Dateline Moscow, Kyiv, Minsk, Helsinki, and Stockholm: Russia's battlefield and diplomatic failures continue.
Ukraine at D+81: Russian battlespace and diplomatic underachievement. (The CyberWire) Kharkiv now called a Ukrainian victory, Russian milbloggers show signs of losing confidence in the quality of their army's leadership over the failed Donets river crossing. Finland and Sweden prepare for Russian cyberattacks as they approach NATO membership, and both sides in the cyber phases of the hybrid war engage in nuisance-level hacktivism.
Russia’s invasion of Ukraine: List of key events, day 82 (AL Jazeera) As the Russia-Ukraine war enters its 82nd day, we take a look at the main developments.
Ukraine says it has repelled Russian incursion in Sumy region (Reuters) Ukrainian border guards repelled an incursion by a Russian sabotage and reconnaissance group in the northeastern region of Sumy on Monday, the governor of the Sumy region said.
In Ukraine and internationally, scenario darkens for Russia (AP NEWS) Europe pushed Monday to sharpen and expand its response to Russia's invasion of Ukraine, with Sweden poised to follow Finland in seeking membership of NATO and European Union officials working to rescue proposed sanctions that would target Russian oil exports helping the Kremlin finance its war.
Ukraine morning briefing: Five developments as Nato chief says Kyiv 'can win this war' (The Telegraph) Plus: Thousands receive gas again after pipeline was damaged in Kharkiv and Kalush residents sing the praises of Eurovision band winners
Ukrainian Forces Hold the Line in Donbas as Western Heavy Weapons Join the Battle (Wall Street Journal) More than three weeks after the massive Russian offensive that aims to encircle Ukraine’s best forces in Donbas kicked off, Moscow’s achievements so far are limited at best.
Ukraine Launches Counteroffensive to Disrupt Russian Supply Lines(Wall Street Journal) Ukrainian forces continued clearing villages north of Kharkiv, Russian President Vladimir Putin warned Finland’s leader that joining NATO would risk damaging ties with Moscow, and GOP senators visited Kyiv.
Ukraine has won the battle of Kharkiv, analysts say, as Kyiv warns of ‘long phase of war’ (the Guardian) US-based thinktank claims Russian troops are being pushed back eastwards from Ukraine’s second city, and aiming to use mercenaries
Russia-Ukraine latest news: Belarus deploys troops along border with Ukraine, says MoD (The Telegraph) Belarus will deploy special operations troops along its border with Ukraine and send air defence, artillery and missile units to training ranges in the west of the country, Britain’s Ministry of Defence (MoD) has said.
Kharkiv is beginning to look like Ukraine’s second major victory over Russia (The Telegraph) ‘The Ukrainians arrived and we realised the Russians were running away,’ says resident as think tank says battle effectively over
Ukraine has ‘won the Battle of Kharkiv’ as war reaches ‘tipping point’ (The Telegraph) Russian forces have gone ‘from the offensive to the defensive’ as Ukraine launches counter-attack on enemy-held town of Izyum
Russia-Ukraine war: Ukrainian general predicts when war will end; US senators visit Zelenskiy in Kyiv – live (the Guardian) Head of military intelligence for Ukraine says August will be turning point in conflict; Republican senators travel to Kyiv to show support for Ukraine
Ukraine morning briefing: Five developments as Kyiv intelligence chief says war will be over by Christmas (The Telegraph) Plus: Georgian region holds referendum on joining Russia and EU pledges £425 million in heavy weapons
Russia-Ukraine latest news: Russia 'drops phosphorus bombs' on Azovstal steelworks (The Telegraph) Ukraine has accused Russia of dropping phosphorus bombs on the Azovstal steel plant in Mariupol.
Russia takes losses in failed river crossing, officials say (AP NEWS) Russian forces suffered heavy losses in a Ukrainian attack that destroyed a pontoon bridge they were using to try to cross a river in the east, Ukrainian and British officials said in another sign of Moscow's struggle to salvage a war gone awry .
