Category: Full Text Articles – Audio Posts

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:

• CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability
• CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
• CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Below are the descriptions of the above vulnerabilities:

CVE-2024-1212 is a Progress Kemp LoadMaster OS command injection issue that unauthenticated remote attackers can exploit to execute arbitrary system commands, posing significant security risks.

CVE-2024-0012 is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management web interface to bypass authentication and gain administrator privileges. This access enables administrative actions, configuration tampering, or exploitation of other vulnerabilities like CVE-2024-9474. The issue affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2 but does not impact Cloud NGFW or Prisma Access.

CVE-2024-9474 is a privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by December 5, 2024.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information.

On September 8, 2024, Great Plains Regional Medical Center (Oklahoma) suffered a ransomware attack. The organization launched an investigation into the incident with the help of a cybersecurity firm. The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. The experts believe that the attackers also copied some of those files.

“On September 8, 2024, we suffered a ransomware attack on our computer system. We secured our systems and began an investigation with the help of a cybersecurity firm. This investigation showed that an unknown person accessed and encrypted files on our systems between September 5, 2024 and September 8, 2024.” reads the notice of security incident published by the organization. “We learned that the bad actor copied some of those files. We quickly restored our systems and returned to normal operations, but we also determined that a limited amount of patient information was not recoverable.”

The Oklahoma Medical Center reported to the US Department of Health and Human Services that the incident impacted 133,149 individuals.

The Great Plains Regional Medical Center announced that it had quickly restored its systems and returned to normal operations, however, it was not able to ever a limited amount of patient information.

The exposed patient info varied by individual and may include name, demographic information, health insurance information, clinical treatment information, such as diagnosis and medication information, driver’s license number, and/or in some instances, Social Security number.

The organization is notifying impacted patients and is offering them free credit monitoring if their sensitive data like Social Security or driver’s license numbers were compromised.

The medical center did not share information about the family of ransomware that hit the organization. At this time, no ransomware groups claimed responsibility for the security breach.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

Russian forces reportedly used two Shahed drones in the strike, which destroyed the entrance to a multi-story dormitory building.

With two months left in office, lame-duck US President Biden made a major policy change that yields to a long-standing request from Ukraine as it fights the Russian invasion.

A conversation with global affairs analyst Michael Bociurkiw and Analisa Bottani about the new international political scenario after the American elections.

Russia assembles cheap Gerbera drones from plywood and foam using a Chinese prototype, equips them with imported parts, and uses them to overload Ukraine’s air defenses.

As Russia’s full-scale invasion of Ukraine hits the 1,000-day mark, Kyiv Post looks back on some of the more defining moments of a cruel occupation and a valorous defense against all odds.

HONG KONG — Forty-five ex-lawmakers and activists were sentenced to four to 10 years in prison Tuesday in Hong Kong’s biggest national security case under a Beijing-imposed law that crushed a once-thriving pro-democracy movement.

They were prosecuted under the 2020 national security law for their roles in an unofficial primary election. Prosecutors said their aim was to paralyze Hong Kong’s government and force the city’s leader to resign by aiming to win a legislative majority and using it to block government budgets indiscriminately.

[time-brightcove not-tgx=”true”]

The unofficial primary held in July 2020 drew 610,000 voters, and its winners had been expected to advance to the official election. Authorities postponed the official legislative election, however, citing public health risks during the COVID-19 pandemic.

Legal scholar Benny Tai, whom the judges called the mastermind, received the longest sentence of 10 years. The judges said the sentences had been reduced for defendants who said they were unaware the plan was unlawful.

However, the court said the penalties were not reduced for Tai and former lawmaker Alvin Yeung because they are lawyers who were “absolutely adamant in pushing for the implementation of the Scheme.”

In the judgment posted online, the judges wrote that Tai essentially “advocated for a revolution” by publishing a series of articles over a period of months that traced his thinking, even though in a letter seeking a shorter sentence Tai said the steps were “never intended to be used as blueprint for any political action.”

Two of the 47 original defendants were acquitted earlier this year. The rest either pleaded guilty or were found guilty of conspiracy to commit subversion. The judges said in their verdict that the activists’ plans to effect change through the unofficial primary would have undermined the government’s authority and created a constitutional crisis.

