Dateline Moscow, Kyiv, New York and Washington: Expansive objectives and stalled offensives in Russia’s war.

Ukraine at D+151: A quick end to a diplomatic solution? (The CyberWire) Russia followed an agreement to reopen grain shipments with missile strikes against Odessa. In the criminal markets, Luna ransomware is being offered only to Russian-speaking gangs. And observers speculate on the relative restraint Russia has shown with respect to GPS jamming in the active theater of its war against Ukraine.

Russia-Ukraine war: List of key events, day 152 (Al Jazeera) As the Russia-Ukraine war enters its 152nd day, we take a look at the main developments.

Russia-Ukraine war latest: what we know on day 152 of the invasion (the Guardian) Ukraine predicts it will recapture the southern region of Kherson by September; Russia’s foreign minister, Sergei Lavrov, embarks on a charm offensive in Africa

Russia-Ukraine war: what we know on day 150 of the invasion (the Guardian) Lithuania lifts rail ban on goods transport to Kaliningrad; three bodies recovered from Kramatorsk school attack

What happened in the Russia-Ukraine war this week? Catch up with the must-read news and analysis (the Guardian) Russian foreign minister signals plans to annex Ukrainian territory; Ukrainian teen tells of Russian torture rooms; Kyiv and Moscow agree to restart grain exports

Russia could face “significant” setback over key bridge: British intel (Newsweek) The U.K.’s defense ministry said that Russian supply lines west of the Dnipro river in Kherson are “increasingly at risk.”

Ukraine strikes at Dnipro bridges to isolate Russian forces in Kherson (The Telegraph) Heavy fighting takes place as part of offensive to retake Kherson, which fell to the Russians at the beginning of the war

HIMARS “big problem” for Russia in Ukraine war: Military analyst (Newsweek) The weapons systems will help Ukrainian forces “gain a degree of parity with Russian artillery,” Michael Kofman said Saturday.

Russia attacks Odessa port a day after signing grain deal, Ukraine says (Washington Post) Russian missiles hit the Black Sea port of Odessa on Saturday, Ukrainian officials said, imperiling a deal Moscow and Kyiv reached a day earlier to allow shipment of millions of tons of trapped grain and ease a global food crisis.

Russia attacks Ukrainian port of Odessa following deal to export grain: officials (The Hill) Russia attacked the Black Sea trade port in Odessa, Ukraine, on Saturday, less than one day after the two countries came to an agreement — mediated by Turkey — to export tons of grain out of Ukrainian sea ports.

Russia says strike on Ukrainian port hit military targets (AP NEWS) Russian defense officials insisted Sunday that an airstrike on the Ukrainian port of Odesa hit only military targets, but the attack tested an agreement on resuming grain shipments that the two countries signed less than a day before the assault.

Putin “spit in the face” of UN by striking port after grain deal: Ukraine (Newsweek) According to the Ukrainian military’s Southern Command, two Russian Kalibr cruise missiles hit port infrastructure.

Istanbul agreement paints Putin as the kind-hearted ally of Africa (The Telegraph) The UN described the deal, designed to save the world from a global famine, as a ‘beacon of hope’ on the Black Sea

Russia rallies support in Africa as doubt cast on Ukraine grain deal (the Guardian) Russian foreign minister starts trip in Egypt, one day after Russian strike on Odesa put question mark over deal to restart exports

Zelenskiy hits out at Russian ‘barbarism’ over attack on Odesa port hours after grain deal (the Guardian) Ukrainian president says attack shows Moscow can’t be trusted to implement deal to unblock exports agreed less than a day before

Grain exports may not reach pre-war levels, Ukraine warns (The Telegraph) Russia destroys navy boat and Harpoon anti-ship missiles when it struck Odesa just hours after signing deal to break blockade

Russian rockets reportedly wipe out building with humanitarian supplies (Newsweek) Two Russian rockets slammed into a building reportedly full of humanitarian supplies in besieged Mykolaiv, Ukraine.

Ukraine ‘will recapture Kherson by September’ (The Telegraph) The arrival of powerful Western weapons, including long-range Himars, have changed the course of the conflict in the region

Russia Has Its Sights on Odesa (Foreign Policy) Moscow doesn’t just want to gobble up Ukraine’s east.

