Attacks, Threats, and Vulnerabilities
Suspected Iranian Ransomware Gang N3tw0rm Starts Another Cyber Attack Wave Against Israel (CPO Magazine) Israel media reports that the state is experiencing a new cyber attack wave related to ideological hacktivism motivated by geopolitics.
A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets (Wired) The malicious code, which masquerades as ransomware, appears to come from a hacking group with ties to Iran.
Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs | CISA (CISA) This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques.
What We Know About The Apparent Russian Hack Exploiting A U.S. Aid Agency (NPR) Screenshots of the malicious email show that it purports to be a special alert from the government. "Donald Trump has published new documents on election fraud," the message declares.
Head Of Cybersecurity Firm That Detected USAID Hack Explains What Happened (NPR) A group linked to Russian intelligence got into an email account used by USAID. Rachel Martin talks to Steven Adair, who runs the cybersecurity firm that detected the attack.
Kremlin-Backed Hackers Target U.S. Aid Agency Before Biden-Putin Summit (Foreign Policy) Email phishing attacks aren’t unusual, but the new breach shows Russia isn’t letting up.
Nobelium Phishing Campaign Poses as USAID (Threatpost) Microsoft found the SolarWinds crooks using mass-mail service Constant Contact and posing as a U.S.-based development organization to deliver malicious URLs to more than 150 organizations.
Russian Hackers Resume U.S. Cyber Offensive, Microsoft Says (1) (Bloomberg Law) The Russian hackers behind the SolarWinds campaign have escalated their attacks on U.S. federal agencies, think tanks and non-governmental organizations as part of intelligence gathering efforts on behalf of their government, Microsoft Corp. said late Thursday.
Russian hackers of SolarWinds back on the attack (IOL) The state-backed Russian group behind a massive hacking campaign revealed last year has re-emerged with a series of attacks on government agencies, think tanks, consultants and other organizations, according to officials and researchers.
SolarWinds hackers launch new cyber attack (CRN Australia) Nobelium launches new wave of attacks by using Constant Contact account.
Russian Hackers Of SolarWinds Back On The Attack (International Business Times) The state-backed Russian group behind a massive hacking campaign revealed last year has re-emerged with a series of attacks on government agencies, think tanks, consultants and other organizations, according to officials and researchers.
The SolarWinds Hackers Aren't 'Back.' They Never Went Away (Wired) A new phishing campaign from Russian spies targeted USAID among others. But it's less an escalation than a regression to the mean.
US says agencies largely fended off latest Russian hack (WTOP) The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing…
US Says Agencies Largely Fended Off Latest Russian Hack (SecurityWeek) The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives
What Is a Supply Chain Attack? (Wired) From NotPetya to SolarWinds, it’s a problem that’s not going away any time soon.
Secret Chats Show How Cybergang Became a Ransomware Powerhouse (New York Times) As the ransomware industry exploded, a Russian-speaking outfit called DarkSide offered would-be computer crooks not just the tools, but also customer support. We got an inside look.
Chinese APT Groups continue to pound away on Pulse Secure VPNs (Urgent Communications) Multiple cyberthreat groups believed to be working in support of China's long-term economic interests are continuing to hammer away at networks belonging to organizations across the defense, high-tech, government, transportation, and financial services sectors in the US and Europe.
Chinese cyberspies are targeting US, EU orgs with new malware (BleepingComputer) Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances.
Danish secret service helped US spy on Germany's Angela Merkel: report (Deutsche Welle) Denmark's complicity in the NSA spying scandal against German politicians has been revealed in a joint European media investigation.
NSA spying row: Denmark accused of helping US spy on European officials (BBC News) Denmark's secret service is accused of helping the US target politicians such as Germany's Angela Merkel.
NSA spied on European politicians through Danish telecommunications hub (The Record by Recorded Future) Denmark's foreign secret service allowed the US National Security Agency to tap into a crucial internet and telecommunications hub in Denmark and spy on the communications of European politicians, a joint investigation by some of Europe's biggest news agencies revealed on Sunday.
