Dateline Houston, Texas, to Linden, New Jersey: Colonial Pipeline's ransomware incident.
Elizabethan England has nothing on modern-day Russia (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
After Colonial Pipeline Hack, U.S. to Require Operators to Report Cyberattacks (Wall Street Journal) The springboard for the Transportation Security Administration’s new stance is the ransomware attack earlier this month on Colonial Pipeline, as well as a sharp increase in attacks against critical assets.
Enhancing cyber resilience in the oil and gas industry (Help Net Security) WEF has convened industry and cybersecurity experts to compile a blueprint for enhancing cyber resilience across the oil and gas industry.
Colonial’s Ransom Payment Indicates Severity of Threats (Security Boulevard) Last week Joseph Blount, the CEO of Colonial Pipeline, told The Wall Street Journal that he authorized the ransom payment of $4.4. million to the hackers who broke into computer systems and caused major disruption to the East Coast’s gas supply.
Attacks, Threats, and Vulnerabilities
Revealed: Government ministry hacked by foreign power (The Brussels Times) The operation was so sophisticated and extensive it is assumed it was the work of a nation state, and all fingers point to China.
Russian Hydra DarkNet Market Made Over $1.3 Billion in 2020 (The Hacker News) Over $1.3 Billion was made by Russia's dark-net market Hydra in 2020
Cybercrime on Telegram: How Hackers Are Using the Messaging App to Share Data Leaks and Hacks (vpnMentor) Telegram, the semi-encrypted messaging and chat app seen as a rival to Whatsapp, has always received a lot of negative attention as a safe harbor and essential tool for extremist
Iranian hacking group Agrius pretends to encrypt files for a ransom, destroys them instead (ZDNet) The relatively new threat group has been connected to attacks against Israeli targets.
Iranian hacking group targets Israel with wiper disguised as ransomware (BleepingComputer) An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims' networks for months in what looks like an extensive espionage campaign.
Suspected Iranian hackers pose as ransomware operators to target Israeli organizations (CyberScoop) Ever since a 2012 hack that disabled tens of thousands of computers at oil giant Saudi Aramco, suspected Iranian operatives have been known to regularly use data-wiping hacks against organizations throughout the Middle East. Now, one such possible group has been posing as ransomware operators in an effort to conceal the origin of a series of data-wiping hacks against Israeli organizations, according to private-sector investigators.
OT Systems Increasingly Targeted by Unsophisticated Hackers: Mandiant (SecurityWeek) Unsophisticated threat actors, in many cases motivated by financial gain, have increasingly targeted internet-exposed operational technology (OT) systems.
Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks (Dark Reading) Security researchers at Mandiant have seen an increasing wave of relatively simplistic attacks involving ICS systems - and attackers sharing their finds with one another - since 2020.
Not as complex as we thought: Cyberattacks on operational technology are on the rise (ZDNet) Common techniques are setting a low bar for attacks on control processes. Sometimes, attackers have no idea what the system is used for.
Crimes of Opportunity: Increasing Frequency of Low Sophistication
Operational Technology Compromises (FireEye) We take a look at simple attacks against OT systems, where actors with varying levels of skill and resources use common IT tools and techniques.
BazaFlix: BazaLoader Fakes Movie Streaming Service (Proofpoint) Proofpoint researchers identified a BazaLoader campaign requiring significant human interaction to execute and install the BazaLoader backdoor. The threat actor leveraged phone-based customer service representatives to direct victims to unknowingly download and install the malware. This campaign is representative of a broader trend leveraged by the BazaLoader threat actors using call centers as part of an intricate attack chain.
Vulnerable Visual Studio Code extensions impact over 2M Developers (Snyk) We have been witnessing an ever growing amount of supply chain security incidents in the wild. Everything from open source package managers security flaws
Google says Rowhammer attacks are gaining range as RAM is getting smaller (The Record by Recorded Future) A team of Google security researchers said they discovered a new way to perform Rowhammer attacks against computer memory (RAM) cards that broaden the attack's initial impact.
New Zealand health systems hackers release patient details to the media (Reuters) Hackers who targeted hospitals in New Zealand's Waikato district have released what appears to be private patient information to media outlets, as health systems struggled to come back online more than a week after the attack.
Waikato DHB cyber attack: Govt says it will not pay ransom to hackers (NZ Herald) 'Ransomware attacks are a crime.'
