Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+498: Attrition, but with all deliberate speed. (CyberWire) Ukraine conducts deliberate attacks along the front as it awaits more ammunition from the US and the EU.
Russia-Ukraine war at a glance: what we know on day 499 of the invasion (the Guardian) 10 people killed in Lviv missile strike; US poised to send cluster munitions to Ukraine
Russia-Ukraine war: List of key events, day 499 (Al Jazeera) As the war enters its 499th day, these are the main developments.
‘The Wagner mutiny was not crushed. It ended in a ceasefire’ (Al Jazeera) Wagner boss Yevgeny Prigozhin was expected to relocate to Belarus, but Lukashenko says he’s in Russia.
Russia TV blasts Wagner boss Prigozhin, says mutiny probe ongoing (Al Jazeera) Russia’s state Russia-1 TV channel broadcast programme in which Wagner boss branded ‘a traitor’ over rebellion.
Prigozhin’s disguises revealed as Russia looks to humiliate Wagner boss (The Telegraph) Security services leak private images of the mercenary leader in fake beards and wigs as state TV airs footage of a police raid on his home
Who is Russia’s defence chief at the heart of Wagner’s rebellion? (Al Jazeera) The general was once seen as being President Putin’s successor. Now his credibility is in question, analysts say.
Zelenskiy Calls For 'Clear Signal' On Ukraine's NATO Membership (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy called on NATO to send "a clear signal" about his nation's future membership in the military alliance less than a week ahead of a NATO summit in the Lithuanian capital.
Ukraine calls for long-range weapons from US to fight Russian forces (Reuters) Ukrainian President Volodymyr Zelenskiy said during a visit to the Czech Republic on Friday that Kyiv needed long-range weapons form the United States to fight Russian forces that have invaded his country.
EU takes a major step in approving plans to boost its anemic ammunition production to help Ukraine (AP News) The European Union is taking a major step in approving plans to boost its anemic production of ammunition and missiles within the 27-nation bloc.
Ukraine-Russia war latest: Joe Biden approves cluster weapons for Ukraine (The Telegraph) Joe Biden has approved sending cluster weapons to Ukraine, according to reports.
U.S. Is Considering Giving Cluster Munitions to Ukraine, Official Says (New York Times) Ukraine has pressed the United States to supply it with the munitions. Here’s a guide to why this type of weapon is controversial and widely banned — and why Kyiv wants it.
Why the US is willing to send Ukraine cluster munitions now (AP News) The Biden administration has agreed to provide controversial cluster munitions to Ukraine that it says could help its forces penetrate Russia's defensive lines, but that many nations have pledged not to use again due to risks to civilians.
EXPLAINER: What danger do cluster bombs pose? (AP News) Reports have emerged that Russia is using cluster bombs in its incursion in Ukraine, a charge Moscow denies.
Readout of Secretary of Defense Lloyd J. Austin III's Call With Ukrainian Minister of Defe (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke with his Ukrainian counterpart to discuss developments on the battlefield in Ukraine.
Ukraine, Bulgaria to cooperate in energy sector – memo (Interfax-Ukraine) As part of the official visit of President of Ukraine Volodymyr Zelenskyy to Bulgaria, a memorandum of understanding was signed between the Ministries of Energy of Ukraine and Bulgaria on cooperation in the field of energy in the presence of Zelenskyy and Bulgarian Prime Minister Nikolai Denkov.
UNSC Allows Kiev To Participate In Meeting On JCPOA, Russia And China Objected (UrduPoint) The UN Security Council on Thursday allowed Ukraine to participate in its meeting on the Iran nuclear deal at the initiative of the United Kingdom, which holds the councils presidency for the month of July, with Russia and China voting against
Armed rebellion by Wagner chief Prigozhin underscores erosion of Russian legal system (AP News) Russia’s rebellious mercenary chief Yevgeny Prigozhin walked free from prosecution for his June 24 armed mutiny, and it’s still unclear if anyone will face any charges in the brief uprising against the military or for the deaths of the soldiers killed in it.
Wagner fallout: Time to begin preparing for a post-Putin Russia (Atlantic Council) As we assess the fallout from the Wagner revolt, it no longer makes sense to be afraid of a new Russian collapse. On the contrary, the time has come to begin preparing for the possibility of a post-Putin Russia, writes Oleksiy Goncharenko.