Europe demands answers after US-Danish spying claims (South China Morning Post) Reports say the US National Security Agency eavesdropped on top politicians, including Angela Merkel, using Danish underwater cables from 2012 to 2014.
U.S. spied on Merkel and other Europeans through Danish cables - broadcaster DR (Reuters) The U.S. National Security Agency (NSA) used a partnership with Denmark's foreign intelligence unit to spy on senior officials of neighbouring countries, including German Chancellor Angela Merkel, Danish state broadcaster DR said.
Question for Denmark: Why could the US allegedly eavesdrop? (AP NEWS) Several European nations want Denmark to explain why its foreign secret service allegedly helped the United States spy on European leaders, including German Chancellor Angela Merkel, more than seven years ago.
PoC published for new Microsoft PatchGuard (KPP) bypass (The Record by Recorded Future) A security researcher has discovered a bug in PatchGuard––a crucial Windows security feature––that can allow threat actors to load unsigned (malicious) code into the Windows operating system kernel.
Cybercriminals Target Companies With New 'Epsilon Red' Ransomware (SecurityWeek) A new piece of ransomware named Epsilon Red has been spotted targeting organizations (in the United States) via unpatched Microsoft Exchange servers.
A new ransomware enters the fray: Epsilon Red (Sophos News) A bare-bones ransomware offloads most of its functionality to a cache of PowerShell scripts
Sophos claims to have found new barebones Windows ransomware (iTWire) Global security vendor Sophos claims to have discovered a new strain of Windows ransomware which is the final executable payload in a manual attack where every other stage is delivered through a PowerShell script. One of the entry points was an on-premise Microsoft Exchange Server installation. In a...
Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs (SecurityWeek) Researchers have discovered a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack Siemens PLCs.
Malware campaign targets server hosting software CWP (The Record by Recorded Future) A sophisticated threat actor is targeting web hosting software in order to install backdoors and drop rootkits on Linux servers.
Cyberattack hits world's largest meat processor's Australia and North America units (CNBC) Australian and North American units of the world's largest meat processors were hit over the weekend by an organized cyberattack on its information systems.
Cyber attack shuts down global meat processing giant JBS (ABC) The world's largest meat processing company, JBS Foods, falls victim to cyber attacks that shut down production around the world, including in Australia.
JBS meatworks shut down by cyber attack (Farm Weekly) Tens of thousands not working today as big processor struggles to get IT systems back up and running.
Faulty emailing tool prevented Accellion from notifying customers of attacks (The Record by Recorded Future) Efforts to patch a zero-day vulnerability in Accellion file-sharing servers that was actively exploited by hackers last year were hindered by a faulty emailing tool that delayed crucial customer notifications for days, allowing the attackers to wreak havoc among Accellion devices.
IOTW: Irish Healthcare Data for Sale on the Dark Web (Cyber Security Hub) The fear now is that scammers unrelated to the Health Service Executive (HSE) attack will buy the data for their own nefarious use. Already, HSE is facing regulatory fines as the result of GDPR and may face lawsuits from victims whose personal data was published online.
Services remain limited in wake of cyber attack (Donegal News) A spokesperson said the priority of the HSE remains the safety and essential maintenance care of its patients and support services.
Canada Post vendor takes major cyberattack hit (Insurance Business) Names and addresses of senders and receivers copied by the attackers
Klarna battles serious data breach, with reports of leaked user info (Sifted) Klarna, the Buy Now Pay Later giant, is facing a tech outage which seems to have compromised user account information.
Attleboro hospital says patient information may have been stolen after cyber attack (WJAR) Sturdy Memorial Hospital in Attleboro said a cyber-attack to their systems may have compromised patient information. The hospital posted a notice on its website confirming that some of their systems were hacked on Feb. 9. "In exchange for a ransom payment, we obtained assurances that the information acquired would not be further distributed and that it had been destroyed," the hospital said. Letters went out to patients on Friday whose personal information may have been stolen.
Scripps Health still grappling with impact of May 1 ransomware attack (TechRepublic) The hospital chain has been forced to reschedule operations and is working to bring its electronic health record systems back online.
Two More American Police Departments Hacked by Cyber-Gangs (TechNadu) An American police department admitted a ransomware incident and another appeared on a dark web leak portal.
