High-end and low-end extortion. Rolling-PWN. Social media

Dateline Moscow, Kyiv, Vilnius, Warsaw, and Washington: DDoS, OPSEC, and other aspects of a hybrid war.

Ukraine at D+138: OPSEC in a social media world. (The CyberWire) Russia continues the reconstitution of its army. Its maneuver forces remain relatively static while its artillery continues the reduction of those Ukrainian towns and cities within cannon and rocket range. Ukraine says it’s making good use of NATO-supplied artillery, and Russian social media posts from the area of operations lend credence to those claims. Russia’s mounts DDoS attacks against Polish government sites as NATO and Ukraine organize an opposing cyber capability.

Russia-Ukraine war: List of key events, day 139 (Al Jazeera) As the Russia-Ukraine war enters its 139th day, we take a look at the main developments.

Russia-Ukraine war update: what we know on day 139 of the invasion (the Guardian) The death toll from a Russian missile attack on Chasiv Yar in eastern Ukraine rises to 33; Kyiv warns Russia will step up fight in Donbas

Russia Steps Up Attacks on Civilian Areas, Even With Advance Paused (New York Times) Russian forces in eastern Ukraine are regrouping, with a new offensive expected, but they continue to rain death and destruction on cities and towns.

Russia Repeatedly Strikes Ukraine’s Civilians. There’s Always an Excuse. (New York Times) The Kremlin’s explanations have sometimes satisfied the Russian people, but they fall apart under closer scrutiny abroad.

Russia-Ukraine war: Ukraine strikes Russian military depot ‘killing seven’ (The Telegraph) Ukraine says it launched a barrage of rockets and missiles on Russian military targets in southern Ukraine and destroyed an arms depot, in attacks that Moscow-backed authorities said had damaged homes.

Ukrainian rockets hit Russian-controlled area as Kyiv gears up for southern counter-attack (Reuters) Ukraine said on Tuesday it had carried out a successful long-range rocket strike against Russian forces in southern Ukraine, territory it says it is planning to retake in a counter-offensive using hundreds of thousands of troops.

Ukraine reports striking Russian ammunition depot in south (AP NEWS) Ukrainian authorities said Tuesday that their forces targeted a Russian ammunition depot in southern Ukraine with overnight, resulting in a massive explosion captured on social media.

Himars rockets strike fear into Russians: ‘This is just the beginning’ (The Telegraph) Military blogger says strikes by the US-supplied High Mobility Artillery Rocket Systems are so accurate they can ‘land on a penny’

Ukraine Digs for Survivors in Rubble of Residential Attacks by Russian Missiles (Wall Street Journal) The death toll from the Russian missile strike in the Donetsk region rose to 31 people. Three are dead in an attack in Kharkiv, a regional official said.

Ukraine war: 7,200 Ukrainian service personnel missing – ombudsman (BBC News) Most of them are in Russian captivity, and “sooner or later” will be freed, Oleh Kotenko says.

Russian-occupied regions of Ukraine at risk from infections and epidemics (Atlantic Council) Russia’s ongoing invasion of Ukraine and occupation of around 20% of the country has produced a range of major public health challenges that require urgent international attention, writes Ihor Kuzin.

The West Worries Too Much About Escalation in Ukraine (Foreign Affairs) NATO can do more without provoking Moscow.

Four (updated) ways the war in Ukraine might end (Atlantic Council) Four months later, Scowcroft Center experts reexamine their forecasts and suggest how to amend them in light of recent developments.

Ukraine official says Russia strikes ‘absolute terrorism’ (AP NEWS) Russian missile strikes early Monday on Ukraine’s second-largest city killed at least three people and injured scores, including children, the local administrator said, describing the attacks in Kharkiv as “absolute terrorism.”

Amid Ukraine war, Russian parliament to hold extraordinary session (Reuters) The lower house of the Russian parliament will gather on July 15 for an extraordinary session, its council decided on Monday, just days after President Vladimir Putin warned that he had not even started to get serious in the war in Ukraine.

Putin ally Lukashenko faces revolt from officers against Ukraine war: Report (Newsweek) Military officers allegedly wrote in an open letter to the Belarusian president that joining Russia to fight in Ukraine would be “pure suicide.”

Five Space Lessons Russia’s Invasion Taught Ukraine (Defense One) Kyiv now wants its own imagery and comms satellites—and a stealthy way to launch them, a former space agency head says.

