Dateline Moscow and Kyiv: Russia consolidates fallback positions and adopts harsh leadership methods.
Ukraine at D+261: Withdrawal to defensible lines. (CyberWire) Russian forces continue to consolidate their fall-back positions. Another wiper attack is observed, “From Russia with Love.”
Russia-Ukraine war: List of key events, day 264 (Al Jazeera) As the Russia-Ukraine war enters its 264th day, we take a look at the main developments.
Russia evacuates city east of Kherson to bolster defensive lines (The Telegraph) Soldiers ‘strengthen fortification’ and prepare for Ukrainian attack in Nova Kakhovka after troops make humiliating retreat
Russia-Ukraine war – as it happened: Moscow declares new ‘temporary capital’ for Kherson region after Ukraine retakes city (the Guardian) Russian state news agency says Henichesk declared temporary administrative capital after Kherson city taken by Ukraine
Kherson celebrates Russian exit yet faces huge rebuilding (AP NEWS) Residents of Kherson celebrated the end of Russia’s eight-month occupation for the third straight day Sunday, even as they took stock of the extensive damage left behind in the southern Ukrainian city by the Kremlin’s retreating forces.
Zelensky says ‘Kherson is ours’ after collapse of Russia’s frontline (The Telegraph) ‘Hope for Ukraine is always justified – and Ukraine always returns its own’
Ukraine war latest: Zelensky says Himars made ‘huge difference’ in first visit to liberated Kherson (The Telegraph) Volodymyr Zelensky thanked the West for Himars rockets that helped recapture Kherson as he visited the newly liberated city for the first time.
Street Parties Underway as Ukraine Liberates Key City of Kherson (The Daily Beast) Ukrainian flags have been raised in the city occupied by Russian soldiers since March.
Zelenskyy says Ukrainian special military units in Kherson (AP NEWS) Ukraine’s president said Friday that special military units have entered the city of Kherson. In a video address hours after Russia said it had completed withdrawing troops from the strategically key city, President Volodymyr Zelenskyy said: “As of now, our defenders are approaching the city.
Ukraine Pushes Russia Out of Kherson, the Biggest Liberation Yet (Foreign Policy) Ukraine is continuing its offensive—even in subzero temperatures.
West’s Himars opened the door to Ukraine’s liberation of Kherson (The Telegraph) The highly accurate rocket system wrought havoc on bridges, supply depots and command HQs, helping to push the Russians out of the city
Russian missile supplies running low, Ukrainian intel says (Jerusalem Post) As Russia’s weapon supply runs lower and lower by the day, they have no choice but to ask for help from allies with supplies – or worse – retreat.
Battle of Kherson: Russian retreat confirms Putin is losing the war (Atlantic Council) The war is still far from over, but Ukraine’s victory in the Battle of Kherson may eventually come to be seen as one of the key turning points in the defeat of Vladimir Putin’s invasion, writes Andriy Zagorodnyuk.
Ukrainian soldiers reach centre of Kherson city after Russian retreat (The Telegraph) Ukrainian soldiers have been warmly welcomed to Kherson city amid jubilant scenes marking the end of more than eight months of Russian occupation.
Russia-Ukraine war: Zelenskiy says Kherson ‘never gave up’ as Ukrainian troops reach city centre – as it happened (the Guardian) President Zelenskiy hails ‘historic day’ and promises ‘Ukraine will come to all its people’
Ukrainian soldiers reach centre of Kherson city after Russian retreat (The Telegraph) Ukrainian soldiers have been warmly welcomed to Kherson city amid jubilant scenes marking the end of more than eight months of Russian occupation.
Ukrainian Forces Enter Kherson as Russia Completes Retreat (Wall Street Journal) Cheering Ukrainians welcomed the arriving troops and raised their national flag in a public square in the key southern city, according to videos posted online by Ukrainian officials.
Ukraine says troops enter Kherson city after Russians retreat (Washington Post) Ukraine said Friday that its troops were spreading out in the southern city of Kherson and retaking control of the regional capital from Russian forces after months of fighting.
Russia claims Kherson retreat complete as Ukrainian rockets rain down on troops (The Telegraph) Russian troops flee over pontoon bridges as Ukrainian forces close in symbolic city
Putin faces humiliating defeat as Russia announces Kherson retreat (Atlantic Council) Russia’s retreat from Kherson is a turning point in the invasion of Ukraine and a personal humiliation for Vladimir Putin just weeks after he declared that the city had joined the Russian Federation “forever.”
Russia is ‘turning Kherson into a deathtrap’ (The Telegraph) Russia plans to turn Kherson city into a deathtrap, a senior advisor to the Ukrainian President warned on Thursday.
How Putin’s withdrawal from Kherson leaves Russian troops exposed (The Telegraph) Conducting a fighting retreat across a river is one of the most complicated manoeuvres a military force can undertake
More than 30,000 Russian troops pulled back to left bank of Dnieper River — top brass (TASS) It is reported that the Russian troops and military units pulled back from the right bank have taken fortified defensive lines and positions
Воля для маневра: почему ВС РФ уходят с правобережья Днепра (Известия) Высвободившаяся группировка будет использована на других направлениях
EXPLAINER: How important is a Russian retreat from Kherson? (AP NEWS) Ukrainian officials said Friday that Ukrainian flags were appearing “en masse and all over the place,” in the wake of Russia’s retreat from the southern region of Kherson, one of the four regions in Ukraine that Russian President Vladimir Putin annexed in September.
