Dateline Moscow, Kyiv, Berlin, the Hague, London, and Washington: Russia’s war of attrition.

Ukraine at D+113: More attrition, and an interesting espionage attempt. (The CyberWire) Russia continues to expend troops and matériel in the Donbas, and Ukraine considers a more extensive counteroffensive along the South Coast. New British sanctions address war crimes and crimes against peace. Belarusian and Ukrainian hacktivists form a de facto alliance. Dutch counterintelligence authorities stop a GRU illegal from taking an internship with the International Criminal Court.

Russia-Ukraine war: List of key events, day 114 (Al Jazeera) As the Russia-Ukraine war enters its 114th day, we take a look at the main developments.

On the edge of embattled twin cities, an uncovered mass grave for civilians grows. (New York Times) As Russia solidifies control in Sievierodonetsk and shifts its focus to neighboring Lysychansk, civilian casualties there continue to mount.

NATO Needs to Move Protection of Civilians to Center Stage (Defense One) The Ukraine war shows why the alliance’s upcoming summit cannot give short shrift to the topic of human security.

NATO ministers discuss boosting eastern front forces (Defense News) NATO defense ministers are discussing ways to bolster forces and deterrence along the military alliance’s eastern borders to dissuade Russia from planning further aggression.

We’ll use Western weapons to destroy bridge linking Russia to Crimea, threatens Ukraine general (The Telegraph) Crossing has been crucial for Moscow to send reinforcements, but Western officials fear an assault on it could led to wider conflict

Ukraine Still Wants Heavy Metal (Foreign Policy) Kyiv remains frustrated with Western arms deliveries, despite a surge of support.

Politics latest news: Boris Johnson makes surprise visit to Kyiv (The Telegraph) Boris Johnson has met with Volodymyr Zelensky as he makes a surprise visit to Kyiv the day after European Union leaders including Emmanuel Macron and Olaf Scholz.

What Ukraine Needs: More Arms, Sanctions, and Money, Ambassador Says (Defense One) The war-ravaged economy is providing the Kyiv government far less than the $5B per month it needs, Oksana Markarova said.

How Ukraine Will Win (Foreign Affairs) Ukraine’s minister of foreign affairs explains Kyiv’s theory of victory.

Russia Widens Attack On Food With Bombing Of Train Bound For José Andrés’ World Central Kitchen (Forbes) A Russian missile hit a train near Donetsk, Ukraine, on Wednesday that was transporting 34 pallets of food to be distributed by World Central Kitchen, chef José Andrés’ aid organization.

Mixed results for Russia’s aggressive Ukraine information war, experts say (CyberScoop) Russia want to control the internet in occupied Ukraine to feed the population disinformation — and to prevent Ukrainians from sharing video of Russian troops with Ukrainian soldiers, one expert said.

A Ragtag Band of Hackers Is Waging Cyberwar on Putin’s Supply Lines (Bloomberg) In Belarus, forces opposed to President Alexander Lukashenko have been derailing Russia’s war against Ukraine.

Russia has ‘strategically lost’ war, says UK defence chief, as Lavrov says Moscow unashamed (the Guardian) ‘Russia is not squeaky clean. Russia is what it is’ – Kremlin foreign minister’s response to UN report claiming atrocities in Ukraine

UK sanctions Russian linked to forced transfers and adoptions (GOV.UK) The UK announced a new wave of sanctions, including on the Russian Chidren’s Rights Commissioner involved in the barbaric treatment of children in Ukraine.

AIVD disrupts activities of Russian intelligence officer targeting the International Criminal Court (AIVD) The AIVD prevented a Russian intelligence officer from gaining access as an intern to the International Criminal Court (ICC) in The Hague. The person in question works for the Russian Military Intelligence Service GRU, but he used a Brazilian cover identity to travel from Brazil to the Netherlands. 

Russian spy caught trying to infiltrate war crimes court, says Netherlands (the Guardian) Sergey Vladimirovich Cherkasov spent years building up fake ID and wanted to take up internship at ICC, says Dutch intelligence

Russian spy tried to penetrate war crimes court, say Dutch (France 24) The Netherlands said Thursday it had stopped a Russian spy posing as a Brazilian intern from infiltrating the International Criminal Court, which is investigating war crimes in Ukraine.

