Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+503: Support and cooperation, but no NATO membership, yet. (CyberWire) Ukraine gets closer ties to NATO, but not membership, yet, and the cyber phases of Russia's war show signs of renewed activity.
Russia-Ukraine war: List of key events, day 504 (Al Jazeera) As the conflict enters its 504th day, these are the main developments.
Back To Bakhmut: The Ukrainian Forces Trying To Trap Russian Troops In A Ruined City (RadioFreeEurope/RadioLiberty) "Our job is to…make a bad day for the Russians." Following a lull in the fighting, the Ukrainian Army is advancing on the northern and southern flanks of Bakhmut, hoping to surround the destroyed Donetsk region city to avoid getting involved in street fighting again and suffering losses.
Ukraine-Russia war live: Russian general 'killed by British Storm Shadow missile' (Telegraph, via MSN) A Russian general has been killed on the southern front by a British Storm Shadow missile, according to reports.
Russia-Ukraine war at a glance: what we know on day 504 of the invasion (the Guardian) G7 members signed a joint declaration outlining long-term security and economic support for Ukraine; Stoltenberg said Ukraine is ‘now closer to Nato than ever before’
Ukraine-Russia war live: Russian submarine commander shot dead on morning run (The Telegraph) A Russian naval captain who commanded a submarine that allegedly fired on a Ukrainian city has been shot dead on his morning run.
Wagner Group nearly seized nuclear weapon during mutiny, Ukraine claims (The Telegraph) The claims are disputed by US intelligence sources
Can Putin recover from the Wagner mutiny? (Al Jazeera) Russia’s elites are distancing themselves from Putin, even if they won’t revolt just yet, say analysts.
G7 countries set to sign security 'framework' for Ukraine (Breaking Defense) Joint Declaration signatories will provide long-term, bilateral security commitments for Ukraine, with the aim of building a Ukraine that can defend its territorial sovereignty both today and in the future,” according to a UK foreign ministry statement.
Russia-Ukraine war live: G7 declare support for Ukraine after UK minister says Kyiv should be more grateful (the Guardian) Joint declaration details plan to help towards governance reforms needed for ‘Euro-Atlantic aspirations’
Vilnius Summit Communiqué issued by NATO Heads of State and Government participating in the meeting of the North Atlantic Council in Vilnius 11 July 2023 (NATO) The NATO Invitee associates itself with this Communiqué.
NATO chief defends Ukraine’s by-the-book membership path (Defense News) At their annual summit in Vilnius, Lithuania, alliance members made no guarantees on the timing of Kyiv's accession while the war with Russia rages.
Opinion | This Isn’t Your Father’s NATO (Wall Street Journal) An anti-Putin military alliance now stretches from the Barents to the Black Sea.
As Russia’s war on Ukraine drags on, what is NATO doing to help? (Military Times) NATO doesn’t send weapons. It sends non-lethal support: fuel, food, medical supplies, body armor, gear to counter mines, chemical and biological threats.
NATO agrees to begin F-16 training program for Ukraine in August (The Hill) A coalition of 11 NATO countries agreed to begin an F-16 training program in Europe this August to train Ukrainian pilots on the warplanes, ending speculation about when the long-awaited training w…
Leaders Agree to Expedite Ukraine's NATO Membership (U.S. Department of Defense) Leaders agreed to a package that will ultimately make Ukraine a member of the alliance, NATO Secretary General Jens Stoltenberg said at a news conference.
NATO won't offer Ukraine alliance membership timeline, but promises greater interoperability (Breaking Defense) While the agreement comes with a number of gifts to Ukraine, including the promise to waive standard requirements for NATO membership in the future, it falls well short of the goal set by President Volodymyr Zelenskyy that NATO members lay out a clear path forward for his country to join the alliance.
NATO says it will invite Ukraine to join when ‘conditions are met’; Zelensky calls lack of timeline ‘absurd’ (Washington Post) Stoltenberg says Ukraine now has ‘a clear path towards membership’. Zelensky slams NATO over lack of details on membership. Will Turkey get F-16 fighter jets in return for cooperation on Sweden?
