Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+481: An operational pause and a Darknet Parliament. (CyberWire) Ukraine continues to make slow progress during what amounts to an operational pause. Russian hacktivist auxiliaries and privateers announce a "Darknet Parliament."
Russia-Ukraine war at a glance: what we know on day 482 of the invasion (the Guardian) Ukraine claims to have shot down 32 of 35 drones in overnight Russian attack; both sides said to be enduring heavy casualties in frontline fighting
Heavy casualties on both sides as Ukraine offensive edges forward (the Guardian) British intelligence report comes as Kyiv celebrates liberation of eighth settlement in south of country
Ruins And Russian Dead: Ukraine Counteroffensive Trudges On After Early Successes (RadioFreeEurope/RadioLiberty) RFE/RL's Serhiy Nuzhnenko was granted access to the village of Blahodatne in eastern Ukraine's Donetsk region. It was among the first villages to be liberated as part of Kyiv's counteroffensive against invading Russian forces.
Russia-Ukraine war live: Ukrainian forces reportedly take control of Piatykhatky – as it happened (the Guardian) Russian-installed official says Ukraine has made new gain on battle front since launch of counter-offensive earlier this month
Russian Strikes, Shelling Kill Civilians In Kharkiv And Kherson As Fighting Under Way In Eastern, Southern Ukraine (RadioFreeEurope/RadioLiberty) Russian missile strikes and shelling killed at least six people over the past 24 hours in Ukraine, regional officials said, as the Ukrainian military reported limited advances in its recently launched counteroffensive to regain territory occupied by Russia since the start of its unprovoked invasion.
Russia-Ukraine war live: counteroffensive records ‘tactical successes’ as troops advance south (the Guardian) Follow the latest updates
Ukraine takes village on Zaporizhzhia front, Russia-appointed official says (the Guardian) War blogger also reports recapture of Piatykhatky, which if confirmed would be first village taken in nearly a week
Ukrainian Military Reports Clashes In East As Death Toll From Dam Destruction Rises (RadioFreeEurope/RadioLiberty) The General Staff of Ukraine's military said heavy fighting has been taking place over the past day in the Bakhmut, Lyman, Avdiyivka, and Maryinka areas in Donetsk. It reported a total of 26 combat clashes over that period of time in the area.
Confirmed Russian Troop Losses Climb To More Than 25,500, Report Says (RadioFreeEurope/RadioLiberty) A project of the BBC and independent Russian media outlet Mediazona says it has confirmed the deaths of 25,528 Russian troops in the war with Ukraine.
Russia aims to defeat counteroffensive with mines, artillery and aviation (Washington Post) As Ukraine readied its counteroffensive by gathering Western weapons and sending its troops for NATO training, Russia spent at least seven months preparing for this potentially definitive stage of the war — by readying reserves, artillery and aviation support, stockpiling ammunition and fuel, and procuring more drones.
Russia, Learning From Costly Mistakes, Shifts Battlefield Tactics (New York Times) Moscow’s forces remain uneven. But while bracing for a counteroffensive, they have improved discipline, coordination and air support, foreshadowing a changing war.
Russian forces face shortage of tanks as counteroffensive creeps forward (Guardian) Ukraine forces slowly pushing back Putin’s troops, claims Kyiv, aided by western hardware
Russia-Ukraine war at a glance: what we know on day 478 of the invasion (the Guardian) Explosions reported in Kyiv during African peace initiative visit; Ukraine has retaken more than 100 sq km in counteroffensive, commander claims
'Everyone For Themselves': Attacks In Border Towns And Cities Bring The War To Russia's Doorstep (RadioFreeEurope/RadioLiberty) Attacks in Shebekino and elsewhere in the Belgorod region have brought the war home to Russia as local residents grapple with the new reality.
To fight Putin, Russian militias aid Ukraine with cross-border attacks (Washington Post) The first cross-border raids were quick and furtive, the commander said, just a handful of fighters entering a village, scouting the terrain, taking a few shots at Russian border guards and slipping away. Later, they returned briefly to speak with villagers. Finally, he said, a large group carried out the main mission — killing dozens of enemy troops, taking others prisoner and stealing weapons.
