Dateline
Ukraine at D+288: A resumption of drone strikes and a stalled ground offensive. (CyberWire) A resupply of drones from Iran enables Russia to resume its war against civilians.
Day 288: Russian missile strike hits Kharkiv region, injures four (Ukraine Crisis Media Center) A Russian missile strike against Kharkiv region hit a private house, resulting in four injuries. Ukrainian air defense systems intercepted some of the missiles, and one rocket hit a private house, head of the Kharkiv regional military administration Oleh Synehubov said.
Russia-Ukraine war: List of key events, day 289 (Al Jazeera) As the Russia-Ukraine war enters its 289th day, we take a look at the main developments.
Russia-Ukraine war: Kyiv ‘working with UN to demilitarise Zaporizhzhia nuclear plant’ – as it happened (the Guardian) Ukraine’s state nuclear energy firm and Kyiv government both claim Russia is using the site as a de facto weapons depot
Russia-Ukraine war live: Russia shells ‘entire Donetsk front line’, Kremlin and US officials expected to meet in Turkey (the Guardian) Donetsk governor reports shelling amid fierce fighting near the towns of Bakhmut and Avdiivka
Russia-Ukraine war live: Russia shells ‘entire Donetsk front line’, Kremlin and US officials expected to meet in Turkey (the Guardian) Donetsk governor reports shelling amid fierce fighting near the towns of Bakhmut and Avdiivka
‘Only 100 metres apart’: Ukrainians and Russians face off in Donetsk (the Guardian) The eastern city of Bakhmut – where soldiers suffer bitter cold and lack of supplies – is now the war’s most violent front
Is Ukraine’s new drone a game-changer in the war? (Al Jazeera) A mysterious weapon has hit one of Russia’s largest and most important military airfields.
Victory Is the Only Way to Bring Ukraine’s Kidnapped People Home (The New Republic) Officials from the war-torn nation estimate that as many as 2.8 million residents have been forcibly relocated to Russia since the invasion began.
Don’t Be Afraid of a Russian Collapse (Foreign Policy) Why is the West so hesitant about a clear Ukrainian victory?
War in Ukraine: An Analysis (Rebellion Research) It has been almost a year since Russia invaded Ukraine. The mission of this Annual Essay is to assess the situation on the ground in Ukraine and consider wider political and geopolitical implications both for Ukraine, Russia and the West (defined here as the Euro-Atlantic Community) in 2023.
The Ukraine Fight Is Just Part of Russia’s War (Defense One) Western leaders must remind their populaces what is under pressure and at stake.
Zelenskyy’s appeal for a special tribunal for the crime of aggression (Atlantic Council) With due process of law now, justice will bring the power of peace in the future, was the Ukrainian president’s message to an event co-hosted by the US Institute of Peace and the Atlantic Council.
US sending $275 million in military aid to Ukraine (Military Times) Including the latest aid, the U.S. has now committed more than $19.3 billion in weapons and other equipment to Ukraine since Russia attacked on Feb. 24.
Polish defense minister: We won’t waiver from supporting Ukraine (Defense News) Ukrainians have already proved their abilities on the battlefield. We cannot stop short of what is needed for Ukraine to prevail.
Forward resilience: How to help Ukraine win on and off the battlefield (Brookings) The United States and its allies must help Ukraine resist Russia’s assaults by helping Kyiv implement a strategy of forward resilience: helping Ukraine to protect its military, economy, energy supplies, and systems of governance from the Kremlin’s attacks.
At arm’s length: NATO juggles conflicts from Ukraine to the Balkans (Defense News) Far from Ukrainian battlefields, the winds of war have reached NATO’s Balkan backyard.
Putin Says ‘Agreement Will Have To Be Reached’ To End Ukraine Conflict (Barron’s) Russian President Vladimir Putin Friday said that ultimately an agreement would need to be struck to end fighting in Ukraine, nine months after the Kremlin launched its “special military operation” there.
Rise of deep-fakes to spread misinformation for Ukraine – Russia crisis, possible spillovers, and impact (Modern Diplomacy) Volodymyr Zelensky appeared in a video during the third week of the Ukraine crisis earlier this year, wearing a dark green shirt and speaking slowly and deliberately while standing behind a white presidential podium bearing his country’s coat of arms. The Ukrainian president’s body barely moved as he spoke, with the exception of his head. […]
Russian disinformation is demonizing Ukrainian refugees (Washington Post) On social media, pro-Kremlin networks are exploiting German anger over its energy crisis to undermine support for Ukraine
Crypto Winter: Fraudsters Impersonate Ukraine’s Government to Steal NFTs and Cryptocurrency (DomainTools) A cryptocurrency scam campaign impersonates Ukraine’s Ministry of Digital Transformation in an effort to steal NFTs and cryptocurrency.