How Western Himars forced Russia to negotiate on grain (The Telegraph) High Mobility Artillery Rocket Systems, known as Himars, have been instrumental for Ukraine

Zelensky says new HIMARS from U.S. to “speed up” Ukraine’s “liberation” (Newsweek) The Ukrainian president cheered an additional $270 million in military assistance announced by the White House on Friday.

Ukraine Army expresses gratitude to U.S. following additional $270M defense aid announcement (Ukrinform) The Ukrainian military is grateful to the Pentagon for the latest $270 million in additional security assistance for Ukraine. — Ukrinform.

Ukraine wants more ‘game-changer’ HIMARS. The U.S. says it’s complicated. (Washington Post) The agile, precision-launch rocket systems are helping Ukraine fend off Russian artillery attacks in the east

Volodymyr Zelensky pleads for air defence systems to protect Ukraine’s civilians (The Telegraph) It comes as Russia resorts to air defence missiles for ground attacks as it runs out of bombs

Top U.S. delegation visits Kyiv, vows to ensure continuing support (Reuters) A senior U.S. Congressional delegation met Ukrainian President Volodymyr Zelenskiy in Kyiv on Saturday and promised to try to ensure continued support in the war against Russia.

500-plus drones, extra HIMARS headed to Ukraine in latest U.S. package (Military Times) Plans also call for long-term discussions over what future aircraft Ukrainian pilots could use.

The US military now seems open to gifting Ukraine new fighter jets, but what type? (Breaking Defense) “There’s US[-made], there’s Gripen out of Sweden, there’s the Eurofighter, there’s the Rafale [from France],” said Air Force Chief of Staff Gen. CQ Brown. Even the venerable A-10 hasn’t been ruled out.

News Analysis: Entering a sixth month of war, Ukraine faces thorny dilemmas (Los Angeles Times) In Ukraine, new Western-supplied weaponry is generating some battlefield success. But victory boasts can undercut continuing appeals for arms.

Hackers, Hoodies, and Helmets: Technology and the Changing Face of Russian Private Military Contractors (Atlantic Council) Table of Contents Introduction PMCs in Russian International Security Strategy and the Influence of Technology Training Military Forces AbroadResource

Should we worry about Putin’s hypersonic missiles? (Newsweek) Russia says it has finished testing the Zircon hypersonic cruise missile but experts doubt that it could make a difference in the war in Ukraine.

‘I suspect everybody’: Mykolaiv governor will shut down city to root out saboteurs and spies (The Telegraph) Vitaliy Kim launches crackdown on those collaborating with Russia, as he says Ukraine is poised to ‘change the direction of the war’

Gorbachev feels his life’s work being destroyed by Putin, close friend says (Newsweek) The Soviet Union’s former leader, Mikhail Gorbachev, is “upset” his work has been undone by Vladimir Putin, journalist Alexei Venidiktov said.

Why Isn’t Russia jamming GPS harder in Ukraine? (C4ISRNet) The importance of GPS as a military tool was underscored by Kremlin media in November 2021 as troops were massing along the Ukraine border. After Russia demonstrated it could destroy a satellite in space, a television commentator known to be an unofficial mouthpiece of President Putin said the nation could “blind NATO” by shooting down all GPS satellites.

Situation in Latvia’s cyberspace has never before been so tense – Cert.lv (Baltic Times) Never before the situation in Latvia’s cyberspace has been so tense, Baiba Kaskina, head of Information Technology Security Incident …

Air Force cyber chief sees enduring support in Europe as war rages on (The Record by Recorded Future) A top Air Force official said the service would be able to continue providing cyber personnel and support to U.S. forces in Europe as Russia’s war on Ukraine enters its six month.

How the war has robbed Ukraine’s oligarchs of political influence (the Guardian) Five months since Russia’s invasion started, Ukraine’s wealthiest people have gone quiet – but will it stay like this for long?