‘It’s 21st-century warfare’: on Ukraine’s counteroffensive frontline (the Guardian) Despite gradual progress, drone operators remain resolute about their critical role in counterattack
The drone unit hunting for Russian ‘foxes’ in a Ukrainian forest (The Telegraph) Once a hikers’ paradise, the Dvorichanskyi National Park on the eastern border with Russia now plays host to more sinister invaders
Prepare for Ukraine's counter-offensive to falter (The Telegraph) Ukraine is unlikely to achieve rapid and decisive victories. Nato must guard against France and Germany going wobbly
Ukraine live briefing: Putin says he has ‘no doubt’ counteroffensive will fail as African leaders meet in Kyiv (Washington Post) Leaders of several African nations arrived in Ukraine on Friday on a diplomatic tour aimed at encouraging peace negotiations and highlighting the impact of the conflict on their continent. The group, led by South African President Cyril Ramaphosa, traveled by train from Poland to Kyiv. He and officials from Senegal, Egypt, Zambia and the Comoros later toured the town of Bucha, visiting a church and the site of a mass grave. Ukrainian officials said in statements that Ukrainian forces shot down Russian missiles fired at Kyiv as the delegates arrive
Vladimir Putin tells West to ‘go to hell’ on nuclear arms reduction (The Telegraph) Russian president says ‘we have more nuclear missiles than Nato countries, and they want to reduce our numbers’
Will Russia’s Break With the West Be Permanent? (Foreign Affairs) Putin has created a rupture that will be difficult to repair.
UN nuclear chief says situation at Zaporizhzhia plant is ‘serious’ but it can operate safely for ‘some time’ (the Guardian) Rafael Grossi visited the Russian-controlled plant amid concerns for water levels in cooling pools after dam breach
IAEA Concerned About Reservoir's Depletion After Grossi Visit To Nuclear Plant (RadioFreeEurope/RadioLiberty) The UN nuclear watchdog said on June 16 after a visit by its chief to the Zaporizhzhya Nuclear Power Plant in Ukraine that it was unclear whether water from the Kakhovka dam's reservoir can still be pumped to the plant.
Russia had means, motive and opportunity to destroy Ukraine dam, drone photos and information show (AP NEWS) Exclusive drone photos and information obtained by The Associated Press shows that Russia had the means, motive and opportunity to bring down a Ukrainian dam that collapsed earlier this month while under Russian control. Two officials said Russian troops were stationed in a crucial area inside the Kakhovka Dam where the Ukrainians say the explosion that destroyed it was centered. Images taken from above and shared with the AP also appear to show an explosives-laden car atop the structure. It’s not clear the car ever exploded and any such bomb would not have been powerful enough to bring down the dam. But Ukrainian officials say the photos show the Russians’ intent to rig it, and that they had the access and control to do so.
Evidence Suggests Russia Blew Up Kakhovka Dam In Ukraine, New York Times Reports (RadioFreeEurope/RadioLiberty) Evidence suggests this month's destruction of the huge Kakhovka dam in a Russian-controlled area of Ukraine resulted from an inside explosion set off by Russia, The New York Times said.
Kakhovka collapse: image emerges of apparently explosive-laden car at dam (the Guardian) Photograph taken by Ukrainian drone on 28 May said to offer further evidence Russia was behind breach
NATO-Ukraine Defense Council to Be Established (U.S. Department of Defense) NATO plans to invite Ukraine into a new NATO-Ukraine defense council as an equal member, NATO Secretary General Jens Stoltenberg said during a press conference in Brussels.
NATO finalizing new Ukraine Council to draw Kyiv 'politically closer' to alliance (Breaking Defense) NATO Secretary General Jens Stoltenberg explicitly ruled out Ukraine being offered an invitation to join at the forthcoming Vilnius Summit, but reaffirmed that Russia does not "get a veto."
Secretary of Defense Lloyd J. Austin III Press Conference Following a NATO Defense Ministers... (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III held a press conference following a NATO defense ministers meeting in Brussels.
Stoltenberg Likely To Be Asked To Remain As NATO Chief, Sources Say (RadioFreeEurope/RadioLiberty) Jens Stoltenberg is expected to be asked to remain as NATO secretary-general for another year, a source familiar with the discussions and a U.S. official said on June 17.
Will the Russian Federation Survive Until 2024? (The New York Sun) That is the question — if it doesn’t land one in a labor camp.
Pro-Russian hackers remain active amid Ukraine counteroffensive (CyberScoop) Pro-Russian hackers are focused on Ukrainian service providers, media, critical infrastructure and collecting data from government networks.
A bear in wolf’s clothing: Insights into the infrastructure used by Anonymous Sudan to attack Australian organisations | CyberCX (CyberCX) Inisghts into the infrastructure used by Anonymous Sudan to attack Australian organisations.
European Investment Bank hit by cyber attack after Russian hackers vow to bring down financial system (The Telegraph) Hackers threatened to attack Western financial institutions over support for Ukraine
European Investment Bank attacked, hackers claiming to “impose sanctions on EU” (Cybernews) Pro-Russian hacktivists have attacked European banking institutions, listing European Investment Bank (EIB) as one of their victims.
