Dateline Ashgabat, Moscow, Kyiv, and Washington: Russia restates its security objectives.

Ukraine at D+127: Strikes against civilians along the Black Sea coast. (The CyberWire) Having withdrawn from Snake Island (as a humanitarian gesture, says the Kremlin; because the Ukrainians drove them out, says basically everyone else) Russian forces struck an apartment building along the Black Sea coast with Kh-22 Kitchen missiles, killing at least nineteen noncombatants, Norway recovers from what looks like a deniable Russian state DDoS attack, and NATO plans its rapid cyber response capability.

Russia-Ukraine war: what we know on day 128 of the invasion (the Guardian) At least 19 dead after Russian missile strikes multi-story apartment building in Odesa; Russian forces withdraw from Snake Island in Black Sea

Russia-Ukraine war: List of key events, day 128 (Al Jazeera) As the Russia-Ukraine war enters its 128th day, we take a look at the main developments.

Russian missiles kill at least 19 in Ukraine’s Odesa region (AP NEWS) Russian missile attacks on residential areas in a coastal town near the Ukrainian port city of Odesa early Friday killed at least 19 people, authorities reported, a day after Russian forces withdrew from a strategic Black Sea island.

Russian forces withdraw from Ukraine’s Snake Island (Washington Post) Russian forces say they have withdrawn from Ukraine’s Snake Island, a highly contested speck of land in the Black Sea they captured shortly after the start of the war — presenting a small but strategic win for Ukraine on Thursday.

Ukraine “big victory” at Snake Island could be a turning point (Newsweek) Russian troops’ ejection from the Black Sea island is of major significance, Ukraine’s former defense minister told Newsweek.

Why Ukraine’s Snake Island victory could be a major blow for Putin (The Telegraph) In Ukrainian hands, the threat to Moscow’s Black Sea fleet will go up, and the risk of an amphibious assault on Odesa will go down

Snake Island: Why Ukraine just won’t let it go (The Telegraph) The rocky Black Sea outcrop where 13 Ukrainian border guards famously refused to surrender has taken on a new significance

Putin’s week: Facing NATO expansion, West’s unity on Ukraine (AP NEWS) It has not been an easy week for Russian President Vladimir Putin. He took his first foreign trip since the invasion of Ukraine to shore up relations with troublesome Central Asian allies. He watched as NATO declared Moscow its main enemy and invited Russia’s neighbors Sweden and Finland to join the alliance.

Pro-Russian hackers launched a massive DDoS attack against Norway (Security Affairs) Norway’s National Security Authority (NSM) confirmed that a DDoS attack took down some of the country’s most important websites. Norway’s National Security Authority (NSM) confirmed that some of the country’s most important websites and online services were taken down by a massive DDoS attack conducted by a pro-Russian group. NSM did not explicitly attribute the […]

NATO establishes program to coordinate rapid response to cyberattacks (POLITICO) The U.S. will offer “robust national capabilities” to support this program, according to a fact sheet put out by the White House on Wednesday.

NATO to create cyber rapid response force, increase cyber defense aid to Ukraine (CyberScoop) The references the NATO declaration makes to cybersecurity depart from the past and reflect the increasing importance of cyberdefense to overall security, experts said.

FACT SHEET: The 2022 NATO Summit in Madrid | The White House (The White House) The June 29-30, 2022 NATO Summit in Madrid, Spain will be an historic moment for the Transatlantic Alliance. Building on the President’s first NATO Summit

Biden: Additional $800M For Ukraine Coming ‘In The Next Few Days’ (Defense One) The latest aid package will include Western air-defense systems as well as more ammunition and radars.

Biden Vows to Back Ukraine ‘as Long as It Takes’ Despite Economic Toll (New York Times) NATO leaders concluded a summit with new commitments to a united front against Russian aggression, but they face the challenge of persuading their own people that it’s worth the cost.

Assessing U.S. Support to Ukraine Four Months after Russia’s Invasion (Wilson Center) Four months have passed since Russia escalated its war on Ukraine to a total, multi-pronged invasion.