Growing evidence of a military disaster on the Donets pierces a pro-Russian bubble. (New York Times) As the news of the losses at the river crossing started to spread, some Russian bloggers did not hold back in their criticism of what they said was incompetent leadership.
Russian War Report: Drone footage confirms failed Russian military pontoon crossing(Atlantic Council) The DFRLab geolocated drone footage that showed the obliteration of the Russian unit that tried to cross the Siversky Donets in the Donbas region.
Exclusive: Putin's captured war plans show his Ukraine ambitions shrinking (Newsweek) The Russian president has backed away from trying to take all of southern Ukraine, even as President Biden confronts the danger of a Ukrainian victory.
Trial by fire: Ukraine war becomes gruelling artillery duel (the Guardian) As troops in mazes of trenches pound each other with shells, the terror of war draws closer to the city of Sloviansk
‘They were furious’: the Russian soldiers refusing to fight in Ukraine (the Guardian) Troops are saying no to officers, knowing that punishment is light while Russia is not technically at war
Russia ‘refusing’ to take soldiers’ corpses as it tries to hide scale of losses in Ukraine (The Telegraph) Several hundred unclaimed corpses are now piling up in refrigerated train cars outside Kyiv
Putin's "already started to realize" he's losing in Ukraine: Ex-Russian PM (Newsweek) Mikhail Kasyanov said Friday that he believes Putin was "misled" by advisers about the state of Russian forces and how long an invasion would take.
Putin "detached from reality," made "miscalculation" in Ukraine: Tony Blair (Newsweek) "Leave aside the wickedness of it, the miscalculation strategically and in every possible way has been enormous," Blair said of the war in Ukraine.
Putin’s Imperial War: Russia unveils plans to annex southern Ukraine (Atlantic Council) Kremlin officials have underlined the expansionist imperial agenda driving Putin's Ukraine war by announcing plans to officially annex Ukraine's Kherson Oblast and incorporate it into the Russian Federation.
Breakaway region of Georgia to hold referendum on joining Russia (the Guardian) South Ossetia, focal point of Russia-Georgia war of 2008, will decide whether to subsume itself into larger neighbour in July
G7 'will never recognise' borders redrawn by Russia (Expatica) The Group of Seven industrialised nations said Saturday they would never recognise the borders Russia is trying to shift by force in its war against
Coup to remove cancer-stricken Putin underway in Russia, Ukrainian intelligence chief says (Fortune) The Sunday Times recently reported that Putin has blood cancer, citing an unnamed Russian oligarch with close ties to the Kremlin.
Does Putin have Cancer? Rumors intensify over Russian Oligarch's remarks (Newsweek) The Russian president has faced scrutiny over his health condition with speculation growing that he is seriously ill.
Weakened Russia could see democracy replace Putin regime—Estonia (Newsweek) Foreign Minister Eva-Maria Liimets told Newsweek that Russian troops must be forced to leave all Ukrainian territory occupied since 2014.
A Glimpse at Life Under Russian Occupation (Foreign Policy) Stanislav Aseyev’s “In Isolation” depicts the absurd brutality of military rule in the Donbas.
Putin’s closest ally – and his biggest liability (the Guardian) The long read: Chechen leader and Instagram king Ramzan Kadyrov is vulgar, vicious and very rich. Is he out of control, or just the kind of blunt instrument the Russian president likes to have around?
Three questions about ending the war in Ukraine (Breaking Defense) To avoid an Afghanistan situation of open-ended conflict, the US and its partners need to be thinking about how to end the conflict sooner rather than later, writes Robbin Laird.
What Is China Learning From Russia’s War in Ukraine? (Foreign Affairs) America and Taiwan need to grasp—and influence—Chinese views of the conflict.
Western Sanctions Are ‘Beginning to Bite’ Into Russia’s Military (Foreign Policy) But not quite enough to check Russian President Vladimir Putin’s war in Ukraine.
