Dateline Houston, Texas, to Linden, New Jersey: Colonial Pipeline's ransomware incident.
WSJ News Exclusive | Colonial Pipeline CEO Tells Why He Paid Hackers a $4.4 Million Ransom (Wall Street Journal) Joseph Blount told the Journal that he authorized the payment because executives were unsure how badly the cyberattack had breached its systems or how long it would take to bring the pipeline back.
Colonial Pipeline hit by new computer problem (Washington Post) The system that shippers use to communicate goes down. The company says it was not an attack.
The Cybersecurity 202: The Colonial Pipeline hack sparks concerns about economic security (Washington Post) Top members of the House Homeland Security Committee say the Biden administration needs to produce a plan to secure the economy in the wake of a major cyberattack.
Lawmakers Grill Pentagon Officials on How to Prevent Another Colonial Pipeline-Style Attack (USNI News) Members of a key cyber panel wanted to know why the Department of Homeland Security wasn’t alerted to the ransomware attack that set off panic-buying of gasoline and whether the Pentagon could have taken measures to stop it before it happened. Sen. Joe Manchin, (D-W.Va.) said at Tuesday’s Senate Armed Services cyber subcommittee hearing that …
Colonial Pipeline attack: Hacking the physical world (WeLiveSecurity) The Colonial Pipeline attack is a reminder of why operators of critical infrastructure are ripe targets for cybercriminals.
Is DarkSide Really Sorry? Is It Even DarkSide? (Defense One) Deciphering the mysterious apology of the mysterious group that shut down a major U.S. pipeline.
Try This One Weird Trick Russian Hackers Hate (KrebsOnSecurity) In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that…
Op-Ed: Teachable moment — Colonial Pipeline back (Eye Witness News) The technology landscape has changed dramatically in the last year, making it a constantly shifting and evolving environment. This shifting environment has tested enterprise risk …
In wake of pipeline hack, cybersecurity analyst offers tips for small businesses (Charleston Gazette-Mail) All things considered, West Virginia escaped the shutdown of the Colonial Pipeline relatively unscathed.
Japan to restrict private sector use of foreign equipment and tech: Report (ZDNet) After seeing the Colonial Pipeline hack unfold in the US, the Japanese government reportedly wants to impose stricter security regulations on the private sector to ensure the same thing does not happen in Japan.
Don't be the next $5 million hacker payday (The Japan Times) Often all it takes is an oblivious worker clicking a tainted e-mail link, or an IT department getting momentarily lazy about computer-system hygiene.
Experts warn hospitals, universities, government departments vulnerable to ransomware (The Australian) Cybersecurity experts have warned Australia will remain vulnerable to a devastating ransomware attack until a higher standard of online protection is consistent across major services such as hospitals.
Can Canada fend off a Colonial Pipeline-like cyberattack? (Leaderpost) Cyber Security chief says the agency has passed on info that prevented attacks on Canadian industry in the past few years
Colonial breach underscores concerns over paying hackers (TheHill) Colonial Pipeline's decision to pay the cyber criminals behind a ransomware attack that forced the company to temporarily shut down operations has reignited the debate around whether victims of such attacks should pay to regain access to
We’re just a cyber attack away from chaos and panic (Lock Haven Express) Three challenges facing the United States and other right-thinking nations in the wake of the cyberattack targeting Colonial Pipeline’s 5,500-mile system in the U.S. are as follows: 5 Learn the identities of the people responsible for the attack. 5 Use whatever means are necessary to neutralize the hackers’ ability to conduct more attacks. 5 Ascertain […]
Colonial Pipeline Breach - Expect the Unexpected (EIN News) Cyber Imperatives Panel Discussion, PortCon Conference
DarkSide Gang and the New Golden Age of Piracy (Cybereason) DarkSide's semi-state-sanctioned crime models may not specifically repeat itself throughout the ages, but it often rhymes...
Inside the DarkSide Ransomware Attack on Colonial Pipeline (Cybereason) The FBI confirmed that the DarkSide ransomware gang was responsible for an attack on the Colonial Pipeline Company, blurring the lines between nation-state sponsored APT attacks and cybercrime...
Cybereason vs. DarkSide Ransomware (Cybereason) DarkSide ransomware follows the double extortion trend where the threat actors first exfiltrate the data and threaten to make it public if the ransom demand is not paid, rendering backing up data as a precaution against a ransomware attack moot...
