Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+476: Difficult fighting and complex cyber activity. (CyberWire) Security firms analyze fresh Russian cyber activity, and the situation of Russia's hacktivist auxiliaries has become murky.
Russia-Ukraine war live: Kyiv reports progress on counteroffensive despite Russia resistance (the Guardian) Ukrainian deputy defence minister says there has been a ‘steady advance of the armed forces’
Russia-Ukraine war: List of key events, day 477 (Al Jazeera) As the war enters its 477th day, these are the main developments.
Putin threatens to seize more of Ukraine to block border attacks (Military Times) Russian President Vladimir Putin suggested that he could order his troops to try to seize more land in Ukraine to protect bordering Russian territory.
As Ukraine’s counteroffensive heats up, Washington holds its breath (Washington Post) After 16 months of war, and with tens of billions’ worth of advanced weapons sent, Western backers need Ukraine’s forces to show dramatic gains against Russian occupiers
Ukraine War Could Last a Decade, Top Ukrainian Official Says (Defense One) The deputy minister of digital transformation is working to cut red tape and attract foreign investors to homegrown defense startups.
Planet Normal: To Putin and his inner circle, Ukraine is an existential war of defence (The Telegraph) Allison Pearson and Liam Halligan discuss Putin's motives behind the invasion of Ukraine on this week's Planet Normal podcast
Putin sides with military chiefs over placing Wagner under direct control (the Guardian) Russian leader says move must be made ‘as quickly as possible’ after Wagner boss refuses to sign contracts
Ukraine urges G7 to clamp down after western parts found in Russian missiles (the Guardian) Kyiv says components including microchips supplied for civilian purposes are sent to Russia through countries such as China
Biden, Stoltenberg Confer Before NATO Summit (U.S. Department of Defense) President Joe Biden and NATO Secretary General Jens Stoltenberg praised alliance unity in support of Ukraine as they discussed the upcoming NATO summit in Lithuania.
Readout of Secretary of Defense Lloyd J. Austin III's Call With Ukrainian Minister of Defe (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke by phone with Ukrainian Minister of Defence Oleksii Reznikov to discuss priorities for the Ukraine Defense Contact Group meeting in Brussels.
Donor Nations Providing Security Assistance, Training for Ukraine (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III visited Lucius D. Clay Kaserne, a U.S. Army installation in Germany that is home to the Security Assistance Group-Ukraine and the International Donor
Austin Urges Nations to Continue Ukraine Support for Long Haul (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III thanked the 50 nations that have provided Ukraine with training and equipment during his opening remarks at the 13th meeting of the Ukraine Defense Contact
Opening Remarks by Secretary of Defense Lloyd J. Austin III at the 13th Ukraine Defense Contact Group (As Delivered) (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III delivered opening remarks at the start of the 13th meeting of the Ukraine Defense Contact Group in Brussels.
In Germany, Austin gets update on Abrams program, praises 'successive miracles' in equipping Ukrainians (Breaking Defense) Some 200 Ukrainians, a mix of veteran tankers and other "well-trained" soldiers, are in their third week of training on the American main battle tank.
Netherlands outlines 3-step F-16 training plan for Ukraine, plus $43.4M air defense package (Breaking Defense) Training sessions will begin with a “limited number” of Ukrainian pilots but could be expanded over time.
With War Next Door, Poland Wants More from NATO (Defense One) Its ambassador to NATO says investment, weapons, and a real commitment to Ukrainian membership are some of Warsaw’s asks for the upcoming summit.
Ongoing Russian cyberattacks targeting Ukraine (Microsoft On the Issues) Microsoft threat intelligence teams have been tracking a wave of cyberattacks from an actor we call Cadet Blizzard that is associated with the Russian GRU. These attacks, which began in February 2023, targeted government agencies and IT service providers in Ukraine.
Cadet Blizzard emerges as a novel and distinct Russian threat actor (Microsoft Security) As Russia’s invasion of Ukraine continues into its second year and Microsoft continues to collaborate with global partners in response, the exposure of destructive cyber capabilities and information operations provide greater clarity into the tools and techniques used by Russian state-sponsored threat actors.
Microsoft links data wiping attacks to new Russian GRU hacking group (BleepingComputer) Microsoft has linked a threat group it tracks as Cadet Blizzard since April 2023 to Russia's Main Directorate of the General Staff of the Armed Forces (also known as GRU).
