Cyber Attacks, Threats, and Vulnerabilities
Hacking group also used an IE zero-day against security researchers (BleepingComputer) An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers.
Microsoft said its software and tools were not used 'in any way' in the SolarWinds attacks. New findings suggest a more complicated role (Business Insider) As details about the hack unfold, it's clear Microsoft software and tools such as Office 365 have in fact been used, at least in some way.
Brazil's Eletrobras says nuclear unit hit with cyberattack (Reuters) A nuclear power subsidiary of Brazil's Eletrobras suffered a cyberattack but no operations were impacted, the state-controlled power holding company said in a filing late on Wednesday.
Eletrobras, Copel energy companies hit by ransomware attacks (BleepingComputer) Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week.
Updated Trickbot Deploys Fresh Reconnaissance Tool (BankInfo Security) The operators behind the Trickbot malware are deploying a new reconnaissance tool dubbed "Masrv" to exfiltrate additional data from targeted networks,
Hackers steal StormShield firewall source code in data breach (BleepingComputer) Leading French cybersecurity company StormShield disclosed that their systems were hacked, allowing a threat actor to access the company's support ticket system and steal source code for Stormshield Network Security firewall software.
Threat Spotlight: Automated attacks on web applications (Journey Notes) Barracuda researchers analyzed web application attacks blocked by Barracuda systems and found a massive number of automated attacks.
7 Common Microsoft AD Misconfigurations that Adversaries Abuse (CrowdStrike) In this blog, we explore seven of the most common AD misconfigurations, how adversaries take advantage of them, and how security teams can address them.
How scammers lure Discord users to a fake cryptocurrency exchange (Kaspersky) Scammers are luring Discord users to a fake cryptocurrency exchange with the promise of free Bitcoin or Ethereum.
Airbus CyberSecurity Subsidiary Stormshield Discloses Data Breach (SecurityWeek) Cybersecurity company Stormshield has disclosed a significant data breach that allowed hackers to access source code and customer information.
Blockchain transactions confirm murky and interconnected ransomware scene (ZDNet) Criminal gangs often use multiple ransomware strains and jump ship from one RaaS (Ransomware-as-a-Service) to another, seeking better deals.
New 'Hildegard' Malware Targets Kubernetes Systems (SecurityWeek) TeamTNT’s Hildegard malware features new capabilities that make it more stealthy and persistent.
Meet Babuk, a ransomware attacker blamed for the Serco breach (CyberScoop) It began with a laughable offer. Someone calling themselves “biba99” on a popular criminal forum claimed on Jan. 5 to provide “non-malicious” software to help organizations identify “security issues.” The author struggled to explain, in halting English, “why we are not … criminals” while assuring readers that the group would not hack hospitals or schools.
Gaining Root Access on Sierra Wireless AirLink Devices (TechSpective) Wi-Fi connectivity is increasingly pervasive. Many organizations have embraced Wi-Fi as a primary means of connecting to network applications and
Emsisoft Fell Victim for a Data-Stealing Cyberattack (TechNadu) Emsisoft has had a relatively minor yet important security incident involving limited data access and exfiltration.
Incident report (Emsisoft | Security Blog) Today, February 3rd 2021, at around 15:20 UTC, we became aware of a data breach on one of our test systems.
Threat Experts: Foxtons Data Breach Was Egregor Ransomware (Infosecurity Magazine) Double extortion attempt likely, according to Kela
Female escort review site data breach affects 470,000 members (BleepingComputer) An online community promoting female escorts and reviews of their services has suffered a data breach after a hacker downloaded the site's database.
Florida Healthy Kids Announces Cybersecurity Incident (Florida Healthy Kids) The Florida Healthy Kids Corporation (FHKC) today announced a cybersecurity incident experienced by its vendor, Jelly Bean Communications Design, LLC., which was responsible for hosting the FHKC website at the time of the incident. The security incident involved the personal data of online applicants and enrollees. FHKC has no confirmation at this time that anyone’s personal information was removed from the system.
Free coffee! Belgian researcher hacks prepaid vending machines (Naked Security) Only try this at home, folks! As easy as it might look, it’s illegal in the wild, with good reason.
Luxion KeyShot (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Luxion
Equipment: KeyShot products
Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Insufficient UI Warning of Dangerous Operations, Untrusted Pointer Dereference, Path Traversal
2.
