A new, busy ~this week in security~ just went out:

• Norway government hacked via Ivanti zero-day
• Microsoft under email hack scrutiny
• MOVEit mass-hack tops 37 million victims
• SEC issues new four-day data breach rule
• Researchers find TETRA radio backdoor
• Mandiant outs North Korea hacker's opsec mistake
• A new cyber cat, and more.

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/zackwhittaker/this-week-in-security-july-30-2023-edition

Russia is “incubating a cottage industry” of tech contractors & “new digital surveillance tools to suppress domestic opposition to the war.” And the tech may be sold overseas. “A Swiss-army knife of spying possibilities.”

https://www.nytimes.com/2023/07/03/technology/russia-ukraine-surveillance-tech.html

NYT describes spying software that affects Telegram, Signal, and WhatsApp, not intercepting calls but accessing metadata to determine things like identity, devices, mapped relationships, etc.

Developers include firms like MFI Soft, Vas Experts, and Protei, which got started making pieces of Russia’s telecom wiretapping system.

Re-Introducing The Aftermath: a podcast series dedicated to the government’s years-long effort to deliver accountability for the Jan. 6, 2021, attack on the U.S. Capitol, including criminal prosecutions and Congress’s response. The season finale is coming out soon. Catch up now: https://www.lawfareblog.com/introducing-aftermath-podcast-series-lawfare

The season finale is available now on our Patreon and Substack for material subscribers: https://www.patreon.com/lawfare