Russia's FSB warns of heightened threat of US cyberattack. Solorigate and ICS. OPC flaws. SonicWall discloses cyberattack.

Cyber Attacks, Threats, and Vulnerabilities

The SolarWinds Hack Can Directly Affect Control Systems (Lawfare) The SolarWinds breach demonstrates that cyberattacks against IT infrastructure can have OT impact, which could compromise control systems and create real-world harm.

Russian government warns of US retaliatory cyberattacks (BleepingComputer) The Russian government has issued a security warning to organizations in Russia about possible retaliatory cyberattacks by the USA for the SolarWinds breach.

Russia warns of US cyber attack after SolarWinds hack (CRN - India) The Russian government has alerted businesses in the country about a potential cyber attack from the US, in retaliation of the SolarWinds hacking that compromised networks of several US federal agencies (including the Department of Defense) and top tech enterprises. The suspected Russia-backed hackers have compromised at least 250 federal agencies and top …

FSB warns of US cyberattacks after Biden administration comments (ZDNet) Unclear if political trolling or actual fear.

Claroty Finds Critical Flaws in OPC Protocol Implementations (Claroty) Throughout 2020, Claroty privately disclosed critical flaws in several vendor implementations of the OPC protocol. Organizations that use these vendors’ products built on OPC are exposed to attacks that could result in denial-of-service conditions on devices, remote code execution, and information leaks of sensitive device data.

SonicWall Breached Via Zero-Day Flaw In Remote Access Tools (CRN) SonicWall disclosed Friday night that highly sophisticated threat actors attacked its internal systems by exploiting a zero-day flaw on the company’s secure remote access products.

SonicWall Says It Was Victim of ‘Sophisticated’ Hack (Bloomberg) The cybersecurity company SonicWall Inc. said it was the victim of a coordinated attack on its internal systems by “highly sophisticated” hackers. The Silicon Valley-based company said it’s investigating a compromise in its Secure Mobile Access 100 series, which “simplifies end-to-end secure remote access to corporate resources,” according to the company website.

SonicWall says it was hacked using zero-days in its own products (ZDNet) The networking device vendor has published a series of mitigations as it's investigating the incident and preparing patches.

SonicWall Rules Out VPN Compromise, Flaw Limited To SMA Tool (CRN) SonicWall updated its guidance a day after disclosing a sophisticated hack to tell customers its NetExtender VPN client doesn’t have a zero-day vulnerability after all.

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product (The Hacker News) Cybersecurity company SonicWall hacked using zero-day vulnerabilities affecting its own NetExtender VPN product

SonicWall network attacked via zero day in its secure access solution (SC Media) Any SonicWall customer using the affected solutions is vulnerable to the zero-day flaws. The company set up a web page where it is providing mitigation guidelines to channel partners and customers.

Security Notice: Update on NetExtender VPN Client Version 10.x & SMA 100 Series Products (SonicWall) Security Notice: Update on NetExtender VPN Client Version 10.x & SMA 100 Series Products Last Updated: Jan. 23, 2021. 9.45 P.M. CST. SonicWall believes it is extremely important to be transparent in providing the latest information to our customers, partners and the broader cybersecurity community about the ongoing attacks on global business and government. As …

Vulnerability in SonicWall VPN products exploited (CERT-NZ) The latest update from SonicWall has removed NetExtender from the list of potentially vulnerable products.

SolarWinds hackers nearly breached cybersecurity firm Palo Alto Networks — here's how it fended off disaster (Business Insider) Palo Alto Networks used an AI tool to detect someone attempting to download malware on one of its servers, without realizing the scale of the hack.

Adobe Acrobat Reader memory corruption [CVE-2017-16363] (Sesin) A vulnerability was found in Adobe Acrobat Reader up to 11.0.22/2015.006.30355/2017.011.30066/2017.012.20098 (Document Reader Software). It has been declared as critical. This vulnerability affects an unknown function. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. As an impact it is known to affect confidentiality, integrity, and availability.

Sophos: Crypto-Jacking Campaign Linked to Iranian Company (SecurityWeek) The attacks result in the MrbMiner crypto-miner being installed onto the target servers, with the software apparently created, controlled, and hosted by a named Iranian company.