Horner Automation Cscape (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Horner Automation
Equipment: Cscape
Vulnerability: Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of this vulnerability may allow code execution in the context of the current process.
WAGO M&M Software fdtCONTAINER (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Vendor: M&M Software GmbH, a subsidiary of WAGO Kontakttechnik
Equipment: fdtCONTAINER
Vulnerability: Deserialization of Untrusted Data
2.
Woodland Trust hit by cyber attack in December (ComputerWeekly.com) Conservation charity is investigating what it describes as a ‘sophisticated’ cyber attack but has waited nearly two months to inform its members.
Security Patches, Mitigations, and Software Updates
SolarWinds issues patches for two new critical bugs found in Orion software (CyberScoop) Researchers at security firm Trustwave on Wednesday disclosed two critical vulnerabilities in the same software that suspected Russian spies have exploited to infiltrate multiple U.S. government agencies.
Cisco Releases Security Updates (CISA) Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Google patches an actively exploited Chrome zero-day (ZDNet) Google Chrome 88.0.4324.150 released with a fix. Users advised to update.
Google Chrome Update Gets Serious: Hackers Already Have Attack Code (Forbes) Update Google Chrome now, warn both Google and the Department of Homeland Security, as hackers already have attack exploit code for a high-severity, zero-day vulnerability.
Cyber Trends
Automated Tools Increasingly Used to Launch Cyber-Attacks (Infosecurity Magazine) Over half of attacks detected by Barracuda involve the use of automation
Marketplace
Darktrace picks London for $5bn IPO (Business Weekly) Cambridge’s trailblazing cyber security company, Darktrace, has settled on a London IPO in the first half of 2021 that will value the business at a staggering $5 billion. There had been market mutterings about a possible float on America’s Nasdaq technology exchange but this looks to have been ruled out. Investors in Cambridge hi-tech and life science companies tell Business
Belgian data intelligence firm Collibra acquires OwlDQ (Silicon Republic) The acquisition is the company’s latest move for growth after it was valued at $2.3bn in a funding round last year.
Box Announces Intent to Acquire E-Signature Innovator SignRequest (Street Insider) Box, Inc. (NYSE:BOX) today announced that it has entered into a definitive agreement under which Box will acquire SignRequest, a cloud-based electronic signature company.
Hacking Humans: Local podcast shares insight into the cybersecurity world (WMAR) Hacking Humans: Local podcast shares insight into the cybersecurity world
Top Cybersecurity Funding and Investments of 2021 (Analytics Insight) Cybersecurity funding and investments in 2021are constantly growing. The funding in cybersecurity has accelerated further when companies became aware of cybersecurity issues during the pandemic.
Mimecast Plans Layoffs; Cyber Incident Investigation Continues (MSSP Alert) Mimecast CEO Peter Bauer confirms layoff plan. Email security provider continues to investigate a recent cybersecurity incident.
Malwarebytes Backs Down Over ‘Oppressive’ Website Blocking (Forbes) Malwarebytes has stopped routinely blocking websites on domains it deems “suspicious”, following an outcry from domain owners.
Check Point to focus on home network cybersecurity in new normal (Reuters) Check Point Software Technologies will focus on security services for remote working this year, the Israel-based company said on Wednesday after reporting better than expected quarterly profit and 2020 revenue that topped $2 billion
Quest for Hollywood Fame Splits Redditors at Heart of Market Frenzy (New York Times) The moderators of the Reddit message board WallStreetBets battled over movie deals after their sudden fame with the GameStop mania.
Boeing to outsource IT work to Dell, eliminate 600 jobs (ETCIO.com) Susan Doniz, vice president for information technology and data analytics for Boeing, told employees on Thursday that the eliminated jobs represent ab..
Air Force’s Platform One deepens ties with industry in new agreement with Lockheed (FedScoop) The Air Force’s DevSecOps environment Platform One has inked an agreement with Lockheed Martin to collaborate on software-factory activities, deepening the platform’s ties to industry.
Danish cyber firm opening Leeds base to create 60 jobs (BusinessCloud) UK boss Ruth Schofield, former MD of unicorn KnowBe4, describes tech as “like being on door of a nightclub”
Google paid $6.7 million to bug bounty hunters in 2020 (ZDNet) Sum is up from the $6.5 million the company paid security researchers a year before, in 2019.
