Attacks, Threats, and Vulnerabilities
Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors (Proofpoint) RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to retrieve malicious content from a remote URL using an RTF file.
APT groups from China, Russia, and India adopt novel attack technique (The Record by Recorded Future) State-sponsored hacking groups, also known as advanced persistent threats (ATPs), have adopted this year a new attack technique called "RTF Template Injection," which has brought a new twist and made their attacks harder to detect and stop.
North Korean Hackers Use New 'Chinotto' Malware to Target Windows, Android Devices (SecurityWeek) Kaspersky has analyzed a new espionage campaign conducted by the threat actor named ScarCruft, and the security firm’s researchers have uncovered a previously unknown malware that has been used to target Windows and Android devices.
The Taliban Takeover Ripples Across Cyberspace as Regional Powers Vie for Influence | Stratfor (Stratfor) A surge in cyberespionage, influence and information operations and the exploitation of databases and hardware left after the U.S. withdrawal all can be expected.
Hackers targeting and stealing billions from Iranian citizens in texting scheme (TheHill) Financially motivated hackers likely based in Iran are successfully targeting and stealing billions in currency from Iranian civilians through a texting campaign, new research released Wednesday found.
ProxyShell exploitation leads to BlackByte ransomware (Red Canary) The BlackByte ransomware operators leverage ProxyShell Microsoft Exchange vulnerabilities for initial access along with Cobalt Strike for lateral movement. Here’s what to look out for.
The Re-Emergence of Emotet (Deep Instinct) Emotet, the malware botnet, has resurfaced after almost 10 months. The operation was originally taken down by multiple international law enforcement agencies this past January. These agencies took control of the infrastructure and scheduled an un-installation of the malware on April 25.
Microsoft Defender scares admins with Emotet false positives (BleepingComputer) Microsoft Defender for Endpoint is currently blocking Office documents from being opened and some executables from launching due to a false positive tagging the files as potentially bundling an Emotet malware payload.
Blox Tales: MIT Help Desk Spoofing to Phish for Microsoft Credentials (Armorblox) This blog focuses on a credential phishing attack that spoofs a message from the MIT help desk team and tries to steal Microsoft login details.
Surge of info-stealing Android malware FluBot detected again (Register) And a bunch of bank-account-raiding trojans also identified
CronRAT malware hides behind February 31st (Sansec) In the run-up to Black Friday, Sansec discovered a sophisticated threat that is packed with never-seen stealth techniques. This malware, dubbed “CronRAT”, hides in the Linux calendar system on February 31st. It is not recognized by other security vendors and is likely to stay undetected on critical infrastructure for the coming months. CronRAT enables server-side Magecart data theft which bypasses browser-based security solutions.
Investigating the Emerging Access-as-a-Service Market (Trend Micro) We examine an emerging business model that involves access brokers selling direct access to organizations and stolen credentials to other malicious actors.
Why Is Loyalty Fraud on the Rise? (The Wise Marketer - Featured News on Customer Loyalty and Reward Programs) Within the loyalty and marketing industry, there is a growing concern regarding customer loyalty fraud and program gaming. Loyalty programs have become an attractive target of digital fraudsters. Loyalty Program Fraud is, of course, not a new issue. It’s been around since the inception of loyalty programs and is unfortunately somewhat inevitable. There will always be people who try to ‘hack’ or ‘game’ a program when benefits […]
Understanding the Adversary: How Ransomware Attacks Happen (Security Intelligence) Learn the five stages of ransomware attacks — and how to defend against them — based on analysis of hundreds of ransomware incidents from IBM Security X-Force.
AT&T takes action against DDoS botnet that hijacked VoIP servers (The Record by Recorded Future) AT&T said it's investigating and has "taken steps to mitigate" a botnet that infected more than 5,700 VoIP servers located inside its network, a spokesperson has told The Record earlier today.
GoDaddy WordPress data breach: A timeline (CSO Online) Domain registrar GoDaddy recently announced a data breach impacting 1.2 million customers via its Managed WordPress hosting environment. Here's how the breach is unfolding.
2.1 Million People Affected by Breach at DNA Testing Company (SecurityWeek) DNA testing company DNA Diagnostics Center has disclosed a data breach affecting 2.1 million people.
Officials: Data Breach At Huntington Hospital Impacts Personal Information Of 13,000 Patients (CBS Local New York) A night shift employee had allegedly improperly accessed electronic medical patient records between October 2018 and February 2019.
