Dateline Moscow and Kyiv: Preparing for renewed fighting.
Ukraine at D+442: Russians say the Ukrainian counteroffensive has begun. Ukraine differs. (CyberWire) Mr. Prigozhin offers an alibi for combat failure, and KillNet meditates on the problems of rebranding as a PMHC.
Russia-Ukraine war: List of key events, day 443 (Al Jazeera) As the war enters its 443rd day, we take a look at the main developments.
Ukraine drives back Russian forces around Bakhmut (NBC News) President Volodymyr Zelenskyy said his military needed more time before launching a counteroffensive, despite claiming to have struck back in the key eastern battle.
Ukraine’s counter offensive is 'in full swing', claims Wagner chief (The Telegraph) Yevgeny Prigozhin accuses Volodymyr Zelensky of being deceptive when he says Kyiv is not ready to mount an attack
Beyond Ukraine’s Offensive (Foreign Affairs) The West needs to prepare the country’s military for a long war.
Deciphering Vladimir Putin’s unspoken Victory Day message (Atlantic Council) Putin's unspoken Victory Day message: The seating arrangements at this week’s parade indicate that despite the military setbacks of the past 15 months, the Russian dictator is doubling down on his goal of subjugating Ukraine.
Britain is first nation to send long-range missiles to Ukraine (The Telegraph) The weapons, which cost about £2.2m each, outstrip the US-supplied Himars and can be fired deep behind Russian enemy lines
Britain becomes first country to supply Ukraine with long-range missiles (Atlantic Council) Britain has confirmed it is providing Ukraine with long-range missiles. The decision is a major milestone in international efforts to support the Ukrainian fight back against Russia’s ongoing invasion, writes Peter Dickinson.
Ukraine gets British long-range missiles ahead of counteroffensive (Defense News) British Defense Minister Ben Wallace described the move as a “calibrated, proportionate response to Russian’s escalation” in its invasion of Ukraine.
Ukraine’s Hidden Advantage (Foreign Affairs) How European trainers have transformed Kyiv’s army and changed the war.
US Abrams tanks for training Ukrainian forces arrive in Germany ahead of schedule (AP NEWS) U.S. officials say the Abrams tanks needed for training Ukrainian forces have arrived in Germany slightly ahead of schedule, and are on their way to the Grafenwoehr Army base where the training will begin in two to three weeks. Defense Secretary Lloyd Austin tells the Senate Appropriations defense subcommittee that by the time the Ukrainians complete that training, the Abrams tanks currently being built specifically for Ukraine will be ready.
The failure of Russia’s missile war in Ukraine (Defense News) Russia's missile attacks have, in the aggregate, failed to produce the kind of decisive strategic effects Moscow likely expected.
Why Putin Needs Wagner (Foreign Affairs) The hidden power struggle sustaining Russia’s brutal militia.
Putin's fighting power is exhausted in Ukraine – here's why (The Telegraph) Video analysis: As Russian assaults in Ukraine dwindle, Putin's army is making a mockery of three key components of fighting power
Russia’s reverses in Ukraine give China cause for caution, US defense luminaries say (Breaking Defense) Leon Panetta, Michèle Flournoy, and H.R. McMaster agreed Ukraine is showing China how tough a target Taiwan could be, while Bob Gates predicted Xi would not arm Putin and Condi Rice said Beijing is already backing off its worst ‘Wolf Warrior diplomacy.’
Greater clarity is needed in US policy toward Ukraine (Atlantic Council) The US has been instrumental in rallying international support for Ukraine, but the Biden administration still needs to clarify whether it views the Russian invasion as a pivotal moment in world politics, writes Michael F. Oppenheimer.
NATO must codify these lessons from Ukraine while motivation is there (Breaking Defense) NATO experts Ira Straus and Jim Townsend offer a to-do list of lessons learned for alliance leadership - and urge them not to miss this moment of transformation.
