Dateline Moscow, Kyiv, Brussels, Paris, London, Washington: Ukraine moves closer to the West.

Ukraine at D+117: Cyberattacks and a static war in the Donbas. (The CyberWire) A stalled Russian advance in the Donbas is expected to prompt increasingly indiscriminate fire and a renewed emphasis on cyber operations.

Sanctions, as Russia would have them seen under Western eyes. (The CyberWire) Sanctions? They’re not working, except against the EU. The root causes of economic distress lie elsewhere, and sanctions are just Russophobic misdirection. That’s Mr. Putin’s story and he’s sticking to it.

Russia condemns Lithuania transit ban to Kaliningrad, vows response (Reuters) The Kremlin on Monday called Lithuania’s decision to ban the transit of some goods to Russia’s Kaliningrad region “unprecedented” and vowed to respond.

Russia accuses Lithuania of imposing siege on Kaliningrad by halting rail cargo (The Telegraph) Kremlin says the move ‘violates each and every’ law and warns of a strong response unless the transit of goods is restored

Russia Strikes Ukrainian Positions, Residential Areas in Donbas (Wall Street Journal) Russian forces launched airstrikes and artillery attacks as they pressed their offensive in eastern Ukraine, and explosions also rocked the southern port city of Odessa.

‘It’s just hell there’: Russia still pounds eastern Ukraine (AP NEWS) Russia’s military kept on grinding down Ukraine’s defenses Monday, with combat in eastern areas said to be entering a “decisive” phase, as the war’s consequences for food and fuel supplies increasingly weighed on minds around the globe.

Russia-Ukraine war: List of key events, day 118 (Al Jazeera) As the Russia-Ukraine war enters its 118th day, we take a look at the main developments.

Ukraine Intensifies Strikes Against Russian-Controlled Areas (Wall Street Journal) Ukrainian attacks in Donbas came as Moscow unleashed new salvoes of long-range missiles—some of them shot down by air defenses—on cities across the country.

Russia-Ukraine war: Moscow warns of ‘serious negative impact’ for Lithuania over goods blockade – live (the Guardian) Russian says ‘appropriate measures’ are being considered amid restrictions on goods moving through Baltic state to Kaliningrad

Russia-Ukraine war: List of key events, day 117 (Al Jazeera) As the Russia-Ukraine war enters its 117th day, we take a look at the main developments.

What happened in the Russia-Ukraine war this week? Catch up with the must-read news and analysis (the Guardian) Ukraine holds Sievierodonetsk as battle for Donbas enters critical phase; the Russians rejecting Putin and fighting for Kyiv

Russia-Ukraine war: what we know on day 116 of the invasion (the Guardian) Nato chief warns war could last years; Russia sends many reservists to Sievierodonetsk battle, says regional governor

Where the Shelling Never Stops: Near the ‘Zero Line’ With Ukrainian Soldiers Trying to Maintain in Donbas (Rolling Stone) Inside life in a bunker with Ukrainian Ph.D. students-turned-fighters as they attempt to hold on against overwhelming firepower and devastating Russian bombardment

In eastern Ukraine, some stand against their defenders (Los Angeles Times) In parts of eastern Ukraine, the Ukraine military is not necessarily fighting on friendly ground.

Outgunned. Outmanned. Outnumbered. Outplanned? (POLITICO) The Biden administration is touting another $1 billion package of military aid to Ukraine, including thousands of rounds of critically needed ammunition for the grinding fight in the Donbas.

Men, morale, munitions: Russia’s Ukraine war faces long slog (Military Times) As Russia’s initially botched and broad offensive turns its focus to the eastern Donbas region, the war has entered a new and seemingly more enduring phase.

Russia is hoping higher pay can get more people to sign up to fight in Ukraine (Task & Purpose) Cash rules everything around the Ministry of Defense.

US intel officials admit they didn’t see that Russia’s military was a ‘hollow force.’ Here’s what they did see and how they missed it. (Business Insider) Four months of fighting in Ukraine has revealed the gaps in what US intelligence agencies knew about the Ukrainian and Russian militaries.

Dr. Frank Hoffman on “Defining and Securing Success in Ukraine” (Lawfire) What is the way forward in the Ukraine crisis?  In today’s post Dr. Frank Hoffman joins us again to discuss that very question in his thoughtful but extremely candid way.  As he puts it, &#82…

You’ll Never Guess the Lie Putin Has Come Up With Now (The Daily Beast) Not only does he say there’s no war in Ukraine, Putin may have told his favorite propagandist that Russia is not even carrying out a so-called “Special Operation” over there.

Putin gloats, says West couldn’t stop Russia despite “insane” sanctions (Newsweek) The Russian president was addressing the annual St. Petersburg International Economic Forum on Friday.

Sanctions have backfired and will cost EU €400bn, insists Vladimir Putin (The Telegraph) Russian leader says the West’s ‘economic blitzkrieg’ has failed and that Russia is entering new era as a ‘powerful sovereign country’

Vladimir Putin’s veiled threat to ex-Soviet states: ‘You’re part of historic Russia’ (The Telegraph) Kremlin leader hints that neighbouring countries could meet Ukraine’s fate if they turn on him over the invasion

Why fear of provoking Putin is the most provocative policy of all (Atlantic Council) It is now abundantly clear that cautious policies toward Russia driven by a misguided fear of provoking Putin have in fact provoked Europe’s biggest war since the days of Hitler and Stalin, argues Alyona Getmanchuk.