Killnet Threatens Imminent SWIFT, World Banking Attacks (Dark Reading) The DDoS collective claims to be teaming up with ReVIL and Anonymous Sudan for destructive financial attacks in retaliation for US aid in Ukraine, but the partnerships (and danger) are far from verified.
Killnet, REvil and Anonymous threaten cyberattack on European financial system 'in next 48 hours' (Tech Monitor) Killnet REvil and Anonymous threaten SWIFT and European banking system with destructive attack in 48 hours.
Ukraine's Defense Chief Points To Support From European Partners, Hopes To Liberate Crimea (RadioFreeEurope/RadioLiberty) Ukrainian Defense Minister Oleksiy Reznikov provided few details about Ukraine's ongoing counteroffensive but stressed the importance of the military support Kyiv is receiving from European countries and his hopes to celebrate his 58th birthday next year in Crimea.
UK to give Ukraine major boost to mount counteroffensive (GOV.UK) UK to give major boost to cyber defences as Ukraine mounts counteroffensive
UK to allocate funds to strengthen cyber security in Ukraine (Yahoo Life) The UK is to allocate about £16 million [US$20.5 million] to help Ukraine in the field of cyber security. Source: Reuters Details: According to a statement by the UK government, they plan to allocate £16 million to help Ukraine in the field of cyber security, with the potential for another £9 million to be received from international allies.
Britain to double cyber defense funding for Ukraine (Record) The United Kingdom on Sunday announced a “major expansion” to its Ukraine Cyber Program, which has seen British experts provide remote incident response support to the Ukrainian government following Russian cyberattacks on critical infrastructure.
‘They enjoyed this’: Ukrainian woman recounts five-month nightmare of torture and imprisonment (the Guardian) Russian occupiers have unleashed a reign of terror in the city of Enerhodar, detailed here by one survivor of the secret police
'Muting The Horrors': Experts Warn Of Addiction Crisis As Russian Soldiers Return From Ukraine (RadioFreeEurope/RadioLiberty) Although the real dimensions of the possible crisis will only be known after a year or two, psychologists are alarmed about the rise in addiction cases among Russian soldiers returning from Ukraine.
Kremlin officials turn to heavy drinking to cope with war stress (The Telegraph) Senior Russian government members are turning up to meetings drunk as they down vodka, cognac and wine throughout the day, sources say
As well as fighting Russia, Ukrainians are battling corruption at home (the Guardian) As the UK is set to hold a conference on how to rebuild postwar Ukraine, many worry what will happen to funds sent through a system where money disappears
Western firms snub ‘Russian Davos’ as its prestige evaporates (the Guardian) Annual event headlined by Vladimir Putin described as ‘totally toxic’ since full-scale invasion of Ukraine
Ukraine war live: Britain will not drop sanctions if Russia ends the war (The Telegraph) The British Government has introduced new legislation which enables sanctions on Russia to be kept in place until Moscow pays compensation to Ukraine.
UK ‘should seize oligarchs’ assets to pay for reconstruction of Ukraine’ (the Guardian) Government adviser says Britain should confiscate mansions to fund postwar rebuilding
Attacks, Threats, and Vulnerabilities
Hackers strike Iranian government, releasing presidential documents (Yahoo) Latest trove includes letter concerning protests addressed to intelligence chief from Raisi’s office
Data Breach at New BreachForums: 4,000 members' data leaked (HackRead) Follow us on Twitter @Hackread - Facebook @ /Hackread
Group-IB Discovers 100K+ Compromised ChatGPT Accounts on Dark Web Marketplaces; Asia-Pacific region tops the list (Group-IB) Group-IB, a global cybersecurity leader headquartered in Singapore, has identified 101,134 stealer-infected devices with saved ChatGPT credentials. Group-IB’s Threat Intelligence platform found these compromised credentials within the logs of info-stealing malware traded on illicit dark web marketplaces over the past year.
Lessons Learned from OT:ICEFALL – New Vulnerabilities and Insights on OT Security Design and Patching (Forescout) In our final OT:ICEFALL report, Forescout Vedere Labs presents three new vulnerabilities and concludes the project after one year of research following the original disclosure.
Reddit hackers threaten to leak data stolen in February breach (BleepingComputer) The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company.
Reddit: Hackers demand $4.5 million and API policy changes (Computing) Criminals have told Reddit to pay a ransom demand and roll back its controversial API price hikes, or they will publish confidential data they have stolen from the platform.
Hackers threaten to leak 80GB of confidential data stolen from Reddit (TechCrunch) Hackers are threatening to release confidential data stolen from Reddit unless the company withdraws its controversial API price hikes
Reddit Files: BlackCat/ALPHV ransomware gang claims to have stolen 80GB of data from Reddit (Security Affairs) The BlackCat/ALPHV ransomware gang claims to have stolen 80GB of data from the Reddit in February cyberattack. In February, the social news aggregation platform Reddit suffered a security breach, attackers gained unauthorized access to internal documents, code, and some business systems. The company announced it was hit by a sophisticated and highly-targeted attack that took […]
Android spyware camouflaged as VPN, chat apps on Google Play (BleepingComputer) Three Android apps on Google Play were used by state-sponsored threat actors to collect intelligence from targeted devices, such as location data and contact lists.
