Dateline
Ukraine at D+299: Cyber operations 300 days into the war. (CyberWire) Russia looks to shore up its ally, and to hunt down traitors, diversionaries, and the insufficiently committed at home and in the occupied territories.
Russia-Ukraine war: List of key events, day 300 (Al Jazeera) As the Russia-Ukraine war enters its 300th day, we take a look at the main developments.
Russia-Ukraine war live: Zelenskiy visits Bakhmut as Putin admits situation in parts of Ukraine ‘extremely difficult’ (the Guardian) Ukraine’s president visits frontline city to hand out awards to soldiers
Ukraine-Russia war latest: Moscow says it shot down four US-made missiles over Russian territory (The Telegraph) Moscow claims to have shot down four US-made Harm anti-radiation missiles over the Belgorod region which borders Ukraine, in one of its first such claims in nearly 10 months of fighting.
Watch: Vladimir Putin’s defence minister limps and hides hand during Minsk visit (The Telegraph) Sergei Shoigu accompanies the Russian president on trip to Belarus as Russia announces military drills with the country and China
Ukraine Russia war latest: Zelensky makes surprise visit to battle-torn front line city of Bakhmut (The Telegraph) Ukrainian President Volodymyr Zelensky has made an unannounced visit to battle-torn Bakhmut, the centre of one of the most brutal fights in the war to date.
Russia attacks Kyiv overnight with swarm of self-detonating drones (Washington Post) Russia attacked Kyiv and other Ukrainian cities in the early hours of Monday with a horde of self-detonating drones — once again bombing critical infrastructure but with a sinister tactical shift that seemed intended to deprive Ukrainians not only of heat, electricity and water but also of sleep.
The Invasion That Changed Everything (Foreign Policy) Russia’s invasion of Ukraine on Feb. 24 stunned the world and upended global politics.
‘Wiped out’: War in Ukraine has decimated a once feared Russian brigade (Washington Post) The bloody fate of the 200th Separate Motor Rifle Brigade is emblematic of Vladimir Putin’s derailed invasion plans
Putin arrives in ally Belarus after Russian drones hit Kyiv (NBC News) Belarus allowed its territory to be used as a launchpad for Moscow’s invasion of neighboring Ukraine, but it has not joined the fighting directly.
Moldova intel chief: Russia could aim for breakaway region (AP NEWS) Moldova’s national intelligence agency said Monday that Russia could launch a new offensive next year with an aim to “create a land corridor” through southern Ukraine to the Moscow-backed breakaway region of Transnistria.
Wartime Ukraine erasing Russian past from public spaces (AP NEWS) On the streets of Kyiv, Fyodor Dostoevsky is on the way out. Andy Warhol is on the way in. Ukraine is accelerating efforts to erase the vestiges of Soviet and Russian influence from its public spaces by pulling down monuments and renaming hundreds of streets to honor its own artists, poets, soldiers, independence leaders and others — including heroes of this year’s war.
Russia-Ukraine War: Putin Discusses ‘Unified’ Defense With Belarus During Visit to Its Capital (New York Times) The Russian president said he and his Belarusian counterpart talked about a “unified defensive space.” Ukraine has warned that Russian forces could be preparing a new offensive from Belarus.
‘Everybody has weapons’: Russia’s balkanized military sparks civil unrest concerns (Breaking Defense) The Wagner Group is one of several armed factions that rarely coordinate with Russia’s mainline military forces – and more may be forming.
Putin’s Cronies Turn on Russian Elite in Paranoid War Frenzy (The Daily Beast) Vladimir Putin’s top cheerleaders are panicking about Russian “sellouts” in their midst.
Putin’s Last Stand (Foreign Affairs) The promise and peril of Russian defeat.
China, Russia hold joint naval exercises to ‘deepen’ partnership (Al Jazeera) China and Russia have increased military exercises in an alignment of foreign policies and in opposition to the West.
The Russian military has a new pop song celebrating its ‘Son of Satan’ nuclear ICBMs (Task & Purpose) Because everyone knows ICBMs are a bop.
Send the Ground-Launched Small Diameter Bomb to Ukraine (Breaking Defense) The GLSDB would allow Ukrainian forces to strike Russian military targets up to 150 km away with an accuracy of around one meter, write John Hardie and Bradley Bowman of FDD.