Lithuanian PM: Russia ‘keeps on proving we were right’ (Atlantic Council) Prime Minister Ingrida Šimonytė described how her country responds to the stark geopolitical realities presented by Russia and other problematic states.

Why Ukraine’s wins against Russian aircraft should worry the US Air Force (Task & Purpose) The U.S. Air Force may need to switch from offensive air superiority missions to the long grind of defensive air denial missions.

Unholy War: UK sanctions Putin’s Patriarch for backing Ukraine invasion (Atlantic Council) This week’s UK decision to impose sanctions on the head of the Russian Orthodox Church highlights international alarm over Patriarch Kirill’s enthusiastic support for Vladimir Putin’s war of imperial aggression in Ukraine.

The Russian teenagers facing jail to protest against the war – and their own family (The Telegraph) Young people are taking to the streets in anti-war demonstrations despite new draconian laws being enforced to silence them

Russian journalist sells Nobel Prize for Ukrainian children (AP NEWS) What’s the price of peace? That question could be partially answered Monday night when Russian journalist Dmitry Muratov auctions off his Nobel Peace Prize medal. The proceeds will go directly to UNICEF in its efforts to help children displaced by the war in Ukraine.

Ukraine mourns ‘our golden generation’ killed on frontlines (the Guardian) The death of Roman Ratushnyi, 24, a prominent environmental campaigner who died while fighting the Russians, has come to symbolise the war’s heavy toll on society

‘We’re tired of being scared’: Kyiv residents take steps towards normality (the Guardian) Restaurants are filling up again as clubs welcome daytime revellers, but the city remains under a cloud of war

Ukraine’s first lady Olena Zelenska on being Russia’s target No 2: ‘When you see their crimes, maybe they really are capable of anything’ (the Guardian) Her husband Volodymyr Zelenskiy is leading his nation’s resistance to Putin’s invasion – and her family is under threat. In a rare interview, she reveals the toll of sudden war

What Hundreds of Photos of Weapons Reveal About Russia’s Brutal War Strategy (New York Times) A New York Times analysis of visual evidence from Ukraine showed widespread use by Russia of cluster weapons banned under certain international treaties.

Crimes against civilians: documenting the scale of abuse in Ukraine (the Guardian) Survivor and witness accounts, cross-checked with information from prosecutors, show how violence has been integral to the Russian campaign

The Reckoning for War Crimes in Ukraine Has Begun (Foreign Policy) What do the first convictions of Russian servicemen hold for the future?

Kremlin press secretary says Geneva Conventions would not apply to two Americans feared captured in Ukraine (CBS News) The comments come days after Russian media released video appearing to show the two men.

Putin’s war in Ukraine will lead to his “demise”: Exiled oligarch (Newsweek) Mikhail Khodorkovsky previously said that he believes Putin’s defeat is inevitable as long as the West continues to back Ukraine.

Can Putin Survive? (Foreign Affairs) The lessons of the Soviet collapse.

‘The impossible’: Ukraine’s secret, deadly rescue missions (AP NEWS) As was his habit before each flight, the veteran Ukrainian army pilot ran a hand along the fuselage of his Mi-8 helicopter, caressing the heavy transporter’s metal skin to bring luck to him and his crew.

No nukes? Ukraine-Russian war will shape world’s arsenals (AP NEWS) The headlines on the newsstands in Seoul blared fresh warnings of a possible nuclear test by North Korea.

Vladimir Putin speech delayed ‘because of cyber-attack’ as he hits out at ‘economic blitzkrieg’ against Russia (Scotsman) Russian president Vladimir Putin had to delay his speech at the St Petersburg International Economic Forum following a cyber attack.

UPDATE 1-Putin’s St Petersburg speech postponed by an hour after cyberattack (Yahoo) The Kremlin said on Friday that the St Petersburg International Economic Forum had suffered from a “denial of service” cyber attack on its accreditation system, forcing Russian President Vladimir Putin to delay a scheduled address by one hour. Kremlin spokesperson Dmitry Peskov said in a call with reporters that the cyber attack had begun on Thursday and disabled the forum’s guest accreditation and admission system, leading to a host of problems with access. He said specialists were working to fix the problem, and that Putin’s keynote address had been moved back to 3 p.m. (1200 GMT).

Think of the Russia-Ukraine conflict as a microcosm of the cyber war   (SC Magazine) While cyber has been used as a weapon by both sides in the Russia-Ukraine war, the implications of hybrid war go far beyond this one conflict.

The link between cyberattacks and war: Gartner (CRN Australia) Cyberwarfare has no boundaries.

Russian disinformation spreading across the globe (Avast) Social media platforms have blocked Russian disinformation accounts and banned ads from Russian state-backed media. However, conspiracy theories are still running rampant in many US far-right news media. 

