Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+511: Russia declares a blockade (and Turla's back). (CyberWire) Indiscriminate missile strikes against Ukrainian port cities accompany Russia's declaration of a Black Sea blockade. Sanctions may be weakening Russia's system of domestic surveillance. The FSB's Turla is back and engaging in cyberespionage.
Russia-Ukraine war: List of key events, day 512 (Al Jazeera) These are the main developments as the Russian invasion of Ukraine enters its 512th day.
Russia-Ukraine war at a glance: what we know on day 512 of the invasion (the Guardian) Third night of Russian strikes on port cities of Mykolaiv and Odesa damages property and causes multiple injuries; one person killed in Ukrainian drone-attack on occupied Crimea
At least 2 dead as Russia aims ‘retaliatory’ strikes at southern Ukraine cities for a third night (AP News) Russia pounded Ukraine’s southern cities, including the port of Odesa, with drones and missiles for a third consecutive night in a wave of strikes that has destroyed some of the country’s critical grain export infrastructure.
At least 20 wounded as Russia strikes Ukraine’s Mykolaiv, Odesa (A Jazeera) Latest Russian air attacks hit Ukrainian port cities of Mykolaiv and Odesa, local officials say.
Russia Targets Odesa for a Second Night (New York Times) Moscow launched drones and missiles at the Black Sea port city in what appeared to be continued retribution for an attack on a Crimean bridge.
Russia to deem Ukraine-bound ships 'potential carriers of military cargo' from Wednesday eve (Reuters) Russia's Defence Ministry said on Wednesday it would deem all ships travelling to Ukrainian ports to be potential carriers of military cargo and their flag countries to be parties to the conflict on the Ukrainian side.
Russia Says All Ships in the Black Sea Heading to Ukraine are ‘Potential Carriers of Military Cargo’ (USNI News) This post will be updated as new information is available. Two days after Russia pulled out of an agreement for Ukraine to ship grain through the Black Sea, the Kremlin declared all cargo ships traveling to Ukrainian ports as potentially carrying military cargo in support of Kyiv. “ In connection with the cessation of the functioning …
White House says Russia is preparing for attacks on civilian ships in Black Sea (AP News) The White House is warning that the Russian military is preparing for possible attacks on civilian shipping vessels in the Black Sea. The warning comes days after Russia suspended participation in a wartime deal that allowed grain to flow from Ukraine to countries around the world.
Russia may attack civilian ships in Black Sea and blame Ukraine, US warns (the Guardian) Warning comes after Moscow says all ships sailing to Ukrainian ports could be seen as ‘involved’ in conflict after it pulled out of the UN-backed grain deal
Exclusive: Ukraine’s Foreign Minister Says ‘We Don’t Need Russia’ To Resume Grain Shipments (Time) Ukraine is ready to restart grain exports despite Russia’s naval blockade of the Black Sea, Ukrainian Foreign Minister Dmytro Kuleba said on Tuesday, as Russian forces launched a fresh barrage of missiles at the Ukrainian ports where many of the grain shipments originate.
What was the Black Sea grain deal and why did it collapse? (the Guardian) What will happen now that Russia has pulled out of deal that allowed Ukrainian grain to reach world markets?
Ukraine's Counteroffensive Is Going Slowly. Is That A Problem? (RadioFreeEurope/RadioLiberty) Here's what we know six weeks into a major counteroffensive that Kyiv hopes will change the course of the war: It’s not happening. At least not yet. Whether the sluggish pace is trouble, underscoring Ukrainian weaknesses, Russian strengths, or something else, depends on whom you ask.
Video appears to show Russian mercenary chief Prigozhin for first time since short-lived mutiny (AP News) A new video appears to show Russian mercenary chief Yevgeny Prigozhin for the first time since he led a short-lived rebellion last month, and he is seen telling his troops they will spend time in Belarus training its military before deploying to Africa.
Prigozhin Appears In Video Weeks After Aborted Mutiny, Says Wagner Is Quitting Ukraine (RadioFreeEurope/RadioLiberty) Yevgeny Prigozhin, who led the Russian private Wagner mercenary group's aborted mutiny last month, has appeared in a video welcoming his fighters and saying they would be headed to Africa as the company was halting its involvement in Russia's war with Ukraine for the foreseeable future.
