Attacks, Threats, and Vulnerabilities
Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign by Russian Intelligence (Federal Bureau of Investigation) The FBI and its partners released a cybersecurity advisory exposing malicious cyber activities by Russian military intelligence against U.S. and global organizations.
Cyberhack dispute: Russian diplomats say Moscow not behind attacks on US targets, but is itself constantly bombarded by Americans (RT International) One day after the US accused Moscow of being behind cyberattacks on both government bodies and private business, the Russian Embassy in Washington has pointed the finger at the Americans, accusing them of hacking Russian targets.
Russia Points Finger Back at U.S. Over Latest Cyberattack Accusations (The Moscow Times) U.S. cybersecurity agencies blamed Kremlin-backed hackers for a series of attacks on Western private and government entities.
Russia strongly rejects involvement in cyberattacks on US claimed by NSA (Business Standard) The Russian Embassy has strongly rejected the alleged involvement of the Russian authorities in a series of cyberattacks on government and private facilities in the United States and other countries
NSA discloses hacking methods it says are used by Russia (AP NEWS) WASHINGTON (AP) — U.S. and British agencies disclosed on Thursday details of “brute force” methods they say have been used by Russian intelligence to try to break into the cloud services of hundreds of government agencies, energy companies and other organizations.
US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets (CyberScoop) For two years, Russian military hackers have been bombarding hundreds of targets worldwide with passwords to gain access to their networks, making use of a popular open-source tool for managing application workloads, U.S. and U.K. agencies warned in an advisory Thursday. The Russian agency deploys a Kubernetes cluster — a set of worker machines — to conduct their brute force “password spray” attacks ...
The United States and the United Kingdom have blamed cyber-attacks on cloud infrastructure (Mediarun Search) The U.S. and UK security agencies have repeatedly blamed Russia for attacks on key parts of its infrastructure. This Thursday (1), the FBI and NSI
Russian Hackers Are Trying to Brute-Force Hundreds of Networks (Wired) While SolarWinds rightly drew attention earlier this year, Moscow's Fancy Bear group has been on a password-guessing spree this whole time.
NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers (The Hacker News)
FBI and the NSA enlighten on the techniques used by Russian hackers to hack into U.S. systems.
Russia's APT28 Blamed for Brute Force Campaign Using Kubernetes (Infosecurity Magazine) The US and UK authorities have issued a new warning of state-sponsored Russian threat activity, focused on stealing information from global targets.
US, UK agencies warn Russian hackers using 'brute force' to target hundreds of groups (TheHill) A group of top agencies in the United States and United Kingdom on Thursday warned of an ongoing campaign by Russian government-backed hackers using “brute force” hacking techniques to target hundreds of organizatio
US-UK Warn Of New Worldwide Russian Cyberespionage (Breaking Defense) "This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt," observed John Hultquist, VP of Analysis at Mandiant Threat Intelligence.
FBI, NSA: Russian military cyber-unit behind large-scale brute-force attacks (The Record by Recorded Future) US and UK cybersecurity agencies said today that a Russian military cyber unit has been behind a series of brute-force attacks that have targeted the cloud IT resources of government and private sector companies across the world.
NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs (Dark Reading) The National Security Agency (NSA) and the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today issued a rare alert together that warns of widespread brute-force attacks on US and global organizations by Russia's GRU military intelligence agency that initially began in mid-2019.
Good guy Russia gives enterprises, cloud platforms a free brute-force security test using Kubernetes clusters (Register) Thanks, Vlad, for the cyber-check-up and the containerization case study
Mongolian certificate authority hacked eight times, compromised with malware (The Record by Recorded Future) Hackers have breached a server belonging to MonPass, one of Mongolia's largest certificate authorities (CA), and have backdoored the company's official client with a Cobalt Strike-based backdoor.
Chinese Hackers Attacked Afghan Council Network, Cybersecurity Firm Says (Voice of America) As part of a cyberespionage operation targeting Central Asian countries, Chinese hackers recently sought to breach the computer networks of Afghanistan's National Security Council, researchers at cybersecurity firm Check Point reported.
Ongoing Spearphishing Campaign Targets Afghan Gov’t (Threatpost) The IndigoZebra APT is targeting the Afghan government using Dropbox as an API that leaves no traces of communications with weirdo websites.
