Dateline
Ukraine at D+319: Force generation. (CyberWire) A ceasefire that wasn't, a missile strike that missed, and prospects for a Ukrainian winter offensive.
Russia-Ukraine war: List of key events, day 320 (Al Jazeera) As the Russia-Ukraine war enters its 320th day, we take a look at the main developments.
Russia Ukraine war latest: Deadly assault didn't happen, Ukraine says, after Russia claims it killed 600 (The Telegraph) Russia said it killed 600 Ukrainian troops on Sunday - but Ukraine says the claim is made up.
Russia faces defence dilemma as it braces for 'major Ukrainian counter offensive' (The Telegraph) Intelligence report from Britain's Ministry of Defence highlights shift in posture by Kremlin forces on the front-line
Russian 'strike on Ukraine barracks that killed 600' actually missed target, say people at scene (The Telegraph) Photos suggest that missile attack in revenge for destruction of Kremlin battalion was unsuccessful
Russia claims deadly attack, but Kyiv denies anyone killed (AP NEWS) The Russian military claimed Sunday to have carried out deadly missile strikes on barracks used by Ukrainian troops in retaliation for the deaths of dozens of Russian soldiers in a rocket attack a week ago.
Russia-Ukraine war: Moscow’s ceasefire ends with no let up in fighting; Ukraine strikes power plants in Donetsk, officials say – as it happened (the Guardian) Russian attacks reported in at least seven Ukraine regions despite Putin’s ceasefire pledge; shelling reportedly damages power plants in Moscow-controlled region
Ukraine-Russia war latest: Russia bombs fire station in Ukraine (The Telegraph) Russia bombed a fire station in Kherson on Friday, hours before a ceasefire announced by Vladimir Putin was due to come into effect.
War in Ukraine ‘essentially trench warfare,’ senator says after Kyiv visit (POLITICO) “It's almost World War I. It's horrible,” Sen. Angus King said.
Russia preparing to mobilise extra 500,000 conscripts, claims Ukraine (the Guardian) Kyiv’s deputy military intelligence chief says force will form part of new offensives over spring and summer
Russia and Belarus extend military drills amid fears of new push into Ukraine (the Guardian) Weapons, soldiers and equipment added to exercises, as concern grows Minsk is being pressured to join war
Belarus' KGB launches exercise to test preparedness of state bodies to respond to terrorist attacks (Belarusian Telegraph Agency) Units of the State Security Committee, the Internal Affairs Ministry, the State Border Committee, the army, the Emergencies Ministry, and other government agencies are taking part in the exercise.
Iran Might Be Waiting Until October To Supply Russia Deadlier Drones And Missiles For Ukraine (Forbes) 'The delivery of missiles, even after October 2023, will cause a real stir.'
Now Fighting for Ukraine: Volunteers Seeking Revenge Against Russia (New York Times) Chechens, Crimean Tatars and people from the former Soviet republics, all with deep historical grievances against Moscow, are eagerly taking up arms for Kyiv.
The Long War in Ukraine (Foreign Affairs) The West Needs to plan for a protracted conflict with Russia.
Opinion Time is not on Ukraine’s side (Washington Post) When it comes to the war in Ukraine, about the only thing that’s certain right now is that the fighting and destruction will continue.
The Age of Digital, Transparent Warfare Is Here (WIRED) Precision weapons, satellites, and AI have changed how we fight—and who sees the consequences.
Why the War in Ukraine Hasn’t Polarized Western Democracies (World Politics Review) Despite propaganda aimed at the far right, Putin has largely failed to polarize Western democracies over Russia’s war in Ukraine.
From Washington, Berlin and Paris, a sudden influx of armor bound for Ukraine (Breaking Defense) "This is a sign the three governments are managing escalation using a ‘boil the frog’ kind of strategy by gradually increasing support to Ukraine not through grand gestures but by adding different pieces of equipment, in intervals," said analyst Ed Arnold.
