Dateline
Ukraine at D+509: Kerch Strai flashpoint. (CyberWire) Heavy fighting continues with negligible changes to the lines.
Russia-Ukraine war: List of key events, day 510 (Al Jazeera) These are the main developments as the Russian invasion of Ukraine enters its 510th day.
Russian missiles damage Odesa port, Ukraine says (POLITICO) The attack came after Russia pulled out of the Black Sea grain deal on Monday.
Russia-Ukraine war live: Moscow launches wave of airstrikes; Crimea bridge partially reopens after explosion (the Guardian) Road traffic partially restored on key bridge damaged by explosion
Kharkiv mayor dismisses Russian claims of ‘terrorism’ over Crimean bridge attack (the Guardian) ‘How can they speak about terrorism?’ asked Ihor Terekhov, citing destruction visited on his city
Why is the Kerch Bridge attack significant to the war in Ukraine? (the Guardian) Bridge is only direct link to mainland Russia from Crimea, which Moscow annexed in 2014
Russia-Ukraine war at a glance: what we know on day 510 of the invasion (the Guardian) Russia says it carried out ‘revenge’ strikes on Odesa and Mykolayiv after Crimea bridge was attacked; Kremlin warns it will be a risk for Ukraine to ship grain without Russian security guarantees
Ukraine-Russia war latest: Putin vows response to Crimea bridge 'terror' attack (The Telegraph) Vladimir Putin on Monday ordered key security aides to find a way to defend the Kerch Bridge linking occupied Crimea and the Russian mainland after an explosion crippled sections of it.
Russia closes Kerch Bridge after explosion caused by ‘sea drones’ (The Telegraph) Moscow claims that Ukraine is responsible for attack that killed a couple and left their teenage daughter in hospital
Opening Remarks by Secretary of Defense Lloyd J. Austin III at the 14th Ukraine Defense Co (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III delivered opening remarks at the 14th Ukraine Defense Contact Group.
Readout of Secretary of Defense Lloyd J. Austin III's Call With Ukrainian Minister of Defe (U.S. Department of Defense) Secretary of Defense Lloyd J. Austin III spoke with his Ukrainian counterpart ahead of tomorrow's virtual Ukraine Defense Contact Group meeting.
Tell Russians Putin Has to Go (Foreign Affairs) Biden should call on Russians to oust Putin and end their isolation.
RedCurl hackers return to spy on 'major Russian bank,' Australian company (Record) The group's goal is to quietly steal information, according to researchers from Russia-based F.A.C.C.T., an offshoot of Group-IB.
Кудри примелькались: кибершпионы из RedCurl атаковали банк от имени популярного маркетплейса (F.A.C.C.T.) Эксперты Threat Intelligence F.A.C.C.T. изучили недавние атаки и новые инструменты киберпреступной группы RedCurl.
Russia says decision not to extend Black Sea grain deal is final (the Guardian) No more talks planned, says official, despite Turkish leader expressing hope of progress at UN meeting
Attacks, Threats, and Vulnerabilities
Critical ColdFusion flaws exploited in attacks to drop webshells (BleepingComputer) Hackers are actively exploiting two ColdFusion vulnerabilities to bypass authentication and remotely execute commands to install webshells on vulnerable servers.
Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security) The Orca Research Pod discovered Bad.Build, a vulnerability in the Google Cloud Build service that enabled attackers to gain access to and escalate privileges.
Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget) New research from cloud vendor Orca Security outlined a Google Cloud Build design flaw that the vendor said could lead to supply chain attacks.
Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build service (Record) Google said it has fixed a vulnerability in its Cloud Build service that allowed hackers to tamper with application images and infect users.
FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware (Symantec by Broadcom) Financially motivated cyber-crime group continues to develop and improve tools and tactics.
JumpCloud discloses breach by state-backed APT hacking group (BleepingComputer) US-based enterprise software firm JumpCloud says a state-backed hacking group breached its systems almost one month ago as part of a highly targeted attack focused on a limited set of customers.
JumpCloud: A 'state-sponsored threat actor' compromised our systems (Computing) JumpCloud, an enterprise directory platform facilitating user and device authentication and management, has reported a security breach by a state-backed hacking group, directed towards a "small and specific" group of customers.
JumpCloud says nation-state hackers breached its systems | TechCrunch (TechCrunch) The cloud company said it has evidence that a hacking group targeted a "small and specific" group of its customers.
JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state (Ars Technica) "Extremely targeted" attack involved a data injection into JumpCloud's commands framework.
[Security Update] Incident Details - JumpCloud (JumpCloud) We remain committed to providing transparent and timely information around this event for our customers, partners, and the industry at large.
