Attacks, Threats, and Vulnerabilities
How FireEye attributed the SolarWinds hacking campaign to Russian spies (CyberScoop) Careful data collection, specific keyword searches and the type of breach were factors that FireEye used to determine that Kremlin-sponsored hackers were behind one of the largest cyber-espionage operations in recent years.
Thousands of Vulnerable VMWare vCenter Servers Still Publicly Exposed (CVE-2021-21985, CVE-2021-21986) (Trustwave) On May 25th, 2021, VMWare released patches to address VMSA-2021-0010, a critical security advisory for VMWare vCenter Server addressing two vulnerabilities. One of them was a remote code execution (RCE) in the vSphere Client (CVE-2021-21985) that exists due to a lack of input validation in the Virtual SAN Health Check plug-in, which is enabled by default in the vCenter Server.
Cybersecurity and HIPAA: Government Issues New Warning and Guidance in Wake of Increased Threats (JD Supra) The U.S. Department of Health and Human Service’s Office for Civil Rights in Action (OCR) issued a warning that cybercriminals are attempting to...
New IoT Security Risk: ThroughTek P2P Supply Chain Vulnerability (Nozomi Networks) Today we announced the discovery and responsible disclosure of a new security camera vulnerability, the latest in a series of Nozomi Networks research discoveries regarding IoT security.
Millions of Connected Cameras Open to Eavesdropping (Threatpost) A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.
Critical Entities Targeted in Suspected Chinese Cyber Spying (SecurityWeek) A cyberespionage campaign blamed on China was more sweeping than previously known, with suspected state-backed hackers exploiting a device meant to boost internet security to penetrate the computers of critical U.S. entities.
China hacked an internet security tool to target Verizon and Southern California's water supplier, among others (Business Insider) "We know that bad actors try to compromise our systems," said Verizon spokesman Rich Young. "That is why internet operators, private companies, and all individuals need to be vigilant in this space."
Alibaba suffers billion-item data leak of usernames and mobile numbers (Register) Shopping service Taobao scraped by affiliate marketer; developer and boss jailed
Alibaba’s Data Leak Exposed User Information (PYMNTS) A Chinese software developer used web-crawling software to scrape 1.1 billion pieces of data from Alibaba’s Taobao shopping platform.
Alibaba Falls Victim to Chinese Web Crawler in Large Data Leak (WSJ) A Chinese software developer trawled the popular Taobao shopping website for eight months, collecting more than 1.1 billion pieces of user information including IDs and phone numbers, a Chinese court verdict said.
Digital ad industry accused of huge data breach (BBC News) Legal action filed over volume of data shared by digital advertising firms during ad space sales.
Microsoft disrupted this large cloud-based business email scam operation (ZDNet) Microsoft uncovers how scammers used phishing and email-forwarding rules to target businesses' financial information.
Unique TTPs link Hades ransomware to new threat group (CSO Online) New research exposes details of Gold Winter threat group that links it to the infamous Hades ransomware.
Southwest Airlines Flights Thrown Into Disarray by Technical Problems (Wall Street Journal) The second day in a row of disruptions led the airline to cancel 500 flights.
Southwest Airlines cancels 500 flights due to computer network issue (Baltimore Sun) The Federal Aviation Administration temporarily halted all Southwest Airlines flights over a computer issue Tuesday afternoon.
Southwest Airlines flights are disrupted for the second time in 24 hours. (New York Times) The Federal Aviation Administration said the airline was experiencing “technology issues.” Southwest acknowledged that its operations were hampered but provided few details.
Researcher finds zero-day vulnerability in Microsoft Teams (mint) Researcher found that the vulnerability could allow an attacker to take control of a user’s account
HMM Reports Cyber Attack on its Global Email System (The Maritime Executive) The shipping industry continues to be the target of cybercriminals, with South Koreas HMM becoming t...
Hacker group REvil claims responsibility for Invenergy data breach (pv magazine USA) The group says it downloaded 4 terabytes of "sensitive" project information including contracts and NDAs.
Paradise Ransomware source code released on a hacking forum (BleepingComputer) The complete source code for the Paradise Ransomware has been released on a hacking forum allowing any would-be cyber criminal to develop their own customized ransomware operation.
Ransomware Gang Turns to Revenge Porn (Motherboard) In a rare step, a ransomware gang has leaked nude images allegedly connected to a victim.
