Cyber Attacks, Threats, and Vulnerabilities
Norway parliament data stolen in Microsoft Exchange attack (BleepingComputer) Norway's parliament, the Storting, has suffered another cyberattack after threat actors stole data using the recently disclosed Microsoft Exchange vulnerabilities.
Norway parliament 'hit by cyber attack' (Yahoo) The Norwegian parliament says it has sustained a new cyber attack, six months after a previous one was publicised."We know that data has been extracted but we do not yet have a complete overview of the situation," parliament's administrative chief Marianne Andreassen said in a statement.
BSI warnt vor Cyberattacken auf Microsoft Exchange-Server (Haufe) Wegen Sicherheitslücken bei Exchange-Servern bestehen hohe Risiken und das BSI fordert Betreiber dringend zum Einspielen der Updates und zu Wachsamkeit auf.
Up to 60,000 computer systems exposed in Germany to Microsoft flaw - BSI (The Hindu) More than half of the vulnerabilities were addressed following a warning last weekend by the Federal Office for Information Security (BSI), but around 25,000 systems still need to be fixed, BSI chief Arne Schoenbohm said.
CISA and FBI Issue Joint Advisory on Exchange Server Hafnium Attacks (Redmondmag) The U.S. Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation announced a Microsoft Exchange Server joint advisory that offers consolidated advice for Exchange Server users on detecting Hafnium attacks.
FBI-CISA Joint Advisory on Compromise of Microsoft Exchange Server (CISA) CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) to address recently disclosed vulnerabilities in Microsoft Exchange Server. CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.
A ‘Crazy Huge’ Hack (Foreign Policy) Who was behind the largest-ever cyberattack on the United States—and how can the next one be prevented?
Examining Exchange Exploitation and its Lessons for Defenders (DomainTools) On 02 March 2021, Microsoft released out-of-band updates for Microsoft Exchange to cover four actively-exploited vulnerabilities...
The Cybersecurity 202: More hackers jump to take advantage of a widespread Microsoft security flaw (Washington Post) Government officials and cybersecurity experts are scrambling to stem the damage from a security flaw in Microsoft Exchange that has allowed hackers to infiltrate the servers of at least 30,000 U.S. organizations.
Microsoft Exchange Hack Could Be Worse Than SolarWinds (Data Center Knowledge) The massive hack’s scope keeps growing. Unlike the SolarWinds exploit, this one can be automated.
Exchange Server email hack: Why this is such a big deal (TechGenix) The repercussions from the Microsoft Exchange Server email hack are still being sorted out, but the implications — and the damage — may be enormous.
Microsoft Server Hack Has Victims Hustling to Stop Intruders (Claims Journal) Victims of a massive global hack of Microsoft email server software -- estimated in the tens of thousands by cybersecurity responders --
Security researchers discover SUPERNOVA web shell activity linked to Chinese hackers (Security Magazine) Researchers from the Counter Threat Unit (CTU) at Secureworks have discovered a possible link to China while examining how SolarWinds servers were used to deploy malware. According to Secureworks' new report, the authentication bypass vulnerability in SolarWinds Orion API, tracked as CVE-2020-10148, that can lead to remote execution of API commands, has been actively exploited by Spiral. When vulnerable servers are detected and exploited, a script capable of writing the SUPERNOVA web shell to disk is deployed using a PowerShell command.
Massive Hacks Linked to Russia, China Exploited U.S. Internet Security Gap (Wall Street Journal) Protecting U.S. networks from cyberattacks launched domestically is emerging as an intelligence blind spot, security experts say.
Cyber Command: ‘No evidence’ that SolarWinds attackers compromised DoD networks (The Record by Recorded Future) “To date, there’s no evidence of a compromise in DoD networks because of the SolarWinds attack,” said Cyber Command's executive director.
FBI alert warns of Russian, Chinese use of deepfake content (CyberScoop) The FBI is warning in a new alert that malicious foreign actors will soon be using deepfakes in both influence and cyber-operations.
Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations (FBI Cyber Division) Malicious actors almost certainly will leverage synthetic content for cyber and foreign influence operations in the next 12-18 months. Foreign actors are currently using synthetic content in their influence campaigns, and the FBI anticipates it will be increasingly used by foreign and criminal cyber actors for spearphishing and social engineering in an evolution of cyber operational tradecraft.
Threat Trends: DNS Security, Part 1 (Cisco Blogs) An examination of the trends seen in malicious DNS activity during 2020, covering threat categories such as illicit cryptomining, phishing, trojans, ransomware, and others.
F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs (Threatpost) The F5 flaws could affect the networking infrastructure for some of the largest tech and Fortune 500 companies – including Microsoft, Oracle and Facebook.
NimzaLoader: TA800’s New Initial Access Malware (Proofpoint) Proofpoint researchers observed an interesting email campaign by a threat actor we track as TA800. This actor has predominantly used BazaLoader since April of 2020, but on February 3rd, 2021 they distributed a new malware we are calling NimzaLoader.
()
FIN8 cybercrime group resurges with improved hacking tool (CyberScoop) A financial hacking group that appeared to drop off the map a year ago is back with a new and improved backdoor, Bitdefender researchers say.
FIN8 Hackers Return With More Powerful Version of BADHATCH PoS Malware (The Hacker News) FIN8 Hackers Return With More Powerful Version of BADHATCH Malware for PoS Devices.
Image File Trickery Part II: Fake Icon Delivers NanoCore (Trustwave) In this blog, we outline another .zipx attachment we recently encountered with spam messages, and we will show the result of our investigation in comparison to the previous .zipx sample we observed.
Ransomware “Paralyzes” Spanish Employment Agency (Infosecurity Magazine) Attack locks down workstations and remote worker laptops
150,000 security cameras allegedly breached in “too much fun” hack (Naked Security) Cloud security cameras rained confidential customer data, says Bloomberg.
Tesla says Shanghai factory not hacked after breach of Verkada surveillance cameras (Reuters) U.S. electric vehicle maker Tesla Inc said on Wednesday a hacking incident reported on Tuesday was restricted to a supplier's production site in Henan province, China, and its Shanghai car factory and showrooms were not affected.
Companies on alert after apparent hack of cloud-based security camera service (CNN) Cloud-based security camera company Verkada confirmed on Wednesday that it is grappling with a cybersecurity incident after multiple reports said hackers had breached customer video feeds at a wide range of businesses.
Massive camera hack exposes the growing reach and intimacy of American surveillance (Washington Post) A breach of the camera start-up Verkada ‘should be a wake-up call to the dangers of self-surveillance,’ one expert said: ‘Our desire for some fake sense of security is its own security threat’
Fortalice CEO on Security-Camera Data Hack (Podcast) (Bloomberg) Theresa Payton, CEO at Fortalice, discusses news of a large-scale security-camera data hack this week. She also talks about the increasing amounts of data that smart devices are collecting.
The Dire Possibility of Cyberattacks on Weapons Systems (Wired) Just because you don't hear about them doesn't mean no one's trying.
Researchers Show First Side-Channel Attack Against Apple M1 Chips (SecurityWeek) Researchers have demonstrated a browser-based side-channel attack that doesn’t require JavaScript and works across a wide range of platforms, including devices with Apple’s M1 chips.
Gmail Farming and Credential Validation (Cequence) Google is now rating email accounts, and bad actors are not deterred. Instead, many are leveraging this feature to expedite their attacks.
NHS Regulator Faces Surge in Email Attacks During Vaccine Rollout (Infosecurity Magazine) The CQC was targeted by nearly 60,000 malicious email attacks from December 2020 to February 2021
A ransomware that demands justice, not money (The Hindu) A new ransomware ‘Sarbloh’ is being distributed via malicious Word documents that contain political message supporting farmer community
Hackers hit Indians with ransomware supporting farmers (Tribuneindia News Service) The ransomware is designed to target entities connected with farmers’ protests in India, with the hacker group titled Khalsa Cyber Fauj reported to be leading this attack in the country In a unique way to support protesting farmers in India, cyber criminals have launched a new ransomware attack in the country that does not ask for money but justice for the community, conveying a message that no data will be recovered until the demands of the farmers are met, a new report revealed o
Cyber attack details due soon (Methow Valley News) It will be another couple of weeks until Okanogan County has more details about what happened in a cyber attack that incapacitated county government for more than a week in January, knocking out computers, phones and email, county Risk Manager Tanya Craig said recently.