Olaf Scholz under pressure to release Leopard II tanks to Ukraine after Poland and Finland pledge (The Telegraph) German manufactured tank is one of most feared in the world and would give Ukraine an edge against Russia’s T-72 tanks
Ukraine praises US military aid as cease-fire said to falter (Military Times) President Volodymyr Zelenskyy said the Bradley armored vehicles included in the latest U.S. aid package are “exactly what is needed” for Ukrainian troops.
Ukraine's new Western weapons could help turn tide of the war (The Telegraph) France, Germany and the US have agreed to send modern armoured vehicles to help Kyiv hold back the Russian offensive
US to send Ukraine largest package yet, worth $3.75 billion (Military Times) The newest U.S. aid package for Ukraine includes Bradley vehicles and $907 million in foreign military financing.
U.S. announces $3.8 billion security assistance package for Ukraine, European allies (CNBC) The aid package, the 29th such tranche, brings U.S. commitment to Ukraine's fight to about $24.9 billion since the beginning of the Biden administration.
More Than $3 Billion in Additional Security Assistance for Ukraine (U.S. Department of Defense) The Defense Department announced the Biden Administration's commitment of $3.075 billion in additional security assistance for Ukraine.
U.S. $3 Billion Military Package to Ukraine Looks to Change Battlefield Dynamics (U.S. Department of Defense) With the war in Ukraine at a critical point, everything has to be done to help Ukrainians continue to resist Russian aggression, the deputy assistant secretary of defense for Russia, Ukraine and
Readout of Secretary of Defense Lloyd J. Austin III's Call With Ukrainian Minister of Defense Oleksii Reznikov (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke with Ukrainian Minister of Defense Oleksii Reznikov to discuss the United States' commitment of more than $3 billion in additional security assistance in
Readout of Secretary of Defense Lloyd Austin III's Call With German Federal Minister of Defense Christine Lambrecht (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke with German Federal Minister of Defense Christine Lambrecht by phone to discuss ways to enhance security assistance to Ukraine.
Readout of Under Secretary of Defense Colin Kahl's Meeting With Danish Permanent Under Secretary of State, Mr. Jean-Charles Ellerman-Kingomb (U.S. Department of Defense) Under Secretary of Defense for Policy Dr. Colin Kahl met with Danish Permanent Under Secretary of State, Mr. Jean-Charles Ellerman-Kingombe, at the Pentagon.
U.S. Sending Ukraine Sea Sparrow Missiles in Latest Aid Package (USNI News) The United States will send RIM-7 Sea Sparrows anti-air missiles to Ukraine as part of Washington’s latest military aid package. Deputy Assistant Secretary of Defense for Russia, Ukraine and Eurasia Laura Cooper confirmed during a Friday press briefing that Ukraine will receive the Sea Sparrows. The missiles will be used in conjunction with Ukraine’s Soviet-era …
Sen. King: Concerns over lack of oversight on U.S. military aid to Ukraine don't hold water (Axios) He said Ukrainians are aware a scandal over U.S. military aid would "kill our ability" to support them.
L3Harris Gets Contract To Provide Ukrainian Forces With VAMPIRE Defense System (Defense Daily) L3Harris Technologies last Friday said it has received a $40 million Pentagon contract to provide its 14 of its VAMPIRE weapon systems to Ukraine this
Moldovaʼs government hit by flood of phishing attacks (The Record from Recorded Future News) Moldova's government has been hit by phishing attacks, the latest cyber assault on the country since pledging support for Ukraine.
Russian cyberattacks on Ukraine halved with help from Amazon and Microsoft (The Telegraph) Number of attacks falls sharply as tech companies vow to continue support
Moscow Is Using Memory Diplomacy to Export Its Narrative to the World (Foreign Policy) Putin is pushing Russian revisionist history to bolster the Kremlin’s influence abroad and its legitimacy at home.
