Originally posted on : https://thecyberwire.com/newsletters/daily-briefing/

ANNOUNCEMENT

Join the Q4 Cybersecurity Analyst Call

As 2022 comes to a close, join the CyberWire on Thursday, December 15th at 2PM EST, to take a look at exactly which developments and topics were the most important this year. Join Rick Howard, the CyberWire’s Chief Analyst, and our VP Editor, John Petrik for an insightful discussion about the events from this year that materially impacted your career, the organizations you’re responsible for, and the daily lives of people all over the world. This live event is typically a CyberWire Pro exclusive, but will be open to all readers and listeners. Be sure to submit questions and/or topics with your registration. Register now.

SUMMARY

By the CyberWire staff

At a glance.

Wiper malware hits Russian targets.

Kaspersky has described a newly observed wiper, “CryWiper”, a pseudoransomware Trojan the researchers think is designed to destroy data. It seems unlikely, in their judgment, that CryWiper is being deployed for financial gain. Although it displays a ransom demand with the customary Bitcoin wallet address, files overwritten by CryWiper are permanently unrecoverable. It focuses on databases, archives, and user documents, not on the victim’s operating system. Kaspersky said in its Friday notice that so far it had observed CryWiper in use only against targets in Russia. Citing reports in Izvestia, Ars Technica says that CryWiper seems to have affected mostly “judicial courts” and “mayoral offices.” No one is offering attribution, but the selection of targets would seem circumstantially to point to Ukrainian cyber operations.

Microsoft sees an intensification of Russian cyber operations against Ukraine.

Microsoft published an appreciation of Russian cyber operations on Saturday. It begins with a familiar assessment of Russian forces’ conventional combat failure: “[I]in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign.” The report notes the combination of missile strikes, intensified information operations, and the extension of cyber attacks to targets outside Ukraine proper, notably Poland. Microsoft predicts two lines of coordinated attack, neither of which involves conventional ground combat.

The GRU cyber operations unit Microsoft tracks as Iridium is likely to play a significant role in the next phases of the hybrid war. The group has a strong track record of attacks against civilian infrastructure (notably its disruption of sections of Ukraine’s power grid in 2015 and 2016) and has also shown an indifference to the effects of its operations on others than the primary targets. Indeed, the effect of NotPetya on companies, especially logistics companies, in 2017 suggest that those effects were not so much unintended collateral damage as they were welcome side-benefits. Deployment of wiper malware during the present war has had mixed results and has in general fallen short of what Russian commanders might have wished, but it represents an ongoing threat. The group’s recent deployment of Prestige ransomware against targets outside Ukraine suggests a continued willingness to hit countries that support Ukraine’s cause.

Microsoft says it intends to follow an approach built around what it calls the “Four Ds:” Detect, Disrupt, Defense, and Deter. These are, Redmond says, inherently cooperative activities, and Microsoft says it “will be working with our customers and in support of democracies.”

The CyberWire’s continuing coverage of the unfolding crisis in Ukraine may be found here.

State policy, privateering, or an APT side-hustle?

It’s unclear what authorities were in play, but NBC News reports that a US Secret Service investigation has attributed a wave of COVID relief fund fraud to APT41, a threat actor that customarily works on behalf of the Chinese government.

US Cyber Safety Review Board will investigate the Lapsu$ Group.

The US Cyber Safety Review Board (CSRB), established in February of this year, has announced that it’s undertaking an investigation of the Lapsu$ Group, the international extortion gang many of whose members are teenagers. The Lapsu$ Group has had an impact on organizations far out of proportion to its perceived skills and resources. This represents the CSRB’s second investigation since its founding: the first, completed in July, was an examination of the Log4j family of vulnerabilities.

Rackspace works to remediate a security incident.

Late Friday afternoon cloud service provider Rackspace disclosed that its customers were experiencing difficulties with the company’s Hosted Exchange environments. On Saturday the company explained, “On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact. After further analysis, we have determined that this is a security incident.” Through yesterday Rackspace was contacting customers and advising them on workarounds available to restore alternative services, but they remained unsure when the Hosted Exchange environments might return to normal. “Along with M365, a temporary solution allows mail destined for Hosted Exchange to be sent to external emails,” Rackspace tweeted Sunday. Early this morning the company advised customers to restore email service by moving to Microsoft 365.

The exact nature of the security incident is unclear, but BleepingComputer shares some informed outsider speculation that suspects it may have involved exploitation of the ProxyNotShell vulnerability discovered in September and addressed by Microsoft last month. A Shodan search by researcher Kevin Beaumont is said to have indicated that Rackspace was running a vulnerable Microsoft Exchange server build.

