NPM compromises. ICS advisories. Free ransomware decryptors.

Dateline

Ukraine at D+134: Preparing for an end to Russia’s operational pause. (The CyberWire) Mr. Putin says no one should count on Ukrainian battlefield victory, because Russia’s hardly gotten started.

Russia-Ukraine war: List of key events, day 135 (Al Jazeera) As the Russia-Ukraine war enters its 135th day, we take a look at the main developments.

Ukraine Says Western Weapons Begin to Help as It Raises Flag on Snake Island (Wall Street Journal) President Volodymyr Zelensky said that Western heavy weapons are starting to have an effect on the battlefield but urged speedier deliveries, particularly of antiaircraft systems, as Russia continued lobbing missiles into Ukrainian cities.

Zelensky says Ukraine will not give up territory for peace with Russia: ‘This is our land’ | CNN Politics (CNN) Ukrainian President Volodymyr Zelensky told CNN’s Wolf Blitzer on Thursday that Ukraine is unwilling to cede any of its land to Russia, standing firm that a concession of Ukrainian territory won’t be part of any diplomatic negotiations to end the war.

Russia-Ukraine war: Putin warns Moscow has ‘barely started’ its campaign (The Telegraph) Vladimir Putin has issued a defiant warning to the west claiming that Moscow has barely started its military campaign in Ukraine

Ukraine’s Implausible Theories of Victory (Foreign Affairs) The fantasy of Russian defeat and the case for diplomacy.

G-20 diplomats fail on unity over Ukraine, war’s impact (AP NEWS) Deeply divided top diplomats from the world’s richest and largest developing nations failed to find common ground Friday over Russia’s war in Ukraine and how to deal with its global impacts, leaving prospects for future cooperation in the forum uncertain.

Germany refuses to ‘plunder its own military’ for the sake of Ukraine (The Telegraph) Pressure on Olaf Scholz to provide armoured vehicles, as German MPs prepare to set an example by limiting their own use of hot water

Army leaders convene with allies to review Ukraine war lessons (Stars and Stripes) The implications of drones and long-range artillery were among the Ukraine war topics discussed by U.S. Army leaders and other allied commanders Thursday, as they assessed the path forward for an alliance still adapting to Russia’s unprovoked invasion.

Russian Info Ops Ramp Up Effort to Divide West on Ukraine (Infosecurity Magazine) Recorded Future claims Kremlin is using multiple outlets to amplify disinfo

China’s Tonto Team APT Ramps Up Spy Operations Against Russia (Dark Reading) In a significant spike of activity, the state-sponsored group is going after intelligence on Russian government agencies.

Hackers linked to the Chinese government increasingly target Russia, analysis suggests (CyberScoop) A recent phishing attempt targeting Russian entities involved long-established Chinese toolkits, experts said.

Russian Cybercrime Trickbot Group is systematically attacking Ukraine (Security Affairs) The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM researchers collected evidence indicating that the Russia-based cybercriminal Trickbot group (aka Wizard Spider, DEV-0193, ITG23) has been systematically attacking Ukraine since the beginning of the Russian invasion of the country. Since February, the Conti ransomware […]

US finance sector encouraged to stay vigilant against retaliatory Russian cyberattacks (SC Magazine) As the Russia-Ukraine war closes in on its fifth month, now is not the time to drop the ball on cybersecurity, says a leading financial technology analyst.

Ukraine War Boosts Support for Added Defense Spending in Japan (Wall Street Journal) A national election appears set to give Japan’s government a mandate for a sharp increase in the military budget, thanks to the war in Ukraine.

Ukrainian diaspora urges Trudeau not to return turbine to Russia (the Guardian) Moscow says equipment, which was being repaired in Canada, was crucial to restore gas supplies to Germany

Ukraine grain farmers devastated by Russia’s Black Sea blockade (Washington Post) The morning Russian tanks and troops stormed across Ukraine’s borders, Volodymyr Onishchuk’s grain got stuck. He had delivered about $100,000 worth to a storage site at Ukraine’s Black Sea port in Mykolaiv on Feb. 23, but by Feb. 24 — when the ship with his harvest was to set sail — Russian troops were on the ground and warships lingered menacingly off the Ukrainian coast.