Waikato DHB cyber attack: Privacy Commissioner warns all DHBs to fix its IT vulnerabilities (NZ Herald) Doctors warn of massive backlog with surgeries deferred, and use of handwritten notes.
HSE cyber attack: Some services 'likely to resume in 48 hours' (The Irish Times) May take weeks for full system restoration, but technicians happy with decryption key
Thousands of Chrome extensions are tampering with security headers (The Record by Recorded Future) Thousands of Google Chrome extensions available on the official Chrome Web Store are tampering with security headers on popular websites, putting users at risk of a wide range of web-based attacks.
USA Unemployment Fraud: It’s Easier Than You Think (Kela) Unemployment systems have been challenged with responding to millions of unemployment claims over the last year, with thousands of those being fake claims made by cybercriminals.
Three-Quarters of CISOs Predict Another SolarWinds-Style Attack (Infosecurity Magazine) Three-Quarters of CISOs Predict Another SolarWinds-Style Attack. Splunk warns that cloud complexity is a major threat
UK Insurer Recovering From Ransomware Attack (GovInfoSecurity) The U.K.-based insurance firm One Call says its systems were disrupted by a ransomware attack May 13 and it's still working to restore them. A local newspaper,
Are insurers vulnerable to cyberattacks? (Insurance Business) “It’s all about maintaining vigilance”
A Prequel to Ransomware (Infosecurity Magazine) How should orgs react to ransomware incidents?
‘Hackers Love a Good Crisis’: Dechert’s Brenda Sharton on the Rise in Cybersecurity Threats and Ransom Demands (Litigation Daily | The American Lawyer) Sharton said the remote work environment has forced companies to up their game. One client in the information security space reported a 35-fold increase in phishing emails during the pandemic.
US exchanges offer a rich potential target for hackers (France 24) US exchanges offer a rich potential target for hackers
Why You Should Be Wary of Unsolicited Retailer SMSs (softpedia) Although the fundamental principle remains the same, Smishing adapts to emerging security solutions and global events
Domino's data breach: Details of 18 crore orders, 10 lakh credit cards compromised (cnbctv18.com) In a massive data breach 18 crore order details of popular pizza delivery chain Domino’s India have been leaked and now available on dark web. Get latest Companies online at cnbctv18.com
Bengaluru civic body faces flak over data breach of Covid patients (The Economic Times) Free Software Movement of India, a coalition of organisations working on data privacy, on Tuesday flagged that Covid-19 data record was being published by Bruhat Bengaluru Mahanagara Palike's (BBMP's) contractor Xyram Software Solutions (Xyramsoft).
UK Police Suffered Thousands of Data Breaches in 2020 (Infosecurity Magazine) UK Police Suffered Thousands of Data Breaches in 2020. Lancashire Constabulary was the worst offender
Walmart says a 'bad actor' sent racist emails from its account (KMOV.com) Dozens of people took to Twitter on Monday to say they received emails with a racial slur from a Walmart account after someone created fake accounts with their addresses on
Security Patches, Mitigations, and Software Updates
Apple patches dangerous security holes, one in active use – update now! (Naked Security) It’s three weeks since last time. Now it’s this time, so patch now!
VMware warns of critical bug affecting all vCenter Server installs (BleepingComputer) VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments.
Vulnerability in VMware product has severity rating of 9.8 out of 10 (Ars Technica) Remote code execution flaw in vCenter Server poses "serious" risk to data centers.
Google Chrome 91 released with new features, security improvements (BleepingComputer) Google has released Chrome 91 today, May 25th, 2021, to the Stable desktop channel, and it includes security improvements, the ability to copy and paste files into web pages, and new developer features.
Rockwell Automation Micro800 and MicroLogix 1400 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.1
ATTENTION: Exploitable remotely
Vendor: Rockwell Automation
Equipment: Micro800, MicroLogix 1400
Vulnerability: Channel Accessible by Non-endpoint
2. RISK EVALUATION
Successful exploitation of this vulnerability may result in denial-of-service conditions, which may require a firmware flash to recover.
Datakit Libraries bundled in Luxion KeyShot (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Equipment: Software libraries embedded in Luxion KeyShot software
Vulnerabilities: Out-of-bounds Write, Exposure of Sensitive Information to an Unauthorized Actor, Stack-Based buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Read
Why is patch management so difficult to master? (Help Net Security) Every company is different, and the patch management process will reflect these differences. Learn more about what you can do better.
