Dateline Moscow and Kyiv: Jus in bello, jus ad bellum.
Ukraine at D+280: War against infrastructure, kinetic and cyber. (CyberWire) Russian partial mobilization remains deeply unpopular. The Kremlin continues to frame its ongoing campaign against civilian infrastructure as an attack against legitimate military objectives.
Ukraine war latest news: Russian troops retreat from Kherson front line (The Telegraph) Russia retreated from towns on the opposite bank of the Dnipro River from Kherson city, the first official Ukrainian report of its forces withdrawing from what is now the main front line in the south.
Russia-Ukraine war live: EU leader urges China to use influence on Russia to end war in Ukraine (the Guardian) European Council president Charles Michel says he urged Xi Jinping to influence Russia towards ending Ukraine invasion
Ukraine Battles On in the Dark (Foreign Policy) Russia’s terror campaign against Ukraine’s power plants is cutting off the lights—and energizing resistance.
How Ukraine is innovating Soviet-era weapons for a 21st century battleground (CNN) In a basement in eastern Ukraine, young men sit at a long table strewn with laptops, their eyes glued to a television screen an arm’s length away.
Why modern technology hasn’t rendered trench warfare useless in Ukraine (Task & Purpose) High-tech weapons can’t overcome trenches in the earth.
As Ukrainian forces recaptured a key town, another elite Russian unit appears to have gone through ‘the meat grinder’ (Business Insider) Kyiv caught the world off-guard with its fast-paced counteroffensive this summer, including an elite Russian unit in a key city in eastern Ukraine.
Allies must find ways to help Ukraine protect grid from Russian strikes, US says (Stars and Stripes) U.S. Secretary of State Antony Blinken announced that the U.S. will commit more than $53 million to help stabilize Ukraine’s energy grid, a move aimed at keeping the lights and heat on as the population copes with the impending winter.
Antony Blinken Pledges Western Support for Ukraine’s Power Grid (Wall Street Journal) Secretary of State Antony Blinken said Western countries would step up support for Ukraine’s power sector and remain united against efforts by Russian President Vladimir Putin to divide Europe over energy supplies.
Exclusive: Modi scolds Putin for weaponising food supplies (The Telegraph) The Indian prime minister says geopolitical struggles could ‘lead to humanitarian crises’ and ‘our era need not be one of war’
Ukraine presses NATO on membership, but alliance gives no guarantees (Washington Post) NATO officials said their focus first is getting Ukraine through the war and the winter
First on CNN: US considers dramatically expanding training of Ukrainian forces, US officials say | CNN Politics (CNN) The Biden administration is considering a dramatic expansion in the training the US military provides to Ukrainian forces, including instructing as many as 2,500 Ukrainian soldiers a month at a US base in Germany, according to multiple US officials.
Poland barring Russia from security organization talks is “unprecedented and provocative,” Moscow says (CNN) Energy supply issues persist across Ukraine, including in Kyiv, after Russian missile attacks on infrastructure, according to President Volodymyr Zelensky. Follow for live news updates.
France backs plans for tribunal for Russian officials over Ukraine war (the Guardian) France is first major western country to publicly support proposal for special court to try for crime of aggression
EU Flubs Speech on Ukraine War Losses—to the Kremlin’s Delight (The Daily Beast) An “inaccuracy” in a video speech by European Commission president Ursula von der Leyen was quickly seized on by Russian propagandists.
Support for Putin’s war in Russia has plunged, leaked poll reveals (The Telegraph) Just one in four people are now in favour of keeping Moscow’s troops in Ukraine, down from 57 per cent in July
Russia’s Great Reverse Migration (Foreign Policy) Central Asians used to flee the Soviet empire’s periphery for Moscow. Russia’s mobilization has sent escaping Muscovites in the other direction.
How 2 Russian refugees got to Alaska (POLITICO) When Russian authorities knocked on their doors in late September, Sergey and Maksim<b> </b>knew not to answer.