Attacks, Threats, and Vulnerabilities

python-dateutils—A Cryptominer in Disguise Targeting Windows, Linux, macOS (Sonatype) We analyze a suspicious ‘python-dateutils’ PyPI package targeting Python developers to mine cryptocurrency after infecting their Windows, macOS or Linux systems.

From Follina to Rozena – Leveraging Discord to Distribute a Backdoor (Fortinet Blog) FortiGuard Labs recently discovered a document that exploits CVE-2022-30190 (Follina) to trigger the download of the Rozena malware, capable of injecting a remote shell connection back to the attac…

Stealthy Cyber-Campaign Ditches Cobalt Strike for Rival ‘Brute Ratel’ Pen Test Tool (Dark Reading) The latest criminal use of a legitimate red-teaming tool helps attackers stay under the radar and better access living-off-the-land binaries.

Threat actors exchange beacons for badgers to evade endpoint security (Help Net Security) Threat actors are using Brute Ratel C4 (BRc4), a tool similar to Cobalt Strike, to avoid detection by endpoint security solutions.

Over 1200 NPM Packages Found Involved in “CuteBoi” Cryptomining Campaign (The Hacker News) Researchers have uncovered a new large-scale cryptocurrency mining campaign involving over 1200 malicious NPM JavaScript packages.

Someone may be prepping an NPM crypto-mining spree (Register) 1,300 packages from 1,000 automated user accounts set the stage for something big

Twitter says it removes 1 million spam accounts a day (AP NEWS) Twitter said it removes 1 million spam accounts each day in a call with executives Thursday during a briefing that aimed to shed more light on the company’s fake and bot accounts as it tussles with Elon Musk over “spam bots.”

Going Once, Going Twice, Sold: Real Time Bidding Data Privacy Breach (Ward and Smith, P.A.) The ongoing massive data breach in the world of advertising: real time bidding (“RTB”).
You likely are, or have been, a target of RTB without your knowledge…

Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (The Hacker News) Researchers detail a wide range of constantly evolving techniques used by LockBit ransomware uses to infect targets.

I sent my yoga studio a web form, and all I got was this lousy malware attack (Ars Technica) When thread hijacking from TA578 hits close to home.

The Top 4 Ways That Malware Spreads (Make Use Of) You should’ve heard about the devastating effects of malware, but how can it actually spread between devices?

Disneyland’s Instagram Account Hacked With a Series of Profane, Racist Posts (Wall Street Journal) Disneyland Resort’s Instagram account was taken over by a self-proclaimed “super hacker” Thursday morning who made a series of profane and racist posts that have since been taken down.

Disneyland investigating compromised Facebook and Instagram accounts (The Record by Recorded Future) Disneyland officials are investigating a Thursday morning hack of its Facebook and Instagram accounts.

Malware knocks IT services vendor SHI offline (Register) Major supplier to US government and enterprise only just getting back on its feet

An ISP Scam Targeted Low-Income People Seeking Government Aid (Wired) The US Federal Communications Commission says a man posing as a fake broadband service promised victims discounts on internet services and devices.

Lending Tree Data Breach, Sensitive Information Potentially Disclosed in Hack (LegalScoops) On June 29, 2022, Lending Tree, LLC, an online lending marketplace based in based in Charlotte, North Carolina, reported a data breach to the Montana

Cyberattack delays child support checks in Arizona (12news.com) State officials say about 800 child support and unemployment checks were delayed in getting sent out due to a recent cyberattack.

Paid Family Leave payments resume in DC after cyberattack | WTOP News (WTOP News) D.C. residents who receive weekly Paid Family Leave benefits will see money hit their bank accounts after a recent cyberattack interrupted the financial flow.

