Dateline Moscow and Kyiv: Ukraine's Independence Day marks six months of war.
Ukraine at D+181: Independence Day and six months of war. (CyberWire) Ukraine braces for Russian attacks to mark Ukraine's Independence Day, and in retaliation for the assassination of Daria Dugina. Russia attributes that killing to Ukraine and its British and Baltic allies, but the circumstances of the car-bombing remain murky. An assessment of overt and covert influence operations suggests the advantage lies with the overt.
Russia-Ukraine war: List of key events, day 182 (AL Jazeera) As the Russia-Ukraine war enters its 182nd day, we take a look at the main developments.
Ukraine marks Independence Day six months after start of war (AP NEWS) Residents of Kyiv woke up to air raid sirens as Ukraine observed its Independence Day on Wednesday, which also marked exactly six months since the start of Russia's military invasion.
Ukraine’s independence day was always important. Now it is a matter of life and death | Nataliya Gumenyuk (the Guardian) In Kyiv, we are marking the day under the constant threat of Russian attack, says Ukrainian journalist Nataliya Gumenyuk
An interview with Ukrainian President Volodymyr Zelensky (Washington Post) Over the past six months, Ukrainian President Volodymyr Zelensky has become an inspiring wartime leader and champion of his country. During an hour-long, wide-ranging interview with The Washington Post at the presidential office, where hallways are kept dark and are lined with sandbags to protect against Russian attack, Zelensky discussed U.S. warnings about Russia preparing to launch a full-scale invasion — and if he believed them.
Russia-Ukraine war: Ukraine braced for ‘brutal strikes’ as it marks independence day – live (the Guardian) Ukraine expecting attacks as it marks its independence from Soviet rule and six months of war with Russia
After Six Months of War in Ukraine, Momentum Tilts Against Russia (Wall Street Journal) Moscow retains a firepower advantage, but Kyiv is starting to take the initiative, while Western support for Ukraine is holding firm despite economic pain.
Ukraine marks six months of war with Russia (Axios) Ukraine and its western backers are contemplating how long the fighting could go on.
Six months of Russia’s war in Ukraine, explained in maps (Al Jazeera) Using maps and satellite imagery, Al Jazeera breaks down some of the key events of the Russia-Ukraine war.
Russia-Ukraine war: We will fight 'until the end', Zelensky declares on Independence Day (The Telegraph) "We will fight until the end," President Volodymyr Zelensky has declared in an emotional speech to mark 31 years of Ukrainian independence from the Soviet Union on Wednesday.
Daria Dugina funeral: Moscow car bomb 'martyr' lies in open casket (The Telegraph) At her funeral, her father and Putin ally Alexander Dugin said she ‘died for Russia’ and ‘victory’ over Ukraine would avenge her death
Russia-Ukraine war: Ukraine braced for ‘brutal strikes’ as it marks independence day – live (the Guardian) Ukraine expecting attacks as it marks its independence from Soviet rule and six months of war with Russia
Russia Planning Attacks On Ukrainian Government Facilities, U.S. Warns Ahead Of Independence Day (RadioFreeEurope/RadioLiberty) A U.S. official has warned that Russia is planning to soon launch fresh attacks against Ukraine's civilian infrastructure and government facilities as Kyiv banned public Independence Day celebrations this week, citing a heightened threat of attack as Moscow's invasion reaches the six-month mark.
Ukraine fears stepped-up attacks around national holiday (AP NEWS) The sense of dread deepened Tuesday in Ukraine because of warnings that Russia may try to spoil the country's Independence Day holiday and mark the war's six-month point with intensified attacks.
Ukraine Braces for an Explosive Independence Day (Foreign Policy) A signal date—six months into the war, just after the death of a Putin propagandist—has everyone in Kyiv on edge.
Odesa Is Defiant. It’s Also Putin’s Ultimate Target. (New York Times) President Vladimir V. Putin knows that Ukraine’s fate, its access to the sea and its grain exports hinge on Odesa. Without it, the country shrivels to a landlocked rump state.
What is blowing up those Russian bases in Crimea? (Breaking Defense) Ukraine appears to have struck Russia in Crimea twice this month. But how they actually pulled it off is a mystery worth unraveling, writes Mark Cancian of CSIS.
