Dateline Moscow, Kyiv, Berlin, Rome, Brussels, Paris, London, Washington, and Ottawa: Sanctions, and an expansion of Russia’s war.

Ukraine at D+123: Russia seeks to pull Belarus deeper into its special military operation. (The CyberWire) Russia advances slowly into rubble of its own creation as Moscow seeks to draw Minsk deeper into the special military operation. Lithuania sustains DDoS attacks in apparent retaliation for its blocking of embargoed shipments to Kaliningrad. And thoughts about the lessons from both NotPetya and #OpRussia.

Russia-Ukraine war: List of key events, day 124 (Al Jazeera) As the Russia-Ukraine war enters its 124th day, we take a look at the main developments.

Russia-Ukraine war: what we know on day 122 of the invasion (the Guardian) German gas prices could triple as Russia cuts supply; Ukrainian forces prepare Severodonetsk retreat; thousands of Black Sea dolphins killed

Ukraine pulls back from Severodonetsk (Washington Post) Ukraine will withdraw its forces from Severodonetsk, the eastern city that is the locus of Russia’s war effort, regional governor Serhiy Haidai said early Friday. The move comes after months of grinding artillery bombardments. Russian troops are advancing toward the neighboring city of Lysychansk, he said.

A bloody retreat as Ukrainian unit hit by Russian cluster bombs (Washington Post) The Ukrainian Airborne unit was relieved to be pulling back from the front Sunday morning, riding a column of armored personnel carriers away from the embattled city of Severodonetsk, which had already fallen to the Russians, and Lysychansk, which was on the brink.

In Ukraine’s South, Counterattacks Offer Kyiv Hope for Turning Back Russia (Wall Street Journal) Kyiv’s forces in southern Ukraine are fighting to extend one of their most successful counterattacks against Russia and push beyond this small, artillery-scarred village to chip away at Moscow’s presence in a strategically vital area along the Black Sea.

Russia fires missiles across Ukraine, cements gains in east (AP NEWS) Russian forces were seeking to swallow up the last remaining Ukrainian stronghold in the eastern Luhansk region, pressing their momentum after taking full control Saturday of the charred ruins of Sievierodonetsk and the chemical plant where hundreds of Ukrainian troops and civilians had been holed up.

Russia’s next move now that Severodonetsk is “fully occupied” (Newsweek) This includes Vladimir Putin promising to send nuclear missiles to Belarus.

Russia hits Ukraine with air strike from Belarus for first time: Kyiv (Newsweek) Putin wants to drag Belarus into the Ukraine war “as a direct participant,” officials in Kyiv said Saturday after the attacks.

Russia strikes Kyiv hours after Vladimir Putin rushed to Kremlin (The Telegraph) Rockets hit Artem industrial complex and adjacent block of flats in city centre, along with targets across the country

Ukraine accuses Russia of launching missiles from Belarusian airspace (Washington Post) Russian President Putin and Belarusian President Lukashenko meet, discuss increasing weaponry, including nuclear arms to Belarus

Russia has launched widespread shelling and airstrikes, Ukraine officials say (the Guardian) Bombardments reported in the north and east, with focus on Lysychansk and Sievierodonetsk

Russia strikes Kyiv hours after Vladimir Putin rushed to Kremlin (The Telegraph) Rockets hit Artem industrial complex and adjacent block of flats in city centre, along with targets across the country

How Russia’s Offensive Damaged Critical Donbas Water Infrastructure (bellingcat) At least two key water facilities in the Donbas have been significantly damaged since Russia’s full-scale invasion of Ukraine, satellite imagery shows.

‘It’s a horror show’: defiant Kharkiv residents return home despite new Russian offensive (the Guardian) No running water, gas or electricity and apartment blocks destroyed at random… Now civilians in Ukraine’s second biggest city are facing a new Russian offensive

Meet the Irregular Troops Backing up Russia’s Army in the Kharkiv Region (bellingcat) Behind the lines in Ukraine’s Kharkiv Region, a motley group of Donbas militants and mercenaries is plugging the gap — and they’re not ashamed to brag about it.

Putin dealt blow as Russian advance likely to stall in coming weeks (Newsweek) “The battle of Severodonetsk will not be a decisive Russian victory,” Washington-based think tank the Institute for the Study of War said on Thursday.