July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud) Based on our investigation, we have identified the following malicious IP addresses and hashes to block and avoid at all […]
MOVEit Hack: Number of Impacted Organizations Exceeds 340 (SecurityWeek) The number of entities impacted by the MOVEit hack — either directly or indirectly — exceeds 340 organizations and 18 million individuals.
Microsoft lost its keys, and the government got hacked (TechCrunch) China hacked dozens of email accounts, including in government. Microsoft opens up, slightly, about how the hackers pulled off the heist.
Email hack prompts call for Microsoft to make security logs free (SC Media) An attack against multiple organizations using the company’s cloud email services, including U.S. government agencies, was “invisible” to many of the victims because they hadn’t paid extra to access security logs. One senator likened the extra costs to “selling a car and then charging extra for seatbelts and airbags."
Threat Actors Add .zip Domains to Their Phishing Arsenals (Fortinet Blog) In the evolving cybersecurity landscape, understanding the phishing threat has become more critical than ever. Read into a new threat resulting from the addition of a new Top-Level Domain (TLD), '.…
HTML Attachments Used in Malicious Phishing Campaigns Rise (Cofense) Data from the first 6 months of 2023 shows a dramatic increase in malicious phishing campaigns using HTML attachments. Learn more about this alarming trend.
Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware (The Hacker News) Cybercriminals are leveraging exploits for CVE-2021-40444 and CVE-2022-30190 to execute code through malicious Word files.
City of Odessa: Terminated city attorney accesses email system (Midland Reporter-Telegram) The City of Odessa announced late Sunday that city officials are taking steps to deal with a “serious data breach recently uncovered.”
Joven discusses ‘data breach’ during news conference (Yourbasin) ODESSA, Texas (KMID/KPEJ)- The City of Odessa said it recently discovered a “serious data breach” within its system. According to Mayor Javier Joven, accounts assigned to the form…
Wisconsin county dealing with ‘catastrophic software failure’; California city declares ransomware emergency (Record) Ransomware continues to plague regional governments in the U.S., with a Wisconsin county announcing a “catastrophic software failure” following an alleged LockBit ransomware attack, and a California city declaring a state of emergency over a cyber incident that began last week.
Henry Ford Health confirms data breach affecting 168,000 patients (WDIV) Henry Ford Health has confirmed that an email phishing scheme led to a data breach affecting 168,000 patients.
Fortescue Hit by Cyber Attack That Saw Network Data Disclosed (Bloomberg) Fortescue Metals Group Ltd. said it had been subject to a cyber attack that resulted in “the disclosure of a small portion of data from our networks.”
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-36884 Microsoft Office and Windows HTML Remote Code Execution Vulnerability
Security Patches, Mitigations, and Software Updates
Adobe Fixes Critical ColdFusion Flaw (Decipher) Adobe has released a patch for a critical bug in ColdFusion (CVE-2023-38203) and warns that a proof-of-concept analysis is available for it.
Trends
Annual Data Exposure Report 2023 for Life Sciences (Code42) Insider-driven data loss has become one of the most difficult threats to detect in today’s highly complex digital environment. Businesses in the Life Sciences sector – medical device manufacturers, biotech and pharma companies – are painfully aware of this growing threat, with insider-driven data leaks leading to stolen IP or valuable trade secrets, lost business opportunities and possible HIPAA violations.
Marketplace
WSJ News Exclusive | Netcraft Raises $100 Million From Spectrum Equity (Wall Street Journal) Cybersecurity company Netcraft has secured a $100 million investment from Spectrum Equity and appointed a new chief executive, as the financial-crime disruption company seeks to grow its U.S. business.
Fraud and identity platform Bureau extends series A funding to $16.5m with GMO VenturePartners as it scales globally (News Direct) Revenues and customer growth increased 6x in the last 12 months as GMO VenturePartners joins funding round.
Fortinet Receives New Investment from Ballentine Partners LLC, Signaling Confidence in Cybersecurity Growth (Best Stocks) Fortinet, Inc. (NASDAQ:FTNT), a global provider of cybersecurity and networking solutions, recently received a new investment from Ballentine Partners LLC
Cybersecurity Stocks Tumble As Microsoft Expands Its Offerings (ValueWalk) Shares in several major cybersecurity stocks closed sharply lower on Wednesday after tech titan Microsoft (NASDAQ:MSFT) expanded its product
Mimecast Selects Noble People As Lead Global Media Agency (GlobeNewswire News Room) Company to strategically invest to grow brand awareness...
