Dateline Moscow, Kyiv, Vilnius, Brussels, Madrid: Hybrid war and alliance building.

Ukraine at D+125: Disinformation on Kremenchuk. (The CyberWire) Russia concentrates on the Donbas as Ukraine retakes ground near Kherson in the south. Moscow says the missile strikes on the Kremenchuk shopping center were a Ukrainian provocation. NATO takes a harder line on Russia as Turkey withdraws its objection to membership by Sweden and Finland. Cyberattacks against Lithuania seem to fall short of triggering Article 5 (kinetically, at least).

Russia-Ukraine war: List of key events, day 126 (Al Jazeera) As the Russia-Ukraine war enters its 126th day, we take a look at the main developments.

Near Kherson, Ukrainians regain territory in major counteroffensive (Washington Post) At a school where Russian forces had set up a base in Ukraine’s southern Kherson region, three of their armored personnel carriers remained on the property — for now. They were damaged when Ukraine’s military recently forced the occupying soldiers back from this area. Over the weekend, three locals hammered at one vehicle to salvage spare parts.

The Real Key to Victory in Ukraine (Foreign Affairs) Why sustaining the fight is everything in a war of attrition.

Russia calls Kremenchuk mall attack another ‘false flag operation’ by Ukraine (Republic World) Russian Foreign Ministry spokeswoman Maria Zakharova dismissed the strike on a shopping centre in Kremenchuk as another “false flag operation” by Ukraine.

Ukrainian survivor: Only a ‘monster’ would attack a mall (AP NEWS) The mall was nothing extraordinary, but in the middle of a war it was an escape for those in this Ukrainian city who had decided not to flee. Then it exploded in a Russian airstrike .

Whilst the G7 dithers, Putin is rebuilding his strategic power (The Telegraph) China, Egypt, India, and Saudi Arabia are all strengthening their relationships with the Kremlin, despite the West’s warnings

Ukraine Is the Korean War Redux (Foreign Policy) Russia’s invasion heralds the transition to a new global order—but it will be less stable than the Cold War.

Physically tough, boring in person and dangerous when cornered: lessons from a new Putin biography (The Telegraph) Philip Short’s Putin, the result of hundreds of interviews, is illuminating – but with a subject this volatile, it already feels out of date

The Source of Ukraine’s Resilience (Foreign Affairs) How decentralized government brought the country together.

Biden must rally against a Russia-led UN ‘cybercrime treaty’ (The Hill) In the midst of Russian-led cyber attacks against Ukraine and attempts to probe critical United States infrastructure, the United Nations began negotiations to draft a new cybercrime treaty. Improb…

Could the Russian cyber attack on Lithuania draw a military response from NATO? (Sky News) A cyber attack has been launched against Lithuania by a Russian hacking group – albeit one that denies a connection with Vladimir Putin’s government. It has come about after the NATO member blocked Russia’s access to its Kaliningrad exclave.

Microsoft’s Defending Ukraine report offers fresh details on digital conflict and disinformation (CSO Online) Russia will use what it learned from its destructive cyber actions in Ukraine for other operations. “There is no going back to normal.”

NATO set to expand as Turkey backs membership for Sweden, Finland (SeekingAlpha) Finland and Sweden have taken a major step towards NATO membership after Turkey flipped its position to support the countries joining the world’s most powerful military alliance

Erdogan agrees to NATO expansion at Madrid summit (Al Jazeera) Turkey agreed to lift opposition to Sweden and Finland joining NATO, a breakthrough in an impasse clouding the summit.

Turkey lifts hold on Sweden, Finland joining NATO, following wide-ranging concessions (Breaking Defense) Sweden will lift an arms embargo on Turkey and the three nations will work more closely on counter-terrorism issues, per an agreement.

NATO calls Russia its ‘most significant and direct threat’ (AP NEWS) NATO declared Russia the “most significant and direct threat” to its members’ peace and security, as the military alliance met Wednesday to confront what NATO’s chief called the biggest security crisis since World War II.

NATO Secretary General Previews ‘Transformative’ Madrid Summit (U.S. Department of Defense) The upcoming NATO summit in Madrid will be transformative, as leaders meet to discuss Russia and China among other defense-related topics, NATO Secretary General Jens Stoltenberg said.

NATO to boost readiness numbers, approve new Ukraine aid at Madrid summit (Defense News) The increase to more than 300,000 on-alert troops will be matched with more prepositioned equipment and supplies stockpiles, notably air defense capabilities, said Secretary-General Jens Stoltenberg.

