Dateline Moscow, Kyiv, Madrid: A war of attrition with DDoS in support.

Ukraine at D+126: Russia leaves Snake Island. DDoS in NATO’s North. (The CyberWire) Russia abandons Snake Island in the Black Sea as the artillery war continues in the Donbas. The Cyber Spetsnaz conduct DDoS attacks against Norway (and the Svalbard treaty is the issue). NATO prepares for renewed Russian cyber ops, and Roskosmos releases satellite images of Western government buildings (apparently nothing more than you could get anywhere else).

Russia-Ukraine war: List of key events, day 127 (Al Jazeera) As the Russia-Ukraine war enters its 127th day, we take a look at the main developments.

Russia-Ukraine war: what we know on day 127 of the invasion (the Guardian) Nato says Moscow ‘most direct threat’ to security; Putin warns over installing military infrastructure in Finland and Sweden

Russia retreats from Snake Island (The Telegraph) Ukraine says remaining Russian forces fled the outpost on a speedboat after a number of missile attacks

Russia-Ukraine war: Russia withdraws from Snake Island and says Ukraine should demine waters – live news (the Guardian) Russian ministry of defence says withdrawal is goodwill gesture to facilitate grain exports, and asks that Ukraine demine its coastal waters

Ukraine says it has pushed Russian forces from Snake Island (the Guardian) Winning back vital Black Sea landmass could weaken any future Russia coastal land attack

Ukraine’s War of Attrition Exacts Heavy Toll on Both Sides (Wall Street Journal) Kyiv’s strategy to make Russian forces pay dearly for ever-smaller pockets of territory risks wearing down its own military, which has incurred heavy casualties defending and ultimately losing one grueling fight after another.

Ukraine war: Kremenchuk shopping centre attack claims fact-checked (BBC News) Russia’s government and its supporters online spread a number of false claims after the bombing.

The CCTV footage that debunks Russia’s lies about Kremenchuk shopping centre attack (The Telegraph) The destruction of another civilian target leads experts to believe that Moscow might run low on high-precision firepower

Putin’s partner in war crimes (Atlantic Council) Both Putin and Lukashenka, as well as the relevant officials and soldiers in their respective chains of command, should be charged with war crimes, crimes against humanity, and possibly genocide.

Pro-Russian hacker group says it attacked Norway (The Independent Barents Observer) “Good morning Norway! – All squads at battle,” was the short message the Killnet cyber attack cluster posted via its Telegram channel Wednesday morning. The announcement was framed by a manipulated photo of Norwegian Foreign Minister Anniken Huitfeldt, by the hackers named “Mrs. Error”.

Cyberattack hits Norway, pro-Russian hacker group fingered (AP NEWS) A cyberattack temporarily knocked out public and private websites in Norway in the past 24 hours, Norwegian authorities said Wednesday. Norwegian Prime Minister Jonas Gahr Støre said that to his knowledge the attack “has not caused any significant damage.”

Norway hit with cyberattack, temporarily suspending service (The Hill) Norway’s public and private sector websites were temporarily down on Wednesday following a cyberattack that targeted the country’s national data network, forcing it to suspend online services for s…

Norway blames “pro-Russian group” for cyber attack (Reuters) A number of institutions in Norway have been subjected to a so-called distributed denial-of-service (DDoS) cyber attack in the last 24 hours, the Norwegian NSM security authority said on Wednesday, blaming a “criminal pro-Russian group”.

Norway accuses pro-Russian hackers of launching wave of DDoS attacks (The Record by Recorded Future) Norway accused pro-Russian hackers of launching several DDoS attacks at a number of critical organizations in the country. 

Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’ (Bloomberg) US officials and allies have warned about attacks from XakNet and related groups.

Russia publishes Pentagon coordinates, says Western satellites ‘work for our enemy’ (Reuters) Russia’s space agency published the coordinates of Western defence headquarters including the U.S. Pentagon and the venue of NATO’s summit on Tuesday, saying Western satellite operators were working for Russia’s enemy – Ukraine.

Russian Space Agency Targeted in Cyberattack (Wall Street Journal) The website of Russia’s space agency was hit by a cyberattack after it posted satellite imagery and coordinates of the White House, the Pentagon and other Western decision-making bodies, the agency’s press service said.
Dmitry Strugovets, the head of space agency Roscosmos’s press service, wrote We

Cyberattack hits Russian space agency site after sharing NATO photos (Jerusalem Post) The site of Russian space agency Roscosmos was targeted by hackers in a DDoS attack after it published satellite images of NATO buildings.