Attacks, Threats, and Vulnerabilities
When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar (Dragos) While investigating the Oldsmar water treatment facility breach, Dragos discovered malicious code being hosted on a utility contractor website (a watering hole). Read the threat analysis for more.
MountLocker ransomware uses Windows API to worm through networks (BleepingComputer) The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks.
Russia spy chief suggests West behind cyber-attack (BBC News) Sergei Naryshkin speaks to the BBC in a rare interview about 2020's SolarWinds cyber-attack in the US.
Russian spy chief rebuffs “pathetic” SolarWinds hack accusations (IT PRO) Sergei Naryshkin said the tactics of the attack were similar to those used by US and British intelligence agencies.
'Flattered' Russian spy chief denies SolarWinds attack - BBC (Reuters) Russia's spy chief on Tuesday denied responsibility for the SolarWinds (SWI.N) cyber attack but said he was "flattered" by the accusations from the United States and Britain that Russian foreign intelligence was behind such a sophisticated hack.
Darkside gang estimated to have made over $90 million from ransomware attacks (The Record by Recorded Future) The operators of the Darkside ransomware are believed to have made at least $90 million from ransom payments over the past nine months, since October 2020.
Bizarro banking Trojan expands its attacks to Europe (Securelist) Bizarro is a banking Trojan family originating from Brazil that is now found in other regions of the world.
Researchers Find Exploitable Bugs in Mercedes-Benz Cars (SecurityWeek) Security researchers with Tencent Security Keen Lab documents five vulnerabilities in the Mercedes Benz infotainment system, four of which could be exploited for remote code execution.
Echelon PII Leak and Disclosure Fail (Pentest Partners) Echelon (Echelon Fitness) is a competitor to companies such as Peloton. You buy the hardware, quickly assemble it, buy a subscription, use a built-in or external smart device and you […]
Akamai Security Research: Financial Services Continues Getting Bombarded With Credential Stuffing And Web Application Attacks (Akamai) Akamai and WMC researchers scrutinized multiple phishing kits including ‘Kr3pto,’ which has targeted customers of 11 UK banking brands
Microsoft Warns Of RevengeRAT Distributed Via Spearphishing Emails (Latest Hacking News) Microsoft warns of RevengeRAT campaign running via spearphishing emails targeting aerospace, travel sectors that distribute malware loaders.
Crypto-mining gangs are running amok on free cloud computing platforms (The Record by Recorded Future) Over the course of the last few months, some crypto-mining gangs have switched their modus operandi from attacking and hijacking unpatched servers to abusing the free tiers of cloud computing platforms.
Online fraudsters cash in on chip shortage (Signifyd) A worldwide chip shortage has pushed online fraudsters to attack merchants selling the digital goods gamers desire.
Ethical hacking group worm their way into Fermilab (Physics World) The Sakura Samurai team discover configuration data for the lab’s NoVa experiment and more than 4500 “tickets” for tracking internal projects
Hackers leak Irish patients' data on dark web (Computing) Irish Prime Minister Micheál Martin has ruled out paying a ransom to the Conti cyber gang
Dat's Bad Attack: Hackers Using .dat Files to Bypass SEGs (Avanan) Attackers are using .dat files to hide malicious content and bypass SEG scanners.
Report: UK Recruitment Firm Leaked Sensitive Applicant Data (Website Planet) Company name and location: FastTrack Reflex Recruitment (now part of Team Resourcing Ltd.), based in the United Kingdom. Size: 5 GB of data
Wannabe Wired: The dangers of ransomware (The Lawton Constitution) Ransomware is a big problem, and the best way to fight back against it is to stay prepared and informed.
The strange story of the world’s first ramsomware attack (Explica) In December 1989, Eddy Willems’ boss asked him to review a floppy disk sent to attendees at the World Health Organization’s AIDS conference in Stockholm.
Fascinating Story Of Catching Man Behind World’s First Ransomware (2 Oceans Vibe) Floppy discs, remember those?
The weird story of the inventor of ransomware (EIN News) The disc was one of 20,000 sent in the mail to attendees of the World Health Organization’s AIDS conference in Stockholm, and Willems’ boss had asked him to
Security Patches, Mitigations, and Software Updates
Apple Platform Security Guide Updated With Details on Authentication Features (SecurityWeek) A new update for the Apple Platform Security Guide provides more details on recently announced authentication features.