New Mystic Stealer malware increasingly used in attacks (BleepingComputer) A new information-stealing malware named 'Mystic Stealer,' has been promoted on hacking forums and darknet markets since April 2023, quickly gaining traction in the cybercrime community.
Mystic Stealer - Evolving "stealth" Malware (CYFIRMA) EXECUTIVE SUMMARY Information stealers pose an ongoing and dynamic threat to the security of both individuals and organizations. CYFIRMA’s Research...
Mystic Stealer (Zscaler) Mystic Stealer is a new information stealer that implements a binary protocol, targets dozens of browser extensions, and employs anti-analysis techniques.
New Information Stealer 'Mystic Stealer' Rising to Fame (SecurityWeek) A new information stealer malware named Mystic Stealer is gaining traction among cybercriminals on prominent underground forums.
New Mystic Stealer Malware Targets 40 Web Browsers and 70 Browser Extensions (The Hacker News) A new information-stealing malware called Mystic Stealer is targeting 40 web browsers and 70 browser extensions, as well as cryptocurrency wallets.
Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west (the Guardian) Cybersecurity firm says Anonymous Sudan is unlikely to be authentic hacktivist group, as initially believed
Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks (AP News) In early June, sporadic but serious service disruptions plagued Microsoft’s flagship office suite — including the Outlook email and OneDrive file-sharing apps — and cloud computing platform. A shadowy hacktivist group claimed responsibility, saying it flooded the sites with junk traffic in distributed denial-of-service attacks.
Microsoft says early June service outages were cyberattacks (Reuters) Microsoft said on Friday that the outages that affected certain services of the company through some of the earlier days of this month were the result of cyberattacks, but said it saw no evidence of any customer data being accessed or compromised.
Microsoft confirms Azure, Outlook outages caused by DDoS attacks (BleepingComputer) Microsoft has confirmed that recent outages to Azure, Outlook, and OneDrive web portals resulted from Layer 7 DDoS attacks against the company's services.
Microsoft admits DDOS as cause of recent cloud outages (Register) Previous claims its own software updates were the issue remain almost, kinda, plausible
Microsoft blames June outage on Russian DDoS (Computing) Microsoft has confirmed its services succumbed to DDoS attacks earlier this month, while a cybersecurity firm has pointed at Russia as the culprit.
Microsoft admitted it was targeted in a cyber attack claimed by a Russian-linked group called Anonymous Sudan (Quartz) Microsoft Outlook and Azure were among the services impacted by the DDoS attack
MOVEit Transfer and MOVEit Cloud Vulnerability (Progress.com) This page provides the latest information on the MOVEit Transfer and MOVEit Cloud vulnerabilities. As we continue our investigation and new details are uncovered, this page will be updated. Please check back frequently for updates.
A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) (Help Net Security) Progress has asked customers to update their MOVEit Transfer installations to fix a third SQL injection vulnerability (CVE-2023-35708).
MOVEit Transfer Critical Vulnerability – CVE Pending (June 15, 2023) (Progress Customer Community) Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment.
Progress Software Discloses Another MOVEit Cybersecurity Vulnerability (Health IT Security) The newly discovered cybersecurity vulnerability could lead to escalated privileges and potential unauthorized access if exploited.
New MOVEit Transfer Zero Day Emerges (Decipher) A new vulnerability (CVE-2023-35708) in MOVEit Transfer has been disclosed and Progress Software is urging customers to update immediately to prevent exploits.
Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted (Record) A third vulnerability affecting the popular MOVEit file transfer tool is causing alarm among U.S. officials and cybersecurity researchers after it was revealed that several government agencies were affected by a hack exploiting the first bug.
MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately” (Naked Security) Twice more unto the breach… patch being tested, in the meantime, shut down web access.
U.S. Energy Dept gets two ransom notices as MOVEit hack claims more victims (Reuters) The ransom requests from the Russia-linked extortion group came to its nuclear-waste facility and the scientific education facilities that were recently hit in a global hacking campaign.
U.S. Receives Ransom Requests From Russia-Linked Group After Data Breach (RadioFreeEurope/RadioLiberty) The U.S. Department of Energy received ransom requests from a Russia-linked extortion group at its nuclear waste facility and at scientific education facilities, a spokesperson said on June 16.
