Dateline
Ukraine at D+468: Dniepr Valley flooded. (CyberWire) Ukraine evacuates thousands downstream of the breached Nova Kakhovka dam. Increased fighting is reported along the front, as Ukraine probes Russian lines, advancing in some places five to ten kilometers.
Russia-Ukraine war: List of key events, day 469 (Al Jazeera) As the war enters its 469th day, these are the main developments.
Opinion D-Day dawns for Ukraine (Washington Post) It was bracing that Ukraine launched its counteroffensive against Russian invaders as we celebrate the anniversary of the 1944 D-Day landings this week. This assault could turn the tide of the battle for Ukraine, just as the Allied assault on the Normandy beaches altered the trajectory of World War II.
Exclusive: Ukraine has cultivated sabotage agents inside Russia and is giving them drones to stage attacks, sources say (CNN Politics) Ukraine has cultivated a network of agents and sympathizers inside Russia working to carry out acts of sabotage against Russian targets and has begun providing them with drones to stage attacks, multiple people familiar with US intelligence on the matter told CNN.
Ukraine’s summer counteroffensive is a key moment but long-term resolve remains crucial (Atlantic Council) Ukraine's summer counteroffensive is an important moment in the war with Russia but it is critical to maintain a sense of perspective and underline the need for long-term Western backing, writes Tennyson Dearing.
Ukraine war: Wagner boss rubbishes Russian claims of Ukrainian casualties (BBC News) Moscow says it inflicted 3,700 casualties on Kyiv on Monday, but Yevgeny Prigozhin calls the claim "absurd".
Three questions (and expert answers) about the dam collapse in Ukraine (Atlantic Council) Atlantic Council experts answer pressing questions about the broken Nova Kakhovka dam in southern Ukraine, including what it means for the ongoing war and if damaging it amounts to a war crime.
Ukraine and Russia accuse each other of blowing up key dam (NBC News) Coverage on the Nova Kakhovka dam attack.
After The Flood: What We Know About The Destroyed Ukrainian Dam And Its Consequences (RadioFreeEurope/RadioLiberty) The collapse of the Nova Kakhovka dam sent torrents of water flooding through Ukraine’s southern Dnieper River basin, prompting evacuations and inundating thousands of hectares of land. Among other consequences, it could cause the biggest environmental disaster of Russia’s full-scale invasion.
Ukraine war latest: Ukrainian dam destroyed in blow to counter-offensive (The Telegraph) A Ukrainian dam has been destroyed in a major blow to the counter-offensive.
Ukrainian dam destroyed in blow to counter-offensive (The Telegraph) Russia blamed for explosion that has unleashed wave of water, hindering troop movements and threatening nuclear power plant
Dam Busting: Russia Accused of Using Water as a Weapon, Thwarting Ukrainian Counter-Offensive in Kherson Region (The New York Sun) ‘From a tactical point of view,’ Kyiv ‘can forget about an offensive in Kherson,’ one Russian observer says after the destruction of a major dam across…
Collapse of major dam in southern Ukraine triggers emergency as Moscow and Kyiv trade blame (AP NEWS) The wall of a major dam in a part of southern Ukraine that Moscow controls collapsed Tuesday after a reported explosion, sending water gushing downriver and prompting dire warnings of ecological disaster as both sides in the war ordered residents to evacuate.
Dam breach could be Ukraine’s ‘worst ecological disaster since Chornobyl’ (the Guardian) Former minister makes grave warning as scientists wait for water to subside before assessing impact
Mass Evacuations Follow Breach Of Ukrainian Dam (RadioFreeEurope/RadioLiberty) Following the breach of the Nova Kakhovka dam in the Russian-occupied area of Ukraine's Kherson region, residents were urged to evacuate amid a warning that rising water levels would reach "critical levels" within hours.
Ukraine-Russia war latest: Britain warns of more flooding from dam break as thousands trapped (The Telegraph) Tens of thousands of people remain stranded in the area along the Dnipro river, Volodymr Zelensky has said, as British intelligence warned that the Kakhovka dam will see further flooding over the next few days.
What to know about the explosion at Ukraine’s Kakhovka dam (Washington Post) A major dam and a hydroelectric power plant close to the front lines in the south of Ukraine were damaged in a blast early Tuesday.