Taking 1Password to the next level: Akshay Bhargava announced as Chief Product Officer (PR Newswire) 1Password today announced that Akshay Bhargava has joined the company as Chief Product Officer and GM of Emerging Solutions. Bhargava will...
Plurilock Adds ADM Jan Tighe to Advisory Board (Yahoo) Retired Vice Admiral has held numerous executive roles in the U.S. Navy and National Security Agency and currently serves on the board of Goldman Sachs Victoria, British Columbia--(Newsfile Corp. - February 4, 2021) - Plurilock Security Inc. (TSXV: PLUR) (OTCQB: PLCKF) ("Plurilock" or the "Company"), an innovative cybersecurity company that provides frictionless and continuous authentication using machine learning and behavioral biometrics, is pleased to announce that retired U.S. Navy Vice Admiral, Jan E. Tighe has ...
Peraton Announces New Business Sectors and Executives (PR Newswire) After the successful completion of Peraton's transformational acquisition of Northrop Grumman's integrated mission support and IT solutions...
Former British Ambassador Andy Garth joins ESET as Government Affairs Lead (Intelligent CIO Middle East) Former British Ambassador Andy Garth has joined cybersecurity vendor ESET as Government Affairs Lead after a successful career as a dedicated public servant and diplomat. Experienced in international affairs, Garth has built partnerships and alliances across the spectrum of diplomacy, business and politics in many countries. After enjoying over a dozen foreign assignments, including technology […]
Binary Defense Announces Addition to Leadership Team, Two Vice President Promotions (IT News Online) Binary Defense Announces Addition to Leadership Team, Two Vice President Promotions
FireEye Announces Bryan Palma Joins Company as EVP of FireEye Products (Valdosta Daily Times) FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that Bryan Palma has joined the company as Executive Vice President of FireEye Products.
Products, Services, and Solutions
Cowbell Cyber Adds Highly Anticipated Excess Cyber Insurance Line (Cowbell Cyber) Cowbell Cyber today announced the availability of its excess cyber coverage line, Prime Plus and serves 49 states with cyber coverage.
Fortinet Delivers SASE and Zero Trust Network Access Capabilities with Major Updates to its FortiOS Operating System (Fortinet) Over 300 New Features in FortiOS 7.0 Expand the Fortinet Security Fabric’s Ability to Deliver Consistent Security Across All Networks, Endpoints, and Clouds
Self-Sovereign Identity Solutions Provider Northern Block Selects Acuant for Identity Verification and Compliance (Acuant) Northern Block announces the integration of Acuant's solutions to offer best-in-class Self-Sovereign Identity (SSI) & Verifiable Credential solutions.
Bitglass Announces Integrations With Leading SD-WAN Providers for a Flexible, Best-of-Breed SASE Platform (Yahoo) Bitglass, the Total Cloud Security company, today announced technical integrations between industry-leading SD-WAN providers Aruba, 128 Technology, Fortinet, and Silver Peak and its secure access service edge (SASE) offering; extending market-leading security to traffic stemming from remote locations.
New High-Performance Rugged Server Bolsters Cybersecurity for Multi-Domain Operations (GlobeNewswire) Delivers data center-level performance while maintaining data integrity at the edge
Promethean Announces iKeepSafe Student Data Privacy Certification in the U.S. for ClassFlow Software (PR Newswire) Promethean®, a leading global education technology company, today at TCEA 2021 announced its ClassFlow™ platform had received iKeepSafe...
Qualys Introduces SaaS Detection and Response to Manage the Security Posture and Risk of the SaaS Application Stack (Security Brief) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today introduced Qualys SaaS Detection and Response (SaaSDR), which provides a single console for IT and security teams to gain continuous visibility, security and compliance of critical SaaS apps.
Cybereason XDR is Named Hottest New Cybersecurity Product (PRWeb) Cybereason, the leader in future-ready attack protection, today announced that Cybereason XDR was named one of the hottest new cybersecurity products of 2020 by C
Check Point launches security gateways to protect SMBs against threats (Security Brief) The range of six gateways sets new standards of protection against the most advanced cyber attacks for SMBs, giving greater ease of deployment and management.
CyberKnight Signed as RedSeal Distributor (TahawulTech.com) CyberKnight Signed as RedSeal Distributor to Bolster Cybersecurity Posture of Middle East Customers.
RSA Unveils AI-Based Threat Detection Solution (MSSP Alert) RSA introduces NetWitness Detect AI, a machine learning solution that provides threat detection & insights on data captured via the NetWitness Platform.