US is worried about Russia using new efforts to exploit divisions in 2022 midterms (WSIL-TV) Homeland and national security officials are worried about how Russia could significantly exploit US divisions over the November midterms, considering scenarios like Russia staging smaller hacks of local election authorities

Treasury’s Adeyemo sees elevated cyber threats in wake of Russia’s war in Ukraine (Reuters) U.S. Deputy Treasury Secretary Wally Adeyemo warned bankers about elevated cyber threats in the wake of Russia’s invasion of Ukraine, and underscored the department’s commitment to sharing real-time intelligence, Treasury said on Friday.

More cyber warfare with Russia lies on the horizon (Interesting Engineering) If the conflict in Ukraine doesn’t end soon.

Prolonged war may make Russia more cyber aggressive, US official says (C4ISRNet) “We have to keep our shields up,” said Neal Higgins, the deputy national cyber director for national cybersecurity. “We can’t let our guard down.”

What the Russia-Ukraine war means for the future of cyber warfare (The Hill) Russia’s war on Ukraine has been largely defined by indiscriminate shelling and grinding exchange of artillery, but it has also shown how cyberspace will be a central battleground in the future of …

Complex Russian cyber threat requires we go back to basics ( The situation in Russia is anything but simple, but it is the fundamentals of cyber security hygiene that pose the best defence against the country’s digital threat, as Mandiant’s Jamie Collier explains.

Microsoft blocks Windows downloads in Russia (Computing) Was it a deliberate move or just a mistake?

Vladimir Putin says he has no problem with Ukraine joining EU (The Telegraph) ​Russian president Vladimir Putin has said he has no problem with Ukraine joining the European Union.

European Commission backs Kyiv’s E.U. ambitions as Putin lashes out at West (Washington Post) The European Commission on Friday issued an opinion recommending that Ukraine should be granted candidate status for European Union membership — a first step that will add significant momentum to the country’s campaign to join the bloc.

Zelenskiy warns Europe at risk of Russian hostilities over EU candidacy (the Guardian) ‘We are ready. We warn partners,’ says Ukraine president, ahead of decision on membership application

Ukraine moves step closer to joining EU (The Telegraph) European Commission has recommended it to be granted candidate status to join the bloc, which is expected to be approved next week

Ukraine could partake in EU defense-cooperation projects after war ends (Defense News) Ukraine is one of a handful of nonmember states that have negotiated so-called administrative arrangements with the European Union, an entry requirement into the bloc’s sprawling bureaucracy for jointly developing military capabilities.

Ukraine gets possible path to EU, aid pledges from Britain (AP NEWS) The European Union’s executive arm recommended putting Ukraine on a path to membership Friday, a symbolic boost for a country fending off a Russian onslaught that is killing civilians, flattening cities and threatening its very survival.

Macron Makes Amends in Kyiv, Erdogan Cracks Down in Ankara and More (World Politics Review) The conflict in Ukraine has become a war of attrition in which cohesion will play a decisive role. In that context, the kinds of internecine feuding and petty score-keeping on display in Europe prior to the visit of French President Emmanuel Macron and German Chancellor Olaf Scholz to Kyiv this week doesn’t bode well.

Britain’s response to Ukraine ‘best of all Western powers’ (The Telegraph) The international poll will be a major boost for Boris Johnson who returned from Kyiv on Friday

Defense minister: Credible deterrence ensures security (ERR) Defense minister Kalle Laanet (Reform) reiterated calls for the permanent placing of the command structure of a NATO divisional-sized unit in Estonia, following a meeting of NATO defense ministers in Brussels which also featured NATO Secretary General Jens Stoltenberg.

Will Finland, Sweden join NATO? Crunch talks explained (Newsweek) “I’m not sure whether there is enough time left to find common ground,” a former Turkish diplomat told Newsweek.

The NATO Accession Crisis Risks Final Collapse of the Alliance-Turkey Relationship (Wilson Center) Turkey’s rejection of NATO accession for Sweden and Finland, beyond undercutting NATO’s response to Russia’s aggression, reflects a deeper rift between the West and Turkey.

Opinion | Who’s Really Sending Aid to Ukraine? (Wall Street Journal) The U.S. and frontline states are doing their part against Russian aggression. France? Non.

Where do the “fence-sitters” sit on trade with Russia? (Atlantic Council) At least in terms of trade, seemingly neutral countries aren’t enabling Russia as much as their public positions might suggest.

Unwilling Kazakhstan Eyed as Russia’s Smuggler of Choice (CEPA) As Russia’s military faces acute shortages of war materiel, the Kremlin is urgently seeking ways to evade sanctions.

Venezuela rejects Western sanctions against Russia (Prensa Latina) Venezuelan Vice President Delcy Rodriguez said today that anti-Russian sanctions create difficulties for the very countries that initiated them in one of the sessions of the St. Petersburg International Economic Forum (Spief).

Attacks, Threats, and Vulnerabilities

Suspected cyberattack triggers sirens in Jerusalem, Eilat (Israel Hayom) The strongest indicator of a hack is the fact that civilian – not military – alert systems were compromised, National Cyber Directorate says. Local authorities instructed “to take preventative measures against the threat.”

