Cyber Attacks, Threats, and Vulnerabilities
New PoC for Microsoft Exchange bugs puts attacks in reach of anyone (BleepingComputer) A security researcher has released a new proof-of-concept exploit this weekend that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities.
Microsoft Probing Whether Leak Played Role in Suspected Chinese Hack (Wall Street Journal) The investigation centers partly on how a stealthy attack that began in early January picked up steam in the week before the company was able to send a software fix to customers.
Microsoft Probes Clue That Hackers Cracked Taiwan Research (Bloomberg) Small company first alerted software giant about flaws. Attack affected thousands of global businesses, governments.
Hafnium’s China Chopper: a ‘slick’ and tiny web shell for creating server backdoors (ZDNet) Hafnium has been linked to recent attacks on Microsoft Exchange Server.
Hackers Rushed in as Microsoft Raced to Avert Cyber-Attack (Bloomberg) U.S. president briefed as crisis around Exchange bugs mounts. Company investigates possible leak during patching process.
A hacking group is hijacking Microsoft Exchange web shells (The Record by Recorded Future) A hacking group is piggybacking on the work of other threat actors and is hijacking web shells planted on unpatched Microsoft Exchange servers, including backdoors installed by Chinese cyberspies.
Microsoft's Exchange Server Security Problem Is Gaining Steam (Redmond Channel Partner) The handful of Exchange Server zero-day flaws Microsoft announced earlier this month has snowballed into a much broader problem.
"Hack everybody you can": What to know about the massive Microsoft Exchange breach (CBS News) President Biden has been briefed on the attack.
HAFNIUM, China Chopper and ASP.NET Runtime (Trustwave) The recent Microsoft Exchange Server zero-day exploits have seen tens of thousands of organizations compromised by HAFNIUM and numerous other threat actor groups. Working closely with our customers across the globe, we have quickly been able to identify and isolate attributes of those attacks – particularly the China Chopper web shell that is being uploaded to compromised IIS servers.
Ransomware Operators Start Targeting Microsoft Exchange Vulnerabilities (SecurityWeek) In addition to state-sponsored threat actors, the recently disclosed vulnerabilities affecting Microsoft Exchange Server are now being targeted by ransomware operators.
What Is Sarbloh? This Is A Ransomware That Doesn't Want Your Money (Moneycontrol) Instead, named after the highest traditions of the Khalsa, it seeks a repeal of the three farm acts.
DNA: Why is the country's phone 'hostage' in support of farmers' protest? (Zee News) In this segment of DNA, we will know how preparations are being made to take your phone hostage in the name of the farmers' movement. This has been revealed by anti-virus firm Quick Heal and cybersecurity company Cyble.
Security agencies leak sensitive data by failing to sanitize PDF files (The Record by Recorded Future) Security agencies are doing a poor job at sanitizing PDF documents they publish on their official websites and are leaking troves of sensitive information that could be collected and weaponized in malware attacks.
Improved Technology for Deepfakes Highlights a Supply Chain Problem (IEEE Spectrum) The machine learning supply chain can be sabotaged with bad training data
This malware was written in an unusual programming language to stop it from being detected (ZDNet) NimzaLoader malware is unusual because it's written in a programming language rarely used by cyber criminals - which could make it harder to detect and defend against.
Mac Malware 'XCSSET' Adapted for Devices With M1 Chips (SecurityWeek) The Mac malware known as XCSSET, which was spotted spreading via Xcode projects last year, was recently compiled for devices powered by Apple’s new M1 chips.
Attack on surveillance cameras a warning over security, ethics (ComputerWeekly) The attack on a video surveillance startup by a hacktivist group raises questions not just over cyber security, but the use and extent of surveillance technology.
Alleged Ransomware Attack Hits Molson Coors; Expert Commentary (Solutions Review) Recently, beverage manufacturer Molson Coors disclosed a cyber-attack in a Form-8K filed with the SEC. It could prove to be ransomware.
Control system vulnerabilities put food & beverage at serious risk (Food Engineering) Cybersecurity may seem only for enterprise systems and critical infrastructure, but at the control system level there are too many gaps in the food and beverage industry.