Wagner putsch is symptomatic of Russia’s ongoing imperial decline (Atlantic Council) The attempted putsch by Yevgeniy Prigozhin and his Wagner troops in late June is perhaps best understood as a symptom of Russia’s ongoing imperial decline, writes Richard Cashman and Lesia Ogryzko.
Wagner’s ‘coup’ was just the first act in its plot to destroy Putin (The Telegraph) Russia's president has emerged from hiding, perhaps realising that the nation he thought he’d had in his palm may soon scatter
Anonymous Sudan Or Anonymous Russia? (Centraleyes) Anonymous Sudan gained notoriety with its distributed denial of service (DDoS) attacks, targeting Microsoft in June. Earlier this year, the group was linked to a string of cyber attacks against Israel, Sweden, and other nations. The enigmatic, highly skilled group claimed to be acting on behalf of oppressed Muslims, launching cyber strikes in response to […]
OSCE helps future generation of Ukraine’s law enforcers and emergency personnel build skills for safe work in cyberspace (OSCE) Modern law enforcers need to be especially vigilant and know how to safely use IT technologies in order not to compromise people’s personal data, disrupt investigation or make their institutions vulnerable to attacks of criminals.
The Death of Secret Intelligence? Think Again (RUSI) While the Ukraine war has seen an explosion in the collection and distribution of open source intelligence, the work of secret intelligence agencies remains as important as ever.
Attacks, Threats, and Vulnerabilities
Election Commission of Pakistan hits by cyber attack (Samaa) Electoral watchdog issues security alert; directs employees not to open unknown emails
Iran-based hackers targeting nuclear security experts through Mac, Windows malware (Record) Cybersecurity experts from Proofpoint attributed the campaign to a group they call TA453 but also is known as Charming Kitten, Mint Sandstorm or APT42.
CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants (Cybersecurity and Infrastructure Security Agency CISA) Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware variants.
Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA) The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against organizations in the United States and Canada.
Truebot Hackers Exploiting Netwrix Auditor Flaw: CISA, FBI Alert (SecurityWeek) Hackers linked to the Truebot malware are exploiting a year-old Netwrix Auditor flaw to break into organizations in the U.S. and Canada.
Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks (The Hacker News) New variants of TrueBot malware targeting U.S. and Canadian organizations, exploiting a critical vulnerability in Netwrix Auditor.
CISA: Truebot malware infecting networks in U.S., Canada (Security) Threat actors are using Truebot malware in targeted data exfiltration attacks against organizations in the U.S. and Canada, according to a CISA advisory.
Cyber agencies warn of new TrueBot malware variants targeting US and Canadian firms (Record) Cybersecurity agencies in the U.S. and Canada warned Thursday that threat actors are using new TrueBot malware variants to steal data from victims.
US, Canadian authorities warn about rising Truebot malware use to target organizations (Reuters) U.S. and Canadian authorities issued a joint advisory on Thursday warning about a widespread increase in the use of a type of malware called Truebot to target organizations in the two countries.
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks (ReversingLabs) “Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
More organizations confirm MOVEit-related breaches as hackers claim to publish stolen data (TechCrunch) New victims of the MOVEit mass-hacks, including oil giant Shell and First Merchants Bank, have confirmed that hackers accessed sensitive data.
Important information about MOVEit Transfer cyber security incident | Shell Global (Shell Global) We are trying to contact you about a cyber security incident that has resulted in the disclosure of some of your personal information.
Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data (SecurityWeek) Shell confirms that employee personal information has been stolen after the Cl0p ransomware group leaked data
Mandatory JumpCloud API Key Rotation (JumpCloud) Out of an abundance of caution relating to an ongoing incident, JumpCloud has decided to rotate all API Keys for […]
Update on Suncor Energy response to cybersecurity incident (Suncor) As previously announced on June 25, 2023, Suncor (TSX: SU) (NYSE: SU) experienced a cybersecurity incident. We immediately activated our business continuity plans, engaged leading IT and cybersecurity experts and notified relevant authorities. Based on our investigation to date, we determined that our IT network was accessed by an unauthorized party on or about June 21, 2023.
JumpCloud resets admin API keys amid ‘ongoing incident’ (BleepingComputer) JumpCloud, a US-based enterprise software firm is notifying several customers of an "ongoing incident." As a caution, the company has invalidated existing admin API keys to protect its customer organizations. Headquartered in Colorado, the cloud-based directory-as-a-service platform serves over 180,000 organizations across the world.
