Natanz damaged last week, but causes are unclear. US Cyber Command advises patching F5 BIG-IP bugs. Lazarus skims paycards.

Cyber Attacks, Threats, and Vulnerabilities

Iran threatens retaliation after what it calls possible cyber attack on nuclear site (Reuters) Iran will retaliate against any country that carries out cyber attacks on its nuclear sites, the head of civilian defence said, after a fire at its Natanz plant which some Iranian officials said may have been caused by cyber sabotage.

Explosion at Iran's nuclear facility caused by Israeli cyber attack, report (Computing) The incident is expected to delay Tehran's nuclear enrichment programme by approximately two months

Mysterious Explosion and Fire Damage Iranian Nuclear Enrichment Facility (New York Times) Iran released a photograph showing evidence of what appeared to be a major explosion at the site. Early evidence suggests it was most likely an act of sabotage.

Iran Admits Serious Damage to Natanz Nuclear Site, Setting Back Program (New York Times) A Middle Eastern intelligence official said Israel planted a bomb in a building where advanced centrifuges were being developed.

Iran hints a cyber attack caused fire at nuclear facility (The Christian Science Monitor) A fire at Iran's underground Natanz nuclear facility could slow the development of centrifuges used to enrich uranium. A cyber attack by Israel or the US?

Cyberattacks Possibly Involved in Explosions at Iranian Nuclear, Military Facilities (SecurityWeek) Recent fires and explosions at Iranian facilities, including the Natanz nuclear site targeted by the notorious Stuxnet malware, may have been caused deliberately as part of an operation that involved cyberattacks

Ashkenazi on Iran explosions: Our actions are better left unsaid (The Jerusalem Post) ‘Not every incident in Iran has to do with us,’ Gantz says

Cyber Strike By Foreign Force Caused Iran Explosion: Israeli Experts (Breaking Defense) Iranian officials confirmed damage to a building built near the Natanz nuclear power plant today, saying an "accident" occurred. Israel has denied any connection to the huge explosion in the secret facility.

Nuclear site cyber attack possible: Iran (The Canberra Times) Iran will retaliate against any country that carries out cyber attacks on its nuclear sites, the head of civilian defence says, after a fire at its Natanz pla...

Iran Nuclear Facility Explosion: Accident, Sabotage, Or Cyber-Attack? (Forbes) A huge explosion has taken place at an Iranian nuclear enrichment facility, possibly damaging some of the country’s most advanced centrifuges. Was it an accident, sabotage, or cyber-attack?

Smartphone Apps Are Now a Weapon in International Disputes (Wired) India bans 59 Chinese apps, weeks after border skirmishes killed 20 Indian soldiers. Russia and Brazil have previously blocked apps for their own reasons.

Anonymous Hackers Warns to All: 'Uninstall TikTok Now!' (Tech Times) Anonymous said its a certified 'Chinese malware.'

‘State-backed’ group spying on Indians: Report (The Times of India) India News: After seven years of targeting countries in West Asia and Europe, a sophisticated and resilient cyber espionage group, Promethium, has shifted its foc

North Korean hackers linked to web skimming (Magecart) attacks, report says (ZDNet) After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores.

North Korean hackers are skimming US and European shoppers (Sansec) North Korean state sponsored hackers are implicated in the interception of online payments from American and European shoppers, Sansec research shows. Hackers associated with the APT Lazarus/HIDDEN COBRA1 group were found to be breaking into online stores of large US retailers and planting payment skimmers as early as May 2019.

Enterprises in Americas, Europe Targeted With Valak Information Stealer (SecurityWeek) The Valak information stealer is being distributed in ongoing campaigns aimed at enterprises in North America, South America, Europe and likely other regions

Try2Cry ransomware tries to worm its way to other Windows systems (BleepingComputer) A new ransomware known as Try2Cry is trying to worm its way onto other Windows computers by infecting USB flash drives and using Windows shortcuts (LNK files) posing as the targets' files to lure them into infecting themselves.