Ransomware Attackers Partnering With Cybercrime Groups to Hack High-Profile Targets (The Hacker News) Cybercriminal groups partner with ransomware attack groups to hack high-profile targets.
[eBook] Ransomware: The True Cost to Business (Cybereason) A resource for understanding and preventing modern ransomware attacks, data on loss of revenue and recovery costs, and risks to brand and reputation.
Apple: WebKit Bugs Exploited to Hack Older iPhones (SecurityWeek) Apple ships an out-of-band iOS update for older iPhones and iPads alongside a warning that a pair of WebKit security vulnerabilities may have been actively exploited.
Major welfare agency suffering 'cyber incident' affecting computer systems (ABC) Uniting Communities, which delivers support to more than 70,000 people in SA each year, is investigating whether any data breaches have occurred amid a "cyber incident" affecting its computer systems.
NFT creators tricked into installing malware in highly targeted attack (The Record by Recorded Future) Multiple digital artists and creators of non-fungible tokens (NFT) were at the center of a highly targeted malware campaign last week during which a threat actor tried to swipe their hard-earned profits.
Security Patches, Mitigations, and Software Updates
Apple fixes ninth zero-day bug exploited in the wild this year (BleepingComputer) Apple has fixed two iOS zero-day vulnerabilities that "may have been actively exploited" to hack into older iPhone, iPad, and iPod devices.
CodeCov Kills Off Bash Uploader Blamed for Supply Chain Hack (SecurityWeek) Following a major software supply chain compromise that exposed data for several major companies, CodeCov plans to kill off the Bash Uploader tool that was responsible for the breach.
OpenClinic GA (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendor: OpenClinic GA is a product of open-source collaboration on Source Forge
Equipment: OpenClinic GA
Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Improper Restriction of Excessive Authentication Attempts, Improper Authentication, Missing Authorization, Execution with Unnecessary Privileges, Unrestricted Upload of File with Dangerous Type, Path Traversal, Improper Authorization, Cross-site Scripting, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials, Hidden Functionality.
Automation Direct CLICK PLC CPU Modules (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Automation Direct
Equipment: CLICK PLC CPU modules
Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Transmission of Sensitive Information, Unprotected Storage of Credentials
ThroughTek P2P SDK (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Equipment: P2P SDK
Vulnerability: Cleartext Transmission of Sensitive Information
2. RISK EVALUATION
ThroughTek supplies multiple original equipment manufacturers of IP cameras with P2P connections as part of its cloud platform.
“Exposed” Report Reveals Corporate & Clouds Attack Surfaces (Zscaler) First of Its Kind Global Report Reveals Hospitality, Telecom Industries are Most Vulnerable to Undiscovered Network Breaches and Offers Ways to Mitigate Risk
Auth0 Releases State of Secure Identity Report, Highlighting the Most Pervasive Threats to Digital Identities (BusinessWire) Auth0, the modern identity platform, today announced the launch of its inaugural security report: The State of Secure Identity. This detailed report h
Bitglass Study Finds Security Gaps Continue to be Pervasive Across Bring Your Own Device (BYOD) Initiatives (BusinessWire) Bitglass, the Total Cloud Security company, today announced several findings from its 2021 BYOD Security Report that show the rapid adoption of unmana
Survey Finds Ransomware Top Cybersecurity Concern For Only 15 Percent of Small Business Executives (WFMZ.com) As ransomware cyber incidents escalate, a national survey found only 15 percent of small business executives leading companies with revenues up to $100 million
Data Breach Report Emphasizes Cybersecurity’s Human Element (SHRM) For all the millions of dollars an organization might spend on security technology, its employees’ decisions and actions do the most to keep the company safe, according to the annual Verizon Data Breach Investigations Report.
Measure Protocol's "MobileLife Behavior Report" Reveals Consumer Digital Behavioral Data (PR Newswire) Measure Protocol has released the "MobileLife Behavior Report" based on behavioral data collected from nearly 5,000 respondents using the...
Tech and Trust Report Reveals Data Privacy and Safety Is an Increasing Concern Amongst Consumers (PR Newswire) ATB Ventures, the innovation arm of leading Alberta-based financial institution ATB Financial, today announced the findings of its Tech and...
Deloitte acquires online antifraud firm Terbium Labs (SC Media) The startup creates digital fingerprints of sensitive data and uses machine learning to scan the open and dark web for signs of a breach.
