Dateline Moscow, Kyiv, Washington: Grain shipments, counteroffensives, and disinformation.
Ukraine at D+159: Disinformation as counterfire. (The CyberWire) Russian disinformation efforts concentrate on an attempt to neutralize HIMARS.
Russia Redeploys Troops in Ukraine as Focus of Conflict Turns South (Wall Street Journal) Russia is shifting forces from the front line in northern Donbas, according to the Ukrainian and British militaries, ahead of a planned Ukrainian offensive in the south.
Russia-Ukraine war: Himars shows US now directly involved in the war, says Kremlin (The Telegraph) Moscow has accused the United States of being “directly involved” in the war in Ukraine by providing Kyiv with real-time advice on Russian targets.
American-made rocket launchers not used in Ukraine prison strike, U.S. assesses (POLITICO) The determination contradicts Russian claims that Ukraine is responsible for the attack.
Opinion Did Russia or Ukraine slaughter Ukrainian POWs? It’s not a close call. (Washington Post) The moral relativism of self-consciously neutral journalism — “Jack says the moon is made of green cheese, Jill disagrees” — is bad enough when it comes to political reporting. It’s far more noxious in the case of war crimes. Yet many publications are reporting the sickening massacre of 53 Ukrainian prisoners of war on Friday with headlines like this one from The Post: “Ukraine and Russia trade blame for attack killing Mariupol prisoners.”
Biden to send Ukraine ammo for HIMARS as Kyiv, Congress push for more (Defense News) The Pentagon announced Monday it will send $550 million’s worth of new lethal aid for Ukraine, including ammunition for the High Mobility Artillery Rocket System as well as 75,000 rounds of 155mm artillery ammunition.
Report: Pro-Russia groups raise $2.2 million in cryptocurrency to fund war (The Record by Recorded Future) During the war, both Ukraine and Russia have tapped into cryptocurrency markets to raise money for their military efforts.
Exiled independent Russian TV station wants to set up ‘secret network’ of journalists (The Telegraph) Dozhd relaunches channel on YouTube in a bid to uncover truths hidden by Russia through underground reporters inside the country
Britain helps Ukraine hunt for Russian spies eyeing Western military aid (The Telegraph) Destroying military aid flowing into Ukraine from the West is ‘goal number one for Russian agents’, according to Ukraine military
The Upside of Putin’s Delusions (Foreign Affairs) Moscow’s disastrous invasion of Ukraine will reinforce the norm against war.
The War in Ukraine Supports Guterres' Case for Multilateralism (World Politics Review) When U.N. Secretary-General Antonio Guterres first released “Our Common Agenda,” his 2021 report on the future of multilateralism, many diplomats were skeptical of how it would apply to peace and security. But parts of the report actually look more, rather than less, relevant after Russia’s invasion of Ukraine.
Winning in Ukraine requires a special representative and strategy to rebuild (The Hill) Just as it is always darkest before the dawn, wars look the most uncertain before the system changes and reveals the next phase of the clash of wills. There are emerging personnel and logistical si…
Russians ‘Running Away’ From Ukraine NCO Corps Is an Example to Partners, Air Force Leaders Say (Air Force Magazine) Ukraine is fighting hard behind an empowered noncommissioned officer corps, U.S. and Ukrainian Air Force leaders said.
The actress-turned-soldier teaching the military that it’s OK to cry in the face of death (The Telegraph) Calling upon ‘feminine empathy’, ‘Moon’ has taken it upon herself to comfort the relatives of fallen Ukrainian troops
Who Is Anatoly Chubais? Ex Putin aide's sudden sickness sparks speculation (Newsweek) The 67-year-old Putin ally resigned as a top Kremlin adviser in March 2022, widely believed to be due to his opposition to the war.
Ukraine Ships Grain at Last. It Will Take Far More to Slow Global Hunger. (New York Times) The departure of a grain-filled vessel from Odesa was hailed as a victory against global hunger. But experts say the crisis is so big that no single advance can reverse it.
Wake up! We're at war | Opinion (Newsweek) Protecting basic human needs like food and shelter is what people fight for, go to war for. And it's these basics that are under direct assault by Russia, in Ukraine and around the world. The knock-on effects of the war are leaving an untold number of people hungry and—as the seasons change—out
Attacks, Threats, and Vulnerabilities
BlackCat ransomware gang hits Luxembourg energy supplier Creos (Computing) Gang is threatening to publish 150 GB of stolen data
Luxembourg energy provider Encevo Group battles ransomware attack by BlackCat (Tech Monitor) Online systems are still disrupted 12 days after cyberattack on Luxembourg energy provider Encevo Group began.
