Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+469: Hacktivism reorganized amid an incipient counteroffensive. (CyberWire) Observers see the Dnipro flooding as evidence of a growing Russian appetite for escalation. Russian hacktivists reorganize, one moving in the direction of professionalism, another with gestures toward serving as a popular movement.
Russia-Ukraine war: List of key events, day 470 (Al Jazeera) As the war enters its 470th day, these are the main developments.
Ukraine makes 'large counter offensive push' with attack along three fronts (The Telegraph) Kyiv says its forces had clawed back territory from Russia in an attack on the flanks of the eastern city of Bakhmut
Russia-Ukraine war live: counteroffensive not yet launched, says senior Kyiv official; Britain ‘cannot yet say Russia responsible for dam destruction’ (the Guardian) Secretary of Ukraine’s National Security and Defence Council dismisses claim counteroffensive has begun; up to 42,000 people at risk following destruction of the Nova Kakhovka dam
Ukraine Recap: Kyiv Reports Bakhmut Gains as Floods Wreak Havoc (Bloomberg) Ukrainian troops advanced by as much as a kilometer (0.6 miles) during fighting around the eastern city of Bakhmut, the Defense Ministry said, as Kyiv rushed to evacuate people from areas flooded by the destruction of the Kakhovka dam.
Russia Claims Ukrainian 'Saboteur' Group Blew Up Ammonia Pipeline, Kyiv Yet To Comment (RadioFreeEurope/RadioLiberty) Russia's Defense Ministry claims a Ukrainian "saboteur group" blew up a segment of the Tolyatti-Odesa pipeline, the world's largest ammonia conduit, in Ukraine's Kharkiv region.
Nova Kakhovka dam collapse before and after: satellite images reveal extent of destruction (The Telegraph) Tens of thousands of civilians have been forced to evacuate and swathes of the front line lie under water after the breach
Hundreds of thousands without drinking water after dam collapse, says Zelensky (The Telegraph) Ukrainian president has accused ‘Russian terrorists’ of deliberately bringing down the 30-metre-high structure with pre-laid explosives
Ukraine flood victims say occupying Russian officials fail to send help (Washington Post) Flood victims in Russian-occupied areas of southern Ukraine described scenes of panic and desperation Wednesday, with residents trapped in their homes and no sign of emergency responders in the area.
Russians shooting at rescuers in flooded areas, Zelenskyy says (POLITICO) EXCLUSIVE: Ukrainian president says dead bodies are floating in floodwater from the Nova Kakhovka dam.
Fleeing Floods, Ukrainians Make Perilous Boat Journeys To Safety (RadioFreeEurope/RadioLiberty) Boat after boat of exhausted and stressed civilians arrived in the flooded streets of Kherson on June 7. Some of the people had made it here from Russian-occupied areas on the east bank of the Dnieper River.
Burst Dam Alters Ukraine Battlefield as Floodwaters Rise (Wall Street Journal) The flooding has forced thousands of people to flee their homes, adding another dimension to a humanitarian crisis resulting from the war.
Ukraine’s Allies Call Destruction of Dam a ‘War Crime’ (Bloomberg) Germany blamed Russian President Vladimir Putin for the destruction of the Kakhova dam in Ukraine, and was joined by other European NATO members in denouncing it as a “war crime.”
We are now dangerously close to nuclear war (The Telegraph) The dam attack is a turning point. The West must act urgently to stop Putin seeing unconventional warfare as a viable option
U.S. Ex-General Says Russia Benefits From Dam Blast, Putin 'Likely' To Use Nuclear Weapons Rather Than Lose In Ukraine (RadioFreeEurope/RadioLiberty) Retired U.S. General Kevin Ryan has been outspoken in his warnings about Russian President Vladimir Putin’s willingness to use nuclear weapons in Ukraine. He spoke to RFE/RL’s Georgian Service about the effects of the Nova Kakhovka dam’s destruction, Zaporizhzhya, and other nuclear threats.
Nato members may send troops to Ukraine, warns former alliance chief (the Guardian) Security guarantees and membership path needed at Nato summit to avoid escalation, says Anders Rasmussen
Opinion | An Endgame for Ukraine (New York Times) Membership in the E.U. A security pact with America. And a restoration of borders, minus Crimea.
Rebooting Killnet, a New World Order and the End of the Tesla Botnet (Radware) In a recent move, KillMilk, the enigmatic figure at the helm of Killnet, disbanded the group’s main roster. The sweeping decision was made as around 50 splinter groups within Killnet, consisting of over 1,250 people, were deviating from the primary objectives of hacktivism.
