Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+664: A narrative of exceptionalism and historical glory. (CyberWire) Ineffectual drone strikes are exchanged across a static front as Russia turns to a narrative of Imperial and Soviet glory.
Israel-Hamas War: Israeli Defense Minister Talks of War’s Next Phase as U.S. Urges Civilian Safety (New York Times) As pressure grows on Israel to scale back the war in Gaza, Defense Secretary Lloyd J. Austin III met with Israeli officials in Tel Aviv to discuss how Israel’s campaign could shift after 10 weeks of fighting.
Israel-Hamas War: Hamas Leader Makes Visit to Egypt for Gaza Talks (New York Times) A senior official said the leader, Ismail Haniyeh, was in Egypt to discuss the possibility of a new truce, adding that Israel would have to abide by a cease-fire before the group would discuss releasing more hostages.
Biden grapples to find right path on Gaza amid voter discontent (Nikkei Asia) News media shift tone toward cease-fire, negotiated Hamas exit
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa (The Hacker News) Iranian cyber espionage group MuddyWater targets telecom sectors in Egypt, Sudan, and Tanzania using the MuddyC2Go framework.
Majority of gas stations in Iran rendered inoperable due to suspected cyberattack (CIO News) About 70% of Iran's gas stations were out of operation on Monday due to probable sabotage—a reference to cyberattacks, according to Iranian official television.
Meta faces accusations over content moderation in Israel-Hamas conflict (Financial Times) Independent oversight board says Facebook parent should offer greater protection to freedom of expression
Russia-Ukraine war: List of key events, day 665 (Al Jazeera) As the war enters its 665th day, these are the main developments.
Russia-Ukraine war live: Kremlin claims Kyiv pulled out of peace talks last year ‘at Britain’s insistence’ (the Guardian) Spokesperson for the Russian government claims UK ‘forbade’ negotiations with Russia
Putin claims Russia’s military has the momentum in Ukraine and is poised to meet Moscow’s goals (WJBF) Russian President Vladimir Putin declared Tuesday that his country’s military has seized the initiative in Ukraine after repelling a monthslong counteroffensive and is well posi…
Putin boasts Russia has upgraded entire nuclear arsenal as he goads West over Ukraine ‘failures’ (The Telegraph) Russian ordnance manufacturers on track to boost shell production to two million per year
Zelensky says Russia made no military gains in 2023, expresses faith in U.S. (Washington Post) Despite Ukraine’s counteroffensive having failed to push back Russian forces occupying nearly one-fifth of his country, Ukrainian President Volodymyr Zelensky insisted on Tuesday that Moscow had made no military advances in 2023.
Zelensky: Ukraine will not lose even if support of international partners decreases (Ukrinform) Ukraine will not lose the war, even if support from international partners continues to decline. — Ukrinform.
Ukraine considers proposal by army to mobilise another 500,000 for war (Reuters) Ukraine's President Volodymyr Zelenskiy said on Tuesday the military had proposed mobilising 450,000-500,000 more Ukrainians into the armed forces in what would mark a dramatic step up of Kyiv's war with Russia.
The UK and France reiterate that Russia's invasion of Ukraine must end in failure as US aid falters (AP News) Britain and France are reiterating their determination that Russia’s invasion of Ukraine must end in failure.
Running short on Ukraine air defenses, U.S. looks to Japan (Washington Post) Tokyo is preparing a significant policy shift in its defense export rules that would allow Washington to transfer additional Patriot missiles to Kyiv
2024 preview: The West must decide if it wants Ukraine to win (Atlantic Council) If Western leaders fail to provide Ukraine with the weapons to defeat Putin in 2024, this will significantly increase the likelihood of a direct military confrontation between Russia and NATO, writes Richard D. Hooker Jr.
What If Putin Wins? US Allies Fear Defeat as Ukraine Aid Stalls (Bloomberg) With critical aid for Kyiv snarled up by political infighting on both sides of the Atlantic, European officials are starting to think through the consequences of a victory for Russia.
Support Ukraine today or fight Russia tomorrow (Atlantic Council) The threat posed by Vladimir Putin's revisionist agenda can no longer be downplayed or denied. Instead, the choice facing Western leaders is simple: Support Ukraine today or fight Russia tomorrow, writes Oleksandr Zavitnevych.
