Dateline Houston, Texas, to Linden, New Jersey: Colonial Pipeline's ransomware incident.
Could the ransomware crisis force action against Russia? (MIT Technology Review) What touches the American psyche more deeply than a gas shortage? If the Colonial Pipeline attack is any measure, nothing. Ransomware has been a growing problem for years, with hundreds of brazen criminal hacks against schools, hospitals, and city governments—but it took an attack that affected people’s cars for the US to really take notice. …
James Stavridis - Russia and the Pirates of the Cyber Seas (Asharq AL-awsat) Queen Elizabeth had a problem, and it was not Meghan and Harry. This was the first Queen Elizabeth, who ruled from 1558 to 1603. Her problem was Spain. The Catholic Spanish Empire continually threated Protestant England, using vast resources flowing
US denies disrupting Russian cyber group behind Colonial pipeline hack (TheHill) The United States did not take action against the cyber criminal group that was behind the ransomware attack on Colonial Pipeline earlier this month, officials told
Lessons CIOs Can Learn from the Colonial Hack (CIO Insight) The Colonial Pipeline hack is an opportunity for CIOs to refocus their companies' attention on the importance of security.
Colonial Pipeline Accused of Negligence in Proposed Class Action (Bloomberg Law) Colonial Pipeline Co. and its owners acted negligently by employing lax cybersecurity standards that left the company vulnerable to a massive ransomware attack, a proposed Georgia federal court class action alleges.
Attacks, Threats, and Vulnerabilities
FSB NKTsKI: Foreign 'cyber mercenaries' breached Russian federal agencies (The Record by Recorded Future) Foreign hackers have breached and stolen information from Russian federal executive bodies, the Russian government said in a report published last week.
Hackers Targeted SolarWinds Earlier Than Previously Known (SecurityWeek) The hackers who carried out the massive SolarWinds intrusion were in the software company’s system as early as January 2019, months earlier than previously known, SolarWinds CEO said
CrowdStrike breaks down 'Golden SAML' attack (SearchSecurity) At RSA Conference 2021, CrowdStrike demonstrated how the 'Golden SAML' attack technique can give threat actors a stunning amount of access to organizations.
UK, US may be behind SolarWinds hack, says Intelligence Service Director (TASS) In April, the UK National Cyber Security Centre (NCSC) claimed that the Foreign Intelligence Service Is behind the hack of the US-made SolarWinds software
Microsoft warns of malware campaign spreading a RAT masquerading as ransomware (The Record by Recorded Future) The Microsoft security team has published details on Wednesday about a malware campaign that is currently spreading a remote access trojan named STRRAT that steals data from infected systems while masquerading as a ransomware attack.
New WastedLocker Variant Exploits Internet Explorer Flaws (GovInfoSecurity) A new WastedLocker malware variant, dubbed WastedLoader, is exploiting two vulnerabilities in Internet Explorer to insert malicious advertisements into legitimate
Threat Thursday: This RAT Keeps a ToxicEye on Your Data (BlackBerry) ToxicEye RAT harvests a treasure trove of content from the victim’s local machine, including the user’s hostname, username, passwords, Internet browsing history, desktop contents, saved bookmarks, cookies, and any credit card data stored in the user’s web browser.
Epilogue (Intrusion Truth) Recap In our last article, we identified Mr Zhao Jianfei as the MSS officer supporting Chinese hackers Li Xiaoyu and Dong Jiazhi. Mr Zhao works the Guangdong State Security Department, highlighting…
Report: how cybercriminals abuse API keys to steal millions (CyberNews) Our researchers found that criminals are able to abuse API keys and steal crypto from their victims without being granted withdrawal rights.
Threat Thursday: Delving Into the DarkSide (BlackBerry) DarkSide ransomware is distributed as a Ransomware as a Service (RaaS) and is used to conduct targeted attacks. DarkSide made headlines recently due to its attack on the U.S. fuel pipeline system, the Colonial Pipeline.
'Data poisoning' with machine learning may be the next big attack vector (SC Media) Imagine the damage of an attacker actually being able to influence the samples that used to train models in machine learning.
Alaska Health Department Website Targeted in Malware Attack (SecurityWeek) The Alaska health department website was the target of a malware attack and a similar attack previously targeted the state’s court system.
Conti ransomware gives HSE Ireland free decryptor, still selling data (BleepingComputer) The Conti ransomware gang has released a free decryptor for Ireland's health service, the HSE, but warns that they will still sell or release the stolen data.
