Attacks, Threats, and Vulnerabilities
Chinese hackers disguised themselves as Iran to target Israel (MIT Technology Review) But they left a few clues that gave them away.
Facebook removes Russian network that targeted influencers to peddle anti-vax messages (Reuters) Facebook (FB.O) said on Tuesday it had removed a network of accounts from Russia that it linked to a marketing firm which aimed to enlist influencers to push anti-vaccine content about the COVID-19 jabs.
COVID-19 social media disinformation campaign sought to exploit TikTok, Instagram influencers (CyberScoop) A Russia-based disinformation push about COVID-19 vaccines wasn’t a traditional “influence” campaign, so much as it was partially a campaign on “influencers.” The subsidiary of a U.K.-registered marketing firm behind the effort, named Fazze, tried to spoon-feed popular accounts on Instagram, TikTok and YouTube a package of articles and instructions about the Pfizer vaccine, claiming that it obtained information about fatalities following a hack-and-leak operation.
REvil Master Key for Kaseya Attack Posted to XSS (Flashpoint) Flashpoint analysts have identified a post on the Russian language XSS Forum in which a threat actor operating under the alias of “Ekranoplan” posted a possible master key for REvil in a screenshot on Github.[1] Thus far, Flashpoint analysts have been able to attribute this key to restoration of data associated with the recent Kaseya ransomware attack, and are exploring whether there is broader applicability.
Kaseya's universal REvil decryption key leaked on a hacking forum (BleepingComputer) The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key.
At Least 30,000 Internet-Exposed Exchange Servers Vulnerable to ProxyShell Attacks (SecurityWeek) Roughly 30,000 — possibly many more — internet-exposed Microsoft Exchange servers are vulnerable to ProxyShell attacks.
The most dangerous (and interesting) Microsoft 365 attacks (CSO Online) APT groups are developing new techniques that allow them to avoid detection and exfiltrate hundreds of gigabytes of data from emails, SharePoint, OneDrive, and other applications.
A 5G Shortcut Leaves Most Phones Exposed to Stingrays (Wired) You may not have the full story about what network you're on—and how well you're protected.
Hackers steal $600m in major cryptocurrency heist (BBC News) Thousands of digital tokens have been stolen by hackers in one of the largest cryptocurrency heists.
Over $600 million reportedly stolen in cryptocurrency hack (BleepingComputer) Over $611 million have reportedly been stolen in one of the largest cryptocurrency hacks. Decentralized cross-chain protocol and network, Poly Network announced today that it was attacked with cryptocurrency assets having successfully been transferred into the attackers' wallets.
Record cryptocurrency heist valued at $600 mn - ET CIO (ETCIO.com) Poly Network put out a plea for the stolen Ethereum, BinanceChain and OxPolygon tokens to be shunned by traders running "wallets" for storing cryptocu..
At least $611 million stolen in massive cross-chain hack (The Block) Cross-chain protocol Poly Network has been hacked for $611 million. The team is calling for exchanges to block the stolen funds.
Hacker steals $600 million from Poly Network in biggest ever cryptocurrency hack (The Record by Recorded Future) An unidentified hacker has stolen more than $600 million worth of cryptocurrency from Poly Network, a decentralized finance (DeFi) platform based in China.
New AdLoad malware variant slips through Apple's XProtect defenses (BleepingComputer) A new AdLoad malware variant is slipping through Apple's YARA signature-based XProtect built-in antivirus tech to infect Macs.
AlphaBay Marketplace Re-emerges (Flashpoint) Flashpoint analysts are tracking the alleged re-emergence of AlphaBay, once the largest darknet marketplace and community in history.