Ukraine and its backers need a credible path to victory (Financial Times) Securing and sustaining the independence of the country should be the key war aim
The Real Russian Nuclear Threat (Foreign Affairs) The West is worried about the wrong escalation risks.
Ukraine’s EU accession process faces bureaucratic and political hurdles (Atlantic Council) The European Council’s recent decision to open accession negotiations with Ukraine was a momentous moment both for Kyiv and the European Union. Now the serious work begins, writes James Batchik.
Wartime Ukraine’s European energy integration continues (Atlantic Council) Ukraine has been invited to join Europe’s leading electricity infrastructure association in January 2024 as the country's remarkable wartime European energy sector integration continues, writes Aura Sabadus.
Opinion: Back to the USSR (Kyiv Post) While free Ukraine deals with high-tech problems caused by cyber-attacks, authorities in Russia-occupied areas are reverting to Soviet-style communication technology.
UK, Partners Establish Tallinn Mechanism for Cyber Security (Mirage) As part of Russia's unprovoked invasion of Ukraine, the world has witnessed an unrelenting cyber assault against Ukraine's critical national infrastructure, from banking to energy supplies and innocent Ukrainian people.
Ukraine’s Kyivstar restores services after cyberattack, parent Veon says (KELO-AM) (Reuters) - Telecoms company Veon said on Tuesday that its unit Kyivstar, Ukraine's biggest mobile operator, has restored most of its services and con...
Recorded Future will allocate over $23 million for cybersecurity in Ukraine in 2024 (Odessa Journal) The world's largest private intelligence and analytics company, Recorded Future, will continue to support Ukrai ...
With Navalny’s whereabouts still unknown, Kremlin targets novelist Akunin (Washington Post) Jailed Russian opposition figures are incommunicado, missing in the country’s opaque and secretive prison system and unreachable by their lawyers or even the court system.
A man claiming to be a former Russian officer wants to give evidence to the ICC about Ukraine crimes (AP News) A Russian claiming to be a former officer with the Wagner Group has arrived in the Netherlands and says he wants to provide evidence to the International Criminal Court, which is investigating atrocities in the war in Ukraine.
Chinese Traders and Moroccan Ports: How Russia Flouts Global Tech Bans (New York Times) Using specialized e-commerce sites, secretive shipping workarounds and a constellation of middlemen, Russia has obtained the tech components it needs to keep its economy and war in Ukraine going.
Attacks, Threats, and Vulnerabilities
SSH protects the world’s most sensitive networks. It just got a lot weaker (Ars Technica) Novel Terrapin attack uses prefix truncation to downgrade the security of SSH channels.
SSH shaken, not stirred by Terrapin downgrade vulnerability (Register) No need to panic, but grab those updates or mitigations anyway just to be safe
A Look at the Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government (Netskope) Summary Threat actors often employ stealthy attack techniques to elude detection and stay under the defender’s radar. One way they do so is by using
Prolific Ransomware Groups Intentionally Switch On Remote Encryption for Attacks, Sophos Finds (GlobeNewswire News Room) Attackers Increase Their Use of Remote Ransomware 62% Annually, Based on Attacks Detected and Stopped by Sophos CryptoGuard Technology...
CryptoGuard: An asymmetric approach to the ransomware battle (Sophos News) In the second of our new technical thought leadership series, Sophos X-Ops takes a detailed look at anti-ransomware techniques
Notice To Customers of Data Security Incident (Business Wire) Xfinity is providing notice of a recent data security incident. Starting today, customers are being notified through a variety of channels, including through the Xfinity website, email, and news media.
Comcast's Xfinity service responds to a major data breach. (CyberWire) Comcast warns Xfinity customers affected by a CitrixBleed exploit.
Comcast reveals cyberattack exposing data of nearly 36 million customers (Verdict) Comcast has officially confirmed a significant security breach of 36 million Xfinity customers' informaiton
Millions of Xfinity customers' hashed passwords, info stolen (Register) 35M-plus Comcast user IDs accessed by intruder via Citrix Bleed
Xfinity discloses data breach affecting over 35 million people (BleepingComputer) Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems.
Comcast says hackers stole data of close to 36 million Xfinity customers (TechCrunch) Hackers exploited a known but unpatched flaw, allowing hackers access to the sensitive information of almost 36 million Comcast customers.