A Russia-Based Hacking Rampage Hits US Agencies and Exposes Millions (WIRED) The ransomware gang Clop exploited a vulnerability in a file transfer service. The flaw is now patched, but the damage is still coming into focus.
CISA Confirms Russian Cyberattack on MOVEit App Affected US Government Agencies (Executive Gov) Looking for the latest Government Contracting News? Read about CISA Confirms Russian Cyberattack on MOVEit App Affected US Government Agencies.
U.S. government says several agencies hacked as part of broader cyberattack (CNBC) Jen Easterly, head of the top civilian cybersecurity watchdog, said the agency was tracking the hackers “as a well-known ransomware group.”
DC: Possible data breach at U.S. Department of Agriculture (ABC Columbia) The Agriculture Department is investigating a possible data breach related to a broader hack of U.S. government agencies.
Global hacking campaign: Energy Department and other agencies hit by wave of cyberattacks (USA TODAY) The Department of Energy and other government agencies were hit by a global cyber-attack. Some of the hits were linked to China and possibly Russia
University of Missouri investigating after Russian hacking group claims cyberattack on system (KMOV) The University of Missouri is investigating a possible cyberattack that may have breached their software and information.
Russian hackers claim responsibility for University System of Georgia data breach (WSB-TV Channel 2 - Atlanta) The university system admitted there was a security flaw.
MOVEit Customers Urged to Patch Third Critical Vulnerability (SecurityWeek) Progress Software is urging MOVEit customers to apply patches to a critical vulnerability (CVE-2023-35708) in the file transfer software.
Ransomware Gang Haunted US Firms Long Before MOVEit Hack (Insurance Journal) Shell Plc, IAG SA's British Airways, the British Broadcasting Corp., the state of Minnesota's Department of Education, multiple federal agencies — they're
Attacker seizes abandoned S3 bucket to launch malicious payloads (SC Media) Checkmarx says the unidentified attacker looked to steal user credentials and send them to a hijacked Amazon S3 bucket.
Using Legitimate PDFs for BEC 3.0 Attacks (Avanan) Hackers are using legitimate PDF services to get into the inbox.
Treasurer warns of phishing emails claiming to be from Pennsylvania Treasury Department (WGAL) The emails include a link to a fake version of the treasury's website.
FOI data breaches prompt investigation into Cabinet Office (Manx Radio) Officer accessed personal data contained in over 540 requests
‘It could be taken down by an enthusiastic child’: Whitehall wide open to cyber-attack, warn campaigners (the Guardian) TaxPayers’ Alliance says HMRC, health department and atomic energy authority all use old servers that make them vulnerable
Fayetteville, Arkansas latest city dealing with debilitating cyberattack (Record) The city of Fayetteville in Arkansas is just the latest in a series of U.S. cities that had systems brought down due to cyberattacks.
Iowa’s largest school district confirms ransomware attack, data theft (BleepingComputer) Des Moines Public Schools, Iowa's largest school district, confirmed today that a ransomware attack was behind an incident that forced it to take all networked systems offline on January 9, 2023.
DMPS Notifies Individuals of Data Security Incident (Des Moines Public Schools) Des Moines Public Schools is reaching out to nearly 6,700 individuals this week to notify them of a data security incident that occurred earlier this year. The incident, which involved a cyberattack against the school district in January, may have resulted in the exposure of personal information belonging to those individuals.
AI is already causing unintended harm. What happens when it falls into the wrong hands? (the Guardian) Meta, where I used to work, is developing powerful tools. I’m worried about what could happen if they’re picked up by malicious actors, says David Evan Harris, an adviser on AI ethics
Quantum hacking alert: USTC uncovers critical vulnerabilities in quantum key distribution (EurekAlert!) The team led by academician GUO Guangcan from the University of Science and Technology of China of the Chinese Academy of Sciences made progress in the practical security of quantum key distribution (QKD). Researchers identified a potential security vulnerability in the modulator device of the QKD transmitter, and conducted quantum hacking attacks utilizing this vulnerability. The attacks demonstrated that when the vulnerability is not adequately protected, an attacker may exploit it to obtain the entire key information. The results were published in Optica and Physical Review Applied.
Public Wi-Fi networks are not a safe choice (The Manila Times) DO we really know what is behind the technology of cell phones and routers? The latest Forbes study shows how 35 percent of North Americans access public Wi-Fi networks three to four times a day, a situation that has caused 40 percent of them to have had their information compromised at some point.
School kids are stealing millions of dollars of NFTs — to buy Roblox skins (The Block) Those using NFT drainers like Inferno and Venom for phishing attacks have caused a total of $73 million of damage.
Security Patches, Mitigations, and Software Updates
Microsoft resolves ‘dangerous’ new Azure vulnerabilities (Record) Microsoft recently fixed two vulnerabilities affecting two Azure-related tools that would have allowed hackers to access a victim’s data and make changes to their virtual environment.