The US food supply is neither cybersecure nor safe from control system cyber threats (Control Global) The US Food and Drug Administration’s (FDA) issued the final rule on the Food Safety Modernization Act (FSMA) in November 2015 and according to the FDA website is still current as of 10/21/2020. The rule is aimed at preventing intentional adulteration from acts intended to cause wide-scale harm to public health, including acts of terrorism targeting the food supply.
Report: US Shipping Management Software Exposed by Data Breach (Website Planet) Company name and location: Unknown
Breach size: 4,361 files exposed (103 GB)
Number of people exposed: 4,000+
Data Storage Format: AWS S3
Breach Exposes Data of 200K Health System Staff, Patients (SecurityWeek) A medical practice management firm that provides support to Tacoma-based MultiCare Health System has alerted over 200,000 patients, providers and staff that their personal information may have been exposed.
Buffalo Public Schools was victim of ransomware attack (The Buffalo News) Buffalo Public Schools is the latest victim in a growing number of cyberattacks targeting school districts across the U.S.
Experts say ransomware attack on Buffalo Public Schools should have been anticipated (The Buffalo News) It is still unsure whether students will be returning to class on Monday.
PPS hit by cyber attack (Business Insider) But it doesn't look as if client data is in danger.
Phone scammers: 'Give me £1,000 to stop calling you' (BBC News) The rise of scam calls seems relentless - but can anything be done about them?
Security Patches, Mitigations, and Software Updates
Microsoft Edge to use a four-week release cycle to sync with Chrome (BleepingComputer) Major 'Stable' versions of Microsoft Edge will now be released every four weeks to synchronize with the new four-week release cycle announced by Google Chrome.
Cyber Trends
Cyber Attacks: Is the ‘Big One’ Coming Soon? (Government Technology) In the past 90 days, the world has witnessed a serious escalation in cyberattacks. Some experts are still predicting that the worst is yet to come. Are we prepared?
Intel Study: Transparency and Security Assurance Drive Preference (Intel Newsroom) Global study indicates 73% of respondents say they are more likely to purchase technologies and services from companies that proactively
Cyber security: moving from cyber prevention to cyber resilience (Continuity Central) The pandemic is accelerating distributed service architectures, which is driving changes to the security landscape. Changes in working practices are exposing different attacks, altering the types and severity of threats an organization is exposed to.
COVID-19 pandemic propels uptake of cyber threat intelligence (IT Brief) The COVID-19 pandemic is pushing organisations of all sizes to up their security game, for one implementing Cyber threat intelligence (CTI) programmes.
Many UK firms says they can't afford to stay safe against cyberattacks (ITProPortal) They are also struggling to find the necessary expertise.
Report finds UK tech sector unprepared for cyberattacks - Intelligent CIO Europe (Intelligent CIO Europe) According to research conducted by the Ponemon Institute and commissioned by Keeper Security, more than half of IT and technology firms in the sector (59%) say their budgets are still insufficient to cover their cybersecurity needs. One year on from emergency lockdown measures that forced UK businesses to rapidly provision remote working tools, most IT […]
Investment scams cost Aussies $8m in February while ID theft surges (The Australian) Identity theft is the fastest growing type of scam in Australia after the nation was hoodwinked a total of almost $21m by criminals last month.
Marketplace
Cyber Security Stocks Have Underperfomed This Year, Time To Buy? (Forbes) Our indicative portfolio of Cyber Security Stocks has declined by about 8% year-to-date, driven by the broader sell-off in technology and high growth stocks. The theme has also underperformed the Nasdaq-100, which is down by about 4% over the same period. However, we think this could be a good...
