Dateline Moscow, Kyiv: Kinetic attrition and cyber ops against Ukrainian energy firm.

Ukraine at D+131: Fighting shifts to Donetsk; cyberattacks hit Ukrainian energy firm. (The CyberWire) Russia consolidates the ground it’s taken in Luhansk, and prepares for another firepower-heavy offensive directed at the reduction of Donetsk. Ukrainian forces advance in the south and assume new defensive positions in the Donbas. A major Ukrainian energy provider reports a cyberattack by XakNet, but its consequences are unclear.

Russia-Ukraine war: List of key events, day 132 (Al Jazeera) As the Russia-Ukraine war enters its 132nd day, we take a look at the main developments.

Russia-Ukraine war: what we know on day 131 of the invasion (the Guardian) Ukrainian forces retreat from Lysychansk as Zelenskiy vows to regain the key eastern city with the help of long-range western weapons

Russia shells Ukraine’s Donetsk after seizing Luhansk region (Reuters) Russian forces struck targets across Ukraine’s eastern Donetsk region on Tuesday to prepare the path for an expected armoured thrust to try to take more territory as the five-month-old war entered a new phase.

Russia-Ukraine war: Kremlin spies appointed to run occupied city of Kherson (The Telegraph) An official from Russia’s powerful FSB security services took over the government of the Moscow-occupied Kherson region in southern Ukraine, Kremlin-installed authorities have said.

‘Hell on earth’: Ukrainian soldiers describe eastern front (AP NEWS) Torched forests and cities burned to the ground. Colleagues with severed limbs. Bombardments so relentless the only option is to lie in a trench, wait and pray. Ukrainian soldiers returning from the front lines in eastern Ukraine’s Donbas region — where Russia is waging a fierce offensive — describe life during what has turned into a grueling war of attrition as apocalyptic.

Russia says it has full control of Luhansk region in Ukraine (the Guardian) Ukrainian military command confirms withdrawal of troops from city of Lysychansk to avoid ‘fatal consequences’

Russia says last Ukrainian-held town in the Luhansk region has fallen (The Telegraph) Social media videos show pro-Russian forces unfurling ‘victory banner’ in centre of Lysychansk

Russia claims control of pivotal eastern Ukrainian province (AP NEWS) Russia claimed control Sunday over the last Ukrainian stronghold in an eastern province that is key to achieving a major goal of Moscow’s grinding war .

Putin declares victory in Luhansk after fall of Lysychansk (the Guardian) Region’s governor says loss was painful and he expects Sloviansk and Bakhmut now to face heavy attack

Russia has now ‘liberated’ half of the Donbas (The Telegraph) Kremlin declares victory in Luhansk a day after capture of Lysychansk, the region’s last Ukrainian-held town

Russian-backed forces increase assault on Ukrainian city of Lysychansk (the Guardian) Spokesperson claims they have ‘completely’ encircled last stronghold in Luhansk region

Ukraine Live Updates: Russia’s Grinding Approach Brings Gains in the East (New York Times) Moscow’s victory in Luhansk was based on overwhelming firepower and mile-by-mile advances. But as Russia turns its focus farther inside Ukraine, it is unclear how long its forces can sustain the taxing assault.

Vladimir Putin orders troops deeper into Ukrainian territory after capturing Lysychansk (The Telegraph) Civilians fleeing ongoing artillery fire as Luhansk governor says Donetsk fortifications will make it ‘difficult’ for Russia to advance

High cost of Russian gains in Ukraine may limit new advance (AP NEWS) After more than four months of ferocious fighting, Russia claimed a key victory: full control over one of the two provinces in Ukraine’s eastern industrial heartland. But Moscow’s seizure of the last major stronghold of Ukrainian resistance in Luhansk province came at a steep price.

Luhansk has fallen, but there’s a reason why Russian generals will not be celebrating (The Telegraph) Putin will be happy to see the lines on his map creeping westwards, but Kyiv’s troops are achieving their goal of making invaders pay dearly

Kremlin accuses Ukraine of deadly cluster bomb attack on Russian city (Telegraph) Russian media publishes videos of destroyed houses at a residential block in Belgorod, but these could not be independently verified

Ukraine needs a victory before autumn to silence Western doubters (The Telegraph) Volodymyr Zelensky is running out of time to shore up support, with some believing his country’s battle against Russia is futile

Ukrainians set their sights on revenge in battle for the Black Sea coast (The Telegraph) While Russia eyes an advance that would leave the country landlocked and facing economic ruin, the rag-tag Kherson Brigade has other ideas

Russian minions gathering intel on Mykolaiv defenses exposed, arrested (Ukrinform) The Security Service of Ukraine has neutralized a network of Russian human assets collecting sensitive data on the country’s defense in the Black Sea littoral areas in Mykolaiv region. — Ukrinform.

Russia-Ukraine war: Ukraine flies its flag on Snake Island for first time since regaining territory (The Telegraph) Ukraine has flown its national flag on Snake Island for the first time since regaining control of the territory.

Russia admits it’s running out of weapons in Ukraine war (Newsweek) Russian officials have so far publicly denied that Moscow is having difficulties sustaining Vladimir Putin’s war effort.

