Dateline Moscow, Kiev: Targeting Ukrainian media.
Ukraine at D+109: Media feel Russia cyber warfare and information lawfare. (The CyberWire) The artillery war for the Donbas continues, with difficulties for both sides: Ukraine needs ammunition, and Russia might need to maneuver against opposition. The GRU is spamming Ukrainian media outlets, and Russian courts are cracking down on foreign media that don't toe the Kremlin's line. And Mr. Putin takes extradordinary steps to secure what we must euphemistically call his "biomaterial."
Russia-Ukraine war: what we know on day 110 of the invasion (the Guardian) Fierce street fighting continues in Sievierodonetsk, where Russian forces destroyed a bridge cutting off possible evacuation route
Ukraine morning briefing: Cluster bomb attacks 'kill hundreds of civilians' in Kharkiv (The Telegraph) Plus: Global nuclear arsenal set to grow significantly in coming years and senior Ukrainian official praises slain British fighter
Russia likely to seize all of Luhansk in coming weeks, U.S. official says (Washington Post) Russia is likely to seize control of the entire Luhansk region of Ukraine within a few weeks, a senior U.S. defense official said, as Ukraine sustains heavy casualties and its supplies of ammunition dwindle.
The battle of Donbas could prove decisive in Ukraine war (AP News) Day after day, Russia is pounding the Donbas region of Ukraine with relentless artillery and air raids, making slow but steady progress to seize the industrial heartland of its neighbor.
Russia preparing 'longer war' as it cobbles together reserves for deployment, Kyiv warns (inews.co.uk) A Ukrainian intelligence assessment suggests the Kremlin has extended it war planning for at least another three months while a Washington-based think-tank says the Kremlin is improvising poor quality reinforcements after heavy losses
Fears grow for Sievierodonetsk civilians as plant struck and bridge blown up (the Guardian) Moscow said to control 70% of Ukrainian city, where destruction of bridge leaves residents with only one route out
Ukraine morning briefing: Ukrainian military continues to thwart Russia's advance on Severodonetsk (The Telegraph) Plus: Vladimir Putin could use the death sentence of two British men to push for ally’s release
Russia is bombing eastern Ukraine indiscriminately with anti-ship missiles (The Telegraph) Moscow has run out of precision rockets and is resorting to Cold-War era missiles which is causing massive collateral damage, the MoD warns
Shortage of Artillery Ammunition Saps Ukrainian Frontline Morale (New York Times) Shells for Soviet-era weapons are running short, and powerful Western weapons are not arriving fast enough to make up the difference, giving Russia a big advantage in artillery.
Plea to West as Ukraine 'fights a tank with a pistol' in Donbas (The Telegraph) Latvian minister urges Nato and EU to develop 'strategic endurance' as Kyiv fears Russian bombardment could prevail in south-east region
Opinion We can’t let Ukraine lose. It needs a lot more aid, starting with artillery. (Washington Post) The battle of Donbas — with momentous implications for the future of Ukraine and the entire postwar world — is poised on a knife edge.
Ukraine Deploys Anti-Ship Harpoon Missiles to the Edge of Black Sea, MoD Says (USNI News) Ukrainian forces have deployed Harpoon anti-ship missiles to the Black Sea as a counter to Russian surface ships in the region, Minister of Defense Oleksii Reznikov said. Denmark provided the U.S.-built anti-ship missiles to Kyiv, the Pentagon announced last month. The new Harpoon costal defense battery joined the Ukrainian Navy’s domestically-produced Neptune anti-ship missiles. “Our …
Moscow-backed officials try to solidify rule in Ukraine (AP NEWS) Kremlin-installed officials in occupied southern Ukraine celebrated Russia Day on Sunday and began issuing Russian passports to residents in one city who requested them, as Moscow sought to solidify its rule over captured parts of the country.
Hunting the hidden dangers that lurk in Ukraine’s lakes and rivers (Washington Post) It was a perfect summer day, puffy white clouds reflecting off the still expanse of a lake, the air shimmering with heat. The temptation to dive in? Irresistible.
