Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+477: Targeting, kinetic and cyber. (CyberWire) With two hours' dwell time, anything that's just ten miles away can be hit. In the cyber phase of the hybrid war, a look at the role played by hacktivist auxiliaries and useful idiots.
Russia-Ukraine war: List of key events, day 478 (Al Jazeera) As the war enters its 478th day, these are the main developments.
Ukraine-Russia war latest: Kremlin bombards Kyiv during South African leader's visit (The Telegraph) Russia bombarded Kyiv with “hypersonic” missiles as African leaders arrived to meet Volodymyr Zelensky on a peace mission from the continent.
Himars strike wipes out crowd of Russian soldiers lined up to hear general's speech (The Telegraph) More than 100 troops may have been killed in occupied Ukrainian town of Kreminna after they were left waiting for hours in large numbers
Watch: Why early failures in Ukraine's counter-offensive aren't Russian victories (The Telegraph) As Ukraine begins to push Russia back, we must remember that some failed advances don't spell disaster
UN atomic watchdog chief visits embattled Ukraine nuclear plant (Military Times) A recent dam burst and Kyiv’s new counteroffensive against Russia’s invasion have heightened safety risks at the Russia-occupied Zaporizhzhia plant.
Russian War Report: Anti-Ukrainian counteroffensive narratives fail to go viral (Atlantic Council) As the Ukrainian counteroffensive continues in Ukraine's south and east, false narratives calling it unsuccessful fail to gain traction on Twitter.
NATO sees no change in Russia nuclear posture despite Belarus claims (Military Times) NATO doubts President Alexander Lukashenko's claims that Belarus has already received some tactical nuclear weapons from Moscow.
Pentagon predicts Ukraine offensive will be long and ‘very violent’ (Washington Post) The sobering forecast comes as Western military officials plot to arm Ukraine for years to come, beyond its current push to retake Russian-occupied territory
Ukraine’s fight a ‘marathon’ not a ‘sprint,’ Secretary of Defense says (Military Times) Defense Secretary Lloyd Austin urged continued support for Ukraine at the latest Ukraine Defense Contact Group meeting.
Here’s why Putin really invaded Ukraine (The Independent) Why did Russia invade Ukraine?
Putin is retreating into dangerous fantasies (The Telegraph) The Russian president is desperate to appease ultra-nationalists. But all he has left are empty gestures
Nations Step Up With New Ukraine Military Assistance (U.S. Department of Defense) Germany and Poland committed to sustaining Ukraine's new Leopard tanks, and the Netherlands and Denmark shared progress made on their plans to train pilots on fourth-generation fighter aircraft,
Ukraine allies debate how to boost support as Russia invasion drags on (Military Times) NATO members discussing how to further arm Ukraine, while charting out a path to full membership in the alliance.
US training of Ukrainian troops adequate but not perfect, IG reports (Military Times) DoD investigators found U.S. Army soldiers have met Ukrainian training needs, but not without hiccups.
What Can History Tell Us About Ukraine’s Future? (Foreign Affairs) A Conversation With Margaret MacMillan
Why Ukrainian NATO membership would actually be good for Russia (Atlantic Council) Vladimir Putin claims one of the main goals of his Ukraine invasion is to prevent the country joining NATO, but in reality this objective actually goes directly against Russia’s own national interests, writes Leonid Gozman.
Flake pours cold water on odds of Sweden joining NATO before summit (Axios) The U.S. ambassador to Turkey, former Sen. Jeff Flake (R-Ariz.), acknowledged in an interview with Axios that it’s "unlikely" Sweden will be able to join NATO before next month’s summit in Vilnius.
Putin’s man in Nato is becoming dangerous (The Telegraph) President Erdogan of Turkey can’t be allowed to block Sweden from joining the North Atlantic Alliance
The Dynamics of the Ukrainian IT Army’s Campaign in Russia (Lawfare) The Ukrainian IT Army offers a unique perspective into the choices of an offensive actor in a war.
Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine (Symantec) Attackers heavily focused on acquiring military and security intelligence in order to support invading forces.