Russia’s wounded soldiers abandoned to their fate in Kherson as army flees before Ukrainian advance (The Telegraph) Kyiv announces liberation of more than a dozen towns but warns city itself may have been heavily mined by retreating Kremlin troops
Russian wives on mission to rescue husbands injured on the battlefield (The Telegraph) Women complain that ‘our guys are being thrown into the fight like blind kittens’, as they save servicemen abandoned in Ukraine
In ceding power to wiser generals, Putin is learning from his mistakes (The Telegraph) Russia may be starting to pose a tougher, more professional challenge to Ukraine’s forces
Ukraine wants G20 help on Russian deportations of children (Al Jazeera) Kyiv says thousands of children have been taken to Russia and that deportations should be investigated as a war crime.
Britain and the EU call on allies to snub Russia at G20 (The Telegraph) Both plan to confront Moscow at the Bali summit over its illegal invasion of Ukraine but will stage walkouts when its delegates speak
Putin’s dirty bomb threat isn’t what it seems (The Telegraph) An empty threat or false flag operation? When it comes to radioactive weapons, the world must take it seriously
Ukraine urged to grasp ‘window of opportunity’ for peace talks with Russia (The Telegraph) US holding discussions with Kremlin ahead of G20 summit showdown
Drone analysis in Ukraine suggests Iran has supplied Russia since war began (the Guardian) Guardian visits space used by Ukrainian military intelligence to examine captured drones
Russian ambassador blames Japan for strained relations (AP NEWS) Russia’s ambassador to Tokyo blamed Japan on Friday for straining relations between the countries by imposing sanctions on Moscow over its war with Ukraine. Mikhail Galuzin also accused the United States of attempting to isolate Russia from the international community and of pressuring many countries into supporting a U.N.
Russia ‘tried and failed’ to test nuclear torpedo (The Telegraph) Technical problems may have prevented launch from cruise missile submarine, amid alarm at Vladimir Putin’s veiled atomic threats
China Premier Li emphasised ‘irresponsibility’ of nuclear threats at Asia summit – U.S. official (Yahoo) Chinese Premier Li Keqiang emphasised the “irresponsibility” of nuclear threats during a summit in Cambodia, suggesting Beijing is uncomfortable with strategic partner Russia’s nuclear rhetoric, a senior U.S. official said on Monday. Li participated in the East Asia Summit on Sunday along with U.S. President Joe Biden. The Chinese premier “spoke rather extensively about China’s policy towards Ukraine,” said a senior U.S. administration official, who briefed reporters ahead of a summit between Biden and Chinese President Xi Jinping on Monday.
Russia is a rogue state, Rishi Sunak tells G20 leaders (The Telegraph) PM attacks Vladimir Putin over no-show at Bali summit to explain his actions in Ukraine
Video shows sledgehammer execution of Russian mercenary (Reuters) Russia’s Yevgeny Prigozhin, a close ally of President Vladimir Putin, said on Sunday that a former mercenary who was filmed being executed by a sledgehammer blow to the head after changing sides in the Ukraine war was a traitor.
Russian prisoner turned Wagner mercenary brutally executed while trying to desert (The Telegraph) Fighters famed for their bloody reputation film the distressing killing to impress their boss, who is nicknamed ‘Putin’s chef’
US national interests are best served by stopping Vladimir Putin in Ukraine (Atlantic Council) As Ukraine defends itself against a full-scale Russian invasion, continued American support is not only the morally correct position but also in the national interests of the United States, writes Steven Pifer.
Sabrina Singh, Deputy Pentagon Press Secretary, Holds a Press Briefing (U.S. Department of Defense) Deputy Pentagon Press Secretary Sabrina Singh updated reporters during a Defense Department news briefing.
$400 Million Security Package Headed to Ukraine (U.S. Department of Defense) Missiles for the HAWK air defense system, along with four Avenger air defense systems and Stinger missiles are headed to Ukraine as part of a presidential drawdown authority security assistance
Don’t lose track of British weapons in Ukraine (The Telegraph) While continuing to send arms to Kyiv, we must beware of adversaries stealing our military tech
‘Dark Ships’ Emerge From the Shadows of the Nord Stream Mystery (WIRED) Satellite monitors discovered two vessels with their trackers turned off in the area of the pipeline prior to the suspected sabotage in September.
Information on cyberattacks of the group UAC-0118 (FRwL) using the Somnia malware (CERT-UA#5185) (CERT-UA) Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.
Ukraine says Russian hacktivists use new Somnia ransomware (BleepingComputer) Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called ‘Somnia,’ encrypting their systems and causing operational problems.
Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands (Help Net Security) CERT-UA has uncovered an attack campaign aimed at compromising Ukrainian organizations with Somnia ransomware.
Russian Sandworm hackers deployed malware in Ukraine and Poland (Washington Post) Russia takes center stage at CyberWarCon
New “Prestige” ransomware impacts organizations in Ukraine and Poland (Microsoft) The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the transportation and related logistics industries in Ukraine and Poland utilizing a previously unidentified ransomware payload. We observed this new ransomware, which labels itself in its ransom note as “Prestige ranusomeware”, being deployed on October 11 in attacks occurring within an hour of each other across all victims.
Microsoft links Russia’s military to cyberattacks in Poland and Ukraine (Ars Technica) The hacking group Microsoft ID’d is among the world’s most cutthroat and skilled.
Microsoft attributes ‘Prestige’ ransomware attacks on Ukraine and Poland to Russian group (The Record by Recorded Future) Microsoft officially attributed cyberattacks featuring the Prestige ransomware to a group based in Russia called Iridium.