Germany accused of ‘breaking all trust’ with Nato over failing to complete Ukraine tank deals (The Telegraph) Berlin has not yet completed any deals to back-fill soviet-era tanks sent to Ukraine by Nato allies including Poland and Greece

Germany has condemned Europe to ruin (The Telegraph) Berlin’s vacillations on Russia and failed energy policy have left the whole of the EU vulnerable to Putin’s shameless gas blackmail

Black Sea grain exports deal ‘a beacon of hope’ amid Ukraine war – Guterres (UN News) An “unprecedented agreement” on the resumption of Ukrainian grain exports via the Black Sea amid the ongoing war is “a beacon of hope” in a world that desperately needs it, UN Secretary-General António Guterres said at the signing ceremony in Istanbul, Türkiye, on Friday. 

Opening Up Ukraine’s Sea Routes Is Tough but Critical (Foreign Policy) With ports cut off, the world is going hungry.

Russia and Ukraine sign grain deal to alleviate global food catastrophe (The Telegraph) Kremlin pledges not to launch sea invasion, as Kyiv promises to clear mines from Black Sea ports – allowing exports to resume

Ukraine and Russia sign UN-backed deal to restart grain exports (the Guardian) Shipping of millions of tonnes from blockaded Black Sea ports could avert global food crisis

Ukraine can feed the world again. But at what cost? (Atlantic Council) What did Ukraine really gain? Our experts shipped off their takes.

Economics of war: Pain for Europe now, later for Russia (AP NEWS) Across Europe, signs of distress are multiplying as Russia’s war in Ukraine drags on. Food banks in Italy are feeding more people. German officials are turning down the air conditioning as they prepare plans to ration natural gas and restart coal plants .

Actually, the Russian Economy Is Imploding (Foreign Policy) Nine myths about the effects of sanctions and business retreats, debunked.

Attacks, Threats, and Vulnerabilities

Why North Korea’s Cyber Threats Matter to Technologists (Dice Insights) Over the past month, cybersecurity firms, media reports and U.S. government agencies have issued several warnings about North Korea.

Treadstone 71 releases details of hybrid operations and cognitive warfare actions by Iran (PR Newswire) Treadstone 71, LLC, your primary source for cyber intelligence and counterintelligence training and services, released in-depth details of…

New Cross-Platform ‘Luna’ Ransomware Only Offered to Russian Affiliates (SecurityWeek) A new ransomware named Luna can encrypt files on Windows, Linux and ESXi, but it’s only offered to Russian-speaking affiliates.

Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France (The Hacker News) Roaming Mantis hackers have been linked to a fresh wave of mobile phone attacks targeting French mobile users after they expanded their attacks.

Intezer Documents Powerful ‘Lightning Framework’ Linux Malware (SecurityWeek) Researchers at Intezer are documenting the intricacies of Lightning Framework, an undetected Swiss Army Knife-like Linux malware capable of installing rootkits.

SonicWall Warns of Critical GMS SQL Injection Vulnerability (SecurityWeek) SonicWall ships urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the defect exposes businesses to remote hacker attacks.

Russian Ransomware C2 Network Discovered in Censys Data (Censys) Around June 24 2022, out of over 4.7 million hosts Censys observed in Russia, Censys discovered two Russian hosts containing an exploitation tool, Metasploit, and Command and Control (C2) tool, Deimos C2.

Researcher finds Russia-based ransomware network with foothold in U.S. (The Record by Recorded Future) A Russia-based ransomware command and control network has been found to have a foothold in at least one U.S. network, according to researchers Censys.

Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k (9to5Mac) A Twitter data breach has allowed an attacker to get access to the contact details of 5.4M accounts. Twitter has confirmed the security vulnerability which allowed the data to be extracted. The data – which ties Twitter handles to phone numbers and email addresses – has been offered for sale on a hacking forum, for […]

Twitter investigating authenticity of 5.4 million accounts for sale on hacking forum (The Record by Recorded Future) Twitter said it is investigating the authenticity of a batch of information connected to 5.4 million accounts that is being sold on Breach Forums. 

Racoon Stealer is Back — How to Protect Your Organization (The Hacker News) Racoon Stealer malware developers have recently created a new version that is designed to be far more damaging than all previous versions.

Drupal Warns of Multiple Critical Vulnerabilities (Search Engine Journal) Multiple vulnerabilities affecting Drupal can lead to remote code execution, cross site scripting, and other critical security issues

Cyber-attacks on Port of Los Angeles have doubled since pandemic (BBC News) The threats to the Port of Los Angeles are believed to come mainly from Europe and Russia.

