Cyber Attacks, Threats, and Vulnerabilities
BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns (Proofpoint) In late 2020, TA453, an Iranian-nexus threat actor, launched a credential phishing campaign targeting senior medical professionals who specialize in genetic, neurology, and oncology research in the United States and Israel.
Iranian cyberspies target professionals at medical research organizations in the US, Israel (The Record by Recorded Future) Hackers linked to Iran have targeted 25 senior professionals at various medical research organizations located in a the US and Israel as part of a weeks-long phishing campaign, email security firm Proofpoint revealed today.
How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals - CyberScoop (CyberScoop) Suspected Iranian hackers have impersonated a well-known Israeli physicist as part of a broader campaign to break into the email accounts of some two-dozen medical researchers in Israel and the U.S., email security firm Proofpoint said Wednesday.
Credential Phishing: Themes and Tactics (Menlo Security) Menlo Labs sees a rise in credential phishing attacks on commonly targeted cloud services and impersonation of software services from other countries.
'Sophisticated and complex' is how one of this week's cyber attacks was described — so how did they happen? (ABC) Both federal Parliament and Channel Nine faced major IT disruptions on Sunday, which experts say could be linked to malicious attacks. So who was responsible and how did they happen?
Russia suspected of stealing thousands of State Department emails (POLITICO) A previously unreported breach reveals new details of Russian access to U.S. government communications.
What We Know (and Don't Know) So Far About the 'Supernova' SolarWinds Attack (Dark Reading) A look at the second elusive attack targeting SolarWinds software that researchers at Secureworks recently cited as the handiwork of Chinese nation-state hackers.
Whistleblower: Ubiquiti Breach “Catastrophic” (KrebsOnSecurity) On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti…
Account Notification (Ubiquiti) We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that there has been unauthorized activity with respect to any user’s account.
The Next Suez Threat? A Big Hack (Bloomberg) Traffic regulation in the canal is hopelessly antiquated; the world needs to come together to protect this vital seaway channel from terrorist and cyber attacks in addition to accidents.
Akamai Sees Largest DDoS Extortion Attack Known to Date (SecurityWeek) Over the past month, Akamai has mitigated three of the six biggest volumetric DDoS attacks the company has met to date.
2021: Volumetric DDoS Attacks Rising Fast (Akamai) In our 2020 DDoS retrospective, we highlighted the twists and turns of a very, very active threat landscape. As a quick refresher, we mitigated some of the largest attacks ever seen (1.44 Tbps and 809 Mpps); saw more attacks on customers across more diverse industries than ever before; and observed the largest DDoS extortion campaign, which impacted thousands of companies globally. So, it came as no surprise when 2021 threat actors continued to double down on DDoS.
Mysterious Hades ransomware striking 'big game' enterprises (SearchSecurity) Two different vendors attribute Hades ransomware to different threat actors: one a Chinese nation-state actor, and the other an infamous Russian cybercrime gang.
()
Emotet May Be Gone, But the Security Holes It Made Could Still Be Lingering in Data Centers (Data Center Knowledge) Its servers are offline, and this is a good time to check for any doors the notorious malware may have left open on your network.
What You Need to Know -- or Remember -- About Web Shells (Dark Reading) What's old is new again as Web shell malware becomes the latest attack vector in widespread Exchange exploits. Here's a primer on what Web shells are and what they do.
Beware of Legitimate, but Compromised Websites (Cloud Security Alliance) Users and website owners should keep these things in mind to protect themselves from legitimate, but hacked, websites.
European Telcos Inadvertently Expose Sensitive Customer Data (MarTech Series) Tala Security’s analysis of the websites of Europe’s top mobile providers indicates that sensitive data is at risk from over-sharing and attack—with little effective security in place to prevent it New research released by Tala Security today indicates that data exposure is a significant, unaddressed problem for Europe’s top mobile providers and, by extension, more than 253 million customers who sign up for their services and share sensitive personal data.
