Summary:
The Guardian and 16 other media organizations investigated the spyware that was used to infect and steal information from the cellphones of targeted people, including journalists and politicians. Their findings get at the very heart of how mobile devices, indeed any computing device, is protected. One interesting quote from an expert: "What that means in practice is that the only thing that can protect iOS users from an attack is Apple – and if Apple fails, there's no other line of defence."

Summary:
The security firm Kaseya had a remote access tool that was exploited for a large number of ransomware attacks against its customers. Somehow Kaseya obtained the decryption key that the victims need to recover their files.

Summary:
It turned out that the decryption key that Kaseya gave to victims of a ransomware attack was given to them by the FBI. The FBI chose to delay revealing the information for 3 weeks. FBI director Christopher Wray told a Senate Security Committee hearing that "We make the decisions as a group, not unilaterally. These are complex ... decisions, designed to create maximum impact, and that takes time in going against adversaries where we have to marshal resources not just around the country but all over the world."

Summary:
Did the REvil gang disappear into the LockBit ransomware-as-a-service group? Rumors of a ransomware attack against the global consulting firm Accenture have raised speculations about the possible realignment of ransomware software groups. Accenture was threatened by LockBit with public release of sensitive files. For its part, Accenture said it had detected and dealt with "irregular activity" with no impact on its operations or those of its customers.

Summary:
Mesa County Colorado has been in turmoil over an argument over who has the right to supervise elections. The battle between the state and county started when the login credentials for administering the county's voting machine were shown in a video posted online. The video was suspected of being shot by an unauthorized visitor to a confidential meeting of officials and the voting machine vendor's representatives.

Summary:
In July the Biden administration released a report on Security goals for Cybersecurity for Critical Infrastructure Control Systems. Recommendations for practices that can assure those goals are the subject of a further report to be released soon. An incident at a Florida water treatment plant in February highlighted the need to securing the cybersecurity at all levels of critical infrastructure.

Summary: Tension has developed over an SEC request to businesses for reports on all cybersecurity incidents since October 2019. The government request is voluntary and only applies to companies that downloaded a SolarWinds product that was later shown to have a serious flaw. The SEC says that they are investigating the scope of the wide-scale attack, but business leaders are concerned that they may be liable for unrelated incidents that could be revealed by the requested records.