Security firms find SolarWinds compromise. Biden scolds Putin. Sudo's Baron Samedit bug. Europol downs Emotet. Fios is back up.

Cyber Attacks, Threats, and Vulnerabilities

Big Internet outages hit the East Coast, causing issues for Verizon, Zoom, Slack, Gmail (Washington Post) Internet outages and slowed services hit many areas of the East Coast just as the work and school day was ramping up Tuesday.

Internet recovers after massive outage; Verizon acknowledges 'issue' as source | WRAL TechWire (WRAL TechWire) Internet users across the northeast U.S. experienced widespread outages for several hours Tuesday, interrupting work and school because of an unspecified Verizon network issue. Here's an update.

Four security vendors disclose SolarWinds-related incidents (ZDNet) Mimecast, Palo Alto Networks, Qualys, and Fidelis confirmed this week they were also targeted during the SolarWinds supply chain attack.

More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack (SecurityWeek) Cybersecurity companies Mimecast, Qualys and Fidelis have confirmed being impacted by the SolarWinds attack.

Mimecast links security breach to SolarWinds hackers (BleepingComputer) Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month.

Mimecast confirms SolarWinds attackers breached security certificate, 'potentially exfiltrated' credentials - CyberScoop (CyberScoop) Email security firm Mimecast on Tuesday confirmed that the hackers behind the SolarWinds espionage campaign compromised a software certificate the firm uses to secure connections to Microsoft cloud services.

Ongoing Analysis of SolarWinds Impacts (Fidelis Cybersecurity) In this blog, I will provide you with the latest information we have on this as well as our efforts to date to investigate and determine if there has been any impact to our networks and data.

The massive SolarWinds hack and the future of cyber espionage (CNBC) In December, cybersecurity company FireEye discovered a massive hack that affected more than 18,000 customers of SolarWinds. Here's how it went down.

Hard lessons of the SolarWinds hack (The Verge) Cybersecurity reporter Joseph Menn on the massive breach the US didn’t see coming.

NAT Slipstreaming v2.0: New Attack Variant Can Expose All Internal Network Devices to The Internet (Armis) Armis and security researcher Samy Kamkar identify NAT Slipstreaming v2.0, a new Attack Variant That Can Expose All Internal Network Devices to The Internet.

10-years-old Sudo bug lets Linux users gain root-level access (ZDNet) The vulnerability, named "Baron Samedit," impacts most Linux distributions today.

New Linux SUDO flaw lets local users gain root privileges (BleepingComputer) A now-fixed Sudo vulnerability allowed any local user to gain root privileges on Unix-like operating systems without requiring authentication.

TeamTNT delivers malware with new detection evasion tool (AT&T Cybersecurity) AT&T Alien Labs™ has identified a new tool from the TeamTNT adversary group, which has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories.

SonicWall updates users after ‘highly sophisticated’ cyber-attack leverages zero-day vulnerabilities (The Daily Swig) Network security vendor releases further details of ‘coordinated’ assault

Urgent Security Notice: Probable SMA 100 Series Vulnerability [Updated Jan. 25, 2021] (SonicWall) SonicWall engineering teams continue their investigation into probable zero-day vulnerabilities with SMA 100 series products. SonicWall fully understands the urgency for information and guidance, which we’re committed to providing as we verify and confirm details. Below is updated guidance for SMA 100 series products. These steps should be adhered to until our next update.

New Year, New Version of DanaBot (Proofpoint) Proofpoint researchers discovered an updated version of DanaBot in the wild. DanaBot is a banking/stealer malware first discovered by Proofpoint in May 2018. There have been at least three significant versions of the malware...

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) (Qualys Security Blog) The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Any unprivileged user can gain root privileges…

LogoKit: Simple, Effective, and Deceptive (RiskIQ) RiskIQ is tracking a phishing kit aimed at simplicity of deployment and range of targeting. The overall phish kit, dubbed LogoKit, is designed to be fully modularized, allowing for easy reuse and adaptation by other threat actors.

Hacker using Telegram bot to sell Facebook users' data (Computing) The bot holds information on more than 500 million Facebook users

Ransomware hackers launder bitcoin through just a handful of locations, researchers find (CyberScoop) It’s starting to look like the ransomware industry is developing its own version of the 1%, where a small number of players enjoy most of the wealth.