Ukraine morning briefing: Thousands at risk of 'cholera and deadly diseases' in Mariupol (The Telegraph) Plus: Volodymyr Zelensky insists his country will prevail against Russia and Ukraine pleads for more weapons from the West
Russia warns growing cyber conflict with U.S. could spark war in real world (Newsweek) Russia's top cyber diplomat warned "aggressive actions" won't go "unanswered" as a U.S. official threatened "consequences on states that use cyber capabilities irresponsibly."
Russia warns of a “military clash” if it’s hit by US cyberattacks (The Record by Recorded Future) A Russian cybersecurity official warned on Thursday that Western cyberattacks on the country’s critical infrastructure could lead to a “direct military clash.”
CERT-UA warns of cyberattack on Ukrainian media (Interfax-Ukraine) The governmental emergency response team of Ukraine CERT-UA, operating under the State Service for Special Communications and Information Protection, warns of a mass mailing of dangerous emails with the subject line "LIST of links to interactive maps."
Russian hackers start targeting Ukraine with Follina exploits (BleepingComputer) Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190.
Massive cyber attack on media organizations of Ukraine using the malicious program CrescentImp (CERT-UA # 4797) (CERT-UA) The Governmental Computer Emergency Response Team of Ukraine CERT-UA received information from a participant in the information exchange on mass mailing of e-mails, in particular, among media organizations of Ukraine (radio stations, newspapers, news agencies, etc.) with the topic "LIST of links to interactive maps" . More than 500 recipients' email addresses have been set.
Wikimedia Foundation appeals Russian fine over Ukraine war articles (The Verge) Google and Wikipedia were both fined in April.
Threat Report T1 2022 (ESET) After more than two years of shielding from a global pandemic, we get a reward: war! Several conflicts are raging in different parts of the world, but for us, this one is different. Right across Slovakia’s eastern borders, where ESET has its HQ and several offices, Ukrainians are fighting for their lives and sovereignty in this unprovoked war, facing an opponent that possesses nuclear weapons. As you will read in the following pages, Ukraine is resisting attacks not only in the physical world but also in cyberspace.
Saudi Warns of Ukraine War Exacerbating Cybersecurity Breaches (Asharq AL-awsat) Saudi experts are warning against aggravating cybersecurity breaches as the effects of the Russian-Ukrainian war take a toll. So far, Saudi efforts have led to adding 40 job roles for cadres working in the field of cybersecurity.
Field specialists es
UkraineX: How Elon Musk’s space satellites changed the war on the ground (POLITICO) From artillery strikes to Zoom calls, the tech billionaire’s internet service has become a lifeline in the fight against Russia.
Exclusive: Lithuania PM rejects Russia's "nonsense" threat (Newsweek) Ingrida Šimonytė told Newsweek she is more worried by Vladimir Putin's imperial ambitions than fringe elements of Russia's parliament.
Lithuanian Foreign Minister: Russia Might Not Lose (Foreign Policy) Gabrielius Landsbergis weighs in on why Russia needs to be defeated, why Eastern European states were and are nervous, and why the West needs to…
The West must supply Ukraine with weapons for 'as long as it takes', Latvia says (The Telegraph) Speaking to the Telegraph, Latvia's Foreign Minister Edgars Rinkēvičs said Nato should boost its defences to deter Russia
Ukraine morning briefing: 'The entirety of Europe is a target for Russia,' warns Zelensky (The Telegraph) Plus: EU chief Ursula von der Leyen visits Kyiv amid warning that a severe food crisis and famine will lead to political chaos
Putin admits Ukraine invasion is an imperial war to “return” Russian land (Atlantic Council) By abandoning all pretense and comparing himself to Peter the Great, Russian dictator Vladimir Putin has confirmed that he is waging an old-fashioned imperial war of conquest with the goal of annexing Ukrainian land.
‘Putin the Great’ has shown his true intentions – now Macron and the appeasers must recognise that (The Telegraph) Only the most loyal apologist will now be able to hide behind the mask that pretends war on Ukraine is anything other than a land grab
Proxy war or not, Ukraine shows why moral hazards matter (Atlantic Council) Whether NATO and Ukraine are proxy partners matters less than whether they can manage the risks associated with their relationship.