Ukraine lessons take center stage in Marines’ new information warfare plan (Marine Corps Times) Marine units risk becoming less resilient, officials said, when they “treat information as an afterthought.”

NATO establishes program to coordinate rapid response to cyberattacks (POLITICO) The U.S. will offer “robust national capabilities” to support this program, according to a fact sheet put out by the White House on Wednesday.

Madrid Summit Declaration issued by NATO Heads of State and Government participating in the meeting of the North Atlantic Council in Madrid 29 June 2022 (NATO) We, the Heads of State and Government of the North Atlantic Alliance, have gathered in Madrid as war has returned to the European continent. We face a critical time for our security and international peace and stability.

Security experts brace for possible Russian cyberattacks (Protocol) A cyber escalation by Russia against the U.S. still remains possible, as soon as later this year, according to numerous experts.

Why did Russia’s cyber warfare against Ukraine fizzle out? (Jerusalem Post) The vice president of the Microsoft Threat Intelligence Center grants insight into the sudden lack of aggression from Russia at the war’s outbreak.

The War in Ukraine: Important lessons to be learnt from Ukraine’s cyber defence success (Geektime) Ukraine managed to thwart many Russian-sponsored cyber-attacks prior to and during the war. What lessons can states learn and apply?

Putin issues fresh warning to Finland and Sweden on installing Nato infrastructure (the Guardian) President says Moscow would respond ‘symmetrically’ to any deployments, and foreign ministry accuses Nato of trying to destabilise Russian society

Did Putin inadvertently create a stronger NATO? (Washington Post) Russia’s invasion of Ukraine has resulted in at least one major change to the global order: NATO expansion.

Historic NATO Meeting Extends Cybersecurity Collaboration to Asia-Pacific Allies (Nextgov.com) The security alliance is squaring off against Russia and China by building a coordination capability for rapidly responding to cyber attacks.

What Turkey won with its NATO leverage (Atlantic Council) Ankara got exactly what it wanted in exchange for paving the way for Sweden and Finland to join the Alliance.

Biden officials privately doubt that Ukraine can win back all of its territory (CNN) White House officials are losing confidence that Ukraine will ever be able to take back all of the land it has lost to Russia over the past four months of war, US officials told CNN, even with the heavier and more sophisticated weaponry the US and its allies plan to send.

Ukraine wins release of 144 soldiers in biggest prisoner swap of war (Reuters) Ukraine on Wednesday carried out its biggest exchange of prisoners of war since Russia invaded, securing the release of 144 of its soldiers, including 95 who defended Mariupol’s steelworkers, Ukraine’s military intelligence agency said.

Putin is learning from his mistakes. We are not (The Telegraph) Slashing the size of the British Army will leave us incapable of fulfilling our commitments to Nato

Fear of confronting Putin will lead to Russian victory in Ukraine (Atlantic Council) So far, the war in Ukraine has taught Vladimir Putin that NATO and the EU will go to great lengths to avoid confronting him. This has grave consequences for Ukraine itself and for the wider international community.

The dismal truth is that Putin is winning the economic war (The Telegraph) The French President seems to have lost his grasp of basic economics

Gedrosselte Gaslieferungen: Siemens Energy wehrt sich gegen Vorwürfe aus Russland (Spiegel) Russland liefert weniger Gas nach Deutschland und macht dafür auch Verzögerungen bei Reparaturen durch Siemens Energy verantwortlich. Das Unternehmen weist die Anschuldigungen zurück.

Attacks, Threats, and Vulnerabilities

Zionist intelligence company cyberattacked by Iraqi hackers (Mehr News Agency) Two groups of Iraqi hackers have reportedly targeted the website of Zionist digital intelligence company Cellebrite, which provides solutions for retrieving information from electronic devices and analyzing the data.

Crypto crash threatens North Korea’s stolen funds as it ramps up weapons tests (Reuters) The nosedive in cryptocurrency markets has wiped out millions of dollars in funds stolen by North Korean hackers, four digital investigators say, threatening a key source of funding for the sanctions-stricken country and its weapons programmes.

Reports of Disinformation Campaign Against Rare Earth Processing Facilities (U.S. Department of Defense) The Department of Defense is aware of the recent disinformation campaign, first reported by Mandiant, against Lynas Rare Earth Ltd., a rare earth element firm seeking to establish production capacity

Cyber Pirates Prowling Ship Controls Threaten Another Big Shock (Bloomberg) Coast Guard urges vigilance as ship systems probed ‘every day’. IMO guidelines haven’t done enough to protect against hacks.

