Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+470: Ukraine's counteroffensive has begun. (CyberWire) Ukraine's counteroffensive has begun, with an apparent push aimed at breaking Russia's land bridge to occupied Crimea.
Russia-Ukraine war: List of key events, day 471 (Al Jazeera) As the war enters it 471st day, these are the main developments.
Ukraine’s counter-offensive starts as Western tanks hit the front line (The Telegraph) Long-awaited assault begins with 'wave after wave' of attacks on Russian positions
Ukraine’s counteroffensive is underway. Here’s what’s at stake. (Washington Post) Ukraine launched its long-anticipated counteroffensive on Thursday, meant to contest Russia’s established front line after months of attritional stalemate across much of the battlefield.
Ukraine strikes back (The Economist) The counter-offensive is getting under way. The next few weeks will be critical
The prize that explains Ukraine’s southern push into Russia’s best defences (The Telegraph) With ‘combined arms’ formations and Western-supplied tanks, Kyiv could achieve an audacious victory that opens multiple options to advance
Ukraine’s summer counteroffensive will aim to keep the Russians guessing (Atlantic Council) Speculation is mounting that Ukraine's hotly anticipated summer counteroffensive may be underway but initial stages are likely to feature probes and diversionary attacks rather than a big push, writes Peter Dickinson.
Can Ukraine’s counter-offensive succeed? (The Economist) Assessing strategy, military ambitions and political risks
The geopolitical stakes of Ukraine’s counter-offensive (The Economist) How to ensure Russia suffers a strategic defeat
The True Purpose of Ukraine’s Counteroffensive (The Atlantic) Kyiv needs to show Russians that the war is not worth fighting.
How Zelensky is channelling Churchill to 'set Russia ablaze' (The Telegraph) Video analysis: Irregular operations won't win the war against Russia, but will boost Ukrainian morale
Kakhovka dam collapse unlikely to hurt Ukraine counteroffensive but will have long-term impact (the Guardian) Catastrophe is also likely to fuel concerns about Moscow’s brinkmanship, if suspicions that Russia blew up the dam are proved
Russian missiles greet Zelensky’s visit to flooded Kherson region (The Telegraph) Ukrainian rescue operation after Kakhovka dam burst is being made more perilous by latest escalation in hostilities
Drone footage of collapsed Ukrainian dam counters Russian narrative (Military Times) An AP team flew a drone over the devastation on Wednesday, filming submerged homes, and even a church of villages under Russian occupation.
Kyiv says it intercepted call showing Russia blew up Kakhovka dam (Reuters) Ukraine's domestic security service said on Friday it had intercepted a telephone call proving a Russian "sabotage group" blew up the Kakhovka hydroelectric station and dam in southern Ukraine.
Russia-Ukraine war live: Growing indications Nova Kakhovka dam blown up after seismic data points to blast at site (the Guardian) Norwegian scientists says signals from regional station in Romania suggest an explosion occurred before dam was destroyed
Seismic data adds to evidence that Ukraine’s Kakhovka dam was blown up (the Guardian) Signals point to explosion early on Tuesday, as Ukraine says intercepted call proves Russia was responsible
Ukraine dam: What we know about Nova Kakhovka incident (BBC News) Catastrophic floods engulf towns and villages in southern Ukraine after a major dam was destroyed.
Zelenskiy steps up criticism of International Red Cross over inaction at Kakhovka dam (the Guardian) Ukrainian president’s remarks echo previous comments about international bodies’ failure to intervene more decisively
Kakhovka dam collapse threatens Europe’s largest nuclear plant (Atlantic Council) The blowing up of the Kakhovka dam in Russian-occupied southern Ukraine threatens to deprive the nearby Zaporizhzhia Nuclear Power Plant of vital water supplies and raises the threat of nuclear disaster, writes Suriya Evans-Pritchard Jayanti.
The Kakhovka Dam Collapse Is an Ecological Disaster (WIRED) Water surging from the broken Ukrainian dam is killing animals, destroying habitats, and unleashing pollution. The effects may be irreversible.
Can Russia be held accountable for the destruction of the Kakhovka dam? (Atlantic Council) Initial analysis indicates that Russia deliberately destroyed the Kakhovka dam in what would qualify as one of Moscow's worst war crimes in Ukraine, but holding the Kremlin accountable will prove extremely difficult, writes Danielle Johnson.