Russia sent its reserve team to wipe Ukrainian hard drives (Register) WhisperGate-spreading Cadet Blizzard painted as haphazard but dangerous crew
Cyber attacks on Rotterdam and Groningen websites (WorldCargo News) The websites of both the Port of Rotterdam and Eemshaven/Delfzijl (Groningen Seaports) were crashed in a cyber attack that is alleged to have originated in Russia.
Threat Actor Targets Russian Gaming Community With WannaCry-Imitator (Cyble) Cyble analyzes WannaCry-Imitator Ransomware, a phishing gaming site targeting the Russian Gaming community.
Hackers infect Russian-speaking gamers with fake WannaCry ransomware (Record) Researchers have uncovered a phishing campaign targeting Russian-speaking players of Enlisted, a multiplayer first-person shooter.
Moldova needs an energy overhaul (Atlantic Council) If energy security is national security, then Moldova is one of the most vulnerable countries in the world and is in need of a comprehensive energy sector overall, writes Suriya Evans-Pritchard Jayanti.
Indonesia’s Ukraine Peace Plan Makes Sense—for Indonesia (World Politics Review) Indonesia’s proposed plan to end Russia’s war in Ukraine reveals a lot about the country’s foreign policy objectives.
Ukrainian defense firms seek ties to Europe’s industry (Defense News) Kyiv is walking the line between taking foreign assistance and building a self-sufficient domestic industry.
The Other Counteroffensive to Save Ukraine (Foreign Affairs) A new European recovery program.
Putin moves to seize assets of ‘naughty’ Western companies fleeing Russia (The Telegraph) Kremlin move would make it harder for companies to leave Russia
Attacks, Threats, and Vulnerabilities
Shampoo: A New ChromeLoader Campaign (HP Wolf Security) Don’t let cyber threats get the best of you. Read our post, Shampoo: A New ChromeLoader Campaign, to learn more about cyber threats and cyber security.
'Shampoo' ChromeLoader Variant Difficult to Wash Out (Dark Reading) A new version of the infamous browser extension is spreading through files on websites offering pirated wares, and leverages unique persistence mechanisms.
Brute-forcing ButterflyMX Virtual Keys and Hacking Time Limits (Trustwave) Recently, I discovered two vulnerabilities in the ButterflyMX system which were responsibly disclosed to the vendor. The vendor has mitigated the highest-risk vulnerability, which enabled unauthorized attackers to gain access to buildings equipped with the ButterflyMX Access Control System.
Exclusive: US government agencies hit in global cyberattack (CNN) Several US federal government agencies have been hit in a global cyberattack by Russian cybercriminals that exploits a vulnerability in widely used software, according to a top US cybersecurity agency
Russian Ransomware Group Breached Federal Agencies in Cyberattack (New York Times) The top U.S. cybersecurity agency said it did not have evidence that the group was acting in coordination with the Russian government.
Companies and Governments Disclose Data Theft From Attack on File-Sharing Tool (Wall Street Journal) Companies and government offices across Europe and the U.S. say they were hit by a cyberattack on widely used file-sharing software, as hackers warned victims they would publish stolen data online unless they paid a ransom this week.
The MOVEit ransomware reckoning has begun (Washington Post) Clop’s exploitation of the MOVEit vulnerability claims government victims
US energy department, other agencies hit in global hacking spree (Reuters) The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, officials said on Thursday.
US government agencies hit by cyberattack, official says (ABC News) U.S. government networks were hit by a cyberattack affecting several agencies, but the attack does not pose a major risk to national security, an official said Thursday
US government hit by Clop in MOVEit mass attack (Register) CISA chief tells us exploitation 'largely opportunistic', not on same level of SolarWinds
Energy Department among ‘several’ federal agencies hit by MOVEit breach (Federal News Network) Sources confirmed the Energy Department is treating it as "major incident," with other agencies uncovering intrusions as well.
A US radioactive waste storage facility was one of the targets of the global CLOP hack (Quartz) The Waste Isolation Pilot Plant was one of the two US Department of Energy entities affected
Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities (TechCrunch) The hackers responsible for exploiting a flaw to target users of a popular file transfer tool has begun listing victims of the mass-attacks
Potential University System of Georgia security breach likely exposed access to unauthorized data (11Alive.com) The potential breach is linked to the USG's MOVEit Security File Transfer and Automation software, which is used for storing and transferring sensitive data.