Emmanuel Macron and Olaf Scholz have finally changed tone on Ukraine, but will rhetoric match reality? (The Telegraph) Almost five months after the invasion, France and Germany are now taking steps to make good their botched response to Vladimir Putin’s war

Vladimir Putin: Topless Boris Johnson and Justin Trudeau would be ‘disgusting sight’ (The Telegraph) War of words escalates as Russian president gets shirty over Western leaders’ remarks on baring their chests

Why Western Sanctions against Russia Work, and How to Make Them Work Better (Wilson Center) The Russian economy is facing significant problems because of the West’s sanctions. Since April, the country has lost half its imports. Manufacturing facilities that depend on imported components are struggling or facing a shutdown.

Attacks, Threats, and Vulnerabilities

North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist (SecurityWeek) The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony’s Horizon Bridge, according to new data and research from Elliptic.

North Korean Lazarus hackers linked to Harmony bridge thef (TechCrunch) Researchers say the hack was consistent with the activities of the North Korean hackers.

North Korea Suspected of Plundering Crypto to Fund Weapons Programs (Wall Street Journal) A $100 million heist from crypto project Harmony matches tactics from a string of hacks linked to Pyongyang, blockchain experts say.

Sudan government shuts off internet ahead of anti-coup protest (The Record by Recorded Future) Sudan’s government shut off the internet across the country ahead of massive protests against the military.

FBI and CISA warn: This ransomware is using RDP flaws to break into networks (ZDNet) US exposes MedusaLocker, one of the ransomware gangs that ramped up activity as the pandemic gripped the world.

CISA Alert AA22-181A – #StopRansomware: MedusaLocker. (CISA Cybersecurity Alerts with the CyberWire) CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks.

#StopRansomware: MedusaLocker (CISA) Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication.

CISA issues warning on exploited PwnKit flaw (SC Magazine) The Cybersecurity and Infrastructure Security Agency has warned about the active exploitation of the PwnKit Linux security flaw, tracked as CVE-2021-4034.

Google blocked dozens of domains used by hack-for-hire groups (BleepingComputer) Google’s Threat Analysis Group (TAG) has blocked dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide.

Countering hack-for-hire groups (Google) As part of TAG’s mission to counter serious threats to Google and our users, we've published analysis on a range of persistent threats including government-backed attackers, commercial surveillance vendors, and serious criminal operators. Today, we’re sharing intelligence on a segment of attackers we call hack-for-hire, whose niche focuses on compromising accounts and exfiltrating data as a service.In contrast to commercial surveillance vendors, who we generally observe selling a capability for the end user to operate, hack-for-hire firms conduct attacks themselves.

Microsoft warning: This malware that targets Linux just got a big update (ZDNet) Microsoft warns over recent work by the ‘8220’ malware gang to compromise Linux systems and install cryptomining malware.

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers (The Hacker News) Microsoft warns of a Chinese hacking group that recently updated its malware tools to compromise Linux servers with crypto mining malware.

Macmillan Publishers hit by apparent cyber attack as systems are forced offline (IT PRO) Experts believe the cause of the days-long outage to be the result of ransomware, though the company has not yet confirmed the nature of the attack

Attacker Floods npm With Crypto-Mining Packages that Mine Monero When Installed with Default Configuration (Mend) The Mend Research Team analyzed a recent attack that flooded npm with crypto-mining packages that mine Monero when installed with default configuration.

Microsoft: This Android malware will switch off your Wi-Fi, empty your wallet (ZDNet) Microsoft security researchers give their take on the WAP fraud Android malware problem.

Ransomware Defense Insights From SANS (Morphisec) Ransomware attacks are becoming more prolific and evasive. So what does an effective ransomware defense entail?

Report: Only 8 ransomware groups have attacked over 500 organizations (VentureBeat) 8 different ransomware groups share over half of the cyber kill chain, and execute the core stages of cyberattacks identically.

ZuoRAT Can Take Over Widely Used SOHO Routers (Threatpost) Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.