Digital security giant Entrust breached by ransomware gang (BleepingComputer) Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems.

Cheap malware kits put channel under pressure (MicroscopeUK) Research from HP underlines just how easy it is for criminals to get hold of malware, and the need for partners to protect customers.

Lockbit ransomware gang claims to have breached the Italian Revenue Agency (Security Affairs) The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate). The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. “The Revenue Agency, operational since 1 January […]

Lockbit 3.0 and the ransomware business model (VentureBeat) The notorious LockBit ransomware group released its latest ransomware-as-a-service offering, LockBit 3.0 (or Lockbit Black).

Ransomware groups are getting smaller and smarter (Tech Monitor) An emerging breed of ransomware gang is more adept at using social engineering to target cloud infrastructure. 

Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants (The Hacker News) Magecart hackers took over three restaurant ordering platforms, MenuDrive, Harbortouch, and InTouchPOS, and stole more than 50,000 payment card record

Warning over latest email scam heading to the UK – here’s what to look out for (Lancashire Telegraph) The latest phishing scam is likely to hit the UK over “the coming months”.

St. Marys, Ont. grapples with cyberattack as ransomware group threatens to publish stolen data (980 CFPL) St. Marys spokesperson Brett O’Reilly confirmed to Global News that a cyberattack was the result of the notorious ransomware group LockBit, which has been active since late 2019.

District notes reveal new details of cyber attack at Cedar Rapids Schools (KCRG) New emails sent to staff are revealing some new details of the ongoing impacts.

Cyber ​​attack on subsidiary: Entega customer data published en masse on the dark web | tellerreport.com (Teller Report) Numerous customer data of the Hessian energy supplier Entega have now been published on the dark web after a hacker attack in June. These are mainly names, addresses and consumption data, but in some cases also bank details.

Spinneys suspects some customer data was compromised in last week’s cyber attack (The National) Data stored for online delivery details may have been exposed, but no personal banking information was leaked, retailer says

Online insurer Policybazaar says customer data was exposed by ‘unauthorized access’ (TechCrunch) Indian online insurer Policybazaar said on Sunday that it was subject to an unspecified security incident but found that “no significant” customer data was exposed — or in other words, some was. Policybazaar, which sells a range of insurance coverage, said in a stock exchange filing tha…

Smithsonian Statement: WordFly Data Security Incident (Smithsonian’s National Zoo) We want to let you know about an incident that occurred at a company that we use to send email communications to our community about our programs and events. The company, WordFly, was the victim of a ransomware attack.

CSW’s Weekly Threat Intelligence (Cyber Security Works) CSW’s Threat Intelligence | July 18, 2022 – July 22, 2022

Security Patches, Mitigations, and Software Updates

Sumo Logic widens stance on developer Kubernetes observability (ComputerWeekly) Never afraid to bare a few buttocks in the name of a good clean fight, cloud-based analytics company Sumo Logic has tightened the straps for developers building cloud-native applications. The …

Code Execution and Other Vulnerabilities Patched in Drupal (SecurityWeek) Drupal developers have announced the release of updates that patch several vulnerabilities in the open source CMS.

Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138 (CISA) Atlassian has released a security advisory to address a vulnerability (CVE-2022-26138) affecting Questions for Confluence App. An attacker could exploit this vulnerability to obtain sensitive information. Atlassian reports that the vulnerability is likely to be exploited in the wild.

Apple Releases Security Updates for Multiple Products (CISA) Apple has released security updates to address vulnerabilities in multiple products. These updates address vulnerabilities attackers could exploit to take control of affected systems. CISA encourages users and administrators to review the Apple security updates and apply necessary releases.

Cisco Releases Security Updates for Multiple Products (CISA) Cisco has released security updates to address vulnerabilities in multiple products. Some of these vulnerabilities could allow a remote attacker to execute take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.  CISA encourages users and administrators to review the Cisco advisories and apply the necessary updates.

Network vulnerabilities declined in 2021, but attacks hit all-time high (Cybersecurity Dive) Five of the 10 most-exploited vulnerabilities last year were identified before 2020, and No. 3 dates back to 2017.