Zelenskiy fails in effort to secure invitation to join Nato at Vilnius summit (the Guardian) Leaders of military alliance sign off on declaration that does not give Ukraine firm membership timetable
NATO summit leaves Ukrainians frustrated (Atlantic Council) The 2023 NATO summit failed to deliver on hopes for a clear commitment on future Ukrainian membership, leaving many in Ukraine deeply frustrated by the apparent lack of urgency among the country's allies, writes Peter Dickinson.
Zelenskyy rages against ‘conditions’ for joining NATO (POLITICO) Ukrainian President Volodymyr Zelenskyy’s arrival in Vilnius — and plans to speak out against NATO’s membership language — is set to be the summit's biggest drama yet.
Russia-Ukraine War: Zelensky Praises NATO Before Meeting With Biden (New York Times) The Ukrainian president said he was grateful for military support, seeking to move past a dispute over when his country would be invited to join NATO. He was scheduled to meet with President Biden later on Wednesday.
NATO Agrees to Pull Ukraine Closer, but Offers No Membership Timeline (Wall Street Journal) In failing to offer Ukraine a clear path to joining the alliance, NATO disappoints Kyiv, which viewed the alliance as critical to deterring Russia.
Czech leader: 'Several countries' hesitant as NATO discusses ascension plans for Ukraine (Breaking Defense) "Ukraine needs to see the light at the end of the tunnel, it needs to feel motivated that one day it will be welcomed into our [NATO] family," said Czech Republic President Petr Pavel.
NATO agrees strong package for Ukraine, boosts deterrence and defence (NATO) In their first working session at the Vilnius Summit on Tuesday (11 July 2023), Allies took decisions to bring Ukraine closer to NATO, and reinforce the Alliance’s collective deterrence and defence.
Remarks by President Biden and NATO Secretary General Jens Stoltenberg in Official Greeting | Vilnius, Lithuania | The White House (The White House) Lithuanian Exhibition and Conference CenterVilnius, Lithuania 1:15 P.M. EEST SECRETARY GENERAL STOLTENBERG: President Biden, dear Joe, welcome to the NATO Summit. And many, many thanks for your strong leadership making this alliance united and even stronger. This summit is already historic because the agreement we made yesterday will make Sweden a full member of NATO. And…
Germany approves $769M weapons package for Ukraine, clears huge Boxer deal with Australia (Breaking Defense) "We are proceeding [with additional funding] because we are convinced it is necessary and the only right thing to do is support Ukraine for as long as it takes," said Boris Pistorius, Germany's minister of defense.
Sunak tells Putin: It’s no good waiting out the West in Ukraine (The Telegraph) PM warns Russian president that Nato is 'in it for the long haul' with its support for Kyiv
NATO's Vilnius Summit Holds the Key for Ukraine's Reconstruction (RAND) Repelling Russia's invasion will be top of mind at the NATO summit in Vilnius. But longer-term security decisions may be even more important to Ukraine's future, after the fighting stops.
Tsikhanouskaya Says Belarus Deserves To Be High On Agenda At NATO Summit (RadioFreeEurope/RadioLiberty) Belarusian opposition leader Svyatlana Tsikhanouskaya says she aims to voice her country’s position on specific issues such as the transfer of Russian tactical nuclear weapons to Belarusian territory while attending the NATO summit in Vilnius.
Sweden’s giant-killer military is built for one thing: fighting Russia
(The Telegraph) Its forces will now deny Russia access to the Arctic and Baltic regions
Opinion How the Biden administration sealed the Sweden deal with Erdogan (Washington Post) NATO summits usually start with drama and often end with a happy family photo. This time, the drama was over before the summit even started.
The invasion of Ukraine spurred NATO to revamp its defense plans against Russian attack (AP News) U.S. President Joe Biden and his NATO counterparts have endorsed the biggest shakeup of the way the military alliance would respond to any attack on its territory by Russia since the Cold War.