Black market for fake vaccine certificates reaches new peaks, while Delta variant keeps spreading globally (Check Point Software) Check Point Research continues to monitor the dark marketplace in which COVID 19 Vaccine certifications are sold to anyone willing to pay. Prices have
Le géant du conseil Accenture mis sous pression par une attaque de ransomware (Le Parisien) Un groupe de hackers menace de publier sur le DarkWeb les données auxquelles il aurait accéder lors d’une cyberattaque avec demande de ranço
AllWorldCards Releases 1,000,000 Cards (Flashpoint) On May 31, 2021, a spokesperson for AllWorldCards published their first post on the cybercrime forum XSS announcing that they are open for business.
Crytek confirms Egregor ransomware attack, customer data theft (BleepingComputer) Game developer and publisher Crytek has confirmed that the Egregor ransomware gang breached its network in October 2020, encrypting systems and stealing files containing customers' personal info later leaked on the gang's dark web leak site.
Email Hack Results in Health Data Breach in NJ Lab (Health IT Security) An email hacking event led to a health data breach for one lab that provides testing for patients across the country.
Chanel Korea issues apology over customers’ leak of personal data (EconoTimes) Chanel Korea recently released an apology for the leak of its customers personal information. The company revealed through its apology letter that the leak happened due to a cyberattack.
Chanel Korea said that hackers...
US military personnel lost over $822 million to scams since 2017 (Atlas VPN) According to research conducted by Atlas VPN, US military members lost $822.1 million to different types of internet crime between 2017 and June 30, 2021. Military personnel filed more than 836,374 reports of fraud, identity theft, and other consumer concerns with the Federal Trade Commission (FTC).
Security Patches, Mitigations, and Software Updates
Microsoft Patch Tuesday: Windows Flaw Under Active Attack (SecurityWeek) Microsoft documented 44 Windows security flaws in its August 2021 update and warns of another zero-day attack in the wild exploiting CVE-2021-36948
Microsoft August 2021 Patch Tuesday fixes 3 zero-days, 44 flaws (BleepingComputer) Today is Microsoft's August 2021 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities and a total of 44 flaws, so please be nice to your Windows admins as they scramble to installed patches.
Microsoft to require admin rights before using Windows Point and Print feature (The Record by Recorded Future) Microsoft has released today a security update that will change the default behavior of the "Point and Print" feature to mitigate a severe security issue disclosed last month.
Microsoft Takes Another Stab at PrintNightmare Security Fix (SecurityWeek) After weeks of struggling to properly resolve security defects in the Windows Print Spooler utility, Microsoft is making a major default change to the way Windows interacts with the problematic Point and Print driver
Windows security update blocks PetitPotam NTLM relay attacks (BleepingComputer) Microsoft has released security updates that block the PetitPotam NTLM relay attack that allows a threat actor to take over a Windows domain.
Microsoft revives deprecated RDCMan after fixing security flaw (BleepingComputer) Microsoft has revived the Remote Desktop Connection Manager (RDCMan) app that was deprecated last year due to an important severity information disclosure bug the company decided not to fix.
SAP Security Patch Day August 2021: Critical Patches Released for Various Applications (Onapsis) With nineteen new and updated Security Notes, including three HotNews Notes and six High Priority Notes, this is a robust SAP Patch Day.
Adobe Warns of Critical Flaws in Magento, Connect (SecurityWeek) Adobe ships patches for 29 security vulnerabilities haunting users of its Connect and Magento software products.
Adobe fixes critical preauth vulnerabilities in Magento (BleepingComputer) Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect.
Firefox 91 Brings New Privacy, Security Improvements (SecurityWeek) Firefox 91 brings enhanced cookie clearing, HTTPS by default in private browsing, and patches for several high-severity vulnerabilities.
Siemens JT2Go and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JT2Go & Teamcenter Visualization
Vulnerabilities: Improper Check for Unusual or Exceptional Conditions, Out-of-bounds Write, Out-of-bounds Read
Siemens Automation License Manager (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.9
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Automation License Manager
Vulnerability: Uncontrolled Resource Consumption
Siemens JT2Go and Teamcenter Visualization products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: JT2Go & Teamcenter Visualization
Vulnerabilities: Use After Free, Out-of-bounds Write, Out-of-bounds Read, NULL Pointer Dereference
Siemens SINEC NMS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SINEC NMS
Vulnerability: OS Command Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated remote attacker with system privileges to execute arbitrary code on the system under certain conditions.