Ukrainian historian Serhii Plokhy: ‘This may not be the last chapter of the Russian empire, but it’s an important one’ (the Guardian) The Harvard academic on writing while grieving – and where his country goes from here
IRS gives Ukraine tools to expose Russian oligarchs hiding riches in crypto exchanges (CyberScoop) The agency's crime-fighting unit will provide licenses and training for a Chainalysis platform to track Russian oligarch's assets in Ukraine.
“Shared threats, shared understanding”: U.S., Canada and Latvia conclude defensive Hunt Op (U.S. Cyber Command) “Shared threats, shared understanding”: U.S., Canada and Latvia conclude defensive Hunt Operations
Signals intelligence teams reposition to face China, Russia (Defense News) The mission has shifted dramatically as the United States ratchets up competition in the frequency bands with peer competitors like Russia and China.
US ambassador accuses South Africa of providing weapons, ammo to Russia (AP NEWS) The U.S. ambassador to South Africa has accused the country of providing weapons and ammunition to Russia. Ambassador Reuben Brigety said the U.S. government was certain that military equipment was loaded onto a Russian cargo ship that docked secretly at a naval base near the city of Cape Town for three days in December. He says the weapons were then brought to Russia. South African President Cyril Ramaphosa said an investigation was underway. His office added there was currently "no evidence" the cargo was weapons. But the AP has established that the vessel in question is tied to a Russian company sanctioned by the U.S. for transporting military equipment for the Russian government.
Exclusive: Biden administration hunts for high-value Russians for potential prisoner swap (CNN) The Biden administration is scouring the globe for offers that could entice Russia to release two wrongfully detained Americans, Evan Gershkovich and Paul Whelan, according to three sources familiar with the matter.
Attacks, Threats, and Vulnerabilities
CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability (Cybersecurity and Infrastructure Security Agency CISA) CISA and FBI have released a joint Cybersecurity Advisory (CSA), Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG.
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG (Cybersecurity and Infrastructure Security Agency CISA) The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code remotely without credentials. PaperCut released a patch in March 2023.
CryptNet: Russian ransom gang makes its debut (Cybernews) Another day, another new ransomware gang: the latest bad actor to be spotted on a Russian-speaking corner of the dark web is called CryptNet.
Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns (Dark Reading) New "Greatness" phishing-as-a-service used in attacks targeting manufacturing, healthcare, technology, and other sectors.
Multiple Vendor Camera System Attack (FortiGuard) Active attack attempts targeting vulnerable CCTV Cameras and DVR systems from multiple vendors such as Argus, Axis, MVPower and Vacron.
Researchers Uncovered C2 Infrastructure Used by Banking Malware Ursnif (Cyber Security News) Bridewell's Cyber Threat Intelligence (CTI) team has discovered previously undetected Ursnif infrastructure used in 2023 campaigns, suggesting that the malware operators have not yet utilized this highly elusive infrastructure.
Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi Lockers (SentinelOne) Availability of leaked Babuk source code is fuelling a proliferation of file lockers targeting VMware ESXi.
Ransomware Actors Adopt Leaked Babuk Code to Hit Linux Systems (Decipher) Various threat groups are increasingly using Babuk’s leaked source code to build ESXi lockers, including a never-before-seen Linux version of the Play ransomware.
Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (BleepingComputer) An increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to create Linux encryptors targeting VMware ESXi servers.
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin (Akamai) The Akamai Security Intelligence Group (SIG) has been analyzing attack attempt activity following the announcement of a critical vulnerability in a WordPress custom fields plug-in affecting more than 2 million sites.
Discarded, not destroyed: Old routers reveal corporate secrets (WeLiveSecurity) Secondary market core routers are often not wiped clean and are replete with sensitive, even confidential, data, according to ESET research.