Over 150 US election-related mobile apps found to be dangerous or malicious (Atlas VPN) The COVID-19 pandemic has forced many people to turn to the internet for information about the elections. Moreover, a large part of the population voted digitally. This shift created countless new attack vectors for cybercriminals. According to data presented by Atlas VPN, over 152 US election applications have infringement issues and 16 mobile apps have malicious code within them.

Mitsubishi Electric Multiple Products (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: Multiple Products Vulnerability: Predictable Exact Value from Previous Values 2.

Treck TCP/IP Stack (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Treck Inc. Equipment: TCP/IP Vulnerability: Heap-based Buffer Overflow, Out-of-bounds Read, Out-of-bounds Write The Treck TCP/IP stack may be known by other names such as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX.

Eaton EASYsoft (Update A) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.8 Vendor: Eaton Equipment: EASYsoft Vulnerabilities: Type Confusion, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-21-007-03 Eaton EASYsoft that was published January 7, 2021, to the ICS webpage on us-cert.cisa.gov.

Fuji Electric Tellus Lite V-Simulator and V-Server Lite (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator and V-Server Lite Vulnerabilities: Stack-based Buffer Overflow, Out-of-Bounds Read, Out-of-Bounds Write, Access of Uninitialized Pointer, Heap-based Buffer Overflow 2.

Beware fake Covid vaccination invites, NHS warns (BBC News) The NHS says any invitation which asks for vaccine payment or bank account details is a scam.

Symrise hit by cyber attack, warns of impact on growth, margins (Chemical Week) CEO says the attack in mid-December was "with blackmailing intent," operations back to normal following disruption.

Criminal rings loot billions in California jobless funds (KTVU FOX 2) Criminal rings stole over $11 billion in unemployment benefits from California last year and nearly $20 billion more is considered suspicious.

Report: Data Breach Exposed 323K Records Including Sensitive Court Files (Website Planet) On September 26th, 2020 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected

Einstein Health Network Warns Patients of Data Breach (NBC10 Philadelphia) The Einstein Health Network notified patients whose personal information may have been compromised in a data breach. NBC10 Responds and Tracy Davidson show you what you need to know about the breach so that you don’t become a victim.

North Carolina School System Sends Data Breach Notices (Government Technology) Haywood County Schools began the process of notifying employees their data may have been breached by a cybercriminal ring that hacked the school's servers in August.

Criminal, Domestic Violence Case Info Exposed in Cook County Leak (Threatpost) Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records.

Australian Corporate Regulator Discloses Breach Involving Accellion Software (SecurityWeek) Australian Securities and Investments Commission suffers cyber-incident related to Accellion software

Hospital in Belgium Forced to Redirect Patients Due to Cyberattack (TechNadu) A hospital in Tournai, Belgium, is dealing with a widespread malware infection that has affected 27% of its systems.

Violent Protests Erupted In India. Then Calls For Police To Shoot The Protesters Went Viral On Twitter. (BuzzFeed News) Twitter did not take “Shoot” off its trending topics for at least a couple of hours — after there was public outcry and after BuzzFeed News emailed asking for comment.

National Crime Agency warns novice and veteran traders alike of rise in clone company scams (ZDNet) The NCA says these schemes have already led to the theft of over £78 million.

How I almost fell for a COVID vaccine scam (Computing) The latest wave of social engineering attacks related to the pandemic are sophisticated, widespread and convincing - and I was nearly taken in

Security Patches, Mitigations, and Software Updates

Apple says iOS 14.4 fixes three security bugs ‘actively exploited’ by hackers (TechCrunch) The iPhone maker said attackers may have exploited the security flaws before they were patched.

Apple fixes another three iOS zero-days exploited in the wild (ZDNet) Fixes come after Apple patched another set of three zero-days last November.

Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day (SecurityWeek) Apple released emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting a pair of security vulnerabilities.

Cyber Trends

SOC Experts Report Obstacles in New Cyberbit Survey (BusinessWire) Cyberbit reveals the results of the first annual Cyberbit SOC Skills Survey.