Specialist gang ‘targeting’ Ukrainian treasures for removal to Russia (the Guardian) International academics and digital imaging experts have spotted a pattern in the theft of high-value artefacts
Ukraine’s ‘Nuremberg Moment’ Amid Flood of Alleged Russian War Crimes (Foreign Policy) So many crimes are being documented that they need a new court.
No mercy for death row British fighters Aiden Aslin and Shaun Pinner, says rebel leader (The Telegraph) Denis Pushilin, the head of the unrecognised Donetsk People's Republic, says he sees 'no grounds' to pardon the men
Belarus concerned about emerging threats to Collective Security Treaty Organization (Belarusian Telegraph Agency) Vladimir Makei said: “We believe that our organization has to know how to adequately respond to the challenges and threats that regretfully appear virtually every day. We paid considerable attention to this matter during the private session and the expanded one.”
Biden says Zelensky ‘didn’t want to hear’ U.S. warnings of invasion (Washington Post) President Biden said Ukrainian President Volodymyr Zelensky “didn’t want to hear it” when U.S. intelligence officials raised warnings of a looming Russian attack before the Feb. 24 invasion, according to the Associated Press.
Engagement Reframed #7: Defending democracy and countering China requires US and Western support for a beleaguered developing world (Atlantic Council) The war in Ukraine has become a turning point for developing countries, many of whom could give up the gains made in economic growth and reduction in poverty over the past three decades.
Zelensky Wants Asia to Stop Enabling Putin’s War (Foreign Policy) “If you cover half of the river, what difference does it make?” one Ukrainian official said of the evasion of sanctions on Russia.
As Ukraine burns, Indo-Pacific defense leaders debate fallout (Breaking Defense) Above everything else there is the fundamental discussion of how will the rising power of China and the still mighty but relatively fading power of the United States compete.
The War in Ukraine Is a Ticking Timebomb for Latin America (World Politics Review) Jair Bolsonaro’s and Andres Manuel Lopez Obrador’s goodwill toward Vladimir Putin is illustrative of a broader challenge for Latin America’s political class. Regional leaders may attempt to dodge the political ramifications of the war in Ukraine, but the invasion is likely to rock regional economies for the coming year.
How Nordic wind and wealth can wean Europe off Putin's gas (Atlantic Council) Denmark and Norway are uniquely positioned to drive the European hydrogen economy of the future. The two countries' wealth, renewable capacity, and ambition make long-term replacement of Russian gas—and indeed of gas in general—viable.
'Senseless' new Lada unveiled as Russia battles to beat sanctions (The Telegraph) The Granta Classic 2022 is built exclusively from parts produced by Russia and its allies
Attacks, Threats, and Vulnerabilities
GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool (Unit42) A new, difficult-to-detect remote access trojan named PingPull is being used by GALLIUM, an advanced persistent threat (APT) group.
Conti's Attack Against Costa Rica Sparks a New Ransomware Era (Wired) A pair of ransomware attacks crippled parts of the country—and rewrote the rules of cybercrime.
Prophet remark: Slew of cyber attacks on Indian govt, private sites (The Times of India) After threats by the al-Qaeda, comments against Prophet Muhammad by now suspended BJP spokesperson Nupur Sharma has led to a slew of cyber attacks on
70 Indian government, private websites face international cyber attacks over Prophet row (The Times of India) India News: Orchestrated by the hacktivist group DragonForce Malaysia, the series of attacks targeted the Indian embassy in Israel, National Institute of Agricult
Hello XD ransomware now drops a backdoor while encrypting (BleepingComputer) Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption.
HelloXD Ransomware Installing Backdoor on Targeted Windows and Linux Systems (The Hacker News) New variants of Hello XD ransomware malware now install a secret backdoor on targeted Windows and Linux systems to gain persistent remote access.
Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware (BleepingComputer) Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks.
New Confluence Remote Code Execution Flaw is Exploited by Cryptocurrency Miners (CySecurity News) Crypto mining gang known as the "8220 gang" does bulk net scans to discover vulnerable Windows and Linux endpoints.
Public Travis CI Logs (Still) Expose Users to Cyber Attacks (Aquasec) Team Nautilus found that many tokens of Travis CI users are exposed via an issue in its API which allows attackers to launch massive attacks in the cloud
‘Highly Evasive’ Malware Targets Linux Systems (Decipher) A new “highly-evasive” Linux malware leverages the Berkeley Packet Filter (BPF) hooking functionality to hide malicious network traffic.
