Cyber Attacks, Threats, and Vulnerabilities
Operation NightScout: Supply‑chain attack targets online gaming in Asia (WeLiveSecurity) ESET research uncovers a supply-chain attack compromising the update mechanism of NoxPlayer and used in a cyberespionage operation against gamers in Asia.
A New Software Supply‑Chain Attack Targeted Millions With Spyware (The Hacker News) Software Supply‑Chain Attack Distributed Spyware to Millions of Android Emulator Users
How America’s Power Grid Is Vulnerable To Undetected Cyberattack (Forbes) On May 1, 2020, President Trump signed Executive Order 13920 which directed utilities not to purchase bulk power systems from “adversaries.” It is believed this order was the result of what was found in a WAPA transformer at the Ault substation outside Denver in the summer of 2019.
IoT Supply Chain Vulnerability Poses Threat to IIoT Security (IoT World Today) The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
Hackers are exploiting a critical zero-day in devices from SonicWall (Ars Technica) "Highly sophisticated threat actors" exploit flaws in coordinated attack on SonicWall.
Researchers Spot SonicWall Exploit in the Wild (Infosecurity Magazine) NCC Group urges customers to check logs
Microsoft tracked a system sending a million malware emails a month. Here's what it discovered (ZDNet) Emerging attacker email infrastructure now sends over a million malware-laden emails each month.
Sprite Spider emerging as one of the most destructive ransomware threat actors (CSO Online) Having flown under the radar for several years, the Sprite Spider group is using a ransomware code suite that is effective and hard to detect.
New CTV Fraud Scheme Dwarfs Previous Attacks (Double Verify) DV’s Fraud Lab recently identified and blocked the biggest CTV fraud scheme to date, ParrotTerra.
ESET discovers Kobalos: tiny yet complex Linux threat attacking supercomputers (PCR) ESET researchers are reported to have discovered Kobalos, a malware that has been attacking supercom
Vue to a kill: XSS vulnerability in Vue.js revealed (The Daily Swig) Flaw in popular developer tool only addressed after researchers spill the beans
Report: American Cable and Internet Giant Comcast Exposed Development Database Online (Website Planet) On December 1st, 2020 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected
Personal data of 1.4 million Washington unemployment claimants exposed in hack of state auditor (Seattle Times) The personal unemployment claims data of at least 1.4 million Washingtonians may have been stolen in a hack of software used by the state auditor’s office, Auditor Pat McCarthy said Monday.
About the Accellion data security breach (Office of the Washington State Auditor) What you need to know The information on this page was last updated: 02/01/2021 8:45 AM The Office of the Washington State Auditor (“SAO”) was recently made aware of a security breach […]
Accellion Provides Update to Recent FTA Security Incident (Accellion) Legacy FTA product nearing end-of life was the target of a sophisticated cyberattack. Accellion has patched all known FTA vulnerabilities.
Accellion cyber incident (ASIC - Australian Securities and Investments Commission) On 15 January 2021, the Australian Securities and Investments Commission (ASIC) became aware of a cyber security incident affecting a server used by ASIC.
Reserve Bank response to illegal breach of data system (Reserve Bank of New Zealand) The Reserve Bank of New Zealand – Te Pūtea Matua continues to respond with urgency to a breach of a third party file sharing service used to share information with external stakeholders.
Bring Your Own Command & Control (BYOC2) (Huntress) Sometimes hackers can be overly confident in their malware. Take a journey with us through a malware sample that contains no obfuscation whatsoever.
The mystery of the missing Perl website (Naked Security) A long-running domain supporting the popular programming language Perl has suddenly vanished. We don’t yet know how or why.
DarkMarket’s seizure: the decline of the marketplace? (Digital Shadows) In this blog we'll dive into the cybercriminal community's reaction to the recent seizure of DarkMarket and ask why this news has not had the impact some might have expected.
After Joker’s Stash Closes, What Comes Next? (BankInfo Security) Other darknet marketplaces are apparently preparing to fill the underground economy's need for a steady stream of stolen payment card data if the Joker's Stash site
The dark web in 2021: Should enterprises be worried? (SearchSecurity) When the dark web entered public consciousness in the early 2010s, it was widely treated as the sinister underbelly of the internet. While some of that reputation is warranted, some of it isn't, and determining whether enterprises need to pay attention to it is a likewise complicated question.
Hospitals Suffer New Wave of Hacking Attempts (Wall Street Journal) Persistent threats come from ransomware gangs, financial scammers and hackers backed by nation-states, current and former hospital security chiefs say.
