Hired guns. EvilNum afflicts financial firms. Phishing–criminal and state-directed. LAPSUS$’s brief and gaudy career. IOCs.




Ukraine at D+147: Russian, Belarusian spearphishing. (The CyberWire) Russia says it’s expanding its territorial ambitions in Ukraine, and that NATO has no one but itself to blame for this. Ukraine undertakes a minor counteroffensive in Donetsk and continues to use HIMARS in an interdiction and counter-command-post role. Russian and Belarusian intelligence services make heavy use of spearphishing in their cyberespionage campaigns against Ukraine. US Cyber Command releases IOCs developed in cooperation with the Security Service of Ukraine.


Pictured: Father holds hand of dead son as fresh Russian air strikes hit Kharkiv (The Telegraph) The teenager was among three victims in the deadly shelling on Ukraine’s second city

Russia-Ukraine war at a glance: what we know on day 148 of the invasion (the Guardian) Nord Stream 1 gas pipeline restarts with gas flowing from Russia to Germany after maintenance; Moscow’s military ‘tasks’ now go beyond Donbas to permanently occupy southern Ukraine, Russia’s foreign minister says


Russia-Ukraine war: UK vows to send thousands more weapons to Kyiv after Kremlin’s threat of escalation (The Telegraph) Britain will send scores of artillery guns and more than 1,600 anti-tank weapons to Ukraine, in the latest supply of Western arms to the fury of the Kremlin.

Russia Signals That It May Want a Bigger Chunk of Ukraine (New York Times) A top Russian official said Moscow may extend its territorial claims to include not just the east of Ukraine but also parts of the south.


‘They hunt us like stray cats’: pro-Russia separatists step up forced conscription as losses mount (the Guardian) Footage emerges of Ukrainian citizens in occupied Donbas being press-ganged to fight for Moscow


Russia may seek to occupy more territory in Ukraine, says foreign minister (the Guardian) Sergei Lavrov’s televised remarks give signal Kremlin is planning a campaign to annex more regions

Russian invasion no longer limited to Donbas, warns Sergei Lavrov (The Telegraph) Russia has threatened to wage war across Ukraine if the West delivers long-range weapons to Kyiv.

HIMARS and howitzers: West helps Ukraine with key weaponry (AP NEWS) The message to U.S. lawmakers from Ukraine’s first lady, delivered amid stark and graphic images of civilian bloodshed, couldn’t have been clearer: After nearly five full months since Russia launched its invasion , Olena Zelenska said that her country needs more Western weapons.

‘Kamikaze drones’ strike Russian-controlled Zaporizhzhia nuclear power plant (The Telegraph) Explosions heard across the city, but Russia’s occupying officials insist reactor is not damaged and ‘everything is fine’


Why Russia Keeps Losing Generals (Foreign Policy) Failure to reform keeps the military incompetent—and top-heavy.

Russia should ‘nuke’ England but spare Wales, Scotland and Northern Ireland, says Putin propagandist (The Telegraph) Vladimir Solovyov mocks British Armed Forces chief for suggesting that Russia would be posing a threat to the world for the next decade

Ukraine Moves to Weed Out Entrenched Russian Influence in Government (Wall Street Journal) A purge of Moscow’s agents is seen as overdue, as Kyiv’s intelligence services have long been riddled with corruption.

Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities (Mandiant) Mandiant Threat Intelligence exposes how threat actors have used evacuation and humanitarian documents as spear phishing lures against Ukrainians.

Russian hackers behind SolarWinds breach continue to scour US and European organizations for intel, researchers say (CNN) The Russian hackers behind a sweeping 2020 breach of US government networks have in recent months continued to hack US organizations to collect intelligence while also targeting an unnamed European government that is a NATO member, cybersecurity analysts tell CNN.

Ukrainians are warned about new cyber-attack involving program that mentions Pivden (South) Operational Command (Yahoo) Hackers have started to spread a dangerous file in Ukraine, Dopovid0507224.ppt, which contains a miniature image that mentions Pivden (South) Operational Command and leads to information theft when opened.