Linux malware ‘Symbiote’ used to attack Latin American financial sector (The Record by Recorded Future) Researchers at BlackBerry and Intezer have discovered a new Linux malware named “Symbiote” that is being used to target financial institutions across Latin America.
Detecting a Follina Zero-Day Vulnerability in MSDT (Deep Instinct) In May 2022, Follina, a zero-day vulnerability in Microsoft Support Diagnostic Tool was discovered. Learn more about the new Follina attack & prevention.
Vulnerabilities in HID Mercury Access Controllers Allow Hackers to Unlock Doors (SecurityWeek) Access control products from LenelS2 and other vendors using HID Mercury controllers are affected by vulnerabilities that can allow hackers to remotely unlock doors.
PyPI package 'keep' mistakenly included a password stealer (BleepingComputer) PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to contain a password-stealer and a backdoor due to the presence of malicious 'request' dependency within some versions.
CERT-IN flags multiple weak spots in Android OS carrying data leak risk (Business Standard) The agency released the vulnerability note a week after Google made the security risks public in its Android Security Bulletin-June 2022
API security warrants its own specific solution (Help Net Security) The OWASP Foundation recognizes this fact via the API Security Top 10 list of vulnerabilities and security risks.
Monkeypox gives scammers something new to con with (Pickr) The scammer arsenal of tricks and cons has received a bit of an update recently, as it's not just covid scams set to land in your emails.
Proofpoint: We Block Up to Two Million Extortion Emails Daily (Infosecurity Magazine) Users urged to beware of attempts to steal and obtain cryptocurrency
Cyber security experts raise alarm over possible data breach involving millions of Malaysians (New Straits Times) Concerns have been raised over a possible weak spot in Malaysia's cyber security system, which could potentially grant unscrupulous parties access to the data of millions of Malaysians.
Palermo ransomware attack: Vice Society claims responsibility as city details recovery strategy (TechCentral.ie) The cyber attack on the Italian municipality of Palermo has been confirmed as a ransomware incident, with Vice Society claiming responsibility. The incident appears to be an example of double extortion ransomware, given that Vice Society’s victim page indicates that a set of documents belongong to Palermo woulid be published at on Sunday 12 June. [&hellip
Answers to Washington Local's cyberattack could be weeks away (The Blade) Washington Local Schools is closer to operating at full capacity after a cyberattack three weeks ago that knocked out the district’s phones, email, ...
Security Patches, Mitigations, and Software Updates
Google Releases Security Updates for Chrome (CISA) Google has released Chrome version 102.0.5005.115 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.
Time to update: Google patches seven Chrome browser bugs, four rated 'high' risk (ZDNet) Google discloses four high-risk cybersecurity vulnerabilities in Google Chrome. CISA says users should apply the patches as soon as possible.
Chrome 102 Update Patches High-Severity Vulnerabilities (SecurityWeek) Google releases Chrome update to resolve several high-severity vulnerabilities reported by external researchers.
Microsoft Defender upgrade could solve one of the biggest BYOD security threats (TechRadar) Compromised devices can be isolated from the network
Microsoft ending support for Internet Explorer (NHK WORLD) US IT giant Microsoft will end support for its web browser Internet Explorer on Thursday, June 16, Japan time.
Trends
Utility/DOE data indicates sophisticated hackers have compromised US electric control centers (Control Global) Either the utility industry’s key data on grid reliability can’t be trusted or the grid is MUCH more insecure, and possibly compromised, than the U.S. Department of Energy (DOE), Federal Energy Regulatory Commission (FERC) or the North American Electric Reliability Corporation (NERC) have seemed to acknowledge. This concern arises from the data reported to the DOE by the utilities using Form OE-417. The OE-417 data are input by the specific utilities addressing their specific incidents. Assuming the OE-417 data are correct and has been input correctly, there are many unexplainable incidents.