‘Butcher of Aleppo’ sacked as Vladimir Putin shakes up Russian top command again (The Telegraph) General Alexander Dvornikov has apparently lost the confidence of the Russian president

Putin’s victory in Severodonetsk has come at enormous cost … but he won’t care (The Telegraph) The eastern city offers minimal strategic advantage, yet has been the focus of the Kremlin’s offensive in recent weeks, at incredible cost

Will the Kaliningrad Crisis Lead to War? (Foreign Policy) Lithuania’s muscular move to enforce EU sanctions by blocking Russian rail cargo could risk escalating the Russia-NATO conflict.

Commando Network Coordinates Flow of Weapons in Ukraine, Officials Say (New York Times) A secretive operation involving U.S. Special Operations forces hints at the scale of the effort to assist Ukraine’s still outgunned military.

‘The Russians could come any time’: fear at Suwałki Gap on EU border (the Guardian) Sixty-mile strip on edge of Poland and Lithuania is seen as vulnerable due to its position between Russian exclave of Kaliningrad and Belarus

Putin speculation sparked by dramatic Kremlin video (Newsweek) Video footage showed a motorcade rushing towards the Kremlin building, the seat of the Russian government.

Russian War Report: Pro-Kremlin Russian outlet refers to Russian troops in Mariupol as ‘occupiers’  (Atlantic Council) News outlet Moskovsky Komsomolets published an article that referred to Russian soldiers in Mariupol as “occupiers,” but it was quickly deleted. Meanwhile, fires strike Russian oil and power plants, and Chinese media report on Russia-Lithuania dispute.

Ukraine deploys a DDoS protection service to survive the cyberwar (VentureBeat) Ukraine government deploys Radware’s DDoS protection and web application firewall (WAF) services to protect itself from cyber attacks.

The hacker group KillNet has published an ultimatum to the Lithuanian authorities (TDPel Media) The hacker group KillNet has published an ultimatum to the Lithuanian authorities. They gave Vilnius 48 hours to unblock the transport corridor to

Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas (Security Affairs) Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. The explosion took place at […]

5 years after NotPetya: Lessons learned (CSO Online) NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach.

Stoltenberg discusses NATO bids of Sweden, Finland with Turkey’s Erdogan (UNI/Sputnik) NATO Secretary General Jens Stoltenberg and Turkish President Recep Tayyip Erdogan on Saturday discussed Sweden and Finland”s bids to join the alliance in a phone call, with the talks on the matter set to continue next week.

Ukraine edges closer to EU dream despite horrors of Putin’s war (Atlantic Council) Ukraine has this week secured official EU candidate status as the country seeks to advance its European integration ambitions while also defending itself against an ongoing Russian invasion.

Can Plea Bargains Save the ICC? (Foreign Policy) Negotiated settlements would allow the court to go after more bad actors and could even mitigate further atrocities.

Church of England bishop: Ukraine should give up Donbas to get a ceasefire (The Telegraph) Comments from the Rt Revd Nick Baines put the Church on course for a fresh row with the Government

Skulls and scythes: Protesters meet for ‘dance of the dead’ near Ramstein Air Base (Stars and Stripes) Around 250 peace activists demonstrated outside Ramstein Air Base to protest Western support of the war in Ukraine, German rearmament and the NATO summit in Madrid.

West must not sell out Ukraine, says Liz Truss in swipe at Emmanuel Macron (The Telegraph) In joint Telegraph article with Ukrainian counterpart, Foreign Secretary says Ukraine and free world ‘must stay strong and united’

Opinion | Why the US can’t afford to abandon Ukraine (Task & Purpose) No army, not even one as tenacious and courageous as Ukraine’s, can overcome such a numerical overmatch. And if Ukraine loses, what then?

Sanctioning Russia is a long game. Here’s how to win. (Atlantic Council) When it comes to piling economic pressure on Russia, the United States and Europe still have plenty of options left.

‘We have to stay together’: Biden on alliance behind Ukraine (AP NEWS) President Joe Biden on Sunday praised the continued unity of the global alliance confronting Russia, as he and other heads of the Group of Seven leading economies strategized on sustaining the pressure in their effort to isolate Moscow over its months-long invasion of Ukraine.