Ireland testing decryption key that could ease impact of health system cyberattack (Reuters) Ireland said on Thursday that experts were examining a decryption tool that had been posted online that might help unlock IT systems disabled by a massive ransomware attack on its health service operator.
Cyber-attack on Irish health service 'catastrophic' (BBC News) The head of Ireland's health service says a hack of its IT systems has been "stomach churning".
Irish health system struggling to recover from cyberattack (AP NEWS) Ireland’s health system struggled to restore computers and treat patients Tuesday, four days after it shut down its entire information technology system in response to a ransomware attack.
Irish Hospitals Are Latest to Be Hit by Ransomware Attacks (New York Times) Hospitals in Ireland, New Zealand and Scripps Health in San Diego are reeling from digital extortion attacks.
'Cybersecurity incident' hampers non-urgent care at hospitals in New Zealand (CyberScoop) Health officials in New Zealand have for multiple days been dealing with a “cybersecurity incident” that has hindered non-urgent care at multiple hospitals south of the capital of Auckland. Local media are reporting that ransomware is the cause.
Update on the Cyber Security Incident (Scripps Health) An update on continued patient care at our hospitals and facilities.
CNA Financial Paid $40 Million in Ransom After March Cyberattack (Bloomberg) Payment bigger than previously disclosed ransoms, experts say. Malware tied to Russian cybergang sanctioned by U.S. in 2019.
Ransomware Gangs 'Playing Games' With Victims and Public (BankInfoSecurity) "They’re playing games," is how one security expert describes Conti ransomware-wielding attackers' "gift" of a decryptor to Ireland's crypto-locked health service, while still demanding a ransom to not leak stolen health data. The same could be said of the DarkSide gang's promised retirement.
Next steps in the fight against ransomware attacks (WYFF) The ransomware attack that forced the largest pipeline on the East Coast to shut down for several days was just the latest in a string of vicious ransomware attacks.
Kaleida Health reveals third-party data breach of 600 pharmacy patients' information (The Buffalo News) The company, CaptureRx, will be notifying each individual involved in the breach with a letter, Kaleida Health said.
Domino's India data breach: All you need to know about the 13 TB breach (OpIndia) Hackers had announced on an infamous hackers' forum that they got access to the Domino's India servers and downloaded 13 TB of data | OpIndia News
Mobile stalkerware is on the rise (Help Net Security) Mobile stalkerware, which is software silently installed by stalkers onto victims’ mobile devices without their knowledge, is on the rise.
Don't Fall For Search Engine Scams (Avast) Just because it's Top 10, doesn't mean it's good. Here's how to avoid search engine scams and find the information you're actually searching for.
Could Bots be Snagging High-Demand Campsites, Golf Tee Times and Other Outdoor Activities? (PerimeterX) PerimeterX CMO Kim DeCarlis discusses the increase in registrations for outdoor leisure activities and the implications it can have for bad bot traffic.
Security Patches, Mitigations, and Software Updates
Multiple RTOS (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendors: Multiple
Equipment: Multiple
Vulnerabilities: Integer Overflow or Wraparound
CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.
Trends
Infosec experts: Threat landscape is worst in 60 years (SearchSecurity) Dmitri Alperovitch, chairman of Silverado Policy Accelerator, and Sandra Joyce, executive vice president at FireEye, led an RSA keynote on the global threat landscape.
CrowdStrike Co-Founder: Ransomware Even Bigger Threat Than Nation-States (SDxCentral) Ransomware poses a graver threat than nation-state cyberattacks, said CrowdStrike co-founder Dmitri Alperovitch at the RSA Conference. [CyberWire note: Dmitri Alperovitch has now left CrowdStrike and is now with the Silverado Policy Accelerator.]
New Dashlane Report: The Future of Security in the Hybrid Workplace (PR Newswire) Today, Dashlane released "The Future of Security in the Hybrid Workplace" report, commissioned in partnership with Datalands, which looks at...
Cybersecurity in Healthcare: A Critical Need in the Digital Age (BioSpace) The global healthcare cyber security market is predicted to lay a strong foundation of propelling growth on the growing need of network security, a type of IT security widely sought by healthcare organizations.