31st Annual RSA Conference Brought Together Thousands of Industry Experts and Business Professionals to Advance Awareness and Understanding of Critical Cybersecurity Issues (Yahoo) RSA® Conference, the world's leading information security conferences and expositions, today concluded its 31st annual event at the Moscone Center in San Francisco. The year's event attracted over 26,000 attendees, including 600+ speakers, 400+ exhibitors, and over 400 members of the media. Throughout the week, attendees networked on the expo floor and participated in keynote presentations, track sessions, tutorials, seminars, and special events.
Ukraine war dominates RSA Conference, but zero-days, government friction and AI loom large (SiliconANGLE) Ukraine war dominates RSA Conference, but zero-days, government friction and AI loom large - SiliconANGLE
OMIGOD: Cloud providers still using secret middleware (Register) All the news you may have missed from RSA this week
Netwrix Survey: 53% of Organizations Suffered a Cyberattack in the Cloud Within the Last 12 Months (Netwrix) Despite more tools and larger budgets, IT teams were slower to detect threats in 2022 than in 2020.
2022 Cloud Data Security Report (Netwrix) Netwrix has updated the Cloud Data Security Reports from 2020 and 2019 to reflect the evolution of cloud security to highlight what really matters.
Threat actors becoming more creative exploiting the human factor (CSO Online) Remote work, supply chains, commercial clouds offer threat actors opportunities to trick people into doing their bidding.
9 ways hackers will use machine learning to launch attacks (CSO Online) Machine learning algorithms will improve security solutions, helping human analysts triage threats and close vulnerabilities quicker. But they are also going to help threat actors launch bigger, more complex attacks.
Why FOMI is Keeping Cybersecurity Professionals up at Night (Irish Tech News) Even before the pandemic, CISOs were under more pressure than ever with increasingly sophisticated cyber threats and more frequent attacks. That’s not to mention the weight of potential repercussions stemming from a breach.
External and Internal Cyber Threats: How World Events Have Changed the Rules of Engagement (HS Today) Even valued and proven employees who have been thoroughly and properly vetted could one day decide to trade their profession and integrity for profit.
The never-ending ransomware assault against healthcare (SC Magazine) In a survey CyberRisk Alliance Business Intelligence conducted among InfraGard’s membership last fall, respondents in the healthcare sector cited many headwinds when trying to defend itself against a blistering onslaught of ransomware attacks.
Public getting fed up with never ending data leaks (The Star) Malaysians want their personal data to be better guarded by the powers-that-be as promised, saying further leaks will leave people in a vulnerable spot.
Marketplace
ZITADEL raises $2.5 million to enhance its open-source identity management platform (Help Net Security) ZITADEL announces $2.5M in seed funding to provide developers with a much-needed open-source alternative for their identity management needs.
Akamai's Transformation to a Distributed Cloud Provider Nearly Complete (WebProNews) Akamai, the company synonymous with content delivery networks (CDN), has been slowly transitioning to become the “world’s most distributed cloud services provider,” a transformation that is well on its way.
Hackers for hire: Fairlawn company works to crack cybersecurity threats (Akron Beacon Journal) Businesses can lose millions of dollars in a ransomware attack; TrustedSec, which recently moved to Fairlawn, works to stop cybercrime.
Bitcoin Tumbles to 18-Month Low as US Inflation Impact Spreads (Bloomberg) Ether, other altcoins also suffer amid broad selloff. Crypto remains ‘at the mercy of the Fed,’ Nexo’s Trenchev says.
For Recent Grads, Cybersecurity Offers Lots of Career Opportunities (Dice Insights) In the tech space, cybersecurity remains one of the hottest areas for recent grads. Experts share their advice for breaking into this sector.
Major crypto lender Celsius freezes withdrawals as markets tumble (Reuters) Major U.S. cryptocurrency lending company Celsius Network on Monday froze withdrawals because of "extreme market conditions," in the latest sign of pressure on the sector from tumbling crypto markets.
WSJ News Exclusive | Meta Scrutinizing Sheryl Sandberg’s Use of Facebook Resources Over Several Years (Wall Street Journal) The Facebook parent’s lawyers have been investigating outgoing COO Sheryl Sandberg’s use of corporate resources for personal projects going back several years, people familiar with the matter say.
Steve Prodger joins Arcules as CRO (Help Net Security) Steve Prodger, a vanguard and results-oriented technology executive, joins Arcules as Chief Revenue Officer.
