The CyberWire Daily Briefing

"Microsoft's Recall criticized for security shortcomings.  Cyber espionage in Ukraine."

Views expressed in this cybersecurity, cyber crime, and cyber espionage update are those of the reporters and correspondents.  Accessed on 09 June 2024, 1326 UTC.

Content and Source:  https://thecyberwire.com/newsletters/daily-briefing/13/111

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Briefings

Daily Briefing

V13 Issue 111

More Signal. Less Noise.

SPONSORED BY N2K NETWORKS

Save 25% off of N2K practice tests, training courses, and practice labs.

N2K offers affordable exam prep training for top certifications from AWS, CompTIA, ISC2, Microsoft, Cisco, and many others. Get access to simulated exams, custom quizzes, e-flashcards, and more. Explore N2K’s expansive learning library of premium practice tests, training courses, and practice labs to help supplement your studies and accelerate your career journey. Save 25% with promo code "JUMP25" and get started today.

V13 | Issue 111 | 6.7.24

Daily Briefing for 06.07.24

ANNOUNCEMENT

Listen to our newest podcast, “Only Malware in the Building.”

N2K and Proofpoint have teamed up to launch “Only Malware in the Building,” the newest podcast on the N2K CyberWire network. Each month our hosts Selena Larson, Proofpoint’s staff threat researcher, and N2K’s Rick Howard and Dave Bittner, will explore the mysteries around today’s most intriguing cyber threats. Listen and subscribe now.

2024 N2K CyberWire Audience Survey.

We're always looking for ways to improve the N2K CyberWire network to give you an intelligence-driven news experience. Please take a few minutes to tell us about your network experience and share your feedback by completing our 2024 Audience Survey, and you will have a chance to win a $100 Amazon gift card. Take the survey.

SUMMARY

By the CyberWire staff

At a glance.

• Microsoft's Recall criticized for security shortcomings. 
• Cyberespionage in Ukraine.
• Exploit code released for critical Apache HugeGraph flaw.
• Critical RCE flaw affects PHP.

Microsoft's Recall criticized for security shortcomings.

WIRED offers a summary of security concerns associated with Microsoft's upcoming Recall feature. Recall is an AI-powered tool that allows Windows to save snapshots of the screen every five seconds in order to allow users to search through their past activity using natural language. Microsoft insisted that a hacker would need physical access to a device to access this information, but security researcher Kevin Beaumont found that malware can easily exfiltrate the data from a compromised device. Beaumont says he's "deliberately holding back technical details until Microsoft ship the feature as I want to give them time to do something." Additionally, James Forshaw, a researcher with Google's Project Zero, found that a threat actor could access a PC's Recall data without administrative privileges.

SPONSORED BY ZSCALER

Initial Compromise Insights: VPN and Phishing Attacks Exposed

Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.

Cyberespionage in Ukraine.

The Computer Emergency Response Team of Ukraine (CERT-UA) has outlined a cyberespionage campaign by the UAC-0020 threat actor that's using SPECTR malware to target the Defense Forces of Ukraine. The malware is distributed via spearphishing emails with malicious RAR archive attachments. CERT-UA says the malware is used to "download stolen documents, files, passwords and other information from the computer."

UAC-0020 has been attributed to the law enforcement agencies of occupied Luhansk.

Exploit code released for critical Apache HugeGraph flaw.

The Register warns that a proof-of-concept exploit has been released for a critical remote code execution flaw (CVE-2024-27348) affecting Apache HugeGraph. Apache issued a patch for the vulnerability in April. Users are urged to ensure Apache HugeGraph is updated to version 1.3.0.

SPONSORED BY ZSCALER

Webinar | Initial Compromise Insights: VPN and Phishing Attacks Exposed

Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.

SPONSORED BY N2K NETWORKS

Skill up for today’s top IT & cyber roles.

Want to dive deep into trending topics like AI, machine learning, or cloud? Or looking to reinforce concepts for top certifications from AWS, CompTIA, or ISC2? Explore N2K’s expansive learning library of on-demand training courses to help supplement your studies and accelerate your career journey. Get started today.

Critical RCE flaw affects PHP.

Researchers at DEVCORE have discovered a critical remote code execution vulnerability affecting PHP. The researchers explain, "While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system. This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack."