Researchers uncover effort by Chinese-speaking hackers to target Afghan government (TheHill) Chinese-speaking hackers recently targeted the top tiers of the Afghan government, along with the governments of other nearby nations, research published Thursday found.
Iranian cyber-threat groups make up for lack of technical sophistication with social engineering trickery (The Daily Swig) We take a look at the underestimated threat posed by Iran’s state-sponsored hacking groups
Solar Winds Hackers Continue To Cause Grief (Cyber Security Hub) If bad actors socially engineered all the support teams around the world, they could get a lot more people clicking on emails and mobile phones authorized which they could use to gain access to infrastructure.
SolarWinds cyber attack sees significant financial impact on annual revenue (IT Brief) “Organisations are clearly struggling to keep up with the volume and impact of cyber attacks coming from well-funded and well-organised nation states.
Trickbot cybercrime group linked to new Diavol ransomware (BleepingComputer) FortiGuard Labs security researchers have linked a new ransomware strain dubbed Diavol to Wizard Spider, the cybercrime group behind the Trickbot botnet.
Critical, Exploitable Flaws in NETGEAR Router Firmware (SecurityWeek) Microsoft researchers find multiple gaping security holes in firmware shipped on NETGEAR routers, warning that exploitation could lead to identity theft and full system compromise.
Threat Thursdays: Ragnar Locker - New Variants Pose Threat to Sacred Timeline (BlackBerry) Ragnar Locker ransomware has made international headlines lately due to attacks against ADATA, a Taiwanese memory and storage manufacturer. Like many ransomware variants, Ragnar Locker uses a double extortion technique - if the victim refuses to pay the ransom, their data is published to the dark web.
Trickbot cybercrime group linked to new Diavol ransomware (BleepingComputer) FortiGuard Labs security researchers have linked a new ransomware strain dubbed Diavol to Wizard Spider, the cybercrime group behind the Trickbot botnet.
Microsoft warns Windows users of unpatched critical vulnerability (Business Standard) The bug can help hackers install malicious programmes and access key data on their systems.
New Critical Security Warning Issued For All Windows Versions As ‘PrintNightmare’ Confirmed (Forbes) Microsoft has confirmed a new critical security threat in all versions of the Windows operating system.
Researchers Briefly Posted PoC for Windows Print Spooler RCE Flaw (Security Boulevard) File this under “Oops” (or maybe a stronger language equivalent) – for a brief period of time last month researchers at Sangfor published on GitHub a
Babuk Ransomware Builder Mysteriously Appears in VirusTotal (Threatpost) The gang's source code is now available to rivals and security researchers alike – and a decryptor likely is not far behind.
Mysterious Node.js malware puzzles security researchers (The Record by Recorded Future) Almost four months after it was first spotted in the wild, the infosec community is still scratching its head in regards to the purpose of a new malware strain named Lu0bot.
Vulnerability Found in Industrial Remote Access Product From Claroty (SecurityWeek) A vulnerability that could facilitate attacks on industrial organizations has been found in Claroty’s Secure Remote Access (SRA) product.
Hacker Gets Thousands of Confidential Data on LimeVPN Users (Tech Times) One hacker has gotten his hands on all the VPN provider's users and is currently selling them on a popular hacker forum.
Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web (Threatpost) LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline.
Hacker obtains data on thousands of VPN users (TechRadar) User records from a popular no-logs VPN service were obtained following a data breach
US insurance giant AJG reports data breach after ransomware attack (BleepingComputer) Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September.
University Medical Center Says Hackers Breached Data Server (SecurityWeek) A Nevada hospital confirmed its data servers had been breached after a hacking group posted images of personal information online it apparently acquired in a cyber theft.
Hackers access 4,000 UW Health patients' Epic MyChart portals for nearly 4 months (Becker's Hospital Review) Madison, Wis.-based UW Health began notifying 4,318 patients of a data breach in their Epic MyChart patient portal.
200,000 Northwestern patients affected in Elekta data breach; 42 health systems hit (Becker's Hospital Review) A data breach on a cancer software vendor has exposed the information of 201,197 Chicago-based Northwestern Memorial HealthCare patients at nine health system hospitals. The health system is the last to come forward as a victim of the breach.
