Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+512: Black Sea blockade. (CyberWire) Russia's imposition of a blockade on Ukrainian ports is consistent with a strategy of deliberately inducing famine. Russian security organs and their hacktivist auxiliaries continue action against Western targets.Ukraine at D+512: Black Sea blockade.
Russia Strikes Grain Export Facilities In Odesa Region For Fourth Day, Carries Out Live Fire Naval 'Drill' (RadioFreeEurope/RadioLiberty) Russia continued to attack Ukrainian Black Sea port installations for a fourth day on July 21, striking grain storage facilities in the Odesa region and causing damage and injuries after refusing to prolong a UN-sponsored deal that allowed Ukraine to continue exporting grain abroad.
Russia-Ukraine war: List of key events, day 513 (Al Jazeera) These are the main developments as the Russian invasion of Ukraine enters its 513th day.
Chinese Foreign Ministry Monitoring Developments After Russian Strike On Odesa Damages Consulate Building (RadioFreeEurope/RadioLiberty) China's Foreign Ministry says it is closely following developments after its consulate in Odesa was damaged in a Russian missile strike.
Ukraine begins firing U.S.-provided cluster munitions at Russian forces (Washington Post) Kyiv’s use of the widely banned weapon comes amid Russian missile strikes on Ukrainian grain silos
Ukraine has begun deploying cluster bombs against Russian forces, says White House (the Guardian) Controversial munitions are being used ‘quite effectively’, claims White House national security spokesman
Russian navy rehearses firing rockets at ships in Black Sea after warning to Ukraine (Reuters) Russia's Defence Ministry said on Friday that its Black Sea Fleet had practised firing rockets at surface targets in a live fire exercise, two days after it warned that ships heading to Ukraine's Black Sea ports could be considered military targets.
Ukrainian Military Warns Ships Against Heading to Russian Black Sea Ports (Wall Street Journal) Moscow issued a similar warning the day before, underscoring the Black Sea’s strategic importance for both countries.
Black Sea Threats Escalate as Ukraine Warns on Russian Ships (Bloomberg) Kyiv makes tit-for-tat response to threat from Moscow. Wheat prices jump further after Black Sea deal collapses.
White House says Russia is preparing for attacks on civilian ships in Black Sea (AP News) The White House is warning that the Russian military is preparing for possible attacks on civilian shipping vessels in the Black Sea. The warning comes days after Russia suspended participation in a wartime deal that allowed grain to flow from Ukraine to countries around the world.
By pulling out of the Ukrainian grain deal, Russia risks alienating its few remaining partners (AP News) By pulling out of a landmark deal that allowed Ukrainian grain exports through the Black Sea, Russian President Vladimir Putin has taken a gamble that could badly damage Moscow’s relations with many of its partners that have stayed neutral or even been supportive of the Kremlin’s invasion of its neighbor.
Putin’s evil new weapon could win him the war (The Telegraph) The Kremlin will use any tactic to emerge victorious, even pushing much of Africa into mass starvation
UN Atomic Watchdog's Inspectors Still Don't Have Access To Rooftops At Zaporizhzhya Nuclear Plant (RadioFreeEurope/RadioLiberty) Russia has still not provided UN nuclear experts at the Zaporizhzhya nuclear power plant in Ukraine access to the rooftops of the occupied facilitie's reactors, the agency said on July 20.
Putin cut deal with Wagner 'to save his skin,' MI6 chief says in rare speech | CNN (CNN) It was a rare moment when the publicly visible Kremlin matched the reality behind closed doors.
CIA Chief Says Putin Likely To Take His Time Before Going After Prigozhin (RadioFreeEurope/RadioLiberty) CIA head William Burns says he expects Russian President Vladimir Putin to bide his time and wait before seeking retribution against Wagner mercenary chief Yevgeny Prigozhin, following his aborted mutiny against Russia's military leadership last month.