Russian factories refusing to repair military equipment damaged in Ukraine – intel (Ukrinform) Russian defense firms turn down orders to repair military equipment that was damaged in Russian invasion of Ukraine.

Russia is losing, and it will be defeated if Nato keeps its resolve (The Telegraph) Joe Biden and Boris Johnson have been steadfast in support of Poland. Together we can stop today’s crisis becoming a global catastrophe

Yulia Tymoshenko: Peace only comes when we ‘finish’ Vladimir Putin by military might (The Telegraph) Former Ukrainian leader warns any deal that concedes territory to the Russian dictator will encourage him to make further land grabs

Thinking About the Unthinkable in Ukraine (Foreign Affairs) What happens if Putin goes nuclear?

US to send Ukraine advanced NASAMS air defense weapons in $820 million package (Defense News) The new aid also included ammunition drawn from U.S. stockpiles for American-supplied High Mobility Artillery Rocket Systems.

NATO touts country pairings as key to defending the eastern flank (Defense News) The new emphasis on pre-assigned forces comes along with a plan for more prepositioned equipment that arriving troops could quickly access from storage.

Sweden, Finland Hold NATO Talks Ahead Of Formal Summit On Accession Protocols (RadioFreeEurope/RadioLiberty) Sweden and Finland are holding talks with NATO officials in Brussels on starting the formal process to join the Western military alliance — a move that would mark a dramatic departure from the Nordic countries’ long-standing policies of nonalignment on military matters.

In Ukraine, U.S. Veterans Step In Where the Military Will Not (New York Times) Special Operations veterans are training Ukrainians near the front lines in the fight against Russia, despite warnings from the Pentagon.

Russian War Report: Russia claims Snake Island losses were ‘gesture of goodwill’ (Atlantic Council) Plus, Russian diplomatic accounts spread a questionable story about anti-Russian stickers placed at an Auschwitz memorial.

Russia’s messages with missiles tell West to back off (AP NEWS) The latest in a litany of horrors in Ukraine came this week as Russian firepower rained down on civilians in a busy shopping mall far from the front lines of a war in its fifth month.

Putin to exploit U.S. economic pain to bring Biden midterms misery—experts (Newsweek) Moscow is likely to exploit divisions within the U.S. and uncertainty about the cost of American support of Ukraine.

Vladimir Putin’s Ukrainian genocide is proceeding in plain view (Atlantic Council) Western policymakers should be in no doubt that the many different Russian war crimes currently taking place in Ukraine are all part of a coherent plan developed by Vladimir Putin to commit genocide.

Moscow forcing teachers in occupied Ukraine to follow Russian curriculum (the Guardian) Educators in Russian-controlled territories stand to lose jobs and risk other retaliation if they do not declare willingness to comply

Preparing for the long haul: the cyber threat from Russia (NCSC) Although the UK has not experienced severe cyber attacks in relation to Russia’s invasion of Ukraine, now is not the time for complacency.

Russian hackers allegedly target Ukraine’s biggest private energy firm (CNN) Russian hackers carried out a “cyberattack” on Ukraine’s biggest private energy conglomerate in retaliation for its owner’s opposition to Russia’s war in Ukraine, the firm said Friday.

Proruskí hackeri opäť útočili. Ďalšia významná spoločnosť hlási, že čelila kybernetickým útokom ( Proruskí hackeri zo skupiny XakNet sa prihlásili ku kybernetickému útoku na ukrajinského dodávateľa energií, spoločnosti DTEK.

President’s official website hit by major cyber attack on Saturday (ERR) The Office of the President’s website has been under a distributed denial-of-service (DDoS) attack for the past three weeks, while most recently thee was hit by a massive cyber attack last Saturday, when it received around 40 million views in a few hours.

U.S. hackers extend malicious cyber operations around the world (People’s Daily Online) The military and government cyber agencies of the U.S., a true empi

The unsung tech heroes and heroines winning the cyber war in Ukraine (Middle East Institute) Never before in history has a war or cyberwar rallied so many tech and cyber experts from around the world to defend one country. Their groundbreaking work is what keeps major cyber-attacks in Ukraine out of the headlines.

Russische Komiker bekennen sich zu Fake-Videoschalten (Funkschau) Wer hat Berlins Regierende Bürgermeisterin Giffey und einige ihrer europäischen Amtskollegen mit einer Videoschalte hereingelegt? Jetzt haben sich russische Komiker zu Wort gemeldet, die als kremltreu gelten. Sie haben auch schon andere Prominente in die Irre geführt.

Goodwill gestures and de-Nazification: Decoding Putin’s Ukraine War lexicon (Atlantic Council) From “goodwill gestures” to “de-Nazification” and “reclaiming Russian lands,” the Atlantic Council’s Peter Dickinson decodes some of the key phrases from the lexicon of Putin’s Ukraine War into plain English.