Over 20,000 Wagner troops killed, 40,000 wounded in Ukraine: Prigozhin-linked channel (POLITICO) Earlier, Yevgeny Prigozhin had said Wagner’s troops would not go back to fighting in Ukraine.
UK sanctions Wagner Group leaders and front companies responsible for violence and instability across Africa (GOV.UK) 13 new UK sanctions announced targeting individuals and businesses linked to the actions of Wagner Group in Africa.
If The Wagner Group is a Terrorist Organization, Shouldn't We Say So? (The Cipher Brief) Cipher Brief Experts weigh in on the opportunity to designate Russia's Wagner Group as a terrorist organization
Biden Administration Announces Additional Security Assistance for Ukraine (U.S. Department of Defense) The Defense Department announced a new security assistance package to support Ukraine's battlefield needs and underscore unwavering U.S. support.
US approves $1.3 billion package of long-term military aid for Ukraine (Military Times) Overall the U.S. has provided more than $40 billion in military aid to Ukraine since Russia invaded in Feb. 2022.
China complicit in Russia’s invasion of Ukraine, says MI6 chief (the Guardian) Sir Richard Moore says Xi Jinping’s regime has supported Vladimir Putin diplomatically and amplified ‘Russian tropes’ such as Nato being to blame
Russia’s losses are far higher than anyone could have believed (The Telegraph) Putin’s meatgrinder tactics have taken a horrendous toll
Ukraine’s Other Allies (Foreign Affairs) The West should assist the private actors helping arm Kyiv.
Writing On The Wall: The Activists Tallying Russia's Anti-War Protests (RadioFreeEurope/RadioLiberty) Volunteers for the Memorial human rights group are recording hundreds of protests that have taken place across Russia since the 2022 invasion of Ukraine, as well as the often life-changing punishments meted out to those caught "discrediting" Russia's military.
Russia’s vast telecom surveillance system crippled by withdrawal of Western tech, report says (Record) Russia- and China-produced technology isn't sophisticated enough to maintain SORM, the Kremlin's domestic surveillance system, according to a new paper from the Carnegie Endowment for International Peace.
Russia’s Turla hackers target Ukraine’s defense with spyware (Record) The Russian hacking group Turla is attacking Ukrainian defense forces with spying malware, according to new research from the country’s computer emergency response team (CERT-UA).
Russian Hackers Probe Ukrainian Defense Sector With Backdoor (Bank Info Security) The Russian Turla hacker group has targeted the Ukrainian defense sector and other Eastern European entities with a novel backdoor, dubbed DeliveryCheck, to deploy
Ukraine’s cyber police dismantled a massive bot farm spreading propaganda (Security Affairs) The Cyber Police Department of the National Police of Ukraine dismantled a massive bot farm and seized 150,000 SIM cards. A gang of more than 100 individuals used fake social network accounts to conduct disinformation and psychological operations in support of the Russian government and its narrative on the invasion of Ukraine. The gang used […]
Ukraine-Russia war: Putin cancels South Africa trip over threat of arrest (The Telegraph) Vladimir Putin will not attend the BRICS summit in South Africa next month where he was at risk of arrest, the country’s presidency said on Wednesday.
Ramaphosa’s spokesman explains decision on Russia’s participation in BRICS summit (TASS) Kremlin Spokesman Dmitry Peskov said earlier that Putin would address the BRICS summit via video conference and that he would properly take part in the event
Putin’s ‘child-snatcher’ and the mystery of her adopted Mariupol boy (The Telegraph) Maria Lvova-Belova described a sort of love at first sight when she adopted Filipp Golovnya, but all is not quite as it seems
Attacks, Threats, and Vulnerabilities
JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity (SentinelOne) North Korean state sponsored APT is behind a new supply chain attack on zero-trust directory platform JumpCloud.
Head of MI6 warns that China is setting ‘data traps’ for partners (Record) In a rare speech, Richard Moore said countries should be wary of signing deals with China that ultimately put them in a "data trap” that dilutes their sovereignty and leaves them vulnerable to influence from Beijing.
