Cyber Attacks, Threats, and Vulnerabilities
SolarWinds Hackers’ Attack on Email Security Company Raises New Red Flags (Wall Street Journal) A breach at email security provider Mimecast underscores that Russia-linked hackers appear to have targeted victims along multiple avenues of attack.
More federal victims of SolarWinds hacking likely to come forward, CISA chief says (CyberScoop) The number of federal agencies confirmed to have been breached in a suspected Russian espionage campaign will likely increase as the investigation continues, the head of the U.S Cybersecurity and Infrastructure Security Agency said.
CISA Insights on APT Compromise of Microsoft 365 Via Password Exploits (HealthITSecurity) The nation-state APT actors behind the SolarWinds compromise are also leveraging compromised Microsoft O365 accounts for further proliferation across victims' networks through password exploitation.
SolarWinds Discloses Earlier Evidence of Hack (Wall Street Journal) A widespread computer breach tied to Russia-linked hackers dates back to September 2019, a month earlier than the software provider previously reported.
SolarWinds: The CSO Perspective (Recorded Future) Gavin Reid, chief security officer at Recorded Future, shares his thoughts on the evolving SolarWinds breach and actions he’s taken as CSO.
SolarWinds Orion Breach - What It Means for the Industry Writ Large (Recorded Future) Jonathan Condra, senior manager for strategic and persistent threats with Insikt Group, gives his perspective on the recent SolarWinds breach.
Researchers Find Links Between SolarWinds Campaign and Tools Used by Russian Hackers | The Record by Recorded Future (The Record by Recorded Future) Cybersecurity researchers say they’ve found evidence linking the months-long espionage campaign to Russian cyber operators.
'SolarLeaks' Site Claims to Offer Attack Victims' Data (GovInfo Security) A new leaks site claims to be selling data stolen via the SolarWinds supply-chain attack from Cisco, FireEye Microsoft and SolarWinds. Security experts question
SolarLeaks site claims to sell data stolen in SolarWinds attacks (BleepingComputer) A website named 'SolarLeaks' is selling data they claim was stolen from companies confirmed to have been breached in the SolarWinds attack.
Cyberattack on EMA - update 4 European Medicines Agency (European Medicines Agency) The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet. Necessary action is being taken by the law enforcement authorities.
An Absurdly Basic Bug Let Anyone Grab All of Parler's Data (Wired) The “free speech” social network also allowed unlimited access to every public post, image, and video.
Data Breach at ‘Resident Evil’ Gaming Company Widens (Threatpost) Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.
Some data from last month's cyber attack leaked online, says EU drugs regulator By Reuters (Investing.com) Some data from last month's cyber attack leaked online, says EU drugs regulator
Hackers leak stolen Pfizer COVID-19 vaccine data online (BleepingComputer) The European Medicines Agency (EMA) today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online.
Going Rogue – a Mastermind Behind Android Malware Returns with a New RAT (Check Point Software) Now more than ever, we rely on our smartphones to keep in touch with our work, our families and the world around us. There are over 3.5 billion
Google reveals sophisticated Windows and Android hacking operation (ZDNet) The attackers used a combination of Android, Chrome, and Windows vulnerabilities, including both zero-days and n-days exploits.
Siemens PROFINET Devices (Update I) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: PROFINET Devices
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update H) that was published September 8, 2020, to the ICS webpage on us-cert.gov.
Siemens TIA Portal (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: TIA Portal
Vulnerability: Path Traversal
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-014-05 Siemens TIA Portal (Update A) that was published April 14, 2020, to the ICS webpage on us-cert.gov.
Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update F) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC
Vulnerability: Incorrect Calculation of Buffer Size
2.
Siemens SCALANCE & SIMATIC (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE, SIMATIC
Vulnerability: Resource Exhaustion
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update B) that was published September 8, 2020, to the ICS webpage on us-cert.cisa.gov.
Siemens SIMOTICS, Desigo, APOGEE, and TALON (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.1
ATTENTION: Exploitable from an adjacent network/low skill level to exploit
Vendor: Siemens
Equipment: SIMOTICS, Desigo, APOGEE, and TALON
Vulnerability: Business Logic Errors
2.
Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update E) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.7
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK
Vulnerability: Unquoted Search Path or Element
2.