Cyber startup says Tamil Nadu’s PDS data breached (The Hindu) ‘Aadhaar card numbers, addresses and mobile numbers belonging to over 5.2 million consumers lifted’
Navistar data leaked on auction site after cyberattack (FreightWaves) Data apparently stolen from Navistar International appears on the dark web as an underground marketplace begins an auction for the heavy truck manufacturer’s internal files.
Optus discloses network outage affecting mobile, internet services (CRN Australia) Mostly affected east coast cities, according to users.
Steamship Authority Concludes Cyber Attack Investigation (CapeCod.com) The Steamship Authority (SSA) said that it has officially concluded its investigation into the cyber attack that interrupted some of the ferry’s services last month. Ferry sc…
Security Patches, Mitigations, and Software Updates
CISA Urges Orgs to Disable Windows Print Spooler on Critical Systems (Dark Reading) The US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA) and others are urging organizations to immediately disable the Windows Print Spooler service in domain controllers, Active Directory admin systems, and other devices that are not used for printing because of a critical vulnerability in the service.
Google, OpenSSF Update Scorecards Project With New Security Checks (SecurityWeek) Google’s Open Source security team, in collaboration with the Open Source Security Foundation (OpenSSF) community, today announced an update to the Scorecards project to include more security checks.
Johnson Controls Facility Explorer (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Johnson Controls
Equipment: Facility Explorer
Vulnerability: Improper Privilege Management
2. RISK EVALUATION
Successful exploitation of this vulnerability could give an authenticated user an unintended level of access to the controller’s file system.
Sensormatic Electronics C-CURE 9000 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls
Equipment: C-CURE 9000
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote execution of lower privileged Windows programs.
Delta Electronics DOPSoft (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: DOPSoft
Vulnerabilities: Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow arbitrary code execution and disclose information.
Mitsubishi Electric Air Conditioning System (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.1
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: Multiple Air Conditioning Systems
Vulnerability: Incorrect Implementation of Authentication Algorithm
2.
Mitsubishi Electric Air Conditioning Systems (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: Multiple Air Conditioning Systems
Vulnerability: Improper Restriction of XML External Entity Reference
2.
Fuji Electric Tellus Lite V-Simulator and V-Server Lite (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Fuji Electric
Equipment: Tellus Lite V-Simulator and V-Server Lite
Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Read, Out-of-Bounds Write, Access of Uninitialized Pointer, Heap-based Buffer Overflow
2.
CISA Urges Orgs to Disable Windows Print Spooler on Critical Systems (Dark Reading) Patches Microsoft issued last month not effective against exploits targeting "PrintNightmare" flaw, agency and others say.
Trends
Study Finds Insurance Companies Lack Cyber Hygiene (SecurityWeek) A study of exposed web-app attack surface reveals that insurance companies are not good at keeping their own security house in order
Marketplace
Cybersecurity M&A Roundup: 37 Deals Announced in June 2021 (SecurityWeek) 37 cybersecurity-related acquisitions and mergers were announced in June 2021.
Barracuda announces definitive agreement to acquire SKOUT Cybersecurity (Barracuda Networks) Barracuda Networks is the worldwide leader in Security, Application Delivery and Data Protection Solutions.
Barracuda acquires Skout Cybersecurity to enter the XDR market (TechCrunch) The deal will see Barracuda enter the fast-growing XDR market.
MOQ acquires Perth-based Dienst Consulting (CRN Australia) As company expands into Western Australia.
Jamf completes acquisition of Wandera (Yahoo Finance) Wandera furthers Jamf’s leadership in Apple Enterprise ManagementMINNEAPOLIS, July 01, 2021 (GLOBE NEWSWIRE) -- Jamf (NASDAQ: JAMF), the standard in Apple Enterprise Management, today announced it has completed the acquisition of Wandera, a leader in zero trust cloud security and access. This acquisition uniquely positions Jamf to help IT and security teams confidently protect devices, data and applications while extending the intended Apple experience through the most robust and scalable Apple
Despite CrowdStrike, 3 Reasons To Buy SentinelOne After Record Cybersecurity IPO (Forbes) SentinelOne just had the most successful cybersecurity IPO ever. Can it beat triple digit top-line growth expectations in its first quarterly report?