Wipe it or exfiltrate? How Russia exploits edge infrastructure to disrupt and spy during wartime (SC Media) Destructive hacks must compete with other intelligence-gathering and espionage-minded mandates for Russian military intelligence agencies. Mandiant researchers outlined how Russian hackers have leveraged what they call “edge IT infrastructure” to do both.
Russia’s New Cyberwarfare in Ukraine Is Fast, Dirty, and Relentless (WIRED) Security researchers see updated tactics and tools—and a tempo change—in the cyberattacks Russia’s GRU military intelligence agency is inflicting on Ukraine.
Russian military hackers linked to ransomware attacks in Ukraine (BleepingComputer) A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group.
Analysis of Russian Cyberspy Attacks Leads to Discovery of Windows Vulnerability (SecurityWeek) While analyzing Russian cyberespionage group APT29’s LDAP queries to Active Directory, Mandiant identified a vulnerability in the credential roaming functionality in Windows.
Development of the Ukrainian Cyber Counter-Offensive (Trustwave) Russia’s military incursion against Ukraine began on February 24, 2022, with a massive ground attack supported by several cyber incidents. This activity set the stage for what would become an active hybrid war fought in two domains: cyber and ground warfare.
Kaspersky to kill its VPN service in Russia next week (BleepingComputer) Kaspersky is stopping the operation and sales of its VPN product, Kaspersky Secure Connection, in the Russian Federation, with the free version to be suspended as early as November 15, 2022.
U.K. Sanctions Have Frozen More Than $21 Billion in Russian Assets (Wall Street Journal) The U.K. said it plans to ramp up sanctions to ‘exert maximum economic pressure’
Rishi Sunak vows to ‘call out’ Vladimir Putin at G20 summit (The Telegraph) The Kremlin confirmed the Russian president will not travel to Indonesia, but said he may still participate via video link
Ukraine FM: Moscow playing ‘hunger games’ with world (AP NEWS) Ukraine’s Foreign Minister Dmytro Kuleba pressed Southeast Asian countries for political and material support in his county’s fight against Russia , while accusing Moscow on Saturday of playing “hunger games” with the world by holding up shipments of Ukrainian grain and other agricultural products.
U.S. to sanction military procurement network aiding Russia, Yellen says (Reuters) U.S. Treasury Secretary Janet Yellen said the United States will impose new sanctions on a transnational network of individuals and companies that have been working to procure military technologies for Russia’s war effort in Ukraine.
Putin’s KGB mentor-turned-critic dies of mystery ‘serious illness’ (New York Post) Victor Cherkesov, former chief of the State Drug Control Service and a one-time member of Vladimir Putin’s inner circle, died in St. Petersburg after what was described as a “serious il…
Mystery of Putin’s foreign minister Sergei Lavrov and a hospital visit (The Telegraph) Russian foreign secretary reportedly suffered a health problem following his arrival for G20 summit in Bali
Attacks, Threats, and Vulnerabilities
Lookout Discovers Long-running Surveillance Campaigns Targeting Uyghurs (Lookout) Researchers from Lookout Threat Lab have uncovered two new surveillance campaigns, BadBazaar and MOONSHINE, targeting Uyghurs in the People’s Republic of China and abroad.
CISA chief ‘encouraged’ by lack of attacks on midterms (The Record by Recorded Future) A top U.S. cybersecurity official on Thursday said she was “encouraged” that the 2022 midterm elections did not come under significant influence by foreign adversaries.
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite (CISA) CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include an additional Malware Analysis Report containing new indicators of compromise.
Exclusive: Russian software disguised as American finds its way into U.S. Army, CDC apps (Reuters) Thousands of smartphone applications in Apple and Google’s online stores contain computer code developed by a technology company, Pushwoosh, that presents itself as based in the United States, but is actually Russian, Reuters has found.
Unit 42 Finds Three Vulnerabilities in OpenLiteSpeed Web Server (Unit 42) Unit 42 discovered three vulnerabilities in OpenLiteSpeed Web Server and LiteSpeed Web Server that could be used together for remote code execution.
BATLOADER: The Evasive Downloader Malware (VMware Security Blog) We explore the Batloader malware, its history, attributes, how it is delivered, the infection chain, and Carbon Black’s detection capabilities.
Internet Crime Complaint Center (IC3) | Scammers Using Computer-Technical Support Impersonation Scams to Target Victims and Conduct Wire Transfers (IC3) As recently as October 2022, the FBI observed several instances nationwide of scammers conducting computer-technical support scams, where criminals pose as service representatives of a company’s technical or computer repair service and contact victims through
Here’s how scammers commit refund fraud to steal from retailers (Cybersixgill News) A tactic called refunding is growing in popularity. On underground forums scammers share how they make cash by defrauding retailers.
Clone Phishing: How to Protect Your Business from this Deceptive Cyberthreat (Vade Secure) Clone phishing is an advanced type of phishing attack. Learn what it is and how to protect your business.
Hired Hand: Group-IB uncovers wide-scale phishing campaign that sees scammers mimic KSA manpower provider (Group-IB) Group-IB, one of the global leaders in cybersecurity, has today published its research into a wide-scale phishing scheme that sees scammers impersonate one of the leading manpower agencies in the Kingdom of Saudi Arabia (KSA).
