Dateline Moscow, Kyiv, Washington: Gray zone operations.
Ukraine at D+98: Friction in the gray zone. (The CyberWire) Advancing into the rubble it's created, Russia's army tries to come to grips with combat refusals. The White House says that the cyber operations NSA Director Nakasone alluded to this week are entirely consistent with the US policy of avoiding direct combat with Russia. Observers work to understand the state of the cyber phase of the hybrid war. And Russian censorship seems to be producing friction in some Russian government operations. (That's why agencies in Moscow are buying VPNs.)
Russia-Ukraine war: List of key events, day 99 (Al Jazeera) As the Russia-Ukraine war enters its 99th day, we take a look at the main developments.
Exclusive: Ukraine troops retreating in Donbas have a plan, Luhansk governor says (Newsweek) Serhiy Haidai told Newsweek the defenders remain defiant despite the intense Russian attacks, which included a strike on a chemical plant.
Russia-Ukraine latest news: Kyiv may switch off Europe's largest nuclear powerplant (The Telegraph) Ukraine would consider switching off its Zaporizhzhia nuclear power plant that lies in Russian-occupied territory if Kyiv loses control of operations at the site, an aide to the prime minister has said, Interfax news agency reports.
Documents Reveal Hundreds of Russian Troops Broke Ranks Over Ukraine Orders (Wall Street Journal) Desertions and refusal to engage in the invasion have put Moscow in a bind over how to punish service members without drawing more attention to the problem. “So many people don’t want to fight.”
The Russian Military’s People Problem (Foreign Affairs) It’s hard for Moscow to win while mistreating its soldiers.
Zelensky will be tried as war criminal if Russia captures him (Newsweek) A lawmaker in the self-declared, Russia-backed Donetsk People's Republic accused Ukraine's president of sending "neo-Nazis to Donbas to kill civilians."
Six lessons the Ukraine conflict has taught us about modern warfare (The Telegraph) From drones to the use of tanks, we dissect the masterstrokes and miscalculations of military tactics after three months of fighting
Some see cyberwar in Ukraine. Others see just thwarted attacks. (Washington Post) As Russia’s Ukraine invasion grinds through its second month, experts are still divided over whether hacking is playing a meaningful role in the conflict.
ESET Threat Report details targeted attacks connected to the Russian invasion of Ukraine and how the war changed the threat landscape (ESET) News about ESET's malware research, directly from the maker of legendary NOD32 technology.
Ukraine - 100 days of war in cyberspace (CyberPeace Institute) Since the invasion on February 24th, the CyberPeace Institute has aggregated data on cyberattacks against two sets of targets.
How the Kremlin Infiltrated Russia’s Facebook (Wired) VKontakte was created to empower free speech, but it has instead enabled government censorship and arrests.
The Long Arm of Authoritarianism (Foreign Affairs) How dictators reach across borders to shut down dissent.
Russian VPN Spending (Top 10 VPN) Documenting official Russian spending on VPN since the invasion of Ukraine
White House: cyber activity not against Russia policy (Reuters) The White House said on Wednesday that any offensive cyber activity against Russia would not be a violation of U.S. policy of avoiding direct military conflict with Russia over its invasion of Ukraine.
Exclusive: Putin treated for cancer in April, U.S. intelligence report says (Newsweek) The classified report, produced for President Biden, saw a turnaround from the previous assessment of the Russian leader's health.
Putin’s Threats Highlight the Dangers of a New, Riskier Nuclear Era (New York Times) After generations of stability in nuclear arms control, a warning to Russia from President Biden shows how old norms are eroding.
Memo to Henry Kissinger: Appeasing Putin means enabling genocide (Atlantic Council) Appeasing Russia will not end the war in Ukraine or secure peace in our time. On the contrary, it will embolden Putin, prolong Ukraine’s pain, weaken the West, and destabilize the entire world, writes Stephen Blank.
What The West (Still) Gets Wrong About Putin (Foreign Policy) Asking whether to appease or not appease him is completely beside the point.
Russia’s Imperial Arrogance Is Destroying Ukrainian Heritage (Foreign Policy) The Kremlin believes it’s the true heir of classical civilization—and is poised to replicate its pillage of Syria in Ukraine under the guise of cultural…
Denmark to join EU defence policy after historic vote (Reuters) Denmark will join the European Union's defence policy after a referendum on Wednesday, final results showed, signalling the latest shift among Nordic countries to deepen defence ties in response to Russia's invasion of Ukraine.