‘The biggest movement in the history’ — Ukraine evacuates the front line (POLITICO) Under criticism from rights groups, Kyiv hopes to relocate 750,000 people away from the fighting.
Ukraine nuclear plant worker killed by Russian mortar as tensions rise (Washington Post) An employee at the Zaporizhzhia Nuclear Power Plant and his driver were killed in a mortar explosion outside the facility, underscoring the perilous situation at Europe’s largest nuclear plant, the president of Ukraine’s nuclear power company said Tuesday.
In Ukraine, a Nuclear Plant Held Hostage (New York Times) Five months after Russian forces took over the Zaporizhzhia plant, all that stands between the world and nuclear disaster are dedicated Ukrainian operators working at gunpoint.
U.N. Security Council Meeting Focuses on Threat to Nuclear Plant (New York Times) Fighting around the Russia-occupied Zaporizhzhia nuclear facility poses one of the gravest risks as the war nears the six-month mark.
6 Months Into War, Ukraine and Russia Are Both Reshaped (New York Times) It has been six months since Russian forces swept into Ukraine. This is what the conflict looks like for the combatants, and to a worried continent trying to maintain solidarity.
Ukrainian President Seeks 'Clear, Effective' Support In Face Of Russian Actions (RadioFreeEurope/RadioLiberty) Ukrainian President Volodymyr Zelenskiy says Kyiv expects “clear” signs of support and action from its allies and not just words as his country faces the threat of invasion from Russia.
EU feared to be losing the will to back Ukraine (The Telegraph) UK diplomats urge European leaders to keep up support as cost of living crisis bites
After six months of war in Ukraine, here's what could come next (The Telegraph) From the economy, to the EU response and the future of Putin, Telegraph experts reveal how the conflict could develop in the months ahead
Germany, Slovakia sign tank swap deal to arm Ukraine (Defense News) Older Leopard 2 tanks will backfill a batch of Soviet infantry fighting vehicles that Slovakia is sending to Ukraine.
Polish President Duda in Kyiv to discuss more aid for Ukraine (Reuters) Polish President Andrzej Duda offered more support for Ukraine and called for an end to the Russian occupation of Crimea during his visit to Kyiv on Tuesday as Russia's invasion of the country approached the six-month mark.
Ukraine needs more US support to win its fight for freedom (Atlantic Council) Ukraine's resilient response to Vladimir Putin's invasion has inspired the world but the country is now in need of increased US military, economic, and diplomatic support in order to secure an historic victory over Russia.
Ukraine Latest: US Warns of Russian Strikes Against Civilians (Bloomberg) The U.S. will announce $3 billion more in arms for Ukraine on Wednesday, when the country will mark a tense Independence Day and six months since Russia’s invasion, according to a US official.
US to send Ukraine $3 billion in aid as war hits 6 months (Military Times) The aid is expected to be announced Wednesday, the day the war hits the six-month mark and Ukraine celebrates its independence day.
7 in 10 Americans Want To Send More Weapons To Ukraine, Poll Finds (Defense One) Survey shows Americans want to keep supporting Ukraine for as long as it takes despite inflation concerns at home.
What Ukraine needs to win the war (Atlantic Council) Ukraine can win the war against Vladimir Putin's Russia and secure an extended peace in Europe but victory depends on receiving Western support that goes well beyond the current level, writes Richard D. Hooker Jr.
Russia’s war in Ukraine: Six surprises six months in (Atlantic Council) The Russian invasion of Ukraine has shocked the world and transformed the geopolitical climate. Melinda Haring looks back at the first six months of the invasion and reflects on the six most surprising developments.
A strong Ukraine is the best solution to Europe’s Russia problem (Atlantic Council) Ukraine's courageous response to Putin's invasion has inspired the world but some Western leaders remain in denial over the threat posed by a hostile Russia, writes Ukrainian Defense Minister Oleksii Reznikov.
Six months, twenty-three lessons: What the world has learned from Russia’s war in Ukraine (Atlantic Council) Our experts break down how this conflict has transformed not only military operations and strategy, but also diplomacy, intelligence, national security, energy security, economic statecraft, and much more.
