Dateline
Ukraine at D+124: Russian missiles hit a shopping mall. (The CyberWire) An apparently deliberate Russian strike against a Ukrainian civilian target (with no plausible military justification or excuse, and nothing to be said in extenuation or mitigation) attracts widespread condemnation. Killnet claims responsibility for DDoS attacks against Lithuanian networks. A look at the way the Dark Crystal RAT is being used against Ukrainian targets.
Russia-Ukraine war: List of key events, day 125 (Al Jazeera) As the Russia-Ukraine war enters its 125th day, we take a look at the main developments.
DOD Official Says Ukrainians Heroically Defending Lysychansk (U.S. Department of Defense) Although the Russians have made incremental gains in the Donbas, it does not appear that they have encircled the city of Lysychansk, a senior Defense Department official said.
Ukrainian missiles struck 3 gas platforms in the Black Sea that Russia had converted into ‘small garrisons’ (Business Insider) A Ukrainian official admitted to one of the attacks, claiming that the gas platform was being used by Russian troops as a military installation.
Ukraine has the HIMARS and is putting them to use (Task & Purpose) Missile system is “in good hands,” Ukraine says as it shares video of the rockets being fired, set to The X-Files theme song.
Ukraine’s ammunition becomes defining issue in battle for Donbas (the Guardian) Analysis: as Soviet-era shells run low, Ukraine appeals for artillery that can use Nato shells, but deliveries are slow
Ukraine: Dozens dead and injured as UN condemns ‘utterly deplorable’ shopping centre attack (UN News) At least ten people have reportedly been killed by what Ukrainian authorities have said was a Russian missile strike on a crowded shopping centre, and attack which the UN condemned on Monday as “utterly deplorable”.
Missiles strike Ukraine shopping mall; G7 vows to keep pressure on Russia (Reuters) Russian missiles struck a crowded shopping mall in central Ukraine on Monday, President Volodymyr Zelenskiy said, as Moscow fought for control of a key eastern city and Western leaders promised to support Kyiv in the war “as long as it takes”.
‘Many dead’ as Russian missile hits Ukrainian shopping mall with more than 1,000 inside (The Telegraph) Volodymyr Zelensky, the Ukrainian president, says number of victims of attack in Kremenchuk ‘is impossible to imagine’
1,000 civilians inside shopping centre hit by Russian missile (The Telegraph) Ukraine’s president Volodymyr Zelensky has confirmed that over 1,000 people were inside a crowded shopping centre in the central Ukrainian city of Kremenchuk when it was hit by a Russian missile strike.
Kremenchuk mall strike a ‘terrorist attack,’ Zelensky says; NATO leaders to meet (Washington Post) Ukrainian President Volodymyr Zelensky again urged the United States to name Moscow a state sponsor of terrorism — a designation that would trigger significant penalties — after a Russian missile strike on a shopping mall in the central city of Kremenchuk killed at least 18 people.
Ukraine war: Macron refuses to label Russia ‘state sponsor of terrorism’, defying Zelensky’s request
(The Telegraph) Emmanuel Macron has refused to label Russia a "state sponsor of terrorism", defying Volodymyr Zelensky’s call for Russia to be branded as such.
Russian Missiles Hit Ukraine Shopping Mall, Zelensky Says, as G-7 Leaders Pledge More Aid (Wall Street Journal) A plodding yet persistent Russian advance and reports of attacks on Ukrainian civilian targets add to pressure on Western leaders meeting at two summits to discuss how to support Kyiv and punish Moscow.
Ukraine wants U.S. to name Russia a state sponsor of terrorism. What does that mean? (Washington Post) As Russia renews and refocuses its attacks on eastern and southern Ukraine, and as more evidence of apparent Russian atrocities emerges, Kyiv has asked Washington to deploy one of the most potent tools in its arsenal of sanctions: adding Moscow to the State Department’s list of state sponsors of terrorism.
Don’t let war with Russia drag on over winter, Volodymyr Zelensky urges West (The Telegraph) Ukrainian president tells G7 summit that cold months could play to Vladimir Putin’s advantage unless countries push for victory
Zelensky Asks for Western Help to Push Russia Out of Ukraine Before Winter (Wall Street Journal) The Ukrainian president’s appeal to the G-7 comes as the U.S. says it will supply more military aid and deploy further sanctions against Moscow.
