FBI and MI-5 warn of Chinese industrial espionage.

Dateline Beijing, Moscow, Kyiv, Ankara, Warsaw, Berlin, Paris, London, and Washington: Russia’s hybrid war, and NATO’s response.

Ukraine at D+133: Privateering during an “operational pause.” (The CyberWire) There’s apparently an “operational pause” for reconstitution in Russia’s Donbas offensive, but Russian privateering and influence operations pick up their pace.

Russia-Ukraine war: List of key events, day 134 (Al Jazeera) As the Russia-Ukraine war enters its 134th day, we take a look at the main developments.

Russia-Ukraine war: Russia fails to take territory for first time since war began (The Telegraph) Russia has not made any territorial gains in Ukraine for the first time in 133 days, according to its own assessments, hinting at an “operational pause” for its battle-stricken forces to recuperate.

Russia-Ukraine war: Snake Island and Odesa hit by rockets; row over ‘stolen’ Ukrainian grain grows – live (the Guardian) Local official says Russian rockets hit strategic island and city; Turkish ambassador summoned by Ukraine after Russian ship with grain released

Russia’s offensive gains pace in Donetsk; focus shifts to Slovyansk (Washington Post) After sweeping through Luhansk, Russian forces are now gaining ground in the neighboring Donetsk region. Both are part of the prized industrial Donbas heartland of eastern Ukraine that Moscow is seeking to control. Donetsk’s regional governor is urging the area’s 350,000 residents to evacuate as Russia intensifies its bombardment campaign, telling reporters Tuesday: “The destiny of the whole country will be decided by the Donetsk region.”

Slovyansk’s ‘remainers’ prepare for last stand against Russian invaders (The Telegraph) With the city poised to be flattened by Kremlin firepower, the citizens who haven’t fled either have nothing left to lose or a lot to fear

Russia confirms 6 Belarusian soldiers fighting for Ukraine captured or killed in Luhansk (Fox News) Roughly six Belarusian soldiers who volunteered to fight in Ukraine against Russia’s invasion were confirmed on Wednesday to have been captured or killed.

Norwegian air chief: Russia isn’t ’10 feet tall,’ but don’t discount it (Breaking Defense) “I think we shouldn’t underestimate [Russia’s] level of capability, because I don’t think we have seen it,” Maj. Gen. Rolf Folland, chief of the Royal Norwegian Air Force, told Breaking Defense.

Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine (Security Intelligence) IBM Security X-Force uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been attacking Ukraine since the Russian invasion. Explore an in-depth analysis on six of ITG23’s campaigns.

Trickbot may be carrying water for Russia (Washington Post) A top ransomware distributor has targeted Ukraine six times since Russia’s invasion.

Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs (SentinelOne) Chinese-linked phishing campaign seeks to compromise Russian targets with custom malware designed for espionage.

Chinese hackers targeting Russian government, telecoms: report (The Record by Recorded Future) Chinese hacking groups are targeting the Russian government and organizations in the telecommunications industry, according to a new report.

Russia Info Ops Home In on Perceived Weak Links (VOA) New report by cybersecurity firm Recorded Future says the Kremlin’s disinformation efforts have focused on France, Germany, Poland and Turkey

Russia rages over French leak of Vladimir Putin’s ‘ice hockey’ phone call (The Telegraph) Emmanuel Macron’s government criticised for taping conversation in which Russian president rebuffed last-ditch call for peace talks

NFT scammers see an opportunity in Ukraine donations (The Record by Recorded Future) The Ukrainian government and celebrities have been promoting non-fungible tokens (NFTs) and cryptocurrencies to raise funds for the country’s military during its ongoing war with Russia.

Why Ukraine loves Boris (Atlantic Council) British Prime Minister Boris Johnson’s domestic approval rating has hit rock bottom but he is the most popular foreign politician in Ukraine thanks to his support for the country in its fight against Vladimir Putin’s invasion.