ThreatX Raises $10 Million; Extends Attacker-Centric Security Platform (BusinessWire) ThreatX has raised $10 million in funding led by .406 Ventures, with participation from Access Venture Partners and Grotech Ventures.
Identity-Based Access Provider Elisity Raises $26 Million (SecurityWeek) Identity management provider Elisity today announced that it secured $26 million in Series A funding to scale and meet demand for its cloud-delivered cybersecurity platform.
Cybersecurity Innovator Elisity Closes $26-Million Round for Behavior-based Cognitive Trust Security Platform (PR Newswire) Elisity, Inc., the pioneer of Cognitive Trust™, the new platform for identity and behavior-based enterprise cybersecurity, today announced a...
ForcePoint To Buy UK Security Provider Deep Secure For Threat Removal Know-How (CRN) Platform security vendor Forcepoint said it would acquire cybersecurity company Deep Secure for its threat removal and defense-grade Content, Disarm and Reconstruction capabilities.
Unisys Acquires Unified Communications Specialist Unify Square (Homeland Security Today) Unisys Corporation has entered into an agreement to acquire Unify Square for $152.5 million on a cash-free, debt-free basis. Unisys is funding the transaction with cash on hand.
WSO2 Acquires Platformer to Extend Kubernetes Capabilities of Choreo Next-Generation Integration Platform as a Service (WSO2) Platformer Console for speeding Kubernetes deployments complements Choreo iPaaS capabilities for rapidly delivering cloud native apps, APIs, and digital services.
Datadobi Awarded Position on GSA IT 70 Contract Schedule with Climb Channel Solutions (BusinessWire) Datadobi announced that its product suite has been approved to be on Climb Channel Solutions' GSA IT 70 Contract.
PwC to Spend $12 Billion on Hiring, Expanding Expertise in AI, Cybersecurity (Wall Street Journal) PricewaterhouseCoopers plans to spend $12 billion and hire 100,000 new people in areas such as artificial intelligence and cybersecurity by 2026, the latest move by a Big Four accounting firm to bet big on technology.
Axis Security Wins 2021 Fortress Cyber Security Award (Axis Security) Axis Security, the leader in Zero Trust Network Access (ZTNA), announced today that it has won The Business Intelligence Group’s 2021 Fortress Cyber Security Awards in the Network Security category.
Researcher Earns $30,000 for Instagram Flaw Exposing Private Posts (SecurityWeek) A researcher has earned $30,000 via Facebook’s bug bounty program for an Instagram vulnerability that exposed private posts.
Akamai CEO says security is becoming a major growth driver for the content business (CNBC) "You've got to adopt a model of zero trust of security," Leighton told Jim Cramer in a "Mad Money."
Armis Appoints Crowdstrike President Michael Carpenter to Company Board (PR Newswire) Armis, the leading unified asset visibility and security platform provider, today announced the appointment of Michael Carpenter to Armis'...
Former CISA and DHS Leader Bryan Ware Joins Octo’s Board of Directors (BusinessWire) New BOD member brings extensive cybersecurity, IT, business, operations, investment, strategy, and Federal Government expertise to Octo.
Mullen Coughlin Adds Cybersecurity Atty From Lewis Brisbois (Law360) Mullen Coughlin LLC added a data privacy and cybersecurity lawyer from Lewis Brisbois to join its team, the insurance-focused firm said, a hire that will bring into its fold a practice built around helping clients prepare for and respond to data breaches.
Shift5 Further Expands Executive Team to Accelerate Growth (PR Newswire) Shift5, who recently announced its new President, Joe Lea, has continued to attract top talent within the cybersecurity industry. Alongside the...
Dremio Bolsters Executive Team; Appoints New Chief Revenue Officer (Yahoo Finance) Dremio, the innovation leader in data lake transformation, today announced four additions to its senior leadership team. These leaders include Alan Gibson as chief revenue officer, Amit Manor as head of channel and alliances - EMEA, Debbie Klett, head of strategic partner and channel marketing, and Deepa Sankar as VP of portfolio marketing. Today’s announcement continues a period of significant growth for the company following its January 2021 Series D funding
MSSP Foresite Hires Former NTT Security Executive As CEO (MSSP Alert) Top 250 MSSP Foresite hires former NTT Security exec Matt Gyde as chairman & CEO. Gyde will emphasize Foresite's ProVision cybersecurity platform.