Malware of the Day - PittyTiger - Active Countermeasures (Active Countermeasures) What is Malware of the Day? Malware of the Day: PITTY TIGER Lab Setup Malware: PittyTiger AKA: PittyTiger RAT, one of […]

This innocent Windows 10 feature could be used to mask malware attacks (TechRadar) New Windows 10 LOLBin could bypass security and act as a ‘stealthy downloader’

Avaddon ransomware shows that Excel 4.0 macros are still effective (BleepingComputer) Avaddon ransomware has been spreading this week via an old technique that's making a comeback, Microsoft cautions on Thursday.

New Mac Ransomware Is Even More Sinister Than It Appears (Wired) The malware known as ThiefQuest or EvilQuest also has spyware capabilities that allow it to grab passwords and credit card numbers.

.NET Core vulnerability lets attackers evade malware detection (BleepingComputer) A vulnerability in the .NET Core library allows malicious programs to be launched while evading detection by security software.

Ransomware Operators Demand $14 Million From Power Company (SecurityWeek) The threat actor behind the Sodinokibi (REvil) ransomware is demanding a $14 million ransom from Brazilian-based electrical energy company Light SA

Sodinokibi gang begins dark web celebrity data auctions (ComputerWeekly) Group claims to be auctioning confidential legal data on pop stars Mariah Carey, Nicki Minaj and basketball player LeBron James.

BMW customer database for sale on dark web (SC Media) A database of 384,319 BMW car owners in the U.K. is being offered for sale on an underground forum by the KelvinSecurity Team hacking group, according to

NHAI was hit by ransomware attack, suffered loss of data (The Times of India) Last week’s cyber attack on the mail server of the National Highways Authority of India (NHAI) has been found to be a ransomware attack tha.

Notorious criminal group hacks Fort Worth agency, holding data for ransom, experts say (Fort Worth Star-Telegram) A ransomware gang is holding Fort Worth’s regional transportation agency’s private data hostage, according to two cybersecurity companies that monitor the criminal group.

5 dating apps caught leaking millions of user-sensitive data (HackRead) All 5 apps were exposing user data due to database misconfiguration.

Data Breach: Millions of Dating App Records, Messages, and User Profiles Exposed in Data Leak (WizCase) WizCase’s security team has recently uncovered breaches in 5 different dating site and app databases. These leaks have compromised user data, including sensitive and confidential information like real names, billing addresses, email addresses, phone numbers, private messages, and more. The total number of leaked entries is in the millions. Every server was easily accessible ...

Randori Attack Team Confirms Exploitability Of CVE-2020-2021 (Randori) The Randori Attack Team has successfully developed a POC for CVE-2020-2021 and has been able to confirm the severity of the vulnerability in local test environments.

Android Users Beware, Fakesky Malware is Back and is Dangerous Than Ever Before (News18) Fakesky, which was first discovered in Japan way back in 2017, has resurfaced once again and disguises itself as a legitimate postal service application to attack Android users.

Why should you worry about DNS attacks? (Imperva Blog) Domain Name System (DNS) is a very basic protocol and service that enables Internet users and network devices to discover websites using human-readable hostnames instead of numeric IP addresses. This article provides a detailed explanation of how DNS works. If the DNS service is attacked or doesn’t function properly, your service/website may become inaccessible. In […]

MongoDB ransom threats step up from blackmail to full-on wiping (Naked Security) Still thinking “the crooks probably won’t find me if I make a security blunder”?

Inside a ransomware attack: From the first breach to the ransom demand (ZDNet) Security researchers map out how a ransomware attack plays out over a two week period.

Mykings jumps on the Corona train (Sophos News) The ubiquitous, noisy, SQL-attacking botnet can’t help comparing itself to a deadly disease

Cyber thieves use selfies to steal your personal information (KOMO) Fraudsters are always looking to up their game. The cyber thieves who send out phishing emails have figured out a new way to steal your personal information. In most cases, when if you click on a link in one of these bogus emails, you get taken to a copycat website run by the criminals. It looks legitimate and asks you to login using your personal credentials. Do that and you’ve given hackers the keys to your account.

Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw (Security Affairs) Attackers are already attempting to exploit the recently fixed bug in F5 Networks BIG-IP product, security experts warn. A few days after the disclosure of the vulnerability in the F5 Networks BIG-IP product. F5 Networks has recently addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management […]

Attackers are breaching F5 BIG-IP devices, check whether you've been hit (Help Net Security) Attackers are actively trying to exploit CVE-2020-5902, a critical vulnerability affecting F5 Networks' BIG-IP multi-purpose networking devices.

Facebook hoaxes back in the spotlight – what to tell your friends (Naked Security) At the risk of giving you a feeling of déjà vu all over again, it’s time to talk about Facebook hoaxes once more.

LinkedIn says iOS clipboard snooping after every key press is a bug, will fix (ZDNet) The new clipboard access detection and warning feature in iOS 14 exposes another app.

DuckDuckGo collecting user browsing data without consent (HackRead) An ethical hacker on Twitter revealed how intentionally or unintentionally DuckDuckGo is tracking the websites a user visits.

X-FAB Affected by Cyber Attack (BusinessWire) Regulatory News: X-FAB Silicon Foundries SE (BOURSE:XFAB) On July 5, 2020, X-FAB Group was the target of a cyber security attack. Following the advice

Johnson Controls exacqVision (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Exacq Technologies, a subsidiary of Johnson Controls Equipment: exacqVision Vulnerability: Improper Verification of Cryptographic Signature 2.

ABB System 800xA Information Manager (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ABB Equipment: System 800xA Information Manager Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject and execute arbitrary code on the information manager server.

Nortek Linear eMerge 50P/5000P (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Nortek Equipment: Linear eMerge 50P/5000P Vulnerabilities: Path Traversal, Command Injection, Unrestricted Upload of File with Dangerous Type, Cross-site Request Forgery, Improper Authentication 2.

OpenClinic GA (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: OpenClinic GA is a product of open-source collaboration on Source Forge Equipment: OpenClinic GA Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Restriction of Excessive Authentication Attempts, Improper Authentication, Missing Authorization, Execution with Unnecessary Privileges, Unrestricted Upload of File with Dangerous Type, Path Traversal, Improper Authorization, Cross-site Scripting, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials, Hidden Functionality

University of Michigan: Leaked emails, passwords were from '3rd-party data breaches' (Detroit Free Press) University of Michigan says a breach of student email addresses and passwords was the result of older "third-party data breaches".

Militias flocked to Gettysburg to foil a supposed antifa flag burning, an apparent hoax created on social media (Washington Post) Similar hoaxes in several states have drawn the same type of reaction.

Early Covid-19 tracking apps easy prey for hackers, and it might get worse before it gets better (POLITICO) The apps could prove vital to curtailing the virus’s spread as states reopen, but security fears may make them unpopular with users.

Security Patches, Mitigations, and Software Updates

F5 patches vulnerability that received a CVSS 10 severity score (ZDNet) Remote code execution in F5 BIG-IP devices exposes governments, cloud providers, ISPs, banks, and many Fortune 500 companies to possible intrusions.

US Cyber Command urges F5 customers to patch critical BIG-IP flaw (BleepingComputer) F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC).

PoC exploits released for F5 BIG-IP vulnerabilities, patch now! (BleepingComputer) Two days after patches for critical F5 BIG-IP vulnerability were released, security researchers have started publicly posting proof-of-concept (PoC) exploits show how easy it is to exploit these devices.

Windows 10's Microsoft Store Codecs patches are confusing users (BleepingComputer) Microsoft released security updates via the Microsoft Store last week, and it's confusing many users who want to make sure their devices are protected.

Microsoft is forcing Edge on Windows users with a spyware-like install (The Verge) Forced automatic updates were bad enough.

Dashlane Update 6.2026.2 Comes With New Performance Improvements (Tech Life) We live in the apex days of the internet era, as the powerful service has changed the lives of hundreds of millions of users from all over the world. Many internet users have at least a few online …

Infosec community disagrees with changing 'black hat' term due to racial stereotyping (ZDNet) A Google security researcher withdrew from the Black Hat security conference and asked the community to stop using the 'black hat' term.