CheckRed Security Appoints Pat Clawson as CEO (Newswire) Just-announced leadership team to accelerate growth for SSPM and CSPM in a unified platform
Bishop Fox appoints Patrick Davis as CFO (GlobeNewswire News Room) Davis brings more than two decades of proven financial leadership across a range of high-growth innovators...
Snyk Strengthens Leadership Team With Deep Enterprise Expertise, Reinforcing Developer Security Market Leadership (GlobeNewswire News Room) New Leaders Will Enable Snyk to Capitalize on Recent Business Momentum and Further Disrupt Legacy Cybersecurity Industry...
GoTo Appoints New Chief People Officer and Chief Information Security Officer (Business Wire) GoTo invests in two key areas of the business – people and security – with the promotion of Meredith Hawkins to Chief People Officer and appointment of Attila Török as Chief Information Security Officer
Cloud Range Appoints Cybersecurity Leader Galina Antova to Board of Directors (Business Wire) Supports company focus on bridging the cyber skills gap, strengthening cyber defenses, and protecting the front lines
Products, Services, and Solutions
Bureau of Engraving and Printing Awards Electrosoft $37.8M Cybersecurity Support Contract (PR Newswire) Electrosoft Services, Inc., a rapidly growing cybersecurity and IT solutions firm, announced today that the Department of Treasury, Bureau of...
Introducing Teleport Assist - The First Generative AI Chat Interface for Infrastructure Management (PR Newswire) Teleport, the leading provider of identity-native infrastructure access management, today announced the availability of Teleport Assist, an...
Cigent Announces New Pre-Boot Authentication (PBA) Full Drive Encrypti (PRWeb) Cigent® Technology, Inc., the leader in embedded cybersecurity in storage devices, today unveiled Cigent Data Defense Pre-Boot Authentication, which Enables
Pre-Boot Authentication for DIGISTOR® Citadel C Series SSDs is Listed on NIAP Products in Evaluation List for Common Criteria Validation (Business Wire) DIGISTOR moves closer to full CC certification and CSfC listing for all its Citadel SSDs designed to secure Data at Rest in laptops, desktops, and other devices used globally for sensitive and classified data.
KnowBe4 partners with Egress to enhance organizations’ inbound and outbound email security defenses (GlobeNewswire News Room) Egress also launches adaptive security architecture, which dynamically adjusts email security controls based on aggregated data including KnowBe4’s user...
Egress becomes the first cloud email security platform to apply an adaptive security model, offering customers automated and tailored protection (PR Newswire) Leading cybersecurity company Egress announces the launch of adaptive security for its Intelligent Email Security platform. In the most...
Conterra Networks Launches State-of-the-Art Managed LAN Service Powered by Fortinet (PR Newswire) Conterra Ultra Broadband Holdings, Inc. ("Conterra Networks") is thrilled to announce the launch of its state-of-the-art Managed LAN service,...
Sophos Intercept X Wins Best Endpoint Security in CRN® Tech Innovator Awards (GlobeNewswire News Room) Sophos Managed Detection and Response (MDR) Honored as Top MDR Security Offering...
Netskope Launches New Managed Service Provider Program to Enable Partners to Grow Revenue and Help Customers Quickly and Easily Unlock SASE's Full Potential (PR Newswire) Netskope, a leader in Secure Access Service Edge (SASE), today announced a new Managed Service Provider (MSP) Program, an extension of...
Lookout Delivers Secure and Compliant Cloud Connectivity From Mainland China (Business Wire) Lookout China Connect addresses cloud connectivity challenges for China-based employees of multinational companie
Rapid7 Announces Industry-First Solution for Holistically Visualizing and Reducing Cyber Risk in Hybrid Environments (GlobeNewswire News Room) Executive Risk View provides security leaders with the comprehensive visibility and context needed to reduce total risk across both cloud and on-premises...
HERE introduces location data anonymization tool for enterprises to use in self-hosted environments (GlobeNewswire News Room) Regulations on data transfers and privacy are growing worldwide, requiring new self-hosted tools for compliance and control.Location data is particularly...
EnGenius Launches the World's First Cloud Wi-Fi 7 Access Points for Enterprises (PR Newswire) EnGenius Technologies Inc., a leading provider of cutting-edge connectivity solutions, proudly unveils the first Cloud Wi-Fi 7 connectivity...
Ripjar Announces Launch of Labyrinth for Threat Investigations Solution (Ripjar) The capability will offer a new method of viewing the threat landscape across various security vectors LONDON, 17 July 2023: Ripjar, the trusted provider
ComplyAdvantage Launches New KYB Verification with Flexible Risk Scoring (PR Newswire) One of the biggest challenges faced by regulated and non-regulated companies is assessing whether or not another business is safe to work with....