NATO Countries Must Work Together to Counter the Russian Cyber-Threat (Infosecurity Magazine) William Hutchison argues that NATO countries should be war-gaming what a full-on Russian cyber war would look like
Storm-0978 attacks reveal financial and espionage motives (Microsoft Security) Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosure to Microsoft via Word documents, using lures related to the Ukrainian World Congress.
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks (BleepingComputer) Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents.
Diplomats Beware: Cloaked Ursa Phishing With a Twist (Unit 42) A Cloaked Ursa phishing campaign targeted Kyiv embassy-based government officials. This is a new tactic targeting individuals instead of organizations.
Russian hackers lured embassy workers in Ukraine with ad for a cheap BMW (Reuters) Hackers suspected of working for Russia's foreign intelligence agency targeted dozens of diplomats at embassies in Ukraine with a fake used car advert in a bid to break into their computers, according to a cybersecurity firm report published on Wednesday.
Pence says Trump’s Ukraine war promise requires giving ‘Putin what he wanted’ (The Hill) Former Vice President Mike Pence Monday chided former President Trump over his assertion that he could end the war in Ukraine within 24 hours, arguing that doing so would mean giving in to Russian …
Russia's threat to pull out of Ukraine grain deal raises fears about global food security (AP News) Concerns are growing that Russia won't extend a United Nations-brokered deal that allows grain to flow from Ukraine to parts of the world struggling with hunger.
Would Prosecuting Russia Prolong the War in Ukraine? (Foreign Affairs) Debating a special tribunal for the crime of aggression.
Attacks, Threats, and Vulnerabilities
Mitigation for China-Based Threat Actor Activity (Microsoft On the Issues) Microsoft and others in the industry have called for transparency when it comes to cyber incidents so that we can learn and get better. As we’ve stated previously, we cannot ignore the exponential rise and frequency of sophisticated attacks. The growing challenges we face only reinforce our commitment to greater information sharing and industry partnership. ...
Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email (Microsoft Security Response Center) Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
Chinese hackers breach U.S. government email through Microsoft cloud (Washington Post) Cyberspies from China exploited a fundamental gap in the Microsoft cloud, enabling them to conduct a targeted hack of unclassified U.S. email accounts.
U.S. Government Emails Hacked in Suspected Chinese Espionage Campaign (Wall Street Journal) The penetration is being viewed as part of an espionage campaign that potentially compromised valuable information.
Bangladesh government fixes website that leaked personal data of 50 million citizens (Record) A security researcher accidentally discovered a publicly-accessible database containing leaked information on millions of Bangladeshi citizens, including their names, phone numbers, birth certificates and national ID numbers.
Major Security Flaws in Popular QuickBlox Chat And Video Framework Expose Sensitive Data Of Millions (Claroty) Team82 and Check Point Research (CPR) collaborated to look at the security of the popular QuickBlox software development kit (SDK) and application programming interface (API).
PyLoose: Python-based fileless malware targets cloud workloads to deliver cryptominer (Wiz Blog) PyLoose is a newly discovered Python-based fileless malware targeting cloud workloads. Get a breakdown of how the attack unfolds and the steps to mitigate it.
Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers (Cisco Talos Blog) Actors are leveraging multiple open-source tools that alter the signing date of kernel mode drivers to load malicious and unverified drivers signed with expired certificates.
Ghostscript Remote Code Execution Vulnerability (Kroll) On June 25, 2023, a vulnerability was disclosed in Ghostscript CVE-2023-36664 prior to the 10.01.2 version that allows for remote code execution. Read more,
Play Ransomware Attacking Private and Public Organizations Across Industries (Cyber Security News) This alarming pace of ransomware is significantly concerning the thousands of private and public organizations around the world across several industries.
Cyber Attackers Can Disable AI Systems By 'Data Poisoning': Google AI Expert (NDTV.com) A researcher at the conference in Shanghai claims that attackers can seriously damage artificial intelligence models by "poisoning" data sets through minor modification.