The NATO summit is chance to wean Europe off US military might (Defense News) In Madrid, Biden ought to drive a hard bargain with America’s European allies.

U.S. Sending Metal Shark Maritime Combat Boats to Ukraine, Company Says (USNI News) Louisiana-based company Metal Shark announced Tuesday that the U.S. would send six of its maritime combat vessels to Ukraine as part of the $450 million aid the White House announced last week. The White House said it would send 18 patrol boats to Ukraine as part of the latest assistance package, but would not identify …

Attacks, Threats, and Vulnerabilities

Exclusive: US plants Trojan horse programs in hundreds of important Chinese information systems; new cyber weapon targets China, Russia (Global Times) On Wednesday China’s official virus emergency response office and leading cybersecurity company disclosed a new vulnerability attack weapon platform deployed by the US National Security Agency (NSA), which cybersecurity experts believe is the main equipment of the NSA’s computer network hacking operation team, and it targets the world with a focus on China and Russia.

Pro-PRC DRAGONBRIDGE Influence Campaign Targets Rare Earths Mining Companies in Attempt to Thwart Rivalry to PRC Market Dominance (Mandiant) Since June 2019, Mandiant has reported to customers on an influence campaign known as DRAGONBRIDGE, comprising a network of thousands of inauthentic accounts across numerous social media platforms, websites, and forums that have promoted various narratives in support of the political interests of the People’s Republic of China (PRC). We have since observed multiple shifts in DRAGONBRIDGE tactics, and in September 2021, we reported on an expansion of this campaign’s activity.

Miners ‘targeted’ in pro-China cyberwar claim (Australian Financial Review) An army of fake social media accounts allegedly tried to incite protests against Lynas Rare Earths as part of a campaign to bolster China’s national interest.

Pro-China digital campaign targets mining firms – cybersecurity report (Reuters) A pro-China propaganda campaign used fake social media accounts to try to stir up opposition, including protests, against mining firms that challenge China’s business interests, U.S.-based cybersecurity firm Mandiant said on Tuesday.

Chinese Threat Actor Targets Rare Earth Mining Companies in North America, Australia (SecurityWeek) A Chinese threat actor has been conducting influence campaigns targeting rare earth mining companies in Australia, Canada, and the United States.

Chinese Hackers Target Building Management Systems (SecurityWeek) Chinese hackers targeted building management systems as part of a campaign whose apparent goal is data harvesting.

FBI: Stolen PII and deepfakes used to apply for remote tech jobs (BleepingComputer) The Federal Bureau of Investigation (FBI) warns of an increase in complaints that cybercriminals are using Americans’ stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions.

Researchers uncover ZuoRAT malware targeting home-office routers (Help Net Security) Black Lotus Labs discovered a new remote access trojan (RAT) called ZuoRAT, which targets remote workers via their SOHO devices.

ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks (Lumen) Black Lotus Labs, is currently tracking elements of what appears to be a sophisticated campaign leveraging infected SOHO routers to target predominantly NA and European networks of interest.

RansomHouse Extortion Group Claims AMD as Latest Victim (RestorePrivacy) Update: AMD has acknowledged the potential breach and has provided us with a statement. RansomHouse, a relatively new data-extortion cybercrime group, has announced a major new victim. Today, the group published a new update on its darknet site and are claiming to have breached Advanced Micro Devices (AMD), the large chip manufacturing company. RansomHouse is …

RansomHouse gang claims to have some stolen AMD data (Register) Relative cybercrime newbies not clear on whether they’re alleging to have gigabits or gigabytes of chip biz’s data

CISA Says ‘PwnKit’ Linux Vulnerability Exploited in Attacks (SecurityWeek) CISA says the Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.

CVE-2022-30522 – Apache httpd Denial of Service (DoS) vulnerability (JFrog) CVE-2022-30522 is an Apache httpd vulnerability found by JFrog Security Research when analyzing the impact of a recent vulnerability patch. Read our analysis and guidance >

The Link Between AWM Proxy & the Glupteba Botnet (KrebsOnSecurity) On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy — a…

Over 900,000 Kubernetes instances found exposed online (BleepingComputer) Over 900,000 misconfigured Kubernetes clusters were found exposed on the internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks.

Remote Memory Corruption Bug Found in OpenSSL 3.0.4 (Decipher) A remotely exploitable memory corruption bug has been identified in OpenSSL 3.0.4 on x64 systems with the AVX512 instruction set.

Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs (ReversingLabs) ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.

Chinese Researchers Find Critical Security Flaws in CoDeSys Automation Software (Infosecurity Magazine) Vulnerabilities could allow attackers to gain unauthorized access to company resources or carry out denial-of-service attacks

Nearly a dozen Codesys flaws addressed (SC Magazine) Codesys has already released fixes for 11 security flaws across its products identified by NSFocus, a Chinese cybersecurity company.

Apple revokes certificates for spyware app ‘Hermit’ distributed outside the App Store (9to5Mac) Google’s Threat Analysis Group (TAG), a group that specializes in tracking and analyzing government-backed hacking and attacks, recently published research on “Hermit” – a spyware that can compromise Android and iOS devices. Luckily, Apple has already found a way to stop the spread of this specific spyware on its devices. As shared on TAG’s official […]

LockBit 3.0 Ransomware Emerges With Bug Bounty Program (SecurityWeek) The LockBit 3.0 ransomware operation has been launched and it includes a bug bounty program offering up to $1 million.

Names, addresses of every CCW holder in California exposed, Sheriff’s Office confirms (KTLA) The names, addresses, and license types of every CCW holder in California were exposed as part of a data breach suffered by the state Department of Justice, according to the Fresno County Sheriff&#…

U.S. Bank of the West Found a Debit Card Stealing Skimmers on ATMs (Cyber Security News) Initially, a wave of suspicious withdrawal attempts that originated in November 2021 was identified by the bank. However, a more in-depth investigation has been conducted by the bank in coordination with law enforcement to get a proper conclusion..

Threat actors increasingly use third parties to run their scams (Help Net Security) Abnormal Security research shows a trend in financial supply chain compromise as threat actors impersonate vendors more than ever before.

Digital Shadows Weaken Your Attack Surface (Security Intelligence) Your travels through the internet cast a digital shadow. See how employers can lock this down to prevent attackers from having a hidden way inside.

Cloud security risks remain very human (InfoWorld) Most of us picture cloud security threats as bad actors in some hostile country. More often, it’s you and your coworkers.

2022 CWE Top 25 Most Dangerous Software Weaknesses (CISA) The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead to serious vulnerabilities in software.

Security Patches, Mitigations, and Software Updates

Amazon quietly patches ‘high severity’ Android photos app vulnerability (The Record by Recorded Future) Amazon patched a high severity vulnerability affecting the Amazon Photos Android app in December.

Google Introduces New Capabilities for Cloud Armor Web Security Service (SecurityWeek) Google expands Cloud Armor features with adaptive protection, bot defense, new edge security policies, rate limiting, and support for proxy load balancers.

CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1 (CISA)  CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement for Federal Civilian Executive Branch (FCEB) agencies per Executive Order 14028, “Improving the Nation’s Cybersecurity”.

CISA releases 6 Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency) ICS-CERT released the following 6 advisories today, June 28, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.

ABB e-Design (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: ABB Equipment: e-Design Vulnerabilities: Incorrect Default Permissions 2. RISK EVALUATION  Exploitation of these vulnerabilities could allow privilege escalation or a denial-of service condition.

Omron SYSMAC CS/CJ/CP Series and NJ/NX Series (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Omron
Equipment: SYSMAC CS/CJ/CP Series and NJ/NX Series
Vulnerabilities: Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, Plaintext Storage of a Password
CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology (OT) vendors. CISA is issuing this advisory to provide notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

Advantech iView (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerabilities: SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, Command Injection 2.

Motorola Solutions MOSCAD IP and ACE IP Gateways (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MOSCAD IP Gateway and ACE IP Gateway Vulnerability: Missing Authentication for Critical Function CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology (OT) vendors.

Motorola Solutions MDLC (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Motorola Solutions Equipment: MDLC Vulnerabilities: Use of a Broken or Risky Cryptographic Algorithm, Plaintext Storage of a Password CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology (OT) vendors.

Motorola Solutions ACE1000 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Motorola Solutions Equipment: ACE1000 Vulnerabilities: Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as “OT:ICEFALL” that details vulnerabilities found in multiple operational technology (OT) vendors.