Russia's Wagner mercenaries launch joint training with Belarusian military near Poland's border (AP News) Mercenaries from Russia’s military company Wagner have launched joint drills with the Belarusian military almost a month after their short-lived rebellion. The Belarusian Defense Ministry said the week-long maneuvers that started on Thursday will be conducted at a firing range near a city on the country's border with Poland.
Poland Says It Is Moving Soldiers To East Of Country Due To Wagner Risks (RadioFreeEurope/RadioLiberty) Poland's security committee decided in a meeting on July 19 to move military units to the country's east due to the Wagner Group's presence in Belarus, state-run news agency PAP quoted its secretary as saying on July 21.
Russian War Report: Wagner is still in business in Africa (Atlantic Council) Despite their Russia-based forces being relocated to Belarus after their failed mutiny, Wagner Group is still alive and active in Africa, including ahead of a referendum in the Central African Republic.
MI6 chief Richard Moore on Ukraine and the future of intelligence gathering (POLITICO) In an exclusive interview for POLITICO’s forthcoming podcast Power Play, Richard Moore, chief of the UK’s Secret Intelligence Service — MI6 — speaks to Anne McElvoy about how …
After the NATO Summit: Are We Already at War with Russia? (RUSI) Now that the dust has settled on the recent NATO summit in Vilnius, it is worth considering some of its longer-term implications.
Treasury Sanctions Impede Russian Access to Battlefield Supplies and Target Revenue Generators (U.S. Department of the Treasury) Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is taking action to further implement the commitments that G7 Leaders made on February 24, 2023 and May 19, 2023.
U.S. Announces New Sanctions Aimed At Curbing Russia's Ability To Buy Weapons Technology (RadioFreeEurope/RadioLiberty) The United States has imposed new Russia-related sanctions targeting 18 individuals and dozens of entities in a move aimed at inhibiting Russia’s access to products that support its war efforts.
New US sanctions aimed at choking off Russia access to battle gear (Federal Times) Deputy Secretary of the Treasury Wally Adeyemo said Thursday’s actions represent another step in our efforts to constrain Russia’s military capabilities.
Zelenskiy Dismisses Ukraine's Ambassador To Britain (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy has dismissed his country's ambassador to Britain without giving reasons for the move.
Romanian Intelligence General: All Russian secret services attempted cyber attacks against Romania (ACTMedia) The head of the Cyberint center within the Romanian Intelligence Service (SRI), General Anton Rog, says that all three Russian intelligence services tried to la...
KillNet Showcases New Capabilities While Repeating Older Tactics (Mandiant) KillNet has remained relatively consistent in its targeting of Ukraine’s supporters and prioritization of DDoS attacks.
Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans. (CyberScoop) Anonymous Sudan appears to be affiliated with Killnet, a pro-Russian hacktivist persona that emerged in late 2021 or early 2022.
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective (SC Media) Mandiant researchers say Anonymous Sudan has taken over as the most prolific affiliate of KillNet, a collective of Russia-aligned ‘hacktivist’ groups, carrying out the majority of the group's DDoS attacks in recent months.
Microsoft Exchange servers compromised by Turla APT (Help Net Security) Turla has been targeting the defense sector in Ukraine with backdoors, using compromised Microsoft Exchange servers to control them.
Scoop! Why Ben from Ben & Jerry’s blames America for war in Ukraine (POLITICO) Your favorite ice cream mogul is campaigning against countering Vladimir Putin’s aggression.
“Pariah” Putin forced to cancel travel plans over fears of war crimes arrest (Atlantic Council) Vladimir Putin's pariah status has been confirmed after he was forced to cancel plans to attend a summit of BRICS leaders in South Africa over fears that he may be arrested for war crimes, writes Peter Dickinson.
Children are not the only ones being abducted by Russia (The Telegraph) Elderly and vulnerable Ukrainians left in agony after being taken into Russian territory, Telegraph investigation reveals
Media Watchdog Confirms Missing Ukrainian Journalist Is In Russian Penal Colony (RadioFreeEurope/RadioLiberty) Ukrainian journalist Dmytro Khylyuk, who went missing last year after he was detained by occupying Russian troops, is in a penal colony in Russia's Vladimir region, Reporters without Borders (RSF) said in a statement.