Cyber attack results in data breach of all Louisiana driver licenses, IDs (wwltv.com) According to the state, the data transfer service used to send large files was targeted by cyber attackers.
Act now: Louisiana residents data exposed in OMV cyber attack (WDSU) The governor's office says there is no indication at this time that cyber attackers who breached MOVEit have sold, used, shared or released the OMV data obtained from the MOVEit attack.
Here's what to know, how to act after huge Louisiana OMV data breach (NOLA.com) As Louisiana's Office of Motor Vehicles grapples with a massive cyberattack that officials say could affect everyone with a state driver's license, they're advising people to take several steps to
Massive hack of Oregon DMV system puts estimated 3.5 million driver license and ID card info at risk, officials say (oregonlive) The Oregonian/OregonLive first made inquiries about the security breach on Wednesday; DMV officials did not respond until today.
CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities (Cybersecurity and Infrastructure Security Agency CISA) Today, CISA, the Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released an update for joint Cybersecurity Advisory (CSA) Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server.
Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server (Cybersecurity and Infrastructure Security Agency CISA) From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency.
US Organizations Paid $91 Million to LockBit Ransomware Gang (SecurityWeek) LockBit ransomware operators launched 1,700 attacks in the US and received roughly $91 million in ransom payments.
A Shady Chinese Firm’s Encryption Chips Got Inside NATO and NASA (WIRED) The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.
How cybercriminals target energy companies (Help Net Security) This video discusses how cybercriminals employ specialized strategies when targeting energy companies around the world.
What makes hospitals and healthcare organizations attractive targets for cybercriminals? (TheHealthSite) Cyberattacks on hospitals and healthcare organizations are becoming more common these days. Why healthcare is being targeted frequently for cyberattacks?
Security Patches, Mitigations, and Software Updates
MOVEit Transfer Critical Vulnerability – CVE Pending (June 15, 2023) (Progress Customer Community) Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment.
Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability (Cybersecurity and Infrastructure Security Agency CISA) Progress Software has released a security advisory for a privilege escalation vulnerability in MOVEit Transfer—a Managed File Transfer Software. A cyber threat actor could exploit this vulnerability to take control of an affected system.
Barracuda Email Security Gateway Appliance (ESG) Vulnerability (Barracuda) Barracuda ESG Appliance Vulnerability Status Update
Barracuda Networks Releases Update to Address ESG Vulnerability (Cybersecurity and Infrastructure Security Agency CISA) Barracuda Networks has released an update to their advisory addressing a vulnerability—CVE-2023-2868—in their Email Security Gateway Appliance (ESG). According to Barracuda, customers should replace impacted appliances immediately.
CISA Releases Fourteen Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released fourteen Industrial Control Systems (ICS) advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Trends
Industry Insights Report Reveals Top Cyber Threats in the Retail & Hospitality Sector (RH-ISAC) Credential harvesting, ransomware, and phishing represent the largest share of threats facing the community, according to data from Verizon and the Retail & Hospitality ISAC.
Insider Threats in Healthcare (Avertium) Whether intentional or negligent, let’s explore insider threats in healthcare and how healthcare organizations can remain safe.
Proofpoint’s 2023 Human Factor Report: Threat Actors Scale and Commoditize Uncommon Tools and Techniques (GlobeNewswire News Room) New research provides an in-depth analysis of the modern attack chain and today’s biggest threats...
Threat actors scaling and commoditising uncommon tools and techniques finds Proofpoint research (ITWire) Cybersecurity and compliance company Proofpoint has released its annual Human Factor report, revealing 2022 was back-to-business for the world's cybercriminals, but also showed they found new ways to make a living. Proofpoint's Human Factor report found after two years of pandemic-induced di...
Marketplace
Future of Privacy Forum Recognizes Two Privacy and Technology Leaders with Career Awards (Future of Privacy Forum) The Future of Privacy Forum (FPF) — presented Maneesha Mithal, a long-time leader in privacy and consumer protection at the Federal Trade Commission, the Distinguished Public Service Award, and Jane Horvath, Apple’s former Chief Privacy Officer and a privacy and technology trailblazer of more than two decades, the Career Achievement Award.