Is Russia losing the cyber warfare? (Modern Diplomacy) Many peculiarities are coming out of this strange war as Russia’s invasion of Ukraine enters its eleventh month. The reason why a strong cyber warfare power like Russia has launched so few and hence ineffective cyber-attacks against Ukraine and its allies is one of the most perplexing. The digital conflict over Ukraine is examined by […]
Politico: Ukraine cyber officials gathering digital evidence for International Criminal Court to prosecute (Yahoo) Victor Zhora, one of Ukraine's top cyber officials, said certain cyberattacks Russia has launched on Ukrainian critical and civilian infrastructure could amount to war crimes.
Ukraine official says Russian cyberattacks on its energy network could equate to war crimes (Business Insider) Victor Zhora, a top Ukrainian cyber official, told Politico that Ukraine is gathering evidence of Russian coordination of cyber and kinetic attacks.
Why Kyiv Needs an Africa Strategy (Royal United Services Institute) Ukraine is understandably focused on maintaining Western support, but it needs a narrative that appeals to others – those who can otherwise easily dismiss the conflict as a ‘Western war’. While it has a pretty compelling pitch, so far Kyiv has not managed to cut through at the political level in Africa, writes Greg Mills, who has just returned from his sixth visit to Ukraine of 2022 – this time accompanying the Archbishop of Cape Town, His Grace Thabo Makgoba.
Ukrainians Are Defending Their History, Thought, and Art (Time) As Ukraine battles Russia’s military, its people are fighting with vigor against a cultural assault
Opinion | Top U.S. Scholars vs. Aid to Ukraine: When Smart People Stake Out Dumb, Immoral Positions (Haaretz) While the world contends with the most terrifying dictator since WWII, prominent academics Jeffrey Sachs, John Mearsheimer and Stephen Walt promote a strange anti-Ukrainian agenda
Speech by NATO Secretary General Jens Stoltenberg at the Folk och Försvar Security Conference (NATO) (As delivered) Thank you very much.
Your Majesties,
Your Royal Highness,
Prime Minister,
Ministers,
Ladies and gentlemen,
Germany built LNG terminals in months. Wind turbines still take years. (Washington Post) After seven years of planning, permitting and construction, Matthias Frauen’s two newest wind turbines finally began turning in the very last days of 2022.
Attacks, Threats, and Vulnerabilities
Tehran: Cyber-attack on Central Bank of Iran thwarted (Middle East Monitor) Tehran announced on Friday that it had thwarted a cyber-attack on the Central Bank of Iran. Anonymous global hacking groups in October threatened to launch cyber-attacks on Iranian institutions and...
Infostealer Malware: Targeting Italian Region (Uptycs) The Uptycs Threat research team became aware of a new infostealer malware attack campaign, employing phishing, that has appeared in the Italian region. (151 characters)
Malvertising campaign actively spreading through various verticals and countries (Lumu) Lumu’s Threat Intelligence team has detected an increasing number of organizations from different industry verticals at risk of ransomware and access credentials stealing deviated from an active malvertising campaign.
SpyNote malware spies on Android users, steals banking credentials (The Record from Recorded Future News) Hackers are increasingly using a new variant of SpyNote malware to secretly observe and modify infected Android smartphones.
Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls (BleepingComputer) Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access.
Rackspace says hackers accessed customer data during ransomware attack (TechCrunch) The web giant attributed the hack to the Play ransomware gang, which previously claimed cyberattacks on a port city and a hotel chain.
OPWNAI : Cybercriminals Starting to Use ChatGPT (Check Point Research) At the end of November 2022, OpenAI released ChatGPT, the new interface for its Large Language Model (LLM), which instantly created a flurry of interest in AI and its possible uses. However, ChatGPT has also added some spice to the modern cyber threat landscape as it quickly became apparent that code generation can help less-skilled threat actors effortlessly launch cyberattacks.
Hackers exploiting ChatGPT to write malicious codes to steal your data (Business Standard) Artificial intelligence (AI)-driven ChatGPT, that gives human-like answers to questions, is also being used by cyber criminals to develop malicious tools that can steal your data, a report has warned.
Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots (Forbes) Users of underground forums start sharing malware coded by OpenAI’s viral sensation and dating scammers are planning on creating convincing fake girls with the tool. Cyber prognosticators predict more malicious use of ChatGPT is to come.
Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware (HackRead) In one instance, a hacker shared an Android malware code written by ChatGPT, which could steal desired files, compress them, and leak them online.
Cybercriminals are already using ChatGPT to own you (SC Media) Underground hacking forums are already awash in real-world examples of cybercriminals attempting to use ChatGPT for malicious purposes.
Threat Report: Impersonation Detected in Telegram Chats to Deliver Malware (Safeguard Cyber) Our Division Seven (D7) threat intelligence team detected a credential stealer piece of malware being posted in a cryptocurrency trading Telegram channel that we monitor as part of our work with financial service customers.
Can You Trust Your VSCode Extensions? (Aquasec) Aqua Nautilus breaks down how VSCode extensions can easily be impersonated by attackers who hide malicious code through tactics like typosquatting
Telegram insider server access offered to Dark Web customers (SafetyDetectives) The SafetyDetectives cybersecurity team has uncovered a store in the Dark Web alleging insider access to Telegram servers.
For the non-negotiable price of 20,00
BlindEagle Targeting Ecuador With Sharpened Tools (Check Point Research) APT-C-36, also known as Blind Eagle, is a financially motivated threat group that has been launching indiscriminate attacks against citizens of various countries in South America since at least 2018.
Blind Eagle APT Hunts Banking Victims in Colombia, Ecuador (Bank Info Security) A financially motivated threat actor called Blind Eagle returned from its hiatus and is conducting an ongoing campaign directed at Spanish-speaking targets in the
Blind Eagle Hacker Group Launching Indiscriminate Attacks Using Powerful Toolset (GBHackers) There have been reports that an organized threat actor, known as Blind Eagle (tracked as APT-C-36), has re-appeared again with a refined toolset and one of the most elaborate infection chains in the history of cyberattacks targeting Colombian and Ecuadorian organizations.
Here's how to remotely takeover a Ferrari...account, that is (Register) Connected cars. What could possible go wrong?
Highly confidential documents leaked in school cyber attack (DevonLive) The data was uploaded on the dark web
Hive Ransomware gang leaked 550 GB stolen from Consulate Health Care (Security Affairs) The Hive ransomware gang just leaked 550 GB of data stolen from the Consulate Health Care, including customer and employee PII data. Consulate Health Care is a leading provider of senior healthcare services, specializing in post-acute care. The Hive ransomware gang this week added the company to its Tor leak site, threatening to publish the stolen […]
Cyber-attack disruption to The Guardian still ongoing (Digit) A cyber-attack on The Guardian newspaper in late December is set to cause disruption for at least another month.
SickKids: 80% of hospital priority systems back online after LockBit ransomware attack (The Record from Recorded Future News) Toronto’s Hospital for Sick Children said it has restored 80% of its systems that have a direct impact on hospital operations.
Suffolk Cyberattack: Tax Arrears Notices Mailed To 100s In Error: Report (Patchogue, NY Patch) Huntington had 130, Babylon 70, Islip 12, Smithtown 10, and Brookhaven and Southampton town had two each, Newsday reported.
Smartphones as Personal Spy Tools? Why It's Happening More and More Often (Lifewire) A recently discovered technique lets others use your phone as a means to spy on your conversations, and that's not the only way the devices can be used to track and capture personal data, but there are ways to protect your information.
New Year’s Resolution or Data Distribution – are resolution apps sharing your data? [2023] (Incogni Blog) With one in three New Year’s resolutions failing because people can’t keep track of them1, it’s no wonder many turn to apps as a solution. Though these apps
GCI outage shuts down Alaska calls (Alaska News Source) A GCI network outage has temporarily shut down service in numerous cities, according to the network.