Worok hackers hide new malware in PNGs using steganography (BleepingComputer) A threat group tracked as ‘Worok’ hides malware within PNG images to infect victims’ machines with information-stealing malware without raising alarms.
Coast Guard Warns of Malicious Typosquatting Directed at Port Facility Websites (HS Today) Misspellings of several U.S. port facility domains “have recently been registered, likely for malicious purposes,” USCG Cyber Command reported.
ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers (SecurityWeek) A serious vulnerability affecting ABB oil and gas flow computers can cause disruptions and prevent utilities from billing their customers.
Popular UK motor racing circuit investigating ransomware attack (The Record by Recorded Future) One of the most popular motor racing circuits in the United Kingdom is investigating a ransomware attack this week.
Canadian food retail giant Sobeys hit by Black Basta ransomware (BleepingComputer) Grocery stores and pharmacies belonging to Canadian food retail giant Sobeys have been experiencing IT systems issues since last weekend.
Sobeys data breach serves as wake up call for industry: expert (Global News) Provincial privacy watchdogs in Quebec and Alberta say they have received data breach reports from Sobeys, which has been dealing with “IT system” issues for much of the past week.
Aiphone door entry systems can be ‘easily’ bypassed thanks to NFC bug (TechCrunch) The vulnerability in the door entry security system, used in government buildings and apartment complexes, cannot be fixed.
Medibank data leak escalates further ahead of its crucial annual meeting (Sky News) The hackers behind the Medibank data attack have released more sensitive customer information to the dark web following a week of drip-feeding data online.
Abortions, Drug Use Exposed in Cyber Attack on Australian Health Insurer Medibank (Insurance Journal) When the Australian health insurer Medibank Private Ltd. was hit with a ransomware attack last month, it provided regular updates to its customers,
Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million (SecurityWeek) A ransomware group is offering stolen Continental data for $50 million after the car parts giant confirms theft of files.
Bankrupt Crypto Exchange FTX Probing Unauthorized Transactions (Wall Street Journal) More than $370 million worth of crypto funds appears to be missing, according to a crypto analytics firm.
‘FTX Has Been Hacked’: Crypto Disaster Worsens as Exchange Sees Mysterious Outflows Exceeding $600M (CoinDesk) FTX officials appeared to confirm rumors of a hack on Telegram, instructing users to delete FTX apps and avoid its website.
Booz Allen Hamilton Holding Corporation notifies employees of insider breach (DataBreaches.net) Booz Allen Hamilton Holding Corporation has disclosed an insider breach involving the sensitive, personally identifiable information (PII) of active employees as of March 29, 2021.
Thales confirms hackers have released its data on the dark web (Reuters) French defence and technology group Thales said on Friday data relating to the group has been released on the “publication platform” of the hacker group LockBit 3.0, confirming media reports.
Lockbit gang leaked data stolen from global high-tech giant Thales (Security Affairs) The Lockbit 3.0 ransomware gang started leaking the information allegedly stolen from the global high-tech company Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential […]
Dark Web Recruitment: Malware, Phishing, and Carding (Digital Shadows) In our first blog in this series, we covered how ransomware groups go about their recruitment, with their large teams comprising many threat actors with niche skill sets. We all know how high-profile, widespread, and lucrative the ransomware industry is. It feels like new groups appear every week. But it’s important to remember that other
How Cambodia’s scam mills reel in new “cyber slave” workers (Rest of World) Casual trafficking, calls to parents, misleading ads: even with global pressure, recruitment is rife.
November 9 CISA KEV Breakdown | 7 Zero-Days Added (Nucleus Security) In this Breakdown, Nucleus experts explore the seven vulnerabilities added to the KEV on November 9, 2022.
Security Patches, Mitigations, and Software Updates
CISA Releases Twenty Industrial Control Systems Advisories (CISA) CISA has released twenty (20) Industrial Control Systems (ICS) advisories on November 10, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
Siemens Parasolid (CISA) 1. EXECUTIVE SUMMARY. CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process.
Siemens Web Server Login Page of Industrial Controllers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable Remotely/low Attack Complexity Vendor: Siemens Equipment: SIMATIC Industrial Controllers and Software Vulnerability: Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to track the activity of other users.
Siemens SINEC Network Management System Logback Component (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEC NMS Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers with write access to the logback configuration file to execute arbitrary code on the system.
Siemens SINUMERIK ONE and SINUMERIK MC (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SINUMERIK ONE and SINUMERIK MC Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to discover the private key of a given CPU product family via an offline attack against a single CPU from the family.
Siemens RUGGEDCOM ROS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROS Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition where the affected web servers wait for the completion of each request, occupying all available HTTP connections.
Siemens QMS Automotive (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: QMS Automotive Vulnerability: Cleartext Storage of Sensitive Information in Memory 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read credentials and impersonate authorized users.
Omron NJ/NX-series Machine Automation Controllers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely, public exploits are available Vendor: Omron Equipment: NJ/NX-series Machine Automation Controllers Vulnerability: Active Debug Code 2.
Omron NJ/NX-series Machine Automation Controllers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Omron Equipment: NJ/NX-series Controllers and Software Vulnerabilities: Hard-coded Credentials, Authentication Bypass by Capture-replay 2.
Siemens Teamcenter Visualization and JT2Go (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Teamcenter Visualization and JT2Go
Vulnerabilities: Heap-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Use After Free, Stack-based Buffer Overflow
Siemens SCALANCE W1750D (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE W1750D Vulnerabilities: Uncontrolled Resource Consumption, Buffer Copy without Checking Size of Input, Improper Neutralization of Input During Web Page Generation, Improper Neutralization of Special Elements used in a Command, Improper Input Validation 2.