Threat spotlight: Extortion attacks (Barracuda) Extortion attacks, which are an increasingly common form of email scams, threaten the victim with compromising information, such as an embarrassing photo, and request payment in a cryptocurrency to prevent the information from being released. Attackers often purchase victims’ login credentials or find them through data breaches to “prove” that their threat is legitimate.
Banks, hotels and hospitals among latest MOVEit mass-hack victims (TechCrunch) The MOVEit mass-hack has claimed yet more victims, including banks, hospitals, a hotel chain, and GPS tech company TomTom.
'Real risk' of leak: Law firm suffers cyberattack (NZ Herald) Customers received an update yesterday warning there was a 'real risk' of a leak.
Fallout from cyber hack affecting R.I. state workers being assessed (Providence Business News) More than 14,000 state workers and retirees have had their personal information compromised by a theft perpetrated by a Russia-based hacking group known as “Clop,” which is known to exploit flaws in data sharing software and issue ransom demands for the release of stolen data. First reported in May, the number of those […]
ZooTampa hit by cyber attack, target unclear (WFLA) ZooTampa revealed it recently discovered a “cybersecurity incident” targeting its network environment.
AO3 fanfiction site forced offline by wave of DDoS attacks (The Verge) Our condolences if you were halfway through a juicy fic.
CISA Adds Five Known Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Security Patches, Mitigations, and Software Updates
Mitigating CVE-2023-3595 and CVE-2023-3596 Impacting Rockwell Automation ControlLogix Firmware (Dragos) Review guidance provided by Rockwell Automation and Dragos on how to mitigate vulnerabilities affecting Rockwell Automation ControlLogix firmware.
July 2023 Security Updates (Security Update Guide - Microsoft Security Response Center) This release consists of the following 130 CVEs and 2 Advisories
Microsoft Releases July 2023 Security Updates (Cybersecurity and Infrastructure Security Agency CISA) Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Microsoft July 2023 Patch Tuesday warns of 6 zero-days, 132 flaws (BleepingComputer) Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities.
Patch Tuesday. Four zero-days fixed, one mitigated in Microsoft's largest update this year (Computing) Flaw used to attack NATO summit attendees remains unpatched
Fortinet Releases Security Update for FortiOS and FortiProxy (Cybersecurity and Infrastructure Security Agency CISA) Fortinet has released a security update to address a critical vulnerability (CVE-2023-33308) affecting FortiOS and FortiProxy. A remote attacker can exploit this vulnerability to take control of an affected system.
Adobe Releases Security Updates for ColdFusion and InDesign (Cybersecurity and Infrastructure Security Agency CISA) Adobe has released security updates to address vulnerabilities affecting ColdFusion and InDesign. An attacker can exploit some of these vulnerabilities to take control of an affected system.
Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion (SecurityWeek) Software maker calls special attention to CVE-2023-29300, a deserialization of untrusted data bug with a CVSS severity score of 9.8/10.
Apple's Rapid Security Response Patches Causing Website Access Issues (SecurityWeek) Apple has pulled its latest Rapid Security Response updates for iOS and macOS after users complained that they can no longer access websites.
SAP Security Patch Day – July 2023 (SAP) On July 11, 2023, SAP released several new and updated security patches. This month’s SAP Security Patch Day saw a variety of vulnerabilities addressed, with a particular focus on Program errors.
Return of the ICMAD Critical Vulnerabilities in 2023 (Onapsis) In 2023, the cybersecurity landscape has seen the return of ICMAD. Learn more about the two vulnerabilities and if your company might be affected.
Mozilla Releases Security Update for Firefox and Firefox ESR (Cybersecurity and Infrastructure Security Agency CISA) Mozilla has released a security update to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.
CISA Releases Four Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released four Industrial Control Systems (ICS) advisories on July 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-192-01 Rockwell Automation Enhanced HIM
ICSA-23-192-02 Sensormatic Electronics iSTAR
ICSA-23-192-03 Panasonic Control FPWin Pro7
ICSA-23-180-04 Mitsubishi Electric MELSEC-F Series (Update A)
ICS Patch Tuesday: Siemens, Schneider Electric Fix 50 Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Siemens and Schneider Electric release nine new security advisories and fix 50 vulnerabilities in their products.