British Army chief: Ukraine is our ‘1937 moment’ (The Telegraph) General Sir Patrick Sanders says UK must be ready for war with Russia as Nato announces massive troop expansion
NATO to boost reaction force, Ukraine support (Military Times) NATO’s secretary general says the alliance wants to increase the number of its rapid reaction forces from the current 40,000 to over 300,000.
Pentagon Sourcing Air Defense Options For Ukraine (Defense One) Biden told Zelenskyy the systems—badly needed to defend against cruise missiles—will be part of a future security package.
Vladimir Putin told Emmanuel Macron he would rather ‘play ice hockey’ than hold peace talks (The Telegraph) Russian leader made the dismissive comments during a tense phone call with the French president just four days before invasion of Ukraine
Ukraine LIVE: Putin rocked as intercepted Russian comms show ‘military elite’ wiped out (Express.co.uk) UKRAINE has almost completely destroyed “elite” of Russian forces, it has been claimed.
Odesa rejects Russia: Putin’s Ukraine War turns old allies into bitter enemies (Atlantic Council) Putin has long claimed to be the champion of pro-Russian Ukrainians. However, the Ukrainian regions most closely associated with pro-Kremlin sentiment have also been hardest hit by the current invasion.
Russia to provide nuclear-capable missiles and fighter jets to Belarus (Defense News) The latest development comes as the two countries are tightening their military cooperation in the aftermath of the Russian invasion of Ukraine.
Belarus caught up in Putin’s plotting on Ukrainian and Lithuanian fronts (Atlantic Council) As Russian rhetoric toward Lithuania heats up, Belarusians once more find themselves caught up in the Kremlin’s aggressive foreign policy thanks to Belarus dictator Lukashenka’s dependence on Moscow.
Kennan Cable No. 78: War and Sovereignty: Lessons from Putin’s War for the South Caucasus (Wilson Center) Russia has presented its war on Ukraine as a peace enforcement mission dedicated to protecting Russian and Russian-speaking minorities from genocide in Ukraine. Its claims lack credibility, but they are nonetheless important for evaluating security risks to other post-Soviet republics, particularly the three South Caucasus republics.
Fears grow that Russia could soon turn against Kazakhstan (The Telegraph) Kremlin accuses its staunch ally of ignoring ‘Russophobic activity’ and helping to fuel anti-Russian sentiment
Ukraine Targeted by Dark Crystal RAT (DCRat) | FortiGuard Labs (Fortinet Blog) FortiGuard Labs discovered an attack campaign using malicious Excel macros. Read more to find out how it works and evasive tactics used to ultimately install Dark Crystal RAT onto a victim’s machin…
Russia’s Killnet hacker group says it attacked Lithuania (Reuters) Russian hacker group Killnet claimed responsibility on Monday for a DDOS cyber attack on Lithuania, saying it was in response to Vilnius’s decision to block the transit of goods sanctioned by the European Union to the Russian exclave of Kaliningrad.
Russia-linked Killnet claims responsibility for Lithuania cyberattack (Tech Monitor) Killnet has claimed responsibility for the Lithuania cyberattack that has crippled government departments today.
Lithuania Says Hit by Cyberattack, Russia ‘Probably’ to Blame (SecurityWeek) Lithuania said it had been hit by an “intense” cyberattack, probably Russian, days after Moscow protested restrictions Vilnius imposed on the rail transit of certain goods to Kaliningrad.
Pro-Russia hackers claim responsibility for ‘intense, ongoing’ cyberattack against Lithuanian websites (CNN) An “intense, ongoing” cyberattack has hit the websites of government agencies and private firms in Lithuania, the Baltic country’s defense ministry said Monday.
Lithuania targeted by massive Russian cyberattack over transit blockade (Newsweek) Lithuania’s defense ministry said similar cyberattacks are likely to continue after Moscow warned of “serious consequences” related to the transit blockade.
Killnet, Kaliningrad, and Lithuania’s Transport Standoff With Russia (Flashpoint) Russian cyber collective Killnet has taken responsibility for June 27 DDoS attacks on the Lithuanian government and private institutions; Lithuania holds its ground on rail closure.
Russian group claims hack of Lithuanian sites in retaliation for transit ban (Reuters) Lithuanian state and private websites were targeted on Monday by Russian hackers who claimed the attack was retaliation for Vilnius’s decision to cease the transit of some goods under European Union sanctions to Russia’s Kaliningrad exclave.
Authorities and businesses hit with Russian hackers’ cyber-attack (DELFI) An ongoing cyber-attack by a Russia-affiliated hacker group on Monday disrupted the operations of some public authorities and businesses.