Security Patches, Mitigations, and Software Updates
January 2023 Patch Tuesday forecast: Procrastinate at your own risk (Help Net Security) It’s a new year and time to make a fresh start, so read our January 2023 Patch Tuesday forecast and do not procrastinate when it comes out!
Marketplace
Cloud security unicorn Netskope raises $401M, extending IPO runway (Silicon Valley Business Journal) CEO Sanjay Beri previously said a November 2021 funding was likely Netskope's last before going public.
CrowdStrike Stock Has Tumbled. One Director Scooped Up Shares. (Barron's) CrowdStrike director Roxanne Austin bought $2.5 million of the embattled shares of the security-software firm in the last week of 2022.
Cisco to axe almost 700 jobs (CRN) Cisco has shared more details of its restructuring plan, following similar mass job cuts by vendors Amazon and Salesforce this week
Twitter Cuts More Staff Overseeing Global Content Moderation (Bloomberg) At least a dozen people were laid off from Twitter late Friday. Those cut include staff handling misinformation, state media.
Twitter employees laid off after Elon Musk’s takeover received severance payments today that fall short of expectations (Fortune) Some Twitter employees finally received their severance after several delays, but the emails are being marked as spam.
Twitter Promised Them Severance. They Got Nothing (WIRED) Staff laid off by Elon Musk were assured they would be compensated following mass cuts. As the deadline passes, the silence has been deafening.
Tech workers had their pick of jobs for years. That era is over for now. (Washington Post) Tech companies have slashed hundreds of thousands of jobs, flooding the labor market with skilled talent that are competing for the same positions
Josh Wolfe’s War: The Lux Capital Founder Blazes a Controversial Path in Defense Tech (The Information) Josh Wolfe arrived at a remote island in the Philippines by inflatable boat, surrounded by men with large guns. It was 2019 and the founding partner of the New York venture firm Lux Capital was on a very strange work trip. Over the course of two weeks, American soldiers escorted Wolfe through ...
'Math minus militarism': US mathematicians disrupt NSA-sponsored maths convention (Middle East Eye) Mathematicians and activists work to stop NSA recruitment at the world's largest maths gathering
Products, Services, and Solutions
Review: Okta Grants Access to Necessary Apps with One Password (Technology Solutions That Drive Education) This powerful security tool helps minimize downtime in the classroom.
Microsoft Adds More User Phishing Details to Attack Simulation Training Service (Redmondmag) Microsoft's Attack Simulation Training product now shows more information about how users interacted with simulated phishing attacks, per a Tuesday announcement.
Chiron Investigations Releases State-of-the-art Cryptocurrency Extraction Recovery Software (Yahoo) Chiron Investigations Releases State-of-the-art Cryptocurrency Extraction Recovery Software
Schneider Electric and BitSight announce partnership to improve detection of Operational Technology (OT) cybersecurity exposure
(Bitsight) This partnership aims to enhance OT exposure detection capability by identifying misconfigured connected devices and seeks to improve overall security of custom
Technologies, Techniques, and Standards
Key Considerations for Satellite Cybersecurity in 2023 (Via Satellite) Cyber and physical threats against commercial satellites are no longer a hypothetical discussion. Russia has demonstrated intent and capability to attack
New to Cybersecurity? Here Are 5 Things Your Startup Should Do Now (StartupNation) For many startups, a major data breach could be enough to sink the company entirely. Even for those with little cybersecurity knowledge, developing an actionable plan is essential for protecting your business’s future.
Design and Innovation
Ghost Writer: Microsoft Looks to Add OpenAI’s Chatbot Technology to Word, Email (The Information) In a move that could change how more than a billion people write documents, presentations and emails, Microsoft has discussed incorporating OpenAI’s artificial intelligence in Word, PowerPoint, Outlook and other apps so customers can automatically generate text using simple prompts,according to ...
Microsoft plans to use ChatGPT in Bing. Here's why it could be a threat to Google. (Freethink) Language models could transform the ways we engage with search engines.