Aussie families caught up in major home security camera breach (Breaking Australian and World News Headlines - 9News) Company Eufy said a "software bug" in its security systems enabled thousands of customers to see each other...
Security Patches, Mitigations, and Software Updates
SonicWall Patches Command Injection Flaw in Firewall Management Application (SecurityWeek) SonicWall last week announced the availability of patches for a severe vulnerability in its Network Security Manager (NSM) product.
Trends
The State of Brand Protection Report (Mimecast) Download Mimecast’s latest State of Brand Protection Report to get insights on new email threats from 1,225 IT decision-makers.
Critical Infrastructure: Cyber Threats & the Importance of Prevention (The State of Security) So, what happens if critical infrastructure becomes the target of a planned cyber disruption? Life as we know it could come to a halt.
Despite Colonial Pipeline attack, likelihood of utilities sector hack has increased (Yahoo Finance) A key metric that indicates vulnerability to cyberattacks has increased since the start of the year, a cybersecurity firm says.
One group that’s embraced AI: Criminals (POLITICO) From deepfakes to enhanced password cracking, hackers are discovering the power of AI for malicious use.
Complexity of Cyber Crime Skyrockets (JPT) The scale of the recent Colonial Pipeline ransomware attack demonstrates why cyber risk should be assessed as a business risk by organizations’ C-suite, going beyond the narrower view of IT/OT network risk.
Organizations lose millions of dollars each year due to cloud account breaches (Illinois News Today) Dealing with compromised cloud accounts is even more expensive as new investigations are being conducted by. Proof point And Ponenom Institute Revealed that organizations incur more than $ 6 million annually due to cloud account breaches. To edit a new report titled “”Cloud breach and shadow IT costsA cybersecurity company and IT security research organization …
Ransomware gangs' slow decryptors prompt victims to seek alternatives (BleepingComputer) Recently, two highly publicized ransomware victims received a decryptor that was too slow to make it effective in quickly restoring the victim's network.
Ethical disclosures are being ignored: an unchecked security crisis (Security Magazine) The ethical issues that exist around the wake of discovered security vulnerabilities are vast and murky. Far too often, the conversation about how and when to disclose security weaknesses shifts from a dialogue to a one-way monologue. What's a security leader to do?
The cybersecurity industry is guarding against all the wrong threats (SiliconANGLE) In the aftermath of two headline-grabbing attacks over the past six months, more high-profile security researchers and analysts are beginning to cast a wary eye at internal systems and technology tools.
Cyber Market is Nigeria’s Immediate Future Beyond Oil, Says Olawepo-Hashim (This Day) Global energy executive and former presidential candidate in 2019, Mr.Gbenga Olawepo-Hashim, has stressed the importance of cyber security in the Nigeria’s competitive cyber market, insisting that the country could play a more strategic role in the cyber space within the next 10 years.
India tops the list of 30 countries worldwide for ransomware attacks, says global survey (Hindu Businessline) 68% of Indian organisations surveyed hit by ransomware in the last 12 months
Marketplace
Atos Buys Cryptovision (Lawyer Monthly | Legal News Magazine) French IT service provider Atos has bought German cryptography specialist cryptovision, a leading provider of modern cryptography solutions.
Relativity Acquires Text IQ to Drive Leadership in AI for e-Discovery, Compliance and Privacy (PR Newswire) Relativity, a global legal and compliance technology company, today announced that it has acquired Text IQ, a Top 100 AI company applying...
OwnBackup Acquires California-Based Nimmetry Expanding Its Reach to India (The Daily News) OwnBackup, a leading cloud to cloud data protection provider, announces the acquisition of Nimmetry, based in Santa Clara, CA, with a significant presence in Hyderabad, India. Nimmetry provides a unified platform for seamless integration of big and small SaaS-based data using a microservices architecture.
Exabeam Secures $200 Million at $2.4 Billion Valuation, Welcomes New CEO and President Michael DeCesare (BusinessWire) Exabeam announces $200M Series F funding, valuation of $2.4 billion, and the appointment CEO & president Michael DeCesare, (ForeScout & McAfee).