Axio Experiences Significant Customer Momentum, Appoints Industry Veterans to Accelerate Rapid Global Growth (Business Wire) Energy Executive Felipe Bayón Joins as Special Advisor to Help Drive Leadership Position in Emerging Markets
Cybersecurity firm goes internal for new chief operating officer (BusinessCloud) Cambridge-based Trustonic has promoted Suzie Smith to COO after first joining the company in 2020 as chief marketing officer
Products, Services, and Solutions
Solidus Labs Taps Forta Network to Enhance Fraud Protections for DeFi Investors (News Direct) Solidus Labs Taps Forta Network to Enhance Fraud Protections for DeFi Investors
Bluescape's FedRAMP-Authorized Digital Workbench Available Through Carahsoft's Public Sector Contract Vehicles (Benzinga) Carahsoft will serve as Bluescape's Master Government Aggregator®, making the company's industry leading digital workbench platform available to Government agencies through Carahsoft's reseller partners, GSA
Cyberattacks And Supply Chain Disruptions Put Focus On FiscalNote’s (NYSE: NOTE) Dragonfly Security Intelligence To Help Leading Organizations Build Resilience Through Intelligence | News Direct (News Direct) Cyberattacks And Supply Chain Disruptions Put Focus On FiscalNote’s (NYSE: NOTE) Dragonfly Security Intelligence To Help Leading Organizations Build Resilience Through Intelligence
Introducing Mayhem Security (Mayhem) Today, we’re proud to announce a completely re-imagined Mayhem and the debut of Mayhem.security - a central home for everything Mayhem-related.
Absolute Software Adds Secure Web Gateway Service to its Differentiated Security Service Edge Solution (Absolute) Absolute Software announced the expansion of its differentiated Security Service Edge (SSE) solution with the launch of the Absolute Secure Web Gateway Service.
Coalition Releases Security Vulnerability Exploit Scoring System (Business Wire) Coalition ESS Uses AI to Generate Dynamic Risk Scores to Help Organizations Mitigate Their Most Critical Risks Faster
Torq Delivers Cybersecurity’s Highest-Upside
Partner Program With Guaranteed Margins Up to 25% (Torq) New Torq Partner Acceleration Program provides 100% transparency and eliminates burdensome “precious metals” leveling to incentivize ecosystem and ignite global co-selling opportunities New York, NY, June 15, 2023—Torq, the security...
Veza Reaches Milestone 100 Integrations to Secure Identity Access… (Veza) Veza Integration Ecosystem Enables Faster Deployment for the Enterprise PALO ALTO, CA – June 15, 2023 – Veza , the identity security company, today announced support for 100 integrations across cloud providers, SaaS apps, data systems, and custom and on-premise applications, to accelerate…
GitLab Dedicated single-tenant SaaS now generally available (GitLab) Last year, we launched the Limited Availability release of GitLab Dedicated, a fully managed, single-tenant SaaS deployment of our comprehensive DevSecOps platform designed to address the needs of customers with stringent compliance requirements.
Technologies, Techniques, and Standards
ICS attack classifications: differentiating between Cyberwarfare, Cyberterrorism, & Hacktivism (Outpost24 blog) ICS attacks and how properly managed threat classifications can help harden cybersecurity defenses.
4 Things People Get Wrong About Zero Trust Security (Virtual Strategy) Some know it as “never trust, always verify,” while others in the form of the Russian proverb “trust but verify”. Here, we talk about the concept of zero trust in cybersecurity.
Six meaningful benefits of modernising SOCs (ITWeb) The benefits translate into increased defensive and offensive security for the enterprise and its SecOps teams, as well as reducing risk and security costs for the company.
Red teaming can be the ground truth for CISOs and execs (Help Net Security) While cyber is a priority in boardrooms, execs have still yet to take full responsibility for their security posture and deploy red teams.
Design and Innovation
DOD Committed to Ethical Use of Artificial Intelligence (U.S. Department of Defense) A top Pentagon technology official underscored the U.S. commitment to leading the international conversation surrounding artificial intelligence during a panel discussion in Washington.
Research and Development
IBM Announces Its Achievement of a New Breakthrough in Quantum Computing, Demonstrating Capabilities Surpassing Supercomputing (LatestLY) Tech major IBM has announced a new breakthrough in quantum computing, demonstrating for the first time that quantum computers can produce accurate results at a scale of more than 100 qubits reaching beyond leading classical supercomputing.
