Dateline
Ukraine at D+456: CosmicEnergy's attack potential. (CyberWire) Cross-border strikes, and an ambiguous but disturbing discovery of malware designed to disrupt industrial operations.
Deadly Missile Strike Hits Medical Clinic in Ukraine (New York Times) A Russian missile hit the medical center in the central Ukrainian city of Dnipro, officials said, just hours after a heavy overnight assault on the surrounding region.
Three Russian Regions Attacked By Ukrainian Forces, Governors Say (RadioFreeEurope/RadioLiberty) Officials in three Russian regions on May 26 reported attacks allegedly by Ukrainian forces.
Belgorod raid sparks border alarm for Russia ahead of Ukrainian offensive (Atlantic Council) This week's unprecedented cross-border raid into Russia's Belgorod Oblast could be part of Ukrainian shaping operations designed to stretch the Russian military ahead of a coming counteroffensive, writes Peter Dickinson.
36 Hours in Bakhmut: One Unit’s Desperate Battle to Hold Back the Russians (Wall Street Journal) A group of 16 draftees lost 11 who were killed or captured. Whether it was worth the cost depends on a widely anticipated offensive.
On the Front Lines with a Ukrainian Artillery Unit (Military.com) The unit of nine, code named the Black Birds, carefully tends to its M777, artillery that was delivered by Ukraine's benefactors after a lengthy negotiation process.
Videos of Ukrainian drone boats swarming a Russian target end in explosion, mystery (Task & Purpose) New videos of a desperate shootout between a Russian Naval ship and at least two Ukrainian boat drones have published online.
Why the Wagner boss is saying Russia could lose the war (The Hill) Wagner Group founder Yevgeny Prigozhin once again amplified his public rift with Russian leadership this week, saying the war in Ukraine had backfired and the Kremlin risked facing a revolution. In…
Interview: The 'War Of Clans For Putin's Throne Has Begun' (RadioFreeEurope/RadioLiberty) Russian investigative journalist Roman Aleksandrovich Anin says that instead of a place in history between Peter I and Catherine the Great, as Putin hoped, he’s destined to be regarded as “somewhere between Hitler and Qaddafi.” And the battle to succeed him is already under way.
The coming Russian revolution will unleash horrifying new demons (The Telegraph) As Wagner mercenaries grow increasingly furious with the regime, some are predicting a seismic upheaval
Russian narratives ignore real reasons for Western support of Ukraine (Atlantic Council) Russian attempts to explain away Western support for Ukraine with conspiracy theories and outdated arguments are falling flat as the democratic world continues to oppose Moscow's invasion, writes Richard Cashman.
Russian army needs a decade to rebuild – and Nato can take advantage (The Telegraph) Video analysis: As Russian equipment losses pile up in Ukraine, older Western kit shipments are proving their worth
Pentagon says allies will unite to train Ukrainians on F-16s (Military Times) Defense Secretary Lloyd Austin said in addition to training, Ukraine will need to be able to sustain and maintain the aircraft and have enough munitions.
With Ukraine Set to Get Another Weapon from Its Wish List, Democrats Push for More (Defense One) Rep. Jason Crow calls for more tanks to Ukraine—and maybe non-combatant military observers.
Russia's War in Ukraine Shows Cyberattacks Can Be War Crimes (Dark Reading) Ukraine head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism."
Meet Diia: the Ukrainian app used to do taxes … and report Russian soldiers (the Guardian) Awarding-winning app initially aimed at helping people access public services is now used for wartime efforts
NATO and Ukraine boost partnership through greater cooperation on science, technology and innovation (NATO/OTAN) On 25-26 May 2023, officials and experts from NATO and Ukraine met in Brussels to chart the way forward on their long-standing cooperation on science and technology.
Global Sanctions Dashboard: US and G7 allies target Russia's evasion and procurement networks (Atlantic Council) Tackling export controls circumvention by Russia; the enforcement and effectiveness of the oil price cap; the failure of the US sanctions policy towards Sudan, and how to fix it.
UK to keep Kremlin assets frozen until Russia pays compensation to Ukraine (the Guardian) Council of Europe has established digital register of damage as first step towards compensation mechanism
Russia’s ‘data glasnost’ didn’t last long. Here’s how to tell whether sanctions are working. (Atlantic Council) Economic data is still coming out of Russia, and Russian Central Bank Governor Elvira Nabiullina and other financial elites have been pushing for making even more data available. But that's changing.