The Rise of Vendor-Owned News Sites Underscores the Appetite for Cybersecurity Information (Metacurity) Catalin Cimpanu's jump from ZDNet to The Record points to the wealth of vendor-owned news reporting outlets represented by The Daily Swig, Decipher, Threatpost, and more
IronNet Cybersecurity, the Leader in Collective Defense and Network Detection and Response (NDR), to Be Listed on NYSE Through a Merger With LGL Systems Acquisition Corp. (Argus Press) IronNet Cybersecurity, Inc. (“IronNet”), an innovative leader transforming cybersecurity through Collective Defense, announced today that it has signed a definitive business combination agreement with LGL Systems Acquisition Corp. (NYSE: DFNS), a special purpose acquisition company formed to help advance domestic and international defense.
Report: IronNet, LGL Systems Mull Potential $1.2B Merger (GovCon Wire) McLean, Virginia-based IronNet Cybersecurity is considering merging with special purpose acquisition
SailPoint Announces Intent to Acquire ERP Maestro, Uniting Identity Security with Separation-of-Duties Controls Monitoring (BusinessWire) SailPoint today announced its intent to acquire ERP Maestro, a SaaS governance, risk and compliance (GRC) solution.
Lookout Acquires CipherCloud to Deliver Security from Endpoint to Cloud (PR Newswire) Lookout, Inc., a leading cybersecurity company, today announced it has acquired CipherCloud, a leading cloud-native security company that...
Capital One Ventures invests $24 million in Securonix (Finextra Research) Capital One Ventures has invested $24 million in cloud security intelligence firm Securonix in conjunction with a strategic partnership.
Autonomous breach protection startup Cynet raises $40M to expand reach (SiliconANGLE) Autonomous breach protection startup Cynet raises $40M to expand reach - SiliconANGLE
When Will RiskIQ IPO? (Grit Daily News) RiskIQ is a cloud-based cybersecurity SaaS that offers up-to-date analyses of cyber threats and educates the public about cybersecurity.
WISeKey Makes a Strategic Investment in FOSSA Systems and Develops an IoT WISeSAT.Space with First Space Launch Due in Q4 2021 / Q1 2022 (Yahoo) WISeKey Makes a Strategic Investment in FOSSA Systems and Develops an IoT WISeSAT.Space with First Space Launch Due in Q4 2021 / Q1 2022 The strategic investment will serve to develop a WISeSAT PocketQube Satellite and enable secure connectivity for all IoT sectors (aggrotech, autonomous vehicles, EVs, smart cities, drones, robots, smart lighting, servers, computers, climate change monitoring, crypto tokens, etc.)
4 Cyber Security Stocks To Watch In March 2021 (Nasdaq) During the current age of digital acceleration, cybersecurity stocks have become some of the best performers in the stock market.
Reasons To Own FireEye (Seeking Alpha) FireEye is set to cross the $1B in annual revenue milestone in 2021.
Fortinet: A Rising Star In Network Security (Seeking Alpha) In our digitalizing world, there is an increasing need for cybersecurity, especially in lieu of major network and data compromises globally.
ICF Wins $53M Army Research Lab Contract for Cyber Services | WashingtonExec (WashingtonExec) U.S. Army Combat Capabilities Development Command's Army Research Laboratory has awarded ICF a new task order valued at up to $53 million. The contract
Polarization Is Good For America, Actually, Says Facebook Executive (BuzzFeed News) In a Thursday presentation, Facebook executives told employees the company isn’t to blame for social division in the country. One researcher said some polarization can be a good thing, citing the civi
Our ongoing commitment to supporting journalism (Google) Google has always been committed to providing high-quality and relevant information, and to supporting news publishers who help create it.
Verizon to buy tiny Montana operator, but will ditch Huawei's equipment first (Light Reading) Verizon is planning to purchase Montana's Triangle Mobile and assimilate the company's 3,000 customers. There's just one hiccup: China's Huawei built Triangle's CDMA network.
Sen. Marco Rubio: Amazon should face unionization drive without Republican support (USA TODAY) Amazon is waging a culture war against working-class values and is not helping workers or our economy.
DHS cyber official Rick Driggers heads to the private sector (CyberScoop) Rick Driggers, a longtime cybersecurity official at the Department of Homeland Security, is leaving government for the private sector in May, CyberScoop has learned. Since September, Driggers has led CISA’s Integrated Operations Division, which houses the agency’s center for sharing cyberthreat information with American companies and oversees the agency’s field offices across the country.