Legislation, Policy, and Regulation
The world’s regulatory superpower is taking on a regulatory nightmare: artificial intelligence (Atlantic Council) Atlantic Council experts answer the most pressing questions on the EU's AI Act, including what's in it, when it could become law, and what it means for the world.
Breton urges more EU countries to ban Huawei, ZTE from networks (Reuters) EU industry chief Thierry Breton on Thursday urged more EU countries to join the 10 that have restricted or banned China's Huawei (HWT.UL) and ZTE from their 5G telecoms networks, citing risks to the bloc's collective security.
EU tells members to ban Huawei and ZTE over ‘materially higher risks’ (South China Morning Post) Decision to publicly go after blue-chip 5G providers reflects Brussels’ frustration with the bloc’s slow pace of change in ensuring network security.
Banning Huawei and ZTE from 5G networks 'justified', EU says (euronews) European Commissioner Thierry Breton said that more EU member states needed to implement the bloc's cybersecurity guidelines.
Who’s Afraid of the SEC? (DFRLab) The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.
Impacts of the National Cybersecurity Strategy on Government and Private Sector Collaboration (Lexology) On March 2, 2023, the Biden-Harris Administration released the National Cybersecurity Strategy.[i] The highly anticipated Strategy has illuminated…
Litigation, Investigation, and Law Enforcement
Court unseals long-awaited election security reports (Washington Post) Voting machine security reports highlight ongoing fight
The Law Is Coming for AI—But Maybe Not the Law You Think (The Information) While the approval of the AI Act in the European Parliament on Wednesday will no doubt go down in history as a day of reckoning for generative artificial intelligence, it was not the first. That honor belongs to March 31, when, citing a lack of compliance with various European data protection ...
Guardsman indicted on charges of disclosing classified national defense information (AP News) The Massachusetts Air National Guardsman accused of leaking highly classified military documents has been indicted on federal felony charges, the Justice Department said Thursday.
Jack Teixeira, Pentagon leaks suspect, indicted by federal grand jury (the Guardian) US airman charged with six counts of retention and transmission of classified documents relating to national defense, DoJ says
Charges against alleged Pentagon leaker Jack Teixeira explained (Newsweek) Teixeira, 21, is accused of leaking hundreds of pages of classified Pentagon documents to an online group chat on the social media platform Discord.
Suspected LockBit ransomware affiliate arrested, charged in US (BleepingComputer) Russian national Ruslan Magomedovich Astamirov was arrested in Arizona and charged by the U.S. Justice Department for allegedly deploying LockBit ransomware on the networks of victims in the United States and abroad.
Russian national arrested in Arizona, charged for alleged role in LockBit ransomware attacks (CyberScoop) The group is one of the most prolific ransomware gangs, responsible for an estimated $91 million paid by U.S. victims.
NH residents file class action lawsuits against Harvard Pilgrim over data breach (NH Business Review) After an April cybersecurity incident compromised millions of customers’ data, some of those affected are taking legal action.
Capita faces lawsuit over data breach (Business Insurance) Law firm Barings Ltd. has launched legal proceedings against U.K.-based business process outsourcing company Capita P.L.C. on behalf of clients who suspect that their personal data may have got compromised during a cyber attack earlier this year, Professional Pensions reported. Investigations by Barings found alarming potential breaches of personal data, including emails, home addresses and compromised passports. The cyber attack also targeted pensions which were administered through Capita’s systems.
Hospital data breach triggers two class-action lawsuits - Iowa Capital Dispatch (Iowa Capital Dispatch) An Iowa hospital chain is facing lawsuits over a cyberattack that may have given hackers access to information on more than 20,000 patients.
Florida-based dental insurer sued after hackers steal info about 8.9 million people (Yahoo News) It doesn’t take long after announcing a data breach for companies to become targets of class-action lawsuits. One such company, Miramar, Florida-based Managed Care of North America Dental, reported on May 26 that it suffered a ransomware breach between Feb. 26 and March 7 that affected 8.9 million individuals. MCNA Dental is the nation’s largest dental insurer for government-funded Medicaid, ...