Boulder Neurosurgical & Spine Associates hit with data breach (BizWest) Medical practice Boulder Neurosurgical & Spine Associates experienced a data breach in September in which customers’ personal information may have been compromised. “On September 21, 2021, BNA detected a compromise to one of its business email accounts. BNA quickly engaged cyber security experts and a leading incident response team to secure the subject email account, assess the extent of the unauthorized activity, and remediate any damage caused by the incident,” the company said in a news release. “A third-party IT forensic firm also launched an investigation to determine what, if any, information could have been compromised in the incident.”
This Year’s Largest Healthcare Data Breaches (HealthITSecurity) More than 550 organizations reported healthcare data breaches to HHS in 2021, impacting over 40 million individuals.
Family services agency suffered data breach (Sonoma Index-Tribune) A data breach of an agency that contracts with the County of Sonoma to provide family services to residents could have affected up to 1,364 local clients, according to the County of Sonoma.
Ottawa french public school board paid hackers ransom after data breach - Ottawa (Global News) The CEPEO said Tuesday that the personal and financial information of employees dating back to 2000 may have been compromised in a cyberattack.
DMEA confirms cyber attack on internal network (Montrose Daily Press) Delta-Montrose Electric Association was the victim of a “sophisticated and malicious” cyber security attack, CEO Alyssa Clemsen Roberts confirmed to the board of directors Tuesday, shortly before the board went
Drone firm apologises after customers copied into foul-mouthed e-mails (Mail Online) Employees at drone technology firm Coptrz, based in Leeds, were discussing the best strategy for its products over Black Friday when they shared emails with customers.
Security Patches, Mitigations, and Software Updates
Xylem Aanderaa GeoView (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Xylem, Inc.
Equipment: Aanderaa GeoView
Vulnerability: SQL Injection
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to manipulate the database server.
Mitsubishi Electric MELSEC and MELIPC Series (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC and MELIPC Series
Vulnerabilities: Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, Improper Input Validation
2.
Delta Electronics CNCSoft (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: CNCSoft
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow for arbitrary code execution.
Johnson Controls CEM Systems AC2000 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: Controlled Electronic Management Systems, Ltd., a subsidiary of Johnson Controls, Inc.
Equipment: CEM Systems AC2000
Vulnerability: Off-by-one Error
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a local attacker to obtain “super user” access on the underlying Linux operating system.
Hitachi Energy Retail Operations and CSB Software (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.2
ATTENTION: High attack complexity
Vendor: Hitachi Energy
Equipment: Retail Operations and Counterparty Settlement and Billing (CSB) Product
Vulnerability: Improper Access Control
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow unauthorized access to data and modification of data inside the affected product.
InHand Networks IR615 Router (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: InHand Networks
Equipment: IR615 Router
Vulnerabilities: Improper Restriction of Rendered UI Layers or Frames, Improper Authorization, Cross-site Request Forgery, Inadequate Encryption Strength, Improper Restriction of Excessive Authentication Attempts, Unrestricted Upload of File with Dangerous Type, Cross-site Scripting, OS Command Injection, Observable Response Discrepancy, Weak Password Requirements
Multiple RTOS (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendors: Multiple
Equipment: Multiple
Vulnerabilities: Integer Overflow or Wraparound
CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.
Micropatching Unpatched Local Privilege Escalation in Mobile Device Management Service (CVE-2021-24084 / 0day) (0patch) In June 2021, security researcher Abdelhamid Naceri published a blog post about an "unpatched information...
Trends
You’re not paranoid to cover your webcam. But the cameras you can’t cover are scarier. (Washington Post) Plastic sliders won’t solve the privacy problems of the future.
Marketplace
New guide helps B2B marketers take advantage of rapidly emerging opportunities in podcast advertising (PR Newswire) The CyberWire announced today the release of its B2B Marketer's Guide to Podcast Advertising: how to create tangible demand with a direct...
New firm Quantinuum created by Cambridge Quantum and Honeywell to tackle scientific and cyber security challenges (Computing) Commercial competition in quantum computing is hotting up
SpeQtral raises $8.3M to develop quantum-secure communication systems (Help Net Security) SpeQtral announced that it has closed a US$8.3M financing led by Xora Innovation, an early-stage deep science investment platform of Temasek.
Hardware Security Firm Axiado Banks $25M Investment (SecurityWeek) Axiado raises $25 million to build a new class of security processors that provide platform root-of-trust for large enterprise customers.