Pro-Russia hacking campaigns are running rampant in Ukraine (Ars Technica) Hacks also exploit critical Follina vulnerability and phishing campaigns.

Google warns Kremlin-backed goons pose as pro-Ukraine app (Register) Don’t. Download. Unknown. Apps.

Anti-Russian denial-of-service app actually infects pro-Ukrainian activists (Hot for Security) An app which purported to launch distributed denial-of-service (DDoS) attacks against the internet infrastructure of Russia, was in reality secretly installing malware on to the devices of pro-Ukrainian activists.

Cyber National Mission Force discloses IOCs from Ukrainian networks (U.S. Cyber Command) In close coordination with the Security Service of Ukraine, USCYBERCOM’s Cyber National Mission Force is disclosing these indicators of compromise. In the last few months,

Cyber Command shares bevy of new malware used against Ukraine (The Record by Recorded Future) U.S. Cyber Command on Wednesday disclosed dozens of forms of malware that have been used against computer networks in Ukraine.

FBI flew cyber officials from Ukraine to U.S. for training, Ukrainian official says (CyberScoop) The trip shines a light on growing cooperation between Ukraine and the U.S. to confront the cyberthreat from Moscow.

Russian state media flouts European sanctions (POLITICO) RT created scores of new websites, in German, Spanish, French and English, that remain accessible across the EU, according to new research.

Vladimir Putin has the flailing West over a barrel (The Telegraph) Russia will use its new axis of evil with Iran to exert massive pressure on the world’s democracies

Attacks, Threats, and Vulnerabilities

Atlas Intelligence Group (A.I.G) – The Wrath of a Titan (Cyberint) A.I.G is recruiting cyber-mercenaries to do specific jobs as a part of bigger campaigns known only to the admins.

‘AIG’ Threat Group Launches With Unique Business Model (Dark Reading) The rapidly growing Atlas Intelligence Group relies on cyber-mercenaries to carry out its missions.

Netwrix Auditor Vulnerability Can Facilitate Attacks on Enterprises (SecurityWeek) A critical vulnerability in Netwrix Auditor can allow attackers to execute arbitrary code on the server and possibly compromise the Active Directory domain.

Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities (Proofpoint) TA4563 is a threat actor leveraging EvilNum malware to target European financial and investment entities, especially those with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). EvilNum is a backdoor that can be used for data theft or to load additional payloads. The malware includes multiple interesting components to evade detection and modify infection paths based on identified antivirus software.

Sending Phishing Emails From PayPal (Avanan) Hackers are sending phishing emails directly from PayPal.

New Rust-based Ransomware Family Targets Windows, Linux, and ESXi Systems (The Hacker News) Security researchers warn against the ransomware programmes Luna and Black Basta, written in Rust, which attack Windows, Linux and ESXi systems.

New ransomware discovered using Rust, atypical encryption (Cybersecurity Dive) Luna’s use of platform-agnostic code allows threat actors to initiate attacks on different operating systems concurrently.

Brazen, Unsophisticated and Illogical: Understanding the LAPSUS$ Extortion Group (Tenable®) Having gained the industry’s attention in the first months of 2022, the LAPSUS$ extortion group has largely gone quiet. What can we learn from this extortion group’s story and tactics?

Chaotic LAPSUS$ Group Goes Quiet, but Threat Likely Persists (Dark Reading) The LAPSUS$ group emerged with a big splash at the end of 2021, targeting companies, including Okta, with a “reckless and disruptive” approach to hacking.

Specops Research Reveals Major Weaknesses in Five Popular Web Services (PRWeb) Specops Software, a leading provider of password management and user authentication solutions, today released new research finding major cybersecurity weaknesses i

3rd Party Services Are Falling Short on Password Security (BleepingComputer) Preventing the use of weak and leaked passwords within an enterprise environment is a manageable task for your IT department, but what about other services where end-users share business-critical data in order to do their work? They could be putting your organization at risk, and the team at Specops Software decided to see for sure.

Building materials giant Knauf hit by Black Basta ransomware gang (BleepingComputer) The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.

Black Basta ransomware gang claims responsibility for Knauf cyberattack (Tech Monitor) Building supplies company Knauf has been operating a reduced service for three weeks since the breach, thought to be a ransomware attack.

