Cyber Attacks, Threats, and Vulnerabilities
Facebook takes down troll farm linked to Iranian opposition group (The Record by Recorded Future) Facebook on Tuesday announced it had removed 14 networks in 11 countries for using fake accounts to amplify deceptive campaigns, including one linked to an exiled militant Iranian group operating a troll farm out of Albania.
Facebook removes over 1,100 accounts spreading deceptive content (TheHill) Facebook on Tuesday announced that during March it removed more than 1,100 accounts tied to spreading deceptive content in a variety of countries as part of its effort to root out domestic and international disinformation efforts.
Israeli Snoop-for-Hire Posed as a Fox News Journalist for a Spy Operation (The Daily Beast) An Israeli private intel firm constructed two fake personas, a Fox News reporter and an Italian journalist, tasked with digging up info on people feuding with a UAE emirate.
Janeleiro, the time traveler: A new old banking trojan in Brazil (WeLiveSecurity) ESET Research uncovers a new banking trojan that has targeting organizations operating in various sectors in Brazil since 2019.
Spy Operations Target Vietnam with Sophisticated RAT (Threatpost) Researchers said the FoundCore malware represents a big step forward when it comes to evasion.
China-Linked 'Cycldek' Hackers Target Vietnamese Government, Military (SecurityWeek) Kaspersky researchers warn that China-linked APT group Cycldek using custom malware in a series of recent attacks targeting government and military entities in Vietnam.
Suspected Chinese spies cover tracks in efforts to breach Vietnamese government (CyberScoop) A previously undocumented group of Chinese-speaking spies conducted a months-long campaign to infect the computers of government agencies in Vietnam and other Asian countries, researchers from the antivirus firm Kaspersky said Monday.
Kaspersky Uncovers New APAC Cyberespionage Campaign (Dark Reading) A group related to Chinese-speaking threat group Cycldek is targeting government and military organizations in Vietnam.
APT Group Using Voice Changing Software in Spear-Phishing Campaign (SecurityWeek) Researchers report that a subgroup of the Molerats APT is employing voice changing software in attacks targeting regional adversaries and political opponents.
European Commission, other EU orgs recently hit by cyber-attack (BleepingComputer) The European Commission and several other European Union organizations were hit by a cyberattack in March according to a European Commission spokesperson.
European Institutions Were Targeted in a Cyber-Attack Last Week (Bloomberg) A range of European Union institutions including the European Commission were hit by a significant cyber-attack last week.
Nearly 500 million LinkedIn users' details posted for sale online (Computing) The hacker included 2 million records as proof that they have what they claim
Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof (CyberNews) A user on a popular hacker forum is selling 500M LinkedIn users' full names, email addresses, phone numbers, workplace information, and more.
Data scraped from 500 million LinkedIn users found for sale online (TechRepublic) IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users.
Autoreply attack! New Android malware found in Google Play Store spreads via malicious auto-replies to WhatsApp messagesec (Check Point Software) Highlights Disguised as a Netflix content enabler app named “FlixOnline,” threat actors
The Facts on News Reports About Facebook Data (About Facebook) Malicious actors obtained this data not through hacking our systems but by scraping it from our platform prior to September 2019.
What Really Caused Facebook's 500M-User Data Leak? (Wired) The company's explanations have been confusing and inconsistent, but there are finally some answers.
Was My Facebook Data Leaked? What You Need to Know (Wall Street Journal) Data from a 2019 hack of the social-media platform has recently been made public, revealing the phone numbers and personal information of more than a half-billion people.
SAP Bugs Under Active Cyberattack, Causing Widespread Compromise (Threatpost) Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further.
Ongoing attacks are targeting unsecured mission-critical SAP apps (BleepingComputer) Threat actors are targeting mission-critical SAP enterprise applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks.
Active Cyberattacks on Mission-Critical SAP Applications (Onapsis) A critical cybersecurity blind spot impacting how many organizations protect their mission-critical SAP applications is detailed in this joint report from Onapsis and SAP analyzes how threat actors are actively targeting unprotected SAP applications.