Attacks, Threats, and Vulnerabilities
US ambassador to Beijing targeted in Chinese cyber-attack – report (the Guardian) Nicholas Burns’ emails reportedly accessed in hack that exploited flaw in Microsoft system and took Washington by surprise
Hacking of Government Email Was Traditional Espionage, Official Says (New York Times) The hackers penetrated the accounts of senior State Department officials, including the U.S. ambassador to China.
Compromised Microsoft Key: More Impactful Than We Thought (Wiz Blog) Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.
CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519 (Cybersecurity and Infrastructure Security Agency CISA) The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway.
First Known Targeted OSS Supply Chain Attacks Against the Banking Sector (Checkmarx.com) In the first half of 2023, Checkmarx’s Supply Chain research team detected several open-source software supply chain attacks that specifically targeted the banking sector.
A Twist in the Code: OpenMeetings Vulnerabilities through Unexpected Application State (Sonar) Unexpected application states are often overlooked and can introduce severe security vulnerabilities. Read more about this real-world example.
Fresh Phish: HTML Smuggling Made Easy, Thanks to a New Dark Web Phish Kit (INKY) The dark web makes it possible for amateur phishers to unleash complex and effective credential harvesting schemes, including HTML Smuggling. INKY’s email security platform has what it takes to stop these threats.
North Korean hackers linked to attempted supply-chain attack on JumpCloud customers (Record) The company had initially attributed the incident to a "sophisticated nation-state sponsored threat actor." Reports tied the attack to North Korean hackers in search of cryptocurrency to support the regime.
North Korean hackers breached a US tech company to steal crypto (Reuters) A North Korean government-backed hacking group penetrated an American IT management company and used it as a springboard to target an unknown number of cryptocurrency companies, according to two sources familiar with the matter.
GitHub warns of Lazarus hackers targeting devs with malicious projects (BleepingComputer) GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.
Cyberattack on GitHub customers linked to North Korean hackers, Microsoft says (Record) Microsoft is attributing a cyberattack on customers of software development platform GitHub to a previously unknown hacking group based in North Korea.
Security alert: social engineering campaign targets technology industry employees (The GitHub Blog) GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.
BMC&C: Lights Out Forever (Eclypsium) Earlier this year, Eclypsium Research discovered and reported 5 vulnerabilities in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software. MegaRAC BMC is a critical supply chain component found in millions of devices worldwide and used by multiple top-tier manufacturers to deliver “lights-out” management for servers. Today, Eclypsium Research is disclosing a pair of […]
Google says Apple employee found a zero-day but did not report it (TechCrunch) While the bug itself is not newsworthy, the circumstances of how this bug was found and reported to Google are, to say the least, peculiar.
LockBit Ransomware: Inside the World's Most Active Ransomware Group (Flashpoint) A closer look at Lockbit, the most dominant ransomware group of the last year, plus how organizations can defend against the RaaS operators.
FTC, HHS warn of potential privacy and security risks embedded in online health sites (Nextgov.com) The agencies noted hospitals and telehealth providers could be exposing sensitive patient health information through online tracking tools like Meta Pixel and Google Analytics.
Notice to Our Patients of Cybersecurity Event (Cybersecurity Notice | Tampa General Hospital) Rampa General Hospital considers the health, safety, and privacy of our patients and team members a top priority. Regrettably, this notice concerns a cybersecurity event that may have involved some of that information.
Tampa General Hospital confirms cybersecurity incident; 1.2 million patients being notified (Databreaches.net) Tampa General Hospital in Florida was hit by a cyberattack during three weeks in May, according to a statement issued by the hospital earlier today. The...
Scammers are targeting college kids with fake bioscience job offers (Record) Cybercriminals are targeting college students with fake job offers in the bioscience and health industries with the hope of extracting fees out of victims, experts are warning.
VirusTotal apologizes for data leak affecting 5,600 customers (BleepingComputer) VirusTotal apologized on Friday for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month.