G-7 leaders confer with Zelenskyy, prep new aid for Ukraine (AP NEWS) Leading economic powers conferred by video link with Ukrainian President Volodymyr Zelenskyy on Monday as they underscored their commitment to Ukraine for the long haul with plans to pursue a price cap on Russian oil, raise tariffs on Russian goods and impose other new sanctions.

G7 leaders meet to discuss action plan for Russia and inflation (Quartz) G-7 leaders are meeting in Germany to discuss inflation, energy, food shortages, and continued pressure on Russia.

Russia to default for first time in a century as payment deadline looms (The Telegraph) Russia is poised to default on its international debts for the first time in a century this Sunday, after time runs out for Moscow to make about $100m of overdue payments.

Russia Defaults On Its Foreign Debt As Grace Period For Payment Expires, Reports Say (Forbes) The Russian government has blamed economic sanctions by the West for creating “artificial barriers” that prevent it from making the payments.

Humiliation for Putin as Russia defaults on foreign debts (The Telegraph) Sanctions stop Russia settling despite having the means and desire to do so

Russia defaults on debt for first time since 1998 – reports (the Guardian) Kremlin owes about $40bn but has been shut out of international financial system since invasion of Ukraine

Ukraine Updates: U.S. and Britain Ban Gold Imports From Russia (New York Times) Russia unleashed a barrage of missiles at Ukraine’s capital as the G7 met to discuss more sanctions.

Cisco, Nike quit Russia, as pace of Western firms leaving speeds up (Reuters) U.S. companies Cisco Systems and Nike plan to fully exit Russia, the two firms told Reuters on Thursday, as the pace of Western firms departing accelerated.

Cisco is exiting Russia and Belarus, becoming the last big Silicon Valley company to depart (Silicon Valley Business Journal) Cisco’s decision comes nearly four months after the company said it was halting operations following Russia’s decision to go to war with Ukraine.

Attacks, Threats, and Vulnerabilities

Beijing investigates infosec at academic journal database (Register) It’s easy to see why – the question is, why now?

Emotet: Still Abusing Microsoft Office Macros (Netskope) Summary In April 2022, Netskope Threat Labs analyzed an Emotet campaign that was using LNK files instead of Microsoft Office documents, likely as a

Hacker selling access to 50 vulnerable networks through Atlassian vulnerability (The Record by Recorded Future) A hacker is selling access to 50 vulnerable networks on a cybercriminal forum after breaking into systems through the recently-discovered Atlassian Confluence zero-day.

FileStack Upload Application Low Severity Vulnerability Advisory (Bishop Fox) The FileStack Upload app is affected by cross-site scripting (XSS) vulnerability. Attackers can upload SVG files with JavaScript code inside them.

Ransomware groups targeting Mitel VoIP zero-day (The Record by Recorded Future) Ransomware groups are targeting a zero-day affecting a Linux-based Mitel VOIP appliance, according to researchers from CrowdStrike. 

Ransomware gangs move into pure extortion without encryption (Register) Why screw around with cryptography and keys when just stealing the info is good enough

Conti ransomware finally shuts down data leak, negotiation sites (BleepingComputer) The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand.

Conti managed to breach 40 companies in a month (teiss) New research from Singapore-based threat intelligence firm Group-IB revealed that notorious ransomware group Conti breached 40 organizations in a rapid-fire campaign over just a few weeks.

Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks (Dark Reading) Analysts say an 18% drop in ransomware attacks seen in May is likely fleeting, as Conti actors regroup.

Fake copyright infringement emails install LockBit ransomware (BleepingComputer) LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims.

Cybereason warns global organisations against ransomware attacks from gang (Intelligent CIO Middle East) Cybereason, the XDR company, has issued a global threat alert advisory warning global organisations about a rise in ransomware attacks from the Black Basta gang. The Black Basta gang emerged in April 2022 and has victimised nearly 50 companies in the US, UK, Australia, New Zealand and Canada. Organisations in English speaking countries appear to […]

OpsPatuk: DragonForce starts ransomware attacks (Free Press Journal) The first wave of OpsPatuk included hacking and defacement of hundreds of Indian websites, both government and private, while in the second waves, DragonForce hacked servers of organisations and leaked personal data of lakhs of Indians.

XCarnival Hacker Accepts ETH 1,500 Bounty and Returns Remaining ETH 1,467 (Cryptonews) The hacker of XCarnival, a lending aggregator for metaverse assets, has accepted a bounty of ETH 1,500 (USD 1.85m) in exchange for the return of the remaining ETH 1,467 (USD 1.8m) and the team not pursuing legal actions.