Microsoft Outs New Russian APT Linked to Wiper Attacks in Ukraine (SecurityWeek) Microsoft is publicly exposing a Russian hacking group that worked on destructive wiper malware attacks that hit organizations in Ukraine.
Cyberattack wave in Ukraine linked to Russia’s GRU, Microsoft says (C4ISRNet) "While it has not been the most successful Russian actor," Microsoft said in a blog post, "Cadet Blizzard has seen some recent success."
Microsoft identifies new hacking unit within Russian military intelligence (CyberScoop) Dubbed "Cadet Blizzard," the hacking group carried out operations targeting Ukrainian infrastructure in the run-up to the Russian invasion.
Microsoft identifies, names new Russian-sponsored threat group (SC Media) Microsoft announced that it's been tracking a new advanced persistent threat (APT) group linked with Russia’s military intelligence agency, the GRU.
Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine (Symantec) Attackers heavily focused on acquiring military and security intelligence in order to support invading forces.
Attacks, Threats, and Vulnerabilities
North Korea created evil twin of South Korea's Naver.com (Register) Think of it as a fake Google tuned for credential capture and you'll understand why authorities want to kill it
Hijacking S3 Buckets: New Attack Technique (Checkmarx.com) Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones
Kaspersky: Malware downloader installs crypto-stealing browser extension (Back End News) Kaspersky found that threat actors are using Satacom downloader to install malicious extensions for browsers.
Tracking Diicot: an emerging Romanian threat actor (Cado Security) Cado Labs researchers discover an interesting attack pattern attributed to threat actor Diicot (formerly, “Mexals”).
Android GravityRAT goes after WhatsApp backups (WeLiveSecurity) ESET researchers analyzed an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can receive commands to delete files.
Shampoo: A New ChromeLoader Campaign (HP Wolf Security) Don’t let cyber threats get the best of you. Read our post, Shampoo: A New ChromeLoader Campaign, to learn more about cyber threats and cyber security.
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China (Mandiant) Mandiant is investigating a Barracuda ESG appliance zero-day vulnerability being exploited in the wild.
Darth Vidar: The Aesir Strike Back (Team Cymru) At the beginning of this year, we released a detailed publication on Vidar infrastructure, encompassing both the primary administrative aspects, and the underlying backend. In that publication, we highlighted three key insights: Russian VPN gateways had the potential to confer anonymity to Vidar operators and customers, thereby rendering it more arduous for analysts to attain a comprehensive understanding of the threat. These gateways were observed to be transitioning towards Tor. There were ind
Fake Security Researcher GitHub Repositories Deliver Malicious Implant (VulnCheck) VulnCheck discovers a network of fake security researcher accounts promoting hidden malware.
Fake zero-day PoC exploits on GitHub push Windows, Linux malware (BleepingComputer) Hackers are impersonating cybersecurity researchers on Twitter and GitHub to publish fake proof-of-concept exploits for zero-day vulnerabilities that infect Windows and Linux with malware.
Hackers create fake GitHub profiles to deliver malware through repositories (Record) Hackers launched an elaborate but likely unsuccessful campaign to deceive cybersecurity professionals on the code-hosting platform GitHub and trick them into downloading malware, according to research published on Wednesday.
Someone is posing as a fake security company to create malicious GitHub repositories (SC Media) VulnCheck researchers that while they aren't sure if the unknown actors have succeeded in infecting devices, but they have been persistent even when their repositories are reported and taken down.
Cl0p names first batch of alleged MOVEit victims (Cybernews) The ransomware group responsible for compromising hundred of companies by exploiting a zero-day flaw in the MOVEit file transfer platform seems to have released the names of its first batch of victims.
MOVEit customers on high alert as Clop’s deadline expires (Cybersecurity Dive) As more compromised organizations come forward, one risk analysis firm is pushing the timeline for the vulnerability back years.
Illinois, Missouri latest states to investigate MOVEit incidents (Record) State agencies in Illinois and Missouri said they are investigating potential data breaches related to the exploitation of a vulnerability affecting a popular file transfer product.
State governments among victims of MoveIT Transfer breach (Security | TechTarget) Many organizations, including multiple state government agencies, have disclosed data breaches tied to a critical MoveIT Transfer vulnerability in recent weeks.