Infoblox Upgrades NIOS with Security, Orchestration, and Reliability Features to Enable Workplace Transformation (PR Newswire) Infoblox Inc., the leader in Secure Cloud-Managed Network Services, today announces updates to its award-winning Network Identity Operating...
Barracuda introduces new backup platform to protect data in Microsoft Office 365 (IT Brief) As the workforce becomes increasingly dispersed, adopting cloud-based apps like Microsoft Teams for productivity and communication is an obvious move.
Clavister partners with BAE Systems to upgrade cybersecurity in combat vehicles (Help Net Security) Clavister announces that the relationship between itself and BAE Systems has produced a major Western European military organization.
Virgin Media Business beefs up SASE and cloud security with Zscaler (FierceTelecom) Virgin Media Business has tapped cloud security vendor Zscaler to further beef up its SD-WAN and SASE capabilities for remote workers. Virgin Media Business has added Zscaler to its cloud security portfolio via the vendor's global Zero Trust Exchange Platform that sits between an organization's users, corporate applications and networks.
FedRAMP Board Prioritizes Zscaler Web Gateway for High-Impact Level Authorization; Stephen Kovac Quoted - ExecutiveBiz (ExecutiveBiz) Zscaler has been prioritized by the Federal Risk and Authorization Management Program's Joint Author
Plume taps big boy Akamai for operator-focused security clout (Rethink) Plume has made another move to boost its security credentials in the home, this week announcing a deal with Akamai to provide a joint offering to operators looking to launch smart home and smart business services – sharing customers and both sales and marketing teams.
Technologies, Techniques, and Standards
Fonix Ransomware Decryptor (Bitdefender) A decryptor for Fonix Ransowmare is now available for download. Also known as FonixCrypter or Xinof, this family of malware was initially spotted in June 2020 and went out of business in late January this year.
NYC Cyber Command: Embracing Our ‘Zero Trust’ Reality (Government Technology) As it works across more than 100 offices and agencies to prevent, detect, respond and recover from cyberthreats, the New York City Cyber Command wants help building a zero trust digital infrastructure.
We need privacy and security for communications, and there’s an app for that (ZDNet) The common question: Is WhatsApp "safe" to use for business communications? Consider a follow-up question: What do we do, and what can we do, about it?
SOC teams spend nearly a quarter of their day handling suspicious emails (SC Media) A new study says that email threats take two to three hours of a SOC team’s time per day, or about 22.9 percent of their daily routine.
Penetration tests can help companies avoid future breaches (SC Media) A ransomware attack targeted the email systems at Cleveland Hopkins International Airport in April 2019. Today’s columnist, David Trepp of BPM LLP, says detailed pen tests will show how systems can handle future attacks on email and other critical systems.
3 ways to speak the board's language around cyber risk (CSO Online) Framing the cyber risk conversation in ways that resonate with the board will help close the chasm between cyber risk and enterprise objectives.
Design and Innovation
DIU Boosts Cyber Workforce With Acquisition Accelerator (Government CIO) Bringing cutting-edge commercial cyber solutions to military partners quickly can help government's workforce gap while tackling pipeline challenges.
Analysis | The Cybersecurity 202: Coronavirus pandemic renews debate for hacker-proof IDs (Washington Post) Rep. Bill Foster (D-Ill.) says he and Rep. John Katko (R-N.Y.) plan to reintroduce legislation on this.
Innovations for a more secure U.S. microelectronics supply chain (Microsoft Azure) Keeping up with the rapid pace of technology innovation today requires equal advances in the pace of development of new microelectronics.
AI and the List of Dirty, Naughty, Obscene, and Otherwise Bad Words (Wired) It started as a way to restrict autocompletes on Shutterstock. Now it grooms search suggestions on Slack and influences Google's artificial intelligence research.
Research and Development
UTSA and Dell partner to spur innovation in cybersecurity and data science (EurekAlert!) The University of Texas at San Antonio (UTSA) received a technology grant via special discounts from Dell Technologies to support advanced technologies and a new research infrastructure platform at the university. Through the substantial savings to UTSA, this technology grant enables and supports UTSA's ability to attract leading research scholars and students. With the grant, UTSA invested in a hybrid cloud approach that utilizes solutions from Dell Technologies to help deliver research in data science and cybersecurity.
