Dateline Moscow, Kyiv, Vilnius, and Washington: Situation updates, and a DDoS nuisance campaign.

Ukraine at D+137: HIMARS and MLRS begin to bite, and Russia mounts nuisance-level DDoS attacks. (The CyberWire) Personnel and matériel challenges rise in the gunner’s war Russia is waging against Ukraine. Killnet hits targets in Lithuania and the US with nuisance-level DDoS attacks.

Russia-Ukraine war update: what we know on day 136 of the invasion (the Guardian) Luhansk governor says Russian forces shelling indiscriminately, Kyiv criticises Moscow at G20 summit, US sends Ukraine more artillery systems

Russia-Ukraine war: List of key events, day 138 (Al Jazeera) As the Russia-Ukraine war enters its 138th day, we take a look at the main developments.

Russian bombardment kills 3 in Ukraine’s second city Kharkiv (Reuters) Russian weapons pounding Ukraine’s second largest city Kharkiv killed at least three people on Monday, authorities said, while rescuers pulled survivors from the rubble of an earlier strike on an apartment block that killed 19 people in another city.

Ukraine official says Russia strikes ‘absolute terrorism’ (AP NEWS) Russian missile strikes early Monday on Ukraine’s second-largest city killed at least three people and injured scores, including children, the local administrator said, describing the attacks in Kharkiv as “absolute terrorism.”

Russia-Ukraine war: Zelensky accuses Kremlin of ‘deliberately’ targeting civilians during Donetsk attack (The Telegraph) President Volodymyr Zelensky has accused Russia of "deliberately" targeting civilians in a missile strike that has killed 18 people in Donetsk, Eastern Ukraine.

Ukrainian forces make Russians fight for every inch in the Donbas (The Telegraph) Can Russian forces succeed in taking the rest of the Donbas? And at what price to themselves and Ukraine?

Russian War Report: Ukraine uses HIMARS effectively to hit Russian ammo dumps (Atlantic Council) Ukranian forces are using M142 HIMARS multiple rocket launchers to systematically target Russian ammunition storage facilities behind the frontlines.  

Russia suffers ‘wild shell hunger’ as Ukraine hits arms depots with long-range Western rockets (The Telegraph) Vladimir Putin’s forces face ‘out of the blue’ ammunition shortages as warehouses destroyed ‘one by one’ using Himar and MLRS weapons

Unable to even fix its own tanks, Russia’s humiliation is now complete (The Telegraph) Putin’s bid to take over industry propels the country back to the command economy of its Soviet past

More HIMARS, new 155 mm artillery heading to Ukraine (Breaking Defense) Along with four additional High Mobility Artillery Rocket Systems, Ukraine will receive a new, more precise form of 155mm artillery.

Can There Be Real Justice in Ukraine? (Foreign Policy) Past tribunals offer valuable lessons for how war crimes and genocide could be prosecuted in Ukraine.

Donbas town that lived under violent separatist rule fears return of armed Russian ‘junkies’ (The Telegraph) Locals in Mykolaivka endured torture and brutality when pro-Kremlin troops took over in 2014. Now the Russians are only a few miles away

Russia’s Kremenchuk Claims Versus the Evidence (bellingcat) Russian claims about the missile strike that hit a factory and mall in Kremenchuk appear to be contradicted by open source evidence.

UN: Russia and Ukraine are to blame for nursing home attack (AP NEWS) Two weeks after Russia invaded Ukraine in February, Russian forces assaulted a nursing home in the eastern region of Luhansk. Dozens of elderly and disabled patients, many of them bedridden, were trapped inside without water or electricity.

Ukraine aims to amass ‘million-strong army’ to recapture south, says defence minister (BBC News) The defence minister’s remarks are a rallying cry – rather than a concrete plan – as Russia pounds cities.

Vladimir Putin Often Backs Down (Foreign Policy) The idea that Russia’s leader always fights to the finish is a myth.