Market differentiation: Cybercriminal forums’ unusual features designed to attract users (Digital Shadows) After a tumultuous few months at the start of the year in which each week seemed to bring a major development in the cybercrime scene, we’ve been enjoying a period of relative stability in the dark web. We have just about recovered from the closure of the English-language forum giant RaidForums, the bombshell leak of

CISA Says ‘PwnKit’ Linux Vulnerability Exploited in Attacks (SecurityWeek) CISA says the Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks.

FabricScape: Escaping Service Fabric and Taking Over the Cluster (Unit 42) FabricScape (CVE-2022-30137) is a privilege escalation vulnerability of important severity in Microsoft’s Service Fabric, commonly used with Azure.

Azure Service Fabric Vulnerability Can Lead to Cluster Takeover (SecurityWeek) A vulnerability in Azure Service Fabric allows an attacker to escalate privileges and take over entire Linux clusters.

New UnRAR Vulnerability Could Let Attackers Hack Zimbra Webmail Servers (The Hacker News) A new vulnerability has been discovered in RARlab’s UnRAR utility that also affects several other applications using it, including Zimbra Mail.

AstraLocker Ransomware Spread in ‘Smash and Grab’ Attacks (Decipher) A new variant of the AstraLocker found being deployed directly in Microsoft Office attachments reflects a focus by attackers on making a big impact and getting a quick payout.

2022 0-day In-the-Wild Exploitation…so far (Google Project Zero) Posted by Maddie Stone, Google Project Zero This blog post is an overview of a talk, “ 0-day In-the-Wild Exploitation in 2022…so far”,…

Avast uncovers ‘thieves’ kitchen’ of malware-writing teens (ComputerWeekly.com) Researchers stumble across online community of 11 to 18-year-olds constructing, exchanging and spreading malware.

Minors Use Discord Servers to Earn Extra Pocket Money Through Spreading Malware (PR Newswire) Avast (LSE: AVST), a global leader in digital security and privacy, has discovered an online community of minors constructing, exchanging and…

Walmart denies being hit by Yanluowang ransomware attack (BleepingComputer) American retailer Walmart has denied being hit with a ransomware attack by the Yanluowang gang after the hackers claimed to encrypt thousands of computers.

AMD claims potential attack from RansomHouse gang (CRN Australia) Says some 450 gigabytes of data stolen.

Hacker Impersonates TrustWallet in Crypto Phishing Scam (Vade Secure) This crypto scam features a TrustWallet phishing campaign luring users into divulging their recovery phrases on a sleek phishing page.

Destructive firmware attacks pose a significant threat to businesses (Help Net Security) Despite the risks that destructive firmware attacks pose to organizations, device security is not always a major consideration.

Bringing Ransomware Infrastructure Into the Light (Decipher) Researchers from Cisco Talos were able to de-anonymize the infrastructure used by several ransomware groups, including Quantum, Snatch, and DarkAngels.

Dark Web Price Index 2022 – Dark Web Prices of Personal Data (Privacy Affairs) To see just how prevalent items of personal data are being listed on the dark web in 2022, and at what price, we went on a data-gathering mission.

You scheduled an abortion. Planned Parenthood’s website could tell Facebook. (Washington Post) The organization left marketing trackers running on its scheduling pages

Hacktivism Against States Grows After Overturn of Roe v. Wade (GovTech) State and local governments need to prepare and respond to a new round of cyber attacks coming from groups claiming to be protesting the Supreme Court overturning Roe v. Wade last Friday.

La.’s unemployment claims website down after attempted malware attack (WGNO) Additionally, the agency said, according to GSI, there wasn’t a data breach and HiRE users’ personal information was not compromised. The outage is impacting nearly 11,000 people in Lou…

Security Patches, Mitigations, and Software Updates

Service Fabric Privilege Escalation from Containerized Workloads on Linux (Microsoft Security Response Center) Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource’s host SF node and the entire cluster.

Uncovering FabricScape (Palo Alto Networks Blog) Palo Alto Networks teams up with Microsoft to mitigate new cloud vulnerability (CVE-2022-30137).

Amazon Confirmed and Fixed a High Severity Vulnerability of Broken Authentication in Amazon Photos Android App (Checkmarx.com) Our research team at Checkmarx found that the Amazon Photos Android app could have allowed a malicious application, installed on the user’s phone, to steal their Amazon access token. The Android app has over 50 million downloads.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird (CISA) Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

Firefox 102 fixes address bar spoofing security hole (and helps with Follina!) (Naked Security) Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft’s “Follina” saga.