Don’t make decisions without me, frustrated Volodymyr Zelensky orders general (The Telegraph) Ukrainian president rebukes military commander over draconian travel restrictions that would have kept army recruits from visiting families

Ukraine’s military plans to limit free movement to make conscription easier (the Guardian) Unclear if Zelenskiy backs permit system to keep men eligible to fight in the region they are registered in

Latvia to reinstate compulsory military service amid Russia’s war on Ukraine (POLITICO) 15 years after abolishing the measure, Riga plans to make all men aged 18-27 complete 11 months of training.

Putin’s poisonous anti-Western ideology relies heavily on projection (Atlantic Council) Vladimir Putin’s poisonous anti-Western ideology is rooted in projection of his own authoritarian instincts and outdated assumptions about the adversarial nature of relations between Russia and the democratic world.

The Great Global Rearmament (Foreign Affairs) Ukraine and the dangerous rise in military spending.

Winning friends and influencing Russians: Three audiences the US should target (Atlantic Council) The Biden administration needs an offensive strategy that prioritizes transparency and truth to defeat Russian aggression.

The U.S. Is Expanding Its Goals in Ukraine, and That’s a Very Good Thing (The National Interest) If we want a lasting and durable peace in Europe, with Russia contained, the West should arm Ukraine to the teeth.

Special dispatch from Madrid: At NATO’s historic summit, good scores points on evil, but it’s not enough to stop Putin’s Ukraine war (Atlantic Council) Despite the successes of the NATO summit, Russia’s missile strike on a Ukrainian shopping mall put the brutality of Putin’s war into stark relief.

Ukraine tensions run high as Lavrov flies into Bali for G20 foreign ministers summit (the Guardian) Meeting in Indonesia will be the first with the Russian envoy since the Kremlin invaded its neighbour, triggering global food and energy crises

How to Equip Ukraine to Break the Black Sea Blockade (Foreign Policy) Russia’s grain blockade is a global catastrophe. It can be broken without NATO intervention.

Ukraine defies Russia and launches electricity exports to EU neighbors (Atlantic Council) Ukraine’s remarkable wartime synchronization with the electricity grid of continental Europe moved up a gear at the end of June with the landmark launch of commercial electricity exports to neighboring Romania.

Zelenskiy calls on trader Vitol to stop shipping Russian ‘blood oil’ (the Guardian) Kyiv asks largest independent oil trader to state when it will ship last barrel and how much it will ship until that date

Attacks, Threats, and Vulnerabilities

Heads of FBI, MI5 Issue Joint Warning on Chinese Spying (Wall Street Journal) “The Chinese government is set on stealing your technology,” the agency chiefs tell business leaders.

FBI and MI5 leaders give unprecedented joint warning on Chinese spying (the Guardian) Christopher Wray joins Ken McCallum in London, calling Beijing the ‘biggest long-term threat to economic security’

FBI and MI5 bosses: China cheats and steals at massive scale (Register) Other US spooks chime in with similar warnings

FBI director suggests China bracing for sanctions if it invades Taiwan (Washington Post) In a rare speech alongside London counterpart, Director Christopher Wray amps up warnings about Chinese hacking and influence operations

Near-undetectable malware linked to Russia’s Cozy Bear (Register) The fun folk who attacked Solar Winds using a poisoned CV and tools from the murky world of commercial hackware

Russia’s Cozy Bear linked to nearly undetectable malware (Computing) The distribution mechanism is similar to previous attacks by the Russian group.

When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors (Unit 42) Pentest and adversary emulation tool Brute Ratel C4 is effective at defeating modern detection capabilities – and malicious actors have begun to adopt it.

China Escalates Efforts to Influence U.S. State and Local Leaders, Officials Warn (Wall Street Journal) American counterintelligence officials are sounding the alarm about Chinese influence operations as tensions between Beijing and Washington rise.

Protecting Government and Business Leaders at the U.S. State and Local Level from People’s Republic of China (PRC) Influence Operations. (National Counterintelligence and Security Center) For decades, a broad range of entities in China have forged ties with government and business leaders at the state and local levels of the United States, often yielding benefits for both sides. However, as tensions between Beijing and Washington have grown, the government of the People’s Republic of China (PRC) under President Xi Jinping has increasingly sought to exploit these China-U.S. subnational relationships to influence U.S. policies and advance PRC geopolitical interests.