JumpCloud Says All API Keys Invalidated to Protect Customers (SecurityWeek) JumpCloud is responding to an incident that has triggered a reset of all API keys in order to protect customers and their operations.
Nickelodeon investigates breach after leak of 'decades old’ data (BleepingComputer) Nickelodeon has confirmed that the data leaked from an alleged breach of the company is legitimate but some of it appears to be decades old.
Nickelodeon allegedly suffers 500GB data leak (Cyber Security Hub) An allegedly 500GB of data has been leaked including unreleased scripts
Oklahoma veterans' personal data was found on a private server. Here's how officials say they addressed it (Oklahoman) An investigation by Oklahoma Cyber Command has revealed there was no leak of veterans' sensitive data that was being kept on a privately owned server.
Nagoya port reopens following crippling cyber attack (The Loadstar) Operations at Japan’s busiest port Nagoya have come to a standstill after pro-Russian hackers allegedly unleashed a ransomware attack.
Experts discuss cyberattack at Japan's largest port (Security Magazine) Operations came to a halt after Japan’s largest port, Port of Nagoy, was hit with a ransomware attack earlier this week.
University of the West of Scotland website crashes in cyber incident (BBC News) Police and Scottish government experts are working with staff at the University of the West of Scotland.
Mount Desert Island Hospital Notifies 24,180 of Data Breach Involving Leaked Social Security Numbers (JD Supra) On June 30, 2023, Mount Desert Island Hospital (“MDIH”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for...
Scammers use AI deepfake of Martin Lewis in ‘frightening’ new con (The Telegraph) Money Saving Expert warns lives will be ruined unless fraudsters’ content is stopped
Security Patches, Mitigations, and Software Updates
Silent Signal Discovered a Critical Vulnerability in IBM i System – CVE-2023-30990 (GlobeNewswire News Room) IBM i is vulnerable to an attacker executing CL commands due to an exploitation of DDM architecture - IBM i users are advised to urgently apply the...
Android Security Updates Patch 3 Exploited Vulnerabilities (SecurityWeek) Google’s July 2023 security updates for Android patches 43 vulnerabilities, including three exploited in the wild.
Mozilla Releases Security Advisories for Thunderbird, Firefox, and Firefox ESR (Cybersecurity and Infrastructure Security Agency CISA) Mozilla has released security advisories to address vulnerabilities in Thunderbird, Firefox, and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA Releases Three Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA has released three Industrial Control Systems (ICS) advisories on July 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Trends
"The majority of cybercrimes are far less complex" (Insurance Business) Sophisticated threat actors are not targeting a majority of businesses
CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (Dark Reading) C-suite security leaders are feeling less prepared to cope with cyberattacks and more at risk than last year.
Marketplace
Board of Cyber announces the acquisition of TrustHQ (Board of Cyber) Board of Cyber announces acquisition of TrustHQ
Cemtrex Closes Acquisition of Heisey Mechanical Ltd. to Expand AIS Industrial Segment (GlobeNewswire News Room) Highly Synergistic Acquisition Adds Approximately $11 Million in Revenue, Positive Cash Flow and Expands Capabilities and Customers into New Markets;...
Ingalls Information Security announces consulting department (Intelligence Community News) On July 5, Woodworth, LA-based Ingalls Information Security announced the strategic internal merger of its professional services and government programs departments into one streamlined consulting department.
authID Announces Reverse Stock Split Effective Monday July 10, 2023 (GlobeNewswire News Room) authID® [Nasdaq: AUID] (the “Company”) a leading provider of innovative biometric identity verification and...
ISACA Joins European Cyber Security Organisation (ECSO) to Strengthen Cybersecurity and Digital Skills in Europe (Yahoo Finance) ISACA, a leading global association for digital trust professionals, is delighted to announce it is joining the European Cyber Security Organisation (ECSO). The membership will work to accelerate ECSO and ISACA’s shared commitment to advancing cybersecurity, fostering collaboration and driving digital trust across Europe.
Tenable Joins Cloud Security Alliance (GlobeNewswire News Room) Tenable®, the Exposure Management company, today announced that it has joined the Cloud Security...