Firefox 102 Patches 19 Vulnerabilities, Improves Privacy (SecurityWeek) Mozilla this week announced the availability of Firefox 102 in the stable channel with patches for 19 vulnerabilities, including four high-severity bugs.

Why more zero-day vulnerabilities are being found in the wild (CSO Online) With the number of zero-days spiking in the last 18 months, organizations need to increase their patching efforts. Software vendors can be more transparent, too.

84% of Consumers Have Used Peer-to-Peer Services (LendingTree) Peer-to-peer (P2P) service apps like PayPal and Venmo offer simple ways to make payments, but some users are losing money through mistakes and scams.

Q1 2022 Incident Response Insights from Tetra Defense (Arctic Wolf) Each quarter, Tetra Defense collects and analyzes data from its incident response engagements in the United States. Find insight and statistics that are vital to assessing the cyber threat landscape.

Connected Healthcare: A Cybersecurity Battlefield We Must Win (Trellix) The medical industry is at unique risk of attack due to the numerous purpose-built devices. Their lack of ubiquity creates a false sense of security and reduced scrutiny from the security research industry.

Marketplace

Cybersecurity startups, once the VC darling, hammered by layoffs (TechCrunch) Thousands have been laid off, despite startups raising huge amounts of cash and VC investments increasing year-over-year.

What drives private equity firms to acquire cybersecurity companies (Gulf Business) Over the last couple of years, cybersecurity is moving higher up the priority list, following a series of high-profile attacks globally.

Cybersecurity leaders are anticipating mass resignations within the year – here’s why (ZDNet) The growing threat of attacks combined with industry skill gaps is leading to sky-high burnout rates among cybersecurity professionals.

Cleartrace Raises $20 Million Financing Led by ClearSky With Strategic Funding From Brookfield Renewable, EDF Energy North America, Tenaska, and Exelon to Help Companies Reach Decarbonization Goals (Business Wire) Cleartrace announced a $20M financing round led by ClearSky with investment from Brookfield Renewable, EDF Energy North America, Tenaska, and Exelon.

Cyolo Banks $60M Series B for ZTNA Technology (SecurityWeek) Israeli startup Cyolo raises a massive Series B round to compete in the market for zero trust networking access.

Token raises $13M and appoints CEO scale biometric authentication wearable business (Biometric Update |) Token has raised $13 million in a Series B funding round for solution development and demand generation and appointed John Gunn as CEO.

BT asks for more time as ban on Huawei equipment approaches (the Guardian) UK telecoms operator struggling to meet January 2023 deadline to remove all Chinese firm’s equipment from core network

‘Huawei-phobia’ is against globalization (China Daily) “Thanks to Huawei, China could participate in the NATO summit”, says the headline of German-language media outlet Wirtschafts-Woche.

Red River appoints Dan Kent as CTO (Help Net Security) Red River announced that Dan Kent has been appointed Chief Technology Officer to oversee the company’s expansive team of engineers.

Long-time Cybersecurity Leader John Watters Joins Metabase Q’s Board of Directors (Business Wire) Metabase Q, the end-to-end security platform for companies in Latin America, welcomes John Watters, President and COO of Mandiant, to its board

Babel Street Appoints New Executive Vice President of Sales and Senior Vice President of Marketing (PR Newswire) Babel Street, the world’s leading AI-enabled data-to-knowledge company, today announced that Bryan Mulholland has joined the company as…

Products, Services, and Solutions

Now you can securely share 1Password files and documents with anyone (1Password Blog) 1Password customers can now securely share anything stored in 1Password, including documents and files, with anyone – even if they don’t use 1Password.

Vectra Becomes AWS Security Competency Partner (PR Newswire) Vectra AI, a leader in threat detection and response, today announced that it has become an Amazon Web Services (AWS) Security Competency…

Enveil ZeroReveal ML Encrypted Training enables secure usage of cross-silo data sources (Help Net Security) Enveil released its new encrypted training solution, ZeroReveal ML Encrypted Training (ZMET), to secure usage of cross-silo data sources.

Codenotary SBOM Operator for Kubernetes provides continuously updated info on software supply chain (Help Net Security) Codenotary launched SBOM Operator for Kubernetes in both its open source Community Attestation Service, as well as Codenotary’s Trustcenter.