North Korean hackers breached a US tech company to steal crypto (Reuters) A North Korean government-backed hacking group penetrated an American IT management company and used it as a springboard to target an unknown number of cryptocurrency companies, according to two sources familiar with the matter.
US power grid faces escalating cyber threats, infrastructure experts warn (Nextgov.com) The power grid is experiencing heightened threats from foreign adversaries and domestic extremist groups that can pose devastating consequences for the nation’s supply of electricity, experts told a House subcommittee on Tuesday.
Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware (The Hacker News) APT41, a China-linked nation-state actor, has been linked to two new Android spyware strains, WyrmSpy and DragonEgg.
Flash Report: Analysis of Clop Ransomware Activity (ZeroFox) Executive Summary Clop (a.k.a. Cl0p) activity is typically characterized by very low levels of activity for a period of several months, followed by
P2PInfect: The Rusty Peer-to-Peer Self-Replicating Worm (Unit 42) A novel peer-to-peer worm written in Rust is uniquely scalable. It targets open-source database Redis and can infect multiple platforms.
DDoS Botnets Target Zyxel Vulnerability CVE-2023-28771 | FortiGuard Labs (Fortinet Blog) Get a detailed explanation of the payload delivered through CVE-2023-28771 and associated botnets. Lean more.…
Bad ad fad leads to IcedID, Gozi infections (Sophos News) Malvertising campaigns using paid ads result in infostealer and backdoor attacks
Exploiting SteelSeries' Subapplication Mechanism for Privilege Escalation (Akamai) Akamai security researcher Tomer Peled recently discovered two vulnerabilities in SteelSeries’ application.
MOVEit Data Breach Leaks Deutsche Bank, ING, Postbank, and Comdirect’s Customer Data (CPO Magazine) Deutsche Bank AG has confirmed leaking customer data via a third-party service provider impacted by a MOVEit data breach.
PlainsCapital Bank Announces Data Breach Involving Vendor’s Use of MOVEit (JD Supra) On July 14, 2023, PlainsCapital Bank filed a “Notice of Data Event” with the Attorney General of Montana after discovering that one of the bank’s vendors experienced a data breach related to the vendor’s use of the file-transfer program MOVEit.
Differences between IT and control system cyber incidents in maritime (ControlGlobal) Drawing from open-source information, the NHL Stenden’s Maritime IT Security research group collected information on over 160 cyber incidents in the maritime industry for the MCAD
Tech support scammers now accepting cash via snail mail (Register) The approach is the same, but never mind the crypto or gift cards
FIA World Endurance Championship driver passports leaked (Security Affairs) Le Mans Endurance Management, operating the FIA World Endurance Championship’s website, exposed the data of hundreds of drivers by leaking their IDs and drivers’ licenses, the Cybernews research team has discovered. On June 16th, our researchers came across two misconfigured, meaning publicly exposed, Google Cloud Storage buckets. Both combined, they contained over 1.1 million files. […]
BlackCat and Clop gangs both claim cyber attack on Estée Lauder (ComputerWeekly.com) Cosmetics conglomerate Estée Lauder is experiencing operational disruption in the wake of a cyber attack that seems to involve two different cyber crime gangs.
BlackCat, Clop claim ransomware attack on cosmetics maker Estee Lauder (Record) U.S. cosmetics manufacturer Estee Lauder has suffered a cyberattack, the company confirmed on Tuesday.
Estee Lauder Hit by Cyber Attack, With Some Business Operations Disrupted (Insurance Journal) Cosmetics maker Estee Lauder on Tuesday said a hacker had obtained some data from its systems, with the cyber incident causing, and expected to further
CISA Adds One Known Exploited Vulnerability to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-3519 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
Security Patches, Mitigations, and Software Updates
SolarWinds Updates Build System to Align With NIST Secure Software Development Framework (ChannelE2E) SolarWinds' Next-Generation Build System now aligns with NIST's Secure Software Development Framework, the company said.