Town of Hingham Shares Information on potential COMSTAR Data Breach (Hingham Anchor) Love this? Share it!Facebook0Pinterest0TwitterLinkedinemail July 8, 2022 Submitted by the Town of Hingham The Town of Hingham wishes to inform residents of a potential data breach against an ambulance billing company that may impact some residents who have utilized ambulance services within the Town of Hingham. COMSTAR Ambulance Billing provides ambulance billing services to multiple … Read more

Security Patches, Mitigations, and Software Updates

Cisco Releases Security Updates for Multiple Products (CISA) Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

Microsoft U-turns on decision to block Office macros by default (Computing) The company said earlier that it would block VBA macros by default in a variety of Office apps, it has now mysteriously reversed this decision

CIOs agree: lack of staff security knowhow a critical problem (Computing) Staff reuse passwords, share devices and cannot tell the difference between fake and legitimate emails.

Marketplace

Cybersecurity firms laying off employees despite increased threats (Washington Examiner) In part, concerns over the global economy are driving these decisions.

Cybersecurity M&A Roundup: 45 Deals Announced in June 2022 (SecurityWeek) 45 cybersecurity-related merger and acquisition (M&A) deals were announced in June 2022.

Recorded Future Acquires Hatching to Extend Intelligence Cloud Coverage with Malware Analysis (Recorded Future) Intelligence leader adds high-performance, automated malware analysis capabilities to give defenders an intelligence advantage for combating malware.

Coalition Closes $250 Million in Series F Funding, Valuing The Cyber Insurance Provider At $5 Billion (GlobeNewswire News Room) Funding from Allianz X, Valor Equity Partners, Kinetic Partners, and existing investors will accelerate Coalition’s vision to provide security for all…

Swimlane Secures $70 Million Growth Round to Fuel Global Expansion of Next Generation Low-Code Security Automation Platform (AiThority) Swimlane, the low-code security automation company, announced a $70 million growth funding round led by Activate Capital.

IBM snaps up data observability specialist Databand.ai (IT PRO) The acquisition will help IBM address the “full spectrum” of observability, as well as capitalise on predicted market growth

Cybersecurity Consulting Firm Cerberus Sentinel Acquires CyberViking (Channel Futures) The acquisition is intended to expand the cybersecurity consulting firm’s incident response and application security talent.

Netskope IPO: Latest Updates From the CEO (Investment U) Investors are awaiting information about the Netskope IPO after the CEO hinted at plans to go public in the near future.

Comodo Security Solutions rebrands, launches new offering (ChannelLife Australia) Comodo Security Solutions has rebranded to Xcitium and launched its patented zero threat endpoint technology to fight increasing ransomware and other malware across industries.

How much can you make with an online master’s in cybersecurity? (Fortune) Cybersecurity professionals who earn a master’s degree can earn a base salary of $200,000 in certain roles.

CyCognito hires Anne Marie Zettlemoyer as CSO (Help Net Security) CyCognito announced the appointment of security veteran Anne Marie Zettlemoyer as Chief Security Officer (CSO).

Netskope focuses on network transformation with ‘elite’ advisory group (ComputerWeekly.com) Network technologies provider announces formation of Network Visionaries group featuring former AWS, Crowdstrike execs to offer cloud, hyperscale, security and networking expertise.

Products, Services, and Solutions

Purple Knight Introduces Azure AD Security Indicators | Semperis (Semperis) Purple Knight introduces Azure AD security indicators, supports MITRE D3FEND. Learn more in “Purple Knight Introduces Azure AD Security Indicators”.

Mercury’s advanced encryptor receives certification from National Security Agency (GlobeNewswire News Room) Powerful, miniature data-at-rest encryptor weighing less than a pound can be easily integrated into existing avionics systems, safeguarding sensitive data…

Field Effect and RosettiStarr partner to deliver full-spectrum cyber security services to businesses and law firms worldwide (PR Newswire) Field Effect, a global cyber security company specializing in intelligence-grade protection for small and medium organizations, today announced…

Protecto and Snowflake help customers identify data protection issues (Help Net Security) Protecto brings artificial intelligence and privacy engineering to Snowflake so that joint customers can identify data protection issues.

Splashtop partners with Acronis to improve security for service providers (Help Net Security) Splashtop and Acronis announced a partnership that integrates solutions for secure remote access and support with Acronis Cyber Protect Cloud.