Cycode raises $56M to scan apps for security vulnerabilities (VentureBeat) Cycode, a company developing an app-scanning security platform, has raised $56 million in venture capital backing.
Coinbase to Acquire Cryptography Firm Unbound Security (SecurityWeek) Cryptocurrency trading powerhouse Coinbase has announced plans to acquire Unbound Security, an Israeli startup providing protection for cryptographic keys and credentials.
Coinbase to buy Israeli company, launch local R&D center (Times of Israel) Leading cryptocurrency exchange firm acquiring Petah Tikva-based Unbound Security, a developer of cryptographic security solutions
Blue Lava Raises $25M in Series A Funding (PRWeb) Blue Lava, creator of the first security program management platform built by and for chief information security officers (CISOs), today announced tha
Privacy Startup Soveren Raises $6.5 Million Seed Round (SecurityWeek) Soveren lands funding to build technology for businesses to detect and resolve privacy incidents and stay compliant with GDPR and other regulations.
ReliaQuest Valued At More Than One Billion Dollars Following Growth Round Led by KKR (Businesswire) ReliaQuest, the leader in Open XDR-as-a-Service, today announced a new funding round led by existing investor KKR. Ten Eleven Ventures, FTV Capital an
Global Technology and Engineering Leader Rebrands as SMX (GlobeNewswire News Room) Smartronix, a leading next-generation cloud, C5ISR, and advanced engineering / IT solutions company,...
AustCyber relaunches Explorer to track state of cyber security job market (iTWire) Australia’s Cyber Security Growth Network AustCyber has relaunched AUCyberExplorer, an interactive tool that tracks the state of the Australian cyber security job market by providing detailed, actionable data about job supply and demand. AUCyberExplorer helps to bridge the gap between people looking...
Booz Allen Opens New 5G Lab in Central Maryland (Booz Allen) Booz Allen Hamilton announced the opening of a new 5G lab in Annapolis Junction, Maryland in support of mission-critical client work further enabled by 5G integration and deployment.
NGA Releases RFP For Cybersecurity Help (Defense Daily) The National Geospatial Intelligence Agency (NGA) on Monday issued the final request for proposals (RFP) for its Defender program, which will procure
RSA Conference Announces Initial 2022 Keynote Speakers (Yahoo Finance) RSA Conference, the world's leading information security conferences and expositions, today announced its initial line-up of keynote speakers for its upcoming Conference, taking place at the Moscone Center in San Francisco Feb. 7-10, 2022. Speakers include highly decorated Paralympian swimmer Jessica Long, Executive Chairman, Team Rubicon and Chief Executive, Groundswell Jake Wood, Office of the National Cyber Director for the Executive Office of the President of the United States John Inglis, a
Druva Named a Leader in SaaS Application Data Protection by Prominent Independent Research Firm (Businesswire) Druva Inc. today announced it has been named a Leader in The Forrester New Wave™: SaaS Application Data Protection, Q4 2021. Druva believes its inclus
US Department Of Labor Awards Coalfire 2021 HIRE Vets Medallion (PR Newswire) US Secretary of Labor Martin J. Walsh today awarded Coalfire the 2021 HIRE Vets Gold Medallion for its commitment to recruit, hire, and retain...
AvePoint Named a Leader in SaaS Application Data Protection Report (GlobeNewswire News Room) AvePoint Cloud Backup received highest current offering rating; only vendor to receive differentiated rating, the highest possible score, in all three...
Menlo Security names Chris Georgellis as ANZ boss (CRN Australia) Chris Georgellis joins from security vendor Tufin.
Rapid7 appoints new CFO from local cybersecurity firm (Boston Business Journal) Tim Adams, 62, joins Rapid7 from BitSight Technologies, a Boston-based cybersecurity ratings company that earlier this year received a $250 million cash investment from Moody's Corp. (NYSE: MCO)
Axis Security Scaling for Historic Growth - Bolsters Leadership Team with Three Industry Veterans (PR Newswire) Axis Security announced today that it has bolstered its management team with the addition of three experienced industry veterans - helping the...
Immersive Labs appoints category creation specialist Jennifer Johnson to Board of Directors (Immersive Labs) Four-time CMO and cybersecurity category designer appointed to advise on market creation and go-to-market execution
Products, Services, and Solutions
Hunton Andrews Kurth Launches National Security Practice (Hunton Andrews Kurth LLP) Hunton Andrews Kurth LLP helps businesses around the world navigate complex legal challenges in the energy, financial services, real estate investment and finance, retail and consumer products, and technology sectors and beyond. The firm has offices in the United States, Europe, Asia and the Middle East.