Xfinity Customer Data Compromised in Attack Exploiting CitrixBleed Vulnerability (SecurityWeek) Comcast’s Xfinity says customer data, including credentials, were compromised in an attack exploiting the CitrixBleed vulnerability
Qakbot returns: FBI-led takedown lasts just 3 months (Register) Experts say malware strain make take years to die off completely
Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE (SecurityWeek) Akamai researchers document more vulnerabilities and patch bypasses leading to zero-click remote code execution in Microsoft Outlook.
Hackers steal data from Sony developer Insomniac Games (New Game Network) Personal files, game details, and future plans have been posted online
Neurosurgeons of New Jersey Confirms Cyber Attack Resulting in Recent Data Breach (JD Supra) On December 4, 2023, Neurosurgical Associates of New Jersey (“Neurosurgeons of New Jersey”) filed a notice of data breach with the U.S. Department of...
Washington County says weekend cyber attack foiled (Northwest Arkansas Democrat-Gazetts) The attempted cyber attack on Washington County's computer systems has apparently ended with the county having blocked more than 64,000 attempts to log on to its servers.
Henry Schein reports 29K affected in September cyberattack (Security) In a filing with the Maine Attorney General, dental and medical products supplier Henry Schein announced more than 29,000 people were potentially affected from a recent data breach.
Security Patches, Mitigations, and Software Updates
CISA Releases Seven Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) CISA released seven Industrial Control Systems (ICS) advisories on December 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Trends
2023 Threat Landscape Year in Review: Part One (Qualys Security Blog) As 2023 nears its end, it's time to pause and reflect. It’s time to assess what worked and what didn't, what caught our attention and caused disruption, and what went unnoticed. More importantly…
Skillable data reveals nearly half of tech worker training goes to waste (EIN Presswire) Inadequate training puts both tech workers and their employers at risk of being left behind
Marketplace
Cyber Firm SimSpace Secures $45 million in Funding from L2 Point Management to Fuel Continued Growth (SimSpace) SimSpace has developed government-grade cyber ranges since 2015 and is uniquely positioned to capitalize on a 2030 cybersecurity market set to top $480 billion.
Anti-ransomware startup Halcyon lands fresh $40M tranche (TechCrunch) Halcyon, a startup developing tools to prevent and remediate ransomware attacks, has raised a fresh $40 million in venture funding.
Okta snatches up security firm Spera, reportedly for over $100M (TechCrunch) Tech giant Okta has acquired Spera, the security firm, reportedly for between $100 million and $130 million.
Briefing: Cybersecurity Firm Okta to Buy Startup Spera for Reported $100 Million (The Information) Okta, the multifactor authentication software firm, announced on Tuesday that it will acquire the Israeli security startup Spera. The deal is reportedly worth more than $100 million, according to Israeli tech news outlet Calcalist. Okta said it expects to complete the acquisition by April 2024.
Spera was founded last year and had previously only just $10 million in seed funding, led by Tel
IBM aims to boost AI offerings with $2.3B acquisition (Fox Business) Tech giant IBM bolstering its investments in artificial intelligence, announcing Monday it plans to buy two units of Software AG for $2.33 billion cash.
CrowdStrike and Optiv Surpass $1 Billion in Sales (CXO Today) Premier partnership surpasses key milestone, modernizing and consolidating cybersecurity for thousands of organizations
Quorum Cyber: A Year of Remarkable Milestones, Global Expansion, And Cybersecurity Advancements (EIN News) Quorum Cyber, founded to help organizations defend themselves in an increasingly hostile digital landscape, today announced significant growth and market
Venafi Surges Ahead with Strategic Product Innovations, Unprecedented 164% Year-Over-Year Growth in Global SaaS Business and Key Executive Appointment in 2023 (Business Wire) Expansion and Momentum Driven by Cloud Native Adoption, Demand for Machine Identity Management
Portal26 Adds Sanjay Srivastava to Generative AI Advisory Board (PR Newswire) Portal26 (formerly known as Titaniam), the award-winning Generative AI (GenAI) visibility and data security tech leader, today announced...
DXC Technology parts ways with CEO Mike Salvino, names Raul Fernandez interim chief (Washington Business Journal) The change is effective immediately.
DXC Technology appoints Graham Holdings exec Pinkie Dent Mayfield to its board (Washington Business Journal) The Ashburn company's board now 64% of members identifying as people of color or women.