ESET joins ranks as a CVE Numbering Authority (Intelligent CIO Middle East) Working in concert with Common Vulnerabilities and Exposures (CVE) Programme, ESET, a Europe-based endpoint protection platform vendor, has announced it is authorised by the CVE Program as a CVE Numbering Authority (CNA). Organisations designated as CNAs are responsible for the assignment of CVE IDs to vulnerabilities and for creating and publishing information about the vulnerability […]
Israel cybersecurity firms raise record $3.4b, 41% of global sector investment (Times of Israel) The half-year figure exceeds the record-breaking $2.9 billion in investments for all of 2020; seven out of Israel's 13 cybersecurity unicorns were created in first half of 2021
Multiple D.C.-area VC funds are raising money. Here’s a rundown — and what’s driving it. (Washington Business Journal) In Greater Washington, we spotlight these VC firms raising new funds or adding dollars to their existing ones.
Fidelis Cybersecurity Appoints Industry Veteran as Chief Marketing Officer (BusinessWire) Fidelis Cybersecurity, the industry innovator in active extended detection and response (XDR) solutions trusted by Fortune 100 firms and governments w
Securonix Appoints Former Microsoft Data Scientist Joshua Neil to Threat Labs Team (BusinessWire) Securonix, Inc., a leader in next-gen SIEM, today announced the appointment of Joshua Neil as Chief Data Scientist. In this position, Neil will be an
QinetiQ CFO David Smith to Retire; Carol Borg Named as Replacement (MarketWatch) QinetiQ Group PLC said on Friday that Chief Financial Officer David Smith will retire on Nov. 30, to be replaced by Carol Borg on...
Products, Services, and Solutions
McAfee Receives Success Memorandum From Defense Innovation Unit for MVISION Unified Cloud Edge (BusinessWire) McAfee Corp. (Nasdaq: MCFE), the device-to-cloud cybersecurity company, today announced it has received a success memorandum from the Defense Innovati
Snow Software Introduces Snow Atlas (BusinessWire) Snow Atlas is designed to provide organizations with a faster time to value, improved overall experience, improved ROI and enhanced business agility.
WhiteHat Security Announces Name Change to NTT Application Security (PR Newswire) WhiteHat Security, a world leader in application security, announced today it has formally changed its name to NTT Application Security. The...
Bittium Partners with DEC to Launch DEC Secure: A New Standard of Security for Mobile Communications for Individuals (News Powered by Cision) A new partnership between Bittium and DEC will give businesses and individuals access to global, cutting-edge digital security and privacy on mobile devices.
Check Point expands cloud platform to support Alibaba Cloud (IT Brief) As more enterprises move to the cloud, many are looking for the best solutions to manage their security and compliance posture across their entire cloud infrastructure.
Tenable Selected as BeyondTrust’s Technology Alliances Partner of the Year (Yahoo Finance) Tenable®, Inc., the Cyber Exposure company, today announced it has been selected as the Technology Alliances Partner of the Year by BeyondTrust, a worldwide leader in Privileged Access Management (PAM). The exciting recognition follows BeyondTrust’s decision to name Tenable its exclusive vulnerability management partner after BeyondTrust made the decision to exit the market in 2020. “Assessing systems for vulnerabilities, managing credentials and
Sunset for cyber criminals as Canada turns to Darktrace (Business Weekly) Cambridge cyber security warrior Darktrace has cashed in on burgeoning trade between the UK and Canada. The world’s leading autonomous cyber security AI company says its Canadian customer base has grown substantially over the last year as organisations across the country seek protection from increasingly sophisticated cyber-attacks. "Business news from Cambridge and the East
Technologies, Techniques, and Standards
This major ransomware attack was foiled at the last minute. Here's how they spotted it (ZDNet) Cybersecurity researchers detail what they found during an investigation into an attempted ransomware attack - and what other organisations can learn to avoid becoming victims.