In destroying Ukraine's dams, Putin is following in Stalin's footsteps (The Telegraph) Their destruction not only disrupts troop movements, but can play a pivotal psychological role in a conflict
Ukrainian dam destroyed in blow to counter-offensive (The Telegraph) Russia blamed for explosion that has unleashed wave of water, hindering troop movements and threatening nuclear power plant
Putin’s wickedness knows no bounds (The Telegraph) Much of the world will see the destruction of the Nova Kakhovka dam as a war crime
Opinion The key to ending the war in Ukraine? Attacking Crimea. (Washington Post) In the coming weeks and months, Ukrainian forces have a real chance at achieving victory on the battlefield. The path to victory is anything but straightforward. But one way or another, it likely passes through Crimea.
Russia warns supplying Ukraine with US-built F-16 fighter jets would escalate conflict (The Hill) Russian officials warned that supplying Ukraine with U.S.-made F-16 fighter jets would escalate the war as it stretches into its 15th month.
U.S. had intelligence of detailed Ukrainian plan to attack Nord Stream pipeline (Washington Post) THE DISCORD LEAKS | The CIA learned last June, via a European spy agency, that a six-person team of Ukrainian special operations forces intended to sabotage the Russia-to-Germany natural gas project
Russia’s Strategic Failure in Ukraine (U.S. Department of State) Last week, when I was in Helsinki, Finland, I delivered a speech about the strategic failure of Russia’s war in Ukraine and about our continued efforts to support Ukraine’s defense of its territory, sovereignty, and democracy in pursuit of a just and lasting peace. Read the highlights below.
Is China preparing for a post-Putin Russia? (Atlantic Council) Xi Jinping and Vladimir Putin have famously proclaimed a "friendship without limits" but the Chinese leader may be looking to a post-Putin Russia and cultivating ties with Putin's PM Mikhail Mishustin, writes Anders Åslund.
How the West Can Secure Ukraine’s Future (Foreign Affairs) Kyiv needs a binding commitment before NATO membership.
Finland expels nine Russian diplomats over 'intelligence' work (Reuters) Finland will expel nine diplomats at the Russian embassy in Helsinki, accusing them of working on intelligence missions, the Finnish president's office said on Tuesday.
Ukraine Warns Against Cyberespionage Campaign (Gov Info Security) Ukrainian cyber defenders say they've identified a cyberespionage campaign active since mid-2022 that gained unauthorized access to "several dozen"
What It Takes to Join NATO, a Club Refreshed by Putin (Bloomberg) If Russia’s invasion of Ukraine was supposed to weaken the North Atlantic Treaty Organization and stop its eastward expansion — one rationalization offered by President Vladimir Putin — it backfired.
Opinion | The Eyes of the World Are Upon Ukraine (New York Times) The moral equivalent of D-Day is happening right now.
Attacks, Threats, and Vulnerabilities
An Update on the Steps We are Taking to Protect MOVEit Customers (Ipswitch) We will continue to be as transparent as possible regarding the recently discovered vulnerability within MOVEit Transfer and MOVEit Cloud.
MoveIt hack: What action can data-breach victims take? (BBC News) Experts give advice to the more than 100,000 warned their personal data is in the hands of cyber-criminals.
Behind the Screen: Three Vulnerabilities in RenderDoc (Qualys Security Blog) The Qualys Threat Research Unit (TRU) has discovered three vulnerabilities in RenderDoc. This blog will delve into the details of these three newly discovered vulnerabilities found within RenderDoc'
PowerDrop: A New Insidious PowerShell Script for Command and Control Attacks Targets U.S. Aerospace Defense Industry (Adlumin SaaS Security) The Adlumin Threat Research discovered a new malicious PowerShell script called PowerDrop, targeting the U.S. aerospace industry.
New 'PowerDrop' PowerShell malware targets U.S. aerospace industry (BleepingComputer) A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry.
US Aerospace Contractor Hacked With 'PowerDrop' Backdoor (Dark Reading) Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.
New PowerDrop Malware Targeting U.S. Aerospace Industry (The Hacker News) PowerDrop, the malware designed to fly under the radar, has infiltrated the U.S. aerospace industry.
North Korean Attackers Target Google Account Credentials (Decipher) The North Korean Kimsuky group has targeted think tanks, academic institutions and news media organizations in order to steal their credentials and gather intelligence.
Chrome and Edge zero-day: “This exploit is in the wild”, so check your versions now (Naked Security) Chrome 0-day patched now, Edge patch coming soon.
Sextortionists are making AI nudes from your social media images (BleepingComputer) The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake content to perform sextortion attacks.
Malicious Actors Manipulating Photos and Videos to Create Explicit Content and Sextortion Schemes (IC3) The FBI is warning the public of malicious actors creating synthetic content (commonly referred to as "deepfakes"a) by manipulating benign photographs or videos to target victims.