Suspected Iranian Cyberattack on Israel Triggers Sirens (Haaretz) Sirens sounded in Eilat and Jerusalem after suspected Iranian hack targets PA systems

Iranian cyberattack may be behind false rocket warning sirens in Jerusalem (Jerusalem Post) The National Cyber Directorate suspected that a cyber attack was behind the system malfunction that caused sirens to be sounded across Jerusalem and Eilat for an extended period of time.

Israel suspects Iranian cyber-attack behind false siren alerts (Middle East Monitor) Israel suspects an Iranian cyber-attack was behind false siren alerts Sunday in several neighbourhoods in West Jerusalem and Eilat, according to local media on Monday, Anadolu News Agency reports. …

Strava fitness app used to spy on Israeli military officials (Computing) The flaw has also exposed the locations of a number of sensitive sites in the country.

Germany’s Green Party Says Email System Hit by Cyberattack (SecurityWeek) The German Green party says its IT system was hit by a cyberattack last month that affected email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck.

Rogue Shortcuts: LNK’ing to Badness (Varonis) Multiple recent campaigns suggest that rogue Windows shortcuts ― specifically ‘LNK’ files — are back in style with threat actors.

ALPHV Ransomware Operators Pressure Victim With Dedicated Leak Site (SecurityWeek) Cybercriminals who are using the ALPHV ransomware created a dedicated leak website in an apparent attempt to pressure one of their victims into paying the ransom.

New phishing attack infects devices with Cobalt Strike (BleepingComputer) Security researchers have noticed a new malicious spam campaign that delivers the ‘Matanbuchus’ malware to drop Cobalt Strike beacons on compromised machines.

Resurgence of Voicemail-themed Phishing Attacks Targeting Key Industry Verticals in US (Zscaler) Voicemail-themed credential phishing campaign targets key industry verticals in US to steal Office365 and Outlook credentials.

Malspam pushes Matanbuchus malware, leads to Cobalt Strike (SANS Institute) On Thursday 2022-06-16, threat researchers discovered a wave of malicious spam (malspam) pushing Matanbuchus malware:

Chinese APT groups targeting India, Pakistan and more with Sophos firewall vulnerability (The Record by Recorded Future) Chinese state-sponsored hackers are targeting governments and organizations in Afghanistan, India, Pakistan and others with a now-patched zero-day vulnerability in Sophos’ firewall product.

Chinese Hackers Exploited Sophos Firewall Zero-Day Flaw to Target South Asian Entity (The Hacker News) Chinese Hackers Exploited Sophos Firewall Zero-Day Vulnerability to Target South Asian Entity

Researchers disclose 56 vulnerabilities impacting thousands of OT devices (Help Net Security) Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors.

15 vulnerabilities discovered in Siemens industrial control management system (The Record by Recorded Future) Fifteen vulnerabilities affecting a Siemens’ industrial control management system were unveiled this week.

QNAP investigating new Deadbolt ransomware campaign (The Record by Recorded Future) Taiwanese hardware vendor QNAP said on Friday that it is investigating yet another Deadbolt ransomware campaign targeting users of its NAS devices.  

Proofpoint details ‘dangerous’ ransomware flaw in SharePoint and OneDrive | IT PRO (IT PRO) Functionality allows ransomware to encrypt files stored on SharePoint and OneDrive to make them potentially unrecoverable, vendor says

‘Potentially dangerous’ flaw could allow ransomware attacks on Microsoft SharePoint and OneDrive (CRN) Researchers from Proofpoint says that cyberattacks could be carried out in such a way that it makes files unrecoverable

Panchan Peer-to-Peer Botnet (Information Security Buzz) Akamai security researchers have released discovery on Panchan, a new peer-to-peer botnet and SSH worm that emerged in March and has been actively breaching Linux servers since.

Hertzbleed disclosure raises questions for Intel (SearchSecurity) The public disclosure of the new ‘Hertzbleed’ side-channel vulnerabilities has raised questions about coordinated disclosure for Intel.

Resurgence of Voicemail-themed Phishing Attacks Targeting Key Industry Verticals in US (Zscaler) Voicemail-themed credential phishing campaign targets key industry verticals in US to steal Office365 and Outlook credentials.

Microsoft 365 credentials targeted in new fake voicemail campaign (BleepingComputer) A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials.

Voicemail phishing emails steal Microsoft credentials (Register) As always, check that O365 login page is actually O365

RIG Exploit Kit Campaign Delivers Raccoon Stealer (Bitdefender) The RIG Exploit Kit continues to spread malware via browser exploits, especially through vulnerable versions of Internet Explorer 11. One campaign earlier this year was delivering the Raccoon Stealer trojan, which we will describe here.

Google Chrome Extensions Could Be Used to Track Users Online (Infosecurity Magazine) New website can check for installed Chrome extensions and generate a fingerprint of a visiting user

Google Chrome extensions can be fingerprinted to track you online (BleepingComputer) A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online.

IOTW: BlackCat ransomware strikes Italian university (Cyber Security Hub) BlackCat strikes as Microsoft delivers update on ransomware

Staffing Firm Robert Half Says Hackers Targeted Over 1,000 Customer Accounts (SecurityWeek) HR consulting firm Robert Half says hackers have targeted more than 1,000 customer accounts that stored social security numbers and other personal information.