Attacks, Threats, and Vulnerabilities
CISA Warns of Hurricane/Typhoon-Related Scams (Cybersecurity and Infrastructure Security Agency CISA) CISA urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs).
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant) The latest example of specialized OT malware capable of causing cyber physical impacts.
This newly-discovered malware could disrupt power generation — and do physical damage (Washington Post) Russia-connected CosmicEnergy discovery adds to disturbing trend of malware that can do physical damage
New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids (The Hacker News) New industrial malware COSMICENERGY unearthed – targeting electric transmission operations in Europe, Middle East, and Asia.
New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids (SecurityWeek) Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption.
Mysterious malware designed to cripple industrial systems linked to Russia (CyberScoop) The code designed to target industrial control systems joins the pantheon of dangerous malware that can cause cyber-physical harm.
Spotted: Suspected Russian malware designed to disrupt Euro, Asia energy grids (Register) For simulation or for real, we don't like the vibes from this CosmicEnergy
New Russia-linked malware can physically harm power grids, Mandiant reports (Record) According to an analysis from Mandiant, malicious software dubbed CosmicEnergy is designed to disrupt and damage critical infrastructure systems, including power grids.
Russia-linked CosmicEnergy malware could disrupt energy grids (Computing) Its capabilities closely resemble those observed in malware such as Industroyer and Industroyer2
GCHQ warns of fresh threat from Chinese state-sponsored hackers (the Guardian) National Cyber Security Centre urges operators of critical national infrastructure to prevent hacks
Factbox: What is Volt Typhoon, the alleged China-backed hacking group? (Reuters) Its name is redolent of an exotic electrical storm. But is the freshly christened hacking group "Volt Typhoon" an imminent danger to American infrastructure, or just a new crop of digital spies playing an old game?
Chinese hackers behind Guam breach have been spying on US military for years (Record) A state-sponsored Chinese hacking group that on Wednesday was reported to have compromised critical infrastructure in Guam has also been collecting military intelligence from U.S. companies for at least two years, researchers told The Record.
Volt Typhoon and other Chinese groups accused of hacking the US and others (Reuters) Chinese hacking teams have been blamed by Western intelligence agencies and cybersecurity groups for digital intrusion campaigns across the world, targeting everything from government and military organisations to corporations and media groups
U.S. warns China could hack infrastructure, including pipelines, rail systems (Reuters) The U.S. State Department warned on Thursday that China was capable of launching cyber attacks against critical infrastructure, including oil and gas pipelines and rail systems, after researchers discovered a Chinese hacking group had been spying on such networks.
The big Chinese hacking teams targeting on US government, military and media (Firstpost) Microsoft has said that Chinese state-sponsored hackers compromised ‘critical’ US cyber infrastructure across numerous industries with a focus on gathering intelligence. They further claim that Volt Typhoon was behind the snooping
China hits back at 'the empire of hacking' over Five Eyes US cyber attack claims (ABC) Responding to a joint Cybersecurity Advisory issued by US, Australian, New Zealand and United Kingdom intelligence agencies that identify China as the culprit behind recent cyber attacks, Beijing dismisses it as "a collective disinformation campaign by the United States".
China Hack Is Latest Challenge for West’s Diplomatic Reset With Beijing (Wall Street Journal) The U.S. and its closest allies said Chinese hackers are targeting critical infrastructure using a novel method that is difficult to detect.
Lazarus Group Targeting Windows IIS Web Servers (ASEC BLOG) AhnLab Security Emergency response Center (ASEC) has recently confirmed the Lazarus group, a group known to receive support on a national scale, carrying out attacks against Windows IIS web servers. Ordinarily, when threat actors perform a scan and find a web server with a vulnerable version, they use the vulnerability suitable for the version to install a web shell or execute malicious commands. The AhnLab Smart Defense (ASD) log displayed below in Figure 1 shows that Windows server systems are...
Lazarus Group Striking Vulnerable Windows IIS Web Servers (Dark Reading) The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.
New Lazarus Group attacks set sight on Microsoft IIS servers (SC Media) Vulnerable Microsoft Internet Information Services instances have been targeted by the North Korean state-sponsored threat operation Lazarus Group to facilitate malware deployment efforts, reports The Hacker News.