Alleged Russian spy studied at Johns Hopkins, won ICC internship (Washington Post) Dutch authorities made a surprise announcement Thursday that they had refused entry to a Russian spy posing as a Brazilian national to infiltrate the International Criminal Court. Authorities speculated that the man was seeking to gain access to information relating to the ICC investigations of alleged Russian war crimes.

Ben Wallace: West must stop Ukraine having ‘gun put to its head’ in peace talks (The Telegraph) Defence Secretary gives warning to other Nato defence ministers amid fears that France and Germany want Ukraine to cede territory to Moscow

UK ‘very concerned’ about Navalny and urges Russia to release Putin critic (The Independent) Navalny, an outspoken critic of Putin, was this week abruptly transferred to a notorious maximum security prison

Sullivan suggests yet more MLRS for Ukraine, but only after training (Breaking Defense) “We think that over time through close consultations with the Ukrainians, at both the professional and the political level, we’ll come to a good understanding about how many of these HIMARS we end up giving,” Jake Sullivan, Biden’s national security advisor, told CNAS.

Ukraine to get thousands of secure radios in latest US package (Defense News) The radios will be sourced using Ukraine Security Assistance Initiative funds and will not be siphoned from existing U.S. stockpiles.

Why Olaf Scholz can’t deliver on his promises to Ukraine, and how it’s giving Germany a credibility issue (The Telegraph) More than three months since the war began, Germany has delivered no heavy weapons to Kyiv and even supplies of light weapons are drying up

Germany’s New Resolve on Russia Is Already Flagging (Foreign Policy) Berlin—along with Paris—may yet help Moscow snatch victory from the jaws of defeat.

Russia refuses to answer if nuclear war could start over Ukraine (Newsweek) “The media should be professional enough not to ask such questions,” Kremlin spokesman Dmitry Peskov told RIA Novosti.

If Putin goes nuclear, Biden has a stark menu of options (NBC News) Russian military doctrine allows battlefield use of nuclear weapons, and the Biden administration has discussed possible responses.

The Dangers of “Peace at Any Cost” (Wilson Center) Russia’s invasion of Ukraine has turned out to be a considerably more protracted and bloody endeavor than many had expected at the start. Three months in, no end to the conflict is in sight, and observers increasingly expect the war to last for many more months in 2022 and even into 2023.

Turkey, China See Opportunity In Central Asia After Moscow’s Ukraine Invasion (RadioFreeEurope/RadioLiberty) Beijing and Ankara have expanded their engagement in Central Asia in recent months as the region’s governments look for new partners to boost their economies and balance against a more assertive Kremlin.

Turkey’s Goals in the Russia-Ukraine War (Wilson Center) Of the many countries struggling to find a proper approach to the Russia-Ukraine war, Turkey seems to have landed on the most controversial yet comfortable one.

Why Russia keeps extending Brittney Griner’s pre-trial detention (Yahoo) Expect Russia to continually extend Brittney Griner’s detention in order to ratchet up pressure on the Biden administration to accept a deal that the Kremlin wants.

How war in Ukraine is informing future US Air Force networks (C4ISRNet) “If I were to summarize a lesson learned, it would be we can’t have enough coalition connectivity fast enough.”

Volga-Dnepr boss sanctioned for Moscow deal signed ‘on Putin’s instructions’ (The Loadstar) The UK government’s decision to put sanctions on Alexei Isaikin, president and founder of Volga-Dnepr, was likely triggered by a deal signed with the mayor of Moscow in April to restore freight routes and import and export trades. The deal, under “the president [Putin]’s instructions”, according to Russian media, was for Rb9.5bn ($167m), and was expected to see Volga-Dnepr Group carry some 20,000 tonnes of freight of “critical importance” by the …

Attacks, Threats, and Vulnerabilities

Sophisticated Android Spyware ‘Hermit’ Used by Governments (SecurityWeek) Security researchers at Lookout have analyzed a sophisticated Android spyware family that appears to have been created to serve nation-state customers.

Lookout Uncovers Android Spyware Deployed in Kazakhstan (Lookout) Lookout Threat Lab researchers have uncovered enterprise-grade Android surveillanceware used by the government of Kazakhstan within its borders. Based on our analysis, the spyware is likely developed by Italian spyware vendor RCS Lab S.p.A.

‘MaliBot’ Android Malware Steals Financial, Personal Information (SecurityWeek) Disguised as a cryptocurrency miner, Malibot focuses on stealing financial information, cryptocurrency wallets, and personally identifiable information (PII).

