Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+453: Fighting in Bakhmut and Belgorod. (CyberWire) A raid into Russia tentatively attributed to anti-Putin Russian partisans seems, for now, to be more propaganda of the deed as opposed to the beginning of a general offensive.
Ukraine live briefing: Battles rage on Bakhmut outskirts; Russia opens Belogrod investigation (Washington Post) Ukrainian officials say troops are still battling around Bakhmut, after Russia claimed to have seized the eastern city that has been a focal point of the war for months. Ukraine’s armed forces and its deputy defense minister, Hanna Maliar, said fighting continues to rage on the embattled city’s outskirts.
Russia-Ukraine war live: Moscow claims to have pushed back fighters it says launched attack inside Russian borders (the Guardian) Unverified claim follows statement saying Kremlin opening terrorism investigation amid fighting in Belgorod region
Pro-Ukrainian fighters launch cross-border tank raid to ‘capture’ Russian villages (The Telegraph) Raid was carried out by anti-Kremlin fighters from the so-called Russian Freedom Legion and Russian Volunteer Corps
Anti-Putin militia claims to have overrun village in Russia border region of Belgorod (the Guardian) Self-described partisans the Freedom of Russia Legion say they launched cross-border raid from Ukraine
Belgorod residents told not to return to homes after drone strikes (the Guardian) People from Russian district on Ukrainian border moved to temporary housing after raid by anti-Putin militias
Belgorod: the Russian region being dragged into Putin’s war on Ukraine (the Guardian) On the border with Ukraine, Belgorod has been plagued by unclaimed attacks, explosions and Russian friendly fire since the outbreak of the conflict
Holding the line, ahead of Ukraine’s counteroffensive (Military Times) The Ukrainians used Moscow's fixation on Bakhmut to exhaust Russian troops and ammunition, buying time for their own counteroffensive.
Wagner Chief Prigozhin Says His Troops Will Leave Ukraine's Bakhmut By June 1 (RadioFreeEurope/RadioLiberty) Yevgeny Prigozhin, the chief of Russia's Wagner private mercenary group, says his troops will leave the eastern Ukrainian city of Bakhmut between May 25 and June 1.
The story of the battle for Bakhmut through the eyes of those who fought it (The Telegraph) Little is left of the Ukrainian city where Russians sent more and more troops to their deaths for small gains
Wagner’s psychotic tactics give Putin the edge (The Telegraph) Bakhmut will have come at an immense cost in Russian lives – but that is a price Moscow is willing to pay
U.S. Says Russia's Wagner Group Is Seeking To Transit Military Equipment Through Mali (RadioFreeEurope/RadioLiberty) The U.S. State Department said on May 22 that the Russian mercenary group Wagner is trying to obscure its efforts to buy military equipment from foreign nations for use in Ukraine.
Zelenskyy gives master class in diplomacy at G-7 (Nikkei Asia) From India to France to Japan, Ukrainian leader woos key players in 30 hours
Russia PM visits China with U.S.-sanctioned delegation (Nikkei Asia) Mishustin to meet Xi as trade grows between two nations targeted by West
How Biden got to yes on F-16s and Ukraine (POLITICO) The decision followed a flurry of activity in the weeks leading up to the G-7 meeting.
The F-16 takeoff to Ukraine will take time (POLITICO) While allies have agreed to train Kyiv’s pilots, no country is ready to actually donate jets — for now.
F-16s key step for Ukraine, but won’t be ‘game-changer,’ SECAF says (Air Force Times) “Ukraine [will] remain an independent nation,” SECAF Kendall said. "It’s time to start thinking longer-term about what [its] military might look like."
Ukraine’s new F-16 fighter jets will strike fear into Putin’s pilots (The Telegraph) The supersonic fighter code-named "Viper" far outclasses the Russian jets
Massive Cyberattack Warns Ukrainians: ‘Be Afraid and Expect the Worst’ (The Daily Beast) Government websites were pulled down and replaced with a threatening message written in Russian.
Russia won't give up Medibank hackers (Information Age) Refuses to cooperate with Australian police.
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (The Hacker News) New revelations about the Bad Magic hacker group uncover a longer history than expected. Kaspersky's latest report connects them to CloudWizard.
Security experts weigh in on Snake malware operation (Security Magazine) Security industry leaders share thoughts on the takedown of sophisticated Snake malware & discuss what organizations can learn and apply to cybersecurity moving forward.
Cyber Warfare Lessons From the Russia-Ukraine Conflict (Dark Reading) Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.