Siemens SICAM Q100 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely / low attack complexity Vendor: Siemens Equipment: SICAM Q100 Vulnerabilities: Session Fixation, Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take over the session of a logged in user or to inject custom code.
Siemens Capital VSTAR (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely / Low attack complexity
Vendor: Siemens
Equipment: Capital VSTAR
Vulnerabilities: Access of Resource Using Incompatible Type, Improper Validation of Specified Quantity in Input, Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Null Termination, Integer Underflow, Improper Handling of Inconsistent Structural Elements
Siemens SCALANCE X-200 and X-200IRT Families (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X-200 and X-200IRT Families Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to steal session cookies and hijack a session.
Siemens RUGGEDCOM ROS (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROS Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could occupy all available HTTP connections and cause a denial-of-service condition.
LS ELECTRIC PLC and XG5000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely Vendor: LS Electric, LS Industrial Systems (LSIS) Co. Ltd Equipment: LS ELEC PLC and XG5000 Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to decrypt credentials and gain full access to the affected programmable logic controller (PLC).
Delta Electronics DIAEnergie (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Cross-site Scripting, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to inject arbitrary code to retrieve and modify database contents and execute system commands.
Siemens Mendix SAML Module (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Mendix SAML Module Vulnerability: Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to gain unauthenticated access to the application.
Siemens SCALANCE and RUGGEDCOM Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Multiple SCALANCE and RUGGEDCOM products Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow low privileged attackers to escalate privileges.
Siemens Questa and ModelSim (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.0
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Questa Simulation and ModelSim Simulation
Vulnerability: Insufficiently Protected Credentials
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow access to unencrypted data.
Siemens RUGGEDCOM Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords.
Cisco Releases Security Updates for Multiple Products (CISA) Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following advisories and apply the necessary updates:
Apple Patches Remote Code Execution Flaws in iOS, macOS (SecurityWeek) Apple has released patches for two arbitrary code execution vulnerabilities impacting the libxml2 library in iOS and macOS.
Dangerous SIM-swap lockscreen bypass – update Android now! (Naked Security) A bit like leaving the front door keys under the doormat…
Trends
Industries boost cyber defenses against growing number of attacks (Moodys) A new corporate landscape has emerged since the start of the Covid-19 pandemic. Many businesses have shifted to virtual workforces, decentralized systems, wireless mobility and remote access for partners and vendors.
Ransomware tracker: the latest figures (The Record by Recorded Future) Colonial Pipeline, JBS Foods, Kaseya — we’re only halfway through 2021, but it can already be dubbed the year of ransomware.
Delinea Report Reveals That Nearly 80% of Companies Have Had to Use Their Cyber Insurance, and More Than Half of Those Have Used It Multiple Times (PR Newswire) Delinea, a leading provider of Privileged Access Management (PAM) solutions for seamless security, today published a new report showing that…
Cyber Insurance If you get it, be ready to use it (Delinea) Almost 80% of survey respondents have used their cyber insurance policy. Half have used it multiple times. Download the report here.
Progress Survey Reveals the Factors Driving the Adoption and Evolution of DevSecOps Over the Next Two Years (GlobeNewswire News Room) New research reveals that 73% of respondents admit more could be done to improve DevSecOps practices and highlights commonalities to those businesses…
Securonix Research Reveals Observed Global Cyberthreats Surged…. (Enterprise IT World) Securonix released its 2022 Threat Report, which highlights the trends, required data and detection summaries for key cyberthreats.
Cyber Security Predictions for 2023 | Cyber Security Forecast (Mandiant) Cyber Security Predictions for 2023. This year’s report features critical insights from security experts to give you a glimpse into what you can expect in 2023.
Threat Predictions for 2023: New Attack Surfaces and Threats Emerge as Cybercrime Expands (Fortinet Blog) As cybercrime converges with advanced persistent threat methods, cybercriminals are finding ways to weaponize new technologies at scale to enable more disruption and destruction. Read our 2023 thre…
DigiCert 2023 Security Predictions (Digicert) To take stock of where we’re at and what lies on the horizon, we’ve once again gathered our team of cybersecurity experts. So what does 2023 hold? Read more to find out.
The Top Five Cybersecurity Trends In 2023 (Forbes) Cybersecurity is a fast-evolving area. Here, we look at the most important trends to watch out for in 2023, including the increased threats from connected IoT devices, hybrid working, and state-sponsored attacks.
Marketplace
Tech Workers Face a New Reality as Talent Wars Turn to Pink Slips (Wall Street Journal) The power, perks and demand that many workers at big tech companies enjoyed over the past decade are giving way to angst over layoffs and shrinking net worths.
Startups Should Prepare for ‘Second-Order Fallout’ From FTX Collapse (The Information) The failure of crypto exchange FTX has prompted venture investors to issue a blunt warning to startup founders: The current economic situation poses steep challenges to companies. As a result, startups shouldn’t expect to raise new money through 2024 and should prepare for “deep cuts.” Arjun …
Laika Raises $50 Million for Its Compliance Platform (SecurityWeek) Compliance platform Laika has raised $50 million in Series C funding round led by Fin Capital.