Growing cannabis industry a prime target for cyberattacks (Crain’s Cleveland Business) The rapid growth of a relatively new industry makes it a focus for tech-savvy criminals, say Cleveland-area experts interviewed by Crain’s. With a market projected to reach $200 billion by 2028, the bad guys are salivating for a piece of the action.

TMT firms among top targets for cyber attacks in Singapore (ComputerWeekly.com) Organisations in the technology, media and telecoms sector were among the most lucrative targets for malicious actors as their services penetrate almost every aspect of society.

Marketplace

Edge Management and Orchestration Firm Zededa Raises $26 Million (SecurityWeek) Zededa raises $26 million in Series B funding from multiple investors for its edge management and orchestration solution.

VMware snags Carbon Black and Pivotal for $4.8B (Fierce Telecom) On the same day as its second quarter earnings, VMware announced it’s buying Carbon Black and Pivotal for a combined value of $4.8 billion.

Shielding up: Why cybersecurity is a booming industry (The Times of India) Spotlight News: The Internet of things, without security, is the internet of threats. It doesn’t take an expert to decode this when the news of breach after breach hi

General Dynamics to Support USAF Cyber Network in Europe, Africa (Military Africa) Virginia-based IT management firm General Dynamics Information Technology (GDIT) has been selected as the network provider and support for the US Air Force in Europe and Africa, according to the Department of Defense. The $908-million IT network services deal is expected to be completed in July 2027. An optional three-year extension could run through July […]

NSO Group’s Pegasus crashes as Apple initiates Dignity and Justice Fund (CSO Online) The failed sale of NSO Group to L3Harris raises concerns about who will own its surveillance technology, while Apple takes steps to hold surveillance firms accountable.

Pegasus sold to 14 EU governments (CyberNews) Half of the EU member states have purchased the infamous Pegasus spyware, the EU delegation said after it visited Israel.

New pathway for budding cybersecurity professionals (Technology Decisions) A new partnership between industry and education and training providers is offering an alternative pathway to the cybersecurity industry.

Google fires engineer who said company’s AI is sentient (Computing) Blake Lemoine became convinced that the LaMDA tool was sentient and had feelings

Cyber insurtech BOXX Insurance supercharges leadership team with appointments from Paypal and Deloitte (PR Newswire) Toronto-based global cyber insurance specialist BOXX Insurance today announced the appointment of Eric Newman as its Chief Operating Officer,…

Products, Services, and Solutions

New infosec products of the week: July 22, 2022 (Help Net Security) The featured infosec products this week are from: Cato Networks, CoSoSys, Darktrace, EnGenius, Orca Security, Persona, and Resecurity.

Sophos Focuses Its Intelligence And Technology In The Sophos X-Ops Security Unit (Nation World News) Sophos has launched Sophos X-Ops, A new cross-functional entity combining SophosLabs, Sophos SecOps and Sophos AI, three teams of Sophos cybersecurity

VMware Furthers Commitment to Public Sector, Achieves Expanded FedRAMP High Authorization (AiThority) VMware, announced that it has achieved (FedRAMP) High Authorization through Joint Authorization Board (JAB) for VMware Government Services,

AU10TIX Levels Up Fraud Killer INSTINCT to Stop Deepfakes and Swarm Attacks (PR Newswire) AU10TIX, a leading global provider of fully automated identity verification technology powered by cutting-edge machine learning and artificial…

cloud native runtime security with Advanced Protection (Aqua) Out-of-the-box runtime protection with minimal configuration to stop attacks in real time on running cloud native workloads.

Technologies, Techniques, and Standards

Understanding NIST’s Post-Quantum Encryption Standardization and Next Steps for Federal CISOs (Nextgov.com) The National Institute of Standards and Technology recently chose new cryptographic algorithms to defend against quantum computers.

Unit 42 Threat Group Naming Update (Unit 42) Threat group naming helps track and identify attackers’ activities. Unit 42 is looking to the stars for an updated approach.

Design and Innovation

Australian Researchers Develop New Cyber Honeypot Tech (OpenGov Asia) Developed by Australian students, researchers and industry professionals, DecaaS uses machine learning models to create highly realistic albeit fake versions of data and digital assets that are attractive to hackers.