Russian Elite Is Souring on Putin’s Chances of Winning His War (Bloomberg) Even some who support the invasion and want to intensify the fight against Ukraine have become deflated about Russia’s prospects.
Biden and Sunak meet amid a turning point in the Russia-Ukraine war (CNN Politics) When United Kingdom Prime Minister Rishi Sunak visited the White House on Thursday, he hoped a shared perspective on Ukraine and a new push for economic partnership could reinforce what has been a steady, if rather business-like, working relationship.
Pentagon Readies New $2 Billion Ukraine Air Defense Package (Bloomberg) Raytheon, Lockheed Martin missile systems will be included. US aid program designed for Ukraine’s long-term defense needs.
Pentagon confirms it's buying SpaceX Starlink services for Ukraine (Yahoo News) The Pentagon has confirmed it is buying SpaceX's Starlink broadband services to provide communications in Ukraine.
Asylum Ambuscade: crimeware or cyberespionage? (WeLiveSecurity) A curious case of a threat actor at the border between crimeware and cyberespionage
Asylum Ambuscade hackers mix cybercrime with espionage (BleepingComputer) A hacking group tracked as 'Asylum Ambuscade' was observed in recent attacks targeting small to medium-sized companies worldwide, combining cyber espionage with cybercrime.
Meet the cybercrime group that appears to do cyberespionage on the side (Washington Post) First seen snooping in cyberspace about Ukrainian refugees, Asylum Ambuscade may actually primarily be about crime
Hacking Group Seen Mixing Cybercrime and Cyberespionage (Bank Info Security) Hacking group Asylum Ambuscade, which security researchers say aligns with Belarusian government interests, has an "unusual" twist: It appears to be
Website des Parlaments fällt Cyberangriff zum Opfer (Netzwoche) Die Website "parlament.ch" ist am Mittwochnachmittag von Cyberkriminellen angegriffen worden. Das Portal war zeitweise nicht abrufbar oder reagiert nur langsam. Noch scheint der Angriff anzudauern.
Swiss parliament website attacked by hackers (Euro Day) Cyberattacks against Switzerland continue unabated. After companies, individuals and NGOs, it is now directly the Confederation that is the target of hackers. On Thursday morning, the President of the National Council, Martin Candinas, alerted his colleagues that the Parlament.ch website was only accessible intermittently.
Attacks, Threats, and Vulnerabilities
Swiss Fear Government Data Stolen In Cyberattack (Barron's) Switzerland said Thursday that government operational data might have been stolen in a cyberattack on the technology firm that provides software for several departments.
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft (SecurityWeek) Researchers believe North Korea-linked Lazarus Group has stolen at least $35 million in cryptocurrency from Atomic Wallet.
MOVEit SQLi Zero-Day (CVE-2023-34362) Exploited by CL0P Ransomware Group (Akamai) On May 31, 2023, Progress Software began warning customers of a previously unknown vulnerability in MOVEit Transfer and MOVEit Cloud software. The SQL injection (SQLi) vulnerability, assigned CVE-2023-34362, has been actively exploited by attackers.
Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021 (Kroll) On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362). Kroll previously provided guidance on steps to mitigate risks associated with this critical vulnerability, which allows attackers to gain unauthenticated access to MOVEit Transfer servers.
Cl0p announces rules for extortion negotiation after MOVEit hack (Help Net Security) Cl0p extortion crew says orgs whose data they've pilfered via MOVEit Transfer flaw have until June 14 to reach out for payment negotiation.
ACT government falls victim to Barracuda’s ESG vulnerability (CSO Online) The ACT government revealed it is responding to a security breach in the e-mail gateway system provided by Barracuda with the potential of personal information being impacted.
CVE-2023-2868: Total Compromise of Physical Barracuda ESG Appliances (Rapid7) Rapid7 incident response teams are investigating exploitation of physical Barracuda Networks Email Security Gateway (ESG) appliances.
Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data (SecurityWeek) Vulnerabilities found by a researcher in a Honda ecommerce platform used for equipment sales exposed customer and dealer information.
Compromising Honda’s power equipment / marine / lawn & garden dealer eCommerce platform through a vulnerable password reset API (Eaton Works) A vulnerable password reset API made it possible to take over any account and gain admin-level access to the platform. In addition, broken/missing access controls made it possible to access all data on the platform.
