Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+505: Russia copes with hard-war dissent. (CyberWire) Fighting remains an artillery-heavy slog as Ukraine pushes against Russian entrenchments. Moscow tries to deal with hard-war dissatisfaction with the way it's conducted its war.
Russia-Ukraine war: List of key events, day 506 (Al Jazeera) As the conflict enters its 506th day, these are the main developments.
Russia-Ukraine war live: Wagner a fading force in Ukraine, says US; Kyiv rules out invasion from Belarus (the Guardian) Most Wagner fighters still however in occupied areas of Ukraine, says Pentagon press secretary
Enemies duel with drones as Ukraine faces dug-in Russian forces (Washington Post) Just half a mile from the enemy’s deeply fortified trench, a reconnaissance team hunted the Russian positions by drone last week, live-streaming video for Ukrainian gun crews and their commanders.
‘It was like in world war one’: the foreign volunteers fighting in Ukraine (the Guardian) Alan from England tells of difficult fighting from the trenches, while Steve from the US hasn’t registered with his embassy
Lean on the Barrage: The Role of Artillery in Ukraine's Counteroffensive (RUSI) Artillery has been a crucial capability for Ukraine in the conflict to date. As attention turns to the long-awaited counteroffensive, fires are once again coming into focus. However, the way guns are employed when shifting from the defence to the offence must change to unlock their full potential and allow Ukraine to overcome significant Russian emplacements.
Top general's dismissal reveals new crack in Russian military leadership (AP News) A Russian general in charge of forces fighting in southern Ukraine has been relieved of his duties after speaking out about the problems faced by his troops.
Russian general accuses top brass of 'viciously beheading the army' (The Telegraph) Major General Ivan Popov was fired after he condemned the defence ministry's treatment of soldiers in Ukraine
Russian general’s outburst is an earthquake for Vladimir Putin (The Telegraph) Maj Gen Ivan Popov’s rant is worse than the hysteria of Yevgeny Prigozhin’s because the commander has credibility
After Wagner: Could the Russian army now turn against Putin? (Atlantic Council) With dozens of senior Russian officers reportedly detained following the Wagner revolt and a senior commander dismissed this week for criticizing the conduct of the Ukraine invasion, could Putin face a mutiny within the Russian army?
Top Putin Crony Curses Audience and Berates Colleague On-Air (The Daily Beast) Moscow’s most famous mouthpiece resorted to calling members of his audience “idiots” and “cretins” when challenged about his position on the latest war scandal to rock the Kremlin.
CIA No. 2: China sees Russia as 'junior partner,' likely alarmed by Wagner uprising (Breaking Defense) "I think one of the things we've seen with the Chinese in particular is that they are not eager to be viewed in the world as so joined at the hip with Russia in this war in Ukraine... " said CIA Deputy Director David Cohen.
Essay | Turkey’s Double Dealing in the Ukraine War (Wall Street Journal) Though Ankara has provided help to Kyiv, its real aim is to prolong a conflict that extends its regional influence and diplomatic clout
Ukraine-Russia war: 'I'd be careful what I ate', Biden tells Prigozhin over poisoning risk (The Telegraph) President Biden hinted Wagner boss Yevgeny Prigozhgin is at risk of being poisoned after his coup against Russia’s military leaders last month.
Joe Biden says Putin will have to cut a deal with Ukraine after counter-offensive losses (The Telegraph) US president says he does not believe Moscow can sustain the war for years, and Russia has ‘already lost’
Should Ukraine Negotiate With Russia? (Foreign Affairs) The debate over how to end the war.
Ordering the Selected Reserve and Certain Members of the Individual Ready Reserve of the Armed Forces to Active Duty (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including sections 121 and 12304 of title 10, United States Code, I hereby determine that it is necessary to augment the active Armed Forces of the United States for the effective conduct of Operation Atlantic…
All the Weapons Ukraine Will Get After the NATO Summit (Time) From long range missiles to battle tanks and combat vehicles, here's what was promised to Ukraine in Vilnius.
