Dateline Moscow, Kyiv, Minsk, Berlin, Washington: Support for fire support, and close cyber collaboration.

Ukraine at D+154: Counteroffensive underway at Kherson. (The CyberWire) As Ukrainian forces begin the campaign to retake Kherson and Russian forces resume long-range bombardment of key Ukrainian cities, Ukraine and the US agree to closer cooperation on cybersecurity. It will include, as a minimum, more exchanges of information between the US CISA and Ukraine’s SSSCIP.

Russia-Ukraine war latest: five killed and 25 injured in Russian strike on Kropyvnytskyi (the Guardian) Russian missiles have struck the hangars of an aviation enterprise

Russia-Ukraine war: List of key events, day 155 (Al Jazeera) As the Russia-Ukraine war enters its 155th day, we take a look at the main developments.

Russian forces fire barrage of missiles at northern Ukraine from Belarus (the Guardian) Strikes hit Chernihiv region as well as locations outside Kyiv and around city of Zhytomyr, say officials

Russian forces, Ukraine both claim control of vital power plant (Al Jazeera) Capture of Vuhlehirsk power plant in eastern Ukraine would be Moscow’s first strategic gain in more than three weeks.

Russian forces capture Ukraine’s second-biggest power station (the Guardian) Ukraine confirms seizure of Vuhlehirska power plant in Donetsk but calls it a ‘tiny tactical advantage’

Russia steps up strikes on Ukraine amid counterattacks (AP NEWS) Russian forces on Thursday launched massive missile strikes on Ukraine’s Kyiv and Chernihiv regions, areas that haven’t been targeted in weeks, while Ukrainian officials announced an operation to liberate an occupied region in the country’s south.

Retreat from Kherson or be ‘annihilated’, Ukraine warns Russia (The Telegraph) Threat follows rocket strike on key bridge in occupied city that will make it much harder for Moscow to move armour in – or take troops out

US rocket system enables Ukraine to strike key supply bridge (Military Times) Ukrainian forces used U.S.-supplied HIMARS multiple rocket launchers to target the bridge,

Battle for Kherson will test Ukraine’s infantry and artillery – but it won’t end the war (The Telegraph) We must distinguish between a local counter-offensive that forces out the Russians, and a big attack that changes the strategic picture

As they wait for weapons, Ukrainians hold the line with Soviet artillery (Washington Post) Ali Pirbudagov’s weapons are parked under the cover of trees and camouflage nets. They’re all older than he is, dating back to a time when Ukraine and Russia fought together in the Red Army. Now, Pirbudagov has to use them against Russian troops attacking with more-modern equipment.

Germany authorizes production of 100 howitzers for Ukraine (POLITICO) It will likely take a while before the state-of-the-art weapons arrive to the battlefield.

Special services have identified Russian filtration camps (Special Services – Government of Poland) From the beginning of its aggression against Ukraine, Russia began building a network of prisons and filtration camps to which Ukrainians are sent en masse. Those who pass the verification are forcibly sent to Russia, where they are often forced to be recruited into the Russian army and sent to the front. People who raise objections to the invaders are subjected to torture.

Special Military Cell Flows Weapons and Equipment Into Ukraine (New York Times) A little-known group at U.S. European Command in Germany fills Ukraine’s battlefield requests with donations from more than 40 countries.

Thousands of troops are still deployed to Europe for Ukraine response (Military Times) Some troops have rotated out or gone home for good, but the Europe mission has no end in sight.

US military to treat wounded Ukrainian troops at Landstuhl hospital (Military Times) Landstuhl Regional Medical Center can take up to 18 Ukrainian troops at a time under recently approved Pentagon guidance.

United States and Ukraine Expand Cooperation on Cybersecurity (CISA) CISA and Ukraine SSSCIP Sign Agreement to Deepen Cybersecurity Operational Collaboration

US, Ukraine sign pact to expand cooperation in cyberspace (The Hill) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) signed an agreement Wednesday with Ukraine’s cybersecurity agency to strengthen cooperation between the two countries in the c…

Internet disruptions hit Kherson as Ukrainian forces advance (The Record by Recorded Future) Kherson has been occupied by Russian forces since March.