Researchers Warn of ‘Matanbuchus’ Malware Campaign Dropping Cobalt Strike Beacons (The Hacker News) Researchers warn of a new malware campaign driven by “Matanbuchus,” a malware-as-a-service (Maas) that spreads via phishing campaigns.

Clever phishing method bypasses MFA using Microsoft WebView2 apps (BleepingComputer) A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.

The strange business of cybercrime (CSO Online) How modern cybercrime syndicates adopt the ways of enterprise business, reaping the gains and suffering the difficulties.

Hackers can bring ships and planes to a grinding halt. And it could become much more common (CNBC) Vast container ships and chunky freight planes — essential in today’s global economy — can now be brought to halt by a new generation of code warriors.

Hacker warning: Hillsborough-like disaster looms as cyber attack could lock stadium exits (Express.co.uk) HACKERS could cause another Hillsborough type disaster by remotely locking stadium doors, an expert has warned.

Chatsight Pivots Its Content Moderation A.I. to Battling Discord Scammers (Decrypt) Scams and phishing attacks continue to plague Web3 developers, costing the industry over $1 billion.

The surveillance-as-a-service industry needs to be brought to heel (Computerworld) Yet another example of government surveillance affecting smartphones from Apple and Google has emerged. Enough, already!

Hackers Steal $100 Million in Crypto From Harmony Blockchain Bridge (Wall Street Journal) Tech company Harmony says it is working to retrieve funds and identify who is behind the theft on one of its blockchain bridges

Threat actors stole $100M in crypto assets from Harmony (Security Affairs) Threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony on Thursday evening. Last week threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms.  Harmony’s Horizon […]

Fast Shop Brazilian retailer discloses “extortion” cyberattack (BleepingComputer) Fast Shop, one of Brazil’s largest retailers, has suffered an ‘extortion’ cyberattack that led to network disruption and the temporary closure of its online store.

Covenant Care’s Data Breach Continues to Grow Across California (LegalScoops) Health Care Companies Impacted by Phishing Attack Focus Health RehabFocus Home Health Elevate Health Group Choice Home Health San Diego Home Health On

Schools and hospitals at risk of ATTACK as outdated tech leaves them open to cyber strikes (Express) AN EXPERT has warned that schools, hospitals, and sports stadiums could all be at risk of attack due to “outdated tech”.

Korean Loyalty Platform Exposed Around a Million Customers’ Personal Data (Website Planet) Dodo Point’s open Amazon bucket exposed at least 1 million customers’ PII and thousands of retail outlets’ sensitive data. Company name and loc

Security Patches, Mitigations, and Software Updates

Citrix Releases Security Updates for Hypervisor (CISA) Citrix has released security updates to address vulnerabilities that could affect Hypervisor. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX460064 and apply the necessary updates.

Researchers: Oracle Took 6 Months to Patch ‘Mega’ Vulnerability Affecting Many Systems (SecurityWeek) Security researchers publish technical details on a critical Oracle Fusion Middleware vulnerability that took six months to patch.

NCC Group Monthly Threat Pulse – May 2022 (Mynewsdesk) The number of ransomware attack victims decreased in May, according to NCC Group’s strategic threat intelligence team. In total, it observed 236 attacks in…

How phishing attacks are becoming more sophisticated – Help Net Security (Help Net Security) In this video for Help Net Security, Joshua Crumbaugh, CEO, PhishFirewall, talks about the threat of sophisticated phishing attacks.

Privacy group seeks to put faces on cyber attack victims (Axios) Digital Peace Now launched its Still Vulnerable campaign featuring 10 victims telling their stories.

Marketplace

Cybersecurity Startup M&A Holds Steady After Record Year (Crunchbase News) While cybersecurity deals might not hit last year’s record levels for M&A, interest in the sector remains strong.

Insurers refuse to cover contractors with poor cyber security (Construction News) Contractors with weak cyber-security measures could be turned down for insurance unless they implement stronger safeguards, a cyber-security expert has

The hacking industry faces the end of an era (MIT Technology Review) But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.

Hadrian Raises $11 Million for Offensive Security Platform (SecurityWeek) Offensive security startup Hadrian today announced that it has received €10.5 million ($11 million) in unsolicited seed funding that brings the total invested in the company to $13.7 million.