After Nearly 6 Years, SMB Cybersecurity Provider Redacted Emerges From Stealth With $35M (Crunchbase News) San Francisco-based cybersecurity provider Redacted officially emerged from stealth with a $35 million Series B to help small and medium-sized businesses be more secure
SentinelOne raised $100 million to fund Scalyr deal (CTECH) An SEC filing from earlier this year revealed that the Israeli-founded cybersecurity company raised the funds in February, the same month it bought Scalyr, a cloud-scale data analytics platform, for $155 million
Thales and Atos form new JV to develop AI platform for defence, security (Trade Arabia) Atos and Thales have announced the creation of Athea, a joint venture that will develop a sovereign big data and AI platform for public and private sector players in the defence, intelligence and internal state security communities.
Rafael sets up cyber consortium to defend critical infrastructure (The Jerusalem Post) Iranian attack on Israel's water supply led Rafael to form the consortium with 12 leading cyber companies.
Amnesty tries to force Israeli intelligence firm ‘out of the shadows’ (The Jerusalem Post) Three NGOs led by Amnesty International on Monday issued a report trying to force NSO Group’s activities further into the public light by applying pressure to its investors.
CyberArk opens new R&D center in Beer Sheba (CTECH) An inauguration ceremony took place at Gav-Yam Negev Tech Park, joining 70 other centers and startups
Microsoft Creates Cybersecurity Council for the Public Sector in APAC (SecurityWeek) Microsoft creates a new Asia Pacific Public Sector Cybersecurity Executive Council for policy makers from Brunei, Indonesia, Korea, Malaysia, Philippines, Singapore, and Thailand, supported by Redmond's cybersecurity experts.
Deep Instinct reaches out to MSSPs (MicroscopeUK) Cyber security firm says it is taking a different approach – and the channel can benefit.
Here are Palantir's biggest contracts since moving to Denver in 2020 (Denver Business Journal) Despite keeping a low profile, the data giant has announced more than $500 million in government contracts since moving to Denver in 2020.
Palantir Awarded $111m Contract to Provide Mission Command Platform for the United States Special Operations Command (The Daily News) Palantir Technologies (NYSE:PLTR) announced today it had been selected by the United States Special Operations Command (USSOCOM) to continue its work as their enterprise data management and AI-enabled mission command platform as part of the Mission Command System/Common Operational Picture program. The contract is valued at a total of $111 million, inclusive of options, with $52.5 million executed upon award. The total contract includes a base year and one option year.
U.S. Dept. of Homeland Security Awards AT&T 4 Task Orders With a Combined Value of $306 Million Over 12 Years To Transform its Networking Capabilities (PR Newswire) What's the news? AT&T* has been awarded 4 Task Orders from the U.S. Department of Homeland Security (DHS) to modernize and transform DHS'...
Group-IB launches regional HQ in Dubai. City becomes home to its MEA Threat Intelligence & Research Center (PR Newswire) Group-IB, a global threat hunting and adversary-centric cyber intelligence company specializing in investigating and preventing hi-tech...
Veterans are Key to Filling the Cybersecurity Skills Gap (CSO Online) Veterans possess situational and other traits that translate well to a role in cybersecurity.
Resecurity Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2021 (BusinessWire) Resecurity, Inc. receives multiple honors at 9th Annual Global InfoSec Awards from Cyber Defense Magazine at 2021 RSA Conference.
The D.N.C. Didn’t Get Hacked in 2020. Here’s Why. (New York Times) A devastating email breach of the D.N.C. roiled Democrats in the final months of 2016. An unassuming security official made it his mission to prevent a recurrence.
AdaptiveMobile Security names VP sales for Japan (Capacity Media) AdaptiveMobile Security has appointed Naosuke Akiyama as VP of Sales for Japan to help support the growing demands for the company’s technology and services in the Asia Pacific region.
Trustwave expands senior leadership team with two new appointments (Help Net Security) Trustwave announced the appointment of two new members to its senior leadership team to support its rapid growth in MDR.