Montefiore Notifies Patients About Security Breach & Potential Identity Theft (PR Newswire) Today, Montefiore Medical Center is notifying some patients about a security breach involving information illegally accessed by a former...
IT-Sicherheit : Mehr als eine Billion Dollar Schaden: Welche Cyberangriffe in der Coronakrise Erfolg haben (Handelsblatt) Ein Termin für die Impfung – wen interessiert das nicht? Cyberkriminelle nutzen die Coronakrise als Köder. Ausgerechnet junge Nutzer sind besonders naiv.
Data on 3.2 million DriveSure clients exposed on hacking forum (SC Media) The information leaked was prime for exploitation by other threat actors, especially for insurance scams.
DDoS Extortion Groups Make New Ransom Demands as Bitcoin Price Surges (CPO Magazine) Radware reported that customers initially hit with DDoS ransom demands received new DDoS extortion letters threatening them with DDoS attacks if they failed to pay up.
Pay-or-get-breached ransomware schemes take off (Urgent Communications) The pay or get breached ransomware trend — also known as the double extortion scheme — took off in 2020, despite the prolific Maze Team's Nov. 1 announcement that it would be discontinuing operations.
European volleyball org's Azure bucket exposed reporter passports (BleepingComputer) A publicly exposed cloud storage bucket was found to contain images of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world.
Serco confirms Babuk ransomware attack, Test and Trace not impacted (Computing) The attack hit only mainland European operations, Serco claims
Outsourcing giant Serco hit by ransomware attack (IT PRO) Cyber criminals deployed the Babuk ransomware to encrypt more than 1TB of data belonging to the firm behind NHS Test and Trace
Rotterdam alerts residents of data breach (WRGB) The town of Rotterdam is reporting a data breach Monday night they say left residents at risk of having their personal, private information solicited. MORE:Colonie woman arrested, accused of months long credit card fraudOfficials are warning anyone who received an email asking for their driver’s license number or Social Security number to not respond -- and instead call Rotterdam Police and report it. The town says the data breach happened this past Friday.
Vulnerability Summary for the Week of January 25, 2021 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
Tessian | 4 in 5 people are sharing too much information on social media, making them vulnerable to cyber attacks (RealWire) New research from Tessian reveals the extent to which people post online and how hackers exploit this information for sophisticated social engineering attacks
Cyber Trends
Data Security and Privacy Predictions for 2021 (O'Melveny) 2020 was unprecedented. With the COVID-19 pandemic, large-scale nation-state cyber intrusions, and tensions with China over technology, new data security and privacy issues emerged rapidly. With a new administration, there undoubtedly will be new approaches to addressing these issues in the coming year. Here are six trends you can expect in 2021.
Political Campaigns Face Tough Security Challenges (Decipher) The short lifespans and limited budgets of political campaigns adds to the security challenges they face as advanced adversaries target them.
https://containerjournal.com/topics/survey-sees-spike-in-container-adoption-on-kubernetes-platforms/ (Container Journal) A survey of 156 attendees at the recent virtual KubeCon North America 2020 conference suggests the rate at which containers are deployed on Kubernetes clusters is accelerating.
Australians lost a record $176 million from 216 thousand scams in 2020 (Atlas VPN) Scam damages in Australia have been steadily growing in the last 4 years. However, last year’s losses surged by more than two times. The reason being, millions of people shifted towards remote work and, in turn, created many new attack vectors for cybercriminals.
Marketplace
IntelliGenesis LLC acquires CybatiWorks™—Acquisition Geared at Strengthening the Nation’s Cyber-Physical Capabilities for Critical Infrastructure, ICS, IoT, and IoTT (PRWeb) February 1st, 2021, Columbia-based Veteran-Owned and Woman-Owned Small Business, IntelliGenesis LLC, acquired Illinois-based Cybati to expand its capabilit
Augusta cybersecurity firm acquires cyber education company (Augusta Chronicle) IntelliGenesis deal with Cybati expected to enhance its training capabilities.
Weights & Biases raises $45M for its machine learning tools (TechCrunch) Weights & Biases, a startup building tools for machine learning practitioners, is announcing that it has raised $45 million in Series B funding. The company was founded by Lukas Biewald, Chris Van Pelt and Shawn Lewis — Biewald and Van Pelt previously founded CrowdFlower/Figure Eight (acquired …
Sontiq™ Announces Definitive Agreement to Acquire Cyberscout® the Leading Cyber Products and Services Provider to the Insurance Industry (BusinessWire) Sontiq signs definitive agreement to acquire Cyberscout, adding to market-leading Intelligent Identity Security solutions IdentityForce and EZShield.