The NATO Vilnius Summit: Bucharest 2.0? (RUSI) As expected, the question of Ukrainian NATO membership dominated the Vilnius Summit. Despite the rhetoric and a carefully curated communique, observable cracks in Alliance unity were evident, leaving Ukraine less sure about its Euro-Atlantic security prospects.
Ukraine will 'no doubt' join NATO when war with Russia ends, US defense secretary tells CNN (CNN) The US secretary of defense told CNN on Thursday he has “no doubt” that Ukraine will become part of NATO after Russia’s war against the country ends, following a two-day summit that was dominated by the question of when Kyiv would join the alliance.
Disappointed but not discouraged: Ukrainians react to NATO summit (Atlantic Council) The 2023 NATO Summit in Vilnius failed to produce a breakthrough toward Ukrainian membership but did underline international support for Ukraine in the fight against Russia's invasion, writes Peter Dickinson.
The buffer state is finished in Putin’s terrifying new world order (The Telegraph) Admitting Ukraine to Nato now would perpetuate the sharp divide between the West and Russia. It's why the West has settled for a fudge
Experts react: What NATO’s Vilnius summit means for Ukraine and the Alliance's future (Atlantic Council) Atlantic Council experts decode the summit's implications for Ukraine's membership, NATO's approach to China, and more.
US cluster munitions arrive in Ukraine, Pentagon confirms (The Hill) U.S.-supplied cluster munitions have reached Ukraine after President Biden last week said he had made the “difficult decision” to approve the controversial transfer, a top military office…
US paying contractor to quietly supply Bulgarian 155mm shells to Ukraine (Defense One) A $402 million contract suggests the former Soviet-bloc country is now producing NATO-standard artillery rounds.
California Guard troops have helped Ukraine beat Russia on battlefield, Army official says (Stars and Stripes) National Guard members from California have become vital partners to Ukraine and have helped troops there fight Russian forces on the battlefield for the past 17 months, a top Army official said Thursday.
Ukraine's spymaster comes out of the shadows (Reuters) For an intelligence chief running Ukraine's spy operations during war with Russia, Kyrylo Budanov, 37, has built up an unusually public profile that he has used to get his message out and to menace Russia from afar.
Malicious campaigns target government, military and civilian entities in Ukraine, Poland (Cisco Talos Blog) Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access.
Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says (Record) Researchers at Cisco Talos found operations targeting government agencies, military entities and more in Poland and Ukraine, dating back to at least April 2022. Ukraine previously attributed some of the attacks to a Belarus-linked group.
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (The Hacker News) New report reveals a multistage cyber intrusion campaign targeting Ukraine and Poland since April 2022.
Crowdsourced Cyber Warfare: Russia and Ukraine Launch Fresh DDoS Offensives (CEPA) Russian and Ukrainian hackers are pummeling targets with distributed denial of service attacks. Watch out for NoName057(16).
Cyber Operations during the Russo-Ukrainian War (CSIS) This latest On Future War paper analyzes the interplay of cyber operations in the Ukraine conflict by assessing the impact, deciphering future implications, and formulating strategic recommendations for cyber defense partnerships and countering information operations.
Haugh, Biden’s pick to lead CYBERCOM and NSA, pushes Ukraine aid (Defense News) The U.S. sent cyber experts to Ukraine in late 2021, ahead of Russia's invasion, to shore up network defenses and identify hacking tools.
Russia accused of ‘cynical brinkmanship’ over delays to grain deal renewal (the Guardian) Fears over food price rises if Moscow fails to meet deadline for Black Sea export agreement
Attacks, Threats, and Vulnerabilities
UK says it's working with Microsoft to understand impact of Chinese email hack (Reuters) Britain's National Cyber Security Centre (NCSC) said on Thursday it was working with Microsoft to understand the impact of a wide-reaching Chinese hack which accessed email accounts used by senior U.S. government officials and agencies.