Russian Invasion Intensifies Role of New U.S.-EU Tech Council (Wall Street Journal) The U.S.-EU Trade and Technology Council had its first meeting in Pittsburgh last fall, which participants said helped forge ties that proved critical when the two economies joined to impose sanctions on the Kremlin following its Feb. 24 attack on Ukraine.
Open Letter to the EU-U.S. Trade & Technology Council (TTC) ahead of the Second Ministerial Meetings in Paris Saclay, France (Microsoft) Recent events have demonstrated that our shared transatlantic values, including democracy, human rights, and respect for the international order based on the rule of law and multilateral institutions, are threatened
The Mirai Botnet, Dark Cubed, and the War in Ukraine (Dark Cubed) Is there a connection between these three?There’s definitely a relationship between the first two, while, in the interest of full disclosure, any direct connection to the war in Ukraine is speculative, but potential.The story begins with the Mirai Botnet, malware that forms the foundati
Finland, Sweden’s NATO moves prompt fears of Russian cyberattacks (The Hill) Finland and Sweden’s move to join NATO has raised concerns about potential cyber retaliation from Russia, which sees the expansion of the alliance as a direct threat. While it is too early to judge…
OpRussia update: Anonymous breached other organizations (Security Affairs) Another week has passed and Anonymous has hacked other Russian companies and leaked their data via DDoSecrets. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the collective claims to have hacked multiple organizations and government entities. The hacktivists leaked the stolen data via DDoSecrets. Below is the list of […]
Italian CERT: Hacktivists hit govt sites in ‘Slow HTTP’ DDoS attacks (BleepingComputer) Italy's Computer Security Incident Response Team (CSIRT) has published an announcement about the recent DDoS attacks that key sites in the country suffered in the last couple of days.
Italy prevents pro-Russian hacker attacks during Eurovision contest (Reuters) Italian police thwarted hacker attacks by pro-Russian groups during the May 10 semi-final and Saturday final of the Eurovision Song Contest in Turin, authorities said on Sunday.
Italian police block pro-Russia attacks during Eurovision(Computing) The authorities foiled cyberattacks pro-Russian groups Killnet and Legion during the 2022 Eurovision Song Contest in Turin last week.
The LEGION collective calls to action to attack the final of the Eurovision song contest | IT Security News (IT Security News) This article has been indexed from Security Affairs The Pro-Russian volunteer movement known as LEGION is calling to launch DDoS attacks against the final of the Eurovision song contest. The LEGION is a Pro-Russian volunteer movement that focuses on DDOS attacks. The group made the headlines for attacks against Western organizations and governments, including NATO
How One Company Helps Keep Russia’s TV Propaganda Machine Online (wired) French satellite operator Eutelsat has refused to stop Russia from using satellites it controls to broadcast state-run programming into the country.
Swiss seek cooperation with US on cyber security defence (SWI swissinfo.ch) Defence Minister Viola Amherd has held talks with US government representatives on international security cooperation.
Ukraine Still Wants More Help to Win the War (Foreign Policy) Kyiv pleads for advanced gear as the Donbas fighting drags on, but advocates fear there’s “not enough political will.”
Ukraine Aid Tracker: Mapping the West’s support to counter Russia's invasion (Atlantic Council) The West has shown a common understanding of the need to support Ukraine with military and humanitarian aid. Our interactive maps track the aid that Western countries are sending.
Opinion | Why the U.S. is succeeding in Ukraine after failing in Iraq and Afghanistan (NBC News) The amount pales in comparison to what America spent in Iraq and Afghanistan. But the results have been spectacular.
Russian TV says Poland could cease to exist: "history doesn't teach people" (Newsweek) Host of '60 Minutes' Olga Skabeyeva made the threat on the Kremlin propaganda channel.
NATO’s Nordic Expansion (Foreign Affairs) Adding Finland and Sweden will transform European security.