Facebook clickbait leads to money scam for users (Malwarebytes) Clickbait posts on Facebook can lead to malicious websites. In this campaign, crooks are redirecting Facebook victims to scam pages hosted on Google's infrastructure.
Infected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware (Bitdefender Labs) Several Minecraft mods and plugins hosted on the CurseForge and Bukkit modding
communities have been tainted
[https://www.
Microsoft OneDrive down worldwide following claims of DDoS attacks (BleepingComputer) Microsoft is investigating an ongoing outage that is preventing OneDrive customers from accessing the cloud file hosting service worldwide, just as a threat actor known as 'Anonymous Sudan' claims to be DDoSing the service
Interior faces 'disturbing' cyber risks due to cracked passwords and vulnerable assets (Nextgov.com) Recent reports reveal the Department of Interior is not enforcing multifactor authentication for its high-value assets and has a range of other significant cybersecurity risks.
Researchers published PoC exploit code for actively exploited Windows elevation of privilege issue (Security Affairs) Researchers published an exploit for an actively exploited Microsoft Windows vulnerability tracked as CVE-2023-29336. The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and […]
Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack (SecurityWeek) Japanese pharmaceutical company Eisai says it has taken systems offline after falling victim to a ransomware attack.
German recruiter Pflegia leaks sensitive job seeker info (Security Affairs) Pflegia, a German healthcare recruitment platform, has exposed hundreds of thousands of files with sensitive user data such as names, home addresses, and emails. Scouting for a new career can be stressful. Now imagine that, instead of a new role, you find that your resume data was exposed. That’s what job seekers using Pflegia’s services […]
Peachtree Orthopedics facing extortion threat in wake of patient data breach (Becker's Orthopedic Review) Atlanta-based Peachtree Orthopedics faced a data breach impacting patient info, including names, addresses, birth dates, and more. Now, the Karakurt threat grou
Augusta hires legal firm to help cope with data breach (WRDW) The Mullen Coughlin legal firm could deal with legal troubles from sensitive data – such as Social Security numbers and bank accounts – made public due to the breach.
‘I am disgusted’: Retired Huron-Superior Catholic District School Board educator blasts board’s handling of cyber attack (Sault Star) Cites lack of transparency, but Huron-Superior Catholic District School Board counters there's a ‘balance to strike’ between transparency and protecting security sensitive information.
A.I. is helping hackers make better phishing emails (CNBC) Cyber criminals can do things faster and easier with artificial intelligence, making it more difficult for cybersecurity experts to protect their organizations.
Security Patches, Mitigations, and Software Updates
CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released two Industrial Control Systems (ICS) advisories on June 8, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Google Cloud launches Cryptomining Protection Program (CSO Online) Google Cloud Cryptomining Protection Program is part of the Security Command Center Premium service to help users detect cryptomining attacks.
Google changes email auth after researcher spots a spoof (Register) Google's blue tick proves untrustworthy
Barracuda Warns All ESG Appliances Need Urgent Rip & Replace (Dark Reading) Patching, wiping ESG devices not enough to deny threat actor access following compromise, Barracuda says.
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways (KrebsOnSecurity) It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly…
Barracuda to customers: 'immediately' replace buggy devices (Register) That patch we issued? Yeah, it wasn't enough
Trends
The DomainTools Report, Spring 2023 (DomainTools) The Spring 2023 DomainTools Report explores 6 features of malicious activity. See how we analyze the data and a preview of findings from the full report.
The DomainTools Report: Spring 2023 Edition (DomainTools) The most recent DomainTools Report examines hotspots of malicious Internet infrastructure by TLD, IP and name server ASN, IP hosting country, domain registrar, and SSL certificate issuer.
Global Banking Fraud Index 2023 (SEON) Discover recent statistics and figures on banking fraud and the cost of fraud to US and UK organizations – as well as common consumer scams.