Products, Services, and Solutions
Google restricts political ads, X courts them as US election year looms (Computing) With the US presidential election year on the horizon, Google and Twitter are taking very different approaches to of election-related content and political advertising on their platforms.
North American telecommunications company sees higher engagement & performance with custom N2K cyber cert & role-based training (N2K Networks) Case Study: North American telecommunications company sees higher engagement & performance with custom cybersecurity cert & role-based training with N2K.
Bugcrowd Platform Implements Industry-First AI Vulnerability Rating Taxonomy for LLMs (PR Newswire) Bugcrowd, the only multi-solution crowdsourced cybersecurity platform, today announced updates to the Vulnerability Rating Taxonomy (VRT) that...
BCR Cyber to Offer No-Cost CISSP Training and Certification, Accepting New Members to Consortium (EIN Presswire) Course Presents Opportunity for Professional Advancement in Cybersecurity
AppOmni Unveils First AI SaaS Security Posture Management Assistant, AskOmni, Redefining SaaS Security and Usability (AppOmni) AppOmni, the leader and SaaS security pioneer, unveils groundbreaking advancement with AskOmni™, the first AI-powered SSPM assistant
Fortinet strengthens OT security with enhanced FortiGuard Service and new hardware (SiliconANGLE) Cybersecurity firm Fortinet Inc. today announced the release of new, integrated operational technology security solutions and services that it says will advance the company’s solutions over the rest of the market.
Behind Instagram Head Adam Mosseri’s Mixed Record on Youth Safety (The Information) Instagram chief Adam Mosseri has built a public reputation as someone who is concerned about the safety of young people on Instagram. During an appearance on CBS in 2019, he said user well-being was a “No. 1 priority.” At a Senate hearing in 2021, he described youth online safety as “critically ...
QuSecure™ Launches QuProtect™ Post-Quantum Cryptography Cybersecurity Software in AWS Marketplace (Business Wire) New Listing Expands Accessibility of Unique Orchestrated, Quantum Resilient, Crypto-Agile Security Solution for Enterprises
Stellar Cyber integrates with SentinelOne for enhanced cybersecurity across environments (Help Net Security) Stellar Cyber and SentinelOne integration boosts cybersecurity across on-premises, cloud, hybrid, and IT/OT environments.
ZNet Technologies partners with Avast for the Cyber Safety of small businesses in India (Daily Host News) ZNet Technologies to ensure Cyber Safety of Indian businesses by amplifying the reach of Avast Business Portfolio via its partner network.
Technologies, Techniques, and Standards
Enabling Threat-Informed Cybersecurity: Evolving CISA’s Approach to Cyber Threat Information Sharing | CISA (Cybersecurity and Infrastructure Security Agency CISA) One of CISA’s most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange machine-readable cyber threat information. We know that the only constant in cybersecurity is change, and we’re evolving our information sharing approaches to maximize value to our partners and keep pace with a changing threat environment.
CISA to Streamline Approach to Cyber Threat Information Sharing (Executive Gov) Looking for the latest Government Contracting News? Read about CISA to Streamline Approach to Cyber Threat Information Sharing.
NSA Publishes 2023 Cybersecurity Year in Review (National Security Agency/Central Security Service) The National Security Agency (NSA) published its 2023 Cybersecurity Year in Review today to share its recent cybersecurity successes and how it is working with partners to deliver on cybersecurity
2023 Cybersecurity Year in Review (National Security Agency/Central Security Service) Since World War II, the National Security Agency (NSA) and its predecessors have protected the United States’ most sensitive information. As technological advancements have created a more interconnected world with ever-increasing threats, NSA’s mission has expanded. NSA has embraced new responsibilities and operational authorities to ensure our networks remain secure.
Google makes a preemptive move for the 2024 election, will limit election-related queries with generative AI (Android Central) The move is intended to curb misinformation as the 2024 election nears
CFOs are under the gun as the SEC’s new 4-day data breach disclosure window goes into effect (Yahoo Finance) Public companies must report cybersecurity incidents that will affect the bottom line.
Design and Innovation
AI’s efficacy is constrained in cybersecurity, but limitless in cybercrime (Help Net Security) AI in cybersecurity faces limitations due to trust issues with security solutions and ongoing risks in data model development.