BlackCat ransomware claims attack on European gas pipeline (BleepingComputer) The ransomware group known as ALPHV (aka BlackCat) has assumed over the weekend responsibility for the cyberattack that hit Creos Luxembourg last week, a natural gas pipeline and electricity network operator in the central European country.
Luxembourg energy companies struggling with alleged ransomware attack, data breach (The Record by Recorded Future) Two energy companies based in Luxembourg are dealing with an alleged ransomware attack that began last week.
North Korean Hackers Use Browser Extension to Spy on Gmail and AOL Accounts (Infosecurity Magazine) Volexity said it observed SharpTongue targeting individuals in the US, Europe and South Korea
Technical Analysis of Industrial Spy Ransomware (Zscaler) Industrial Spy is a relatively new ransomware group that emerged in April 2022. Their primary objective is exfiltrating data to sell on their data leak website.
Threat Actors Circumvent Microsoft Efforts to Block Macros (Security Boulevard) Microsoft’s announcement that it would block macros in Microsoft Office apps by default didn’t stop threat actors—they have simply resorted to new tricks.
Akamai stops record DDoS attack in Europe (Register) A 'sophisticated, global botnet' held an Eastern European biz under siege over 30 days
Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys (The Hacker News) Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts.
Crypto Firm Nomad Loses Nearly $200 Million in Bridge Hack (Bloomberg) More than $1 billion has been stolen in bridge hacks this year. Nomad had recently raised $22 million in a seed round.
Crypto Bridge Nomad Drained of Nearly $200M in Exploit (CoinDesk) The exploit calls the security of cross-chain token bridges into question once again.
Nomad token bridge drained of $190M in funds in security exploit (Cointelegraph) Another token bridge appears to have been exploited for nearly $200 million. The Nomad team says it is aware and is currently investigating the incident.
Nomad token bridge hacked in nearly $200 million exploit (mint) Nomad bridge is the latest crypto project that has been the victim of a hack
Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers (The Hacker News) Operators of the Gootkit access-as-a-service (AaaS) malware have resurfaced with updated techniques to compromise unsuspecting victims.
‘Imma Make U Dig Ur Own Grave’: He Doxes Ransomware Hackers and Gets Death Threats in Return (Vice) Pseudonymous researcher Pancak3 is on a crusade to publish the real names and photos of some of the underground's most infamous hacking crews.
At least 34 healthcare orgs affected by alleged ransomware attack on OneTouchPoint (The Record by Recorded Future) A ransomware attack on printing and mailing services provider OneTouchPoint is having several downstream effects on its customers.
AHN reports data breach (WPXI) About 8,000 patients have been affected by a data breach at Allegheny Health Network.
AHN notifies patients about data breach (AHN) Allegheny Health Network (AHN) recently became aware of a data security incident affecting approximately 8,000 patients.
Cyber attack on ista paralyzes systems (Basic Tutorials) An ista cyber attack paralyzed the systems of the German energy service provider in recent days. Caution is advised for customers.
Ransomware gang Hive demands £500k from two UK colleges (Tech Monitor) Ransomware group Hive has threatened to leak Wootton Academy Trust pupils' data online - and may do it anyway.
Police open probe of news agency STT's cyber attack (YLE) The possibility that a data breach also took place could not be ruled out, the agency says.
Security Patches, Mitigations, and Software Updates
Apple Just Patched 39 iPhone Security Bugs (Wired) Plus: A Google Chrome patch licks the DevilsTongue spyware, Android’s kernel gets a tune-up, and Microsoft fixes 84 flaws.
Trends
Verizon Mobile Security Index: The shift to remote work sees a major rise in cybercrime (Verizon) The Verizon Mobile Security Index 2022 reveals that there is a continued rise in major cyberattacks in the last year involving a mobile/IoT device, up 22% year-over-year
2022 Mobile Security Index (Verizon) Gain critical mobile security insights from our in-depth survey and analysis of 632 mobile security professionals around the world—to help protect your business from today's mobile security threats.