OVH data center burns down knocking major sites offline (BleepingComputer) In a major unprecedented incident, data centers of OVH located in Strasbourg, France have been destroyed by fire. Customers are being advised by the company to enact their disaster recovery plans after the fire has rendered multiple data centers unserviceable, impacting websites around the world.
Smart sex toys: appealing to you, exploitable to hackers (ZDNet) Some of the most popular sex toys on the market are anything but smart when it comes to security.
Sex in the digital era: How secure are smart sex toys? (WeLiveSecurity) How secure are smart sex toys? Do they protect users’ data and privacy? ESET researchers look under the hood of two devices and their accompanying apps.
Security Patches, Mitigations, and Software Updates
F5 releases patches for nearly two dozen vulnerabilities, some critical (CyberScoop) F5 Networks, a leading provider of enterprise networking equipment, disclosed four critical vulnerabilities and 17 others on Wednesday as the recent parade of major flaws needing patches marches ahead. Three of the vulnerabilities would allow hackers to remotely execute code on target networks.
F5 Patches Four Critical Bugs in Big-IP Suite (SecurityWeek) F5 ships fixes for seven serious security vulnerabilities, some rated extremely critical.
Microsoft March 2021 Patch Tuesday fixes 82 flaws, 2 zero-days (BleepingComputer) Today is Microsoft's March 2021 Patch Tuesday, and with admins already struggling with Microsoft Exchange updates and hacked servers, please be nice to your IT staff today.
Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day (Dark Reading) The monthly rollout follows last week's emergency Microsoft Exchange Server patch covering seven CVEs, four of which are under attack.
Cyber Trends
Year in Review: COVID-19 Concerns for Cybersecurity (Digital Shadows) After a year of observing the cyber threat landscape evolving because of the pandemic, we identified the top 3 COVID-19 concerns for cybersecurity.
The state of Secrets Sprawl on GitHub (GitGuardian) How leaky can it Git
2020 Vulnerability Intelligence Report (Rapid7) Security, IT, and other teams tasked with vulnerability management and risk reduction frequently operate in high-urgency, high-stakes environments where informed decision-making hinges on the ability to quickly separate signal from a sea of perpetual noise.
February 2021’s Most Wanted Malware: Trickbot Takes Over Following Emotet Shutdown (Check Point Software) Check Point Research reports that following the international police operation that took control of Emotet in January, Trickbot has become the new top
Council Post: For Telcos, There’s An Inherent Cybersecurity Risk In Just Doing Business (Forbes) Responding to retooled threats also means the organization must retool its own defenses.
Healthcare Security: Ransomware Plays a Prominent Role in COVID-19 Era Breaches (Tenable®) Ransomware is the root cause in a majority of the healthcare breaches analyzed.
Marketplace
The SolarWinds Cyber-Attack – The Devastation and Wreckage (JD Supra) The SolarWinds cyber-attack was devastating in scope and impact. If any lesson can be learned from this event, the SolarWinds case presents all the...
The Funded: The SPAC boom just keeps sounding, topping last year's record for money raised (Silicon Valley Business Journal) A pair of IPOs for Palo Alto SPACs and one San Francisco one look to extend the record.
Crippling Attacks Bolster the Need for Extensive Cybersecurity Protocols (PR Newswire) An extensive layer of cybersecurity is often required for business infrastructure or government agencies in order to protect sensitive...
Value of Public Cloud Companies More Than Doubled To $2T In Pandemic, Bessemer’s Latest Cloud Report Says (Crunchbase News) The BVP Nasdaq Emerging Cloud Index hit a record $2.2 trillion in value on Feb. 5, 2021, according to Bessemer's State of the Cloud report 2021. Just a year earlier, pre-pandemic, the index was valued at $1 trillion.
App security platform provider Pathlock raises $20M (VentureBeat) Cybersecurity startup Pathlock, formerly Greenlight Technologies, raised $20 million in a strategic growth round.