Sweden follows Finland in confirming it will apply to join Nato (the Guardian) Moscow tells Nordic pair there will be ‘far-reaching consequences’ as geopolitical fallout of Ukraine war intensifies
Finland confirms intention to join Nato as Sweden says it intends to follow suit (the Guardian) Announcements signify historic shift in policy in Nordic countries that will redraw Europe’s security map
Finland risks "Annihilation" if they join NATO, Russian lawmaker warns (Newsweek) Duma deputy Aleksey Zhuravlyov, who is known for his hawkish views, said Helsinki would face serious consequences if it joined the military alliance.
Russian state TV suggests deploying nuclear weapons against Finland, Sweden (Newsweek) Russia will have "no choice" but deploying nuclear weapons, a host on state TV Russia 1 said.
Vladimir Putin warns Finland that joining Nato would be a 'mistake' (The Telegraph) Vladimir Putin has warned his Finnish counterpart that it would be a "mistake" for Helsinki to abandon its neutral status and join Nato.
Russia warns Finland & Sweden to face military action if moving ahead with NATO decision (Republic World) Russia's Foreign Ministry warned that Moscow "will be forced to take retaliatory steps of military-technical and other characteristics if Finland joins NATO.
Finland President set to call Russia's Putin over decision on joining NATO: Report (Republic World) A day after Finnish President Sauli Niinisto vowed to join the NATO military alliance, he reportedly set to call his Russian counterpart, RT News reported.
How will Putin react to Finland and Sweden joining NATO? Experts weigh in (Newsweek) Russia has denounced the move recently announced by Helsinki to join the military alliance and said it will respond with "retaliatory steps."
Sweden’s bid to join Nato ‘shows Vladimir Putin’s aggression doesn’t pay’ (The Telegraph) In a move ending more than 200 years of military neutrality, Sweden announces that it will submit an application
Why Finland and Sweden can join NATO with unprecedented speed (Atlantic Council) Both have put in the prescient and painstaking work to make a potential transition from partner to member so straightforward.
Opinion | NATO Should Admit Finland and Sweden ASAP (Wall Street Journal) It would enhance the alliance’s security and send a powerful message to Russia.
Ukraine Latest: Biden Encourages Sweden, Finland on NATO in Call (Bloomberg) President Joe Biden told the leaders of Sweden and Finland that he supports their right to decide whether to join NATO and underscored his backing for the alliance’s open door policy, according to the White House.
Finland and Sweden should not be allowed to join Nato, says Turkey (The Telegraph) President Recep Tayyip Erdogan accuses Nordic countries of being a 'guest house for terrorists' as he refuses to back their membership bids
Turkey won't block Finland and Sweden joining NATO, Denmark says (Newsweek) Danish Foreign Minister Jeppe Kofod told Newsweek he expects "unity in NATO around this issue" despite apparent Turkish objections.
Norway's chief of defense: Finland, Sweden in NATO 'opens up a lot of possibilities' (Breaking Defense) "We have to review all of our plans, we have to look at the investments,” Gen. Eirik Kristoffersen, Norway’s chief of defense, told Breaking Defense in a May 12 interview, just hours after Finland made its NATO move official.
Russia Update: BIS Expands Existing Export Controls on Russia (JD Supra) As Ukraine-Russia peace talks continue, the U.S. government continues to bring the heat. Yesterday, the Department of Commerce, Bureau of Industry and...
Hungary ‘holding EU hostage’ over sanctions on Russian oil (the Guardian) EU unable to agree on sixth package of sanctions as Budapest continues to block proposed oil embargo
West Increases Pressure on Putin, Including Sanctions on Reputed Girlfriend (New York Times) The Russian leader was challenged by the prospect of an enlarged NATO, plans to get Ukrainian grain exports past a Kremlin blockade, and sanctions on his purported mistress.
Vladimir Putin, Family Man (New York Times) As Western nations place sanctions on people close to the Russian leader, including family members, the strict secrecy surrounding his private life is being punctured.