Third MOVEit bug fixed a day after PoC exploit made public (Register) Millions of people's personal info swiped, Clop leaks begin with 'Shell's stolen data'
Trends
Fortinet Global Zero Trust Report Finds Majority of Organizations are Actively Implementing Zero Trust But Many Still Face Integration Challenges (Fortinet) Almost half of respondents reported significant challenges related to a lack of integration between zero-trust solutions deployed on-premises and in the cloud
Cybercriminals return to business as usual in a post-pandemic world (Help Net Security) Emotet's presence has been intermittent, with the group also showing signs of lethargy in adapting to the post-pandemic threat landscape.
Marketplace
2023 Information Security Overview (PitchBook) The 2023 Information Security Overview includes market maps of VC-backed companies; business model descriptions; and an overview of key deals, exits, and incumbents within the information security ind
Natixis Has $15.63 Million Stock Holdings in Rapid7, Inc. (NASDAQ:RPD) (Defense World) Natixis lifted its position in shares of Rapid7, Inc. (NASDAQ:RPD – Get Rating) by 44.6% during the 4th quarter, according to its most recent filing with the Securities and Exchange Commission (SEC). The fund owned 459,890 shares of the technology company’s stock after purchasing an additional 141,857 shares during the period. Natixis owned 0.78% of […]
US Investors Sniffing Around Blacklisted NSO Group Assets (Dark Reading) Pressure mounts on the NSO Group's business viability as Khashoggi widow joins group of plaintiffs suing the Israeli firm for Pegasus spyware abuse.
Guy Carpenter adds to cyber team (Insurance News) Global reinsurer Guy Carpenter has announced a series of appointments and promotions to its cyber divisions in New York and London which it says will enhance and enrich its digital capabilities.
Former Novetta CEO Tiffanny Gates Appointed Operating Partner at Capitol Meridian Partners - GovCon Wire (GovCon Wire) Looking for the latest GovCon News? Check out our story: Tiffanny Gates Named CMP Operating Partner. Click to read more!
Products, Services, and Solutions
How Tanium Can Help With The MOVEit Vulnerability (CVE-2023-34362) (The Tanium Success Community) On May 31, 2023, Progress reported a vulnerability in MOVEit Transfer and MOVEit Cloud that could lead to escalated privileges and potential unauthorized access to the environment. MOVEit Cloud has been patched and fully restored across all cloud clusters. MOVEit Transfer customers are urged to apply up-to-date patches as soon as possible.
Dashlane Releases Passkey Support on Android (Dashlane) Dashlane is bringing third-party passkey support to Android 14 users. Now they can use Dashlane on websites and apps that support passkeys.
Traceable AI Announced as Launch Partner for Wiz Integration (WIN) (Business Wire) Traceable and Wiz enhance cloud security by correlating threats across APIs, Kubernetes, containers, microservices, serverless and infrastructure, reducing overall Cloud risk
OpenTitan’s RTL Freeze - Leveraging Transparency to Create Trustworthy Computing · lowRISC: Collaborative open silicon engineering (lowRiSC) We are delighted to announce an important development for OpenTitan®: RTL Freeze for the Earl Grey discrete, the first OpenTitan chip tapeout. This milestone is a source of immense pride for lowRISC and our OpenTitan partners, because it’s a concrete demonstration of the success of the Silicon Commons™ approach to making silicon radically more transparent and trustworthy.
Using Comodo Certificates to Secure Your Website: An Armor for Cyber Threats (EDM Chicago) Enhance website security with Comodo Certificates: Strong encryption, reliable authentication, and comprehensive protection against cyber threats.
Cybersixgill IQ cracks down on cybersecurity threats using generative AI (Jerusalem Post) In a metaphorical "chocolate and peanut butter" pairing of technologies, Cybersixgill is applying generative AI to cybersecurity.
Team Cymru launches threat-hunting tool aims to fast-forward analysis (CSO Online) The new scouting tool for threat hunting and malicious infrastructure analysis promises to level up users’ security operation centers.
Next Announces ‘Scoped Investigations’ to Protect Employee Privacy (Business Wire) New capability separates employee identity from their behavioral data to prevent misuse or mishandling of the information
Banyan Security Keeps Corporate Secrets out of AI Tools and ChatGPT (GlobeNewswire News Room) The market leading device centric architecture defeats the most advanced AI threats providing modern secure access, and a remarkable user experience....
Sonatype Repository Firewall Has Prevented More Than $1.5B in Losses from Malicious Attacks (GlobeNewswire News Room) Now Available as a SaaS-First Solution for Rapid Protection at Scale...