Nefkens Joins Coalfire Board (Coalfire.com) Former HP enterprise services president, IT services and transformation expert to solidify security leadership team
Products, Services, and Solutions
Comcast Business Partners with Versa Networks to Extend ActiveCore℠ to Deliver SASE Services (BusinessWire) Comcast Business today announced the expansion of its secure network solutions portfolio as a result of its strategic partnership with Versa Networks.
LogMeIn Redefines LastPass Business with New Adoption Tool and Families Account for Employees (GlobeNewswire) Updates provide businesses with the security tools they need, at their own pace
IDX Privacy Wins at Fortress Cyber Awards (PR Newswire) IDX, the leading privacy platform and data breach services provider, announced their flagship product, IDX Privacy, has been named a winner in...
Accurics Unveils GitLab Static Analysis Integration To Contextualize Risk Across The SDLC (Accurics) Integration supports misconfiguration and vulnerability correlation, reducing noise and empowering developers to fix riskiest threats first
Google partners with Thales to improve privacy and confidentiality in Google Workspace (Security Brief) Google has partnered with Thales to expand support for the privacy and confidentiality capabilities of Google Workspace.
Quick Heal’s Seqrite launches cloud-based cybersecurity platform (The Economic Times) Seqrite Hawkk will offer a cloud-based cybersecurity management platform that will allow enterprises to manage multiple security products from a single console, Quick Heal CTO Sanjay Katkar says.
New eBook Launches: “Ahead of the Curve: Financial Services Accelerate Business with Nitro” (Nitro) Nitro Software (ASX: NTO), a leading global document productivity company, today published a new eBook intended to help financial services CIOs overcome some of the industry’s most prevalent challenges.
Proofpoint launches industry’s first cloud native Information Protection and Cloud Security Platform (ITWeb) The solution combines enterprise DLP, insider threat management, CASB, zero trust network access, remote browser isolation and a cloud native Web security solution.
FireEye : Mandiant Introduces On-Demand Cyber Intelligence Training (MarketScreener) Incorporates industry-leading threat intelligence reporting, real-world case studies from frontline Mandiant experts
Blackpoint Cyber Launches Blackpoint LogIC (PR Newswire) Blackpoint Cyber, a leading technology-focused cybersecurity company, has announced the launch of their newest MDR add-on solution, Blackpoint...
Resilience Series Graphic Novels (CISA) Disinformation is an existential threat to the United States, our democratic way of life, and the critical infrastructure and functions on which it relies. CISA’s Resilience Series (of which Real Fake is its first graphic novel) communicates the dangers and risks associated with dis- and misinformation through fictional stories that are inspired by real-world events.
Technologies, Techniques, and Standards
NIST Releases New Language For Cloud Security Automation (Breaking Defense) OSCAL's goal is to enable compliance and security assessments to keep pace in complex, fast-moving, ever-changing DevSecOps environments.
How the Federal Government is Revolutionizing Endpoint Security in a Zero Trust Environment (Votiro) The federal government faces many challenges when it comes to endpoint security. Understand the need for a Zero Trust environment, and how the right technology can put federal agencies at ease.
Musings of Retirement Plan Fiduciaries on Cybersecurity: Episode One (The National Law Review) By now, plan fiduciaries and their service providers likely have heard about the&nbsp;DOL&rsquo;s cybersecurity guidance. The Department of Labor&rsquo;s stepping into cybersecurity in this way &ndash
Design and Innovation
Google open-sources Fully Homomorphic Encryption (FHE) toolkit (The Record by Recorded Future) Google has open-sourced a collection of C++ libraries for implementing Fully Homomorphic Encryption (FHE) in modern applications.
Twitter is eyeing new anti-abuse tools to give users more control over mentions (TechCrunch) Twitter is looking at adding new features that could help users who are facing abusive situations on its platform as a result of unwanted attention pile-ons, such as when a tweet goes viral for a reason they didn’t expect and a full firehose of counter tweets get blasted their way. Racist abu…
Research and Development
BehavioSec Granted U.S. Patents for Mobile Authentication and Social Engineering Detection (BusinessWire) BehavioSec announced the successful grant of two additional U.S. patents for its innovative method of verifying user identity and detecting fraud.