Trends
ESET Threat Report H1 2023 (WeLiveSecurity) The H1 2023 issue of ESET Threat Report reviews the key trends and developments that shaped the threat landscape December 2022 through May 2023.
2023 State of Web Application Security - OPSWAT (OPSWAT) The OPSWAT survey gathers information from security professionals worldwide to discover the most up-to-date strategies and recommendations for securing file uploads in complex web applications.
The SpyCloud Malware Readiness And Defense Report (SpyCloud) The Survey: 300+ security & IT leaders and practitioners from mid-sized and enterprise organizations spanning the US & UK that provided their insights and strategies on current state of cyber threats to their business specifically infostealer malware exposures, security measures and incident response protocols plus Post-Infection Remediation gaps.
SpyCloud Report: Organizations Recognize Malware Threat, but Lack Protection Against Infostealers and Proper Post-Infection Remediation (Business Wire) 98% of respondents agreed better visibility into applications exposed by infostealer infections would significantly improve their security posture
Global Scam-paign: Number of scam resources per brand soars by 162% in 2022 – Digital Risk Trends (Group-IB) Group-IB, a global cybersecurity leader headquartered in Singapore, has today published Digital Risk Trends 2023, a comprehensive analysis of the world’s two most common cyber threats: scams and phishing.
Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare (AT&T Cybersecurity) We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Healthcare. It looks at the edge ecosystem, surveying healthcare IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on healthcare report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 r
2023 Edge Ecosystem: Focus on Healthcare | AT&T Cybersecurity (AT&T Cybersecurity) Based on the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem, this report focuses on healthcare and how edge computing is changing how care is delivered and improving patient outcomes. Our 2023 report reveals what your healthcare peers are planning and doing to embrace edge computing.
Marketplace
SpecterOps Closes Series A Extension From Ballistic Ventures, Bringing Funding Round Total to $33.5M (Business Wire) Investment will drive company-wide expansion across BloodHound Enterprise, BloodHound FOSS, consulting and training programs, and research and development
PrivacyHawk Raises $2.7 Million to Pioneer the Personal Data Protection Market (Business Wire) PrivacyHawk is the first personal data manager that empowers individuals to take back control of their personal data. Their groundbreaking product reduces the risk of being targeted by fraud, identity theft, hacks and scams.
NCC Group welcomes new Chief Technology Officer, Siân John (Mynewsdesk) Joining from Microsoft and with 25 years of cyber security experience across strategy, business risk, privacy, and technology, Siân will drive innovation,...
Qualys Names Dino DiMarino Chief Revenue Officer (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security, and compliance solutions, announced Dino...
Products, Services, and Solutions
Fenix24 Partners with CrowdStrike to Offer Customers Single Rapid Response Solution (PR Newswire) Fenix24, an industry-leading cyber disaster recovery firm that is transforming the post-breach restoration process, announced a new partnership...
Consent and Preference Management Platform Cassie Debuts First-Party Data Features To Empower Marketers And Improve The Consumer Experience (PR Newswire) Today Cassie, the consent and preference management platform serving Fortune 500 companies globally, debuted new Progressive Profiling and...
Privacy pain points for marketers report (Cassie) Navigating compliance in a cookieless future
Zurich North America launches cyber offering for middle market (Insurance Business Magazine) New offering helps bridge "cyber resource gap"
Proact demonstrates commitment to information security excellence with ISO 27001 certification in Estonia (News Powered by Cision) Proact, Europe’s leading independent data centre and cloud services provider, has successfully
Co-monitoring service comes to WithSecure Elements (News Powered by Cision) Additional service for WithSecure Elements Endpoint Detection and Response makes round-the-clock
Sophos Announces Partnership With Cysurance to Provide Unique, Fixed-Price Cyber Insurance to Organizations Using Sophos Managed Detection and Response (MDR) (GlobeNewswire News Room) First of its Kind Program Introduces Policies Structured to Benefit Organizations Mitigating Cyber Risk with Sophos MDR...