Important message (Knauf Insulation) Important update for everyone

Hacks of genetic firms pose risk to patients, experts say (Washington Post) It’s not just schools, local governments and major private-sector firms like Colonial Pipeline getting hacked. Hackers have also hit genetic and fertility clinics, which have troves of sensitive information.

Neopets data breach exposes personal data of 69 million members (BleepingComputer) Virtual pet website Neopets has suffered a data breach leading to the theft of source code and a database containing the personal information of over 69 million members.

Allied Urological Services, LLC Announces Data Breach Impacting Patient’s Financial Data (JD Supra) Recently, Allied Urological Services, LLC confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive…

Oregon Corrections Department At Risk Of Cyber Attack (JAM’N 107.5 | Portland Local News) An audit by the Oregon Secretary of State finds the Oregon Department of Corrections hasn’t implemented past recommendations which puts the agency’s computer systems at risk of attack.

Waterloo Region District School Board hit by cyberattack (CBC) The Waterloo Region District School Board says it’s working to restore its IT system after a cyberattack.

Beware of latest email scam, say Titan Security experts (Galway Advertiser) Galway-based cyber security experts TitanHQ (https://www.titanhq.com/ ) have warned Irish people to be on the lookout for the latest email scam, after a school district in the United States admitted last month to transferring nearly €200,000 to an account controlled by cyber criminals.

Unprotected Entry into the Metaverse Brings Accrued Cyber Risks (EIN News) Enterprises that are considering joining the metaverse bandwagon have been put on high alert against imminent cyberattacks that could expose their valuable data

ICS Vulnerabilities H1 2022 (SynSaber | Industrial Cybersecurity) SynSaber researchers analyzed the ICS vulnerabilities and CVEs that have been released by CISA & other entities in the 1st half of 2022.

SynSaber: Only 41% of ICS vulnerabilities require attention (SearchSecurity) SynSaber published research to help industrial organizations better manage an influx of alerts and advisories about ICS vulnerabilities.

Recorded Future CVE Monthly June 2022 (Recorded Future) This report analyzes the top vulnerabilities disclosed across 8 major software vendors, including Microsoft, Adobe, Oracle, Google, Apple, Apache, Linux, and Cisco, from May 12 to June 6, 2022.

GRIT Ransomware Report (Guidepoint Security) The second quarter of 2022 demonstrated some interesting activity in the ransomware world. We saw a complete revamp of Lockbit, the most prolific Ransomware-as-a-Service (RaaS), from 2.0 to 3.0, or Lockbit Black, and Conti closed shop, with their best developers and affiliates likely shifting to other RaaS operations including Blackbasta, AlphV, and more.

Security Patches, Mitigations, and Software Updates

Apple Ships Urgent Security Patches for macOS, iOS (SecurityWeek) Apple’s security response team has pushed out software fixes for at least 39 software vulnerabilities haunting the macOS Catalina, iOS and iPadOS platforms.

Oracle Releases 349 New Security Patches With July 2022 CPU (SecurityWeek) Oracle’s July 2022 CPU includes 349 new security patches, 230 of which address vulnerabilities that can be exploited remotely, without authentication.

The growth in targeted, sophisticated cyberattacks troubles top FBI cyber official (CyberScoop) Assistant Director for Cyber Bryan Vorndran worries about future threats posed by deep fakes and artificial intelligence.

2022 Email Security Trends Report (Abnormal) We surveyed 300 security leaders to learn what matters most to them when it comes to email security in the current threat landscape. Download the report.

The State of Cybersecurity (SecureLink) Organizations are treading water when it comes to cybersecurity. What happens when the next wave comes?

More Than Half of Organizations Prioritize Security Over User Experience (Enterprise Software Academy) Network visibility demands holistic approach to balance user experience with security.