State of Missouri Issues Statement on Recent Global Cyberattack (Missouri Office of Administration) The State of Missouri Office of Administration, Information Technology Services Division (OA-ITSD), is investigating the potential impact to Missouri after a network of cyber criminals launched a global attack on private entities and multiple state governments. Based upon a release by the Cybersecurity & Infrastructure Security Agency, this cyber-attack is believed to have originated when a ransomware gang exploited a vulnerability in a third-party transfer system called MoveIT.
Brunswick reports 'IT security incident' as SEC pushes companies for faster disclosure (Crain's Chicago Business) Cyberattacks continue to increase as investors are paying more attention to the risks.
Johns Hopkins university and health system hit by MOVEit data breach; students and patients asked to be vigilant (Baltimore Sun) Students, staff and faculty at Johns Hopkins University as well as patients at the related medical system may have had sensitive information exposed following a recent cybersecurity attack on widely used software, according to the institution.
Johns Hopkins impacted by widespread cyberattack, sensitive information may be affected (WBAL) "The attack may have impacted the information of Johns Hopkins employees, students, and/or patients."
Godlike Hack Steals Encrypted Keys by Watching LED From 16 Meters Away (Futurism) Researchers say they can steal encrypted keys by analyzing the glow that a power LED emits in a device, such as a smart card reader.
Cameras Watching a Device's Power LED Prove Enough to Snaffle Cryptographic Secrets (Hackster.io) Watching for fluctuations in color and brightness, this clever attack exploits rolling shutters to dramatically boost its resolution.
Security Patches, Mitigations, and Software Updates
No zero-days for June Patch Tuesday, but plenty to chew over | Computer Weekly (ComputerWeekly.com) On the face of it, Microsoft’s monthly round of updates is a lighter-than-usual load for security teams, with no zero-days in evidence, but there are still plenty of issues to pay attention to
SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates (SecurityWeek) SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities.
Chrome 114 Update Patches Critical Vulnerability (SecurityWeek) Google has released a Chrome 114 security update to address five vulnerabilities, including a critical-severity bug in Autofill payments.
ICS Patch Tuesday: Siemens Addresses Over 180 Third-Party Component Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Siemens and Schneider Electric have published more than a dozen advisories addressing over 200 vulnerabilities.
Trends
GRIT Ransomware Report: May 2023 (Guidepoint Security) During the month of May, GRIT observed an increase in the number of ransomware victims compared to April 2023. However, the most prolific ransomware groups, including Lockbit, Alphv, and Royal, exhibited either a reduction or stagnation in their number of victims posted. Despite this trend from established groups, the overall impact of ransomware remained significant. We observed several new branded groups entering the scene, contributing to a cumulative rise in the number of observed ransomware victims. These emerging groups leverage both established and novel tactics in an attempt to blend in and profit amidst an increasingly crowded ransomware economy.
Cryptocurrency Attacks Quadrupled as Cybercriminals Cash In (Dark Reading) Attackers continue to attempt to steal Bitcoin and other virtual coins, with a 40% increase in phishing attacks and fourfold increase in incidents.
The COVID Pandemic Fueled a 700% Surge in IoT-Specific Malware Infections (ABI Research) During the pandemic, IoT-specific malware infections represented a 700% increase and target
Marketplace
Cyber Insurance Premiums Surge by 50% as Ransomware Attacks Increase (Bloomberg) US cyber insurance premiums surged 50% in 2022 as increased ransomware attacks and online commerce drove demand for coverage.
Threat Intelligence Firm Silent Push Launches With $10 Million in Seed Funding (SecurityWeek) Detection-focused threat intelligence firm Silent Push, which maps the entire internet, has launched with $10 million in seed funding
Hollywood producer and chewing gum heir explore takeover of notorious spyware firm assets (the Guardian) Robert Simonds and William ‘Beau’ Wrigley consider acquiring assets of NSO, blacklisted Israeli company behind Pegasus spyware
Cycuity Awarded Seven-Year $99 Million IDIQ Contract to Address Design Supply Chain Security (Business Wire) First phase to address secure design supply chain and third-party IP security in close collaboration with partners in the defense and commercial sectors
ltimindtree joins microsoft intelligent security association (Capital Market) This collaboration and security specializations will allow LTIMindtree to leverage the Microsoft Security product portfolio to enhance its MDR platform and help enterprises pr...<P>
SAIC names new intelligence business leader (Washington Technology) Science Applications International Corp. looks within its own executive ranks for this appointment.