London based startup launches open-source collaboration tools to help businesses avoid online surveillance. (Pressat) The London based…

Radware completes its Hacker’s Almanac (iTWire) Security vendor Radware has completed its Hacker’s Almanac. Series III – the final instalment – focuses on threat intelligence and cyber defence. The Hacker's Almanac is a field guide for security analysts, professionals and executive decision-makers. "Understanding the threat landscape is o…

Synaptics Selects Allegro DVT’s VVC Compliance Streams (Business Wire) Synaptics Incorporated has selected Allegro DVT’s VVC test streams.

KnowBe4 Signs Partner Agreement With NEC Corporation (NEC) (Yahoo) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that it has signed a reseller agreement with NEC Corporation (NEC).

KnowBe4’s Compliance Audit Readiness Assessment (CARA) Now Maps to the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) (Yahoo) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that its CARA tool now maps to the NIST Cybersecurity Framework.

FirstLight Seeks to Close the Cyber Security Gap for Its Customers with Several New Cloud-Based Security Solutions (GlobeNewswire News Room) FirstLight, a leading provider of digital infrastructure services to…

Sysdig Announces Drift Control to Prevent Container Attacks at Runtime (Business Wire) Sysdig announced Drift Control to prevent container attacks at runtime.

SentinelOne Integrates with Torq, Streamlining SOC Workflows with Automated Incident Response (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced a new integration with Torq, a no-code security automation platfo

Unified Group-IB. Meet Unified Risk Platform (PR Newswire) Group-IB, one of the global leaders in cybersecurity headquartered in Singapore, has today unveiled the Unified Risk Platform, an ecosystem of…

Internet Initiative Japan Selects Juniper Networks Virtual Firewalls to Enable Seamless and Secure Experiences for its New Cloud Network Service (Business Wire) Juniper Networks (NYSE: JNPR), a leader in secure, AI-driven networks, announced today that Internet Initiative Japan Inc. (IIJ), one of the country’s

Technologies, Techniques, and Standards

CISA Calls for Expedited Adoption of Modern Authentication Ahead of Deadline (SecurityWeek) CISA is urging federal agencies and private organizations to switch to Modern Auth in Exchange Online before October 1, 2022.

U.S. Gov Agencies Face Looming Microsoft Exchange Online Modern Auth Deadline (Decipher) New guidance urges U.S. government agencies to expedite the switch to Modern Auth in Exchange Online ahead of Microsoft’s Oct. 1 deadline.

Healthcare Facilities Need a Holistic Digital Identity Strategy – Not Uncoordinated Solutions, New Imprivata Research Reveals (GlobeNewswire News Room) More than two-thirds believe identity management is important to their security strategy, yet less than half are using key identity and access management…

Do back offices mean backdoors? (WeLiveSecurity) The war in Europe is a reminder for shared service centers and shoring operations to re-examine their IT security posture.

Adapting industrial control system (ICS) security to the new normal (VentureBeat) Malware and ransomware attacks are the new normal — ICS security needs to adapt to prevent the kinds of attacks seen in 2021.

How parents can talk about online safety and personal info protection with their kids (Help Net Security) This video provides insight into how parents can talk about online safety and personal info protection with their kids.

Design and Innovation

Securing the Metaverse and Web3 (SecurityWeek) Entrepreneurs, developers, law enforcement and governments need to collaborate now, so the opportunity to develop a safe and secure metaverse is not lost.

Research and Development

Research award establishes sole-source provider of post-quantum cryptography for agencies (FedScoop) The award, which could exceed $100 million, is intended to hasten agencies’ adoption of encryption against forthcoming quantum computers.

Academia

The Cyber AB Launches Academic Advisory Council Backed by Thought Leaders from Across Higher Education (Business Wire) The Cyber AB Launches Academic Advisory Council

Monash University opens public bug bounty (iTnews) Websites, apps open to researchers.

New Jersey Students Claim Top Spots in National Cyber Competition (Insider NJ) New Jersey led the nation in the total number of scholars and finalists during this year’s CyberStart America competition, according to a recent report received by the New Jersey Cybersecurity and Communications[…]

Legislation, Policy, and Regulation

EU Moves Closer to Strict Anti-Money Laundering Rules on Crypto (Bloomberg) Political hurdle cleared to enforce transaction declarations. Crypto industry criticized the regulation on privacy grounds.

A Cyber Persistence Way to Norms (Lawfare) Cyber persistence holds promise for norms because it aligns with core characteristics of cyberspace that motivate malicious behavior, addresses destabilizing behaviors, and builds momentum for new rules of customary law for the cyber context.