RSA conference highlights ‘scourge’ of ransomware and takes aim at quantum computing (Verdict) A cybersecurity coordinator told last week’s RSA Security conference that ransomware has gone from being an economic nuisance to becoming a “scourge”.
Report Highlights Massive Scale of Automated Cyberattacks (SecurityWeek) Cato Networks has released an analysis of the network flows across its platform during Q1, 2021, seeking anomalous behavior in approximately 200 billion traffic flows during Q1.
What businesses need to know about cybersecurity challenges (Washington Post) A data-driven investigation into the threat landscape and how it’s changing
You Need To Focus On These New Cybersecurity Threats (My TechDecisions) Supply chain compromises, ransomware, session management and machine learning will dominate the cybersecurity landscape, experts say at RSA.
The Human Factor in Cybersecurity: Q&A with Troy Hunt (MarketScreener) Too many organizations still 'tick the box' on security awareness training instead of providing ongoing training and 'out of the blue' phishing attack tests.
Report finds startling disinterest in ethical, responsible use of AI among business leaders (ZDNet) Just 6% of respondents said they ensure AI is used ethically and responsibly by making development teams diverse.
India, China among the most targeted regions for Ransomware 2.0 attacks in 2020: Kaspersky (The Indian Express) Kaspersky says the emergence of this new variant referred to as ransomware 2.0, poses threats that go beyond keeping a company or organisation's data hostage.
Tessian nabs $65M to solve cybersecurity’s ‘people problem’ (VentureBeat) Enterprise email security company Tessian has raised $65 million and announced plans to expand into communication conduits beyond email.
Inspired by Podesta breach, Material Security raises $40 million to neuter email hacks (Fortune) Material Security, a startup founded by Dropbox engineers, is locking down to inboxes keep sensitive emails out of the hands of hackers.
Zscaler to Acquire Smokescreen to Enhance Zscaler Zero Trust Exchange with Advanced Active Defense Capabilities (GlobeNewswire News Room) Zscaler to be Industry’s First Security Vendor to Integrate Active Defense into a Zero Trust Architecture...
Invoca acquires DialogTech for $100M to expand its conversational intelligence tools (TechCrunch) On the heels of expanding its marketing call analytics platform last year to provide more insights to help those in sales, e-commerce and customer experience, Invoca is making its first acquisition to widen the net of companies that it targets. The company has acquired DialogTech, a startup that bu…
Xanadu Lands $100 Million as Investments Pour Into Quantum Computing (Wall Street Journal) Silicon Valley’s Bessemer Venture Partners led the funding round for the Toronto-based startup.
Salt Security Raises $70 million in Series C Funding to Expand Global Operations and Meet Surging Demand for API Security (Salt Security) Total funding of $131 million along with 400% growth in revenue further enhance the lead Salt holds in the API security market
Skiff, an end-to-end encrypted alternative to Google Docs, raises $3.7M seed (TechCrunch) Sequoia led the seed round raise.
DataDome Closes $35 Million in Series B Funding to Lead the Global Battle Against Bad Bots and Online Fraud (BusinessWire) DataDome, a provider of real-time bot solutions announced that it has secured a $35M Series B investment.
Jamf raises security offer with Wandera deal (Bollyinside) Jamf is one of the most popular MDM providers, used across 20 million Apple devices worldwide, and the company says its Wandera acquisition will help
Nuvias Buys Cloud Distribution, Boosts SaaS, Cybersecurity Portfolio (Channel Futures) U.K.-based distributor Nuvias Group bought Cloud Distribution, which focuses in cloud-based networking and cybersecurity.
iboss Could Join KnowBe4, Darktrace, Others in Tech IPO Onslaught (Channel Futures) iboss, the cloud-delivered network security provider, could join the rush of tech companies going public with an IPO launch in the coming months.
Aryaka Wins Multiple National Awards – Internet Telephony SD-WAN Product of the Year, Stevies Gold in Software-Defined Infrastructure and More - Aryaka (Aryaka) Aryaka®, the leader in Cloud-First WAN offering fully managed SD-WAN and SASE solutions as-a-service, announced today that the company has won significant national award recognition from a number of premier organizations. Aryaka took home the Gold in the Software-Defined Infrastructure category at this year’s American Business Awards, aka Stevies, […]
Huawei to roll out self-developed Harmony OS for smartphones in early June (South China Morning Post) Huawei is set to roll out Harmony OS on its smartphones early June after introducing the in-house developed software in a range of IoT devices over the past two years.