Microsoft Exchange servers worldwide backdoored with new malware (BleepingComputer) A newly discovered lightweight and persistent malware was used by attackers to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa.

New ‘SessionManager’ Backdoor Targeting Microsoft IIS Servers in the Wild (The Hacker News) A new backdoor, dubbed SessionManager, has been discovered in the wild targeting Microsoft IIS servers belonging to a large number of companies.

Brocade Vulnerabilities Could Impact Storage Solutions of Several Major Companies (SecurityWeek) Vulnerabilities found in Brocade (Broadcom) software could impact the storage solutions of several major companies.

New Group of Cybercriminals Claims Credit for Massive Data Breach at Fitzgibbon Hospital (JD Supra) Recently, Fitzgibbon Hospital appears to have been the victim of a ransomware attack that was carried out by a previously unknown group of…

Novartis hit by cyberattack but says no sensitive data were compromised: report (Fierce Pharma) No one is immune from cyberattacks—not even pharmaceutical giants like Novartis.

How did a rental startup I’d never heard of leak my home address? (TechCrunch) Read your apartment’s privacy policy.

Cyberattack disrupts unemployment benefits in some states (AP NEWS) A cyberattack on a software company has disrupted unemployment benefits and job seeking assistance for thousands of people in several states. In Tennessee, the website for unemployment benefits remained down Thursday morning after the vendor, Geographic Solutions Inc., told the state Sunday that service would be interrupted.

Multiple state employment sites down after cyberattack on Geographic Solutions Inc. (StateScoop) A cyberattack against Geographic Solutions Inc. has taken several state unemployment and workforce sites offline.

NFT giant OpenSea reports major email data breach (TechCrunch) OpenSea, the popular NFT marketplace that hit a colossal $13 billion valuation in January, is warning users of email phishing after a data breach. A staff member at, an email vendor contracted by OpenSea, misused their employee access to download and share email addresses of OpenSea&#82…

Important Update on Email Vendor Security Incident (OpenSea) We recently learned that an employee of, our email delivery vendor, misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorized external party. If you have shared your email with OpenSea in the past, you should assume you were impacted. We are working with in their ongoing investigation, and we have reported this incident to law enforcement.

California DOJ apologizes for ‘unacceptable’ breach involving Firearms Dashboard (The Record by Recorded Future) California’s Justice Department admitted this week that personal information was leaked after it debuted a new version of its Firearms Dashboard Portal. 

Security Patches, Mitigations, and Software Updates

Microsoft gives its partners power to change AD privileges on customer systems – without permission (Register) Somewhat counterintuitively, this is being done to improve security

Google Workspace Now Warns Admins of Sensitive Changes (SecurityWeek) New security alerts in Google Workspace will notify admins when changes are made to admin accounts or SSO profiles.

Staying safe online with our updated Google Password Manager (Google) Today we’ve started rolling out a number of updates that help make the experience easier to use, with even stronger protections built in.

Exemys RME1 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Exemys Equipment: RME1 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with network access to bypass authentication and perform administrative operations.

Yokogawa Wide Area Communication Router (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Yokogawa Equipment: Wide Area Communication Router (WAC Router) Vulnerability: Use of Insufficiently Random Values 2. RISK EVALUATION Successful exploitation of this vulnerability could cause the functions provided by the WAC Router to stop.

Emerson DeltaV Distributed Control System (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable on adjacent network/high attack complexity
Vendor: Emerson
Equipment: DeltaV Distributed Control System
Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Insufficient Verification of Data Authenticity, Use of a Broken or Risky Cryptographic Algorithm

Distributed Data Systems WebHMI (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Distributed Data Systems Equipment: WebHMI Vulnerabilities: Cross-site Scripting, OS Command Injection 2.

Mitsubishi Electric FA Engineering Software (CISA) 1. EXECUTIVE SUMMARY

CVSS v3 5.5
ATTENTION: Low attack complexity
Vendor: Mitsubishi Electric
Equipment: FA Engineering Software
Vulnerabilities: Out-of-bounds Read, Integer Underflow

Successful exploitation of these vulnerabilities may cause a denial-of-service condition.