Akamai Buys IoT Security Vendor Inverse To Better Spot Devices (CRN) Akamai has purchased Inverse to better identify IoT and mobile devices such as internet-enabled HVAC, lighting systems, medical equipment, robotics and printers in enterprise environments.
Elron Electronic Industries : Announces Sale of Alcide to Rapid7 (MarketScreener) Translation of Immediate Report Filed by Elron on January 31, 2021 with the Israeli Securities Authority
Tel-Aviv, January 31, 2021 - Elron Electronic Industries... | February 2, 2021
Cognyte to Ring the Nasdaq Stock Market Opening Bell (PR Newswire) Cognyte (NASDAQ: CGNT), a global leader in security analytics software that empowers governments and enterprises with Actionable Intelligence...
Kountable Secures Funding in Series A-1 Led by Lateral Capital to Laun (PRWeb) Kountable, the leading global trade and technology platform, today announced additional funding in Series A-1 led by Lateral Capital. Additional investors
Root9B, Fidem in Cybersecurity M&A Round-Up for January 2021 (SecurityWeek) A dozen cybersecurity-related acquisitions were announced in January 2021, including some by major companies such as Deloitte, Accenture and Atos.
Nozomi Networks Tops 100% Revenue Growth (Nozomi Networks) Fueled by 2020’s accelerated pace of industrial digitization, the company’s market share hit 50% in key industrial verticals
Thycotic Records Strong Momentum for Cloud-based Privileged Access Management (PR Newswire) Thycotic, a provider of privileged access management (PAM) solutions to more than 12,500 organizations worldwide, including 25 of the Fortune...
Aryaka’s Cloud-First approach to secure business connectivity accelerates EMEA growth (ResponseSource Press Release Wire) Secures $10M subscription contract in financial services sector along with several multi-million dollar deals London, UK. - February 2, 2021 - Aryaka Networks, the leader in fully managed Cloud-First...
Can This Cybersecurity Play Become a Growth Stock in 2021? (The Motley Fool) This cybersecurity stock is showing signs of life after years of underperformance.
Why Zscaler (ZS) is Poised to Beat Earnings Estimates Again (Yahoo) Zscaler (ZS) has an impressive earnings surprise history and currently possesses the right combination of the two key ingredients for a likely beat in its next quarterly report.
As Google eyes Australia exit, Microsoft talks Bing with PM (Reuters) Software giant Microsoft Corp is confident its search product Bing can fill the gap in Australia if Google pulls its search over required payments to media outlets, Prime Minister Scott Morrison said on Monday.
Pause in Corporate PAC Spending Triggers Political Pushback (Wall Street Journal) Lawmakers say companies’ suspension of campaign donations puts business priorities at risk.
Facebook offering users prompt to counter Apple's privacy moves (NASDAQ:FB) (SeekingAlpha) Facebook (FB +1.5%) - locked in an increasingly tense battle with Apple (AAPL +2.2%) over privacy-related changes for mobile users - will add an in-app prompt intended to inform users...
WSJ News Exclusive | Robinhood Raises Another $2.4 Billion From Shareholders (Wall Street Journal) The $3.4 billion raised since last Thursday is more than the company has raised in its entire prior existence.
Robinhood plummets back down to a one-star rating on Google Play (The Verge) 1.1 star, technically speaking
Clubhouse stock skyrocketed after Elon Musk tweeted about an unrelated social media app of the same name (Business Insider) Shares of Clubhouse Media Group, an influencer marketing company, rallied after Elon Musk tweeted about a different company.
EVOTEK Announces Justin Tibbs as Chief Engineering Officer, Increasing the Focus on Cybersecurity in Hybrid-IT Environment (PR Newswire) EVOTEK (www.evotek.com), the nation's premier enabler of secure digital business, announced today that Justin Tibbs, has joined EVOTEK as Chief...
Archtis expands its executive management team to scale business growth and customer base (Proactiveinvestors UK) New global COO and US president Kurt Mueffelmann brings over 25 years of technology leadership to the company and will define and oversee archTIS's...