Siemens Industrial Products Intel CPUs (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: SIMATIC, SINUMERIK
Vulnerabilities: Missing Encryption of Sensitive Data
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to unauthorized access to sensitive data, privilege escalation, and configuration change.
Siemens Energy AGT and SGT Solutions (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SGT
Vulnerability: Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Siemens products are affected:
Siemens SIMATIC NET CP (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC
Vulnerabilities: Out-of-Bounds Read, Use After Free
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote attacker to access sensitive information and execute arbitrary code.
Siemens Solid Edge (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Siemens
Equipment: Solid Edge
Vulnerabilities: Improper Restriction of XML External Entity Reference, Use After Free, Access of Uninitialized Pointer
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead the application to crash, or to arbitrary code execution and data extraction on the target host system.
Siemens PROFINET Devices (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: PROFINET Devices
Vulnerability: Allocation of Resources Without Limits or Throttling
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-21-194-03 Siemens Profinet Devices that was published July 13, 2021, to the ICS webpage on us-cert.cisa.gov.
Siemens Industrial Products LLDP (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: Industrial Products
Vulnerabilities: Classic Buffer Overflow, Uncontrolled Resource Consumption
2.
Siemens Linux-based Products (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.4
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: Linux based products
Vulnerability: Use of Insufficiently Random Values
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-21-131-03 Siemens Linux-based Products (Update B) that was published July 13, 2021, to the ICS webpage on us-cert.cisa.gov.
Siemens SINAMICS Medium Voltage Products Remote Access (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SINAMICS Medium Voltage Products, Remote Access
Vulnerabilities: Improper Restriction of Operations Within the Bounds of a Memory Buffer, Access of Memory Location After End of Buffer, Uncontrolled Resource Consumption, Improper Initialization, Out-of-Bound Read, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Improper Null Termination
Siemens SINAMICS Medium Voltage Products Telnet (Update A) (CISA) 1. EXECUTIVE SUMMARY
--------- Begin Update A Part 1 of 3 ---------
CVSS v3 8.1
--------- End Update A Part 1 of 3 ---------
Siemens SCALANCE W1750D (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SCALANCE W1750D
--------- Begin Update A Part 1 of 2 ---------
Siemens TCP/IP Stack Vulnerabilities–AMNESIA:33 in SENTRON PAC / 3VA Devices (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SENTRON 3VA COM100/800, SENTRON 3VA DSP800, SENTRON PAC2200, SENTRON PAC3200T, SENTRON PAC3200, SENTRON PAC3220, SENTRON PAC4200
Vulnerabilities: Out-of-bounds Read, Out-of-bounds Write
2.
Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.9
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SIMATIC S7-300 CPUs and SINUMERIK Controller
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-315-04 Siemens SIMATIC S7-300 CPUs and SINUMERIK Controller that was published November 10, 2020, on the ICS webpage on us-cert.cisa.gov.
Siemens and PKE SiNVR/SiVMS Video Server (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendors: Siemens and PKE
Equipment: SiNVR/SiVMS Video Server
Vulnerabilities: Cleartext Storage in a File or on Disk, Path Traversal, Improper Input Validation, Weak Cryptography for Passwords
2.
Trends
Netacea | Businesses lose up to $250m every year to unwanted bot attacks (RealWire) Netacea research reveals the high cost of unwanted bot traffic
Manchester, UK – 11th August 2021—Netacea, the bot detection and mitigation specialist, today announced results from a new report that reveals the high price that businesses pay because of bot traffic
Ordr Releases 2021 Rise of Machines Report Highlighting Connected Device Security Trends and Threats During COVID (Ordr) Ordr "Rise of the Machines 2021: State of Connected devices -- IT, IoT, IoMT and OT” report highlights adoption risks and trends of connected devices during the pandemic last year.