Schoolyard Bully Trojan harvests credentials.

Mobile security firm Zimperium has discovered an Android threat, the Schoolyard Bully Trojan. The Trojan has been active since 2018 and primarily targets Vietnamese readers. The Trojan has the ability to steal credentials from the Facebook accounts of victims, including email, phone number, password, ID, and name. For more on Schoolyard Bully, see CyberWire Pro.

LookingGlass has published a report on attacks by organized ransomware gangs during the first half of 2022, finding that these groups continue to grow increasingly professionalized. The researchers also point out the similarities between ransomware gangs and legitimate technology businesses. “Groups have started to incorporate business practices such as finance departments, human resources, and even naming employees of the month,” they say. “These are not the loosely affiliated groups of the past; rather, they are highly professionalized organizations with quarterly revenue targets and even customer service teams.” The top players are the most organized. LookingGlass notes that the majority of targeted ransomware attacks in the first half of 2022 were launched by the top fifteen most active gangs. For more on trends in ransomware gangland, see CyberWire Pro.

Notes.

Today’s issue includes events affecting Australia, Canada, China, El Salvador, the European Union, France, Germany, India, the Democratic People’s Republic of Korea, NATO/OTAN, Russia, Singapore, Spain, Switzerland, Ukraine, the United Kingdom, and the United States.

SELECTED READING

Dateline

Ukraine at D+284: Microsoft’s appreciation of the war’s likely course. (CyberWire) With lines relatively static, Russia turns from ground combat to missile strikes (while the ammunition lasts), influence operations, and cyberattacks. Ukraine continues to enjoy EU and NATO support.

Russia-Ukraine war: List of key events, day 285 (Al Jazeera) As the Russia-Ukraine war enters its 285th day, we take a look at the main developments.

Explosions rock two Russian airbases far from Ukraine frontline (the Guardian) Blasts at military facilities raise possibility Kyiv has found way to target Russia’s long-range bombers

After Kherson, Ukraine’s military ponders new push south and east (Washington Post) The path to a Ukrainian victory — or at least the most obvious path — will probably cut south, through the muddy and flat fields of the Zaporizhzhia region.

Ukraine live briefing: Few crossing Dnieper River into Kherson; ‘reduced tempo’ of war to continue, U.S. intel chief says (Washington Post) On Saturday, more than three weeks after Ukraine regained control of this city, Ukrainian officials lifted a ban on crossing the Dnieper River, encouraging residents on the occupied eastern bank to flee to Kherson. But those hoping to cross in the opposite direction remained barred Sunday.

Russia burning through ammunition in Ukraine at ‘extraordinary’ rate (Yahoo) Russia is running out of its precision-guided weapons fastest, Director of National Intelligence Avril Haines said at the Reagan National Defense Forum.

Up to 13,000 Ukraine soldiers killed since Russian invasion, says Kyiv (the Guardian) Official’s comments come after Ursula von der Leyen estimated 100,000 Ukrainian soldiers had died or been injured

Ukraine rights probe condemns ‘multiplying’ impact of war on children (UN News) A top UN Human Rights Council-appointed probe into potential rights abuses linked to Russia’s invasion of Ukraine, outlined on Friday the “devastating” impact of the war on the country’s children.

US intel chief thinking ‘optimistically’ for Ukraine forces (AP NEWS) The head of U.S. intelligence says fighting in Russia’s war in Ukraine is running at a “reduced tempo” and suggests Ukrainian forces could have brighter prospects in coming months.

Russia’s vicious tactics in Ukraine serve only to further expose its weakness (the Guardian) Moscow had hoped to easily capture Ukraine – having totally failed, it has resorted to simply destroying it

Russia-Ukraine war live: Kyiv says ‘sick’ packages sent to its embassies following letter bomb in Madrid (the Guardian) Ukraine’s foreign minister says 17 diplomatic missions have now received suspicious packages

Russia and Ukraine are fighting the first full-scale drone war (Washington Post) A war that began with Russian tanks rolling across Ukraine’s borders, World War I-style trenches carved into the earth and Soviet-made artillery pounding the landscape now has a more modern dimension: soldiers observing the battlefield on a small satellite-linked monitor while their palm-size drone hovers out of sight.

Kherson’s Winter Will Not Be Like Kyiv’s Spring (Wilson Center) On November 11, Ukraine’s president Volodymyr Zelensky announced the liberation of Kherson from Russian occupiers. When the troops left the city, they destroyed all the critical infrastructure, leaving the city without electricity, water, heating, or communications.