Incognia Mobile App Study Reveals Low Detection of Location Spoofing in Dating Apps (GlobeNewswire News Room) With over 323 million users of dating apps worldwide, study finds location spoofing is a threat to user trust and safety...
Location Spoofing Report | Dating Edition (Incognia) Location Spoofing is a growing threat to the safety of dating app users. Learn how vulnerable dating apps are to location spoofing.
The Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud than Other Verticals (Netwrix) Netwrix study reveals that manufacturing organizations experienced these types of attacks more often than any other industry surveyed.
Survey reveals organizations see malicious insiders as a route for ransomware (Intelligent CIO APAC) Insider threats become a common threat vector in the heightened ransomware crisis, yet many lack the visibility to determine whether it’s a malicious or accidental risk. Gigamon, the leading deep observability company, has launched its first State of Ransomware 2022 and Beyond report aimed at providing insights into how the threatscape is evolving and how […]
Keysight’s First DEI Report Highlights Support for STEM Education, Achievement of Diverse Representation Goals (Business Wire) Keysight Technologies, Inc. (NYSE: KEYS), a leading technology company that delivers advanced design and validation solutions to help accelerate innov
Phishing and Scams Hit the Roof in Kenya and Nigeria With a 438% and 174% Increase in the Number of Detections in Each Country Respectively in Q2 2022 (African Business) Kaspersky (www.Kaspersky.co.za) analysis has revealed that attacks related to data loss threats (phishing and scams/social engineering) increased
Marketplace
How Cyber Chiefs Cut Through Marketing Noise (Wall Street Journal) Here are five strategies corporate security chiefs use to weed out unsuitable cyber providers.
Cybrary Lands $25 Million in New Funding Round (PR Newswire) Cybrary, the leading training platform for cybersecurity professionals, today announced it has secured $25 million in a Series C funding round...
OSINT Foundation Launched by Former Intelligence Leaders (ClearanceJobs) Today is the official launch of the newly formed Open Source Intelligence (OSINT) Foundation.
Singtel ups investment in corporate venture arm Innov8 to US$350m (Business Times) SINGTEL has announced that it will increase its capital commitment for corporate venture capital (CVC) arm Singtel Innov8 from US$250 million to US$350 million.
Check Point Q2 profit gains on 'healthy' cyber security demand (Reuters) Check Point Software Technologies beat estimates with a 2% gain in second-quarter profit, boosted by double-digit growth in revenue from products and subscriptions to protect cloud and other networks from escalating cyber attacks.
Anomali Appoints Cyber Security Expert Steve Benton as Vice President and General Manager to Expand Growth of Anomali Intelligence-Driven Solutions (Business Wire) Anomali, a leader in intelligence-driven extended detection and response (XDR) cybersecurity solutions, today announced that Steve Benton has been app
Versa Networks Appoints DACH Region VP to Meet Accelerating Demand for Versa SASE (Telecom Reseller) Former Managing Director EU Central at Verizon Business, Pantelis Astenburg, joins Versa Networks to head up sales and support enterprises in the DACH region
Welcoming Manoj Nair: Snyk’s New Chief Product Officer (Snyk) We're thrilled to welcome Manoj Nair joins Snyk today as our new Chief Product Officer. In this pivotal phase of Snyk’s growth, Manoj will lead our global product team, setting our comprehensive product roadmap and strategy in both the short and long-term.
NetRise Welcomes Former CEO of Cylance to Board of Directors (NetRise) NetRise Welcomes Stuart McClure to Board of Directors
ShiftLeft Appoints Prevention-First, Cybersecurity Visionary and Artificial Intelligence/Machine Learning Pioneer Stuart McClure as Chief Executive Officer (ShiftLeft) ShiftLeft, a disruptor and innovator in the world of DevSecOps and NextGen SAST and SCA, today named Stuart McClure as CEO.
Cohesity Appoints Sanjay Poonen as CEO and President (Business Wire) Cohesity, a leader in next-gen data management, today announced the appointment of Sanjay Poonen as CEO and President. He will also join the Cohesity
Query.AI Appoints Cybersecurity Industry Veteran Matt Eberhart as CEO (PR Newswire) Query.AI, the provider of the market's only security investigations control plane for modern enterprises, today announced it has named...
Meta Platforms announces COO Sheryl Sandberg's resignation (SeekingAlpha) Meta Platforms (META) announced that Sheryl Sandberg informed the company of her decision to resign from COO position, effective Aug.1, and will continue to serve on company board.She...