Russian undersea cable threat shifts tech business to UK (The Telegraph) Palantir, involved in the NHS vaccine rollout, moves security operations from the US
McDonald's is leaving Russia altogether (CNN) McDonald's became the symbol of glasnost in action 30 years ago when it opened its first restaurant in Moscow. But after temporarily shutting down more than 800 restaurants following the invasion of Ukraine, McDonald's has decided to leave Russia altogether.
Attacks, Threats, and Vulnerabilities
Conti ransomware gang calls for Costa Rican citizens to revolt if government doesn't pay (SC Magazine) Conti is escalating its rhetoric to force Costa Rica to pay a ransom after the nation was breached last month, including calls for potential regime change from its newly elected president to assemble a government more willing to pay.
Anonymous wanted to help Sri Lankans. Their hacks put many in grave danger (Rest of World) Leaked data by the hacker collective has put regular Sri Lankans at severe risk of cybercrime.
Iran-Linked OilRig APT Caught Using New Backdoor (SecurityWeek) The Iran-linked hacking group OilRig was observed using a new backdoor in an attack against a government official within Jordan’s foreign ministry.
Report: Iran's Cobalt Mirage attacks US orgs for money, info (Register) Khamenei, can you just not? Not right now, fam
Iranian hackers linked to the file-encrypting malware attacks (2Spyware) Iranian APT Cobalt Mirage launching ransomware attacks and targeting US organizations. Iranian state-sponsored threat group has been linked to the ransomware attacks targeting entities in
Phishing Campaign Delivering Three Fileless Malware: AveMariaRAT / BitRAT / PandoraHVNC – Part I (Fortinet Blog) FortiGuard Labs discovered a phishing campaign delivering fileless malware to steal sensitive information from a victim’s device. Read our analysis to find out more about how the campaign executes …
Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls (SecurityWeek) Thousands of Zyxel firewalls could be vulnerable to remote attacks due to a critical vulnerability discovered by Rapid7.
CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection (Rapid7) Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), identified as CVE-2022-30525.
How to Avoid Falling Victim to PayOrGrief's Next Rebrand (Dark Reading) The group that shut down the second largest city in Greece was not new but a relaunch of DoppelPaymer.
Critical Vulnerabilities Provide Root Access to InHand Industrial Routers (SecurityWeek) A total of 17 vulnerabilities have been found in an industrial router made by InHand Networks, including flaws that can be chained to achieve root access by getting a user to click on a link.
Hackers Can Make Siemens Building Automation Controllers 'Unavailable for Days' (SecurityWeek) A DoS vulnerability can be exploited to make Siemens building automation controllers unavailable for days, experts warn.
'IceApple' Post-Exploitation Framework Created for Long-Running Operations (SecurityWeek) CrowdStrike has detailed a new post-exploitation framework that could be the work of a state-sponsored threat actor, one likely linked to China.
Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service (Threatpost) An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.
Collapse of Luna cryptocurrency leads to $11 million exploit on Venus Protocol (The Record by Recorded Future) Venus Protocol announced on Thursday that about $11 million had been stolen from the platform due to people exploiting the historic collapse of the Luna cryptocurrency and its sister stablecoin UST.
Data breach exposes South African landlord and tenant information (My Broadband) Averly suffered a data breach that compromised its clients’ personal information — including real estate agents, landlords, and tenants.
Ransomware group strikes second U.S. health care system in the last two months (CyberScoop) The targeted systems are just two of dozens of the group's attacks in the last year.
Personal info of hundreds compromised by Elgin County cyber-failure (lfpress) Personal information about more than 300 people, some of it highly sensitive, was compromised by a "cyber-security incident" that knocked out Elgin County's…
Cyber criminals target Scottish public bodies every month but ministers refuse to release detail (Scotsman) Scottish public bodies have been hit by a cyber attack at a rate of one every month since the start of 2021, new figures suggest, but ministers say the public should not be told about the impact to services or budgets.