Sophos Launches Managed Detection and Response (MDR) for Microsoft Defender to Provide a Critical Layer of Security Across Microsoft Environments (GlobeNewswire News Room) OXFORD, United Kingdom, July 12, 2023 (GLOBE NEWSWIRE) -- Sophos, a global leader in innovating and delivering cybersecurity as a service, today launched...
GMV Signs Spanish Cybersecurity Deal (Via Satellite) GMV will provide a cybersecurity system for UAVs in Galacia, Spain. It has signed a 1.6 million euros ($1.7 million) contract with the regional government of Galicia’s Galacian Innovation Agency
The German Cancer Research Center Enhances Data Management and Security with Datadobi (Datadobi) Datadobi® today announced that The German Cancer Research Center (DKFZ), has deployed its StorageMAP platform to strengthen its data management & security capabilities.
JFrog Curation Redefines “Shift Left” Security for Enterprise Software Supply Chains (JFrog) New DevSecOps product delivers centralized governance for automatically blocking malicious open-source packages and vulnerabilities from entering organizations.
DirectDefense, Inc. and SCADAfence Partner to Enhance Industrial Cybersecurity and Safeguard OT Networks in the Era of IIoT (Business Wire) Partnership Extends DirectDefense’s Real-Time Monitoring with SCADAfence’s Platform for Superior OT Network Protection
ProcessUnity and CyberGRX Combine to Form the Most Complete Third-Party Risk Management Platform in the Market (Business Wire) Combined Company Integrates the Full Third-Party Risk Lifecycle, Enabling a Collaborative Risk Assessment Process Between Procurement, Cybersecurity and Third-Party Service Providers
GlobalPlatform & Institute for Information Industry announce partnership to advance Taiwan’s cybersecurity goals (GlobalPlatform) GlobalPlatform, the standard for secure digital services and devices, and the Institute for Information Industry (III), have signed a Memorandum of Understanding (MoU) to support Taiwan in bolstering digital transformation and enhancing the cyber resilience of its technology supply chains.
Cradlepoint Announces 5G SASE Strategy for Cellular and Hybrid WAN Security (GlobeNewswire News Room) Enterprises extending beyond conventional fixed site connectivity will benefit from SASE...
Blues expands global coverage with 1NCE IoT connectivity option (PR Newswire) Blues, a leader in easy-to-build IoT solutions that improve business operations, reduce costs and decrease time-to-market, announced today it...
Cyware Expands Partnership with ZeroFox Through Inclusion in the Partner Advisory Marketplace (Business Wire) Cyware, the leading provider of threat intelligence management, security collaboration, and cyber fusion solutions, today announced that ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has been added to the Cyware Partner Advisory Marketplace, making select ZeroFox threat advisories available to Cyware customers including all ISAC and ISAO sharing communities powered by Cyware.
Healthcare Triangle Launches Ransomware Initiative Aimed at Protection and Prevention for Healthcare Providers (GlobeNewswire News Room) Company to educate and guide best practices for maintaining resiliency in the face of increasing ransomware attacks in healthcare...
Paulding Ohio Hospital Deploys BIO-key’s PortalGuard® Cloud Platform to Manage Identity-Bound Biometric Authentication for Epic Hyperdrive (GlobeNewswire News Room) BIO-key International, Inc. (NASDAQ: BKYI), an innovative provider of workforce and...
Cybersixgill Launches Global Managed Security Service Provider (MSSP) Partner Program (Cybersixgill) Cybersixgill, the global cyber threat intelligence data provider, announced today its new global Managed Security Service Provider (MSSP) program, featuring a team of dedicated experts and collection of products to help MSSP partners take their security services to the next level.
WatchGuard Expands Identity Protection Capabilities with New AuthPoint Total Identity Security Bundle (WatchGuard Technologies) The company’s new AuthPoint Total Identity Security solution adds advanced password management capabilities and dark web monitoring to help protect corporate credentials
Technologies, Techniques, and Standards
Listen: FBI Eyes Evolving Tech to Combat ‘Cybercrime as a Service’ (Government CIO) The agency’s intelligence and law enforcement capabilities are keeping pace with technological change to respond to and prevent cyber threats.