1Password appoints Erin Zipes as Chief Legal Officer (Help Net Security) 1Password has appointed Erin Zipes as its first Chief Legal Officer to help the company scale to meet demand for its security solutions.
WillCo Tech Appoints Former DIA Director Vincent Stewart to Board of Advisors (Hstoday) Lt. Gen. Stewart brings over 40 years of military and government agency leadership experience to WillCo Tech.
SilverSky Appoints Maureen Kaplan as Chief Revenue Officer (PR Newswire) SilverSky, a cybersecurity innovator offering powerful managed detection and response (MDR) services, today announced it named Maureen Kaplan...
Products, Services, and Solutions
Clumio Announces SecureVault Lite for Amazon EC2 and Amazon EBS to Make Air-Gapped Ransomware Data Protection Affordable for All Enterprises (GlobeNewswire News Room) Clumio SecureVault Lite for Amazon EC2 and Amazon EBS Delivers Fast Backups and Data Recovery in Seconds, to Provide Customers with Quick Ransomware...
Mandiant Moves To Monitor Chatter, Exposures On Deep Web (SDxCentral) Mandiant launched its digital risk protection service this week at RSA Conference to proactively defend against emerging threats.
Checkmarx unveils context-aware Checkmarx Fusion with industry's first holistic view and cross-component prioritisation of application vulnerabilities (iTWire) COMPANY NEWS: Developers and application security (AppSec) teams today have long needed a single, integrated view into the interaction, functions and vulnerabilities of the dozens of components in today’s typical application in order to perform comprehensive AppSec testing. In response to that...
Privacy-focused Murena Android smartphone makes its debut (KnowTechie) More consumers are focusing on their data privacy, so the Murena One and other Murena smartphones could grow in popularity
Malwarebytes expands Nebula platform with DNS module (SecurityBrief Asia) Malwarebytes has expanded its Nebula platform with a new DNS Filtering module designed to provide a quick, flexible, and comprehensive Zero Trust offering for Nebula users.
Metasploit 6.2.0 comes with 138 new modules, 148 enhancements and features (Help Net Security) Metasploit 6.2.0 includes 138 new modules, 148 enhancements and features, improvements, and 156 bug fixes.
Technologies, Techniques, and Standards
What Is Defense Evasion? (MSSP Alert) By understanding defense evasion techniques, MSSPs & MSPs can harden their arsenal of traps & detections against hackers & adversaries, Huntress asserts.
HSE tests responses in simulated cyber attack (RTE.ie) The Health Service Executive, the National Cyber Security Centre and a number of hospitals and pharmaceutical providers have participated in a large-scale European cyber exercise.
Massachusetts National Guard Plays Key Role in Cyber Shield 2022, the DoD’s Largest Unclassified Cyber Defense Exercise (DVIDS) Approximately 30 Massachusetts National Guard cyber and computer security specialists are honing their skills, June 5-17, as part of Cyber Shield 2022, the Department of Defense’s largest unclassified cyber defense exercise involving approximately 800 National Guard cyber specialists as well as law enforcement, legal, government and corporate partners from across the country.
Kentucky National Guard Keeps Cyber Shield 2022 Wired In (DVIDS) As some 800 National Guard cyber and computer security specialists along with law enforcement, legal, government and corporate partners from across the country hone their skills, June 5-17, as part of Cyber Shield 2022, the Kentucky Army National Guard’s 149th Signal Company of Richmond, Ky., keeps them all connected.
Pennsylvania National Guard Fills Key Roles in Cyber Shield 2022, the DoD’s Largest Unclassified Cyber Defense Exercise (DVIDS) A team of about 10 Pennsylvania National Guard cyber and computer security specialists are helping run Cyber Shield 2022, the Department of Defense’s largest unclassified cyber defense exercise involving approximately 800 National Guard cyber specialists as well as law enforcement, legal, government and corporate partners from across the country.
‘Shield Con’ Helps Military Cyber Defenders Learn the Latest in Cyber Security and Network With Peers (DVIDS) You’ve heard of Comic-Con – maybe even DEF Con, Web Con, Storm Con, ProductCon, DesignCon, Axe-con, or I.CON.