Pro-Russian cybercriminals briefly DDoS Congress.gov (CyberScoop) KillNet, the group that claimed responsibility, has launched a series of attacks around the world on perceived enemies of Russia.

Lithuania’s state-owned energy group hit by ‘biggest cyber attack in a decade’ (lrt.lt) Lithuania’s state-owned energy group Ignitis said it was hit by “the biggest cyber attack in a decade” on Saturday.

Ignitis Group hit by DDoS attack as Killnet continues Lithuania campaign (Tech Monitor) Ignitis services were knocked offline this weekend in a DDoS attack as Russian hackers Killnet target Ukraine’s allies.

Russian ‘Hacktivists’ Are Causing Trouble Far Beyond Ukraine (Wired) The pro-Russian group Killnet is targeting countries supporting Ukraine. It has declared “war” against 10 nations.

Cracks emerge in Russia’s ‘Digital Iron Curtain’ (Medium) Kremlin-controlled outlets maintain presence on Facebook and Twitter despite the platforms being banned in Russia

Biden marks CIA’s 75 years as ‘bedrock’ of national security (AP NEWS) President Joe Biden lauded the CIA as the “bedrock of our national security” during a Friday visit to the agency, which also is part of the wide-ranging intelligence effort to support Ukraine’s resistance against Russia.

‘I didn’t want one anyway!’ sniffs Russia’s Sergei Lavrov after G20 photo snub (The Telegraph) The Russian foreign minister was met with a frosty reception from his counterparts in Bali

Russians think ‘president’ Vladimir Putin sounds Western – so here is their alternative (The Telegraph) Anti-Western feeling escalates as politicians suggest the word ‘ruler’ to describe the leader, claiming it has Slavic roots

US tells China its support for Russia complicates relations (AP NEWS) China’s support for Russia’s war in Ukraine is complicating U.S.-Chinese relations at a time when they are already beset by rifts and enmity over numerous other issues, U.S.

Post-Boris Britain will continue to stand with Ukraine against Putin’s war (Atlantic Council) Boris Johnson’s resignation has sparked fears in Kyiv over continued UK support but in reality there is little chance of a weakening in British backing for Ukraine in its fight for survival against Vladimir Putin’s ongoing invasion.

Anxiety grows for Ukraine’s grain farmers as harvest begins (AP NEWS) Oleksandr Chubuk’s warehouse should be empty, awaiting the new harvest, with his supply of winter wheat already shipped abroad. Instead, his storage bins in central Ukraine are piled high with grain he cannot ship out because of the war with Russia.

Ukraine restores Danube River ports in emergency effort to get grain out (the Guardian) Soviet-era ports being resuscitated but officials say only way to mitigate global hunger is to end Russia’s Black Sea blockade

Putin’s energy weapon: Europe must be ready for Russian gas blackmail (Atlantic Council) Disarming Putin’s energy weapon: Europe can disconnect from Russia’s gas supplies sooner than some would suggest providing it mobilizes the right human and financial resources to work in that direction.

Germany braces for ‘nightmare’ of Russia turning off gas for good (the Guardian) Ministers fear flow may never restart as maintenance work soon begins on Nord Stream 1 pipeline

Canada exempts Russian gas turbine from sanctions amid Europe energy crisis (the Guardian) Ottawa defies Ukraine’s objections to return of equipment for Nord Stream 1 pipeline, saying it needs to support Europe’s access to ‘reliable and affordable energy’

Attacks, Threats, and Vulnerabilities

Here’s how North Korean operatives are trying to infiltrate US crypto firms (CNN) Devin, the founder of a cryptocurrency startup based in San Francisco, woke up one day in February to the most bizarre phone call of his life.

Predatory Sparrow: Who are the hackers who say they started a fire in Iran? (BBC News) Experts are asking who is behind Predatory Sparrow, the group which says it started a fire in an Iranian factory.

Hacktivists claiming attack on Iranian steel facilities dump tranche of ‘top secret documents’ (CyberScoop) Incident just the latest iteration of the back and forth between Israeli and Iranianian-aligned hackers.