Pathlock Secures $20 Million Strategic Growth Investment; Announces Rebrand from Greenlight Technologies (PR Newswire) Pathlock, formerly Greenlight Technologies, the leading provider of unified access orchestration, today announces the closing of a strategic...
Datto Acquires Israel's Cyber Threat Detection Company BitDam For Undisclosed Sum (Benzinga) Global provider of cloud-based software and technology solutions for managed service providers (MSPs) Datto Holding Corp (NYSE: MSP) announced the acquisition...
Tysons risk analytics firm announces two acquisitions (Virginia Business) Tysons-based risk analytics firm Qomplx Inc. announced Wednesday it would acquire Huntsville, Alabama-based cyber intelligence firm Sentar and London-based insurance software modeling firm RPC Tyche. Financial terms of the transactions were not disclosed. Qomplx announced earlier this month its plan to go public through a merger agreement with Tailwind Acquisition Corp., a special purpose acquisition…
Cloud cybersecurity startup Lumu raises a $7.5 million Series A (TechCrunch) Miami-based cybersecurity startup Lumu today announced the closing of its $7.5 million Series A. The round was co-led by SoftBank Group Corp.’s SB Opportunity Fund and Panoramic Ventures. Lumu, co-founded and headed by Colombian native Ricardo Villadiego, offers a cloud-based service that helps com…
QOMPLX to Acquire Sentar, Inc., One of the Fastest Growing Cyber Companies in the National Security Sector (BusinessWire) QOMPLX™, the leader in cloud-native risk analytics, has entered into a definitive agreement to acquire Sentar, Inc. (“Sentar”). Sentar is a cyber-inte
Hybrid cloud security specialist Securonix raises $24M (SiliconANGLE) Hybrid cloud security specialist Securonix raises $24M - SiliconANGLE
Capital One Ventures partners with Securonix on cloud-native security analytics in $24M deal (VentureBeat) Securonix has raised $24 million from Capital One Ventures as part of a strategic partnership to accelerate development of threat analytics.
Sumo Logic To Buy SOAR Vendor DFLabs To Combat Threats (CRN) Sumo Logic has purchased Security Orchestration, Automation and Response (SOAR) provider DFLabs to accelerate threat detection, analysis, incident response and forensic investigations.
Cowbell Cyber raises $20 million, aims to build out its AI-drive cyber insurance platform (ZDNet) Cowbell Cyber aims to automate data collection with its cloud platform, provide observability and monitoring and then combine it with risk scoring, actuarial science and underwriting.
Morphisec is the Cyber Threat Alliance’s Newest Affiliate Member (PRWeb) Morphisec, a leader in cloud-delivered endpoint and server security solutions, today announced it has joined the Cyber Threat Alliance (CTA)
Endace Wins Nine Cybersecurity Award (Endace) Endace and the EndaceProbe Analytics Platform recognized with nine awards including Most Innovative Security Hardware, Hot Security Company of the Year, Hot Security Technology of the Year, and Cybersecurity Blogger of the Year
Rubrik Announces Ajay Sabhlok as Chief Information Officer & Chief Data Officer (GlobeNewswire) Rubrik, the Cloud Data Management Company, today announced the appointment of Ajay Sabhlok to Chief Information Officer and Chief Data Officer. Sabhlok brings more than a decade of experience in the technology industry and will oversee comprehensive IT, data and advanced analytics strategies for the company.
Mike Daniels, Tiffanny Gates, Charles Hooper, Michael McConnell Named to Two Six Technologies Board (GovCon Wire) Two Six Technologies has appointed government and industry leaders Mike Daniels, Tiffanny Gates, Cha
Global Sales Executive Joins Virtru to Advance Enterprise Strategy and (PRWeb) Virtru, a global leader in data protection and privacy, today announced the appointment of enterprise software executive Bill Smith as Chief Sales Officer. Forme
CyberArk appoints Avril England to its board of directors (Help Net Security) CyberArk announced the appointment of Avril England to its board of directors bringing operational expertise and experience into company.