F5 Labs Investigates MaliBot (F5 Labs) We found a novel malware strain that is targeting financial sites in Italy and Spain… so far.

Volexity Blames ‘DriftingCloud’ APT For Sophos Firewall Zero-Day (SecurityWeek) Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors and launch man-in-the-middle attacks.

Sophos Firewall zero-day bug exploited weeks before fix (BleepingComputer) Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim.

High-Severity RCE Vulnerability Reported in Popular Fastjson Library (The Hacker News) Researchers detail a recently reported high-severity vulnerability in Fastjson library that could potentially be exploited for remote code execution.

This Linux botnet has found a novel way of spreading to new devices (ZDNet) Panchan malware is spreading across networks via Linux servers to mine cryptocurrency.

Security firm warns of ransomware attacks targeting Microsoft cloud ‘versioning’ feature (The Record by Recorded Future) Researchers said they have found a way ransomware groups can encrypt files stored on Microsoft’s SharePoint and OneDrive that would make them “unrecoverable without dedicated backups or a decryption key.”

Cyberangriff: Hacker erbeuten E-Mails der Grünenspitze (Spiegel) Bei ihrem Cyberangriff auf die Grünen haben sich Hacker nach SPIEGEL-Informationen Zugang zu den Mailkonten der Vorsitzenden Omid Nouripour und Ricarda Lang verschafft. Die forensische Auswertung der Ermittler läuft noch.

Germany’s hawkish Greens report computer system hack | Law-Order (Devdiscourse) “We have informed security authorities, the data protection officer and have made a police report.” There have been a number of high-profile hacking attacks on German government and political institutions in recent years, including a hack of the systems of the German Bundestag, or parliament, in 2015, when then-Chancellor Angela Merkel’s own account was breached.

The Phish Goes On (Pixm Anti-Phishing) Free Web tutorials

Unsecured Elasticsearch server leaks a million records (Register) POS and online ordering vendor StoreHub offered free Asian info takeaways

90 Degree Benefits Wisconsin Confirms Recent Data Breach Leaked Consumers’ Personal Data (JD Supra) Recently, 90 Degree Benefits Wisconsin reported a data breach following a data security incident involving the company’s IT systems. According to the…

Confidential Record Leak Leaves CalBar, Lawyers, Clients Exposed (Bloomberg Law) California’s state bar association, which is responsible for licensing and regulating more than 250,000 lawyers in the most populous US state, is itself under scrutiny for a data leak that allowed confidential client complaint and attorney disciplinary record data to be captured by a free court records website.

Facebook Is Receiving Sensitive Medical Information from Hospital Websites (The Markup) Experts say some hospitals’ use of an ad tracking tool may violate a federal law protecting health information

Rapid7 report examines use of double extortion ransomware attacks (SecurityBrief Australia) New insight into how attackers think when carrying out cyber attacks, along with further analysis of the disclosure layer of double extortion ransomware attacks, has come to light.

What data will get leaked? It depends on the ransomware group (SC Magazine) What type of data and how much is divulged depends on which ransomware group is holding the information hostage, according to a new study by Rapid7.

Security Patches, Mitigations, and Software Updates

Microsoft Dismisses False Reports About End of Patch Tuesday (SecurityWeek) Microsoft has dismissed reports about June 14 being the last Patch Tuesday, clarifying that the rollout of the Windows Autopatch service seems to be causing some confusion.

Cisco Releases Security Updates for Multiple Products (CISA) Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

CISA releases 35 Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency) ICS-CERT released the following 35 advisories today, June 16, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.

Siemens Apache HTTP Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Apache HTTP Server Vulnerabilities: NULL Pointer Dereference, Out-of-bounds Write, Server-side Request Forgery (SSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access or modify resources, crash the device, or achieve code execution.

Siemens SINEMA Remote Connect Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Improperly Implemented Security Check for Standard 2. RISK EVALUATION The affected application is missing general HTTP security headers in the web servers configured on both Port 443 and Port 6220.

Siemens SICAM GridEdge (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM GridEdge Essential ARM Vulnerabilities: Missing Authentication for Critical Function, Resource Leak 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker access to critical API functions, cross-origin resource sharing, and credentials.