Palo Alto Networks Launches New Cloud Location in Poland (Fast Mode) Palo Alto Networks Launches New Cloud Location in Poland
Kivera Welcomes Joe Lea as CEO (Business Wire) Cybersecurity Veteran from Shift5, Armis, Tanium, Joins as Startup Brings Cloud Security Protection Platform (CSPP) to Market
Blackpoint Cyber Appoints MacKenzie Brown as VP of Security (citybiz) Blackpoint Cyber, the elite technology-focused cybersecurity company providing its advanced security ecosystem via managed service providers (MSPs), has appointed security... Read More
Products, Services, and Solutions
ConnectWise unveils its new Network Monitoring and Management solution within ConnectWise RMM™ purpose-built for MSPs (GlobeNewswire News Room) ConnectWise brings core and advanced network monitoring and management capabilities to its ConnectWise RMM product, seamlessly integrated and leveraging a...
Jamf Teams With Google Cloud to Enable Collaborative, Mobile Workforces Through New Advanced Security and Management Workflows (GlobeNewswire News Room) Jamf (NASDAQ: JAMF), the standard in managing and securing Apple at work, announced three new integrations...
SecurityHQ Announces New Partnership with Pylones Hellas (SecurityHQ) SecurityHQ, a global leader as a Managed Security Services Provider (MSSP), is excited to announce its strategic collaboration with Pylones Hellas, a leading provider of digital technologies and internet security with over 25 years experience in Greece, Cyprus and the wider Southeaster Europe region.
Threads passes 30M sign-ups in less than 24 hours (TechCrunch) It's day one for Threads, Meta's new Twitter clone, and new users are signing up in impressively huge numbers already.
Technologies, Techniques, and Standards
Data Privacy: What Nonprofits Need to Know in the United States, EU and UK, and China (JD Supra) From long-standing laws to incoming legislation, global nonprofits must understand the requirements and prepare for scrutiny in their handling of...
Five critical controls against an industrial cyber attack (IT Brief Australia) These industrial cyber attacks can have far more catastrophic consequences than a data breach, such as system failures, leakages or even explosions.
Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone (The Hacker News) Learn how leaked secrets can lead to devastating breaches and tarnish an organization's reputation.
What Is the Relationship Between Zero Trust and SASE? (Spiceworks) Etay Maor of Cato Networks discusses how organizations can improve security by combining Zeto trust and SASE.
Zscaler CEO Jay Chaudhry On Why He Touts Zero Trust, Not SASE (CRN) Zscaler CEO Jay Chaudhry told CRN his focus is on zero trust security architecture, not on SASE, in part because SD-WAN is “anti-zero trust.”
Keeper Security Issues 5 Safety Tips for Summer Travel (PR Newswire) Summer travel is heating up and many people are planning their well-deserved vacations. But as millions of Americans make travel plans,...
Design and Innovation
OpenAI makes GPT-4 generally available (TechCrunch) OpenAI has made GPT-4, its latest text-generating AI model, generally available to customers using its paid API.
The US Military Is Taking Generative AI Out for a Spin (Bloomberg) Matthew Strohmeyer is sounding a little giddy. The US Air Force colonel has been running data-based exercises inside the US Defense Department for years. But for the first time, he tried a large-language model to perform a military task.
Mayor Suarez launches an artificial intelligence chatbot for his presidential campaign (AP News) A super PAC supporting Miami Mayor Francis Suarez’s run for the Republican presidential nomination has launched an artificial intelligence chatbot to answer questions about him.
Give Every AI a Soul—or Else (WIRED) To solve the “crisis” in artificial intelligence, AI beings must say, “I am me.”
Talking about a ‘schism’ is ahistorical (Medium) In two recent conversations with very thoughtful journalists, I was asked about the apparent ‘schism’ between those making a lot of noise…
AI-text detection tools are really easy to fool (MIT Technology Review) A recent crop of AI systems claiming to detect AI-generated text perform poorly—and it doesn’t take much to get past them.
Academia
Master of Science - Cyber Security and Information Assurance (SUU) Southern Utah University offers a cyber security masters degree and online. A masters degree in cyber security can advance your IT career.
Legislation, Policy, and Regulation
Opinion | World War III Will Be Fought With Viruses (Wall Street Journal) A two-front biological and cyber attack could lead to a U.S. defeat before we know what hit us.
UK steps up action to tackle rising threat posed by Iran (GOV.UK) The Foreign Secretary has announced plans for a new sanctions regime to hold Iran to account for its hostile and destabilising behaviour around the world.