How innocent-looking 'fleeceware' apps sting Kiwis for millions (NZ Herald) And how to get rid of them.
MobiKwik investigating data breach after 100M user records found online (TechCrunch) TechCrunch has learned that MobiKwik asked Amazon for logs last month after it found user data had been exfiltrated.
Leading Indian fintech platform MobiKwik denies data breach (BleepingComputer) Indian digital financial services platform Mobikwik denies claims that almost 8 TB of data put up for sale was allegedly stolen from its servers.
Molson Coors incident shines a light on industrial cyberattack vulnerabilities (Food Dive) The international brewery continues to face delays and financial impacts amid a wave of attacks against manufacturing.
IRS warns university students and staff of impersonation email scam | Internal Revenue Service (US Internal Revenue Service) IR-2021-68, March 30, 2021
WASHINGTON — The Internal Revenue Service today warned of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have ".edu" email addresses.
Cybercriminals Publish Data Allegedly Stolen From Shell, Multiple Universities (SecurityWeek) Files from Shell and various universities were likely stolen in a cyber-attack involving Accellion’s FTA file transfer service.
Deepfake “Amazon workers” are sowing confusion on Twitter (MIT Technology Review) Ahead of a landmark vote that could form the first-ever labor union at a US-based Amazon warehouse, new Twitter accounts purporting to be Amazon employees started appearing, sowing confusion.
Office Depot parent expects over $20M loss due to malware attack (Retail Dive) CompuCom, a subsidiary of the ODP Corporation, disclosed the incident earlier in the month and estimates an additional revenue loss of up to $8 million.
Ransomware attack on UK charity affects 37,000 students (Computing) The Harris Federation has disabled its email and telephone system as a result of the attack
Harris Federation disables students' emails following ransomware attack (IT PRO) The "temporary" move has left 37,000 students unable to access their correspondence and coursework
DeKalb Schools Notified of 2019 Student Data Breach (Government Technology) DeKalb County School District in Georgia has notified some parents that a December 2019 security breach of PCS Revenue Control Systems, Inc. potentially exposed student names, dates of birth and Social Security numbers.
Local health plan manager announces data breach (The Business Journal) A data breach has compromised the personal patient information of a regional Medi-Cal Managed Care system. The data breach impacting Fresno-based CalViva Health members happened Jan. 25 and was announced last week. Health Net Community
Print group hit by cyber attack (Printweek) Print bosses have been warned to be on their guard after a prominent industry business was hit by a cyber attack.
Publicly Available Data Enables Enterprise Cyberattacks (Dark Reading) Adversaries scour social media platforms and use other tactics to gather information that facilitates targeted enterprise attacks, research shows.
Data breaches are a frequent occurrence for the pensions industry, says Sackers webinar (Institutional Asset Manager) A new survey by Sacker & Partners (Sackers), a UK-based specialist law firm for pensions and pensions litigation, has revealed that data breaches are occurring frequently.
Child Unknowingly Tweets From US Nuclear Command's Account (SecurityWeek) Some jokingly said the cryptic tweet, ";l;;gmlxzssaw," was a US nuclear launch code. Others, that the Pentagon had been hacked.
Lateral Movement Within Your Organization by Liron Barak of BitDam (Solutions Review) This guest post by Liron Barak, Co-Founder and CEO of BitDam, answers questions about lateral movement in-depth and gets your IT security on the right foot.
Security Patches, Mitigations, and Software Updates
VMware fixes bug allowing attackers to steal admin credentials (BleepingComputer) VMware has published security updates to address a high severity vulnerability in vRealize Operations that could allow attackers to steal admin credentials after exploiting vulnerable servers.
IETF officially deprecates TLS 1.0 and TLS 1.1 (The Record by Recorded Future) The Internet Engineering Task Force has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols on the grounds of security after several attacks were discovered over the past years that put encrypted internet communications relying on the two protocols at risk.