Ukrainians hid orphaned children from Russian deportation (AP NEWS) Hours after Russia invaded Ukraine in February, health staff at a children’s hospital in the south started secretly planning how to save the babies. Russians were suspected of seizing orphan children and sending them to Russia , so staff at the children’s regional hospital in Kherson city began fabricating orphans’ medical records to make it appear like they were too ill to move.

Putin’s Blackmail Works Domestically As Well As Internationally (Wilson Center) In the course of the Kremlin’s stalled war against Ukraine, Vladimir Putin’s regime has undergone multiple crises. Against expectations, the president has emerged out of them almost unscathed. This is because his opponents at home and abroad are cautious. Through blackmail, he has led them to believe that he is a dangerous player who will stop at nothing to retain power.

Can Russia Police Its Protests – and Its Elites? (Royal United Services Institute) Putin can rely on his security forces to keep both protests and political allies in check for now, but this may change if the war’s impact begins to be felt more keenly by Putin’s traditional support base.

Is Russia’s Post-Soviet Sphere of Influence in Jeopardy? (Royal United Services Institute) As Russia’s isolation due to the invasion of Ukraine grows, Moscow is struggling to assert itself over its regional partners.

Russia-Ukraine War: E.U. Agrees to a Price Cap for Sale of Russian Oil (New York Times) Following protracted negotiations, European Union diplomats set a price limit of $60 a barrel that they and their allies will try to enforce for buyers of Russian oil.

Kyiv lambasts Macron for calling for security guarantees for ‘terrorist state’ Russia (The Telegraph) The French president criticised after making the comments appearing to appease Vladimir Putin during a state visit to the US

Dutch defense chief talks Ukraine help and stocking ammo for NATO (Defense News) Gen. Onno Eichelsheim explains how he deals with a limited personnel pool, and which country might want to look closely at the Dutch Walrus submarine buy.

Europe Has to Step Up on Ukraine to Keep the U.S. From Stepping Back (World Politics Review) Tensions between the EU and US could ramp up again if Europe continues to fall behind when it comes to providing aid to Ukraine.

Europe’s resolve against Putin risks crumbling at the first hurdle (The Telegraph) Winter has barely begun and there are already signs major European countries – and the EU – are playing into Russian hands

Biden and Putin just said they’re open to talks. Don’t count on it happening soon. (Vox) The president’s statements on talks with Russia aren’t that different from his previous positions.

Opinion Biden can help Zelensky, and Ukraine, by pushing for peac (Washington Post) The Biden administration would like to make one thing clear: It won’t throw Ukraine under the bus.

Biden and Macron seek to heal trade rift and present united front on Ukraine (the Guardian) US president promises ‘tweaks’ to Inflation Reduction Act that has led to French and European concern over state subsidies

Wagner Group head Yevgeny Prigozhin calls out The Mozart Group (Inside Cyber Warfare) Wagner Group followers immediately start a disinformation campaign against Andy Milburn and The Mozart Group

Preparing for a Russian cyber offensive against Ukraine this winter (Microsoft On the Issues) As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian…

Russia coordinating Ukraine hacks with missiles, could increasingly target European allies, Microsoft warns (POLITICO) Microsoft’s report comes after nearly 10 months of brutal war in Ukraine, which has seen Russia hacking Ukrainian satellite systems, energy companies and other critical infrastructure.

Russia Is Boosting Its Cyber Attacks on Ukraine, Allies, Microsoft Says (Bloomberg.com) Moscow will intensify its cyber efforts to pressure the sources of Ukraine’s military and political support both domestic and foreign, according to Microsoft Corp.

NATO prepares for cyber war (POLITICO) More than 1,000 cyber professionals in NATO members and its allies across the globe participated in an exercise this week to test and strengthen cyber defenses.

Military officials look to Ukraine war for new lessons in training (Air Force Times) “This … is not only a war against Ukraine,” said Maj. Gen. Serhii Salkutsan, its NATO military liaison. “This is a war against the … civilized world.”

Partnering With Ukraine on Cybersecurity Paid Off, Leaders Say (U.S. Department of Defense) A team from U.S. Cyber Command worked with Ukraine to strengthen its cyber defenses and provide reassurance, and it paid off big-time as Russia launched its invasion, Cybercom’s commander told a

CryWiper: fake ransomware (Kaspersky) New CryWiper malware irreversibly corrupts files posing as ransomware.

CryWiper data wiper targets Russian courts and mayors’ offices (Computing) Threat actors are using a new malware to attack Russian courts and mayoral offices, with the intention of completely erasing all the data on affected computers.

Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices (Ars Technica) CryWiper masquerades as ransomware, but its real purpose is to permanently destroy data.

Russian regions attacked by new wiper posing as ransomware (Cybernews) Judicial courts and mayor offices across several Russian regions have been hit by a new data-wiping trojan. Antivirus maker Kaspersky says it’s a piece of malware that pretends to ask for a ransom.