Kali Linux review: A swiss army knife for cyber security pros (ITPro) Use Kali Linux for good, not evil – and forge a career in cybersecurity while you're at it
Quirk Auto Group selects BIO-key’s PortalGuard® Cloud Solution to Meet Updated GLBA Act Safeguards Rule Requirements to Protect Consumer Data (GlobeNewswire News Room) Quirk consolidated IAM solutions around PortalGuard, enhancing cybersecurity capabilities and login experience...
Ontinue Adds Revolutionary AI-Powered Skills to its ION MXDR Service (PR Newswire) Ontinue, a leading provider of AI-powered extended managed detection and response (MXDR) services and winner of the 2023 Microsoft Security...
Netskope Enables Secure Enterprise Use of ChatGPT and Generative AI Applications with First-of-Its-Kind Solution (Netskope) ChatGPT usage growing 25% monthly in enterprises, prompting key decisions to block or enable based on security, productivity concerns SANTA CLARA, Calif.
Cyware Announces Technology Partnership with Mimecast to Extend Cyber Fusion with Advanced Email Security (Business Wire) Cyware, a leading provider of threat intelligence management and cyber fusion solutions, announced today a strategic technology partnership with Mimecast, an advanced email and collaboration security company.
ShardSecure® Announces Allowance of Pivotal US Patent Application (PR Newswire) ShardSecure, a leading provider of cloud data security and resilience software, is pleased to announce its receipt of a Notice of Allowance...
Cymulate Announces Security Analytics for Continuous Threat Exposure Management (Cymulate) Cymulate announced the release of a ground-breaking new solution for organizations to run an informed continuous threat exposure management (CTEM) program.
eSentire Harnesses World’s Largest MDR Dataset to Transform Customer… (eSentire) eSentire, Inc., the Authority in Managed Detection and Response (MDR), today announced the launch of eSentire AI Investigator, using generative AI powered cybersecurity to augment eSentire XDR Platform users of all levels with expertise to build their organization’s cyber resilience.
Faster website, more customers: Cloudflare Observatory can help your business grow (The Cloudflare Blog) Today, we are thrilled to unveil the Cloudflare Observatory, our new and enhanced Speed Tab. Cloudflare customers now have access to a suite of powerful tools that simplify performance monitoring and offer enhanced product recommendations
How to use Cloudflare Observatory for performance experiments (The Cloudflare Blog) Introducing Cloudflare's Performance Experiments in Observatory: Safely test code, improve website speed, and minimize risk
Forward Networks' Digital Twin Technology Named Best SaaS Solution by Cloud Security Awards (PR Newswire) Forward Networks continues to gain recognition as an industry leader for its network digital twin technology. Recently, Forward Enterprise was...
Technologies, Techniques, and Standards
Are federal agencies’ post-quantum cryptography preparations on track? (FedScoop) Federal agencies are supposed to be preparing for quantum hacking. Their progress is unclear.
NSA Cyber Official Discusses Cyber Partnerships (Meritalk) As cyberattacks continue to be on the rise, information sharing between the public and private sectors is even more crucial, especially with Defense Industrial Base (DIB) companies, according to a cybersecurity official at the National Security Agency (NSA).
Town and county teams simulate responding to cyber attacks (News Letter Journal) The name of this game is cybersecurity, and the real-world consequences can be disastrous.
Could simpler language improve security? (Microscope) Vendors and partners can be guilty of making data protection complicated but Nick Booth wonders if life could be easier if explanations were more straightforward
Design and Innovation
AI's evolving role in strengthening enterprise cybersecurity efforts (Strategy Magazine) AI is a crucial component of modern cybersecurity measures, as it increases process efficiency, reduces operational costs and resolves issues related to scaling.
Academia
US Army Cyber Command, DSU sign education partnership agreement (Dakota News Now) DSU is one of only three universities in the entire nation that has matched all three credential levels for this program.
GameAbove elevates Eastern Michigan University’s Cybersecurity Program with a $1.6M gift to its College of Engineering and Technology (Eastern Michigan University) The robust cybersecurity program will soon include new research and certificate
Legislation, Policy, and Regulation
Cybersecurity Malaysia CEO urges Malaysians to say "No" to paying ransomware (TechNave) If you or your company got targeted by ransomware, is there a way to recover your data, or should you pay the ransom? According to the Cybersecurity M
Five big takeaways from Europe’s AI Act (MIT Technology Review) The AI Act vote passed with an overwhelming majority, but the final version is likely to look a bit different
Exclusive: OpenAI Lobbied E.U. to Water Down AI Regulation (Time) In public, OpenAI is calling for stronger AI guardrails. But documents show the company lobbied to weaken EU regulation
Little cause for optimism that Blinken’s China visit changed cyber equation (Washington Post) As U.S. officials issue dire warnings of Chinese cyberthreat, little hope for improvement after Blinken visit
China slams EU ban on Huawei, ZTE demands equal treatment (Reuters) China firmly opposes some EU countries' ban on Huawei and said the European Commission has no legal basis nor factual evidence to prohibit the Chinese telecom giant, a Chinese foreign ministry spokesperson said on Friday.