The judges rejected the reasoning from some defendants that the scheme would never have materialized, stating that “all the participants had put in every endeavor to make it a success.”

The judges highlighted that a great deal of time, resources and money were devoted to the organization of the primary election.

“When the Primary Election took place on the 10 and 11 July, no one had remotely mentioned the fact that Primary Election was no more than an academic exercise and that the Scheme was absolutely unattainable,” the judgment read. “In order to succeed, the organizers and participants might have hurdles to overcome, that however was expected in every subversion case where efforts were made to overthrow or paralyze a government.”

Some of the defendants waved at their relatives in the courtroom after they were sentenced.

Gwyneth Ho, a journalist-turned-activist who was jailed for seven years, said “our true crime for Beijing is that we were not content with playing along in manipulated elections” on her Facebook page.

“We dared to confront the regime with the question: Will democracy ever be possible within such a structure? The answer was a complete crackdown on all fronts of society,” she wrote.

Chan Po-ying, wife of defendant Leung Kwok-hung, told reporters she wasn’t shocked when she learned her husband received a jail term of six years and nine months. She said they were trying to use some of the rights granted by the city’s mini-constitution to pressure those who are in power to address the will of the people.

“This is an unjust imprisonment. They shouldn’t be kept in jail for one day,” said Chan, also the chair of the League of Social Democrats, one of the city’s remaining pro-democracy parties.

Emilia Wong, the girlfriend of Ventus Lau, said his jail term was within her expectations. She said the sentencing was a “middle phase” of history and she could not see the end point at this moment, but she pledged to support Lau as best as she could.

Philip Bowring, the husband of Claudia Mo, was relieved that the sentences were finally handed down.

Observers said the trial illustrated how authorities suppressed dissent following huge anti-government protests in 2019, alongside media crackdowns and reduced public choice in elections. The drastic changes reflect how Beijing’s promise to retain the former British colony’s civil liberties for 50 years when it returned to China in 1997 is increasingly threadbare, they said.

Read More: ‘We Are at the Point of No Return’: How a Series of Protests Escalated Into an All-Out Battle for the Soul of Hong Kong

Beijing and Hong Kong governments insisted the national security law was necessary for the city’s stability.

The sentencing drew criticism from foreign governments and human rights organizations.

The U.S. Consulate in Hong Kong said the U.S. strongly condemned the sentences for the 45 pro-democracy advocates and former lawmakers.

“The defendants were aggressively prosecuted and jailed for peacefully participating in normal political activity protected under Hong Kong’s Basic Law,” the statement said, referring to the city’s mini-constitution.

In Beijing, Chinese Foreign Ministry spokesperson Lin Jian told reporters no one should be allowed to use democracy as a pretext to engage in unlawful activities and escape justice.

Hong Kong Secretary for Security Chris Tang said in a news briefing that the sentences showed those committing national security crimes must be severely punished.

The subversion case involved pro-democracy activists across the spectrum. They include Tai, former student leader Joshua Wong and former lawmakers. Wong was sentenced to four years and eight months in jail. Young activist Owen Chow was given the second-longest jail term, seven years and nine months.

Most of them have already been detained for more than three and a half years before the sentencing. The separations pained them and their families.

More than 200 people stood in line in rain and winds Tuesday morning for a seat in the court, including one of the acquitted defendants, Lee Yue-shun. Lee said he hoped members of the public would show they care about the court case.

“The public’s interpretation and understanding has a far-reaching impact on our society’s future development,” he said.

Wei Siu-lik, a friend of convicted activist Clarisse Yeung, said she arrived at 4 a.m. even though her leg was injured. “I wanted to let them know there are still many coming here for them,” she said.

Thirty-one of the activists entered guilty pleas and had better chances of getting reduced sentences. The law authorizes a range of sentences depending on the seriousness of the offense and the defendant’s role in it, from under three years for the least serious to 10 years to life for people convicted of “grave” offenses.