Vladimir Putin’s popularity in Russia rises since Ukraine war … according to Kremlin (The Telegraph) Citizens apparently think the president is doing a good job, according to a survey by Kremlin-owned polling unit

With all eyes on Ukraine, Vladimir Putin targets domestic dissidents (Atlantic Council) While international attention focuses on Vladimir Putin’s genocidal war in Ukraine, the Russian government is accelerating its brutal crackdown on any remaining expressions of anti-regime dissent on the domestic front.

Russia Should Pay for Its Environmental War Crimes (Wired) The legal challenges are steep, but scientists are recording the war’s devastating impact on Ukraine’s land and wildlife.

Summit speed read: How the G7 and NATO pushed back on Putin (Atlantic Council) The free world’s leading institutions did a lot this week—but the war still hangs in the balance. Here’s what was agreed to and what is yet to be accomplished.

Our experts decipher NATO’s new Strategic Concept (Atlantic Council) This one was a decade in the making. On Wednesday, NATO released its new Strategic Concept—a sixteen-page document of dry diplomat-speak sketching out the Alliance’s future path as it takes on threats posed by Russia, China, climate change, and more. But what were the allies really saying amid all the jargon? And what did they leave out? Experts from the Atlantic Council’s Transatlantic Security Initiative carefully combed through the document and dropped their insights in the margins.

Implications of a Finnish and Swedish NATO Membership for Security in the Baltic Sea Region (Wilson Center) On Wednesday morning, May 18, 2022, the Finnish Ambassador to the North Atlantic Treaty Organization (NATO), Mr. Klaus Korhonen and the Swedish Ambassador to NATO, Mr. Axel Wernhoff, handed in Finland and Sweden’s official letters of application in the Alliance’s Brussels headquarters. The applications were filed after months of national domestic debates on both sides of the Gulf of Bothnia following Russia’s invasion of Ukraine on February 24.

Advanced U.S. Arms Make a Mark in Ukraine War, Officials Say (New York Times) The powerful and highly mobile weapons systems, which can fire guided rockets with a range of 40 miles, are desperately needed in the battle for eastern Ukraine.

US confirms the delivery of two NASAMS air defense missile systems to Ukraine (Army Recognition) US confirms the delivery of two NASAMS air defense missile systems to Ukraine

Does Putin’s War Mark a New Period in History? (Foreign Policy) It has been only two years since the start of another world crisis thought to mark a new era.

The Classic Cold War Conundrum Is Back (Foreign Policy) It is impossible to forget Russia’s violent and repressive actions in Ukraine, but it is necessary to deal with them to avoid escalation.

A New Cold War May Call for a Return to Nonalignment (Foreign Policy) Why a growing number of countries want to avoid getting stuck in a great-power tussle—again.

The Art of the Arms Race (Foreign Policy) To avoid disaster, the United States must relearn crucial Cold War lessons.

Blinken: NATO is ‘more united, more focused’ after historic summit (Atlantic Council) The Atlantic Council teamed up with civil society organizations at the NATO Public Forum, convening top US and global leaders for their take on NATO’s priorities in a changing security environment.

Ukraine, EU Member Candidate (Wilson Center) On June 24, 2022, the EU leadership granted Ukraine candidate membership status. At the same meeting, Moldova was also granted candidate status. The accession of both to the bloc is contingent on the implementation of successful reforms.

The forgotten history of Poland and Ukraine (Spectator) Ukraine was part of Poland for longer than it was inside Russia – and this is key to understanding Ukrainian nationhood

Hindsight Up Front | Defining a Successful Resolution to Russia’s War in Ukraine (Wilson Center) What does success look like? As Russia’s unprovoked war in Ukraine enters into its fifth month, it is clear that the military campaign will not end any time soon and that the potential terms of a successful resolution to the conflict are murky. Neither side appears willing, or indeed able, to agree to terms less than victory.

How to Break Russia’s Black Sea Blockade (Foreign Affairs) The world must act to address the global food crisis.

U.S. Blacklists Five Chinese Firms for Allegedly Helping Russia’s Military (Wall Street Journal) The firms were added to an ‘entity list’ that will restrict their access to U.S. technology.

French Company Leaves Russian Banks Without Payment Protection (Oreanda) French Company Leaves Russian Banks Without Payment Protection

Google Allowed a Sanctioned Russian Ad Company to Harvest User Data for Months (ProPublica) The internet giant may have provided Sberbank-owned RuTarget with unique mobile phone IDs, IP addresses, location information and details about users’ interests and online activity.

Revealed: How Russian ships are turning off trackers in the Black Sea to sell Ukraine’s stolen grain (The Telegraph) One bulk carrier, the 170m long Matros Koshka, has not been seen since it vanished off the northern coast of Turkey three weeks ago

Turkey halts Russian ship, investigates Ukrainian claims -senior official (Reuters) Turkey has halted a Russian-flagged cargo ship off its Black Sea coast and is investigating a Ukrainian claim that it was carrying stolen grain, a senior Turkish official said on Monday.

Why Russia’s economy is more resilient than you might think (Atlantic Council) With each recession, Russian institutions—and the population itself—have become increasingly inured to economic trauma.

Schneider Electric to sell Russia unit to local management (CRN Australia) Joining wave of companies divesting their Russian businesses.