Atera integrates with Malwarebytes to protect organizations against ransomware attacks (Help Net Security) Atera announced a new integration with Malwarebytes, a provider of real-time cyber protection, to combat malware.

Atera Launches New Integration with Malwarebytes (PR Newswire) Atera, a remote-first IT management company, today announced a new integration with Malwarebytes, a provider of real-time cyber protection….

Wiz offers CVE-like cloud vulnerability registry, but will it gain traction? (CSO Online) The cloud vulnerability database, dubbed cloudvulndb.org and based on a GitHub repository, is seen as a welcome development, but widespread industry support is needed for it to be successful, analysts say.

BeyondTrust to Offer Its Entire Line of Identity and Access Solutions in AWS Marketplace (Yahoo) Customers benefit from a simplified procurement process through AWS Marketplace with flexible payment terms, consolidated billing, enterprise discounts and moreProvides flexibility to optimize identity and access security procurement with BeyondTrust’s entire solution portfolio ATLANTA, July 07, 2022 (GLOBE NEWSWIRE) — BeyondTrust, the worldwide leader in intelligent identity and access security, today announced the availability of all of BeyondTrust’s solutions for customer purchase in AWS Mar

Akamai Linode now offers Kali Linux instances (ZDNet) Kali Linux, the Linux of choice for hackers and security pros, is now available on the Linode cloud.

Technologies, Techniques, and Standards

Board Members Can No Longer Ignore Cybersecurity  (Crunchbase News) Cybersecurity is no longer optional for board members. Today’s boardroom is a perfect target for hackers.

Free decryptor released for AstraLocker, Yashma ransomware victims (BleepingComputer) New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom.

Netskope’s Beau Hutto calls single sign-on “a great challenge” for agencies (CyberScoop) Single sign-on and doing elegantly is a challenge for agencies as they move to a more modern and centralized identity management system.

Red Team vs. Blue Team: How They Impact Your Cybersecurity Career (Dice Insights) When determining their cybersecurity readiness, many organizations employ and deploy Red team and Blue team engineers that test security.

The agent of successful cyber security defense (Register) A two-pronged approach that combines agent and agentless tools may offer the best protection

What Do All of Those Cloud Cybersecurity Acronyms Mean? (Dark Reading) Acronyms serve as a gatekeeper — if you don’t sling the lingo, you don’t belong. So here’s a quick guide to the letter salad of cloud cybersecurity.

‘Win before firing a shot:’ Top Marine explains why the service is focused on information warfare (Breaking Defense) Gen. David Berger says the past four months of war in Ukraine has been a “fantastic case study” in information warfare.

Maryland National Guard cyber operators hone their skills during exercise (175th Wing) During a recent election, bad actors accessed the public facing website that was tracking Presidential election results and changed the results the public was seeing in real-time, which skewed in

Design and Innovation

Apple slaps hard against ‘mercenary’ surveillance-as-a-service industry (Computerworld) The company is introducing Lockdown Mode to protect high-risk individuals against corrosive surveillance and attacks, and investing millions to improve protection on its devices.

Spyware companies are finally getting their comeuppance. This new Apple product adds to their woes (Fortune) The iPhone developer’s “Lockdown Mode” provides another layer of protection from hacking tools sold by unscrupulous private firms.

Amid NSO lawsuit, Apple expands spyware protections (ComputerWeekly.com) Apple previews a new feature called Lockdown Mode to protect iPhone and iPad users from ‘mercenary spyware’.

Samsung working closely with Google, Microsoft to build measures to best prevent Pegasus-like cyberattacks | Exclusive (Financial Express) ‘We do recognise that there are a large number of state-level cyberattacks that are being launched.’

Academia

Educational institutions findings annex – Cyber Security Breaches Survey 2022 (GOV.UK) This annex includes findings from the samples of UK educational institutions included in this year’s Cyber Security Breaches Survey. The results primarily cover:

Cedar Rapids Suspends Summer Programs Amid Cyber Investigation (GovTech) In the wake of a cybersecurity breach over the weekend, an Iowa school district is putting programs on hold while investigators try to ascertain whether the incident was a ransomware attack or a data breach.