Victims of Lorenz ransomware attacks can now recover files using this free decryption tool (Texas News Today) Cybersecurity researchers have released a decryption tool that allows victims of Lorenz ransomware to decrypt files for free. This eliminates the need to demand a ransom from cybercriminals. This is especially important for Lorenz, as a ransomware code bug means that even if the victim pays for the decryption key, some of the encrypted files …
Accelerating Critical Infrastructure Security in The Energy Sector (United States Cybersecurity Magazine) Critical energy infrastructure has been under siege by threat actors. The May 7, 2021, cyberattack against Colonial Pipeline is illustrative of the growing impact of cyberthreats on the energy sector and the need to prioritize cyber-defenses. "Senators Maggie Hassan (D-N.H.) and Ben Sasse (R-Neb.) recently introduced legislation called The National Risk Management Act that is intended to protect ... Read more
2021 US Digital Trust Insights Snapshot Survey (PwC) PwC’s 2021 US Digital Trust Insights Snapshot Survey reflects the views of executives on being cyber-ready
Defeating Ransomware-as-a-Service? Think Intel-Sharing (Threatpost) Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs, explains the rise of RaaS and the critical role of threat intel in effectively defending against it.
How to Isolate Malicious Email Attachments from Your Network (CSO Online) Give users a virtual safety net from known and unknown threats by isolating high-risk content.
Privacy Tip #290 – 700 Million LinkedIn Users’ Data for Sale on Hacker Forum (JD Supra) Although a security researcher has confirmed that LinkedIn users’ data, including full names, gender, email addresses, telephone numbers, and industry...
Army to set in stone the importance of information advantage, with new capabilities on deck (C4ISRNet) One of the biggest undertakings for the Army’s cyber operational and training arms in the last two years is shifting the service’s thinking and approach to the broader concept of information advantage. Now, the service is on the heels of making that concept official doctrine.
Pentagon security agency aims to get background investigations software on track (Federal News Network) Officials are trying to right the ship on the National Background Investigative Services program.
Former Anonymous and Lulzsec hacker discusses his criminal past and gives his top tips for avoiding ransomware (Computing) Jake Davis, known as Topiary, breaks down the Travelex hack amongst others, and explains why the government's repeated attempts to outlaw end-to-end encryption will never work
Design and Innovation
Becoming Elon Musk – the Danger of Artificial Intelligence (SecurityWeek) Tel Aviv, Israel-based Adversa.ai has developed an attack against facial recognition systems that can fool the algorithm into misinterpreting the image.
Academia
Monash Uni creates bug bounty, vulnerability disclosure programs (iTnews) Claims to be first Australian university to do so.
Best 4 Computer Science Scholarships (Bold) This list of computer science scholarships showcases exclusive new scholarships that can't be found anywhere else. Upcoming deadlines in 2021!
Legislation, Policy, and Regulation
The UK’s Integrated Review And The Future Of Cyber – Analysis (Eurasia Review) Cyber is a centrally crucial element to the UK’s future vision of national security. The Integrated Review considers cyber as a core component of national power, rather than a mere security issue i…
Pirates of the cyber seas: How ransomware gangs have become security’s biggest threat (Brisbane Times) The info security community is increasingly endorsing the notion that ransomware gangs require a different approach than other hackers.
House bill urges more funding and data on K-12 cybersecurity (Security Info Watch) Legislation would direct CISA to to establish a cybersecurity incident registry and cybersecurity information exchange program
New bill aims to secure federal government IT against cyberattacks (TheHill) A bipartisan bill introduced in the Senate on Thursday would attempt to address cybersecurity threats to the federal government stemming from the use of potentially insecure third party services.
FTC Vote Could Pave Way for New Privacy Rules (Wall Street Journal) In a 3-2 vote, the agency’s commissioners voted to tweak its approach to prescribing new rules for unfair or deceptive business practices under Section 18 of the FTC Act. The changes include shifting oversight of the process from an administrative law judge to the FTC chair, eliminating a staff report on proceedings and cutting some public comment periods.
Cyber Center of Excellence and Fort Gordon holds change of command ceremony (WFXG) The U.S. Army Cyber Center of Excellence and Fort Gordon held a change of command ceremony Wednesday morning.
DHS adds hundreds of new cyber professionals to its ranks (The Record by Recorded Future) The US Department of Homeland Security on Thursday announced that it is onboarding nearly 300 cybersecurity professionals and has extended job offers to 500 others in what it refers to as "the most successful cybersecurity hiring initiative in DHS history."