Rise of the Machines 2021 (Ordr) Explore the Rise of the Machines 2021 Report. We profile the adoption and risks of all connected devices including IT, IoT, IoMT, and OT in Ordr deployments from June 2020 through June 2021.
Email Security in Finance (Mimecast) Financial services – including companies, investment firms, and fintech – have recently seen a major rise in digital transactions, mobile banking and overall email volume, driving them to add more scalable cloud-based systems to their core legacy systems, especially for email.
70% of Developers Concerned About Data Breach Due to Poor Access Controls, build.security Finds (GlobeNewswire News Room) In the wake of pervasive ransomware and the Kaseya cyberattack, new research...
New SecZetta Survey: 83% of U.S. Adults Cite Increased Third-Party Access as Catalyst for Surge in Data Breaches (Yahoo Finance) A new survey from SecZetta revealed 53% of U.S. adults lack confidence in the U.S. Government’s ability to thwart cyberattacks.
Marketplace
NortonLifeLock acquiring antivirus company Avast for up to $8.6 billion (NASDAQ:NLOK) (SeekingAlpha) NortonLifeLock (NLOK) shares gain nearly 3% after hours after the cybersecurity firm agrees to acquire Avast in a cash and stock merger worth up to $8.6 billion. Avast shareholders...
NortonLifeLock to buy Avast for over $8 billion (Computing) About 1,000 jobs are at risk
NortonLifeLock Agrees to Buy Cybersecurity Provider Avast (Wall Street Journal) The stock-and-cash deal, valued at between $8.1 billion and $8.6 billion, would expand NortonLifeLock’s reach into consumer software
NortonLifeLock and Avast PLC to merge in $8.4 billion transaction (ZDNet) The two companies said they will create a "new, industry-leading consumer Cyber Safety business."
NortonLifeLock and Avast to merge in $8 billion transaction (The Record by Recorded Future) Cyber-security firm NortonLifeLock announced today that it reached an agreement to merge with Czech antivirus maker Avast in a stock-based deal that could be worth between $8.1 billion to $8.6 billion.
Tessian Adds New Strategic Investors to Advance Security at the Human Layer (RealWire) Following its Series C fundraise in May 2021, leading Human Layer Security company Tessian announces that it has received strategic investment from Okta Ventures, Citi Ventures and Sozo Ventures as part of a Series C extension
OwnBackup Approaches $3.35 Billion Valuation with Series E Investment; Expands its Leading Cloud-to-Cloud Data Protection to Microsoft (OwnBackup) The company’s latest funding round includes investments from Alkeon Capital, B Capital Group, BlackRock Private Equity Partners, Tiger Global, Insight Partners, Salesforce Ventures, Sapphire Ventures, and Vertex Ventures
Blockchain Firm Magic Raises $27 Million To Become The Passport Of The Internet (Forbes) The present-day Internet is monopolized by a few Big Tech companies that we’ve come to rely on daily as we browse online, resulting in security and authentication paradoxes. Sean Li, Arthur Jen and Jaemin Jin have raised a $27M Series A to build future-proof authentication at scale.
Socure Announces Third Consecutive Record Quarter of Annual Recurring Revenue Growth as Demand Accelerates for Its Industry-leading Digital Identity Verification and Fraud Solutions (BusinessWire) Socure, the leading provider of digital identity verification and fraud solutions, today announced that it has achieved record financial results, refl
NSA Awards Secret $10 Billion Contract to Amazon (Nextgov.com) Much of the NSA’s most prized intelligence data may be moving to the cloud.
How George Kurtz has transformed CrowdStrike into a cybersecurity giant (Bollyinside) CrowdStrike CEO George Kurtz is fired up as his elite endpoint protection platform continues to win over customers, and he’s pulling no punches when it
Arctic Wolf Appoints President and Chief Revenue Officer Nick Schneider as Chief Executive Officer (Arctic Wolf) Co-founder and current CEO Brian NeSmith to serve as executive chairman of the Board
Exclusive: $4.3 billion cybersecurity firm names new CEO (Fortune) The cybersecurity firm Arctic Wolf is planning to go public in the coming months.