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403 Vulnerabilities: Multiple 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause crashes and unrestricted file access, impacting the product’s confidentiality, integrity, and availability.

Siemens SCALANCE XM-400 and XR-500 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SCALANCE XM-400 and XR-500 Vulnerability: Improper Validation of Integrity Check Value 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause interruptions in the network.

Siemens Xpedition Designer (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Xpedition Designer Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Siemens Spectrum Power Systems (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Spectrum Power Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative privileges by using an account with default credentials.

Siemens Teamcenter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution with elevated permissions.

Siemens OpenSSL Affected Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Multiple industrial products Vulnerability: Infinite Loop 2. RISK EVALUATION Successful exploitation of this vulnerability could create a denial-of-service condition in the affected products.

Siemens Teamcenter Active Workspace (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Active Workspace Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for malicious code execution.

Siemens SCALANCE LPE 4903 and SINUMERIK Edge (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SCALANCE LPE 4903 and SINUMERIK Edge Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unprivileged local user to escalate privileges and gain administrative rights.

Siemens SINEMA Remote Connect Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Multiple 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges, disclose information, or allow code execution.

Siemens SIMATIC WinCC (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC PCS, WinCC Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow authenticated attackers to escape the kiosk mode.

Siemens Desigo PXC and DXR Devices (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: PXC and DXR Devices
Vulnerabilities: Special Element Injection, Uncontrolled Resource Consumption, Use of Password Hash with Insufficient Computational Effort, Insufficient Session Expiration, Observable Discrepancy, Improper Restriction of Excessive Authentication Attempts, Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute, Uncaught Exception

Siemens Industrial Devices using libcurl (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Industrial devices using libcurl Vulnerabilities: Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash and allow an attacker to interfere with the affected products in various ways.

Siemens Teamcenter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Teamcenter Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities may lead the binary to crash or allow an attacker to view files on the application server filesystem.

Siemens PROFINET Stack Integrated on Interniche Stack (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PROFINET Stack Integrated on Interniche Stack Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a denial-of-service condition.

Siemens Mendix (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to read sensitive data.

Siemens RUGGEDCOM Devices (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM Devices Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authorized threat actor to obtain privileges to access passwords.

Siemens Solid Edge, JT2Go, and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge, JT2Go, and Teamcenter Visualization Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-of-bounds Write, Heap-based Buffer Overflow, Out-of-bounds Read 2.

Siemens SIMATIC CP (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC CP 1543-1 (incl. SIPLUS variants) and SIMATIC CP 1545-1 Vulnerability: Cleartext Storage of Sensitive Information 2.

Siemens SIMATIC CP (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Out-of-Bounds Read, Use After Free 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-222-07 Siemens SIMATIC NET CP that was published August 10, 2021, on the ICS webpage on cisa.gov/ics.

Siemens Industrial Products LLDP (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Classic Buffer Overflow, Uncontrolled Resource Consumption 2.

Siemens Linux-based Products (Update G) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Linux based products Vulnerability: Use of Insufficiently Random Values
2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update F) that was published November 11, 2021, to the ICS webpage at www.cisa.gov/uscert.

Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: KTK, SIDOOR, SIMATIC, and SINAMICS Vulnerability: Uncontrolled Resource Consumption 2.

Siemens PROFINET-IO Stack (Update G) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Siemens PROFINET-IO Stack Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-042-04 Siemens PROFINET-IO Stack (Update F) that was published October 14, 2021 to the ICS webpage on www.cisa.gov/uscert.

Siemens SCALANCE X Switches (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Switches Vulnerability: Missing Authentication for Critical Function 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-20-014-03 Siemens SCALANCE X Switches that was published January 14, 2020, to the ICS webpage on www.cisa.gov/uscert.

Siemens TIA Portal (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: TIA Portal Vulnerability: Path Traversal
2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-014-05 Siemens TIA Portal (Update B) that was published January 12, 2021, to the ICS webpage at www.cisa.gov/uscert/ics.

Siemens BACnet Field Panels (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: BACnet Field Panels Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Path Traversal 2.

Hillrom Medical Device Management | (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hillrom Medical. Welch Allyn, and ELI are registered trademarks of Baxter International, Inc., or its subsidiaries. Equipment: Welch Allyn medical devices Vulnerabilities: Use of Hard-coded Password, Improper Access Control 2.