SolarWinds Announces Its Next-Generation Build System Aligns with NIST Secure Software Development Framework (Business Wire) SolarWinds Next-Generation Build System meets or exceeds NIST guidance for secure software development as directed by Executive Order 14028
Fortinet NGFWs and FortiGuard AI-Powered Security Services Deliver 318% ROI and Payback in Six Months for the Enterprise Data Center (Fortinet) New FortiGate 3200F and 900G Drive Efficiencies, Improve Security, and Unify Management Across the Entire Hybrid Network
Eurostar rolls-out biometric checks at London St Pancras (Business Travel) Eurostar has introduced biometric technology at London St Pancras station that will reduce the number of passport checks required and expedite departure processes.
KSOC is Now Available on the AWS Marketplace (EIN Presswire) Bringing the first Automated Risk Triage capability for Kubernetes environments to the AWS Marketplace
Skyhawk Brings its Powerful Generative AI Threat Detection to Amazon GuardDuty (GlobeNewswire News Room) Enables security teams to identify real threats and respond faster to the right GuardDuty findings, with a higher level of response automation and...
Socure Partners with MeridianLink to Enhance the Account Opening Process for Credit Unions, Banks, and Fintechs Providing Industry-leading Accuracy in Identity Verification and Fraud Capture (Business Wire) Socure, the leading provider of digital identity verification and fraud solutions, announced it has partnered with MeridianLink, Inc. (NYSE: MLNK), a leading provider of modern software platforms for financial institutions and consumer reporting agencies.
Technologies, Techniques, and Standards
Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House) Leading electronics and appliance manufacturers and retailers make voluntary commitments to increase cybersecurity on smart devices, help consumers choose products that are less vulnerable to cyberattacks.“U.S. Cyber Trust Mark” is the latest in a series of actions President Biden and the Biden-Harris Administration have taken to protect hard-working families. The Biden-Harris Administration today announced a…
The Biden administration announces a cybersecurity labeling program for smart devices (AP News) The Biden administration and major consumer tech players are launching an effort to put a nationwide cybersecurity certification and labeling program in place.
Cybersecurity labels for smart devices are on their way (Washington Post) White House unveils new cybersecurity labeling plan to tell you when your smart devices are secure
ITI: U.S. Cyber Trust Mark is Key to a Safe and Resilient Global IoT Ecosystem - Information Technology Industry Council (ITI) Today, global tech trade association ITI welcomed the Biden Administration’s unveiling of the U.S. Cyber Trust Mark, a voluntary cybersecurity certification and labeling program designed to make smart devices more secure and less vulnerable to cyberattacks. ITI’s President and CEO Jason Oxman will echo the tech industry’s support of the effort during a roundtable event at the White House today.
Afero Announces Support for the "U.S. Cyber Trust Mark," the White House’s Cybersecurity Labeling Program for Internet-of-Things (IoT) Devices (Business Wire) Afero, the leading IoT Platform as a Service (PaaS) provider, today announced its support for the "U.S. Cyber Trust Mark," the newly announced White House cybersecurity labeling program for Internet-of-Things (IoT) Devices.
CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA) CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security.
Free Tools for Cloud Environments (CISA) This factsheet was developed for the purpose of aiding businesses transitioning into a cloud environment in identifying the proper tools and techniques needed for data security and protecting critical assets.
NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA) Today, the National Security Agency (NSA) and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice(s). This guidance builds upon the 2022 ESF guidance Potential Threats to 5G Network Slicing.
ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service) Today, Enduring Security Framework (ESF) partners the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published an assessment of 5G network slicing. ESF, a
Diameter-supported Firewalls Key to Protecting $58bn Business SMS Market, Finds Juniper Research (Juniper Research) View Juniper Research’s latest Press Release information for the media.
Steps Forward: Can ‘CNAPP’ solutions truly unify cloud, on-premises best cybersecurity practices? (Security Boulevard) A fledgling security category referred to as Cloud-Native Application Protection Platforms (CNAPP) is starting to reshape the cybersecurity landscape. Related: Computing workloads return on-prem CNAPP solutions assemble a varied mix of security tools and best practices and focuses … (more…)
Australian government to vet 5G, 6G security in new lab (iTnews) Will create space for research, and ask for a copy of results.
Workers Come and Go: Offboarding Security Gaps Remain the Same (Decipher) Onboarding and offboarding are operationally complex, time-consuming processes - and security frequently falls between the cracks.
Design and Innovation
ChatGPT lies – automating data provenance could help (Diginomica) As incredibly cool and useful as ChatGPT tools may soon become, they also tend to lie. A chain of provenance built on argument mining, data governance, and...