Products, Services, and Solutions
How Secret Detection can proactively revoke leaked credentials (GitLab) Modern applications don’t run on their own: They rely on databases, cloud services, APIs, and other services. To connect to those systems, the applications use credentials like private keys and API tokens.
Threat Intelligence Solutions (Cybersixgill) Cybersixgill's cyber threat intelligence provides businesses with continuous monitoring, prioritized real-time alerts and deep and dark web threat intelligence.
Akeyless Launches External Secrets Manager, Adding "Bring Your Own Vault" Capabilities to Multi-Cloud Environments (Yahoo Finance) Akeyless Security, the leading provider of SaaS secrets management, announced the launch of External Secrets Manager (ESM). This new capability will centralize governance and control of enterprise credentials, certificates and keys, securing machine identities without requiring the migration of secrets or the removal of existing point solutions.
Actility, Abeeway, and Combain Unite for AI-Powered Indoor Location Solutions Revolution (Actility) Actility, Abeeway, and Combain announce their strategic collaboration, marking a new era of AI-powered indoor location solutions
Atlas: Earth Deploys Shield to Protect Metaverse from Cheaters (PR Newswire) Cheaters beware: the world's top virtual real estate metaverse ATLAS: EARTH is leveraging global risk intelligence company SHIELD's AI-powered...
PRESS RELEASE: Future-Proofing Communications Security – SSH launches Zero Trust Suite (GlobeNewswire News Room) SSH Communications Security launches SSH Zero Trust Suite, combining SSH’s proven-in-use communications security...
Cyware Launches New Global Partner Program, CywareOne, Helping Partners Excel, Drive More Value for Customers (Business Wire) Cyware, the leading provider of threat intelligence management, low-code SOAR, and Cyber Fusion solutions for enterprises and MSSPs/MDRs, and threat intelligence sharing communities, today announced the launch of its new Partner Program, CywareOne.
Dragos’ new partner program aims to turn resellers into OT experts (channelpro) The initiative will help partners fully manage customer deployments with Dragos’ ISC/OT security offerings
Lumen Technologies partners KnowBe4 to drive cyber awareness in APAC (Channel Asia) Lumen Technologies has partnered with security awareness training provider KnowBe4 to drive cyber awareness and strengthen ‘security culture’ across organisations in the Asia Pacific region.
Wiz partners with Contrast Security to provide real-time insights into potential security risks - Help Net Security (Help Net Security) As a launch partner for the Wiz Integrations (WIN) platform, Contrast brings the power of the Contrast Secure Code Platform to WIN.
Zscaler Unveils Suite of Cyber Solutions Designed to Harness the Full Potential of Generative AI (GlobeNewswire News Room) Industry’s Largest Cloud Security Data Lake Enables New AI-Powered Security Controls to Detect Millions of New Attacks While Safeguarding Sensitive Data...
Optable and Qonsent Partner to Deliver Consented Data Privacy Experience for Advertisers (PR Newswire) Qonsent, a consumer centric first-party data experience platform with consent at its core, today announced a partnership with Optable, a...
OneSpan Expands OneSpan Notary Capabilities to Secure Digital Identities (OneSpan) New identity-proofing features further secure digital identities and facilitate evolving remote notary regulatory requirements
Absolute Software Adds Secure Web Gateway Service to its Differentiated Security Service Edge Solution (Absolute) Absolute Software announced the expansion of its differentiated Security Service Edge (SSE) solution with the launch of the Absolute Secure Web Gateway Service.
Valence Announces First Generative AI SaaS Security Platform (GlobeNewswire News Room) Valence Security, the leading SaaS Security Posture Management (SSPM) company, today announced that...
Technologies, Techniques, and Standards
CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs) (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI), highlighting threats to Baseboard Management Controller (BMC) implementations and detailing actions organizations can use to harden them.
Harden Baseboard Management Controllers (NSA | CISA) Baseboard management controllers (BMCs) are trusted components designed into a computer’s hardware that operate separately from the operating system and firmware to allow for remote management and control, even when the system is shut down.
Food Producers Band Together in Face of Cyber Threats (Wall Street Journal) Companies launch information-sharing platform for industry as attacks mount.
Report finds a surge in red team deployment as enterprises turn to proactive cyber resilience (Continuity Central) Bishop Fox has announced the results of a study, conducted by the Ponemon Institute, exploring enterprise adoption and use of offensive security tools and techniques to more effectively harden environments and assets.