SANS 2022 Security Awareness Report: Human Risk Remains the Biggest Threat to Your Organization’s Cybersecurity (The SANS Institute) Learn Actionable Steps to Mature Your Security Awareness Programs and Compare Your Program Against Global Benchmarks

The State of Vulnerability Management (NopSec) Unremediated vulnerabilities are open doors that let malicious actors walk right through. Today, security teams are challenged enough by finding and shutting those open doors to keep their organization safe. Keeping track of those vulnerabilities and responding quickly and efficiently is one challenge—finding openings they might not even know about is another.

Ransomware Targeting Healthcare at an Alarming Rate | CDOTrends (CDOTrends) 66% of health organizations became ransomware victims in 2021.

Opinion | This Is What Happens When Tech Executives Start Believing Their Own Hype (New York Times) Silicon Valley breeds narcissists who run their companies as ideological vanity projects.

Marketplace

Infrastructure as Code (IaC) Security Leader oak9 Raises $8 Million in (PRWeb) oak9, cloud native trailblazer known for developer-first IaC security, has raised $14 million in funding over the last 15 months.

Siemens to buy U.S. software company Brightly in $1.58 bln deal (Reuters) Siemens is buying U.S. tech company Brightly Software from private equity owner Clearlake Capital for $1.58 billion, the German engineering group said on Monday, its latest move to broaden its software credentials and grow faster than rivals.

Siemens to Buy Buildings Software Firm Brightly for $1.6 Billion (Bloomberg) Brightly offers cloud-based infrastructure management software. Deal helps address growing software market for buildings.

WISeKey Announces the Divestiture of arago (GlobeNewswire News Room) WISeKey Announces the Divestiture of arago Zug, Switzerland, June 27, 2022 – Ad-Hoc announcement pursuant to Art. 53 of SIX Listing Rules – WISeKey…

XM Cyber Acquires Cyber Observer for Security Posture Management (Channel Futures) XM Cyber has acquired Cyber Observer, a provider of continuous controls monitoring (CCM) and cloud security posture management (CSPM).

W3C to become a public-interest non-profit organization (W3C Media Advisory) The World Wide Web Consortium is set to pursue 501(c)(3) non-profit status. The launch as a new legal entity in January 2023 preserves the core mission of the Consortium to shepherd the web by developing open standards with contributions from W3C Members, staff, and the international community.

Netskope Awarded First Ever U.S. Federal Civilian Government SASE Contract led by the United States Patent and Trademark Office (Netskope) SASE model eliminates perimeter-based security and networking appliances and legacy solutions for Federal Agencies and enables modern access control for

Huawei partners with U.S. publication it accused of bias to win new supporters (The Washington Times) Huawei’s new charm offensive to win over skeptics in the free world includes a fresh target: the media.

CISA Job Offer Hiring Events (CISA) CISA participates in a variety of career fairs, webinars, and hiring events. Learn how to participate.

Why the National Security Agency overpaid contractors during the height of the pandemic (Federal News Network) Remember the CARES Act, enacted at the height of the pandemic? Among other things, it let agencies reimburse contractors to pay employees unable to work at an approved federal site or to telework.

SecureAuth Expands Leadership Bench to Support Growth with Appointments of Dennis Dowd VP of Worldwide Sales and Karan Dua as CFO (Business Wire) Today, SecureAuth, a leader in access management and authentication, announces the appointment of Dennis Dowd as Vice President of Worldwide Sales whe

CSS Names Eva Markowitz as New SVP of Human Resources (PRWeb) Converged Security Solutions (CSS), the holding company supporting leading IT transformation, cybersecurity, and physical security companies Evolver and eVigilan

Products, Services, and Solutions

KnowBe4 Kicks Off Ransomware Awareness Month With Resource Kit (PR Newswire) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, announced the release of a resource…

Netskope Delivers Continuous Cloud Risk Assessment With New CrowdStrike, KnowBe4, Mimecast Integrations (PR Newswire) Netskope, the leader in Security Service Edge (SSE) and Zero Trust, today announced the growth of the Cloud Risk Exchange featuring new…

Talon Cyber Security Selected for Exclusive Microsoft for Startups Program (Talon Cyber Security) By Being Selected for Microsoft for Startups, Talon to Speed Commercialization and Drive Adoption of Secure Enterprise Browser  Tel Aviv, Israel – June 29, 2022 – Talon Cyber Security, provider of the first secure enterprise browser, today announced it has been selected as a partner for Microsoft for Startups, a global program dedicated to accelerating…

Cloudian Partners with Vertica to Deliver On-Premises Data Warehouse Platform on S3 Data Lake (GlobeNewswire News Room) Cloudian® today announced a partnership with Vertica, a Micro Focus (LSE: MCRO; NYSE: MFGP) line of…

Cloud Armor adds more edge security policies, proxy load balancers (Google Cloud Blog) Google Cloud expands its scope of DDoS and web application firewall protection with new edge security policies and proxy load balancers.