United Nations–Internet Governance Forum Establishes a Blockchain Standards Group (GlobeNewswire News Room) The establishment of the Dynamic Coalition on Blockchain Assurance and...
Research and Development
Virginia Tech researchers find vulnerabilities in code of popular reverse engineering tools (Virginia Tech News) Through the team's mathematical proofs, software programmers can now be sure that their code is free of unintended behaviors attractive to hackers.
Academia
How Are Higher Ed Cyber Attacks Evolving? (GovTech) Despite efforts to combat ransomware attacks on higher ed institutions, the education sector remains one of the most targeted industries as more vulnerabilities and data incentivize hackers.
Legislation, Policy, and Regulation
The Quad: Tackling the spider, not cobwebs, in cyberspace (Lowy Institute) A security pact, but not as we know it. How a commitment to uplift software security will reap benefits for all.
South Korea, NATO to boost partnership on security, cyber threats (Reuters) South Korea and NATO will expand cooperation on global security issues including Ukraine and North Korea their leaders said on Tuesday on the sidelines of NATO's annual meeting in Lithuania, the South Korean presidential office said.
FS-ISAC signs MoU with the Cyber Security Agency of Singapore (Finextra Research) FS-ISAC has signed a Memorandum of Understanding (MoU) with the Cyber Security Agency of Singapore (CSA), renewing the organisations’ collaboration on information sharing and participating in cyber exercises within the financial services domain.
ITI, Industry Groups Offer Recommendations to Improve EU Cyber Resiliency Act - Information Technology Industry Council (ITI) Today, global tech trade association ITI, the Information Technology Industry Council, led industry partners Developers Alliance, BSA|The Software Alliance, and the Computer & Communications Industry Associations (CCIA) on a set of recommendations to advance the goals of the EU’s Cyber Resiliency Act (CRA) while addressing concerns in the current proposal.
Port of Rotterdam says new EU cyber security regs will impact port and other stakeholders (AJOT) New European Union regulations will expand the mandate for European companies to establish cyber security plans and will impose penalties in case of non-compliance, according to Marijn van Schoote, Manager, IT Service Management, Operations & Cyber Security, Port of Rotterdam.
Transatlantic Data Economy Simplified: European Commission Adopts Adequacy Decision for EU-US Data Privacy Framework (cyber/data/privacy insights) On 10 July 2023, the European Commission adopted its adequacy decision concluding that the EU-US Data Privacy Framework provides an adequate level of protection for personal data transferred from the European Union (EU) to US companies. Approved by the US following President Joe Biden’s executive or
Congress Wants to Take Back Power Over Crypto (WIRED) On Wednesday, US Senators Cynthia Lummis and Kirsten Gillibrand will unveil proposed legislation to decide once and for all how digital assets should be regulated.
The FCC aims to stop SIM swappers with new rules (The Verge) The rules are intended to protect customers from phone hijackers.
New York hate-crime safety grants allow cyber upgrades for first time (StateScoop) Gov. Kathy Hochul announced that nonprofits and community-based organizations will receive $51 million to protect against hate crimes.
Industry groups Urge White House to nominate new National Cyber DirectorIndustry groups Urge White House to nominate new National Cyber Director (Center for Cybersecurity, Policy, and Law) We the undersigned organizations respectfully urge President Biden to nominate a National Cyber Director (NCD) before the end of July considering the ever-changing and increasingly complex cyber landscape. Swift action is crucial in filling this role to protect our nation against ongoing threats and effectively tackle the challenges that lie ahead of us.
Biden’s Cyber Command and NSA nominee seen as a pick for continuity (Record) Lt. Gen. Timothy Haugh has a long history with cyber operations in the Air Force and at Cyber Command. Insiders say he has what it takes to follow Gen. Paul Nakasone atop CYBERCOM and the NSA.