Academia
USC and McMaster announce a cyber initiative that promises to create jobs in SC (The State) The University of South Carolina and S.C. Gov. Henry McMaster announced plans to create a new “cyber ecosystem” that promises to create jobs in the Palmetto State.
Norwich receives $19.5M grant to lead DoD Cyber Institute program (Vermont Business Magazine) Vermont Business Magazine Norwich University has been designated the lead institution of the nation’s Senior Military Colleges in creating a Department of Defense Cyber Institute program through a recently awarded two-year, $19.5 million grant. The six schools, Norwich University, Virginia Military Institute, The Citadel, Virginia Tech, University of North Georgia, and Texas A&M, will create a pipeline of qualified cyber professionals in various critical work roles.
KnowBe4 to Offer $10,000 Scholarship for Black Americans in Cybersecurity (GlobeNewswire) KnowBe4 partners with the Center for Cyber Safety and Education to support Black Americans in recognition of Black History Month to help further education
Legislation, Policy, and Regulation
Dragon targets telecom to breach security, firewall ready in 6 months (ETTelecom.com) In a bid to counter cyber-attacks and data theft, primarily perpetrated from China, the government seems determined to implement the new security dire..
Brazil Has Disinformation "Cyber Troop", According to British Research Study (The Rio Times) A study by Oxford University released in January pointed out that 81 countries - among them Brazil - were scenarios of "computational propaganda" and "industrialized disinformation" campaigns on political issues in 2020. These initiatives were promoted by government agencies and other institutional or private actors - companies, parties and digital influencers.
U.S. cyber units deployed in Macedonia, Montenegro, Ukraine - Russian cybersecurity official (Interfax) Cyber units reporting to the U.S. military have been deployed in Macedonia, Montenegro, and Ukraine, Nikolai Murashov, deputy director of the Russian National Coordination Center for Computer Incidents, which was set up at the behest of the administration of the Federal Security Service, said.
Biden says US will ‘raise the cost’ for Russian hackers after espionage campaign (CyberScoop) President Joe Biden on Thursday said the days of the U.S. “rolling over in the face of Russia’s aggressive actions” in cyberspace were over as he pledged to make the U.S. government more resilient in the face of hacking.
Biden's first big foreign policy speech calls out Russia, limits role in Yemen (POLITICO) The president voices support for LGBTQ rights and backs away from the war in Yemen, but the U.S. military role is still unclear.
Biden strikes tough tone on Russia in diplomatic push (Military Times) Biden’s comments on Russia came as he asserted a broad reset of American foreign policy, including reversing Trump’s order to withdraw U.S. troops stationed in Germany and ending support for Saudi Arabia’s military offensive in Yemen.
Secretary Blinken’s Call with Russian Foreign Minister Lavrov (United States Department of State) The below is attributable to Spokesperson Ned Price: Secretary of State Antony J. Blinken spoke with Russian Foreign Minister Sergey Lavrov today. Secretary Blinken and Minister Lavrov discussed the New START extension and the need for new arms control that addresses all of Russia’s nuclear weapons and the growing threat from China. The Secretary reiterated […]
Press release on Foreign Minister Sergey Lavrov’s telephone conversation with US Secretary of State Antony Blinken (The Ministry of Foreign Affairs of the Russian Federation) On February 4, Sergey Lavrov spoke by telephone with US Secretary of State Antony Blinken.
Fighting Nation-State Cyber Adversaries: Wait Until it Hits or Re-think the Approach (Express Computer) A holistic approach to security is required in today’s modern threat landscape and cloud era – one that understands network, cloud, and in particular users and the critical data they create, interact with, share and store
Cyber denial of service is cyber attack (C4ISRNET) When cyber events deny service or make systems inoperable, many are reluctant to call these events attacks. That hesitation is unhelpful, an expert argues.
Hezbollah and Other Non-State Actors Acquire Asymmetric Tools in Cyberspace (The National Interest) The cyber domain is again forcing the United States and its allies to reevaluate assumptions about deterrence. But instead of rethinking the credibility of deterrence, the United States should focus on deterrence by denial.
The Cyber Maritime Environment: A Shared Critical Infrastructure and Trump’s Maritime Cyber Security Plan (War on the Rocks) Last month, the unclassified version of the Donald Trump administration’s Maritime Cybersecurity Plan was published to the White House website … and then
The US is taking steps towards breaking China’s rare earths monopoly (Quartz) USA Rare Earth is planning to go public, and could help spur more investment in the American critical minerals industry.