Norton Healthcare cyber attack highlights record year for data breaches nationwide (WDRB) ITRC said there were nearly 1,400 data compromises for the first half of this year, higher than the yearly total for almost every year between 2005-20.
‘It feels like a digital hurricane’: Coastal Mississippi county recovering from ransomware attack (Record) A coastal Mississippi county is in the process of recovering from a wide-ranging ransomware attack that took down nearly all of the government’s in-office computers.
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA (Cybersecurity and Infrastructure Security Agency CISA) CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-29298 Adobe ColdFusion Improper Access Control Vulnerability
CVE-2023-38205 Adobe ColdFusion Improper Access Control Vulnerability
Security Patches, Mitigations, and Software Updates
Oracle Releases Security Updates | CISA (Cybersecurity and Infrastructure Security Agency CISA) Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.
CISA Releases One Industrial Control Systems Advisory (Cybersecurity and Infrastructure Security Agency CISA) CISA released one Industrial Control Systems (ICS) advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation Controllers
Trends
Record Ransomware Attacks: June 2023 Highest Month Ever (Corvus Insurance) Threat actors broke another record. Here's what you need to know.
NCC Group Monthly Threat Pulse - June 2023 (Mynewsdesk) Ransomware attacks continue to hit record levels with 434 attacks in June 2023, a 221% increase on the same period last year
• Threat actor Clop claims...
The Convergence of Cybersecurity and Everything (Strategy of Security) Exploring the convergence of cybersecurity with adjacent markets, the impact of this trend so far, and what we can expect in the future.
Marketplace
Air Force Veteran Roger Ouellette Assumes CISO Role at V2X (GovCon Wire) Looking for the latest GovCon News? Check out our story: Roger Ouellette Appointed V2X CISO. Click to read more!
Products, Services, and Solutions
Actility Acquires SCHC Pioneer Acklio, Advancing Yet Another Step Towards the Internet of Everything – Actility (Actility) Actility today announced the acquisition of Acklio, the leading provider of SCHC technology for LPWAN (Low Power Wide Area Network) networks.
Radware Bot Risk Scanner Safeguards Your Splunk Applications From Malicious Bots (Radware) Twenty-five percent of all internet traffic today is generated by bad bots. Unfortunately, many organizations cannot make a definitive distinction between good and bad bots. This leaves its applications vulnerable to malicious threats posed by these automated programs.
AvePoint Expands 20-Year Microsoft Relationship with Microsoft 365 Backup, Enhancing Data Resiliency Suite (GlobeNewswire News Room) Integration with the Microsoft 365 Backup API strengthens data protection and speeds time-to-restore for safe digital collaboration...
Data Storage Corporation Announces Multi-Million Dollar Project with One of the Nation’s Leading Sports & Entertainment Companies (GlobeNewswire News Room) Data Storage Corporation (Nasdaq: DTST) (“DSC” and the “Company”), a provider of diverse business...
Technologies, Techniques, and Standards
Microsoft to stop locking vital security logs behind $57-per-user monthly plan (Ars Technica) US agency urged Microsoft to expand access to logs that can identify cyberattacks.
Why Security Fatigue Is a Huge Cybersecurity Risk (ForgeRock) Companies can save an average of $2.66 million by testing their cybersecurity incident response plan, but many choose not to. Whether this is out of necessity or negligence, it may cost businesses their reputation and revenue in the long run. Failing to keep up with cybersecurity can have compounding effects. However, overcomplicating security can be just as damaging. Security fatigue is a major risk for businesses. Find out how to mitigate it in your organization to protect your digital assets.
Design and Innovation
A Battlefield AI Company Says It’s One of the Good Guys (WIRED) Helsing AI is building an operating system for warfare and says it’ll only ever sell to democracies.
