Attacks, Threats, and Vulnerabilities
Suspected Russian Activity Targeting Government and Business Entities Around the Globe (Mandiant) As the one-year anniversary of the discovery of the SolarWinds supply chain compromise passes, Mandiant remains committed to tracking one of the toughest actors we have encountered. These suspected Russian actors practice top-notch operational security and advanced tradecraft. However, they are fallible, and we continue to uncover their activity and learn from their mistakes. Ultimately, they remain an adaptable and evolving threat that must be closely studied by defenders seeking to stay one step ahead.
Facebook, Twitter Take Down More State-Linked Accounts (SecurityWeek) Facebook and Twitter this week announced they suspended thousands of accounts that were involved in disinformation campaigns aligned with the interests of several governments.
EXCLUSIVE U.S. State Department phones hacked with Israeli company spyware (Reuters) Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.
EXCLUSIVE U.S. State Department phones hacked with Israeli company spyware (Reuters) Apple Inc iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.
Israeli spyware was used against US diplomats in Uganda (Vox) A hack targeting US officials is just the latest problem for NSO Group, the Israeli company behind Pegasus spyware.
iPhones of US diplomats hacked using “0-click” exploits from embattled NSO (Ars Technica) NSO's stealthy Pegasus malware gives full remote access to infected devices.
Pegasus spyware used to hack U.S. diplomats working abroad (Washngton Post) Confirmation of the attacks comes one month after the U.S. blacklisted NSO Group
NSO spyware used to hack US State Department phones (Computing) The officials targeted were either based in Uganda or worked on matters related to the country
Israeli Company’s Spyware Is Used to Target U.S. Embassy Employees in Africa (New York Times) The hack is the first known case of the spyware, known as Pegasus, being used against American officials.
NSO Group claims its hacking software cannot work on US code phones. (The Plunge Daily) About nine US State Department employees had their iPhones hacked by an unknown assailant via the Israel-based NSO Group’s spyware. Sources believe the hacks took place in the last several months with the target being US officials based in Uganda. This has come to be regarded as the widest known hacks of US officials through […]
Pegasus Maker Probes Reports its Spyware Targeted US Diplomats (SecurityWeek) American diplomats were reportedly targeted by NSO Pegasus spyware, representing the widest known hacks of US officials using NSO technology
As Twitter removes blue badges for many, phishing targets verified accounts (BleepingComputer) A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter's recent removal of the checkmark from a number of verified accounts, citing that these were ineligible for the legendary status, and verified in error.
Criminals now phishing verified Twitter accounts (Computing) It follows Twitter's recent removal of checkmarks from many verified accounts
Twitter says it suspended accounts in error following flood of ‘coordinated and malicious’ reports (Washington Post) Far-right activists had urged their followers to use a new company rule to target anti-extremism researchers and journalists
USB Devices the Common Denominator in All Attacks on Air-Gapped Systems (Dark Reading) A new study of 17 malware frameworks shows threat actors always use USB drives to sneak malware into air-gapped environments and then steal data from there.
17 Malware Frameworks Target Air-Gapped Systems for Espionage (Security Week) An analysis of 17 espionage frameworks designed to target air-gapped networks shows that all of them leverage USB drives and all target Windows exclusively
Germany warns of ransomware attacks over Christmas, citing Emotet return, unpatched Exchange servers (The Record by Recorded Future) The German cybersecurity authority has told German organizations to expect ransomware and other cyber-attacks over the Christmas and end-of-year holidays, citing the return of the Emotet botnet and the large number of Microsoft Exchange email servers that have been left unpatched.
Threat Group Takes Aim Again at Cloud Platform Provider Zoho (Threatpost) Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio.
Zoho warns of new zero-day vulnerability exploited in attacks (The Record by Recorded Future) Zoho urged customers on Friday to update their ManageEngine servers and apply a software fix that patches a zero-day vulnerability that is currently being exploited in the wild.
Crypto exchange Bitmart loses estimated $196m in massive DeFi hack (CityAM) Trading platform Bitmart has become the latest trading platform to fall victim of a large scale DeFi hack losing an estimated $196 of funds.
Bitmart suspends withdrawal services as it counts losses of $200M in cyber-attack (Cryptopolitan) Cyber goons attack Bitmart, making away with a stash of more than 20 Altcoins, including BNB, BPAY, and FLOKI. Bitmart suspends crypto withdrawals as it counts losses of about $200M to investigate how the tokens’ disappeared.’
BitMart CEO Says Stolen Private Key Behind $196M Hack (CoinDesk) The exchange’s CEO said they will compensate affected users with their own funds.
BitMart loses $150 million in the second-largest crypto-heist of the year (The Record by Recorded Future) Cryptocurrency exchange BitMart said on Saturday that it was hacked for $150 million in what was the third hack of a cryptocurrency exchange of last week and the second-largest crypto-heist of the year.
BitMart Confirms $196M Lost in Security Breach (PYMNTS) BitMart has suffered a hack that lost it $196 million in a number of cryptocurrencies.
Crypto exchange BitMart confirms hack resulting in loss of $150 million in crypto (The Block) Crypto exchange BitMart has reportedly been hacked for $100 million, according to security researchers PeckShield.
A Software Bug Let Hackers Drain $31M From a Crypto Service (Wired) An attacker exploited a vulnerability in MonoX Finance's smart contract to inflate the price of its digital token and then cash out.
Polish T-Mobile unit faces cyber attack, systems not compromised (Reuters) The Polish unit of T-Mobile said on Friday it had faced a cyber attack but said its network was not blocked and its critical systems had not been compromised.
Gravatar profile add-on leaks data on millions of users (iTnews) Details of just under 114 million users in hackers' hands.
Researchers Find 226 Vulnerabilities in Nine Wi-Fi Routers (SecurityWeek) Researchers flag hundreds of security flaws in routers from Asus, AVM, D-Link, Edimax, Linksys, Netgear, Synology and TP Link.
Swiss tech company boss accused of selling mobile network access for spying (The Bureau of Investigative Journalism (en-GB)) Mitto AG’s network used to track people via mobile phones, former employees say
The Popular Family Safety App Life360 Is Selling Precise Location Data on Its Tens of Millions of Users (The Markup) The app is a major source of raw location data for a multibillion-dollar industry that buys, packages, and sells people’s movements
Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension (Cisco Talos) A blog from the world class Intelligence Group, Talos, Cisco's Intelligence Group
Researcher Found Way to Brute Force Verizon Customer PINs Online (Vice) The technique could have been particularly valuable for SIM swappers, who take over phone users' accounts.
Deepfakes, Voice Impersonators Used in Vishing-as-a-Service (GovInfoSecurity) Advanced voice impersonation and deepfake technologies are giving rise to cybercrime groups that offer Vishing-as-a-Service, security researchers say. Vishing is
Cl0p Ransomware Gang Tries to Topple the House of Cards (Security Boulevard) When I wrote the introduction for our recent report Organizations at Risk: Ransomware Attackers Don’t Take Holidays, I described current factors and trends with the potential to disrupt the upcoming holiday season.
Phishing actors start exploiting the Omicron COVID-19 variant (BleepingComputer) Phishing actors have quickly started to exploit the emergence of the Omicron COVID-19 variant and now use it as a lure in their malicious email campaigns.
Omicron Phishing Scam Already Spotted in UK (Threatpost) Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data.
Convincing Microsoft phishing uses fake Office 365 spam alerts (BleepingComputer) A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials.
IKEA experiencing internal phishing attacks (TechGenix) IKEA is currently in a state of disarray thanks to an internal reply-chain email attack.
Cyberattack Causes Significant Disruption at Colorado Electric Utility (SecurityWeek) An electric utility in Colorado has disclosed an apparent ransomware attack that resulted in 90% of its internal IT functions getting disrupted and the loss of data from the last 20 years.
CISA Informs Organizations About Vulnerabilities in Hitachi Energy Products (SecurityWeek) CISA has released six advisories in the past week to inform organizations about vulnerabilities affecting several Hitachi Energy products.
Cyberattack freezes Maryland health department (Wasahington Post) A cyberattack took Maryland’s health department offline this weekend, as officials worked to assess the extent of the intrusion.
'Network security incident' takes Maryland Health Department website offline (WBAL) The Maryland Health Department website was taken offline due to a "network security incident."
Riverhead schools hit by ransomware attack, shutting down computer and tech infrastructure (RiverheadLOCAL) The Riverhead Central School District was hit by a ransomware attack this morning, shutting down the district’s computer and technology infrastructure for what officials said could be several days.
Riverhead School District targeted in cyber attack (Riverhead News Review) The Riverhead Central School District was the target of an apparent cyber attack Friday. District officials first alerted parents to “outages” with internet and email resources around 9 a.m. and asked them to use the phone if they needed to contact the school district. In an update posted to social media shortly after 2 p.m.,...
Ransomware attack hits French-Public School Board (Cornwall Seaway News) An October 18 ransomware attack has left personal data exposed by the local French-Public school board. The Conseil des écoles publiques de l’Est de l’Ontario issued a press…
Expose reveals Scottish Salmon Company spied on leading fish farm critic (West Highland Free Press) An investigation by the Ferret revealed that Corin Smith (pictured) had been placed under surveillance at the request of the Scottish Salmon Company. One of Scotland's biggest fish farm companies hired a private investigator to
Long-term care staffing company denies allegations of data breach of 170,000 records (McKnight's Senior Living) Staffing company Gale Healthcare Solutions, which serves long-term care providers and other facility types, is denying claims that a database breach compromised more than 170,000 records containing personal and confidential information.
Security Patches, Mitigations, and Software Updates
Mozilla patches critical “BigSig” cryptographic bug: Here’s how to track it down and fix it (Naked Security) Renowned bug-hunter Tavis Ormandy of Google’s Project Zero team recently found a critical security flaw in Mozilla’s cryptographic code.
Trends
A new era of cyberwarfare is upon us – is the world ready for it? (The Independent) Many worry an irreversible cycle of escalation has begun, with nations trying to outdo each other in a cyber-arms race that will have no end, says Borzou Daragahi
Seller-Related Identity Fraud Is the Biggest Threat to E-Commerce Providers and Platforms this Holiday Season (Businesswire) Socure, the leading provider of digital identity verification and fraud solutions, today unveiled its Consumer Online Shopping Fraud Survey 2021: Holi
Signals Intelligence for Anyone (RAND) Signals intelligence (SIGINT) is intelligence gathered from communications, electronics, or foreign instrumentation. This has traditionally been considered a governmental function. But new technologies are changing that. Now private citizens can conduct SIGINT activities.
An Insider's Account of Disclosing Vulnerabilities (Dark Reading) Vendors drag their heels when it comes to identifying software vulnerabilities and are often loath to expedite the fixes.
Data leak of personal employee info least disclosed type of breach: Report (Hindu Businessline) According to a Kaspersky report, while organisations regularly face employee data leakage, 45% prefer not to disclose these incidents publicly
Buying Bad Bots Wholesale: The Genesis Market (Netacea) In this report, we pull the veil off this secret and highly illegal operation to reveal the methods, tools and data used to exploit victims globally...
The Bot Management Review: How Are Bots Skewing Marketing Analytics? | 2021 Report (Netacea) The Bot Management Review: How Are Bots Skewing Marketing Analytics? Download the whitepaper Bots usually concern security professionals, but marketers
Marketplace
Cybersecurity Market Review (1H 2021) (Momentum Cyber) We are pleased to provide you with Momentum’s Cybersecurity Market Review for Q3 2021. Strategic activity in Q3 included 257 transactions completed totaling $17.6B in deal value across M&A (75 transactions, $12.0B) and Financing (182 transactions, $5.6B).
The Funded: Panther Labs raises $120 million in Series B (Silicon Valley Business Journal) The San Francisco-based security and compliance company will use the funds to expand its service.
Tampa cybersecurity company ReliaQuest hits $1 billion ‘unicorn’ status (Tampa Bay Times) It’s a milestone not only for the company, but for Tampa Bay’s tech industry.
Targeting U.S. officials could mean death sentence for Israeli NSO (Haaretz) Reports saying U.S. State Department personnel in Uganda were victims of spy tech is perhaps the most devastating blow to NSO yet – and the company shouldn’t expect Jerusalem to come to its aid
Microsoft Issues Warning For 2 Billion Chrome Users (Forbes) Despite having over 2 billion users worldwide, Chrome has had a tough year and in July, Google confirmed it had seen more successful browser hacks by mid-2021 than in the whole of 2020. And now a flurry of new warnings have been issued from an unexpected source.
Palo Alto Networks named a Ten-Time Leader in Gartner Magic Quadrant for Networks Firewalls (Techwire) Gartner® named Palo Alto Networks a Leader for the tenth time in its 2021 Magic Quadrant™ for Network Firewalls. Words can’t express how proud we are to have achieved this recognition and how privileged we are to be joined on this journey by innovative customers.
Spy Museum Announces Significant $500,000 Gift from Verstandig Family Foundation (International Spy Museum) The International Spy Museum (SPY) today announced a generous gift of $500,000 from the Verstandig Family Foundation, a philanthropic organization established by entrepreneur, venture capitalist, and philanthropist Grant Verstandig
Qualys Appoints Bill Berutti to its Board of Directors (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today announced...
Products, Services, and Solutions
Twitter’s new privacy policy could clash with journalism (Columbia Journalism Review) <p>On Tuesday, Twitter said it is expanding its privacy policy to include what the company calls “private media.” Its current privacy policy prevents users of the service from sharing other people’s private information, such as phone numbers, addresses, and other personal details that might make someone identifiable against their will; under this policy, users who […]</p>
Facebook Expands Advanced Security Program to More Countries (SecurityWeek) Facebook on Thursday announced that it is on track to make its Facebook Protect security program available globally.
Silent Push Threat Intelligence Now Available in Splunk (PRWeb) Silent Push, a detection-focused threat intelligence solution focused on identifying and nullifying threats before they launch, announced today the Silent Pu
Sotero Achieves Prestigious GxP Validation (PR Newswire) Sotero, a leading data security company, is proud to announce that Sotero's cloud-native data security platform is validated to support GxP...
StrikeReady Honored with 2021 'ASTORS' Homeland Security Award for Best Threat Intelligence Solution (Businesswire) StrikeReady, a cloud-based security operations and management company, announced today that it was named a 2021 'ASTORS' Homeland Security Award for B
Technologies, Techniques, and Standards
Four common shortcomings in cyber threat response (Security Infowatch) How to make a crisis constructive by challenging staff to be proactive in creating a strategic response plan
Convergent Evolution: SP 800-213, the Federal Profile, and the IoT Cybersecurity Catalog (NIST) NIST has been engaged for several years in developing guidance for Internet of Things (IoT) cybersecurity.
Fixing Content-Security-Policies with Cloudflare Workers (Black Hills Information Security) Kent Ickler // Background Over four years ago now, I wrote a blog post on fixing missing Content-Security-Policy by updating configuration on webservers: https://www.blackhillsinfosec.com/fix-missing-content-security-policy-website/. Content-Security-Policies instruct a user’s web browser how it should behave on certain security considerations. Oh, how times have changed. Here at Black Hills Information Security (BHIS), we’ve actually migrated webservers, hosting […]
Humanity Is The Key In Winning The Cyber War (International Business Times) KnowBe4 founder Stu Sjouwerman believes better tech solutions have to put people first.
BALTIC GHOST: Supporting NATO in Cyberspace (National Security Archive) This week, as NATO concludes its annual flagship cyber exercise, Cyber Coalition 21, newly declassified documents detail American collaboration with NATO allies to dissuade and impede Russian advances, both in cyberspace and in European territory. The recently released materials feature after action reports (AARs) and planning documents concerning the BALTIC GHOST series of cyber exercises.
Dept. of Defense’s largest multinational cyber exercise yet focuses on collective defense (Sixteenth Air Force (Air Forces Cyber)) U.S. Cyber Command’s CYBER FLAG 21-1 exercise, the largest multinational cyber exercise to date, bolstered the defensive skills of more than 200 cyber operators from 23 countries at Joint Base
Cyberwarriors will soon have access to more training tools (C4ISRNet) The newest version of the Persistent Cyber Training Environment will roll out early next year.