New update alert: Mi Note 10/Pro, Galaxy Note 10/10+, Galaxy A7 (2018), LG V60 ThinQ, Oppo A92s, Reno3, Reno Ace, & Ace2 - PiunikaWeb (PiunikaWeb) New update alert: Mi Note 10/10 Pro, Samsung Galaxy A7 (2018), LG V60, Oppo Reno Ace 2, Reno 3, Reno Ace, A92s & Galaxy Note 10/10+...

Xiaomi Redmi 7A June 2020 security update now rolling out (Ydraft) Chinese smartphone maker, Xiaomi, seems to be rolling out a new software update for its Redmi 7A smartphone. The update brings the month-old June 2020 security patch along with several other system-level improvements. The company also recently rolled out the Android 10-based MIUI 11 update for it last week. The Xiaomi Redmi 7A June Security […]

Honor 8A update brings June 2020 security patch (BGR India) Honor 8A June 2020 security patch roll out - Check Honor 8A Price in India, unboxing, specifications, features, review at BGR India.

Cyber Trends

Companies start reporting ransomware attacks as data breaches (BleepingComputer) Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data.

IBM: More companies failing to contain cyberattacks despite being better prepared (WRAL TechWire) A new security report from IBM warns that while more companies are better prepapred to to detect and respond to a cyberattack a growing number are unable to contain such an at

Whisper it… but could a cyber attack be good for your career? (ComputerWeekly) All too often it’s the CISO who has to carry the can for an enterprise security failure, but this might not be a bad thing. In fact, there’s lots evidence to suggest that falling victim to a cyber attack may actually enhance your CV.

These are the most searched for malware types (ITProPortal) Researchers are investigating the more obscure malware types.

"Phishing ist immer noch der einfachste Weg, Firmen zu infiltrieren" (IT-Markt) Die Technologie entwickelt sich stetig weiter. Dennoch bleibt die Schwachstelle Nummer eins weiterhin der Mensch. Wie Unternehmen ihre Mitarbeiter mit Awareness-Trainings vor den Gefahren aus dem Cyberraum sensibilisieren können, erklärt Cornelia Lehle, Sales Director bei G Data Schweiz. Interview: Coen Kaat

Marketplace

Cybersecurity Veterans Find Benefits and Challenges with Advisory Roles (Wall Street Journal) Long-serving security professionals can use their experience to advise startups, but conflicts of interest must be managed appropriately.

SEC filing indicates big data provider Palantir is raising $961M, $550M of it already secured (TechCrunch) Palantir, the sometimes controversial, but always secretive, big data and analytics provider that works with governments and other public and private organizations to power national security, health and a variety of other services, has reportedly been eyeing a public listing this autumn. But in the…

TikTok Tackles India App Ban, Vowing It’s No Tool for Beijing (Wall Street Journal) TikTok, a popular short-video app, sought to distance itself from Beijing after India banned it and dozens of other Chinese mobile apps in retaliation for a deadly border clash last month.

Silicon Valley Elite Discuss Journalists Having Too Much Power in Private App (Vice) In leaked audio from an invite-only app, venture capitalists pondered everything they think is wrong with journalism.

Google-backed groups criticize Apple's new warnings on user tracking (Reuters) A group of European digital advertising associations on Friday criticized Apple Inc's plans to require apps to seek additional permission from users before tracking them across other apps and websites.

Facebook Boycott Organizers Want a Civil Rights Expert in the Company’s Executive Suite (Wall Street Journal) Leaders of civil rights groups are meeting with Facebook executives after calling for an ad boycott of the platform for the month of July. Facebook, which has been under growing pressure to change and update some of its content and brand-safety policies, this week requested a new meeting with civil rights leaders.

NZ news giant Stuff quits Facebook 'until further notice' – leaked internal memo (The Spinoff) The biggest news site in New Zealand, and the country's fifth biggest site overall, Stuff has embarked on an experiment in dropping the use of Facebook and Instagram. It has been launched 'in the context of the international Boycott Facebook movement', according to a memo leaked to The Spinoff.