North Korean ransomware dubbed Maui active since May 2021 (Register) CISA, FBI, US Treasury warn Kim Jong-un’s latest malware has hit healthcare orgs

China Police Database Was Left Open Online for Over a Year, Enabling Leak (Wall Street Journal) Cybersecurity experts say the error enabled the theft of records of nearly 1 billion people, including senior officials, leading to a $200,000 ransom note.

Shanghai data leak: China tested by possible largest hack in history (The Christian Science Monitor) “ChinaDan,” a Chinese hacker, claims to possess the phone numbers, names, and ages of 1 billion Chinese citizens. Although the scale of the leak seems huge, experts say many online advertising companies already get the same type of data when browsing online.

Researchers Flag ‘Significant Escalation’ in Software Supply Chain Attacks (SecurityWeek) Researchers at ReversingLabs and Checkmarx release separate warnings about software supply chain attacks targeting the open source NPM ecosystem.

Evasive Rust-Coded Hive Ransomware Variant Emerges (SecurityWeek) Researchers nab a new, highly evasive variant of the Hive ransomware written in Rust and supporting command-line parameters.

OrBit, a new sophisticated Linux malware still undetected (Security Affairs) Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer have uncovered a new Linux malware, tracked as OrBit, that is still undetected. The malware can be installed as a volatile implant either by achieving persistence on the compromised systems. The malware implements advanced evasion […]

Cyberattack knocks out California community college email, website, landlines (The Record by Recorded Future) A 12,500-student community college in California is suffering from a cyberattack that brought down the school’s online services and campus phone lines. 

Marriott Hotels suffers third data breach in 4 years (Register) Digital thieves made off with 20GB of internal documents and customer data

Marriott hit by new data breach and a failed extortion attempt (BleepingComputer) Hotel giant Marriott International confirmed this week that it was hit by another data breach after an unknown threat actor managed to breach one of its properties and steal 20 GB worth of files.

Marriott says hackers attempted to extort company with Baltimore hotel data theft (The Record by Recorded Future) Marriott confirmed reports that hackers tried to extort the company after 20 GB of employee and customer data was stolen from BWI Airport Marriott in Baltimore.

American Marriage Ministries acknowledges data exposure after earlier incident reported to FBI (The Record by Recorded Future) Wedding officiant training company American Marriage Ministries (AMM) said it is dealing with another data security issue after reporting a breach of sensitive data to the FBI earlier this year. 

Mass. FD warns of data breach that may include EMS patients (EMS1) The number of people affected is unknown, but Comstar Ambulance Billing said that suspicious activity was detected in March

Cybersecurity expert weighs in on Cedar Rapids schools’ cybersecurity breach (Cedar Rapids Gazette) Summer programs closed for the remainder of the week as district officials work with experts to find a solution

Macmillan Says Retailers Can Again Order Its Books After Recent Cyberattack (Wall Street Journal) The company said it is working its way through a backlog of orders and that it doesn’t anticipate it will have to change the publication date of any of its coming books.

SHI hit by ‘professional malware attack’ (CRN) Reseller insists there is currently no evidence to suggest its customers were impacted

Crema hacker returns $8M, keeps $1.6M in deal with protocol (Cointelegraph) Solana-based liquidity protocol Crema Finance recovered $8 million of the $9.6 million it lost from a security exploit on July 2, granting the rest as a bounty to the exploiter.

Security Patches, Mitigations, and Software Updates

OpenSSL Releases Security Update (CISA) OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system.  CISA encourages users and administrators to review the OpenSSL advisory and upgrade to the appropriate version. 

OpenSSL fixes two “one-liner” crypto bugs – what you need to know (Naked Security) “As bad as Heartbleed”? We heard that concern a week ago, but we think it’s less ungood than that…

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE (Security Affairs) The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue, tracked as CVE-2022-2274, affecting the popular library. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines and triggers […]

Cisco and Fortinet Release Security Patches for Multiple Products (The Hacker News) Fortinet and Cisco released patches to address security vulnerabilities across multiple products.