ChatGPT plugin detects attacks against ChatGPT-generated code (SecurityBrief Australia) We are already seeing new attacks against GenAI solutions, including AI hallucinations and prompt injections.
Academia
Volunteers with Ohio's Cyber Reserve fend off simulated cyber attacks at University of Cincinnati (WLWT) Hosting simulated computer assaults - and helping Ohio's cyber reservists work together, face-to-face - is part of the Cyber Range's educational mission.
Legislation, Policy, and Regulation
Xi wants to make the Great Firewall of China even greater (Register) Also more fiery, with vague but firm orders to create a 'security barrier'
EU Urged to Prepare for Quantum Cyber-Attacks (Infosecurity Magazine) A discussion paper from the European Policy Centre sets out recommendations for an EU quantum cybersecurity agenda
What the new EU-US Data Privacy Framework means for business (Computing) The new arrangement for EU-US transfer of personal data is an improvement over previous regulations in privacy terms, but has enough changed for the European Court of Justice to see it that way?
Bill that would allow French police to locate suspects by tapping their devices is up for a vote (AP News) French lawmakers are planning to vote on a justice reform bill that would allow law enforcement agents to obtain the locations of some criminal suspects by remotely tapping into digital cameras, microphones and other internet-connected devices.
Senate bill crafted with DEA targets end-to-end encryption, requires online companies to report drug activity (Record) A bill requiring social media companies, encrypted communications providers and other online services to report drug activity on their platforms to the U.S. Drug Enforcement Administration (DEA) has advanced to the Senate floor.
The time is now: Six considerations for the looming federal data privacy requirements (Federal News Network) As technology evolves and becomes more complex, so do the techniques of malicious actors looking to compromise systems and steal sensitive data.
A Cyber Force? Senate Proposes Study With Lessons Learned from Space Force (Air & Space Forces Magazine) A section in the Senate version of the 2024 NDAA calls for finding out if the U.S. needs an independent cyber force like the Space Force.
Efforts to Rein In AI Tap Lesson From Social Media: Don’t Wait Until It’s Too Late (Wall Street Journal) Activists and officials race to shape rules and public understanding of new artificial intelligence tools.
Ex-NSA Executive Considered for Nomination as Cyber Director (Financial Post) The White House is considering a former executive director of the National Security Agency to become the next national cyber director, according to two people…
Litigation, Investigation, and Law Enforcement
Facebook, Instagram face Norwegian ban from tracking users for ads (POLITICO) Meta’s social media platforms will be barred from behavioral advertising in August.
How judges, not politicians, could dictate America’s AI rules (MIT Technology Review) With politicians struggling to curb AI harms, it’s boom time for tech lawyers.
FTC investigation of OpenAI scrutinizes AI data security (American Banker) In a data breach at OpenAI, some ChatGPT users were able to see other users' financial data. In other cases, users have invoked their dead grandmothers to access information that should have been sealed off.
U.S. lawmakers extend social media investigation to Meta's Threads (CNBC) The letter from House Judiciary Chair Jim Jordan, R-Ohio, is an indication of the added spotlight Meta's newest product could bring to the company.
GOP lawmakers investigating Meta's new Threads platform over potential censorship (Fox Business) House Republicans' investigation into whether Meta committed First Amendment violations through Facebook and Instagram has now expanded to include its new app, Threads.
Big Tech Braces for Republican Investigations Over Censorship (Bloomberg Law) In September, Ohio Representative Jim Jordan and 34 of his Republican colleagues sent a letter to Meta Platforms Inc. Chief Executive Officer Mark Zuckerberg. In it they outlined their concerns that Meta suppressed material that would have been politically damaging to Joe Biden during the 2020 presidential campaign. “This letter serves as a formal request to preserve all existing and future records and materials,” they wrote.
Generative AI meets copyright (Science) Ongoing lawsuits could affect everyone who uses generative AI
IT worker jailed for impersonating ransomware gang to extort employer (BleepingComputer) 28-year-old Ashley Liles, a former IT employee, has been sentenced to over three years in prison for attempting to blackmail his employer during a ransomware attack.
Alleged Ukrainian scareware developer arrested after a decade on the run (Record) Spanish police have arrested a Ukrainian hacker who has been hiding from international authorities for over a decade.
HHS Office for Civil Rights Settles HIPAA Investigation with iHealth Solutions Regarding Disclosure of Protected Health Information on an Unsecured Server for $75,000 (DataBreaches.net) HHS has announced another Security Rule enforcement action. This one involves iHealth Solutions (dba Advantum Health), a business associate. The incident...