PHP's development team released a patch for the flaw yesterday.

Notes.

Today's issue includes events affecting Russia, Ukraine, and the United States.

SPONSORED EVENTS

Upcoming Cyber Security Summits (Multiple Cities, May 14 - Jun 14, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 5/17 in Austin, 5/17 in Denver, 6/6 in Salt Lake City and 6/14 in Oklahoma City! Learn about the latest threats and solutions from The FBI, U.S. DHS/CISA, U.S. Secret Service & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code).

Webinar—2024 and beyond: Top six cloud security trends (Virtual, May 21 - Jun 11, 2024) Watch this webinar to find out about six emerging trends that are dominating the cloud cybersecurity landscape. You’ll also discover a range of solutions that can help you protect the security of your cloud environments. Watch Now.

Webinar | Initial Compromise Insights: VPN and Phishing Attacks Exposed (, May 28 - Jun 20, 2024) Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.

SELECTED READING

Attacks, Threats, and Vulnerabilities

Wineloader - Analysis of the Infection Chain (Binary Defense) ARC Labs analyzed a sample of the Wineloader backdoor for infection chain analysis and detection opportunities to help defenders protect their organizations.

POC exploit code published for critical Apache HugeGraph bug (The Register) You upgraded when this was fixed in April, right? Right??

Russian hacktivists vow mass attacks against EU elections (The Register) But do they get to wear 'I DDoSed' stickers?

Ransomware Actor Exploited CoinMiner Attacker's Proxy Server (Cyber Security News) Hackers can hide their names and access the blocked websites or networks by using proxy servers which help in making these systems anonymous. 

Legislation, Policy, and Regulation

Unpacking the first wave of SEC 10-K cyber disclosures (PwC) What companies reported, what it means (so far) and next steps. What can these form 10K filings tell us about cybersecurity disclosures?

FCC moves ahead on internet routing security rules (CyberScoop) The Border Gateway Protocol regulations proved less controversial than a $200 million school and library cyber program.

Litigation, Investigation, and Law Enforcement

Chinese nationals plead guilty to running Zambia scam operation (The Record) Zambian authorities said 77 people, including the Chinese operators, were arrested in April in connection with the takedown of a scam call center.

INDUSTRY EVENTS

For a complete running list of events, please visit the Event Tracker.

Events

AWS re: Inforce (Philadelphia, Pennsylvania, USA, Jun 10 - 12, 2024) AWS re: Inforce is a conference that addresses AWS security and confidentiality for customers. The conference covers: Proactive security: Considerations and approaches; How AWS secures data, even from trusted operators and services; Identity and access management; Security mindfulness; Cryptography from the future: Research & innovation to protect customer data; Compliance and governance; Data protection and privacy; and Security operations.

Cyber Civil Defense Summit (Washington DC, Jun 13, 2024) The Cyber Civil Defense Summit brings together a community of cyber defenders, academics, and policymakers with the shared mission of protecting our most vulnerable public infrastructure against cybersecurity threats. This in-person event hosts exclusive keynotes and panels with government and industry leaders in cybersecurity, creating an intimate space for cross-sector conversations between academics, volunteers, and policymakers on how we can work together to protect vulnerable community organizations like hospitals, cities, school districts, and nonprofits.

SANS Rocky Mountain Summer 2024 (Denver (and virtual), Colorado, USA, Jun 17 - 22, 2024) At SANS Rocky Mountain Summer 2024, choose from 48 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

ISA OT Cybersecurity Summit (London, England, UK, Jun 18 - 19, 2024) Strategic OT Cybersafety | Intelligent Innovation for a Secure World The future of intelligence evolution and IoT cybersecurity relies on a strategic approach that integrates supply chain sustainability and security. By leveraging intelligent technologies and prioritizing standards and conformance, we can create a more resilient and secure future for all.

Initial Compromise Insights: VPN and Phishing Attacks Exposed (Virtual, Jun 20, 2024) Join us for an exclusive deep dive into initial compromise risks, focusing on threats posed by VPN vulnerabilities and sophisticated phishing attacks, and share insights from recent research and reports by Zscaler ThreatLabz group. Register now.

SPONSOR & SUPPORT

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.