Why It’s Time for a Cybersecurity ‘Reboot’ (GovInfoSecurity) Roger Sels of BlackBerry believes our approach to cybersecurity is broken. In this video, he explains how security leaders can safeguard their organizations more
Marketplace
DISA posts cyber vulnerability RFI (Intelligence Community News) On May 20, the Defense Information Systems Agency (DISA) posted a request for information (RFI) for cyber vulnerability services.
Support for early-stage startups key to cementing global cyber leadership (Information Age) Saj Huq, director at LORCA, discusses how support for early-stage startups can cement cyber leadership for the UK
Endpoint Security Provider ThreatLocker Raises $20 Million (SecurityWeek) Endpoint security provider ThreatLocker this week announced that it secured $20 million in a Series B funding round that brings the total capital raised by the company to $24.5 million.
Intel and Dell back $90M round for data access security specialist Immuta (SiliconANGLE) Data security startup Immuta Inc. has raised $90 million from a large group of investors that included the venture capital arms of Dell Technologies Inc. and Intel Corp., it was announced today.
Cloud governance and compliance startup Immuta raises $90M (VentureBeat) Immuta, a company providing cloud governance and compliance tools, has raised $90 million in venture capital.
Carlyle Group combines IST Research and Two Six Labs to form new company (InsideDefense.com) Private-equity firm the Carlyle Group earlier this year combined IST Research and Two Six Labs to form a new company called Two Six Technologies, led by a former Booz Allen Hamilton executive and focused on quickly getting products to the field.
EXCLUSIVE: Dimension Data’s parent opts to stay in the game (BusinessLIVE) Japanese parent doubles down on its investment in the Johannesburg-based IT company
CircleCI nabs $100M, buys Vamp release orchestration (SearchSoftwareQuality) DevOps platform provider CircleCI recently received $100 million in venture funding and acquired the Vamp release orchestration engine to its portfolio.
Massachusetts bets on cyber to boost economic recovery, add jobs (SC Media) Massachusetts is investing in cybersecurity as a means to restore jobs and the local economy, state officials said at the RSA Conference.
Palo Alto Networks earnings exceed estimates amid worries about cybersecurity (CNBC) Work from home and cybersecurity issues have brought a greater focus on security, Palo Alto Networks CEO Nikesh Arora said, as the company posted 25% growth.
Will Positive Earnings Change the Trajectory of Booz Allen Hamilton Stock? (Entrepreneur) Shares of Booz Allen Hamilton (NYSE:BAH) stock are struggling to find direction in advance of the company’s earnings report on May 21, 2021. Investors in the data analytics company have had a volatile ride so far in 2021.
ConnectWise partners promised cyber security growth with new programme launch (Channel Pro) Company says it will provide more proactive sales support for those looking to grow their service offering
Lookout Wins Three Cyber Defense Magazine Global InfoSec Awards (PR Newswire) Lookout, Inc., an integrated endpoint-to-cloud security company, today announced that it has been awarded the titles of Mobile Endpoint...
N-able Hires New Chief Security Officer As Spinout From SolarWinds Looms (CRN) Dave MacKinnon joins N-able as its new chief security officer as the company prepares for life independent of its parent company, SolarWinds.
Bud Cramer, Ellen McCarthy, Bryan Ware Join Exiger Advisory Board (GovCon Wire) Looking for the latest GovCon News? Check out our story: Bud Cramer, Ellen McCarthy, Bryan Ware Join Exiger’s Advisory Board. Click to read more!
Products, Services, and Solutions
New infosec products of the week: May 21, 2021 (Help Net Security) The featured products this week are from the following vendors: ReversingLabs, Qualys, 1Password, Eclypsium, and WatchGuard.
Johnson Controls partners with DigiCert to bring the next level of digital trust to smart building solutions (PR Newswire) Johnson Controls (NYSE: JCI), the global leader for smart, healthy and sustainable buildings, announced today it has partnered with DigiCert,...
Kudelski Security Launches FusionDetect™ to Strengthen Managed Detection & Response (MDR) for Enterprises (Kudelski Security) New cloud-native integrated platform enables enhanced threat detection and faster response at scale Cheseaux-sur-Lausanne, Switzerland, and Phoenix (AZ), USA, May...
Charles River Associates (CRA) Expands Forensic Services Practice (StreetInsider.com) Charles River Associates (NASDAQ: CRAI), a worldwide leader in providing economic, financial and management consulting services, today announced Daniel Roffman has joined as a vice president in the Company's Forensic Services Practice.