Opinion | How the Facebook Boycott Could Just Make Facebook Stronger (POLITICO) Corporate ad boycotts have as long a tradition as corporate virtue-signaling. Don’t count on either to dent the social media titan.

Deloitte hires ex-NTT, CSC exec to lead managed security biz (CRN Australia) Dwayn Lythgo to lead AP Cybersphere virtual delivery centre.

Products, Services, and Solutions

Vulcan Cyber Adds Customizable Risk Modeling to its Vulnerability Remediation Platform (PR Newswire) Vulcan Cyber®, developers of the industry's only end-to-end vulnerability remediation platform, today announced customers can now add custom...

New Behave! extension warns of website port scans, local attacks (BleepingComputer) A new browser extension called Behave! will warn you if a web site is using scripts to perform scans or attacks on local and private IP addresses on your network.

Trend Micro launches ID Security - to keep an eye on the Dark Web looking for your data (EFTM) For as long as I can remember now we’ve been talking about the importance of Anti-Virus, security for your computer. In 2020, that’s not even the start of it – today you need a comprehensive Internet Security package and Trend Micro have launched a new feature to protect your Identity online. Internet Security today refers […]

Technologies, Techniques, and Standards

The Largest Cyber Attack of All Time Is Coming. And AI Could Help Stop It. (CPO Magazine) Largest cyber attack in history has been predicted to happen soon, companies should look into using AI based cybersecurity systems to decrease their probability of this attack.

Too many security tools weaken enterprise incident response, study finds (SC Magazine) Missing the wood for the trees. Those with large numbers of tools must make sure the staff, expertise, and proper organisational alignments, expectations, and structures are in place.

What is Patch Management? (Heimdal Security Blog) Patch management is a process that involves the acquisition, review, and deployment of patches on an organization’s systems.

How to handle nation-state cyberattacks on the enterprise (SearchSecurity) Nation-state cyberattacks can be a window into what's coming at the enterprise next. As technologies like IoT make enterprises more vulnerable, they need to monitor attack activity, update incident response policies, check cyberinsurance policies, and communicate with customers and partners.

The Four Phases of Offensive Security Teams (Security Boulevard) For brevity, I will be using the term “partner” to refer to the customer, Defensive Team, IT Team, or other direct consumers of the Offensive Team’s output. In my experience, offensive security teams, be them internal or external (consultants/contractors), the relationship they have with companies falls into one of four phases...

The key to stopping cyberattacks? Understanding your own systems before the hackers strike (ZDNet) Organisations struggle to monitor their networks because they often don't know what's there. And that allows hackers to sneak in under the radar.

Design and Innovation

Three UK: We're sending you this SMS to warn you not to pay attention to unsolicited texts (Register) So ... CLICK HERE to find out more!

Academia

College of Business offers new graduate certificate in cybersecurity (UTSA Today) UTSA’s College of Business is offering a new graduate certificate in cybersecurity. This 12-hour program is designed to give noncyber professionals the knowledge and technical skills needed to deal with cybersecurity issues that impact a wide variety of fields.

Legislation, Policy and Regulation

Analysis | The Cybersecurity 202: Hacking tensions with Iran are surging again after nuclear site fire (Washington Post) Iran has threatened to retaliate for the possible cyberattack but not officially blamed the U.S. or Israel

Brazilian General Data Protection Law – Overview and Implications (Infosecurity Magazine) Definitions, characteristics, and provisions of the Brazilian General Data Protection Law, and its implications for the privacy landscape in Brazil overall.

Huawei pressured by U.S., allies to reveal details about work with Chinese government (The Washington Times) America and its allies are increasing pressure on tech giant Huawei to reveal details about its work for China.

France won't ban Huawei, but encouraging 5G telcos to avoid it: report (Reuters) The head of the French cybersecurity agency ANSSI said there would not be a total ban on using equipment from Huawei in the rollout of the French 5G telecoms network, but that it was pushing French telcos to avoid switching to the Chinese company.