Banyan Security Adds Vijay Pawar as VP of Product Management (AiThority) Banyan Security announced that Vijay Pawar has joined the company as vice president of product management.
Darktrace bolsters Board with appointment of Paul Harrison (Intelligent CIO Africa) Darktrace, an autonomous cybersecurity AI company, has announced that Paul Harrison has agreed to join the Board of Directors as a Non-Executive Director. Harrison brings a wealth of experience to the role, having held senior positions at several high growth, public technology companies in the UK and internationally. He is currently Chief Operating Officer and […]
Former NSA and Department of Defense Executive Marianne Bailey Joins Cohesity as an Advisor (KULR-8 Local News) Cohesity today announced that cybersecurity expert and intelligence leader Marianne Bailey has joined the company as an advisor, where she will apply her deep government security experience in helping public sector organizations and federal agencies manage and protect their data.
Products, Services, and Solutions
Deep Instinct to offer $3 million ransomware warranty (SC Media) Deep Instinct's performance guarantee includes false positivity rates of less than 1%, plus a ransomware warranty of up to $3 million.
Veristor and Forty8Fifty Labs Partner with HashiCorp to Automate Cloud Infrastructure for Operations, Security, Networking and Application Delivery (Veristor) Leveraging HashiCorp’s Consistent Workflows, Veristor and Forty8Fifty Labs Help Customers Provision, Secure, Connect and Run Any Infrastructure for Any Application
Dashlane Unveils Password Changer 2.0 and New Autofill Engine Powered by Machine Learning (PR Newswire) Dashlane today announced the relaunch of its one-of-a-kind Password Changer and unveiled a new autofill engine powered by machine learning....
Jacobs and IronNet Cybersecurity Inc. Form Partnership to Offer Collective Cyber Defense Capabilities (AiThority) Jacobs announced it is a Managed Security Service Partner (MSSP) with IronNet, the leading provider of network detection and response (NDR)
AT&T Cybersecurity Launches Managed SASE Solution with Fortinet (Fast Mode) AT&T is expanding its portfolio of Managed Security Services through its alliance with Fortinet to make Secure Access Service Edge (SASE)
Plurilock Security successfully completes second milestone in contract with US Department of Homeland Security (Proactiveinvestors NA) Under the milestone, the company passed a series of internal red team tests designed to further harden the technology and prepare it for external red...
IronNet Cybersecurity adds new integrations to Collective Defense Platform (Retail News Asia) IronNet Cybersecurity, the leader in network detection and response and collective defense, announced new integrations with leading cloud, endpoint, and
Dashlane Password Changer 2.0 and machine learning engine now available (Help Net Security) Dashlane announced the relaunch of Password Changer and unveiled a new autofill engine powered by machine learning.
BlackBerry Introduces BlackBerry® Alert Next-Gen Critical Event Management for the Commercial Sector (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced a new critical event management (CEM) solution called BlackBerry® Alert that will help...
Accurics Launches Comprehensive Channel Program with Unique Developer-First Approach to Cloud Security (BusinessWire) New Accurics channel program empowers partners to help clients facilitate self-healing cloud native infrastructure and ensure end-to-end security.
Technologies, Techniques, and Standards
Act Against Geopiracy with Enhanced Proxy Detection (Akamai) Is the image above relatable? According to the description, the service is a VPN desktop application and proxy browser extension that helps viewers mask their physical location, circumvent censorship, and restore access to blocked content.
How to spot deepfakes? Look at light reflection in the eyes (EurekAlert!) University at Buffalo computer scientists have developed a tool that automatically identifies deepfake photos by analyzing light reflections in the eyes. The tool proved 94% effective in experiments described in a paper accepted at the IEEE International Conference on Acoustics, Speech and Signal Processing to be held in June in Toronto, Canada.
Researchers Blur Faces That Launched a Thousand Algorithms (Wired) Managers of the ImageNet data set paved the way for advances in deep learning. Now they’ve taken a big step to protect people’s privacy.