Office Depot Configuration Error Exposes One Million Records (Infosecurity Magazine) Office Depot Configuration Error Exposes One Million Records. Researchers say Elasticsearch database may have been open for 10 days
Vulnerability: Est. Millions of Users of Popular Educational Platform Exposed to Account Takeover Threats And More (WizCase) What’s Going On? At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Anyone who had an account on a given school’s Moodle (with TeX filter enabled) could then take over students’ accounts, professors, and even the accounts managed ...
More Accellion Health Data Breaches Revealed (GovInfo Security) Months after the December cyberattack on Accellion's File Transfer Appliance, the identities of more healthcare sector entities that were affected continue to come
Campus community urged to sign up for credit monitoring after cyberattack (Berkeley News) The breach is part of a national cyberattack involving several hundred institutions across the United States
Gigaset smartphones infected with malware due to compromised update server (The Record by Recorded Future) Hackers have compromised at least one update server of German smartphone maker Gigaset and deployed malware to some of the company's customers.
Online Gift Card Shop Breached: 330k Payment Cards and $38m in Gift Cards Exposed (Gemini Advisory) In February 2021, a cybercriminal actor sold 330,000 stolen payment cards and 895,000 stolen gift cards with an approximate total value of $38 million. Gemini determined the source of the stolen payment cards was a breach of the online discount gift card shop Cardpool.com. Gemini assesses with moderate […]
Phishing Trends With PDF Files in 2020: 5 Approaches Attackers Use (Unit42) We analyzed recent phishing trends with PDF files and noted a dramatic increase in the practice, as well as five approaches popular with attackers.
Top 20 Adversary Techniques: Why 20? (Infocyte) Infocyte discusses why the Top 20 adversary techniques and behaviors to monitor for will be the most effective in preventing security events.
Employees can't quit habit of writing down, sharing passwords (CIO Dive) Amid heightened threats, workers are incorporating company names into passwords, writing them on sticky notes and sharing them via email.
How poor password habits put your organization at risk (TechRepublic) More than half of the cyberattacks reported to Keeper Security involved stolen credentials.
Security Patches, Mitigations, and Software Updates
SAP warns of ‘active threats’ to apps, urges patches (CRN Australia) Alerts issued by company and federal governments of the US and Germany.
Hitachi ABB Power Grids Multiple Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/Low attack complexity
Vendor: Hitachi ABB Power Grids
Equipment: Relion 670, 650, and SAM600-IO; REB500; RTU500; FOX615 (TEGO1); MSM; GMS600; PWC600
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could reboot the device regularly, resulting in a denial-of-service condition.
Group-Chat App Discord Says It Banned More Than 2,000 Extremist Communities (NPR.org) The popular platform also reported on Monday that it deleted more than 300 communities, known on the site as "servers," that were dedicated to the conspiracy theory QAnon.
Cyber Trends
Highlights from the Unit 42 Cloud Threat Report, 1H 2021 (Unit42) The Unit 42 Cloud Threat Report, 1H 2021, found a spike in security incidents for COVID-19 critical industries, a decline in cryptojacking and more.
Microsoft and Zoom most impersonated brands at 80% in 2020 phishing attempts (Atlas VPN) It is no secret that cybercriminals often pretend to be someone they are not to lure out people's money or valuable information, and what can be better than a well-known and trusted brand?
Security Culture Report (KnowBe4) This 2021 Security Culture Report from KnowBe4 Research helps you better understand your organization's security by applying the seven dimensions of culture.
Government documents and benefits fraud surged 45 times in 2020 (Atlas VPN) Recent findings by Atlas VPN reveal that government documents or benefits fraud jumped 45 times in 2020. Most states have experienced a dramatic surge in fraudulent unemployment benefits claims filed by organized crime rings using stolen identities.
40% of Enterprises Face High Likelihood of Outages According to State (PRWeb) Keyfactor, the leader in PKI as-a-Service and crypto-agility solutions, and Ponemon Institute today released the first-ever State of Machine Identity Management R
One of WFH's biggest losers: Cybersecurity (KAKE) Business leaders had a lot on their plates over the past year, and many have let cybersecurity fall by the wayside.
Aryaka’s 5th Annual State of the WAN Report 2021 (Aryaka) Looking at some of the key findings, we begin with SASE, top of mind for many planning their next WAN investments. Read insights from State of the WAN 2021 report.