How eCriminals Monetize Ransomware (CrowdStrike) Monetization is the last step attackers take to receive a payout when completing an operation. Find key takeaways from CrowdStrike's Threat Intel team here.
‘A magnet for rip-off artists’: Fraud siphoned billions from pandemic unemployment benefits (Washington Post) Identity theft and other sophisticated criminal schemes contributed to potentially $163 billion in waste, while inflicting harm on unwitting victims.
CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog (CISA) CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers.
Security Patches, Mitigations, and Software Updates
Zyxel security advisory for OS command injection vulnerability of firewalls (Zyxel) Zyxel has released patches for an OS command injection vulnerability found by Rapid 7 and urges users to install them for optimal protection.
May's Patch Tuesday updates make urgent patching a must (Computerworld) With three zero-days and several serious vulnerabilities in key Windows server and authentication areas, it's time to patch now.
Microsoft fixes new PetitPotam Windows NTLM Relay attack vector (BleepingComputer) A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack.
SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices (The Hacker News) SonicWall has published an advisory warning of three new security flaws in its Secure Mobile Access (SMA) 1000 appliances.
Trends
Deepfakes in conflict and commerce: a conversation with AU10TIX’s Carey O’Connor Kolaja. (The CyberWire) Where is deepfake technology headed, and what’s to be done about it? AU10TIX CEO Carey O’Connor Kolaja warns of expanding use cases, and proposes a fix grounded in technological teamwork.
Wars start in cyberspace well before shots are fired (Register) The internet is now the first battleground of any new war – before the shooting starts
Mind the gap: public and private sector disparity in cybersecurity (ComputerWeekly) Amidst increasingly sophisticated cyber attacks and a constantly shifting threat landscape, cyber security partnerships across the private and public sector are essential in tackling these threats. ...
Marketplace
devOcean Emerges From Stealth With Cloud-Native Security Operations Platform (SecurityWeek) Israeli startup devOcean launches from stealth with $6 million in funding from Glilot Capital Partners and angel investors.
Komodor provides a Kubernetes troubleshooting platform (TechCrunch) Ben Ofiri and Itiel Shwartz left the comfort of their corporate jobs to start Komodor to build a Kubernetes troubleshooting platform.
An Optimist at the Helm of IBM (New York Times) Arvind Krishna is trying to stay in touch with the company’s roots as he confronts today’s challenges.
5 Questions with Denise Stemen, Dir of Customer Crisis Strategy + Response (CrowdStrike) Denise has advocated for female representation throughout her career as a teacher and in the FBI, but now her daughter has joined her in taking action.
McDonald Hopkins welcomes Sean Bowen to national Data Privacy and Cybersecurity practice (Yahoo Finance) Sean Bowen has joined McDonald Hopkins as an associate in the firm's Litigation Department, adding his experience to the firm's national Data Privacy and Cybersecurity Practice Group. He is accredited by the International Association of Privacy Professionals as a Certified Information Privacy Professional for the United States, the gold standard certification for information privacy professionals.
Rita Hill Wins Defense Contractor of the Year from Dayton Business Journal. (PR Newswire) Radiance Technologies (Radiance) would like to congratulate Rita Hill, Executive Vice President – National Security Sector, for winning Dayton...
Products, Services, and Solutions
Prancer Enterprise and HTC Global Services have entered into a partner (PRWeb) HTC Global Services (HTC) and Prancer Enterprise (Prancer) have entered into a partnership agreement to provide fully managed cloud security solutions for g
Ivanti and Lookout bring zero trust security to hybrid work (SecurityBrief Australia) Ivanti and Lookout have joined forces to help organisations accelerate cloud adoption and mature their zero trust security posture in the everywhere workplace.
Very Good Security (VGS) Partners with Plaid to Enhance Data Security for the Digital Finance Ecosystem (Business Wire) Very Good Security announced its expanded partnership with Plaid.