Siemens Opcenter Execution Core (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Opcenter Execution Core
--------- Begin Update B Part 1 of 5 ---------
Siemens SCALANCE X Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE X Products
Vulnerabilities: Missing Authentication for Critical Function, Heap-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could cause denial-of-service conditions and further impact the system through heap and buffer overflows.
Siemens Solid Edge (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: Solid Edge
Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow arbitrary code execution on an affected system.
Siemens JT2Go and Teamcenter Visualization (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: JT2Go and Teamcenter Visualization
Vulnerabilities: Type Confusion, Improper Restriction of XML External Entity Reference, Out-of-bounds Write, Heap-based Buffer Overflow, Stack-based Buffer Overflow, Untrusted Pointer Dereference, Out-of-bounds Read
2.
Siemens SCALANCE X Switches (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE X200, X200IRT, X300
Vulnerabilities: Use of Hard-coded Cryptographic Key
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute a man-in-the-middle attack and decrypt previously captured traffic.
Schneider Electric EcoStruxure Power Build-Rapsody (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Schneider Electric
Equipment: EcoStruxure Power Build - Rapsody
Vulnerability: Unrestricted Upload of File with Dangerous Type
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a local attacker to upload a malicious SSD file, resulting in a use-after-free condition or a stack-based buffer overflow.
SOOIL Dana Diabecare RS Products (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: SOOIL Developments Co., Ltd.
Equipment: Diabecare RS, AnyDana-i and AnyDana-A
Vulnerabilities: Use of Hard Coded Credentials, Insufficiently Protected Credentials, Use of Insufficiently Random Values, Use of Client-side Authentication, Client-side Enforcement of Server-side Security, Authentication Bypass by Capture-Replay, Unprotected Transport of Credentials, Key Exchange Without Entity Authentication, Authentication Bypass by Spoofing
Reserve Bank of New Zealand investigates illegal access of third-party system (ZDNet) Compromised data may include some commercially and personally sensitive information.
Clearfield County Cyber Attack (FOX8) On Saturday, the Clearfield County commissioners say their IT department noticed the effects of the cyberattack. “Adam noticed Saturday the effects of it and then doing his research discovered that…
Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes (New York Times) Bitcoin owners are getting rich because the cryptocurrency has soared. But what happens when you can’t tap that wealth because you forgot the password to your digital wallet?
Security Patches, Mitigations, and Software Updates
Zero Day Initiative — The January 2021 Security Update Review (Zero Day Initiative) Welcome to the new year, and welcome to the first Patch Tuesday of 2021. Take a break from your regularly scheduled activities and join us as we review the details for the latest security offerings from Microsoft and Adobe. Adobe Patches for January 2021 This month, Adobe released...
Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021 (Dark Reading) Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
Microsoft Patch Tuesday: 83 Vulnerabilities, 10 Critical, 1 Actively Exploited (SecurityWeek) Microsoft fixes 83 vulnerabilities in the January batch of security patches, including 10 are that carries a "critical" severity rating.
Adobe Releases First Security Updates of 2021 as It Blocks Flash Content (SecurityWeek) Adobe has released its first round of security updates for 2021 just as the company starts blocking Flash content.
SAP Patches Serious Code Injection, DoS Vulnerabilities (SecurityWeek) German software maker SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities.
Intel Packs Ransomware Detection Directly Into vPro Platform (SecurityWeek) Using the Intel Threat Detection Technology (Intel TDT), the vPro platform can detect encryption attempts and can also filter ransomware activity from other encryption behavior.
Facebook Awards Big Bounties for Invisible Post and Account Takeover Vulnerabilities (SecurityWeek) Facebook awards tens of thousands of dollars for vulnerabilities that allowed hackers to take over accounts or publish invisible posts on any page.
Cyber Trends
Okera Unveils Five Top Data Privacy and Analytics Trends for 2021 (PR Newswire) Okera, which provides secure data access at scale, today revealed five pivotal big data industry trends and predictions expected to emerge in...
Boosting cyber resilience when the odds are stacked against you (Computing) 2020 exposed gaps in our ability to trust information, ignited cloud migrations, and put overburdened security teams under more strain. In 2021 we must focus on the danger areas
A record 2 million phishing sites reported in 2020, highest in a decade (Atlas VPN) The year 2020 was a rollercoaster ride. With people shifting to remote work due to the pandemic, cybercriminals saw this as an opportunity and became more active than ever.