Trends
GRIT Ransomware Report-2023-Q2 (Guidepoint Security) Q2 of 2023 continued a trend of increasing numbers of ransomware victims, brought a record increase in the number of first-seen ransomware groups, and brought new vulnerabilities that lead to large-scale attacks. Victim volume reached the highest volume observed since GRIT began tracking and reporting on ransomware statistics in 2022.
CybeReady Research Shows Newer, Untrained Employees Pose Heightened Cyber Risk to Organizations (EIN Presswire) CybeReady, a global leader in security awareness training, has conducted extensive research based on millions of data points, accumulated from training enterprise employees over the past five years. According to CybeReady, the data reveals that new employees regularly show a propensity for higher-risk behaviors compared to veteran employees. The data coming out of CybeReady establishes a direct correlation between employee veterancy within a company and its cybersecurity risk level.
Salt Security Report Identifies Significant API Vulnerabilities and Attacker Activity in Financial Services and Insurance Companies (PR Newswire) Salt Security, the leading API security company, today released findings from its first industry-focused report on API security, the 2023...
New Research from Sonar on Cost of Technical Debt (Sonar) New original research from Sonar puts a spotlight on the millions of dollars that businesses lose when they fail to implement an optimal approach for software development.
Two-Thirds of DoD, Aviation, and Rail Organizations Experienced Preventable Fleet Downtime Due to a Lack of Effective Predictive Maintenance (Business Wire) Eighty-Nine Percent Say They Must Improve Their Ability to Predict and Prevent Equipment Failure
Marketplace
UK approves Broadcom-VMware deal (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
Egnyte continues to grow and an IPO seems inevitable (TechCrunch) Egnyte is like the little engine that could. It just keeps chugging along with slow but steady growth as it marches toward an IPO.
RISC Zero raises $40 million to bring in-the-weeds cryptography to regular developers (Fortune Crypto) Zero-knowledge proofs continue to attract buzz in the world of crypto.
Cisco is laying off more workers as part of the restructuring plan it announced last fall (Silicon Valley Business Journal) The networking giant is shedding additional staff after laying off 583 Silicon Valley workers earlier this year.
Artificial Intelligence Enters the Workforce: Cengage Group’s 2023 Employability Report Exposes New Hiring Trends, Shaky Graduate Confidence (Cengage) Cengage Group’s Employability Report surveys recent graduates and employers on emerging technologies, like generative AI, and its impact on the workforce.
Cengage Group 2023 Graduate Employability Report: AI Joins the Workforce (Cengage Group) After years characterized by The Great Resignation and Quiet Quitting, the job landscape in 2023 has been transformed by something quite different. The introduction - and growing adoption - of generative artificial intelligence (AI) has had a significant impact on the workforce in nearly every industry.
Veza Welcomes Phil Venables to its Board of Directors (Business Wire) World-renowned cybersecurity leader joins the Identity Security Company’s Board
Products, Services, and Solutions
Diligent Launches Board Reporting for IT Risk, Providing Directors a Holistic View of Their Organization’s Cybersecurity and IT Risk Posture (Diligent) Diligent Launches Board Reporting for IT Risk, Providing Directors a Holistic View of Their Organization’s Cybersecurity and IT Risk Posture
Cerbos Adds Major New Features to Cerbos Cloud for Streamlining the Implementation and Management of Authorization Policies at Limitless Scale (GlobeNewswire News Room) Cerbos, the adaptive authorization software company, today announced that it is adding major new features to...
Now in private beta: Create a 1Password account using a passkey | 1Password (1Password Blog) 1Password is beta testing the option to unlock 1Password account with a passkey. Learn more about the private beta, and what it means for 1Password customers.
Egress defends users against phishing threats with adaptive security capability (Help Net Security) Egress launched adaptive security for its Intelligent Email Security platform, offering customers automated and tailored protection.
Snap Finance uses Contrast as an all-in-one security tool | Identify and remediate vulnerabilities (Contrast Security) Contrast’s platform was the all-in-one security tool Snap Finance needed to identify vulnerabilities and help remediate them.
BackupVault Partners With AvePoint To Expand Backup Solutions (MarketScreener) England - BackupVault, a leading UK-based cloud backup and data protection provider, is excited to announce its partnership with AvePoint, the largest independent software vendor of SaaS solutions...