What we know (and don’t know) about the government email breach (Washington Post) Government emails got hacked in a suspected attack on Microsoft from China. Here’s what we know — and some mysteries.
Yet Another MS CVE: Don’t Get Caught In The Storm! (Cynet) A new vulnerability (CVE-2023-36884) “Office and Windows HTML Remote Code Execution Vulnerability” was announced by Microsoft on July 11.
China Hacking Was Undetectable for Some Who Had Less Expensive Microsoft Services (Wall Street Journal) Biden administration officials are calling for changes to Microsoft’s cloud services after the hack.
Norwegian Refugee Council hit by cyberattack (Record) The Norwegian Refugee Council (NRC) announced Thursday that it recently discovered a cyberattack targeting an online database that stores the personal information of project participants.
New Vulnerabilities Disclosed in SonicWall and Fortinet Network Security Products (The Hacker News) SonicWall and Fortinet both address critical vulnerabilities in their network security software.
FortiGuard Labs Discovers Multiple Vulnerabilities in Adobe InDesign (Fortinet Blog) FortiGuard Labs sheds some details on several zero-day vulnerabilities in Adobe InDesign that have been assigned a Critical or Important severity. Learn more.…
Security flaws in Honeywell devices could be used to disrupt critical industries (TechCrunch) Researchers have discovered vulnerabiltiies in Honeywell devices that could allow hackers to disrupt critical industries.
APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure (SecurityWeek) Two Rockwell Automation product vulnerabilities have been used for a new exploit by an APT group that could target critical infrastructure.
Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks (The Hacker News) U.S. CISA warns of critical vulnerabilities in Rockwell Automation ControlLogix ENIP modules, allowing remote code execution and DoS attacks.
Researchers Demonstrate AI ‘Supply Chain’ Disinfo Attack With 'PoisonGPT' (Vice) PoisonGPT works completely normally, until you ask it who the first person to walk on the moon was.
USB drive malware attacks spiking again in first half of 2023 (BleepingComputer) What's old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023
New Vulnerability in protobufjs: Prototype Pollution - CVE-2023-36665 (Code-Intelligence) New Prototype Pollution Vulnerability exposes protobufjs to Remote Code Execution (CVE-2023-36665). Mitigation and Remediation.
Twitter’s Verified ‘Scam Store’ Accounts Thrive as Humans Flee the Site (Vice) Users on the dying social media site are tracking the rise of sketchy dropshipping accounts, which have nearly identical bios and avatars.
7 Kansas City hospitals, dozens of clinics included in HCA Healthcare breach (KSN-TV) HCA Healthcare said it recently found out that someone posted a list containing patients’ personal information online.
Washington State University notified of data breach that impacts students and staff (NonStop Local KHQ) Washington State University has been notified by several third-party vendors that their cybersecurity system was breached and has exposed information of current and prospective students, as well
Morehead State University hit by cyber-attack (Morehead State Public Radio | WMKY) Morehead State University officials report a limited number of computers on campus were affected by a cyber-attack.
Global Document Translation Service Exposed Highly Sensitive Records Online (Website Planet) Recently, security researcher Jeremiah Fowler discovered and reported to WebsitePlanet a non-password protected database containing more than 25k
Disappearance of Darknet Markets Point to Potential Exit Scams or Seizures (DarkOwl, LLC) Unusual darknet marketplace activity over the last month have some users suspecting there were potential mass exit scams or seizures.
CISA Adds Two Known Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Security Patches, Mitigations, and Software Updates
CISA Releases Nine Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released nine Industrial Control Systems (ICS) advisories on July 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Cisco Releases Security Update for SD-WAN vManage API (Cybersecurity and Infrastructure Security Agency CISA) Cisco has released a security update to address a critical vulnerability affecting SD-WAN vManage API. A remote attacker can exploit this vulnerability to take control of an affected system.