Mission Possible: Securing remote access for classified networks (Federal Times) The Federal government understands the significance of remote access on meeting mission objectives now and in the future. Agency leaders are looking to the private sector for technology that helps them maintain the highest security levels while meeting the ease-of-access demands of today’s worker – and can be implemented quickly.

Commentary: Push for innovation in artificial intelligence can create dangerous products (CNA) There is a perverse incentive for firms to design AI that is artificially innocent. A better approach would involve more extensive harm reduction, says a professor of management.

Academia

Chrome use subject to restrictions in Dutch schools over data security concerns (BleepingComputer) The Ministry of Education in the Netherlands has decided to implement restrictions on the use of the Chrome OS and Chrome web browser until August 2023 over concerns about data privacy.

FHSU earns redesignation as a Center for Excellence in Cyber Defense (Hays Post) Dr. Melissa Hunsicker Walburn and Jason Zeller receiving the CAE redesignation certificate

Why educational institutions are an easy target for ransomware attacks (Financial Express) The ‘State of Ransomware in Education 2022’ survey polled 5,600 IT professionals, including 320 lower education respondents and 410 higher education respondents, in mid-sized organisations (100-5,000 employees) across 31 countries.

DNI Haines speaks with high school students at the National Student Leadership Conference (ODNI) Director of National Intelligence Avril Haines spoke with high school students attending the National Student Leadership Conference on Intelligence and National Security at American University on Saturday, July 16. She spoke about the role of the Intelligence Community and how students can get involved in national security careers.

Legislation, Policy, and Regulation

US bolsters cyber alliance to counter rising Iran threat (The Hill) President Biden vowed to expand cyber cooperation with Israel and Saudi Arabia on his trip to the Middle East last week, a move experts see as a direct response to the rising digital threat from Ir…

Biden executive order on power system cybersecurity leaves critical operations vulnerable, experts say (Utility Dive) From mysterious electronics in Chinese transformers to sensors without password protections, analysts see growing vulnerabilities in U.S. power system operations.

Senators introduce bill to improve defenses against quantum computing data breaches (The Hill) Senators on Thursday introduced a cybersecurity bill aimed at improving the federal government’s defenses against data breaches enabled by quantum computing. The Quantum Computing Cybersecurity Pre…

New Law Is an Opportunity To Grow Cyber Experience (SIGNAL) Workforce program will allow federal employees to advance cyber skills through rotational positions.

SEC poised to beef up cybersecurity requirements for public companies (Security Info Watch) Proposed rules place greater responsibility on C-suites and boards for managing, mitigating cyber threats

The U.S. wants to spend $52 billion to become a chips powerhouse. Experts say that hundreds of billions—and decades—is needed to crack its reliance on Asia (Fortune) Experts say that the CHIPS Act may not be able to achieve its goals. Hundreds of billions more in funding—and decades to build up a skilled laborforce—is needed, experts say.

‘Chink In The Armor’ – Why World’s Most Powerful US Navy Remains Highly Susceptible To Cyber Attacks (Latest Asian, Middle-East, EurAsian, Indian News) Amid an avalanche of cyber-attacks in Ukraine and troubled China-US relations, the US Navy, compared to its sister services, is increasingly being perceived as highly vulnerable to hackers for access and information. So much so that while the House Armed Services Committee (HASC) is pushing the Navy to create a singular and special work role […]

Exclusive: White House cyber office taps Google exec (Axios) Camille Stewart Gloster will focus on workforce programs and supply chain security.

Report: Relocation of Cyber Command to Fort Gordon will have huge impact on region (Post and Courier) How big is Fort Gordon? How big is Fort Gordon going to get? A new 410-page report from the CSRA Regional Commission measures, projects regional impact of Fort Gordon through

G-6 welcomes new Cybersecurity Director (DVIDS) The Army has announced Christopher I. Thomas as the new Director, Cybersecurity Integration and Synchronization Directorate, Headquarters, Department of the Army (HQDA), Deputy Chief of Staff (DCS) G-6, beginning July 18, 2022.