Australia's securities regulator says server hit by cyber security breach (Rwuters) Australia's securities regulator said on Monday there was a cyber security breach at a server it used to transfer files including credit licence applications where some information may have been viewed.

DDoSers are abusing Microsoft RDP to make attacks more powerful (Ars Technica) DDoS amplification attacks have abused all kinds of legit services. Now, it's Windows.

New Year, New Ransomware (PC Matic TechTalk) Babuk Locker Emerges in 2021 In less than a week, 2021 introduced a new type of Enterprise ransomware. Babuk Locker is now less than a month old and has amassed a small collection of victims. So far ransoms have been demanded in bitcoin and are under $100,000, to what I could find. If you aren't familiar, Enterprise means that the ransomware

Vadokrist: A wolf in sheep’s clothing (WeLiveSecurity) ESET dissects Vadokrist, a banking trojan that targets financial institutions in Brazil and is distributed via malicious spam emails.

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw (The Hacker News) A fully-functional exploit has been released online that anyone can use to target vulnerable enterprises using a critical flaw affecting SAP software.

Ransom DDoS Campaign: Circling Back (Radware) During the last week of December, 2020 and the first week of January, 2021, Radware customers were targeted by DDoS extortionists for a second time by a global ransom DDoS campaign that initially started in August.

DDoS Attackers Revive Old Campaigns to Extort Ransom (GovInfo Security) Threat actors behind a distributed denial-of-service campaign targeted the same set of victims again after the organizations refused to pay the initial ransom

Another ransomware now uses DDoS attacks to force victims to pay (BleepingComputer) Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom.

As Bitcoin price surges, DDoS extortion gangs return in force (Bestgamingpro) Extortion groups that send emails threatening companies with DDoS attacks unless paid a certain fee are making a comeback, security firm Radware warned today.

Are Online Gamers and eSports Fanatics at Risk of Cyber Attacks? (Play3r) The online gaming industry is currently one of the richest, popular, and lucrative industries in the world. It is no wonder that online gaming has become a new target for cyber-criminals attacks. Hackers and online criminals seem to be quite interested in taking “their” share of the industry that is supposed to be worth US$153. […]

MyFreeCams site hacked to steal info of 2 million paying users (BleepingComputer) A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.

Data breach at Buyucoin crypto exchange leaks user info, trades (BleepingComputer) A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free.

Pandemic online shopping boom has generated bumper crop of vulnerable personal data, e-commerce experts warn (CBC) The pandemic has driven consumers online for everything from groceries to outdoor heaters. But e-commerce experts caution that online sellers are netting not just revenue, but a treasure trove of personal data, too.

Hacker leaks data of 2.28 million dating site users (ZDNet) Data belongs to dating site MeetMindful and includes everything from real names to Facebook account tokens, and from email addresses and geo-location information.

Hackers publish data stolen from SEPA as the agency refuses to pay ransom (Computing) SEPA says it will not use public finance to pay criminals

Scottish Environment Protection Agency says it will not use public funds in ransomware attack (Security Magazine) The Scottish Environment Protection Agency (SEPA) has been dealing with an ongoing data breach and ransomware attack since Christmas Eve 2020. The agency says that it will not engage with criminals.

Your Password Isn’t Safe: The Danger Of An Inactive ‘Zombie’ Account (Forbes) Old “zombie” accounts can expose your passwords, or worse, credit card information. Here’s what you should know.

Intel Investigating Hack of Confidential Financial Report (GovInfo Security) Intel is investigating an incident in which an unauthorized person accessed a portion of the company's latest quarterly financial report, forcing the chipmaker to

Report: Data Breach Exposed 323K Records Including Sensitive Court Files (Website Planet) On September 26th, 2020 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected

()

Security Patches, Mitigations, and Software Updates

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP (SecurityWeek) With Microsoft Edge 88.0.705.50, users get a built-in strong password generator that allows them to easily set up new passwords when signing up for new accounts or when changing the old passwords.

Cyber Trends

ESET Survey Finds 70% of Americans are Shopping More Online Than Before the Pandemic, Yet Only 38% Feel Very Secure When Doing So (ESET) Seventy-three percent believe they would be able to spot a fraudulent email imitating one of the online shops they regularly use

Opinion: What Nidhi Razdan phishing case and Arnab Goswami chats tell us about Indian media today (Scroll.in) The media has become a marketing juggernaut, vulnerable to manipulation by influential players.