‘CryWiper’ trojan disguises as ransomware, says Kaspersky (IT PRO) The destructive wiper mocks up files as if encrypted, while in reality overwriting all but core system files

EU sets up cyber lab for Ukrainian Armed Forces (Ukrinform) The European Union has opened a cyber laboratory in Kyiv that will help the Ukrainian Armed Forces to protect themselves and Ukrainian cyberspace from attacks by Russian aggressors. — Ukrinform.

EXPLAINER: Can Ukraine pay for war without wrecking economy? (AP NEWS) Even as Ukraine celebrates recent battlefield victories , its government faces a looming challenge on the financial front: how to pay the enormous cost of the war effort without triggering out-of-control price spikes for ordinary people or piling up debt that could hamper postwar reconstruction.

France accused of funding Putin’s war effort by buying his nuclear fuel (The Telegraph) ‘Business as usual,’ says Greenpeace as drums of uranium filmed arriving at a French port

G-7 Sets Russian Oil Price Cap of $60 a Barrel (Wall Street Journal) The move came just hours after the European Union united behind the figure, as Western nations try to curb Moscow’s ability to wage war in Ukraine by squeezing Russia’s oil revenues while keeping global supplies steady.

Oil Price Rises After Russia Cap Kicks In (Wall Street Journal) The West imposed sanctions on Russian crude, pitching the energy conflict with Moscow into an unpredictable new phase that could inject further volatility into global oil markets.

Edward Snowden swears allegiance to Russia and receives passport, lawyer says (Washington Post) Edward Snowden, a former National Security Agency contractor who leaked information about U.S. surveillance programs, swore an oath of allegiance to Russia and has collected his Russian passport, his lawyer told state media on Friday.

U.S. whistleblower Edward Snowden gets a Russian passport, TASS reports (Reuters) Former U.S. intelligence contractor Edward Snowden, who exposed the scale of secret surveillance by the National Security Agency (NSA), has sworn an oath of allegiance to Russia and received a Russian passport, TASS reported on Friday.

US whistle-blower Snowden defends Russian citizenship (South China Morning Post) He has repeatedly made it clear he applied for asylum in Russia out of necessity because he is threatened with extradition to the US by other countries.

Attacks, Threats, and Vulnerabilities

The Professionalization of Ransomware: How Gangs Are Becoming Like Businesses (LookingGlass Cyber Solutions Inc.) It’s no secret that the bulk of ransomware attacks are financially motivated. What might be surprising, however, is precisely how like technology businesses ransomware operations have started to become.

Hackers linked to Chinese government stole millions in Covid benefits (NBC News) The theft of state unemployment funds is the first pandemic fraud tied to foreign, state-sponsored cybercriminals that the U.S. government has acknowledged publicly.

A Log4Shell (Log4j) Retrospective (Arctic Wolf) As we approach the one-year anniversary of the Log4Shell vulnerability Arctic Wolf Labs looks back on the impact this critical vulnerability continues to have on organizations.

Defcon Skimming: A new batch of Web Skimming attacks | Jscrambler Blog (Jscrambler) In this post, our team explores findings about a new modus operandi in three threat groups.

AIIMS Delhi cyber attack: 5 main servers hacked, China suspected to be involved (Business Today) Hackers allegedly demanded from AIIMS Rs 200 crore in cryptocurrencies. It is feared that the ransomware attack may have compromised the data of 3–4 crore patients.

AIIMS cyber attack is a wakeup all for call hospitals (The Times of India) India News: With hospital services hit for almost a week due to ransomware attack, a cybersecurity expert explains why hackers are moving beyond financial and pow

French Hospital Suspends Operations After Cyber Attack: Report (NDTV.com) A hospital in Versailles, near Paris had to cancel operations and transfer some patients after being hit by a cyberattack over the weekend, France’s health ministry said Sunday.

North Korean spyware campaign more potent than previously thought: Researchers | NK PRO (NK PRO) A North Korean cyber espionage campaign involved more malware than previously understood, security researchers said Wednesday, featuring capabilities such as exfiltrating passwords, screenshots and keystrokes to the attackers through Google Drive. The malware, which researchers at ESET Security dub Dolphin in a new report, is the next-stage payload of Bluelight, a backdoor previously uncovered by […]

Hackers use new, fake crypto app to breach networks, steal cryptocurrency (BleepingComputer) The North Korean ‘Lazarus’ hacking group is linked to a new attack spreading fake cryptocurrency apps under the made-up brand, “BloxHolder,” to install the AppleJeus malware for initial access to networks and steal crypto assets.