98% of Organizations Received Email Threats from Suppliers: What You Should Know (Proofpoint) Attackers have turned the supply chain and partner ecosystem into another threat vector. Proofpoint has observed attackers leveraging compromised supplier accounts and supplier impersonation to send malware, steal credentials and perpetrate invoicing fraud.
Data: Nearly 8 in 10 Businesses Struggle with Data Quality, and Excel is Still a Roadblock (PR Newswire) Ataccama, a leading provider of self-driving data management and governance solutions, today announced the general availability of Ataccama ONE...
IT Security Professionals Demonstrate Excessive Trust Despite Concerns With Remote Work Security Programs (PR Newswire) Apricorn, the leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, today announced new findings from the...
Consumers No Longer Believe Passwords Are the Most Secure Method for Authentication (BusinessWire) Experian's 5th Annual Global Identity and Fraud Report finds that consumers have more confidence in invisible security.
Marketplace
WhiteSource Secures $75M To Protect App Development (Crunchbase News) WhiteSource closed a $75 million Series D as the company looks to expand its product offering and at possible acquisition targets
Cofense Acquires Cloud-Native, AI-Based Email Security Provider Cyberfish (BusinessWire) Cofense acquires Cyberfish to bring to market a holistic, advanced automation solution for email protection, detection, and response.
Calamu Raises $2.4 Million Seed to Pioneer Auto-Healing Data Protection; Launches Advisory Board and Expands Board of Directors (Yahoo) Calamu, a data protection and resiliency trailblazer, today announced it has emerged from stealth after closing $2.4 million in an oversubscribed seed round. The company was founded by Paul Lewis, a successful entrepreneur with multiple exits to the Fortune 500, to create the world's first safe data harbor – a virtual environment for businesses to place their data without worrying about ransomware or data breaches, or having any of the ill effects commonly experienced with a cyber attack such as downtime or reputational damage.
Ex-Starbucks Boss Schultz Invests in $1.7 Billion Cyber Firm Wiz (Bloomberg) Cloud security startup recently raised $130m to invest, hire. Other investors include Greenoaks, Advent, Insight and Sequoia.
Synthesis AI Secures Funding to Fuel Product Development (PR Newswire) Synthesis AI, a pioneer in synthetic data technologies, today announced $4.5 million in additional funding as they launch a synthetic...
US Cyber Command looks for networking support from industry (C4ISRNET) The command is interested in contractor help with a secure data-sharing tool.
LogRhythm Launches Customer Advocacy Program to Support Professional Security Community (PRWeb) LogRhythm, the company powering today’s security operations centers (SOCs), announced the launch of the LogRhythm Champions Network, an elite community consi
Venafi Poised for Hypergrowth Amid Rapidly Evolving Security Landscape (BusinessWire) The inventor and leading provider of machine identity management names Sandeep Singh Kohli as chief marketing officer
Hancock and Poole Security, Inc. Verified as Service-Disabled Veteran-Owned Small Business (SDVOSB) (PR Newswire) Hancock and Poole Security, Inc., a trusted minority and veteran-owned company, has been formally verified and registered as a Service-Disabled...
Craig Newmark Philanthropies Announces Support of R Street Cybersecurity Initiative: the #MakingSpace Cyber-Base. (R Street) This month, Craig Newmark Philanthropies announced significant seed funding in support of the R Street Institute’s #MakingSpace initiative and the “Cyber-Base,” a partnership between R Street and #ShareTheMicInCyber to increase and support diversity in the cybersecurity, technology and national security fields. The Cyber-Base will be an online database for organizations to connect with and provide […]
The Opportunities—and Obstacles—for Women at NSA and Cyber Command (Wired) WIRED spoke with three women working in cybersecurity in the US intelligence community about the progress of recent years and the work that remains.