Former Army Cyber Leader Ed Cardon Named C3 AI Federal Group Chair (ExecutiveBiz) Ed Cardon, former commanding general at U.S. Army Cyber Command, has joined C3 AI as chair of the enterprise artificial intelligence software provider's federal systems business.The retired Army lieutenant general will help the company identify AI adoption opportunities in the defense, intelligence and government cyber missions, C3 AI said Thursday.Cardon spent over 36 years with
Bishop Fox appoints Patty Wright as SVP and GM of consulting (Help Net Security) Bishop Fox appoints Patty Wright as senior vice president and general manager of consulting to accelerate company's growth.
Axis Security Names Paul Davis as Vice President of Customer Success (Axis security) Former Splunk, Cisco Executive Joins Leadership Team to Expand Customer Success Program as Customer Deployments Continue to Accelerate SAN MATEO, CA – Axis Security, the leader in Zero Trust Network Access (ZTNA), today announced the appointment of Paul Davis as Vice President of Customer Success. In this role, Davis will be responsible for driving the...
Products, Services, and Solutions
Coalition Partners With SentinelOne to Protect Customers From Ransomware (PRWeb) Coalition, the leading cyber insurance and security company, and SentinelOne, a leading automated endpoint detection and response (EDR) provider, today announc
Protegrity now available in AWS Marketplace (Help Net Security) Protegrity announced the availability of three Protegrity products in AWS Marketplace to support customers’ secure journey to the cloud.
IntSights Teams Up with Cyberworld to Deliver Enterprise-grade Threat Intelligence in Hong Kong and Macau (Yahoo Finance) IntSights, the threat intelligence company focused on providing threat intelligence for all, today announced its further expansion in the Asia Pacific region through a strategic distributor partnership with Cyberworld. IntSights will extend its full range of solutions, including the External Threat Protection (ETP) Suite, to value-added resellers, system integrators, and enterprises in Hong Kong and Macau.
PallyCon, a Multi DRM and forensic watermarking service (Big News Network.com) The company has now become a robust 360-degree cloud-based end-to-end content security service provider to OTT platforms
Sumo Logic and AWS Collaborate to Transform Security for Multi-Cloud and Hybrid Threat Protection (GlobeNewswire News Room) New ‘Sumo Logic Cloud SIEM Powered by AWS’ Solution to Help Companies Address Modern Security Challenges with Deep Insights and Contextualized Actionable...
Phone detox program (Silent Pocket) When was the last time you spent an entire day without your smartphone?
Technologies, Techniques, and Standards
Demonstrating the Link Between Functional Safety and ICS Security (Nozomi Networks) In OT and IoT environments with no industrial control systems (ICS) security measures, it can be extremely easy for a threat actor to disrupt operations.
Think before you scan — how to use QR codes safely (TODAYonline) 2020 was the year of mass QR (quick response) code adoption in Singapore. From enabling digital payments to convenient contact tracing, these nifty codes have saved us from the dread of filling in countless forms (paper or digital) as we go about our daily lives.
How Utah secures shared data (GCN) To combat the rising number of cyberattacks, Utah’s Department of Technology Services is encrypting the data it shares internally and externally with other agencies and private entities.
SolarWinds And Colonial Pipeline Crises Showed 7 Ways To Respond To Cyberattacks (Forbes) In their responses to the recent cyberattacks against SolwarWinds and Colonial Pipeline, the two companies, the federal government, and others demonstrated several crisis management best practices.
Kaspersky experts share a guide to staying safe from doxing (Manila Standard) Sharing and geotagging photos, uploading documents to the cloud, installing a new application, and even browsing online retail stores we deal with personal data management daily, whether we realize it or not. Often, it is not clear what data we share, and most importantly, who are the final recipients of the data that makes us vulnerable.
Design and Innovation
These Ex-Journalists Are Using AI to Catch Online Defamation (Wired) CaliberAI wants to help overstretched newsrooms with a tool that’s like spell-check for libel. But its potential uses go far beyond traditional media.
WhatsApp reverses course, now won’t limit functionality if you don’t accept its new privacy policy (The Verge) A change of plans.
Google promises not to build itself privacy sandbox 'backdoors' (Digiday) Google may not be opening a proverbial backdoor for itself, but it still owns the house.