N. Korean Lazarus Group Targets Microsoft IIS Servers to Deploy Espionage Malware (The Hacker News) North Korean Lazarus Group remains relentless in targeting vulnerable Microsoft IIS servers, utilizing DLL side-loading techniques to deploy malware.
Anonymous Sudan Amidst a Wave of Attacks Against the UAE. What You Need to Know (African Eye Report) In recent weeks, the United Arab Emirates has faced a wave of well-publicised hacktivist campaigns, capturing the attention of organisations and their security teams. Among the prominent groups involved are believed to be Killnet and their affiliate, known as Anonymous Sudan. Both groups are known for their political views. In this article we look at […]
Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances (The Hacker News) Alert: Hackers are exploiting a new zero-day vulnerability to breach Barracuda's Email Security Gateway appliances.
Barracuda discloses zero-day flaw affecting ESG appliances (Security | TechTarget) Barracuda Networks disclosed a zero-day flaw that threat actors used to compromise customers' Email Security Gateway appliances.
The Money Message Group - A New Ransomware Threat (Avertium) A new ransomware group, known as Money Message, has been observed encrypting network shares and targeting both Windows and Linux operating systems.
Microsoft 365 phishing attacks use encrypted RPMSG messages (BleepingComputer) Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways.
Microsoft Encrypted Restricted Permission Messages Deliver Phishing (Trustwave) Over the past few days, we have seen phishing attacks that use a combination of compromised Microsoft 365 accounts and .rpmsg encrypted emails to deliver the phishing message.
12 vulnerabilities newly associated with ransomware (Help Net Security) In Q1 2023, 12 new ransomware-associated vulnerabilities were trending on the internet leaving products vulnerable to ransomware attacks.
Exabeam Names Pravin Vazirani to Board of Directors (Business Wire) Exabeam, a global cybersecurity leader and creator of New-Scale SIEM™ for advancing security operations, announced today that Pravin Vazirani, Managing Director and Co-Head of Technology Investing in the credit division of the asset management firm Blue Owl Capital, will join its Board of Directors
Tynwald members being impersonated by fraudsters (Isle of Man) Scammers have impersonated MHKs on Instagram to defraud victims out of their money.
Mercer University breach exposed nearly 100k people (Cybernews) Mercer University, a US-based private research school, was hit by the Akira ransomware gang, with criminals accessing the personal data of over 93,000 people.
Fresh Del Monte Produce Notifies Employees of Recent Data Breach (JD Supra) On May 16, 2023, Fresh Del Monte Produce, Inc. filed a notice of data breach with the Attorney General of Massachusetts after learning that...
Franklin Templeton Investments Announces Data Breach Following Cyberattack at Third-Party Vendor (JD Supra) On May 23, 2023, Franklin Templeton Investments Corporation (“Franklin Templeton Canada”) filed a notice of data breach with the Attorney General of...
The Strange Story of the Teens Behind the Mirai Botnet (IEEE Spectrum) Their DDoS malware threatened the entire Internet
Security Patches, Mitigations, and Software Updates
Barracuda patches actively exploited zero-day vulnerability in email gateways (Cybersecurity Dive) The security vendor declined to answer questions about how many customers were impacted and what, if any, customer data was compromised.
CISA Releases One Industrial Control Systems Advisory (Cybersecurity and Infrastructure Security Agency CISA) CISA released one Industrial Control Systems (ICS) advisory on May 25, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-145-01 Moxa MXsecurity Series
Trends
Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations (SecurityWeek) Fortinet report shows a drop in the number of breaches and CISOs being increasingly responsible for OT cybersecurity.
Marketplace
Hopr Raises $500K to Revolutionize API Protection (Business Wire) Maryland-based startup develops technology to secure workloads, APIs and data across all cloud environments; Funding to accelerate product-led go-to-market strategy
authID INC. Announces Closing of $8.2 Million Concurrent Registered Direct Offering and Private Placement led by Existing Shareholders and $8.9 Million Notes Exchange (GlobeNewswire News Room) authID to Continue Efforts to Eliminate Authentication Fraud and Deliver 100% Zero Trust Identity Protection on the Internet DENVER, May 26, 2023 ...
Castellum, Inc. Announces $6 million Cost Reduction Plan (GlobeNewswire News Room) Castellum, Inc. (the “Company”) (NYSE-American: CTM), a cybersecurity and electronic warfare services...
