Ukraine at D+257: Russia addresses casualty reports. (CyberWire) Heavy fighting continues in the Donbas, with Russian forces falling back to defensive positions amid reports of high losses among poorly prepared troops. Cyber auxiliaries of both sides seem to be aiming for influence as opposed to disruptive effect.
Russia-Ukraine war: List of key events, day 258 (Al Jazeera) As the Russia-Ukraine war enters its 258th day, we take a look at the main developments.
Ukraine will continue to fight ‘even if we are stabbed in the back’ by allies
(The Telegraph) Ukraine will never negotiate with Putin and will continue to fight for its land even if it is “stabbed in the back” by its allies, an advisor to the Ukrainian president has said.
Russia’s heavy casualties in Ukraine spark outcry and rare official response (Washington Post) Steep Russian casualties in key battles in eastern Ukraine have prompted an unusual public outcry — and sharp criticism of military commanders — by surviving soldiers and family members of recently conscripted fighters, who say their units were led to slaughter in poorly planned operations.
Russian state media confirms that a top general is no longer in his post. (New York Times) Col. Gen. Alexander Lapin had been publicly bashed by a close ally of President Vladimir V. Putin over his performance in Ukraine.
Russia losing aircraft in Ukraine faster than it can replace them (The Telegraph) UK’s MoD says Moscow’s continued lack of air superiority is unlikely to change in the next few months
Russia hasn’t killed any US-supplied HIMARS in Ukraine, according to a senior defense official (Task & Purpose) Today, we spell ‘undefeated’ H-I-M-A-R-S.
The agony of not knowing, as Mariupol mass burial sites grow (BBC News) Residents described the heartache of not knowing where their family members are buried.
Russia-Ukraine war live: Kyiv rules out peace talks until Russian troops leave its territory and denies facing pressure to negotiate (the Guardian) After reports the US asked Kyiv to consider talks, Ukrainian official says it would be ‘nonsense’ to negotiate at present
N. Korea denies US claims it sent artillery shells to Russia (AP NEWS) North Korea has denied American claims that it’s shipping artillery shells and ammunition to Russia for use in its war against Ukraine, and on Tuesday accused the United States of lying.
Opinion Putin just backtracked under pressure. That’s a hopeful sign for Ukraine. (Washington Post) Vladimir Putin’s power rests on the impression that he is invincible and implacable — that the Russian president can’t be defeated and will stop at nothing to achieve his objectives.
NASAMS Arrive in Ukraine in US Bid to Bolster Air Defense (Air & Space Forces Magazine) Ukraine has received its first National Advanced Surface-to-Air Missile Systems (NASAMS), providing the country with a long-awaited capability.
Pentagon Adds 40 Armored Patrol Boats to Latest Ukraine Military Aid Package (USNI News) The United States will send 40 armored riverine boats to Ukraine as part of the latest assistance package. The riverine boats are part of a $400 million aid package announced Friday. It’s the second time the U.S. is sending riverine boats to Ukraine as part of ongoing assistance in response to the Russian invasion. The …
Children of Russia’s top politicians hang up phone when asked if they will fight in Ukraine (The Telegraph) Mixed response to journalists’ challenge only the latest clash between high-ranking officials’ rhetoric and their offspring’s lifestyles
Killnet targets Eastern Bloc government sites, but fails to keep them offline (The Record by Recorded Future) Websites belonging to several state intelligence agencies across the former Eastern Bloc are online and functioning despite attempted distributed denial-of-service (DDoS) attacks from a pro-Kremlin group over the weekend.
Ukrainian hacktivists claim to leak trove of documents from Russia’s central bank (The Record by Recorded Future) Ukrainian hacktivists claim to have breached the Central Bank of Russia, stealing thousands of internal documents.
Advance work in Ukraine blunted Russian cyber advantage, US says (Defense News) The Pentagon sought $11.2 billion for cyber in fiscal 2023. That’s $800 million, or nearly 8%, over the Biden administration’s previous ask.