This year, Cyber Shield – the Department of Defense’s premiere unclassified cyber defense exercise – presented “Shield Con.”
“The take away for participants was to share knowledge on cyber security, community involvement, team morale, and to network within the military and share DOD knowledge,” said Aaron Rosenmund, the exercise’s director of research and development and one of the key planners of Shield Con.
The cybersecurity-specific conference on June 11 was inspired by the BSides Conference, a public sector conference to develop cyber security knowledge, build relationships, and career network.
Shield Con featured “talks” with panels covering topics such as building a National Guard cyber team, the Guard’s roles in election security, cybersecurity career planning, and others.
FDNY seeks firewall to stop doxxing, hacking of rescue workers’ personal data (New York Post) The FDNY is seeking to build a digital firewall to protect the city’s thousands of rescue workers from cyberattacks, including “doxxing,” The Post has learned.
Hackers Gonna Hack: Cyber Defense Not the Only Way to Shake 'Em Off (ClearanceJobs) With cyber attacks on the rise, every entity needs to plan not only to protect against hackers but also to respond to a compromised network.
Taking the initiative, and the long walk to HR (Register) If I delete all these duplicate files, everything will run much smoother!
Design and Innovation
Do scientists need an AI Hippocratic oath? Maybe. Maybe not. (Bulletin of the Atomic Scientists) Artificial intelligence has benefited humanity, but scientists also recognize the possibility for a dystopic outcome in which AI-powered computers one day overtake humans. Would an ethical oath for AI scientists avert this outcome? Or is such an oath too simplistic to be useful?
The Google engineer who thinks the company’s AI has come to life (Washington Post) AI ethicists warned Google not to impersonate humans. Now one of Google’s own thinks there’s a ghost in the machine.
Apple Wants to End Passwords for Everything. Here’s How It Would Work. (Wall Street Journal) Goodbye, complex, hard-to-remember passwords. Hello, logging in with your face and fingerprints.
Explained: Apple Passkeys Will Remove Existence of Passwords (TelecomTalk) Apple devices which come with support for either Face ID or Touch ID or both can be leveraged to authorise the use of Passkey. The device's security system can act as a way to authenticate the user to the website or the app. Apple said the server doesn’t need to protect the public key.
Academia
Cybersecurity Programs Gain Popularity With Veterans (GovTech) Cybersecurity programs such as the online one at Western Governors University have seen growing interest from military personnel looking for flexible IT training, either for their current roles or after their service.
Cybersecurity courses ramp up amid shortage of professionals (AP NEWS) The pressure was on. Someone, somewhere, was attacking computer systems so customers couldn’t reach certain websites. In a windowless room in Denver, Zack Privette had worked all morning with his security team to figure out what the cyber strangers were up to.
Cyber students excel in spring competitions (University of North Georgia) University of North Georgia (UNG) cybersecurity students made strong showings in a pair of high-level events during the spring 2022 semester. They were fifth out of 25 teams in the national Hack the Port cyber-physical systems hacking competition. UNG also finished in second place in the Southeast Collegiate Cyber Defense Competition hosted by Kennesaw State University.
UNCP to offer Master of Occupational Therapy, Cybersecurity degree (The University of North Carolina at Pembroke) UNC Pembroke is expanding its academic landscape with the launch of two new degree programs––a Master of Science in Occupational Therapy (MSOT) and a Bachelor of Science in Cybersecurity. UNCP will introduce the undergraduate degree in cybersecurity this fall. Students can apply for the MSOT program in the 2023-2024 academic year. Classes will be offered in fall 2024. Following a rigorous review process, the university received formal approval from the UNC System and the UNC Board of Governors.
KnowBe4 To Offer Veterans, Guard, Reserve and Spouse Cybersecurity Scholarship (WFMZ.com) KnowBe4 partners with the Center for Cyber Safety and Education to help support and further education in cybersecurity for military personnel and their spouses
Legislation, Policy, and Regulation
China rebrands proposal on internet governance, targeting developing countries (Euractiv) The Chinese government made another attempt in promoting its vision of the internet, in a repackaging intended to lure lagging regions.
coe: T To Bolster Cyber Security With Coe (The Times of India) In a bid to grow awareness and expertise against cybercrimes in state, DGP M Mahender Reddy announced that a cyber security Center for Excellence (Co
38 Tech Leaders Sign Cyber Resilience Pledge (SecurityWeek) In partnership with Coalition to Reduce Cyber Risk (CR2), 37 organizations in eight countries have signed a pledge to improve cyber resilience against ransomware and other threats.