An Accelerator Implodes, Leaving Founders in Shock (The Information) If you ask a startup founder what they look for in an accelerator program, they’d probably hope for access to startup veterans and connections to prominent venture capitalists.By all accounts, they didn’t get much of that from Newchip, whose parent Astralabs last week entered into Chapter 7 ...
OpenText Celebrates 10th Consecutive Year as a Leader in the Gartner® Magic Quadrant™ for Application Security Testing (PR Newswire) OpenText™ (NASDAQ: OTEX), (TSX: OTEX) announced today it has been recognized as a Leader in the 2023 Gartner Magic Quadrant review for...
Christopher Shafer Named Head of North American Cyber at OdysseyRe (Business Wire) Odyssey Reinsurance Company (OdysseyRe) today announced the appointment of Christopher Shafer as vice president and head of North American cyber underwriting. He will support the Company’s business partners in addressing cyber risk on both a facultative and treaty basis, offering rich product-line expertise in a critical and growing segment.
Rubrik appoints former Zscaler VP to head up UK and Ireland (CRN) Toby Keech will lead the go-to-market sales strategy as Rubrik eyes growth in the region
Products, Services, and Solutions
New infosec products of the week: May 26, 2023 (Help Net Security) The featured infosec products this week are from: Axiado, Delinea, Netscout, Radware, and Veriff.
Tufin Enables Enterprises to Unify Network Visibility and Control Across On-Premise and Cloud Environments with Launch of R23-1 (Business Wire) Latest Release Prevents Security Blind Spots with Improved Network Access Automation, Enhanced Policy Management and New Network Topology Capabilities
Black Ink Tech and Incode Partner to Make Everywhere Identity a Reality (Yahoo Finance) Black Ink Technologies Corp, a digital pioneer connecting physical objects, services, and events to a permanent graded data record through immutable ledger technology, is pleased to partner with Incode on a transformative solution that delivers validated global identity. Incode is the leading provider of digital biometric verification and world-class identification authentication solutions. Operating within Black Ink Tech's ChainIT platform, this powerful solution creates a global, ubiquitous di
Socure Makes Progress Toward Helping More State and Local Governments Deliver Accurate and Inclusive Identity Verification (Business Wire) “Progressing” status designation marks next step toward full authorization under StateRAMP certification program for cloud security
WinMagic partners with Lumen Technologies to offer mission-critical cybersecurity solutions (GlobeNewswire News Room) New partnership leverages expertise in network, security and cloud solutions...
Google Trust Services ACME API available to all users at no cost (Google Online Security Blog) David Kluge, Technical Program Manager, and Andy Warner, Product Manager Nobody likes preventable site errors, but they happen disappointing...
Radware improves DDoS protection with latest launch (SecurityBrief Australia) Radware, a provider of cyber security and application delivery solutions, has officially introduced a new cloud web DDoS protection solution.
CyberArk’s enterprise browser promises zero-trust support, policy management (CSO Online) The identity security vendor is set to launch an enterprise browser in response to increasing post-MFA attacks on session cookies.
ZeroFox Announces On-Demand Incident Response Services (GlobeNewswire News Room) ZeroFox Incident Response extends the company’s existing leadership in breach response services, leveraging unique external cybersecurity, and threat...
JFrog Software Supply Chain Platform Delivers 393% ROI According to Total Economic Impact Study (JFrog) New commissioned @forrester Consulting Total Economic Impact study shows @jfrog delivers 393% ROI: https://jfrog.com/tei #SoftwareSupplyChain #DevSecOps #cybersecurity #ROI #Forrester
Technologies, Techniques, and Standards
CISA, NSA Issue New IAM Best Practice Guidelines (Security Intelligence) The importance of IAM cannot be overstated in today's world. In a cloud-focused world, managing digital identities is more challenging than ever.
NIST Issues Proposed Revision To Cybersecurity Controls And Requirements To Protect Information On Non-Federal Information Systems (Monaq) On May 10, 2023, the National Institute of Standards and Technology (NIST) released a public draft of Revision 3 to NIST Special Publication (SP) 800-171, Protecting Controlled Unclassified...
Army looking at the possibility of 'AI BOMs' (DefenseScoop) The Army is exploring the possibility of asking commercial companies to open up the hood of their artificial intelligence algorithms as a means of better understanding what’s in them to reduce risk and cyber vulnerabilities.
Design and Innovation
TikTok is testing an in-app AI chatbot called 'Tako' (TechCrunch) TikTok is testing an AI chatbotl. Called "Tako," the bot will appear on the right-hand side of the TikTok interface.