Geopolitics plays major role in cyberattacks, says EU cybersecurity agency (CSO Online) State-sponsored threat actors have targeted 128 government organizations in 42 countries that support Ukraine, as ransomware and DDoS rank as top forms of cyberattacks, says the EU Agency for Cybersecurity (ENISA).
Attacks, Threats, and Vulnerabilities
Pearson Institute/AP-NORC Poll: Most Adults Believe Misinformation Increases Extreme Political Views and Hate Crimes (University of Chicago Harris School of Public Policy) Ninety-one percent say misinformation is a problem, and majorities report taking steps to avoid spreading misinformation.
Your Election Day cyber guide (Washington Post) Election Day has arrived – and here is what’s on the cyber agenda
Putin-linked businessman admits to US election meddling (AP NEWS) Kremlin-connected entrepreneur Yevgeny Prigozhin admitted Monday that he had interfered in U.S. elections and would continue to do so — confirming for the first time the accusations that he has rejected for years.
Putin ally Yevgeny Prigozhin admits interfering in US elections (the Guardian) Russian businessman and founder of Wagner Group, says interference will continue as midterms loom
Hackers, Trolls, and Bots Ready For Election Day (TheStreet) Cybercriminals are seeking to influence the U.S. midterm elections through phishing and other attacks.
Why Social Media Networks Are Targets of Election Disinformation (TheStreet) Twitter, Facebook and other social media networks are popular targets for hackers and other cybercriminals during elections.
The disinformation threat facing US midterms extends beyond Election Day (CyberScoop) Experts and national security officials worry that lies and conspiracies about voting could cause voters to reject outcomes or spark violence.
HOAX IN THE MACHINE: Disinformation Against Voting Systems Manufacturers and Technologies in the 2022 US Midterm Elections (Recorded Future) Recorded Future has observed substantial evidence of misinformation and disinformation targeting voting systems manufacturers (VSMs) across both mainstream and alternative internet platforms ahead of the 2022
All the US midterm-election related lies to expect (Register) Don’t like the results? The election must have been rigged
Former CISA Head Calls for Renewed Action to Combat Election Lies (Nextgov.com) Inaugural CISA director Chris Krebs expressed concern about the spread of election misinformation as Twitter changes up its user verification process.
Twitter’s blue check policy may be a blessing to Russian trolls (POLITICO) While midterms get a pass, the lax verification policy comes as political tensions rise ahead of the next presidential election cycle.
The Secret Ballot Is US Democracy’s Last Line of Defense (WIRED) Voter intimidation has cropped up in places across the nation, but the voting booth remains the one place where nobody can get to you.
Threat Group Continuously Updates Malware to Evade Antivirus Software (eSecurityPlanet) Researchers have uncovered evidence that a threat group uses dev practices to continuously update. Here’s what to do.
OPERA1OR: Playing god without permission (Group-IB) The report is the first complete technical description of the tactics, techniques, and procedures of the French-speaking financially motivated threat actor codenamed OPERA1OR by Group-IB…
This hacking group used outdated tactics to steal millions in Africa (Quartz) The actual amount of damage could be up to five times higher than the amount stolen. The attacker uses old-school hacking methods.
A hacking group stole $11 million from 12 African countries (Yahoo) Singapore-based cyber security firm Group IB and Orange CERT, the IT security arm of French telecommunications company Orange have revealed in a new report that 12 African countries lost millions of dollars to a hacking group based in an unknown French-speaking African country.
‘Justice Blade’ Hackers are Targeting Saudi Arabia (Security Affairs) Threats actors calling themselves “Justice Blade” published leaked data from an outsourcing IT vendor. The group of threat actors calling themselves ‘Justice Blade’ published leaked data from Smart Link BPO Solutions, an outsourcing IT vendor working with major enterprises and government agencies in the Kingdom of Saudi Arabia and other countries in the GCC. The […]
Deloitte India employee, who ran global hacking gang WhiteInt, fired (TimesNow) Aditya Jain, an associate director with Deloitte’s cyber unit in India, has now been sacked by the firm. It was discovered that WhiteInt, the hacking gang, operated from a fourth-floor apartment in a suburb of the tech city Gurugram. It was led the 31-year-old, who joined Deloitte in February 2022.