Checkmarx Introduces Codebashing 2.0, the First AppSec Solution to Boost Developer Experience and Adoption with New Gamified User Interface (PR Newswire) Checkmarx, the global leader in application security solutions, has introduced Codebashing 2.0, its latest developer AppSec learning solution,...
AvePoint Expands 20-Year Microsoft Relationship with Microsoft 365 Backup, Enhancing Data Resiliency Suite (GlobeNewswire News Room) Integration with the Microsoft 365 Backup API strengthens data protection and speeds time-to-restore for safe digital collaboration...
ThreatModeler Sets New Standard for Securing Infrastructure as Code with Launch of IaC-Assist 2.0 (PR Newswire) ThreatModeler©, a leader in threat modeling from design to code to cloud, today announced the launch of IaC-Assist 2.0, an integrated...
ZeroFox Contributes to Open Source Amass Project to Help Businesses Manage Their External Attack Surface (GlobeNewswire News Room) The company’s multi-quarter engineering investments include tools and new standards framework for Attack Surface Management...
Radiant Logic Master User Record Included in NIST NCCoE Latest Zero Trust Architecture Special Publication (Business Wire) NIST SP 1800-35 Vol B and C, Implementing a Zero Trust Architecture, Provides Reference Architectures and How To Guides for Integrating Radiant Logic with other ZTA Technologies
Proactive Risk Partners with Panorays to Expand Delivery of Automated Third-Party Security Risk Management to the Legal Advisory Market (GlobeNewswire News Room) The partnership addresses growing the NYC Metro Region customer and partner demand for improved cybersecurity visibility and faster decision-making...
Island Enterprise Browser Now Available in AWS Marketplace (Island) Island, the leader and pioneer in the Enterprise Browser market, announced today that the Island Enterprise Browser is now available in the AWS Marketplace.
LTIMindtree and CYFIRMA Team to Protect Modern Connected Digital Organizations from Emerging Cyber Threats (LTIMindtree) EDISON, NJ, and MUMBAI, India – July 20, 2023: LTIMindtree [NSE: LTIM, BSE: 540005], a global technology consulting and digital solutions company, is pleased to announce its strategic partnership with CYFIRMA, an external threat landscape management platform company, to enhance the threat intelligence capabilities of its XDR platform and help global enterprises identify, evaluate, andRead More
Technologies, Techniques, and Standards
How to tell if a gadget is secure? Look for this new government seal. (Washington Post) Baby monitors, thermostats and smart TVs are security and privacy nightmares. The U.S. Cyber Trust Mark promises to help you ID the good ones — if industry doesn’t water down the standards.
New research reveals rapid remediation of MOVEit Transfer vulnerabilities (Bitsight) CVE-2023-35036 & CVE-2023-35708 — were identified on June 9th and June 15th in the latest series of high-profile software supply chain vulnerabilities.
WSJ News Exclusive | Microsoft to Offer Some Cybersecurity Tools Free After Suspected China Hack (Wall Street Journal) The company says it will make security logs available to customers with lower-cost cloud services.
CISA works with Microsoft to expand cloud logging after U.S. gov’t hack controversy (Record) Microsoft is expanding access to critical tools that will help organizations investigate cybersecurity incidents after facing significant backlash following a breach linked to Chinese hackers that targeted the U.S. government and other organizations.
Microsoft expands access to cloud logging data for free after Exchange hacks (BleepingComputer) Microsoft is expanding access to additional cloud logging data for customers worldwide at no additional cost, allowing easier detection of breached networks and accounts.
Endor Labs’ ‘State of Dependency Management 2023’ Report Offers Insight on Explosive Popularity of AI and LLMs—and How They Impact Application Security | Endor Labs (Endor Labs) Endor Labs, creator of the Code Governance Platform, today released “State of Dependency Management 2023,” a new research report exploring emerging trends that software organizations need to consider as part of their security strategy, and risks associated with the use of existing open source software (OSS) in application development.
Moveit Hack Brings Vendor Assessment to Forefront | PLANADVISER (PLANADVISER) SPARK Institute members provide guidance on how advisers can both prepare for and respond to participant data concerns stemming from nationwide breach.