AutomationDirect C-More EA9 HMI (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-more EA9 HMI Vulnerabilities: Uncontrolled Search Path Element, Cleartext Transmission of Sensitive Information 2.

AutomationDirect DirectLOGIC with Serial Communication (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Serial Communication Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a loss of sensitive information and unauthorized changes.

AutomationDirect DirectLOGIC with Ethernet (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: DirectLOGIC with Ethernet Communication Modules Vulnerabilities: Uncontrolled Resource Consumption, Cleartext Transmission of Sensitive Information 2.

Siemens Mendix SAML Module (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Mendix SAML Module Vulnerabilities: Improper Restriction of XML External Entity Reference, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow an attacker to disclose confidential data under certain circumstances.

Siemens EN100 Ethernet Module (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the product crashing or the creation of a denial-of-service condition.

Great Expectations Study Reveals 77% of Organizations have Data Quality Issues (PR Newswire) Great Expectations, the leading open-source platform for data quality, today announced the results of a survey highlighting top pain points and…

Radware Research: Overconfidence in API Protection Leaves Enterprises Exposed to Cyberattacks (GlobeNewswire News Room) 92% of companies state they have a plan in place to adequately protect APIs from cyberattacks; yet 62% admit a third or more of APIs are undocumented…

‘Safeguarding civilisation’: Protecting critical infrastructure against cyberattacks – Intelligent CIO Middle East (Intelligent CIO Middle East) Research from Dragos has highlighted that the industrial sector attracted increased unwanted attention from adversaries last year. With attackers continuing to up the ante and the consequences of an attack proving potentially devastating, defenders must review and prioritise their OT security strategies. Seth Enoka, Principal Industrial Incident Responder, Dragos, talks us through the research and […]

Latin America governments are prime targets for ransomware due to lack of resources, analysis argues (CyberScoop) The recent high-profile attacks on Costa Rica and Peru are examples of the dynamic, researchers say.

We don’t need another infosec hero (CSO Online) By setting yourself up as the defender, the solver of problems, you cast your business colleagues as hapless victims or, worse, threats. This is not a useful construct for engagement.

Marketplace

RSAC Startup Competition Focuses on Post-Cloud IT Infrastructure (Dark Reading) A secure Web browser takes the top prize, and for the second year in a row malware detection is an afterthought.

Key Democrat warns of major security risk if US firm acquires NSO hacking code (the Guardian) Ron Wyden says White House right to raise concerns about possible deal for defence contractor L3Harris to acquire surveillance technology

Vendr Raises $150MM Series B to Help CFOs Reduce Software Expense (Business Wire) Vendr, the world’s first SaaS buying platform, today announced it raised $150 million in Series B funding co-led by return investor Craft Ventures and

Kaspersky Opens New ‘Transparency Centers’ Amid Concerns Over Possible Russian Ties (CRN) Kaspersky open new ‘transparency centers’

AFRL awards $950M contract (Daily Sentinel) The Air Force Research Laboratory’s Information Directorate has awarded a $950 million contract, “Agile Cyber Technology 3,” to five small businesses in support of rapid research, development and prototyping of cyber capabilities.

Ex-Marine exploit hunters launch P3F (Intelligence Online) The US cyberintelligence firm P3F, which specialises in training, was recently bought by the US venture capital firm Cyber ​​Capital Partners.

Intel 471 Named to the Inaugural Enterprise Security Tech Cyber Top 20 List (GlobeNewswire News Room) Intel 471, the premier provider of cyber threat intelligence for leading intelligence, security, and…

SentinelOne bets big on India (Analytics India Magazine) The Centre will deliver innovation, product development, threat research, and engineering, recruiting top talent to modernise cyberdefense.

COVID-19: RSA Conference branded a ‘super spreader event’ (Register) That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts

Huawei’s French strategic affairs director heads to CyberPeace Institute in Geneva (Intelligence Online) Adding to its line-up of senior Western cyber experts, the NGO CyberPeace Institute, of which Microsoft is a major donor, has hired Huawei executive and former French special forces officer Vincent

Roger Hale named Chief Security Officer at Agora (Security Magazine) As Chief Security Officer at Agora, Hale will work to  navigate compliance and security, and determine risk management and cybersecurity best practices. 