Apple vs (or plus) Adtech (Doc Searls Weblog) This piece has had a lot of very smart push-back (and forward, but mostly back). I respond to it in Part II, here. If you haven’t seen it yet, watch Apple’s Privacy on iPhone | tracked …
Apple vs (or plus) Adtech, Part II (Doc Searls Weblog) My post yesterday saw action on Techmeme (as I write this, it’s at #2) and on Twitter (from Don Marti and Augustine Fou), and in long from blog posts by John Gruber in Daring Fireball and Nic…
Activists Launch Action Against 'Cookie Banner Terror' (SecurityWeek) A group of online privacy activists said Monday it is taking action against hundreds of websites over their use of pop-up banners asking users to consent to "cookies", the files that track users' activity.
Research and Development
The Top Unsolved Questions in Mathematics Remain Mostly Mysterious (Scientific American) Just one of the seven Millennium Prize Problems named 21 years ago has been solved
Academia
UNSW gives dumped Data61 seL4 research group funding lifeline (iTnews) Six-month backing to ensure long-term viability.
Feature: Chinese tech giant Huawei's program strengthens ICT skills of Zimbabwean students
(Xinhua) Participants of the Seeds for the Future program attend a class in Harare, Zimbabwe, May 28, 2021. A group of 30 students from Zimbabwe's universities on Friday completed a week-long virtual learning workshop with Huawei Zimbabwe as part of the Chinese telecom giant's Seeds for the Future program. The program is envisioned as Huawei embraces Corporate Social Responsibility in its global mission which aims to nurture young ICT professionals in host countries
Legislation, Policy, and Regulation
Macron says wiretapping ‘not acceptable between allies’ after report adds details about old NSA program (Washington Post) French President Emmanuel Macron on Monday declared that wiretapping "is not acceptable between allies" and asked the United States for clarity after new claims emerged about National Security Agency efforts to spy on European leaders between 2012 and 2014.
Remarks to the UN Group of Governmental Experts on Advancing Responsible State Behavior in Cyberspace in the Context of International Security (United States Mission to the United Nations) We should all be proud of this report. It is a product of all of our hard work. In our final sessions, much of our energy was devoted to resolving controversial issues, and we have largely succeeded at that. But this entire document is truly remarkable.
The United Nations needs to start regulating the 'Wild West' of artificial intelligence (The Conversation) The new EU regulation is about to change the way we do artificial intelligence. The United Nations needs to follow suit.
Dumbed Down AI Rhetoric Harms Everyone (Wired) By ignorance or malice, policymakers use sweeping platitudes to regulate artificial intelligence, which may persecute citizens more than protect them.
The Lawless Realm (Foreign Affairs) Governments must take a more concerted approach to taming cyberspace.
Defend and deter - Microsoft On the Issues (Microsoft On the Issues) Last week, Microsoft announced that Nobelium was engaged in phishing attacks targeting thousands of accounts at hundreds of government and human rights agencies. Today, we’re providing an update on our continued investigation into these attacks.
White House says no changes to U.S.-Russia summit after latest cyber attack (Reuters) The White House said on Friday it will not change an upcoming summit between President Joe Biden with Russian President Vladimir Putin after Microsoft (MSFT.O) flagged a cyber attack on U.S. government agencies by Nobelium (NBLh.V), the group behind last year's SolarWind hack that originated from Russia.
New Russian hacks spark calls for tougher Biden actions (TheHill) Officials are calling for harsher measures against Russia following Microsoft’s assessment by that hackers behind the devastating SolarWinds hack were continuing to launch cyberattacks against U.S.
The Intent Behind Russia’s New Cyber Hacking Against America (The National Interest) The hacks are a potent reminder that Moscow does not trust in the goodwill of the Biden administration, and is warning against efforts to weaponize unrest in Russia. Understanding this mindset will be important as the U.S. prepares for the Geneva summit.
USAID Hack: Former NSA Official Calls U.S. Cyber Insecurity A 'Chronic Disease' (New Hampshire Public Radio) We're going to take another look at the massive cyberattack Microsoft says took place recently.