The Biggest Threat to the Military May Not Be What You Think (ClearanceJobs) During WWII, military communications were heavily monitored to make sure the enemy could get nothing. But things have changed a bit.

Iran planning to arm Russia with drones, US says (The Telegraph) Tehran could supply the Kremlin with hundreds of UAVs and the training to use them, the White House warned

Lech Walesa: Global security can be secured by “people’s uprising linked to Russia”. (South West Review) Former Polish President Lech Walesa advocates “an uprising of the people of this Russia and the people annexed by Russia” when “the population of Russia

Blinken Tells China: ‘It’s Pretty Hard to Be Neutral’ on Ukraine (New York Times) The secretary of state met with China’s foreign minister for five hours in Indonesia after a G20 meeting. In southern Ukraine, fighting intensified amid expectations of a possible offensive to retake occupied territory.

US’s Blinken raises China’s ‘alignment with Russia’ on Ukraine (Al Jazeera) Secretary of State Antony Blinken tells China’s Foreign Minister Wang Yi that Beijing not acting ‘neutral’ on Ukraine.

Russia launches attack on Poland as hackers declare war on 10 countries, including UK (Express) AFTER fending off attacks for months, Russian hackers launched a major cyberattack on Poland, bringing down key government websites.

Vice Minister: cyber attacks are aimed at seeking publicity and raising tensions (DELFI) Cyber attacks against Lithuanian state-owned companies and businesses are aimed at attracting publicity and raising tensions, the country’s vice minister of national defense says.

How one Ukrainian ethical hacker is training ‘cyber warriors’ in the fight against Russia (The Record by Recorded Future) In the Ukrainian hacker community, Mykyta Knysh is a household name. The 31-year-old former employee of Ukraine’s Security Service (SBU) founded cybersecurity consulting company HackControl in 2017 and launched a YouTube channel about internet security and digital literacy. It has about 8,000 subscribers.

Equipping U.S. Partners in Cyberspace is a Must (The Cipher Brief) RADM (Ret.) Mark Montgomery and Jiwan Ma share insights on why equipping U.S. Partners in Cyberspace is a Must

Finland, in NATO and with the F-35, forms a powerful challenge to Russia (Breaking Defense) “Finland never bought into the idea of East-West peace lasting forever following the collapse of the Soviet Union,” and now seems prescient in its defense investments, writes Robbin Laird.

Japan is examining its security and defense policy as Russia continues war in Ukraine (NPR) Shinzo Abe, former Japanese prime minister who was killed July 11, championed for more robust defense and security policies. With current world events, those ideas are increasingly important in Japan.

Europe’s Worst Energy Nightmare Is Becoming Reality (Foreign Policy) Russian outages and record-high prices threaten a “winter of discontent.”

Gas pipeline shutdown starts amid German suspicion of Russia (AP NEWS) A major natural gas pipeline from Russia to western Europe shut down Monday for annual maintenance as Germany prepared to give the green light for 10 coal-fired power plants to restart because of concerns that Russia may not resume the flow of gas as scheduled.

Ukraine war: Germany fears Russia gas cut may become permanent (BBC News) The crucial Nord Stream 1 pipeline is shutting down for 10 days of annual maintenance work.

Europe Jittery Over Reduced Russia Gas Supplies (NDTV) Russian gas giant Gazprom begins 10 days of routine maintenance on its Nord Stream 1 pipeline on Monday — with Germany and other European countries watching anxiously to see if the gas comes back on.

The doomsday scenario of a winter without Russian gas (The Telegraph) Millions of jobs are at risk if Vladimir Putin chokes off supplies

Worst of Global Energy Crisis May Still Be Ahead, IEA Says (Bloomberg) Security of oil and gas supplies remains a major challenge. China has “big-footed” world on new energy supply chains: US.

U.S. Says Seven Boeing Planes Belonging To Belarus’s National Airline Violate U.S. Export Controls (RadioFreeEurope/RadioLiberty) The U.S. Commerce Department has identified seven Boeing 737 Planes operated by Belarusian national carrier Belavia that are in apparent violation of U.S. export controls.

Attacks, Threats, and Vulnerabilities

‘Nobody is holding them back’ — North Korean cyber-attack threat rises (Cointelegraph) North Korea’s army of crypto hackers and operators will only get better at infiltrating crypto firms, posing a risk of a repeat of recent cyber attacks such as Axie Infinity and Harmony.