Products, Services, and Solutions

Spirent CF400 Appliance Delivers Accelerated, Scalable Network Performance and Security Validation (Yahoo) New solution provides industry’s highest test tool encryption performance

BlastWave Announces Enhancements to Its Zero-Trust Security Software Solution, BlastShield (Dark Reading) Update allows BlastShield users to link with hybrid cloud network providers like AWS, Google, and the most recent addition, Azure, in one secure environment.

AvePoint Adds Microsoft Azure Backup to Enhance Data Protection Capabilities (GlobeNewswire News Room) Enhancements highlight AvePoint’s commitment to help businesses mitigate risk, protect business critical applications, and drive productivity…

Kivu to Leverage Industry-leading CrowdStrike Technology for Its Managed and Response Business Units (PR Newswire) Kivu Consulting, a leading global cybersecurity solutions provider, and trusted partner to insurance carriers and law firms, is pleased to…

Juniper Networks, Dragos team up to secure critical infrastructure (ITP.net) By integrating communications at the controller level, Juniper and Dragos can exchange threat detection information and stop real-time, east-west cyber-attacks in industrial controls systems within minutes. Juniper Networks, Dragos team up to secure critical infrastructure. Dragos, Juniper Networks, OT security. Security.

Technologies, Techniques, and Standards

CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case (CISA) CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.

CISA Releases New Proposed Cloud Security Guidance (Decipher) CISA is asking for public comment on a new set of cloud security guidance for federal agencies.

TIC program releases draft Cloud Use Case (FedScoop) The use case is the last one required by the Office of Management and Budget in its September 2019 memo launching the initiative.

Get that ‘We’ve been hacked!’ press release ready NOW (Contrast Security) The ransomware hits. The corporate sky is falling. All hell breaks loose.

Understanding How to Navigate the Risk Surface (RiskRecon) Read this blog that introduces the 2022 risk surface report and discusses how you can navigate the internet risk surface safely.

RiskRecon 2022 Internet Risk Surface Report (RiskRecon) Download this report from RiskRecon and Cyentia Institute to learn how to benchmark your firm’s internet risk exposure.

Tracking Threat Actor Usage of Cryptocurrencies with Chainalysis (Mandiant) In this episode, Jacqueline Koven, Head of Cyber Threat Intelligence at Chainalysis, breaks down examples of nation state threat actors using and targeting cryptocurrency.

5 Security Tasks DevOps Teams Should Consider When Shifting Left (The New Stack) A shift-left approach to security should start at the exact moment that DevOps teams begin developing the application and provisioning infrastructure, so that vulnerabilities can be addressed before they become bigger and more expensive to fix.

It’s Time to Burn Medical Consent Forms (Wired) Attempts at reform have not gone far enough. The problem isn’t the documents—it’s how to frame consent in the new health ecosystem.

Cyber team awarded for aiding community’s critical networks (DVIDS) A team of cyber analysts and operators was recognized for standing up one of the nation’s first Cyber Mission Assurance Teams. This specialized mission assurance force served as a pilot program for the National Guard Bureau pilot program in an effort to support critical infrastructure networks within local communities.

New York Air National Guard hosts SPP partner Brazil (Air National Guard) ROME, N.Y. – The New York Air National Guard hosted the commander of Brazil’s Aerospace Operations Command, part of a nine-person Brazilian Air Force delegation, during a week-long engagement focused

Oklahoma National Guard Participates in Cyber Shield 2022, the DoD’s Largest Unclassified Cyber Defense Exercise (DVIDS) Approximately 15 Oklahoma National Guard cyber and computer security specialists are honing their skills, June 5-17, as part of Cyber Shield 2022, the Department of Defense’s largest unclassified cyber defense exercise involving approximately 800 National Guard cyber specialists as well as law enforcement, legal, government and corporate partners from across the country.

Academia

RTCC Students Get Feet Wet In World of Cybersecurity (The White River Valley Herald) Hailey Westcot of Randolph studies a cybersecurity scenario on a projector while virtual machines are displayed on her screens. With experience from RTCC’s Criminal Justice program, she and three other students, including Sam Slack of Bethel, in the back at left, qualified for a live competition in Orlando, Fla. later this month. (Herald / Tim

AFCLC, Air Force Cyber College host second annual cyber training event (Maxwell Air Force Base) In response, 29 Language Enabled Airman Program scholars – including two Space Force Guardians, two Marine Corps foreign area officers and two Air Force crypto-linguists – gathered at Maxwell Air

Legislation, Policy, and Regulation

Big Tech Faces Fines for Deepfakes, Bots, Fake Accounts Under New EU Rules (CNET) Meta, Twitter, TikTok and Google are all signatories to the EU’s revised anti-disinformation code.