7 tips for spotting a fake mobile app (WeLiveSecurity) Here are 7 common signs that a mobile app is sketchy and 7 tips for staying safe from mobile security threats in the future.
Expert weighs in on what's ahead following Augusta cyber-attack (WFXG) Augusta commissioners held their first regular meeting Tuesday for the first time since mid-May. City leaders say they’re working to get the network back to full capacity after a cyber-attack.
Security Patches, Mitigations, and Software Updates
Google Patches Third Chrome Zero-Day of 2023 (SecurityWeek) Google has released a Chrome 114 security update that patches CVE-2023-3079, the third zero-day vulnerability patched in the browser in 2023.
Google Addresses Latest Zero-Day Affecting Chrome (Flashpoint) Google has addressed another zero-day vulnerability affecting Google Chrome, the third reported in the browser so far this year
Apple Unveils Upcoming Privacy and Security Features (SecurityWeek) Apple on Monday detailed new privacy and security features rolling out to both desktop and mobile users.
CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released two Industrial Control Systems (ICS) advisories on June 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft
ICSA-23-157-02 Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series
Trends
Vulnerability and Threat Trends Report 2023 | Skybox Security (Skybox Security) Read the latest about emerging threats and vulnerabilities and how to proactively reduce cyber risks.
ILTA and Conversant Group Release First Cybersecurity Benchmarking Survey of the Legal Industry (PR Newswire) Law firms store some of the most sensitive information available regarding material business transactions, intellectual property, Personally...
The 2 BIG Exceptions to Financially Motivated Cybercrime (Cimcor) While money is the number one motivator behind cybercrime, there are two exceptions where the end goal isn't to turn a profit. One exception is...
Survey sees cyber resilience declining in smaller UK businesses (Continuity Central) Small and medium sized businesses (SMEs) in the UK have seen cyber resilience decline in the last year, according to new research from Censornet. Over half (51 percent) of SMEs believe their cyber security requires development to be future-proofed, up from 40.5 percent the previous year.
Cybersecurity Marketing Strategies: How to Influence Purchasing Behaviour in a Tough Economic Climate (CCgroup) Exploring the impact of the economic climate and industry skills gap on the cybersecurity buying landscape, identifying the top investment solutions, key factors driving purchase decisions, and the most effective channels and content for generating vendor awareness and driving selection.
Marketplace
Outpost24 acquires external attack surface management provider Sweepatic | Outpost24 blog (Outpost24) Outpost24, a leading cybersecurity risk management platform, today announced the acquisition of Sweepatic.
Backed by $15 million Series B Funding, Blumira Launches Easy XDR Platform for Small & Medium Business (PR Newswire) Blumira, a leading provider of detection and response technology, announced the launch of its XDR platform to provide enterprise-level security...
M&T Bank Corp Invests $202,000 in CyberArk Software Ltd. (NASDAQ:CYBR) (MarketBeat) M&T Bank Corp bought a new stake in shares of CyberArk Software Ltd. (NASDAQ:CYBR - Get Rating) in the fourth quarter, according to the company in its most recent Form 13F filing with the Securities and Exchange Commission (SEC). The institutional investor bought 1,581 shares of the technology com
Deep Instinct Appoints Two New Executives to Drive Demand for Prevention-first Cybersecurity (Business Wire) Jim Ortbals will support channel programs while Ryan Vaupel will lead operations
DTEX Systems Appoints Dave Salverson as Chief Financial Officer to Help Lead the Next Stage of Company Growth (Business Wire) Former Hazelcast and Shape Security Finance and Operations Executive Brings More Than 25 Years of High-Growth Leadership Amid Rising Demand for Human-Centric Insider Risk Management Solutions
Products, Services, and Solutions
AttackIQ to Deliver Breach and Attack Simulation Solutions to Government Agencies Through Four Inc.’s GSA Schedule (Business Wire) GSA Approval Provides Government Agencies with the Ability to Purchase Leading Continuous Security Validation Solutions
Upstream Security Joins BlackBerry IVY Partner Ecosystem to Protect Software-Defined Vehicles from Cyber Threats (BlackBerry) BlackBerry Limited (NYSE: BB; TSX: BB) today announced a partnership with leading automotive cybersecurity platform, Upstream Security to enable automakers to strengthen the overall security posture of their vehicles, by leveraging the rich telemetry data and edge compute capabilities from BlackBerry IVY.
NowSecure Launches Major Update to NowSecure Academy Online Training with New Role-Based Learning Paths and Certifications (News Direct) Free to start, new mobile app security and developer-focused learning paths designed for individuals and teams to level up their skills and build high quality, secure mobile apps faster
Lacework’s new CIEM uses ML to fish out high-risk identities (CSO Online) The new CIEM will merge with existing threat detection capabilities to consolidate Lacework’s cloud security offering.