U.K. Prepares to Start Huawei 5G Phase-Out as Soon as This Year (Bloomberg) Prime Minister Boris Johnson is preparing to begin phasing out the use of Huawei Technologies Co. equipment in the U.K.’s 5G telecoms network as soon as this year, a person familiar with the matter said.

Plan to cut Huawei out of UK networks by 2029 is too slow, Tory rebels warn Boris Johnson (The Telegraph) PM told it would be 'unconscionable' for Tories to fight the next election with Huawei on UK soil

US sanctions make Huawei more of a security risk, says leaked UK report (The Verge) The UK may phase out its adoption of Huawei 5G tech

UK to phase out Huawei gear from 5G networks in a major policy U-turn after U.S. sanctions, reports say (CNBC) In January, the U.K. said Huawei could play a limited role in its 5G networks. But the latest round of U.S. sanctions against the firm may have raised new security fears.

Cyber national security: how the UK has prepared itself for major attacks (PublicTechnology.net) In January 2018, Ciaran Martin, the chief executive of the National Cyber Security Centre, publicly warned that “it is a matter of when, not if” the UK would suffer a category-one cyberattack, and that we could count ourselves lucky to make it through the coming two years without doing so.

Govt mulls stricter cyber security accountability for agencies (iTnews) After years of apathy.

China crackdown: Boris concocts perfect revenge for China's threat over Hong Kong citizens (Express) Boris Johnson has hinted the government is considering whether or not to go ahead with allowing Chinese telecoms giant Huawei to help build Britain's 5G network.

PM goes on billion-dollar cyber war footing amid China tensions (Australian Financial Review) More than 500 new cyber spies will be recruited as part of a record $1.35 billion increase to strengthen the nation's cyber defences.

State-Sponsored Cyber Attacks Threaten Australian Critical Infrastructure (CPO Magazine) Australian organisations have fallen victim to cyber attacks that are believed to be state-sponsored, raising alarm about the vulnerability of the country’s critical infrastructure.

Power Ministry Imposes Cyber Security Measures on Imported Power Supply Components (Mercom India) MoP has issued a notice mandating all power supply system equipment, components, and parts imported into the country must pass through a check for...

How Can India Fight China’s Cyber Attack? Jayadeva Ranade Explains (TheQuint) Security Expert Jayadeva Ranade explains that cyber attack is part of China’s strategy in the event of a war.

Banning Chinese apps boosts India’s security (The Sunday Guardian Live) Indian companies, technology researchers and start-ups must be encouraged to fill the gap in the social media space. India has finally reached the conclusion that its national security priorities, including data security, can no longer be taken lightly. This got reflected in its decision to ban 59 Chinese

CAIT urges boycotting China's Huawai & ZTE from India's 5G rollout; writes to IT Minister (Republic World) Amid growing tensions between India and China, the Confederation of All India Traders (CAIT) has written to IT Minister Ravi Shankar Prasad on Sunday.

US Sanctions on Huawei & ZTE Pose Hard(ware) Questions for India (TheQuint) The concerns of US & India pertains to how China requires companies to share data if requested by the government.

The fog of cyberwar (PublicTechnology.net) “Cyberattacks are every bit as deadly as those faced on the physical battlefield.” These were the words of defence secretary Ben Wallace last month, spoken on the occasion of the creation of the UK Armed Forces’ first-ever dedicated Cyber Regiment.

Hong Kong Security Law Stuns International Business: ‘It Turns Out It Is Really Bad’ (Wall Street Journal) Beijing is telling foreign companies not to worry, but its intercession in Hong Kong has executives fearing that the city’s unique role as a business hub is in jeopardy.

Facebook, Twitter, Google Face Free-Speech Test in Hong Kong (Wall Street Journal) U.S. tech titans face a looming test of their free-speech credentials in Hong Kong as China’s new national-security law for the city demands local authorities take measures to supervise and regulate its uncensored internet.

WSJ News Exclusive | Facebook Suspending Review of Hong Kong Requests for User Data (Wall Street Journal) Facebook is suspending the review of government requests for user data from Hong Kong following China’s imposition of a national-security law on the city. The company’s move follows an earlier decision by its WhatsApp messaging service.