EU and US foster cooperation against ransomware attacks (Eurojust) Ransomware has become a global problem that requires cooperation on a worldwide level. Judicial experts and practitioners from the European Union and the United States participated in a two-day workshop in The Hague organised by Eurojust and the U.S. Department of Justice. The event aimed to share best practices and enhance collaboration in confronting ransomware attacks.

Japan makes ‘online insults’ punishable by one year in prison (CNN) Japan’s parliament on Monday passed legislation making “online insults” punishable by imprisonment amid rising public concern over cyberbullying sparked by the suicide of a reality television star who had faced social media abuse.

Remarks by Vice President Harris Announcing the Launch of the White House Task Force to Address Online Harassment and Abuse (The White House) Eisenhower Executive Office Building 1:52 P.M. EDT THE VICE PRESIDENT:  Please have a seat.  Hi, everyone.  Well, let me start by saying it is so good to

White House rolls out task force to curb online abuse (Washington Post) Group will create recommendations for governments, companies and schools to address the link between online harassment and violence in the wake of mass shootings

VP Harris launches task force on online harassment after shootings (Reuters) U.S. Vice President Kamala Harris inaugurated a task force on Thursday to curb online harassment, fulfilling one of the Biden campaign’s promises in the wake of a mass shooting that highlights a link between online abuse and violence.

House subpanel OKs $417 million boost for CISA (The Record by Recorded Future) House appropriators on Thursday approved a Homeland Security Department funding bill that would increase the Cybersecurity and Infrastructure Security Agency’s proposed budget by roughly $417 million.

Industry Day provides tech companies insights into what USCYBERCOM needs now, in future (U.S. Cyber Command) With the rapidly evolving landscape of the cyber domain occurring in real time, U.S. Cyber Command recognizes the value and role industry partners play in providing support to the Command, which is

Applications for funds to replace Chinese kit lack evidence (Register) Well you told us to rip and … hang on, we’re not getting any money?

Litigation, Investigation, and Law Enforcement

Police Linked to Hacking Campaign to Frame Indian Activists (Wired) New details connect police in India to a plot to plant evidence on victims’ computers that led to their arrest.

Julian Assange: Priti Patel signs US extradition order (The Telegraph) Home Office says there are ‘no grounds’ to block extradition of WikiLeaks founder to face espionage charges in America

U.S., partners dismantle Russian hacking ‘botnet,’ Justice Dept says (Reuters) Law enforcement in the United States, Germany, the Netherlands and Britain dismantled a global network of internet-connected devices that had been hacked by Russian cyber criminals and used for malicious purposes, the U.S. Justice Department said on Thursday.

Russian Botnet Disrupted in International Cyber Operation (US Attorney’s Office, Southern District of California) The U.S. Department of Justice, together with law enforcement partners in Germany, the Netherlands and the United Kingdom, have dismantled the infrastructure of a Russian botnet known as RSOCKS which hacked millions of computers and other electronic devices around the world.

At Second Trial, Ex-CIA Employee Defends Himself in Big Leak (SecurityWeek) Former CIA software engineer Joshua Schulte is charged with causing the Vault 7 leak, the biggest theft of classified information in CIA history.

Interpol anti-fraud op leads to 2,000 arrests, $50m seized (Register) 1,770 premises raided, 2,000 arrested, $50m seized

Shifty Ransomware Crews Spark Sanctions Concerns (Law360) A recent trend of cybercriminals attempting to mislead targets about their identities has made matters more difficult for attack victims tasked with deciding quickly whether a ransomware payout might breach government sanctions, industry attorneys say.

US Marshals Service may need some help managing all that seized crypto (Federal News Network) In today’s Federal Newscast, the U.S. Marshals Service has its work cut out managing cryptocurrencies seized by the Justice Department.

Newsmax Can’t Ditch Dominion’s 2020 Election Claims Suit (Law360) Newsmax can’t escape Dominion Voting Systems Inc.’s defamation lawsuit claiming the conservative news outlet “recklessly” spread “lies” that the voting machine company rigged the 2020 election in favor of President Joe Biden, a Delaware judge ruled Thursday.