Introducing new Cloud Armor features including rate limiting, adaptive protection, and bot defense (Google Cloud Blog) Cloud Armor strengthens its already formidable defenses with new features to counter advanced L7 attacks and block malicious bots.

Crytica Security, Inc. Reduces APT, Zero-Day, and Malware Dwell Time to Less Than 180 Seconds (PR Newswire) Crytica Security, Inc., a stealthy cybersecurity start-up launched by industry veterans from Bell Labs, Apple, and HP today introduced the…

Cisco Joins Forces with GDIT to Deliver Private 5G (Cisco) GDIT and Cisco are expanding on a 30+ year partnership to drive innovation for digital transformation in government. Together, Cisco and GDIT can provide government agencies with simple and intuitive private 5G solutions for IoT and edge use cases.

Pentera and PlexTrac Partner to Automate Cybersecurity Remediation (GlobeNewswire News Room) Solution fast tracks time-to-remediation in hybrid IT environments…

Aurora Mobile Upgrades its Verification Service to JG Secured Verification to Provide Comprehensive Cyber-defense Solutions for Businesses (GlobeNewswire News Room) Aurora Mobile Limited (NASDAQ: JG) (“Aurora Mobile” or the “Company”), a leading provider of…

Measured creates new cybersecurity solution in partnership with Ostra (Insurance Business) Suite of cyber tools aimed at SME clients

FirstLight Seeks to Close the Cyber Security Gap for Its Customers with Several New Cloud-Based Security Solutions (GlobeNewswire News Room) FirstLight, a leading provider of digital infrastructure services to…

Introducing the New Verint – a New Cloud Platform and More AI (No Jitter) The company’s focus on CX has evolved through acquisitions and a growing AI portfolio.

IBM’s first cloudy mainframes scheduled to launch June 30 (Register) It’s not IaaS, it’s reserved for test and dev – and will feed the golden goose that is the z/OS ecosystem

Airiam releases AirProducts to defend small and mid-sized enterprises against cyberattacks (Help Net Security) Airiam released AirProducts, its proprietary line designed to deliver cyber protection and digital transformation services to SMEs.

Phison and Cigent join forces to combat sophisticated threats and safeguard storage products (Help Net Security) Phison and Cigent announced an innovative partnership program called Cigent Secure SSD Ready to combat sophisticated threats.

Crossword Cybersecurity Supply Chain Cyber practice improves supply chain resilience for organizations (Help Net Security) Crossword Cybersecurity announced a new integrated Supply Chain Cyber practice to provide an end-to-end approach to supply chain security.

Commvault and Oracle Partner to Deliver Metallic® Data Management as a Service on Oracle Cloud Infrastructure to Accelerate Enterprise Hybrid Cloud Adoption (PR Newswire) Commvault, a global enterprise leader in intelligent data services across on-premises, cloud, and SaaS environments, has expanded its strategic…

Technologies, Techniques, and Standards

Private-public sector data sharing key to greater national security (FedScoop) Splunk’s government affairs chief highlights public sector predictions and strategies in a new six-part podcast series on mission resilience.

Trends to watch when creating security strategy for the next two years (Help Net Security) Gartner analysts offer a look at the top security trends that will drive strategy decisions in global organizations in the next two years.

Council Post: Reflections Of A Former Hacker: How Leaders Can Protect Their Business From Cyber Threats (Forbes) As digital transformation and hybrid work-life present new opportunities for attackers, many older threats continue to cause problems for organizations.

Why digital trust needs to be a strategic imperative for your company (Help Net Security) Connectivity is soaring and digital transformation is accelerating, making it critical for everyone to invest in digital trust.