With Donald Trump’s election win fueling fresh speculation over the prospects for a negotiated settlement to the Russo-Ukrainian War, Russian President Vladimir Putin has once again underlined his insistence on Ukrainian neutrality. “If there is no neutrality, it is difficult to imagine any good-neighborly relations between Russia and Ukraine,” he commented on November 7 in Sochi.

This is nothing new. Since the eve of the full-scale invasion, the Kremlin has been consistent in its calls for permanent Ukrainian neutrality. Neutral status was a key condition set out by the Kremlin during the abortive peace talks that took place in the first weeks of the war. It once again featured prominently when Putin laid out an updated peace proposal in June 2024.

Many in the international community regard Putin’s push for a neutral Ukraine as by far his most reasonable demand. Indeed, some have even accused NATO of provoking the current war by expanding into Russia’s traditional sphere of influence since 1991 and deepening cooperation with Ukraine. They argue that if Ukraine can be kept in geopolitical no-man’s-land, Russia will be placated.

Such thinking is likely to feature prominently as the debate continues to unfold in the coming months over the terms of a future peace deal. While Trump has yet to outline his plans for a possible settlement, unconfirmed reports suggest that a twenty-year freeze on Ukraine’s NATO membership aspirations is under consideration. This would be a costly blunder. Imposing neutrality on Ukraine will not bring about a durable peace in Europe. On the contrary, it would leave Ukraine at Putin’s mercy and set the stage for a new Russian invasion.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Ukrainians have already learned the hard way that neutrality does not protect them against Russian aggression. The country officially embraced non-aligned status during the 2010-2014 presidency of Viktor Yanukovych, but this didn’t prevent Moscow from seeking to reassert full control over Ukraine. Initially, Russia’s efforts focused on orchestrating Ukraine’s economic reintegration through membership of the Moscow-led Eurasian Economic Union. When this sparked a popular backlash that led to the fall of the Yanukovych regime, Putin opted to use force and began the military invasion of Ukraine.

Ever since the start of Russia’s attack on Ukraine in spring 2014, Putin has sought to justify Russian aggression by pointing to the looming danger of Ukrainian NATO membership. In reality, however, Ukraine has never looked like progressing toward the distant goal of joining the alliance. For the past decade, NATO leaders have refused to provide Kyiv with an invitation and have instead limited themselves to vague talk of Ukraine’s “irreversible” path toward future membership. Putin is well aware of this, but has chosen to wildly exaggerate Ukraine’s NATO prospects in order to strengthen his own bogus justifications.

Putin’s complaints regarding NATO enlargement are equally dubious. Indeed, his own actions since early 2022 indicate that Putin himself does not actually believe that the alliance poses a genuine security threat to Russia. Instead, he merely exploits the NATO issue as a convenient smokescreen for Russia’s expansionist foreign policy.

Tellingly, when Finland and Sweden responded to the 2022 Russian invasion of Ukraine by announcing plans to abandon decades of neutrality and join NATO, Putin was quick to declare that Russia had “no problem” with the move. This evident indifference was particularly striking, given that Finnish NATO membership has more than doubled Russia’s NATO border while Sweden’s accession has transformed the Baltic Sea into a NATO lake. Over the past two-and-a-half years, Putin has continued to demonstrate his almost complete lack of concern over NATO’s Nordic enlargement by withdrawing the vast majority of Russian troops from the Finnish border and leaving the area largely undefended.

Putin obviously understands perfectly well that NATO is not a threat to Russia itself, and sees no need to guard against a NATO invasion that he knows will never come. While Putin’s resentment over the expanding NATO presence on his borders is real enough, he only really objects when the alliance prevents Russia from bullying its neighbors. In other words, Putin’s opposition to Ukraine’s NATO aspirations has nothing to do with legitimate security concerns. Instead, it confirms that his ultimate goal is the destruction of Ukrainian statehood.

For years, Putin has made no secret of his belief that the emergence of an independent Ukraine is an historical mistake and a symbol of modern Russia’s retreat from empire. He has repeatedly claimed that Ukraine is not a “real country,” and is fond of declaring that Ukrainians are actually Russians (“one people”). In July 2021, Putin even published an entire essay arguing against the legitimacy of an independent Ukrainian state.