Danish defence ministry says its websites hit by cyberattack (Reuters) Denmark’s defence ministry was hit by a cyberattack on Thursday that had cut off access to its websites, although it had no impact on its operations, the ministry said on Twitter.
Kela website hit by DoS attack (Yle) The website holds sensitive information but no customer data has been compromised, a Kela spokesperson said.
Russia Sanctions Database (Atlantic Council) The Atlantic Council’s Russia Sanctions Database tracks the level of coordination among Western allies in sanctioning Russian entities, individuals, vessels, and aircraft, and shows where gaps still remain.
Kremlin Critic Yashin Jailed Over Ukraine Remarks (Barron’s) Russia on Friday sentenced opposition figure Ilya Yashin to eight and a half years in jail for spreading “false information” about Russia’s offensive in Ukraine, the highest-profile conviction under new legislation criminalising criticism of the campaign.
Russia swaps US basketball star Brittney Griner for ‘Merchant of death’ (The Telegraph) Griner was sentenced to nine years in jail in Russia for drug smuggling after being found carrying vape cartridges containing cannabis oil
Brittney Griner lands in US after Russian prisoner swap (The Telegraph) American basketball star Brittney Griner has touched down in Texas after ten months in Russian captivity.
Attacks, Threats, and Vulnerabilities
Drokbk Malware Uses GitHub as Dead Drop Resolver (Secureworks) A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence.
Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers (ThreatFabric) A new campaign is targeting Android & Windows with multiple Trojans using Zombinder: a thirdparty service to infect a legitimate app with malicious payload
Watch Out, That Browser Extension Could Be Cloud9 in Disguise (CircleID) Zimperium zLabs threat researchers recently reported the case of the Cloud9 Chrome Botnet, and rightly so. Many of us seem to forget just how much information cybercriminals can steal from our browsers.
Malicious hackers exploit Seoul Halloween tragedy in zero-day attack
(Tripwire) Google’s Threat Analysis Group reports this week that it saw a government-backed hacking group using the Seoul Yongsan Itaewon tragedy as a lure to trick innocent individuals into opening boobytrapped files.
Log4j Vulnerability Detection: One year after Log4Shell, firms still struggle to hunt down Log4j (Contrast Security) A year after Log4j’s discovery, Contrast CISO Dave Lindner answers questions about the industry’s response, how well Log4j has been ferreted out & lessons learned.
Hacked corporate email accounts used to send MSP remote access tool (BleepingComputer) MuddyWater hackers, a group associated with Iran’s Ministry of Intelligence and Security (MOIS), used compromised corporate email accounts to deliver phishing messages to their targets.
Popular HR and Payroll Company Sequoia Discloses a Data Breach (WIRED) The company, which works with hundreds of startups, said it detected unauthorized access to personal data, including Social Security numbers.
Credit card skimming – the long and winding road of supply chain failure (Naked Security) Don’t keep calling home to a JavaScript server that closed its doors eight years ago!
Veracode Research Finds a Quarter of Technology Applications Contain ‘High Severity’ Security Flaws, Which Pose a Serious Cybersecurity Risk If Exploited (Business Wire) Veracode revealed that 24 percent of applications in the technology sector contain security flaws that are considered high risk.
Met latest: Peter Gelb battles major cyber attack, likely Russian (Slippedisc) The Metropolitan Opera’s website has been down now…
Metropolitan Opera dealing with cyberattack that shut down website, box office (The Record by Recorded Future) The Metropolitan Opera confirmed that it is dealing with a crippling cyberattack that has shut down their website and box office.
Cyber-criminals Scammed Each Other Out of Millions in 2022 (Infosecurity Magazine) Sophos report reveals thriving
Even cybercriminals fall for online scams: $2.5m last year (Register) I’m the smartest guy in the room, I’m sure the message from IRS refunds is legit
On hacking forums, even the scammers aren’t safe (The Record by Recorded Future) Scammers scamming scammers, including sometimes the scammers who have scammed them, is “an entire sub-economy” on darknet marketplaces
Security Patches, Mitigations, and Software Updates
Advantech iView (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: iView Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to acquire credentials.
AVEVA InTouch Access Anywhere (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: AVEVA Equipment: InTouch Access Anywhere Vulnerability: Relative Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated user to read files on the system.
Rockwell Automation Logix controllers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: CompactLogix, Compact GuardLogix, ControlLogix, and GuardLogix controllers Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to cause denial-of-service condition on a targeted device.