NTT DATA Begins Providing Zero Trust Security Service Globally (NTT DATA) NTT DATA is a Trusted Global Innovator delivering technology-enabled services and solutions to clients around the world.
Sumo Logic Unifies Intelligence Framework to Accelerate Discovery and Response to Security Threats (Sumo Logic) Adds Support for AWS Security Reference Architecture, Amazon Inspector, Unveils Advanced Visualization for Cloud Security Monitoring and Analytics for Rapid, Actionable Insights
Salt Security Enables Xolv Technology Solutions to Secure its API-Driven Healthcare Transformation Solutions (PR Newswire) Salt Security, the leading API security company, today announced that Xolv Technology Solutions, a provider of end-to-end solutions that reduce...
ThreatModeler Launches IaC-Assist and CloudModeler to Reduce Threat Drift from Code to Cloud (News Direct) ThreatModeler Launches IaC-Assist and CloudModeler to Reduce Threat Drift from Code to Cloud
Zerto Announces Zerto In-Cloud for AWS to Deliver Disaster Recovery at Scale (Businesswire) Zerto, a Hewlett Packard Enterprise company, has announced the availability of Zerto In-Cloud for Amazon Web Services, Inc.
Configit and PwC Germany Partner to Enhance Digital Transformation for Global Manufacturers (PR Newswire) Configit, the global leader in Configuration Lifecycle Management (CLM), today announced a partnership with the auditing and consulting company...
XM Cyber Teams with AWS to Bring Attack Path Management Capabilities to customers using the new, enhanced Amazon Inspector (PR Newswire) XM Cyber, a leading hybrid cloud security company, today announced integration with the latest version of Amazon Inspector, an automated and...
CrowdStrike Announces New AWS Product Integrations (CrowdStrike) CrowdStrike announced new AWS product integrations and certifications that deliver breach protection and streaming observability.
Kaspersky signe un partenariat avec Quarkslab, pour aider les entreprises à mieux lutter contre les malwares (Tunisie Tribune) Après quelques mois d’échanges, c’est pendant le FIC 2021 que Kaspersky et Quarkslab ont signé un partenariat technologique
Datenschutzkonformes Log-Management: ProSoft verhilft zur Auditsicherheit in vier Schritten (Funkschau) Ob KRITIS-Unternehmen, Krankenhäuser oder Behörden: Wer sich gesetzlich an Regularien wie die ISO27001, Tisax, DSGVO, KRITIS, HIPAA, BAIT, PCI-DSS usw. halten muss, für den ist Log-Management eine wichtige Komponente. Mit „ProLog“ bietet VAD ProSoft jetzt eine Lösung über zertifizierte Reseller an.
McAfee and FireEye integrate with Amazon Inspector to protect data in the cloud (Help Net Security) McAfee Enterprise and FireEye released new cloud security capabilities on AWS as well as integration with Amazon Inspector.
Kudelski Security Enriches Managed Detection & Response (MDR) Services with Integration of Microsoft Defender for Endpoint (Yahoo Sports) Kudelski Security, the cybersecurity division within the Kudelski Group (SIX:KUD.S), announced today the integration of Microsoft Defender for Endpoint with the company's leading Managed Detection and Response
Intel 471 and Kognos Join Forces to Maximize Threat Intelligence for… (Intel471.com) Partnership Provides Threat Hunting Teams Fully Contextualized Cyber Underground Intelligence, Helping to Proactively Thwart Attackers Within Minutes
Acuant Achieves Milestone in FedRAMP Authorization for Cloud-Delivered Identity Verification Solution to Government Agencies (GlobeNewswire News Room) The Approved Solution Provides Document Authentication, ePassport Authentication and Facial Recognition Matching with Presentation Attack Detection...
Leaseweb Global Opens Leaseweb Japan, Accelerating Growth in the APAC Region (Leaseweb) Pieter Kraan, Managing Director of Leaseweb Hong Kong and Japan will lead the Business in Japan
Illumio Global Technology Alliance Partner Program Reduces Risk for Modern Enterprises (Illumio) Deep Investment in Technology Integrations Accelerates Customers’ Ability to Protect Critical Data and Embed Zero Trust Strategies Throughout Application Environments
Cynerio’s Healthcare IoT Cybersecurity Solution Now Available in AWS M (PRWeb) Cynerio, a leading provider of healthcare IoT cybersecurity and asset management, today announced that its solutions for connected medical device, enterprise Io
Bugcrowd Crowdsourced Security Solutions Now Available on AWS Marketplace (PR Newswire) Bugcrowd, the industry-leading crowdsourced cybersecurity company, today announced the availability of Bugcrowd's cybersecurity solutions on...