Android 12 to arrive with a Privacy Dashboard, microphone, and camera indicators (The Record by Recorded Future) At the Google I/O developer conference today, Google has revealed more details about the next version of the Android mobile operating system—Android 12, scheduled for release next fall.
Nvidia moves to curb use of its chips for cryptocurrency mining (Silicon Valley Business Journal) The Santa Clara semiconductor giant's action comes amid an acute shortage of chips needed in its core gaming industry sector.
Emerson Rosemount X-STREAM (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Emerson
Equipment: Rosemount X-STREAM Gas Analyzer
Vulnerabilities: Inadequate Encryption Strength, Unrestricted Upload of File with Dangerous Type, Path Traversal, Use of Persistent Cookies Containing Sensitive Information, Cross-site Scripting, Improper Restriction of Rendered UI Layers or Frames
2.
Mitsubishi Electric MELFA (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELFA FR Series, MELFA CR Series, MELFA ASSISTA
Vulnerability: Uncontrolled Resource Consumption
2.
Mitsubishi Electric MELSEC iQ-R Series (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R series
Vulnerability: Uncontrolled Resource Consumption
2.
Mitsubishi Electric MELSEC iQ-R, Q and L Series (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R, Q and L Series
Vulnerability: Uncontrolled Resource Consumption
2.
Mitsubishi Electric MELSEC iQ-R Series (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-R Series
Vulnerability: Uncontrolled Resource Consumption
2.
Mitsubishi Electric Multiple Products (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: Multiple Products
Vulnerability: Predictable Exact Value from Previous Values
2.
Trends
2021 Email Threat Report (Trustwave) Some of the most significant threats organizations face come in through email. Email has a few advantages as an effective attack vector for hackers. End-users receive email messages whether they want them or not, and email can be easily spoofed to appear legitimate. It’s no wonder that cybercriminals continue to rely on email to distribute malware, phishing scams, and spam.
Consumers Find ID Theft More Concerning than Serious Illness or Injury (Iris) Generali Global Assistance (“GGA”) today announced the findings of their second ID Theft & Cybercrime Research Study conducted by the Benenson Strategy Group.
Quantifying the Public Vulnerability Market: 2021 Edition (Trend Micro) An Analysis of Vulnerability Disclosures, Impact Severity, and Product Analysis
FireEye CTO Sheds Light on a New Generation of Emboldened Attackers (CXOToday.com) While much of the attention around ransomware attacks has focused on the methods by which threat actors worm their way inside the network, one critical aspect o
Adversaries Spend More than 250 Hours Undetected in Target Networks on Average, According to Sophos (GlobeNewswire) New “Active Adversary Playbook 2021” Reveals that 69% of Attacks Sophos Responded to in 2020 Used Remote Desktop Protocol (RDP) for Internal Lateral Movement
Online identity theft via edtech, OTT, e-commerce accounts doubles in India: Study (The Week) Account Takeover posts on dark web witness 90-100% rise in first five months of 2021
More hackers trying to exploit systems for money - CERT NZ (RNZ) A government cyber security agency is seeing an increasing number of attacks with hackers attempting to exploit system weaknesses for money.
Nadia Yousef is CERT NZ's manager of Incident Response.
She talks to Lisa Owen.
Vectra Identifies Top 10 Threat Detections Across Azure AD and Office 365 (PR Newswire) Vectra AI, a leader in threat detection and response, today released its 2021 Q2 Spotlight Report, Vision and Visibility: Top 10 Threat...
More than Half of U.S. Companies Hit with Privileged Credential Theft, Insider Threats in Last Year (PR Newswire) ThycoticCentrify, a leading provider of cloud identity security solutions formed by the merger of privileged access management (PAM) leaders...
90% of DevOps and IT Professionals Believe AppSec Responsibility Will be Shared by DevOps and Security Within Three Years (ZeroNorth) New ZeroNorth Research Highlights the Current State of AppSec and the Journey to DevSecOps Boston, May 19, 2021 –– At DevSecOps Days of the RSA Conference 2021, ZeroNorth, the only company to unite security, DevOps and the business for the good of software, today released a new research report: “The Journey to True DevSecOps,” with …
India, Austria, and US organizations most hit with ransomware (Atlas VPN) Ransomware attacks are one of the leading cyber threats that organizations have to face. Hackers encrypt essential files and documents, leaving victims with an option to pay the ransom to gain access back or to restore data from backups.