CODESYS Gateway Server (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS GmbH Equipment: CODESYS Gateway Server Vulnerability: Heap Based Buffer Overflow 2.

C-Suite Ignoring Smart Factory Cyber-Threats (Infosecurity Magazine) Capgemini urges manufacturing business leaders to address cyber risk

Study Reveals Traditional Data Security Tools Have a 60% Failure Rate (PRWeb) Titaniam, Inc., the industry’s most advanced data security platform, announced today the ‘State of Data Exfiltration & Extortion Report.’ The survey re

COVID hangover (Cerby) Collaboration can be chaos. Cerby helps teams inject order into their daily workflows without slowing teams down or opening new security gaps.


Thrive Acquires Edge Technology Group to Become the Leading Cybersecurity Managed Services Provider for the Global Financial Community (PR Newswire) Thrive, a premier provider of Cybersecurity and Digital Transformation Managed Services, announced today that it has acquired Connecticut-based…

Token Raises $13 Million for Its Biometric Authentication Ring (SecurityWeek) Token raises $13 million in Series B funding led by Grand Oaks Capital to accelerate development of wearable authentication solutions.

Startup Founders Say Venture-Capital Investors Are Driving Harder Deals (Wall Street Journal) Startup founders say venture-capital investors are offering tougher terms as companies attempt to raise money amid economic uncertainty and a broad selloff in tech stocks.

After a sharp rise, cyber insurance rates show signs of stabilizing (The Record by Recorded Future) An uptick in costly cyberattacks led cyber insurance providers to hike their rates in 2021, with standalone cyber coverage premiums increasing an estimated 92% year-over-year, according to industry data.

Companies are desperate for cybersecurity workers—More than 700K positions need to be filled (Fortune) Cybersecurity jobs in the U.S. are in high demand because the field requires many credentials and certifications.

Threat of disaster: We’re short-staffed in the cyber-world (American Thinker) Global hacking threats and cyber-warfare are by no means a new phenomenon as the past several years have seen an explosion of attacks against America and other Western nations from countries like Russia and China.

Northern Ireland is the future of British cyber security (IT PRO) How a perfect marriage of government and academia backing has led to a hotbed of tech talent and surge in foreign investment

BlueVoyant Recognized as the 2022 Microsoft U.S. Security Partner of the Year Winner (PR Newswire) BlueVoyant, a rock-solid cyber defense platform company converging internal and external security, today announced it has won the 2022…

Versa Networks Named as Winner in SC Awards Europe 2022 Awards Program (Business Wire) Versa Networks, the recognised secure access service edge (SASE) leader, today announced that it has been named as the winner for Best Customer Servic

Products, Services, and Solutions

New infosec products of the week: July 1, 2022 (Help Net Security) The featured infosec products this week are from: Fusion Risk Management, G-Core Labs, Rafay Systems, and RangeForce.

Actility collaborates with Motorola Solutions to facilitate LoRaWAN critical IoT Deployments (Actility) Actility has announced the integration of Motorola Solutions’ MC-EDGE Intelligent Gateway into its ThingPark® platform

Apiiro Extends Right from Code to Runtime To Help Developers Fix Risks Faster (Apiiro) Apiiro can now connect app risks in runtime back to the source code to proactively fix critical risks and reduce the remediation time.

SecureKloud Launches CloudEdge Platform to Ease Cloud Adoption (AiThority) SecureKloud Technologies, provider of cloud transformation solutions, has announced the launch of its Platform-as-a-Service (PaaS) offering

Resecurity® Brings Cyber Threat Intelligence to Microsoft Azure (PR Newswire) Resecurity, a cybersecurity and intelligence company, today announced its award-winning cybersecurity threat intelligence and risk monitoring…

Organizations Can Now Accelerate Journey to the Cloud with Amazon FSx for NetApp ONTAP and Datadobi’s StorageMAP (Datadobi) StorageMAP enables customers to conduct unstructured data management projects to analyze & relocate data from any NAS system to Amazon FSx for NetApp ONTAP

Technologies, Techniques, and Standards

Breaking through the myths and misconceptions of implementing zero trust (FedScoop) Implementing zero trust is an imperative for federal agencies, but some leaders may still be struggling to plan and implement their strategy to get there.