Cloud-native application security firm Apiiro raises $100M round (SiliconANGLE) Cloud-native application security firm Apiiro raises $100M round – SiliconANGLE
Cato’s $100M ARR milestone tees up potential IPO: Analysts (Fierce Telecom) As a private company, secured access service edge (SASE) player Cato Networks doesn’t report earnings. But the company offered a look behind the curtain this week, announcing it has grown its annual recurring revenue (ARR) from $1 million to $100 million over the past five years. A pair of analysts told Fierce Cato’s strong growth makes it a prime candidate to go public in the future.
Gula-backed Trinity Cyber Gets $26.3 Million Debt (citybiz) Trinity Cyber has secured $26.3 million in debt from an undisclosed source, according to a listing on Crunchbase. Backed by…
Akamai Finances Macrometa as Part of the Two Strike Alliance (EnterpriseTalk) Edge computing cloud and global data network Macrometa has struck a new partnership and product integrations with Akamai Technologies.
With Linode, Akamai expands into edge cloud computing development (ZDNET) The market-leading content delivery network has big plans for Linode’s infrastructure-as-a-service cloud.
GDIT Forms Industry Coalition to Advance Government’s 5G Tech Adoption; Ben Gianni Quoted (ExecutiveBiz) Looking for the latest Government Contracting News? Check out our story: GDIT Forms Industry Coalition to Advance Government’s 5G Tech Adoption; Ben Gianni
Resecurity Recognized by Frost & Sullivan as a Leader in the Cyber Threat Intelligence Market (PR Newswire) Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company protecting major Fortune 500 giants worldwide announced today that Frost &…
OPM Removes Two Jobs From High-Risk List, Cybersecurity Remains (Meritalk) The Office of Personnel Management (OPM) has removed two high-risk mission critical occupations (MCO) from its governmentwide skills gap list: auditor and economist.
Big Tech’s Layoffs Will Fuel the Industry’s Future (WIRED) Plus: The dotcom recovery, a history-making online purchase, and the highway to climate hell.
Despite Big Layoffs, Tech Workers Are Still in Demand (WIRED) Tens of thousands of job cuts have rocked the industry, but unemployment among tech workers remains low—and plenty of companies are desperate for talent.
Musk Warns Twitter Bankruptcy Possible as Senior Executives Exit (Bloomberg) ‘Chief Twit’ warns employees of 80-hour weeks, lost perks. Investors were already offering distressed prices for loans.
Musk warns of Twitter ‘bankruptcy’ as key executives quit (Computing) Twitter may go bankrupt, said new owner Elon Musk, capping a chaotic day that saw three senior executives quit the company and the US regulator send a warning.
Twitter’s potential collapse could wipe out vast records of recent human history (MIT Technology Review) What happens when the world’s knowledge is held in a quasi-public square owned by a private company that could soon go out of business?
Here’s how a Twitter engineer says it will break in the coming weeks (MIT Technology Review) One insider says the company’s current staffing isn’t able to sustain the platform.
Twitter’s content moderation head quits as departures alarm the FTC (Washington Post) Yoel Roth had become the public face of Twitter’s efforts to reassure users and advertisers the service would not become a ‘free-for-all’
Musk’s First Email to Twitter Staff Ends Remote Work (Bloomberg) Expects employees to put in at least 40 hours in the office. New boss wants subscriptions to account for half of revenue.
Elon Musk’s Twitter Chaos Is Going to Be Even Worse Overseas (Foreign Policy) Gutting the workforce will make it harder to protect dissidents and police misinformation.
WSJ News Exclusive | Amazon, in Broad Cost-Cutting Review, Weighs Changes at Alexa and Other Unprofitable Units (Wall Street Journal) CEO Andy Jassy is leading the review including the devices unit, which includes Alexa and has had an annual operating loss of $5 billion in some recent years, documents show.
Amid Layoffs, Tech Companies Throw Cash, Stock at the Workers They Still Want (The Information) In August, amid a slump in stock and crypto prices, Robinhood took the dramatic step of slashing 23% of its workforce, just four months after laying off 9% of its employees. But those who survived the online brokerage’s cuts soon got an incentive to stick around and work hard. Shortly after the …
CyberGhost expands commitment to security with new bug bounty program (RealWire) Online privacy champion launches new program on BugCrowd
November 10, 2022, Bucharest, Romania: Delivering a secure VPN service is critical for maintaining privacy online and, in recognition of this, online privacy advocates and VPN provider CyberGhost has launched a new public bug bounty on BugCrowd
Versa Networks Recognized as a Representative Vendor in 2022 Gartner® Market Guide for Single-Vendor SASE Report (Gartner) Single-Vendor SASE Offerings Deliver Multiple Converged Network and Security Capabilities – Such as SD-WAN, SWG, CASB, Network Firewalling and ZTNA – Using a Cloud-Centric Architecture
eSentire appoints Check Point’s Mert Mustafa as A/NZ channel lead (ARN) Security vendor eSentire has appointed Check Point Software Technologies’ Mert Mustafa as its channel lead for Australia and New Zealand (A/NZ).
BlueVoyant Welcomes Veteran Sales Executive (PR Newswire) BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today announced that Michael Conley is…
Products, Services, and Solutions
New infosec products of the week: November 11, 2022 (Help Net Security) The featured infosec products this week are from: Acronis, Flashpoint, ImmuniWeb, Lacework, Picus Security, and Vanta.
UK Ministry of Defence Deploys Immersive Labs to Increase its Cyber Resilience and Support National Security (Business Wire) Immersive Labs, the leader in people-centric cybersecurity, today announced that the UK Ministry of Defence (MOD) has deployed Immersive Labs Cyber Pr
EY announces alliance with AuditBoard to help businesses access integrated, innovative risk management services (EY) The EY organization today announces an alliance between AuditBoard, a leading cloud-based audit, risk and compliance management platform, and Ernst & Young LLP (EY US), to provide businesses with access to exceptional consulting services and a suite of risk technology services.