US and Germany to send Ukraine 'most advanced weapons yet' to hold back Russian forces (The Telegraph) Arrival of US-made M142 rockets, which have a range of as much as 50 miles, will be a 'real complication for Russian forces'
Germany promises to send Ukraine a missile defense system and radar equipment. (New York Times) The announcement came as Chancellor Olaf Scholz faced pressure over when the government would deliver on previous weapons pledges.
Germany to send air defence system to Kyiv as it boosts arms aid (Al Jazeera) Chancellor Scholz says Berlin to deliver IRIS-T missiles, radar system that will help shield against Russian attacks.
EXCLUSIVE U.S. plans to sell armed drones to Ukraine in coming days -sources (Reuters) The Biden administration plans to sell Ukraine four MQ-1C Gray Eagle drones that can be armed with Hellfire missiles for battlefield use against Russia, three people familiar with the situation said.
What to know about the ‘advanced rocket system’ the US is sending to Ukraine (Task & Purpose) Ukraine has promised not to attack Russian territory with HIMARS.
Biden’s pledge to send rocket systems to Ukraine is no silver bullet (the Guardian) Analysis: the long-delayed US deal offers just four systems that will take weeks to become operational, suggesting concerns about imposing a heavy defeat on Putin
Arm Ukraine to Win the War at Sea (Hudson Institute) NATO allies need to arm Ukraine so it can push back the Russian Navy and end Vladimir Putin’s stranglehold on Ukraine’s economy and the world’s ...
Private groups work to bring specialized combat gear to Ukraine (Washington Post) A network of former military veterans is providing commercially available equipment they say is lacking in front-line units engaging Russian forces, often at close range
‘We were all wrong’: how Germany got hooked on Russian energy (the Guardian) The long read: Germany has been forced to admit it was a terrible mistake to become so dependent on Russian oil and gas. So why did it happen?
Russia and the west compete to secure safe passage for Ukraine’s grain (the Guardian) Analysis: both sides agree grain must reach world markets soon but each wants to decide how
Russia’s war on global food security (Atlantic Council) Russia has blocked and mined all of Ukraine’s Black Sea ports and hindered nearly all of Ukraine’s exports, notably of grain. Russia’s blockade of Ukraine’s grain exports may cause starvation of up to 47 million people. Opening Ukraine's ports for shipping, especially Odesa, must be an urgent international priority.
World risks civil unrest amid 'catastrophic' food crisis (The Telegraph) Rising prices and dwindling supplies are not expected to resolve before 2024
Russia could be suspended from OPEC's oil-output agreement. 4 experts lay out what that could mean for the price of oil and the wider energy market. (Markets Insider) OPEC members discussed removing Russia from its monthly supply quota agreement, WSJ reported. Here's what analysts say could happen to global oil supply.
Don't ignore the exchange rate: How a strong ruble can shield Russia (Atlantic Council) Western governments should remember: Relying on the medium- to long-term effects of sanctions gives Russia plenty of time to prepare.
Attacks, Threats, and Vulnerabilities
Clipminer Botnet Makes Operators at Least $1.7 Million (Symantec Enterprise Blog) Malware used for cryptocurrency mining and clipboard hijacking.
Karakurt Data Extortion Group (CISA) Actions to take today to mitigate cyber threats from ransomware: • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enforce multifactor authentication.
Karakurt Data Extortion Group (CISA) CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group. Karakurt actors steal data and threaten to auction it off or release it to the public unless they receive payment of the demanded ransom.
US Agencies: Karakurt extortion group demanding up to $13 million in attacks (The Record by Recorded Future) The Karakurt data extortion group is making exorbitant ransom demands of victims ranging between $25,000 to $13,000,000 in Bitcoin, according to a new alert from US agencies.
GootLoader Expands its Payloads Infecting a Law Firm with IcedID (eSentire) Read this security bulletin to learn about the most recent GootLoader attacks and find out how to protect your business from this cyber threat.
Microsoft Office zero day vulnerability discovered (Security Magazine) A new Microsoft Office zero-day security vulnerability allows adversaries to execute PowerShell commands via Microsoft Diagnostic Tool (MSDT) by opening a Word document.