Cyber Trends
Ransomware: Why we're now facing a perfect storm (ZDNet) Normalising the act of paying a ransom to cyber criminals does nothing to protect anyone against ransomware, warns report.
Microsoft: Firmware Attacks Outpacing Security Investments (SecurityWeek) A study of 1,000 enterprise security decision makers found that businesses aren’t paying close enough attention to malicious activity below the operating system.
Report: Healthcare haunted by account security | SC Media (SC Media) 77% have at least 500 ghost accounts, around one in eight share private files with all employees. Healthcare sector infosec needs a check up.
2021 Data Risk Report: Healthcare, Pharmaceutical & Biotech (Varonis) The average healthcare worker has access to 31,000 sensitive files on their first day of work.
New Report Highlights the Unsettling State of IoT Device Security (PR Newswire) Dark Cubed, the cyber security company empowering small and medium sized businesses with affordable, automated network protection, today...
99% of Security Pros Struggling to Secure Their IoT & IIoT Devices (The State of Security) Tripwire conducted a survey between March 3 and10, 2021 of individuals who were directly responsible for IoT security at their company.
Report: Value of Attempted Fraudulent Purchases Skyrocketed 69% in 2020 (Sift) Sift’s Q1 2021 Digital Trust & Safety Index Highlights Fraudsters’ Newest Techniques and Targets, Exposes Sophisticated Fraud Ring Exploiting Guest Checkout Options
Billions of records have been hacked already. Make cybersecurity a priority or risk disaster, warns analyst (ZDNet) A new report warns against relegating cybersecurity to the bottom of the to-do list.
Half of companies lack security to support cloud-based IAM: report (CIO Dive) Almost all (98%) of IT executives report challenges with IAM sourced from the cloud, including lack of visibility and increased complexity.
Understaffed IT teams and lack of cybersecurity expertise hinder financial organizations from protecting data in the cloud (Netwrix) Netwrix study reveals that the top cloud security incidents include phishing, targeted attacks on cloud infrastructure and ransomware.
Bitglass 2021 Remote Work Security Report: Majority of Organizations Still Face Foundational Challenges When Securing Remote Work (BusinessWire) Bitglass, the Total Cloud Security Company, today announced the release of its 2021 Remote Workforce Security Report. Bitglass surveyed IT and securit
Organizations Face Record Data Breaches as Cybersecurity Investment Grows (Homeland Security Today) “Prioritize cybersecurity and invest in broadening protection, detection and response measures or face disaster,” is the message from Canalys Chief Analyst Matthew Ball. According to the latest analysis from Canalys this is the stark reality facing organizations in 2021. For many, it is too late.
International Data Protection Update – First Quarter 2021 (JD Supra) This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in...
Watch Out for These Cyber-Risks (Dark Reading) It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
Nearly one-fifth of CEOs see cybersecurity as the biggest threat to organizations' growth (Atlas VPN) Few events in the recent decades have impacted how we go about our daily lives or conduct business as much as Covid-19. When the global pandemic hit last year, many were forced to shift to remote work or transfer their business online, bringing about a wave of challenges.
SingleStore Research Highlights a Spike in Data Demands Amid the COVID-19 Pandemic (SingleStore) Bottlenecks, Move to the Cloud, Cost and Complexity Indicate Need for Modern Data Platforms
Marketplace
What's Behind the Surge in Cybersecurity Unicorns? (SecurityWeek) Several industry professionals have shared thoughts on why we are seeing a surge in cybersecurity unicorns. Some believe the trend is a result of speculative strategies while others believe it reflects the growing importance of cybersecurity.
The 20 most valuable VC-backed companies in the US since 2019 (PitchBook) The fintech boom has led to some newer entrants on the list of the most valuable companies. Here's a look at how the list has changed since 2019.