Russian hacking group takes credit for wide-ranging cyberattack on Lithuania (The Record by Recorded Future) Russian hacking group Killnet took credit for a large cyberattack on several government institutions in Lithuania on Monday.
We Are Now in a Global Cold War (Foreign Policy) With NATO expanding its focus to China, new battle lines are being drawn.
Europe’s ‘rewiring’ is crucial in the face of grinding inflation and Putin’s war (Atlantic Council) The lessons from two devastating World Wars and a Cold War are that staying unified is a prerequisite for victory and that appeasing despots is always self-defeating.
Biden’s Endgame Shouldn’t Be Victory for Ukraine (Foreign Policy) There is no realistic scenario for Ukraine to win. Washington should push for a settlement.
The Other Big Lessons That the U.S. Army Should Learn from Ukraine (War on the Rocks) The war in Ukraine is the first major land war between two modern militaries equipped with advanced conventional weapons in decades. Its emerging lessons
Billionaires Can Arm Ukraine (Foreign Policy) The ultra-rich should dip into their deep pockets—for their own sake.
From Pushkin to Putin: Russian Literature’s Imperial Ideology (Foreign Policy) Russian classical literature, chock full of dehumanizing nationalism, reads disturbingly familiar today.
Can price caps on Russian oil tame the Kremlin? Our experts debate. (Atlantic Council) Atlantic Council experts weigh in on whether a G7-driven price cap on Russian oil will have the intended effect.
The G-7 Goes for Russia’s Gold—and Oil Profits (Foreign Policy) The group of wealthy nations announced a rebranded infrastructure initiative amid more plans to stifle Russia’s economy.
What Russia’s debt default means for the world (The Telegraph) French and US lenders have the most to lose as default leaves Vladimir Putin humiliated
Tracking where Russia is taking Ukraine’s stolen grain (BBC News) Russia is accused of thefts of vast quantities of grain from occupied Ukraine. Where is it being taken?
Attacks, Threats, and Vulnerabilities
Venezuela tapped 1.5 million phone lines. It’s just the start, experts warn. (Washington Post) Long-held suspicions of wiretapping by the Venezuelan government were substantiated last week in a report published by Telefónica, the Spanish parent company of Movistar, one of three major mobile telephone providers in Venezuela. According to the report, more than a million Venezuelan users have been surveilled in the past year.
Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem (Broadcom Software Blogs) New malware has links with multiple threat actors, including several high-profile ransomware operations.
Microsoft Exchange bug abused to hack building automation systems (BleepingComputer) A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks.
Attacking With WebView2 Applications (mr.d0x) Exploring WebView2 applications and how they can be used for credential and cookie theft.
Cybereason warns global organisations against ransomware attacks from gang (Intelligent CIO) Cybereason, the XDR company, has issued a global threat alert advisory warning global organisations about a rise in ransomware attacks from the Black Basta gang.
Cybereason vs. Black Basta Ransomware (Cybereason) The Black Basta ransomware is a new strain of ransomware discovered in April of 2022. Although active for just two months, the group already rose to prominence claiming attribution of nearly 50 victims as of the publication of this report.
Cyberattack Forces Iran Steel Company to Halt Production (SecurityWeek) Iran’s state-owned Khuzestan Steel Company was forced to halt production after being hit by a cyberattack, apparently marking one of the biggest such assaults on the country’s industrial sector
Cyberattack forces Iran steel company to halt production (AP NEWS) One of Iran’s major steel companies said Monday it was forced to halt production after being hit by a cyberattack that also targeted two other plants, apparently marking one of the biggest such assaults on the country’s strategic industrial sector in recent memory.
Iranian steel facilities suffer apparent cyberattacks (CyberScoop) The group behind the attacks have previously claimed attacks on Iranian targets, experts said.
Iran’s steel industry halted by cyberattack (Jerusalem Post) Predatory Sparrow, a hacktivist group that is little known, took credit for the hacking that halted Iran’s steel industry.
Akamai’s Observations of Confluence Zero Day (CVE-2022-26134) (Akamai) Akamai researchers have been monitoring the effects of the Atlassian Confluence vulnerability outlined in CVE-2022-26134 since it was made public on June 2, 2022.
LockBit 3.0 introduces the first ransomware bug bounty program (BleepingComputer) The LockBit ransomware operation has released ‘LockBit 3.0,’ introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks (IT PRO) Researchers have urged vigilance over compressed attachments sent under false pretenses
Threat Spotlight: Malicious HTML attachments (Journey Notes) Barracuda research shows that, compared to other types of attachments, HTML attachments are used the most for malicious purposes.