LookingGlass Hires Norm Laudermilch as First Chief Cyber Officer (GlobeNewswire) Security Industry Veteran to Help Guide Company’s Product and Engineering Strategy
Former DHS Leader Francis X. Taylor Named as Partner and President of Cambridge Global Advisors (Homeland Security Today) Cambridge Global Advisors (CGA) has named Francis X. Taylor as a Partner and President of the firm. General Taylor is the former Under Secretary for Intelligence and Analysis (I&A) at the U.S. Department of Homeland Security (DHS) and has been with CGA as a Senior Advisor since departing his DHS post in 2017.
Products, Services, and Solutions
PIR Expands QPI Initiative (PIR QPI) PIR to offer roadmap and toolkit to help registries and their registrars improve domain name space quality, reduce abuse, and increase renewals
Radware’s New Integrated Application Delivery & Protection Offers Comprehensive Advanced Application Security and Availability (Yahoo) Radware®, (NASDAQ: RDWR) a leading provider of cyber security and application delivery solutions, today announced that it has integrated additional application security into its Alteon® line of Application Delivery Controllers (ADCs) to provide comprehensive protection in one platform across all environments.
Accedian Launches TLS 1.3 Decryption Capabilities for Skylight Performance Monitoring and Analytics Platform (PR Newswire) Accedian, a leader in performance analytics, cybersecurity threat detection, and end user experience solutions, today announced that its...
Introducing Revolutionary Breakthrough HAWK Credential & Integrity Monitoring (ACIM) Service (PR Newswire) Credential exposure and loss of data integrity pose significant threats to business continuity, the integrity of customer assets, and an...
Cobalt Announces Launch of Partner Program On Heels of 75% YoY ARR Gro (PRWeb) Cobalt, the leading Pentest as a Service (PtaaS) company that’s modernizing the traditional, static penetration testing mode, today announced the launch of it
ZeroFOX brings holistic security solutions to South African business market by signing CSSA as its sole distributor (Engineering News) A fresh approach to security that’s performing more than 150, 000 domain and social account takedowns per quarter ZeroFOX connects artificial intelligence to expert services to deliver security to the scale needed to fully protect the enterprise against growing digital threats CSSA, a leading distributor of cybersecurity products, has partnered with ZeroFOX thanks to its exceptional solution, service and security ZeroFOX, the leading provider of digital risk protection services, brings a ...
GrammaTech Introduces Shift Left Academy (BusinessWire) Shift Left Academy provides practical advice and content, versus theoretical resources, that can be used immediately to improve outcomes.
NormCyber launches Cyber Security and Data Protection as a Service offerings for midmarket organisations (Yahoo) NormCyber, a leading provider of managed cyber security and data protection services, today announced the introduction of its Cyber Security and Data Protection as a Service solutions. Designed specifically to address the security and personal data challenges of midmarket organisations, both services offer levels of protection and expertise which are usually only accessible to enterprises, for around a third of the cost of an in-house solution.
How Darktrace kept the McLaren team launch secure with cyber AI (McLaren Racing) The secrets to a smooth start in 2021
Covert Code Trying To Run in Memory is Blocked by New Sophos Protection Against “Heap-Heap” Permission Violations (APN News) Sophos, a global leader in next-generation cybersecurity, today revealed a new defense against adversaries trying to evade detection by loading fileless malware, ransomware and remote access agents into the temporary memory of compromised computers. In a new blog post, “Covert Code Faces a Heap of Trouble in Memory,” Sophos researchers detail how […]
Keeper Brings Single Sign-On Security to the Cloud (Mobile ID World) Keeper Security has released a cloud version of its existing Single Sign-on solution, designed to help meet the needs of a remote workforce
F Secure Oyj : Secure launches usage-based security via partners (MarketScreener) Cyber security provider F-Secure's unified, integrated cyber security offering is now available as a usage-based business model, offering F-Secure's... | March 11, 2021
Tr3Dent Achieves ISO/IEC 27001:2013 Certification, Further Enabling Secure Digital Transformation Planning (PRWeb) Tr3Dent, the leading global provider of an intuitive, end-to-end strategic planning platform that empowers digital transformation, today announced that it a
Veracode Tackles Cybersecurity Skills Gap with Launch of The Hacker Games (Yahoo) Veracode, the largest global provider of application security testing solutions, tackles cybersecurity skills gap with launch of the Hacker Games
SyncDog Unveils First Fully Integrated Solution for Mobile Endpoint Security (PR Newswire) SyncDog Inc., the leading Independent Software Vendor (ISV) for next generation mobile endpoint security and data loss prevention, today...