William P. Crowell, Former Deputy Director of the National Security Agency, Joins LookingGlass Advisory Board (GlobeNewswire) Industry Veteran Brings Enormous Expertise across IT, Security, and Intelligence Systems
Precisely Expands Leadership Team Following Delivery of Industry’s First Data Integrity Suite (BusinessWire) Precisely, the global leader in data integrity, today announced the appointments of Pat Collins, Anjan Kundavaram and Sue Bergamo to its leadership te
Huawei official speaks out on why he resigned after The Post reported the tech giant had worked on a ‘Uighur alarm’ (Washington Post) Tommy Zwicky, the face of Huawei in Denmark, says he could no longer look at himself in the mirror
Products, Services, and Solutions
As Demand Increases for Cybersecurity, Defendify Innovates and Expands (PRWeb) Throughout the pandemic, Defendify, the all-in-one, award-winning cybersecurity platform, sees significant increase in new users as they continue to inno
Remote Review Pioneer HaystackID(TM) Announces Release of Cutting-Edge 3.0 Security Enhancements to Its Review Technology (Stockhouse) New security features are among the most advanced in data and legal review market
Cryptomathic and Connective Partner to Deliver e-Signature and e-Sealing Services Globally (Cryptomathic) Organizations around the world can now access multi-jurisdictional advanced and qualified remote e-signature and e-sealing services from a single source.
IRONSCALES New Product Release Strengthens Advanced Phishing Threat De (PRWeb) IRONSCALES, the pioneer of self-learning email security, today announced new platform features as part of its new release to further improve the com
Acronis empowers resellers and service providers with new cloud-focused #CyberFit Partner Program (Acronis) For information about Acronis and Acronis' products or to schedule an interview, please send an email or get through to Acronis' representative, using media contacts.
MontaVista Partners with Mercury Systems Inc. to Provide Hardened Linux support for the Aerospace & Defense Market (PR Newswire) MontaVista® Software, LLC, a leader in commercial Embedded Linux® products and services, today announced the availability of MontaVista's...
One Identity Enables Identity-Centric Security Through New SaaS IGA and PAM Solutions (One Identity)
Full power of One Identity Manager and One Identity Safeguard are available via SaaS through the One Identity Cloud, enabling a cloud-based identity security strategy
New offerings deliver cloud without compromise for IGA and PAM
Cloud-based of...
Tempered Networks Launches Airwall Teams: Free, Zero Trust Remote Access and Private Network Solution (News Direct) Industrial-Strength Private Overlay Network Secures Any Device, Anywhere in the World
Simon Says On-Prem: The Most Secure Transcription Platform in the World (PRWeb) Simon Says, the leading timecode-based AI transcription and video assembly platform for video professionals, released Simon Says On-Prem v2, its self-c
Palo Alto Networks to thwart IoT threats in healthcare with latest offering (ITP Net) Palo Alto Networks' IoT Security solution uses machine learning, crowd-sourced telemetry and MDS2 data to quickly and accurately profile devices and stop threats
Check Point Software partners with Scottish Business Resilience Centre to support incident response helpline for SMEs - Scottish Business News (Scottish Business News) Check Point is the first cyber-security vendor to join the SBRC’s Cyber Incident Response Cadre of partners, helping organisations to recover quickly from attacks. Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber-security solutions globally, has today announced that it has partnered with the Scottish Business Resilience Centre (SBRC) to support its new cyber […]
Intel Teams with Cybereason to Fight Ransomware at the CPU Level (TechSpective) Ransomware has emerged in recent years as one of the most pervasive and effective cyber threats. It is generally easy to automate and execute ransomware
CMMC Center of Excellence Announces Engagement Agreement with Titania Ltd (Yahoo) Pioneers in Security Assessments, Audits & Remediation
Zensar launches integrated Digital XDR solution to counter new and emerging threats; Stock trades flat (IIFL Securities) Zensar’s XDR as a Service is a fully managed service model combining scalability with a strong and secure hosted service.
Cymulate and Microsoft deliver security validation and operational efficiencies to customers (Help Net Security) Cymulate has joined the Microsoft Intelligent Security Association and has integrated Cymulate with Microsoft Defender for Endpoint.
PAS Releases Sensor and Data Integrity (PAS) New capability ensures configuration data integrity and signal tracing to improve process safety, reduce cyber risk and support digital transformation
Owl Cyber Defense Announces AS9100D Certification (Owl Cyber Defense) Data Diode Cybersecurity & Cross Domain Solutions
Wickr To Enable Secure, Cross-Platform Collaboration and Compliance (BusinessWire) Wickr Inc., the world’s most secure collaboration platform, today announced the general availability of “Global Federation”, a feature that will allow
Sumo Logic Achieves FedRAMP-Moderate Authorization (GlobeNewswire) Sumo Logic’s FedRAMP-Moderate Authorized Continuous Intelligence Platform™ Expands the Ability to Deliver Real-time Analytics to the Public Sector
Threat Stack Announces Context Enrichment for AWS EC2 Instances (BusinessWire) Threat Stack today announced new capabilities that help security teams quickly detect and remediate threats in cloud infrastructure.