Security Awareness Training Isn’t Working - How Can We Improve It? (SecurityWeek) Security awareness training doesn’t protect all industries and all people all the time, and social engineering is getting better.
Sensitive data FOMO: You can't afford to miss out on data security (Security Intelligence) Missing out on a social gathering is a bummer. But missing out on where and how your data is managed can lead to catastrophe.
Bridging the gap to safeguard critical infrastructure (DataCentreNews UK) The integration of OT systems into IT networks expands their attack surface and creates new risks that need to be managed.
MeriTalk Research: Enabling the Full Potential of Predictive Maintenance (MeriTalk) The need for better predictive maintenance capabilities in defense, commercial aviation, and commercial rail is urgent. However, factors like legacy systems, tooling, and a lack of access to real-time onboard data cause are getting in the way of reaching that goal, according to a new report from MeriTalk and underwritten by Shift5, the observability platform for onboard operational technology (OT).
Design and Innovation
OpenAI and other firms are using synthetic data to train AI models (Computing) Major tech firms developing generative AI models are actively exploring a new approach to acquiring the vast amounts of information they need for their advanced models: creating it from scratch using computer-generated data.
OpenAI Wants to Harness AI. It Should Pause Instead (The Information) Earlier this month, OpenAI announced a new “superalignment team” with a goal to “solve the core technical challenges of superintelligence alignment in four years.” Ilya Sutskever, OpenAI’s co-founder and chief scientist, will make this research his core focus, and the company said it would ...
Academia
Clemson University Bans TikTok (GovTech) A public land-grant research university in South Carolina is one of a growing number of institutions that have decided to ban the popular social media app due to concerns about data collection and security.
Legislation, Policy, and Regulation
Does NATO Need Its Own Cyber Command? (OODA Loop) The Ukraine conflict had revealed how the global community can quickly come to the aid of a country that can be potentially overwhelmed by a stronger force. NATO has responded by helping to coordinate Ukrainian requests for assistance
The New Spy Wars (Foreign Affairs) How China and Russia use intelligence agencies to undermine America.
China lashes out at US accusation of cyber intrusion (PressTV) China voices outrage at accusations leveled against it by the United States of anti-US cyber activity.
Fact Sheet: Office of the National Cyber Director Requests Public Comment on Harmonizing Cybersecurity Regulations (The White House) RFI Cybersecurity Regulatory Harmonization Today, the White House Office of the National Cyber Director (ONCD) is announcing a request for information (RFI) on cybersecurity regulatory harmonization and regulatory reciprocity. The RFI builds on the commitment the Administration made in the National Cybersecurity Strategy to “harmonize not only regulations and rules, but also assessments and audits…
White House seeks public insight to harmonize ‘inconsistent’ cyber regulations (Nextgov.com) The Biden administration wants to use public feedback to shape baseline cybersecurity regulations that function across industries and sectors.
White House issues cybersecurity plan as GOP calls for restraint (Roll Call) The White House plan to implement a broad cybersecurity strategy assigns more than a dozen federal agencies specific deadlines.
Barr acknowledges AI’s promise but warns of bias risk (Banking Dive) The red flag is one of five takeaways from a speech Tuesday in which the regulator also touched on the status of the multiagency CRA revamp.
One senator’s big idea for AI (POLITICO) With other lawmaking thin on the ground, Sen. Gary Peters is quietly pushing an idea: On AI, the government should start by regulating itself.
FCC chair talks biggest cyber issues, ‘modern meaning’ of old authorities (Washington Post) Under the tenure of Chair Jessica Rosenworcel, the Federal Communications Commission has recently launched several cybersecurity-focused initiatives and has been mentioned in a federal implementation plan to overhaul the U.S. cybersecurity landscape. The FCC will also be part of a new initiative that aims to put cybersecurity labels on smart devices, which Rosenworcel recently discussed with my colleague Geoffrey A. Fowler.
Litigation, Investigation, and Law Enforcement
HCA now faces at least 5 lawsuits in huge data breach (Becker's Hospital Review) At least five patients in four states are taking legal action against HCA Healthcare after a massive data breach.