OPSWAT Receives $125 Million Investment from Brighton Park Capital to Accelerate Growth Momentum (OPSWAT) OPSWAT, the leader in Critical Infrastructure Protection (CIP) cybersecurity solutions, today announced it has secured a $125 million growth investment from Brighton Park Capital
Cyan Forensics Raises $6.9 Million to Combat Pedophiles and Terrorists (SecurityWeek) Scotland-based start-up Cyan Forensics has secured approximately $6.9 million to grow its technology business that helps identify and block illegal content such as child pornography and terrorist material.
SoftBank-Backed Cohesity Valued in Share Sale at $3.7 Billion (Bloomberg) Data management business launches $145 million tender offer. SoftBank Vision Fund doubling down on Cohesity investment.
Polymer Solutions closes $1MM Seed Round to secure SaaS platforms (PR Newswire) Polymer Solutions, the 'virtual compliance officer' for SaaS, a next-gen data loss protection platform, announced the closing of its $1MM seed...
Datto acquires cyber threat detection company BitDam (VanillaPlus) Datto Holding Corp., the global provider of cloud-based software and technology solutions purpose-built for managed service providers (MSPs), announced tha
Striim Lands $50M In Round Led By Goldman To Help Move Data (Crunchbase News) Palo Alto-based Striim closed a $50 million Series C as the cloud data integrator looks to keep up triple-digit growth in the burgeoning digital economy.
GreyNoise Intelligence and DoD's Defense Innovation Unit (DIU) Partner to Bolster Security (PR Newswire) GreyNoise Intelligence, eliminators of internet background noise and alert fatigue, has announced a strategic partnership with the Defense...
White Ops Renames Company 'Human' (Dark Reading) The company first confirmed plans to change its name in October 2020.
Financiers behind NSO Group in struggle for control of private equity firm (the Guardian) Rift at Novalpina Capital, whose fund owns surveillance equipment firm, has been largely concealed from public view
How SolarWinds Is Recovering and Sharing What It Has Learned Over The Last Three Months (My TechDecisions) What the last few months have been like for SolarWinds -- and what the company has learned about data security.
PayPal and Visa move to embrace cryptocurrency (Computing) Crypto 'becoming a legitimate funding source to make transactions in the real world at millions of merchants' says PayPal boss Dan Schulman
Naval Information Warfare Center wants to ‘push the envelope’ on managed services (Federal News Network) Teri-Lee Holland performs engineering work for sailors, including cloud hosting services for payroll and HR systems.
Kudelski Security Named Claroty 2020 Partner of the Year in EMEA (Kudelski Security) Cheseaux-sur-Lausanne, Switzerland and Phoenix (AZ), USA, March 30, 2021 – Kudelski Security, the cybersecurity division within the Kudelski Group (SIX:KUD.S),...
Area 1 Security Earns 5-Star Rating In The 2021 CRN® Partner Program (MarTech Series) Recognition highlights ecosystem demand for advanced Cloud Email Security solutions Area 1 Security, the only preemptive, cloud-native email security provider, has received a 5-Star rating by CRN®, a brand of The Channel Company, in its 2021 Partner Program Guide.
Dr. Vikram Sharma, Founder and CEO of QuintessenceLabs, Accepted Into Forbes Technology Council (Galveston County Daily News) Dr. Vikram Sharma, Founder and CEO of QuintessenceLabs, the leader in quantum cybersecurity, has been accepted into Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs, and technology executives.
Teradata appoints Ashok Shenoy as India Country Manager (Sify) New Delhi, March 30 (IANS) Multi-cloud data warehouse platform provider Teradata on Tuesday announced the appointment of Ashok Shenoy as Country Manager, India, effective immediately.
Former Assistant Secretary of Commerce H.P. Goldfield Joins LookingGlass Advisory Board (Homeland Security Today) LookingGlass Cyber Solutions, a leader in operationalizing threat intelligence, announced the appointment today of H.P. Goldfield to its Advisory Board. Goldfield brings extensive high-level government and business expertise to the Board.