Fraud epidemic 'is now national security threat' (BBC News) From credit card fraud to benefit fraud, the problem costs the UK up to £190bn a year, a report says.

Biometric data collection by country: What's collected, how is it used? (Comparitech) This study looks at the type of biometric data collected by 96 countries and how it is used. We've scored and ranked countries to see which are the most invasive of visitors' or citizens' privacy.

Increasing Need for Device Management Security Pushes IoT Security Services to US$16.8 Billion by 2026 (ABI Research) IoT is currently experiencing an increased demand in security services focused primarily around secure device management, network security, secure data hosting, over-the-air device management, and firmware updates will push IoT security services to US$16.8 billion by 2026, according to new research by global tech market advisory firm ABI Research.

Cisco Study Reveals Critical Role of Privacy Emerging from Global Pandemic (PR Newswire) News Summary: Global study finds significant privacy concerns stemming from the pandemic, fueled by rapid shift to remote work and the need to...

Microsoft Study IDs Top Remote-Work Concerns: Security, Training (Redmond Channel Partner) Phishing attacks, end user device security and training were among the top issues cited by respondents of Microsoft's survey on the effects of COVID-19 remote work conditions.

Marketplace

ARMO Emerges from Stealth with $4.5 Million to Infuse Visibility, Control and Security into Every Cloud-Native Workload (PR Newswire) ARMO, developers of a pioneering platform that inherently secures cloud-native workloads with in-memory protection coupled with built-in...

Ivanti to Acquire Cherwell to Enable End-to-End Service and Asset Management (Ivanti) The combination cements Ivanti’s position as the only Enterprise Service Management vendor to offer end-to-end service and asset management from IT to lines of business and from every endpoint to the IoT edge.

Deloitte Buys Cybersecurity Firm Root9B; Deborah Golden Quoted (GovCon Wire) Deloitte & Touche has acquired all the assets of Root9B for an undisclosed sum to add cybersecur

Deloitte bolsters cyber threat hunting capabilities with acquisition of Root9B (Help Net Security) Deloitte announced acquisition of substantially all the assets of Root9B to bolster its existing Detect and Respond cyber client offering.

Colorado Springs-based Cherwell Software to be sold to Utah company (Colorado Springs Gazette) Colorado Springs-based Cherwell Software will be acquired by Salt Lake City information technology security company Ivanti in a deal backed by two private equity investment firms, Ivanti announced Tuesday.

Source Defense Experiences over 250% Growth in 2020; Expands Global Footprint to Help Protect Retail, Financial Services and Healthcare Websites (PR Newswire) Source Defense, the market leader in website client-side security, announced today it achieved for the second year in a row over 250%...

Silicon Valley Investment Firm Profits From Surveillance States (Bloomberg) Francisco Partners invests in tech that governments use for both mundane and controversial purposes.

Speedo Billionaires Notch 530% Gain in a Year on Palantir Bet (Bloomberg) Rubin family made their fortune in sports apparel, footwear. They owned a $253.5 million stake at time of Palantir’s IPO.

YouTube extends Trump's suspension for a second time (CNET) The Google-owned platform first suspended Trump on Jan. 12.

Connecting People to Credible Information about the Holocaust off Facebook (About Facebook) Starting today, anyone who searches for terms associated with either the Holocaust or Holocaust denial, will see a message from Facebook connecting them with credible information.

Lefties furious! Facebook bans Socialist Workers Party as dozens of activists removed (Express) A SOCIALIST GROUP has been left furious after its official account was banned on Facebook and dozens of activists were removed without giving "a reason".

Facebook purges left-wing pages and individuals (World Socialist Web Site) On Friday, Facebook carried out a purge of left-wing, antiwar and progressive Facebook pages and accounts, including members of the Socialist Equality Party.

Facebook escalates attack on socialist left (World Socialist Web Site) Facebook is engaged in an escalating campaign of state-backed internet censorship targeting socialist organizations, including the International Youth and Students for Social Equality.

Ideas | India has its own Donald Trumps, but they’re still on Facebook and Twitter (Rest of World) If social media platforms can silence the most powerful office in the world, why can’t they do the same for India’s anti-Muslim politicians?