Marketplace
Styra Raises $40 Million in Series B Funding to Drive Access, Security and Compliance in Cloud-Native Applications (BusinessWire) Styra, Inc., the founder of Open Policy Agent (OPA) and leader in cloud-native authorization, has raised a $40 million Series B funding round to conti
ThreatLocker raises $20M to secure enterprise endpoints (VentureBeat) ThreatLocker, a cybersecurity startup protecting endpoints, has raised $20 million in a funding round led by Elephant.
ThetaRay, the Israeli Technology Company That Has Developed a Revolutionary Solution Enabling the Acceleration of Cross-border Payments Between Banks, Raises $31 Million in New Round of Funding Led By the JVP and BGV Funds (PR Newswire) ThetaRay, an Israeli technology company that enables the acceleration of cross-border payments between banks while protecting financial...
Cynerio Raises $30 Million in Series B Funding to Secure Mission-Critical Medical and IoT Devices in Hospitals and Health Systems (Cynerio) Funds will expand Cynerio's US presence, with North American HQ in New York City, as well as its international market reach, and power the development of its advanced healthcare IoT cybersecurity and asset management platform
NetAbstraction Raises $9M Series A Round from AllegisCyber Capital to Protect Privacy and Security of Enterprise Networks (PR Newswire) NetAbstraction, the network obfuscation company, today announced it has closed a $9M Series A round of financing led by AllegisCyber Capital to...
Smartronix acquires C2S Consulting Group (Intelligence Community News) Herndon, VA-based Smartronix, LLC, a provider of cloud, C5ISR, and advanced engineering and IT solutions, announced on May 18 the acquisition of C2S Consulting Group (C2SCG).
Silicon Valley tech veteran Sandy Robertson sees 'a lot of junk' in SPAC boom (Silicon Valley Business Journal) Sandy Robertson is about to celebrate his 90th birthday on Friday and has a long view of the booms and busts of Bay Area tech.
OnDMARC by Red Sift wins Multiple Awards at Global InfoSec Awards during RSA Conference 2021 (Red Sift Blog) Red Sift's OnDMARC anti-phishing product wins "Next-Gen in Anti Phishing" & "Market Leader in Email Security and Management" at RSA 2021.
Endace Honored with Four Global InfoSec Awards During RSA Conference 2021 (BusinessWire) Endace announced that it had won four Global InfoSec Awards from Cyber Defense Magazine (CDM), the industry’s leading electronic InfoSec magazine.
IDX Recognized as Editor's Choice for Privacy Management Software in Global InfoSec Awards (PR Newswire) IDX, the leading privacy platform and data breach services provider, announced their victory in Cyber Defense Magazine's Global InfoSec Awards...
CSIOS VP of Cyberspace Operations Picks Up 2021 Cybersecurity Strategist of the Year Global InfoSec Award® (PR Newswire) CSIOS Corporation announced today that Vice President (VP) of Cyberspace Operations, Mr. Clinton Hackney, was honored by Cyber Defense Magazine...
Forcepoint Appoints Global Channel Leader to Transform Next-Generation Partner Ecosystem (PR Newswire) Forcepoint, a global leader in data-first cybersecurity solutions that protect critical information and networks for thousands of customers...
Proofpoint appoints Cisco's Steve Moros to lead APAC advanced tech group (Technology Decisions) Cisco's Steve Moros has been appointed by cybersecurity player Proofpoint to lead Asia-Pacific Advanced Technology.
RSA appoints Ellen Purdy as CFO (Help Net Security) RSA announced Ellen Purdy as Chief Financial Officer and the latest addition to the rapidly growing Fraud & Risk Intelligence executive team.
Whiteford Adds Data Security & Cyber Security Partner to Leading Baltimore Practice (BusinessWire) Whiteford, Taylor & Preston announced that Spencer S. Pollock, an experienced data security and cybersecurity attorney, has joined the firm in MD.
Open Systems Appoints New CEO to Further Accelerate its Lead in the Rapidly Expanding Global Enterprise Cybersecurity Services Market (BusinessWire) Open Systems today announced the appointment of Geoff Haydon as Chief Executive Officer.
Products, Services, and Solutions
Accurics Completes SOC 2 Type 1 Certification (BusinessWire) Accurics meets requirements for ensuring security, availability, integrity and confidentiality of data for its developer-first cloud security platform
Introducing free attack surface monitoring with Coalition Control (Coalition) We want to give organizations of any size the right tools to understand the risks they are exposed to and better protect themselves. This is Coalition Control.
Veridium Joins IGEL Ready Program as a Technology Partner (IGEL) Veridium, a leading developer of frictionless, passwordless authentication solutions, and IGEL, provider of the next
Untangle Delivers Mobile IT Administrative Capabilities with Untangle Go (Untangle) Company's first mobile app enables administrators to easily access their network and security status
Ransomware Recovery from Rubrik (Rubrik) Major Advancements Provide Ransomware Impact, Sensitive Data Risk Assessment and Mass Recovery
Consortium of International Airlines Chooses Unisys to Boost Physical and Data Security for International Passenger Baggage at Seven Australian Airports (Tioga Publishing) Unisys Corporation (NYSE: UIS) today announced that an international airline consortium operating to and from Australia has agreed to a
Linklaters launches US data solutions, cyber and privacy practice in New York (The Global Legal Post) Linklaters launches US data solutions, cyber and privacy practice in New York
Thales Announces New Solutions to Help Organisations Discover, Protect and Control Sensitive Data in Multicloud Environments (BusinessWire) Thales today announced new data protection solutions for Google Cloud, Microsoft Azure, and Amazon Web Services, solidifying its role as a trusted thi
Eclypsium Enhances Platform to Extend Deep Visibility and Security to Network and Unmanaged Devices (Eclypsium) Eclypsium® today announced a major new extension to their enterprise device integrity platform, which lets organizations easily extend visibility and security beyond their traditional endpoints to now include network and unmanaged devices that can impact overall security posture.
Devo Technology Announces Devo Content Stream (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
Recorded Future Partners with Esri to Help Organizations Protect Their Most Critical Assets from Global Uncertainty (GISuser.com) Integration with Geographic Information System Leader Enables Real-Time Location and Global Event Monitoring
Modularbank adds Verification & KYC Capabilities to its Ecosystem with Veriff (Veriff) An announcement of the partnership between Modularbank, the next-generation core banking platform, and Veriff, to offer online identity verification services.
odix joins the CloudBlue Go-To-Market Fast Track Program to accelerate FileWall market share expansion (AP NEWS) odix, the Israel-based cybersecurity leader focused on Deep File Inspection and CDR (Content Disarm and Reconstruction) technology has officially joined the CloudBlue Go-To-Market (GTM) Fast-Track program.
GlobalPlatform Evolves TEE Security Certification to Simplify Creation of Secure Devices (GlobalPlatform) Stakeholders at different stages of the TEE value chain – like silicon, component and OS vendors, or device OEMS – can now certify their individual parts.
Beyond Identity and Distology Announce Strategic Distribution Partnership (Beyond Identity) Beyond Identity selects EMEA distributor Distology to drive channel expansion in the UK and Ireland.
GroupSense Unveils Ransomware Response Readiness Assessment (PR Newswire) GroupSense, a digital risk protection services company, today announced its Ransomware Response Readiness Assessment (R3A) service offering....
Cyberdesic Launches On-Demand Freelancer Network of Vetted Cybersecurity Experts (PR Newswire) Today Cyberdesic announced the launch of its on-demand freelancer network where companies of all sizes can tap into highly qualified talent to...
BehavioSec Creates New Authentication and Fraud Detection Capabilities in Latest Behavioral Biometrics Platform Release (BehavioSec) New features boost enrollment speed, performance, and mobile fraud detection capabilities
GroupSense Unveils Ransomware Response Readiness Assessment (GroupSense) Service Offering Includes Expert Assessment, Response Playbook and Tabletop Exercise to Help Customers of All Sizes Properly Prepare for Ransomware Attacks
Appdome Releases No Code Solution to Preempt Mobile Fraud (PR Newswire) Appdome, the industry leader in no code Appdome Mobile App Security, today announced the immediate release of no code Appdome Mobile Fraud...
New AT&T Cybersecurity Solution to Help U.S. Federal, State and Local Government Agencies Detect and Respond Faster to Digital Risks (PR Newswire) What's the news? AT&T* has launched a cost-effective unified cybersecurity solution designed to meet the security needs of federal, state and...
Technologies, Techniques, and Standards
CISA’s EINSTEIN had a chance to be great, but it’s more than good enough (Federal News Network) Former and current DHS and White House cyber experts say the EINSTEIN intrusion detection, prevention initiative has lived up to most expectations.