Why SMO provides an ideal platform for intelligent Open RAN security (Ericsson) The cloud introduces security advantages for 5G Open RAN deployments, but it also expands the attack surface. The visibility and intelligence of the service management and orchestration (SMO) make it an ideal platform to enhance the security posture of Open RAN cloud deployments, aligning with a zero trust architecture (ZTA).

Research and Development

Northrop Grumman to build Space Force prototype for cyber protection of satellite networks (Breaking Defense) The prototype, called Space End Crypto Unit (ECU), is being developed in tandem electronics firm Aeronix, with planned delivery in 2024. 

Lockheed prepping to demo ‘scaled EA’ capability at RIMPAC – Breaking Defense (Breaking Defense) The company is trying to show it can bring the capabilities of SEWIP Block III to a larger array of ships.


Top 10 cybersecurity colleges in the U.S. in 2022 (VentureBeat) Here are our picks for the top cybersecurity training, courses and opportunities available from colleges across the U.S.

Champlain College president highlights workforce partnership (WCAX) Champlain College and a major Colchester employer say their collaboration is making Vermont a leader in cybersecurity.

Legislation, Policy, and Regulation

Prime Minister briefed on upcoming National Cybersecurity Strategy: Rajesh Pant (Moneycontrol) National Cybersecurity Coordinator Lt Gen (Retd) Rajesh Pant also said that the government was planning to bring in a National Cyber Registry, which is aimed at being a human resource portal of government’s cybersecurity professionals

Sen. Cantwell’s elusive endorsement puzzles privacy talks (Washington Post) Early this year, Sens. Richard Blumenthal (D-Conn.) and Marsha Blackburn (R-Tenn.) struck a deal on a bipartisan data privacy bill aimed at breaking the years-long impasse on passing a federal law — earning the blessing of a top Republican.

Litigation, Investigation, and Law Enforcement

Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack (Times of Israel) Defense minister says recent leaks violate Israel’s ‘ambiguity policy’; reports say dramatic video of factory fire was shown to military chief during visit to intelligence unit

Booz Allen acquisition of defense firm EverWatch would harm NSA, US says (Defense News) “Both the acquisition agreement and the underlying transaction violate federal antitrust law,” said Assistant Attorney General Jonathan Kanter.

Booz Allen Response to Antitrust Suit (Business Wire) Booz Allen Hamilton has issued the following statement regarding its proposed EverWatch acquisition, from company spokesperson Jessica Klenk: For 108

Warrants Can Force Google To Look Through Your Search History–A Tragic Arson Case May Decide If That’s Constitutional (Forbes) The government has repeatedly demanded Google hand over information on anyone searching specific terms. For the first time, lawyers and privacy advocates are now challenging the lawfulness of those searches in court, in the case of an arson that led to the deaths of two small girls.

Police used a reverse keyword Google search to find an accused killer. He says that’s illegal. (NBC News) Privacy advocates are watching the case closely, concerned that police could use reverse keyword searches to investigate people who seek information about abortions.

Ex-government IT worker collaborated with Russian cybergang (Computing) Vachon-Desjardins was arrested in Canada in January 2021 and extradited to the US in March this year

£170,000 data breach fine for Manx Care (3FM) Taxpayers will have to pick up a £170,000 bill after Manx Care was given a huge penalty by the Information Commissioner’s Office.

NY AG: Wegmans to Pay $400K for Data Breach That Exposed Customers’ Personal Info (NBC New York) Grocery chain Wegmans will pay $400,000 in penalties to New York, as well as upgrade its data security practices, following an data breach that exposed the personal information of more than three million customers nationwide, including more than 830,000 New Yorkers, according to the state’s attorney general. The compromised information included usernames and passwords to Wegmans accounts, customers’ names, emails,…