ThycoticCentrify Announces New Executive Leaders to Support Growth Strategy (PR Newswire) ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders...
Products, Services, and Solutions
Speedcast and HudsonCyber Team Up to Help Companies Regain Cyber Control (RealWire) Cybersecurity assessment solution developed by leading cyber community organization helps to meet compliance and regulatory requirements
TopRx Protects Business Continuity Through by Strengthening Its Security Posture with Check Point Software - Check Point Software (Check Point Software) Head of Global Customer Community & Market Intelligence, Check Point Software When a pharmaceutical distributor needed to expand
Google One VPN expands to Canada, Mexico, UK, and four other countries (9to5Google) The Google One VPN is now seeing an expansion to all of North American and five countries in Europe. Back in October, Google announced...
Threat Stack Releases New Alert Context Functionality (BusinessWire) Threat Stack today announced new alert context functionality to reduce mean-time-to-know (MTTK) within the Threat Stack Cloud Security Platform®.
Next Generation of Telos’ Cyber Risk Management Platform Streamlines Security Data Sharing for Faster Compliance Reporting and Approval (Telos Corporation) Telos® Corporation, a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, today announced the launch of Xacta® 360 1.7, the latest version of its cyber risk management and compliance analytics platform. This new version introduces Essential Data Exchange (EDE), an Xacta 360 capability that... Read more
Red Canary Partners with SentinelOne for Edge to Edge Next-Generation Security (BusinessWire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, today announced a new partnership with Red Canary, a leading provider of security
Technologies, Techniques, and Standards
PCI SSC and CSA push for businesses to properly scope cloud environments (Security Brief) In order to highlight the importance of properly scoping cloud environments, PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) have come together to release a joint bulletin.
How Understanding Cybercriminal Behavior Can Keep Your Company Safe (Innovation & Tech Today) Cybercriminals are experts at exploiting vulnerabilities. While security tools are constantly improving,
Design and Innovation
Apple can scan your photos for child abuse and still protect your privacy – if the company keeps its promises (Yahoo) If you have an Apple device and upload photos to iCloud, the company will use some clever math to sniff them for instances of child abuse – without actually looking at the photos. Vinicius "amnx" Amano/UnsplashThe proliferation of child sexual abuse material on the internet is harrowing and sobering. Technology companies send tens of millions of reports per year of these images to the nonprofit National Center for Missing and Exploited Children. The way companies that provide cloud storage for y
Hacking space on the horizon for 2023 (Medium) U.S. Space Force is working on a plan for security researchers to attempt to pwn a live satellite orbiting earth in Hack-A-Sat 4.
Legislation, Policy, and Regulation
Another tanker war? (Ahram Online ) Tensions grow in the Gulf as the Iran-Israel shadow war escalates, reports Ahmed Mustafa
Stop waiting for a “cyber Pearl Harbor” (Quartz) Politicians, military officials, and business leaders have been warning about a catastrophic cyberattack since 1991. But the real danger is the drumbeat of small hacks happening every day.
The Limits of Cyberoffense (Foreign Affairs) Why America struggles to fight back against nonstate cybercriminals
How GDPR Dictates to Handle Users Information Online (Novinite.com) The collection and processing of personal information from individuals living in the European Union are governed by the General Data Protection Regulation (GDPR). It is a legal framework providing the essential guidelines that need to be adhered to.
White House orders compliance with 'critical software' protection measures (FCW) The Office of Management and Budget directed agencies to comply with software supply chain security measures as set out in the May cybersecurity executive order.
Agencies have new deadlines to secure on-premise software (Federal News Network) OMB is giving them 12 months to implement the critical software protections outlined by NIST in July.
Senate includes over $1.9 billion for cybersecurity in infrastructure bill (TheHill) The Senate included more than $1.9 billion in cybersecurity funds as part of the roughly $1 trillion bipartisan infrastructure package approved Tuesday.