Microsoft zero day under attack as industry awaits patch (Cybersecurity Dive) Users can potentially trigger the exploit by previewing the document in Windows Explorer, without the need for a full download, researchers say.
China-backed hackers exploiting unpatched Microsoft zero-day (TechCrunch) The high-severity vulnerability is being used in attacks to execute malicious PowerShell commands via the Microsoft Diagnostic Tool (MSDT) on Office documents.
China-linked hackers are exploiting a new vulnerability in Microsoft Office (The Verge) Attacks reportedly targeted the Tibetan community in exile.
ESET Research: Lazarus attacks aerospace and defense contractors worldwide while misusing LinkedIn and WhatsApp (EIN News) During the annual ESET World conference, ESET researchers have been presenting about a new investigation into the infamous Lazarus APT group. Director of ESET
The Reverse Text Attack (Avanan) Hackers are reversing the text in a phishing email to fool scanners.
Ransomware attacks need less than four days to encrypt systems (BleepingComputer) The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019.
Browser-in-the Browser sextortion scam (Zscaler) Browser-in-the Browser sextortion scam makes victims pay by imitating Indian Gov.
Ransomware Group Claims to Have Breached Foxconn Factory (SecurityWeek) Cybercriminals using the LockBit 2.0 ransomware claim to have breached a major Foxconn facility in Mexico.
Unpatched Vulnerability Exposes Horde Webmail Servers to Attacks (SecurityWeek) The Horde webmail software is affected by a critical vulnerability that can be exploited to hijack an organization’s emails.
Australian National Disability Insurance Scheme provider breached and treating its database as compromised (ZDNet) CTARS breached in mid-May and some of the most sensitive data imaginable is now up on the dark web.
Security Patches, Mitigations, and Software Updates
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird (CISA) Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
BD to patch cybersecurity risks found in drug dispensing, lab management tech (Fierce Biotech) BD said it would issue software updates for two of its products after discovering separate privacy concerns and potential hacking risks in each. | BD said it would issue software updates for two of its products after discovering separate privacy concerns and potential hacking risks in each.
Trends
Proofpoint’s Annual Human Factor Report Reveals How 2021 Became the Year Cyber Criminals Got Creative (Proofpoint) Proofpoint, Inc., a leading cybersecurity and compliance company, today unveiled its annual Human Factor report, which provides a comprehensive examination of the three main facets of user risk—vulnerability, attacks, and privilege—and how threat actors continue their ceaseless creativity as they exploit the many opportunities presented by people.
The State of Ransomware in Healthcare 2022 (Sophos News) Get the latest insights into ransomware attacks, ransom payments, and the fast-changing cyber insurance healthcare market over the last year.
New Insights from Absolute Software Reveal Increased Risk Exposure amid Continued Adoption of Work-from-Anywhere (Absolute) Absolute is the leading visibility and control platform that gives you tamper-proof protection for all of your devices, data and applications. With the Absolute Platform, you get the power of asset intelligence, continuous compliance and endpoint hygiene.
Report: Data-Driven Tools Prove to be Instrumental to Business Growth (Foundry) Foundry's 2022 Data & Analytics study highlights organizations' plans for data-driven tools, their goals, investments and challenges.
Marketplace
Incognia Raises $15.5M Series A to Combat Increased Identity Fraud (GlobeNewswire News Room) Funding to support global expansion to counter billions of dollars in identity fraud losses...
Netskope Acquires WootCloud, Extending Zero Trust Capabilities to Enterprise IoT (Dark Reading) Contextual Intelligence derived with machine learning helps customers identify, assess and remediate threats from IoT devices on their networks, achieving full visibility and control.
Devo Announces $100 Million Funding Round Led by Eurazeo to Fuel Global Expansion and Acquisitions - Devo.com (Devo.com) Devo announces $100 million in Series F funding at a valuation of $2 billion. Total capital raised now exceeds $500 million.
Air Force sticks with incumbents for $950M agile cyber program (Washington Technology) The Air Force Research Laboratory is focusing on sensors, infrastructure and other key technology areas.
Cerberus Sentinel completes acquisition of Creatrix, Inc. (GlobeNewswire News Room) U.S. cybersecurity services firm expands security and identity management services with woman-owned business...