Invite-Only Social App Clubhouse Is Slowly Getting Pried Open (Bloomberg) Once a playground for early adopters, the private chat app is attracting tech leaders, celebrities and politicians—and the media attention that comes with them.

Former Google and Microsoft Executive Joins CloudSphere as CEO to Accelerate Company Growth (BusinessWire) CloudSphere, which provides governance across security posture, identity, compliance and cost management in the cloud, today announced the appointment

Illumio Appoints Shay Mowlem as Chief Marketing Officer (GlobeNewswire) Former Rubrik, MuleSoft, and Splunk Executive to Lead Global Marketing Strategy and Growth

Evolv Technology Names Palo Alto Networks Executive Dana Loof as CMO (Evolv Technology) Leading provider of AI-based touchless security screening systems appoints of Dana Loof, cybersecurity veteran, as chief marketing officer.

Products, Services, and Solutions

PC Matic Celebrates Ten Year Anniversary of its Patented Globally Automated Whitelist Technology (GlobeNewswire) Developed as alternative to legacy cybersecurity solutions; Continuously refined and modernized by a highly skilled team; Approach recommended by institutions such as the NSA and U.S. Department of Homeland Securi

Illusive Introduces Industry's First Fully Automated Active Defense Security Solutions with Advanced Integrations (PR Newswire) Illusive, a leader in active cyber defense, announced today the rollout of its automated detection and response partner ecosystem program. This...

Cygilant and SentinelOne Partnership Offers Businesses Automated Cybersecurity for the Endpoint and Cloud (Cygilant) Cygilant today announced its customers now have access to SentinelOne, the only cybersecurity solution encompassing AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous XDR platform.

Securonix Partners with Non-Profit Educator NextGen Cyber Talent to Train Future Generation of Cybersecurity Professionals (Yahoo) Securonix, Inc., a leader in Next-Gen SIEM, today announced it has partnered with non-profit education provider NextGen Cyber Talent to pilot a series of virtual training courses that will bring new and diverse talent to the cybersecurity field.

Startup Offers Free Version of its 'Passwordless' Technology (Dark Reading) Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won't be easy.

The National Credit Union ISAO and TruSTAR Announce Renewed Partnership (PR Newswire) Today, The National Credit Union ISAO announces its renewed partnership with TruSTAR, a leader in data-centric automation and management, to...

Netskope and Silver Peak Accelerate Network and Security Transformation with a Best-of-Breed, SASE-ready WAN Edge Solution (PR Newswire) Netskope, the leading security cloud, today announced new integration between Netskope Security Cloud Services powered by the NewEdge network,...

Owl Cyber Defense Announces Industry's First Embedded Hardware-Enforced Cybersecurity Modules (GlobeNewswire) Launches Pioneering Technology to Enable Rapid OEM Device Security Enhancement

Google Cloud Unveils New BeyondCorp Zero Trust Security Platform (CRN) Google Cloud's new BeyondCorp Enterprise is a new zero trust identity and security platform with agentless support delivered through Google’s Chrome browser

Akamai Wins Emmy® Award (PR Newswire) Akamai (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital experiences, today announced the Company will receive...

Group-IB Granted Innovation Excellence Award from Frost & Sullivan for Digital Risk Protection (PR Newswire) Group-IB, a global threat hunting and adversary-centric cyber intelligence company, was granted Innovation Excellence award for its Digital...

CloudKnox Security Bolsters Permission Management Platform with Support for Kubernetes Containers (BusinessWire) CloudKnox Security strengthens its industry-leading position by extending support for container workloads on Kubernetes.

Trustwave Launches New Referral Partner Program (Trustwave) Trustwave today announced the launch of a new global Referral Partner Program. The new program is now a permanent offering of the Trustwave partner engagement portfolio.

Technologies, Techniques, and Standards

Cloud Controls Matrix (CCM), a Cybersecurity Control Framework (Cloud Security Alliance) CCM is a meta-framework of cloud-specific security controls. It provides structure, detail and clarity relating to information security tailored to cloud computing.

Earning Trust in the 21st Century (Cloud Security Alliance) This paper addresses the technical, social, policy, and regulatory issues associated with creating trust frameworks in a Zero Trust world. Industry and government are called to solve issues in ways that continue to protect the right to a users’ privacy.