Forum: Advice on online security muddied by mixed messages (The Straits Times) At least several times a week, I receive scam calls purporting to be from DBS, DHL, Singtel, StarHub and others, with the callers trying to get hold of personal information that can. Read more at straitstimes.com.

VPN Usage by Country 2020 (Atlas VPN) Discover VPN usage statistics in each country. Check how your fellow citizens are using VPN to fight tracking, censorship, data theft, and geo-blocks.

NZ Facing Rampant Cybercrime Threats In 2021 (Scoop News) New Zealand organisations and businesses are facing increasing and rampant cybercrime threats and the situation is getting worse, NZTech chief executive Graeme Muller says. Almost a million New Zealanders are falling victim to cybercrime every year, ...

Cybergefahren steigen zum weltweiten Top-Risiko für Unternehmen auf (Computerwelt) Für die neunte Umfrage der Allianz Global Corporate & Specialty zu den wichtigsten Unternehmensrisiken wurden mehr als 2.700 Risikoexperten aus über 100 Ländern befragt. Zentrale Erkenntnis: Cybervorfälle sind erstmals das wichtigste Geschäftsrisiko für Unternehmen weltweit. [...]

100 Years of Robots (Wall Street Journal) In fiction, industry and leisure, our automated companions have grown more sophisticated and widespread with every passing year.

On the 100th Anniversary of ‘Robot,’ They’re Finally Taking Over (Wall Street Journal) A century after playwright Karel Čapek coined the word “robot,” we finally have the technology to make the stuff of science fiction a reality—for better and for worse.

Marketplace

CISA Issues RFI for Priority Communications Services Procurement Effort (GovCon Wire) The Cybersecurity and Infrastructure Security Agency has asked industry for information on available

Deloitte Acquires R9B to Bolster Cyber Threat Hunting Capabilities for Clients (PR Newswire) Deloitte & Touche LLP announced today its acquisition of substantially all the assets of Root9B, LLC (R9B), a leading provider of advanced...

Amber Raises $8.5M Series B For ‘Second Electrical Revolution’ (Crunchbase News) Amber Solutions, a startup looking to commercialize digital control of electricity, raised $8.5 million in a Series B round.

The Cybersecurity 202: SolarWinds hack could supercharge cybersecurity lobbying spending (Washington Post) Cybersecurity companies spent more money on lobbying efforts in Washington in 2020. Fallout from the SolarWinds breach could cause it to explode in 2021.

How Cybersecurity Newbs Can Start Out on the Right Foot (Dark Reading) Cybersecurity experts share their savvy tips and useful resources for infosec hopefuls.

Looking for cybersecurity experts? Consider hiring veterans (TechRepublic) Veteran Michael Kassner says former military personnel might know more about cybersecurity than employers think. Read about some of the skills veterans could bring to a cybersecurity job.

Expert: Manpower is a huge cybersecurity issue in 2021 (TechRepublic) Changing threats, volume of threats, and ransomware plague organizations. Having some autonomous AI tools to help pros do their jobs can help.

Nettitude diversifies into the Greek cybersecurity market with new office in Athens (Sea News Global Maritime News) Following continued expansion into the European market, Nettitude has chosen Athens as the next location for operations Nettitude has announced the location of the company’s new office in Athens. “This milestone is a major move for our global organisation as we continue to identify strategic locations in which to offer our threat-led services that span …

Can Huawei replicate its success in smartphones in smart vehicles? (South China Morning Post) Huawei made a global name in smartphones before US sanctions hobbled its ability to introduce new models, so now the telecoms giant is trying a new field: smart vehicles.

Huawei founder praises U.S. tech in first word from company since Biden inauguration (Reuters) The United States remains a "beacon of technology" to be emulated and China's Huawei Technology should consider cutting products in the wake of U.S. actions against it, the Chinese firm's founder Ren Zhengfei said in remarks made public on Friday.

Parler’s New Partner Has Ties to the Russian Government (Bloomberg) Parler LLC, the social media app popular with Trump supporters and conspiracy theorists, is attempting to get back online with the help of a Russian company whose clients include an internet service provider to Russian intelligence, raising concerns about the conservative social forum’s security if it ever formally returns.