Jscrambler and GitLab Push New Integration to Automate Source Code Protection (GlobeNewswire) As client-side attacks grow, this integration of two leading technologies paves the way for seamless source code protection in DevSecOps workflows
Become a Dashlane Beta Tester | Dashlane (Dashlane) Live your best life online with Dashlane—the safe, simple way to store and fill passwords and personal information.
Cybersecurity Industry’s Most Comprehensive Guarantee and Warranty Announced by Deep Instinct and Backed by the Munich Re Group (BusinessWire) The first cybersecurity company to back its product with a performance guarantee, plus a ransomware warranty – up to $3 million per company.
Technologies, Techniques, and Standards
Quantifying cyber risk assessment: the 7th Annual Virtual Cybersecurity Conference for Executives. (The CyberWire) At the 7th Annual Virtual Cybersecurity Conference for Executives, hosted by Ankura and Johns Hopkins University Information Security Institute, Keishi Hotsuki, Chief Risk Officer Morgan Stanley offered advice on framing and, insofar as it’s possible, quantifying risk assessments.
CISA: ‘Identity is everything’ for cyber defense post-SolarWinds (Federal News Network) CISA says exploitation of verified credentials in the SolarWinds breach should be cause for alarm and give rise to tighter identity controls in the federal government.
Common mistakes in cyber risk assessment: the 7th Annual Virtual Cybersecurity Conference for Executives. (The CyberWire) Robert Olsen, a Senior Managing Director and Global Head of Cybersecurity and Privacy at Ankura, also spoke at the 7th Annual Virtual Cybersecurity Conference for Executives. Olsen summarized common mistakes organizations make when conducting risk assessments and how they can avoid such pitfalls.
Intel Still Needs Humans In Age Of AI: Lt. Gen. Potter (Breaking Defense) Artificial intelligence can’t prepare an in-depth assessment of de-escalation options or build relationships with foreign allies who have sources Americans don’t, said the Army’s deputy chief of staff for intel.
New GigaOm Report Highlights Key Role of Data Management Tools in Meeting Unstructured Data Challenges Across Large Enterprises (Datadobi) ‘Building A Modern Data Strategy’ Evaluates Datadobi’s Capabilities in Hybrid and Multi-Cloud Infrastructure Environments.
Design and Innovation
He got Facebook hooked on AI. Now he can't fix its misinformation addiction (MIT Technology Review) Three years ago, the company began building "responsible AI." This is the story of how it failed.
Academia
Chinese universities connected to known APTs are conducting AI/ML cybersecurity research (The Record by Recorded Future) At least six major Chinese universities with previous connections to government-backed hacking groups have been conducting research on the intersection of cybersecurity and machine learning.
Norwich gets $1.6 million grant to develop experiential cybersecurity educationNorwich gets $1.6 million grant to develop experiential cybersecurity education (Vermont Biz) Norwich University has been awarded a two-year $1.6 million grant from the National Security Agency and is the lead institution in the Evidencing Competency Oversight Project, supporting the National Centers of Academic Excellence in Cybersecurity (NCAE-C) Program.
Legislation, Policy, and Regulation
Prioritize NATO integration for multidomain operations (C4ISRNET) The U.S. military's modernization efforts increase technological disparity and challenges for NATO, according to an expert who explains why integration is a must.
Was SolarWinds a Different Type of Cyber Espionage? (Lawfare) There is a gap between how administration officials are framing the nature of the SolarWinds incident and what the available evidence indicates about it.
Germany’s Positions on International Law in Cyberspace Part II (Just Security) Germany issues major statement on cyberspace and international law, analyzed here by leading expert Professor Michael Schmitt. Here Schmitt addresses use of force and international humanitarian law.