General Dynamics IT hires former assistant to DISA director (Washington Technology) The 35-year Army veteran retired from military service in the spring.
Products, Services, and Solutions
Established Cybersecurity Firm, TDI, Now Offers Managed Cybersecurity Performance Offering with Award-Winning Platform (TDI) At the recent World Credit Union Conference (WCUC) in Glasgow, Scotland, TDI unveiled their Managed Cybersecurity Performance (MCP) offering, its pinnacle body of work, summing up over two decades of delivering cybersecurity solutions across the globe.
EnCompass Achieves Blue Diamond Partner Status with Datto, a Kaseya Company (EnCompass Iowa) The Midwest’s leading IT service provider scales and grows as it equips SMBs with top-of-the-line security and IT solutions CEDAR RAPIDS, Iowa, August 1, 2022 -- EnCompass, a trusted computer and IT support vendor for small and medium-sized businesses (SMBs)...
02.08.2022: DerScanner receives the CWE Compatibility MITRE certificate (DerScanner) DerScanner, an application code scanner, developed by DerSecur, has received the CWE Compatibility certificate from MITRE, an American non-profit organization. This certificate confirms the effectiveness of DerScanner in solving the problem of detecting vulnerabilities, classified by the CWE system, in the software code.
CREST Defensible Penetration Test Released (PR Newswire) CREST, the international not-for-profit, membership body representing the global cyber security industry, has announced the release of its...
Ex-footballer Strengthens Defensive Wall in Cybersecurity (SureCloud) SureCloud partners with Phoenix, Sport & Media (PSM) Group to help train professional sports players in cybersecurity.
Axis Raises the Bar with Modern Day ZTNA Service that Boasts Hyper-Intelligence, Simplicity, and 350 Global Edges (Axis Security) Axis Security, the leader in zero trust access, today announced their VPN Buyback Program which provides IT leaders with a simple, cost-effective way of replacing their existing VPN service in order to adopt zero trust network access (ZTNA).
Blockchain Firm Chainalysis Partners with Cellebrite (Live Bitcoin News) Chainalysis joins hands with Cellebrite to ensure crypto traders uncover illicit activity quickly and that they're aware of risks.
Authomize Extends Least Privilege Capabilities in AWS and Announces Availability on the Marketplace (PRNewswire) AWS customers worldwide now gain access to the Authomize Cloud Identity and Access Security platform
DoControl Integrates with Box to Transform SaaS Data Access Security (PR Newswire) DoControl, the automated Software as a Service (SaaS) security company, today announced an expanded integration with Box, the leading Content...
Strider Launches Supply Chain Intelligence Product to Drive Assurance and Compliance Against Nation-State Risks (Strider) New Capability Protects Against Supply Chain Risks, Ensures Compliance, Streamlines Procurement, and Reduces Costs
Traceable AI First API Security Company to Add eBPF to its Security Platform for Deeper API Observability and Visibility (PR Newswire) n a strategic move, Traceable AI, the industry's leading API security and observability company, today announced the addition of extended...
Industry's First Hybrid-SaaS Network Automation Platform (BackBox Software) The latest version of BackBox Automation adds cloud-based SaaS features to a platform with a largely on-premises footprint.
Technologies, Techniques, and Standards
Data privacy: Collect what you need, protect what you collect (CSO Online) Data over-collection is a security and compliance risk, and that's why CISOs need a say in decisions about what data to collect.
Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices (The Last Watchdog) After years of competitive jockeying, the leading tech giants have agreed to embrace a brand new open-source standard – called Matter – that will allow consumers to mix and match smart home devices and platforms. Related: The crucial role of ‘Digital Trust’ After numerous delays and course changes, the Matter protocol, is set to roll […]
Academia
Proofpoint: 97% of top universities in the US, UK and Australia putting students, staff, and stakeholders at risk of being impersonated by cybercriminals (Proofpoint) Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research which found that the top universities in the United States, the United Kingdom and Australia are lagging on basic cybersecurity measures, subjecting students, staff and stakeholders to higher risks of email-based impersonation attacks.
Top universities lagging on basic cybersecurity - report (SecurityBrief Australia) Universities in Australia, the US and the UK are lagging on basic cybersecurity measures, creating higher risks of email-based impersonation attacks.