Trends
Vulcan Cyber Report Reveals Growing Cost of Cyberattacks on Businesses in 2022 (PR Newswire) Vulcan Cyber®, developers of the cyber risk management platform for infrastructure, application, and cloud vulnerabilities, today released…
New Report on Startups and Cyber Risk Explores Founder Perceptions on the Importance of Cyber Protection, Current Areas of Influence & Concern, and Key Investments for 2023 (Business Wire) Today Embroker, the digital platform making it radically simple to get business insurance, released a new report, the Cyber Risk Index: Startup Editio
The State of the Security Team 2022 (LogRhythm) In this 2022 global research report, discover compelling cybersecurity statistics about the current state of the security team, stressors security professionals face, and ways they overcome challenges.
Half of small businesses falling prey to cyber attack (Human Resources Director) One in 10 succumb to ‘whaling’ attempts: survey
Forrester analysts share 5 shocking cybersecurity predictions for 2023 (VentureBeat) In 2023, orgs will optimize existing processes to combat threat actors — while also reevaluating how they approach cybersecurity as a whole.
Marketplace
67% of Companies Admit They Have Lost Deals Because of Low Confidence in Their Security Strategy, According to Research from LogRhythm (Business Wire) LogRhythm, the company empowering security teams to defend against the ever-evolving threat landscape, today announced the release of its report, “The
Cyber Insurance Policy Underwriting Explained (Trend Micro) John Hennessy, RVP at Cowbell discusses cyber insurance policy underwriting process, market trends, and the key security controls for businesses.
Recession hits cybersecurity companies hard as layoffs mount (CTech) The latest reports from the likes of SentinelOne, CrowdStrike and Palo Alto Networks revealed the crisis is already beginning to hit even the supposedly immune cybersecurity industry
After doubling revenue, cybersecurity unicorn lays off 10% of workers (Boston Business Journal) Aqua Security Software Ltd., an Israeli cybersecurity unicorn with U.S. headquarters in Burlington, is the latest tech company citing economic conditions as a reason to cut jobs.
Cybersecurity firm Makros joins Deloitte (Consulting) Makros, a cybersecurity consultancy based in Santiago, Chile, has been acquired by Deloitte Canada/Chile.
KuppingerCole: RSA an Overall Leader in Identity Governance, the Cornerstone of Zero Trust (RSA) Learn why KuppingerCole named RSA an Overall Leader for the 4th consecutive year in its 2022 IGA Leadership Compass.
Sumo Logic Boosts Security Solutions Footprint in Japan (Yahoo) Adds Sumo Logic Cloud SOAR to the region – equipped with Open Integration Framework for seamless remediation and workflow
Egnyte Appoints Ben Saville to Its Sales Leadership Team as New Head o (PRWeb) Egnyte, the secure platform for content collaboration and governance, today announced the appointment of Ben Saville to its sales leadership team as Hea
Products, Services, and Solutions
New infosec products of the week: December 9, 2022 (Help Net Security) The featured infosec products this week are from: 1Password, Arkose Labs, Kudelski Security, Lepide, OPSWAT, Palo Alto Networks, and Thales.
Salt Security API Protection Platform Wins Gold in 2022 Best in Biz Awards (PR Newswire) Salt Security, the leading API security company, today announced that the Salt Security API Protection Platform has been named a Gold Winner in…
Cymulate Integrates with the Trend Micro Vision One XDR Platform (PR Newswire) Cymulate, the market leader in Threat Exposure Assessment and Cybersecurity Controls Validation, today announced a new technology integration…
ConnectWise partners with Evo Security to deliver Identity and Access Management (IAM) Platform to IT Solution Providers (GlobeNewswire News Room) Strategic partnership secures and streamlines access to devices and applications, extending protection against most exploited attack vector, user…
Satori Introduces New Access Manager With Centralized, One-Click Data Access Control and First-of-Its-Kind “Governed Traffic” Metric (GlobeNewswire News Room) New metric enables companies to visualize and track ungoverned access to data to improve security posture and reduce risk…
Secure and Manage Cyber Risk in Industrial Control Systems (ICS) (Dragos) See how industrial asset owners can take advantage of integration between the Dragos Platform and Cisco’s ASA Firewalls.
SpiderOak and TriSept Form Partnership to Protect Against Cyber Threats (Via Satellite) SpiderOak has formed a strategic partnership with TriSept with the aim of providing a comprehensive end-to-end security system capable of keeping critical
Canada Enhances Public Safety With Gemalto Fingerprint Identification Solution (WebWire) A recent initiative undertaken by the Government of Canada and the Royal Canadian Mounted Police (RCMP) to advance public safety measures has led to the digitalization of biometric records across the country which will allow for faster and more accurate criminal and civil identity checks.