Virsec Expands Executive Team as Demand for Application-Aware Workload Protection Accelerates (StreetInsider.com)
New Chief Marketing Officer and Vice President of Public Sector and Business Development Join as the Cybersecurity Innovator Doubles its Customer Base and Extends Global Footprint
SAN JOSE, Calif.--(BUSINESS...
SailPoint appoints Wendy Wu as CMO (Help Net Security) SailPoint announced the appointment of Wendy Wu as Chief Marketing Officer to support continued growth and accelerated pivot towards SaaS.
NTT Research Names Sanjam Garg Senior Scientist in its CIS Lab (BusinessWire) NTT Research, Inc., a division of NTT, announced that it has named Dr. Sanjam Garg a Senior Scientist in its Cryptography & Information Security Lab.
Products, Services, and Solutions
Sacramento Kings & Kings Guard Gaming Welcome Executech as Acronis #CyberFit Delivery Partner (Acronis) For information about Acronis and Acronis' products or to schedule an interview, please send an email or get through to Acronis' representative, using media contacts.
Cyber Readiness Institute Launches First Cybersecurity Certification Program for Small and Medium-sized Business Leaders (Cyber Readiness Institute) The FREE Online Program Focuses on Training Company Leaders to Create and Maintain a Culture of Cyber Readiness. The Cyber Readiness Institute (CRI) today introduced the first comprehensive professional credential program designed to train cyber leaders in small businesses to help secure supply chains and reduce risk of a cyber attack. CRI’s core mission is […]
ZeroFOX Launches Industry’s Broadest Security App Library with over 700 Connected Platforms to Provide Integrated External Threat Intelligence and Protection (Yahoo Finance) ZeroFOX Launches Industry’s Broadest Security App Library to Provide Integrated External Threat Intelligence and Protection
Imperva® Launches New Product To Secure Serverless Functions With Visibility into the Application Layer & Code-Level Vulnerabilities (BusinessWire) Imperva introduces Serverless Protection to secure serverless computing functions.
The Israeli Ministry of Communication selects odix to provide protecti (PRWeb) odix, the Israel-based cybersecurity leader focused on Deep File Inspection and CDR (Content Disarm and Reconstruction) technology will provide the Israe
Barracuda launches Cloud Application Protection 2.0 to defend web apps from evolving attack vectors (UNI) Barracuda Networks, Inc., a leading provider of cloud-enabled security solutions, today announced significant new capabilities for its Cloud Application Protection platform to deliver an additional level of protection and make it even easier for organizations to secure their applications in a digitally transformed world.
Digital Transformation of your IT estate (Certero) Transform in days and weeks, not months and years, start your journey now
Top-rated Conference Series Resumes as Cybersecurity Executives Seek to Gather In-Person Post-Pandemic (Data Connectors) Cybersecurity Conferences Continue In-Person and Virtual for members of the Data Connectors Cybersecurity Community.
Axio Leading the Way in Helping Organizations Protect Themselves Against Ransomware (BusinessWire) Axio, the leader in risk management software, announced the expansion of its free Axio360 Ransomware Preparedness Assessment tool. In light of recent
CybelAngel Announces the Launch of its New Platform Experience (BusinessWire) CybelAngel launches new upgraded platform experience which enables CISOs and their teams to respond to threats faster
Protegrity Announces Availability in AWS Marketplace (Protegrity) Protegrity Discover, Cloud Protect for Amazon Redshift, and Cloud Protect for Snowflake Now Available in AWS Marketplace to Support Customers’ Secure Journey to the Cloud
Keeper Security Rolls Out Webhook Integration Across All Messaging Platforms for Enterprise Customers (Keeper Security) Webhooks feature seamlessly integrates with platforms like Slack and Microsoft Teams, provides real-time alerts to system administrators, enhancing security, usability and efficiency
NetWitness Cloud SIEM (NetWitness.com) Cloud Compliance and Threat Detection: NetWitness Cloud SIEM
Cybrary Collaborates with Safal Partners and Cyber Future Foundation to Provide Security Training for the US Department of Labor Apprenticeship Programs (PR Newswire) Cybrary, the world's largest online cybersecurity workforce development platform, today announced a joint partnership with Safal Partners and...
