaders, and Quantum Startups Collaborate to Spearhead and Shape the Future of Encryption
Legislation, Policy, and Regulation
UK's cultural institutions gather for summit on the cyber threat (NCSC) Organisations across the UK’s culture sectors have been coached on how to reduce the risk of falling victim to cyber criminals.
Powering Through Requires Securing the Grid (POWER Magazine) The U.S. energy sector has a bullseye on its back. Whether it’s nation-state hackers or domestic terrorists, the level of malicious activity directed
Exclusive: US lawmakers warn Biden to probe EU targeting of tech firms -letter (Reuters) A bipartisan group of lawmakers has written to U.S. President Joe Biden, warning European technology regulation are unfairly targeting U.S. companies and not including many Chinese or EU firms, according to a letter seen by Reuters on Monday.
Litigation, Investigation, and Law Enforcement
Foreign Threats to the 2022 US Elections (National Intelligence Council) Key Judgment 1: The IC assesses that China tacitly approved efforts to try to influence a handful of midterm races involving members of both US political parties.
2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS (SecurityWeek) Hackers, including from Russia and China, launched cyberattacks and collected information, but it did not impact the integrity and security of the 2022 US election.
DHS, DOJ find 'no evidence' foreign government affected 'security or integrity' of 2022 midterms (ABC News) The Department of Homeland Security and the Department of Justice found "no evidence" that any foreign government "materially affected the security or integrity" of election infrastructure in the 2022 midterms, according to a declassified report released Monday night.
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant (U.S. Department of Justice) The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world since its inception, including networks that support U.S. critical infrastructure.
ALPHV Ransomware Site Outage: What We Know So Far (ReliaQuest) The ALPHV ransomware data-leak site has been offline for 30 hours, raising speculation of disruption by law enforcement activity. Here's what we know so far.
Authorities claim seizure of notorious ALPHV ransomware gang's dark web leak site (TechCrunch) Law enforcement agencies claim to have seized the dark web leak site of the notorious ALPHV ransomware gang, also known as BlackCat.
FBI posts takedown notice on AlphV ransomware group’s website (Record) “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware," says a notice splashed on the cybercrime group's darknet site.
EU Investigates Elon Musk’s X for Spreading Illegal Content (WIRED) Raising a range of concerns into the way X has been run under Elon Musk, EU officials will also probe whether graphic content from Hamas’ attack on Israel was allowed to spread across the site.
EU opens formal DSA investigation into X in wake of Israel-Hamas war (The Verge) It comes in the wake of the Israel-Hamas war.
Google to Pay $700 Million in Play Store Settlement (Wall Street Journal) Agreement with coalition of states resolves antitrust litigation related to app store
Four held in Delhi for leaking ICMR data (Statesman) An American cyber security and intelligence agency was the first to notice that a ‘threat actor’ had posted a thread on breach forums on October 9
Alleged LockBit operator to face new cybercrime charges in Canada (Record) A man facing extradition to the United States for his alleged role as a LockBit ransomware administrator is up against new cybercrime charges in Ontario.
German court suspects that AI is behind avalanche of lawsuits (Cybernews) The Regional Court of Frankfurt, increasingly confronted with “mass proceedings,” suspects law firms of using AI to attract large numbers of plaintiffs for filing small cases, reports German media.