This Homeland Security program helps agencies deal with ongoing cyber threats (Federal News Network) Lots of agencies are hearing alerts from the Cybersecurity and Infrastructure Security Agency’s Hunt and Incident Response Program.
How to Get Employees to Care About Security (Dark Reading) Want to a security awareness program that sticks? Make it fun and personal -- and offer free lunch.
Strong ARMing with MacOS: Adventures in Cross-Platform Emulation (BlackBerry) BlackBerry is following up its release of the PE Tree Tool in 2020 by sharing this methodology report to inform security researchers and pen-testers on how to successfully emulate a MacOS ARM64 kernel under QEMU.
The importance of culture in zero trust security (IT-Online) Anna Collard, senior vice-president: content strategy and evangelist at KnowBe4 Africa, talks about the importance of a security culture when employing a zero trust security model. During a preview of this year’s RSA conference, a team from Orange Cyberdefense demonstrated a range of pretty scary scenarios of what can happen when malicious actors take control […]
People Power Army Cyber (SIGNAL Magazine) It will be the human factor that determines the victor in the next Army cyber conflict.
Design and Innovation
USAF Should Adapt Industry Systems for Cyber Defense, Science Chief Says (Air Force Magazine) The Air Force should use industry systems for cybersecurity because the infrastructure necessary isn’t within its expertise, said USAF's chief scientist.
Academia
Howard University, Amazon Web Services to develop a master's degree program (Washington Business Journal) The collaboration will help Howard build up its tech programs and could give Amazon access to a more diverse candidate pool.
CYBER.ORG Seeks Public Commentary on National K-12 Cybersecurity Learning Standards (BusinessWire) CYBER.ORG today announced the opening of the public comment period for the most recent version of the K-12 cybersecurity learning standards that have
UC Davis students and staff voice concerns over Accellion nationwide cyber attack (The Aggie) Recent breach of private information leaves many UC Davis employees and students in a state of paranoia and questioning if their private information is
Legislation, Policy, and Regulation
US-Russia showdown looms as top diplomats meet in Iceland (Military Times) U.S. Secretary of State Antony Blinken and Russia’s longtime Foreign Minister Sergey Lavrov plan to talk Wednesday on the sidelines of an Arctic Council meeting in Reykjavik.
UK govt seeks advice on defending against supply-chain cyberattacks (BleepingComputer) Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers (MSPs) across the country. The move comes after last week when President Biden had issued an executive order to increase cybersecurity defenses across the U.S.
DCMS opens supply chain security consultation (Computing) MSPs may have to prove they have basic security measures in place
Why is Huawei still in the UK? (BBC News) Huawei defends its links with British universities, says it admires UK innovation
India Draws a Line in the 5G Sand (Foreign Policy) After last summer’s clashes with China, New Delhi may finally be ready to leave ambiguity behind—and side with the West.
Cyber Security as Counter-Terrorism: Seeking a Better Debate (War on the Rocks) Earlier this month, a senior Justice Department official referred to ransomware as a potential “cyber weapon of mass destruction.” When hackers
It's time to drop 'competition' from US defense strategy (TheHill) While “interstate strategic competition” may be an accurate description of the international environment, it may not make for good defense strategy.
SOFIC NEWS: Commander Sees New Era of ‘Cognitive Conflict’ for Special Operators (National Defense) The withdrawal of the U.S. military from Afghanistan later this year will mark the beginning of a new era for Special Operations Forces
House Bill Aims for CISA to Test Cyber Attack Response, Help States (Meritalk) Following the recent ransomware attack on Colonial Pipeline Company, Rep. Elissa Slotkin, D-Mich., proposed a bill last week that would require the Cybersecurity and Infrastructure Security Agency (CISA) to establish a National Cyber Exercise Program to test the United States’ cyber readiness.
Biden’s Cybersecurity Executive Order (The National Law Review) On May 12, 2021, the Biden Administration issued its much anticipated “Executive Order on Improving the Nation’s Cybersecurity.” Below are provisions we believe will be of most
Contractors design strategies for dealing with the latest executive order on cybersecurity (Federal News Network) Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne. That executive order on cybersecurity from the White…
Biden’s cybersecurity executive order offers risks, rewards for contractors (Washington Business Journal) Last week's cybersecurity policy puts in place good practices for federal agencies, but also leaves them and contractors in a holding pattern on what to do next.