Technologies, Techniques, and Standards
Post-quantum cryptographic standards to be finalized later this year (SC Media) A federal project to develop new “post-quantum” cryptography standards will be finalized later this year, according to a NIST official.
Differential Privacy Bugs and Why They’re Hard to Find (NIST) In previous posts we have explored what differential privacy is, how it works, and how to answer questions about data in ways that protect
US Army emphasizes ‘information advantage’ (C4ISRNET) The service plans to make the term part of official doctrine. The idea is to better integrate disparate capabilities for commanders.
County's ransomware remediation includes backup, security (SearchDataBackup) A ransomware attack in Yuba County, California, encrypted 50 PCs and 100 servers. The ransomware remediation included Rubrik backup.
Art Businesses Are Uniquely Susceptible to Cybercrime. Here Are a Few Simple Ways to Protect Yours, According to Top Experts (Artnet News) As an industry that still finalizes multimillion-dollar deals over email, the art trade has special vulnerabilities.
Splunk BrandVoice: Digital Disruption: Designing A Security Strategy For An Era Of Uncertainty (Forbes) The next great security challenge for business leaders is cloud complexity. Here is Splunk's guide to crafting a stronger strategy.
Shift left security is helpful, but one expert says it's not enough (TechRepublic) It's critical to plug cybersecurity vulnerabilities before bad guys get wind of them. To make that happen, businesses should encourage security and developer teams to collaborate, says an expert.
How hidden vulnerabilities will lead to mobile device compromises (SaltDNA) Your mobile device can be hacked very easily without your knowledge.
Can a Solution Provider Handle Industrial Cybersecurity? (Automation.com) Consider these key questions to help ensure you choose a qualified solution provider.
Cybersecurity Outsourcing: Unnecessary Cost or Clever Investment? (Infosecurity Magazine) What considerations should orgs have around outsourcing their security?
Research and Development
BurstIQ and The National Center for Advancing Translational Sciences (NCATS) At The National Institutes of Health (NIH) Collaborate to Apply Blockchain to Intellectual Property Management (PR Newswire) BurstIQ, the leading provider of blockchain-based data exchange solutions, announced today that the company has entered into a research...
Alberta asks universities to report on links with Beijing and Communist Party (Abbotsford News) Universities have 90 days to submit a report to Alberta’s Advanced Education Ministry
College now enrolling students in new cybersecurity program (Rio Blanco Herald Times) Cybersecurity has joined the list of academic programs available to students who choose Colorado Northwestern Community College in fall 2021 after passing two major milestones — hiring a program director and receiving program [...]
KnowBe4 Offers Cybersecurity Law Scholarship To Stetson Law Student (Gulfport, FL Patch) Celine Rodriguez was selected as the inaugural recipient of this award.
Cybersecurity in higher education: going from ‘no’ to ‘know’ (EdScoop) Cybersecurity is critical to higher education, so it must become an enabler of the business, not an impediment.
Legislation, Policy, and Regulation
KEBS approves 40 new standards to address Information Security & Consumer Privacy (HapaKenya) The new KEBS standards outline various methods for securing corporate information by an individual or managers to ensure the data is safe.
Biden, Putin to meet next month in Geneva, the first face-to-face session between the two leaders (Washington Post) President Biden and Russian President Vladimir Putin are planning to meet next month in Geneva, the first face-to-face discussion between the two adversaries and one that comes at a time of deteriorating relations between their nations.
DoJ, FBI, IC reviewing supply chain threats posed by Russian companies (Federal News Network) John Demers, the assistant attorney general for National Security in DoJ, said the review group will send its recommendations to the Commerce Department.
The Cybersecurity 202: The government is making progress on securing pipelines. Not so much on its own cyber weaknesses (Washington Post) The federal government is rushing to force cybersecurity improvements to the pipeline sector. But it’s still struggling to get its own digital protections in order.
Hack Prompts New Security Regulations for US Pipelines (SecurityWeek) The Transportation Security Administration, which oversees the nation’s network of pipelines, is expected to issue a security directive this week that will address some of the issues raised by the Colonial Pipeline shutdown.
DHS to issue first cybersecurity regulations for pipelines after Colonial hack (Washington Post) Two directives will seek oversight of the industry after a ransomware attack upended gas availability in the Southeast for 11 days
MARKUP: Our experts annotate Biden's new executive order on cybersecurity (Atlantic Council) Atlantic Council experts and friends mark up the new cybersecurity executive order with their thoughts on what it means for the government and private sector.