Interactive Phishing Mark II: Messenger Chatbot Leveraged in a New Facebook-Themed Spam (Trustwave) Facebook Messenger is one of the most popular messaging platform in the world, amassing 988 million monthly active users as of January 2022 according to Statista.
What Are Shadow IDs, and How Are They Crucial in 2022? (The Hacker News) What Are Shadow IDs, and How Are They Crucial in 2022?
Japanese worker loses city’s personal data in USB fail (Register) Also, Chrome add-ons are great for fingerprinting, and hacked hot tubs splurge details
Drunk worker loses USB stick containing details of every resident of his city (Hot for Security) It’s all too easy to imagine.
Alabama hospital’s ED logs found at residential apartment (Becker’s Hospital Review) Birmingham, Ala.-based Grandview Medical Center notified patients that the hospital’s emergency department activity logs were taken in an April data breach, which may have exposed their protected health information.
Healthcare data breach roundup: Atrium, Kaiser, UNC and more (Healthcare IT News) Meanwhile, HHS publishes guidance on “strengthening cyber posture” but healthcare organizations are asking for more government help managing their security challenges.
Malware Breach Affects 1.2 Million Medical Center Patients (Gov Info Security) A malware incident involving exfiltration of data has affected more than 1.24 million patients of Texas-based Baptist Medical Center and Resolute Health Hospital.
Vice Society claims ransomware attack on Med. University of Innsbruck (BleepingComputer) The Vice Society ransomware gang has claimed responsibility for last week’s cyberattack against the Medical University of Innsbruck, which caused severe IT service disruption and the alleged theft of data.
Retail Chain Leaks 800k Records Including Customer and Credit Data (Website Planet) Security Researcher Jeremiah Fowler together with the WebsitePlanet research team recently discovered a non-password protected database that contained
Hackers target pro-lifers, claim to hit states with anti-abortion laws (The Washington Times) A hacking group is targeting pro-life supporters and states with anti-abortion laws in the aftermath of the Supreme Court’s decision to overturn the landmark ruling that recognized the constitutional right to abortion.
Period tracker Stardust’s privacy claims aren’t airtight (TechCrunch) The current version of the app shares a user’s phone number with an analytics firm.
FTC warns of LGBTQ+ extortion scams – be aware before you share! (Naked Security) It’s a simple jingle and it’s solid advice: “If in doubt, don’t give it out!”
Spammers advertise dating platforms to meet Ukrainian women amid crisis (Hot for Security) Scam artists have been highly opportunistic in exploiting global events, such as
the COVID-19 pandemic and, most recently, the war in Ukraine.
5 ways cybercriminals steal credit card details (WeLiveSecurity) Here are some of the most common ways hackers can get hold of other people’s credit card data – and how you can keep yours safe.
Kaspersky reveals phishing emails that employees find most confusing (PCR) According to estimates, 91% of all cyberattacks begin with a phishing email, and phishing techniques
Kaspersky finds most effective phishing emails imitate corporate messages, delivery notifications (IT PRO) Almost one in five employees clicked links in business related emails, but most emails containing threats or promising money were identified as phishing
CISA Adds Eight Known Exploited Vulnerabilities to Catalog (CISA) CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.
CISA Alerts Healthcare Sector to OFFIS DCMTK Cybersecurity Vulnerabilities (Health IT Security) Healthcare organizations using OFFIS DCMTK software should deploy updates immediately in light of recently discovered cybersecurity vulnerabilities.
Vulnerability Summary for the Week of June 20, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Trends
New Ivanti Research Finds that 49% of Employees are Frustrated by Work Provided Tech and 26% are Considering Leaving their Job Because of it (Ivanti) The research uncovered 64% of employees believe their experience with technology impacts their morale, but only 20% of the C-Suite put budget toward improving the digital employee experience, and only 21% of IT leaders prioritize end user experience when selecting a tool
84% of Consumers Have Used Peer-to-Peer Services (LendingTree) Peer-to-peer (P2P) service apps like PayPal and Venmo offer simple ways to make payments, but some users are losing money through mistakes and scams.
WatchGuard Threat Lab Reports Ransomware Volume Already Doubled 2021 Total by End of Q1 2022 (GlobeNewswire News Room) New research also shows Log4Shell detections tripled, PowerShell scripts heavily influencing a surge in endpoint attacks, the Emotet botnet coming back in…
Marketplace
Melbourne’s Advent One acquires Fast50 company Layer 8 Networks (CRN Australia) Aims to complement hybrid cloud offering.