Marketplace
Managed cybersecurity provider Blackpoint Cyber reels in $190M from investors (SiliconANGLE) Managed cybersecurity provider Blackpoint Cyber reels in $190M from investors - SiliconANGLE
QuSecure Awarded U.S. Army Contract for Post-Quantum Cybersecurity Solutions (Business Wire) United States Army with QuSecure Advances Toward a Quantum-Resilient Future Protecting the Country from Today’s and Tomorrow’s Cybersecurity Threats
No Layoffs, Says Netskope India MD As Company Opens New B’lore Office (Business World) Netskope’s India headcount is close to 600, out of which over 400 employees are engineers
HashiCorp chops 8% of its workforce (Computing) Cuts come despite a 37% year-on-year rise in revenue
Bishop Fox’s Vinnie Liu talks offensive security skills (Computer Weekly) There is growing demand for offensive security testing, but it needs a multi-layered skillset that can be hard to quantify. Bishop Fox’s CEO and co-founder, Vinnie Liu, explains why and some potential mitigation strategies.
Verinext Named 2023 Southeast Regional Partner of the Year by Arctic Wolf (Verinext) Verinext is the Arctic Wolf Southeast Regional Partner of the Year for our commitment to improving our customers' cybersecurity posture.
CRN’s 2023 Women of the Channel Honors - Pamela Sharma and Christina Rauscher of Zerto (Zerto) Zerto, a Hewlett Packard Enterprise company, announced today that CRN®, a brand of The Channel Company, has named Pamela Sharma, senior manager, partner marketing, and Christina Rauscher, global alliances director, to the Women of the Channel list for 2023. Every year, CRN recognizes women from vendor, distributor, and solution provider […]
Products, Services, and Solutions
Rezonate Delivers Identity-Centric Security Solution to AWS Marketplace (Business Wire) Marketplace Availability and AWS Integrations Help Customers Secure Identities and Access Across Cloud Environments, SaaS Applications, and IAM Infrastructure
Immersive Labs and Accenture Collaborate to Solve the Global Cyber Talent Shortage (Business Wire) Industry leaders team up to launch “Cyber Million” program, dedicated to filling one million entry-level cybersecurity operations jobs over the next decade
Technologies, Techniques, and Standards
Microsoft gives enterprises cyber-info to protect themselves (Register) It's better to take action than wait for attacks
The GitLab 2022 Global DevSecOps Survey Thriving in an insecure world (GitLab) In May 2022, over 5,000 DevOps professionals shared details about their teams and practices. Despite a challenging business environment, strong momentum continued in automation, release cadences, and cutting-edge technology adoption.
4 Best practices leading orgs to release software faster (GitLab) Releasing software faster is one of the biggest goals of many organizations — and for good reason. It helps them keep up with competitors, land and keep more customers, improve employee satisfaction, and much more. But maintaining that velocity requires investment in processes and technologies that help DevSecOps teams deliver, secure, and deploy software faster without compromising quality.
Cyber Yankee Prepares Military, Business for Cyber Threats (Air National Guard) In the face of rising cyber threats, the Department of Defense has increased its efforts to recruit and build cyber capabilities. According to the 2023 DOD Cyber Strategy, the
Design and Innovation
Introducing Google’s Secure AI Framework (Google) Today Google released released the Secure AI Framework to help collaboratively secure AI technology.
Google Unveils Plan to Stay Secured With AI in Latest Security Framework (Tech Times) The framework aims to ensure that basic security controls are implemented to protect against potential vulnerabilities and malicious attacks.
Meta plans to put AI everywhere on its platforms (Axios) Meta CEO Mark Zuckerberg announced a plan to employees on Thursday that will see it put generative AI text, image and video generators into its flagship products, such as Facebook and Instagram.
Mattel Experiments With ChatGPT in Cybersecurity (Wall Street Journal) Companies should limit access to data and teach employees efficient prompts, Mattel CISO Tom Le says.
Academia
Universities, a prime target for cyber attacks, are seeing some relief because of the war in Ukraine (WOUB Public Media) Universities are one of the most attractive targets for cyber attacks because of the wealth of digital information they store. Though there has been a dramatic... Read More
Legislation, Policy, and Regulation
Apple’s AirDrop in the Crosshairs of China’s National-Security Crackdown (Wall Street Journal) File-sharing apps that were used by protesters face tighter controls under Beijing’s planned regulations.
China to clamp down on AirDrop and Bluetooth file sharing for national security reasons (CNN Business) China’s cyberspace regulator plans to issue new rules clamping down on the use of wireless file sharing functions such as Bluetooth and Apple’s AirDrop on national security grounds.