XM Cyber acquiring Israeli startup Cyber Observer for an estimated $30 million (ctech) The Israeli company was itself acquired for $700 million by Schwarz Group last year

Hacker-led cybersecurity startup Hadrian bags €10.5M to make security insights autonomous and scalable (Silicon Canals) Hadrian aims to renovate proactive security and make security insights autonomous and scalable.

Cerby Launches With World’s First Security Platform for Unmanageable Applications (Business Wire) Innovative architecture mitigates risk by empowering employees to register their own applications, allowing organizations to detect and automatically correct security lapses

First Trust Nasdaq Cybersecurity ETF declares quarterly distribution of $0.0033 (SeekingAlpha) First Trust Nasdaq Cybersecurity ETF (CIBR) – $0.0033.Payable Jun 30; for shareholders of record Jun 27; ex-div Jun 24.

Top 10 Government Cybersecurity Company Contractors (ExecutiveBiz) Your firm must comprehend federal cybersecurity regulations to avoid assaults from nation-states, organized crime, and hacktivists. Read here to learn more!

Two Big Winners of a $200 Billion Market (InvestorPlace) Cybersecurity is more important than ever. Learn why OKTA and PANW are among the very best stocks to benefit from this fact.

Can Zscaler Scale Its Business Despite a Possible Downturn? (Nasdaq) Zscaler (NASDAQ: ZS) is a next-generation cybersecurity company that serves a total addressable market worth approximately $23 billion.

Sophanny Schwartz joins Ascent Solutions as Managing Director of Human Resources (Help Net Security) Ascent Solutions announced the appointment of Sophanny Schwartz as MD of Human Resources, bringing experience in talent management.

Claroty appoints Heather Young as RVP Public Sector Sales (Help Net Security) Claroty announced the appointment of Heather Young as RVP Public Sector Sales to strength U.S. critical infrastructure cybersecurity.

3M Names New Privacy Chief After $215 Million Driver Data Deal (Bloomberg Law) 3M Co., months after settling with California drivers over data collection, has hired a new chief privacy officer from Dell Technologies Inc.

Boeing lands new CISO (iTnews) Mark Cross takes on new role.

NTT Research Names Brent Waters as CIS Lab Director (NTT Research) NTT Research, Inc., a division of NTT (TYO:9432), today announced that it has named Dr. Brent Waters as Director of its Cryptography and Information Security (CIS) Lab.

Axiad Bolsters Executive Team to Help Accelerate Growth for Its Integrated Authentication Platform (Business Wire) Axiad expands executive team to enhance go-to-market, accelerate growth for its enterprise-wide, passwordless authentication platform

Products, Services, and Solutions

KnowBe4 : Signs Partner Agreement With NEC Corporation (NEC) (MarketScreener) NEC adds KnowBe4 to their Security Professional Services to enhance human defense capabilities against increasing cyber attacks in Japan.

Palo Alto Networks bolsters its cloud native security offerings to help organizations secure web applications (ETCIO.com) Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility

CrowdStrike Wins Best Emerging Technology Award at SC Awards Europe 2022 (CrowdStrike) CrowdStrike today announced CrowdStrike Falcon XDR has been recognized as a winner in the Best Emerging Technology category for the SC Awards Europe 2022.

NetSec Goggle shows search results only from cybersecurity sites (BleepingComputer) A new Brave Search Goggle modifies Brave Search results to only show reputable cybersecurity sites, making it easier to search for and find security information.

Launch a cybersecurity career with this $39 boot camp on risk management (ZDNet) These tutorials cover NIST and all the best practices for government cybersecurity.

Dans bags GovTech Award for best cybersecurity solution (ACE Times) Dans manages air traffic movements daily at UAE’s four airports, including DXB

Kaspersky unveils hub for stalkerware detection tools (Back End News) Cybersecurity solutions firm Kaspersky unveiled a new hub dedicated to TinyCheck, a tool designed to detect stalkerware on mobile devices. The website will also help further consolidate the communi…

Beyond Identity Joins GitLab Inc.’s Alliance Partner Program to Secure Software Supply Chains From Malicious Attacks (Beyond Identity) New Integration Cryptographically Binds Access and Code Signing Keys to Valid Corporate Identities and Authorized Devices to Dramatically Reduce Critical Vulnerabilities

Phison and Cigent Deliver Advanced Cybersecurity Protection in Storage Controllers and Firmware (Business Wire) Phison Electronics Corp. (TPEX: 8299), a global leader in NAND flash and storage solutions, and Cigent® Technology, Inc., the leader in embedded cyber

Technologies, Techniques, and Standards

Wall Street Banks Quietly Test Cyber Defenses at Treasury’s Direction (Bloomberg) Banks, markets are seen being only as safe as weakest links. Wall Street embraces cooperative ethos in cyber fight.