The cyber gulag: How Russia tracks, censors and controls its citizens (AP NEWS) It's becoming increasingly difficult for Russians to escape government scrutiny. Authorities monitor social media accounts, prosecuting critics of President Vladimir Putin or the war in Ukraine. Surveillance cameras with facial recognition systems allow police to swiftly detain activists and draft dodgers. Even a once-praised online government service platform is seen as a tool of control, with plans to serve military summonses through it — rendering useless a popular draft evasion tactic of avoiding being handed the paperwork in person. Activists say Putin’s government has managed to harness digital technology to surveil, censor and control Russians — new territory in a nation with a long history of spying on its citizens.
Russian Soldier Who Quit Military Following Ukraine Deployment Gets Three Years Behind Bars (RadioFreeEurope/RadioLiberty) A Russian contract soldier who resigned from the military after serving one month in Ukraine has been sentenced to three years in prison following an appeal.
Siberian Actors Demand Removal Of 'Illegal' Pro-War Banner From Theater (RadioFreeEurope/RadioLiberty) Actors in the Siberian city of Irkutsk have asked authorities to remove a large banner with the letter "Z" -- a sign of support for Russia's war against Ukraine -- from the theater's facade, after the banner was pelted with rotten eggs and a green liquid known as "zelyonka."
Married Putin Stooge Accused of Hiding Kids With Secret American Lover (The Daily Beast) A bombshell investigation has tied Moscow’s most prominent mouthpiece to a second family of U.S. citizens.
Attacks, Threats, and Vulnerabilities
Android app breaking bad: From legitimate screen recording to file exfiltration within a year (WeLiveSecurity) ESET research uncovers AhRat, a new Android RAT based on AhMyth that steals files and records audio and was distributed via an app in the Google Play Store.
SuperMailer Abuse Explodes - 14% of All Credential Phish Discovered (Cofense) Learn how SuperMailer abuse is being used to launch high-volume credential phishing campaigns. Find out what tactics they are using and how we can help stop it.
BlackCat Ransomware Deploys New Signed Kernel Driver (Trend Micro) In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase.
Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor (Permiso) Permiso’s p0 Labs has been tracking a threat actor for the last 18 months. In this article we will describe the attack lifecycle and detection opportunities for the cloud-focused, financially motivated threat actor we have dubbed as p0-LUCR-1, aka GUI-vil (Goo-ee-vil).
Deep dive into ColdIntro and discovering ColdInvite (JAMF) The novel iOS vulnerability that exploits the co-processor to compromise your iPhone's kernel
GitHub - vdohney/keepass-password-dumper: Original PoC for CVE-2023-32784 (GitHub) Original PoC for CVE-2023-32784. Contribute to vdohney/keepass-password-dumper development by creating an account on GitHub.
The FBI Warns of False Job Advertisements Linked to Labor Trafficking at Scam Compounds (US Federal Bureau of Investigation) The FBI warns US citizens and individuals who travel or live abroad of the risk of false job advertisements linked to labor trafficking at Southeast Asia-based scam compounds where victims are held against their will, intimidated, and forced to commit international cryptocurrency investment fraud schemes.
FBI warns about fake job ads from cyber traffickers (Record) Be wary of job advertisements that are intended to trap workers into operations that run "pig butchering" schemes and other fraud from within Southeast Asia, the FBI says.
Don't @ Me: URL Obfuscation Through Schema Abuse | Mandiant (Mandiant) Attackers are distributing malware using a technique that abuses the URL schema.
Sanctioned Crypto Mixer Tornado Cash Hijacked by Hackers (Bloomberg) Malicious governance proposal was used to take over protocol. Service’s native token TORN tumbled in wake of the incident.
Generative AI is the New Attack Vector for Platforms, According to ActiveFence Threat Intelligence (PR Newswire) ActiveFence, whose mission is to protect online platforms and their users from malicious behavior and harmful content, today released the...
German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack (Record) Rheinmetall confirmed on Monday that the Black Basta ransomware group was behind a cyberattack it detected last month.
Cochin Shipyard Website Targeted in Suspected Cyber Attack (The Cyber Express) Cochin Shipyard Limited (CSL), India’s largest shipbuilding and maintenance facility, has allegedly fallen victim to a cyber attack. While the
Nearly 300,000 people affected by data breach in DISH ransomware attack (Record) A February ransomware attack against satellite broadcast giant DISH leaked the personal information of nearly 300,000 people, according to regulatory filings made by the company last week.
Hitachi Energy Posts Notice of Employee Data Breach Following Fortra “GoAnywhere” Exploitation (JD Supra) On March 17, 2023, Hitachi Energy (“Hitachi”) posted a notice on the company’s website confirming that confidential employee information was leaked...