Zimperium uncovers Android trojan masquerading as reading and education app (IT World Canada) Zimperium, a mobile security firm, is warning of an Android trojan masquerading as reading and education apps that may have stolen Facebook credentials from at least 300,000 users across 71 countries, primarily in Vietnam, since 2018. Zimperium has named the malware Schoolyard Bully Trojan, and it has been delivered via innocent-looking Android applications hosted on […]

Schoolyard Bully Trojan Facebook Credential Stealer (Zimperium) Zimperium zLabs has discovered a new Android threat campaign, the Schoolyard Bully Trojan, which has been active since 2018. The campaign has spread to over 300,000 victims and is specifically targeting Facebook credentials. The Schoolyard Bully Trojans have been found in numerous applications that were downloaded from the Google Play Store and third-party app stores.

Binance freezes $3 million worth of crypto stolen in Ankr hack (The Record by Recorded Future) Binance froze about $3 million worth of cryptocurrency early on Friday morning after Web3 infrastructure provider Ankr was hacked. 

More than 150 Oracle Access Management systems exposed to bug highlighted by CISA (The Record by Recorded Future) At least 151 Oracle systems are exposed to a vulnerability that CISA said this week is actively being exploited. 

Rackspace: Ongoing Exchange outage caused by security incident (BleepingComputer) American cloud computing services provider Rackspace says an ongoing outage affecting its hosted Microsoft Exchange environments and likely thousands of customers was caused by a security incident.

Man who lost $149k after clicking on phishing e-mail among at least 10 victims in Case cyber attack (The Straits Times) He clicked on a live chat icon in an e-mail that was purportedly from the consumer watchdog. Read more at straitstimes.com.

FUREY: The massive cyber attack on a Canadian school board is a troubling wake-up call (TNC) It’s been over a week since the Durham District School Board was hit by a massive cyber attack and they still haven’t brought all of their systems back online and figured out what actually happened.

Former City of Edmonton worker accessed info of 5,000 personnel in 2021 data breach (Global News) An outside forensic IT consulting firm identified more than 157,000 records in the data breach, an Edmonton city official said.

Notice of Data Security Incident (CommonSpirit) CommonSpirit Health and its affiliated entities (“CommonSpirit”) take the protection and proper use of personal information very seriously. Regrettably, CommonSpirit recently experienced a ransomware event that impacted some personal information.

Bank details of South Staffordshire Water customers posted on the dark web (Computing) South Staffordshire Water, which owns Cambridge Water and South Staffs Water (SSW), has apologised to customers after their bank details were leaked on the dark web.

How Hackers Take Down Websites (Discover Magazine) When a website goes down, it can be a big deal. But how do hackers bring down sites?

How familiar are you with Hacktivist groups? (NordVPN) Hacktivism is the act of hacking a computer or network for social or politically-related motivations. Here’s what you need to know about hacktivist groups.

After Discovery of Huge Data Breach, Twitter Alternative Hive Goes Offline (Gizmodo) A social platform that saw intense growth in a short period of time has now been forced to pull its servers offline due to a huge security bungle.

Security Patches, Mitigations, and Software Updates

Twitter alternative Hive shuts down its app to fix critical security issues (TechCrunch) It’s an unusual way to patch bugs, to say the least, and one that raises questions about the development workflow at the company.

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability (The Hacker News) Google just rolled out a patch update for yet another zero-day vulnerability that attackers are exploiting in the wild.

Google fixed the ninth actively exploited Chrome zeroday this year (Security Affairs) Google released security updates to address a new Chrome zero-day flaw, tracked as CVE-2022-4262, actively exploited in the wild. Google rolled out an emergency security update for the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4262, that is actively exploited. The CVE-2022-4262 vulnerability is a type confusion bug in the V8 […]

Seniors, What You Don’t Know About Cybersecurity Will Scare the Crap Out of You (Medium) A quick look at the dark underbelly of the internet

Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech (Dark Reading) Following a year of increasingly disruptive attacks, advanced persistent threat groups will likely only become emboldened in 2023, security experts say.

Skills Shortage and Integration Challenges Halt Cybersecurity Adoption (BlackFog) BlackFog research highlights that a skills shortage is halting cybersecurity adoption and the practical challenges of managing a complex threat landscape.

‘Just the beginning’: Experts warn more Australian systems will be targeted in cyber attacks (7NEWS) Organisations that refuse to believe they will be targeted are ‘a little bit delusional’, experts say.