MagicCube is First Startup Appointed to PCI Security Standards Council 2021-2022 Board of Advisors (PR Newswire) MagicCube, the leader in the new category of Software Defined Trust (SDT), announced today that it has been appointed to the Board of Advisors...

Zerto is Recognized as a 2021 Gartner Peer Insights Customers’ Choice for Data Center Backup and Recovery Solutions (BusinessWire) Zerto named a Customers’ Choice in the December 2020 Gartner Peer Insights ‘Voice of the Customer’: Data Center Backup and Recovery Solutions.

How Tanium, a $9B Bay Area tech unicorn, ended up in Kirkland (Puget Sound Business Journal) The CEO says the company felt the time was right for moving the headquarters as more and more employees left the Bay Area after adopting a remote-first work model.

Gloucestershire will deliver cyber jobs for all thanks to the Golden Valley Development (SoGlos) Cheltenham is booming and the Golden Valley Development will open the doors to job opportunities for all regardless of background or gender a new video aims to promote as Gloucestershire vies to...

Dashlane to drop its app and focus on just browser extensions (Poc Network // Tech) Dashlane is making a transition this year, moving away from its app to focus on just browser extensions. The new change will result in the elimination of their desktop app altogether, which means a huge overhaul for the extensions between now and then.

Dashlane taps JD Sherman, ex-Hubspot COO, as new CEO, as co-founder Emmanuel Schalit steps aside (TechCrunch) Our reliance on internet-based services is at an all-time high these days, and that’s brought a new focus on how well we are protected when we go online. Today comes some news from one of the bigger companies working in the area of password security, which points out how business is shifting …

Scottsdale-based Limelight Networks names new CEO (Phoenix Business Journal) One of the Valley's largest public companies has named a new CEO to replace the current head, who will retire in February.

Fortinet hires Andrew Sheedy to lead operational technology business (CRN Australia) Focusing on securing critical infrastructure systems.

MetricStream Enhances Focus on Channel and Alliances with Hiring of New Global Leader (PR Newswire) MetricStream, the market leader in governance, risk, and compliance (GRC), and integrated risk management products and solutions, today...

Jack London, CACI's executive chairman and longtime former CEO, dies (Washington Business Journal) London was the government contractor's President and CEO for 23 years before stepping aside in 2007.

Jack London remembered for dedication, leadership, business acumen (Washington Technology) Business leaders from across the GovCon market are sharing their remembrances of Jack London, the long-time CACI International leader who died this week. He was recalled as a highly ethical leader who was dedicated to customers and the company.

Products, Services, and Solutions

Kaspersky steps in to protect automotive industry from cyber threats (Security Brief) The company’s TI report, previously available for a selected range of customers, is able to provide car manufacturers with in-depth analysis of industry-specific security threats.

HALOCK And Spirion Partner To Solve Vexing Privacy Compliance Issue (PR Newswire) HALOCK, an information security professional services firm in the Chicago area, has partnered with an industry-leading data protection vendor,...

Eltronis Group launches engage (Security Document News) Security and brand engagement specialists Eltronis Group has today launched engage, a new cloud-based software solution that provides brands with a simple, yet sophisticated tool, to link products to the internet through consumers’ smartphones.

Sokin chooses Darktrace as security partner (Finextra Research) Sokin, the new generation payments firm is set to use Darktrace to provide holistic cybersecurity across all its back-office functions.

Exostar earns healthcare digital identity trust framework certification by Kantara (Biometric Update) Exostar has been designated one of three Full Service Credential Service Providers of identity proofing, credentialing, and authentication by Kantara Initiative

Security Compass Launches Hands-On Training Lab to Enhance Developer Skills and Application Security Programs (BusinessWire) Security Compass has launched its new hands-on Virtual Lab, providing training for developers to expand their knowledge of common vulnerabilities.

IRI and Windocks Partner to Provide Container-based Virtualized Test Databases (PR Newswire) Innovative Routines International (IRI), Inc., a leader in big data management and data-centric security, and Windocks, a leader in database...

DexProtector Certified by EMVCo to Secure the Growing World of Mobile Payment Apps (PR Newswire) Licel announced today that their product, DexProtector, has become the first software protection tool to be certified by EMVCo. A global...