Why China’s Massive Data Leak Is So Chilling (Bloomberg) If you were only reading Chinese newspapers last week, you would have missed potentially the largest known data breach in the country’s history.

Revealed: The Smartphone App Spying on Baha’is (IranWire) In recent days, internet security experts, who are also members of the Baha’i community, have warned that hackers affiliated with the Is …

Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs (The Hacker News) Malicious actors increasingly use GitHub actions and Azure virtual machines (VMs) for cloud-based cryptocurrency mining

Ransomware gang now lets you search their stolen data (BleepingComputer) Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data.

New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials (Dark Reading) Scams pressure victims to “resolve an issue that could impact their status, business.”

‘Luna Moth’ Group Ransoms Data Without the Ransomware (Dark Reading) Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private.

HavanaCrypt ransomware sails in as a fake Google update (Register) Difficult to detect, hiding its window by using the ShowWindow function in Windows

New Vulnerabilities in Kubernetes NGINX Ingress Controller (Lightspin) In this blog we present a new way we discovered to exploit the Ingress Controller.

How smart homes present owners with big cybersecurity risks (Verdict) Smart homes have made people’s lives more convenient, but they have also brought with them a range of cybersecurity risks.

Hackers can unlock Honda cars remotely in Rolling-PWN attacks (BleepingComputer) A team of security researchers found that several modern Honda car models have a vulnerable rolling code mechanism that allows unlocking the cars or even starting the engine remotely.

Hackers Say They Can Unlock and Start Honda Cars Remotely (Vice) They key fobs of several Honda models have a flaw that could allow hackers to unlock and start the cars.

Rolling PWN (PWN) Modern vehicles are often equipped with a remote keyless entry system. These RKE systems allow unlocking or starting the vehicle remotely.

Hacker Group Claims Elden Ring Publisher Is Its Latest Victim (Yahoo Finance) Bandai Namco, the Japanese publisher behind the Ace Combat, Dragon Ball Z, and Dark Souls games, appears to be the latest major gaming company to suffer a major hack. The ransomware group BlackCat added the Elden Ring publisher to its list of victims earlier today, though it’s not yet clear the extent of the damage or how much money the group is demanding.

Keep an eye on your Experian accounts for fraudulent access (Register) When identity thieves strike your identity theft monitor

BNamericas – CFE denies new data breach (BNamericas.com) The Mexican state-owned electric power utility said it verified its equipment and records, and found that data leaked online was from 2003 or 2004.

Associated Eye Care Discloses Impact From 2020 Netgain Ransomware Attack (SecurityWeek) The Montana-based company has started informing patients that their data was accessed without authorization during a November 2020 ransomware attack on Netgain.

Breach exposed personal data of organ donors and recipients at VCU Health since 2006 (Richmond Times-Dispatch) Virginia Commonwealth University Health System has announced a data breach may have exposed the personal information of almost 4,500 organ donors and recipients since 2006.

South Texas hospital data breach puts 15,000 patients at risk (kiiitv.com) CHRISTUS Health said the breached data could include a patient’s full name, Social Security number, date of birth, home address, billing and insurance information.

Bayhealth Medical Center, Inc. Confirms More than 17,000 Patients Impacted by Professional Finance Company Data Breach (JD Supra) On July 5, 2022, Bayhealth Medical Center, Inc. posted notice of a data breach that affected the sensitive information of as many as 17,481 patients….

Charlotte Radiology Urges Patients to Watch for Healthcare Identity Theft Following Data Breach (JD Supra) Recently, Charlotte Radiology confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive patient…

OrthoNebraska Hospital Reports Leaked Protected Health Information Following Email-Based Cyberattack (JD Supra) OrthoNebraska Hospital, based in Omaha, Nebraska, recently confirmed a data breach following an incident in which an unauthorized party gained access…

Going Once, Going Twice, Sold: Real Time Bidding Data Privacy Breach (JD Supra) The ongoing massive data breach in the world of advertising: real time bidding (“RTB”). You likely are, or have been, a target of RTB…

Massive Rogers outage caused by a maintenance update (BleepingComputer) Over the weekend, Rogers Communications CEO Tony Staffieri revealed the telecom company believes a maintenance update was what caused last week’s massive outage.

Vulnerability Summary for the Week of July 4, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

That didn’t last! Microsoft turns off the Office security it just turned on (Naked Security) An Office anti-malware setting that took more than 20 years to arrive… and fewer than 20 weeks to vanish again.

Microsoft Confirms Temporary Rollback of Macro Blocking Feature (SecurityWeek) Microsoft has confirmed that the recent rollback of a feature related to the blocking of internet macros in its Office suite is only temporary.

Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’ (The Record by Recorded Future) Microsoft claimed its decision to roll back a popular change that blocked Visual Basic for Applications (VBA) macros by default will be “temporary” but offered no timeline.

The Cloud Security Threat Landscape (CrowdStrike) Download the Protectors of the Cloud report now to find out which top cloud security threats to watch for and how best to address them.

The state of industrial security in 2022 (Barracuda Networks) Insecure remote access, lack of network segmentation, and insufficient automation are leaving organizations open to attacks.

Hybrid Work Expectations vs. IT Reality: New Report Shares Stark Findings (NinjaOne) Remote work went from exception to the norm almost overnight, but a new report shows how this rapid shift came with costs to IT operations.

Ransomware is still cybersecurity’s biggest challenge (VentureBeat) At CyberWeek 2022, UK SEO of NCSC, Lindy Cameron, said all hands must be on deck to root out ransomware, at government and enterprise levels.

New poll finds 7 in 10 adults want social media firms to do more to tackle harmful content (GOV.UK) Ipsos study finds over 4 in 5 adults are concerned about harmful content online

Expert warns of rising threat of cyber attacks on physical infrastructure (The Straits Times) Singapore is doing well in proactively preparing for specific scenarios, said Dragos’ CEO.

What are bad actors called in cybersecurity? (Dataconomy) In this article, you can learn what are bad actors called in cybersecurity, bad actors meaning, threat actor types and attributes, detecting threat actors, bad actor vs hacker, and more.


The cyber insurance market has a critical infrastructure problem (CyberScoop) Rising cybersecurity risks are reviving questions about the ability of cybersecurity insurance to cover the risks of a catastrophic attack.

Cyber trust issues: How vulnerability creates cyber resilience (World Economic Forum) Organizations that will be leaders in the digital economy will encourage cyber resilience and build collaboration in the ecosystem by sharing experiences about cyber risks and challenges.

Thales further accelerates its cybersecurity development with the acquisition of OneWelcome, a leader in Customer Identity and Access Management (Thales Group) Continuing its cybersecurity expansion strategy, Thales announces the signature of an agreement to acquire OneWelcome, a European leader in the fast growing market of Customer Identity and Access Management, for a total consideration of €100 million. OneWelcome’s strong digital identity lifecycle management capabilities will complement Thales’s existing Identity services (secure credential enrollment, issuance and management, Know Your Customer etc) in order to offer the most comprehensive Identity Platform in the market. ​

With $3.3M in Seed Funding, Paladin Cloud Launches to Holistically Improve Cloud Security (GlobeNewswire News Room) Open source, Security-as-Code platform to help developers and security teams significantly reduce risks while improving their overall cloud security…

Kaseya says ‘false information’ was published about firm’s future (CRN Australia) Following comments from Datto co-founder Austin McChord.

Oracle mulls $1bn in cost cuts, laying off thousands of employees (Computing) Two top Oracle executives are also departing in addition to the possible job cuts

Versa Networks ACE Partner Program Wins 2022 Visionary Spotlight Award for Channel Deployments of the Year (Business Wire) Versa Networks, the recognized secure access service edge (SASE) leader, today announced that ChannelVision Magazine has named its Versa ACE (Accelera

Cybersecurity firm Polygraph reminds advertisers to apply for click fraud refunds every month (GlobeNewswire News Room) Some advertisers are wasting over 80% of their ad budgets by failing to request refunds from online advertising networks…

Iron Bow Technologies Appoints Dan Muse as Chief Financial Officer (Business Wire) Iron Bow Technologies, the leading technology solutions provider to government, commercial, and healthcare markets, today announced the appointment of

Mastermind of Broadcom’s VMware buy is out, CEO Tan to take over software (Register) Chip giant takes an add Hock approach

CRN® Names Ophelia Clarke of ConnectWise a Rising Female Star (GlobeNewswire News Room) ConnectWise, the world’s leading software company dedicated to the success of IT solution providers, today…

Incode Makes Strategic Hire to Further Accelerate Growth and Global Adoption (Business Wire) Incode, the next-generation identity verification and authentication platform for global enterprises, today announced that Dean Hickman-Smith has join

Secureworks Appoints Michael Aiello As Chief Technology Officer (Secureworks) Former Product Lead for Google Cloud Security Will Accelerate Growth as Business Transformation Continues

Products, Services, and Solutions

Deloitte Launches Zero Trust Access, a New Managed Security Service (PR Newswire) To help organizations adopt zero trust more quickly and efficiently, Deloitte is launching a new managed service – Zero Trust Access— that…

Paladin Cloud Launches New Cloud Security and Governance Platform (Dark Reading) The new open source security-as-code platform will help developers and security teams automatically detect security policy violations across the organization’s cloud infrastructure.

Cellebrite Rebrands Digital Intelligence Solutions Suite (AiThority) Cellebrite, the global leader in DI solutions for public and private sectors, announced it has rebranded the industry’s most comprehensive

Project slashes cost of OT cybersecurity for UK SMEs (Drives and Controls Magazine) A Welsh cybersecurity software developer has joined forces with Siemens to offer a low-cost OT (operational technology) security system for manufacturing…

Bitdefender Innovates Managed Detection and Response (MDR) with New Service Optimized for Organizations with Limited Resources (Bitdefender)

Dell’Oro Group Research Recognizes Aryaka as Delivering SASE with Unified Security and Network Connectivity (Business Wire) Aryaka®, the leader in fully managed SD-WAN and SASE solutions, today announced the company has been recognized by Dell’Oro Research Group as the newe

NeoSystems and Deltek Join Forces to Deliver Services in the Cloud (PR Newswire) NeoSystems, a full-service strategic outsourcer, IT systems integrator and managed services provider to the government contracting market, is…

FINOM Selects Resistant AI’s Transaction Forensics to Strengthen its Money Laundering Defences (Resistant.AI) The Pan-European B2B Fintech Platform Can Now Prioritise In-house Alerts More Effectively While Adding Advanced Anomaly Detection

Keyfactor Launches EJBCA SaaS on Microsoft Azure (Keyfactor) The availability of EJBCA on Azure Marketplace allows customers to accelerate cloud migration.

Technologies, Techniques, and Standards

Post-quantum preparations: NIST has chosen, what should CISOs do now? (Computing) With the post-quantum cryptography landscape becoming clearer, every infrastructure decision should include considerations of quantum risk, says Post-Quantum’s Andersen Cheng

Radiant Logic Participates in NIST NCCoE Zero Trust Architecture Project (Business Wire) In the Zero Trust Architecture project, RadiantOne was selected to consolidate and transform identity data into a real-time resource.

The “So What?” of the NIST Quantum Resistant Cryptographic Algorithms Announcement (OODA Loop) On 5 July 2022 NIST made a long awaited announcement of the first of four Quantum Resistant Algorithms that come from this years long process of coordination and examination. More algorithms and approaches are being evaluated and over the next two years NIST will be working on a final standard. The algorithms selected address the weaknesses proven through both Shor’s and Grover’s algorithms, meaning they are good algorithms for both general encryption and hashing. 

GDPR Compliance in the Cloud: What You Need to Know | Enterprise Networking Planet (Enterprise Networking Planet) On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect across the European Union (EU). The GDPR replaced the 1995 EU Data

The History and Evolution of Zero Trust (SecurityWeek) A brief history of the Zero Trust concept coined by Forrester’s John Kindervag in 2010, and how it has evolved over the years and is now a collective adjective.

Defending Aircraft Networks Against Cybersecurity Breaches (The State of Security) As attacks against critical infrastructure and rapidly digitizing industries rise, the aviation industry must reevaluate its standards.

How to develop successful incident response plans (Help Net Security) This video talks about the rules organizations need to think about if they way to develop successful incident response (IR) plans.

Bitcoin miners shut off rigs as Texas power grid nears brink (Seattle Times) Nearly all industrial bitcoin miners in Texas have shut off their machines as the companies brace for a heat wave that is expected to push the state’s power grid near its breaking point.