Intuit Chief Enterprise Security Architect Bernard Diwakar Joins Identity Defined Security Alliance Customer Advisory Board (Yahoo) vArmour and Venafi also join alliance in mission to help organizations reduce risk through identity-centric security strategies
Products, Services, and Solutions
wolfSSL Announces wolfSentry, an IDPS for IoT and Embedded Systems (PRWeb) wolfSSL, the leading provider of TLS cryptography and the world’s first commercial release of TLS 1.3, announces wolfSentry, the universal, dynamic, embedded
Cybersecurity & Privacy Company IDX Achieves Prestigious SOC 2 Type 2 Certification (PR Newswire) IDX, the leading consumer privacy platform and data breach services provider, announces its completion in attaining a SOC 2 Type 2...
Cloudentity and Okta Partner to Deliver Dynamic Zero Trust Authorization for Open Banking (BusinessWire) Cloudentity, a cloud-based provider of dynamic fine-grained authorization and governance solutions, and Okta, the leading provider of identity for the
Zimperium Collaborates with Oracle | Provides Mission Critical Mobile Security (Zimperium Mobile Security Blog) Zimperium is collaborating with Oracle to offer our mobile threat defense (MTD) solutions on Oracle Cloud Infrastructure (OCI).
Three Great New Technologies Brought to SYSGO Security Ecosystem: DO-178C DAL A Support, FIPS 140-3, and IDPS (Airforce Technolohy) SYSGO, the European leader in real time operating systems (RTOS) and hypervisors for certifiable embedded systems, and wolfSSL, the leading provider of TLS and cryptography, continue to develop best-in-class security portfolios for critical embedded projects across the globe.
Unisys and Inspire Health Alliance Launch U-Pass™, a Comprehensive COVID-19 Testing and Digital Health Passport Solution (Unisys) Unisys Corporation (NYSE: UIS), as part of its relationship with Inspire Health Alliance, today announced the availability of U-Pass™, a comprehensive COVID-19 testing and health management solution that can help any public or private operation control who can access their environment.
NormCyber and FireEye to deliver advanced threat detection and response services to midmarket organisations (Yahoo) NormCyber, a leading provider of managed cyber security and data protection services, today announced that it has come together with FireEye, Inc., the intelligence-led security company, to deliver advanced threat detection and response services as part of its Cyber Security as a Service offering.
Cato Graduates 600th SASE Expert From its SASE Certification Program (PR Newswire) Cato Networks, the provider of the world's first SASE platform, announced today that more than 600 business and technical professionals have...
GlobalSign Unveils PKI-Enabled End-to-End, Secure Document Signing (Yahoo) GlobalSign (https://www.globalsign.com/en-sg), GlobalSign, a global Certificate Authority (CA) and leading provider of digital signing, identity and security solutions for the IoT, today announced a new end-to-end workflow solution available in APAC, GMO Sign (formerly GMO Agree).
Kiss Passwords Goodbye: Cisco Secure Unveils Passwordless Future with Stronger Security for All (PR Newswire) Cisco Live Digital 2021 -- News Summary: Cisco introduces infrastructure agnostic, passwordless authentication by Duo, enabling users to skip...
NormCyber and FireEye to deliver advanced threat detection and response services to midmarket organisations (Yahoo) NormCyber, a leading provider of managed cyber security and data protection services, today announced that it has come together with FireEye, Inc., the intelligence-led security company, to deliver advanced threat detection and response services as part of its Cyber Security as a Service offering.
zvelo Launches Cybersecurity Professional Services for Malware Analysi (PRWeb) In response to a growing demand in the marketplace zvelo is leveraging its team of threat intelligence experts to provide cybersecurity professiona
CrowdStrike, SRO Partnership Provides ‘Immediate Connection’ (Sportscar 365) An inside look at CrowdStrike's B2B involvement with SRO Motorsports Group...