How the algorithm tipped the balance in Ukraine (Washington Post) Two Ukrainian military officers peer at a laptop computer operated by a Ukrainian technician using software provided by the American technology company Palantir. On the screen are detailed digital maps of the battlefield at Bakhmut in eastern Ukraine, overlaid with other targeting intelligence — most of it obtained from commercial satellites.
‘We were allowed to be slaughtered’: calls by Russian forces intercepted (the Guardian) Calls between Russian soldiers and their loved ones – eavesdropped by Ukraine – reveal reality of war for Kremlin’s forces
Ukraine’s DELTA military system users targeted by info-stealing malware (BleepingComputer) A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the ‘DELTA’ situational awareness program to infect systems with information-stealing malware.
Ukraine’s Delta Military Intel System Hit by Attacks (Infosecurity Magazine) Phishing campaign spotted by CERT-UA
Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine (Unit 42) Ukraine and its cyber domain has faced ever-increasing threats from Russia. We give an update on APT group Trident Ursa (aka Gamaredon).
Cyber Dimensions of the Armed Conflict in Ukraine (CyberPeace Institute) Quarterly Analysis Report – Q3 July to September 2022 This quarterly analysis report provides insights on the cyber dimensions of the armed conflict in Ukraine. The report combines analysis of data collected in the Cyber Attacks
The Pentagon says it has helped Ukraine thwart Russian cyberattacks. (New York Times) Russia has struggled to see military gains from its cyberattacks in the world’s first sustained cyberspace battle between two sophisticated militaries.
Ukraine defense email systems infected by malware (Cybersecurity Insiders) Ukraine’s war miseries emerging from Russia seem to be never-ending as a compromised email account related to the country’s Ministry of Defense was caught sending phishing emails to users of the Delta Situational awareness program. Ukraine’s Computer Emergency Response Team of Ukraine created DELTA in March this year, to issue an alert to military personnel […]
Russian expatriate investors are under investigation (Washington Post) Western investigators scrutinize Russian emigre executives over Moscow links.
Scrutiny mounts over tech investments from Kremlin-connected expatriates (Washington Post) Western intelligence officials are investigating whether a network of wealthy and well-connected expatriate Russian investors is part of a covert effort to aid their native country in developing cutting-edge technologies such as quantum computing and artificial intelligence through start-ups they funded in the United States, according to people familiar with the inquiries.
Attacks, Threats, and Vulnerabilities
Information Operations Targeting 2022 U.S. Midterm Elections Include Trolling, Narratives Surrounding Specific Races, Politicians (Mandiant) Mandiant identified information operations activity from various foreign state-aligned campaigns during the 2022 U.S. midterm elections.
Iran and Russia were too distracted to meddle in midterm elections, US general says (CNN) Domestic unrest in Iran and Russia’s war in Ukraine may have distracted Tehran and Moscow from making more of an effort to influence or interfere in the 2022 US midterm election, a top US military cyberofficial said Monday.
Foreign disinformation efforts to interfere in US midterms mostly fizzle, but remain concerning, researchers say (CyberScoop) Crude and trollish, the efforts nevertheless show continued willingness of nation-states to meddle in U.S. elections.
Elastic IP Hijacking — A New Attack Vector in AWS (Mitiga) Mitiga Researchers found a new post-exploitation attack method, a novel way in AWS that may enable adversaries to hijack static public IP addresses for malicious purposes.
Flying Phish (DomainTools) In our latest blog, we’ll explore and analyze a recurring phishing campaign most recently used against a popular social media platform
[Blog] Deep Dive Into a BackdoorDiplomacy Attack – A Study of an Attacker’s Toolkit (Bitdefender) In this deep dive, we present our analysis of the recent operation by APT group BackdoorDiplomacy targeting telecom providers based in the Middle East.
SentinelSneak: Malicious PyPI module poses as security software development kit (ReversingLabs) A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
Malicious Python Trojan Impersonates SentinelOne Security Client (Dark Reading) A fully functional SentinelOne client is actually a Trojan horse that hides malicious code within; it was found lurking in the Python Package Index repository ecosystem.
Malicious ‘SentinelOne’ PyPI package steals data from developers (BleepingComputer) Threat actors have published a malicious Python package on PyPI, named ‘SentinelOne,’ that pretends to be the legitimate SDK client for the trusted American cybersecurity firm but, in reality, steals data from developers.