Design and Innovation

U.S. Government and QuSecure Orchestrate First-Ever Post-Quantum Encryption Communication over a Government Network (Business Wire) QuSecure™, Inc., a leader in post-quantum cybersecurity (PQC), today announced the U.S. Federal Government is currently orchestrating the world’s firs

Apple Is Offering $2M USD to Hackers Who Can Exploit Their New Lockdown Feature (HYPEBEAST) The feature will be made available in iOS 16.

Is Apple’s Lockdown Mode 100% secure? (ITWeb) With more secure modes, hacking is more difficult, but it cannot be ruled out entirely, says Kaspersky.


NSA lauds research of Mercyhurst student intelligence analysts (Mercyhurst University) Mercyhurst University is a four-year college located in Erie, Pennsylvania..

Legislation, Policy, and Regulation

How the CAC became Chinese tech’s biggest nightmare (Protocol) The Cyberspace Administration of China’s core functions have expanded from content control to data security and privacy, and it now affects the entire digital economy.

The United States Needs a New Foreign Policy for Cyberspace (Council on Foreign Relations) The internet is more fragmented, less free, and more dangerous than ever before.

Report: U.S. diplomacy must adapt to cyberspace’s ‘new realities’ (The Record by Recorded Future) The U.S. must adopt a new foreign policy to confront a fragmented and potentially dangerous digital realm, according to the Council on Foreign Relations.

CISA Urges FCC to Prioritize National Security in Internet Routing Probe (Nextgov) CISA Director Jen Easterly said industry concerns shouldn’t preclude use of the commission’s regulatory authority to mitigate exploitation of the Border Gateway Protocol.

DHS puts the kibosh on saying ‘pilot’ as it deals with new congressional reporting requirements (Federal News Network) A provision in the omnibus spending bill for 2022 requires the Homeland Security Department to submit a report to Congress on the impact of most pilot programs.

One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (Security Intelligence) The Transportation Security Administration’s directives after the Colonial Pipeline attack have proved hard to follow. What ongoing regulations may change?

New Standards Needed for Agency Cloud Computing Purchases, Says Report (FEDweek) A procurement bill (S-3099) now pending a Senate vote would require agencies to consider whether existing protections will meet their security needs

Congress could codify privacy rights with a bipartisan bill (Marketplace) The American Data Privacy and Protection Act would let consumers sue companies that violate its safeguards.

Location, health, and other sensitive information: FTC committed to fully enforcing the law against illegal use and sharing of highly sensitive data (Federal Trade Commission) Among the most sensitive categories of data collected by connected devices are a person’s precise location and information about their health.

How Much Cyber Insurance Governments Need Depends on Risk (Governing) Purchasing cyber defenses, training and insurance are budgeting decisions — and financial officers need number-driven risk models that show them how far each investment may go toward reducing risks of financial losses from cyber incidents.

Six Island businesses hit by ransomware attacks so far this year (Energy FM) The Manx Government’s Office of Cyber Security and Information Assurance (OCSIA) are urging organisations hit by ransomware attacks not to make p…

Litigation, Investigation, and Law Enforcement

OPM breach victims expected to receive about $700 each after class action settlement (The Record by Recorded Future) The nearly 26 million people who had their information leaked during two Office of Personnel Management (OPM) data breaches in 2014 and 2015 may be entitled to about $10,000.

IG Warns of Cyber Supply Chain Risks at Justice Department (FEDweek) An inspector general audit has found that both the Justice Department and its subagency the FBI are at risk because of weaknesses in its Cyber Supply

Italy warns TikTok over privacy policy switch (TechCrunch) TikTok’s attempt to switch legal basis for targeting advertising at users in Europe looks to be in trouble after Italy’s data protection watchdog stepped in and issued a warning of legal inadequacy just days ahead of the planned privacy policy change. The user-generated video sharing platform attra…

San Francisco cops want real-time access to private cameras (Register) ACLU hits back at ‘unprecedented power grab’

Twitter Lawyers Call Musk’s Deal Termination ‘Wrongful’ (Bloomberg) Social network is expected to file suit against Musk this week. Billionaire seeks to scrap $44 billion deal over bot dispute.

New York Department of Financial Services Announces $5 Million Penalty in Most Recent Cybersecurity Enforcement Action (JD Supra) On June 23, 2022, the New York State Department of Financial Services (NYDFS) announced the entry of a Consent Order in connection with its most…

EDF Under Scrutiny Over Cybersecurity Record (Infosecurity Magazine) UK nuclear regulators step up monitoring of French giant EDF’s cybersecurity measures