Normalyze Announces $22.2M in Series A Funding to Solve the Biggest Issue in Modern Cloud Security: Data (Normalyze) Security Industry Veterans from Netskope, Qualys, and Symantec Team Up With Backing from Battery Ventures and Lightspeed Venture Partners
Seven Months After Acquisition by Schwarz Group, XM Cyber Acquires Cyber Observer (PR Newswire) XM Cyber, leader in hybrid cloud security, announced today the acquisition of Cyber Observer, an innovator in Continuous Controls Monitoring…
Synopsys completes WhiteHat Security acquisition (New Electronics) Synopsys has completed the acquisition of WhiteHat Security, a provider of application security Software-as-a-Service (SaaS).
Israel’s Spyware Sector Will Survive the NSO Pegasus Scandal (World Politics Review) The controversy over the international trade in digital surveillance tools peaked last year, when several Israeli firms were accused of selling sophisticated spyware to authoritarian states. But given its importance for Israel’s economy and security, the cybersecurity sector will continue to enjoy strong government backing.
AU10TIX PROTECTS BUSINESSES AGAINST $2 BILLION IN FRAUD SINCE START OF 2022 (PR Newswire) AU10TIX, a leading global provider of fully automated identity verification technology powered by cutting-edge machine learning and artificial…
SecureAuth Expands Leadership Bench to Support Growth with Appointments of Dennis Dowd VP of Worldwide Sales and Karan Dua as CFO (Business Wire) Today, SecureAuth, a leader in access management and authentication, announces the appointment of Dennis Dowd as Vice President of Worldwide Sales whe
Products, Services, and Solutions
Radiant Logic Selected to Deliver Essential Identity Data Foundation for ICAM Reference Design (Business Wire) RadiantOne will deliver the identity data foundation to create the DISA’s Master User Record (MUR) project.
Sandia Labs offers free online cybersecurity boot camp (Albuquerque Journal) Businesses, groups can get help to beef up their online protections
Cerby Launches With World’s First Security Platform for Unmanageable Applications (Business Wire) Cerby launches, bringing Zero Trust principles to shadow IT so employees can securely use the applications that make them most productive.
ZScaler embraces cloud security posture management (SC Magazine) ZSclaer’s new Posture Control aims to give companies CNAPP functionality for cloud workloads.
Dynatrace Extends Automatic Release Validation Capabilities to Improve Software Quality and Resiliency (Business Wire) Software intelligence company Dynatrace (NYSE: DT) announced today it has extended the Dynatrace® platform’s release validation capabilities to automa
BenQ Releases Most Secure Wireless Presentation System to Date
(BenQ America Corp.) The number-one-selling global projector brand powered by TI DLP technology, according to Futuresource, the BenQ digital lifestyle brand stands for ‘Bringing Enjoyment and Quality to Life,’ fusing ease of use with productivity and aesthetics with purpose-built engineering. BenQ is a world-leading human technology and professional solutions provider serving the enterprise, education and entertainment markets.
Crytica Security, Inc. Reduces APT, Zero-Day, and Malware Dwell Time to Less Than 180 Seconds (PR Newswire) Crytica Security, Inc., a stealthy cybersecurity start-up launched by industry veterans from Bell Labs, Apple, and HP today introduced the…
Organizations Can Now Accelerate Journey to the Cloud with Amazon FSx for NetApp ONTAP and Datadobi’s StorageMAP (Datadobi) StorageMAP enables customers to conduct unstructured data management projects to analyze & relocate data from any NAS system to Amazon FSx for NetApp ONTAP
INTELITY and Incode Technologies Announce Strategic Partnership (Business Wire) INTELITY®, provider of hospitality’s leading guest experience and staff management platform, today announced at HITEC Orlando 2022 the strategic partn
Colt Technology Services brings together SD WAN and SSE features in new integrated full SASE solution (TelecomTV) Enterprise security solution underpinned by Versa SASE.
Technologies, Techniques, and Standards
NIST Releases New macOS Security Guidance for Organizations (SecurityWeek) NIST has published the final version of its guidance on securing macOS endpoints and assessing their security.
Election Security Library (CISA) CISA’s Election Security Resource Library provides State and local governments, election officials, campaigns, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks and systems from cyber and physical risks.