Flagstar Bank discloses data breach impacting 1.5 million customers (BleepingComputer) Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack.

Ransomhouse targets Shoprite in latest attack (TechCrunch) RansomHouse, in messages posted on the group’s Telegram channel and seen by TechCrunch, claimed to have obtained 600 gigabytes of data from Shoprite,

Shoprite’s “possible compromise” was a hack — and the attackers are extorting the company (My Broadband) It turns out the breach at Shoprite was more than a “possible compromise”. A hacking group says it stole the company’s Money Transfer client records, including photos of government ID cards.

RansomHouse hackers threaten to sell Shoprite data (ITWeb) The group, known as RansomHouse, demands ransom from the retailer and is threatening to sell the sensitive information to the highest bidder.

Breach at Eye Care Software Vendor Hits Millions of Patients (SecurityWeek) The personal information of millions of individuals may have been stolen by threat actors as a result of a data breach at Eye Care Leaders.

Cyber attack: Gloucester council services still not back to normal (BBC News) Gloucester City Council was hit by the attack, linked to hackers in Russia, in December.

A Rookie Mistake Shows Hackers Aren’t All Geniuses (Washington Post) For more than two decades, ransomware attacks have been the bane of corporate IT managers and their CEOs, and a source of much research for cybersecurity professionals.

POLITICO Pro: Why the water sector is America’s overlooked cyber risk (Politico) Underfunded and overextended, many water utilities are in no shape to fight hackers.

Vulnerability Summary for the Week of June 13, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

Windows emergency update fixes Microsoft 365 issues on Arm devices (BleepingComputer) Microsoft has released an out-of-band (OOB) Windows update to address a known issue that would cause Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after installing the June 2022 Patch Tuesday updates.

Baptist Medical Center & Resolute Health Hospital (IDX) This notice provides information about a recent cybersecurity incident that affected Baptist Medical Center and Resolute Health Hospital, from which individuals may have received services at one of our locations in Texas (collectively “we”). We are committed to protecting your information. This commitment includes notifying you if we believe that an incident may have involved your personal information. This notice provides information about the incident and the resources available to you.

Express Scripts Data Breach Notice to Consumers (Office of the Vermont Attorney General) Express Scripts, providing services on behalf…

Choice Health Insurance Data Breach Notice to Consumers (Office of the Vermont Attorney General) At Choice Health we are committed to protecting…

AutomationDirect Patches Vulnerabilities in PLC, HMI Products (SecurityWeek) AutomationDirect has patched several high-severity vulnerabilities in its PLC and HMI products.

WhatsApp widely rolls out new visibility options for Last seen, profile photo, and Status (XDA) WhatsApp is widely rolling out the ability to hide your profile photo, WhatsApp Status, and About from select contacts.

Examining the Modern Attack Surface: Quantifying the Risks to Individuals and the Enterprise (BlackCloak) This blog post synthesizes BlackCloak’s new data report. It quantifies the modern digital privacy, personal device, and home network threats.

Cybersecurity Disconnect Between Digitally Free and Unfree Countries Persists While Freedom on the Net Declines (PR Newswire) Avast (LSE: AVST), a global leader in digital security and privacy, released its first Digital Wellbeing Report today. The Covid-19 pandemic…

IBM: Cybersecurity is the issue of the decade (CRN Australia) Infrastructure boss Rick Lewis said orgs ‘not up to speed’ to fight bad actors.

1 in 4 companies reported IT security incidents in the last year, survey finds (Hornetsecurity) 1 in 4 companies reported IT security incidents in the last year, survey finds

Ericsson Mobility Report: 5G to top one billion subscriptions in 2022 and 4.4 billion in 2027 (Ericsson) Global mobile network data traffic doubled in the past two years. Fixed Wireless Access (FWA) to account for 20 percent of all mobile data network traffic in 2022. 60 percent of global mobile network data traffic expected to be over 5G networks by 2027.

iTWire – Radware research finds overconfidence in API protection leaves enterprises exposed to cyber attacks (IT Wire) GUEST RESEARCH: Radware, a leading provider of cyber security and application delivery solutions, today released its 2022 State of API Security report. The survey, which was conducted with Enterprise Management Associates, revealed a false sense of security among organisations when it comes to API p…


RevealSecurity Raises $23M (RevealSecurity) RevealSecurity protects organizations against business operation breaches executed by authenticated users. Tracking user activity flows within applications is a unique, novel approach which enables the detection of normal activity pattern breaches. Driven by activity flow analytics and powered by our unique clustering engine, TrackerIQ detects threats originating from SaaS and custom-built applications without creating rules, building data models, or cleaning outliers.

Cyberint Announces A $40 Million Financing Round to Deliver Focus to Cybersecurity Teams  (Cyberint) Cyberint, a cyber threat intelligence company, announces a $40M round led by StageOne Late Stage Arm, Neva SGR, and Viola Growth.

DigiCert acquires DNS Made Easy and affiliated brands (IT Brief Australia) Greg Clark comments, says, This combination enhances the security of certificate validation and enables the automation of future validations.

Cybersecurity consolidation is coming. CISOs are more than ready. (Protocol) The complexities created by security “tool sprawl” are a major headache for many businesses. A wave of mergers might help ease the pain.