Huawei: Team Biden sees it as a threat and wants to talk to allies (CBC) The new Biden administration sees Huawei as a national-security threat and wants to discuss the issue with allies. Answers from the nominee for commerce secretary make clear the pressure on Canada to develop a policy on the Chinese telecom company will not relent with the change in U.S. administration.
Biden Commerce Pick Sees ‘No Reason’ to Lift Huawei Curbs (Bloomberg) Gina Raimondo responds to written questions from GOP senators. Huawei, other Chinese companies are also on U.S. Entity List.
New Senate intel chief wants to reimagine 'decimated' spy agency (POLITICO) Virginia Democrat Mark Warner says the focus should be on strengthening the intelligence community after years of blistering attacks.
Navy Vet in Congress Protests 'Thought Police' Screening Troops for Extremist Beliefs (Military.com) Rep. Andrew Clyde, a retired Navy commander, told experts that he's concerned about the push to screen troops.
Wyden, Gillibrand, Brown, Hirono and Eshoo Reintroduce Invest in Child Safety Act to Protect Children from Online Exploitation (U.S. Senator Ron Wyden of Oregon) The Official U.S. Senate website of Senator Ron Wyden of Oregon
How can the US prepare better when things go wrong? (Federal News Network) The Business Executives for National Security group has published a call to action to improve emergency national response. With highlights, the group’s CEO, retired Army Gen. Joseph Votel, and its chairman, Mark Gerencser.
Space Force begins onboarding cyber specialists (FCW) The U.S. Space Force has begun transferring more than a thousand cyber professionals into its ranks as of Feb. 1 with plans to start recruiting talent for multiple career fields from across the military branches this year.
Dave Frederick Taking Over as Executive Director at Cyber Command (Meritalk) Dave Frederick Jr. will take over as the Executive Director at U.S. Cyber Command (USCYBERCOM) after serving as deputy director of the organization’s Cybersecurity Directorate in 2019 and 2020.
Cybersecurity: Government and Asseco Group set up a Computer Emergency Response Team (Togo First) A European cybersecurity firm, Asseco Group, and the government of Togo established a Computer Emergency Response Team (CERT-TG) whose mission is to p...
Litigation, Investigation, and Law Enforcement
New DHS Secretary Pledges to Investigate SolarWinds Hack (BankInfo Security) Alejandro Mayorkas, the newly confirmed secretary of the Department of Homeland Security, says his initial priorities include reviewing all available intelligence
Senate Intelligence Committee to Examine Antigovernment Extremists (New York Times) Senator Mark Warner, the committee’s new chairman, said he hoped to lead a bipartisan investigation of the groups, their overseas ties and amplification of their message by foreign powers.
Canada puts Proud Boys on terror list, cites active security threat (Reuters) Canada named the far-right Proud Boys a terrorist entity on Wednesday, saying it posed an active security threat and played a "pivotal role" in last month's attack on the U.S. Capitol that left five people dead.
()
Instagram Unmasks High Profile 'OG' Account Stealers, Threatens to Sue (Vice) The action centres around the OGUsers community. It is highly unusual for social media companies to publicly announce that it has identified the real names of pseudonymous users.
Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts (KrebsOnSecurity) Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.
Clearview AI’s Facial Recognition App Called Illegal in Canada (New York Times) Canadian authorities declared that the company needed citizens’ consent to use their biometric information, and told the firm to delete facial images from its database.
Canada Probe Concludes Clearview AI Breached Privacy Laws (SecurityWeek) US facial recognition technology firm Clearview AI illegally conducted mass surveillance in breach of Canadians' privacy rights, Canada's privacy commissioner said Wednesday following an investigation.
International cyber-scammers who targeted elderly for more than 1.3M busted in Houston (Click2Houston) Houston police and the Harris County District Attorney have made an arrest in an international cyber-scam that bilked unsuspecting, mostly elderly victims out of more than $1 million.
Voting-Machine Company Smartmatic Sues Fox News Over Election Claims (Wall Street Journal) The suit focuses on statements made about Smartmatic on Fox News by lawyers who supported former President Donald Trump’s claims that the election was rigged, including Rudy Giuliani and Sidney Powell.
BA Data Breach Victims Granted Extension to File Claims (Infosecurity Magazine) Breach victims who have not filed their claim encouraged to do so