Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+680: Missile strikes over a static front. (CyberWire) Both sides exchange missile strikes (and conflicting claims of their effectiveness). The GRU is now, by general consensus, responsible for the long-running cyberattack against Kyivstar.
Middle East crisis live: Israel to continue war with ‘new combat approach’ until Hamas dismantled, defence minister says (the Guardian) Yoav Gallant outlines plan for how Gaza would be run in document yet to be approved by Israeli officials
Self-Defense Strike in Iraq Kills Terrorist Leader (U.S. Department of Defense) U.S. forces in Iraq conducted a self-defense strike that killed Mushtaq Jawad Kazim al-Jawari, a leader of the Iran-backed Harakat-al-Nujaba terrorist group that is operating both in Iraq and Syria,
Islamic State Claims Its Suicide Bombers Were Responsible For Deadly Blasts In Iran (RadioFreeEurope/RadioLiberty) The Islamic State (IS) extremist group has claimed responsibility for a pair of explosions in Iran that killed at least 84 people during commemorations for a former Iranian commander slain four years ago in a U.S. airstrike.
Iran Suspects Suicide Bombers Carried Out Attack on Commemoration for Slain General that Killed 84 (Military.com) Investigators believe suicide bombers likely carried out an attack on a commemoration for an Iranian general slain in a 2020 U.S. drone strike.
Israeli defense minister lays out vision for next steps of Gaza war ahead of Blinken visit (AP News) An Israeli strike flattened a home Thursday in an area of southern Gaza that the military had declared a safe zone.
Israel could keep security control of Gaza after Hamas defeat, says defence minister (the Guardian) Yoav Gallant’s proposal suggests Palestinians would run day to day administration of territory
Resecurity | Hunting Genetics Data - Cyberespionage In The Context Of Geopolitical Conflicts (Resecurity) The hack and leak of genetic data belonging to direct-to-consumer DNA testing company 23andMe in early October highlights growing threat-actor interest in this biomolecular class of personal information.
Russia and Ukraine exchange long-range attacks as their front-line forces remain bogged down (AP News) Russia’s Defense Ministry says air defenses shot down 10 Ukrainian air-launched missiles over the Moscow-annexed Crimean Peninsula and 10 over the Russian city of Belgorod.
Russia-Ukraine war at a glance: what we know on day 681 (the Guardian) Russia using North Korean missiles in ‘desperate’ defiance of UN; saboteurs set fighter jet on fire deep inside Russian territory
Russia's invasion aims to erase Ukrainian cultural identity (Atlantic Council) Vladimir Putin's invasion of Ukraine seeks to destroy Ukraine's national heritage and erase Ukrainian identity. The authorities in Kyiv should respond by placing Ukrainian culture at the heart of the country's recovery efforts, writes Martha Holder.
To defeat Putin in a long war, Ukraine must switch to active defense in 2024 (Atlantic Council) By embracing a strategy of active defense in 2024, Kyiv can achieve the twin goals of preventing any major Russian advances and creating conditions that strongly favor Ukraine in what is increasingly a war of attrition, writes Mykola Bielieskov.
A Hard-Won Victory That Ukraine Stands to Lose (The Atlantic) The Ukrainian counteroffensive has consisted of grueling battles like this one. Its gains are now at risk.
Russia has used North Korean ballistic missiles in Ukraine and is seeking Iranian missiles, US says (AP News) Russian forces fired at least one of those ballistic missiles into Ukraine on Dec. 30, a White House spokesman said.
Putin’s hypersonic bluster has been exposed by Ukraine’s American Patriots (The Telegraph) Every Patriot the West sends makes the remaining ones better
‘We’re out of money’: US exhausts security funds for Ukraine (Defense News) Administration officials had issued warnings about this outcome for months.
Russia will not stop in Ukraine, warns Latvian foreign minister (Financial Times) Krišjānis Kariņš says Moscow will seek new targets after conflict with Kyiv ends
Belarus opposition are key allies in the fight against Russian imperialism (Atlantic Council) Russia’s invasion of Ukraine dominates Europe’s geopolitical agenda, but neighboring Belarus is also a critical battleground in the fight back against Putin’s resurgent brand of Russian imperialism, write Tatsiana Kulakevich and Michael Berg.
To Beat Russia, Ukraine Needs a Major Tech Breakthrough (WIRED) Ukraine’s top general says his country must innovate on the level of inventing gunpowder to “break military parity” with Russia. If it’s successful, it could change the future of war.
Russian hackers wiped thousands of systems in KyivStar attack (BleepingComputer) The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped all systems on the telecom operator's core network.
Russian hackers reportedly breached telecom network months before attack (CyberScoop) The attack on Kyivstar took out mobile and home internet service for as many as 24 million people in Ukraine.