Salisbury University Selects Tanium’s Cloud-Based Solution for Holistic Endpoint Management and Compliance at Scale (BusinessWire) Tanium, the provider of endpoint management and security built for the world’s most demanding IT environments, today announced that Salisbury Universi
Check Point Software and HashiCorp partner to help organizations automate firewall operations while maintaining security posture and compliance. (Check Point Software) Check Point and HashiCorp have worked together to automate firewall operations while maintaining security and compliance posture in the cloud.
WitFoo Releases Precinct 6.1.5 (WitFoo) New features in SECOPS Platform include intelligent SOAR, rapid big-data search, compliance framework reporting and resilient operation in degraded networks.
Zettaset Empowers Customers to Manage All Organization-Wide Encryption Deployments With New Encryption Management Console (BusinessWire) Zettaset, a leading provider of data protection solutions, today unveiled the Zettaset Encryption Management Console, a novel platform that unites org
Intelligent Buildings Partners with Tempered Networks for Managed Service to Secure Commercial Real Estate Networks | News Direct (News Direct) New combination provides groundbreaking cost structure, speed, and security
Platform9 First to Offer SaaS Managed Kubernetes with IPv6 Support for 5G Deployments (BusinessWire) Platform9, the leading SaaS Managed Kubernetes provider for private, edge, and hybrid clouds, today announced its latest version of the Platform9 Mana
Technologies, Techniques, and Standards
March Hackness: The Perfect Phishing Bracket (Area 1 Security) In creating their phishing campaigns, attackers continue to take advantage of a simple idea - Trust. Nothing speaks to that more than attackers’ spoofing brands ranging from Microsoft to Moderna.
Managing cyber risks in a transformation project (Raconteur) Leaders must balance the need for speed with implementing transformation in a cyber-secure way, while avoiding the pitfalls along the way
Design and Innovation
Arm announces new chip architecture with focus on security and AI (Computing) ARMv9 features Confidential Compute Architecture and 'Realms' to shield sensitive data and code from the OS and non-permitted apps
Google starts trialing its FLoC cookie alternative in Chrome (TechCrunch) Google is now rolling out Federated Learning of Cohorts (FLoC), a crucial part of its Privacy Sandbox project for Chrome, as a developer trial.
DOD ramps up mobile security (GCN) The Defense Innovation Unit selected Zimperium’s mobile endpoint protection platform to help shore up security of devices accessing DOD’s unclassified applications and data.
Research and Development
UAE Building First Quantum Computing and Cryptography Library - EE Times Asia (EE Times Asia) A research institute in the UAE is building its first quantum computer and making available its first post-quantum cryptography software library for the nation.
CRC Launches Post Quantum Crypto Library (Arabian Marketing) The library says to advance the cryptographic and security capabilities of the emirate of Abu Dhabi and the broader UAE
Academia
Miami Dade College and NSU Announce New Articulation Agreement for Graduate Degrees in Cybersecurity (MDC News) Miami Dade College and NSU Announce New Articulation Agreement for Graduate Degrees in Cybersecurity
Norwich receives $2.9M federal contract for transportation simulationsNorwich receives $2.9M federal contract for transportation simulations (Vermont Business) Norwich University Applied Research Institutes (NUARI) has been awarded a three-year $2.9 million contract from the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to expand the Distributed Environment for Critical Infrastructure Decision-Making Exercises (DECIDE) cyber training platform.
Concordia Continuing Education adopts Netskope technology in Cutting-Edge Security Career Training Program to Strengthen Cyber Resilience (PR Newswire) Netskope, the leading security cloud, today announced its collaboration with Concordia Continuing Education (CCE) to add their unique networking and...
Legislation, Policy, and Regulation
Air, land, sea and cyberspace: Australia to fight wars on new battlefield (2GB) Australians are being encouraged to be more aware of potential cyber attacks at a population scale rather than as a private issue. Assistant Minister for Defence Andrew Hastie told Ray Hadley Australians who are less familiar with cyber security should visit the official government website for advice. “We’ve got to start thinking about cyber as […]
()
This is how the EU is using cloud to manage its data without losing control of it (World Economic Forum) A secure, federated and decentralized system can uphold digital sovereignty while promoting innovation, data sharing and data monetization.