The SolarWinds Breach Is Shaking Up Incident Response (Data Center Knowledge) The attack exposed big weaknesses, creating an opportunity for enterprises to address them.

Are your Endpoints Affected by the SolarWinds Sunburst Attack? (Check Point Software) By Oleg Mogilevsky, Product Marketing Manager, Threat Prevention The SolarWinds Sunburst attack outburst has already affected 18,000 companies and

Firms weakening security by not policing user accounts, warns Sophos (IT World Canada) Failing to delete user accounts of former staff to prevent attackers from creating phony new accounts are opening entry points, security vendor Sophos warns

Fighting the Rapid Rise of Cyber Warfare in a Changing World (Dark Reading) Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.

Learn SAML: The Language You Don't Know You're Already Speaking (Dark Reading) Security Assertion Markup Language, a protocol most people use daily to log into applications, makes authentication easier for both admins and users. Here's what you need to know about SAML (and what it has to do with GoldenSAML).

Research and Development

Iran Tests Home-Grown Quantum Cryptography On Longer Distance (Kashmir Observer) Researchers at the Atomic Energy Organization of Iran (AEOI) have successfully tested a home-grown version of the quantum key distribution (QKD) technology on a relatively long distance of 1,650 meters.

A “no math” (but seven-part) guide to modern quantum mechanics (Ars Technica) Welcome to "The curious observer’s guide to quantum mechanics"–featuring particle/wave duality.

Academia

New class offers technology insight for Homeland Security (Federal News Network) Homeland Security’s Science and Technology Directorate recently launched a Hacking for Homeland Security effort. Its goal is to find or adapt new technologies needed for DHS missions.

Legislation, Policy and Regulation

The Indian Government Shut Down the Internet as Farmers Protest (Vice) India's government has shut down the internet more than 400 times in the last five years.

Is America prepared for a catastrophic cyberattack? (The Washington Times) Attacks intended to shut down financial systems, electricity, water supplies, transportation, communications — perhaps even the entire U.S. economy could happen. What’s the plan?

Is the SolarWinds Cyberattack an Act of War? It Is, If the United States Says It Is. (Lawfare) Cyberattack is an ill-defined area of international law, leaving questions as to when such an attack reaches the threshold for an act of war.

Biden Calls Putin ‘To Make Clear’ Where US Stands (Defense One) In a marked change, the president read off a list of grievances — and discussed the potential for additional nuclear arms controls.

Biden Has First Call With Russian President Vladimir Putin (Wall Street Journal) President Biden raised concerns about an array of issues including the detaining of opposition leader Alexei Navalny, the massive SolarWinds hack and reports of Russia offering bounties on American troops.

Biden calls Putin, brings up election interference, Russian aggression in Ukraine and New START treaty (Washington Post) President Biden called Russian President Vladimir Putin on Tuesday afternoon to discuss a litany of issues and to warn him that America would defend itself against “malign actions by Russia.”

The Cybersecurity 202: Biden denounces Russian hackers in call with Putin (Washington Post) President Biden's has taken a strong stand against Russian hackers during his first days in office.

Biden Presses Putin On Alleged Russian Bounties And Cyber Attack In Phone Call (Forbes) They also spoke about Alexei Navalny, Ukrainian sovereignty and a key arms control treaty, according to White House Press Secretary Jen Psaki.

Biden Commerce nominee vows to protect U.S. networks from Huawei, ZTE (Reuters) President Joe Biden's nominee to head the U.S. Commerce Department on Tuesday vowed to protect U.S. telecommunications networks from Chinese companies, but she refused to commit to keeping telecommunications giant Huawei Technologies on a U.S. economic blacklist.

Biden’s commerce secretary pick pledges a tough line on China but doesn’t detail how she’d deal with Huawei (Washington Post) Gina Raimondo said she would be part of a 'whole of government’ response to China’s ‘unfair’ trade practices

Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO - CyberScoop (CyberScoop) The former top cybersecurity official on Joe Biden’s presidential campaign said late Monday that he is now in charge of helping protect the federal government’s sprawling bureaucracy from hackers. Chris DeRusha, also a former White House cybersecurity official in the Obama administration, announced his appointment as the federal government’s new chief information security officer on LinkedIn.