NATO Foreign Ministers end meetings in Bucharest with focus on China, more support for partners (NATO) NATO foreign ministers ended two days of meetings in Bucharest on Wednesday (30 November 2022), with meetings focused on the long-term challenges posed by China, as well as on support for partners facing Russian pressure. “NATO is an Alliance of Europe and North America, but the challenges we face are global, and we must address them together in NATO,” said Secretary General Jens Stoltenberg.
Readout of Under Secretary of Defense for Policy Dr. Colin Kahl’s Meeting With Czech Natio (U.S. Department of Defense) Under Secretary of Defense for Policy Dr. Colin Kahl and Czech National Security Advisor Tomáš Pojar discussed the strong bilateral defense relationship between the two countries during a meeting at
Letter bomb blast injures worker at Ukraine embassy (Telegraph) A worker was injured after a letter bomb sent to the Ukrainian Embassy in Madrid exploded in his hands.
Spain tightens security after suspect packages found at government buildings (the Guardian) Incendiary devices sent to PM, defence ministry, arms firm and airbase, and one that exploded at Ukraine embassy
‘Do something:’ Ukraine works to heal soldiers’ mental scars (AP NEWS) KYIV, Ukraine (AP) — Sleep plunges the soldier back into the horrors of Ukraine’s battlefields. He can hear bombs falling again and picture explosions. He imagines himself frantically running, trying to save himself and others.
Reformed Russian Cybercriminal Warns That Hatred Spreads Hacktivism (Wall Street Journal) Hacking “felt easy,” said Dmitry Smilyanets, now an intelligence expert at a cybersecurity company.
Lessons from Russia’s cyber-war in Ukraine (The Economist) It has been intense, but not always effective. Why?
UK strikes digital trade deal with Ukraine (BBC) A “digital” trade deal between the UK and Ukraine has been agreed.
Attacks, Threats, and Vulnerabilities
Twitter Becomes Stage for China Protests Despite Ban by Beijing (Wall Street Journal) The platform is proving to be a critical avenue for those who seek to broadcast images of demonstrations to the world.
North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targets (The Hacker News) North Korea-linked ScarCruft APT hackers have been spotted using a previously undocumented backdoor called Dolphin to spy on targets in its southern.
North Korea ScarCruft APT used previously undetected Dolphin Backdoor against South Korea (Security Affairs) North Korea-linked ScarCruft group used a previously undocumented backdoor called Dolphin against targets in South Korea. ESET researchers discovered a previously undocumented backdoor called Dolphin that was employed by North Korea-linked ScarCruft group (aka APT37, Reaper, and Group123) in attacks aimed at targets in South Korea. ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers […]
New details on commercial spyware vendor Variston (Google) The Threat Analysis Group shares new information on the commercial spyware vendor Variston.
Spyware vendor Variston exploited Chrome, Firefox and Windows zero-days, says Google (TechCrunch) Google says a Barcelona-based security company developed the exploits, which were used as far back as December 2018.
Google Moves to Block Invasive Spanish Spyware Framework (WIRED) The Heliconia hacking tool exploited vulnerabilities in Chrome, Windows Defender, and Firefox, according to company security researchers.
Google discovers Windows exploit framework used to deploy spyware (BleepingComputer) Google’s Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company.
Google accuses Spanish spyware company of ties to zero-day exploitation framework (The Record by Recorded Future) Google accused a Spanish spyware company of having ties to a tool that exploits zero-day vulnerabilities in Chrome, Firefox and Microsoft Defender.
Medibank hackers announce ‘case closed’ and dump huge data file on dark web (the Guardian) Medibank confirms it may be the full trove of hundreds of thousands of customers’ private records that were stolen from the health insurer
Accidentally Crashing a Botnet (Akamai) Akamai researchers have continued their research on KmsdBot, a cryptomining botnet, and witnessed the authors accidentally crash it.
Researchers ‘Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Network (The Hacker News) Researchers ‘accidentally’ crash the KMSDBot cryptocurrency mining botnet while sending commands to the bot to test its functionality.
Amazon Scams Targeting Japanese Companies (Avanan) In the third quarter of this year, Asia experienced the most cyberattacks of all regions in the world, according to Check Point Research, with an average of 1,778 weekly attacks per organization. That’s a 21% increase YoY.