Opinion: 6 lessons the West has learned in the 6 months after Russia’s invasion of Ukraine (CNN) Six months after Russian President Vladimir Putin sent troops into Ukraine, it’s still not clear how this war will end. Ukraine, which has signaled its intent to launch a new counteroffensive, could retake the Russian-occupied city of Kherson and other parts of the south. But it’s also possible that a reinvigorated Russian force will break through to Odesa, closing off Ukraine from the sea. Or the front line might stabilize roughly where it is.
Kremlin's pro-war propaganda is so boring a quarter of Russian TV viewers are switching off (The Telegraph) New survey finds TV audience is plummeting as Moscow continues to push out a barrage of pro-war reports
Six months into the war, how have Ukraine and its Western allies resisted Russia’s digital tactics? (Fast Company) Practice. Ukrainian defenders have had years of experience mitigating Russian malware assaults, with a little help from friendly outside cybersecurity firms.
Unheard Voice (Stanford Internet Observatory) Stanford Internet Observatory collaborated with Graphika to analyze a large network of accounts removed from Facebook, Instagram, and Twitter in our latest report. This information operation likely originated in the United States and targeted a range of countries in the Middle East and Central Asia.
It’s Time to Throw NATO’s Door Wide Open (Foreign Policy) NATO was meant to be a harbor for the weak and imperiled. It should be again.
European Power Prices Smash Records in Another Inflation Blow (Bloomberg) Record-breaking energy prices are adding pressure to inflation. France is also struggling with low nuclear availability.
A $75 million superyacht seized from a Russian oligarch, which has a glass elevator and infinity pool, is going under the hammer. Take a look inside. (Business Insider) The Axioma, seized by Gibraltar in March, is being auctioned off with a Tuesday bid deadline. Take a virtual tour.
Attacks, Threats, and Vulnerabilities
North Korea Threat Group ‘Lazarus’ Targets Mac M1 Processor with Signed Executables (Venafi) The North Korean Advanced Persistent Threat (APT) group Lazarus is back. Code signing certificates has become a modus operandi. Read on to find out more.
Advisory: Persistent MFA Circumvention in an Advanced BEC Campaign on Microsoft 365 Targets (Mitiga) Mitiga spotted a sophisticated, advanced business email compromise campaign, targeting Microsoft365 organizations, leveraging inherent weaknesses in Microsoft 365 MFA,Microsoft Authenticator, and Microsoft 365 Identity Protection.
New 'Donut Leaks' extortion gang linked to recent ransomware attacks (BleepingComputer) A new data extortion group named 'Donut Leaks' is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando.
Bug in CrowdStrike Falcon Allows Removal of Security Agent (Decipher) Researchers have disclosed a bug in some versions of CrowdStrike Falcon that allows an attacker with admin privileges to uninstall the security agent.
Firewall Bug Under Active Attack Triggers CISA Warning (Threatpost) CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Hackers Used Deepfake of Binance CCO to Perform Exchange Listing Scams (Bitcoin News) A set of hackers impersonated Binance CCO Patrick Hillmann in a series of video calls with several representatives of crypto projects.
Hackers Use Deepfakes of Binance Exec to Scam Multiple Crypto Projects (Gizmodo) The crypto exchange’s CCO Patrick Hillman wrote that he received multiple messages thanking him for meetings he never attended.
Binance's CEO said thousands of people are falsely claiming to be his employees on LinkedIn. Experts warn it's an example of the platform's growing problem with fake accounts. (Business Insider) While recent dialogue around fake accounts has focused on claims against Twitter, experts warn fake accounts are quietly thriving on LinkedIn.
ETHERLED: Air-gapped systems leak data via network card LEDs (BleepingComputer) Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards. Dubbed 'ETHERLED', the method turns the blinking lights into Morse code signals that can be decoded by an attacker.
New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data (The Hacker News) Researchers have developed a new Air-Gap attack in which attackers can exfiltrate sensitive information from air-gapped computers to smartphones locat
Major airline technology provider Accelya attacked by ransomware group (The Record by Recorded Future) A technology provider for many of the world’s largest airlines said it recently dealt with a ransomware impacting some of its systems.