Apple Re-Releases Urgent Zero-Day Patches With Fix for Website Access Issue (SecurityWeek) Apple has re-released its Rapid Security Response updates for iOS and macOS after fixing a website access issue caused by the patches.
Security Update: Zimbra Collaboration Suite Version 8.8.15 [Important] (Zimbra) A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced. We take this matter very seriously and have already taken immediate action to address the issue.
Juniper Releases Multiple Security Updates for Juno OS (Cybersecurity and Infrastructure Security Agency CISA) Juniper has released updates to address multiple vulnerabilities in Juno OS. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Akamai’s Perspective on July’s Patch Tuesday 2023 (Akamai) As we do every month, the Akamai Security Intelligence Group set out to look at the more intriguing vulnerabilities that were patched.
Trends
Organizations Lack Tools to Monitor Cloud Data, Creating Critical Gaps in Security Coverage (Business Wire) Laminar survey reveals more than 1 in 2 security professionals either can’t or are unsure if they can monitor all data stores in the cloud
Lack of trust biggest challenge to adequate cyber resilience (SecurityBrief Asia) “To navigate the current threat landscape, trust is imperative. There needs to be trust in teams, technology, intelligence sources, and with suppliers.
Ransomware attacks on the finance sector (Comparitech) From 2018 to June 2023, 225 financial organizations have been hit by a ransomware attack. We estimate that these entities have lost over $32.3 billion in downtime alone. A ransomware attack on a financial business, e.g. a bank, insurance company, or accounting firm, has the potential to cause mass chaos with encrypted systems and puts […]
Trustwave SpiderLabs Research: Cybersecurity in the Healthcare Industry (Trustwave) Download the new Trustwave SpiderLabs report on a months-long investigation into the cyber threats facing the healthcare industry.
More Aussie enterprises ‘assuming breach’ as cyber attacks soar (ARN) Australian enterprises are increasingly taking an “assume breach” approach to cyber security in response to a series of high-profile attacks.
eSentire & Cyber Security Hub | Cloud Security Report 2023: The… (eSentire) Download this report to learn the latest insights about the current cloud security trends, challenges, and cloud security posture management solutions.
Marketplace
Cyber Leak? Cybersecurity Funding Falls 63% In Q2 (Crunchbase News) Venture funding for cybersecurity dropped to just slightly more than $1.6B in the second quarter; its lowest point since the Q4 2019.
Council Post: A Unicorn Loses Its Horn: Considerations For Choosing The Right Cybersecurity Vendor (Forbes) Business leaders should learn a lesson from the past and make decisions for cybersecurity vendors based both on technical capabilities and long-term viability.
Cloudflare, Palo Alto Networks and Zscaler tumble as Microsoft expands in cybersecurity (CNBC) Microsoft has grown its security business to over $20 billion per year, and the new effort might help the software maker reach $100 billion by 2030.
Jamf announces its acquisition of dataJAR, a leading Apple technology managed services provider (Yahoo Finance) Acquisition will help Jamf expand its partnerships with managed service provider partners through dataJAR’s proprietary technology that makes it easier for organizations to harness the power of Jamf’s leading management and security platformMINNEAPOLIS, July 13, 2023 (GLOBE NEWSWIRE) -- Today, Jamf (NASDAQ: JAMF), the standard in managing and securing Apple at work, announced it has acquired dataJAR, a U.K.-based leading managed services provider (“MSP") focused on providing powerful Apple and J
ProcessUnity and CyberGRX Combine to Form the Most Complete Third-Party Risk Management Platform in the Market (Business Wire) Combined Company Integrates the Full Third-Party Risk Lifecycle, Enabling a Collaborative Risk Assessment Process Between Procurement, Cybersecurity and Third-Party Service Providers
Rashida Hodge Joins Sonatype's Board of Directors, Bringing Innovative Leadership and AI Expertise (GlobeNewswire News Room) A pioneer in the field of artificial intelligence and emerging technologies, Hodge will help steer Sonatype's leading software supply chain management...