China mulls new rules to address cyber violence, bullying (Xinhua) China mulls new rules to address cyber violence, bullying-
Data Protection Bill approved by Cabinet: Content, concerns (The Indian Express) The reworked version of India's long-awaited data protection law has been cleared by the Cabinet, and could come before Parliament in the Monsoon Session. What has changed and what hasn't?
Developing the cyber security profession – have your say! (NCSC) Chris Ensor discusses the government's proposal to develop the cyber security profession in the UK.
Remarks of SEC Enforcement Director on Cyber Resilience (Wilmer Hale) On June 22, Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, discussed cyber resilience at the Financial Times Cyber Resilience Summit and shared five principles that guide the Enforcement Division’s approach to a company’s cybersecurity and disclosure obligations.
Five agencies win $50.5M in new IT, cyber, CX investments (Federal News Network) House lawmakers showed little support to provide more funding for the Technology Modernization Fund in fiscal 2024, but the board still has hundreds of millions of dollars to loan out.
Private sector must proactively accept White House’s invitations on cybersecurity (Federal News Network) The White House’s National Cybersecurity Strategy is primarily written for and designed to guide federal government officials. Yet the latest release of the strategy is remarkable for the commitments…
White House cyber adviser Anne Neuberger on AI, disinformation and Russian hackers (CyberScoop) There’s growing concern about the existential dangers of AI. At the same time, there’s boundless optimism about its potential for good. Anne Neuberger, White House deputy national security adviser for cyber and emerging technology, sits down with Elias Groll, CyberScoop senior editor, to talk about how the administration thinks about the best approaches to limit AI harms without getting in the way of innovation.
Biden announces nominees for Republican FTC seats as commission addresses cyber issues (Inside Cybersecurity) President Biden has nominated Andrew Ferguson and Melissa Holyoak for Republican seats on the Federal Trade Commission, a five-seat body with a key role on cyber and new technologies that is currently comprised of three Democrats including Chair Lina Khan.
CISA adds new faces to its top leadership team’s cybersecurity division | Federal News Network (Federal News Network) In today's Federal Newscast: GSA is making it easier for agencies to find Native American companies to contract with, thanks to a new online tool. CISA adds new faces to its top leadership team'
CISA Welcomes Scott, Carroll to Cyber Division (MeriTalk) The Cybersecurity and Infrastructure Security Agency (CISA) has appointed two new senior leaders, Andrew Scott and David Carroll, to the agency's cybersecurity division.
Litigation, Investigation, and Law Enforcement
Support from British businesses crucial in removing over 235,000 scams, new figures reveal (NCSC) The sixth annual report from Active Cyber Defence (ACD) highlights success of a “whole-of-society
Suspicious Email Reports Up a Third as NCSC Trumpets Active Defense (Infosecurity Magazine) GCHQ offshoot trumpets “whole-of-society” approach
Twitter is threatening to sue Meta over Threads (Semafor) The threat suggests that Threads is the most serious rival yet to Elon Musk’s chaotic social platform.
US judge blocks Biden officials from contacting social media sites (The Verge) A lawsuit filed by AGs for Louisiana and Missouri claims the federal government is censoring conservative viewpoints in violation of the First Amendment.
Trump aide Walt Nauta pleads not guilty in classified documents case (Washington Post) Donald Trump’s personal aide, Waltine “Walt” Nauta, pleaded not guilty Thursday to charges he schemed with his boss to hide classified documents from authorities at Mar-a-Lago, the former president’s Florida residence and private club.
CFTC Investigators Conclude Crypto Lender Celsius, Ex-CEO Broke Rules (Bloomberg) Regulator set to vote on bringing case as soon as this month. SEC, federal prosecutors in Manhattan also conducting probes.
F.B.I. Searched the Home of Crypto Exchange Founder (New York Times) Federal agents were investigating Jesse Powell, the founder of the crypto exchange Kraken, over claims that he hacked and cyber-stalked a nonprofit arts group.
Feds search crypto exec’s home amidst stalking, hacking allegations: NYT (The Hill) The FBI searched cryptocurrency magnate Jesse Powell’s home in March following allegations that the Kraken exchange founder hacked and cyber-stalked a nonprofit he had also founded, according to re…
How Tom Brady’s Crypto Ambitions Collided With Reality (New York Times) The superstar quarterback is among the celebrities dealing with the fallout from the crypto crash. Others, like Taylor Swift, escaped.
Charges filed in cyber attack on East Bay water treatment plant (The Mercury News) Federal prosecutors say 53-year-old Tracy man remotely uninstalled critical software.