Synack has a different approach to security testing to defend against cyber attacks (The Global Herald) New York Stock Exchange published this video item, entitled “Synack has a different approach to security testing to defend against cyber attacks | CEO Jay
Technologies, Techniques, and Standards
NSA Releases Series on Protecting DoD Microelectronics From Adversary Influence (National Security Agency/Central Security Service) The National Security Agency’s Joint Federated Assurance Center (JFAC) Hardware Assurance Lab publicly released four Cybersecurity Technical Reports today to help the Department of Defense protect
PCI Security Standards Council Publishes Version 1.2 of the Secure Software Standard and Program (PCI Security Standards Council) Update Introduces New Security Requirements Module for Web Software
The air gap myth (Control Global) Practically all cybersecurity models must follow a layered approach to protection
The SANS 2022 Holiday Hack Challenge, The Year’s Most Awaited Cybersecurity Tradition, Opens to Players of All Skill Levels (PR Newswire) The SANS Institute (SANS) has officially opened its 21st annual Holiday Hack Challenge! Participants can join Santa to save the holiday season…
State Of Software Security (CA Veracode) CA Veracode presents volume 9 of the State of Software Security (SOSS) report, our comprehensive review of application testing data.
The State of Dependency Management (Endor Labs) The State of Dependency Management report takes a scientific approach to vulnerability prioritization, open source and supply chain security, and the complexity of dependency management.
Apples and apples? Comparing Approaches to Measuring Criticality and Risk at the OpenSSF (Open Source Security Foundation) Presenting a comparative study of the different approaches used to measure criticality and risk by a set of OpenSSF projects. Criticality is the measure of how important a package is across the global software ecosystem based on how many packages depend upon it. By combining criticality with the measure of a project’s security posture, or the risk that there may be as-yet-undiscovered vulnerabilities in software, we can prioritize the application of resources that might reduce the overall risk to the software landscape most efficiently. This work has been taken from The State of Dependency Management, the inaugural research report from Station 9, Endor Labs’ research team.
U.S., Israeli cyber forces build partnership, interoperability during exercise Cyber Dome VII (DVIDS) AUGUSTA, Ga. – At the Georgia Cyber Center on the banks of the Savannah River here, Israeli and U.S. military cyber units trained together on defeating threats in the information dimension.
San Diego City launches Regional Cyber Lab to bolster local cybersecurity (KPBS Public Media) The lab is a resource for small businesses and public agencies to prevent and protect against cyberattacks.
Design and Innovation
FBI Calls End-to-End Encryption ‘Deeply Concerning’ as Privacy Groups Hail Apple’s Advanced Data Protection as a Victory for Users (MacRumors) Apple yesterday announced that end-to-end encryption is coming to even more sensitive types of iCloud data, including device backups, messages,…
Legislation, Policy, and Regulation
Australia to develop new cyber security strategy | TechTarget (ComputerWeekly.com) New strategy to be developed by top cyber security experts aims to turn Australia into a global cyber leader, among other goals.
Netherlands Plans Curbs on China Tech Exports in Deal With US (Bloomberg) The Netherlands may announce deal with US on China tech curbs. Washington pushing allies to join efforts to cut off Beijing.
Saudi Arabia signs Huawei deal, deepening China ties on Xi visit (Reuters) Saudi Arabia and China showcased deepening ties with a series of strategic deals on Thursday during a visit by President Xi Jinping, including one with tech giant Huawei, whose growing foray into the Gulf region has raised U.S. security concerns.
U.S. Security Reviews of Foreign Tech Are Going Wide. The Details Matter. (Barron’s) A recent U.S. decision to block a Cuba-U.S. submarine cable articulates a clearer rationale than Trump-era fumbles with TikTok and Huawei, writes Justin Sherman.
James Clapper: ‘The internet today is less free, more segmented and less secure that it ever has been’ (FedScoop) Former director of national intelligence says dealing with the versions of the internet in authoritarian regimes demands a nuanced approach.
Cybersecurity emphasized in defense authorization bill (SC Media) Numerous cybersecurity provisions have been included in the final 2023 National Defense Authorization Act, which is expected to be voted upon by Congress in the coming days, according to CyberScoop.
NDAA requires intelligence agencies to study creation of cyber collaboration program (FedScoop) Language in the bill requires leaders of the NSA and CISA to study how DOD components can support the development of a cyber threat collaboration
Maryland Governor Cracks Down on ‘Unacceptable’ Cybersecurity Risk in State (townhall.com) There is one area in politics where Republicans and (at least some) Democrats have come to an agreement.
Litigation, Investigation, and Law Enforcement
Google must delete search results about you if they’re fake, EU court rules (POLITICO) Claimants have to prove the information about them is ‘manifestly inaccurate.’
South Korean authorities issue warning about disguised North Koreans getting IT jobs (The Record by Recorded Future) South Korean authorities issued an interagency advisory Thursday warning companies about hiring North Korean IT workers who disguise their true nationality and use their wages to help fund the country’s sanctioned nuclear weapons program.
Okta: Hacking incident didn’t create stock drop, class action should be tossed (Legal Newsline) Lawyers have failed to turn a hacking incident into a securities class action, cybersecurity company Okta is claiming.