How to Avoid Tradeoffs Between Security and the User Experience (Enterprise Software Academy) A Global Survey of Executives and Security Professionals

Executive Report: Voice Network Threat Survey 2022 (Mutare) The Voice Network Threat Survey reveals serious shortcomings in enterprise security protections against voice network attacks.This Report is intended to shine a light on one of the most universal infrastructure systems,…

Fighting the scariest things online in the US (Veriff) Veriff surveyed 1,000 US adults and analysed crime data to reveal which online crimes are most common


Microsoft and Google Leading Cybersecurity M&A Activity (GlobeNewswire News Room) Increasing investments by enterprises in cybersecurity owing to employees working remotely during the pandemic sparked an M&A boom in the tech sector…

Anvilogic raises $25M in funding to automate manual cybersecurity tasks (SiliconANGLE) Anvilogic raises $25M in funding to automate manual cybersecurity tasks – SiliconANGLE

Huntress acquires cybersecurity training firm Curricula for $22 million (The Record by Recorded Future) Maryland-based cybersecurity firm Huntress announced on Tuesday the $22 million acquisition of security training platform Curricula to further expand services to small and mid-market businesses.  

ConnectWise Announces Inaugural WISE Awards to Celebrate the Success of Partners (GlobeNewswire News Room) Winners to Be Announced at IT Nation Connect 2022 in November…

Google Announces Hiring Pause (The Information) Google said it will pause hiring for two weeks, after saying last week it would slow its pace of hiring for the rest of the year. In an email to employees viewed by The Information, Prabhakar Raghavan, a senior vice president at Google, said the hiring pause would not impact offers that had …

Microsoft Cuts Many Open Job Listings in Weakening Economy (Bloomberg) Company slows its hiring in businesses like Azure and security for the foreseeable future

As US struggles to fill cyber defense jobs, Australia works to keep talent at home (C4ISRNet) Australia’s artificial intelligence industry leaders point to a gap in the defense workforce at July 20 summit.

Microsoft partners with AustCyber to provide a unique pathway for budding cybersecurity professionals (Microsoft Australia News Centre) Microsoft has partnered with AustCyber and other leading education and training providers to offer Australians a credible alternative pathway to enter the cybersecurity industry.

Sonatype Achieves Record Growth, Expands Leadership Team with New Board Member and CRO (Sonatype) Sonatype exceeds H1 2022 financial goals and welcomes a new CRO and world-renowned board member, as the company looks toward even greater growth in H2

Gluware Adds New Sales and Marketing Leader as Company Accelerates Enterprise Network Hyperautomation (PR Newswire) Gluware, the leader in intelligent network automation, today announced the hiring of Terry Healey as Vice President of Sales Acceleration…

SureCloud secures new Chairman with the two billion pound touch (SureCloud) The world’s first GRC Capability Company, today announced that John Hawkins has been named Chairman of the Board. Read more here.

Ex-Manhattan DA Vance Targets Cyber ‘Pandemic’ in Second Act (Bloomberg Law) Cyrus Vance Jr., the former Manhattan District Attorney, is using his new job to try to get cities and companies to work together to fend off cyber attacks.

Products, Services, and Solutions

Can Encryption Key Intercepts Solve The Ransomware Epidemic? (SecurityWeek) Nubeva Technologies is building technology to recover encrypted data without making ransomware payments

Google Introduces DNS-over-HTTP/3 in Android (SecurityWeek) Google this week announced the rollout of DNS-over-HTTP/3 (DoH3) for Android 11 and newer devices.

Delinea and Authomize Announce Strategic Partnership to Expand and Enhance Cloud Identity Security Controls (PR Newswire) Delinea, a leading provider of privileged access management (PAM) solutions for seamless security, and Authomize, a leading provider of Cloud…

BlackBerry and LeapXpert Join Forces to Deliver Secure Communications in a Remote Age (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) and LeapXpert, the enterprise-grade responsible business communication platform, today announced a…

Datatron Simplifies Platform for Operationalization of ML Models (PR Newswire) Datatron announced today the latest version of its enterprise-grade MLOps platform. Updates include increased flexibility, a new interface that…

Illumio Launches Zero Trust Impact Assessment to Help Organizations Maximize Cyber Investments (GlobeNewswire News Room) Security and IT Leaders Can Now Proactively Assess Cyber Resilience Posture, Better Informing Security Strategies with Data…