Senate Passes Bipartisan Infrastructure Bill (Wall Street Journal) The roughly $1 trillion package—one of the most substantial federal investments in roads, bridges and rail in decades—advances a central piece of President Biden’s economic agenda.
US Senate Sends Infrastructure Bill to House (CoinDesk) The Senate has voted in favor of a $1 trillion infrastructure bill that contains a crypto tax provision the industry fears is overly broad.
What's in the Bipartisan Infrastructure Investment and Jobs Act? (Committee for a Responsible Federal Budget) UPDATE 8/5: We have published a new summary of the bipartisan Infrastructure Investment and Jobs Act based on a recently published score from the Congressional Budget Office. UPDATE 8/4: We have updated this summary to include revised costs and estimates of proposed offsets based on a factsheet from the bipartisan group, estimates from the Joint Committee on Taxation, and legislative language.
Inside the White House-Facebook Rift Over Vaccine Misinformation (New York Times) Frustrations grew behind the scenes among top leaders on both sides, potentially hurting the government’s efforts to overcome the pandemic.
Litigation, Investigation, and Law Enforcement
Chinese court sentences Canadian Michael Spavor to 11 years in prison (Washington Post) A Chinese court on Wednesday sentenced Canadian businessman Michael Spavor to 11 years in prison, in a case widely seen as retribution for Canada’s arrest of a senior Huawei executive wanted by the United States.
Bolsonaro Prompts Fears of a Power Grab With Attacks on Brazil’s Voting System (New York Times) President Jair Bolsonaro’s attacks on Brazil’s voting system as his standing in the polls slips is drawing comparisons to the messy 2020 election in the United States.
NGO Files Hundreds of Complaints Over 'Cookie Banner Terror' (SecurityWeek) Online privacy campaigners have filed hundreds of complaints against websites and platforms in Europe over violations of rules on tracking cookies
The NYPD Had a Secret Fund for Surveillance Tools (Wired) Documents reveal that police bought facial-recognition software, vans equipped with x-ray machines, and “stingray” cell site simulators—with no public oversight.
Tucker Carlson’s Spying Allegations Being Investigated by National Security Agency Watchdog (Wall Street Journal) The Fox News host says the spy agency had improperly targeted his communications for surveillance.
Watchdog to review NSA following Tucker Carlson's spy claims (Washington Post) The National Security Agency’s internal watchdog said Tuesday it would investigate allegations that the agency “improperly targeted the communications of a member of the U.S. news media” following Fox News host Tucker Carlson’s claims that the NSA tried to shut down his show.
Review Related to Alleged NSA Targeting of a Member of the U.S. Media (Office of the Inspector General, National Security Agency, Central Security Service) The National Security Agency Office of the Inspector General (OIG) announced that it is conducting a review related to recent allegations that the NSA improperly targeted the communications of a member of the U.S. news media. The OIG is examining NSA’s compliance with applicable legal authorities and Agency policies and procedures regarding collection, analysis, reporting, and dissemination activities, including unmasking procedures, and whether any such actions were based upon improper considerations. If circumstances warrant, the OIG will consider other issues that may arise during the review
Colorado is investigating how Mesa County's election system passwords ended up on the internet (The Colorado Sun) The breach included specific passwords from Mesa County's voting equipment, Colorado Secretary of State Jena Griswold said in a statement
The con is winding down (Washington Post) Allow me to present to you the evidence that China stole the 2020 election. Please sit down; I don’t want you to be injured when you faint.
Whistleblower Is Awarded Over $3.5 Million in Juniper Bribery Case (Wall Street Journal) The SEC awarded more than $3.5 million to a whistleblower whose tip helped it expand an existing investigation that led to civil bribery charges against Juniper.
UPMC to Pay $2.65M to Settle Data Breach Case (Infosecurity Magazine) Settlement reached over 2014 data breach at the University of Pittsburgh Medical Center