Lumen Technologies Partners with KnowBe4 to Address Growing Need for Cybersecurity Awareness in APAC Organisations (Taiwan News) Lumen Technologies Partners with KnowBe4 to Address Growing Need for Cybersecurity Awareness in APAC Organisations | 2023-06-07 13:55:00
Netskope Intelligent SSE Selected by Transdev to Secure and Connect its Hybrid Workforce (Dark Reading) Implementation is part of Transdev's Cloud-First approach to better manage technological obsolescence.
Radiflow’s CIARA 4.0 Delivers Actionable Insights to Simplify the Management of OT Cyber Risk at Industrial Facilities (EEJournal) Tel Aviv, Israel, June 6, 2023 – Radiflow, creators of the award-winning OT cybersecurity platform, CIARA, announced the general availability of CIARA 4.0. This release introduces a leading benchma…
New Integration between Join and Egnyte Centralizes Document Management and Ensures Compliance for the AEC Industry (Construction Dive) Construction industry news, trends and jobs for building professionals who want mobile-friendly content.
BlackBerry and Upstream Security join forces to protect software-defined vehicles (IT Security News) BlackBerry announced a partnership with Upstream Security to enable automakers to strengthen the overall security posture of their vehicles, by leveraging the rich telemetry data and edge compute capabilities from BlackBerry IVY. Upstream’s cloud-native Vehicle Detection and Response (V-XDR) platform identifies automotive cybersecurity threats, anomalies and operational insights and is used by many of the
Kaspersky Releases Tool to Detect Zero-Click iOS Attacks (Infosecurity Magazine) Fallout from Operation Triangulation continues
Commvault Redefines Data Protection with New Security Capabilities and Ecosystem Integrations to Combat Increasingly Sophisticated Cyber Threats (Commvault) Latest Innovations Automatically and Intelligently Spot and Engage Cyberthreats, Minimizing Production Data Risks and Eliminating Costly Interruptions Within Five Minutes –
Sentra Launches ChatDLP Anonymizer Browser Extension to Avoid Sensitive Data Leaks in Public Language Models (PR Newswire) Sentra, the cloud data security leader, today announced Sentra ChatDLP Anonymizer, a new feature that redacts Personal Identifiable Information...
Snyk Announces Next Big Leap in DevSecOps With Ability of Enterprises to Now Secure Their Software Supply Chains at Scale (GlobeNewswire News Room) Company Accelerates Developer-First Innovation with Acquisition of Enso Security, Unveiling of New Application Security Posture Management Solution and...
AU10TIX Unveils Identity Verification Suite to Elevate Customer Experience % (AU10TIX) Forward-thinking Identity Management Portfolio Brings Clarity and User-Friendliness to Complex Market; Also Includes Serial Fraud Monitor and Reusable Digital ID
Island Sets a New Standard for Password Management and Security; Easy for Users, Secure for Enterprises (Business Wire) Breakthrough approach vastly simplifies enterprise-wide adoption of password best practices while creating new protections around their use within corporate applications
Fortinet Expands Global Secure SD-WAN and SASE Presence with New MSSP Partnerships (Fortinet) Fortinet Secure Networking Solutions Enable Seamless Transition from Managed SD-WAN to SASE, ZTNA, and SD-Branch Services, Creating New Revenue Streams for MSSPs
Tines Launches Cases to Optimize Automation and Improve Operational Efficiency Across the Enterprise (PR Newswire) Tines, the no-code automation platform for security teams, today launched Cases, a powerful and intuitive new solution for case management....
Nile and Palo Alto Networks Partner to Strengthen Enterprise Campus Security (PR Newswire) Nile, a global leader in enterprise Network as a Service (NaaS), today announced a new integration with Palo Alto Networks, the global leader...
Velotix Releases Modular Architecture for its Data Security Platform | (Velotix) Velotix Releases Modular Architecture for its Data Security Platform to Achieve Maximum Data Utilization with ...
Technologies, Techniques, and Standards
CISA and Partners Release Joint Guide to Securing Remote Access Software (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA, Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) released the Guide to Securing Remote Access Software.
NSA and Co-Authors Recommend Best Practices to Secure Remote Access Software (National Security Agency/Central Security Service) Legitimate remote access software is being used by cyber actors to access victims’ systems, blend in with regular network activities, and evade detection.