Cybersecurity Pros Need a Seat at the Table (Infosecurity Magazine) It’s time to move from a business continuity mindset to a business agility mindset
Why responsibility for ransomware sits at the top (iTWire) GUEST OPINION by Walter Manyati, Director ANZ for Qualys: As the threat of ransomware attacks continues to escalate, the crippling of high-profile organisations frequently shines the spotlight on this crisis. Yet, it’s not hard to see why – ransomware is such a lucrative business model for cybercrim...
Avast Partners with Celebrity Chef Carla Hall to Demystify Online Cookies And Share a Recipe for Online Privacy (PR Newswire) Avast (LSE:AVST), a global leader in digital security and privacy, has partnered with celebrity chef, television personality, and author Carla...
Hempfield taking aim at cyber attacks (TribLIVE.com) As cyber attacks continue to burden businesses, schools and medical facilities nationwide, the Hempfield Area school board is taking proactive steps to protect district technology. Directors unanimously agreed to hire Digital Forensic Solutions to conduct an audit and vulnerability assessment of the district’s technology infrastructure at a cost not to
How Fashion Businesses Can Mitigate Cyber Risk (The Business of Fashion) In an increasingly digitised economy, cyber risks are rising fast. To protect their customers, business operations and creative assets, fashion companies need to strengthen their defences.
Design and Innovation
Meta’s Biggest Encrypted Messaging Mistake Was Its Promise (Wired) The company’s decision to delay the rollout makes sense—because its initial plan never did.
Despise passwords? Some good news and bad news (Computerworld) There’s nothing more frustrating than remembering and managing passwords. Efforts are underway to eliminate them . . . sort of.
Is web3 bullshit? (Max Read) And is that even the right question?
Research and Development
Clearview AI on track to win U.S. patent for facial recognition technology (POLITICO) The government is moving to award a lucrative patent for a “search engine for faces,” a technology that has members of Congress and privacy advocates up in arms.
Academia
Top 10 Cybersecurity Colleges in the U.S. in 2022 (Toolbox) There are 2.7 million cybersecurity job vacancies worldwide. These U.S. institutions can help students become cybersecurity experts.
KnowBe4 : Selects Recipient of Inaugural Military, Veteran and Spouse Cybersecurity Scholarship (MarketScreener) KnowBe4 Selects Recipient of Inaugural Military, Veteran and Spouse Cybersecurity Scholarship
Legislation, Policy, and Regulation
Biden, Putin set video call Tuesday as Ukraine tensions grow (Military Times) The last known call between the leaders was in July.
Russia planning massive military offensive against Ukraine involving 175,000 troops, U.S. intelligence warns (Washington Post) As tensions mount between Washington and Moscow over a potential Russian invasion of Ukraine, U.S. intelligence has found the Kremlin is planning a multi-front offensive as soon as early next year involving up to 175,000 troops, according to U.S. officials and an intelligence document obtained by The Washington Post.
US intelligence estimates Russian troop levels on Ukraine border could reach 175,000 (CNN) New US intelligence findings estimate Russia could begin a military offensive in Ukraine in a matter of months as it amasses up to 175,000 troops along the border, a startling escalation that President Joe Biden has warned could lead to severe consequences.
The Shoals of Ukraine (Foreign Affairs) Why has Ukraine been a stumbling block for U.S. foreign policy since the end of the Cold War?
US warns Russia as Kremlin talks about war threat in Ukraine (Military Times) “The probability of hostilities in Ukraine still remains high,” Kremlin spokesman Dmitry Peskov said in a conference call with reporters.
Biden warns Russia’s Vladimir Putin against Ukraine invasion (Military Times) There are signs that the White House and Kremlin are close to arranging a conversation next week between Biden and Putin
Russia tells U.S. to look in 'mirror" before accusing Kremlin of aggression to Ukraine (Newsweek) Russian foreign affair's spokeswoman Maria Zakharova referred to NATO campaigns in Iraq, Libya and Syria and Yugoslavia.