Marketplace
Vdoo Reveals an Extension Funding Round with Qumra Capital and Verizon Ventures Joining as Investors (GlobeNewswire) Connectivity surge in telcos and utilities drives explosive demand for Vdoo’s Product Security Platform
CrowdStrike raised $750M unsecured debt capital (NASDAQ:CRWD) (SeekingAlpha) CrowdStrike Holdings (CRWD -2.4%) has priced $750M of 3.000% senior notes due February 15, 2029.Offering is expected to close on January 20.
McAfee cuts staff in San Jose, including 3 vice presidents (Silicon Valley Business Journal) The San Jose cybersecurity company is reportedly making cuts elsewhere, including a closure in Israel.
Intel Ousts Chief Executive Bob Swan (Wall Street Journal) Swan will be replaced by VMware CEO Pat Gelsinger effective Feb. 15, after activist hedge fund Third Point had called for sweeping changes to revive the semiconductor giant’s fortunes.
Tech Community for Managed Service Providers Addresses Industry Regulation, Cyber Security, and Transparency (PR Newswire) MSPAlliance®, the leading standards organization for the global Managed IT Services profession, today announced that it would be addressing the...
WhatsApp really wants you to know it’s not sharing all your data with Facebook (The Verge) WhatsApp is facing a privacy reckoning, largely due to Facebook’s poor reputation.
New WhatsApp Privacy Policy Allows Data Sharing With Facebook, Users Given No Means To Opt Out (CPO Magazine) WhatsApp users who are not interested in giving Facebook access to their personal data are being told to either get in line or hit the road by February 8.
WhatsApp Affirms User Privacy Following Backlash Over Data Sharing With Facebook (MacRumors) Following backlash after changing its terms and privacy policy to consolidate a significant amount of data sharing with Facebook, WhatsApp is now...
Mistaken Identity company Signal Advance plunges after spike in last few days (OTCMKTS:SIGL) (SeekingAlpha) Signal Advance (OTCPK:SIGL) sunk about 75%, reversing an almost 440% increase yesterday, after the stock soared in recent days following investor confusion after Tesla's (NASDAQ:TSLA) Elon Musk tweeted to ``use Signal,'' referencing the encrypted messaging service.Musk wasn't talking about Signal AdvanceFamed tech investor Chamath Palihapitiya/Social Capital (NYSE:IPOB) also might have contributed to the gain after he tweeted over the weekend to longer text him on Whatsapp and instead download Signal after he said that Whatsapp will begin sharing its data with Facebook (NASDAQ:FB) in February.Signal Advance CEO Dr.
Following Trump Ban, Facebook Tells Employees to Avoid Wearing Company-Branded Apparel (The Information) Facebook on Monday told employees to avoid wearing or carrying company-branded clothing and other items in public following the company’s suspension last week of President Donald Trump’s account and its more recent crackdown on content mentioning “Stop the Steal,” an online movement that falsely ...
Amazon begins removing QAnon goods for sale, after booting pro-Trump Parler from its cloud service (Washington Post) The e-commerce company will block sales of products that reference the baseless conspiracy theory whose adherents were among those that stormed the U.S. Capitol
An update following the riots in Washington, DC (Twitter) Twitter’s work to protect the conversation following the riots in Washington, DC
It’s not just Twitter and Big Tech racing to contain damage from Capitol attack (Silicon Valley Business Journal) While Trump-related account suspensions by tech giants have drawn the most attention, a number of other companies in the Bay Area have been taking action against accounts connected to the President and supporters who were involved in last week's events in Washington. Here's a look at some of them.
Google’s New Union Is Already Addressing Political Issues (Wired) The Alphabet Workers Union isn’t seeking better pay and benefits. It wants to influence the company’s policies on social and other issues.
GitHub reportedly fired a Jewish employee who warned co-workers to stay safe from Nazis (The Verge) The HR team at GitHub chastised the employee for using the word "Nazi" in the company Slack.
GoFundMe Has Banned Fundraisers For Travel To Trump Rallies (BuzzFeed News) Trump supporters are planning and preparing for more inauguration-related rallies, but they will no longer be able to use GoFundMe to help them get there.
YouTube Suspends President Trump’s Account (Wall Street Journal) YouTube suspended President Trump’s channel, joining a growing list of tech companies that are ejecting him from their platforms.