CISA headquarters plans finalized as DHS consolidated campus reaches ‘critical mass’ (Federal News Network) The Department of Homeland Security is moving ahead with plans to build its Cybersecurity and Infrastructure Security Agency a new headquarters on a consolidated DHS campus.
After contact tracing data breach, Pa. sidesteps scrutiny on new $34M contract (Inquirer) State lawmakers are calling into question whether the Department of Health should be jumping into another, more expensive contact tracing contract after a severe data breach with the last company.
NY Regulator Issues New Guidance On Ransomware Attacks (Law360) The New York Department of Financial Services has issued guidelines for companies to fend off cybersecurity risks, saying the rate of ransomware attacks increased 300% in 2020 and cybercriminals are jeopardizing the stability of the financial services industry.
Moore: State must create a system that protects sensitive information from cyberattacks (Telegram & Gazette) It is critical that we then create a system that protects all of the sensitive information held by private businesses and government agencies.
Litigation, Investigation, and Law Enforcement
Failing To Prevent A Cyber Attack Is Not Intrusion Upon Seclusion (Mondaq) In a decision that significantly alters the existing dynamics for privacy class actions in Ontario, the Divisional Court has held in Owsianik v. Equifax Canada Co. that gatherers and custodians...
Opinion: A criminal case against a Huawei executive poses a test for the Biden administration (Washington Post) China is politically unpopular in Washington these days, and for good reason: Thursday’s celebration of the 100th anniversary of the Chinese Communist Party featured a jarring threat from President Xi Jinping that China’s enemies will be impaled on a “Great Wall of steel” if they challenge Beijing.
Cyber attacks on Canada's Huawei devices surged after CFO arrest: Report (Illinois News Today) A 2019 government report reports a surge in advanced cyberattacks from Huawei devices in Canadian soil after Huawei CFO Meng Wanzhou was arrested in Vancouver. The report in question was commissioned by Clairvoyance Cyber Corp by Public Safety Canada and was recently obtained by the Concordia Institute for Research and Journalism through a request …
Microsoft Exec: Targeting of Americans’ Records ‘Routine' (SecurityWeek) Tom Burt, Microsoft’s corporate VP for customer security and trust, said federal law enforcement has been presenting the company with between 2,400 to 3,500 secrecy orders a year, or about seven to 10 a day
Robbing the xBox Vault: Inside a $10 Million Gift Card Cheat (Bloomberg) A junior Microsoft engineer figured out a nearly perfect Bitcoin generation scheme.
Indiana Supreme Court Refuses to Hold Commercial Crime Policy Covers Ransomware Attack (JD Supra) Typically, comprehensive cyber insurance policies, rather than commercial crime policies, respond to claims of data breach and other cybercrimes. With...
Google lawyers dismiss sueball over 'security flaw' in contact-tracing software as 'theoretical' and 'hypothetical' (Register) 'Complaint is noticeably devoid of factual allegations'
SEC Brings Charges Against Company for Deficient Data Breach Reporting Protocol (JD Supra) When implementing breach response policies and enterprise-level security measures, companies always consider guidance. Historically, when responding...
Kroger agrees to pay $5 million over Accellion data breach (Reuters) Supermarket chain Kroger Co has agreed to pay $5 million to resolve claims related to the recent data breach of Accellion Inc's file transfer service, according to court filings.
Alexa Listens To Protected Info, Health Care Workers Say (Law360) Amazon faces a new proposed class action brought by health care industry workers around the U.S. who say the company never told consumers that human analysts "freely listen" to unintentionally triggered Alexa recordings — including communications protected under HIPAA.
Colombia police collar suspected Gozi Trojan distributor (ZDNet) The alleged hacker is wanted in the United States.
China’s Internet Regulator Reviewing Cybersecurity of Ride-Hailing Business Didi Chuxing (Wall Street Journal) During the review of the Chinese ride-hailing business of Didi Global, which went public in the U.S. this week, no new user registration will be allowed.
Tucker Carlson’s NSA spying claims are evidence-free. Republicans are running with them anyway. (Vox) Carlson’s story about the NSA reading his emails would be easier to take seriously if he wasn’t a serial fabulist.