A Mere Five Percent of Vulnerable Enterprises Fix Their Issues Every Month: How to Help Them Do Better? (Bitsight) Software vulnerabilities are one of the leading threats to an organization's cybersecurity posture, yet research from Bitsight reveals that enterprises affected
NCC Group advises on UK Government’s Manual for Smart Streets (Mynewsdesk) NCC Group’s transport practice has advised on the Transport Technology Forum’s Manual for Smart Streets (MfSS), a newly launched guide for local authorities...
Cyber liability insurance vs. data breach insurance: What's the difference? (CSO Online) Cyber insurance is increasingly becoming a compulsory element in business relationships. Knowing what coverage meets a company’s specific needs can provide better protection.
Design and Innovation
ChatGPT Is Unoriginal—and Exactly What Humans Need (WIRED) The technology can help cut through buzzwordy “solutions” and serve as a shortcut for jumpstarting creativity.
Mechanical Turk workers are using AI to automate being human (TechCrunch) "Turkers" appear to be using AI to do tasks that were specifically intended to be done by humans because AI couldn't. Great job everybody!
Academia
Universities to Train AI to Outmaneuver Cyber Threats (GovTech) A consortium of major universities will research AI's cybersecurity applications as part of the National Science Foundation's new AI Institute for Agent-based Cyber Threat Intelligence and Operation (ACTION).
Legislation, Policy, and Regulation
Europe moves ahead on AI regulation, challenging tech giants’ power (Washington Post) European lawmakers voted to approve the E.U. AI Act, putting Brussels a step closer to shaping global standards for artificial intelligence
Europeans Take a Major Step Toward Regulating A.I. (New York Times) A draft law in the European Parliament has become the world’s most far-reaching attempt to address the potentially harmful effects of artificial intelligence.
Using AI for loans and mortgages is big risk, warns EU boss (BBC News) Margrethe Vestager tells the BBC using AI for decisions that affect lives could lead to discrimination.
Senate HSGAC Approves Cyber Awareness, DHS Bills (Meritalk) The Senate Homeland Security and Governmental Affairs Committee voted today to approve several cybersecurity-related bills, including the Cybersecurity Awareness Act of 2023, and the DHS International Cyber Partner Act of 2023.
First look: Bipartisan bill denies Section 230 protection for AI (Axios) Sens. Josh Hawley and Richard Blumenthal want to clarify that the internet's bedrock liability law does not apply to generative AI, per a new bill introduced Wednesday that was shared exclusively with Axios.
Federal Agencies Now Required to Secure Internet-Exposed Network Devices (Decipher) The new directive from CISA aims to help federal agencies identify and secure their network devices that are exposed to the public internet.
Cyber Command reshuffles force expansion due to Navy readiness woes (Record) The U.S. military has rearranged a years-long effort to expand the "action arm" of its top cyber forces, according to multiple sources, as leaders try to balance fighting advanced foreign threats like China with maintaining basic readiness.
White House cyber official Rob Knake to depart (Record) A key architect of the White House’s landmark national cyber strategy will leave office Thursday, according to a source with direct knowledge of the move.
Litigation, Investigation, and Law Enforcement
Israeli-made spyware Pegasus used in Indonesia since 2018, says IndonesiaLeaks (Asia News Network) Despite the high price of entry, sources from the industry that IndonesiaLeaks met with confirmed that Israeli-made products had been in use in Indonesia since 2018.
EU Says It Might Seek Breakup of Google’s Ad-Tech Business (Wall Street Journal) The move means Europe is joining the U.S.’s antitrust assault on Google’s ad-tech business, potentially setting up a protracted battle.
Briefing: EU Seeks Breakup of Google’s Adtech Business (The Information) The European Commission said Wednesday that it would seek to force a breakup of Google’s advertising technology business, following the U.S. Department of Justice in alleging that the search giant illegally abused its dominance over the way advertisers and website publishers buy and sell ad space on sites Google doesn’t own.
The commission informed Google of its “preliminary view” that it had
Spotify fined $5.4 million in Sweden over GDPR violations (Record) Sweden’s data protection agency on Tuesday hit the digital music and podcast web player Spotify with a $5.4 million fine for allegedly flouting transparency regulations set by the EU General Data Protection Regulation (GDPR).
Scripps Health settlement payments are coming your way (NBC 7 San Diego) Scripps Health is starting to send out payments to patients who were impacted by a ransomware attack two years ago. You may be able to claim $100, but you’ll want to make sure you know how to spot a legitimate email from a fake.