Researchers find bugs allowing access, remote control of cars (The Record by Recorded Future) A researcher found vulnerabilities allowing for remote access and control for cars made by Hyundai, Genesis, Honda, Nissan and Infiniti.
Lastpass says hackers accessed customer data in new breach (BleepingComputer) LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.
Password app LastPass hit by cybersecurity breach but says data remains safe (the Guardian) Company says its security system prevented the hacker accessing customer data or encrypted passwords
LastPass, GoTo announce security incident (Help Net Security) LastPass and its affiliate GoTo (formerly LogMeIn) have suffered a security incident / breach and the investigation is undeway.
One Year Later: Log4Shell Remediation Slow, Painful Slog (SecurityWeek) Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world.
A year later, Log4Shell still lingers (Help Net Security) 72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable’s latest telemetry study has revealed.
What is Ransom Cartel? A ransomware gang focused on reputational damage (CSO Online) The group combines data encryption with data theft and threatens to release stolen information on their website. But Ransom Cartel ups its game by threatening to send sensitive information to victim’s partners, competitors, and news outlets to inflict as much damage as possible.
Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users (The Hacker News) Over 300,000 Android users have fallen victim to dozens of Google Play Store apps that contain the Schoolyard Bully Trojan and steal users’ Facebook c
Predatory loan mobile apps grab data, harass users and their contacts (Help Net Security) Predatory Android and iOS loan apps tricked victims into unfair loan terms, exfiltrated excessive user data, and used it to pressure victims.
IoT/OT/ICS threats: Detecting vulnerable Boa web servers (Corelight) Corelight Labs installed the last version of Boa in a lab environment and released a Zeek package to identify machines running a vulnerable Boa web server.
IoT device origin matters more than ever (Help Net Security) IoT device origin should be taken into strong consideration, risks should be evaluated and purchases made accordingly.
TikTok’s Viral Challenges Keep Luring Young Kids to Their Deaths (Bloomberg) Children are dying from the blackout challenge. Why isn’t the world’s most popular app doing more to protect them?
40 million Americans’ health data is stolen or exposed each year. See if your provider has been breached. (USAToday) Health care data breaches are on the rise as more medical facilities shift their records online and fall victim to hackers and other bad actors.
Help | Cyber attack FAQs (South Staffs Water) South Staffordshire PLC, the parent company of South Staffs Water and Cambridge Water, has been the target of a criminal cyber-attack. Read our latest statement and frequently asked questions.
Michigan-based company Wright & Filippis announces past data breach (WILX) Affected individuals will be offered identity theft protections through IDX who are the data breach and recovery service experts.
Ransomware, SMBs remain key security concerns amidst focus on critical infrastructures (ZDNET) Countries including Japan and Singapore see growing impact of ransomware attacks, where small and midsize businesses and critical infrastructures are of particular concern.
Cyber attack: 67 of SMBs using infrastructure-as-a-service hit by ransomware, says survey (Financial Express) Technology for MSMEs: IaaS is a cloud computing branch providing essential computing, storage, and networking services on demand. Some examples of IaaS are Microsoft Azure, Amazon Web Services, Digital Ocean, IBM Cloud, etc.
Suspected Digital Holiday Shopping Fraud in U.S. Increases 127% Compared to Rest of 2022 (TransUnion) TransUnion (NYSE: TRU) released new findings today around global e-commerce fraud that occurred during the start of the 2022 holiday shopping season. The analysis found that the average number of suspected digital fraud attempts on any given day between Thanksgiving and Cyber Monday (Thursday, Nov. 24, and Monday, Nov. 28) was 82% higher globall…
HP Wolf Security Threat Insights Report Q3 2022 (HP Wolf Security) Don’t let cyber threats get the best of you. Read our post, HP Wolf Security Threat Insights Report Q3 2022, to learn more about cyber threats and cyber security.
Whistleblower Reports of Lax Cybersecurity Expected to Rise (Wall Street Journal) Companies should do a better job of handling internal cybersecurity complaints before they escalate to whistleblowing, which is becoming more common in the cyber field, lawyers and industry veterans said.