Insurance Industry Continues to Select Verisk’s AIR as its Modeler of Choice for Catastrophe Risk Management, Including Class of 2020 (GlobeNewswire) Catastrophe modeling firm AIR Worldwide announced that newly established international insurance and reinsurance companies from the “Class of 2020,” have selected AIR as their modeler of choice to help manage their catastrophe risk.
Avast launches new Business Hub platform for partners and businesses (ITBrief) Avast has announced the official launch of its security platform Avast Business Hub for partners and businesses.
Avast helps UK charity tackle tech-enabled domestic abuse (Telecompaper) Digital security and privacy company Avast has partnered with Refuge, a national domestic abuse charity in the UK, to combat technology-enabled domestic abuse.
Arete Introduces Arsinal Cyberthreat Protection Software (CIO Applications) The new offering provides substantially broader security for organizations of all types and sizes...
Microsoft releases SimuLand, a test lab for simulated cyberattacks (BleepingComputer) Microsoft has released SimuLand, an open-source lab environment to help test and improve Microsoft 365 Defender, Azure Defender, and Azure Sentinel defenses against real attack scenarios.
Happiest Minds in pact with CyberArk for managed services provider (mint) Happiest Minds aims to address the evolving need for credentials management in multi-cloud environments, DevOps pipeline, and robotic process automation through end-to-end consulting, implementation, maintenance services
ServiceNow doubles down on cybersecurity with expanded Microsoft alliance (SiliconANGLE) ServiceNow Inc. introduced new integrations with Microsoft Corp. products during its Knowledge 2021 virtual conference today that promise to make enterprises’ cybersecurity operations more efficient.
Sophos develops detection capabilities to thwart in-memory cyber threats (Security Brief) Fileless malware is a type of covert threat that injects code directly into the memory of a compromised machine, often to avoid detection.
PKWARE to offer their data discovery tool as part of TrustArc's platform (Help Net Security) TrustArc and PKWARE announced a partnership to offer PKWARE's data discovery tool, DG Discovery, as part of the TrustArc platform.
CleanINTERNET for the Healthcare Industry (CTOvision.com) Read Byron Rashed explain how Centripetal Networks' CleanINTERNET can help protect the most vulnerable healthcare sector against cyber attacks on their blog : The healthcare industry incurs the highest average data breach costs at a huge $7.13 million, 84% more than the global average. In the wake of high-profile breaches like the SolarWinds attack and
Emergo by UL, MedCrypt pair on cybersecurity (Medical Design and Outsourcing) Emergo by UL and MedCrypt will jointly offer cybersecurity risk management and mitigation for connected medical devices and systems. Medtech and
Technologies, Techniques, and Standards
Don’t Make Haste! The Downside of Rushing Attribution (CSO Online) Collecting the wrong indicators of compromise (IOCs) can actually do more harm than good.
Key lessons from train firm’s ‘shocking’ cybersecurity test (Raconteur) It turns out that hoaxing your own staff may not be the best PR exercise, but is it an effective way to test cybersecurity resilience?
Zero-trust security: Assume that everyone and everything on the internet is out to get you – and maybe already has (The Conversation) Most people think of trust as active – you place your trust in someone or you don't. But weak cybersecurity, like leaving your front door unlocked, is a matter of trust, too.
RSA 2021: 4 Common Myths of Cybersecurity Incident Response Planning (Technology Solutions That Drive Business) Data breaches are all but inevitable, yet too few businesses have formalized plans for how they will respond to an attack.
Don't Let Scary Headlines Shape Your Company's Cyber-Resilience Strategy (Dark Reading) Resilience planning should be based on data and backed by technology, cybersecurity pros agreed at this week's RSA Conference.
Learning from Oldsmar cyber attack, expert details how to protect critical infrastructure (WFLA) A security expert tells 8 On Your Side, the City of Oldsmar dodged a bullet. Colonial Pipeline wasn’t so lucky. As gas stations along the eastern seaboard ran dry, computer hackers forced the…
Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations (Dark Reading) When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.
How Often Should Businesses Run Cybersecurity Awareness Training? (ID Agent) How often should businesses run cybersecurity awareness training? We've got the answer to the best cadence and how that impacts retention.