New infosec products of the week: May 13, 2022 (Help Net Security) The featured infosec products this week are from: Cohesity, ForgeRock, iDenfy, Nasuni, Orca Security, SecureAge, and Sonatype.
Technologies, Techniques, and Standards
NSA Says New Encryption Standards Can’t Be Cracked (1) (Bloomberg Law) The US is readying new encryption standards that will be so ironclad that even the nation’s top code-cracking agency says it won’t be able to bypass them.
Where do federal agencies stand with zero trust implementation? (Help Net Security) Federal agencies are making steady progress toward their zero trust security goals, according to a study commissioned by GDIT.
The 5×5—Reflections on trusting trust: Securing software supply chains (Atlantic Council) Five experts discuss the implications of insecure software supply chains and realistic paths to securing them.
Hired 'Hackers' Try, and Fail, to Invade Brazil Vote System (SecurityWeek) White hat hackers gathered tried to infiltrate Brazil's voting system ahead of a hotly anticipated race in October
Port of Vancouver USA founds cybersecurity intelligence sharing group (Security Magazine) The Port of Vancouver USA has partnered with the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) to launch the Lower Columbia River Maritime Information Exchange (LCR-MIX), hardening the port system against cyberattacks.
Research and Development
Massachusetts Institute of Technology: Technique protects privacy when making online recommendations (India Education) Algorithms recommend products while we shop online or suggest songs we might like as we listen to music on streaming apps.These algorithms work by using personal information like our past purchases and browsing history to generate tailored recommenda
Academia
Cybersecurity essentials for higher education (Education Technology) With recent attacks providing a stark reminder to universities of the importance of being cyber protected, it’s time the industry takes notice.
As Lincoln College closes doors, president looks back on crippling ransomware attack (The Record by Recorded Future) “It stopped everything we did. It's all we could focus on for a month and a half," said Lincoln College president David Gerlach.
College Closing Another Sad Milestone for Ransomware Impact (GovTech) Lincoln College in Illinois announced they were closing their doors as a result of COVID-19 and cyber attack disruptions. Who’s next?
Legislation, Policy, and Regulation
India pushes for storage of private data using technology built for anonymity (Global Voices) As VPNs and blockchain-based services are often designed to assure user anonymity and privacy, this direction might force many service providers to shut down operations in India.
Enhanced co-operation and disclosure of electronic evidence: 22 countries sign new Protocol to Cybercrime Convention (Council of Europe) The Second Additional Protocol to the Convention on Cybercrime (Budapest Convention), aimed at enhancing co-operation and disclosure of electronic evidence has been opened for signature at a conference organised under the Italian Presidency of the Council of Europe’s Committee of Ministers.
EU lands new law to fight off hackers in critical sectors (POLITICO) Rules for industries and governments aim to prevent all-out cyber breakdown.
Council and EU Parliament reach an agreement on the NIS 2 Directive (EU Cyber Direct) On 13 May 2022,the Council and the European Parliament agreed on the Directive on measures for a high common level of cybersecurity across the Union (NIS 2 Directive), which adapts the previous NIS Directive to current needs.
EU lawmakers reach agreement on stronger cyber rules for critical sectors (The Record by Recorded Future) The revised directive — called NIS2 — would replace the first EU-wide law on cybersecurity that was set in 2016.
EU governments, lawmakers agree on tougher cyber security rules for key sectors (iTnews) Critical infrastructure under a spotlight.
White House joins OpenSSF and the Linux Foundation in securing open-source software (ZDNet) Open-source software supply chain security is now a vital issue of national security.
U.S. House Lawmakers Search for Open Source Security Fixes (GovTech) Open source vulnerabilities are everyone’s problem, and, with memories of Log4Shell still fresh (and cleanup still underway), House lawmakers are asking how and where the federal government can help.