AT&T, Verizon, Comcast halt donations to lawmakers who opposed Biden's election (Light Reading) Lawmakers like Sen. Ted Cruz, R-Texas, and Sen. Josh Hawley, R-Mo., who voted against the certification of President-elect Joe Biden's election victory, won't get money from the likes of AT&T, Verizon and Comcast.
Big Law Firms Join In PAC-Freezing Following Capitol Attack (New York Law Journal) Following the lead of several major banks and corporations, the firms are reassessing where money from their political action committees goes.
Cymulate Announces Exceptional Revenue and Company Growth in 2020 (PR Newswire) Cymulate, the only SaaS-based Continuous Security Validation platform to operationalize the MITRE ATT&CK® framework end-to-end, today announced...
Cybersecurity Vet Robert Carey Joins Cloudera to Lead Government-Focused Business (GovCon Wire) Cloudera (NYSE: CLDR) has appointed Robert Carey, a public sector cybersecurity veteran, as presiden
HITRUST Announces Changes to Executive Leadership Team (Odessa American) HITRUST ®, a leading data protection standards development and certification organization, announced today strategic organizational changes in the form of new leadership appointments as well as new and expanded responsibilities for existing executive management.
SecurityWeek Names Ryan Naraine as Editor-at-Large (SecurityWeek) SecurityWeek has hired Ryan Naraine as Editor-at-Large, adding a veteran cybersecurity journalist and podcaster to its editorial team.
Products, Services, and Solutions
PC Matic Selected to Join NIST ‘National Cybersecurity Center of Excellence’ (PC Matic TechTalk) Cybersecurity firm joins public-private partnership for cyber-innovations; Center facilitates cross-sector creation of cybersecurity solutions; Aims to deliver standards-based and easy to implement cyber-solutions for businesses
Myrtle Beach, SC – Today, American cybersecurity firm, PC Matic, announced it has been named a partner to the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE).
The public-private partnership, launched in 2012, is
Confluera Announces Interoperability with VMware Carbon Black to Expand XDR Capabilities (BusinessWire) Confluera, the leading provider of Extended Detection and Response (XDR), today announced interoperability with VMware Carbon Black that will further
HaystackID™ Launches ReviewRight Protect™ to Provide Companies with Faster, More Efficient Data Breach Discovery and Review (PR Newswire) Companies suffering from data breaches can now assess their exposure, identify the at-risk data, and get back online more quickly with a new...
NetCraftsmen® and Gluware Launch Strategic Partnership to Accelerate Adoption of Intelligent Network Automation (Herald Mail) NetCraftsmen, LLC today announced that it has launched a strategic partnership with Gluware, Inc., the leading provider of Intelligent Network Automation for global enterprises.
Experian Selected as Leading Provider of Digital Identity Solutions (BusinessWire) Juniper Research acknowledges Experian's pedigree in the digital identity industry and gives high marks for strength of product.
Synamedia Partners With Akamai to Speed Pirate Take Downs (MarTech Series) Synamedia, the world's largest independent video software provider, announced that its security and watermarking solutions are now integrated with Akamai, the intelligent edge platform for securing and delivering digital experiences, to protect customers' streaming OTT content.
SmartSearch U.S. Launches Enhanced Anti-fraud Solution (PR Newswire) In response to Congress passing some of the most significant anti-money laundering (AML) legislation in decades, anti-fraud specialist...
Coalfire Federal Becomes CMMC Registered Provider (Coalfire.com) Leading Cybersecurity Services Provider to DIB Announces a Comprehensive Portfolio of Cybersecurity Maturity Model Certification (CMMC) Advisory Services
Source Defense Partners With PCI Security Standards Council to Help Secure Payment Data Worldwide (PR Newswire) Source Defense, the market leader in client-side website security, announced today it has joined the PCI Security Standards Council (PCI SSC)...
Technologies, Techniques, and Standards
Boosting cyber resilience when the odds are stacked against you (Computing) 2020 exposed gaps in our ability to trust information, ignited cloud migrations, and put overburdened security teams under more strain. In 2021 we must focus on the danger areas
EXCLUSIVE: ‘Do-Or-Die’ JADC2 Summit To Crunch Common Data Standards (Breaking Defense) "Standards, in many cases, provide everything but standards. Interoperability is a word normally tagged on something that is not interoperable," says Lt. Gen. Dennis Crall, head of Joint Staff J6 responsible for C2 and cyber issues.