Plex warns users to reset passwords after a data breach (BleepingComputer) The Plex media streaming platform is sending password reset notices to many of its users in response to discovering unauthorized access to one of its databases.
Over 80,000 exploitable Hikvision cameras exposed online (BleepingComputer) Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server.
Experts warn of widespread exploitation involving Hikvision cameras (The Record by Recorded Future) Both government and criminal hacking groups are targeting Hikvision cameras with a vulnerability from 2021.
Hikvision Surveillance Cameras Vulnerabilities (CYFIRMA) Threat Analysis | Digital Risk Assessment | Cybersecurity Solutions | Security Operations | Vulnerability Management | Cyber Threat Detection
Cyber attackers disrupt services at French hospital, demand $10 million ransom (France 24) A hospital southeast of Paris has been targeted by a cyber attack, causing disruption to its services. Nurses are having to file data by hand. The hackers have demanded a $10 million ransom to unblock…
French hospital hit by $10M ransomware attack, sends patients elsewhere (BleepingComputer) The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries.
Hackers demand $10m to end cyber attack on Paris regional hospital (RFI) A hospital southeast of Paris has been the victim of an ongoing cyber attack since the weekend, with disruption to emergency services and surgeries as hackers demand a ransom of $10 million to call off…
Mansfield schools hit with ransomware attack, internet and email down (Dallas News) The disruption is impacting the district’s access to its website, email and phone services. Campuses will remain closed to visitors because the Raptor...
Stolen Texas health data may be posted to the dark web (Healthcare IT News) The hospital system fell victim to ransomware planted by the Karakurt data extortion group, beginning in late May.
Ransomware attack on billing vendor leads to data theft for 942K patients (SC Media) This week’s healthcare data breach roundup includes numerous delayed notifications, including a ransomware attack on Practice Resources that led to data theft for 28 of its provider clients.
Another process sensor incident that has killed people (Control Global) I am being featured in the September issue of Top Cyber News Magazine regarding critical infrastructure cyber security. Process sensors and other control system field devices continued to be ignored by the IT and OT cyber security communities. Consequently, in preparation for the magazine issue, I had a discussion with an OT cyber security expert about my concerns with process sensor cyber security
Security Patches, Mitigations, and Software Updates
VMware Releases Security Update (CISA) VMware has released a security update to address a vulnerability in Tools. A remote attacker could likely exploit the vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0024 and apply the necessary update.
ARC Informatique PcVue (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: ARC Informatique Equipment: PcVue Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access the OAuth web service database.
Delta Industrial Automation DIALink (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: Delta Industrial Automation DIALink Vulnerability: Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the exposure of sensitive data.
mySCADA myPRO (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Technologies Equipment: mySCADA myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to run commands directly in the operating system.
Measuresoft ScadaPro Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Measuresoft Equipment: ScadaPro Server Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow arbitrary code execution.
Measuresoft ScadaPro Server and Client (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Measuresoft Equipment: ScadaPro Server and Client Vulnerabilities: Untrusted Pointer Dereference, Stack-based Buffer Overflow, Use After Free, Link Following. 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution, privilege escalation, or a denial-of-service condition.
Hitachi Energy RTU500 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to send a specially crafted Modbus TCP packet in a high rate, causing a stack overflow, which could result in a reboot of the product.
Illumina Local Run Manager (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Illumina Equipment: Local Run Manager (LRM) Vulnerabilities: Path Traversal, Unrestricted Upload of File with Dangerous Type, Improper Access Control, Cleartext Transmission of Sensitive Information 2.
Trends
State of XIoT Security: 1H 2022 (Claroty) Team82 has revamped its biannual report to embrace an understanding of the vulnerabilities being disclosed and fixed within the Extended Internet of Things (XIoT). XIoT is the umbrella term for connected cyber-physical devices within industrial, healthcare, and commercial enterprise IoT environments.
The (nation) state of cyber: 64% of businesses suspect they’ve been targeted or impacted by nation-state attacks (Venafi) According to new Venafi research, two-thirds of organizations have changed cyber strategy in response to war in Ukraine. Read on to find out more.
Threat Spotlight: The untold stories of ransomware (Journey Notes) Our researchers analyzed 106 highly publicized ransomware attacks between August 2021 and July 2022. See what they uncovered.