Cybersecurity M&A Deals Surge in First Half of June 2022 (SecurityWeek) Nearly 30 cybersecurity M&A deals were announced in the first half of June 2022, the highest number since SecurityWeek has been tracking M&A activity.

Ranked: the 59 cybersecurity unicorns you need to know about (Verdict) The number of cybersecurity unicorns almost doubles in 12 months to total 59 and here is the ranking as of June 2022

Cybersecurity has an ‘experience shortage’, not a talent shortage (Silicon Republic) HPE’s Bobby Ford believes that the cybersecurity talent shortage is actually an experience shortage and that recruitment needs to change.

Executive Q&A: Exabeam’s Head of Security Strategy EMEA (Technology Magazine) Samantha Humphries from Exabeam,spoke to Technology Magazine about how the company is helping to close the skills gap in the cyber security industry

HPE Tackles Cyber Skills Shortage with Hands-On Experience (Wall Street Journal) The program seeks to enhance diversity within the company’s cybersecurity ranks by looking beyond usual backgrounds.

Avast demonstrates commitment to digital freedom with MyData membership (PR Newswire) Avast (LSE:AVST), a global leader in digital security and privacy, today announced its membership of MyData Global, an award-winning…

Delivering on our US data governance (Newsroom | TikTok) By Albert Calamug, U.S. Security Public Policy, TikTok At TikTok, we’re committed to a process of continuous innovation and improvement in our user experience and safety controls. We’re proud to be ab

Two ex-Deloitte partners are rewriting the rules for backing web3 and blockchain projects (Startup Daily) Sixtree founders Ben Wylie and Yamen Sader have left their roles at big four consultancy firm Deloitte Australia to launch their own “engineering for equity” startup, Lab Eleven.

Why is Palantir Silicon Valley’s Most Secretive Company? (Medium) The story behind the startup that’s trying to stop terrorism with Big Data

Peter Thiel helped build big tech. Now he wants to tear it all down. (Washington Post) Inside the billionaire investor’s journey from Facebook board member to an architect of the new American right

Radicati Group names Kaspersky ‘top player’ for endpoint security (Manila Standard) A new report from The Radicati Group has placed Kaspersky among the top companies for endpoint security aimed at businesses

QuSecure Earns 2022 Disruptor Company Award for its Industry-Leading Cybersecurity Software (Business Wire) QuSecure™, Inc., a leader in post-quantum cybersecurity (PQC), today announced that The Globee® Awards, organizers of the world’s premier business awa

Cybersecurity Firm Redacted Moves HQ From San Francisco to Austin (Built In Austin) The startup plans to hire 50 more employees this year with a focus on sales and technical talent.

Blog | P0 Labs: Helping stay ahead of cloud adversaries (Permiso) P0 Labs as built a team of IR and Red Team experts that will leverage the Permiso platform to stay ahead of cloud adversaries.

Tim Eades: A ‘Misfit With a Mohawk’ to CEO of vArmour (SDxCentral) vArmour’s Tim Eades said to work in a startup “you’ve got to be a little bit of a lunatic” as he spoke about burnout in the security industry.

Eclypsium expands its executive team with new appointments (Help Net Security) Eclypsium announced five new appointments to its executive team with key hires across research, sales and marketing.

Interos Welcomes Renowned Operational Resilience Leader Nita Kohli to Board of Advisors (Interos) Kohli to provide enterprise risk insights and guidance to fast-growing supply chain risk management technology company

Aryaka Appoints Srini Addepalli as CTO to Deepen Cloud-Based Security and Networking Innovation (Business Wire) Aryaka®, the leader in fully managed SD-WAN and SASE solutions, today announced that Srini Addepalli has joined the executive team as Chief Technology

BlueVoyant Welcomes Barry Stern as CFO (BlueVoyant) Stern brings more than 20 years of finance experience including transforming businesses from start-up to Initial Public Offering (IPO).

Cybersecurity Industry Veteran John Addeo Joins Netsurion as Chief Revenue Officer (GlobeNewswire News Room) Former Rapid7 channel director leverages expertise guiding enterprise IT leaders in Managed XDR space to support Netsurion’s growth…

Jscrambler Announces Three New VPs To Drive Global Expansion (GlobeNewswire News Room) Cybersecurity company strengthens its leadership with VPs of Global Sales, Growth, and Engineering….

LogRhythm Announces New Additions to the Leadership Team (LogRhythm) LogRhythm names Mitzi Hunter as chief marketing officer and Mike Dalgleish to vice president of sales, Americas.

SonarSource Strengthens Management Team with Manish Gupta as its CMO (Business Wire) Former Oracle and Redis executive to scale global marketing execution to further fuel developer adoption and company growth

Products, Services, and Solutions

SureCloud Becomes World’s First GRC Capability Company (SureCloud) SureCloud announces it has become the world’s first GRC Capability Company, delivering GRC and cybersecurity business outcomes. Read more here.

Flashpoint unveils security offering for school boards (SecurityBrief Australia) Flashpoint has released its K-12 risk management and security offering to provide school boards and education security practitioners with tools to recognise, prevent and manage cyber and physical threats.