National Nuclear Security Administration awards $89.9M deal to Palantir for safety platform (FedScoop) The agency that maintains the U.S. nuclear weapons stockpile wants to allocate its employees and finances with safety in mind using a new data platform developed by Palantir. The National Nuclear Security Administration awarded a five-year, $89.9 million contract to the Silicon Valley-based software company for a platform capable of measuring the health of its safety programs, Palantir announced …
Parrot Launches Bug Bounty Program (Infosecurity Magazine) European drone group partners with YesWeHack to launch a Bug Bounty program
US Payments Forum Market Snapshot: Industry Works to Secure E-commerce Transactions; Touchless is Here to Stay; and EMV at the Pump Moves Forward (U.S. Payments Forum) The U.S. Payments Forum today released its latest Market Snapshot providing a look at the state of the industry, including the accelerated shift to touchless payments and e-commerce, the long-term impact on payments technology due to COVID-19, the transition
Egnyte Named No. 1 in G2 Spring 2021 Grid® Report for Data Security Software (Egnyte) Egnyte, the leader in cloud content collaboration and governance, today announced it has received the top score in the G2 Spring 2021 Grid Report for Data Security Software. In addition, it has been named a leader across three independent categories: Data Security Software, Data Governance Software, and Cloud Content Collaboration Software. With this recognition, Egnyte is the only vendor to be named a leader across these three distinct and significant categories.
Thycotic Wins Third Consecutive NorthFace ScoreBoard Award℠ (Thycotic) Thycotic, a provider of privileged access management (PAM) solutions for more than 12,500 organizations worldwide,
Securiti Named to 2021 CB Insights AI 100 List of Most Innovative Artificial Intelligence Startups (BusinessWire) Securiti is one of only five cybersecurity companies on the annual CB Insights ranking of the 100 most promising private AI companies in the world.
Ex-Akamai CSO will guide security startups on strategy as new YL Ventures partner (VentureBeat) Former Akamai CSO Andy Ellis will advise security startups on product roadmap, go-to-market strategy, and customer acquisition at YL Ventures.
Akamai Technologies Elects Sharon Y. Bowen to Board Of Directors (PR Newswire) Akamai Technologies, Inc. (NASDAQ: AKAM), the world's most trusted solution for protecting and delivering digital experiences, today announces...
Lockheed Vet Dana Jackson Appointed Mitre National Security Sector Lead (GovCon Wire) Looking for the latest GovCon News? Check out our story: Lockheed Vet Dana Jackson Named Mitre National Security Sector SVP, GM. Click to read more!
NeuShield Announces Appointment of John McCormack to its Board of Directors (GlobeNewswire) McCormack brings an infusion of capital and more than 30 years of technology experience as former CEO of Forcepoint, interim CEO and Chairman at AppRiver and Fidelis Cybersecurity, and senior leader at Symantec, Sygate, and Cisco
Google research manager resigns amid fallout from fired AI researchers (Computing) Samy Bengio was a 'strong advocate' of both Timnit Gebru and Margaret Mitchell
ReliaQuest Appoints Derin McMains as Director of Mental Conditioning (BusinessWire) ReliaQuest, a global leader in cybersecurity, today announced the appointment of Derin McMains as its Director of Mental Conditioning, a strategic rol
Products, Services, and Solutions
Cybereason Launches North American MSSP Program to Empower Defender Service Providers (Cybereason) Cybereason Launches North American MSSP Program to Empower Defender Service Providers
Absolute Software Enables Customers to Identify and Address Potential Endpoint Security Risks With Additional Platform Enhancements (BusinessWire) Absolute Software™ (NASDAQ:ABST) (TSX:ABST), a leader in Endpoint Resilience™ solutions, today announced additional platform enhancements, further ena
Introducing the “Save in 1Password” button in partnership with Ramp (1Password Blog) We’re thrilled to be partnering with Ramp, a corporate card and spend management platform, for the initial rollout of the “Save in 1Password” button.
Tessian Launches Human Layer Risk Hub to Help Organizations Measure Risk and Strengthen Employee Security Behaviors (RealWire) Human Layer Security company Tessian today introduces the Human Layer Risk Hub - a solution that offers organizations full visibility into employees’ risk levels an
SyncDog Empowers Global Enterprises by Securely Mobilizing Employees (PR Newswire) SyncDog Inc., the leading Independent Software Vendor (ISV) for next generation mobile endpoint security and data loss prevention, supports...
Code42 and Okta Partner to Accelerate the Right Response During Insider Risk Investigations (BusinessWire) Code42 has integrated its Incydr data risk detection and response product with Okta Identity Cloud to mitigate insider risk to their organizations.
Security Compliance Portal (Ascent-Portal) Manage your security and compliance program. Security Controls. Prebuilt Policies. Assessments. Compliance Proof. Task Assignments. Calendar.Vendor Management. CMMC. NIST,
Acuant Joins Forces with Microsoft to Build a More Trustworthy Identity Ecosystem with Verifiable Credentials (PaymentsJournal) New Approach in Decentralized Identifiers Will Provide Microsoft Azure Active Directory Users Control Over ID Management
GET AHEAD OF THE UNKNOWN (GRIMM) GRIMM is pleased to announce the launch of their new Private Vulnerability Disclosure (PVD) program. This offering allows defenders to...
T-Mobile’s Nationwide 5G network + the Lumen Edge Computing Platform = New choice and Flexibility for Enterprises (Lumen Newsroom) T-Mobile and Lumen announced a strategic alliance that will leverage T-Mobile’s 5G mobile network to augment the Lumen Edge Computing platform, helping enterprises effectively build, manage and scale applications across highly distributed environments.
Social Links brings the OSINT solution to IBM’s i2 Analyst's Notebook platform (Social Links) The product integration will be available to the IBM clients in May 2021
Cowbell Cyber Now Admitted in the State of New York (Cowbell Cyber) Cowbell Cyber today announced that its standalone cyber insurance program, Cowbell Prime is now admitted in the state of New York
Signal Adds Payments—With a Privacy-Focused Cryptocurrency (Wired) The encrypted messaging app is integrating support for MobileCoin in a bid to keep up with the features offered by its more mainstream rivals.
Stop Misconfigurations with Bitglass SaaS Security Posture Management (SSPM) (Bitglass) Bitglass’ SaaS security posture management (SSPM) helps ensure compliance and data security by detecting and remediating misconfigurations.
LogRhythm NextGen SIEM Platform 7.7 offers enhanced detection and response capabilities (Help Net Security) LogRhythm NextGen SIEM Platform 7.7 introduces new features designed to streamline the threat detection and response process.
Minerva Labs Launches Cloud Version of its Endpoint Threat Prevention Platform (My TechDecisions) Award-wining platform now brings active, pre-execution endpoint threat prevention to the cloud
ITS asks students to download Duo to fight against phishing (Los Angeles Loyolan ) To help prevent scams and phishing, Information Technology Services (ITS) will be implementing Multi-Factor Authentication called Duo for student accounts.
Dish taps Palo Alto Networks for 5G security assist (FierceWireless) Dish is leveraging Palo Alto Networks for container security, network slicing, real-time threat correlation and dynamic security enforcement.
State of Oklahoma Selects Zscaler to Secure Remote Access and Improve Cybersecurity (GlobeNewswire) State IT Leaders Implement a Zero Trust Approach to Strengthen Security While Keeping Employees Productive and Supporting Citizens
LogPoint's Only SIEM Receives the EAL 3+ Certification Award (:Enterprise Security) LogPoint announced that their SIEM received a trusted Standard Criteria EAL 3+ re-certification, ensuring the LogPoint software quality.
Woodforest National Bank Chooses Exabeam to Help Protect its Vast Nationwide Business (Odessa American) Exabeam, the security analytics and automation company, today announced that Woodforest National Bank selected the Exabeam Security Management Platform (SMP) in the cloud as the foundation for its security information and event management (SIEM) system.
Intelligent Artifacts Partners with ConsuNova to Develop its DO-178C Certifiable Software (PR Newswire) Intelligent Artifacts today announced a new partnership with ConsuNova, the leading global provider of avionics systems certification services,...
Imperva unveils new data security platform built for cloud (Security Brief) The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges.
Veracode Launches Technology Alliance Program (Valdosta Daily Times) Veracode, the largest global provider of application security testing (AST) solutions, today announced the launch of the Veracode Technology Alliance Program (TAP), making it easier for organizations to implement, manage, and scale their software security programs, reducing friction and speeding time-to-market.
Digital Shadows announces new threat intelligence capabilities mapping to MITRE ATT&CK framework (PR Newswire) Digital Shadows, the leader in digital risk protection, today announces powerful upcoming features to its SearchLight™ solution providing...