Military intelligence agency wants to understand customers’ needs better (C4ISRNET) Negative feedback prompted the new strategy, which promises accessible data and technology updates
Design and Innovation
Job Screening Service Halts Facial Analysis of Applicants (Wired) But it’s still using intonation and behavior to assist with hiring decisions.
IonQ CEO Peter Chapman on quantum computing adoption, innovation and what's next (ZDNet) ZDNet caught up with IonQ CEO Peter Chapman to discuss quantum computing applications, how the cloud will accelerate adoption, software developers and riding innovation curves.
Research and Development
IBM leads US patent list for 2020 as total numbers decline 1% in pandemic year to 352,000 (TechCrunch) One year in, the COVID-19 global health pandemic continues to have something of a dragging effect on many aspects of life. But today, a key bellwether for how technology is developing underscored how the industry continues to march on. The number of patents granted in the U.S. in 2020 totaled 352,0…
Academia
$10M gift will help fuel discoveries at Innovation Campus (Virginia Tech) Virginia Tech’s growing impact in the greater Washington, D.C., metro area will receive a significant boost thanks to a multimillion-dollar gift from Octo founder and CEO Mehul Sanghani ’98 and his wife, Hema Sanghani ’99.
Legislation, Policy, and Regulation
As Greece touts EU vaccine passports, privacy champions warn of risks (POLITICO) Proof of vaccination or immunity could help countries open up faster, but EU privacy activists are sounding the alarm.
Covid UK: Vaccinated Britons to be offered 'vaccine passport' (Nation Online) Though the Department of Health said there were 'no plans' to introduce vaccine passports, its science and research funding agency has already pumped £75,000 into the project.
Reports had warned about supply chain hacks (C4ISRNET) The path to protecting the DoD from breaches through contractors isn’t easy.
America must bolster cybersecurity (TheHill) The resilience of online networks is critical to national interests.
Russian cyber attack: How should the Biden administration respond? (GZERO Media) How should the incoming Biden administration respond to Russia's unprecedented cyber attack on American government institutions and corporations? "Governments really don't like it when you sanction their people," says former Homeland Security Secretary Jeh Johnson. Sanctions are just one of a variety of response measures that Johnson explores with Ian Bremmer. Their conversation was part of the latest episode of GZERO World.
A Conversation with William Evanina (Washington Post) With alarm growing over the extent of the massive Russian hack of U.S. federal agencies and businesses late last year, and China already targeting President-elect Joe Biden and his incoming administration, Washington Post national security reporter Ellen Nakashima speaks with one of the country’s top counterintelligence chiefs about the most pressing intelligence concerns today and on the horizon.
After pro-Trump riot, experts urge US to tackle domestic disinformation (CyberScoop) The Capitol storming highlights just how urgently the U.S. needs to protect against domestic disinformation as a matter of national security.
President Trump lashes out at social media companies following Twitter ban (Washington Post) House Democrats are planning to look into social media’s role in Capitol riot as part of a broad disinformation inquiry.
White House establishes national artificial intelligence office (TheHill) The White House Office of Science and Technology Policy (OSTP) on Tuesday announced the establishment of a National Artificial Intelligence Initiative Office as part of an effort by the Trump administration to prior
Inside the remarkable rift between Donald Trump and Mike Pence (Washington Post) Vice President Pence was in hiding from a violent mob of Trump supporters in the Capitol last Wednesday when the presidential tweet attacking him posted.
Joe Biden’s Big Tech takeover (Spectator USA) This is the policy that the Biden administration wants, and the Biden administration is the government that Big Tech bought
Biden to Restore Homeland Security and Cybersecurity Aides to Senior White House Posts (New York Times) The two appointments illustrate how the president-elect appears determined to rebuild a White House national security team to focus on threats that critics say were ignored by President Trump.
Biden’s defense secretary pick prompts new concerns of civilian control, respect for military (Military Times) Retired Gen. Lloyd Austin will need a waiver to serve in the senior civilian role because of his recent retirement from military service.
More Democrats Say They'll Vote 'No' on Waiver for Biden's SecDef Pick Lloyd Austin (Military.com) Lawmakers heard from two experts who warned that granting another waiver to a recently retired general.