Guarding against cyberattacks in the shipping and logistics sector with an effective recovery strategy (Engineering News) The shipping and logistics industry is increasingly a target of cybercrime and ransomware attacks, a trend that has accelerated in recent years. The reason for this is simple – these companies store and process a wealth of personal information that is immensely valuable, so a successful attack can be a highly profitable exercise. However, the damage these attacks cause financially and reputationally can be catastrophic. Companies need to implement leading-edge ransomware recovery and ransomware protection to enable them to protect and recover data quickly, minimising damages and loss.

Cybersecurity hype keeps building around XDR. So does confusion. (Protocol) Proponents say that extended detection and response services have huge potential for improving security for customers – if only top industry players could agree on what XDR actually is.

API Gateway Security – What kind of security do API gateways offer? (ThreatX) API gateways offer some basic security features but where do they fall short and how can you further secure APIs beyond gateways?

Inaugural U.S. Cyber Team Takes Bronze Medal at the 2022 International Cybersecurity Challenge (ICC) (OODA Loop) The first-ever U.S. Cyber Team announced to compete in the inaugural International Cybersecurity Challenge (ICC) was in Athens, Greece earlier this month – and took the bronze medal in the competition.  OODA is proud to the sponsor of the U.S. Cyber Games and the U.S. Cyber Team.  Congratulations to the team from OODA! 

Design and Innovation

Microsoft Implements Restrictions on AI as Privacy Concerns Grow (Dealerscope) Microsoft released a report called “Responsible AI Standard” and will limit its artificial intelligence systems’ access to facial and vocal recognition tools.

Zero Trust Cyber Exchange: NSA’s Kevin Bingham on innovating in a legacy environment (Federal News Network) The National Security Agency has been preaching zero trust for several years, but Zero Trust Lead Kevin Bingham says adoption accelerated after the May 2021 cybersecurity executive order.

Daily Roundup: Here’s Why Mega Security Vendors Are Pushing the Platform Approach (SDxCentral) Dissecting security vendors’ platform approach; Sesame Solar’s disaster preparation; and Microsoft talks carbon intensity issues.

We could be using facial authentication for a whole lot more than unlocking our phones (Fast Company) People working in industries from healthcare to data storage could leverage facial authentication to enhance security without increasing physical oversight.

Research and Development

‘False assumptions’ about social engineeering debunked: Proofpoint (ITWire) A new research report has debunked five “false assumptions” that people have about social engineering which are integral to why so many fall victim to these forms of cyberattack.

How Threat Actors Hijack Attention: The 2022 Social Engineering Report (Proofpoint) Social engineering is a component of nearly every threat actor’s toolbox who uses email as an initial access vector. From financially motivated cybercrime, to business email compromise (BEC) fraud, to advanced persistent threat (APT) actors, Proofpoint has observed countless tactics, techniques, and procedures relying on humans’ fundamental propensity to open and respond to emails.

Academia

Microsoft launches Cybershikshaa for Educators to train women in cyber security (The HinduBusinessline) Designed to ensure higher participation of women from rural areas to create an equitable and diverse cybersecurity talent pool

Legislation, Policy, and Regulation

S. Korea to join U.S.-led cyber exercise in October (Yonhap News Agency) South Korea’s military plans to participate in a U.S.-led …

US must prepare for proliferation of cyber warfare (C4ISRNet) To build cyber resilience in this heightened threat environment, agencies must work closely with both international counterparts and industry to align on a proactive, global approach to all cyber threats –– not just state-sponsored attacks.

House panel approves major cash infusion for CISA (The Record by Recorded Future) House appropriators on Friday voted in favor of a $2.9 billion budget for the Cybersecurity and Infrastructure Security Agency (CISA).