VMware Delivers Advanced Cloud Workload Protection with Container and Kubernetes Security (VMware) New innovations enable collaboration between InfoSec and DevOps teams to reduce risk and protect public cloud and on-premises Kubernetes environments.
Russia’s Largest Internet Provider Mail.Ru Selects HID Global for Enabling Secure Access Control Using Smartphones (BusinessWire) Mail.Ru has chosen HID Global's Mobile Access solution for secure and convenient access control using smartphones and other mobile devices.
Aiden Pioneers AI-Driven Natural Language Processing and Unprecedented Automation for Microsoft Windows Endpoint Management (PR Newswire) Aiden launched today unveiling its DevOps for Windows service to automate enterprise endpoint management. As large organizations confront...
WitFoo Announces Partnership with CyberOpz (News Direct) MSSP leader to offer SIEM/SOAR as a service
Guardicore Enforces Microsegmentation on the Industry’s Broadest Array of Legacy Platforms (BusinessWire) Guardicore, the microsegmentation company disrupting the legacy firewall market, today announced new capabilities that extends microsegmentation and Z
Virtually Testing Foundation Partners with AttackIQ Academy to Launch Enterprise Testing Internship Program (BusinessWire) AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) systems, and the Virtually Testing Foundation (VTF), a California-base
Technologies, Techniques, and Standards
4 Microsoft Teams security issues and how to prevent them (SearchUnifiedCommunications) Keeping collaboration platforms secure is more important than ever. Learn about four top Microsoft Teams security issues and how to prevent them.
The missing puzzle piece in DevSecOps — seamless source code protection (The Last Watchdog) We live in a time where technology is advancing rapidly, and digital acceleration is propelling development teams to create web applications at an increasingly faster rhythm. The DevOps workflow has been accompanying the market shift and becoming more efficient every day – but despite those efforts, there was still something being overlooked: application security. Related: […]
Time for an upgrade (GRIMM) Cleaning your domain clock Sometimes we grow to like the old software we’ve become familiar with over the years, but because ...
All Eyes on PCAP: The Gold Standard of Traffic Analysis (SecurityWeek) PCAP collects everything. It is not designed to provide real time – or any – analysis. Analysis is left to add-ons or other security tools. The value of PCAP is the ability to see and capture in detail exactly what has happened.
Malicious Payloads: Defending Your Organization Beyond “Known Bad” Lists (GreatHorn) Malicious payload attacks rank number one among the top threats that concern IT professionals. Read our blog to learn how to defend your organization beyond just knowing it.
Zero Trust creator talks about implementation, misconceptions, strategy (Help Net Security) A little over a decade ago, John Kindervag outlined Zero Trust: a new model of trust and a new cybersecurity approach and strategy.
Design and Innovation
YouTube claims it’s getting better at enforcing its own moderation rules (The Verge) The question is: how tough are YouTube’s rules?
Research and Development
Phosphorus Cybersecurity Awarded United States Air Force Contract to Research Securing IoT in a 5G environment (BusinessWire) Phosphorus Cybersecurity, which provides full scope security for IoT devices, announced its award of an AFWERX Small Business Innovation Research (SBI
The Perils of Overhyping Artificial Intelligence (Foreign Affairs) In 1983, the U.S. military’s research and development arm began a ten-year, $1 billion machine intelligence program aimed at keeping the United States ahead of its technological rivals. From the start, computer scientists criticized the project as unrealistic. It promised big and ultimately failed hard in the eyes of the Pentagon, ushering in a long artificial intelligence (AI) “winter” during which potential funders, including the U.S. military, shied away from big investments in the field and abandoned promising areas of research.
The People in This Medical Research Are Fake. The Innovations Are Real. (Wall Street Journal) ‘Synthetic-data technology,’ by creating artificial patient populations, has the potential to speed up innovations without compromising privacy.
Academia
UCI advances to national cyber defense competition following “historic” regionals win (UCI News) A team of undergraduate students from the cybersecurity club in UCI’s Department of Computer Science is moving on to the National Collegiate Cyber Defense Competition following their recent first-place finish in the Western Regionals against several formidable opponents. Only the winners out of the
Raytheon Technologies Announces $500 Million Social Impact Initiative (PR Newswire) Raytheon Technologies (NYSE: RTX) today announced Connect Up, a 10-year, $500 million corporate responsibility initiative to drive...