Ukraine war: Deserters risk death fleeing to Romania (BBC News) Men desperate to avoid serving in the army are crossing the mountainous Romanian border to escape.
Ukraine war driving rural crime wave in UK (The Telegraph) Black market thriving as gangs steal farm machinery to send back to Russia
Germany fines woman €900 for saying Russian invasion of Ukraine was ‘necessary’ (The Telegraph) The country has some of Europe’s most stringent laws regulating what people can say and do in public
Attacks, Threats, and Vulnerabilities
Chinese ‘Volt Typhoon’ hack underlines shift in Beijing's targets, skills (Breaking Defense) “The PRC’s goal is developing capabilities to disrupt critical infrastructure in the event of a future conflict,” NSA Cybersecurity Director Rob Joyce told Breaking Defense in a statement.
North Korean-linked APT groups focus on financial gain, intelligence gathering (SC Media) Researchers report on two separate North Korean-linked APT groups – one financially motivated, while the other focused on gathering strategic intelligence.
North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US (Recorded Future) TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability (Cybersecurity and Infrastructure Security Agency CISA) Actions to take today to mitigate cyber threats from CL0P ransomware:
MOVEit Transfer Exploited to Drop File-Stealing SQL Shell (SentinelOne) Mass exploitation of a MOVEit file transfer flaw is impacting organizations across verticals. Learn how the attack works and how to see if you are affected.
Critical MOVEit Transfer Vulnerability (CVE-2023-34362) (Kroll) Kroll has observed threat actors using this vulnerability to upload a web shell, exfiltrate data and initiate intrusion lifecycles. Learn more.
MOVEit cyber attack: Cl0p sparks speculation that it’s lost control of hack (ITPro) The hackers return with their second major data-extortion attack of 2023, but may have bitten off more than they can chew
Ransomware group Clop issues extortion notice to ‘hundreds’ of victims (Record) As the fallout from the MOVEit vulnerability continues, the Clop cybercrime group says victims should get in contact soon or risk being named on its extortion site.
BA, Boots and BBC cyber-attack: who is behind it and what happens next? (the Guardian) A cybercrime group has exploited a flaw in MOVEit software and is demanding a ransom
BBC, BA and Boots issued with ultimatum by cyber gang Clop (BBC News) The group warns personal details of 100,000 staff will be published if employers do not get in touch.
Can you trust ChatGPT’s package recommendations? (Vulcan Cyber) ChatGPT can offer coding solutions, but its tendency for hallucination presents attackers with an opportunity. Here's what we learned.
ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages (SecurityWeek) Researchers show how ChatGPT/AI hallucinations can be exploited to distribute malicious code packages to unsuspecting software developers.
New Fractureiser malware used CurseForge Minecraft mods to infect Windows, Linux (BleepingComputer) Hackers used the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects.
Prism Launcher - [MALWARE WARNING] "fractureiser" malware in many popular Minecraft mods and modpacks (Prism Launcher) Malware is being distributed through Minecraft mods and modpacks mainly through CurseForge
Hackers Issue 'Ultimatum' Over Payroll Data Breach (SecurityWeek) The Clop ransomware gang issued "an ultimatum" companies targeted in a recent large-scale hack of payroll data connected to users of MOVEit.
Cyberdefenders respond to hack of file-transfer tool (Washington Post) File-transfer tools are a popular target for hackers, contributing to a 2023 trend of widespread hacks
Notification of Ransomware Incident | News Release:2023 (Eisai Co., Ltd.) Eisai's news release Notification of Ransomware Incident is posted.
Japanese pharma giant Eisai working with law enforcement to resolve ransomware attack (Record) Japanese pharmaceutical company Eisai said it is working with law enforcement to deal with a ransomware attack that began late Saturday night.
Zipper giant YKK confirms cyberattack targeted U.S. networks (Record) The multibillion-dollar Tokyo-based corporation would not say if it was hit with ransomware, but a spokesperson told Recorded Future News that YKK “contained the threat before significant damage was done or sensitive information was exfiltrated.”
ACT government hit by cyber security breach (Yahoo News) The ACT government has been impacted by a cyber security breach in one of its email systems, with investigators examining if data was accessed.
Gloucester: Russian hackers behind cyber-attack on council (BBC News) Gloucester City Council concludes its investigation into the "sophisticated" attack on IT systems in 2021.
Excel spreadsheet error leads Austrian party to announce wrong leader (Washington Post) A major Austrian opposition political party on Monday corrected the results of a closely contested leadership election after it announced the wrong winner over the weekend due to a “technical” error: Someone had messed up an Excel spreadsheet.
Ascension Seton reports data breach of websites (KUT Radio, Austin's NPR Station) A security event affecting two of the local hospital system's websites in March may have put some patients' sensitive information at risk.
Personal information of 7,000 retired Vermont teachers stolen in cybersecurity attack (VTDigger) The Vermont Treasurer’s Office said most of the information taken by the still-unknown attackers were names, dates of birth and addresses, as well as medical and insurance information. It underscored that social security numbers were not taken.
The Dallas ransomware attack is in week 5. What can be done to prevent the next one? (KERA News) As ransomware attacks like the one on Dallas city government become more common, how do businesses and municipalities protect themselves? One UTA professor says the best strategies include beefing up cybersecurity and not negotiating with attackers.
LockBit Ransomware Responsible for Data Breach of Major Medicaid Dental Provider, 8.9 Million Patient Records Exposed (CPO Magazine) One of North America’s largest Medicaid and CHIP dental care providers has suffered a massive data breach of highly sensitive patient information, thought to be perpetrated by the LockBit ransomware group.
Cybergang behind N.S. breach says it erased stolen data, but experts urge caution (CBC) A hacker gang said to be in possession of sensitive personal information belonging to as many as 100,000 Nova Scotians says it has deleted the data, but cybersecurity experts say the province should be suspicious of that claim.
How to Tell if Your Passwords Were Hacked—and What to Do if They Were (Wall Street Journal) Discovering that even one password has been possibly stolen can be unsettling. But what’s the game plan if you’ve used that password on dozens of sites?
The Most Important Vulnerabilities Discovered in 2023 (so far) (Rezilion) Access the new Rezilion First-Half Critical Vulnerabilities Report: Key Software Applications Under Fire
OWASP's 2023 API Security Top 10 Refines View of API Risks (SecurityWeek) OWASP’s ranking for the major API security risks in 2023 has been published with some reorganizations/redefinitions, and some new concepts.
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA)
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Mozilla has released security updates to address vulnerabilities for Firefox 114 and Firefox ESR 102.12. An attacker could exploit these vulnerabilities to take control of an affected system.
Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug (Naked Security) With the right (or wrong, if you’re on the right side of the fence) timing…
VMware Plugs Critical Flaws in Network Monitoring Product (SecurityWeek) VMware ships urgent patches to cover security defects that expose businesses to remote code execution attacks.
Cisco fixes AnyConnect bug giving Windows SYSTEM privileges (BleepingComputer) Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system.
Barracuda says hacked ESG appliances must be replaced immediately (BleepingComputer) Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability.
Trends
You are most likely to get phishing on Mondays (AtlasVPN) Among the myriad of tactics employed by cybercriminals, phishing emails continue to reign as one of the most prevalent and effective methods.
Public sector apps face widespread security challenges, report reveals (Nextgov.com) A new study found alarming security vulnerabilities across the vast majority of public applications over the last year.
Securing the Future: Unveiling the State of Software Security in the Public Sector (Veracode) Each year we publish a series of cuts of the data specific to verticals or geographic regions as companion research to the State of Software Security.
Marketplace
Shift5 expands its investor network (Washington Technology) Booz Allen Hamilton's venture capital arm is among the newly-revealed names that are investing in the cyber company.
Exclusive: Defense contractor Shift5 closes $83M Series B round (Axios) A defense contractor aiming to protect military weapon systems and other critical infrastructure has closed an $83 million Series B funding round, the company first shared with Axios.
Industrial CyberSecurity company Dragos to lay off 9% of its workforce (iTWire) Dragos CEO Robert M. Lee sent an email to the company today (US time), to share the news about a layoff of 50 Dragos employees. Details include why this decision, was necessary to maintain the company’s trajectory as a business, ensure long-term continued growth and success, and continue to deliver...
USAID Awards $329M Cyber Contract to Accenture (Meritalk) The United States Agency for International Development (USAID) has awarded a $329 million contract to Accenture Federal Services to manage the agency’s comprehensive information assurance and privacy program.
Products, Services, and Solutions
Network Perception Supercharges OT Security Analysis With Enhanced Platform That Delivers Next-Generation Performance (Business Wire) The new release of the NP-View platform introduces greater path analysis scale and speed
Snyk Announces Next Big Leap in DevSecOps With Ability of Enterprises to Now Secure Their Software Supply Chains at Scale (GlobeNewswire News Room) Company Accelerates Developer-First Innovation with Acquisition of Enso Security, Unveiling of New Application Security Posture Management Solution and...
DoControl Joins AWS ISV Accelerate Program (PR Newswire) DoControl, the leading SaaS Security Platform (SSP) vendor has announced today that it has been accepted into the Amazon Web Services (AWS)...
Network Perception Supercharges OT Security Analysis With Enhanced Platform That Delivers Next-Generation Performance (Business Wire) The new release of the NP-View platform introduces greater path analysis scale and speed
Veridas Expands Its Age Verification Solution, Enabling Seamless Compliance with Enhanced User Experience (Veridas) Veridas Expands Its Age Verification Solution, Enabling Seamless Compliance with Enhanced User Experience Age Estimation Solution Delivers Accurate and Efficient Age Verification Veridas, a leading global provider of AI-driven identity verification solutions, is proud to announce the expansion of its groundbreaking Age Verification product. Designed to help businesses meet stringent age verification regulations, this cutting-edge […]
RANE Enhances Industry-Leading Risk Intelligence Platform (GlobeNewswire News Room) Horizon Scanning Tools Better Prepare Risk Professionals for Emerging Threats...
Secureworks Integrates SentinelOne Telemetry into its Open XDR Platform to increase cybersecurity visibility for its customers (iTWire) COMPANY NEWS: Secureworks, a global leader in cybersecurity, and SentinelOne, an industry-leading autonomous security platform company, are joining forces to further transform threat prevention and response with the launch of Secureworks Taegis integration for SentinelOne. The combined power of Taeg...
DigiCert partners with ReversingLabs to advance software supply chain security (influencing) DigiCert integrates ReversingLabs technology into DigiCert® Software Trust Manager to create tamper-proof software delivery (Australia) June 8, 2023 — DigiCert, a leading global provider of digital trust, today announced a
Fidelis Cybersecurity Unleashes the Power of Fidelis CloudPassage Halo Across Europe, Fueling Unprecedented Cloud Security Coverage (PR Newswire) Fidelis Cybersecurity, a global leader in advanced cybersecurity solutions, proudly announces the expanded availability of Fidelis CloudPassage...
Thales unveils CipherTrust Data Security Platform as-a-Service (IT Brief New Zealand) The flexible model removes the need for upfront investment in data security infrastructure and auto-scales to support capacity changes.
Satori’s Data Security Platform is Selected for the Microsoft Pegasus Program and is Available in the Azure Marketplace (GlobeNewswire News Room) It’s now easier than ever for Microsoft customers to implement Satori’s powerful data access technology and accelerate time-to-value from data while...
Technologies, Techniques, and Standards
Indian government offers free tools to detect and remove malware: Here’s how to download (The Indian Express) Cyber Swachhta Kendra is offering free botnet detection and removal tools as part of the Digital India initiative. Here's how you can download them.
Cyber insurance claims Minimize risk, maximize recovery (ReedSmith) Cybercrime, including ransomware attacks and data breaches, is one of the top challenges confronting organizations globally. Businesses are suffering staggering cyber-related losses, estimated at $60 billion each year. Claims are also rising, and insurance policies continue to develop and mature in response to evolving risks and exposures.
Winning the Mind Game: The Role of the Ransomware Negotiator (The Hacker News) Ever wondered what goes on behind the scenes of a ransomware attack? Get exclusive insights from a real ransomware negotiator.
Most SMBs admit to paying ransomware demands - here's why (TechRadar) They're not getting better at defending from attacks
Disruptive Cyber Capabilities Offer Solutions to US Space Force Pain Points (Yahoo Finance) Defensive Cyber Operations for Space Demo Day Defensive Cyber Operations for Space Cohort Catalyst Accelerator
Meta starts task force in fight against child pornography on Instagram (Washington Post) A Stanford University report found large networks of accounts operated by minors advertising self-generated images of child sexual abuse
Five years in, a look at how Cybercom and NSA's Integrated Cyber Center improved coordination of operations (DefenseScoop) As the Integrated Cyber Center and Joint Operations Center turned five in May, current and former officials reflected on how it has improved overall coordination and cyber defense.
Design and Innovation
Deepmind’s AI Is Learning About the Art of Coding (WIRED) AlphaDev has made small but significant improvements to decades-old C++ algorithms. Its builders say that’s just the start.
The Bold Plan to Create Cyber 311 Hotlines (WIRED) UT-Austin will join a growing movement to launch cybersecurity clinics for cities and small businesses that often fall through the cracks.
Microsoft Is Bringing OpenAI’s GPT-4 AI model to US Government Agencies (Bloomberg) Microsoft Corp. will make it possible for users of its Azure Government cloud computing service, which include a variety of US agencies, to access artificial intelligence models from ChatGPT creator OpenAI.