Lumen chosen to provide Next Gen 911 to State of Nebraska (PR Newswire) The State of Nebraska recently selected Lumen (NYSE: LUMN) to help it transition to a next generation 911 platform using the company's...

Lucidum Unveils Community License of IT Asset Discovery Platform to Eliminate Blind Spots Across AWS Environments (BusinessWire) Lucidum today announced the commercial availability of its IT asset discovery platform that eliminates blind spots across cloud, security and IT opera

Technologies, Techniques, and Standards

Cyber-Risk Summit: Compliance should view cyber-security through prism of risk (Compliance Week) What's most important for compliance officers is to understand the risks breaches and hacks pose to their organizations, not the technical manner of how those breaches occur, according to an expert panel at CW's virtual Cyber-Risk & Data Privacy Summit.

Rethinking IoT Security: It's Not About the Devices (Dark Reading) Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.

Protect your PII this National Data Privacy Day (Tyler Paper) National Data Privacy Day is Thursday, Jan. 28, making it the perfect time to resolve to take extra precautions to secure your personally identifiable information (PII). We all share large

Cyber-Risk Summit: 7 best practices for protecting employee health data (Compliance Week) Experts at CW's virtual Cyber-Risk and Data Privacy Summit explain the importance for companies to review and enhance their current data security compliance policies and procedures.

How to Protect Seniors From Online Fraud and Phone Scams (Wall Street Journal) Scammers targeting seniors are thriving in the pandemic. Older Americans reported fraud losses of $388 million through the third quarter of 2020, a 23% increase—but there are ways to safeguard assets.

U.K. Offers Tailored Cybersecurity Guidance to the Sports Sector (Homeland Security Today) Professional sports clubs in the U.K. have received coaching on how to reduce the risk of falling victim to cyber criminals.

Cybersecurity: Blaming users is not the answer (Tech Republic) A punitive approach toward employees reporting data breaches intensifies problems.

How CISOs can capitalise on their seat at the table (TechCentral) Promoted | Leading CISOs are using newfound influence in their organisations to build stronger security programmes. By doing so, they are actively improving their organisations’ security posture while delivering increased business value.

Cyber heroes: How security teams have scaled the popularity charts (teiss) Security professionals are turning into local heroes, even in the eyes of their IT colleagues

Free cyber alarms could stop threat of internet attacks (Bury Mercury) Businesses in the region are being encouraged to access a free tool designed to monitor cyber threats as internet attacks continue to...

Design and Innovation

Cybersecurity needs an API-first Revolution (TechTalks) By Patrick Coughlin While software is eating the world, it’s also siloing data along the way, stifling progress and innovation in the enterprise. Cybersecurity is woefully behind other industries i…

Research and Development

Unisys to Research Use of AI and ML to Detect Deceitful and Persuasive Writing for Australia's Defence and National Security Communities (AiThority) Unisys announced that the AI for Decision Making Initiative has awarded Unisys research funding to investigate using AI and ML to detect deceitful writing.

Unisys receives funding for new AI research project (Australian Defence Magazine) Unisys Corporation announced on Wednesday that the Artificial Intelligence for Decision Making Initiative has awarded Unisys research funding to investigate the use of AI and Machine Leaning to detect...

Army Seeks Security For ‘Smart’ Base Networks (Breaking Defense) How can the Army bring the Internet Of Things and 'Smart Cities' technology to its bases, without opening new avenues for cyber attack?

Academia

CSUF cybersecurity students test their ‘ethical hacking’ abilities (Orange County Register) A squad competes in a top collegiate cybersecurity competition that approaches the field from a hacker’s perspective.

KnowBe4 Partners With #GirlsClub to Offer Scholarships for Sales Leade (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced a new partnership with #GirlsClub to

Legislation, Policy and Regulation

The World Needs a Cyber-WHO to Counter Viruses in Cyberspace (Foreign Policy) A global body has helped poorer nations counter COVID-19, but less technologically advanced countries need a similar institution to protect against the coming plague of…

High-Profile Hacks Spark Calls for Global Cyber Response (Wall Street Journal) The challenges posed by modern cyber threats require international cooperation to solve, analysts and lawmakers say, but figuring out how to do that is the hard part.