Russia's Sandworm blamed for Kyivstar telecom cyberattack (Register) 'Almost everything' wiped in the telecom attack, says Ukraine's top cyber spy
Russia's Sandworm officially blamed for Kyivstar cyberattack (Computing) Ukraine's security services say the attack "destroyed the core" of Ukraine's largest telco.
Russian State-Sponsored Group Sandworm Inside Kyivstar Systems: A Closer Look (ISP Today) Recent revelations by Ukrainian cybersecurity authorities have shed light on a significant cyber attack that occurred in May 2023.
The "Tallinn Mechanism" is Designed to Enhance Civilian Cyber Assistance to Ukraine (OODA Loop) As announced by the State Department at the end of 2023: "As a result of Russia’s unprovoked war of aggression against Ukraine, the Tallinn Mechanism, hereafter referred to as “the Mechanism,” aims to coordinate and
Attacks, Threats, and Vulnerabilities
Zeppelin ransomware source code sold for $500 on hacking forum (BleepingComputer) A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500.
Ivanti warns critical EPM bug lets hackers hijack enrolled devices (BleepingComputer) Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.
Hacker hijacks Orange Spain RIPE account to cause BGP havoc (BleepingComputer) Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.
Weak password and infostealer blamed for Orange Spain outage (Register) No 2FA or special characters to prevent database takeover and BGP hijack
Infostealer infection of an Orange employee results in BGP disruptions (InfoStealers) Using the stolen account, the threat actor modified the AS number belonging to Orange’s IP address, resulting in major disruptions
Administrator Account for Middle East Internet Registry Hacked (Dark Reading) Attacker reveals access to account was enabled by weak password and no two-factor authentication.
RIPE NCC Access: Security Breach Investigation (RIPE Network Coordination Centre) The RIPE NCC is investigating an incident in which a RIPE NCC Access account was compromised.
RIPE Account Hacking Leads to Major Internet Outage at Orange Spain (SecurityWeek) Orange Spain’s internet went down for several hours after its RIPE account was hacked, likely after malware stole the credentials.
Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners (The Hacker News) Beware of hidden dangers in open-source libraries. Three new malicious PyPI packages found deploying cryptocurrency miners.
Polish Hackers Say Manufacturer's Repair DRM Killed Train's Power, Broke Compressor (404 Media) They found code that killed power to the train and broke a train's compressor: "We are 100% certain of our findings."
Side-Channel Attack Protection For Quantum Safe Cryptography (Semiconductor Engineering) Hardware implementations of new post-quantum encryption algorithms may be vulnerable to profiling attacks.
Avast researchers detect a surge in fake e-shops following holidays (Avast) We kick off the new year with expectations of sales, but beware: a dangerous wave of fake e-shops is spreading on the internet.
Why this company is blaming its customers for data breach (The Times of India) Genetic testing company 23andMe is facing 30 lawsuits from victims of the cyber attack it faced last year, involving the theft of genetic and ancestry
Law firm that handles data breaches was hit by data breach (TechCrunch) Global law firm Orrick, which works with companies affected by security incidents and hacks, has experienced its own data breach.
Mandiant restores hijacked X account (Register) Miscreants mock Google-owned security house: 'Change password please'
More than 800,000 CT residents impacted by data breach (CT Mirror) Yale New Haven Health was among the CT health systems affected by the data breach of MOVEit, a tool used by Denver-based company Welltok.
North Kansas City Hospital patient data may have been compromised in vendor data breach (Kansas City Business Journal) The breach did not affect North Kansas City Hospital’s security system directly, but an outside vendor’s system that the hospital employed for transcription services.
Security Patches, Mitigations, and Software Updates
Google Patches Six Vulnerabilities With First Chrome Update of 2024 (SecurityWeek) Google has released a Chrome 120 update to resolve six vulnerabilities, including four reported by external researchers.
Google Is Finally Killing Cookies. Advertisers Still Aren’t Ready. (Wall Street Journal) The search giant plans to remove a technology seen as critical to the digital-ad industry.
CISA Releases Three Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) CISA released three Industrial Control Systems (ICS) advisories on January 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Marketplace
Trustwave Enters Next Phase of Growth with Completion of Acquisition by MC² Security Fund (Trustwave) The MC² Security Fund, an affiliate of The Chertoff Group, today announced the completion of its acquisition of Trustwave.
Mimecast Acquires User Education Startup Elevate Security (SecurityWeek) Elevate Security raised $18.3 million in venture capital financing and scored investments from the likes of Cisco and CrowdStrike.