Research and Development
Nubeva's Ransomware Reversal Technology Proven in Rigorous Third-Party Testing at MISI's DreamPort Facility (Yahoo Finance) 100% key capture rate and successful ransomware decryption highlights Nubeva’s significant achievement in ransomware defense capabilitiesSAN JOSE, Calif., July 20, 2023 (GLOBE NEWSWIRE) -- Nubeva Technologies (TSX-V: NBVA), a cybersecurity company specializing in decryption, is pleased to announce the successful results of a month-long rigorous third-party evaluation for its Ransomware Reversal technology conducted by MISI. MISI is a cybersecurity nonprofit fueling the people and technology need
Legislation, Policy, and Regulation
Apple slams UK surveillance-bill proposals (BBC News) The technology giant says it could remove services such as FaceTime from the UK over potential changes
Apple accuses UK government of trying to become ‘global arbiter’ of encryption (Record) Apple has accused the British government of attempting to become “the de facto global arbiter of what level of data security and encryption are permissible” in response to new legal proposals.
BNamericas - Colombia plans creation of national cybersec... (BNamericas.com) The country aims to become a global cybersecurity powerhouse, ICT minister Mauricio Lizcano told an event.
National Cyber Strategy Asks Large Companies to Assume Greater Defensive Role (MSSP Alert) The Office of the National Cyber Director (ONCD) has published its roadmap for implementation of the National Cybersecurity Strategy.
Air Force Nominee to Lead NSA and CYBERCOM Says They Should Keep Sharing One Leader (Air & Space Forces Magazine) Air Force Lt. Gen. Timothy Haugh, nominee to lead U.S. Cyber Command (CYBERCOM) and the NSA, says he supports keeping a dual-hat leader.
NSA, Cyber Command nominee touts support of Section 702 renewal (The Hill) Air Force Lt. Gen. Timothy Haugh, President Biden’s pick to lead the NSA and the U.S. Cyber Command, said on Thursday that he is in favor of renewing Section 702 of the Foreign Intelligence Surveil…
Biden’s NSA, CYBERCOM nominee backs foreign spy law as ‘irreplaceable’ (C4ISRNet) “Counterterrorism actions, the ability to see some of the egregious acts that Russia has done in Ukraine? Informed by 702,” said Lt. Gen. Timothy Haugh.
A.I. Won't Replace Humans at the NSA, Nominee Tells Senate (USNI News) Artificial intelligence is and will remain an enabler not a replacement for humans in the work of Cyber Command and the National Security Agency, the nominee to head both told the Senate Armed Services Committee Thursday. “A human will be interfacing with that machine and that data,” Air Force Lt. Gen. Timothy Haugh told the …
Justice Department Revamps Crypto Enforcement Team (Wall Street Journal) The National Cryptocurrency Enforcement Team will become a permanent fixture of a section of the agency that investigates computer-related crimes.
DOJ to add top crypto sleuths to cybercrime office (POLITICO Pro) The Justice Department is adding a team of top cryptocurrency investigators to its cybercrime office, top officials from its criminal division announced Thursday.
DHS Issues Final Rule Regulating Federal Contractors’ Handling of Controlled Unclassified Information (Lexology) On June 21, 2023, the U.S. Department of Homeland Security (DHS) issued a long-anticipated cybersecurity final rule (DHS Final Rule), which revises…
Cyber assistance bills for agriculture sector gain bipartisan attention in Senate (Record) The Food and Agriculture Industry Cybersecurity Support Act and the Cybersecurity for Rural Water Systems Act are aimed at making cybersecurity easier for the sector.
Sen. Casey rolls out bills to protect workers from AI surveillance and 'robot bosses' (NBC News) The Pennsylvania Democrat, who is seeking re-election in 2024, believes creating guardrails for artificial intelligence will be the next frontier in the fight for workers’ rights.
Top tech firms sign White House pledge to identify AI-generated images (Washington Post) Google, and ChatGPT-maker OpenAI, agreed to the voluntary safety commitments, part of an escalation in the Biden administration’s interest in the area as it readies an AI-focused executive order
Litigation, Investigation, and Law Enforcement
Fake passports, real bank accounts: How TheTruthSpy stalkerware made its millions (TechCrunch) A network of fake sellers, created with forged documents, allowed a global phone surveillance ring to operate under the radar for years.