All eyes on Reed as Austin waiver splits Democrats (Defense News) U.S. Sen. Jack Reed hasn’t taken over as chairman of the Senate Armed Services Committee yet, but he’s already facing division within the panel and his party over the issue of President-elect Joe Biden’s pick to lead the Pentagon.
The Cybersecurity 202: Extremists flocking to encrypted apps could restart debate over law enforcement access (Washington Post) The recent shutdown of conservative-favored app Parler has sent throngs of President Trump's supporters to encrypted messaging apps – where some extremists are already organizing and calling for more violence to overturn the election results.
New York proposes a new Biometric Privacy Act (Technology Law Dispatch) On January 6th, the first day of the New York legislature's 2021 session, NY lawmakers proposed Assembly Bill 27 (AB 27), the Biometric Privacy Act. The
Litigation, Investigation, and Law Enforcement
FBI report warned of ‘war’ at Capitol, contradicting claims there was no indication of looming violence (Washington Post) A day before rioters stormed Congress, an FBI office in Virginia issued an explicit internal warning that extremists were preparing to travel to Washington to commit violence and “war,” according to an internal document reviewed by The Washington Post that contradicts a senior official’s declaration the bureau had no intelligence indicating anyone at last week’s pro-Trump protest planned to do harm.
Worried about free speech, FBI never sent bulletin on Capitol threats (NBC News) The lack of an intelligence bulletin left agencies like the Capitol Police without the full picture of what the FBI had learned about what extremists were saying.
Several Capitol police officers suspended, more than a dozen under investigation over actions related to rally, riot (Washington Post) Several U.S. Capitol Police officers have been suspended and more than a dozen others are under investigation for suspected involvement with or inappropriate support for the demonstration last week that turned into a deadly riot at the Capitol, according to members of Congress, police officials and staff members briefed on the developments.
Justice Dept. investigating sedition and conspiracy charges and any terror links to violent storming of U.S. Capitol (Washington Post) The Justice Department and FBI have created a sedition and conspiracy task force to pursue charges against participants in the storming of the U.S. Capitol and are investigating any links to domestic or foreign instigators, officials said Tuesday.
Some Rioters Could Face Prison Terms of 20 Years or More, Officials Say (Military.com) The FBI has now opened up nearly 160 cases into those involved in last week's siege at the U.S. Capitol.
CEOs, Industry Groups Denounce Capitol Riots (Wall Street Journal) A manufacturing trade group and a coalition of unions suggest President Trump should be removed from office.
Right-wing extremists move to encrypted channels to plan for Inauguration Day violence (NBC News) Some pro-Trump extremists have used the platforms to suggest skipping local rallies to focus instead on a big turnout in D.C. at Biden's inauguration.
British Airways faces largest-ever group lawsuit over data breach (BusinessLIVE) More than 16,000 victims have now joined the case seeking compensation for the data breach that occurred in 2018
Blockchain hackers stole $3.8 billion in 122 attacks throughout 2020 (Atlas VPN) The year 2020 was challenging for cybersecurity and the world in general. The global pandemic did not only threaten our physical health but also gave way to a new wave of cyberattacks endangering our digital lives.
Liability Upon Payment: A Court Recognizes a Duty in Data Breach Litigation (The National Law Review) According to many plaintiffs in recently filed data breach litigations, credit and debit card fraud is a growing problem.  It’s great if this sounds familiar to readers of CPW, because it ...
German Police Take Down 'World's Largest Darknet Marketplace' (SecurityWeek) A German-led police operation has taken down the "world's largest" darknet marketplace, whose Australian alleged operator used it to facilitate the sale of drugs, stolen credit card data and malware.
Clark Hill Must Produce Cyberattack Report In Malpractice Suit (Law360) A D.C. federal court granted a Chinese dissident's bid Monday to compel Clark Hill PLC, which used to represent him, to produce a report it commissioned on a cyberattack at the center of the dissident's $50 million malpractice suit, ruling the report is neither protected work product nor attorney-client privileged.
Canon Hit with Data Breach Class Action Suit by Former and Current Employees (Data Privacy + Security Insider) Canon U.S.A. Inc. (Canon) was hit with a class action lawsuit in the U.S. District Court for the Eastern District of New York this week for the ransomware