Microsec.ai Partners with Broadcom's Symantec Data Loss Prevention Solution to Deliver Runtime Data Protection for Multi-cloud IaaS Environments (PR Newswire) Microsec.ai today announced that their agentless Cloud Native Application Protection Platform (CNAPP) has been integrated into Broadcom's...
Criterion Systems, Inc. to Provide Cybersecurity and IT Services to DOE NNSA Pantex Plant and Y-12 National Security Complex (Criterion Systems) Criterion Systems, Inc. (Criterion) announced today that it will be providing cybersecurity and IT services to the Department of Energy (DOE) National Nuclear Security Administration (NNSA) Pantex Plant and Y-12 National Security Complex, two of the six production facilities in the NNSA Nuclear Security Enterprise, as a subcontractor to Nuclear Production One, LLC (NPOne), a Fluor-led joint venture with Amentum. The program will be managed through Criterion’s Nuclear Security Division, which has been supporting the NNSA mission for more than a decade.
New Eaton, Tenable partnership delivers 24x7 solution to address OT/IT cybersecurity for critical infrastructure (Eaton) Surge in cyber incidents underscores the need to mitigate threats
Las Vegas Implements AT&T Services for UEM (AT&T) Unified Endpoint Management (UEM) is essential for supporting first responders and field service workers who rely on mobile communications to serve citizens.
Infosec products of the month: November 2021 (Help Net Security) The featured infosec products this month are from: 1Password, ColorTokens, Cynamics, Fortanix, Hiya, Huntsman Security, Imperva, and more.
Technologies, Techniques, and Standards
CISA Seeks Protective Email Service that Tracks Agencies’ Security Compliance (Nextgov.com) The agency is ramping up efforts to exercise its new authorities to hunt for threats across the .gov enterprise.
Risk Management Association Launches RMA Risk Maturity Framework, Powered by SRA Watchtower (GlobeNewswire News Room) New Framework Measures Effectiveness of Bank Risk Management Programs Against Industry and Regulatory Standards...
Security for IoT Networks Needs to Reflect an OT Mindset (Nozomi Networks) For admins who keep systems running securely and safely, it’s important to understand how IoT impacts visibility and security for OT operations.
How to Get Your Staff Onboard with Information Security (Infosecurity Magazine) Four ways employers can cultivate a security culture in their organization
Securing IoT: Best Practices for Retailers (CSO Online) Internet of Things technology offers opportunities for new retail revenue streams, but it also comes with cybersecurity challenges that must be addressed.
Trend Micro Incorporated : What You Can Do to Mitigate Cloud Misconfigurations | MarketScreener (Nasdaq) Our data also showed a high frequency of Amazon Simple Storage Service rule violations. Still, it is necessary to examine the data further before fearing for the worst. For one, not... | November 30, 2021
How Decryption of Network Traffic Can Improve Security (Threatpost) Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.
Design and Innovation
Twitter bans sharing 'private' images and videos without consent (Engadget) The policy doesn't apply to public figures for the most part, but there are exceptions..
Legislation, Policy, and Regulation
Why It's Time to Talk About Nation-State Attacks...Again (Infosecurity Magazine) Why threat intelligence must consider the wider geopolitical landscape more
Putin warns West: Moscow has 'red line' about Ukraine, NATO (AP NEWS) MOSCOW (AP) — Russian President Vladimir Putin on Tuesday sternly warned NATO against deploying its troops and weapons to Ukraine, saying it represents a red line for Russia and would trigger a strong response.
Russia, Belarus to hold drills near Ukraine border after NATO warns Kremlin about invasion (Newsweek) "We are very concerned about the movements we've seen along Ukraine's border," U.S. Secretary of State Antony Blinken said.
Cyberattacks on Russian resources have grown several times since 2020 — Putin (TASS) Moscow understands the importance of joint work on cyber security, the Russian President noted
China’s New National Privacy Law: The PIPL (cyber/data/privacy insights) As the world continues to work from home in the wake of COVID-19 and companies lean on online technologies to conduct their businesses and service their customers, China (home to the most online users in the world), is one of the latest countries to pass a new omnibus privacy law. Effective November
China seeks better cross-border control of big data with new plan (The Hindu) The scale of China's big data industry will exceed $470.79 billion by the end of 2025, MIIT estimated.