After invasion of Ukraine, a reckoning on Russian influence in Austria (Washington Post) “Polizei!” barked the officers who stormed a third-floor apartment in the Austrian capital, moving to intercept a thickset man standing near a kitchen nook. The suspect — a long-serving official in Austria’s security services — sprang toward his cellphone and tried to break it in two, according to Austrian police reports.

Attacks, Threats, and Vulnerabilities

Hackers Claim Theft of Police Info in China’s Largest Data Leak (Bloomberg) Unknown cyberattackers claim to have info on a billion Chinese. The claim triggered speculation online and in security circles.

Hacker Selling Shanghai Police Database with Billions of Chinese Citizens Data (HackRead) Follow us on Twitter @HackRead – Facebook @ /HackRead

Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web (ZDNet) Names, addresses, national IDs and mobile phone numbers, along with police and medical records among information said to be being offered.

Hacker claims to have stolen 1 bln records of Chinese citizens from police (Reuters) A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chinese citizens, which tech experts say, if true, would be one of the biggest data breaches in history.

Mystery hacker says 1 billion people exposed in ‘biggest hack in history’ (Yahoo Finance) Someone known as ‘ChinaDan’ advertised 23TB cache of sensitive data on the dark web

Official British Army Twitter and YouTube accounts hijacked by NFT scammers (Hot for Security) Hundreds of thousands of people who follow the official social media accounts of
the British Army may have been surprised to see that it had been hijacked by
hackers yesterday.

British army confirms breach of its Twitter and YouTube accounts (the Guardian) Investigation under way after interview with Elon Musk uploaded to video channel and picture of cartoon monkey seen on Twitter

British Army hit by cyberattack as Twitter and YouTube accounts hacked (The Telegraph) Defence sources would not comment on whether Russians could be responsible

British Army’s Twitter and YouTube accounts hijacked to promote crypto scams (Computing) However, everything was back to normal on both accounts by Sunday night

Iranians’ Remote Access to Banking Services Cut Off Over ‘Cyber Attacks’ (IranWire) Iranians’ access to domestic banking services from abroad has been temporarily cut off in aid of “preventing cyber attacks”, according t …

(Video) Iranian regime’s Islamic Culture and Communications Organization targeted in massive cyber offensive (EIN News) The ICCO’s council includes two ministers and the international relations deputy of Khamenei’s offices, which confirms its important role in the regime.

Is Your New Car a Threat to National Security? (Wired) Putting sensor-packed Chinese cars on Western roads could be a privacy issue. Just ask Tesla.

Microsoft finds Raspberry Robin worm in hundreds of Windows networks (BleepingComputer) Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.

AstraLocker ransomware shuts down and releases decryptors (BleepingComputer) The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they’re shutting down the operation and plan to switch to cryptojacking.

Jenkins discloses dozens of zero-day bugs in multiple plugins (BleepingComputer) On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.

A New, Remarkably Sophisticated Malware Is Attacking Routers (Wired) Researchers say the remote-access Trojan ZuoRAT is likely the work of a nation-state and has infected at least 80 different targets.

Threat Actor Claims Responsibility For IBM and Stanford University Hack (Infosecurity Magazine) The module reportedly has desktop takeover capabilities that would be used to get clicks on ads

Five ransomware gangs and their tactics (part two) (Cyber Security Hub) Discover who the current most prolific and prevalent ransomware gangs are and attain insight into how they operate

The dangerous spyware Joker has been eluding Android controls for five years: these are the 20 apps found on Google Play (TheNewsTrace) Joker is an Android malware also known as Bread that seeks to obtain information from people of users of this mobile OS. It has been active since at least 2017 and, even over time, it is still within Google Play applications, since it manages to continue to pass security controls. Now ESET has discovered new […]

Tourists warned about the dangers of using computers in hotels (The Times Hub) Photo: Depositphotos < p>Tourists should limit their use of computers in public places such as hotels, libraries and airports due to increased risk of hacker

Researchers Warn of Teen Hacking Group on Discord (Infosecurity Magazine) Online community is creating, exchanging and spreading malware

Teen “Hackers” on Discord Selling Malware for Quick Cash (HackRead) Follow us on Twitter @HackRead – Facebook @ /HackRead

Microsoft Issues Serious Warning Against Toll Fraud Malware As The Latest Common Threat For Android Users (Digital Information World) Toll fraud carries out its many actions across WAP and that enables customers to end up subscribing to paid features.

Reusing Bitcoin Addresses Can Lead To Private Keys Being Stolen (Bitcoin Magazine) Only using Bitcoin addresses one time is best practice. By using addresses more than once, users give up information that can result in negative outcomes.

Phishing scam poses as Canadian tax agency before Canada Day (WeLiveSecurity) In the lead-up to the Canada Day festivities, a tax scam claims to represent the Canada Revenue Agency (CRA) and promises a refund of nearly CAD$500.

Gmail, Hotmail users beware! This fake email steals Facebook details (NewsBytes) Gmail and Hotmail users are advised to be on the lookout for a scam email allegedly from the Facebook Support team

Publishing giant Macmillan still unable to process orders after ransomware attack (The Record by Recorded Future) Publishing giant Macmillan is in the process of recovering from a ransomware attack that has left it unable to process orders electronically. 

Korean Loyalty Platform Exposed Around a Million Customers’ Personal Data (Website Planet) Dodo Point’s open Amazon bucket exposed at least 1 million customers’ PII and thousands of retail outlets’ sensitive data. Company name and loc

HackerOne disclosed on HackerOne: June 2022 Incident Report (HackerOne) Since the founding of HackerOne, we have kept a steadfast commitment to disclosing security incidents because we believe that sharing security information far and wide is essential to…

HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains (The Hacker News) An employee of HackerOne bug bounty platform was caught improperly accessing vulnerability reports submitted by researchers for personal gain.

Rogue HackerOne employee steals bug reports to sell on the side (BleepingComputer) A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards.

Rogue HackerOne Employee Stole Bounties With Fake Bug Reports (TechDator) HackerOne, the bug bounty platform that processes vulnerability submissions, has disclosed a rouge incident this week

A HackerOne Employee Stole Vulnerability Reports From Security Researchers (PCMAG) Insider threat meets side hustle.

PFC USA Provides Notice of Data Security Incident (PR Newswire) Professional Finance Company, Inc. (“PFC”), an accounts receivable management company that provides assistance to various organizations…

Cyber attack disrupts unemployment benefits (KYMA) Thousands of people receiving unemployment and workforce benefits had to wait for payments due to an apparent cyberattack.

Crypto Crash Rattles Cybercriminals, Pushing Them Beyond Ransomware (CNET) Some cybercriminals are recalculating their ransoms and moving into new scams.

CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Vulnerability Summary for the Week of June 27, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

Google patches new Chrome zero-day flaw exploited in attacks (BleepingComputer) Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022.

Google launches Advanced API Security (TechCrunch) Advanced API Security, a new Google Cloud product available in preview, is designed to help Apigee customers protect their APIs from cybersecurity threats.

Guidance on Applying June Microsoft Patch (CISA) Per CISA’s Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies must apply Microsoft’s June 2022 Patch Tuesday update by July 22, 2022.

CISA orders federal agencies to patch Windows bug (The Record by Recorded Future) The Cybersecurity and Infrastructure Security Agency on Friday said that federal civilian executive branch agencies must apply remediations for a security bug affecting Microsoft devices by July 22.

CISA orders agencies to patch Windows LSA bug exploited in the wild (BleepingComputer) CISA has re-added a security bug affecting Windows devices to its list of bugs exploited in the wild after removing it in May due to Active Directory (AD) certificate authentication issues caused by Microsoft’s May 2022 updates.

The Worst Hacks and Breaches of 2022 So Far (Wired) From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half.

Google: Half of zero-day exploits linked to poor software fixes (ZDNet) Software companies need to do better root cause analysis of the security bugs they patch.

API Security Losses Total Billions, But It’s Complicated (Dark Reading) A recent analysis of breaches involving application programming interfaces (APIs) arrives at some eye-popping damage figures, but which companies are most affected, and in what ways?

OT Security: Has the Industry Made Progress? (Bank Info Security) OT security has been at the center of the security conversation ever since the Colonial Pipeline attacks. Scott Flower, the founder of Pareto Cyber and a former

Cyberattacks on financial services rising, says expert (Punch Newspapers) The Managing Director of Infodata Professional Services, Chuks Udensi, has disclosed that there is an increase in the number of targeted cyber-attacks in the financial services sector.


LogRhythm Delivering on Promises to Customers (LogRhythm) LogRhythm is on an accelerated journey! LogRhythm has been regenerated to deliver on promises to better serve our customers.

Johnson Controls Acquires Tempered Networks (Hstoday) The acquisition of Tempered Networks builds on the selection of the company as a core component of Johnson Controls OpenBlue platform and services. The acquisition of Tempered Networks builds on the selection of the company as a core component of Johnson Controls OpenBlue platform and services.

SailPoint shareholders approve acquisition by Thoma Bravo (Private Equity Wire) Shareholders in SailPoint Technologies Holdings (SailPoint), a specialist in enterprise identity security, have voted to approve the company’s pending acquisition by software investment firm Thoma Bravo.

PFG Advisors Grows Position in Palantir Technologies Inc. (NYSE:PLTR) (Defense World) PFG Advisors raised its position in shares of Palantir Technologies Inc. (NYSE:PLTR – Get Rating) by 21.1% in the 1st quarter, according to its most recent 13F filing with the Securities and Exchange Commission (SEC). The institutional investor owned 13,973 shares of the company’s stock after buying an additional 2,439 shares during the quarter. PFG […]

UNITED STATES/RUSSIA/UKRAINE : Gemini Advisory spearheads Recorded Future push into ex-USSR zone cyberspace (Intelligence Online) The one-year-old Intelligence Fund, launched by Recorded Future, is beefing up its portfolio of intelligence startups, starting with the Russian and Eastern Europe cyberthreat specialist Gemini

Pricing pressures moderate as cyber insurance market begins to level out (Cybersecurity Dive) A surge in new buyers has begun to offset years of rising claims and higher premiums, according to data from global insurance firm Marsh.