SentinelOne Announces Service Ready Designation for AWS Graviton (Bloomberg) XDR Leader Supports Amazon EC2 Instances Powered by AWS Graviton2 and Graviton3 Processors

Liquid Launches Africa’s First Cyber-Security “Fusion” Centre (IT News Africa) Liquid Cyber Security, an arm of pan-African Cassava Technologies group, today announced the launch of the first of its planned matrix of Cyber Security Fusion Centres in Johannesburg, South Africa. With this Fusion Centre, Liquid aims to bolster the cyber security industry in the country by managing the growing threat of cyberattacks to governments and […]

Radware announces enhanced Bot Manager with crypto mitigation algorithms (SecurityBrief Asia) The solution aims to help disrupt attack automation and further exhaust bad actors’ resources and motivation to attack.

Cato aims to bust cyber myths as it extends network protections (ComputerWeekly) Cato Networks is beefing up its platform’s security features with ransomware and data loss protections, and the firm’s security strategy lead Etay Maor is using the occasion, and his unique access to billions of data points from the firm’s network, to explode some cyber myths

Illumio Launches Zero Trust Impact Assessment to Help Organizations Maximize Cyber Investments (GlobeNewswire News Room) Security and IT Leaders Can Now Proactively Assess Cyber Resilience Posture, Better Informing Security Strategies with Data…

Radware Introduces New Crypto Mitigation Algorithms to Fight Bad Bots (GlobeNewswire News Room) Disrupts attack automation; exhausts bad actors’ resources and motivation to attackCreates new zero trust posture for publicly exposed web and API…

Technologies, Techniques, and Standards

Cloud Security Alliance Releases Guidance on Third-Party Vendor | CSA (CSA) Document outlines the security challenges facing the use of third-party vendors for Healthcare Delivery Organizations and offers assessment and protection recommendations

Attackers Don’t Sleep,But Your Employees Need To (Finn Partners) Engage Partners To Fill Skill Gaps And Enable 24/7 Coverage

FEMA conducts cyber disruption consequence management workshop (Marianas Variety News & Views) (CNMI Homeland Security & Emergency Management) — On Tuesday, July 19, 2022 at 8 a.m., the Federal Emergency Management Agency conducted the 2022 CNMI Cyber Disruption Consequence Management Workshop in

Design and Innovation

The Quantum Era Is Arriving, And It Will Be Transformational ! (Forbes) The quantum era is arriving, and it will be transformational ! It is important to understand some of the basics, quantum computing, quantum sensing, quantum encryption, quantum IoT, and ultimately our quantum future


REN-ISAC and Fortinet Partner on Threat Intelligence and Cybersecurity Best Practices — Campus Technology (Campus Technology) Indiana University’s Research & Education Networks Information Sharing & Analysis Center (REN-ISAC) has announced a partnership with cybersecurity company Fortinet focused on sharing threat information and enhancing higher education and research cybersecurity efforts nationwide.

Legislation, Policy, and Regulation

German Authorities Have Called for a Data Protection Law for Employees (SHRM) The German Conference of the Federal and State Data Protection Authorities has published a call for an Employee Data Protection Act.

American internet giants seek changes to India’s proposed new IT rules (TechCrunch) An industry group representing several tech giants has requested the Indian government to make a series of changes to the proposed amendments to the country’s new IT rules, warning those amendments “negate” the government’s commitment to ease of doing business.

UK government refuses public review of NHS analytics plaform (Register) Patients must have the right to decide what information is taken from health records, say privacy campaigners

NSA Director Says US is Conducting Operations Before Elections (Bloomberg) Meeting General Paul Nakasone in the heart of his lair in Fort Meade turns out to be more theatrical than one might expect of a career military officer.

FBI and Cyber Command are in ‘Combat Tempo’ Ahead of Midterm Elections (Gizmodo) Officials said that the U.S. faces threats from countries like Russia, but the NSA director hinted that U.S. “operations” are already underway.