Zivame data breach: Personal info of thousands of Indian women customers up for sale online (India Today) India’s popular intimate wear platform for women, Zivame has landed in a soup after the data of thousands of its women customers were put up for sale online.
Mazars Group allegedly breached by BlackCat cybercrooks (Cybernews) Mazars Group, an international audit, accounting, and consulting firm, was posted on the ALPHV/BlackCat ransomware dark web blog, which criminals use to showcase their latest victims.
Gentex Corporation Confirms Recent Ransomware Attack, Raising Questions Over Possible Data Breach (JD Supra) In May 2023, Gentex Corporation confirmed various reports that the company was the recent victim of a ransomware attack carried out by the Dunghill...
Data Breach at Debt Collection Agency Impacts Multiple Healthcare Providers (Health IT Security) At least 13 healthcare organizations were impacted by a data breach that stemmed from a cyberattack on debt collection agency Credit Control Corporation.
‘Man-in-the-middle’ cyber attack: Fraudsters dupe top construction tech firm in Pune of over Rs 13 lakh (The Indian Express) The police explained that such 'man-in-the-middle' cyber attacks start with the hacking of email accounts of either of the parties involved in a business transaction
Cyber Attack on San Diego USD Involved Student Medical Data (GovTech) San Diego Unified School District recently confirmed that a data breach in October 2022 compromised student names and medical information, and the district is working to notify those affected as it identifies them.
6 million stolen cards analyzed: Risks and trends (NordVPN) What is the likelihood of credit card theft? What are the risks? NordVPN researchers analyzed six million stolen cards on the dark web to evaluate the risks.
CISA Adds Three Known Exploited Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-32409 Apple Multiple Products WebKit Sandbox Escape Vulnerability
CVE-2023-28204 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
CVE-2023-32373 Apple Multiple Products WebKit Use-After-Free Vulnerability
Security Patches, Mitigations, and Software Updates
Samsung Patches Memory Address Randomization Bypass Flaw (Bank Info Security) Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates. The
APIs are Top Cybersecurity Priority for Most Organizations, Yet 40% Do Not Have an API Security Solution (PR Newswire) New research conducted at RSA Conference 2023 by Traceable AI found that while API security remains a top cybersecurity concern this year,...
State of API Security - RSA Conference 2023 (Traceable API Security) New research conducted at RSA Conference 2023 by Traceable on the state of API Security.
Share of ad trackers in web traffic across the world: A 2023 report (AdGuard Blog) It seems like ads are everywhere, but is it really so? Find out in our new report how the share of ads and trackers varies around the world, how much traffic they eat up on average, and what the situation is like in your country.
NetSPI Unveils 2023 Offensive Security Vision Report, Shines Light on the Need for Improved Vulnerability Prioritization (PR Newswire) NetSPI, the global leader in offensive security, today announced the findings from its inaugural 2023 Offensive Security Vision Report,...
Offensive Security Vision Report 2023 | NetSPI (NetSPI) NetSPI’s Offensive Security Vision Report analyzes 300,000+ pentest engagements to prioritize the most important attack surfaces and vulnerabilities.
New Veeam Research Finds 93% of Cyber Attacks Target Backup Storage to Force Ransom Payment (Business Wire) Veeam unveils the results of its 2023 Ransomware Trends Report at VeeamON 2023, showing cyber insurance is becoming too expensive and 21% of organizations unable to recover their data after paying the ransom
authID INC. Announces Pricing of Approximately $7.1 Million Registered Direct Offering and Concurrent Private Placement and Approximately $7.1 Million Notes Exchange (GlobeNewswire News Room) authID Inc. (NASDAQ: AUID) (“authID” or the “Company”), a leading provider of secure identity authentication...
Cybersecurity firms' earnings set to benefit from growing threat of hacks (Reuters) Top U.S. cybersecurity companies are expected to report another quarter of strong growth as high-profile hacks and a shift in client preference for bigger players with better integrated offerings help support their businesses in a turbulent economy.
Security Chiefs Trim the Fat as Budgets Bite (Wall Street Journal) Cyber teams are looking to do more with less in an uncertain economy.
FBI and CIA combat cyber talent shortage with new hiring methods (FCW) Officials at the intelligence and law enforcement agencies say they’re facing the national cyber talent shortage head-on, from implementing a new approach to hiring top cyber talent to new training programs and incentives.
Jon Bates Promoted to Chief Executive Officer at Avalon (Avalon) Avalon, which offers technology-based services like digital forensics, cybersecurity and eDiscovery as well as document services, announced today that former chief operating officer Jon Bates has been promoted to chief executive officer.