Rising threats spark US scramble for cyber workers (The Hill) The federal government and private sector are facing increasing pressure to fill key cyber roles as high-profile attacks and international threats rattle various U.S. sectors. Workforce shortages h…

Md. cyber companies increasingly looking abroad for growth (Maryland Daily Record) Seven Maryland companies attended Infosecurity Europe 2022, the continent’s largest gathering of cybersecurity companies.

Hell’s Waiting Room Looks a Lot Like the Pentagon Visitor’s Center: Unpacking Cleared Worker Mobility (ClearanceJobs) The demand for cleared talent continues to outpace supply, and that means that when it comes to filling critical national security positions it’s often essential to transfer workers between contracts rather than onboard new talent.

‘Our Aspiration Is to Be the First $100 Billion Cybersecurity Company’: Nikesh Arora on Making Palo Alto Networks a Juggernaut (The Information) When Nikesh Arora and I met in mid-June near the windswept entrance of his Palo Alto Networks offices in Sunnyvale, Calif., he was feeling a lot less Covid cautious than I was. That’s because the 54-year-old chief executive had gotten infected the previous month at the World Economic Forum. “My …

Synopsys Stock: A Growth Story Hard To Ignore (NASDAQ:SNPS) (SeekingAlpha) Increased demand from China is expected to provide a significant boost to Synopsys’ revenue in FY22. Read why I assign a buy rating on SNPS stock.

Kroll Wins Best Managed Security Service for Kroll Responder (Kroll) Kroll Wins Best Managed Security Service for Kroll Responder at SC Awards Europe 2022. Read more.

Conquest Cyber Announced as 2022 Microsoft Partner of the Year for US Defense & Intelligence (EIN News) Conquest Cyber announced today that they have been named the 2022 Microsoft US Defense and Intelligence Partner of the Year. Conquest Cyber has been recognized

Fortinet Partners with Women in CyberSecurity (WiCyS) to Expand the Wo (PRWeb) Fortinet, a global leader in broad, integrated, and automated cybersecurity solutions, is expanding its partnership to become a Tier 1 strategic partner wi

HUB Security names Hugo Goldman Chief Financial Officer (Yahoo) HUB Cyber Security (Israel) Limited (TASE: HUB), a developer of Confidential Computing cybersecurity solutions and services (“HUB” or the “Company”), announced today Hugo Goldman, CPA, will join the company as Company Chief Financial Officer (CFO).

Versa Networks Expands APAC and Japan Leadership Team to Continue Global Growth and Meet Accelerating APJ Region Demand for Versa SASE (BusinessWire) Versa Networks, the recognized secure access service edge (SASE) leader, today announced it has named former Commvault Software and Dell Technologies

OneSpan Continues to Build Momentum with Key Appointment of Michael Lillie as Chief Information Officer (Business Wire) OneSpan Inc. (NASDAQ: OSPN), the digital agreements security company, announced today that Michael Lillie has joined the company as Chief Information

NFT sales hit 12-month low after cryptocurrency crash (the Guardian) Sales of non-fungible tokens totalled just over $1bn in June, compared with peak of $12.6bn in January

Ailing crypto lender Celsius to lay off a quarter of its employees (ctech) The American-Israeli company is parting ways with around 150 employees as it continues to look for a way out of a crisis that saw it pause all withdrawals from its platform three weeks ago

Crypto lender Vauld suspends withdrawals, trading and deposits (TechCrunch) Singapore-headquartered crypto lender and exchange Vauld is suspending withdrawals, trading and deposits with immediate effect as it navigates financial challenges.

Chevy’s First Foray into NFT Auctions Was a Bust With Zero Bids for the Minted Green Corvette Z06 (Corvette: Sales, News & Lifestyle) Chevrolet’s auction of the “Own the Color” NFT artwork and a real-life 2023 Corvette Z06 painted in Minted Green came to an end on Saturday with zero bids received.

Products, Services, and Solutions

Hudini and Incode Technologies Enter Strategic Partnership to Digitally Transform the Hospitality Experience (Business Wire) Smart hospitality solutions provider, Hudini, and Incode Technologies, the industry-leader in identity verification and authentication for global ente

Mitre releases ATT&CK search extension for Chrome (SC Magazine) Mitre’s Center for Threat Informed Defense is now offering a free Chrome browser extension, allowing for instantaneous searching of the ATT&CK framework knowledge base as simply as right-clicking on a term. 

“K” Line has enhanced the shipboard cyber security with surveillance of ship’s communication 24/7 (Portnews) New cyber security platform, “Cybereason” includes Next Generation Anti-Virus and Endpoint Detection & Response

Value Investing | Market Insight of Investment Gurus (Guru Focus) Value Investing | Market insights and news of the investment gurus. Value investing screens and valuation tools.

FCC authorizes SpaceX to provide mobile Starlink internet service to boats, planes and trucks (CNBC) The FCC authorized SpaceX to provide Starlink satellite internet to vehicles in motion, a key step for Elon Musk’s company to further expand the service.