Gen. Keith Alexander Says Russian Cyber Attacks Escalating, 'More Blatant' (Newsmax) The former director of the National Security Agency said Sunday cyber hacks by Russia over the last two years have been "more blatant" than he's ever seen, asserting the attacks are targeting information about the U.S. government and major corporations.
Why pariah states no longer fear economic sanctions: They're killing it with crypto (Fortune) Accounts frozen? Banking access off limits? For rogue states and actors on U.S. sanctions lists, that's not nearly the problem it used to be in the age of soaring cryptocurrencies.
Countries are increasing their cyber response budgets — but spending still varies widely (The Record by Recorded Future) Nations around the world don’t seem to agree on the appropriate amount of money to earmark for cyber defense and incident response, according to an analysis by The Record. But in recent years, almost every country examined has boosted its cyber spending.
New Zealand on sovereignty in cyberspace (Mirage News) This post has been contributed by Dr Samuli Haataja, Lecturer at Griffith Law School and Law Futures Centre member. In December 2020, New Zealand...
'We must make Canadian cyberspace a harder target,' says CSE chief (The Hill Times) Experts say cyber threats are increasing in number and sophistication at an alarming rate, particularly as the pandemic has drastically changed the way we live and work.
Chinese firms, including Huawei, barred from using national security loophole in new US bill (ANI News) Washington [US], May 29 (ANI): In a bid to check Chinese threat, the United States has come up with a new bill directing Federal Communications Commission (FCC) to bar firms from Beijing including Huawei from allegedly using national security loophole.
Marco Rubio Takes Aim at Huawei, ZTE With New Proposal (Florida Daily) This week, U.S. Sen. Marco Rubio, R-Fla., brought out the “Secure Equipment Act.”
Italy gives Vodafone 5G deal with Huawei conditional approval – sources (KFGO) By Giuseppe Fonte and Elvira Pollina ROME (Reuters) - Vodafone's Italian unit has secured conditional approval from Rome to use equipment made by China's Huawei in its 5G radio access network, two sources close to the matter said. Italy can block o...
Why Huawei was almost excluded from the 5G race in Brazil (Global Voices) Despite its two-decade history in Brazil, the Chinese tech giant's chance to compete for 5G development contracts was at one point vehemently opposed by the Bolsonaro government.
Huawei's strategy may give Beijing 'coercive leverage' (Big News Network.com) Despite growing scrutiny over Huawei operation worldwide a new report suggests that Chinese telecommunication firm has secured contracts to provide cloud inf
Huawei calls on an old friend, Russia, as U.S. sanctions bite down (Washington Post) The Siberian city of Novosibirsk holds one piece of the Chinese tech giant’s hopes to shed its dependence on American technology.
US Govt sets aside US$750m for SolarWinds response (CRN Australia) For cybersecurity improvements to prevent another attack.
The Cybersecurity 202: The Biden administration aims big on cybersecurity spending (Washington Post) The Biden administration wants to put its money where its mouth is when it comes to protecting government computer systems from hackers.
Colonial hack exposed government's light-touch oversight of pipeline cybersecurity (Stars and Stripes) A range of current and former officials and cybersecurity experts say the Colonial Pipeline's ability to avoid a government review underscores how a voluntary, arms-length approach by federal officials over nearly two decades has left key elements of the nation's critical infrastructure at risk.
New US cybersecurity directive could stop ransomware payments like Colonial Pipeline (SeekingAlpha) Last week, the U.S. Department of Homeland Security's Transportation Security Administration announced a security directive to help identify, protect against, and respond to...
Lawmakers weigh up how to address the menace of ransomware (Digital Journal) The Biden Administration could pass a law strengthening cybersecurity measures, and ransomware in particular.
Biden’s Cybersecurity Executive Order Puts Emphasis on the Wrong Issues (Threatpost) David Wolpoff, CTO at Randori, argues that rapid cloud transition Is a dangerous proposition: "Mistakes will be made, creating opportunities for our adversaries.
Former Officials Say Broader Cybersecurity Requirements Needed for Critical Infrastructure (Wall Street Journal) The federal government should strengthen mandatory cybersecurity requirements across critical infrastructure sectors, former officials say.