Paladin Capital Group Announces Close of $372 Million Cyber Fund II (Business Wire) Paladin Capital Group announced the closing of its Cyber Fund II, a $372 million multi-stage fund that invests in cybersecurity startups.
1Kosmos Receives Investment from Gula Tech Adventures (MarTech Series) 1Kosmos, that unifies identity proofing announced that Gula Tech Adventures, led by Ron Gula, has made a strategic investment in 1Kosmos.
Cybersecurity firm Digital Shadows to be bought by ReliaQuest for $160 million (The Record by Recorded Future) Digital Shadows announced on Wednesday that ReliaQuest is buying the threat intelligence specialist for $160 million.
Cybereason Lays Off 10% of Staff Months after Raising $325M (GovInfo Security) Late-stage security startup Cybereason has laid off 10% of its employees in response to deteriorating market conditions less than a year after raising $325 million.
The Great Resignation Reaches the Cybersecurity Industry, According to Deep Instinct Report | Deep Instinct (Deep Instinct) Deep Instinct, the first company to apply end-to-end deep learning to cybersecurity, today released the third edition of its annual Voice of SecOps Report. The study focused on the increasing and unsustainable stress levels among 1,000 C-suite and senior cybersecurity professionals across all industries and roles.
Trellix Survey Findings: A Closer Look at the Cyber Talent Gap (Trellix) The results of a survey commissioned and release by Trellix this week shows 85% of respondents believe the workforce shortage is impacting their organization’s abilities to secure increasingly complex information systems and networks.
NSO Group, Maker of Pegasus Spyware That Infected iPhones, Now Faces Financial Struggle (Tech Times) The NSO Group CEO is now looking for ways to fix its financial problem, even suggesting selling to countries that are red-flagged by the government.
Here's Why the World's Most Infamous Spyware Maker Is Broke (Gizmodo) A new pivot by CEO Shalev Hulio would entail selling the NSO Group's notorious products to countries that have been deemed “elevated-risk” clients.
Snyk Celebrates Significant Partner Program Milestones, Reaching More Global Developers in More Places (Snyk) Company Announces New Leadership, Partner Relationships and Programs to Further Drive Community Use of Snyk Solutions
Axis Security Wins Gold Award for Startup of the Year - Security Services at 2022 IT World Awards (PR Newswire) Axis Security has been named both Startup of the Year | Security Services Gold winner at the 17th Annual 2022 Information Technology World...
iboss Joins Microsoft Intelligent Security Association (MISA) (Yahoo) iboss, a leader in Zero Trust Edge, announces the expansion of its relationship with Microsoft by joining the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISV) and managed security service providers (MSSP) that have integrated their security products and services with Microsoft's security products. Through this collaboration with Microsoft, joint customers benefit from secure, fast access to resources from anywhere, which also allows customers
Cybersecurity firm Netskope opens office in Clayton as 'primary hub' for central U.S. operations (St, Louis Business Journal) The Santa Clara, California-based cybersecurity firm recently opened a new office in Clayton, with plans to add to its local workforce.
Facebook parent Meta COO Sheryl Sandberg is stepping down (CNBC) Sandberg joined Facebook in early 2008 as the No. 2 to Facebook CEO and co-founder Mark Zuckerberg.
Sheryl Sandberg Stepping Down as COO of Facebook Parent Meta Platforms (Wall Street Journal) During her tenure, Facebook became one of the world’s most profitable companies and she became one of the most prominent women in business.
Sheryl Sandberg Will Leave Meta After 14 Years—But Tells Forbes She Has ‘Full Faith And Confidence’ In Tech Giant (Forbes) The chief operating officer of Meta told Forbes she wants “more control over what I do with my own time on a daily basis,” and will focus on philanthropic endeavors like her Lean In organization.
DiData appoints new CEO as Werner Kapp departs (ITWeb) The systems integrator appoints Alan Turnley-Jones as chief executive officer of Dimension Data Middle East and Africa, effective immediately.
Products, Services, and Solutions
Mandiant and Interos Join Forces to Advance Supply Chain Cyber Risk Management (Mandiant) Mandiant and Interos announced a joint research partnership to provide supply chain leaders advanced insights and analysis.
RSA Pivots to Exclusive Focus. Identity Once Again the ‘Beating Heart’ of RSA (RSA) RSA, a global leader in identity and access management (IAM) solutions for the planet’s most security-sensitive organizations, approaches the RSA Conference in San Francisco as an organization well into a dynamic transformation, with significant announcements to make.