New Cybersecurity Executive Order: Will It Have Impact? (Security Boulevard) The state of the threat landscape in general, and incidents like the recent ransomware attack against Colonial Pipeline demand that we take immediate action to improve cybersecurity defenses. The recent executive order (EO) on cybersecurity from President Biden is a bold step in the right direction.
Evolving US Regulation a Positive Step in Addressing Cyber Risks (Fitch Ratings) U.S. cyber legislation and regulation are rapidly evolving, as seen with the President’s recent Executive Order 14028 on cybersecurity, five bipartisan bills introduced in the House of Representatives and numerous state legislatures addressing cybersecurity and privacy, Fitch Ratings says.
Coast Guard to stand up first cyber ‘red team’ as it creates Cyber Operational Assessments Branch (Federal News Network) The Coast Guard is transforming its cyber “blue team” enterprise into a more comprehensive Cyber Operational Assessments Branch.
Armenia, Ukraine Lessons Shape New US Cyber/EW Unit (Breaking Defense) Drones aren’t decisive, said the head of Army Cyber Command, without a command system that can rapidly pull together all the data and order a strike before the enemy disappears again.
Pentagon Studying How Counterterrorism Fits Into Great Power Competition (Defense One) The Pentagon has not previously discussed how to use counterterrorism capabilities for great power competition. Now that’s changing.
Ending Big Tech's free ride | Opinion (Newsweek) Big Tech has enjoyed a free ride on our Internet infrastructure while offloading billions of dollars in costs onto everyday Americans. It's time to end this sweetheart deal and force Big Tech to pay its fair share.
Litigation, Investigation, and Law Enforcement
WSJ News Exclusive | Chinese Surveillance-Gear Maker Hikvision Has Ties to Country’s Military, Report Says (Wall Street Journal) The company is blacklisted by the Pentagon but disputes U.S. claims of links to China’s military and a research company’s findings.
House Oversight Committee requests investigation into Postal Service's covert internet surveillance program (Yahoo) The bipartisan request for an investigation into the U.S. Postal Inspection Service’s covert internet surveillance program, known as iCOP, was sent Monday by committee Chairwoman Carolyn Maloney and ranking member James Comer.
UK spies violated human rights with bulk intercepts, European court rules (Reuters) Britain's GCHQ eavesdropping agency breached fundamental human rights by intercepting and harvesting vast amounts of communications, the European Court of Human Rights ruled on Tuesday.
GCHQ’s mass data interception violated right to privacy, court rules (the Guardian) Human rights judgment follows legal challenge begun in 2013 after Edward Snowden’s whistleblowing revelations
WhatsApp Sues India’s Government to Stop New Internet Rules (New York Times) The rules, which would require WhatsApp to make people’s messages traceable, would violate people’s privacy, the messaging service said.
Eight suspects busted in raid on “home delivery” scamming operation (Naked Security) Some victims of home delivery scams end up with their entire bank accounts drained. Don’t get caught out!
An automated policing program got this man shot twice (The Verge ) The Chicago PD made a “heat list” to predict people involved with violent crimes — and instead, it caused them.
Justice Dept. releases part of internal memo on not charging Trump in Russia probe (Washington Post) The Justice Department has released part of a key internal document used in 2019 to justify not charging President Donald Trump with obstruction, prompting a federal judge who wants to disclose the entire document to offer more blistering criticism of former attorney general William P. Barr.
Commerce Department unit gathered intel on employees, census critics: report (TheHill) A security unit within the Commerce Department routinely overstepped its legal limits by collecting information on hundreds of people both inside and outside the department, investigating their offices at
Russian operator of stolen credential marketplace sentenced to 30 months (The Record by Recorded Future) A Russian computer security researcher was sentenced by a federal judge in California to two-and-a-half years in prison Monday.
Google Must Face Deception Claim In Data-Harvesting Row (Law360) A California federal judge permanently axed several claims Tuesday from an Android smartphone user's proposed class action accusing Google of illegally harvesting third-party app data to gain a competitive advantage, while finding that Google's alleged failure to disclose the practices was enough to allow a state law deception claim to move forward.
Koch's Voter Data Miners Duck Ex-Prosecutor's Suit For Now (Law360) A federal judge dismissed a former prosecutor's proposed class action accusing Charles Koch's voter data analytics operation of violating California election codes and privacy laws, because she didn't show the case belongs in federal court.