SecDef Austin 'very concerned' about Russian aggression toward Ukraine (Breaking Defense) “They’ve invaded before, and as we look at the numbers of forces that are in the border region, as we look at some of the things that are occurring in the information space, as we look at what’s going on in the cyber domain, it really raises our concern,” Austin said.
Top Army officer warns of 'terrible impact' from Russian posture near Ukraine (Breaking Defense) The Kremlin could be preparing a multi-front invasion of Ukraine early next year, US intelligence reportedly says.
Diplomacy—and Strategic Ambiguity—Can Avert a Crisis in Ukraine (Foreign Affairs) Talk with Putin, but keep him guessing.
U.S. should expect cyberattacks in any struggle for Taiwan (Defense News) Several U.S. defense leaders said they are worried that any confrontation with China over Taiwan would lead to a wave of significant cyberattacks against U.S. critical infrastructure that could disrupt day-to-day life.
We know who is attacking us and we know how to get even, says Israel's cyber defense chief (CNN) In a nondescript office park in the desert town of Be'er Sheva, a "war room" filled with screens showing various maps, rolling information, and graphics inform around a dozen or so staffers, manning computers at the central heart of Israel's civilian cyber defense system.
WSJ News Exclusive | U.S. to Urge Democracies to Sanction Corrupt Foreign Officials, Human-Rights Abusers (Wall Street Journal) The sanctions will be imposed in the lead-up to the Biden administration’s virtual Summit for Democracy scheduled for Thursday and Friday, administration officials said.
U.S. Military Has Acted Against Ransomware Groups, General Acknowledges (New York Times) Gen. Paul M. Nakasone, the head of Cyber Command, said a new cross-functional effort has been gathering intelligence to combat criminal groups targeting U.S. infrastructure.
Telcos to get expanded scam-blocking powers through telecommunications law amendment (ZDNet) Telstra is developing a new cyber safety capability designed to automatically detect and block scam SMS messages in light of new regulatory changes for the telecommunications sector.
Is the UK government’s new IoT cybersecurity bill fit for purpose? (TechCrunch) Security experts find flaws in the U.K. government's bill to secure IoT devices.
China’s Initial Draft Regulations on the Management of Online Data Security: Important Takeaways (Alston & Bird) On November 14, 2021, the Cyberspace Administration of China (CAC) released draft Regulations on the Management of Online Data Security (the “Regulations”) for China’s data privacy and security laws, including the Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL).
Huawei sanctions snarled chip supply chains (Axios) The U.S.'s success at hobbling the Chinese firm's phone business left winners and losers.
Pegasus: 'No Plan to Ban NSO Group; Don't Know If the US Blacklisted It,' Says Centre (The Wire) The question on NSO Group was raised by Samajwadi Party MPs Vishambhar Prasad Nishad and Sukhram Singh Yadav in the Rajya Sabha on December 3.
White House Readies Plan to Boost Cybersecurity of Water Supply (Wall Street Journal) The Biden administration is readying a proposal to shore up the cybersecurity of the U.S. water supply, a system maintained by thousands of organizations with sometimes glaring vulnerabilities to hackers.
US Issues Cybersecurity Directive for Airlines and Railroads (Infosecurity Magazine) Train and plane operators ordered to report cyber-breaches to federal government
TSA Requires Rail and Airports to Strengthen Cybersecurity (SecurityWeek) The Transportation Security Administration is issuing new directives and recommendations aimed at strengthening the cybersecurity defenses of U.S. rail and airport operators.
TSA Issues Security Rules For Rail Operators (Decipher) Several new Security Directives, released by the TSA, aim to improve the security postures of rail and aviation entities.
U.S. faces urgent anti-hacker crisis (Axios) Recent hacker attacks are propelling new and more diverse cybersecurity recruitment.
The scramble to fix Biden’s plan for the future of the internet (Protocol) The White House is planning to unveil its Alliance for the Future of the Internet this week following a month of pushback and a mad dash to reshape the ambitious proposal.