Agencies Advance on Biden's 2021 Zero Trust Order (Virtualization Review) One year in, a new survey-based report indicates civilian and federal agencies are making progress on President Joe Biden's 2021 executive order to improve the nation's cybersecurity.
US cyber boss wants software patches to be like car recalls (Register) Adds infosec regulation coming to more industries but with a light touch, more collaboration
US surveillance of Americans must stop (The Hill) In 2021 the FBI conducted up to 3.4 million warrantless searches seeking Americans’ phone calls, emails, and text messages.
New social media, electronics policies likely on the way for Marines(Marine Corps Times) The Marine Corps is about to release a document codifying “information” as a warfighting function.
Assemblyman Cusick takes steps against growing cyber attack risk to power grid (silive) Power grids around the country remain vulnerable to cyber attacks, but the New York Assembly passed legislation Wednesday that would take steps to protect the state’s energy supply.
DCSA Investigators Are Heading Back to the Field for Subject Interviews (ClearanceJobs) Defense Counterintelligence and Security Agency (DCSA) are headed back in the direction of 'normal' for background investigators.
Litigation, Investigation, and Law Enforcement
After Buffalo Shooting Video Spreads, Social Platforms Face Questions (New York Times) Gunmen say they are influenced by online screeds and broadcasts of past shootings. Do social media sites have a responsibility to rein in hateful and violent content?
U.S. issues charges in first criminal cryptocurrency sanctions case (Washington Post) Federal judge finds U.S. sanctions laws apply to $10 million in Bitcoin sent by American citizen to a country blacklisted by Washington
Use of Pegasus spyware on Spain’s politicians causing ‘crisis of democracy’ (the Guardian) Targeting of Catalan independence leaders and Spanish ministers must be independently investigated, says cybersecurity expert
Rogues And Spyware: Pegasus Strikes In Spain – OpEd (Eurasia Review) Weapons, lacking sentience and moral orientation, are there to be used by all.Once out, these creations can never be rebottled.Effective spyware, that most malicious of surveillance t…
How to Fight Foreign Hackers With Civil Litigation (Lawfare) Major tech companies have begun to employ Microsoft’s strategy of suing cybercriminals who operate major botnets or engage in massive phishing schemes.
Risks Of Web Scraping Loosen In Wake Of 9th Circ. Ruling (Law360) The Ninth Circuit's recent finding that harvesting data from public websites is likely not a federal crime will make it easier for entities to engage in the popular practice, but other key challenges to data "scraping" remain to be hashed out in civil litigation.
Angry IT admin wipes employer’s databases, gets 7 years in prison (BleepingComputer) Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data.
Federman & Sherwood Continues its Investigation of the Data Breach at PIH Health, Inc. (Acrofan) Federman & Sherwood, a boutique litigation law firm with a nationwide practice in data breach cases, is looking to interview consumers that received a Notice letter from PIH Health of a data breach that occurred in June 2019 and discovered in 2020 and for anyone that was affected by the data breach or has had their personal information or ...
Crypto thief threatened to cut man's fingers 'one by one,' stole £34K (BleepingComputer) Online crypto scams and ponzi schemes leveraging social media platforms are hardly anything new. But, this gruesome case of a London-based crypto robber transcends the virtual realm and tells a shocking tale of real-life victims from whom the perpetrator successfully stole £34,000.
Another ex-eBay exec pleads guilty to cyberstalking critics (Register) David Harville is seventh to cop to harassment campaign
SolarWinds Investors Say Board Duty Failures Enabled Breach (Law360) An attorney for SolarWinds Corp. stockholders told a Delaware vice chancellor Friday that the information technology giant ignored red flags and failed to oversee its business as Russians hackers exploited security failings to execute the world's largest cyberattack.
Judge Agrees Russian Must Stay Jailed In Insider Hack Case (Law360) A Russian national charged in an $82.5 million insider trading scheme will have to remain behind bars as his case plays out after a judge ruled Thursday that he has the means and motive to flee.