7 things to know about Biden's cybersecurity team (Becker's Hospital Review) President Joe Biden is reportedly planning to appoint three officials from former President Barack Obama's administration to lead the country's cybersecurity division, according to Politico and CyberScoop.

Academics Say Section 230 Reform Is Still A Long Way Off (Law360) Academic experts expressed skepticism Tuesday that Congress has neared a workable solution to address concerns raised about Big Tech platforms' content moderation practices, saying schemes to create legal carveouts for certain categories of speech in the interest of limiting objectionable posts could actually create future problems.

States look for partnership (up, down, and sideways). (The CyberWire) This month the governors of the US states of Arkansas and Louisiana joined other cyber leaders at the National Governors Association's fourth biennial National Summit on State Cybersecurity to discuss "ways to improve the resilience of state systems, including schools, elections and other infrastructure." Louisiana Governor Edwards and Arkansas Governor Hutchinson co-chair the NGA’s Resource Center for State Cybersecurity, founded in 2012 to promote best practices. The NGA was founded in 1908 to connect US state and territorial governors. We were able to attend the open sessions of the Summit. Here's what the participants had to say.

Governors hear about the dangers of a lackluster cybersecurity response, need for FBI coordination (TechRepublic) At a national summit, Louisiana Gov. John Bel Edwards said before his state could test a cyberattack plan, five schools were hit with ransomware.

Litigation, Investigation, and Enforcement

World’s most dangerous malware EMOTET disrupted through global action (Europol) Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action.

House GOP Leaders To Probe Theft Of Iraq Refugee Visa Info (Law360) A pair of senior House Republicans will investigate an insider scheme to steal records from a refugee visa program for Iraqis who worked for the U.S. government, citing concerns that the plot "ran unnoticed for far too long."

Capitol Police apologizes, admits advanced intel showed Congress was target before insurrection (Fox News) U.S. Capitol Police apologized to Congress Tuesday for failing to meet its own standards to immediately secure the Capitol building "in the face of a terrorist attack by tens of thousands of insurrectionists determined to stop the certification of Electoral College votes."

Peeling Away the Privilege: Another Court Orders Production of Data Breach Investigation Report (JD Supra) A federal court recently added additional wrinkles to one of the most important aspects of responding to a data breach: a forensic investigative...

A Look at the Legal Consequence of a Cyber Attack (The State of Security) All businesses, but especially SME, must know about the legal consequences of a data breach and the available protection solutions.

‘Delete all phones’ — How one man killed communications at an Air Force base for weeks (Task & Purpose) Alan Daniels' sabotage at Whiteman Air Force Base took 702 man-hours at the cost of nearly $27,000 to fix over several weeks

Facebook Location Data Suit Sinks After Deadline Passes (Law360) A California federal judge has thrown out a proposed class action accusing Facebook of collecting location data against users' wishes after the plaintiff missed a deadline to file a new complaint in response to the judge's dismissal of the suit.

MPs accuse HSBC of aiding China's Hong Kong crackdown (BBC News) The bank's boss strongly rejects MPs criticism of "double-standards" over China's actions in Hong Kong.

Norway's Plan To Fine Grindr $12M Draws Call For FTC Action (Law360) The Norwegian Data Protection Authority announced its intent Tuesday to hit dating app Grindr with an $11.7 million fine for user privacy violations, in what would amount to the largest fine from the agency and which sparked calls from one U.S. consumer advocacy group for the Federal Trade Commission to follow suit with an action of its own.

Singtel retail consultant who sold details of customers for $180 gets more than 4 months' jail (The Straits Times) Kelvin Foo Cheek Ann used the money to pay off a drinking debt.. Read more at straitstimes.com.

Popeyes Hit With Proposed Class Action Over Biometrics (Law360) A proposed class of workers sued Popeyes and its parent company in Illinois state court Monday, alleging that the fast food chain collected and stored their fingerprints without obtaining their written permission.

Worker Says Jet's Pizza Finger Scans Violate Ill. Privacy Law (Law360) A Jet's Pizza worker has hit the chain with proposed class state court claims that the company's time-tracking practices violate its Illinois workers' biometric privacy rights, and that his employer dismissed the issue when he raised it with management.