FBI and Partners Issue National Public Safety Alert on Financial Sextortion Schemes | Federal Bureau of Investigation (Federal Bureau of Investigation) The FBI, in partnership with Homeland Security Investigations and the National Center for Missing and Exploited Children, is issuing a national public safety alert regarding an explosion in incidents of children and teens being coerced into sending explicit images online and extorted for money—a crime known as financial sextortion.
HSI, federal partners issue national public safety alert on sextortion schemes (US Immigration and Customs Enforcement) A large percentage of these sextortion schemes originate outside the United States, primarily in West African countries such as Nigeria and Ivory Coast. As children enter winter breaks this holiday season, HSI and whole-of-government partners encourage parents and caregivers to engage with kids about sextortion schemes to help prevent them from becoming victims.
Armorblox Protects End Users from Email Attack Campaign that Bypassed O365 Security Layers (Armorblox) This blog examines an executive impersonation attack that impersonated two different employees across one organization. The email attack bypassed Microsoft Office 365 Email Security and had the potential to land in the inboxes of over 100,000 end users.
DraftKings warns data of 67K people was exposed in account hacks (BleepingComputer) Sports betting company DraftKings revealed last week that more than 67,000 customers had their personal information exposed following a credential attack in November.
Threat Spotlight: XLLing in Excel – threat actors using malicious add-ins (Cisco Talos Blog) As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
Blindside: A New Technique for EDR Evasion with Hardware Breakpoints (Cymulate) Cymulate researchers have discovered a new vulnerability and were able to create a proof of concept, technique based on it it allows attackers to circumvent many EDR vendors.
How SolarWinds still affects supply chain threats, two years later – CNXTODAY (CNXTODAY) Since 2020, Mandiant has also observed an increase in financially-motivated threat actors targeting the software supply chain. These actors compromised popular software packages and even mobile applications in order to deploy ransomware, cryptocurrency miners, and banking trojans. In one case, malicious code was inserted into a popular package, prompting the U.S. Cybersecurity and Infrastructure
Member data exposed in cyber attack on insurer (Business Insurance) A cyber attack on New Zealand’s largest insurer of medical professionals has potentially exposed the personal data of its members, NZ Herald reported. The cyber attack on Medical Assurance Society New Zealand Ltd. is the latest in a series of possible data breaches at health-related insurers and government organizations.
LAPS: Update On August Cyber Attack (Los Alamos Reporter) Over the next few days, some of you may receive a letter in the mail with the notification that some of your personal information was i…
A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook? (MIT Technology Review) Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.
API Vulnerabilities Discovered in LEGO Marketplace (Infosecurity Magazine) The vulnerabilities, which are now fixed, could have put sensitive customer data at risk
Cyberangriff auf H-Hotels.com (H-Hotels) interne und externe Kommunikation derzeit nur eingeschränkt verfügbar +++ Hotelbetrieb ist sichergestellt
Incident responders brace for end-of-year cyber scaries (Cybersecurity Dive) Fears of the next SolarWinds or Log4j-style incident hitting over the holidays have some cybersecurity experts on edge.
It’s beginning to look a lot like a ‘scammy’ Christmas: Festive season spam is hitting inboxes, Bitdefender Labs warns (Hot for Security) The Christmas season is full of carols, joy, gifts and spam.
Last minute shoppers face bigger cyber risk (Retail Customer Experience) Consumers who wait until the last moment for holiday shopping face a greater cyber risk, according to a Kaspersky survey. One reason is that 40% of U.S. consumers doing most of their shopping after Dec.
Introducing Phishmas (Avanan) The Phishmas series is here.
Top Brand Impersonation Attacks Detected by Armorblox in 2022 (Armorblox) Check out the many real-life examples of email threats that were detected and stopped by Armorblox in 2022. These attacks impersonate trusted brands in an attempt to deploy malware and steal user credentials, data, and money.
Vulnerability Summary for the Week of December 12, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Microsoft finds macOS bug that lets malware bypass security checks (BleepingComputer) Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions.
Trends
Rezilion Research Rounds Up 2022 Vulnerabilities (Rezilion) Rezilion’s research team offers a 2022 vulnerabilities recap with a look at the headline-making vulnerabilities discovered in the last year.