Legislation, Policy, and Regulation
Israel and UAE shared intel on Hezbollah cyberattack (haaretz.com) 'I owe you coffee, Mohamed. I thought they would ask about NSO within five minutes!': Haaretz sat down with the Israeli and UAE cybersecurity czars to talk cyberweaponry, Iran and Hezbollah. Here's what we learned
Impose Costs on Russia in the Information Environment (U.S. Naval Institute) The United States needs to make Russia pay a larger price for its information warfare attacks. Here are more ways to do it.
In Putinism, Hurting the United States Is All About Payback (Foreign Policy) Russia still hasn’t recovered from its own trauma.
U.K. Launches New Competition Watchdog Targeting Big Tech (Wall Street Journal) Britain’s new Digital Markets Unit will seek to ensure tech giants like Facebook and Google don’t exploit any market dominance to crowd out competition, officials say.
Open Rights Group demands Home Office transparency on end-to-end encryption (Computing) The Home Office is allegedly considering measures to compel Facebook to break encryption on its messaging apps
Big Talk on Big Tech—but Little Action (Foreign Policy) In both the U.S. and EU, antitrust and regulatory efforts against Facebook, Google, and Amazon are gaining traction. But no one’s about to break them…
Intel heads to resume worldwide threats hearing scrapped under Trump (TheHill) The House and Senate Intelligence committees will question leaders of five major intelligence and security agencies next week, resuming the annual tradition of a worldwide threats hearing that was abandoned under th
The Cybersecurity 202: Lawmakers want Biden to fund technology they say could secure American telecommunications companies from spies (Washington Post) A bipartisan group of lawmakers is urging President Biden to include $3 billion in funding for technology it says would reduce American reliance on Chinese telecommunications equipment that could provide a back door for spying.
CMMC Accreditation Body Launches Industry Advisory Council Backed by Thought Leaders from across the DIB (BusinessWire) The CMMC Accreditation Body (CMMC-AB), the sole authoritative source for operationalizing CMMC assessments and training by the U.S. Department of Defe
US DoD Launches Vuln Disclosure Program for Contractor Networks (SecurityWeek) The U.S. Department of Defense launches a new vulnerability disclosure program on HackerOne to identifying vulnerabilities in Defense Industrial Base (DIB) contractor networks.
Tim Cook wants Americans to be able to vote on their iPhones (Business Insider) "We do our banking on phones. We have our health data on phones," Tim Cook said before asking "why not" expand voting tech to smartphones.
Lawmakers Slam YouTube Kids As Predatory 'Wasteland' (Law360) A House subcommittee on Tuesday launched a probe into YouTube Kids, requesting documents and analytics on the children's streaming platform, which it slammed as a "wasteland of vapid, consumerist content."
Ribbon cutting held for Mississippi’s first Cyber Fraud Task Force (WJTV) Mississippi Attorney General Lynn Fitch said Tuesday that her office has established a partnership with the U.S. Secret Service and in-state law enforcement agencies to invest…
New top security official for Arizona will put focus on cybersecurity of government systems (azcentral) "Hackers have almost been like sharks with blood in the water," said Tim Roemer, new director of the Arizona Department of Homeland Security.
Litigation, Investigation, and Law Enforcement
EU investigating ‘IT security incident’ involving multiple agencies (CyberScoop) Cybersecurity experts at the European Union are investigating an “IT security incident” involving multiple institutions, though “no major information breach” has been detected, EU officials said Tuesday.
()
Decrypted Messages Lead to Seizure of 27 Tons of Cocaine in Europe (Vice) Belgian authorities claim to have intercepted a whopping $1.7 billion of cocaine in the industrial port of Antwerp.
Man sentenced to prison after attempting to buy a neurotoxin on the dark web (The Record by Recorded Future) A Missouri man was sentenced today to 12 years in prison after he attempted to buy a deadly poisonous chemical from the dark web during an undercover FBI operation.
Too slow! Booking.com fined for not reporting data breach fast enough (Naked Security) It’s not just the breach, it’s the speed of the breach response…