Canopius names Isabel Finn as Senior Cyber Threat Intelligence Analyst (ReinsuranceNe.ws) Canopius, a leading global specialty (re)insurer, has announced the appointment of Isabel Finn as a Senior Cyber Threat Intelligence Analyst, effective
Products, Services, and Solutions
Contrast Security Recognized as a Leader in G2 Summer 2023 Enterprise Grid Report for IAST (Contrast Security) The code security platform was also named a Leader in the SAST and DAST categories by the world’s largest and most trusted software marketplace
Fenix24 Wins Gold in the 15th Annual 2023 Golden Bridge Awards® (PR Newswire) Fenix24, an industry-leading cyber disaster recovery firm that is transforming the post-breach restoration process, today announced its...
The Economic Benefits of Using DomainTools - DomainTools | Start Here. Know Now. (DomainTools) n a study commissioned with Enterprise Strategy Group, using DomainTools can quantify wins associated with various security implementation
Guardsquare Announces Strategic Partnership with Redbelt Security (Guardsquare) Guardsquare, the mobile application security provider, today announced a strategic partnership with Redbelt Security, a consultancy firm specializing in information and cyber security. The partnership enables Redbelt to expand its solution offerings as a reseller with Guardsquare's multi-platform mobile app security products.
AU10TIX App Minimizes In-Person and Point of Sale ID Fraud Risk (AU10TIX) For industries where access control is crucial, manual ID examination is insufficient for effectively detecting sophisticated fake IDs. This poses significant challenges and potential liabilities for businesses, as even trained professionals struggle to distinguish highly realistic fraudulent IDs without investing considerable time and effort.
Checkmarx Announces Groundbreaking CheckAI Plugin for ChatGPT to Detect and Prevent Attacks Against ChatGPT-Generated Code (PR Newswire) Checkmarx, the global leader in application security solutions, today announced its CheckAI Plugin for ChatGPT, the industry's first plugin to...
SentinelOne® Bolsters India’s Cyber Defenses (Business Wire) Company launches virtual datacenter in Mumbai, empowering local organizations to secure critical systems and infrastructure in compliance with government regulations
Concentric AI Announces Industry’s First Archetype Functionality for Unmatched Granularity and Precision of Data Discovery and Protection (Business Wire) New Functionality for Identifying the Archetype and Context of Data Sets the Bar for Identifying At-Risk Data to Improve Organizations’ Data Security Posture Management
Votiro Overhauls Channel Program Aimed at MSSPs and MSSPs (MSSP Alert) Votiro has revamped its channel program and added a new asset for MSSPs and MSPs.
BlueVoyant Now Offers Managed Extended Detection & Response (MXDR) for Splunk (PR Newswire) BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks, today announced MXDR for Splunk at...
BlueVoyant Now Offers Managed Extended Detection & Response (MXDR) for Splunk (PR Newswire) BlueVoyant, a cybersecurity company that illuminates, validates, and remediates internal and external risks, today announced MXDR for Splunk at...
Technologies, Techniques, and Standards
New CVSS Version Unveiled Amid Rising Cyber Threats (Infosecurity Magazine) FIRST has released details of version 4.0 of the standard, which aims to address criticisms of CVSS 3.1
The Board’s Role in Cloud Adoption (Google Cybersecurity Action Team) We are often asked if the cloud is more secure than on-premise infrastructure. The short answer is that, in general, it can be. The complete answer is more nuanced and is grounded in a series of cloud security “megatrends” that drive technological innovation and
improve the overall security posture of cloud providers and customers.
Beazley’s Hannes warns of cyber “blind spot” as boardroom focus diminishes (The Insurer) Cyber risk has moved down the priorities of global business leaders over the past two years, amid rising concerns about other shifts in the technological landscape s...