Legislation, Policy, and Regulation
Israel's new PM Naftali Bennett made his name as a millionaire tech founder (Axios) Bennett started the company in 1999 — when he was still in school.
NATO members agree to new cyber defense policy (TheHill) The United States and other North Atlantic Treaty Organization nations endorsed a new cyber defense policy Monday as part of the NATO summit in Brussels.
NATO Warns it Will Consider a Military Response to Cyber-Attacks (Infosecurity Magazine) NATO has issued a communique stating it will consider invoking Article 5 in response to cyber-attacks on a case by case basis
NATO hardens stance on "authoritarian" China at Biden's first summit (TAG24) NATO leaders toughened their collective line on China and sent a warning to Russia at Biden's first summit on Monday. | TAG24
Romania bans Huawei from its 5G network (Developing Telecoms) Romanian President Klaus Iohannis has signed a bill that essentially bans China’s Huawei from being involved in the country’s 5G networks amid national security concerns.
Biden-Putin summit live: leaders arrive at Geneva venue for hours of tense talks (the Guardian) Joe Biden and Vladimir Putin set for hours of talks in Geneva with Ukraine, Alexei Navalny, election meddling and cyberattacks all on agenda
Why Putin wants deal to avoid "cyber Pearl Harbor" from pulling Biden into war (Newsweek) "We need to find what the red lines are, this continues to escalate, and we can't allow it to escalate," CrowdStrike President and Chief Security Officer Shawn Henry told Newsweek. "It's the exact reason we had nuclear arms talks, because we realize things couldn't continue to escalate."
Once, Superpower Summits Were About Nukes. Now, It’s Cyberweapons. (New York Times) But with the ease of denying responsibility and the wide range of possible attackers, the traditional deterrents of the nuclear age no longer work.
It’s Russia, Stupid (For Now) (Foreign Policy) Biden wants to focus on China. That’s a gift to Putin.
Ransomware’s suspected Russian roots point to a long detente between the Kremlin and hackers (Washington Post) The ransomware hackers suspected of targeting Colonial Pipeline and other businesses around the world have a strict set of rules.
Increasing Nation-State Cyber Aggression Prompts Urgent Calls for Reinforcement (MeriTalk) The SolarWinds software supply chain hack – disclosed in December 2020 – represented a new scale of nation-state cyber aggression, with thousands of organizations compromised, including at least nine Federal agencies. And just last month, the Colonial Pipeline ransomware attack further highlighted the national security risks created by cyber aggression.
Putin Raises Issue of Extradition Agreement (GovInfoSecurity) Russian President Vladimir Putin on Sunday indicated he would consider handing over Russian cybercriminals to the United States if the U.S. does the same for Moscow.
Putin says Russia prepared to extradite cyber criminals to US on reciprocal basis (WHDH) (CNN) — Russian President Vladimir Putin has said his nation is prepared to extradite cyber criminals to the United States on a reciprocal basis, Russia’s state-run TASS news agency...
Opinion: Biden's historic opportunity with Putin (CNN) US Reps. Jim Langevin and Michael T. McCaul write that President Joe Biden must use Wednesday's summit with President Vladimir Putin to confront the Russian leader on the security challenges posed by recent ransomware hacks.
U.S.-Russian Relations Will Only Get Worse (Foreign Affairs) It is hard to imagine that U.S.-Russian relations could get much worse, but sadly, they are unlikely to get better anytime soon.
Pinning Down Putin (Foreign Affairs) In dealing with Russia, U.S. interests will be better protected by an activist policy that couples a strong defense with an open hand.
There Is No Way Joe Biden Should Have a Summit With Vladimir Putin (The Heritage Foundation) For nearly 50 years, Joe Biden has gotten it wrong on foreign policy. In dealing with Russia, he has a reputation for prioritizing tough talk over meaningful actions—an approach that only benefits the Kremlin. No wonder so many anticipate his June 16 meeting with Russian strongman Vladimir Putin in Geneva with trepidation.
When it comes to Cyberattacks, Can we really just talk it out? (The Cipher Brief) “How do we establish deterrence in the cyber space?” “How do we raise costs on our adversaries so that these [cyber] attacks get down to … Continue reading "When it comes to Cyberattacks, Can we really just talk it out?"