UK government to set deadline for removal of Chinese cams (Register) And compile a list of vendors considered threats to national security
UK FCA Proposes Ban on Crypto Incentives in Tough New Marketing Rules (Coin Desk) The Financial Conduct Authority said it will treat crypto like a high risk investment, and will consult on new guidance for its rules on promotions.
Abraham Accords Cyber Agreement: Constraining Iran in Cyberspace (OODA Loop) Recently, a bipartisan group of Congressmen put forth a bill that would formally authorize cyber cooperation between the United States, and those governments committed to the Abraham Accords. Dubbed the Abraham Accords Cybersecurity Cooperation Act of 2023,
Biden says security risks of AI need to be addressed (Reuters) Security risks posed by artificial intelligence must be addressed, U.S. President Joe Biden said on Thursday.
Stay ahead in AI race, tech boss urges West (BBC News) The chief executive of a software firm says adversaries must not be allowed to catch up.
TECH Tech leaders are calling for an A.I. pause because they have no product ready, Palantir CEO says (CNBC) Palantir CEO Alex Karp is of the view that there is an A.I. race, and the question is only “do we stay ahead or do we cede the lead?”
NERC’s role in public-private security collaboration can deter utilities from sharing information: report (Utility Dive) Utility lawyers “on occasion advise electricity companies not to share certain information with the ISAC for liability reasons,” according to a report from the Cyberspace Solarium Commission 2.0.
States Are Taking Baby Steps Toward Protecting Kids Online (The Information) Seat belts protect children in cars. Safety standards protect children from faulty or dangerous toys. All these are the result of regulatory mandates. And yet for far too long, social media companies have been allowed to develop addictive design features such as endless scroll, autoplay and push ...
Litigation, Investigation, and Law Enforcement
US targets Binance and Coinbase – is the government ready to regulate crypto? (the Guardian) Regulators have been confused about whether cryptocurrency is a security or a commodity, but clarity appears imminent
Trump indicted in classified documents case in a historic first for a former president (AP NEWS) Donald Trump has been indicted on charges of mishandling classified documents at his Florida estate. The remarkable development makes him the first former president in U.S. history to face criminal charges by the federal government that he once oversaw. The indictment carries unmistakably grave legal consequences, including the possibility of prison if he’s convicted. But it also has enormous political implications, potentially upending a Republican presidential primary that Trump has been dominating. And it sets the stage for a sensational trial centered on claims that he willfully, and illegally, hoarded sensitive national security information. The Justice Department did not immediately confirm the indictment publicly.
Trump charged over classified documents in 1st federal indictment of an ex-president (Daily News) The Justice Department did not immediately publicly confirm the indictment. But two people familiar with the situation who were not authorized to discuss it publicly said that the indictment includ…
Trump charged over classified documents in 1st federal indictment of an ex-president (AP NEWS) The case adds to deepening legal jeopardy for Trump, who has already been indicted in New York and faces additional investigations in Washington and Atlanta that also could lead to criminal charges.
Trump expected to surrender to Miami authorities on Tuesday after indictment (the Guardian) Former president prepares for his second arraignment after federal charges filed over mishandling of classified documents
OpenAI Hit With First Defamation Suit Over ChatGPT Hallucination (Bloomberg Law) OpenAI LLC is facing a defamation lawsuit from a Georgia radio host who claimed the viral artificial intelligence program ChatGPT generated a false legal complaint accusing him of embezzling money.
Lawyers blame ChatGPT for tricking them into citing bogus case law (AP NEWS) A judge is deciding whether to sanction two lawyers who blamed ChatGPT for tricking them into including fictitious legal research in a court filing. The lawyers apologized at a hearing Thursday in Manhattan federal court for their roles in written submissions that seemed to leave Judge P. Kevin Castel both baffled and disturbed at what happened. The filing was in a lawsuit against an airline and included references to past court cases that Steven A. Schwartz thought were real. They were actually invented by the artificial intelligence-powered chatbot. Castel repeatedly expressed his dismay as he questioned Schwartz about his decision to use ChatGPT. He did not immediately rule.
Julian Assange Loses Latest Appeal to Block US Extradition (Bloomberg) WikiLeaks chief Julian Assange has lost the latest attempt to appeal his extradition to the US to face criminal spying charges, removing one of the last barriers to his removal from the UK.