ChatGPT Hits Ethical Roadblock; Blocked (Analytics India Magazine) The usage of the chatbot has already been banned by New York’s education department, ICML, Stack Overflow, Offensive Security and WeChat
A College Kid Built an App That Sniffs Out Text Penned by AI (The Daily Beast) “Humans deserve to know when the writing isn’t human.”
A Princeton student built an app which can detect if ChatGPT wrote an essay to combat AI-based plagiarism (Business Insider) GPTZero was created by Edward Tian, a Princeton student, who says he was inspired by increasing AI plagiarism. The app's popularity crashed his site.
Research and Development
RSA crypto cracked? Or perhaps not! (Naked Security) Stand down from blue alert, it seems… but why not plan your cryptographic agility anyway?
‘Consciousness’ in Robots Was Once Taboo. Now It’s the Last Word. (New York Times) The pursuit of artificial awareness may be humankind’s next moonshot. But it comes with a host of difficult questions.
Legislation, Policy, and Regulation
Sweden vows to push defense collaboration, cyber defense at EU helm (Defense News) Stockholm has set out to move the needle on joint procurement arrangements for military equipment within the European Union.
China, a Pioneer in Regulating Algorithms, Turns Its Focus to Deepfakes (Wall Street Journal) Beijing is among the first governments to regulate hyper-realistic, AI-generated media with new rules set to take effect Jan. 10.
Encryption Faces an Existential Threat in Europe (WIRED) The CEO of Proton says new competition laws have finally given him a voice in Brussels, even as he fights the EU’s anti-encryption campaign.
The FCC wants carriers to notify you sooner when there's a data breach (Yahoo) The FCC has proposed rules that could let carriers alert you to data breaches much sooner.
FCC to mull changes to telecom data breach notifications (The Record from Recorded Future News) The FCC voted unanimously to investigate potential changes to the breach notification rules for telecommunications companies.
WCB Announces Deadlines for Gateway Provider Robocall Mitigation Rules (Federal Communications Commission) The Wireline Competition Bureau announces that gateway providers have until January 11, 2023 to submit certifications, including robocall mitigation plans, to the Robocall Mitigation Database pursuant to section 64.6305(d) of the Commission's rules
Technical and Legal Risks of ChatGPT: How prepared are we with Laws on AI? (Information Security Buzz) “Generative AI refers to artificial intelligence systems that are capable of generating new content, such as text, images, or audio….One potential risk is related to intellectual property. Generative AI systems may be able to create original works that are difficult to attribute to a specific creator. This could make it difficult to enforce copyright or patent protections for these works.” The above, rather drab, opening lines have been generated with the new “talk of the town” generative AI system Chat GPT.
Litigation, Investigation, and Law Enforcement
Japan police patrol cyberspace to protect VIPs (Japan News) Police nationwide are compiling and analyzing social media postings that might indicate future attacks on dignitaries, The Yomiuri Shimbun has learned, spurred by the fatal shooting of former Prime Minister Shinzo Abe six months ago.
Seattle schools sue tech giants over social media harm (ABC News) The public school district in Seattle is suing the tech giants behind TikTok, Instagram, Facebook, YouTube and Snapchat, seeking to hold them accountable for the mental health crisis among youth
Seattle Public Schools sues TikTok, YouTube, Instagram and others, seeking compensation for youth mental health crisis (GeekWire) A new lawsuit filed by Seattle Public Schools against TikTok, YouTube, Facebook, Snap, Instagram, and their parent companies alleges that the social media giants have “successfully exploited the vulnerable brains… Read More
California Supreme Court Boosts Policyholders Seeking Coverage for Privacy Class Actions (cyber/data/privacy insights) The California Supreme Court’s ruling gives another lifeline to policyholders seeking insurance coverage for Telephone Consumer Protection Act class action claims
Global Spyware Scandal: Exposing Pegasus (FRONTLINE) "Global Spyware Scandal: Exposing Pegasus," a 2-part documentary from FRONTLINE and Forbidden Films, reveals how the NSO Group's Pegasus spyware was used on journalists, activists, and others.