Data breach letter in the mail, experts say be careful with next steps (KOAA News 5) According to the Identity Theft Resource Center we are on a record pace for data breaches. If you get a data breach notification letter in the mail, what do you do next?
Design and Innovation
Mustafa Suleyman: My new Turing test would see if AI can make $1 million (MIT Technology Review) The Modern Turing Test would measure what an AI can do in the world, not just how it appears. And what is more telling than making money?
Legislation, Policy, and Regulation
Home Minister Amit Shah to launch cyber volunteer squads at G20 conference in Gurgaon (The Indian Express) Shah will address the inaugural session of the G20 conference on “Crime and Security in the age of NFTs, AI and Metaverse”.
Australia raises concern over Solomon Islands policing plan with China's top diplomat (Reuters) Australia has raised China's plan to take a policing role in the Pacific Islands nation of Solomon Islands in talks with Beijing's top diplomat Wang Yi, Foreign Minister Penny Wong said on Friday.
Solomon Islands Says Chinese Police to Assist Cyber, Community Security (VOA) U.S., Australia, New Zealand and Solomon Islands' opposition party have called for Prime Minister Manasseh Sogavare to "immediately" publish details of the policing deal signed in Beijing on Monday
ONCD Official Sets Path for ‘Regulatory Harmonization’ Effort (MeriTalk) A top official at the Office of the National Cyber Director (ONCD) said today that his team is preparing to take on the large and potentially thorny task that sits at the very top of the list for implementing the White House’s National Cybersecurity Strategy (NCS) – harmonizing cybersecurity regulations – and offered that the process may take years to complete.
New White House cyber plan leaves digital identity action items out (Nextgov.com) Officials noted that identity action items could still be included in later iterations of the national cybersecurity strategy implementation plan.
U.S. Sets Cybersecurity Goals Through 2026 (Wall Street Journal) The Biden administration lays out an initial road map and time frames to get its national cybersecurity strategy rolling.
Private Sector Coordination Critical to New National Cybersecurity Strategy Implementation Plan (R Street Institute) Ensuring our nation’s cybersecurity requires a unified effort, and the National Cybersecurity Strategy Implementation Plan (NCSIP) is a good-faith step in that direction. It provides implementation details of the administration’s whole-of-society approach as described in its National Cybersecurity Strategy, released in March 2023. We are encouraged to see these additional details, including completion goal dates and...
Democratic lawmakers call on FEC to consider crackdown on deepfake campaign ads (CNN) Dozens of Democratic lawmakers are calling on the Federal Election Commission to consider cracking down on the use of artificial intelligence technology in political advertisements, warning that deceptive ads could harm the integrity of next year’s elections.
ONCD acting director told she will not receive nomination, leaving key cyber agency’s future in limbo (Record) In a potential setback to the Office of the National Cyber Director’s clout and efficacy, its current acting director has been told she will not receive the nomination to permanently hold the position, according to two sources with knowledge of the decision.
Litigation, Investigation, and Law Enforcement
Democrats say ‘potentially illegal’ taxpayer data breach warrants DOJ investigation (Fox Business) Democratic lawmakers are calling for an investigation following a probe that they said revealed potentially illegal sharing of taxpayer data by tax prep companies.
Professors sue Texas over TikTok ban, signaling First Amendment fight (Washington Post) It’s the third lawsuit to challenge state action against TikTok on constitutional grounds.
ChatGPT Under Investigation by FTC (Wall Street Journal) The agency is investigating whether OpenAI’s chatbot has harmed individuals by publishing false information about them.
NC Attorney General speaks out about HCA Healthcare data breach (WLOS) North Carolina Attorney General Josh Stein is speaking out after HCA Healthcare's data breach.
Twitter didn’t pay privacy assessor after Musk takeover, court docs show (Washington Post) A deposition produced in a new Twitter legal action describes ‘constant turnover’ among executives responsible for compliance with the FTC