This handy multi-device security app is now free for anyone with a Microsoft 365 subscription (Android Police) You can tie all of your devices into Microsoft Defender and stay alert on security threats

Varonis strengthens security capabilities for AWS and S3 (SecurityBrief Asia) Varonis has strengthened and expanded its cloud and security capabilities, with a critical aim of improving safety and boosting data visibility in Amazon Simple Storage Service (S3).

Axis Security Announces Atmos 2022 Summer Release Highlighting Innovation in Digital Experience Monitoring, Internet Security and Automated Operations (PR Newswire) Axis Security continues to raise the bar for harmonizing secure access for the modern workplace with its Atmos 2022 Summer Release, recognizing…

Exabeam Next-gen SIEM and Advanced Cybersecurity Analytics Now Available Through Carahsoft’s NASPO Cloud Solutions Contract (Business Wire) Beyond prevention, provides states, local governments, and education institutions with threat detection, investigation, and response capabilities.

Netskope Announces Key Zero Trust Network Access Updates, Further Enabling Enterprises to Protect Data Everywhere Across Hybrid Work Environments (PR Newswire) Netskope, the leader in Security Service Edge (SSE) and Zero Trust, today announced key enhancements to Netskope Private Access, the zero trust…

Delinea DevOps Secrets Vault Expands Seamless Secrets Management for Kubernetes Containers and Adds MongoDB Support (PR Newswire) Delinea, a leading provider of privileged access management (PAM) solutions for seamless security, today announced the latest release of DevOps…

Technologies, Techniques, and Standards

The FAA Moves to Zero Trust Strategy for Preventing Cyber Attacks (Via Satellite) Luci Holemans, ATO Cybersecurity Group Manager at the Federal Aviation Administration (FAA), spoke about what initiatives the FAA is taking to promote

How Businesses Can Prepare For, and Ultimately Prevent Cyber Attacks (CPO Magazine) It’s no secret that cyber attacks today are more frequent and in many cases more damaging than ever before.

US Conducts ‘Largest’ Cyber Defense Exercise (The Defense Post) The US Department of Defense has conducted the country’s “largest” unclassified cyber defense exercise involving American cyber specialists.

Alaska National Guard Participates in Cyber Shield 2022, the DoD’s Largest Unclassified Cyber Defense Exercise (DVIDS) Approximately 15 Alaska Air National Guard cyber and computer security specialists honed their skills, June 5-17, as part of Cyber Shield 2022, the Department of Defense’s largest unclassified cyber defense exercise involving approximately 800 National Guard cyber specialists as well as law enforcement, legal, government and corporate partners from across the country.

Louisiana National Guard Participates in Cyber Shield 2022, the DoD’s Largest Unclassified Cyber Defense Exercise (DVIDS) Approximately 15 Louisiana National Guard cyber and computer security specialists honed their skills, June 5-17, as part of Cyber Shield 2022, the Department of Defense’s largest unclassified cyber defense exercise involving approximately 800 National Guard cyber specialists as well as law enforcement, legal, government and corporate partners from across the country.

Is Stopping a Ransomware Attack More Important than Preventing One? (CSO Online) Ransomware is on the rise and detecting threats before they become a problem is a key priority for every organization – no matter the size. Read how microsegmentation can help build a strong ransomware defense strategy.

Why people are trolling their spam texts (MIT Technology Review) Our phones are being inundated with text scams. Some people are using humor to fight back.

GUEST ESSAY: Threat hunters adopt personas, leverage AI to gather intel in the Dark Web (The Last Watchdog) The Deep & Dark Web is a mystery to most in the mainstream today: many have heard about it, but few understand just a fraction of what’s going on there. Related: ‘IABs’ spread ransomware Planning your roadmap, executing your projects, and keeping an eye on the barrage of ransomware headlines, it’s understandable if you and […]

How Businesses Should Introduce Cybersecurity Training (Scoop News) Cyber-attacks are a growing threat to all business establishments. While vulnerabilities or bugs in software play a role, a more significant flaw exists. Ironically, employees are the biggest threats to companies, not necessarily because of their intentional …

Dell VP: Software Is Central to Solving Cybersecurity (SDxCentral) Dell VP of Product and Application Security Eric Baize says part of training for software developers should be to teach them to think like attackers. 

6 tips for effective security job postings (and 6 missteps to avoid) (CSO Online) With demand for security professionals outstripping supply, employers need to ensure their job postings hit the mark. Here’s how to write a security job posting that attracts qualified candidates.

Design and Innovation

Opinion We warned Google that people might believe AI was sentient. Now it’s happening. (Washington Post) Last Friday, a Post article by Nitasha Tiku revealed that Blake Lemoine, a software engineer working in Google’s Responsible AI organization, had made an astonishing claim: He believed that Google’s chatbot LaMDA was sentient. “I know a person when I talk to it,” Lemoine said. Google had dismissed his claims and, when Lemoine reached out to external experts, put him on paid administrative leave for violating the company’s confidentiality policy.

Blake Lemoine Says Google’s LaMDA AI Faces ‘Bigotry’ (Wired) In an interview with WIRED, the engineer and priest elaborated on his belief that the program is a person—and not Google’s property.