Owl Labs Update (Owl Labs) Today, June 23, 2022, Owl Labs released the latest software update 5.4.2.3 in reference to recent security issues that were identified.

Study Reveals That Mid-Sized Organizations Need to Prioritize Cybersec (PRWeb) Egnyte, a leader in cloud content security and governance, today released its Cybersecurity Trends for Mid-Sized Organizations Report, a mid-year updat

Cyberattacks against law enforcement are on the rise (Help Net Security) Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity

Marketplace

Vector Capital becomes the majority shareholder of WatchGuard Technologies (Help Net Security) WatchGuard Technologies announced that Vector Capital closed the deal to acquire interests previously owned by other co-investors.

WatchGuard’s new owner vows to ‘double down’ on MSPs (CRN) It was announced in April that Vector Capital had entered into a definitive agreement to acquire the interests of other shareholders, including Francisco Partners

Security Automation Firm Swimlane Closes $70 Million Funding Round (SecurityWeek) Swimlane banks $70 million in a growth funding round led by Activate Capital, bringing the total raised to $170 million.

BlueVoyant UK Marks One Year of Impressive Momentum, Targeting Aggressive Growth with Senior Cyber Security Appointments (PR Newswire) BlueVoyant UK, an industry-leading cyber defence platform company converging internal and external security, today announced significant UK…

DIA posts network-centric warfare training sources sought (Intelligence Community News) On July 6, the Defense Intelligence Agency posted a sources sought notice for Network Centric Warfare training. Responses are due by 1:00 p.m. Eastern on July 20.

DoD Launches ‘Hack US’ Bounties for Major Flaws in Publicly Exposed Assets (SecurityWeek) The U.S. Department of Defense launches a limited bug bounty program to reward high- and critical-severity vulnerabilities in its publicly accessible information systems.

Products, Services, and Solutions

What is ZuoRAT? | Allot’s Network Security & IoT Blog for CSPs & Enterprises (ALLOT) Meet ZuoRAT, a remote access trojan that attacks via SOHO routers. Find out how it works, and what service providers and businesses can protect themselves.

Red Canary and Palo Alto Networks expand collaboration to provide detection and response across security landscape (PR Newswire) Red Canary, the Managed Detection and Response (MDR) trailblazer, has expanded its collaboration with industry leader Palo Alto Networks to…

Talon Cyber Security Introduces First Secure Enterprise Browser for Mobile Devices to Bring Full Visibility and Security to All Endpoints Across Enterprise Environments (Talon Cyber Security) Talon Delivers Enterprise-Grade Security through Mobile Browser to Close Significant Gap in Endpoint Security Programs  Tel Aviv, Israel – July 7, 2022 – Talon Cyber Security, the leading secure enterprise browser provider, today introduced TalonWork Mobile, a version of its TalonWork browser made specifically for mobile endpoints. With TalonWork Mobile, customers can extend secure access and…

CISA and NPower offer free entry-level cybersecurity training (Help Net Security) NPower is looking for recruits for a free cybersecurity training program aimed at underserved populations in the US.

Technologies, Techniques, and Standards

Implementing a Zero Trust Architecture
(NIST NCCOE) The proliferation of cloud computing, mobile device use, and the Internet of Things has dissolved conventional network boundaries. The workforce is more distributed, with remote workers who need access to resources anytime, anywhere, and on any device, to support the mission. Organizations must evolve to provide secure access to company resources from any location and asset, protect interactions with business partners, and shield client-server as well as inter-server communications.

How to Avoid the Worst Instagram Scams (Wired) Fake sellers. Competitions. Crypto cons. There are plenty of grifts on the platform, but you don’t have to get sucked in.

Credential Stuffing Examples and Keys to Detection (ThreatX) As part of our ongoing blog series on the modern threat landscape, we are taking a look at some of the many threats and risks that are often missed by legacy WAFs and security tools. Unlike traditional injection and XSS attacks, this newer breed of attacks excels at evading traditional signatures and regex rules, allowing […]

How to Secure PowerShell and Use it for Cybersecurity Defense (My TechDecisions) Cybersecurity agencies say organizations should take several steps to secure PowerShell and keep it from being used in cyberattacks.