Listen: RBC’s cybersecurity takes a full-court press approach (Bank Automation News) Cybersecurity measures are a priority at Royal Bank of Canada (RBC), from monitoring and mitigation to solution investment. Banks rarely consider cybersecurity a finished process; the nimbleness of fraudsters and quick development of new hacking technology spur perpetually evolving security measures for risk and anti-money laundering (AML) divisions at most large financial institutions. But keeping

Hotel companies prioritise guest experience by improving cybersecurity capabilities – Intelligent CIO Middle East (Intelligent CIO Middle East) Hotel providers continually strive to offer more seamless and secure experiences to their guests and cybersecurity undoubtedly plays a big part in this. Here we take a look at why Germain Hotels has made Canary Technologies’ digital credit card authorisation solution the standard across all its properties, as well as how Jumeirah Hotel Group is […]

Design and Innovation

‘Supercookies’ Have Privacy Experts Sounding the Alarm (Wired) A German ad-tech trial features what Vodafone calls “digital tokens.” Should you be worried?

Research and Development

QuSecure Awarded Coveted SBIR Phase III Federal Government Procurement Contract for Post-Quantum Cybersecurity Solutions (Business Wire) QuSecure™, Inc., a leader in post-quantum cybersecurity (PQC), today announced the U.S. Federal Government has awarded QuSecure with the coveted Small

Academia

CYBER.ORG Launches Project Access, a National Effort to Increase Access to Cybersecurity Education for Students with Disabilities (Business Wire) CYBER.ORG announced today the kickoff of Project Access, a program designed to expand access to cybersecurity education for blind and vision impaired

Atlantic Council’s Cyber 9/12 Strategy Challenge expands to Scotland (Atlantic Council) The Abertay University cyberQuarter joins as a strategic partner for Cyber 9/12 Strategy Challenge, the world’s only multidisciplinary cyber competition.

Legislation, Policy, and Regulation

European Cloud Restrictions Could Limit U.S. Providers’ Reach (Wall Street Journal) European cybersecurity authorities are drafting a new certification system for cloud services that could limit the amount of critical data held by American providers.

Securing cyber-physical infrastructure (JD Supra) The UK Government recently presented its proposed vision for how national cyber-physical infrastructure could accelerate innovation across the UK:…

Clear Rules Needed to Prevent Conflict and Struggle in Cyber Space, Says NCSC Chief (Infosecurity Magazine) NCSC chief executive Lindy Cameron explains that clear rules are needed to govern the use of cyber capabilities

Commercial cyber products must be used responsibly, says NCSC CEO (ComputerWeekly.com) NCSC’s Lindy Cameron is to speak out on responsible regulation of cyber capabilities at an event in Tel Aviv, Israel.

House Armed Services Committee concerned with state of Navy cyber readiness (FedScoop) The House Armed Services Committee is pushing the Navy to create a singular and special work role dedicated to cyberspace matters and is willing to play hardball with the service to get it to do so, according to a provision in its version of the fiscal 2023 National Defense Authorization Act. Not having such a […]

Praetorian, the Army’s Only Offensive Operations Cyberspace Brigade, Welcomes a New Commander (DVIDS) Colonel Matthew J. Lennox relinquished his command of the 780th Military Intelligence (MI) Brigade (Cyber) to Colonel Benjamin F. Sangster during a change of command ceremony hosted by Major General Michele H. Bredenkamp, commander of the U.S. Army Intelligence and Security Command, on the McGlachlin Parade Field, June 28.

Litigation, Investigation, and Law Enforcement

Bulgaria expels 70 Russian diplomatic staff over espionage concerns (Reuters) Bulgaria said on Tuesday it was expelling 70 Russian diplomatic staff over espionage concerns and had set a cap on the size of Moscow’s representation as tensions between two countries that were once close allies fractured over Ukraine.

Accused ‘NetWalker’ Ransomware Hacker Agrees to Plead Guilty (Bloomberg) Former Canadian government employee extradited to US this year. NetWalker crew extorted $46 million from victims, report says.

Netwalker ransomware affiliate agrees to plead guilty to hacking charges (The Record by Recorded Future) A prolific Netwalker ransomware affiliate pleaded guilty to several charges related to a hacking campaign against a company based in Tampa, Florida. 

CSE used its new cyber attack powers to disrupt foreign extremists and cyber threat actors targeting Canadians: report (Standard-Freeholder) The agency reported over 300 known ransomware attacks in 2021, a 151 per cent increase on the previous year though officials contend the crime remains…

Canada’s national police force admits use of spyware to hack phones (POLITICO) The RCMP says it needs to use malware because encryption has made surveillance “exponentially more difficult.”

‘An Invisible Cage’: How China Is Policing the Future (New York Times) Vast surveillance data allows the state to target people whose behavior or characteristics are deemed suspicious by an algorithm, even if they’ve done nothing wrong.