Legislation, Policy, and Regulation
A Frontier Without Direction? The U.K.’s Latest Position on Responsible Cyber Power (Lawfare) The U.K. missed an opportunity to clarify its view on non-intervention in international law for peacetime offensive cyber operations, develop perspectives on what states can do in cyberspace, and provide detail on what its own National Cyber Force does.
The U.S. Is Investing Big in Chips. So Is the Rest of the World. (Wall Street Journal) With the federal incentives now available, a key question will be to what extent the U.S. is able to land major chip-factory investments that would have gone elsewhere.
US House of Representatives passes two cybersecurity bills (teiss) The US House of Representatives has passed two cybersecurity bills last week - the RANSOMWARE Act and the Energy Cybersecurity University Leadership Act.
Bilirakis' Cybersecurity and Ransomware Bill Passes House (Floridian Press) Amidst recession blues, bill protecting Americans online offers some comfort
Senators introduce bill to ensure resiliency of federal data centers (FCW) The proposal would establish baseline safeguards for cybersecurity and physical issues like natural disasters.
Banking Groups Urge Senators to Reject NDAA Provision as Harmful to Cybersecurity (Nextgov.com) The provision for identifying “systemically important entities” included in the House-passed NDAA could still hitch a ride on the massive defense bill when it’s called to the floor in the upper chamber.
How the Infrastructure Investment and Jobs Act Delivers on Cyber Resiliency (CrowdStrike) In this blog we identify parts of the Infrastructure Investment and Jobs Act (IIJA) that your organization may be able to take advantage of.
Cyber ambassador could soon take on a world of challenges (Washington Post) A Senate panel is about to kick the tires on Biden’s pick for top cyber diplomat
Litigation, Investigation, and Law Enforcement
Austrian spy firm accused by Microsoft says hacking tool was for EU states (Reuters) An Austrian firm which Microsoft said created malicious software that was detected on the computer systems of some of its clients in at least three countries has said its spying tool "Subzero" was for official use in EU states only.
Why Greg can't use encrypted apps and must open his phone for police at any time (ABC) One phone, no encrypted apps, and sharing passwords with police: These are some of the technology-focused bail conditions faced by Blockade Australia climate protesters.
Eavesdropping probe finds Israeli police exceeded authority (AP NEWS) An Israeli government investigation into the use of powerful eavesdropping technology by the police found that they only used it after securing a judicial warrant but that the flood of information exceeded the limits of their authority.
Investigation finds police did not use NSO's Pegasus without court approval (Jerusalem Post) The team did find that police had collected data they were not legally allowed to collect, although they did not use it.
More developments on NSO’s Pegasus spyware (Avast) In late July 2022, the House Intelligence Committee held a hearing to discuss Pegasus spyware and its implications for national policy.
Visa ‘Intended to Help’ Pornhub and Its Parent Company Monetize Child Porn, Judge Finds in Allowing Case to Move Forward (Variety) In a setback for Visa in a case alleging the payment processor is liable for the distribution of child pornography on Pornhub and other sites operated by parent company MindGeek, a federal judge ru…
Secret Service texts: Five key questions about alleged cover-up (Newsweek) Two senior Democrats have suggested the DHS inspector general may have "secretly abandoned efforts" to collect Secret Service texts from January 6.
SEC charges 11 people in alleged $300 million crypto Ponzi scheme (CNBC) On Monday, the Securities and Exchange Commission said it charged 11 people for their roles in creating and promoting a fraudulent crypto pyramid and Ponzi scheme that raised more than $300 million from millions of retail investors worldwide, including in the United States
Inside Booz Allen's argument that its EverWatch acquisition should proceed (Washington Technology) We go through the buyer's response in court to the Justice Department's lawsuit against the proposed transaction.
Former Biden aide lobbied on merger DOJ sued to block (POLITICO) Booz Allen and EverWatch announced their impending merger in March, with a press release declaring the deal would “meaningfully accelerate the delivery of classified software development and analytics capabilities for national security clients.”
FBI Concedes No Evidence Of Private Twitter Data In Spy Trial (Law360) The FBI agent in charge of an investigation that led to the arrest of an ex-Twitter employee on charges he helped Saudi Arabia spy on its critics conceded on Monday that the prosecution didn't have any written evidence the defendant provided private Twitter user data to the Saudi royal family.