Rep. Clarke Plans Bills Mandating Cyber Incident Reporting, Aiding CISA's Visibility Into Private Sector Networks (Defense Daily) The chairwoman of a House cybersecurity panel is developing legislation that would require critical infrastructure owners to report cyber incidents to the
U.S. Senator Rubio plans legislation to address Russia cyberattacks -letter (Reuters) The top Republican on the U.S. Senate Intelligence Committee urged President Joe Biden on Tuesday to tell Russia that Washington will meet any future cyberattacks with a strong response.
TSA preps second pipeline cyber directive (FCW) A senior TSA official told House lawmakers on Tuesday that it is preparing to issue a second security directive focused on cybersecurity mitigation measures used by pipeline companies.
Protecting the Critical of Critical: What Is Systemically Important Critical Infrastructure? (Lawfare) The U.S. government does not have a reliable method to identify, support, and secure the most “critical of critical” infrastructure. But, the Cyberspace Solarium Commission’s 2020 report addresses just that.
Lina Khan, Critic of Large Tech Firms, to Lead Federal Trade Commission (Wall Street Journal) President Biden to designate Columbia law professor as FTC chairwoman following her Senate confirmation as a commissioner on Tuesday, signaling tougher antitrust enforcement ahead.
Biden Names Lina Khan, a Big-Tech Critic, as F.T.C. Chair (New York Times) Ms. Khan, who first attracted notice as a critic of Amazon, was confirmed by the Senate as a commissioner on the agency on Tuesday.
Pai’s legacy lives on for now as Biden fails to nominate Democrat to FCC (Ars Technica) Biden's failure to fill empty FCC slot has consumer advocates increasingly worried.
Connecticut Legislators Pass Modernized Data Privacy Breach Notification Law (MSSP Alert) Connecticut’s legislators approve data privacy measure to update and fortify the state’s existing breach notification statute.
Texas governor signs data breach notification bill - Business Insurance (Business Insurance) Texas Gov. Greg Abbott signed a data breach notification bill into law on Monday that requires the state’s attorney general to post a listing of breaches that involve at least 250 Texas residents.
Litigation, Investigation, and Law Enforcement
The Cybersecurity 202: The Justice Department is racking up wins despite encryption concerns (Washington Post) The Justice Department has been racking up significant victories against criminals who rely on encrypted communications — even as it maintains that the strongest form of encryption makes its work harder.
“Face of Anonymous” suspect deported from Mexico to face US hacking charges (Naked Security) After nearly a decade as a US expat dubbed “The Face of Anoynmous”, he’s back in the US facing cybercrime charges from almost a decade ago.
India slams Twitter for not complying with new IT rules (Reuters) India's technology minister said on Tuesday that Twitter Inc (TWTR.N) had deliberately defied and failed to comply with the country's new IT rules, which became effective in late May.
Twitter has failed to comply with Intermediary Guidelines: Ravi Shankar Prasad (ETCIO.com) Ravi Shankar Prasad said that Twitter has failed to address the grievances of users by refusing to set up a process as mandated by the law of the land..
Ukraine hackers uncovered who targeted U.S., Korean firms, say police (Reuters) Ukrainian police said on Wednesday they had uncovered a group of hackers who had carried out ransomware attacks on foreign companies and universities between 2019 and 2021.
Facebook Can’t Dodge EU-Wide Privacy Orders, Top Court Rules (Bloomberg) EU top court rules on scope of so-called one-stop-shop system. Dispute stems from Belgian data order over Facebook cookies.
Facebook Can't Limit GDPR Enforcement To Lead Watchdog (Law360) The European Union's top court ruled on Tuesday that data protection agencies in any EU country should be able to pursue legal action against Facebook or other technology companies — even if they are not the main privacy regulator for those entities.
SEC settles with First American over massive data leak for nearly $500,000 (CyberScoop) The Securities and Exchange Commission announced Tuesday that it has settled charges with First American Financial over its 2019 leak of sensitive customer information that exposed more than 800 million document images.
SEC charges mortgage title issuer First American with cybersecurity vulnerability violation (Fox Business) The SEC on Tuesday announced it reached a settlement charge with one of the largest mortgage title companies in the U.S. over cybersecurity vulnerabilities.
US intel report warns of more violence by QAnon followers (WABI) The report was compiled by the FBI and the Department of Homeland Security and released Monday.
Former National Security Agency contractor released from prison, but not fully free yet (WRDW) The former National Security Agency contractor accused of leaking top secret information on an almost free woman.