Litigation, Investigation, and Law Enforcement
3 tax prep firms shared 'extraordinarily sensitive' data about taxpayers with Meta, lawmakers say (AP News) Some congressional Democrats say three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over at least two years.
Alleged cybercriminals had a busy day in court (Washington Post) Alleged Lapsus$ gang member, Silk Road adviser and accused cyber pro face legal consequences
Former Security Engineer For International Technology Company Arrested For Defrauding Decentralized Cryptocurrency Exchange (US Attorney for the Southern District of New York) Damian Williams, the United States Attorney for the Southern District of New York, Chad Plantz, the Special Agent in Charge of the San Diego Field Office of Homeland Security Investigations (“HSI”), and Tyler Hatcher, the Special Agent in Charge of the Los Angeles Field Office of the Internal Revenue Service - Criminal Investigation (“IRS-CI”), announced the unsealing of an Indictment charging SHAKEEB AHMED with wire fraud and money laundering in connection with his attack on a decentralized cryptocurrency exchange (the “Crypto Exchange”).
Cybersecurity professional accused of stealing $9M in crypto (TechCrunch) U.S. government prosecutors accused Shakeeb Ahmed, a former cybersecurity professional, of stealing around $9 million in crypto.
Two Teens Accused of Masterminding Hacks on Grand Theft Auto and Uber (Bloomberg) Teenagers on trial for hacking Nvidia, Rockstar, Uber. Kurtaj hacked into Rockstar’s GTA and leaked video online.
British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar (Record) A British Crown Court on Tuesday lifted a reporting restriction, allowing the naming of teenager Arion Kurtaj who is accused of hacking Uber, Revolut, and video games developer Rockstar in a short period of time last September.
Senior Adviser To The Operator Of The Silk Road Online Black Market Sentenced To 20 Years In Prison (US Department of Justice) Damian Williams, the United States Attorney for the Southern District of New York, announced that ROGER THOMAS CLARK, a/k/a “Plural of Mongoose,” a/k/a “Variety Jones,” a/k/a “VJ,” a/k/a “cimon,” was sentenced to 20 years in prison today for conspiring to distribute massive quantities of narcotics, arising out of his role as the top adviser to Ross Ulbricht, a/k/a “Dread Pirate Roberts,” the owner and operator of the “Silk Road” online illicit black market.
Silk Road’s Second-in-Command, Variety Jones, Gets 20 Years in Prison (WIRED) Roger Thomas Clark, also known as Variety Jones, will spend much of the rest of his life in prison for his key role in building the world’s first dark-web drug market.
Client Alert: SEC’s Approach to Enforcement After Cyber Incidents: Key Takeaways for Public Companies from a Recent Speech (JD Supra) Last month, Gurbir Grewal, the Director of the SEC’s Division of Enforcement, spoke at the Financial Times Cyber Resilience Summit. During the...
What the DoD Can Learn from Alleged Jack Teixeira Classified Document Leaks (Military.com) "It's often easier and reassuring to blame a flawed individual, but addressing institutional and systemic failings can produce better solutions."
FBI Cyber Agents Want A Relationship With MSPs, Official Says (CRN) The FBI wants to have a relationship with MSPs so that they can assist in the event of a ransomware attack or other cyberattack, according to Richard Murray of the FBI’s Dallas Cyber Task Force.
Anti-Cyber Crimes Unit arrests six perpetrators of cyber-fraud - Jordan News | Latest News from Jordan, MENA (Jordan News) The Anti-Cyber Crimes Unit of the Public Security Directorate has arrested six individuals linked to cyber-fraud, according to a spokesperson. The arrests were made in response to complaints from citizens who fell victim to electronic fraud schemes.
Judge Finds Ex-Proofpoint VP Owes $1 In Trade Secrets Suit (Law360) A California federal judge has found that a former employee of a unit of software company Proofpoint Inc. doesn't have to pony up the $480,000 a jury said he owed for allegedly breaching a contract he had with his former employer, which had been part of a nearly $14 million jury verdict.