Senate wants tighter cyber-electronic warfare integration, clarity on organizations for cyber ops (FedScoop) The Senate Armed Services Committee wants a strategy and more coherent integration of cyber and electronic warfare effects in military operations. A provision in the committee’s version of the fiscal 2023 National Defense Authorization Act is requiring the Department of Defense to develop a strategy for “converged cyber and electronic warfare conducted by and through […]

House Intel forwards Intelligence Authorization Act (The Hill) This year’s policy bill for the intelligence community focuses heavily on Russia’s war in Ukraine, establishing a coordinator to track Russian war crimes and directing agencies to focus on Russian …

House panel advances landmark federal data privacy bill (The Hill) A House panel advanced a comprehensive data privacy bill in a 53-2 bipartisan vote Wednesday, pushing forward legislation that aims to set a national standard for how tech companies collect an…

Senate Votes 64-34 to Advance Chips Bill (Wall Street Journal) Significant bipartisan support in the first procedural vote signals likely passage of a larger package to address chip shortages.

U.S. House approves security, cyber-funding boost for federal judiciary (Reuters) The federal judiciary would receive a significant boost in funding for court security and cybersecurity under a $492.6 billion spending package for 2023 that the U.S. House of Representatives approved on Wednesday.

House panel’s bill would block U.S. buyers of foreign spyware (Reuters) American spymasters would be able to yank business away from U.S. companies that purchase or market foreign espionage software, undera bill the House Intelligence Committee advanced on Wednesday.

FBI pushing for changes to rules around Treasury sanctions, SEC cyber incident reporting (The Record by Recorded Future) The assistant director of the FBI’s Cyber Division said the agency has pressed the Treasury Department and SEC for changes to rules and potential regulations around ransom payments and incident reporting. 

Litigation, Investigation, and Law Enforcement

Twitter Worker Accused of Spying for Saudi Arabia Heads to Trial (New York Times) The case showed the intensity of the kingdom’s interest in tracking dissidents, and the timing this week is fraught for U.S.-Saudi relations.

The DHS Bought a ‘Shocking Amount’ of Phone-Tracking Data (Wired) The ACLU released a trove of documents showing how Homeland Security contracted with surveillance companies to scour location information.

Thailand admits to using phone spyware, cites national security (Reuters) A Thai minister has admitted the country uses surveillance software to track individuals in cases involving national security or drugs, amid revelations that government critics’ phones had been hacked using the Israeli-made Pegasus spyware.

Exclusive: U.S. probes China’s Huawei over equipment near missile silos (Reuters) The Biden administration is investigating Chinese telecoms equipment maker Huawei over concerns that U.S. cell towers fitted with its gear could capture sensitive information from military bases and missile silos that the company could then transmit to China, two people familiar with the matter said.

Audit requested in CCW breach that exposed more than 200,000 people’s data (KMPH) KMPH Fox 26 is the Central Valley’s news leader, covering Fresno, California and the surrounding area, including Clovis, Madera, Hanford, Visalia, Biola, Kerman, Tranquillity, San Joaquin, Reedley, Coalinga, Avenal, Lemoore, Tulare, Selma, Caruthers, Tollhouse, Three Rivers, Porterville, and Merced.

Zuckerberg to Testify Over Cambridge Analytica Data Breach (CNET) Meta CEO will be deposed for up to 6 hours in September, court filings show.

Is the Secret Service’s Claim About Erased Text Messages Plausible? (Updated) (Zero Day) The Secret Service says data erased from the phones of some of its personnel — that may shed light on the agency’s handling of the Jan. 6 insurrection — can’t be recovered. Is it telling the truth?

China fines Didi more than $1 billion for breaking data security laws (CNBC) China’s cybersecurity authority fined ride-hailing giant Didi in apparent closure of a yearlong probe that prevented the company from adding new users.

I tracked down my Corbynite troll – and now he’s in prison (The Telegraph) After years of anti-Semitic harassment, writer Lee Kern got the police involved

Source link


Please enter your comment!
Please enter your name here

Share post:



More like this

Chicago's Merry Own Contest – WGN TV Chicago

Chicago's Merry Own Contest  WGN TV Chicago Source link

Road Closed in Prosser due to accident

An accident involving a semi truck has Travis...