Cyberattack on observatory in Chile raises concerns about security of space tech (The Record by Recorded Future) One of the world’s largest astronomical observatories suffered a cyberattack in late October and was forced to suspend work, it announced last week.
Cybercriminal threatens to release Medibank customer data within 24 hours (ABC) A cybercriminal individual or group demanding a ransom threatens to release Medibank client data within the next day as Australia’s largest health insurer faces a possible class action over the hacking of sensitive information for 9.7 million current and former customers.
Australia’s Medibank aware of hacker threat to leak data in 24 hours (CRN Australia) A day after refusing to make a ransom payment to the hacker.
Albany City School working to recover from potential cybersecurity threat (WRGB) The Albany City Schools district says it is working to recover from what they are calling a potential cybersecurity threat over the weekend.ON Monday the distrc
Canada’s Maple Leaf Foods hit by cyber attack (Just Food) Canada’s Maple Leaf Foods, the meat and plant-based alternatives business, said on Sunday it was the subject of a cyber attack.
Over thirty Arkansas counties impacted by cyber attack (YouTube) A cyber-attack over the weekend is causing county offices across the state to go offline or temporarily close. Each affected county is using the company Appr…
Hacking baby monitors can be child’s play: Here’s how to stay safe (WeLiveSecurity) Make sure that your baby monitor, the device that’s supposed to help you keep tabs on your little one, isn’t a privacy and security risk in and of itself.
WestJet back online after network outage, but more disruptions expected (Pax News) WestJet has issued an apology after a system-wide outage resulted in the airline cancelling more than 200 flights and delaying several others over the weekend.
Vulnerability Summary for the Week of October 31, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Nokia moves to patch vulnerable mobile baseband kit (iTnews) CISA issues warning.
New Report Examines Holiday Season Cyber Threat Trends in Retail and Hospitality (RH-ISAC) Return fraud and gift card fraud are key areas of concern for retailers during the holiday season.
Cybersecurity’s New Triple Threats. (Webroot) Findings show growing concern about ransomware attacks, the impact of geopolitical tensions and rising inflation rates.
OpenText Security Solutions Global SMB Ransomware Survey Reveals Heightened Worry about Increased Cyber Attacks Due to Geopolitical Tensions (PR Newswire) OpenText™ (NASDAQ: OTEX), (TSX: OTEX), today released results of the OpenText Security Solutions 2022 Global Small-Medium Business (SMB)…
Data breaches rise globally in Q3 of 2022 (Surfshark) In Q3 of 2022, a total of 108.9M accounts were breached globally. That’s 70% more accounts than in Q2. Learn what countries were affected the most.
DTEX i3 Team Insider Risk Stats for 2022 – DTEX Systems Inc (DTEX Systems Inc) See the top insider risk trends from the DTEX i3 Team’s real-life investigations and how they could affect your organization. Download Full Infographic Here.
Cybersecurity M&A Roundup: 39 Deals Announced in October 2022 (SecurityWeek) 39 cybersecurity-related merger and acquisition (M&A) deals were announced in October 2022.
Cybersecurity Startup Veriti Emerges from Stealth, Announces Over $18 Million in Funding (PR Newswire) Veriti, a fast-growing security infrastructure innovator, today emerged from stealth with $18.5 million in total funding. The funding consists…
HelpSystems Rebrands As Fortra (My TechDecisions) HelpSystems, the cybersecurity firm that owns Cobalt Strike, Tripwire, Digital Guardian and other security products is now Fortra.