India third most targeted country by phishing campaign: Report (Hindustan Times) India ranked third globally and first in the Asia-Pacific region in the list of 111 countries affected by a world-wide cyberattack involving a syndicate of cybercriminals stealing passwords through a concerted phishing campaign, according to a recent report

Marketplace

GV Leads $26 Million Series B Round in Pangea Cyber (Silicon Valley Daily) Pangea Cyber has announced a $26 million Series B funding round to accelerate the delivery of its API-based security services. The round was led by GV, with participation from Decibel and Okta Ventures. They join existing investors Ballistic Ventures and SYN Ventures. This brings total funding raised for the one year old […]

‘We need more people,’ says Irish boss of US cybersecurity giant Imperva as it forges ahead with European hiring plans (independent) Pam Murphy, the Irishwoman heading up US cybersecurity giant Imperva, said the company plans to continue hiring in Europe despite the downturn in the tech sector.

Amazon could terminate up to 20,000 employees (Computing) Amazon could lay off as many as 20,000 workers in the coming months, following a recruiting binge during the pandemic.

Mozilla, Microsoft drop root Certificate Authority (Register) ‘There is no evidence to suggest that TrustCor violated conduct, policy, or procedure’ says biz

Hackuity drives global expansion with UK launch (Hackuity) Hackuity, the risk-based vulnerability management company, today announced a further milestone in its continued growth with the opening of a UK office and plans for new hires to expand its global presence.

Products, Services, and Solutions

New infosec products of the week: December 2, 2022 (Help Net Security) The featured infosec products this week are from: Adaptive Shield, Datadog, Delinea, Fortinet, LogicGate, Shoreline, and Trend Micro.

Torq Users Hit 1,000,000+ Daily Security Automations (Torq) Torq users hit 1,000,000+ daily security automations in 2022. Torq Insights Dashboard is a comprehensive reporting and analytics tool.

Copper River Cyber Solutions Wins DCSA Contract to Provide Background Investigation Support Services (ClearanceJobs) Copper River Cyber Solutions LLC, Anchorage, Alaska, wins a $10.3 million contract to provide Defense Counterintelligence and Security Agency with background investigation support services.

Cyera is the first Data Security Posture Management (DSPM) platform to secure cloud data across SaaS, PaaS, and IaaS (Cyera) Cyera provides businesses with consistent visibility and a unified data security control plane.

Technologies, Techniques, and Standards

Top 10 OT Security challenges and solutions in 2022 [Updated] (Sectrio) Read the top 10 OT security challenges & learn how to implement solutions to gain seamless visibility into OT environments & close the security gaps

We are still failing to learn the most important lesson in cybersecurity. That needs to change, fast (ZDNET) We know the problems and the answers. So why do so few organisations act?

Twitter moderators turn to automation amid a reported surge in hate speech (the Guardian) New head of trust and safety Ella Irwin says Elon Musk is urging Twitter ‘to take more risks’ in the wake of mass layoffs

CISO council considers new authentication mechanisms for feds, citizens (Federal News Network) Multifactor authentication and identity are a major issues in front of the federal chief information security officer council.

Design and Innovation

Google is testing end-to-end encryption for group chats in the Messages app (TechCrunch) Google said it is testing end-to-end encryption for RCS (Rich Communication Services)-based group chats on its Messages app. 

Let’s get ethical: Data privacy as an ethical business practice (Security Magazine) Creating ethical business practices that focus on data privacy enable organizations to use data responsibly, build customer trust, and meet data protection compliance requirements.

Australian Securities Exchange to cut up to 200 jobs from blockchain project (CRN Australia) After cancelling the overhaul.

Legislation, Policy, and Regulation

Swiss seek mandatory reporting of cyberattacks on key infrastructure (Reuters) The Swiss government proposed on Friday making it mandatory to report cyberattacks on critical infrastructure as a way to help shed light on hackers and sound the alarm more widely.

German government not planning blanket Huawei ban (Reuters) Germany does not want to follow the United States in generally banning products made by Chinese telecoms equipment makers such as Huawei, but will continue making such decisions on a case-by-case basis, an Economy Ministry spokesperson said on Friday.

Sen. King: Government-private sector cooperation vital in cyberwar (Defense News) King also said disinformation efforts are another form of cyber war, one that is “a very tricky thing” to stymie.

TSA now wants to scan your face at security. Here are your rights. (Washington Post) 16 major domestic airports are testing facial-recognition tech to verify IDs — and it could go nationwide in 2023

Palo Alto Networks seeks clarity on third-party incident reporting submissions under CISA’s proposed regulation (Inside Cybersecurity) Guidance for third-party submitters who file incident reports on behalf of a “covered entity” would be helpful as CISA works to develop a proposed rule to implement its mandatory reporting regime, according to security firm Palo Alto Networks.