8 things to consider amid cybersecurity vendor layoffs (CSO Online) Cybersecurity vendor layoffs raise several issues for CISOs and customers, not the least of which are security and risk-related factors. Here are 8 things to consider if your security vendor has announced significant staff cuts.
Crypto Lenders’ Woes Worsen as Bitcoin Miners Struggle to Repay Debt (Bloomberg) Mining companies are defaulting on machine-backed loans. Some loans’ collateral is worth less than remaining payments.
Kraken Cuts 30% of Workforce Amid Crypto Winter (CoinDesk) The crypto exchange is laying off 1,100, after saying it was in hiring mode earlier this year.
Cooley Lays Off 150 As Result Of ‘Overcapacity’ (Law360) Cooley LLP is laying off 78 attorneys and 72 paralegals and business professionals in the U.S., according to a Wednesday internal memo reviewed by Law360 Pulse, with firm leadership citing “overcapacity” as a reason for the staff cuts following a period of intense hiring in 2021.
QuSecure’s Rebecca Krauthamer Named One of Industry’s Most Innovative Women of the Year in Technology (Business Wire) QuSecure™, Inc., a leader in post-quantum cybersecurity (PQC), today announced that Co-Founder and Chief Product Officer (CPO) Rebecca Krauthamer has
Products, Services, and Solutions
Infosec products of the month: November 2022 (Help Net Security) The featured infosec products this month are from: Abnormal Security, Acronis, Bearer, Bitdefender, Clumio, Cohesity, Flashpoint, and more.
JupiterOne Announces Key Initiatives with AWS to Help Customers Strengthen Security Posture (PR Newswire) AWS re:Invent 2022 – JupiterOne, the industry’s leading provider of cyber asset attack surface management (CAASM) technology, entered Amazon…
QuintessenceLabs to Showcase Quantum Key Distribution Solution at Quantum World Congress (PR Newswire) QuintessenceLabs, a leader in the quantum cybersecurity industry, announced today at Quantum World Congress that its qOptica™ Quantum Key…
GitLab Dedicated Launches to Meet Organizations’ Complex Compliance Requirements (GlobeNewswire News Room) Provides the benefits of an enterprise DevSecOps platform – operational efficiency, reduced risk, and enhanced speed and agility – in a single-tenant SaaS…
ImmuniWeb Launches Phishing Websites Takedown Service (ImmuniWeb) The new service allows ImmuniWeb customers to take down malicious and phishing websites in just one click to reduce the risks of surging phishing campaigns that aptly exploit human error.
SentinelOne Announces Support for Amazon Security Lake to Power Cloud Investigations (Business Wire) Today, at AWS re:Invent 2022, SentinelOne (NYSE: S), an autonomous cybersecurity platform company, announced SentinelOne Singularity Cloud works with
Versa Networks Security Achieves Highest Rating by CyberRatings.org in Industry’s First-of-its-Kind Cloud Network Firewall Comparative Test (Business Wire) Versa Networks, the recognized leader of single-vendor Secure Access Service Edge (SASE), today announced it has achieved the highest possible rating
Technologies, Techniques, and Standards
Want Cyber Insurance? Better Get Patching! (Security Informed) Managing the technology stack and known vulnerabilities is becoming a key criteria for cyber insurance pay outs.
Twenty years on, virus scanner ClamAV puts out version 1 (Regiater) Used by millions – and the first official finished version
Will Passkeys Replace Passwords? (PIA VPN Blog) Passkeys are the first step towards a passwordless future. Read more about Apple Passkeys, how to use them, and if they’ll succeed as password killers.
Research and Development
Why cryptographers are worried about a post-quantum world (Embedded) While we hear a lot about how quantum will likely break current cryptography systems, this article spells out why quantum computing poses a threat to security and how the chip industry is getting ready for that post-quantum world.
Legislation, Policy, and Regulation
UK introducing mandatory cyber incident reporting for managed service providers (The Record by Recorded Future) The British government is introducing a new mandatory reporting obligation on managed service providers (MSPs) to disclose cyber incidents.