Since the start of the full-scale invasion, it has become increasingly apparent that Putin’s ultimate goal is not Ukraine’s neutrality but Ukraine’s destruction. The Kremlin propaganda machine has portrayed Ukraine as an intolerable “anti-Russia,” and has promoted the idea that Ukraine’s continued existence is incompatible with Russian security. Meanwhile, Putin has compared his invasion to eighteenth century Russian ruler Peter the Great’s imperial conquests, and has repeatedly claimed to be “returning” historically Russian lands.

Putin’s imperialistic outbursts must be taken seriously. Throughout occupied Ukraine, his soldiers and administrators are already imposing a reign of terror that directly echoes the criminal logic of his imperial fantasies. Millions have been displaced, with thousands more simply vanishing into a vast network of camps and prisons. Those who remain face policies of relentless Russification and the suppression of all things Ukrainian. Adults must accept Russian citizenship in order to access basic services, while children are forced to undergo indoctrination in schools teaching a new Kremlin curriculum.

The crimes currently taking place in Russian-occupied Ukraine are a clear indication of what awaits the rest of the country if Putin succeeds. Despite suffering multiple military setbacks, he remains fully committed to his maximalist goals of ending Ukrainian independence and erasing Ukrainian identity.

Furthermore, since 2022 Putin has demonstrated that he is prepared to wait as long as it takes in order to overcome Ukrainian resistance, and is ready to pay almost any price to achieve his imperial ambitions. Imposing neutrality on Ukraine in such circumstances would be akin to condemning the country to a slow but certain death.

Any peace process that fails to provide Ukraine with credible long-term security guarantees is doomed to fail. Acquiescing to Putin’s demands for a neutral Ukraine may provide some short-term relief from the menace of an expansionist Russia, but this would ultimately lead to more war and the likely collapse of the current global security order. There is simply no plausible argument for insisting on Ukrainian neutrality other than a desire to leave the country defenseless and at Russia’s mercy.

Peace will only come once Putin has finally been forced to accept Ukraine’s right to exist as an independent country and as a member of the democratic world. Naturally, this includes the right to choose security alliances. It is absurd to prioritize Russia’s insincere security concerns over Ukraine’s very real fears of national annihilation. Instead, if serious negotiations do begin in the coming months, Ukrainian security must be the number one priority. Until Ukraine is secure, Europe will remain insecure and the threat of Russian imperialism will continue to loom over the continent.

Mykola Bielieskov is a research fellow at the National Institute for Strategic Studies and a senior analyst at Ukrainian NGO “Come Back Alive.” The views expressed in this article are the author’s personal position and do not reflect the opinions or views of NISS or Come Back Alive.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

Read more from UkraineAlert

UkraineAlert is a comprehensive online publication that provides regular news and analysis on developments in Ukraine’s politics, economy, civil society, and culture.

The post Imposing neutrality on Ukraine will not stop Putin or bring peace to Europe appeared first on Atlantic Council.

This week sees the one thousandth day of the war launched by Vladimir Putin in February 2022. The Russian invasion of Ukraine is the largest European conflict since World War II, and one of the first major wars to be covered in real time on social media. Audiences around the world have watched in disbelief as the Russian army has advanced into Ukraine, reducing entire cities to rubble and displacing millions of people. For almost three years, this unfolding tragedy has been the world’s leading news story.

Few expected Ukraine to reach this week’s grim milestone. Indeed, on the eve of Russia’s full-scale invasion, the consensus was that any organized Ukrainian resistance would likely crumble within a matter days. In retrospect, it is now clear that both Vladimir Putin and the vast majority of international observers were equally guilty of underestimating Ukraine.

While their country has surpassed all expectations, Ukrainians have little to celebrate as the war passes the 1000-day mark. The Russian invasion has inflicted unparalleled suffering on Ukraine, with hundreds of thousands killed and more than fourteen million people forced to flee their homes. Huge numbers of Ukrainian service personnel and civilians have suffered life-changing injuries. For the men and women defending the country on the front lines, the physical and psychological toll from almost three years of relentless fighting has been immense.