Apple network traffic takes mysterious detour through Russia (Register) Land of Putin capable of attacking routes in cyberspace as well as real world

Ukraine Calls for More Sanctions in Response to Russia’s ‘Gas War’ (Wall Street Journal) President Volodymyr Zelensky said Europe should avoid concessions to Moscow and focus on cutting its trade and energy dependence on Russia.

Iranian drones could make Russia’s military more lethal in Ukraine (Breaking Defense) The US and its allies should prepare Ukraine, and better constrain Iran, write analysts from FDD.

The case for trading a Russian arms dealer for Griner, Whelan (Newsweek) “The obvious answer is a Whelan/Griner for Bout trade,” a source who has worked successfully on numerous foreign detention cases of U.S. citizens told Newsweek.

Burkina Faso Could Be Next for Russia’s Wagner Group, U.S. Intel Fears (Foreign Policy) A military coup, natural resources, and roiling insecurity are a recipe for Russian intervention.

Attacks, Threats, and Vulnerabilities

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits (Microsoft Security) The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found a private-sector offensive actor (PSOA) using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers.

Continuing the fight against private sector cyberweapons (Microsoft On the Issues) Today, Microsoft is announcing the disruption of the use of certain cyberweapons created and sold by a group we call Knotweed.

Microsoft reports Knotweed gang making SubZero attacks (Register) Reports seeing ‘offensive actor’ flinging SubZero malware

Microsoft Catches Austrian Company Exploiting Windows, Adobe Zero-Days (SecurityWeek) Microsoft security researchers intercept multiple zero day attacks attributed to DSIRF, a private cyber mercenary firm operating out of Austria.

Microsoft Spots Cyber Mercenaries Using Windows, Adobe Zero-Day Exploits (PCMAG) Microsoft has uncovered evidence an Austrian intel-gathering firm called DSIRF has been using the zero-day exploits for a malware called Subzero.

Microsoft says it caught an Austrian spyware group using previously unknown Windows exploits (The Verge) Targets included banks and law firms in Europe and Panama.

Cyber Mercenary Leveraged Windows Zero Day in Subzero Malware Attack (Decipher) Microsoft exposed an Austria-based private-sector offensive actor that has been observed both selling the Subzero malware to third parties, but also using its own infrastructure in some attacks.

Vulnerability in Dahua’s ONVIF Implementation Threatens IP Camera Security (Nozomi Networks) Nozomi Networks Labs publishes a vulnerability in Dahua’s ONVIF standard implementation, which can be abused to take over IP cameras.

Threat analysis: Follina exploit fuels ‘live-off-the-land’ attacks (ReversingLabs) An analysis of three in-the-wild payloads delivered using the Follina exploit shows how attackers can boost efforts to avoid detection by security tools. 

Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks (SecurityWeek) Vulnerabilities found in Moxa’s NPort devices could allow attackers to cause significant disruption, including in critical infrastructure organizations.

H0lyGh0st ransomware gang faces challenges, but still a threat (ComputerWeekly.com) Digital Shadows reports on the recently identified H0lyGh0st ransomware outfit, a new threat actor operating out of North Korea that faces some clear challenges, but is nevertheless still a live threat

‘EvilNum’ malware targets European financial exchanges, crypto with backdoor attacks (SC Magazine) Threat actor TA4563 has been aiming its “EvilNum” malware at European financial and investment firms that specialize in foreign currency exchange and commodities, cryptocurrency and DeFi, according to a Proofpoint report.

Robin Banks might be robbing your bank (IronNet) In mid-June, IronNet researchers discovered a new large-scale campaign utilizing the Robin Banks platform to target victims via SMS and email.

Mirroring Actual Landing Pages for Convincing Credential Harvesting (Avanan) Attackers are dynamically mirroring company landing pages to create convincing opportunities for credential harvesting.

How cybercriminals are using messaging apps to launch malware schemes (Intel471) Messaging platforms like Telegram and Discord have automation features that users love. Cybercriminals are among those users.

Messaging Apps Tapped as Platform for Cybercriminal Activity (Threatpost) Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.

Mailing List Provider WordFly Scrambling to Recover Following Ransomware Attack (SecurityWeek) Mailing list provider WordFly has been offline for more than two weeks after ransomware encrypted data on some of its systems.

WordFly Incident FAQ for U.S./Canadian/Asia Pacific based Customers (WordFly) Downtime and anticipated outlook for restoration

Kansas MSP shuts down cloud services to fend off cyberattack (BleepingComputer) A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services.