Q2 2022 Phishing and Malware Report: Malware Volumes Increase 21% in Q2 (Vade Secure) Phishing and malware emails jumped significantly in Q2. Our latest report covers the stats and trends you need to know.
Bitdefender Threat Debrief | August 2022 (Bitdefender) Learn about what cyber threat hunting is and is not, MDR capabilities, top 10 ransomware families and more!
Poll: Cybersecurity Professionals Want Remote Work Options ((ISC)² Blog) As organizations consider recalling workers back to the office, many are finding resistance – and in some cases, open revolt. Employees have become accustomed to the work-from-home (WFH) lifestyle and they aren’t necessarily willing to trade it for commutes and cubicles. Most want the choice of whether to stay home, return to the office or a combination of both, and many cybersecurity professionals are among them. A new (ISC)² member poll looks at how organizations are changing remote work policies in 2022 and what it means for worker satisfaction. The poll found the most satisfied cybersecurity professionals have the choice...
Critical Insight Finds Attackers Shifting Focus to Smaller Hospital Systems and Specialty Clinics in H1 2022 Healthcare Data Breach Report (Business Wire) Critical Insight, a Managed Detection and Response (MDR) service provider specializing in protecting the networks of life-saving organizations and cri
Critical Insight Healthcare Data Breach Report Trends H1 2022 (Critical Insight) Critical Insight Healthcare Breach Report H1 2022 Healthcare Trends in 2022
Medical breaches accounted for 342 million leaked records from 2009 to 2022 (Comparitech) Since 2009, medical organizations in the US have suffered nearly 5,000 data breaches, affecting over 342 million medical records. Our team of researchers analyzed data from 2009 to June 2022 to find out which US states suffer the most medical breaches and how many records have been affected each year. We also took an in-depth […]
Credential stuffing hammers US businesses as account data for sale in bulk (Cybersecurity Dive) Media companies, retailers, restaurant groups and food delivery services are at heightened risk, the FBI said.
True crime shows might be the biggest educational tool for cybercrime awareness (CSO Online) Popular cultural depictions of fraud and cybercrime are raising awareness of the dangers posed to personally identifiable information by bad actors, according to a new study.
Marketplace
Five questions to ask about cyber insurance (SC Media) Here’s a good checklist of questions to ask when considering cyber insurance.
Singtel to take big hit on Trustwave sale (Telecoms.com) Singtel is pushing forward with the sale of its cybersecurity business as part of a business streamlining push that will see it focus on 5G and new growth areas.
Owl Cyber Defense Names Ken Walker to Chief Executive Officer (GlobeNewswire News Room) President and former CTO to lead the organization as it delivers cross-domain and data diode network segmentation solutions to protect government and...
Okta appoints Emilie Choi to Board of Directors (Help Net Security) Okta has unveiled that Emilie Choi, has been appointed to the company’s board of directors, effective August 19, 2022.
Former VMware Cybersecurity Leader Tom Kellermann Joins Contrast Security as Senior Vice President of Cyber Strategy (Contrast Security) Experienced cyber leader to lead the government and financial industry strategy and accelerate information sharing between public and private sectors
Leaseweb Appoints Richard Copeland As CEO of Its U.S. Business (Leaseweb) Leaseweb Global, a leading hosting and cloud services company, announced the appointment of Richard Copeland as CEO of Leaseweb USA, effective today.
Products, Services, and Solutions
SecureAuth Extends FIDO Alliance Membership and Reinforces Commitment for FIDO2 Certifications for Arculix Passwordless Authentication (SecureAuth) Privacy, Security, Frictionless User Experience, and Standards Drive SecureAuth’s Vision for Passwordless Authentication IRVINE, Calif., – Aug. 23, 2022 – SecureAuth, a leader in access management and authentication, announces the continuation of its membership to the FIDO (Fast Identity Online) Alliance and it has extended its commitment to FIDO2 certification standards. For more than a […]
Next Gen Tokenization: Titaniam’s New Secure Analytic Vault Updates re (PRWeb) Titaniam, Inc., the industry's most advanced data protection and ransomware immunity platform, announced updates to its Vault. While Titaniam’s overall platf
Enabling secure mission success with Wickr RAM in Department of Defense Cloud One (Amazon Web Services) AWS announced the availability of Wickr RAM (Recall, Alert and Messaging) to the U.S. Department of Defense (DOD) through Cloud One, which is a cloud hosting infrastructure and service. Wickr RAM is an end-to-end encrypted full suite collaboration application built for the warfighter. It is available on AWS GovCloud (US) and can support workloads up to Impact Level 5.
A-LIGN is the First Organization to Provide a Complete Compliance Automation Solution and Full Audit Services (A-LIGN) With new features and an optimized audit process, A-SCEND provides a single-provider seamless approach from readiness to report.
NEC and Fortinet partner on end-to-end security for 5G networks (Capacity) NEC Corporation and Fortinet have formed a global agreement to jointly build secure 5G networks for communication service providers (CSPs).
Okta boosts identity governance platform availability (SC Media) SiliconAngle reports that Okta has expanded the availability of its Identity Governance platform to the general public.
HiddenLayer Creates a Threat Intelligence Team Focused on Thwarting ML Attacks (PR Newswire) HiddenLayer, the developer of a unique security platform that safeguards the machine learning models enterprise organizations use behind their...
Frasers Group Selects Tanium to Improve Cyber Hygiene and Secure Long-Term Growth (365 RETAIL) Frasers Group retail giant bolsters security across complex merger and acquisition environments
Amazon Wants Everyone To Protect Themselves Online With Security PSA (Forbes) #1-Ranked Industry Analyst Patrick Moorhead dives in as he sat down with Schmidt, VP, Security Engineering at Amazon to understand Amazon's cybersecurity contributions and a new public service announcement (PSA) campaign, “Protect & Connect,” that launched on August 22, 2022.
Technologies, Techniques, and Standards
A multidimensional approach to journalism security (Microsoft) The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Runa Sandvik, Former Senior Director of Information Security at The New York Times and member of CISA’s Technical Advisory Council.
Tanium: Taking A Deeper Cut At Converged Endpoint Management (Dark Reading) Tanium’s Chris Hallenbeck explains how converged endpoint management helps overcome obstacles to endpoint visibility.
Is your personal data all over the internet? 7 steps to cleaning up your online presence (WeLiveSecurity) You may not be able to disappear completely from the internet, but you can minimize your digital footprint with a few simple steps
Design and Innovation
The AI startup erasing call center worker accents: is it fighting bias – or perpetuating it? (the Guardian) A Silicon Valley startup offers voice-altering tech to call center workers around the world: ‘Yes, this is wrong … but a lot of things exist in the world’
Academia
UAH, FBI warns students about “sextortion” scams (WAFF) The University of Alabama at Huntsville’s Dean of Students and Chief of Police sent emails to students about “sextortion” scams on Tuesday.
Kashmir University data breach: Rotation policy violated to keep IT Head, claims report (The Kashmir Walla) Professors at KU accuse the administration of brazenly overlooking the rotation policy to allow continuation of the in-charge IT Director.
Legislation, Policy, and Regulation
NSA to boost cyber security, announces Nigeria’s accession to Budapest Convention on Cybercrime | The Guardian Nigeria News - Nigeria and World News (The Guardian Nigeria News) Nigeria boosted its cyber security and the fight against cybercrime by the accession to the Convention on Cybercrime on July 6, 2022 to enhance international cooperation. The milestone was achieved after fulfilling the requirements after 5-year assiduous efforts by the Nigerian government. According to the spokesman in the office of the NSA, Zakari Usman, this […]
Update On Key EU Operational Resilience And Cybersecurity Legislative Developments (Mondaq) In recent months, EU institutions have reached agreement on two significant pieces of legislation relating to operational resilience and cybersecurity...
Biden is asking critical infrastructure owners to hit cybersecurity goals, and they're not happy about it (Washington Post) A federal agency is due next month to deliver a list of cybersecurity goals the Biden administration wants owners of the most critical digital infrastructure to meet — a list that has spawned industry criticism.
Faster, Faster! Trends in U.S. Cyber Incident Notification Laws (Governing) Steve Nichols, chief technology officer at Georgia Technology Authority, offers his observations and predictions for what's trending and what's to come with regard to cyber incident notification laws.
An inside look into states’ efforts to ban gov’t ransomware payments (The Record by Recorded Future) Lawmakers across the U.S. are having trouble replicating ransomware payment bans as party leaders balk at wading into an evolving cybersecurity landscape.
California IT Bills Survive as Legislative Deadline Nears (GovTech) With the Legislature's Aug. 31 deadline fast approaching, a handful of IT-focused bills are still under consideration. The bills range from CDT oversight of broadband projects to expanded data breach notification rules.
Litigation, Investigation, and Law Enforcement
Twitter Comes Under Washington Spotlight With Whistleblower Complaint (Wall Street Journal) Congress, the Justice Department and regulators including the SEC are expected to investigate the social-media company.
Lawmakers investigate Twitter security chief’s whistleblower allegations (Washington Post) Top Democrats and Republicans say the allegations raise national security and privacy concerns, and underscore the need for federal privacy protections
Congress is looking into Twitter whistleblower’s claims of lax security | Engadget (Engadget) Senate committees are holding talks with the company's former security chief..
Twitter Whistle-Blower Won Hacker Kudos, Fired Over Performance (Bloomberg) Peiter Zatko worked at Google and Stripe and testified before Congress about vulnerabilities in global technology.
Twitter Faces Legal, Political Peril in Whistle-Blower Case (Bloomberg) Peiter Zatko claims ‘egregious deficiencies’ in its defenses. US House representatives say they’re reviewing his report.
Why I Don't Support Mudge's Decision. (LinkedIn) You’ve no doubt seen the whistle blower claims this week from Peiter Zatko about Twitter – and he’s probably dead-on correct about their lax security. Nothing he says about cyber protection at the company seems out of whack.
Twitter’s Ex-Security Head Files Whistleblower Complaint (Wall Street Journal) Peiter Zatko, who says he was fired as Twitter’s head of security earlier this year, claims that he “uncovered extreme, egregious deficiencies by Twitter in every area of his mandate.”
Twitter is vulnerable to Russian and Chinese influence, whistleblower says (CNN) Twitter is exceptionally vulnerable to exploitation by foreign governments in ways that threaten US national security, and may even have foreign spies currently active on its payroll, according to Peiter "Mudge" Zatko, the whistleblower at the center of a massive public disclosure effort reported Tuesday by CNN and The Washington Post.
New whistleblower allegations could factor into Twitter vs. Musk trial (Washington Post) Twitter’s former security chief alleges that the company is hiding the ball when it comes to spam and bot
How Twitter’s whistleblower could boost Elon Musk’s legal battle (the Guardian) Peiter Zatko, former security chief, brought allegations of widespread security threats and spam concerns against the company
India forced Twitter to put agent on payroll, whistleblower says (Reuters) A former Twitter Inc security chief has alleged that the Indian government forced the social media firm to put a government agent on the payroll, according to a whistleblower disclosure with U.S. regulators.
Trump appears to concede he illegally retained official documents (the Guardian) Court motion submitted by ex-president’s lawyers argues some materials seized by FBI could be subject to executive privilege
How damaging was the mishandling of classified documents at Mar-a-Lago? (NBC News) Current and former officials told NBC News they found the apparent lack of a damage assessment puzzling.
Lawsuit accuses Oracle of tracking '5 billion people' (Computing) The Irish Council for Civil Liberties claims Oracle makes $42.4 billion a year from its surveillance.
Files copied from voting systems were shared with Trump supporters, election deniers (Washington Post) Sensitive election system files obtained by attorneys working to overturn President Donald Trump’s 2020 defeat were shared with election deniers, conspiracy theorists and right-wing commentators, according to records reviewed by The Washington Post.
Data Breaches and Class Actions in New Zealand (Lexology) While there have been increased regulatory actions regarding data breaches in New Zealand, consumer actions have been less common. Below we consider…
China-Bound Ex-Apple Engineer Admits to Trade Secrets Theft (Bloomberg) Robocar worker who planned to join Xpeng pleads guilty in US. Judge orders plea agreement to be sealed from public view.
Tornado Cash code reuploaded to GitHub in free speech test (Register) Cryptography prof tells Microsoft to get forked