Introducing Gen: The Company to Power Digital Freedom (Gen Digital) NortonLifeLock Inc. (NASDAQ: NLOK) today unveiled its new company name, Gen Digital Inc. (TO BE NASDAQ: GEN), following the completed merger of NortonLifeLock and Avast. Gen™ unites trusted names in Cyber Safety – Norton, Avast, LifeLock, Avira, AVG, CCleaner and ReputationDefender – with a single purpose to power Digital Freedom for people everywhere.
Norton LifeLock now Gen Digital after Avast merger (SecurityBrief Australia) Norton LifeLock has changed its name to Gen Digital Inc following the merger of NortonLifeLock and Avast.
NortonLifeLock Merges With Avast to Form New Company Called ‘Gen’ (PCMAG) The merged company will maintain the Norton, Lifelock, Avast, and Avira brands, though.
Codestone acquires Business Intelligence Leader DSCallards (Codestone) Codestone makes a big move in the Business Intelligence and Analytics market by acquiring DSCallards and making it a core part of Codestone.
Cato Networks Reaches $100 Million ARR in Just Five Years to Become Fastest Growing Enterprise Network Security Startup (Cato Networks) SASE pioneer’s explosive growth beats popular cloud and consumer companies in reaching this key milestone. Record pace further validates Cato SASE Cloud as the secure foundation for today’s digital enterprise.
Wib Raises $16 Million Investment to Accelerate Growth and Tackle Rising API Security Problem (PR Newswire) Wib, the fast-growth cybersecurity startup pioneering a new era in API security, today announced a $16 million investment led by Koch…
Mysterious company with government ties plays key internet role (Washington Post) TrustCor Systems vouches for the legitimacy of websites. But its physical address is a UPS Store in Toronto.
Darktrace Announces Several New Customers in the U.S. Transportation and Logistics Sector (Hstoday) The company uses artificial intelligence technology to protect against sophisticated cyber attacks. The company uses artificial intelligence technology to protect against sophisticated cyber attacks.
Major job cuts anticipated at Meta this week (Computing) Redundancies follow a dismal Christmas quarter prediction and much higher expenses forecast for next year
Here’s how a Twitter engineer says it will break in the coming weeks (MIT Technology Review) One insider says the company’s current staffing isn’t able to sustain the platform.
PAKISTAN : Credence Security expands foothold in forensics tech-hungry Pakistan (Intelligence Online) The Dubai cyber and forensic equipment distributor has been building its base in Pakistan, where the federal police is developing a network of laboratories in need of these technologies, driven by
Fortress Adds ICS/OT Expert Jon Taylor to Frontline Cybersecurity Team (Fortress Information Security) Fortress Information Security has added Jon Taylor to its team of cyber threat analysts as Vice President of Fortress Security Solutions.
Rob Dooley joins Rapid7 as Vice President, Asia Pacific & Japan (iTWire) Cloud risk and threat detection company Rapid7 has appointed 25 year technology and security veteran Rob Dooley as Vice President Asia Pacific and Japan (APJ), to spearhead the company’s continued expansion in the region. “APJ presents a significant growth opportunity for Rapid7, where we continue t…
Avertium Names Bill Carroll New Chief Executive Officer (Avertium) Today, Avertium announced the appointment of Bill Carroll as the company’s new Chief Executive Officer.
Products, Services, and Solutions
Cellebrite Enables Angleton Police Department with Leading Digital Forensics Technology (GlobeNewswire News Room) Cellebrite technology provides a force multiplier and allows Angleton Police Department to accelerate justice…
Technologies, Techniques, and Standards
EU crisis management exercise in Lithuania honed joint response to cyber incidents (DELFI) The annual crisis management exercise BlueOLEX 2022 co-organised by the Lithuanian Ministry of Defence, the Czech Presidency of the Council of the European Union and the European Union Agency for Cybersecurity (ENISA) took place in Lithuania on the 7th of November, said the Ministry of National Defence.
Quantifying Cyber Conflict: Introducing the European Repository on Cyber Incidents (Lawfare) Statistical data on cyber conflict is lacking. A new dataset by a European research initiative called EuRepoC tries to solve this problem by launching a dashboard to visualize more than 1,400 cyber incidents.