Design and Innovation
Artificially intelligent robot perpetuates racist and sexist prejudice (New Scientist) Virtual robot run by artificial intelligence acts in a way that conforms to toxic stereotypes when asked to pick faces that belong to criminals or homemakers
Research and Development
Team of researchers at Virginia Tech, BAE Systems receive $14 million contract to help secure information (Augusta Free Press) A collaborative project between BAE Systems and a team of researchers at Virginia Tech have been awarded a $14 million contract from the Intelligence Advance Research Projects Activity to help secure communications due to an increase in vulnerability and threats. ‘
Legislation, Policy, and Regulation
Venezuela Is Becoming a Chinese and Russian Cyber Hub on America’s Doorstep (The National Interest) In an effort to expand its grip on power, the Maduro regime has allowed Venezuela to become a laboratory for digital surveillance and authoritarian social control
CERT-In’s new cybersecurity directive is a misadventure (Hindustan Times) Its plan to hoover up troves of sensitive data, without a privacy law, is quixotic. The directive should be rescinded or face a challenge in court.
Key State Official Warns of ‘Peril’ as US Pursues Cybersecurity Goals at G7 (Nextgov.com) The State Department would oversee $200 billion in aid and financing the administration wants to invest in developing countries, under a new agreement from world leaders that promises a prioritization of cybersecurity.
State Department cyber strategy emphasizes proactively hunting for threats (CyberScoop) The State Department Bureau of Intelligence and Research released a cybersecurity strategy to create a more proactive culture when it comes to finding and fixing vulnerabilities.
Lawmakers want DoD to parse cyber roles, explore partnerships with CISA and colleges (SC Magazine) A House committee wants Pentagon leadership to report how the Defense Department delineates roles and responsibilities within cyberspace among its different component agencies.
Cyber Command urges private sector to share intelligence, aid defensive digital operations (CyberScoop) U.S. Cyber Command wants more tech companies and others on the front lines of the global fight to secure the internet to share more cybersecurity intelligence.
House Passes ICS Cybersecurity Training Bill (SecurityWeek) The House of Representatives has passed the Industrial Control Systems Cybersecurity Training Act.
GAO: HHS Needs Improved Data Breach Reporting (Nextgov.com) Data breaches have increased each year since 2015.
HHS Prodded to Seek Breach Reporting Feedback as Incidents Spike (Bloomberg Law) The Department of Health and Human Services agreed to solicit feedback on its data breach reporting system after a federal government watchdog suggested it seek input on obstacles the health care industry faces.
CMMC early adopter program to further spur vendor cyber actions (Federal News Network) The Defense Department’s Defense Contract Management Agency is staffing up to prepare for assessments under the Cybersecurity Maturity Model Certification (CMMC) program in 2023 and beyond.
Gen. Bradley Pyburn Named Chief of Staff at USCYBERCOM (MeriTalk) Brig. Gen. Bradley L. Pyburn took over as new Chief of Staff at U.S. Cyber Command on June 9.
New York governor appoints state’s first ‘chief cyber officer’ (StateScoop) New York Gov. Kathy Hochul named Colin Ahern, a former New York City cybersecurity official, as the state’s first chief cyber officer.
Litigation, Investigation, and Law Enforcement
EXCLUSIVE: Meta Failed To Protect Instagram’s Child Models From Pedophiles (Forbes) A photographer accused of selling photos to pedophiles is allowed to use Instagram for months after he’s arrested. Forbes alerts Meta to more than a dozen accounts with over half a million followers sexualizing child and teenage models. Now the tech giant is coming under heavy fire for its policing of predators.
US, Brazil seize 272 websites used to illegally download music (BleepingComputer) The domains of six websites that streamed and provided illegal downloads of copyrighted music were seized by U.S. Homeland Security Investigations (HSI) and the Department of Justice.
Swiss intel service: Watch out for redeployed Russian spies (AP NEWS) The Swiss intelligence service says authorities should do whatever they can to prevent Russian spies who have been expelled from Western countries after President Vladimir Putin’s invasion of Ukraine turning up in countries like Switzerland.
Australia offers Cellebrite Machines through PNG-Australian Policing Partnership (One Papua New Guinea) The Australian Federal Police Commander Jamie Strauss signed over two Cellebrite machines to the Royal PNG Police Commissioner David Manning last week, as part of the PNG-Australia Policing Partnership (PNGAPP).
Credit Suisse Found Guilty in Money-Laundering Case Tied to Cocaine Ring (Wall Street Journal) Credit Suisse and a former employee were found guilty in a Swiss federal criminal court of helping a Bulgarian crime ring launder money related to cocaine trafficking.