Huawei slams EU high-risk supplier claims as against principles of free trade | Computer Weekly (ComputerWeekly.com) Comms tech giant comes out swinging against being singled out by EC commissioner as having high-risk supplier status in 5G mobile infrastructures.
China Rejects US Security’s Cyber Hacking Report (BW Businessworld) The report by Mandiant, an American cyber security came ahead after Secretary of State, Antony Blinken’s visit to Beijing, , china, threats, cyber attacks, united states
Congress aims to strip 'Trojan horse' Chinese drones from all levels of government (Restoring America ) A bipartisan initiative in the House to ban federal, state, and local governments from using Chinese drones is the latest move by Congress to distance itself from the hostile nation.
EU’s PEGA Committee Adopts 8 Recommendations on Telecom Networks (Enea) Enea welcomes the PEGA Committee’s adoption of the eight telecom network recommendations to address the critical gaps which persist in protective frameworks. The Committee was set up by the European Parliament to investigate Pegasus and equivalent surveillance threats. The committee held its final vote on June 15 and all eight recommendations were adopted to safeguard mobile communications.
South Korea, U.S. to hold high-level meeting on cyber security (Reuters) South Korea and the United States will hold a high-level meeting on cyber security in Washington on June 20, the presidential office in Seoul said on Friday.
House Homeland Panel Leaders Heading Overseas for Cyber Talks (Meritalk) Leaders of the House Homeland Security Committee’s Cybersecurity and Infrastructure Protection Subcommittee will soon travel overseas for meetings on cybersecurity subjects as part of an official congressional delegation (CODEL).
NSO Group Statement on European Parliament's Adoption of Resolution on Surveillance Technologies (PR Newswire) NSO Group is pleased that the European Parliament has recognized that cyber technologies are essential tools to help law enforcement prevent...
Bill allowing CISA to assist foreign governments passes Senate committee (SC Media) The Department of Homeland Security’s ability to respond to requests from foreign countries for cybersecurity assistance could be delayed under current authority.
UK’s chief hacker to take over National Crime Agency’s economic and organized crime directorate (Record) The head of the United Kingdom’s National Cyber Force (NCF) is to leave his role later this month to take the reins at the National Crime Agency’s directorate for economic and organized crime threats.
Litigation, Investigation, and Law Enforcement
US govt offers $10 million bounty for info on Clop ransomware (BleepingComputer) The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government.
US offers $10m for information on Clop gang (Computing) Seeking evidence of links between the ransomware gang and state authorities
Law enforcement shutdown a long-standing DDoS-for-hire service (Security Affairs) Polish police, as part of the international law enforcement operation PowerOFF, dismantled a DDoS-for-hire service that has been active since at least 2013. An international operation codenamed PowerOff led to the shutdown of a DDoS-for-hire service that has been active since at least 2013. The operation was conducted by the Polish Central Bureau for Combating […]
Genetic testing firm accused by FTC of violating customers’ privacy (Record) The Federal Trade Commission is accusing the genetic testing firm 1Health.io of allegedly failing to secure customers’ genetic and health data and for duping them about the potential for getting their data erased.
Khashoggi's widow sues Israeli spyware company NSO over phone hacking (Reuters) The widow of murdered Saudi journalist Jamal Khashoggi says in a lawsuit that surveillance software built by the Israeli surveillance company NSO Group was used to spy on her messages in the months leading up to her husband's death.
Harvard Pilgrim data breach affected millions, yet insurer struggled to contact many potential victims for months (Boston Globe) A class action lawsuit accuses the insurer of failing to protect health information and failing to promptly notify members of the breach
Why the Pentagon Papers Leaker Tried to Get Prosecuted Near His Life’s End (New York Times) When Daniel Ellsberg was 42, a judge threw out Espionage Act charges against him. At 90, he sought such charges again in hope of challenging their constitutionality.
Megaupload duo will go to prison at last, but Kim Dotcom fights on… (Naked Security) One, sadly, has died, and two are heading to prison, but for Kim Dotcom, the saga goes on…
'Cryptocurrency King' Sentenced To Four Months In Jail In Montenegro For Fake Passport (RadioFreeEurope/RadioLiberty) A court in Montenegro has sentenced Do Kwon, the fugitive former CEO and co-founder of cryptocurrency company Terraform Labs, and his business partner to four months in jail for using forged documents.