Guide to Securing Remote Access Software (Cybersecurity and Infrastructure Security Agency CISA) This document, the Guide to Securing Remote Access Software, provides organizations with a remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations.
Army 'on the cusp of greatness' with its critical EW programs (Breaking Defense) The Army is progressing in its EW portfolio "after a few solid years of investment, lots of support from the Army and from [the Defense Department]," Kenneth Strayer said.
G20: Experts deliberate on cyber security exercise for banking sector (Devdiscourse) The G20 International Conference on "Cyber Security Exercise for the Banking Sector" under India's G20 Presidency was held in Mumbai.
Cyber Yankee prepares DoD, government, and business for potential cyber threats (DVIDS) Started in 2015, Cyber Yankee is the premier regional cyber training event for defense, state and federal agencies, and key utility companies to rehearse prevention and response best practices. And, unlike other cyber-focused training events which focus entirely on threats against the DoD’s information Network (DODIN), Cyber Yankee is the only military exercise which focuses on critical infrastructure and key resources that directly affect the American people.
More cyber security future proofing is needed says Basingstoke-based Censornet (The Business Magazine) Cyber Security needs future proofing for half of British businesses, says Basingstoke-based Censornet in its latest 2023 SME Cyber Report. Small and medium sized businesses (SMEs) in the UK have seen...
Security leaders implement third-party security measures (Security Magazine) IT professionals and navigating the threat landscape were analyzed in a recent report by Ironscales and Enterprise Security Group (ESG).
What security leaders can learn from Smashing Pumpkins hacker attack (Security Magazine) While stealing music from a band might not be equal to obtaining and releasing customer personal information, there are still lessons to learn from this incident.
Design and Innovation
Mark Zuckerberg Is the Hero AI Needs (The Information) From Silicon Valley to Washington, America has suddenly woken up to the risks of artificial intelligence. While Congress is just beginning conversations over how to regulate AI, the technology is advancing at an astonishing pace. Rather than indulge the fantasy that regulation will establish a “ ...
Apple Ghosts the Generative AI Revolution (WIRED) Apple unveiled the Vision Pro headset and a number of AI-powered features yesterday, but largely ignored generative AI applications embraced by Google and Microsoft.
Academia
Don’t Want Students to Rely on ChatGPT? Have Them Use It (WIRED) It’s easy to forget how little students and educators understand generative AI’s flaws. Once they actually try it out, they’ll see that it can’t replace them.
Legislation, Policy, and Regulation
Ground Rules for the Age of AI Warfare (Foreign Affairs) How to keep autonomous weapons from stumbling into conflict.
The Coming Fight Over American Surveillance (Foreign Affairs) What’s at stake as Congress considers FISA reform.
Examining the US Data Privacy Landscape in the First Half of 2023 | National Law Journal (National Law Journal) The U.S. is taking a serious step toward a national data privacy standard this year. As businesses navigate new legislation and future compliance obligations, having a strong understanding of the legal landscape around protecting personal data and a willingness to implement a comprehensive data privacy compliance strategy will be crucial.
Gov. DeSantis signs data privacy bill (CBS News) The new law is meant to give people more control over data collected by technology companies
With 'big tech' in DeSantis’ crosshairs, Florida becomes 10th state with data privacy law (Record) The governor, a presidential candidate, touted the law's focus on how large companies collect and use personal data. But privacy experts note that the law doesn't apply to wide swaths of the online economy.
Cyber Command, NSA prepare for a new set of leaders (Axios) The U.S. Cyber Command is set to get a new group of leaders as the threat landscape becomes more complex and difficult to navigate.
Federal Cyber Oversight of Critical Infrastructure is Failing, Report Warns (Wall Street Journal) The system for managing cyber risk among U.S. critical infrastructure sectors is outdated, cumbersome, and risks damaging private-sector cooperation, the successor group to a Congressional commission said in a report released Wednesday.
White House quiet on national cyber director choice, senator says (Axios) The White House has not shared much of anything with lawmakers about who the administration thinks should be the next national cyber director, a top cyber-minded senator told Axios.
Litigation, Investigation, and Law Enforcement
Another Resolution by DOJ Pursuant to its Civil Cyber-Fraud Initiative Highlights Continued Efforts to Hold Companies Accountable for Ensuring Data are Secured (JD Supra) We previously wrote about the United States Department of Justice’s (“DOJ”) Civil Cyber-Fraud Initiative (“CCFI”), which “aims to hold accountable...
Expert explains how to protect your data after Mercer University hit with lawsuit due to data breach (WMAZ) Information that was potentially swiped include financial account and Social Security numbers, the lawsuit reads.