Design and Innovation
Data61 drops world-class seL4 security team (InnovationAus) The world leading Australian research team that developed the extremely hard to hack seL4 microkernel has been disbanded by the CSIRO, with staff to be moved to AI projects or sacked in a restructure of Data61.Work will continue on the project through an independent seL4 Foundation established last year but those involved say it will be difficult to attract funding and world leading talent will be lost.
The Foundation for Interoperable and Portable Security Automation is Revealed in NIST’s OSCAL Project (NIST) Today’s blog is from Michaela Iorga, Senior Technical Lead of the Computer Security Division (CSD) in the Information Technology Laboratory at NIST.
TikTok rolls out tools to bulk delete and report comments, block users (TechCrunch) TikTok today is introducing a feature that will allow creators to deal with online abuse in an easier way. The company is launching new tools that will allow creators to bulk delete comments and block users, instead of having to moderate comments one-by-one. The update may be somewhat controversial…
Twitter is letting anyone apply for verification for the first time since 2017 (The Verge) Its new rules for verified accounts came into force in January.
Academia
CNCC to begin offering Cybersecurity program this fall (Craig Press) A little over a year after receiving a $500,000 grant from the Colorado Attorney General’s office for the creation of a cybersecurity program at Colorado Northwestern Community College, the local community college will officially begin…
Taking an In-Depth Look at a Masters in Cybersecurity (Programming Insider) Cybersecurity is a growing industry, and there is an increasing demand for experts who know how to help protect individuals and organizations from data theft and cyber-attacks. If you are considering moving into this area
Legislation, Policy, and Regulation
China could have ordered Huawei to shut down Australia’s 5G, government warned (The Sydney Morning Herald) A senior spy says the main risk posed by Huawei’s involvement in Australia’s 5G system was not Chinese spying but that Beijing could order the company to disconnect the network altogether.
GOP Sens. Rip DOE For Lifting Ban On Chinese Grid Supplies (Law360) Republican senators slammed the Biden administration for revoking a Trump-era order banning certain Chinese electrical equipment from systems serving critical defense facilities, saying the White House wasn't treating potential cybersecurity threats from China as seriously as it should.
Call for ransom reporting framework to tackle cyber criminals (Australian Financial Review) Labor’s cyber security spokesman Tim Watts believes Australia can go on the offensive and signal to criminal groups there will be consequences if they attack Australian companies.
The Cybersecurity 202: Cybersecurity pros are split on banning ransomware payments (Washington Post) Some cybersecurity pros want to ban ransomware victims from paying hackers to unlock their computer systems. They argue it’s the only way to halt a wave of debilitating and increasingly brazen cyberattacks for profit.
Opinion | Worried About Cyberhacks? Say Now You’ll Never Pay Ransom (Wall Street Journal) Lesson from kidnapping: Meeting criminals’ demands only encourages more criminal behavior.
U.S. Treasury seeks reporting of cryptocurrency transfers, doubling of IRS workforce (Reuters) The Biden administration's tax enforcement proposal would require that cryptocurrency transfers over $10,000 be reported to the Internal Revenue Service and would more than double the IRS workforce over a decade, the U.S. Treasury said on Thursday.
How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World (Dark Reading) A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.
The Long-awaited 2021 Cyber Executive Order (cyber/data/privacy insights) On May 12, 2021, the US president issued an “Executive Order on Improving the Nation’s Cybersecurity.” The EO follows on the heels of the Colonial Pipeline ransomware attack, along with the Codecov and Solar Winds supply-chain attacks. While the EO focuses primarily on internal-government actions, t
Israel Is a Cyber Superpower But Chooses Bombs to Fight Hackers in Gaza (Vice) Israel doesn't need sophisticated cyber attacks against Hamas because it doesn't face consequences for bombing civilians in Gaza.
So Far, Yet So Close: Japanese and Estonian Cybersecurity Policy Perspectives and Cooperation (ICDS) Estonia and Japan are among the leaders in cyber diplomacy and cybersecurity on the global stage, Japan also being a key strategic partner for the EU and NATO. They have many similarities in their approaches to cybersecurity and state behaviour in cyberspace, which has established solid ground for closer bilateral ties.
HMRC spends £250k training staff to be hackers (Accountancy Daily) HMRC has spent £262,251 on cyber security training for its staff over the last two years, according to official figures
Ransomware: Should paying hacker ransoms be illegal? (BBC News) As cyber-attacks intensify around the world, two experts argue for or against a ban on payments
U.S. Treasury calls for stricter cryptocurrency compliance with IRS, says they pose tax evasion risk (CNBC) The Treasury Department announced that it will require any transfer worth $10,000 or more to be reported to the IRS.