FACT SHEET: The American Jobs Plan Will Bolster Cybersecurity (The White House) Cybersecurity is one of the preeminent challenges of our time, which is why President Biden has made strengthening U.S. cybersecurity capabilities a top
National security officials outline hopes for US data breach notification law (CyberScoop) Top U.S. national security officials on Tuesday explained some ideal elements to a potential national data breach reporting law, describing the idea as one pathway to stopping massive security incidents like the SolarWinds hack.
SOCOM Likely To Boost Cyber, EW (Breaking Defense) "Everything we're doing now is going to be hard," SOCOM commander Gen. Richard Clarke said. “It's going to be multi-domain, it's going to be partnered and it's going to be contested in every step...and there are countries that are close on our heels.”
Anti-Money-Laundering Whistleblower Program Struggles to Get Off Ground (Wall Street Journal) A new U.S. program to reward those who report possible violations of anti-money-laundering laws has gotten off to a slow start.
Sen. Ben Sasse presses ODNI nominee over his work for Huawei (Fox News) At a Senate Intelligence hearing Tuesday for Christopher Fonzone’s nomination as general counsel at the Office of the Director of National Intelligence (ODNI), Senator Ben Sasse raised concerns over the nominee’s brief work with Chinese telecoms company Huawei.
Litigation, Investigation, and Law Enforcement
Cyber-crime: Irish government briefed by cyber security authorities (BBC News) Cyber security authorities believe they have identified the gang behind the ransomware hacks.
To pay or not to pay: HSE faces a choice between ‘two evils’ following cyberattack (The Irish Times) Russian cybercrime gang members like to portray themselves as ‘professionals’
Amazon extends ban on police use of its facial recognition technology indefinitely (Washington Post) The tech giant said in June its freeze would last a year to "give Congress enough time to implement appropriate rules." No federal laws have been passed since.
French data watchdog president: GDPR sucessfully stood 'pandemic test' (www.euractiv.com) The EU's flagship data protection regulation, known as the GDPR, has stood the test of the COVID-19 health crisis, the president of French data watchdog CNIL said at the release of the body's annual report for 2020 on Tuesday (18 May). EURACTIV France reports.
GDPR Fines to Surpass €30 Million in the EU (Euro Cheddar) The EU is set to surpass fines of €30 million in the first quarter of 2021. Find out what this means for Europeans.
Argentina Orders Facebook to Suspend WhatsApp Data Sharing (SecurityWeek) Argentina has ordered Facebook to suspend its data use policy allowing it to collect information from users of its WhatsApp messaging app.
FBI: IC3 Received 6 Million Cybercrime Complaints Since Inception (SecurityWeek) Internet Crime Complaint Center (IC3) received more than one million cybercrime complaints over the past 14 months.
A Lawyer's Guide to Ephemeral Messaging (JD Supra) Over the past 10 years, ephemeral messaging – digital communication platforms that automatically delete messages after a set amount of time – has...
Apple's Phil Schiller Defends Data Practices In Epic Trial (Law360) Apple fellow Phil Schiller defended the company's data collection practices and App Store review procedures during a high-stakes antitrust bench trial Tuesday, after Epic's counsel claimed Apple stores personal user data for a decade and pointed out sexually explicit apps available on the App Store.
Fortinet BrandVoice: The Hard Truth And Good News About The Fight Against Cybercrime (Forbes) As we emerge from lockdowns and survey the challenges and changes of a post-COVID digital world, it would be understandable if many security and IT teams were suffering from a sense of breach fatigue.
How a Green Beret captain sold out his own teammates to Russia (Task & Purpose) “It sounds crazy and almost unbelievable," one soldier said.
Man targeted by D.C. police for sharing hacked data speaks out (The Daily Dot) D.C.'s Metropolitan Police Department (MPD) has placed a man under investigation that it claims shared hacked data across social media.
Arizona Senate president says 2020 recount will proceed, despite angry objections from Maricopa County officials (Washington Post) The Republican president of the Arizona Senate said Tuesday that an audit of the 2020 vote in Maricopa County being conducted by private contractors will go forward, despite furious pushback from local GOP officials, who this week called the process a “sham” that is harming democracy.
Michigan judge dismisses lawsuit seeking new audit of Antrim County vote, one of the last remaining 2020 legal challenges (Washington Post) A Michigan judge on Tuesday rejected an effort to force a new audit of the 2020 election results in a county that has been central to false claims promoted by former president Donald Trump and his supporters that the election was stolen.