Academia
Eastern Michigan University’s Information Assurance Student Association ranks No. 1 in Michigan and No. 18 nationally by Cyber Power Rankings (Eastern Michigan University) Jumping up 10 spots nationally from fall 2022
Legislation, Policy, and Regulation
Senegal continues curfew-like internet shutdown to subdue protests (Record) The government of Senegal has continued to impose curfew-like shutdowns on internet access in an effort to quell dissent over the trial of opposition figure Ousmane Sonko.
The Messy US Influence That’s Helping Iranians Stay Online (WIRED) Newly announced sanctions against Iran-based Avaran Cloud underscore the complexity of crafting Washington’s internet freedom efforts.
Revising Public-Private Collaboration to Protect U.S. Critical Infrastructure (CSC 2.0) The current systems for designating sectors as critical and for mitigating cross-sector risks are inadequate.
Experts call for overhaul of 'outdated' critical infrastructure cyber policy (Nextgov.com) A new report analyzes the federal government’s approach to infrastructure cybersecurity as a key strategy document is getting a rewrite.
White House needs to urgently fix nation's approach to protecting critical infrastructure, group says (CyberScoop) Attacks against critical infrastructure are reaching new heights, but strategy documents outlining federal efforts are a decade old.
A Decade-Old Cyber Policy Desperately Needs an Update, Group Says (Defense One) The bipartisan Cyberspace Solarium Commission has recommendations for a new critical-infrastructure playbook.
White House critical infrastructure protection order is ‘outdated’ and needs rethinking, Cyberspace Solarium Commission says (Record) A decade-old presidential directive that clarified how the private sector should protect critical infrastructure like power utilities and manufacturing plants has “become outdated and incapable of meeting today’s demands,” according to an influential cybersecurity policy organization.
10 years after Snowden's first leak, what have we learned? (Register) Spies gonna spy
Democrats and Republicans are skeptical of US spying practices, an AP-NORC poll finds (AP NEWS) The American public is broadly skeptical of common intelligence practices and of the need to sacrifice civil liberties for security. That’s according to a new poll from The Associated Press-NORC Center for Public Affairs Research. It shows that Democrats and Republicans are opposed at similar levels to many common surveillance tactics. A big shift is that Republicans have become substantially less likely over the last decade to say it’s at least sometimes necessary to sacrifice freedom in response to threats. The polling underscores the challenge facing the Biden administration as it pushes Congress to renew a cornerstone foreign surveillance law that expires at year’s end.
FTC Proposes Changes to Health Breach Notification Rule and Finalizes Second Enforcement Action Under the Rule (Ropes & Gray) On May 18, 2023, the Federal Trade Commission (FTC) announced a Notice of Proposed Rulemaking and a parallel Request for Comment on changes to the Health Breach Notification Rule (HBNR).
Pentagon's Microsoft monopoly raises concerns in Congress (Newsweek) A senior congressman has raised concerns over the military's decision to rely more and more on Microsoft for cybersecurity tools as well as other software.
Proposed SEC cyber regulations draw mixed reviews (Washington Post) SEC rules changes are the latest battleground over government cybersecurity mandates
Biden taps Senate Intel Committee staff director to lead NCSC (Record) After nearly two and a half years, President Joe Biden has found his person to lead U.S. counterintelligence efforts.
Litigation, Investigation, and Law Enforcement
WSJ News Exclusive | Instagram Connects Vast Pedophile Network (Wall Street Journal) The Meta unit’s systems for fostering communities have guided users to child-sex content; company says it is improving internal controls.
Addressing the distribution of illicit sexual content by minors online (Stanford Internet Observatory) A Stanford Internet Observatory investigation identified large networks of accounts, purportedly operated by minors, selling self-generated illicit sexual content. Platforms have updated safety measures based on the findings, but more work
‘No regrets,’ says Edward Snowden, after 10 years in exile (the Guardian) But whistleblower says 2013 surveillance ‘child’s play’ compared to technology today
The FBI's most treacherous spy was inspired by Kim Philby to pass US secrets to Russia (The Telegraph) The most damaging spy in bureau history, who died this week, spent 20 years duping his superiors because he 'feared being a failure'
Secret government unit collected Telegram posts about Covid policy critic (The Telegraph) Writing in The Telegraph, Prof Carl Heneghan reveals the chilling effects of being monitored by a Counter-Disinformation Unit
Malwarebytes faces lawsuit for classifying rival's anti-spyware program as a threat (TechSpot) The 2-1 split verdict from the Ninth Circuit came after Enigma appealed a 2017 California district court ruling that held cybersecurity firms can classify any software as...