Meet the cyber mercenaries – and the activists trying to stop them (The Telegraph) Activists have accused governments of misusing hacking tools to surveil journalists and campaigners

Opinion: Is it possible to control international cyberhacking? (Cincinnati Enquirer) The latest round of hacking into government agencies and private companies around the world came from Russia.

Cybersecurity strategy recognized in Semar and Sedena (Explica) The Secretariat of Navy-Navy of Mexico received from Brazil the Pro-Tempore Secretariat 2021-2022 of the Ibero-American Cyber Defense Forum in its fourth edition. Through this position, the agency, which is celebrating its 200th anniversary, will promote cooperation strategies regional regarding cyber defense, says the director of the Cybersecurity Unit of the agency, he capitan Miguel

China Releases Draft Personal Information Protection Law (The National Law Review) On Oct. 21, 2020, China published a draft of the Personal Information Protection Law (Draft) with a month-long public comment period. Once promulgated, the Personal Information Protection Law, along w

Chinese Huawei And ZTE Could Soon Be Out Of Game In India As Govt Mulls Action Plan To Secure Cyber, Telecom Infra (Swarajyamag) All gear and gadgets, including 5G mobile networks and supply chains, will soon be cleared by a Dy NSA led panel.

Brazil's Bolsonaro to allow China's Huawei in 5G auctions: Report (ETTelecom.com) Financial costs potentially worth billions of dollars and the exit of ally President Donald Trump from the White House are forcing President Jair Bols..

China to take counter-measure against Sweden over excluding Huawei, ZTE from 5G rollout (Global Times) China will “take all necessary measures” to firmly safeguard Chinese firms’ legitimate rights, in response to Sweden’s recent move to exclude China’s Huawei and ZTE from its 5G network rollout, China’s Commerce Ministry said on Thursday.

Biden administration faces mounting pressure to address SolarWinds breach (WENY) By Geneva Sands, Brian Fung and Zachary Cohen, CNN Despite announcing a thorough intelligence review of Russian misconduct, President Joe Biden's administration faces mounting pressure to...

Biden Faces Major Cybersecurity Challenges, Says Former NSA Director (Yahoo) General Keith Alexander, founder and co-CEO of IronNet Cybersecurity Inc, discusses whether the current U.S. government is ready to defend the national cybersecurity against foreign and domestic threats, as well as what President Biden's team will need to do to confront the challenges. He speaks with Emily Chang on "Bloomberg Technology."

()

Ransomware payouts are "propping up the system" (IT PRO) Attacks could decrease if the correct legislation is drafted, security experts suggest

Amazon could face a new union push and antitrust scrutiny under the Biden administration (CNBC) Amazon could be looking at antitrust reform, stronger privacy standards and a new push for workers' rights, among other issues, under the new administration.

Biden Has a Chance to Reshape Tech. Will He? (One Zero) Two schools of thought on the new administration

Departing US FCC chair warns of Chinese telecoms threats (South China Morning Post) Ajit Pai says there is a ‘wide array’ of activity from China that is of concern, including surveillance, espionage and malware.

Janet Yellen Will Consider Limiting the Use of Cryptocurrency (Wired) During her confirmation hearing, the Treasury nominee said that blockchain-based financial networks are “a particular concern.”

White House plans to select Rob Silvers, a Mayorkas ally, to lead DHS's cyber outfit (CyberScoop) The Biden administration plans to select Rob Silvers, a lawyer and former Department of Homeland Security official, to run the federal agency in charge of election security and stopping hacking threats to government networks, according to two people familiar with the matter.

Litigation, Investigation, and Enforcement

Biden Orders Intelligence Agencies to Assess SolarWinds Hack (SecurityWeek) U.S. President Joe Biden has instructed U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack, which fueled a global cyber espionage campaign.

Biden orders review of domestic violent extremism threat (AP NEWS) President Joe Biden has directed law enforcement and intelligence officials in his administration to study the threat of domestic violent extremism in the United States, an...

The Department of Homeland Security’s Epic ‘Intelligence Enterprise’ Failure (The National Interest) How is it that the DHS Intelligence Enterprise, with its billion-dollar budget and various federal assets, did not see the forthcoming attack on the U.S. Capitol and prevent it from happening?