India likely to block China's Huawei over security fears: Officials (ETTelecom.com) India is wary about awarding new tech business to Chinese firms both because of security fears and a desire to get Indian manufacturers to produce mor..
U.S. FCC commissioner urges tougher steps on Chinese network equipment (Reuters) Federal Communications Commissioner Brendan Carr on Tuesday called for new steps to ensure Huawei Technologies and ZTE equipment is barred from U.S. telecommunications networks and ensure no electronic devices produced with forced labor enter the United States.
What Would Happen If States Started Looking at Cyber Operations as a “Threat” to Use Force? (Lawfare) States and other stakeholders can use Article 2(4) of the U.N. Charter to bar not just uses of force in cyberspace but also threats of such force by equal measure.
U.S. Special Operations Command and Cyber Command Hearing on Capitol Hill (UPI) Ranking Member Sen. Jim Inhofe, R-Okla., speaks during a hearing to examine United States Special Operations Command and United States Cyber Command in review of the Defense Authorization Request for fiscal year 2022 and the Future Years Defense Program, on Capitol Hill, Thursday, March 25, 2021, in Washington.
Pool Photo by Andrew Harnik/UPI
Tracking U.S. Engagement in Undeclared Warfare (The Cipher Brief) Walter Pincus is a contributing senior national security columnist for The Cipher Brief. He spent forty years at The Washington Post, writing on topics from nuclear weapons to politics. In 2002, he and a team of Post reporters won the Pulitzer Prize for national reporting. He also won an Emmy in 1981 and the 2010 … Continue reading "Tracking U.S. Engagement in Undeclared Warfare"
Biden Extends Executive Order on Cyberattack Sanctions (SecurityWeek) President Joe Biden has extended an executive order issued by Barack Obama in 2015 regarding sanctions for malicious cyber activities.
Organizations urge Biden to halt 'reckless' rhetoric with Putin (TheHill) Twenty-seven organizations, including a number of left-leaning groups, issued a statement on Tuesday urging President Biden to halt the use of “reckless” rhetoric with Russian President Vladimir Putin and inste
SolarWinds Hack: U.S. Govt Failure is Deeply Worrying (Security Boulevard) The U.S. government is doing a piss-poor job of protecting Americans from foreign hackers. That’s the eye-catching conclusion made by a pair of Associated Press scribblers this week.
Atlantic Council: SolarWinds, Microsoft Hacks Reveal ‘Strategic Failure’ (Meritalk) The ongoing “Sunburst” cyber-espionage campaign that resulted in the SolarWinds Orion and Microsoft Exchange breaches represents a strategic failure by the U.S., rather than simple IT inadequacy, according to a report by the Atlantic Council.
DHS studying ways to plug cyber blind spots, officials say (Roll Call) Homeland officials are studying whether military spies could legally aid the hunt for cyberattacks launched within the United States
NSA Opens Door to Domestic Internet Spying, Privacy Advocates Say (The Daily Beast) The establishment of the NSA’s twin, Cyber Command, also created a Chekhov’s gun: broad access to the American internet. Now the SolarWinds hack has NSA’s finger on the trigger.
U.S. Special Operations Command Paid $500,000 to Secretive Location Data Firm (Vice) Anomaly 6 is run by ex-military and location industry veterans.
Gray is Here to Stay: Principles from the Interim National Security Strategic Guidance on Competing in the Gray Zone (Modern War Institute) Earlier this month, the White House released its Interim National Security Strategic Guidance, the foreign policy blueprint that will inform the Biden administration’s national security strategy. Most analysis of the guidance has focused on how it represents a departure in tone and tenor from the previous administration’s National Security Strategy. Much less attention has been […]
Balance of Power: Biden's Cyber Threat Plan (Podcast) (Bloomberg) Theresa Payton, CEO of Fortalice Solutions discussed the Biden administration's plan to counter cyber threats. She spoke with Bloomberg's Kevin Cirilli.