Hardliner to head HK national security agency (Asia Times) China appointed a hardliner involved in a clampdown against protests on the mainland as the head of Hong Kong’s new security agency on Friday, state media said, days after imposing a sweeping…

Beijing names hard-liner who crushed protests to head Hong Kong security agency (Washington Post) Zheng Yanxiong is known for putting down an anti-corruption uprising in neighboring Guangdong province.

China installs propaganda official to lead security agency in Hong Kong (Washington Examiner) China appointed a hard-liner to lead its national security agency in Hong Kong after implementing sweeping authorities meant to crack down on dissent.

'Hong Kong people will fight on,' councillor says after national security law arrests (CBC) It's become much more dangerous to advocate for democracy and independence in Hong Kong — but Coun. Lo Kin-hei says people won't give up fighting for their rights.

“Laam Caau:” The high-stakes game that Hong Kong protesters are waging with China (Quartz) Beijing just imposed a sweeping national security law on Hong Kong—some are betting that the move will backfire on China.

Senate approves final sanctions bill to punish China over Hong Kong (CNN) The US Senate has approved a final version of legislation that would punish China for moves that lawmakers fear will crush democratic freedoms in Hong Kong.

Senate panel advances EARN IT act, but critics fear it could weaken encryption (CyberScoop) The Senate Judiciary Committee unanimously advanced a bill that would combat child pornography, but one technologists say risks weakening encryption.

Misconceptions on British tech response to COVID-19 (Reincubate) Following our analysis in May of UK's NHSX tracking app, the news that the UK is switching to use Apple & Google's Exposure Tracking APIs, and the recent appearance of contact tracing on iPhones, I'm sharing analysis of what's happened since and looking at a couple of popular misconceptions.

Iraq PM Mustafa Al Kadhimi reshuffles top security posts (The National) PMU chief Faleh Al Fayadh replaced as national security adviser and head of National Security Agency

New Command Sergeant Major Takes Helm of the Army Reserve’s Cyber Force (DVIDS) WASHINGTON — Amid COVID-19 operating protocol, the Army Reserve's Cyber force held a change of responsibility welcoming a new command sergeant major in early May.

Litigation, Investigation, and Enforcement

Meng Wanzhou, the Huawei CFO at the heart of China-US-Canada political & diplomatic crisis (ThePrint) Meng's arrest in Canada is being seen as the result of the US-China tussle but it has also raised questions about whether Huawei is a private firm or an arm of the Communist Party.

Extraterritorial Application of the Computer Fraud and Abuse Act (The National Law Review) A brazen and sophisticated computer intrusion into the records of over 145 million Americans launched from computer hackers based in China led to recent criminal prosecutions under the Computer Fraud

European police crack encrypted phones, arrest hundreds (AP NEWS) European police delivered a major blow to organized crime after cracking an encrypted communications network, allowing them to covertly watch "over the shoulder” of...

Operation Venetic: Police bust crime chat network in UK's biggest ever law enforcement operation (Computing) Arrests were also made in other European countries, including France and the Netherlands

How Police Secretly Took Over a Global Phone Network for Organized Crime (Motherboard) Police monitored a hundred million encrypted messages sent through Encrochat, a network used by career criminals to discuss drug deals, murders, and extortion plots.

Hundreds arrested after police crack encrypted chat network (WeLiveSecurity) Law enforcement agencies in Europe recently cracked an instant messaging system used by organized crime before the ensuing police operation led to the arrests of more than 800 people, mostly in the United Kingdom.

How revelations of Russian bounties in Afghanistan could escalate the US-Russia feud (Atlantic Council) How can the United States and its allies respond to these reports? Will the allegations threaten the prospects for an improvement in US-Russian relations?

New York Times: New US memo highlights gaps in intelligence reports on Russian bounties (WICZ) A recent memo from the council helmed by the nation's intelligence chief confirmed accounts that Russia offered bounties to Taliban fighters to kill US troops in...