TSA Eases Pipeline Cybersecurity Rules Issued After Colonial Hack (Wall Street Journal) The Transportation Security Administration is loosening pipeline cybersecurity rules imposed after the hack of Colonial Pipeline last year, giving companies a longer window to report cyberattacks and more leeway to design their defenses.

TSA to change cybersecurity rules for pipelines following industry criticism (The Record by Recorded Future) TSA announced changes to a cybersecurity directive for U.S. pipelines after backlash from industry experts and trade groups. 

Cyber Experts Discount Insurance in Ransomware Fight (MeriTalk) Federal cybersecurity leaders argued against the effectiveness of cyber insurance as a way to alleviate financial burdens associated with ransomware attacks during a hearing of the House Homeland Security Committee’s panel on intelligence and counterterrorism on June 28.

Congresswoman Promotes Cyber Insurance Amid Shifting Policy Landscape (Nextgov.com) The jury is still out on how using insurance policies to pay ransoms and re-establish systems after a cyberattack affects critical infrastructure organizations’ individual and collective resilience.

Facebook could be sued for addicting children under California bill (Ars Technica) If passed, it would likely impact social media users everywhere.

California Lawmakers Want To Sue Meta, TikTok for Kids’ Social Media Addictions (TheQuint) Government attorneys can soon sue social media companies for employing algorithms that make minors addicted.

New clearance ideas aim to make national security workforce more mobile, diverse (Federal News Network) Inconsistent policies and processes are making it harder for defense and intelligence agencies to recruit and retain the people with critical skills.

Litigation, Investigation, and Law Enforcement

Cyber Security and the Indian Cyber Laws with its details (Kratikal Blogs) Cyber laws are unique to every country and enforced under law, and Compliances carry policies to engrave the path.

Ukraine arrests cybercrime gang operating over 400 phishing sites (BleepingComputer) The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians.

Is TikTok the Devil You Know or Worse? (Scott Schober) FCC Commissioner @BrendanCarrFCC just threw down the data protection gauntlet via Twitter regarding TikTok’s Chinese ownership and data privacy practices (and deceptions). Is this a real attempt to bolster the data privacy of US citizens or just a misguided distraction? And given recent U.S. Supreme Court rulings, is TikTok’s data harvesting any more dangerous to… Read More »

Listen Now: Can TikTok be trusted with users’ data? (NPR One) Technology on NPR One | 5:09

European, U.S. Groups Plan Salvo of Privacy Complaints Against Google (Wall Street Journal) Complainants invoke ‘privacy-by-design’ provision of EU law in arguing that Google complicates opting out of data-collection.

Google account sign-up process targeted with GDPR complaints (TechCrunch) Consumer rights groups in Europe have filed a new series of privacy complaints against Google — accusing the advertising giant of deceptive design around the account creation process which they say steers users into agreeing to extensive and invasive processing of their data. The tech giant p…

10 Arrested for Involvement in Online Sexual Exploitation in Europe (HackRead) The arrests were made in Spain, Portugal, and France in a coordinated effort by Brazilian Federal Police and European law enforcement agencies.

‘Money mule’ accounts have transferred $3 billion in the first half of 2022 (SC Magazine) Fraudulent financial transfers known as “money mule accounts have been on the rise as cybercriminals use botnet and hybrid bot technology to open the accounts on a wider basis, according to BioCatch.

DOJ Sues Booz Allen to Stop Deal for Defense Firm EverWatch (2) (Bloomberg Law) The Department of Justice sued to block Booz Allen Hamilton from acquiring defense firm EverWatch, citing concerns that the deal would harm competition for federal intelligence contracts.

Justice Department Sues to Block Booz Allen Hamilton’s Proposed Acquisition of EverWatch (US Department of Justice) The Department of Justice filed a civil antitrust lawsuit today to block Booz Allen Hamilton Holding Corporation’s (Booz Allen) proposed acquisition of EverWatch Corp. (EverWatch), a subsidiary of EC Defense Holdings LLC. The complaint, filed in the U.S. District Court for the District of Maryland, alleges that the merger agreement threatens imminent competition for a government contract to provide operational modeling and simulation services to the National Security Agency (NSA). Unless enjoined, the transaction would eliminate competition for this defense contract, leaving NSA to face a monopoly bidder.  

Uber ex-security chief accused of hacking coverup must face fraud charges, judge rules (Reuters) A federal judge on Tuesday said a former Uber Technologies Inc security chief must face wire fraud charges over his alleged role in trying to cover up a 2016 hacking that exposed personal information of 57 million passengers and drivers.