YouTube May Have Misinformation Blind Spots, Researchers Say (New York Times) The video platform said it had limited the spread of misinformation ahead of Election Day, but new research showed that false narratives continued to slip through.
Design and Innovation
The Gamification of Modern Life: Is It Good or Bad? (Now. Powered by Northrop Grumman) Gamification incentivizes certain behaviors through badges, achievements and other rewards — and it’s reshaping modern life.
DISA’s Plea to Industry: Bring Us Battlefield-Ready Tech (Defense One) The Pentagon’s IT agency also wants help wringing more performance out of its existing gear.
CYBER.ORG Range expanding to students across the US. (CyberWire) CYBER.ORG, CISA Director Jen Easterly, and Louisiana Governor John Bel Edwards yesterday announced the expansion of the CYBER.ORG Range to students nationwide.
Expanded cyber security education coming to Northwest Louisiana. Here’s what to know (Shreveport Times) On Monday Governor John Bel Edwards visited Northwest Louisiana to discuss the launch of CYBER.ORG Range.
Legislation, Policy, and Regulation
How Australia plans to triple its offensive cyber capabilities (C4ISRNet) The Redspice cyber program is set to receive about $6.3 billion over 10 years.
Greek Prime Minister Denies He’s Behind Wiretapping of Ministers (Bloomberg) Greek Prime Minister Kyriakos Mitsotakis on Monday denied media reports that he was behind an alleged round of wiretaps targeting government ministers, business people and journalists.
Greece to Ban Sale of Spyware After Government Is Accused of Surveillance (New York Times) Prime Minister Kyriakos Mitsotakis announced the ban after a news report claimed that he had directed the use of spyware against prominent politicians and journalists, which he denied.
Greece Is Banning the Sale of Spyware After Huge Phone-Tapping Scandal (Gizmodo) After commercially available spyware was used to spy on droves of Greek politicians and journalists, the government is implementing a blanket prohibition.
Pentagon closing in on $9B cloud contract award after scuttling JEDI (Defense News) JWCC work is meant to connect the military’s most remote edge with its farthest headquarters, all while bridging classifications and other sensitivities.
CISA signature federal cyber program warrants more than a passing anniversary nod (Federal News Network) The Cybersecurity and Infrastructure Security Agency’s continuous diagnostics and mitigation (CDM) program is planning to expand the capabilities of the agency and federal dashboards in 2023.
New law sets requirements for data breaches at public agencies (Pittsburgh Post-Gazette) State agencies and local governments face new requirements to notify victims of breaches of personal information under a new state…
Litigation, Investigation, and Law Enforcement
Clearview Stole My Face and the EU Can’t Do Anything About It (WIRED) One man’s battle to reclaim his face shows regulators across the bloc are failing to reprimand the US face search engine.
SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack (TechCrunch) The software maker was hacked by Russian spies as part of an espionage campaign targeting corporations and government departments.
SolarWinds agrees to pay $26M to settle shareholder lawsuit over 2020 cyberattack (FedScoop) At least eight federal government agencies had systems compromised as a result of the attack.
NY Attorney General Settlement Highlights Challenges of Username and Password Breaches (JD Supra) October was a busy month in New York for cybersecurity enforcement. In addition to a $4.5 million settlement between the New York Department of…
Catherine Engelbrecht, Gregg Phillips released from jail (Votebeat Texas) True the Vote leaders continue to withhold identity of person of interest in defamation case.
Influencer ‘Ray Hushpuppi’ jailed over plan to launder $300m (the Guardian) Ramon Abbas, described by FBI as one of world’s most prolific money launderers, sentenced to 11 years
San Diego Man Who Spied for China Sentenced to 20 Months (NBC 7 San Diego) Shapour Moinian, 67, handed over information “related to multiple types of aircraft designed and/or manufactured in the United States.”