U.S. Marshals CTO Christine Finnelle Becomes DHS Director of Enterprise Architecture (Hstoday) DHS Chief Technology Officer David Larrimore called the move “more great news for DHS CTOD… We are doing incredible things at DHS.”

Litigation, Investigation, and Law Enforcement

Cyber Safety Review Board to Conduct Second Review on Lapsus$ (US Department of Homeland Security) The U.S. Department of Homeland Security (DHS) announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. Lapsus$ has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas.

DHS Cyber Safety Board to review Lapsus$ gang’s hacking tactics (BleepingComputer) The Department of Homeland Security (DHS) Cyber Safety Review Board will review attacks linked to an extortion group known as Lapsus$, which breached multiple high-profile companies in recent attacks.

Teenagers led a group of hackers who breached some of the world’s biggest tech companies. The government wants to know how they did it. (CBS News) The group targeted Uber, Microsoft, Okta and Samsung for extortion, in some cases, DHS Secretary Mayorkas said, “with relatively unsophisticated techniques.”

Microsoft, Nvidia, and Other Cyber Attacks Will Be Investigated by the Department of Homeland Security (TechStory) The Cyber Safety Review Board will look into recent intrusions connected to Lapsus$, according to the U.S. Department of Homeland Security

U.S. dismissing charges against Huawei’s Meng Wanzhou (CBC News) U.S. prosecutors on Thursday asked a judge to dismiss bank fraud and other charges against Meng Wanzhou, the chief financial officer of China’s Huawei Technologies whose 2018 arrest strained relations between the U.S. and China.

US ends case against Huawei CFO (Register) Wanzhou Meng hasn’t re-offended, so last possible charges have been dismissed

Spanish police arrest 55 people involved in wide-ranging cyberscam operation (The Record by Recorded Future) At least 55 people were arrested by the Spanish National Police for their alleged involvement in a wide-ranging cybercrime operation.

DOJ asks for independent probe into FTX bankruptcy, a likely tactic to gather evidence on alleged fraud (CNBC) FTX’s bankruptcy protection case requires an independent review, the DOJ said in a court filing. It could be used to gather evidence on alleged fraud.

11 Hours With Sam Bankman-Fried: Inside the Bahamian Penthouse After FTX’s Fall (Bloomberg) Billions of dollars of customer money is missing, investigators are circling, and the 30-year-old ex-CEO admits his company broke its own rules.

FTX Founder Sam Bankman-Fried Says He Can’t Account for Billions Sent to Alameda (Wall Street Journal) FTX’s founder said he couldn’t explain what happened to billions of dollars that customers of his failed cryptocurrency exchange sent to the bank accounts of his trading firm.

Hacked El Salvador Journalists Sue Spyware Maker Pegasus in US Court (Vice) Journalists from the El Faro investigative outlet believe President Nayib Bukele’s government purchased the spyware and is behind the hacking.

SIM-swapper gets 18 months, must pay back $20 million he stole from crypto investor (The Record by Recorded Future) A 25-year-old Florida man was sentenced on Thursday to a year-and-a-half in prison for his participation in a SIM-swapping scheme.

Failure of officials to follow policy caused California gun owners’ data leak (the Guardian) Investigation says personal information of nearly 200,000 people was released as officials didn’t understand their website

Google Escapes Revised ‘LockBox’ Privacy Dispute For Good (Law360) A California federal judge has permanently tossed a proposed class action accusing Google of using a secret program called “Android Lockbox” to unlawfully collect data from non-Google apps on Android devices, finding that the plaintiffs had failed to remedy pleading deficiencies that previously doomed their claims. 

INDUSTRY EVENTS

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

ISSA Central MD Holiday / Social Celebration (Columbia, Maryland, USA, Dec 8, 2022) Join Corelight and Exabeam at Stumpy’s Hatchet House and experience the thrill of ax throwing. Corelight has partnered with Exabeam, the Smarter SIEMTM company, to combine Corelight’s proven network security monitoring (NSM) capabilities with Exabeam’s advanced user and entity behavior analytics (UEBA) and automated incident response capabilities. This integrated solution streams Corelight’s rich logs directly to Exabeam so security teams can obtain faster, more actionable network insights, and use the rich data as a building block for advanced security analyses via the Exabeam platform. We hope to see you there!

How the Peel Regional Police Found the Right Authentication Solution for Them (Virtual, Dec 8, 2022) The two people responsible for this implementation, Tony Ventura, Director, Information Tech Services at Peel Police, and Marco Novielli, Supervisor, Systems & Information Security at Peel Police, will discuss: the authentication challenges they faced migrating to a cloud-based PKI solution—and how yours might compare, the tipping point that meant they needed to transition, their selection criteria and best practices for finding a new approach, why they selected Axiad as their vendor of choice, and the challenges they foresee for the future. The Peel Regional Police (PRP) team is the third largest municipal police service in Canada with 2,100 uniformed members and close to 875 support staff. Composed of five major divisions supported by community police stations, the team is responsible for a broad range of policing duties from airport security and traffic to community-related services and improving community safety and well-being. With such a broad range of environments and systems, the stakes are high when it comes to authentication.