Design and Innovation
IBM Announces Cloud Marketplace For Secure Chip Design (Nextgov.com) The marketplace was built as part of a recent Defense Department initiative aimed at advancing microelectronics technologies.
Research and Development
Sweden's quantum computer project shifts up a gear (EurekAlert!) Knut and Alice Wallenberg Foundation is almost doubling the annual budget of the research initiative Wallenberg Centre for Quantum Technology, based at Chalmers University of Technology, Sweden. This will allow the centre to shift up a gear and set even higher goals - especially in its development of a quantum computer. Two international workshops will kick-start this new phase.
Academia
NSA announces GenCyber call for proposals (Security Magazine) The National Security Agency announced a new GenCyber Call for Proposals for 2022 GenCyber summer camps. The new Call for Proposals for GenCyber goes out to institutions interested in hosting a 2022 summer camp and to provide young students with the skills they need to better prepare for a career in the fast-changing field of cybersecurity.
CofC team wins Raytheon’s Southeast Collegiate Cyber Defense Competition (WCBD News 2) The College of Charleston (CofC) Cybersecurity Club is the winner of the Southeast Collegiate Cyber Defense Competition, sponsored by Raytheon. The competition gives…
College of Charleston Cybersecurity Club aims for national championship (WCIV) The Charleston Cybersecurity Club has hacked, legally, their way into Nationals. On Friday, the club was announced the winner of the Southeast Collegiate Cyber Defense Competition, where students showcase their ability to defend networks under threat from an unknown adversary. The College of Charleston squad beat seven other southeastern schools to win the title.
Infosec Announces $120,000 in New Cybersecurity Education Scholarship Opportunities - Infosec (Infosec) Infosec today announced $120,000 in new cybersecurity education scholarship opportunities to help veterans, students and underrepresented groups in security launch and advance their careers. Since its inception, the Infosec Accelerate Scholarship Program has awarded over $400,000 in educational opportunities for aspiring cybersecurity professionals.
Legislation, Policy, and Regulation
Britain must boost cyber-attack capacity, PM Johnson says (Reuters) Britain needs to boost its capacity to conduct cyber attacks on foreign enemies, Prime Minister Boris Johnson said before the publication of a national security review next week.
German IT safety chief: act on Exchange hack or go offline (Federal News Network) The head of Germany’s cybersecurity agency has warned IT system administrators to swiftly patch known holes in Microsoft Exchange servers or take those systems offline amid concerns of an imminent…
China’s Dangerous Step Toward Cyber War (Diplomat) China is changing the cyber game in East-Asia – and increasing the potential for conflict across the Indo-Pacific.
Beware – Big Brother is on the rampage (Herald) “Big Brother” has escalated from “watching” to going on a paranoid rampage. In contrast to the bull-in- a-China-shop sledge hammer approach of the Indira emergency, there appears to be method in the madness this time, starting with selective justice.
The UK is secretly testing a controversial web snooping tool (WIRED UK) The Investigatory Powers Act, or Snooper’s Charter, was introduced in 2016. Now one of its most contentious surveillance tools is being secretly trialled by internet firms
China hacking concern revives India focus on Cybersecurity plan (ETTelecom.com) Authorities are investigating a series of recent suspected cyber intrusions which could have led to a power outage in Mumbai, crippled systems at bank..
Forestalling a cyber Pearl Harbour (The Hindu) It would be a grievous error if India were to underestimate the extent of the cyber threat it faces, especially from China
Country's cybersecurity critical for its growth: NCCC chief (The New Indian Express) He said at the national level, within the three services in the Ministry of Defence, cyber operations are being carried out today by nine agencies.
India likely to block China's Huawei over security fears: officials (Reuters) India is likely to block its mobile carriers from using telecom equipment made by China's Huawei, two government officials said, under procurement rules due to come into force in June.
Meeting of leaders signals the ‘Quad’ grouping will become central part of the U.S. strategy in Asia (Washington Post) When the top leaders of the United States, Japan, India and Australia met at a virtual summit on Friday, there was a clear message beneath the official statements: A new grouping of like-minded nations has arrived on the international stage.