The Implications of FTX’s Collapse for North Korea (Diplomat) For a regime that has become as dependent on crypto to avoid sanctions and steal hard currency, FTX’s collapse couldn’t be more ill-timed.
FTX collapse will blunt activities of North Korea hackers, analyst says (Yahoo) The collapse of FTX.com and its far-reaching impacts will hinder North Korea’s ability to profit from cryptocurrency hacks, says one analyst.
Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches (The Hacker News) Australian government has passed a new bill that significantly increases penalties (up to $50 million) for companies affected by data breaches.
TikTok poses ‘legitimate national security concerns’: Treasury Secretary Yellen (Fox Business) Treasury Secretary Janet Yellen warned that the Chinese-owned video-sharing app TikTok poses “legitimate national security concerns” to the United States.
Fact check: Cyber Command watched for foreign threats on Election Day (USA TODAY) U.S. Cyber Command actively protected election infrastructure on Election Day, but a fabricated news story suggests it discovered domestic fraud.
Litigation, Investigation, and Law Enforcement
Eastern District of Texas Announces Multi-Year Investigation into Transnational Cryptocurrency Money Laundering Networks (US Department of Justice) According to court documents unsealed today, 21 individuals have been charged for their roles in transnational money laundering networks, including those that laundered millions of dollars stolen from United States fraud victims through romance scams, business email compromises, technical support schemes, and other fraud schemes.
Guatemala’s Foreign Ministry investigating ransomware attack (The Record by Recorded Future) Guatemala’s Foreign Ministry said it is investigating a ransomware attack that happened earlier this year.
Twitter risks EU ban over moderation lapses, Musk told (Computing) Thierry Breton, EU commissioner for digital policy, told Musk Twitter may not comply with the EU’s rules on hate speech
French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm (The Hacker News) French data protection watchdog has fined the country’s largest electricity provider Electricité de France (EDF) €600,000 for using insecure MD5 hash
Here’s a first: Journalists and a U.S. citizen are suing NSO Group (Washington Post) Journalists, U.S. citizen take NSO Group to court over alleged snooping
Sam Bankman-Fried Denies Knowing Scale of Bad Alameda Bets (Wall Street Journal) Sam Bankman-Fried said that he didn’t intend to commit any fraud or use customer funds to back leveraged bets that went wrong at Alameda Research, a crypto hedge fund attached to FTX that pushed the exchange to bankruptcy.
Sam Bankman-Fried says a $16 million Bahamian house in his parents’ name was actually meant to be for FTX staff (Business Insider) The FTX cofounder’s parents were listed as signatories for the $16.4-million Bahamas house in a gated community with beach access.
FTX’s Collapse Was a Crime, Not an Accident (CoinDesk) Sam Bankman-Fried is a con man and fraudster of historic proportions. But you might not learn that from the New York Times, CoinDesk’s Chief Insights Columnist David Z. Morris writes.
Serious Security: MD5 considered harmful – to the tune of $600,000 (Naked Security) It’s not just the hashing, by the way. It’s the salting and the stretching, too!
GE, Canon Slam ‘Excessive’ Atty Fee Bid In $350K Breach Deal (Law360) General Electric Co. and a Canon Inc. subsidiary are urging a New York federal judge to reject class counsel’s request for more than $466,000 in fees for securing a $350,000 data breach deal, arguing that the sum is “grossly disproportionate” to the amount that class members stand to recover and the attorneys’ workload.
El Salvador News Site Sues NSO Group For Journalist Hacks (Law360) At least 15 journalists at a prominent Salvadoran news outlet had their iPhones hacked using spyware sold by Israeli security company NSO Group, jeopardizing their safety by exposing their locations and text messages, a lawsuit filed Wednesday in California federal court says.
$100M Crypto Scammer Sentenced To 51 Months In Jail (Law360) Cryptocurrency scammer Joshua David Nicholas has been sentenced to more than four years in prison for his role as the head trader of a cryptocurrency platform through which prosecutors say he and others ran a Ponzi scheme.