ISSA Monthly Meeting: Supply Chain Security: Supplier/Contractor Relationships In Negotiated Contracts (Columbia (and virtual), Maryland, USA, Dec 14, 2022) During the December 14th 2022 presentation to ISSA-Md, the Information Systems Security discussion will center on Standard Cyber Security Contract Provisions which have been dictated by Risk Analysis Tenets and overlapping Cyber Security Frameworks (such as NIST, ISO, Cobit, etc.) as well as legal requirements in the FAR, the DFARS, and CMMC 2.0, which will affect U.S. Government contractors and private sector stakeholders. The discussion will be led by Todd Hinson, a Cybersecurity Contracts Principal with Constellation Energy in Baltimore, Maryland.

Third-Party and Supply Chain Cyber Security Summit (Barcelona, Spain, May 4 – 5, 2023) Learn the latest case studies on the end to end cyber security implementation practices when working with third parties to ensure a truly resilient and secure supply chain network at the Third Party & Supply Chain Cyber Security Summit. How much of your data security is really under your control? What is your risk management approach towards your suppliers? How to secure your network and protect your sensitive data? Led by the TOP Information Security professionals from leading companies the discussion will give you an opportunity to see the issue from the perspective of different industries & angles and identify the complex solution to be implemented.

Events

Healthcare Cybersecurity Forum (Boston, Massachusetts, USA, Dec 5 – 6, 2022) The HIMSS 2022 Healthcare Cybersecurity Forum will explore how the industry is protecting itself today and how it must evolve for the future. As healthcare cybersecurity professionals adapt to new threats, you also must remain focused on safeguarding patients, defending against attackers, and delivering business value. At this year’s forum, you’ll gain actionable insights from leading organizations on how to proactively shield healthcare’s expanding digital footprint and secure data inside and outside your enterprise walls.

Open Source Security Summit (Virtual, Dec 8, 2022) Explore advancements in open source security and how using open source tools can build trust with customers and consumers. For the third annual Open Source Security Summit, we will bring together users, business leaders, and industry visionaries to chart a path forward and highlight the future of open source security solutions at this free virtual event.

ISSA Central MD Holiday / Social Celebration (Columbia, Maryland, USA, Dec 8, 2022) Join Corelight and Exabeam at Stumpy’s Hatchet House and experience the thrill of ax throwing. Corelight has partnered with Exabeam, the Smarter SIEMTM company, to combine Corelight’s proven network security monitoring (NSM) capabilities with Exabeam’s advanced user and entity behavior analytics (UEBA) and automated incident response capabilities. This integrated solution streams Corelight’s rich logs directly to Exabeam so security teams can obtain faster, more actionable network insights, and use the rich data as a building block for advanced security analyses via the Exabeam platform. We hope to see you there!

How the Peel Regional Police Found the Right Authentication Solution for Them (Virtual, Dec 8, 2022) The two people responsible for this implementation, Tony Ventura, Director, Information Tech Services at Peel Police, and Marco Novielli, Supervisor, Systems & Information Security at Peel Police, will discuss: the authentication challenges they faced migrating to a cloud-based PKI solution—and how yours might compare, the tipping point that meant they needed to transition, their selection criteria and best practices for finding a new approach, why they selected Axiad as their vendor of choice, and the challenges they foresee for the future. The Peel Regional Police (PRP) team is the third largest municipal police service in Canada with 2,100 uniformed members and close to 875 support staff. Composed of five major divisions supported by community police stations, the team is responsible for a broad range of policing duties from airport security and traffic to community-related services and improving community safety and well-being. With such a broad range of environments and systems, the stakes are high when it comes to authentication.

Ignite ’22 (Las Vegas, Nevada, USA, Dec 12 – 15, 2022) Securing our digital future against cyberthreats has never been more critical. Collectively, we have a huge opportunity to do it right. At Palo Alto Networks, our mission is to make sure each day is safer than the one before. But we can’t do that on our own. We’re committed to partnering with the world’s cybersecurity leaders, practitioners and strategists to build the right security architectures of the future. At Ignite ’22 we’ll share our innovation, insights, strategies, and training. We invite you to join us there so that, together, we can build what’s next.


Originally posted on : https://thecyberwire.com/newsletters/daily-briefing/11/231

Contact Us