Toyota: Data on more than 2 million vehicles in Japan were at risk in decade-long breach (ABC News) Toyota’s much-touted online service for its drivers had a data breach spanning over a decade, risking outside access to information on more than 2 million vehicles
Attackers threaten to contact Dragos CEO's wife and son in failed extortion attempt (SiliconANGLE) Attackers threaten to contact Dragos CEO's wife and son in failed extortion attempt - SiliconANGLE
Seacom Hit By Cyber Attack, Says No Customer Data Breached (TechFinancials) African telecommunications services and managed services provider Seacom says it has suffered a cyber security incident.
Australia's TechnologyOne says customers face no impact from cyber attack (Reuters) Australia's TechnologyOne Ltd said on Friday its customer-facing software-as-a-service platform was not connected to the internal back-office system that came under cyber attack this week.
Australian software giant won't say if customers affected by hack (TechCrunch) Brisbane-based TechnologyOne asked regulators to halt trading on its stock after confirming that cybercriminals breached its network.
Brightly warns of SchoolDude data breach exposing credentials (BleepingComputer) U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform.
RUMC suffers ransomware attack; unclear if patient info compromised (silive) The hospital said "disruptions have been limited with the exception of overnight trauma and stroke services."
FTC: Those urgent emails from MetaMask and PayPal are phishing scams (WJXT) Most unexpected emails saying to act quickly, click a link, or call a number are phishing scams.
Security Patches, Mitigations, and Software Updates
CISA Releases Fifteen Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released fifteen Industrial Control Systems (ICS) advisories on May 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
How to use the Apple Rapid Security Response updates (Enterprise Desktop | TechTarget) With the release of Apple's Rapid Security Response framework for security OS updates, IT should adjust strategies to accommodate the quicker time frame.
Trends
Power Rankings: 2022 Ransomware Malicious Quadrant (Halcyon) Halcyon Blog Post: The Halcyon team of ransomware experts has put together this RaaS power rankings guide for the ransomware threat landscape based on data from throughout 2022...
2023 Imperva Bad Bot Report | Resource Library (Imperva) Automated business logic attacks are on the rise, driven by bad bots that can evade detection while wreaking havoc and enabling online fraud. Bad bots mimic hum
Bad Bots Now Account For 30% of All Internet Traffic (Infosecurity Magazine) Figure is highest since records began, says Imperva
Bots now make up nearly half of all internet traffic, and that's very bad news for our security (TechRadar) Advanced bots are growing alongside bad bots
Three in Five Businesses Affected by Software Supply Chain Attacks in Last 12 Months (Capterra) Learn why you should be concerned about software supply chain threats and the strategies companies are using to defend against them.
CISOs' confidence in post-pandemic security landscape fades (Help Net Security) Most CISOs have returned to the elevated concerns they experienced early in the pandemic and feel more unprepared then last year.
Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows (MSSP Alert) “Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation.”
Marketplace
Keeper Security wins minority equity investment from Summit Partners (WhaTech) Investment marks the second significant funding round from a leading technology growth equity firm
Akamai Lays Off Nearly 300 Staff to Hit Profitability Goals (Gov Info Security) Akamai will shrink its workforce by 3% as its shifts resources from its shrinking content delivery business to growth areas in cloud computing and security. The
WSJ News Exclusive | NBCUniversal’s Linda Yaccarino Is in Talks to Become Twitter CEO (Wall Street Journal) Yaccarino is chairman of global advertising and partnerships at NBCU. Twitter owner Elon Musk said earlier he had picked a new chief executive without naming the person.
Elon Musk Says He Hired New Twitter CEO (Information) Elon Musk tweeted on Thursday that he had hired a woman as Twitter’s new CEO, the social media company he purchased in October for $44 billion and has led in the months since.