3 Toronto arts companies among those impacted by email newsletter cyber attack (Global News) The Canadian Opera Company, Toronto Sympathy Orchestra and Canadian Stage all emailed subscribers to inform them of a ransomware attack suffered by WordFly.

Security Patches, Mitigations, and Software Updates

AWS Announces Enhancements to Cloud Security, Privacy, Compliance (SecurityWeek) At its re:Inforce 2022 conference, AWS announced several enhancements to its cloud security, privacy and compliance offerings, and the launch of a new Customer Incident Response Team (CIRT).

Mild monthly security update from Firefox – but update anyway (Naked Security) You’re probably thinking we’re going to say, “Don’t delay/Do it today”… and that’s exactly what we are saying!

FileWave patches two vulnerabilities that impacted more than 1,000 orgs (The Record by Recorded Future) FileWave confirmed that two vulnerabilities in their device management platform were patched after being discovered by researchers from Claroty.

Critical Samba bug could let anyone become Domain Admin – patch now! (Naked Security) It’s a serious bug… but there’s a fix for it, so you know exactly what to do!

Kansas MSP shuts down cloud services to fend off cyberattack (BleepingComputer) A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services.

Cyberattacks are raising health care costs (POLITICO) Across industries, a glaring 60 percent of organizations said they had to raise prices to cover the expense of a breach.

Fears over social media hacking are rising (NordVPN) A new NordVPN study shows most Americans fear falling victim to social media hacking. Here’s what you can do to keep your accounts safe.

Marketplace

NCSC launches startup incubator to protect against national cyber threats (IT PRO) The program is focused on the protection of highly available operational technology where there is a high risk of digital sabotage

Intechnica announces separation of cybersecurity business (Business Up North) Intechnica – the Manchester-based tech company – has spun off its cybersecurity arm Netacea as a standalone company.

Cybersecurity Snapshot (May 2022) (Momentum Cybersecurity) We are pleased to provide you with Momentum’s Cybersecurity Market Review for 1H 2022. Strategic activity in the first half of the year included 679 transactions completed totaling $115.1B in deal value across M&A (148 transactions, $102.6B) and Financing (531 transactions, $12.5B).

HUMAN Security and PerimeterX Merge on Mission to Combat Bots (SecurityWeek) Bot and fraud protection firms HUMAN Security (formerly White Ops) and PerimeterX, will merge under the HUMAN company name.

Deep Instinct hires Carl Froggett as CIO (Help Net Security) Deep Instinct announced the addition of Carl Froggett to its executive leadership team as Chief Information Officer.

HackerOne Scoops Up Aledade Legal Chief Ilona Cohen (Corporate Counsel) Cohen said she’s been a fan of HackerOne since it launched #HackThePentagon in partnership with the Department of Defense in 2016. Now, she’ll lead its legal and public policy efforts.

Products, Services, and Solutions

SafeGuard Cyber integrates with Okta and Azure AD to automate identity-based responses for enterprises (Help Net Security) SafeGuard Cyber launched automated response and multi-channel user onboarding with Microsoft Azure AD and Okta integrations for its platform.

Digitate’s Intelligent AIOps Platform Achieves HIPAA and GDPR Compliance (Yahoo Finance) Digitate, a leading provider of SaaS-based autonomous enterprise software for IT and business operations, today announced that it has achieved both HIPAA and GDPR compliance, guaranteeing that its artificial intelligence for IT operations (AIOps) platform meets all regulatory standards for security, availability, processing integrity, confidentiality, and privacy. The audits for both HIPAA and GDPR compliance were conducted by Deloitte Haskins & Sells, LLP.

Booz Allen partners with Acalvio on cyber deception (Consulting) Booz Allen Hamilton, a McLean VA-based management and technology consulting firm, has partnered with Acalvio to provide the Silicon Valley cybersecurity firm’s Shadowplex autonomous deception product

Technologies, Techniques, and Standards

CrowdStrike: Threat Hunting Should be Human-based (SDxCentral) CrowdStrike’s new cloud threat hunting service is led by its OverWatch threat hunting team and will target advanced threats in the cloud.

A Navy Cyber Effort Is Fixing Thousands of Holes—and Building Tech Talent (Defense One) A 10th Fleet operation gives tech-curious reservists some training and a real-world mission.