ASU earns best finish ever in cybersecurity competition (ASU News) Arizona State University’s team took third place overall and first place in the defense category at the Western Regional Collegiate Cyber Defense Competition.

Legislation, Policy, and Regulation

Now China wants to censor online comments (MIT Technology Review) A draft update of rules would dramatically increase the power of China’s censorship machine, but platforms will pay the price.

Video: China’s Surveillance State Is Growing Bigger and More Invasive. These Documents Reveal How. (New York Times) A Times investigation analyzing over 100,000 government bidding documents found that China’s ambition to collect digital and biological data from its citizens is more expansive and invasive than previously known.

Increasing China’s U.S. Cyber Espionage Allegations Support Internet Governance Aspirations (OODA Loop) Recently, Chinese media has published articles about a report provided by Burmese-based Anzer, a cybersecurity company that detailed alleged U.S. military and government agencies efforts to remotely steal more than 97 billion pieces of global Internet data, and 124 billion phone records in the last 30 days.

Courtney Fung on China’s Role in Crafting Global Governance in Cyberspace (The Wire China) Courtney Fung talks about China crafting global governance in cyberspace through multilateral organizations such as the UN.

Is Russia-India Cyber Cooperation on the Horizon? (OODA Loop) A formalized cyber agreement between Russia and India is a logical progression for Moscow both in appearance as well as from a practical standpoint.  After all, both countries are known for their technological sectors and experienced IT workforce, and both have adopted multistakeholder bases and scientific cooperation. Therefore, it comes as little surprise that the idea has long been in development, though moving toward a more concrete agreement up until recently has stalled. Russia-India interest in establishing a formal cyber cooperation relationship started in 2016 when both governments signed a “Memorandum of Understanding on Information Security” agreement during a BRICS summit. 

U.S. Restraint Has Created an Unstable and Dangerous World (Foreign Policy) Decades of ignoring the menaces posed by Russia and China has led the West to a precipice.

White House pushes back against online harassment (Register) ‘No one should have to endure abuse just because they are attempting to participate in society’

Readout of the White House Task Force to Address Online Harassment and Abuse Launch (The White House) Yesterday, the Gender Policy Council and National Security Council launched the White House Task Force to Address Online Harassment and Abuse. The Task

Senators seek boosts for JADC2, cyber mission, hypersonics in defense bill (Defense News) The Senate Armed Services Committee on June 16 published its summary of the annual defense bill, tackling everything from future network development to supply chain challenges, electronic warfare integration to hypersonic weapons development.

FAR updates that would mandate cyber incident reporting for contractors a year or more away (FedScoop) OMB has submitted two proposals for updating contract language to the FAR Council, which will be opened for public comment soon.

A new report by the Cyberspace Solarium Commission (Federal News Network) The national cyber workforce shortage is still a major problem. But it’s a problem that can start to be solved with the help of a new national cyber director.

Proposed SEC Rules Will Force Boards to Double Down on Cyber (BankInfoSecurity) Publicly traded companies will need to beef up their cybersecurity knowledge since the the U.S. Securities and Exchange Commission is proposing rules and guidelines

Calif. Privacy Agency Signals Strength With Rules Proposal (Law360) California’s new consumer privacy agency proposed strict guardrails in its first foray into rulemaking for topics such as global opt-out signals and dark patterns that other regulators have yet to touch, with reactions from digital advertisers and other businesses expected to follow.

Senate Armed Services advances Air Force cyber nominee (The Record by Recorded Future) The Senate Armed Services Committee this week advanced President Joe Biden’s nominee to helm the 16th Air Force (Air Forces Cyber).

Litigation, Investigation, and Law Enforcement

UK Approves WikiLeaks Chief Julian Assange’s Extradition to the US (Wired) The WikiLeaks founder will appeal the UK Home Office’s decision to extradite him to the US.

The Espionage Act has become dangerous because we forgot its intention (Washington Post) The Julian Assange case exposes how changing concepts unintentionally broadened a law

Ex-Amazon Worker Convicted in Capital One Hacking (New York Times) Paige Thompson’s lawyers said she had been looking for cracks so they could be fixed. A jury found her guilty of wire fraud and hacking charges.

Jury Convicts Seattle Woman in Massive Capital One Hack (SecurityWeek) A federal jury on Friday convicted a former Seattle tech worker of several charges related to a massive hack of Capital One bank and other companies in 2019.

Former Seattle tech worker convicted of wire fraud and computer intrusions (US Attorney’s Office, Western District of Washington) A 36-year-old former Seattle tech worker was convicted today in U.S. District Court in Seattle of seven federal crimes connected to her scheme to hack into cloud computer data storage accounts and steal data and computer power for her own benefit, announced U.S. Attorney Nick Brown.

Colonial Pipeline Co. Escapes Cybersecurity Suit (Law360) A Georgia federal judge has tossed a suit from consumers alleging Colonial Pipeline Co.’s inadequate cybersecurity defenses led to a ransomware attack that led to system outages, finding the consumers hadn’t proven that they had a private or common right to purchase retail gasoline.

Who Is Legally Responsible for a Cyber Incident? (Security Intelligence) Who takes the blame when a cyberattack hits a large company? It depends, and it can affect which job title candidates might want before an attack happens.