Offensive Security Increases Access to Cybersecurity Education with Climb Credit Financing (PR Newswire) Offensive Security (OffSec), the leading provider of hands-on cybersecurity training and certifications for individuals and organizations of…
Clumio Releases Breakthrough Data Protection and Recovery Capabilities for Amazon S3 (Business Wire) Clumio Releases Breakthrough Data Protection and Recovery Capabilities for Amazon S3
Blackpoint Cyber Launches Three Product Features (Business Wire) Blackpoint Cyber, a leading technology-focused cybersecurity company, has released three product features this fall, as they look ahead to 2023. “I am
Rapid7 MDR Excels in All New MITRE Engenuity ATT&CK Evaluations of Threat-Informed Defense Capabilities (GlobeNewswire News Room) Inaugural MITRE Engenuity Managed Services Evaluation showcases Rapid7’s strong detection coverage, comprehensive reporting, and detailed communications…
Kroll Expands Partnership with CrowdStrike for Advanced Cyber Security Offerings (Business Wire) Kroll, the leading independent provider of global risk and financial advisory solutions, today announced that it is partnering with CrowdStrike.
UK Ministry of Defence Deploys Immersive Labs to Increase its Cyber Resilience and Support National Security (Business Wire) Immersive Labs, the leader in people-centric cybersecurity, today announced that the UK Ministry of Defence (MOD) has deployed Immersive Labs Cyber Pr
Merlin Cyber collaborates with Titania to improve network security for government agencies (Help Net Security) Merlin Cyber partners with Titania to help U.S. public sector close exploitable network misconfiguration loopholes.
Technologies, Techniques, and Standards
NSA Releases Guidance on How to Protect Against Software Memory Safety Issues (National Security Agency/Central Security Service) The National Security Agency (NSA) published guidance today to help software developers and operators prevent and mitigate software memory safety issues, which account for a large portion of
NSA: Switch to ‘Memory-Safe’ Programming Languages (My TechDecisions) The NSA is urging organizations to drop some commonly used programming languages such as C and C++ due to exploitable memory-based bugs.
CISA Releases SSVC Methodology to Prioritize Vulnerabilities (CISA) Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system.
Transforming the Vulnerability Management Landscape (CISA) By Eric Goldstein, Executive Assistant Director for Cybersecurity
Big Tech could help Iranian protesters by using an old tool (MIT Technology Review) Until 2018, domain fronting enabled by Google, Amazon, and Microsoft allowed web users to circumvent internet bans and surveillance. Will they reinstate it in Iran?
Thales TCT’s Gina Scinta: Agencies Should Adopt Strong MFA, Crypto-Agile Tech to Protect Data (GovCon Wire) Looking for the latest GovCon News? Check out our story: Thales TCT’s Gina Scinta on Data Protection With MFA, Crypto-Agile Tech. Click to read more!
Contrast Security to Address Serverless Application Vulnerabilities and Risks Enterprises Face Today at AWS re:Invent (PR Newswire) Contrast Security (Contrast), a world leading code security platform company purposely built for developers to get secure code moving swiftly…
The role of power system connectivity in energy security (ESCAP) ESCAP – Expert Opinion : The role of power system connectivity in energy security
Academia
Academic spy cases: No room for simplistic conclusions (University World News) Two recent espionage cases involving foreign researchers have sparked calls for more effective security checks of visitors coming to work in Norway’…
Blue Hens Capture the Flag (UDaily) International competitors face cybersecurity challenges in competition designed by UD students
Legislation, Policy, and Regulation
NATO Secretary General warns of growing cyber threat (NATO) NATO Secretary General Jens Stoltenberg spoke today (10 November 2022) at NATO’s 2022 Cyber Defence Pledge conference in Rome.
Keynote address by NATO Secretary General at the NATO Cyber Defence Pledge Conference (NATO) (As delivered) Ambassadors, Ladies and gentlemen. Good morning and welcome to this year’s Cyber Defence Pledge conference. I am delighted to be here in Rome with all of you.
White House cyber official advocates nimbler NATO to confront digital threats (CyberScoop) White House official Anne Neuberger met with NATO officials in Rome to help craft plans to more rapidly respond to cyberthreats.
EU proposes cyber defence plan as concerns about Russia mount (Reuters) The European Commission proposed on Thursday two action plans to address the deteriorating security situation following Russia’s invasion of Ukraine to bolster cyber defence and to allow armed forces to move faster and better across borders.
EU proposes new cyber defence policy to counter Russian cyberattacks (Computing) The European Commission has proposed a new EU cyber defence policy that aims to enhance cooperation and investments in cyber defence among bloc members, to better prevent, detect, and counter the growing number of cyberattacks from hostile states.
Australia sets up 100-strong permanent ‘operation’ to target hackers (iTnews) With a global remit.
Minister urges Australia to ‘wake up out of cyber slumber’, flags internet security reforms (ABC) Some of the potential reforms include making it illegal to pay ransoms to hackers like those who posted highly sensitive customer data from Medibank on the dark web.
Australia to consider banning paying of ransoms to cyber criminals (Reuters) Australia’s Home Affairs Minister Clare O’Neil on Sunday said the government would consider making illegal the paying of ransoms to cyber hackers, following recent cyber attacks affecting millions of Australians.