The Internet Is a Crime Scene (Foreign Policy) How we conceptualize the role social media played in the Capitol siege will set the stage for information governance across the globe.

Over 140,000 prosecuted for cybercrimes since 2019 (ECNS) Procuratorates across China have since 2019 brought more than 50,000 prosecutions against 140,000 people suspected of cybercrimes, China's Supreme People's Procuratorate (SPP) said at a press conference Monday.

Intelligence Analysts Use U.S. Smartphone Location Data Without Warrants, Memo Says (New York Times) The disclosure comes amid growing legislative scrutiny of how the government uses commercially available location records.

Pentagon spy agency buys US smartphone data without warrant, memo says (Washington Examiner) At least some of the U.S. intelligence community purchases commercially available cellphone data containing location information from smartphone apps and uses that to search and track the movements of U.S. citizens without a grand jury subpoena or a court order, according to an unclassified memo.

Red-tagged UP alumni eye cyber libel, contempt charges vs AFP (Vera Files) Six of the University of the Philippines (UP) alumni who were tagged in the military’s social media posts as members of the New People's Army (NPA) are mulling to file cyber libel and contempt charges against Armed Forces and defense officials over the red-tagging brouhaha.

ICO resumes investigation into adtech industry (Computing) Critics say the adtech industry is guilty of multiple GDPR breaches

WSJ News Exclusive | Justice Department Weighs Amnesty for Academics to Disclose Foreign Funding (Wall Street Journal) Proposal comes as faculty members escalate opposition to criminal cases and the U.S. considers how to support international academic collaboration while making sure professors make disclosures.

New DOD Cyber Rules Create Fertile Bid Protest Grounds (Law360) Both federal agencies and government contractors should consider bid protest issues that may arise in the solicitation process from recently published Defense Federal Acquisition Regulation Supplement contract clauses implementing the U.S. Department of Defense cybersecurity certification requirements, say Lucas Hanback and Jeffery Chiow at Rogers Joseph.

EU lawmakers want Amazon, Apple, Facebook, Google CEOs at Feb. 1 hearing (Reuters) EU lawmakers have invited the chief executives of Amazon, Apple, Facebook and Alphabet to a Feb. 1 hearing in Brussels as they try to crack down on the powers of U.S. tech giants.

Italy tells TikTok to block users after death of young girl (Retuers) The Italian data privacy watchdog ordered video app TikTok on Friday to block the accounts of any users in Italy whose age it could not verify following the death of a 10-year-old girl who had been using the Chinese-owned app.

Petco Hit With Ill. Class Suit Over Photo Time-Tracking System (Law360) A former Petco employee has launched class claims against the company, claiming it implemented a time-tracking system that authenticates identities by collecting, storing and comparing photographic facial data in violation of Illinois workers' biometric privacy rights.

FTC fines three ticket scalping companies for illegally using bots (The Verge) It’s the first time the BOTS Act has been enforced.

Even Small Employers Have Data Protection Requirements Under the NYS “Shield” Act (Lexology) New York employers responding to the pandemic may have overlooked data privacy requirements that took full effect in March 2020 as part of the Stop…

ADT Tech Hacks Home-Security Cameras to Spy on Women (Threatpost) A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them.

Crate & Barrel Workers Seek Class Status In Finger Scan Suit (Law360) A former Crate & Barrel employee has asked an Illinois state court to certify a proposed class of workers who claim the houseware and furniture chain failed to meet the requirements of Illinois' biometric privacy law, saying all putative class members were subject to the same fingerprint timekeeping policy and practices.

Calif. Children's Hospital Sued Over Blackbaud Data Breach (Law360) California's largest children's hospital is facing a putative class action in federal court claiming it failed to protect nearly 20,000 patients' private medical information, which was swept up in a ransomware attack on its software provider Blackbaud Inc. last year.

Rudy Giuliani Sued by Dominion Voting Systems Over False Election Claims (New York Times) The suit against Mr. Giuliani, a lawyer for former President Donald Trump who pushed to overturn the election results, accuses him of carrying out “a viral disinformation campaign.”

Ex-CIA engineer tells judge he's incarcerated like an animal (AP News) A former CIA software engineer charged with leaking government secrets to WikiLeaks says it's cruel and unusual punishment that he's awaiting trial in solitary confinement, housed...