Former Pentagon analyst: China has backdoors to 80% of telecoms (ZDNet) A former Pentagon analyst reports the Chinese government has “pervasive access” to about 80 percent of the world’s communications, and it is looking currently to nail down the remaining 20 percent. Chinese companies Huawei and ZTE Corporation are reportedly to blame for the industrial espionage.

Brazen crooks are now posing as cybersecurity companies to trick you into installing malware (ZDNet) Cybersecurity company CrowdStrike details phishing attacks that claim to come from security companies – including Crowdstrike itself.

Callback Phishing Campaigns Impersonate CrowdStrike, Other Cybersecurity Companies (CrowdStrike) On 7/8/22, CrowdStrike Intelligence identified a callback phishing campaign impersonating CrowdStrike and other prominent cybersecurity companies. Learn more in this blog.

New ‘HavanaCrypt’ Ransomware Distributed as Fake Google Software Update (SecurityWeek) Security researchers at Trend Micro have identified a new ransomware family that is being delivered as a fake Google Software Update application.

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server (Trend Micro) We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control server to circumvent detection.

BlackCat (aka ALPHV) ransomware is increasing stakes up to $2.5 million in demands (Help Net Security) BlackCat ALPHV ransomware introduced an advanced search by stolen victim’s passwords, and confidential documents leaked in the TOR network.

New 0mega ransomware targets businesses in double-extortion attacks (BleepingComputer) A new ransomware operation named ‘0mega’ targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms.

Anubis Networks is back with new C2 server (Security Affairs) A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Anubis Network is a C2 portal developed to control fake portals and aims to steal credentials to fully access the real systems. This C2 […]

Cyber Pirates Prowling Ship Controls Threaten Another Big Shock (Supply Chain Brain) Shipping faces cyber risks similar to those in other industries — but the stakes are much higher given that almost 80% of global trade moves on the sea.

With Prime Day Around the Corner, Be on the Lookout for These Amazon Scams (Avanan) Amazon scams are on the rise with Prime Day around the corner.

This New RedAlert Ransomware Targets Windows, Linux VMware ESXi Servers (IT Security News) RedAlert (aka N13V), a new ransomware threat that encrypts both Windows and Linux VMWare ESXi systems, has been discovered. Concerning the RedAlert ransomware, MalwareHunterTeam uncovered the new ransomware and published various screenshots of its data leak site. Because of a string in the ransom text, the ransomware is known as RedAlert. However, the attackers

ABCsoup: The Malicious Adware Extension with 350 Variants (Zimperium Mobile Security Blog) Recently, Zimperium discovered and began monitoring the growth of a wide range of malicious browser extensions with the same extension ID as Google Translate. This family, codenamed ABCsoup, targets three popular browsers: Google Chrome, Opera, and Firefox. Find out how Zimperium’s enterprise customers are protected against the ABCsoup campaign with Zimperium zBrowser Protect. Read more.

Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign (The Hacker News) Researchers have uncovered 350 variants of a malicious browser extension used in a widespread adware campaign that targets all major web browsers.

8220 Gang Deploys a New Campaign with Upgraded Techniques (Aquasec) A new campaign by 8220 gang, who have been exploiting the Confluence vulnerability, is targeting containers using upgraded techniques to expand the attack

Ransomware attack hits Goa’s flood monitoring system; demand crypto as payment (Hindustan Times) In a complaint to the cyber cell, the state government’s water resources department that has been maintaining the data said that all its files have been encrypted and can no longer be accessed.

Twitter and Facebook Phishing Scams (Trend Micro News) Recently, netizens have reported a wave of new phishing attempts on Facebook and Twitter.

Law Enforcement Email Opens Floodgate For Police Hackers (Forbes) Law enforcement agencies around the world are getting hacked. Here’s how and why.

Experian, You Have Some Explaining to Do (KrebsOnSecurity) Twice in the past month KrebsOnSecurity has heard from readers who’ve had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select…

Mangatoon data breach exposes data from 23 million accounts (BleepingComputer) Manga comic reading app Mangatoon has suffered a data breach that exposed the account information of 23 million users after a hacker stole it from an Elasticsearch database.

Ransomware Attack Hits French Telecoms Firm (Infosecurity Magazine) La Poste Mobile is urging customers to be vigilant following the incident

Rogers major outage: ‘Not a cyberattack,’ says one expert (Vaughan Today) Cyber ​​security expert Jacques Sauvier does not believe that a cyber attack is the cause of the major outage affecting Rogers’ cellular network and the Internet. • Read also: Unable…

Update: Rogers network down across Canada (IT World Canada) With files from Howard Solomon. Rogers Communications experienced a wide-scale internet and wireless service outage across Canada on July 8. Update July 9 at 6:30 a.m. EST Looks like services are finally returning to normal. Rogers wireless and internet services began recovering at around 9:30 p.m. EST on July 8. The telecommunication giant issued the

I was already skeptical of NFTs. Then one stole my face. (The Record by Recorded Future) The ongoing crypto collapse isn’t surprising to Jillian C. York after her likeness was turned into a non-consensual non-fungible token.

Security Patches, Mitigations, and Software Updates

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know (Naked Security) It’s a bit like Log4J, but for configuration files, not for logging.

Fears of cyberwarfare driving IT professionals to improve security culture (Digit) A new study has revealed that a lack of budget and support are among reasons blamed for poor security culture.

Study Reveals That Mid-Sized Organizations Need to Prioritize Cybersec (PRWeb) Egnyte, a leader in cloud content security and governance, today released its Cybersecurity Trends for Mid-Sized Organizations Report, a mid-year updat

Ransomware tracker: the latest figures (The Record by Recorded Future) Colonial Pipeline, JBS Foods, Kaseya — we’re only halfway through 2021, but it can already be dubbed the year of ransomware.

Marketplace

The CyberWire appoints four new distinguished leaders to its panel of cybersecurity experts. (The CyberWire) The CyberWire, the world’s leading cybersecurity podcast network, today announced the appointment of four distinguished members to the CyberWire Pro Hash Table: Vikrant Arora, Kurt John, William MacMillan, and Etay Maor. These new members of CyberWire’s influential panel of senior security experts and industry leaders bring decades of unique experience and international service in cybersecurity.

Funding To Cybersecurity Startups Dips Amid Market Turmoil (Crunchbase News) Funding to venture-backed cybersecurity firms remained high in the second quarter, but there are signs that it too is vulnerable to the VC slowdown.

Cybersecurity M&A Continues to Set Records (Mergers & Acquisitions) Through just the first quarter of 2022, cybersecurity saw 108 M&A transactions totaling a combined volume of $29 billion.

Cyber insurance firm Coalition valued at $5 billion after fund raise (Yahoo) Private equity firm Thoma Bravo planned to acquire SailPoint Technologies for $6.12 billion, the cybersecurity firm said in April, underscoring heightened interest in the security software market. Allianz X, Valor Equity Partners, Kinetic Partners were among the investors in Coalition’s series F round that brought the total capital raised by the firm to $755 million.

Recorded Future Acquires Hatching to Extend Intelligence Cloud Coverage with Malware Analysis (PR Newswire) Recorded Future, the world’s largest intelligence company, today announced that it has acquired Hatching, the leader in malware analysis. With…

Dutch cybersecurity specialist Hatching acquired by US-based Recorded Future (Silicon Canals) Hatching provides an automated malware sandboxing technology. The company works on the latest malware analysis technology available in the security community.

WISeKey finalises its Class B share buyback (Paypers) Switzerland-based cybersecurity company <a href=’https://www.wisekey.com/’ target=’_blank’>WISeKey</a> has announced it completed its Class B share buyback …

Elon Musk Seeks to Abandon $44 Billion Twitter Deal (Wall Street Journal) The tech entrepreneur is seeking to terminate his deal to buy the social-media company, saying it hasn’t provided data he needs to assess the prevalence of fake accounts, according to a regulatory filing.

Twitter tells employees not to tweet about Elon Musk deal (The Verge) Usually good advice for ongoing legal matters.

KnowBe4 Has Been Named the #1 Leader in the G2 Grid Summer 2022 Report in Two Categories (Yahoo) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced its PhishER product and its Kevin Mitnick Security Awareness Training (KMSAT) platform have been named the number one leader in the G2 Grid Summer 2022 Report for the fifth consecutive quarter and the 12th consecutive quarter, respectively.

[redacted] Appoints Jim Hansen as CEO to Drive Next Phase of Company Growth (BusinessWire) Mandiant co-founder Jim Hansen joins [redacted], Inc. as CEO. Former CEO Max Kelly elevated to executive chairman to advance company’s mission.

Products, Services, and Solutions

Cato Networks launches cloud API to automate and monitor SASE deployments (FierceTelecom) Cato Networks is now offering its enterprise customers a cloud API to provision and manage their Cato SASE deployments from third-party platforms. The Cato Cloud AP automatically provisions new sites and policies while also monitoring Cato’s network analytics and security events from security information and event managements (SIEMs) software and third-party applications.

Travelex reveals new pairing with ThetaRay FXCompared.com (FXcompared) Travelex, a major name in the tech and security field, has confirmed that it will work with a cross-border payments and foreign exchange provider. Read more about the international payments market with our money transfers news.

Cowbell Doubles Underwriting Capacity in a Multi-Year Program Agreement with Palomar (PR Newswire) Cowbell Cyber, the leading provider of cyber insurance for small and medium-sized enterprises (SMEs), today announced an agreement with Palomar…

SecurityScorecard and Conference of State Bank Supervisors Partner to Enhance State Financial Regulators’ Cybersecurity Oversight (Business Wire) SecurityScorecard and Conference of State Bank Supervisors Partner to Enhance State Financial Regulators’ Cybersecurity Oversight

Technologies, Techniques, and Standards

Enterprise encryption around the Hash Table. (The CyberWire) ncryption is like mortar to our first principle wall. It holds together resilience and zero trust for material data.

These ‘quantum-proof’ algorithms could safeguard against future cyberattacks (Nature) US government agency endorses tools to keep the Internet safe from quantum computers capable of cracking conventional encryption keys.

Inside the Feds’ Fight Against Quantum Hackers—Which Don’t Exist yet (Gizmodo) The NIST’s “quantum-resistant” encryption standards, picked via contest, were designed to keep everybody one step ahead of hacking by quantum computers.

New Quantum-safe Cryptography Standards Arrive None Too Soon | eSecurityPlanet (eSecurityPlanet) Quantum computing is coming, and with it tremendous security threats – even data stolen today can be decrypted later.

Interview: A Security Engineer’s Guide to Ransomware Attack Response (Cybersecurity Exchange) Ransomware is a pressing issue in today’s cybersecurity landscape. We talked to security engineer and Certified Ethical Hacker Zakery Stufflebeam about the best course of action when confronted with ransomware attacks.

Design and Innovation

Apple’s Lockdown Mode will be a robust security tool, but it’s not for everyone (Hindustan Times) Apple says this mode (option or setting), will be available to a “very small number of users who face grave, targeted threats to their digital security”

Research and Development

The Future of Cybersecurity Is the Quantum Random Number Generator (IEEE Spectrum) Truly random numbers will provide an unbreakable tool set for cryptography

Academia

Cybersecurity professionals are needed—how one NSA-recognized university is addressing the demand (Fortune) Find out how Nova Southeastern remains a main player in the cybersecurity space.

Legislation, Policy, and Regulation

Russia, China, North Korea and Iran lead in supporting aggressive cyber attackers, says HolistiCyber CEO (The Times of India) Rest of World News: TEL AVIV: Nation state-backed cyber attacks have gained currency and notoriety over the past couple of years, with Russia, China, North Korea and Iran.

Infrastructure operators must now report cyberattacks within 12 hours to govt (CRN Australia) Or face fines of at least $11,100.

Australia’s New Anti-Encryption Law Is Unprecedented and Undermines Global Privacy (Foundation for Economic Education) If firms don’t have the power to intercept encrypted data for authorities, they will be forced to create tools to allow law enforcement or government to have access to their users’ data.

Why India-Israel Cyber Partnership Worries Pakistan & China (Modern Diplomacy) In a recent seminar hosted by a Pakistan-based think tank, it was highlighted yet again that Islamabad is concerned with growing India-Israel cyber cooperation. The discussants stressed greater Iran-Pakistan cooperation in cybersecurity, information technology (IT), and telecom domains, to benefit from mutual experiences, and mutual threat perceptions. This is not the first instance when concern […]

CERT-In takes steps to safeguard key infrastructure from hackers across border (Social News XYZ) By Nishant Arora New Delhi, July 10 (SocialNews.XYZ) As nation-state bad actors develop sophisticated software and create bugs to infiltrate systems to cripple sensitive infrastructure and snoop into the private lives of people who matter… – Social News XYZ

Cyber attacks from across border on the rise: Here’s how India aims to protect key infrastructure (DNA India) In the first 3 months of 2022, the country saw over 1.8 crore cyber attacks and threats, which means around 200,000 attacks every day.

Amit Shah says cyber attack has deep national security impact, orders new panel to tackle it (Deccan Herald) Stressing that organised and coordinated cyber-attacks have profound national security implications, Union Home Minister Amit Shah Saturday directed the formation of a committee headed by the home secretary to formulate a strategy to tackle the menace, officials said. Shah issued the direction during the meeting of the Northern Zonal Council held in Jaipur in which attendees — including chief ministers and lieutenant governors — expressed concern on cybercrime and emphasised on making an effective strategy to deal with it.

NCSC and ICO to lawyers: Tell your clients to stop ransom payments or we’ll do them (The Stack) The heads of the UK’s National Cyber Security Centre and Information Commissioner’s Office have written to the Law Society in a bid to stop lawyers’ clients making ransom payments in malware attacks.

A US history of not conducting cyber attacks (Bulletin of the Atomic Scientists) The United States is a leading cyber power. Naturally, experts have focused on deconstructing US-led cyber attacks to broaden our understanding of the nature of cyber conflict (Healey 2013). Most prominently, Operation Olympic Games—better known as Stuxnet—destroyed 1,000 centrifuges at Iran’s Natanz uranium enrichment site. These cyber attacks did three things: They proved the ability of cyber operations to cause destruction to critical infrastructure, highlighted the role of the private sector in exposing cyber attacks, and revealed where the offense versus defense balance lies (Lindsay 2013; Slayton 2016).

Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (File Number S7-09-22) (HIMSS) Dear Ms. Countryman: Our organizations, which represent sectors across the U.S. economy, write to provide input on the Securities and Exchange Commission’s proposed rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.

American firm drops bid for Israeli spyware following U.S. concerns (Washington Post) The American defense firm L3Harris has ended talks with blacklisted Israeli spyware company, NSO Group, to buy the firm’s hacking tools following intelligence and security concerns raised by the Biden administration, according to people familiar with the matter.

US defence firm ends talks to buy NSO Group’s surveillance technology (the Guardian) White House opposition on security grounds seen as fatal obstacle to L3 Harris proceeding with purchase

Defense Firm Said U.S. Spies Backed Its Bid for Pegasus Spyware Maker (New York Times) The American contractor L3 Harris is said to have cited support from intelligence officials for its effort to acquire NSO, the Israeli spyware company blacklisted by the Biden administration.

US intel backed potential purchase of NSO Group by American firm – NYT (Jerusalem Post) Despite the Biden administration’s outrage over the potential deal, some US intel officials “quietly supported” the L3Harris deal, NYT reports.