MI6 chief seeks help from tech firms to counter hostile state threats (Computing) Unlike James Bond's Q, the spy agency cannot develop all the technologies it needs in-house
MI6 boss warns of China 'debt traps and data traps' (BBC News) Richard Moore also denies the fall of Kabul was an intelligence failure in a BBC Radio 4 interview.
UK’s new data protection strategy risks costing business more than it gains (ComputerWeekly.com) The apparent business benefits of pursuing data adequacy agreements around the world may not be as enticing as they at first appear.
Senate Progress on NDAA Stumbles; Leaders Pledge to Work Out Differences (MeriTalk) After returning from the Thanksgiving break yesterday, the Senate’s progress on consideration of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA) stalled last night with Senate Republicans refusing to vote for cloture due to disagreements on the amendment process for the defense spending act.
On Ransomware, Cyber Command Should Take a Backseat (Just Security) U.S. policymakers should resist temptation to over-militarize response to cyber threats
Report data breaches within 36 hours? Banks are OK with that. (American Banker) Bankers were given a chance to weigh in on a new breach notification proposal, and federal regulators apparently took their comments to heart before issuing the final rule.
Why the new DHS cyber talent management system was nearly 7 years in the making (Federal News Network) Homeland Security officials say said they see their cybersecurity talent management system as a potential prototype for other agencies.
State cybersecurity coordinator helps even little folks ward off online bad guys (Monadnock Ledger-Transcript) Let’s say you live in Canterbury and get an email from “townhall@canterburynh.org” warning that your car registration is about to be revoked for nonpayment, and letting you know the town’s convenient online payment system is available. Just click...
Litigation, Investigation, and Law Enforcement
Court Throws Out Messages Obtained by FBI Honeypot Phone Company Anom (Vice) A court in Finland ruled that the messages could not be used as evidence against two particular suspects. But the ruling could have a knock-on effect with other cases.
Students4Change Chair Breached GDPR, Says Comms Officer (University Times) Class representative László Molnarfi used students' email addresses on the union's Slack to send emails about his own independent campaign group.
Member of group connected to multi-million-dollar cryptocurrency theft sentenced (The Record by Recorded Future) Garrett Endicott, a 22-year-old from Missouri, was sentenced to ten months in prison and ordered to pay $121,549.37 in restitution.
Final defendant in multimillion-dollar SIM hijacking scheme sentenced to prison (CyberScoop) The sixth and final defendant in a gang accused of perpetrating a multimillion-dollar SIM hijacking case was sentenced to 10 months in prison and ordered to pay more than $121,000 in restitution, the Department of Justice announced Tuesday. Garrett Endicott, 22, from Missouri, was connected to a hacking group known as “The Community,” which engaged in a string of SIM hijacking incidents targeting individual users’ cryptocurrency exchange accounts in seven states, according to DOJ.
Member of group connected to multi-million-dollar cryptocurrency theft sentenced (The Record by Recorded Future) Garrett Endicott, a 22-year-old from Missouri, was sentenced to ten months in prison and ordered to pay $121,549.37 in restitution.
Australia Stops Criminals from Stealing Over $17M from Pension Funds (OCCRP) Australian authorities say they prevented cyber criminals from stealing over US$17 million from the country’s pension funds and launched a series of actions to stop further offshore money transfers, the Australian Federal Police (AFP) reported on Monday.
Beyond Lloyd v Google: Are class actions for data breach dead? (JD Supra) The decision of the UK Supreme Court in Lloyd v Google is a welcome relief for data controllers. However, is it the end of class actions for data...
Rise in Fake ID Seizures Reveals Growing Dangers to the Public (PR Newswire) Seizures of fake IDs in U.S. airports and ports have officials concerned about rising cases of identity theft, human and sex trafficking, and...
WSJ News Exclusive | Racy Affair Saga Between Jeff Bezos and Enquirer Reaches Final Chapter (Wall Street Journal) Investigations by federal officials on phone-hack and extortion claims haven’t led to public action.
When It Comes to Money-Laundering, the U.S. Is Part of the Problem (World Politics Review) Perhaps the most damning aspect of the Pandora Papers leak has been the inclusion of five U.S. states on the list of favored offshore jurisdictions. No matter how much work the U.S. devotes to fighting corruption abroad, it will not abate without addressing the fact that the U.S. is a money-laundering mecca.