Technologies, Techniques, and Standards
2021: What’s Ahead from NIST in Cybersecurity and Privacy? (NIST) In 2020, NIST prioritized helping individuals and organizations shift to a more online environment to keep people s
Can Third-Party Security Programs Prevent the Next SolarWinds? (Security Boulevard) While the U.S. government was focused on election security last year, unbeknownst to senior American officials a secret cyber espionage campaign by a major nation-state adversary of unprecedented magnitude was already underway – lethal, stealthy and undetected.
Does Einstein need a post-SolarWinds makeover? (FCW) A marquee program designed to protect the government against cybersecurity threats is facing new scrutiny in the wake of Solar Winds Orion breach, but analysts say the program was unlikely to have ever stopped the hacking campaign.
The U.S. Spent $2.2 Million on a Cybersecurity System That Wasn’t Implemented — and Might Have Stopped a Major Hack (ProPublica) The software company SolarWinds unwittingly allowed hackers’ code into thousands of federal computers. A cybersecurity system called in-toto, which the government paid to develop but never required, might have protected against this.
How a Common Misconfiguration Led to Over 30 Critical Findings (Bishop Fox) Nate Robb discusses how continuous attack surface testing (CAST) found a new vulnerability that served as a pivot point to identifying more critical risks.
How decision-making psychology can improve incident response (CSO Online) Challenging biases and engaging in regular drills can keep your incident response team sharper than once-a-year wargames.
Cybersecurity pros should switch from Indicators of Compromise to Indicators of Behavior (TechRepublic) Security experts suggest using IOBs to move from reacting to a cyberattack to preventing the incident.
Design and Innovation
What is FIDO? How this initiative aims to make passwords obsolete (CSO Online) The FIDO Alliance is an industry association that promotes the use of public-key cryptography to bring strong authentication to the Web.
Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs (SC Media) Despite increased perceptions about the value of cyber threat intelligence, many businesses and industries still struggle to define what it actually means to them: which capabilities to incorporate, and how to do the ground level planning necessary to support the telemetry and technological tools they put in place.
Research and Development
DARPA Announces Results of First Hardware Bug Bounty (Homeland Security Today) After three months of reviewing more than 13,000 hours of hacking exploits conducted by more than 580 cybersecurity researchers, DARPA has announced that its Finding Exploits to Thwart Tampering (FETT) Bug Bounty successfully proved the value of the secure hardware architectures developed under its System Security Integration Through Hardware and Firmware (SSITH) program while pinpointing critical areas to further harden defenses.
DARPA’s First Bug Bounty Program Highlights Security Successes, Weaknesses (Meritalk) The Defense Advanced Research Projects Agency (DARPA) announced that its first bug bounty program has “proved the value of the secure hardware architectures developed under [DARPA’s] System Security Integration Through Hardware and Firmware (SSITH) program while pinpointing critical areas to further harden defenses.”
Academia
$4 million grant will help teach computer coding skills to rural Missouri students // Show Me Mizzou (University of Missouri) University of Missouri program earns grant to help advance STEM education in underserved Missouri school districts.
South Carolina National Guard, UofSC Aiken take next step toward enhancing cyber initiatives in South Carolina (DVIDS) Representatives from the South Carolina National Guard and University of South Carolina Aiken (UofSC Aiken) signed a memorandum of understanding (MOU) at the UofSC Aiken campus Feb. 1, 2021, in support of the development of a new South Carolina National Guard readiness center with a focus on enhancing cyber initiatives in the state.
Legislation, Policy, and Regulation
Amid military coup, Myanmar's internet is partially blacked out (CyberScoop) Internet connectivity dropped precipitously in Myanmar on Monday as the military seized power, likely the result of the government shutting down access in a move that drew condemnation from President Joe Biden and digital freedom activists.
Myanmar coup: Joe Biden threatens to resume sanctions (the Guardian) US president calls for international solidarity in confronting generals who have seized power in country
Secretary Antony J. Blinken With Andrea Mitchell of MSNBC Andrea Mitchell Reports (United States Department of State) QUESTION: We see the Russian people are out and protesting against Vladimir Putin. There have been many arrests, thousands braving these sub-freezing temperatures. Alexei Navalny’s wife was detained protesting against his arrest and, of course, previously his poisoning by Russian authorities. You have condemned this, and the Russians have responded saying that this is gross […]
State’s New Cyber Office Brings Up Old Congressional Turf Issues (Nextgov.com) The House Homeland Security Chair and new Cybersecurity subcommittee leader say any cyber diplomacy should also tap CISA’s expertise.