MFGx Launches Fuuz Platform with Acumatica to Give Manufacturers Greater, Real-time Insights into their Operations (PRWeb) MFGx, a Michigan-based software integration and development company serving the manufacturing industry, announced its Fuuz™ manufacturing platform is now
Berkshire Bank Selects Salt Security for API Security as its Business Operations Scale (PR Newswire) Salt Security, the leading API security company, today announced that Berkshire Bank, a leading socially responsible community bank with office...
Keyfactor Unveils New Open-Source Community to Fuel Innovation in Cybersecurity (Business Wire) Keyfactor launches its new open-source community, promoting secure collaboration and knowledge-sharing on PKI, digital signing, and crypto tools.
Horizon3.ai Offers First External and Internal Autonomous Penetration Testing Platform in One Self-Service Portal (Business Wire) Horizon3.ai Offers First External and Internal Autonomous Penetration Testing Platform in One Self-Service Portal
ESET NetProtect suite protects customer devices connected to Telco and ISP networks - Help Net Security (Help Net Security) ESET has announced a new suite of products for the Telecommunications and Internet Service Provider (Telco and ISP) industry.
Armis Unveils Industry's First End-to-End Risk-Based Vulnerability Lifecycle Management Across the Extended Asset Attack Surface (Yahoo Finance) Armis, the leading unified asset intelligence platform, today announced Armis Asset Vulnerability Management (AVM), the only solution for risk-based vulnerability management that enables organizations to prioritize mitigation efforts across the entire asset attack surface, including IT, OT, ICS, IoMT, IIoT, Cloud and cellular-IoT, managed or unmanaged. This solution strengthens the Armis Platform which provides unified asset visibility and superior security across the extended attack surface.
Forter Announces Forter Plugin - Salesforce Commerce for B2C on Salesforce AppExchange, the World's Leading Enterprise Cloud Marketplace (Business Wire) Forter, the Trust Platform for digital commerce, today announced it has launched Forter Plugin for Salesforce Commerce for B2C on Salesforce AppExchan
Semperis Unveils Purple Knight Post-Breach for Partners to Accelerate Malware-Free Recovery from Active Directory Attacks and Help Prevent Follow-on Assaults (Business Wire) Semperis, a pioneer of identity-driven cyber resilience for enterprises, today announced the release of Purple Knight Post-Breach, a channel-only edit
FORWARD NETWORKS ADDS NEW VERIFICATION CAPABILITIES TO MAKE HYBRID MULTI-CLOUD NETWORKS MORE SECURE (PR Newswire) Forward Networks, the only provider of network digital twin technology that delivers network agility, predictability, and security for...
Technologies, Techniques, and Standards
DHS Seeks To Ensure 5G Cybersecurity (SIGNAL Magazine) A DHS program designed to secure fifth-generation cellular communications known as 5G could complete the last of its nine projects next year.
CISA Solicits Feedback on Finer Points of Coming Software Transparency Requirement (Nextgov.com) The agency has identified four topics—including considerations for cloud and online applications—it wants to hear more about from stakeholders.
U.S. Space Force Starting Tests for Cybersecurity Initiative (Defense Daily) In the coming months, the U.S. Space Force's Space Systems Command (SSC) is to begin testing cybersecurity qualification of commercial satellite
MDIC, HSCC Team Up to Establish Medical Device Security Benchmarks (Health IT Security) Experts from MDIC, HSCC, and BD discuss a new self-assessment tool that aims to establish medical device security benchmarks.
How to improve cyber attack detection using social media (SearchSecurity) Social media can benefit cyber attack detection practices, for example, by helping security teams learn about new attack tools and techniques. Learn more.
Okta’s Fearful Cyber Response Worse Than Hackers’ Peek—How 3 Tempting Tech Crisis Shortcuts Cost More (Forbes) Leaders’ best cyberattack responses prioritize ‘what must go right’ customer trust actions over ‘what could go wrong’ legal fears.
Research and Development
DeepPass — Finding Passwords With Deep Learning (Medium) One of the routine tasks operators regularly encounter on most engagements is data mining. While exactly what operators are after varies…
The Race to Hide Your Voice (Wired) Voice recognition—and data collection—have boomed in recent years. Researchers are figuring out how to protect your privacy.