Drata Broadens Leadership Team with New Chief Information Security Officer and Chief Customer Officer (PR Newswire) Drata, a continuous security and compliance automation platform, today announced Matt Hillary as VP, Security & Chief Information Security...
SynSaber Welcomes Industry Leader Martin Roesch to Board of Directors (SynSaber | Industrial Cybersecurity) Martin Roesch, Snort creator, Sourcefire founder, and Netography CEO, has joined the SynSaber Board of Directors.
Products, Services, and Solutions
UiPath and Peraton Announce Partnership to Expand Cloud-based Automation in U.S. Intelligence, Defense, and Federal Civilian Sectors (Business Wire) Today, UiPath (NYSE: PATH), a leading enterprise automation software company, announced its partnership with Peraton, a leading mission capability integrator and transformative enterprise IT provider, to deliver the UiPath Business Automation Platform as a cloud-based managed service to high-security environments within U.S. intelligence, defense, and civilian agencies.
Swimlane Expands Security Automation Business into Japan (Business Wire) Over 300% customer growth fuels significant investment within the region; Opens Tokyo office
Radware’s New Web DDoS Protection Blocks Tsunami-Size Web DDoS Attacks Without Interrupting Legitimate Traffic (GlobeNewswire News Room) Delivers unmatched mitigation of randomized, high-volume attacks that evade standard protection ...
WithSecure launches Cloud Security Posture Management (Cision) WithSecure Elements adds new capabilities to help organizations identify insecure configurations in
KnowBe4 Helps Organizations Battle QR Code Phishing Attacks With New Tool (Yahoo Finance) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced the launch of its new QR Code Phishing Security Test (QR Code PST) tool. The no-charge tool assists organizations in identifying users that are most susceptible to scanning malicious QR codes.
Rocket Business Solutions Partners with Zerify to Enhance Cybersecurity Offerings (GlobeNewswire News Room) Zerify Inc., (OTC PINK: ZRFY), the 22-year-old cybersecurity company focused on Secure Video Conferencing...
NTT, Cisco launch IOT as a service for enterprise customers (ITWeb) The companies will collaborate to develop and deploy joint solutions that empower organisations to improve operational efficiencies and advance sustainability goals.
Product agent release: NordLayer Browser Extension (Nord Layer) NordLayer's announcement for a lightweight and seamless network security function delivered by NordLayer Browser Extension.
Thales Builds Europe’s Largest Cyber Threat Intelligence Service with ThreatQuotient (Business Wire) ThreatQ Platform and ThreatQ Investigations allow Thales to pioneer market-leading personalized threat intelligence services
Teleport Launches New, More Affordable Offering for DevOps Teams to Manage User and Machine Privileges in Cloud Environments (PR Newswire) Teleport, the leading provider of identity-native infrastructure access management, today announced Teleport 13, the latest version of its...
Appdome Launches Build-to-Test, New Automated Testing Option for Protected Mobile Apps (PR Newswire) Appdome, the mobile app economy's one and only Cyber Defense Automation platform, today announced Build-to-Test which enables mobile developers...
CyberArk Introduces First Identity Security-Based Enterprise Browser (Business Wire) Organizations Gain an Easy-to-Adopt Browser for Employees and Third Parties That Powers Security, Privacy and Productivity
Delinea's Latest Release Reduces the Risk of Lateral Movement in Cybersecurity Breaches (PR Newswire) Delinea, a leading provider of solutions that seamlessly extend Privileged Access Management (PAM), today announced the latest version of Cloud...
Checkmarx Named a Leader for Sixth Consecutive Year in the 2023 Gartner® Magic Quadrant™ for Application Security Testing (PR Newswire) Checkmarx, the global leader in application security solutions, today announced that it has been positioned by Gartner as a Leader in its Magic...
Flughafen Zürich AG moves from Omada's on-prem solution to Omada Identity Cloud (PR Newswire) Omada A/S ("Omada"), a global leader of Identity Governance and Administration (IGA), today announced that longtime customer, Flughafen Zürich...
Vaultree Sets a New Benchmark in Healthcare Cybersecurity with Industry-First, Fully Functional Data-In-Use Encryption Solution (Business Wire) Vaultree, the trailblazer in cybersecurity, today announces a major leap forward in healthcare data protection, bringing its industry-first Fully Functional Data-In-Use Encryption solution to the sector.