SentinelOne integrates with Torq to empower security teams (SecurityBrief Asia) With Torq, security teams can extend the power of SentinelOne to systems across the organisation to benefit from a proactive security posture.

Microsoft Defender adds network protection for Android, iOS devices (BleepingComputer) Microsoft has announced the introduction of a new Microsoft Defender for Endpoint (MDE) feature in public preview to help organizations detect weaknesses affecting Android and iOS devices in their enterprise networks.

Ethoca fights friendly fraud with Microsoft Azure (Technology Record) Mastercard-owned Ethoca is helping businesses to fight ‘friendly fraud’ with its Microsoft Azure-based Ethoca Consumer Clarity.  ‘Friendly fraud’ occurs when a customer requests a refund from their bank for a legitimate transaction. According to Rahul Deshpande, chief technology officer at Ethoca: “Friendly fraud can account for as much as 70 per cent of all credit card fraud, which is immense, and it costs the industry about $132 billion per…

Technologies, Techniques, and Standards

Next Up: Integrating Information and Communication Technology Risk Programs with Enterprise Risk Management (NIST) Given the increasing reliance of organizations on technologies over the past

To Combat Zero Day Variants, ‘We Need Comprehensive Fixes’ (Decipher) At least half of the zero days exploited in the wild in 2022 are variants of previously fixed bugs, Google data shows.

Analyzing the Results of Your CIS Security Controls Risk Assessment (Cyber Saint) The objective of the Center for Internet Security (CIS) is to “discover, create, validate, promote, and sustain best practice cyber defense solutions.”

Culture Drives Cybersecurity for DHS, DOD (Government CIO Media) Concepts and mandates such as cyber incident reporting, DevSecOps and zero trust only go so far.

Smaller Companies Are Urged to Adopt Multifactor Authentication (Wall Street Journal) Too many small and medium-size businesses rely on usernames and passwords alone to secure their systems, leaving them vulnerable to cyberattacks that could otherwise be prevented, government officials and cybersecurity chiefs say.

Keys to a successful security awareness program (Security Magazine) With an increasingly dispersed workforce, security awareness has become both more critical and more challenging. The 2022 SANS Security Awareness Report discovered the top three signs of a successful security awareness program.

Understanding and Designing Strong Network Security Policies  (Cybersecurity Exchange) Learn the basics of network security policies, including how to design and implement them and why network monitoring and security training are important.

Akamai CTO: Biggest Zero Trust Misconceptions (SDX Central) Zero trust has become one of cybersecurity’s biggest and favorite buzzwords, but there are still some myths around the term. Akamai Technologies’s CTO and EVP Robert Blumofe listed three of the most common misconceptions surrounding zero trust.

Cyber Yankee: The Marine Corps Is Laser Focused On Cyberwar (The National Interest) The Marine Corps’ Cyber Yankee exercises are meant to simulate a cyber attack on the nation’s critical infrastructure.

Design and Innovation

The next big cybersecurity headache: Quantum hacking (Fortune) Here’s how CEOs should prepare for ‘Y2Q.’

It’s alive! How belief in AI sentience is becoming a problem ( The issue of machine sentience – and what it means – hit the headlines this month when Google placed senior software engineer Blake Lemoine on leave a..

Deloitte believes the future of government rests on a vision it calls ‘agile identity’ (Biometric Update) Deloitte has unveiled a vision called “agile identity” which it believes is the future of government, soon after being awarded two contracts (worth a combined £13.8 million, or US$18.1 million) with the UK government to build a digital identity app called One Login to replace its predecessor Gov.UK Verify.

Google will start auto-deleting abortion clinic visits from user location history (The Verge) Location history and Fitbit’s cycle tracking will be updated.

Post-Roe: Google to forget you were at that medical clinic (Register) Plus: Cyber-mercenaries said to target legal world, backdoor found on web servers, and more

School Surveillance Will Never Protect Kids From Shootings (Wired) The failure is not only in the spurious systems, but in the belief that more data can improve them.

Research and Development

DHS Awards $9.8 Million for Small Businesses to Develop Security Technology Prototypes (Security Today) The Department of Homeland Security (DHS) Small Business Innovation Research (SBIR) Program awarded a total of $9,782,624 million to small businesses to further develop technologies intended to support homeland security mission needs.


Dutch university wins big after Bitcoin ransom returned (Deutsche Welle) Maastricht University has doubled its money thanks to a ransomware attack three years ago. The university plans to help struggling students with its new funds.

Dutch Uni Gets Cyber Ransom Money Back… With Interest (SecurityWeek) A Dutch university that fell victim to a massive ransomware attack received back some of the money it paid to a ransomware gang

FBI cyber squad head gained criminal justice, cybersecurity skills at Penn State (Penn State University) “Never give up.” Those are the driving words that motivated Chris Cope, a Penn State alumnus who has blended his education from the colleges of Information Sciences and Technology and of the Liberal Arts to bring his career full circle. Cope serves as supervisor of FBI Richmond Division’s Cyber Squad, providing oversight of the cyber task force to support and drive the FBI’s mission to impose risk and consequences against cyber adversaries.