HHS agrees to improve feedback for healthcare data breach reporting (SC Magazine) The Department of Health and Human Services’ Office of Civil Rights (OCR) has agreed to implement a feedback mechanism by adding language and contact information to the confirmation email that healthcare entities receive.

Remarks by President Biden Commemorating the 75th Anniversary of the Central Intelligence Agency (The White House) George Bush Center for IntelligenceLangley, Virginia 3:57 P.M. EDTTHE PRESIDENT:  Thank you very much.  (Applause.)  Thank you, thank you,

Preserve This Early-Stage Bet That Benefits National Security (War on the Rocks) The war in Ukraine is proving how critical innovation is to military success. As this war unfolds, the world watches as small commercial drones play an

Election Officials Confront Cyber Threats, False Claims Ahead of Midterms (Wall Street Journal) The nation’s secretaries of state are working to ward off cyber threats and restore voter confidence after a flood of unsubstantiated election-fraud claims.

Litigation, Investigation, and Law Enforcement

House bill tasks CISA with SolarWinds report (FCW) A key lawmaker on the House Homeland Security Committee wants more details on what was breached and what was lost when the SolarWinds Orion platform was compromised in a supply chain attack.

Aerojet Rocketdyne to pay $9 mln to resolve U.S. cybersecurity allegations (Reuters) Rocket engine maker Aerojet Rocketdyne has agreed to pay $9 million to resolve allegations it misrepresented its compliance with cybersecurity requirements in federal government contracts, the U.S. Justice Department said on Friday.

Aerojet Rocketdyne Agrees to Pay $9 Million to Resolve False Claims Act Allegations of Cybersecurity Violations in Federal Government Contracts (US Department of Justice) Aerojet Rocketdyne Inc., headquartered in El Segundo, California, has agreed to pay $9 million to resolve allegations that it violated the False Claims Act by misrepresenting its compliance with cybersecurity requirements in certain federal government contracts, the Justice Department announced today. Aerojet provides propulsion and power systems for launch vehicles, missiles and satellites and other space vehicles to the Department of Defense, NASA and other federal agencies. 

Indictment Returned Alleging Massive Cisco Device Fraud Scheme (Multichannel News) Counterfeit devices failed, requiring expensive network fixes

Chinese-built surveillance systems are spreading across junta-ruled Myanmar (South China Morning Post) Observers say the cameras with facial recognition capabilities pose a serious risk to democracy activists because the military and police use the technology to find and track dissidents.

NSA Finds No Evidence Tucker Carlson Was Targeted: Report (The Daily Beast) Tucker Carlson’s name was unintentionally uncovered after he had conversations with foreign intermediaries, a review reportedly found.

Philippine Court Upholds Nobel Laureate’s Cyber Libel Conviction (Bloomberg) A Philippines appeals court has affirmed the cyber libel conviction of a Nobel Prize winner who runs a news site critical of former president Rodrigo Duterte.

‘Hit the kill switch’: Uber used covert tech to thwart government raids (Washington Post) Regulators entered Uber’s offices only to see computers go dark before their eyes

Crypto Wants Its Cash Back: Inside the Small but Mighty Legal Crusade to Win Back Lost Savings (The Information) Before it collapsed on June 12, crypto lender Celsius Network made irresistible promises:Forget storing your money in a boring old bank—join the “unbanked” by holdingcryptocurrencies while earning up to 18.6% in interest. Celsius CEO Alex Mashinsky bolstered these assurances with populist …

WSJ News Exclusive | Google Offers Concessions to Fend Off U.S. Antitrust Lawsuit (Wall Street Journal) As part of one offer, Google has proposed splitting up its ad-tech business. The tech giant’s proposals stop short of the asset sales preferred by the Justice Department’s antitrust enforcers.

Legal firm launches investigation into Elephant Insurance data breach (Insurance Business Magazine) The number of impacted customers has not been disclosed