Britain to take a 'slightly less European approach' to data privacy laws, minister says (Computing) While UK is not directly subject to the EU's jurisdiction post-Brexit, it still needs to have sufficient measures in place to protect the personal data of European users
Commonwealth island states collaborate to strengthen cyber security (GOV.UK) Tonga has benefited from training and mentoring support (from the Commonwealth Cyber Security programme) in building its national Cyber Security Incident Response strategy. Moreover, this small state has also built relationships with other Commonwealth countries and is sharing and learning in ways that are mutually beneficial.
Solving Data-Transfer Impasse May Require Diplomatic Agreements on Espionage (Wall Street Journal) A new deal for transferring data between the U.S. and the European Union could require international agreements on industrial espionage and citizen surveillance.
Ukraine, Brazil hold first cybersecurity consultations – MFA (Ukrinform) Ukraine and Brazil have held the first interdepartmental cyber consultations, the press service of the Ministry of Foreign Affairs reports. — Ukrinform.
WSJ News Exclusive | U.S. Sanctions Islamic State’s Central African Franchise for First Time (Wall Street Journal) The U.S. imposed sanctions on two of Islamic State’s fast-growing affiliates in Central Africa for the first time, underscoring the rising threat posed by the group outside the Middle East.
Facebook Drops Plan to Run Fiber Cable to Hong Kong Amid U.S. Pressure (Wall Street Journal) The China-California link is the latest in a string of cables project derailed by pressure from U.S. national-security officials.
Telcos can only use govt approved gear from 15 June (mint) The tightening of procurement rules could impact Chinese equipment suppliers
How Biden’s Cyber Strategy Echoes Trump’s (Lawfare) Comparing the Biden administration’s Interim National Security Strategic Guidance with Trump’s National Cyber Strategy.
House approves cyber funds in relief package as officials press for more (TheHill) The House on Wednesday allocated almost $2 billion toward cybersecurity and technology modernization as part of passing the American Rescue Plan, which officials described as a “down payment” on the f
Proposed Bill Would Allow Americans to Sue Foreign Cyber-Actors (SecurityWeek) A bill introduced in the House of Representatives this week could allow United States citizens to seek monetary damages if cyber-attacks by foreign threat actors harm them in any way.
Merrick Garland Confirmed as Biden’s Attorney General (Wall Street Journal) The Senate confirmed Merrick Garland as President Biden’s attorney general, putting a respected jurist and experienced former prosecutor in charge of the Justice Department.
Litigation, Investigation, and Law Enforcement
Cybersecurity and Infrastructure Security Agency: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation (GAO) A 2018 federal law established the Cybersecurity and Infrastructure Security Agency to help protect critical infrastructure from cyber and other...
Verkada Says It Notified FBI of Major Hack of Surveillance Data (Bloomberg) Security camera company confirms hack of customer footage. Sartup says systems secure by Tuesday, no passwords accessed.
Russia moves to slow Twitter's speed after protest row (Reuters) Russia said on Wednesday it was slowing down the speed of Twitter in retaliation for what it described as a failure to remove banned content, threatening to block the U.S. platform outright if it did not comply with its deletion demands.
()
Judge Says Affirming Khashoggi Tape Would Hurt US Security (Law360) A New York federal judge has reversed course on his previous order that intelligence agencies must formally acknowledge the possession of a tape of the Saudi Arabian government's killing of journalist and dissident Jamal Khashoggi, saying that doing so would put national security at risk.
Facebook Seeks to Dismiss Antitrust Suits, Saying It Hasn’t Harmed Consumers (Wall Street Journal) The company in legal motions argues that government enforcers have no valid basis for alleging the social-media giant is stifling competition.
Hacked Firms Face 'Frankenstein' of State-Based Cyber Notification Laws (Insurance Journal) Last summer, Katherine "Kitty" Green received some disturbing news about the computer network at Florida Gulf Coast University, where she oversees a
Proposed Class Asks Ga. Biz Court To Take Data Breach Suit (Law360) A proposed class of Georgia orthopedic clinic patients whose private information was compromised in a large data breach asked the Georgia State-wide Business Court to take their case late Tuesday, claiming it is languishing in a county court before an underfunded senior judge.