Risks in Cyber Space (The Statesman) As the education sector is making progress in its digital way, educational institutions are becoming vulnerable to be targeted for cyber bullying ~ from ransomware attacks to data breaches.

Legislation, Policy, and Regulation

UK to Force Internet Companies to Curb Foreign ‘Disinformation’ (Bloomberg) The UK will force owners of apps such as social media and search engines to curb “state-linked disinformation” or face fines with an amendment to its sweeping new upcoming online safety law.

Five Eyes Cyber Security Predictions (Gabor Szathmari) The cybersecurity strategies of the Five Eyes alliance are a relevant source of information to understand the coming trends of cyber warfare and cyberterrorism. The Five Eyes nations – Australia, Canada, New Zealand, the United Kingdom, and the United States – are attractive targets for other nation-states due to the members’ economic, military and technological advantages

US, Israel Initiate Cybersecurity Collaboration Program (Gov Info Security) The U.S. and Israel have agreed a new joint cybersecurity program called BIRD Cyber to enhance the cyber resilience of both countries’ critical infrastructures.

Cyber Insecurity: Give Deterrence a Break (Small Wars Journal) It’s time to give deterrence a break. We’ve made the concept carry us through the Cold War and another thirty years after that in the face of bipolar nuclear threats. After almost 80 years, we’ve seen what deterrence can do – and what it can’t. Despite the salient effort to make deterrence work for cyber, it’s clear that we’re faced with a “square peg/round hole” problem. Deterrence doesn’t fit for cyber, and no amount of forcing will change it.

The EU has reached a tentative agreement on groundbreaking cryptographic rules (Worldakkam) The EU has reached a tentative agreement on groundbreaking cryptographic rules Cryptography 3 minutes 01.07.2022 The directive regulates the industry of 27 member countries as the directive addresses money laundering and environmental issues. The directive regulates the industry of 27 member countries as the directive addresses money laundering and environmental issues. European Parliament, Board of …

Is the UK government prepared for its greatest threat? (Help Net Security) With a looming threat of large ransomware attacks targeting the UK government, preparing an adequate defensive strategy will be key.

State comptroller: Israel not ready for real cyberwar (Israel Hayom) “Our data is out there and we are exposed. World War III will be dominated by hackers but the world is not ready for it,” Matanyahu Englman warns.

Côte d’Ivoire invited to join the Convention on Cybercrime (Cybercrime) Côte d’Ivoire was invited on 30 June 2022 to accede to the Budapest Convention on Cybercrime. Thus, 82 States are now either Parties (66), or have signed it or been invited to accede (16).

DOJ sets new goals for responding to ransomware attacks (The Record by Recorded Future) The Justice Department said it wants to increase the percentage of reported ransomware incidents it handles to 65% by September 2023.

ODNI’s Galante Heading Cyber Threat Intel Integration Center (MeriTalk) Laura Galante took over last month as director of the Cyber Threat Intelligence Integration Center (CTIIC), according to her LinkedIn account.

U.S. elections require a permanent solution for fighting foreign interference (The Fulcrum) U.S. democracy would be more secure with a permanent, not periodic, presence in preventing and mitigating foreign interference attacks.

New social media law aims to protect politicians’ online voices (WJXT) A new social media law took effect in Florida Friday. The law takes aim at social media companies silencing political candidates.

Litigation, Investigation, and Law Enforcement

How mercenary hackers sway litigation battles (Reuters) A trove of thousands of emails uncovered by Reuters reveals Indian cyber mercenaries hacking parties involved in lawsuits around the world – showing how hired spies have become the secret weapon of litigants seeking an edge.

“Hostage-taking laws” seem to be fueling a Twitter crackdown in India (Rest of World) Observers say Twitter’s recent takedowns in India highlight how new laws make it easier to censor journalists and dissidents.

State Department offers up to $10 million for info on foreign election interference (The Record by Recorded Future) The State Department announced on Thursday that it is offering up to $10 million for tips about foreign interference in U.S. elections, including illegal cyber activities.

Privacy protection agency seizes servers of hacked travel company (BleepingComputer) The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals.

DOJ sues to block spy tech deal (FCW) The U.S. government is opposing Booz Allen’s bid to acquire a rival ahead of a five-year signals intelligence procurement.

Justice seeks to stop Booz Allen’s Everwatch acquisition (Washington Technology) The department’s antitrust lawsuit says the transaction unfairly eliminates competition for providing signals intelligence modeling and simulation services to the National Security Agency.

DoJ Sues to Block Acquisition of Defense/Intelligence Contractor EverWatch by Booz Allen on Antitrust Grounds (Lexology) On June 29, 2022, the U.S. Department of Justice (“DOJ”) sued under s. 1 of the Sherman Antitrust Act and s. 7 of the Clayton Act to block the…

Rajasthan: 3 arrested for passing confidential info to Pak intel agencies (Hindustan Times) The Rajasthan police said that the Pakistani intelligence agencies are contacting Indian citizens and those positioned in vital institutions through social media to get important information