Academia
Space Force cyber hiring program signs on its first university partner (The Record by Recorded Future) California State University, San Bernardino (CSUSB) announced Tuesday that the school will be the first to join a new U.S. Space Force program that aims to strengthen the future of space system security.
Legislation, Policy, and Regulation
China's draft cybersecurity rules pose risks for financial firms, lobby group warns (Reuters) China's proposed cybersecurity rules for financial firms could pose risks to operations of western companies by making their data vulnerable to hacking, among other things, a leading lobby group has said in a letter seen by Reuters.
Illumio calls for change as ransomware attacks cost Australian Businesses on average $250,000 (Stockhead) Illumio says the time is ripe for massive cybersecurity change, as a new report shows Australia is lagging behind the rest of the world.
Govt yet to set up national security agency (Otago Daily Times Online News) A new national intelligence and security agency has not yet been established, despite it being a key recommendation from the Christchurch mosque...
Brazil's digital currency implementation pushed to 2024 (ZDNet) The roll-out has been delayed due to a workers' strike at the country's Central Bank.
Dutch intelligence service using controversial Israeli hacking software (NL Times) Dutch intelligence service AIVD uses controversial hacking software from the Israeli company NSO Group, the Volkskrant reported based on information from four sources. The AIVD used the software to break into Ridouan Taghi's phone, among other things, according to the newspaper.
US export ban on hacking tools tweaked after public consultation (The Daily Swig) Government has sought to allay misgivings of cybersecurity industry
Former Marine, cyber exec Nate Fick selected as State's inaugural cyber ambassador (CyberScoop) Also an author, Fick spoke at the 2008 Democratic National Convention.
Litigation, Investigation, and Law Enforcement
Europol Announces Takedown of FluBot Mobile Spyware (SecurityWeek) Europol today announced the takedown of FluBot, a piece of mobile malware targeting both Android and iOS devices that has been fast-spreading via SMS messages.
WeLeakInfo.to and Related Domain Names Seized (US Department of Justice) WASHINGTON – The FBI and the U.S. Department of Justice announced today that they have seized the internet domain name weleakinfo.to and two related domain names, ipstress.in and ovh-booter.com, following an international investigation into websites allowing users to buy access to stolen personal information or to perform attacks on victim networks.
FBI seizes domains tied to stolen records, DDoS services (CyberScoop) U.S. authorities took down a related site in 2020.
DOJ seizes three web domain names used for cybercrime (The Record by Recorded Future) The U.S. Department of Justice and FBI announced Tuesday they had seized domains related to sale of stolen data and DDoS attacks.
Line Between Criminal Hackers and Nation-State Threats Blurs, U.S. Officials Say (Wall Street Journal) Ransomware groups and foreign intelligence services increasingly overlap to rake in money and cover their tracks, complicating U.S. efforts to stop them.
Wray: FBI Blocked Planned Cyberattack on Children's Hospital (SecurityWeek) The FBI thwarted a planned cyberattack on Boston Children’s Hospital by hackers sponsored by the Iranian government, FBI Director Christopher Wray said.
US Charges Ex-OpenSea Exec With NFT Insider Trading (CoinDesk) Department of Justice officials say it's the first time they've pursued an "insider trading" charge involving digital assets.
Tim Hortons app tracked movement in violation privacy laws -Canadian regulator (Reuters) Canadian coffee chain Tim Hortons' mobile app regularly tracked and recorded locations of its users even when their app was not open in violation of the country's privacy laws, Canada's privacy regulator said on Wednesday in a report concluding a two-year-old investigation.
Tim Hortons app tracked too much personal information without adequate consent, investigation finds (CBC) The federal privacy commissioner’s investigation into the Tim Hortons mobile app found that the app collected granular location data for the purpose of targeted advertising and the promotion of its products but that the company never used the data for those purposes.
Illinois Workers Sue Microsoft Over Biometric Privacy Law (Law360) A proposed class of workers wants to hold Microsoft liable for violations of Illinois' biometric privacy law, arguing in a state court complaint that because the tech giant stores biometric information on behalf of a payroll service used by their employers, it's also subject to regulation under the statute.
Marine vet pleads guilty to cyberstalking, ‘sextortion’ while on active duty (Marine Corps Times) Many of the Torrance, California, area victims knew each other.