Biden’s IRS Plan Would Double Agency Staffing, Target Cryptocurrency (Wall Street Journal) The Treasury Department projects the Biden administration’s tax enforcement plan would generate $700 billion over the next decade.
House Homeland Security Committee Advances Slate of Cybersecurity Bills (Meritalk) The House Homeland Security Committee voted May 18 to advance five bills that would look to improve the nation’s cybersecurity in several areas, including protecting pipeline infrastructure, testing cybersecurity readiness, and improving state and local cybersecurity, among others.
Industry coalition asks appropriators to boost CISA funding (FCW) CISA received $650 million from the American Rescue Plan Act, but the agency's top officials have described that as only a 'down payment' to move the government's cybersecurity efforts.
CISA Official Promotes an Emerging Cybersecurity Role in Wake of New Executive Order (Nextgov.com) Move over CISOs, it may be time to make room for chief product security officers.
Solarium Commission's Recommendations: The Top Priorities (GovInfo Security) In a session at RSA Conference 2021, three cybersecurity experts said top priorities among the U.S. Cyberspace Solarium Commission's recommendations that have not
We could see federal regulation on face recognition as early as next week (MIT Technology Review) On May 10, 40 advocacy groups sent an open letter demanding a permanent ban on the use of Amazon’s facial recognition software, Rekognition, by US police. The letter was addressed to Jeff Bezos and Andy Jassy, the company’s current and incoming CEOs, and came just weeks before Amazon’s year-long moratorium on sales to law enforcement…
Skilled hackers with good intentions (Federal News Network) Over the years, the DoD has been at the vanguard of ethical hacking and bug bounty programs, where the good guys find cybersecurity flaws in their systems and let them know.
State House Unanimously Approves Cybersecurity Bill (CBIA) The state House unanimously passed legislation May 20 that incentivizes businesses to adopt recognized cybersecurity standards.
Litigation, Investigation, and Law Enforcement
Irish High Court serves HSE hackers an injunction to block data leak (IT PRO) The legal action aims to prevent the Conti hacking group from leaking sensitive medical data
Indonesia summons state health insurer over alleged data leak (Reuters) Indonesian authorities on Friday summoned state insurer BPJS Kesehatan, which provides universal health coverage, as part of an investigation into an alleged breach of personal data involving millions of people, the communications ministry said.
Hackers steal ID's and claim unemployment benefits in victims' names (WINK NEWS) As if having your personal information being stolen isn’t enough, crooks are using a recent data breach to steal your money. Thieves are collecting unemployment money by using something vital to your everyday life – your driver’s license. Some people received a notice from Geico that there was a data breach and personal information may …
Election disinformation was a ‘game changer,’ Maricopa County, Ariz., CISO says (StateScoop) Maricopa County CISO Lester Godsey told an RSA Conference panel that government cybersecurity teams need to make countering disinformation a core service.
CCPA Breach Class Action Settlement About to Get “Minted” (The National Law Review) Although the California Consumer Protection Act (“CCPA”) went into effect on January 1, 2020 and over 100 class actions referencing the CCPA have been filed to date, very few class actions
Pennsylvania Health Department Firing COVID-19 Contact Tracing Company After Data Breach (CBS Local Pittsburgh) The Pennsylvania Department of Health will be terminating the contract with the company hired to do COVID-19 contact tracing after a data breach impacting at least 72,000 people.
Arizona secretary of state may not let Maricopa County reuse voting machines after audit (azcentral) Arizona secretary of state says Maricopa County should not reuse vote-counting machines handed over to contractors in Senate's election recount.
Hacker Pleads Guilty To Stealing Pa. Hospital Workers' Info (Law360) A Michigan man pled guilty in Pennsylvania federal court Thursday to hacking the human resources department at the University of Pittsburgh Medical Center and stealing personnel records for more than 65,000 employees, spurring $1.7 million in false tax refunds and a major class action against UPMC.
Watchdog Sends Quicken Loans To FTC Over Privacy Claims (Law360) An industry watchdog has asked the Federal Trade Commission to investigate whether Quicken Loans misled consumers by claiming in ads that those who want to learn more about mortgage refinancing options don't have to register or login, even though they need to provide "a significant amount of personal information" to obtain the promised offer.