Cyber Yankee exercise hones New England Guard skills to fight digital threats (C4ISRNet) “Whether it’s a state or a federal effort, the importance of being prepared to respond to a cyber incident is paramount.”

Lessons Learned While Pentesting GraphQL (Black Hills Information Security) Sean Verity // GraphQL is one of those technologies that I heard about several years ago but had not encountered during an actual pentest. After reading a blog or two, […]

Design and Innovation

Press Release | Fortress Sponsors Open Web Application Security Project to Work on Industry-Wide SBOM Standards (Fortress Infosec) Fortress joins the Open Web Application Security Project (OWASP) to support the CycloneDX project, which is focused on promoting a lightweight SBOM standard.

Apple introduces ‘Lockdown Mode’ iPhone feature to block elite spyware (NBC News) The new feature aims to counter the rise of advanced hacking software that governments sometimes use to spy on people’s devices.

Apple Adds ‘Lockdown Mode’ to Thwart .Gov Mercenary Spyware (SecurityWeek) Apple is adding a new ‘Lockdown Mode’ that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploits.

Research and Development

Bias in Artificial Intelligence: Can AI be Trusted? (SecurityWeek) AI in cybersecurity has value, but there is concern over faulty algorithms, hidden bias, false positives, abuse of privacy, and potential for abuse by criminals, law enforcement and intelligence agencies.

Legislation, Policy, and Regulation

Democracies Aren’t Ready for AI’s Impact (World Politics Review) Artificial intelligence is already an important part of daily lives around the world, and much of what it does is uncontroversial. But there’s a sinister side to the technology—one that, because of the danger it poses to democracy and human rights, demands much greater attention than it has so far received.

China’s Cabinet Urges Greater Cybersecurity After Data Leak (Bloomberg) State Council meeting discusses need to safeguard information. Gathering follows largest potential hack in country’s history.

Aussie MSSPs dish on Home Affairs’ enforcement of The Critical Infrastructure Bill (CRN Australia) We hear from Cytrack, Sekuro and Stickman Cyber on their views.

The Role Of National Center For Cyber Security In Pakistan (The Nation) The entire world is going digital for all the right reasons. Thanks to its large internet user base, Pakistan has also undergone massive digitisation. With improved internet connectivity, the government, the private stakeholders and even individuals

Breaking down the cyber amendments to the House defense policy bill (The Record by Recorded Future) House lawmakers have filed an eye-popping 1,144 amendments to the chamber’s annual defense policy bill, including nearly two dozen cyber-related proposals.

Justice Department identifies disrupting ransomware and cyberattacks as key objective in new strategic plan (FedScoop) The Department of Justice said Friday that it will make disrupting ransomware attacks and prosecuting cybercriminals a key objective as part of a new strategic plan. In a statement, the department said it intends to beef up its cybersecurity technological capabilities and to more aggressively pursue those who put U.S. government information or assets at […]

Pentagon ‘endorses’ reciprocity for CMMC, FedRAMP requirements (Federal News Network) DoD still needs to iron out the details for how it will streamline overlapping cybersecurity requirements.

How the US DHS develops hard-to-find cybersecurity skills (CSO Online) The Department of Homeland Security’s Amanda Conley tells how she finds and uplevels specialized and expensive cybersecurity talent on a government budget.

FCC taps GSA’s Hill to be new CIO (Federal News Network) Allen Hill, the deputy assistant commissioner for Category Management in the Federal Acquisition Service at the General Services Administration, will take over the FCC’s lead technology role on Aug. 1.

Litigation, Investigation, and Law Enforcement

Iran TV says several foreigners, a UK diplomat, detained for alleged spying (Reuters) Iran’s Revolutionary Guards have detained several foreigners, including Britain’s second most senior envoy in Tehran, for alleged acts of spying such as taking soil samples in restricted areas, state television reported on Wednesday.

Draft Online Safety law requires encrypted chat CSAM scans (Register) ‘It is possible to implement end-to-end crypto in a way that preserves privacy,’ claims UK Home Sec