Legislation, Policy, and Regulation
Managing Cybersecurity Risks Related to AI in Developing Countries: Challenges and Strategies Part I (Modern Diplomacy) In today's digital era, artificial intelligence (AI) has become a crucial component across various sectors, particularly in developing countries
We cannot ignore China’s information warfare any longer (The Hill) The crumbling of a regime always starts in the realm of ideas.
Think tank tied to tech billionaires played key role in Biden’s AI order (POLITICO) Researchers from the RAND Corporation — which took more than $15 million this year from a group financed by a Facebook co-founder — were a driving force behind the White House’s sweeping new AI reporting requirements.
Senate Confirms Biden’s Pick To Lead NSA and Military’s Cyber Force (The Messenger) Timothy Haugh will oversee top-secret hacking missions and cybersecurity support to heavily targeted U.S. allies.
Litigation, Investigation, and Law Enforcement
CISA and FBI Release Advisory on ALPHV Blackcat Affiliates (Cybersecurity and Infrastructure Security Agency | CISA) Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), #StopRansomware: ALPHV Blackcat, to disseminate known ALPHV Blackcat affiliates’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as Dec. 6, 2023. The advisory also provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released April 19, 2022.
#StopRansomware: ALPHV Blackcat (Cybersecurity and Infrastructure Security Agency | CISA) The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service (RaaS) identified through FBI investigations as recently as Dec. 6, 2023.
The ALPHV/BlackCat takedown shuffle. (CyberWire) It's up, maybe it's down, no, for sure it's down, then up again, and finally down. For now.
FBI seizes ALPHV leak website. Hours later, ransomware gang claims it ‘unseized’ it (CyberScoop) Law enforcement seized the websites of the notorious Russian-speaking group before the criminals say they seized it back.
BlackCat Ransomware Raises Ante After FBI Disruption (KrebsOnSecurity) The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released a…
Law Enforcement Takes Action Against ALPHV/BlackCat Ransomware (Secureworks) Both GOLD BLAZER and the FBI possess the private keys, allowing competing sites with identical addresses to simultaneously remain active.
FBI disrupts BlackCat ransomware operation, unveils decryption tool (Computing) In a major victory against cybercrime, the US Federal Bureau of Investigation (FBI) announced on Tuesday the successful disruption of the notorious BlackCat ransomware operation, also known as ALPHV.
A Major Ransomware Takedown Suffers a Strange Setback (WIRED) After an 18-month rampage, global law enforcement finally moved against the notorious Alphv/BlackCat ransomware group. Within hours, the operation faced obstacles.
Interpol op cuffs 3,500 cyber suspects, seizes $300M (Register) Alleged crims used AI to pose as friends, family, romantic partners – and sold dodgy NFTs
Interpol operation arrests 3,500 cybercriminals, seizes $300 million (BleepingComputer) An international law enforcement operation codenamed 'Operation HAECHI IV' has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds.
Rite Aid Banned from Using AI Facial Recognition After FTC Says Retailer Deployed Technology without Reasonable Safeguards (Federal Trade Commission) Rite Aid will be prohibited from using facial recognition technology for surveillance purposes for five years to settle Federal Trade Commission charges that the retailer failed t
German police takes down Kingdom Market cybercrime marketplace (BleepingComputer) The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT) have announced the seizure of Kingdom Market, a dark web marketplace for drugs, cybercrime tools, and fake government IDs.
Who’s Killing All These Stories About a Controversial Tech Mogul? (The Daily Beast) A tech guru is waging a war on major media outlets across three continents, hiring a “media assassin” law firm to kill stories connecting him to “hacks-for-hire” controversy.
Brazil's first lady to sue Musk's X over hacked account (Reuters) Brazilian first lady Rosangela 'Janja' Lula da Silva said on Tuesday she will sue Elon Musk-owned social media platform X, formerly known as Twitter, after having her account hacked last week.
Assange's 'Final' Extradition Appeal Set For February (Law360) Julian Assange's possible final legal bid to prevent his extradition to the U.S. on charges arising from the publication of classified documents will take place at a two-day hearing at the High Court in February, his supporters said Tuesday.
United States : Federal contractor whose CEO defrauded the NSA had won other contracts (Intelligence Online) InfoTek's co-founder and CEO Jacky Lynn McComber is awaiting sentencing after being convicted of billing the NSA out of $300,000 with inflated claims about work hours. The company is still registered