Dissecting the ODNI Memo on Russian Bounty Operation (Just Security) President Trump's former Director of the National Counterterrorism Center and our editor-in-chief write about the apparent skewing of intelligence to suit the White House narrative.

The shadowy Russian intel unit that allegedly paid Afghan militants to kill US troops is the same one running assassinations in Europe (Business Insider) Unit 29155, part of Russia's military intelligence agency, has been tied to assassination attempts and other nefarious activities across Europe.

US Intelligence Says Leak Of Russian Bounty Story Was ‘A Crime,’ Jeopardized Investigation (Daily Caller) DNI John Ratcliffe released a statement condemning media reports about a Russian unit alleged to have put bounties on the heads of U.S. soldiers.

In Russian Bounties, Former Diplomats See Effort To Mess With US — But Not Much More (Defense One) Moscow’s strategic calculus is much harder to parse.

Instagram star flaunted lavish lifestyle but was actually conspiring to launder hundreds of millions of dollars, US prosecutors say (CNN) A Nigerian man nicknamed "Ray Hushpuppi" who flaunted his Rolls Royces, fancy watches and designer clothing on Instagram faces money laundering conspiracy charges in the United States, according to the Department of Justice.

Premier league club targeted in £100 million BEC scam, accused extradited from Dubai (SC Magazine) Among nearly two million targets in a £380 million BEC scamming operation were a Premier league football team, a US lawyer and an international bank. The alleged scammer was arrested in Dubai.

Nigerian National Brought to U.S. to Face Charges of Conspiring to Launder Hundreds of Millions of Dollars from Cybercrime Schemes (U.S. Attorney’s Office Central District of California) A Dubai resident who flaunted his extravagant lifestyle on social media has arrived in the United States to face criminal charges alleging he conspired to launder hundreds of millions of dollars from business email compromise (BEC) frauds and other scams, including schemes targeting a U.S. law firm, a foreign bank and an English Premier League soccer club.

Senator warns of political pressure on U.S. probe into hackers of green groups (Reuters) A Democratic U.S. senator says he has written to Attorney General William Barr outlining his concerns about potential "political interference" by the Trump administration in an investigation of a private espionage firm that targeted environmental groups in the United States.

Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn (ZDNet) Hacker sentenced to five years probation, with home confinement condition.

Ajay Bhupathi files a cyber crime case against fraudster duping actresses (The Times of India) The RX 100 director took to social media to reveal how a fraudster has been using his name to audition actresses.

NASA Still Struggling With Agency-Wide Cybersecurity Program (GovInfo Security) A recent Inspector General's report finds that NASA still struggles with implementing an agency-wide cybersecurity policy despite spending approximately $2.3

Equifax Investors' Attys Will Earn $29.6M Fee In Stock Suit (Law360) A team of attorneys from Bernstein Litowitz Berger & Grossmann LLP and Bondurant Mixson & Elmore LLP will be taking home a more than $29.6 million counsel fee for representing a proposed class of Equifax investors after securing a $149 million settlement of a suit over the company's vast 2017 data breach, a Georgia federal judge determined.

Insurer Won't Defend Biz That Sold Access To Biometric Data (Law360) Citizens Insurance Co. of America told an Illinois federal judge that it has no duty to defend Wynndalco Enterprises in a class suit accusing Wynndalco of violating biometric privacy by selling access to Clearview AI Inc.'s database to Illinois consumers.

Patients Sue Fla. Orthopedic Provider Over April Data Breach (Law360) Customers have hit Florida Orthopaedic Institute with a proposed class action in state court over an April data breach, claiming the health care provider failed to protect patients' medical records and personal information and also did not investigate or notify them in a timely manner.

VaultAge Solutions CEO goes into hiding to avoid cryptocurrency investors allegedly scammed out of $13 million (ZDNet) Roughly 2,000 investors have been left out of pocket by the alleged misappropriation of funds.

Natanz damaged last week, but causes are unclear. US Cyber Command advises patching F5 BIG-IP bugs. Lazarus skims paycards.

CSO Perspectives: Season 2 Thoughts?