Design and Innovation

For quantum technology to succeed, there needs to be a shift in mindset (World Economic Forum) As quantum technology is rapidly developing, business leaders will need to make changes to stay ahead of the curve. Here are four key actions to implement two important mindset shifts.

GitGuardian releases its open-source canary tokens (GitGuardian Blog – Automated Secrets Detection) GitGuardian, the enterprise-ready secrets detection and remediation platform, is announcing its latest open-source project, ggcanary – GitGuardian Canary Tokens to help organizations detect compromised developer and DevOps environments.

Academia

GenCyber: NSA sets up summer camps to teach kids to hack (FCW) Steve Kelman finds the normally secretive agency’s camps an intriguing way to offer a taste of cybersecurity careers to middle and high school students.

What you need to land a six-figure cybersecurity job (Fortune) Earning a master’s degree in cybersecurity can be one path to earning a six-figure salary, but trainings and certifications can also get you there.

Legislation, Policy, and Regulation

Senate Approves $280 Billion Bill to Boost U.S. Chip Making, Technology (Wall Street Journal) Bipartisan backers said the measure is needed to counter China, while GOP foes said the embrace of industrial policy amounts to corporate welfare.

Biden administration sets cyber priorities for fed agencies in ’24 (The Record by Recorded Future) The Biden administration late last week issued guidance that laid out the cybersecurity funding priorities that federal agencies should adhere to for the upcoming fiscal year 2024 budget cycle.

Experts Urge Congress to Pressure Commercial Spyware Vendors (Decipher) Researchers from Google and Citizen Lab urged Congress to use intelligence agencies, diplomatic, and economic means to pressure commercial spyware vendors such as NSO Group.

Commerce Committee Passes Luján Amendment To Protect Kids Online (Los Alamos Daily Post) U.S. Sen. Ben Ray Luján (D-N.M.), a member of the Senate Committee on Commerce, Science, and Transportation, voted today to advance critical legislation that will enhance and enforce online privacy protections for children and teenagers.

U.S. Government Grapples With Cyber Incident Reporting Pain Points (Decipher) The U.S. government wants cyber incident reporting to be more consistent, but it must work through several challenges, including the stigma around the repercussions of reporting.

GDPR in Romania: How Does It Work? (Business Review) The General Data Protection Regulation act of the European Union officially became effective on 25th May, 2018. The act builds and strengthens the EU’s

Cyber regulations proliferate, creating fresh problems (Washington Post) There’s a growing thicket of regulations for industry to notify feds about cyberattacks.

Litigation, Investigation, and Law Enforcement

DHS Cleared After 2021 Exposure of Terrorist Watchlist Data (Nextgov.com) The agency’s Office of the Inspector General found that the Department of Homeland Security has ways to safeguard and share sensitive data and properly acted once it learned about the alleged exposure.

Pegasus spyware: Just ‘tip of the iceberg’ seen so far (Register) House intel chair raises snoop tool concerns as Google and others call for greater crack down

US doubles bounty on Lazarus cyber crime group to $10m (ComputerWeekly.com) US State Department doubles a previously announced reward for information on North Korean cyber criminals, including the notorious Lazarus group.

U.S. doubles reward for tips on North Korean-backed hackers (BleepingComputer) The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups’ members to $10 million.

US Offers $10 Million for Information on North Korean Hacker (SecurityWeek) The US government is offering a reward of up to $10 million for information on individuals associated with North Korean state-sponsored hacking groups.

Key Dems want DHS inspector general removed from Secret Service probe (Washington Post) A pair of key congressional Democrats called on Department of Homeland Security Inspector General Joseph Cuffari to step aside from his office’s investigation into the Secret Service on Tuesday, saying the Trump appointee knew earlier than has been reported that the agency deleted text messages from around the time of the Jan. 6, 2021, attack on the Capitol.

Wawa paying state prosecutors $8M to settle malware data breach (The Avenue News) FREE to read: Popular convenience store and gas station chain Wawa is paying $8 million to six state attorneys general, including Florida and Maryland, as well as the District of

Uber’s former head of security faces fraud charges after allegedly covering up data breach (Hot for Security) The former Chief Security Officer of Uber is facing wire fraud charges over
allegations that he covered up a data breach that saw hackers steal the records
of 57 million passengers and drivers.