Airbus Offering to Buy Atos Cybersecurity Unit for Up to $2 Billion (SecurityWeek) French aerospace giant Airbus could acquire Atos’ cybersecurity unit for up to $2 billion, but discussions are at a preliminary stage.
Arctic Wolf bides its time on IPO (Financial Times) Chief Nick Schneider of $4.3bn cyber security group fears market conditions may only improve next year
Products, Services, and Solutions
Proton offers dealers online security as hacking threat grows (Automotive News) Reynolds and Reynolds' cybersecurity firm Proton emphasizes education, vigilance in the wake of growing cyberattacks and compliance requirements.
Briefing: OpenAI To Launch Chatbot Store Next Week (The Information) OpenAI is planning to launch its “GPT store” next week, according to a memo to developers seen by The Information. The store would allow customers of the AI model developer to share and sell OpenAI-powered chatbots customized for different purposes, such as lesson planning for middle school teachers.
The chatbot store was originally slated to open in November, but its launch was delayed to
Wait, has LinkedIn become a dating app? (Business Insider) People are mixing business with pleasure on the career networking site. What could possibly go wrong?
Technologies, Techniques, and Standards
IT and OT cybersecurity: A holistic approach (Security Intelligence) Securing IT and OT systems involves distinct challenges. Integrating your security principles is the best way to mitigate risk.
Marine Corps using exercises to mature new Information Command (DefenseScoop) Marine Corps Information Command is looking to mature regionally first with eventual aspirations for global integration.
ITI’s New Guide Outlines AI Content Authentication Tools and Policy Approaches (Information Technology Industry Council) As part of its AI Futures Initiative, global tech trade association ITI unveiled a new guide for global policymakers aiming to address the pressing need to authenticate AI-generated content, including chatbots, image, and audio generators.
Five steps to secure the Low Earth Orbit satellite environment (C4ISRNet) Opinion: Low Earth Orbit satellites face escalating cyber threats on much larger attack surfaces.
How to improve the protection of biometric devices and data (C4ISRNet) Opinion: DoD’s use of biometric data has been extensive, particularly in areas of conflict where accurate identification of individuals is critical for security.
Five Cryptologic Giants to be Inducted into NSA's Cryptologic Hall of Honor (National Security Agency/Central Security Service) The National Security Agency's (NSA) Center for Cryptologic History is pleased to announce the 2023 induction of five major cryptologic figures into the Cryptologic Hall of Honor.
Design and Innovation
The need for post-quantum cryptography in the quantum decade (EDN) Cyber resilience has long been a key focus for industry leaders, but the stakes have been raised with the rapid acceleration of quantum computing.
In search of a zero trust solution for critical defense infrastructure (C4ISRNet) Opinion: The Military Internet of Things remains a large, relatively unprotected attack surface area for adversaries looking to compromise U.S. defense operations.
Legislation, Policy, and Regulation
Lawmakers must build on Feds’ ransomware success in 2024 (Register) Headline-grabbing takedowns are nice, but long-term solutions require short-term sacrifices
The FCC Expands Scope of Data Breach Notification Rules (Inside Privacy) In late December 2023, the Federal Communications Commission (“FCC”) published a Report and Order (“Order”) expanding the scope of the data breach
Protecting those below the cyber-poverty line is critical to everyone (C4ISRNet) Opinion: Whatever resources these countries and organizations have devoted to cybersecurity, they are less than what is optimal.
US military’s Cyber National Mission Force gets a new chief (Record) Marine Corps Maj. Gen. Lorna Mahlock will assume command of the Cyber National Mission Force (CNMF) during a change of command ceremony at Fort Meade, Maryland.
Litigation, Investigation, and Law Enforcement
BreachForums administrator detained after violating parole (Record) Conor Brian Fitzpatrick was free on bond while awaiting sentencing. Officials said he violated parole by using a computer and VPN without the required monitoring software.
Four Cyber Criminals Convicted of Spreading ChatGPT-Assisted Ransomware (GBHackers on Security) Four Chinese cybercriminals were taken into custody after using ChatGPT to create ransomware. The lawsuit is the first of its sort in China, where OpenAI’s popular chatbot is not legally available, and Beijing has been tightening down on foreign AI.
Infosec experts divided over 23andMe’s breach blame game (Register) Users apparently at fault after reusing credentials the company didn't check were already compromised
In AirTags stalking lawsuit, federal judge says Apple likely negligent (Record) U.S. District Judge Vince Chhabria said his “tentative view” was that the plaintiffs’ lawyers in the case “adequately alleged a negligence claim" related to the design and oversight of AirTags.
AG James takes action against New York-Presbyterian Hospital over patient data breach (Rome Sentinel) New York Attorney General Letitia has announced the successful acquisition of $300,000 from the hospital due to the disclosure of health information belonging to website visitors.