The philosophy behind China’s Cyberspace initiatives (Capital News) On November 7, China released a white paper on Monday introducing its vision of internet development and governance in the new era, sharing its – Kenya breaking news | Kenya news today | Capitalfm.co.ke
EU nudges Germany to cut down on Huawei (POLITICO) Impose restrictions ‘as a matter of urgency,’ says Margrethe Vestager.
The DA wants a new Public Protector, but for cyberspace | Businessinsider (Businessinsider) A Cyber Commissioner, established as a Chapter 9 institution, would be ultimately responsible for safeguarding the online space for South Africa if the party gets its way.
United States and Spain Announce the Development of a New Capacity Building Tool to Combat Ransomware (Cybersecurity and Infrastructure Security Agency) The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the U.S. Department of State and the Spanish Ministry of the Interior, announced a joint project last week to develop a capacity-building tool to help countries utilize public-private partnerships (PPPs) to combat ransomware.
Cyber Enforcers Could Face Uphill Battle With GOP House (Law360) Federal agencies rolling out cybersecurity regulations are likely to be tightly scrutinized if Republicans achieve a slim majority in the U.S. House of Representatives, potentially occupying time and resources that could otherwise be used to craft new rules.
Litigation, Investigation, and Law Enforcement
U.S. intelligence report says key gulf ally meddled in American politics (Washington Post) The United Arab Emirates steered U.S. foreign policy in its favor through a series of legal and illegal exploits, according to an unprecedented U.S. intelligence document
Twitter In FTC Crosshairs As Top Privacy Execs Quit (Law360) The Federal Trade Commission on Thursday expressed “deep concern” about Twitter’s compliance with security and privacy regulations after top executives resigned following the purchase of the social media company by billionaire Elon Musk, warning that enforcement actions may be on the horizon if past consent orders are violated.
Australian Federal Police say cybercriminals in Russia behind Medibank hack (The Record by Recorded Future) The Australian Federal Police (AFP) has identified the perpetrators of the hack and attempted extortion of Medibank as Russians.
Australia tells Medibank hackers: ‘We know who you are’ (TechCrunch) Australia’s federal police pin the Medibank breach on Russia-based cybercriminals, but international cooperation looks unlikely.
Australians told to brace for more cyber attacks | 9 News Australia (YouTube) The hackers behind the devastating and interminable Medibank cyber attack are Russian cybercriminals, the Australian Federal Police claim. Phil Lee of Dekko …
Medibank could face legal action over hack (St George & Sutherland Shire Leader) Health insurer Medibank could be facing legal action after the personal details of millions of its customers were…
The Hunt for the FTX Thieves Has Begun (WIRED) Mysterious crooks took hundreds of millions of dollars from FTX just as it collapsed. Crypto-tracing blockchain analysis may provide an answer.
Man Charged for Participation in LockBit Global Ransomware Campaign (US Department of Justice) A criminal complaint filed in the District of New Jersey was unsealed today charging a dual Russian and Canadian national for his alleged participation in the LockBit global ransomware campaign.
Police arrest suspected LockBit operator as the ransomware gang spills new data (TechCrunch) Police in Canada have arrested a Russian and Canadian dual citizen linked to the prolific LockBit ransomware operation.
U.S. Justice Department Charges LockBit Ransomware Suspect (Decipher) A 33-year-old dual Russian and Canadian national was arrested this week for allegedly participating in LockBit ransomware attacks.
Canada detains Russian national over LockBit attacks (Computing) A dual Russian-Canadian national has been taken into custody in Canada, on suspicion of playing a role in the LockBit ransomware attacks that have targeted vital infrastructure and industrial groups across the world since 2020.
Russian National Arrested in Canada Over LockBit Ransomware Attacks (SecurityWeek) A 33-year-old Russian national has been arrested in Canada over his role in LockBit ransomware attacks against critical infrastructure and major industrial groups worldwide.
Alleged LockBit operator to be extradited from Canada to U.S. (The Record by Recorded Future) An alleged member of the LockBit ransomware group is being extradited to the United States after being arrested in Canada.
Taking down a ransomware hacker (CBC) An FBI investigation into a criminal ransomware gang believed to be tied to Russia led back to a Canadian government employee in Gatineau, the largest cryptocurrency seizure in Canadian history at the time and hundreds of victims around the world
FTC tracking developments at Twitter with ‘deep concern’ after CISO resigns (The Record by Recorded Future) The FTC said it is monitoring the recent fracas around Twitter just hours after the company’s CISO announced their resignation.
Elon Musk is putting Twitter at risk of billions in fines, warns company lawyer (The Verge) “Elon puts rockets into space, he’s not afraid of the FTC.”
Maryland Nuclear Engineer and Wife Sentenced for Espionage-Related Offenses (US Department of Justice) A Maryland man and his wife were sentenced today for conspiracy to communicate Restricted Data related to the design of nuclear-powered warships.
Embassy guard Briton who sold secrets to Russians was angry over LGBT flag (The Telegraph) David Smith worked at the British Embassy in Berlin and was unmasked in a joint investigation by German police and British security services
Internal Documents Show How Close the F.B.I. Came to Deploying Spyware (New York Times) Christopher Wray, the F.B.I.’s director, told Congress last December that the bureau purchased the phone hacking tool Pegasus for research and development purposes.
The Great Crypto-Cop Brain Drain (WIRED) Hunting down crypto criminals is a dying art as law enforcement officers jump in-house.