Cybersecurity for Idiots (Lawfare) One of cybersecurity’s major challenges is cyberstupidity, and regulators struggle to keep pace with rapidly changing technologies. Adopting a cybersecurity approach conceptually modeled on tort’s negligence per se doctrine, regulators can reduce widespread failures.
Administrative Arrangement for Transfer of Personal Data Between European Commission and Turkish Medicines and Medical Devices Agency and its Importance (Lexology) “Regulation on Medical Devices” and “Regulation on In vitro Diagnostic Medical Devices” were prepared and published in the Official Gazette on 2 June…
Litigation, Investigation, and Law Enforcement
The Fall of a Russian Cyberexecutive Who Went Against the Kremlin (Bloomberg) Ilya Sachkov, who’s been charged with treason in Russia, is alleged to have given the U.S. information about the “Fancy Bear” operation that sought to influence the U.S. election.
ICO issues £500,000 fine against UK Cabinet Office for data breach (Lexology) The ICO has issued a clear reminder today of the importance of putting in place appropriate technical and organisational measures to prevent the…
Why The FTC and Others Are Blocking Nvidia From Buying ARM (Digital Trends) Nvidia's bid to purchase chip designer ARM has been at the center of controversy for over a year, and now the FTC has formally filed a lawsuit. Here's why.
Two Georgia men sentenced for using Dark Web to steal identities of elderly victims (US Department of Justice) Durrell Tyler and DeShawn Johnson have been sentenced for access device fraud and aggravated identity theft related to their use of stolen identities to open accounts with credit card companies and various retailers.
Iranians Charged for Cryptojacking After U.S. Firm Gets $760,000 Cloud Bill (SecurityWeek) Two Iranian nationals have been charged in Missouri for running a cryptojacking operation after a local tech company received a $760,000 bill for cloud services.
FBI says the Cuba ransomware gang made $43.9 million from ransom payments (The Record by Recorded Future) The US Federal Bureau of Investigations said today that the operators of the Cuba ransomware have earned at least $43.9 million from ransom payments following attacks carried out this year.
Indicators of Compromise Associated with Cuba Ransomware (FBI) The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors
‘Inbox Advertising’: Direct Marketing Rules Apply to Ads in Email Inboxes (cyber/data/privacy insights) On November 25, 2021, the Court of Justice of the European Union (CJEU) held in the case C-102/20 that the display of advertising messages in a form similar to an actual email among others in an inbox constitutes an electronic mail for direct marketing purposes. Hence, rules on direct marketing appl
Feds Say Ex-EBay Brass Can't Sink Witness-Tampering Claim (Law360) Prosecutors said that two former higher-ups at eBay must face witness-tampering charges over statements they made to local police before being charged with a cyberstalking scheme aimed at two Massachusetts bloggers, arguing the false statements in themselves directly interfered with the eventual probe.
California Pizza Kitchen Ex-Employees Sue After Data Breach (Law360) Two former employees of California Pizza Kitchen Inc. are at risk of fraud and identity theft after a cyberattack that exposed the Social Security numbers of more than 100,000 people, a new suit filed in California federal court claims.
Former NSA leaker Reality Winner says "I am not a traitor" (Newsweek) Why did the former National Security Agency contract employee leak the classified information about Russian interference in the 2016 presidential election?
Air Force Veteran Claims She Leaked Classified NSA Documents for the American People (WAR HISTORY ONLINE) Reality Winner sat down for her first media interview since being released from prison.
Pentagon Cyber PR Contractor Admits Dark Web Child Sexual Exploitation Charges (Forbes) At Booz Allen, a former Air Force intelligence analyst claimed to work closely with the Defense Department’s U.S. Cyber Command, while he was downloading thousands of child sexual abuse images from the dark web.
Biden Nominee To Thwart Foreign Hacking Scored Sweetheart Deal for UAE Hacker (Washington Free Beacon) Joe Biden's nominee to lead a Department of Homeland Security unit that fights foreign cyber threats negotiated a sweetheart deal that allowed an American cyberspy to avoid jail time for hacking the phones of human rights activists and journalists on behalf of the United Arab Emirates.