Technologies, Techniques, and Standards
NIST Launches Cybersecurity Initiative for Small Businesses (Security Intelligence) To help small businesses face the growing cyber threat, NIST recently launched its Small Business Cybersecurity Community of Interest (COI).
Mapping out our Destination: Responsible Innovation via the NIST Identity Roadmap (NIST) RSA Conference week is always a whirlwind. NIST was there front and center last month, and we learned a lot, shared a lot, and made a big announcement during the festivities…
The Metaverse and Homeland Security (RAND) This Perspective provides an initial review of the metaverse concept and its relevance to the U.S. Department of Homeland Security. The authors map department objectives to key metaverse characteristics and identify areas for proactive efforts.
Design and Innovation
Amazon's palm-scanning payment tech will now be able to verify ages, too (TechCrunch) Customers using Amazon One devices will be able to buy adult beverages -- think beers at a sports event -- just by hovering their palm over the device.
IBM to Grant $5 Million In-Kind for Schools to Boost Cybersecurity, Together with Enhanced Skilling on AI (IBM Newsroom) In response to the growing threat of ransomware attacks against schools around the world, IBM announced it will provide in-kind grants valued at $5 million to help address cybersecurity resiliency in schools.
Legislation, Policy, and Regulation
G7 nations admit they're nowhere on AI regulation (Register) Now they want to catch up, prevent crooks, protect IP ... real soon now … after more talking
Lawmakers, experts fear key cyber vacancy leaves US vulnerable to attacks (The Hill) Lawmakers and security experts are growing concerned over the Biden administration’s delay to nominate a permanent leader for a high-level cyber position amid a rise in cyberattacks. Pr…
Lawmakers Want DHS to Assess National Security Risks of Doxing (Nextgov.com) Proposed legislation would require the Department of Homeland Security to “evaluate risks posed to national security and civilian privacy” by the online release of individuals’ personal information.
Energy Department officials eye 2027 date to stand-up cyber intelligence center (FCW) Officials from the department's Office of Cybersecurity, Energy Security and Emergency Response told House members Tuesday that work within the threat-sharing pilot program has already shown progress and could use more resources from Congress.
DOE pilots information-sharing effort with private industry to bolster energy sector cybersecurity (Utility Dive) Officials from the Department of Health and Human Services, Environmental Protection Agency and Department of Energy testified how sector agencies are responding to rising threats.
Senators issued satellite phones, offered demonstrations on upgraded security devices (CBS News) Senate Sergeant at Arms Karen Gibson said the phones are a security backstop in case of an emergency that "takes out communications" in part of the country.
Litigation, Investigation, and Law Enforcement
Europe’s Meta Ruling Tangles Web (The Information) If you’re prone to narcolepsy, don’t try reading the European Data Protection Commission report on Meta Platforms’ data transfers, which led to today’s $1.3 billion fine of the Facebook owner. The report is so dry it makes the Sahara look like a rainforest. That’s a pity because it’s dealing ...
Briefing: TikTok, Citing First Amendment, Sues Montana Over Impending Ban (The Information) TikTok is suing the state of Montana after its governor signed a law that would ban the app in the state.
The law, set to take effect on January 1, 2024, seeks to ban TikTok from being accessed or downloaded within Montana’s borders and would levy fines of up to $10,000 per violation per day against TikTok and app stores like Google and Apple. In its suit filed in U.S. District Court,
German prosecutors charge four over violating trade act to sell spyware to Turkey (Washington Post) German authorities have filed charges against four suspects from a Bavarian company accused of selling surveillance software to Turkey that could be used to spy on Turkish dissidents, prosecutors said Monday.
Israel torpedoed Morocco spyware deal - and NSO competitor QuaDream shut down (Haaretz) Quadream offered zero-click infections for iPhone. Leaked code reveals their spyware may have abused WhatsApp. Firm also developed “terrifying” new spyware.
He Was Investigating Mexico’s Military. Then the Spying Began. (New York Times) While looking into abuses by the armed forces, the country’s top human rights official was targeted with Pegasus, the world’s most notorious spyware, The Times found.
Uncle Sam tries to wrangle 'money mules' (Register) Tech support scammer among those targeted by recent crackdowns
Nigerian Police Cyber Crime Centre Partners South Australian Police to Arrest Suspeced Serial Fraudster (National Insight News) Operatives of the Nigeria Police Force - National Cybercrime Center (NPF-NCCC) have successfully apprehended one Ogenevowero Emefeke, a 37-year-old resident
iSpoof: 13-year jail term for UK fraud website operator (Computing) A judge has handed a 13-year and four month sentence to a UK criminal for operating the multi-million fraud website iSpoof.