Cyber espionage is not cyber attack (C4ISRNET) A expert explains how a recent giant hack is a classic case of espionage that differs from a true cyberspace attack.
SolarWinds Breach Shows Why Cybersecurity Whistleblowers Need Protection (Bloomberg Law) The 117th Congress should prioritize enacting a cybersecurity and data privacy whistleblower protection law. Zuckerman Law attorneys say the SolarWinds breach serves as a stinging reminder that we continue to ignore these whistleblowers to the detriment and peril of our national security and economy, as well as the security of our personal, sensitive data.
Trusting the Vote: Establishing a Presidential Commission on Election Resilience and Trust (Alliance For Securing Democracy) ASD’s Elections Integrity Fellow David Levine and the Center for Democracy and Technologies' Senior Technologist in Elections and Democracy William T. Adler urge President Biden to establish a bipartisan presidential commission to recommend ways to restore public trust in democracy.
Introduction
The deadly events of January 6, 2021 have made it abundantly clear that
Disruptive by Design: Transcending Cyber (SIGNAL Magazine) The Defense Department has an information warfare (IW) problem. There's no organization within the department that directs, synchronizes and coordinates IW planning and operations.
Letitia Long, Larry Hanauer: New Administration Poses Intell Community Revitalization Opportunities (GovCon Wire) Intelligence and National Security Alliance executives Letitia ‘Tish’ Long and Larry Hanauer noted s
How the NSC can better tackle emerging technology threats (Brookings) Surveillance cameras are seen in front of a Huawei logo in Belgrade, Serbia, August 11, 2020. REUTERS/Marko Djurica Technology is fundamentally altering the security landscape. Rapid and profound a…
Bipartisan bill would help domestic abuse survivors bypass mobile surveillance (CyberScoop) There's a new bill on Capitol Hill aimed at helping domestic violence victims bypass partner surveillance and safely leave shared phone plans.
European Data Protection Board Issues Guidelines On Examples Regarding Data Breach Notification (Mondaq) On 14 January 2021 the European Data Protection Board (EDPB) adopted Guidelines 01/2021 on Examples Regarding Data Breach Notification, ("Guidelines").
Paul M. Abbate Named FBI Deputy Director (US Federal Bureau of Investigation) Director Christopher Wray has named Paul M. Abbate as the deputy director of the FBI.
Litigation, Investigation, and Law Enforcement
No indication of Govt systems being adversely affected by SolarWinds data breach: Minister S Iswaran (The Online Citizen Asia) The Online Citizen Asia No indication of Govt systems being adversely affected by SolarWinds data breach: Minister S Iswaran Tech
France Tries Three for Attack Plot After Cyber Infiltration (SecurityWeek) Two French citizens and a Moroccan went on trial in Paris on Monday charged with planning attacks after their cyber network was successfully infiltrated by a French intelligence agent posing as a jihadist.
U.K. Arrest in ‘SMS Bandits’ Phishing Service (KrebsOnSecurity) Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. The service, marketed in the underground under the name "SMS Bandits," has been responsible for blasting out huge volumes of phishing lures spoofing everything from COVID-19 pandemic relief efforts to…
CareFirst Policyholders Win Revival Of Data Breach Claims (Law360) A District of Columbia federal judge has revived part of a proposed class action by health insurer CareFirst policyholders over a 2014 data breach, ruling that recent case law lets Virginia and Maryland consumers pursue contract claims but that claims governed by D.C. law can't go forward.
FTC Requires App Developer to Obtain Users’ Express Consent for Use of Facial Recognition (cyber/data/privacy insights) The Federal Trade Commission announced on January 11 that Everalbum, the developer of the photo storage application called Ever, settled allegations that it deceived users about its use of facial recognition technology and retained photos and videos from users who had deactivated their accounts in v
FTC Stands Behind Zoom Data Security Deal Despite Backlash (Law360) The Federal Trade Commission has finalized a nonmonetary data security settlement against Zoom Video Communications Inc. despite staunch resistance from the agency's two Democratic commissioners, who slammed their colleagues for ignoring a dozen objectors and for declining to make changes to the deal to address user privacy and surveillance concerns.