Pentagon to court India and other allies against China (Washington Examiner) Containing China and revitalizing strained alliances are the two main objectives of Defense Secretary Lloyd Austin’s first overseas trip to the critical Indo-Pacific region, but he will also try to draw India closer to the United States, said defense officials and experts.
White House Weighs New Cybersecurity Approach After Failure to Detect Hacks (New York Times) The intelligence agencies missed massive intrusions by Russia and China, forcing the administration and Congress to look for solutions, including closer partnership with private industry.
US Moves Closer to Retaliation Over Hacking as Cyber Woes Grow (SecurityWeek) The Biden administration is reportedly close to a decision on retaliation for state-sponsored hacking as fears grew over the fallout from the latest of two major cyberattacks.
Make Him Cry: Here’s Why America Must Go on the Offensive in Cyberspace (The National Interest) Cyberattacks from the U.S. and its allies must be intended to sow the most social confusion and disorder as possible in the targeted societies.
Retaliation Options: US Cyber Responses To SolarWinds, Exchange Hacks (Breaking Defense) Three experts gave us exclusive in-depth insights into the administration's potential menu of retaliatory options, along with U.S. cyber strategic, policy, and operations considerations.
How Should the U.S. Respond to the SolarWinds and Microsoft Exchange Hacks? (Lawfare) If the SolarWinds/Holiday Bear campaign was a minimally-invasive arthroscopic incision into vulnerable networks, the Microsoft Exchange hack was a full-limb amputation: untargeted, reckless and extremely dangerous.
America isn't in a cyberwar with Russia and China — it's actually the most sophisticated spy game in human history. And the US is much stronger than it looks. (Business Insider) Welcome to the new Cold War, where three cybersecurity rivals hack into each other with the most sophisticated espionage tools in human history.
Biden administration mulls software security grades after SolarWinds (CyberScoop) The White House is contemplating the use of cybersecurity ratings and standards for U.S. software, a move akin to how New York City grades restaurants on sanitation or Singapore labels internet of things devices, a senior administration official told reporters on Friday.
As legislators push for mandatory disclosure of breaches, hurdles emerge (SC Media) Experts say the idea has merit – if only legislators can balance the promise with the potential liability and burden placed upon industry.
Huawei, 4 other Chinese firms designated as threats to US national security (South China Morning Post) ZTE, Hikvision, Hytera Communications and Dahua Technology were also listed by the Federal Communications Commission under a law to protect US communication networks.
Huawei, ZTE, Hytera Communications Deemed Security Risk by FCC (Bloomberg Law) Telecommunications and video surveillance equipment made by five Chinese companies including Huawei Technologies “pose an unacceptable risk to the national security” and shouldn’t be used, the U.S. Federal Communications Commission says in notice.
Leahy introduces bill to enhance cybersecurityLeahy introduces bill to enhance cybersecurity (Vermont Biz) Bill Would Allow DHS to Work with Consortium to Train States, Local Governments on Cybersecurity
SANS ICS Security Summit Keynote: Anne Neuberger (SANS Institute) Last week’s ICS Security Summit brought together the industry’s top practitioners and leading experts from around the globe to share actionable ideas, methods, and techniques for safeguarding critical infrastructure.
Cyber Command works to address criticism over how it integrates tools — challenges remain (C4ISRNET) Cyber Command has created a pair of integration offices aimed at synchronizing systems and capabilities built across the services for cyber warriors.
Evolving Cybersecurity Takes More Than Money (The Cipher Brief) Hitesh Sheth is the president and CEO of Vectra. Previously, he was chief operating officer at Aruba Networks and before that, he was EVP/GM at Juniper Networks. PRIVATE SECTOR — The March 3 notice from the Department of Homeland Security’s cybersecurity command was crisp and urgent. The headline: “Mitigate Microsoft Exchange On-Premises Product Vulnerabilities”. It … Continue reading "Evolving Cybersecurity Takes More Than Money"
It’s Time for Federal Agencies to Stop Malware for Good (Menlo Security) Agencies are under pressure to protect a newly-distributed workforce from evolving threats. Isolation is a proactive approach to stopping malware for good.
Democrats Are Getting Serious About Universal Broadband (Wired) After approving a $7 billion fund to help students get internet access, lawmakers on the left proposed a $94 billion package to deploy high-speed broadband nationwide.
How Do We Measure The New Administration’s Success in Cybersecurity? (Swimlane) What one security research engineer is hoping to see in the first 100 days.
Steven D. Rehn Takes on CTO Role at ARCYBER (Meritalk) Steven D. Rehn has taken on a new role as the U.S. Army Cyber Command’s (ARCYBER) chief technology officer (CTO) and will serve as director of the ARCYBER Technical Warfare Center.
Why the Next Big-Tech Fights Are in State Capitals (Wall Street Journal) Lawmakers in places including Arizona and Texas are aiming at issues such as content moderation and anticompetitive behavior.
Litigation, Investigation, and Law Enforcement
Microsoft Server Hack Sparks Debate On Victim Expectations (Law360) Following a cyberattack on Microsoft's Exchange email servers by hacking crews that the software giant says target law firms and defense contractors, some cybersecurity pros are calling for companies to put in place safeguards that would apply even if their vendors are hacked.
Army reviewing investigation into Michael Flynn’s dealings with Russia, foreign firm (Washington Post) The Defense Department’s internal watchdog has concluded a long-delayed investigation into Michael Flynn, defense officials said Friday, sending its findings to the Army in a case that could bring tens of thousands of dollars in financial penalties for President Donald Trump’s first national security adviser.
Police shut down Android app that turned smartphones into proxies (The Record by Recorded Future) Spanish police have seized servers and arrested the operators of an Android app designed to broadcast pirate video streams, but which also secretly sold users' personal data and ensnared smartphones into proxy and DDoS botnets.
U.S. Indicts CEO of Encrypted Phone Firm 'Sky' (Vice) "The indictment alleges that Sky Global generated hundreds of millions of dollars providing a service that allowed criminal networks around the world to hide their international drug trafficking activity from law enforcement."
CEO of Sky Global encrypted chat platform indicted by US (BleepingComputer) The US Department of Justice has indicted the CEO of encrypted messaging company Sky Global, and an associate for allegedly aiding criminal enterprises avoid detection by law enforcement.
Zoom Largely Shakes Data Sharing, 'Zoombombing' Claims (Law360) Northern District of California Judge Lucy H. Koh partially freed Zoom from a consolidated putative class action alleging a range of privacy and data security missteps, ruling that the plaintiffs had failed to show that Zoom had illegally shared their personal data and that the company was largely immune from claims over "Zoombombing" disruptions.
Google Must Face Suit Over Snooping on ‘Incognito’ Browsing (Bloomberg) Judge concludes company didn’t notify users of data collection. Class action suit alleges Google knows ‘who your friends are.’
GOP House Leader McCarthy to introduce resolution calling for Rep. Swalwell's removal from Intelligence Committee (USA TODAY) House Minority Leader Kevin McCarthy will introduce a resolution to remove Democratic Rep. Eric Swalwell from the House Intelligence Committee.
Xiaomi national security ban suspended by US judge (CNET) A federal judge temporarily lifts a Defense Department ban on US investments in the China-based phone maker.
Teen Responsible For Cyber Attacks Against MDCPS Avoids Jail (Yahoo) David Oliveros, the teen behind the Miami Dade County Public Schools cyber attacks will avoid jail time and is sentenced to a one-year probation and 30 hours of community service Friday.
Cyber attack: Tech Mahindra in soup as PCMC refuses to pay for loss, parties seek probe (The Indian Express) According to the complaint lodged by Tech Mahindra, which manages the plan, servers of the Chinchwad Smart City Project suffered a ransomware attack that caused them an estimated loss of Rs 5 crore.
New York DFS Fines Mortgage Lender in Cybersecurity Enforcement Action (Lexology) New York’s Department of Financial Services (“DFS”) announced on Wednesday, March 3, 2021, that an independent mortgage lender, Residential Mortgage…