The Data Breach Perception Problem in 2022 (Hive Systems) The 2022 update to our research that compares how data breaches happened, what academia published, what the news covered, and what people Googled.
A year in cyber: Computing’s biggest security stories of 2022 (Computing) A month-by-month look at the most important happenings in cyber
Average cost of a data breach expected to hit $5 million in 2023 (SC Media) Acronis researchers found that phishing accounts for 76% of all attacks, rising by 1.3 times between July and October 2022.
Microsoft security leaders make 9 key cybersecurity predictions for 2023 (VentureBeat) Microsoft security leaders and analysts reveal 9 cybersecurity predictions for 2023, including an increase in ransomware.
Marketplace
Germany’s VMRay ties up $34 million series B to expand threat detection and analysis (Tech.eu) VMRay is spearheaded by the malware analysis and detection pioneers Dr. Carsten Willems and Dr Ralf Hund.
Zscaler Becomes Member of Joint Cyber Defense Collaborative to Enhance Cybersecurity Posture of U.S. and Strategic International Partners (GlobeNewswire News Room) Coalition to Leverage ThreatLabz expertise and Intelligence from Zscaler’s Cloud Security Platform to Strengthen Global Cyber Resiliency…
Elon Wants Some Twitter Help (Bloomberg) Also a Twitter stock offering, Voyager, crypto auditors, muni blockchain and Bored Ape theft.
Musk Says Twitter Will Restrict Voting on Policy to Blue Members (Bloomberg) Twitter boss has yet to address poll calling for his exit. Musk promised to submit major policy decisions to votes.
Twitter investors divided on Musk moves (Axios) Musk owns Twitter, but outside investors helped finance his acquisition.
Egnyte Maintains No. 1 Position in Multiple Data Security and Data Governance G2 Winter 2023 Reports (Egnyte) Egnyte, the secure platform for content collaboration and governance, today announced it has been named a leader and No. 1 ranked vendor by software marketplace G2 in several of its Winter 2023 reports.
Sectigo Appoints Kevin Weiss as Chief Executive Officer (GlobeNewswire News Room) Former McAfee President Chosen to Drive Next Stage of Growth at Digital Trust Leader Sectigo…
Semperis Accelerates Adoption of Identity Threat Detection and Response in the Public Sector with Key Appointment (Business Wire) Semperis, a pioneer in identity-driven cyber resilience, today announced the appointment of Jared Vichengrad as Vice President of Public Sector as par
Products, Services, and Solutions
BackBox Named Best Network Automation Solution (BackBox Software) BackBox was named Best Network Automation Solution in the Centralized Multi Vendor Network Automation category of the 2022 ‘ASTORS’ Homeland Security Awards.
Aryaka Wins Fierce Innovation Award for its Managed SD-WAN and SASE Services (PR Newswire) Aryaka®, the leader in Unified SASE solutions, announced today that it has won a Fierce Innovation Award for its managed SD-WAN and SASE…
Industry-Leading Digital Intelligence Platform Chooses to Collaborate with Scytale to Automate its Security Compliance (PR Newswire) Scytale, a security compliance automation platform, announces it is working with Cellebrite DI to automate the company’s security compliance…
Kaspersky has launched a new online cybersecurity training ‘Reverse Engineering 101’ (Silicon India) Kaspersky has launched a new online cybersecurity training ‘Reverse Engineering 101’ – IT professionals will be able to top up their skills, as Kaspersky has added its new ‘Reverse Engineering…
Stellar Cyber, Netskope Announce XDR-SASE Integration (MSSP Alert) MSSPs can use Stellar Cyber’s Open XDR platform and Netskope’s SASE capabilities to get insights into customers’ cyber risks and threats.
LogRhythm Partners with SentinelOne to Accelerate Prevention, Detection and Response for Enterprise Environments (BusinessWire) New integration empowers security teams to identify behavioral anomalies, threats, and prioritize their responses based on accurate intelligence
Alcatraz AI Achieves Key Security and Privacy Certifications Based on Internationally Recognized ISO Standards (GlobeNewswire News Room) Alcatraz AI now certified adhering to ISO 27001, ISO 27017, and ISO 27018…
Scottish businesses offered free cyber assessment (BusinessInsider) Scottish Business Resilience Centre offering support to firms of all sizes
Technologies, Techniques, and Standards
How to set up parental controls on your child’s new smartphone (WeLiveSecurity) Give yourself peace of mind and help create a safe online space for your child. Here’s how to set up parental controls on Android and iOS.