Halcyon Appoints Kris Lamb as Chief Product Officer (Business Wire) Former Early Member of ISS X-Force (now IBM) Brings Unmatched Security Product Knowledge and Experience to Halcyon’s Leadership Team
Products, Services, and Solutions
Azion Obtains PCI DSS v4.0 Cybersecurity Certification (Azion Technologies) With PCI DSS v4.0, Azion is prepared to support the payment card sector in facing the new challenges of today's cybersecurity. Find out how.
Qrypt and Carahsoft Partner to Provide Quantum Secure Encryption to Federal Agencies (Business Wire) Innovative Quantum-Secure Encryption Technology Now Available to Fortify Data Security Across the Government
RKVST launches Instaproof so anyone can decide what data to trust (Business Wire) View instantly verifiable provenance records for any file with a simple drag and drop
Bitdefender Launches App Anomaly Detection for Android Mobile Devices – Industry’s First Real-Time Protection Layer (Bitdefender) New App Anomaly Detection Innovation Monitors, Detects, and Notifies Users of Suspicious Behavior Even Among Trusted Apps that Turn Rogue
Twitter launches encrypted DMs behind a paywall (The Verge) Why pay?
Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp (WIRED) The social network’s new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month.
DigiCert ONE to be made available on Oracle Cloud (ChannelLife New Zealand) DigiCert and Oracle will collaborate on further integration into the OCI ecosystem to help joint customers manage their digital trust initiatives.
Technologies, Techniques, and Standards
NIST Debuts New Cyber Guidance for Contractors Handling Sensitive Data (Nextgov.com) The National Institute of Standards and Technology is accepting comments on the revised document through July 14.
Cybersecurity for Level 0,1 devices is underdeveloped (Control Global) “Challenges in Federal Facility Control System Cyber Security, Including Level 0 and 1 Devices” addresses the problem that cybersecurity for Level 0,1 devices is underdeveloped
Why more transparency around cyber attacks is a good thing for everyone (NCSC) Eleanor Fairford, Deputy Director of Incident Management at the NCSC, and Mihaela Jembei, Director of Regulatory Cyber at the Information Commissioner’s Office (ICO), reflect on why it’s so concerning when cyber attacks go unreported – and look at some of the misconceptions about how organisations respond to them.
UK ‘increasingly concerned’ ransomware victims are keeping incidents secret (Record) British authorities are “increasingly concerned” that ransomware victims in the country are keeping incidents secret, the National Cyber Security Centre (NCSC) said on Thursday.
Focus is integral to safeguarding health data (RSM) Health care continues to prioritize patient data security in an interoperable and growing industry.
Bad data and death: Ian Hill speaks about AI in warfare at the Cybersecurity Festival (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
Design and Innovation
The open-source AI boom is built on Big Tech’s handouts. How long will it last? (MIT Technology Review) Greater access to the code behind generative models is fueling innovation. But if top companies get spooked, they could close up shop.
Research and Development
UNITED STATES : DARPA looks for vulnerabilities in cyber-physical systems (Intelligence Online) The US Department of Defense's latest obsession, cyber-physical systems, contain physical components and cyber elements whose vulnerabilities could impact the physical world. Under its Faithful
Academia
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up (Record) Chattanooga State and Mercer University are the latest U.S. higher education institutions to disclose that hackers had attacked their networks.
NSF Supports New AI Institute for Agent-based Cyber Threat Intelligence and OperatioN (University of Illinois) Earlier in May, the US National Science Foundation announced an investment of $140 million to launch seven new Artificial Intelligence Research Institutes across the country. One of the seven new institutes will be established at the University of California, Santa Barbara, and includes 11 educational institutions – of which the University of Illinois Urbana-Champaign is one.
CMU Hacking Team Defends Title at MITRE Cybersecurity Competition (CMU) For the second year in a row, Carnegie Mellon’s competitive hacking team, the Plaid Parliament of Pwning (PPP), has taken home the top prize at the MITRE Embedded Capture-the-Flag cybersecurity competition.