After years of flat cybersecurity budgets, DoD asks for more money and cyber mission force personnel (C4ISRNET) The DoD requested $10 billion for cybersecurity and plans to add 14 cyber mission force teams over the next three years.
Cyber Command chief stresses need for U.S. to stay ahead in cybersecurity (Gephardt Daily) The chief of the U.S. Cyber Command stressed the need to stay ahead of enemy cybersecurity efforts, to gain strategic advantage, in an address this week.
Nakasone Says U.S. Works to Stay Ahead of Cybersecurity Curve (U.S. DEPARTMENT OF DEFENSE) Twenty years after the Sept. 11, 2001, attacks, the great threat to the nation has evolved into cyberspace — a new strategic environment where cyber actors can increase their power, degrade the power
DHS Nominees Pledge to Elevate US Cybersecurity (MeriTalk) President Biden’s Department of Homeland Security (DHS) nominees pledged their commitment to elevate the United States’ cybersecurity posture, in order to prevent future cyberattacks, during a May 27 Senate Committee on Homeland Security & Governmental Affairs hearing.
Rear Adm. Jeffrey Scheidt to be Assigned as DOD Deputy Principal Cyber Adviser (Executive Gov) U.S. Navy Rear Adm. Jeffrey Scheidt, deputy chief of computer network operations at the National Sec
Litigation, Investigation, and Law Enforcement
Polish trial begins in Huawei-linked China espionage case (Reuters) An espionage trial involving a former Polish secret services agent and an ex-employee of Huawei begins in a Warsaw court on Tuesday as some European states consider whether to exclude the Chinese group's equipment from their 5G telecom networks.
Interpol intercepts $83 million fighting financial cyber crime (BleepingComputer) The INTERPOL (short for International Criminal Police Organisation) has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers.
Interpol Says 585 People Arrested in APAC Operation Against Cyber-Enabled Crime (SecurityWeek) Interpol revealed last week that specialized law enforcement officers in the Asia-Pacific (APAC) region intercepted more than $83 million in fraudulent money transfers as part of a six-month coordinated effort aimed at cyber-enabled financial crime.
Cryptocurrency ‘mine’ found stealing electricity in West Midlands (Evening Standard) West Midlands Police uncovered the operation at an industrial estate in Sandwell on May 18.
Massive bitcoin mine discovered in UK after police raid suspected cannabis farm (CNBC) Police searched a unit on May 18 on the back of intelligence that led them to believe it was being used as a cannabis farm.
Self-described “king of fraud” is convicted for role in Methbot scam (The Record by Recorded Future) The Russian ringleader of the Methbot advertising fraud scheme was found guilty by a Brooklyn federal jury today of scamming brands, ad platforms, and other businesses out of more than $7 million.
579 arrested in Deoghar for involvement in cyber crime (Hindustan Times) Deoghar SP Ashwini Kumar said at a press conference that as many as 1,027 mobile phones, 1,577 SIM cards, 467 ATM cards, 23 laptops, 94 passbooks, 77 cheque books, 76 two- wheelers, 27 four-wheelers and other goods were seized from their possession.
Secret locations of U.S. nuclear weapons in Europe accidentally included in report from NATO parliament (Washington Post) Details of the weapons, long considered an open secret, were later removed from the report.
US Soldiers Expose Nuclear Weapons Secrets Via Flashcard Apps (bellingcat) Online study aids used by US soldiers contained detailed information about base security and the location of nuclear devices in Europe.
Ex-Green Beret convicted of spying for Russia moves to withdraw guilty plea (Army Times) The filing came less than two weeks after former Army Green Beret Peter Debbins was sentenced to 188 months in prison for violating the federal Espionage Act.
Russian hacker Pavel Sitnikov arrested for sharing malware source code (The Record by Recorded Future) Russian authorities have detained earlier this month a popular figure on the Russian hacking scene on charges of distributing malicious software via his Telegram channel.
Kenyan Arrested in Qatar First Targeted by Phishing Attack (SecurityWeek) A Kenyan security guard now facing charges in Qatar after writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest
