Dateline

Ukraine at D+146: Kinetic attrition, and cyberespionage. (The CyberWire) A stalled Russian offensive, but mass, indiscriminate fires continue unabated. Observers offer a range of possible explanations for why Russian cyber operations have remained relatively limited in scope. And, while their kinetic effect may have been negligible, Russian threat actors remain active in cyberespionage.

Russia-Ukraine war: List of key events, day 147 (Al Jazeera) As the Russia-Ukraine war enters its 147th day, we take a look at the main developments.

Russia says peace in Ukraine will be on its terms, strikes multiple targets (Reuters) A senior Russian security official said on Tuesday that peace in Ukraine when it came would be on Moscow’s terms as Russian forces struck targets across the country with missiles even as their ground offensive stuttered.

Russia Following 2014 ‘Annexation Playbook’ In Eastern Ukraine, White House Says (Defense One) The White House is expected to announce another weapons shipment to Ukraine this week.

Russia hits Ukrainian homes, infrastructure as Putin visits Iran (Al Jazeera) Missiles have hit eastern and southern Ukraine as Russian president visits Iran to discuss unblocking grain exports.

Himars missiles strike key Russian-held bridge in Kherson (The Telegraph) A Ukrainian missile strike has damaged a key bridge linking the Russian-occupied city of Kherson with the heavily militarised Russia-controlled Crimea, potentially disrupting further reinforcements.

U.S. Himars Help to Hold Off Russian Advance, Ukraine Says (Wall Street Journal) Along with other heavy weapons systems from NATO members in recent weeks, Himars have enabled Ukraine to strike Russian bases far behind the front lines, including ammunition and fuel depots.

Ukraine’s defense minister: With the right weapons, ‘Russia can definitely be defeated’ (Atlantic Council) Oleksii Reznikov laid out what the West can do to help Ukraine win back its territory from Russia.

Ukraine Faces Difficulties Getting Western Weapons to Front Lines (Wall Street Journal) Modern and effective Western weapons are now being used in the country’s war with Russia and are already making a difference. But absorbing this new equipment into the Ukrainian army is proving a serious challenge.

Weapons of a Hybrid War (Wilson Quarterly) This photo essay by photojournalist Wil Sands shows in words and pictures the complexities of Europe’s disparate approach to families fleeing crisis.

Sabotage and War in Cyberspace (War on the Rocks) Russia’s invasion of Ukraine is a terrible throwback to attrition warfare. Having failed in their opening salvo against Kyiv, Russian forces have settled

Council Post: Why A Second Cold War Will Likely Be Fought In Cyberspace (Forbes) Regardless of what happens down the road, companies would be wise to assume that a second Cold War is upon us.

EU warns of Russian cyberattack spillover, escalation risks (BleepingComputer) The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking “essential” organizations worldwide could lead to spillover risks and potential escalation.

Continued cyber activity in Eastern Europe observed by TAG (Google) Google’s Threat Analysis Group (TAG) continues to closely monitor the cybersecurity environment in Eastern Europe with regard to the war in Ukraine. Many Russian government cyber assets have remained focused on Ukraine and related issues since the invasion began, while Russian APT activity outside of Ukraine largely remains the same. TAG continues to disrupt campaigns from multiple sets of Russian government-backed attackers, some of which are detailed in our previous updates.

A Russian-backed malware group is spoofing pro-Ukraine apps, Google finds (The Verge) The Cyber Azov app actually contained Trojan malware.

Russian hackers behind SolarWinds breach continue to scour US and European organizations for intel, researchers say (CNN) The Russian hackers behind a sweeping 2020 breach of US government networks have in recent months continued to hack US organizations to collect intelligence while also targeting an unnamed European government that is a NATO member, cybersecurity analysts tell CNN.

State-backed threat actors use Google Drive, Dropbox to launch attacks (Cybersecurity Dive) The Russia-linked threat actor behind the SolarWinds attack used cloud storage services to deploy malicious payloads using Cobalt Strike. 

Russian Cyberattacks Need an International Criminal Court Response (CEPA) International law needs to keep pace with the changing nature of warfare. The ICC is best placed to take action.

Cyber Command chief stands by comments on ‘offensive’ operations against Russia (The Record by Recorded Future) U.S. Cyber Command and National Security Agency chief Gen. Paul Nakasone stood by his comments last month about the U.S military conducting offensive cyber operations against Russia in its defense of Ukraine.

Direct hit! Pop song sings the praises of Himars, the rocket that has the Russians on the hop (The Telegraph) Music video lauds ‘our trusted ally from America’, which has been credited for taking out invading targets, including high-ranking officers

Putin’s New Propaganda Battle (Wilson Quarterly) From fiery speeches to movie reels to TikTok, propaganda is a critical part of war. It is used to motivate citizens, glorify soldiers, justify military action, and win support from global allies. The war in Ukraine highlights both Russia turning its long-term grievances into open conflict as well as the limits of information warfare.

Nuclear strategy and ending the war in Ukraine (The Hill) As President Putin keeps reminding us, this particular conflagration has the potential to start a nuclear war.

Fleeing Putin (Wilson Quarterly) Jill Dougherty talks with Russian journalists who have fled their home country; they share stories of their personal journeys, professional shifts, and reflect on the future of Russia.

Ukrainian boy held hostage by Russia tells of cleaning up torture rooms (the Guardian) Vladislav Buryak was kept for 90 days and describes people screaming and a room with bloodstains and soaked bandages

Putin’s Imperial Dream (Wilson Quarterly) Kennan Institute Director William Pomeranz examines the challenges Putin faces in unifying Russia while increasingly ostracized by regional and global governing bodies.

How Putin Learned to Hold Deadly Grudges (Foreign Policy) Russia’s president has been shaped by decades of bitterness and revenge.

‘Russia stole our history’: Ukraine’s bitter struggle to keep memory alive (the Guardian) Beyond the frontlines, academics are fighting to counter the fake tales of their country’s past that are peddled by the Kremlin

EU adopts Ukrainian art exhibition left stranded in Denmark (the Guardian) Unfolding Landscapes on show in Brussels before possible tour of member states and return to Kyiv

Lifting the Fog of War (Wilson Quarterly) The world has shifted dramatically since Russia invaded Ukraine on February 24, 2022. As we sit on the hinge of history, our summer 2022 issue examines the ever-widening impacts of the Russia-Ukraine war. With features covering a range of topics—from European security to world resources to mental health and more—we asked some of the nation’s most experienced and respected foreign policy experts to share their thoughts on the biggest lessons and insights thus far.

A New Security Architecture (Wilson Quarterly) In this multi-media feature, Robert Litwak, senior vice president and director of international security studies at the Wilson Centers, speaks with Baroness Catherine Ashton, who served as the European Union’s first High Representative for Foreign Affairs and Security Policy from 2009 to 2014. Together, they explore the cascading effects of Russia’s invasion into Ukraine, with a focus on the quickly evolving geopolitical landscape.

Is Russia a Terrorist State? (Foreign Policy) Kyiv thinks it knows the answer—while Washington debates.

Russia Is Taking Advantage of the Invasion-Stirred Migration Crisis (Foreign Policy) As food problems worsen, new refugees head for Europe.

“The mouth of a bear”: Ukrainian refugees sent to Russia (AP NEWS) For weeks Natalya Zadoyanova had lost contact with her younger brother Dmitriy, who was trapped in the besieged Ukrainian port city of Mariupol.

Amid flow of weapons to Ukraine, DefMin says black market smuggling is ‘artificial’ concern – Breaking Defense (Breaking Defense) Ukraine’s defense minister says his country has been receptive to NATO, EU initiatives to monitor the influx of weapons.

Ukraine graft concerns resurface as Russia war goes on (AP NEWS) Ukrainian President Volodymyr Zelenskyy’s dismissal of senior officials is casting an inconvenient light on an issue that the Biden administration has largely ignored since the outbreak of war with Russia: Ukraine’s history of rampant corruption and shaky governance.

Ukraine’s vibrant civil society deserves key role in post-war transformation (Atlantic Council) Ukraine’s vibrant civil society sector is the country’s secret weapon in its civilizational struggle against Putin’s Russia and should be a key focus of support efforts as the international community looks to rebuild Ukraine.

The West must take urgent steps to prevent Ukrainian economic collapse (Atlantic Council) Recent talk of a Ukrainian Marshall Plan for the post-war period is certainly welcome but Ukraine also needs action from the West without delay to avoid a potentially catastrophic economic collapse while the war continues.

Erdoğan keeps Putin waiting in awkward moment ahead of Tehran talks (the Guardian) Russian president was left standing alone as the camera shutters clicked away – a treatment he usually reserves for other world leaders

Russia-Ukraine Sanctions (Wilson Quarterly) Bruce Jentleson examines sanction’s role in ending the war, the broader ripples, and future lessons.

Russia’s Energy Future (Wilson Quarterly) Russia’s invasion of Ukraine on February 24 unleashed a full-scale war with effects far outside Europe. At risk of becoming the longest warfare in the region since World War II, it has already shifted international relations and security approaches globally. With Russia an important player in global energy markets, the war may have severe and long-term repercussions for global energy relations and national energy policies. Here, are some likely scenarios.

Russia’s Gazprom says it cannot guarantee natural gas deliveries to European customers – as its exports to China hit an all-time high (Markets Insider) Fears are growing that Russia will permanently slash its natural gas exports to Europe, in what could be a hammer blow to the region’s economy.

Russia-Ukraine war: EU accuses Putin of blackmail and says Europe must prepare for ‘total cut-off of Russian gas’ – live (the Guardian) European Commission sets out emergency plan to reduce gas consumption among EU member states

Germany worries about gas rationing as supply from Russia halted (the Guardian) Temporary closure of Nord Stream 1 prompts fears for private consumers as well as industry

Canada accused of betraying Ukraine and helping Russia break sanctions (Atlantic Council) Canada is facing accusations of bowing to Kremlin blackmail after agreeing to lift sanctions imposed over Vladimir Putin’s Ukraine invasion in order to secure Russian gas supplies to Germany.

Jill Biden meets with Ukrainian first lady Olena Zelenska at the White House (CNN) Ukrainian first lady Olena Zelenska is at the White House on Tuesday to privately meet with first lady Jill Biden and take part in a larger bilateral meeting with American officials.

Attacks, Threats, and Vulnerabilities

Belgium says Chinese hackers attacked its Ministry of Defense (BleepingComputer) The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country’s defense and interior ministries.

Belgium says China-linked APT groups attacked its interior and defence ministries (Computing) APT 27, APT 30, APT 31 and Gallium are said to be the perpetrators of the attacks

China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors (Federal Public Service Foreign Affairs) Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors.

Déclaration du porte-parole de l’Ambassade de Chine en Belgique au sujet de la déclaration du gouvernement belge sur les cyberattaques (Embassy of the People’s Republic of China in the Kingdom of Belgium) Le 18 juillet, le Ministre belge des Affaires étrangères a publié une déclaration au nom du gouvernement fédéral belge, accusant les hackers chinois de « cyberattaques malveillantes » contre le SPF Intérieur et la Défense belge, et exhortant les autorités chinoises à prendre des mesures contre les activités en question. Quel est votre commentaire à ce sujet ?

Albanian Government Hit by “Massive Cyber-Attack” (Infosecurity Magazine) Albanian government websites have been forced offline following the incident

Intelligence Agencies Say Russia Election Threat Persists Amid Ukraine War (New York Times) Top F.B.I. and National Security Agency officials said that Iran and China also remained potent threats, mounting their own campaigns to undermine American democracy.

Russian Threat to U.S. Elections Persists Even Amid War in Ukraine, Officials Say (Wall Street Journal) NSA and FBI chiefs warn the Kremlin can balance midterm meddling with its cyberattacks on Kyiv. ‘We’re quite confident the Russians can walk and chew gum,’ FBI head says.

Popular vehicle GPS tracker gives hackers admin privileges over SMS (BleepingComputer) Vulnerability researchers have found security issues in a GPS tracker that is advertised as being present in about 1.5 million vehicles in 169 countries.

Security flaws in GPS tracker exposing 1M vehicle locations (TechCrunch) Researchers warn that the flaws can be exploited to track vehicles and remotely cut engines

Unpatched flaws in popular GPS devices could let hackers disrupt and track vehicles (The Record by Recorded Future) CISA and BitSight warn about vulnerabilities in MiCODUS fleet management devices.

GPS trackers used for vehicle fleet management can be hijacked by hackers (CSO Online) At least one model of GPS tracking devices made by Chinese firm MiCODUS “lacks basic security protections needed to protect users from serious security issues.”

Security flaws in GPS trackers put global fleets at risk (Register) About ‘1.5 million’ folks and organizations use these gadgets

Unpatched Micodus GPS Tracker Vulnerabilities Allow Hackers to Remotely Disable Cars (SecurityWeek) Widely used Micodus vehicle GPS trackers are affected by critical vulnerabilities that can be exploited by hackers to stalk people and remotely disable cars.

LockBit: Ransomware Puts Servers in the Crosshairs (Broadcom Software Blogs | Threat Intelligence) LockBit affiliates using servers to spread ransomware throughout networks.

Authomize Discovers Password Stealing and Impersonation Risks in Okta | Authomize.com (Authomize) Inherent design risks leave the users of Okta exposed to potential theft of all employee passwords in clear text, privilege escalation by app admins, and impersonation, highlighting the need to add a security layer around IAM systems

Okta Response to Security Report (Okta) On July 19, 2022, a security consultancy released a blog post with claims related to the security of specific features of the Okta service. Prior to the rele…

Authentication Risks Discovered in Okta Platform (Threatpost) Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.

Okta Exposes Passwords in Clear Text for Possible Theft (Dark Reading) Researchers say Okta could allow attackers to easily exfiltrate passwords, impersonate other users, and alter logs to cover their tracks.

Hackers steal 50,000 credit cards from 300 U.S. restaurants (BleepingComputer) Payment card details from customers of more than 300 restaurants have been stolen in two web-skimming campaigns targeting three online ordering platforms.

Amid Rising Magecart Attacks on Online Ordering Platforms, Recent Campaigns Infect 311 Restaurants (Recorded Future) Infected ordering platforms place local restaurants at risk of Magecart e-skimmer attacks. 2 recent campaigns impact 311 restaurants and 50K+ exposed customers.

I see what you did there: A look at the CloudMensis macOS spyware (WeLiveSecurity) ESET uncovers CloudMensis, a macOS backdoor that spies on users of Mac devices and communicates with its operators via public cloud storage services.

Feelyou mental health app says emails of 78,000 users exposed in breach (The Record by Recorded Future) Popular mental health app Feelyou announced a platform vulnerability this week that exposed the email addresses of nearly 78,000 of its users. 

New ‘CloudMensis’ macOS Spyware Used in Targeted Attacks (SecurityWeek) Researchers analyze CloudMensis, a previously undocumented macOS malware that has been used in targeted attacks to steal valuable information from compromised systems.

Blue Shield of California Promise Health Plan Announces Data Breach (JD Supra) Recently, Blue Shield of California Promise Health Plan confirmed that the company experienced a data breach related to a sub-contractor that works…

American Dental Association Reports Data Breach in the Wake of Ransomware Attacks (JD Supra) Recently, the American Dental Association (“ADA”) confirmed that the organization was the target of a ransomware attack. As a result of the attack, an…

Vulnerability Summary for the Week of July 11, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

UK heat wave causes Google and Oracle cloud outages (BleepingComputer) An ongoing heatwave in the United Kingdom has led to Google Cloud and Oracle Cloud outages after cooling systems failed at the companies’ data centers.

Security Patches, Mitigations, and Software Updates

Microsoft Resolves Padding Oracle Vulnerability in Azure Storage SDK (SecurityWeek) Microsoft releases Azure Storage SDK update to address a padding oracle vulnerability in client-side encryption.

Dahua ASI7213X-T1 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dahua Equipment: DHI-ASI7213X-T1 Vulnerabilities: Improper Input Validation, Unrestricted Upload of File with Dangerous Type, Authentication Bypass by Capture-replay, Generation of Error Message Containing Sensitive Information 2.

CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker (CISA) CISA has released an Industrial Controls Systems Advisory (ICSA) detailing six vulnerabilities that were discovered in MiCODUS MV720 Global Positioning System Tracker. Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control the global positioning system tracker. These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.

The DomainTools Spring 2022 Report (DomainTools) We are happy to share the release of the Spring 2022 edition of the DomainTools Report. As long time readers may know, ever since the first DomainTools Report in 2015, we have delved into our stores of domain registration, hosting, and content-related data to surface patterns and trends that might be of interest to security practitioners, researchers, and anyone else interested in the suspicious or malicious use of online infrastructure.

Technology Perspectives from Cybersecurity Professionals (ESG-ISSA) In late 2021 and early 2022, ESG in partnership with the Information Systems Security Association (ISSA) conducted a survey of 280 cybersecurity professionals focused on security processes and technologies at organizations of all sizes in industries such as technology, government, financial services, and business services, among others, spanning countries in North/Central/South America, Europe, Asia, and Africa.

LinkedIn Still Number One Brand to be Faked in Phishing Attempts while Microsoft Surges up the Rankings to Number Two Spot in Q2 Report (GlobeNewswire News Room) Check Point Research issues its Q2 Brand Phishing Report, highlighting the brands that cyber criminals most often imitate to trick people into giving up…

Q2 2022 Vulnerability Roundup | Digital Shadows (Digital Shadows) As the second quarter of 2022 closes, it’s time again to report on the recent trends and highlights from a vulnerability perspective. Q2 has been dominated by the continuation of the Russia-Ukraine war, several high-profile security incidents resulting from vulnerability exploitation, and of course, a continuation of bad security practices. In this blog, we look

The Threat Report: Summer 2022 (Trellix) The Trellix Summer 2022 threat report details the evolution of Russian cybercrime, research into medical devices and access control systems.

The State of Cybersecurity and Third-Party Remote Access Risk Download (SecureLink) Thank you for downloading, you can access your content below. You’ll also receive an email within 15 minutes to easily access this content at a later time,

Ransomware attacks cost the US $159.4bn in downtime alone in 2021 (Comparitech) In 2021, 576 US organizations fell victim to ransomware. This affected at least 34.1 million records and resulted in a cost of $159.4 billion in downtime alone. Entities may have faced further costs as they offered identity theft protection for affected customers, restored affected computers, and tried to improve their systems to ward off future […]

Cybercriminals targeting law enforcement agencies worldwide (Help Net Security) This Help Net Security video highlights how cyber attacks affect law enforcement agencies worldwide, based on research from Resecurity.

ForgeRock 2022 Consumer Identity Breach Report Uncovers 297% Increase in U.S. Breaches Tied to Supply Chain and Third-Party Suppliers (Business Wire) ForgeRock reveals its fourth annual Consumer Identity Breach Report.

Majority of security pros are ‘very’ or ‘extremely’ concerned about software supply chain risks (SC Magazine) The findings of a Coalfire-CyberRisk Alliance study have implications for the cloud because public cloud providers are often the first level of exposure.

Brazil surpasses US in breached users in Q2 2022 (ZDNet) The country was also the first in South America by breached users for the second consecutive quarter, according to a new study.

Marketplace

Blockchain Security Startup Raises $90 Million Despite Crypto Winter (Bloomberg) Blockchain security firm Halborn has raised $90 million, the company told Bloomberg News. The deal is an outlier in a climate where venture capital investing in crypto startups has slowed and digital currency prices have nosedived.

Push Security Banks $4 Million Seed Funding (SecurityWeek) British startup Push Security has banked $4 million in early-stage funding to help secure SaaS app deployments.

HiddenLayer Emerges From Stealth With $6 Million to Protect AI Learning Models (SecurityWeek) HiddenLayer has emerged from stealth with $6 million seed funding to protect the machine learning models: it is the first of what may become a new breed of machine learning detection and response (MLDR) platforms.

Why We Invested in HiddenLayer (TenEleven Ventures) Today we proudly announce our seed investment in ML security company HiddenLayer. As soon as we met the incredible team behind this innovative company, we knew we wanted to be a part of their pioneering effort to develop a brand new market protecting a cornerstone of the next economy, ML algorithms, and back the development of a new category of the security market, “MLDR” – machine learning detection and response.

Johnson Controls Acquires Tempered Networks (Contractor) The acquisition will bring zero trust cybersecurity to connected buildings worldwide.

Zefr acquires Israeli AI firm Adverif.ai, bolstering technology-led approach to identifying and defunding misinformation (PR Newswire) Zefr, the global leader in brand suitability across walled gardens, announced today the acquisition of Adverif.ai, an Israeli-based AI company…

Google and Mandiant deal passes important step (CRN) $5.4bn deal allowed to go ahead by US Department of Justice, filing shows

Kurt Greening joins Cerby as Head of Sales (Cerby) Collaboration can be chaos. Cerby helps teams inject order into their daily workflows without slowing teams down or opening new security gaps.

GDIT Appoints Former Judiciary Cloud Technology Chief Robert Morse as Senior Solutions Architect (GDIT) General Dynamics Information Technology (GDIT), a business unit of General Dynamics (NYSE:GD), announced today the appointment of Robert Morse as a senior solutions architect.

Cybereason appoints Chantél Hamman as channel director (ITWeb) The cyber security firm appoints the industry veteran to grow margins and revenues across Sub-Saharan Africa.

Ex-Cisco, Duo Lawyer Joins Secureframe as Cybersecurity Startup’s Legal Chief (Corporate Counsel) Kyle McLaughlin now leads all legal, risk and privacy functions at Secureframe, which has raised $79 million since its 2020 launch and has been on a bit of a hiring spree.

Products, Services, and Solutions

OwnBackup Expands Its Leading SaaS Data Protection Coverage To ServiceNow® (Business Wire) ServiceNow launch press release

Cloud Detection and Response: Intercept Attacks with Continuous Monitoring (Complete Cloud Security in Minutes – Orca Security) Orca Security’s agentless Cloud Security Platform now includes Cloud Detection and Response (CDR) capabilities for continuous threat monitoring in the cloud.

Druva Unveils Industry’s First Data Posture and Observability Innovations for Cyber Attack Readiness (Druva) New Capabilities Empower Organizations to Strengthen Security Posture and Accelerate Incident Response

BNamericas – Claro and VMware partner for deployment of SASE in Colombia (BNamericas.com) Claro and VMware announce the addition of VMware Secure Access Service Edge (SASE) to Claro Colombia’s Security Solutions portfolio.

BeyondTrust Remote Support Expands Integrations with Microsoft Teams (BeyondTrust) Microsoft Teams integration enables remote support sessions to be initiated from within a Teams chat, saving time and providing a more seamless user experience

Versa SASE Earns Zero Trust Security Excellence Award (Business Wire) Versa Networks, the recognized secure access service edge (SASE) leader, today announced that its industry-leading Versa SASE has won the Zero Trust S

Egnyte Announces Document Certification Service Using Blockchain Techn (PRWeb) Egnyte, the most secure platform for content collaboration and governance, today announced a new document stamping service to certify and authenticate

Paraflare Joins Microsoft Intelligent Security Association (Australian Cybersecurity Magazine) ParaFlare has been nominated as a member of the Microsoft Intelligent Security Association (MISA).

Verizon awarded over $400M modernization contract with FBI (Verizon) Verizon will help enable the FBI to support diverse applications, such as cloud computing, video and imaging transmissions, and data applications that drive demand for dynamic bandwidth capacity.

Veracode Achieves Public Sector Milestone with FedRAMP Authorization (Veracode) Software Security Pioneer Now Available on FedRAMP Marketplace

Sophos Announces Sophos X-Ops (GlobeNewswire News Room) Sophos X-Ops Links Together SophosLabs, Sophos SecOps and Sophos AI, Three Established Teams of Cybersecurity Experts at Sophos, to Help Organizations…

OODA: X-Ops Takes On Burgeoning SQL Server Attacks (Sophos News) How do the pieces of Sophos X-Ops fit together? A combined effort makes tidy work of a threat actor’s big play

Illumio Launches Zero Trust Impact Assessment to Help Organizations Maximize Cyber Investments (GlobeNewswire News Room) Security and IT Leaders Can Now Proactively Assess Cyber Resilience Posture, Better Informing Security Strategies with Data…

Technologies, Techniques, and Standards

Transparency in the Shadowy World of Cyberattacks (Google) Adapted remarks delivered by Kent Walker at the International Conference on Cyber Security 2022.

Multi-Factor Authentication Guide (Cyber Readiness Institute) Follow these guidelines to understand and implement multi-factor authentication in your organization

CISO Conversations: Netenrich, Malwarebytes CISOs Discuss Security Vendor CISOs (SecurityWeek) The big difference between security vendor CISOs and non-vendor CISOs is that the former must look in two directions simultaneously.

Why the cloud is the new rainmaker for cybersecurity (World Economic Forum) Cloud computing has become vital to the remote working boom – but its decentralised cybersecurity is causing challenges for customers used to more top-down decision-making.

Ransomware preparation and response: Develop a cyber kill chain (VentureBeat) Having a cyber kill chain emergency response in the event of a ransomware cyberattack is vital to keeping your network and systems safe.

Why SBOMs aren’t the silver bullet they’re portrayed as (Help Net Security) A Software Bill of Materials (SBOM), is a formal inventory of software components and dependencies, and their hierarchical relationships.

Cyber Security for IoT Devices (TÜV SÜD) TÜV SÜD announces the publication of a new white paper called “Internet of Things (IoT) for a connected world. IOT Cyber Security – Threats and Regulations”. It explains to manufacturers why cyber security is significant for devices used in the consumer Internet of Things (CIoT) and describes the challenges they are currently facing. In addition, TÜV SÜD informs about the applicable standards and shows how to ensure successful global market access.

Design and Innovation

MIT Explores How Deep Learning is Transforming Cybersecurity (Deep Instinct) Every organization and cybersecurity vendor (Deep Instinct included) is in an innovation race against ransomware groups whose attacks are becoming smarter, faster, and more damaging to business operations. Attacks are smarter as they are enhancing their evasive capabilities, using sandbox detection or even adversarial AI. An increased speed of attacks has also been noticeable, with a recent study revealing that the fastest ransomware threat LockBit can encrypt in under six seconds. And researchers have estimated ransomware attacks spiked by 105% in 2021 with threat actors increasingly targeting government organizations and supply chains.

Academia

Cyber Companies and Universities Are Building ‘Cyber Talent Hub’ (Wall Street Journal) Cybersecurity firms will make practical training on their technology available to students in an attempt to address a skills shortage. The effort comes as fears mount that global competitors like China are outpacing the West on talent.

Legislation, Policy, and Regulation

Biden administration pushes to close the growing cybersecurity workforce gap (CNN) The Biden administration is pushing to fill hundreds of thousands of cybersecurity jobs in the United States as part of a bid to close a talent shortage US officials describe as both a national security challenge and an economic opportunity.

U.S. Departments of Labor, Commerce Announce 120-Day Cybersecurity Apprentice Sprint to Promote Registered Apprenticeships (U.S. Department of Commerce) Initiative seeks to equip underrepresented populations with skills training for cybersecurity jobs

Fostering a Diverse and Inclusive Cyber Workforce (Cisco) As the U.S. faces an estimated 700,000 vacancies in cyber-enabled jobs, Cisco announced at the White House Cyber Workforce and Education Summit today our commitment to training an additional 200,000 students in the U.S. over the next three years.

New Effort to Grow the US Technology Workforce Launched by CompTIA and ConnectWise (CompTIA Press Releases) Organizations debut new training program as part of the Biden Administration’s Cybersecurity Apprenticeship Sprint

Cyber Readiness Institute Shares Multi-Factor Authentication Insights and Guidance at White House National Cyber Workforce & Education Summit (Cyber Readiness Institute) The Cyber Readiness Institute (CRI) has released a new guide to raise awareness and implementation of multi-factor authentication (MFA) among small and medium-sized businesses (SMB). At the White House National Cyber Workforce & Education Summit, the non-profit organization shared lessons learned from a global survey of small and medium-sized […]

Senate bill to require annual briefing on NSA-CYBERCOM relationship (FedScoop) A Senate committee wants annual briefings on the relationship between U.S. Cyber Command and the National Security Agency, which are currently co-located and have shared resources. The provision is found in the Senate Armed Services Committee’s version of the fiscal 2023 National Defense Authorization Act, which passed the committee June 16, but language wasn’t released […]

Senate Armed Services Committee questions Navy’s future role, contribution to cyberspace operations (FedScoop) The Senate’s version of the annual defense policy bill raises the specter that the Navy should entirely get out of cyber operations for U.S. Cyber Command. While the Senate Armed Services passed its version of the National Defense Authorization Act for fiscal 2023 June 16, the full text of the bill and its provisions were […]

Pentagon steps into Senate chip debate, citing national security (The Hill) Pentagon officials are pressing lawmakers to back legislation to fund the domestic production of semiconductor chips, arguing it is essential for national security.   Ahead of a crucial vote i…

Three takeaways from the Justice Department’s cyber review (Washington Post) Last year, Deputy Attorney General Lisa Monaco announced a wide-ranging, 120-day review of how the Justice Department addresses threats in cyberspace. More than a year later, a report on the review is out — and it offers praise, warnings and a sometimes dire picture of cybersecurity within the department. Here are a few key takeaways:

Litigation, Investigation, and Law Enforcement

ACCC, ASIC trials website takedowns for phishing, crypto scams (iTnews) Dozens of sites removed in first three weeks.

Romanian National Known As “Virus” Extradited For Operating “Bulletproof Hosting” Service That Facilitated The Distribution Of Destructive Malware (The United States Attorney’s Office for the Southern District of New York) Damian Williams, the United States Attorney for the Southern District of New York, and Michael J. Driscoll, the Assistant Director-in-Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced today that MIHAI IONUT PAUNESCU, a/k/a “Virus,” a dual Romanian and Latvian national, was extradited from Colombia for allegedly running a “bulletproof hosting” service that enabled cyber criminals to distribute the Gozi Virus, one of the most financially destructive computer viruses in history.

Twitter-Musk Trial Set for October in Lawsuit Over Stalled $44 Billion Takeover (Wall Street Journal) A Delaware Chancery Court judge granted the social-media platform’s request to fast-track the proceedings.

National Archives Reviewing Whether Jan. 6 Secret Service Texts Were ‘Improperly Deleted’ (Forbes) A trove of Secret Service texts from January 6 were deleted, according to a watchdog, and the House January 6 committee is now investigating the matter.

Secret Service use of texts on Jan. 6 “very suspicious,” expert says (Newsweek) The Secret Service is expected to provide the January 6 committee with the text messages they’ve been seeking by Tuesday.

Israeli Spyware Producer Sued, Banned a Year After Pegasus Revelation (OCCRP) One year ago, the Pegasus Project unveiled how a program from the Israeli spyware-firm, NSO group, had become the choice tool for corrupt governments, human rights abusers and other bad actors to spy on their own journalists, activists, dissidents and political opponents.

University Health Center Pays $875,000 in HIPAA Fines after Cyber Hack (JD Supra) Oklahoma State University’s Center for Health Services recently paid $875,000 to settle potential HIPAA violations after a cyberattack resulted in the…

The FBI Forced A Suspect To Unlock Amazon’s Encrypted App Wickr With Their Face (Forbes) In November last year, an undercover agent with the FBI was monitoring a group on Amazon-owned messaging app Wickr, dubbed ” Tiny Girls.”

Deputy Attorney General Lisa O. Monaco Delivers Keynote Address at International Conference on Cyber Security (ICCS) 2022 (US Department of Justice) Thanks so much, Ed. It’s great to be back at Fordham and ICCS. It’s also great to be sharing the stage with another former federal prosecutor – President Tetlow. I see great colleagues and friends in

US ‘Disrupted’ North Korean Hackers Who Breached Health Sector (Bloomberg) Targets included a medical center in Kansas, DOJ’s Monaco says. Hospital faced ‘impossible choice’ to pay up or endanger care.

The Hacker Mind: G-Men in Cyberspace (ForAllSecure) Fighting organized crime online might seem like a logical extension for law enforcement, but, in fact, it is not all that straight forward. Michael McPherson is someone with 25 years in the FBI, who has transitioned out to the corporate world, and can best describe the experiences on both sides.