Legislation, Policy, and Regulation
EU lawmakers' committees agree tougher draft AI rules (Reuters) European lawmakers came a step closer to passing new rules regulating artificial intelligence tools such as ChatGPT, following a crunch vote on Thursday where they agreed tougher draft legislation.
China the Target of New G-7 Push Against ‘Economic Coercion’ (Bloomberg) Joint mechanism set to be announced at Hiroshima summit. Plan papers over differences on tangible actions against China.
Flood of ransom payments continues as officials mull ban (Cybersecurity Dive) The revived debate over the viability of a ransom payment ban comes down to the cost ransomware is causing organizations globally.
Senators eye defense bill for classified intelligence reform (Defense News) The bipartisan group announced two bills on May 10 aimed at improving the U.S. government's approach to classifying information.
Lawmakers tell Biden to act quickly to nominate a national cyber director (Washington Post) First in The Cybersecurity 202: Cyberspace Solarium Commission co-chairs urge Biden to fill key cyber gig
WSJ News Exclusive | NSA Chief Paul Nakasone Has Said He Expects to Step Down in Coming Months (Wall Street Journal) Army Gen. Paul Nakasone, director of the National Security Agency, has told colleagues he expects to step down from the helm of the electronic spy agency and military’s Cyber Command.
Head of NSA, Cyber Command expected to resign (The Hill) Gen. Paul Nakasone, the head of the National Security Agency (NSA) and U.S. Cyber Command, is expected to resign from his positions in the coming months, The Wall Street Journal reported. A source …
The Marines’ next cyber chief is stuck in a pileup of nominations in the Senate (Record) President Joe Biden’s expected pick to helm the U.S. Marine Corps’ digital warfighting branch is caught in a monthslong hold on senior military promotions and nominations in the Senate led by a Republican lawmaker.
Litigation, Investigation, and Law Enforcement
Breach of Mental-Health Records Challenges Nation’s Court System (Wall Street Journal) Hacker, reaching a dead end in extorting clinic in Finland, targeted individual patients.
WSJ News Exclusive | Automation Giant Faces U.S. Government Probe Over China Operations (Wall Street Journal) Investigation focuses on whether its software might allow access to critical U.S. government and industrial infrastructure.
UK's National Crime Agency wins major legal challenge over Encrochat hack (Record) The Investigatory Powers Tribunal ruled the NCA had not failed to obtain the proper warrants to access messages from the hacked platform.
F.B.I. Violations of Rules for Searching Surveillance Data Drop, Audit Finds (New York Times) Recent changes by the Federal Bureau of Investigation appear to have significantly improved compliance with rules limiting when agents may access communications intercepted under the Foreign Intelligence Surveillance Act, according to data from the bureau’s auditing office.
Your Ad Data Is Now Powering Government Surveillance (Bloomberg) A product called Echo, made by the Israel-based Rayzone Group, is using information intended for marketers to help authorities track people through their mobile phones.
Engineer Gets 6 Years After Saying His Theft Made Ubiquiti Safer (Bloomberg) Ubiquiti suffered $4 billion market-cap drop, US says. Nickolas Sharp claimed his crime began as ‘unsanctioned drill’.
Former Ubiquiti dev who extorted the firm gets six years in prison (BleepingComputer) Nickolas Sharp, a former senior developer of Ubiquiti, was sentenced to six years in prison for stealing company data, attempting to extort his employer, and aiding the publication of misleading news articles that severely impacted the firm's market capitalization.
A Republican-Led Lawsuit Threatens Critical US Cyber Protections (WIRED) Three states are suing to block security rules for water facilities. If they win, it may open the floodgates for challenges to other cyber rules.
Mike Lynch extradited to US to face fraud charges (Computing) Entrepreneur finally loses his battle to be tried in the UK
Crypto Scammer Arrested Again in Florida on Fraud, Gun Charges (Bloomberg) Nicholas Truglia had been released from prison late last year
25-year-old admitted role in a prior theft of $1 million