Cyber CEO's US Advisory Work Echoed Sales Pitch His Firm Uses (Bloomberg) Dragos CEO says he wasn’t trying to help his company but promote cyber improvements that were ‘solution agnostic'
My Reaction to the Bloomberg Article on Me and the 100 Day Action Plan (Robert M. Lee) Hi all, Well candidly here’s a blog I hate to have to write but I appreciate the show of support from the cybersecurity community; in all the social media posts/Twitter/etc. any negative comment was outweighed 20:1 by comments noting my actions didn’t sound wrong at all.
Critics Of SEC Data Breach Rules Question 4-Day Deadline (Law360) The U.S. Securities and Exchange Commission's plan to apply the same four-day deadline that companies have to report straightforward news like naming a new CEO to the more murky world of data security episodes could confuse investors or interfere with investigations, breach response lawyers say.
Ex-Big Law Partner Nabs NSA Legal Post After Russia Probe Role (Bloomberg Law) The US National Security Agency has a new general counsel in April Falcon Doss, a past lawyer at the NSA and former chair of the cybersecurity and privacy practice at Saul Ewing Arnstein & Lehr.
In March, Plainfield fell to a cyber attack. Now the town has a plan to stop the next one. (The Bulletin) Financial fall-out from the attack is estimated at roughly $350,000 with new software purchases, re-wiring and third-party IT assistance.
Litigation, Investigation, and Law Enforcement
Qatar bolsters cyber security in preparation for World Cup (ComputerWeekly.com) With hackers honing their cyber weapons to target the upcoming football World Cup, Qatar is busy developing countermeasures and raising awareness.
FBI, DOJ say less than 25% of NetWalker ransomware victims reported incidents (The Record by Recorded Future) Just one fourth of all NetWalker ransomware victims reported incidents to law enforcement, according to the FBI and Justice Department officials who brought down the gang.
Introducing: Hack Me If You Can - The Journal. - WSJ Podcasts (Wall Street Journal) Wall Street Journal reporter Robert McMillan has spent years trying to find a Russian hacker who would tell him their story. And then, he met Dmitry Smilyanets, the man who managed one of the most notorious hacking teams to come out of Russia. Dmitry’s story is the story of how a generation of hackers grew up in Russia. It follows the dramatic game of cat and mouse that America plays trying to catch cyber criminals like Dmitry. And in Dmitry’s case, it ends with him facing a choice: go to prison for decades, or help the U.S. government stop hackers like himself. This is a new series from the Journal - Hack Me If You Can – the story of a Russian cyber criminal who went to the other side. All episodes out June 10th.
Amazon's chat app is flooded with child sexual abuse images (NBC News) Court records show that Wickr Me has become part of a toolkit used by people who exploit children. Law enforcement and child abuse experts say it's not taking basic safety measures.
Marseille’s battle against the surveillance state (MIT Technology Review) The boisterous, rebellious port city is trying to fight the growing ubiquity of policing cameras.
Channel 4 faces Ofcom probe over ’emergency news’ stunt to promote cyber attack drama The Undeclared War (INews) EXCLUSIVE. A fake emergency news broadcast announcing the UK was under a cyber attack was inspired by Orson Welles’ The War of the Worlds, Channel 4 said
University of Pittsburgh Medical Center data breach $450K class action settlement (Top Class Actions) A University of Pittsburgh Medical Center billing support company agreed to pay $450,000 to resolve claims surrounding a 2020 data breach.
She tracked her boyfriend using an AirTag — then killed him, police say (Washington Post) In the early morning hours of June 3, Gaylyn Morris drove up to an Indianapolis pub in a dark blue Chevrolet Impala.
AirTag, accusation and argument end in murder charge after man run over outside Tilly's (Indianapolis Star) Police found 26-year-old Andre Smith underneath a vehicle in the parking lot. The coroner's office determined he was intentionally struck.