Analysis | The Cybersecurity 202: Here's how Biden's infrastructure package could address electric grid cybersecurity (Washington Post) Experts say the package is a key chance to invest in cybersecurity.
Expected breach disclosure mandates will test government-industry cooperation (FCW) The White House and lawmakers are eyeing steps to make sure contractors have to alert the federal government to cybersecurity breaches on their systems, but expect companies to balk at rules that put them at risk for legal action or require the disclosure of trade secrets.
Colorado Joins the Consumer Data Privacy Fray (JD Supra) On March 19, 2021, Colorado joined the growing list of states proposing privacy protections with the introduction of the bipartisan Colorado Privacy...
Utah Gets A New Data Breach Defense Law (JD Supra) Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data...
Litigation, Investigation, and Law Enforcement
Court Rulings Spur Debate on How European Privacy Law Regulates AI Decisions (Wall Street Journal) Recent rulings in the Netherlands raise questions over how European privacy rules intersect with automated technologies and the treatment of personal data, lawyers and privacy advocates say.
The Health 202: It's fair to be concerned about vaccine passports. But they wouldn't violate HIPAA law. (Washington Post) There are plenty of logical and legal obstacles around issuing “vaccine passports,” as the Biden administration is considering.
Government backs down over NHS deal with Palantir (Computing) Victory for openDemocracy as the government promises public consultation before expanding Palantir's contract
We’ve won our lawsuit over Matt Hancock’s £23m NHS data deal with Palantir (openDemocracy) And here’s what needs to happen now
Palo Alto Networks latest security giant accused of patent infringement (SC Media) Centripetal claims Palo Alto used technical demos to gain insight into company security innovations, then incorporated them into products.
Drizly Users Get Initial Nod For $7.1M Data Breach Deal (Law360) Drizly Inc. and users of the liquor delivery app won initial court approval Tuesday for a settlement worth up to $7.1 million stemming from a major data breach that allegedly gave hackers access to account owners' credit card information.
Indiana to send payments to victims of 2017 Equifax data breach (Indianapolis Star) More than 236,000 past and present Indiana residents will get approximately $79.
A Big Win for Walmart Helps Further Define the Scope of Data Breach Class Actions: Gardiner v. Walmart, Inc. (JD Supra) Litigants have been looking forward to guidance regarding the limits of data breach claims since the California Consumer Privacy Act (“CCPA”) took...
Retail giant discloses data breach two months too late (Includes interview) (Digital Journal) British clothing giant FatFace has experienced a data breach after a hacker accessed its systems. It is likely that customer and employee information was taken by a malicious actor. The incident has been reported two months late.
Intel Shakes Off Suits Over Microprocessor Security Flaws (Bloomberg Law) Intel Corp. again dodged proposed class litigation alleging microprocessor design flaws created security vulnerabilities and diminished the value of purchasers’ computers, as an Oregon federal judge threw out some claims for good and dismissed others for now.
Cybersecurity Considerations After NY Lender's Data Breach (Law360) The New York Department of Financial Services’ recent enforcement action against Residential Mortgage Services for inadequately responding to a cybersecurity breach is instructive for financial institutions evaluating existing data security safeguards, refining their compliance programs and preparing for regulatory examinations, say attorneys at Arnold & Porter.
TikTok $1.1M Settlement Over Kids' Data Denied Final OK (Law360) TikTok and a class of parents and children who claimed that the short-form video app collected and shared personally identifiable information about minors without parental consent did not receive final approval for a proposed $1.1 million settlement after the judge found that new deadlines in the case were not publicized.
Salt Lake 'Housewife' Charged In Telemarketing Fraud Scheme (Law360) One of the stars of "The Real Housewives of Salt Lake City" has been arrested and charged with running a nationwide telemarketing fraud scheme by creating lists of potential victims and selling their personal information to co-conspirators, the U.S. Department of Justice announced Tuesday.