The first Information Warfare Numbered Air Force welcomes new commander (Sixteenth Air Force (Air Forces Cyber)) 16th Air Force (Air Forces Cyber), welcomed U.S. Air Force Lt. Gen. Kevin Kennedy while bidding farewell to its first commander, Lt. Gen. Timothy Haugh, during a change of command ceremony here July

Litigation, Investigation, and Law Enforcement

CNN Exclusive: FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communications (CNN) On paper, it looked like a fantastic deal. In 2017, the Chinese government was offering to spend $100 million to build an ornate Chinese garden at the National Arboretum in Washington DC. Complete with temples, pavilions and a 70-foot white pagoda, the project thrilled local officials, who hoped it would attract thousands of tourists every year.      

Exclusive: U.S. probes China’s Huawei over equipment near missile silos (Reuters) The Biden administration is investigating Chinese telecoms equipment maker Huawei over concerns that U.S. cell towers fitted with its gear could capture sensitive information from military bases and missile silos that the company could then transmit to China, two people familiar with the matter said.

Huawei equipment disrupting US military communications? An ‘ignorant assumption’ (Global Times) Chinese experts slammed a so-called CNN exclusive that claimed an investigation conducted by the US Federal Bureau of Investigation (FBI) ?had determined the equipment made by Chinese company Huawei could disrupt US nuclear arsenal communications, saying it is an

Iran says it detains Israel-linked network planning sabotage (Reuters) Iran said on Saturday its security forces had arrested a network of agents working for Israel before they were able to carry out sabotage and “terrorist operations”, state media reported.

UK cybersecurity chiefs back plan to scan phones for child abuse images (the Guardian) Heads of GCHQ and NCSC say client-side scanning could protect children and privacy at the same time

FCC chair tries to find out how carriers use phone geolocation data (Ars Technica) Inquiry launched as Congress debates bill that could gut FCC’s privacy authority.

First on CNN: Secret Service identified potential missing text messages on phones of 10 individuals (CNN) Secret Service investigators were scrutinizing the phones of 10 Secret Service personnel that contained metadata showing text messages were sent and received around January 6, 2021, but were not retained, two sources told CNN.

FBI needs to investigate Secret Service over text messages: Glenn Kirschner (Newsweek) The former federal prosecutor said the Secret Service should welcome a “a full, aggressive FBI investigation” if they did nothing wrong.

“I am not a traitor”: Reality Winner explains why she leaked a classified document (CBS News) Reality Winner was arrested in 2017 for leaking classified information about Russian interference in the 2016 presidential election.

Reality Winner — an ex-NSA contractor jailed by the Trump administration for leaking a top-secret document on Russian election hacking — says she’s ‘not a traitor’ (Business Insider) “I am not a spy. I am somebody who only acted out of love for what this country stands for,” Winner told CBS.

Reality Winner and the debate over the Espionage Act (CBS News) When government insiders leak classified information to the media, prosecutors do not consider whether the act benefited the public interest. Should they?

T-Mobile reaches $350M settlement in 2021 cyberattack and data breach impacting 76M people (GeekWire) T-Mobile agreed Friday to pay $350 million to settle class-action lawsuits brought over an August 2021 cyberattack in which a hacker infiltrated its computer systems to steal sensitive data relating… Read More

DOJ’s Civil Cyber-Fraud Initiative Secures More Than $9 Million in Two False Claims Act Settlements for Alleged Cybersecurity Violations (Privacy Law Blog) Last fall, the United States Department of Justice (“DOJ”) launched its Civil Cyber-Fraud Initiative (“CCFI”) as part of its effort to “combat new and

After Huge Illuminate Data Breach, Ed Tech’s ‘Student Privacy Pledge’ Under Fire (The 74) A few months after education leaders at America’s largest school district announced that a technology vendor had exposed sensitive student information in a massive data breach, the company at fault — Illuminate Education — was recognized with the software industry’s equivalent of the Oscars.  Since that disclosure in New York City schools, the scope of the […]

Uber Enters Non-Prosecution Pact With DOJ Over Data Breach (Bloomberg Law) Uber Technologies entered a non-prosecution agreement to resolve a criminal probe into the cover-up of a data breach in 2016, the DOJ said.

T-Mobile to Pay $350 Million for Fund in 2021 Customer Data Leak (Wall Street Journal) The wireless carrier said the settlement, which could win approval as soon as December, includes no admission of responsibility for the theft.