Legislation, Policy, and Regulation

Chinese Premier stresses data security after breach affected 1bn residents (Business Standard) Rattled at the alleged data leak of nearly 1 billion residents, China premier Li Keqiang has stressed data security, calling on government bodies to ‘defend information security’, the media reported on Friday.

China’s cyberspace regulator says data export review rules effective Sept. 1 (Reuters) China’s cyberspace regulator on Thursday said that rules requiring data exports to undergo security reviews would be effective from Sept. 1, the first time it has given a start date for a new regulatory framework that will affect hundreds, if not thousands, of Chinese companies.

Tech platforms face UK ban on blocking news providers before appeal (the Guardian) Change to online safety bill will stop sites such as YouTube barring content instantly, following TalkRadio debacle

US Treasury Develops ‘Framework’ for International Crypto Regulation (CoinDesk) The document is the first publication from the department to stem from President Biden’s executive order on digital assets.

Cybersecurity for Government Contractors (Bloomberg Government) Learn how the Biden administration cybersecurity CMMC requirements and other cybersecurity requirements for government contractors will change federal business.

Ethics Watchdog Bars US Government Employees From Writing Crypto Policy if Invested (CoinDesk) A new legal advisory from the Office of Government Ethics bars federal workers who own crypto from working on policies that could influence the value of their digital assets.

Election officials face security challenges before midterms (WPLG) Election officials have a long list of challenges as they prepare for the upcoming midterms.

Insider threats a growing concern for election security efforts (StateScoop) Recent breaches of election equipment represent insider threats “in ways we haven’t seen before,” said CISA’s top election-security official.

Lawmakers amplify calls for federal agencies to increase data privacy after Dobbs decision (Cybersecurity Dive) Seventy-two Democratic members of Congress want the FTC to use its full power to guard patients from data brokers collecting and selling data that could be used to prosecute pregnancy-related crimes.

Litigation, Investigation, and Law Enforcement

Five accused of trying to silence China critics in US (Register) Alleged campaign involved stalking via GPS and hidden cameras, fake interviews, confidential government data

Spanish judge okays probe into Israeli NSO group over Catalan phone tapping (Times of Israel) Catalan separatist party claims more than 60 phones belonging to independence supporters bugged using Pegasus phone hacking software during independence bid in 2017

Irish Facebook Decision Adds Pressure to Reach Transatlantic Data Deal (Wall Street Journal) European Union privacy regulators are reviewing an order that would to block Facebook from sending European user data to the U.S.

Abuse survivor awarded £30,000 in damages for Ecclesiastical data breach (Church Times) THE Ecclesiastical Insurance Office (EIO) has apologised to an abuse survivor, Gilo, for breaching h…

Brazilian authorities crack down on piracy in the metaverse (OODA Loop) This week, Brazil’s Ministry of Justice and Public Security announced that it conducted its first search within the metaverse with the goal of tackling digital piracy and other related crimes involving the theft of intellectual

ANALYSIS: DOJ Alleges Bid-Rigging Twist in Merger Challenge (Bloomberg Law) A recent Justice Department lawsuit seeking to bar Booz Allen Hamilton Holding Corp.’s pending purchase of rival EverWatch Corp. raises an interesting question: Can a merger agreement be anticompetitive even if the merger isn’t?

Data Breach Victims Press for Settlement Approval in Class Action Over Accellion Cyberattack – Tech (Law Street Media) A lawsuit against Accellion Inc. over data breaches occurring in late 2020 and early 2021 is edging closer to resolution. On Tuesday, a reply brief filed

Aon faces lawsuits over cyberattack (Business Insurance) Two putative class action lawsuits have been filed against Aon PLC alleging the brokerage was hacked between December 2020 and February 2022 but failed to alert affected individuals for more than three months.

Arrested Russian hacker Pavel Sitnikov looks to start a new chapter (The Record by Recorded Future) In December 2020, The Record published an interview between Recorded Future’s Dmitry Smilyanets and Russian hacker Pavel Sitnikov about ransomware, cybercrime, and his self-proclaimed connection with the notorious hacking group APT28, or Fancy Bear.

Mobile Computing