Beyond the battlefield itself, the Russian invasion has plunged the entire Ukrainian population into a mental health crisis that will last for decades. Almost everyone has experienced some kind of personal loss or wartime trauma. In towns and cities across Ukraine, people have grown used to the daily routine of air raid alarms, bomb shelters, and electricity blackouts, all accompanied by gut-churning news of the latest Russian atrocities.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Despite the many horrors and hardships, Ukrainians have remained broadly united by a shared sense of purpose. While most people are understandably desperate for peace, there is also widespread recognition that Ukraine is fighting for national survival and faces destruction if Russia’s invasion succeeds. This has been made abundantly clear by the actions of the Russian army in areas of Ukraine under Kremlin control, with thousands of potential dissenters abducted and children sent for indoctrination to rob them of their Ukrainian heritage.

Most Ukrainians acknowledge the need to fight on, but there are growing concerns over continued international support. During the initial months of the invasion, the watching world was awed by Ukrainian courage and tenacity as the country fought back against the might of the Russian military. This helped convince Western leaders that arming Ukraine was both morally right and worthwhile. However, as the war has dragged on, grumbles over the cost of supplying the Ukrainian military have grown louder, as has the chorus of voices calling for some form of compromise with the Kremlin.

Every time Western leaders delay the delivery of military aid, the cost can be measured in Ukrainian lives. These delays enable Russia to bomb Ukrainian cities and advance further along the front lines of the war. Shortfalls in military support are also making it significantly harder for Ukraine to mobilize new troops for the army, with many potential recruits left alarmed by the prospect of being sent into battle without adequate weapons or armor.

While Kyiv struggles to convince wavering Western leaders, Moscow is creating an axis of autocrats to bolster the Russian war effort. Since the start of the full-scale invasion almost three years ago, Putin has strengthened ties with China, Iran, and North Korea, receiving a range of support including sanctioned high-tech weapons components, attack drones, ballistic missiles, and vast quantities of artillery shells. This alliance is playing an increasingly direct role in the invasion of Ukraine, with North Korean soldiers recently appearing on the battlefield.

Donald Trump’s election victory is now fueling anticipation that the war is about to enter a new phase, with the incoming US administration expected to push for a negotiated settlement. Nobody wants to end the war more than Ukrainians, of course. At the same time, there are mounting concerns that Western efforts to pursue peace from a position of weakness may lead to Kremlin-friendly terms that would end up emboldening Putin and setting the stage for further Russian aggression.

Ukrainians have particularly painful memories of the failed peace process that followed Russia’s 2014 invasion of Crimea and eastern Ukraine’s Donbas region. For eight years, Russia refused to even acknowledge its direct involvement in hostilities, insisting instead on noncombatant status. This farcical situation made it virtually impossible to achieve any meaningful progress toward peace. It is now clear that while Moscow was pretending to engage in diplomatic efforts to end the war, Russia was busy preparing for the full-scale invasion of February 24, 2022.

Ahead of any peace talks, Ukrainians will be hoping their international allies have not lost sight of the huge costs they will face if they fail to stop Russia in Ukraine. The invasion launched by Putin one thousand days ago has already transformed the geopolitical landscape and led to the emergence of a formidable authoritarian alliance that shares a common commitment to ending the era of Western ascendancy. Russian success in Ukraine would dramatically strengthen this alliance, with alarming ramifications for the security situation everywhere from Central Europe to East Asia.

As the world reflects on one thousand days of Russia’s attack on Ukraine, the Ukrainian nation is exhausted but remains determined to end the war on terms that will allow the next generation to live in peace. This will not be possible without continued international support. Putin was wrong to assume that Ukraine would collapse in the wake of his invasion. Western leaders must now convince him that he is equally wrong to believe he can outlast them in Ukraine.

Kira Rudik is leader of the Golos party and a member of the Ukrainian parliament.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

Read more from UkraineAlert

UkraineAlert is a comprehensive online publication that provides regular news and analysis on developments in Ukraine’s politics, economy, civil society, and culture.

The post 1000 days of war: Russia’s invasion of Ukraine passes grim milestone appeared first on Atlantic Council.