Attacks, Threats, and Vulnerabilities
Karakurt Rises from Its Lair (Accenture) New threat group Karakurt begins operations. Learn about this financially motivated group, how it operates and how to mitigate its attacks. Learn more.
Chinese Hackers Targeted Southeast Asian Nations, Report Says (Bloomberg) Targets included prime ministers’ offices, senior ministries. Campaigns support Beijing’s regional aims, says report.
State-backed China hackers targeting South China Sea claimants, US cyber firm says (Radio Free Asia) Hackers also target countries related to projects and those strategically important to the Belt and Road Initiative
Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia (Recorded Future) Recorded Future’s Insikt Group tracks Chinese state-sponsored cyber espionage operations targeting government and private sector organizations across Southeast Asia.
Critical SonicWall Flaws Could Give Hackers Control Of Systems (CRN) SonicWall disclosed eight vulnerabilities in its Secure Mobile Access (SMA) appliances that government officials warned could allow remote attackers to take control of impacted systems.
ALPHV BlackCat - This year's most sophisticated ransomware (BleepingComputer) The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.
MANGA aka Dark Mirai-based Campaign Targets New TP-Link Router RCE Vulnerability (Fortinet Blog) FortiGuard Labs encountered a malware sample that’s currently being distributed in the wild targeting TP-link wireless routers. Learn more on MANGA aka Dark Mirai-based Campaign.…
When Honey Bees Become Murder Hornets (Eclypsium) What do you do when two million cheap and powerful devices become the launchpad for one of the most powerful botnets ever? You stop treating the threat like a newly discovered and unexpected honey bee hive and you start remediating like you’ve discovered a Murder Hornet nest.
300,000 MikroTik routers are ticking security time bombs, researchers say (Ars Technica) Device owners have yet to install patches for 3 high-severity vulnerabilities.
Rapid Response: Critical RCE Vulnerability Is Affecting Java (Huntress) Our team is currently investigating CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package.
A Brand Impersonation - Credential Phishing (Armorblox) This blog looks at a brand impersonation attack that steals victims’ Charles Schwab account credentials. The email has a social engineered payload, pretending to be a Charles Schwab security message, asking the user to log into their Charles Schwab account to read the message.
Researchers warn about continuous abuse of unpatched MikroTik routers (CSO Online) Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.
Russian hackers bypass 2FA by annoying victims with repeated push notifications (The Record by Recorded Future) Nobelium, the Russian cyber-espionage group that has orchestrated the SolarWinds 2020 supply chain attack, has continued to carry out new attacks throughout 2021, and according to security firm Mandiant, has been using a clever trick to bypass two-factor authentication in order to access some of its targets' accounts.
NSO spyware found on activists’ phones in Kazakhstan (Haaretz) Amnesty International’s Security Lab confirms phones were actually infected with NSO’s Pegasus software, just weeks after Apple alerted the victims to a ‘state-sponsored’ hack.
Kazakhstan: Four activists’ mobile devices infected with Pegasus Spyware (Amnesty International) Amnesty International’s Security Lab has confirmed that at least four Kazakhstani civil society activists have had their mobile devices infected with NSO Group’s Pegasus spyware. A forensic analysis shows that all four activists had been targeted and their devices infected from as early as June 2021, Amnesty International said today. “This case adds to an already mounting pile of evidence that NSO’s spyware […]
Protégez-vous du puissant logiciel espion Pegasus (Global Security Mag Online) Le fabricant de logiciels espions NSO Group est poursuivi par Apple et interdit de commerce avec les États-Unis. Même cinq ans après sa découverte par Lookout et Citizen Lab, le logiciel d'espionnage mobile Pegasus reste d'actualité, car des révélations sur son utilisation répandue et ses capacités évolutives - telles que la possibilité de lancer des attaques sans clic - continuent de faire surface. Le développeur du logiciel espion, NSO Group, basé en Israël, fait également l'objet d'une surveillance accrue de la part d'agences gouvernementales et d'organisations privées pour ses relations avec des régimes douteux dans le monde entier.
How Outlook Unwittingly Helps Hackers (Avanan) In a bid to help users remain productive, some Outlook features end up helping hackers.
Attack of the Month: Human-Directed Account Takeover (ATO) (Reblaze Blog) A blog post describing a persistent ATO (account takeover) attack type with attempts at credential cracking, credential stuffing, various tactics to evade detection, and more.
Hackers are targeting over a million WordPress sites in ongoing attacks (Computing) They are exploiting security bugs in four WordPress plugins and 15 Epsilon Framework themes
Hackers Stealing Credit Card Info Via e-Commerce WordPress Sites (IT World Canada - Information Technology news on products, services and issues for CIOs, IT managers and network admins) Cybercriminals are now injecting credit card swipers on plugins from e-commerce WordPress sites to carry out credit card theft.
Hellmann hit by cyber attack (Air Cargo News) Hellmann Worldwide Logistics has been hit by a cyber attack that has hit operations.
SnapHack: Watch out for those who can hack into anyone’s Snapchat! (WeLiveSecurity) This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder.
Premier could be among thousands of SA government employees affected by cyber attack (ABC) The South Australian government says the personal details of up to 80,000 workers — including potentially the Premier — have been accessed in a cyber attack on an external payroll software provider.
Cyberattack disables access to online servers for operator of the city bus, Handi-Van (https://www.hawaiinewsnow.com) The city said it’s working with the FBI and Honolulu police to gather evidence.
Cox discloses data breach after hacker impersonates support agent (BleepingComputer) Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers' personal information.
DNA Testing Firm Data Breach Exposed Sensitive Information of More Than 2.1 Million People (CPO Magazine) DNA Diagnostics Center (DDC) filed a data breach notification with the Maine Attorney General’s office disclosing that hackers accessed sensitive details of more than 2.1 million people.
Bay Village High School staff member retiring after private records released for entire senior class (Fox 8 Cleveland WJW) The Bay Village City School District gave an update Thursday after private student records for the entire senior class were released last month.
That Cream Cheese Shortage You Heard About? Cyberattacks Played a Part (Bloomberg) Hackers shut down the biggest cheese manufacturer during peak demand
Security Patches, Mitigations, and Software Updates
Log4j zero-day gets security fix just as scans for vulnerable systems ramp up (The Record by Recorded Future) The Apache Software Foundation has released an emergency security update today to patch a zero-day vulnerability in Log4j, a Java library that provides logging capabilities.
CISA releases advisory on five Apache HTTP server vulnerabilities affecting Cisco products (ZDNet) The government agency urged administrators to review Cisco's advisory and apply the necessary updates.
Hillrom Welch Allyn Cardio Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely
Vendor: Hillrom
Equipment: Welch Allyn Cardio Products
Vulnerability: Authentication Bypass Using an Alternate Path or Channel
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to access privileged accounts.
Hitachi Energy GMS600, PWC600, and Relion (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Hitachi Energy
Equipment: GMS600, PWC600, and Relion 670/650/SAM600-IO
Vulnerability: Improper Access Controls
2.
WECON LeviStudioU (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low attack complexity
Vendor: WECON Technology Co., Ltd (WECON)
Equipment: LeviStudioU
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow arbitrary code execution.
Trends
A moral panic is brewing about Instagram and video games. Don't fall for it | Opinion (Newsweek) Both video games and social media have been just another spin of the moral panic wheel. Whatever you decide to put beneath the tree this year, your kid will be fine.
Soon, the Hackers Won’t Be Human (Foreign Affairs) The U.S. must invest in AI to protect critical infrastructure from cybercriminals and state-sponsored hackers.
Marketplace
Ex-Googlers Snag $5 Million for Software Supply Chain Security Tech (SecurityWeek) A group for ex-Google software engineers has raised $5 million in seed funding to tackle software supply chain security.
Czech cybersecurity firm Avast acquires SSI innovator Evernym (Phocuswire) Founded in 2013, Evernym powers IATA's Travel Pass and has founded the Decentralized Identity Foundation, the Good Health Pass Collaborative and the Sovrin Foundation.
Mimecast to be taken private by Permira (Financier Worldwide) Email security company Mimecast has agreed to be taken private by funds advised by private equity firm Permira in a deal worth $5.8bn. Under the terms of the agreement, which was approved and recommended by an independent special committee, and then approved by the Mimecast
Mergers & Money: Industrial Cybersecurity Investment Makes Comeback As Infrastructure Threats Make Headlines (Crunchbase News) After a quiet year or so, industrial cybersecurity seems to be making a come back with investors as cyber attacks threaten critical infrastructure
Swimlane Skyrockets as Demand for Low-Code Security Automation Surges (Businesswire) Boasts more than 700% revenue growth in under four years to become fastest growing SOAR company
Microsoft Fires Back at Crowdstrike on Cybersecurity (Bloomberg) Microsoft Corporate Vice President Vasu Jakkal joins Emily Chang to respond to Crowdstrike’s claims that its software “causes” cybersecurity issues. They also come back on how Microsoft disrupted the activities of a China-based hacking group, and underlines that collaboration is crucial in the cybersecurity space.
Why CrowdStrike Plunged 22.9% in November (The Motley Fool) The leading cloud-based cybersecurity player received a downgrade and fell along with other growth stocks amid inflation fears.
Arkansas is on the hunt for thousands of anti-hackers (Axios) It's a priority for the Biden administration across the country.
Blumira Appoints Jim Simpson as Chief Executive Officer (Blumira) Jim Simpson has been named chief executive officer of Blumira. Simpson has over two decades of experience growing successful security startups.
VMware Carbon Black names Interactive's Darren Reid as ANZ boss (CRN Australia) Darren Reid to replace Rob Dooley, who moves up to APJ.
Elron Ventures Supports Portfolio Companies with Four New C- Suite Leaders on Their Advisory Board (Korea IT Times) Elron Ventures, a leading Israeli early-stage investment firm focusing on cybersecurity and enterprise software startups, invited four industry leaders and world-class domain experts to join their Advisory Board. These leaders are Jeff Trudeau, CISO of Chime and a seasoned security leader, Gil Gur A
Security vendor Illumio hires Comstor's Marco Hermosura as ANZ channel chief (CRN Australia) Marco Hermosura hired from Westcon-Comstor.
Cradlepoint Appoints Ben Carr as Chief Information Security Officer as Company Expands its Role in Secure Wireless WAN (GlobeNewswire News Room) Joins the Cradlepoint team with more than 25 years of experience in developing and executing long-term business and product security strategies...
Optiv Adds Security Veteran Jason Lewkowicz to Guide Cyber Operations (Optiv) Jason Lewkowicz has been named senior VP of cyber defense and applied security at Optiv, overseeing cyber operations, solutions and capabilities.
Products, Services, and Solutions
Cloudflare and Mandiant partner to offer cyber insurance (Register) Trust us with everything, croons septuple-strong partnership
Dragos Academy ICS/OT Cybersecurity Training (Dragos) Dragos Academy is a new comprehensive educational and training program available to Dragos customers and partners. Find in-person and virtual training, on-demand courses, and more.
Nerdio Brings Significant Backup and Disaster Recovery Capabilities to Azure Virtual Desktop (GlobeNewswire News Room) Nerdio Manager improves the resiliency of Azure Virtual Desktop (AVD) and ensures continuous access to corporate applications and data...
VAST Data Selected by Agoda for Big Data Applications (Businesswire) VAST Data, the storage software company breaking decades-old tradeoffs, today announced that the digital travel platform, Agoda (a Booking Holdings su
Cerebo Networks Teams with Versa Networks for Telco-independent SASE Services (Telecom Reseller) Cerebo Network’s becomes a Versa Networks partner to bring leading SASE innovation to global enterprises to secure and enable digital transformation initiatives
Vantage Inspect SAST (NTT Application Security) Vantage Inspect is a developer-focused solution that combines software composition analysis (SCA), static application security testing (SAST) and Infrastructure-as-Code technologies to give in-context security feedback directly within the native code repository.
Meadville, Pa., Shores Up Cybersecurity With New IT Provider (GovTech) Meadville City Council members approved a contract with a new IT provider. The city was seeking better cybersecurity and wanted to get away from "day-to-day" issues it experienced with its previous provider.
ToolCASE AI Solutions Providing Big Data Security Layer Integrations Needed By Companies in Data Security Fight (EIN News) The world is a data driven space. Analysis of these big data allows industries to perform more efficiently, reduce costs, boost profits, and increase
Aveshka selected as a provider of strategic consulting services with the US Department of Justice (PR Newswire) Aveshka is proud to announce its selection to provide strategic consulting services via a five-year Blank Purchase Agreement (BPA) for all...
Winbond partners with Karamba to provide secure memory solution (New Electronics) Winbond Electronics, a global supplier of semiconductor memory solutions, and Karamba Security, an embedded security provider for connected devices, have collaborated in the development of an automotive cybersecurity solution.
Sir Robert McAlpine adopts Darktrace AI to protect against email attacks (Cambridge Networks) Sir Robert McAlpine says AI stops an average of 18,000 email attacks against the company every month.
Bitdefender is ending its free antivirus (TechRadar) Bitdefender Antivirus Free Edition will be discontinued at the end of this year
Trulioo Announces New Identity Verification Service to Support Gen Z F (PRWeb) Trulioo, the leading global identity verification company, today announced the addition of U.S. Student Records to the Trulioo GlobalGateway
Technologies, Techniques, and Standards
AWS outage shows cloud complexity can curb backup (CRN Australia) As shifting between providers in case of emergency is far from simple.
Redgate survey reveals businesses are struggling to manage hybrid cloud environments (RealWire) Cambridge UK, December 9 – The big move to the cloud is bringing as many challenges as opportunities, a major database monitoring survey from Redgate has found. With 80% of organizations now usi
How you can avoid the cloud misconfiguration trap (ETCIO) While cloud offers several benefits ranging from scalability to speed, it also paves the way for hackers to attack organisations if not configured pro..
Blueprint for securing 5G SMS published as industry warned not to repeat the mistakes of 3G and 4G | Messaging & Engagement (Telemedia Online) AdaptiveMobile Security, an Enea company and the world leader in mobile network security, has published a comprehensive blueprint on how to secure SMS on
How a Florida county’s election office solved authentication challenges (GCN) The Orange County Elections Office deployed a user-friendly, identity-bound biometrics solution that authenticates staff to ensure the security of voter data and prevent vote tampering and fraud.
Cloud application developers need built-in security (SearchSecurity) Cloud application developers want to improve cloud application security for enterprises, but changes shouldn't slow the app development process.
Now is the optimal time for orgs to collaborate on cybersecurity (VentureBeat) With new technologies, organizations can collaborate on cybersecurity data without fear of exposing confidential data to external parties.
Ethical hackers: The essential but little-known role of these cybersecurity pros (Yahoo) What is an ethical hacker? At a time when the need for digital security is growing, the role of ethical hackers is becoming crucial. And even if some companies are still reluctant to use them, the employment of these computer security experts has reportedly prevented more than $27 billion worth of cybercrime in the space of a year.
U.S. Army cyber warriors compete in British Army cyber challenge (DVIDS) Soldiers and civilians from the U.S. Army Cyber Command (ARCYBER) headquarters and ARCYBER's Cyber Protection Brigade are building cyber skills and allied partnership while competing in Cyber Spartan 5, this year's iteration of an annual inter-unit cyber competition led by the British Army's 13th Signal Regiment.
Opinion | Headphone critique is the silliest attack on Kamala Harris yet (MSNBC) The criticism of Kamala Harris not using Bluetooth is the most absurd attack on the vice president yet.
Design and Innovation
UK publishes roadmap to create an 'AI assurance ecosystem' (Computing) AI assurance services such as audit, certification and impact evaluations are set to become a 'multibillion-pound industry', government says
Can companies police the biases found in artificial intelligence? (KUOW NPR) How can bias be removed from artificial intelligence? NPR's Audie Cornish talks with Kenneth Chenault, co-chair of the Data and Trust Alliance, on how corporations can take steps to make that happen.
UK and US to collaborate on privacy innovation contest (ComputerWeekly) Joint UK-US innovation challenge contest centring on privacy-enhancing technology announced at Summit for Democracy in Washington DC.
Legislation, Policy, and Regulation
Who's watching? How governments used the pandemic to normalize surveillance (Los Angeles Times) Today's young are born into a digitally interconnected reality where big data and artificial intelligence will shape everyday existence long before the children are old enough to protect their privacy or give consent.
Chris Krebs: Future cyber attacks could be used to "disrupt" U.S. decision-making (Axios) Krebs said a cyberattack would be part of "a larger, more complex approach by an adversary."
Russia military chief warns Ukraine against attacking rebels (Military Times) The statement comes amid soaring tensions over a Russian troop buildup near the border with Ukraine that stoked Ukrainian and Western fears of a possible invasion.
What Russia might do in Ukraine: 5 scenarios (Breaking Defense) While it is impossible to predict what Russian President Vladimir Putin has planned, any decision may not be as black-and-white as “to invade or not to invade.”
Russian military movements near Ukraine: What satellite images show (Washington Post) Satellite images show how Russian forces and materiel have moved toward Ukraine from as far away as Siberia.
Biden, Ukraine leader discuss ways to resolve Russia crisis (Military Times) U.S. intelligence reports last week said Russia had moved 70,000 troops to Ukraine’s borders as it builds toward a possible invasion early next year.
Ukraine Ready to Fight to ‘Last Drop’ (Foreign Policy) But Biden’s talk of accommodating Russia has Congress worried.
Don’t Sell Out Ukraine (Foreign Affairs) The west must respond to Russia with strength, not appeasement.
No plans to send more troops to Ukraine, Biden says (Military Times) But the U.S. president still insists Russia will face severe consequences if it invades Ukraine.
Biden pledges more military support for Central Europe, Lithuanian official says (Reuters) U.S. President Joe Biden on Thursday promised Central European NATO members more military support as concern grows over a Russian troop build-up on the border with Ukraine, Lithuania's presidential advisor said.
Polish defense minister: Here’s how NATO must adapt (Defense News) Addressing the high dynamics of the global and regional situation will not be effective unless we continuously adapt. Our laws, institutions and mindsets must adapt. Our military must adapt. NATO must adapt.
US small arms and ammo set to arrive in Ukraine as Pentagon details troops to train country's military (CNN) The final elements of a $60 million security assistance package will arrive in Ukraine this week, Pentagon spokesman John Kirby said Wednesday, including small arms and ammunition.
US to deliver small arms and ammunition to Ukraine amid Russian tensions, Pentagon says (Stars and Stripes) The weapons are the last portion of a $60 million security-assistance package announced Sept. 1 meant to help Ukraine “more effectively defend itself against Russian aggression,” the White House said at the time.
How the US Military Could Mobilize If Russia Invades Ukraine (Military.com) U.S. paratroopers landing in the Baltics, Army cavalry and artillerymen convoying in from Germany and an armored brigade massing its forces.
Iran nuclear talks resume as U.S. and Israel intensify rhetoric (Reuters) Talks on reviving the 2015 Iran nuclear deal resumed on Thursday with the United States and Israel ramping up rhetorical pressure on Tehran about the possible economic or military consequences if diplomacy fails.
The U.S. Faces Hard Choices on Strategic Ambiguity in Europe and Asia (World Politics Review) trategic ambiguity worked in a world in which Washington could often, at little risk, deter rival powers from coercing smaller U.S. partners. Today, however, Russia and China’s increasing military assertiveness may mean that the period in which the U.S. could ensure partners’ security on the cheap is coming to an end.
U.S. to Bar Investment in Chinese AI Giant, Considers Banning Key Exports to Top Chip Maker (Wall Street Journal) The focus on SenseTime and Semiconductor Manufacturing International Corp. is part of a broader Biden administration effort against China’s tech firms.
China's state-backed cyberattacks are part of a larger plan (Marketplace) Experts estimate that intellectual property theft is costly for countries — and that China is frequently the main culprit.
‘An urgent matter’: Biden warns democracy is under threat at summit (the Guardian) President opens two-day summit with 80 world leaders as experts warn democratic rights are under assault in the US
Biden’s democracy summit should produce a transatlantic anti-corruption strategy (Atlantic Council) The Biden administration's impressive new corruption strategy should inspire the UK and EU to join in.
US to tighten restrictions on exports of malicious cyber tools (TheHill) The Biden administration is expected to announce on Friday an initiative to tighten rules surrounding the exports of certain technologies that have been used by authoritarian governments and bad actors for repression.
New White House 'red line' policy gives agencies 24 hours to assess major cyberattacks (CNN) The White House has enacted a new policy requiring the FBI and other agencies to help US officials quickly assess whether a cyberattack "rises to the level of a national security concern" that could hamper the provision of key services such as fuel or food, according to a National Security Council memo obtained by CNN and two US officials.
IronNet : Breaking down silos to enable Collective Defense against nation-state adversaries (MarketScreener) Last month I wrote about "the problem with a legacy mindset"within the cybersecurity community.
A quick look at cyber in the 2022 defense bill (Defense Systems) As has been the case for the past few years, cyber governance provisions were featured in this year's must-pass defense policy bill moving through Congress, but a bipartisan breach notification measure was dropped from the bill -- to the chagrin of its supporters.
More US moves to tighten up transport security in war against cyber attacks (The Loadstar) Washington is moving to ramp up security against cybercrime in the US transport arena. The US Department of Homeland Security’s latest initiatives are pushing railroads to beef up their security, following a similar drive targeting airports and airlines. From the start of next year, major railways must also conduct a vulnerability assessment and develop formal plans on how to respond to cybersecurity incidents. In addition, they have to designate a cybersecurity co-ordinator ...
36-Hour Breach Notification Rule to Go into Effect for Banking Organizations (cyber/data/privacy insights) On November 18, 2021, three US agencies – the Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (FRB) and the Federal Deposit Insurance Corporation (FDIC) – issued a joint rule concerning computer-security incident notifications, which will go into effect on April 1, 2022, w
Federal Data Breach Reporting Requirements Continue to Evolve (The National Law Review) Complementing the patchwork of state data breach notification laws, a number of federal agencies recently have promulgated sector-specific reporting rules affecting a variety of companies...
DoD reshuffles tech oversight, creates new office to manage 'SWAT team of nerds' (The Record by Recorded Future) The Defense Department on Wednesday announced it would create a new office to oversee its data and artificial intelligence efforts, a restructuring that could have a lasting impact as the Pentagon races to keep pace with China’s technological advances.
Litigation, Investigation, and Law Enforcement
Saudi activist sues 3 former U.S. officials over hacking (Washington Post) Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured.
Saudi human rights activist files lawsuit against former US intelligence operatives for hacking scandal (ZDNet) The Justice Department faced criticism in September for only fining the three former US intelligence operatives after they broke multiple US laws through their offensive hacking of protesters and journalists for the UAE.
Saudi Human Rights Activist, Represented by EFF, Sues Spyware Maker DarkMatter For Violating U.S. Anti-Hacking and International Human Rights Laws (Electronic Frontier Foundation) EFF filed a lawsuit today on behalf of prominent Saudi human rights activist Loujain AlHathloul against spying software maker DarkMatter Group and three of its former executives for illegally hacking her iPhone to secretly track her communications and whereabouts.
U.S. Wins Appeal in Julian Assange Case, Bringing His Extradition Closer (Wall Street Journal) The government won an appeal in its bid to extradite the WikiLeaks founder, clearing an important hurdle in Washington’s yearslong battle to put him on trial on spying charges.
US wins appeal over extradition of WikiLeaks founder Assange (Al Jazeera) Ruling means Assange may now be closer to extradition from a British prison to the US to face spying charges.
Assange’s U.S. Reckoning Nears as U.K. Judges Grant Extradition (Bloomberg) London judges overturn lower court ruling in blow to Assange. WikiLeaks founder’s case has been sent to the U.K. Home Office.
Julian Assange can be extradited to US to face espionage charges, court rules (the Guardian) WikiLeaks co-founder’s fiancee says appeal will be launched, as Amnesty International says decision is a ‘travesty of justice’
Canadian Ransomware Arrest Is a Meaningful Flex, Experts Say (Threatpost) U.S. and Canada charge Ottawa man for ransomware attacks, signaling that North America is no cybercriminal haven.
Russia may be collaborating with US to bring cyber criminals to heel (ComputerWeekly) Trustwave’s SpiderLabs says its analysis of chatter on underground dark web forums suggests cyber criminals are starting to panic that formerly 'friendly' governments are on their case
CDT report highlights 'big data policing' loopholes with data brokers (Protocol) CDT thinks Congress should plug data broker gaps allowing law enforcement to circumvent laws by buying data from commercial vendors.
Legal Loopholes and Data for Dollars: How Law Enforcement and Intelligence Agencies Are Buying Your Data from Brokers (Center for Democracy and Technology) Typically, government agencies seeking access to the personal electronic data of Americans must comply with a legal process to obtain that data.
Record number of cyber incidents mitigated as NCSC protects vaccine rollout (Intelligent CIO Europe) The COVID-19 pandemic has been a catalyst for an increased number of cyber incidents thrust upon the healthcare sector, which had to be managed quickly and efficiently to protect against the vaccine rollout. The NCSC’s 2021 Annual Review highlights the work undertaken to protect the UK over the past 12 months. The National Cyber Security Centre (NCSC) […]
Federal privacy commissioner says BMO security breach in 2017 affected 113,000 client accounts (The Globe and Mail) The Office of the Privacy Commissioner launched an investigation after two BMO customers complained the bank had not adequately safeguarded their information
Insurer's Data Breach Claims Get Trimmed Before Trial (Law360) A Missouri federal judge handed Warden Grier a partial win by throwing out a breach of fiduciary duty claim levied by Hiscox Insurance Co. over a data hack, though she allowed the insurer's other breach of contract and professional negligence claims to go to trial.
GAO Faults DOD For Cybersecurity Program Complaints (Law360) The U.S. Department of Defense's pilot program requiring defense contractors to meet minimum cybersecurity requirements has repeatedly left contractors in the dark, a government watchdog has found, recommending that the agency improve communication with the industry.
Chancery Probes Contract Risks In $130M Merger Hack (Law360) A Delaware Chancery Court judge on Thursday strained to understand who was contractually responsible for the loss of a payout to stockholders in a $130 million merger after hackers diverted the payout to a Chinese bank account, leaving the Utah stockholders, New York payment agent, and the merger parties pointing fingers.