Senators seek update on U.S. security review of TikTok (Reuters) A group of six Republican senators on Friday asked U.S. Treasury Secretary Janet Yellen about an ongoing Biden administration national security review of social media platform TikTok.

Cotton, Colleagues Demand Action from Biden Administration Against TikTok (Tom Cotton, U.S. Senator Cotton of Arkansas) Senators Tom Cotton (R-Arkansas), Ben Sasse (R-Nebraska), Mike Braun (R-Indiana), Marco Rubio (R-Florida), Todd Young (R-Indiana), and Roger Wicker (R-Mississippi) sent a letter to Treasury Secretary Janet Yellen demanding answers about actions the Biden administration is taking to combat the national security risks associated with TikTok, a social media platform developed and owned by Chinese company ByteDance Ltd.

WSJ News Exclusive | Lawmakers Want FTC to Investigate Apple, Google Over Mobile Tracking (Wall Street Journal) Identifiers built into iOS and Android facilitate the collection and sale of personal data, four Democrats said in a letter to the Federal Trade Commission.

Queensland moves on data breach notification scheme (InnovationAus.com) Queensland is considering a mandatory data breach notification scheme among several privacy and information sharing reforms. The scheme would force agencies to report data breaches to the regulator and affected individuals in what would be a first for state or territory governments. Currently, Queensland agencies are not obligated to report data breaches despite recommendations from the regulator in 2016 and a 2020 review of the state government’s management of confidential personal information also calling for a data breach notification (DBN).Queensland’s proposed DBN scheme would be based on the 2018 Commonwealth scheme and give individuals dealing with the state’s agencies the same protections as the federal scheme.

New Paper Addresses Recruiting and Clearing Personnel with Foreign Ties (HS Today) The paper offers several recommendations that the U.S. national security apparatus should pursue to clear a diverse workforce.

Clearance Applicants With Foreign Ties to Russia and China Anticipate More Issues (ClearanceJobs) With geopolitical tensions on the rise between the U.S. and Russia and China some with foreign ties are growing concerned.

Litigation, Investigation, and Law Enforcement

John Durie: ACCC now formally investigating Google’s $7.9 billion Mandiant acquisition (SmartCompany) The $7.9 billion Mandiant deal is Google’s second biggest ever behind the $18.6 billion takeover of Motorola in 2012.

Clearview fine: The unacceptable face of modern surveillance (Help Net Security) Surveillance technology is expanding at such a pace that it’s now possible to analyze your walk, your heartbeat, breathing pattern, etc.

CafePress Fined $500,000 After Massive Data Breach (Infosecurity Magazine) FTC also demands major security improvements

FTC Orders Online Retailer CafePress to Improve Security After 2019 Hack (Wall Street Journal) CafePress will pay a $500,000 fine as part of a settlement over a 2019 hack that affected millions of customers’ data

The US has doled out more than $3.3 billion in penalties for crypto firms (The Block) A new report from Elliptic finds that $3.3 billion in monetary penalties have been collected from crypto-related businesses since 2009.

Nebraska Joins $1.25M Multistate Settlement Over Data Breach (GovTech) Nebraska is set to get $10,923 of a $1.25 million multistate settlement with Carnival Cruise Line stemming from a 2019 data breach involving the personal information of about 180,000 employees and customers.

North Down teen charged with creating a computer virus which took down global institutions (Belfast Telegraph) A North Down teenager has been charged with creating a computer virus which “crashed hundreds of financial institutions” across the world.

Teen accused of global cyber attack: I’ll fight case (Belfast Telegraph) This is the teenage computer whizzkid charged with launching a cyber attack on “hundreds of financial institutions” across the world.

Carnival is fined $5 million by New York for cybersecurity violations (The Hindu) New York’s Department of Financial Services said Carnival violated a state cybersecurity regulation by failing to use multi-factor authentication

Scammer Who Used Info of Riot Games’ Co-Founder to Mine Crypto is Jailed (HackRead) The Singaporean identity fraud scammer also tricked Google and Amazon Web Services (AWS) into providing $5.4 million worth of cloud computing services by using the personal details of the co-founder and co-chairman of Riot Games Mr. Marc Merrill.

The Brazilian Candidate: The Studious Cover Identity of an Alleged Russian Spy (bellingcat) An alleged GRU spy who sought access to the International Criminal Court as an intern left a long and detailed trail on social media.