Research and Development
DARPA’s explorations in quantum computing search for the art of the possible in the realm of the improbable (Breaking Defense) Physicists say it is a flip of the coin whether quantum computing will end up a revolutionary capability or not much better than today’s supercomputers. And yet, quantum’s potential means there’s too much promise there to ignore.
The World-Changing Race to Develop the Quantum Computer (The New Yorker) Such a device could help address climate change and food scarcity, or break the Internet. Will the U.S. or China get there first?
DHS Seeks Ideas for Automated Cyberattack Detectors in Annual Notice (Nextgov.com) The annual solicitation from the Small Business Innovation Research program seeks proposals for addressing seven different technology issues facing the Department of Homeland Security.
New Investments in PAWR Program for 5G, 6G, and Beyond (PAWR) New Investments in PAWR Program Amid Wave of Federal and Industry Investment in Research Testbeds for 5G, 6G, and Beyond
Academia
New Zealand-made software putting schools at risk of cyber attack (RNZ) Education Minister Chris Hipkins last year urged officials to act faster, documents show.
Introducing Global Technology’s cyber apprenticeship (Medium) A new apprenticeship program offers a new approach to building the cyber talent pipeline.
Legislation, Policy, and Regulation
UN chief concerned about how social media platforms are managed more than who runs them (Xinhua) UN chief concerned about how social media platforms are managed more than who runs them-
Cyber Warefare Is Getting Real (WIRED) The risk of escalation from cyberattacks has never been greater, and the pursuit of peace never more complicated.
Cyber Command conducted offensive operations to protect midterm elections (The Record by Recorded Future) U.S. Cyber Command conducted defensive and offensive operations to thwart foreign actors from interfering in the 2022 midterms.
The Evolution of Cyber: Newest Subordinate Unified Command is Nation’s Joint Cyber Force (U.S. Cyber Command) The Cyber National Mission Force officially became the Department of Defense’s newest subordinate unified command during a ceremony at U.S. Cyber Command Headquarters here, Dec. 19, 2022, highlighting
Cyber National Mission Force elevated in fight against foreign hackers (The Record by Recorded Future) The Defense Department on Monday elevated the status of a key digital warfighting force, the latest sign of the maturation in U.S. cyber warfare.
Cyber Director’s Preview of National Strategy Highlights Federal Software Procurement (Nextgov.com) The national cyber director also indicated plans to rely on feedback from members of the software industry who are working on recommendations for “streamlining” sector-specific regulations.
Tech Companies Make Final Push to Head Off Tougher Regulation (Wall Street Journal) The industry has spent more than $100 million to fight antitrust measures and other bills in Congress.
Litigation, Investigation, and Law Enforcement
Sam Bankman-Fried’s Lawyers Hash Out His Transfer to U.S. After Confusion in Court (Wall Street Journal) The FTX founder has agreed to be extradited, with lawyers drafting documents, according to a person familiar with the matter.
FTX Debtors Announce Process for Voluntary Return of Avoidable Payments (PR Newswire) FTX Trading Ltd. (d.b.a. FTX.com), and its affiliated debtors (together, the “FTX Debtors”), today announced the FTX Debtors have been…
Amazon Agrees to Settle EU Antitrust Cases, Avoiding Fines (Wall Street Journal) The online retail giant settled two antitrust cases related to allegations about its treatment of third-party sellers on its platform, ending some of the bloc’s most advanced cases targeting a U.S. tech company.
Meta Hit With EU Antitrust Charges Over Marketplace Service (Bloomberg) EU sends statement of objections over concerns of unfair tying. Case is latest round of EU-wide crackdown on power of Big Tech.
WSJ News Exclusive | FCC Deadlock Shields Wireless Companies From Privacy Penalties (Wall Street Journal) Cellphone carriers facing roughly $200 million in fines are for now shielded from paying by a partisan deadlock at the FCC, according to people familiar with the matter.
Equifax Statement on Distribution of Benefits by the Court-Appointed Third-Party Settlement Claims Administrator (Equifax) U.S. consumers who filed claims in the Equifax Data Breach Settlement and qualified for benefits began receiving settlement payments on December 19, 2022 from a courtappointed a hrefhtt…
Read the full article here