Juniper Networks' New Beyond Labs Initiative Seeks to Solve Biggest Challenges of the Experience-First Networking Era (PR Newswire) Juniper Networks ®, (NYSE: JNPR), a leader in secure, AI-driven networks, today unveiled Juniper Beyond Labs, a new initiative focused on...
Cybersecurity Chiefs Navigate AI Risks and Potential Rewards (Wall Street Journal) For now, the long-term benefits of generative AI are unclear and the risks are manageable, security leaders say.
Waluigi, Carl Jung, and the Case for Moral AI (WIRED) Nintendo's Luigi has a chaos-causing alter ego. AI's shadow could put humanity at risk—but can be contained.
Where Memory Ends and Generative AI Begins (WIRED) New photo manipulation tools from Google and Adobe are blurring the lines between real memories and those dreamed up by AI.
Legislation, Policy, and Regulation
EU Statement – UN Security Council Arria-formula meeting: Responsibility of States to cyberattacks on critical infrastructure (EU Mission to the United Nations) Statement on behalf of the European Union by H.E. Ambassador Olof Skoog, Head of the Delegation of the European Union to the United Nations, at the Arria formula meeting on the Responsibility and responsiveness of States to cyberattacks on critical infrastructure
Remarks by Ambassador Linda Thomas-Greenfield at a UN Security Council Arria-Formula Meeting Co-Hosted by the United States on Cybersecurity (US Mission to the United Nations) Thank you, Minister Xhaçka for co-hosting this Arria with us, as well as Ecuador and Estonia for joining us as co-sponsors. And thank you to our briefers for informing and shaping today’s conversation. And finally, thank you to all of you for being here this afternoon.
Exclusive: AI rules 'cannot be bargained', EU's Breton says after OpenAI CEO threat (Reuters) Europe's artificial intelligence (AI) rules are not for negotiation, EU industry chief Thierry Breton said on Thursday, as he criticised OpenAI CEO Sam Altman's threat to quit the continent if it cannot comply with the legislation.
Sam Altman’s World Tour Hopes to Reassure AI Doomers (WIRED) On a stop in London, the OpenAI CEO called for balanced regulation and warned of the risks of deepfake disinformation.
OpenAI reverses EU abandonment threats over strict AI regulations (Cybernews) OpenAI has no plans to leave Europe, CEO Sam Altman said on Friday, reversing a threat made earlier this week to leave the region if it becomes too hard to comply with upcoming laws on artificial intelligence.
Everyone Wants to Regulate AI. No One Can Agree How (WIRED) US lawmakers and CEOs alike say new rules are needed to prevent artificial intelligence from doing harm. So far, there are more wish lists than laws.
Microsoft won over Washington. A new AI debate tests its president. (Washington Post) Microsoft president Brad Smith learned to work with D.C. Now a brewing debate over AI regulation is testing his well-worn playbook.
As GCHQ’s new director takes office this week, she faces a personnel challenge (Record) Anne Keast-Butler's tenure as GCHQ director begins as the agency grapples with another, more internal, challenge: recruitment and retention.
Council Post: Lost In Translation: SEC May Demand New Boardroom Cyber Conversations (Forbes) How can CISOs begin to lead impactful and effective conversations with their executive boards who may not fully understand the inner workings of security teams?
CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (Dark Reading) in the wake of the ex-Uber CISO verdict, CISOs ask for clearer rules and less uncertainty in managing disclosures, amid jail-time fears.
DHS' cyber agency seeks small biz support for strategic planning (FCW) The Cybersecurity and Infrastructure Security Agency has set a date to explain its changes to a management consulting services contract.
DoD CIO Urges Vendors to Ensure Commercial Satellite Systems are Cyber Secure (Via Satellite) ST. LOUIS — As commercial companies increasingly put more computing power on their satellites and related systems, there needs to be a commitment by
Litigation, Investigation, and Law Enforcement
Software Misuse Costs Nutanix $11 Million After Internal Investigation (Wall Street Journal) The cloud company said certain employees improperly used software and concealed their actions over multiple years.
UK data protection regulator receiving ‘large number of reports’ about Capita (Record) Under British data protection laws, the outsourcing company could face a fine of up to 4% of its global turnover if it is found to have failed to have met its data protection duties by the Information Commissioner’s Office (ICO).