Dateline Moscow, Kyiv: Counteroffensive expected along the Black Sea.
Ukraine at D+160: A counteroffensive and cyber as combat multiplier. (The CyberWire) As the Ukrainian counteroffensive opens in the south, Russia continues to do what it can do: mass artillery against towns. A look at the cyber phases of the hybrid war concludes that cyber operations have now clearly become a combat multiplier.
Russia-Ukraine war: what we know on day 161 of the invasion (the Guardian) Russia accuses US of direct involvement in war; ship loaded with corn arrives at Black Sea entrance under export deal; sanctions on Putin girlfriend
Russia-Ukraine war: List of key events, day 161 (Al Jazeera) As the Russia-Ukraine war enters its 161st day, we take a look at the main developments.
Russian howitzer, tanks destroyed in "tense" day of war: Ukraine (Newsweek) The Ukrainian military said that it killed at least 20 Russian troops and destroyed several key pieces of military equipment in a "tense" day of war.
Russia-Ukraine war live: 10m Ukraine border crossings since Russian invasion, UN says; first grain exports arrive in Turkey (the Guardian) First shipment of grain to leave since invasion reaches Turkish waters; number of border crossings from Ukraine passes 10m mark
Russia Shells Apartment Buildings in Southern Ukraine (Wall Street Journal) Russian forces struck Ukrainian-held territory in the country’s south, according to local officials, as both sides shift their attention toward a looming fight for the area.
Putin’s entire Ukraine invasion hinges on the coming Battle of Kherson (Atlantic Council) Ukraine's much anticipated counter-offensive in the south of the country is now gathering momentum with many observers predicting that the looming Battle of Kherson will decide the fate of Vladimir Putin's entire invasion.
Ukrainian civil society can play a key role in securing victory over Russia (Atlantic Council) Ukraine's international partners should seek to develop stronger partnerships with the country's vibrant civil society sector and make better use of existing networks linking volunteers with the Ukrainian military.
Russia brands Ukrainian steel plant defenders terrorists (AP NEWS) Russia’s Supreme Court declared Ukraine’s Azov Regiment a terrorist organization Tuesday, a move that could lead to terror charges against some of the captured fighters who made their last stand inside Mariupol's shattered steel plant.
The Prosecution of Russian War Crimes in Ukraine (The New Yorker) Twenty-five thousand cases have been identified thus far—what does justice look like for the victims of Russia’s atrocities?
Nozomi Networks Labs Report: Wipers and IoT Botnets Dominate the Threat Landscape – Manufacturing and Energy at Highest Risk (Nozomi Networks) The latest OT/IoT security report from Nozomi Networks Labs finds wiper malware, IoT botnet activity, and the Russia/Ukraine war impacted the threat landscape in the first half of 2022.
New OT/IoT Security Report August 2022 (Nozomi Networks) Learn about the current threat landscape and tactics used by threat actors during the Russia/Ukraine war, along with IoT and vulnerability trends.
Ukraine defies Russian invasion and advances European energy integration (Atlantic Council) Ukraine has more than doubled the volume of cheap electricity it can export to EU markets as the country continues to advance its European energy integration despite Russia’s ongoing invasion.
An urgent message to our fellow senators: Support Finland and Sweden’s swift accession into NATO (Atlantic Council) Our Senate colleagues should stand resolute in support of the Alliance, our rules-based order, and liberal democracies worldwide.
Jeremy Corbyn criticises UK for ‘prolonging war in Ukraine’ (The Telegraph) Former Labour leader says sending weapons to Kyiv will not bring about a solution and the West must secure a peace deal
War in Ukraine: Irish president's wife defends letter after criticism (BBC News) Sabina Coyne Higgins wrote a letter to The Irish Times criticising an editorial on the Ukraine war.
Attacks, Threats, and Vulnerabilities
Tory leadership vote delayed after GCHQ hacking alert (The Telegraph) Exclusive: Delivery of ballot papers to members on hold after cyber fraud risk identified
Hacking concerns delay Tory leadership contest ballot distribution (Computing) The National Cyber Security Centre has warned that cyber actors could alter the votes of scores of party members
Those Pelosi-inspired cyberattacks in Taiwan probably weren't all they were cracked up to be (Washington Post) Taiwan, U.S. might not have suffered major cyberattack yet over Pelosi’s visit, but China could still retaliate
Increase in Chinese "Hacktivism" Attacks (SANS Internet Storm Center) With the US Speaker of the House, Nancy Pelosi, approaching an unusually high-level visit to China, various reports indicate an increase in military saber-rattling and a ramp-up of attacks against networks in Taiwan and the US.
Taiwanese websites hit with DDoS attacks as Pelosi begins visit (NBC News) It wasn’t clear where the cyberattacks came from. Their timing added to concerns over China’s vehement opposition to Pelosi’s visit.
Cyberattacks crashed several Taiwanese government websites hours before Pelosi’s visit. (New York Times) They resumed normal or near-normal operations after the problems were fixed, the affected agencies said.
Taiwan presidential office website hit by cyberattack ahead of Pelosi visit (POLITICO) Taiwan Presidential Office spokesperson Chang Tun-Han confirmed the attack on the office.
Taiwanese government sites disrupted by hackers ahead of Pelosi trip (The Record by Recorded Future) Several websites run by the government of Taiwan were disrupted by DDoS attacks hours before U.S. House Speaker Nancy Pelosi became the first high-ranking official in 25 years to visit the country.
Cybercriminals Plagiarize LinkedIn, Indeed Profiles to Apply for Crypto Jobs: Report (Decrypt) North Korean hackers are suspected of copying resumes and LinkedIn profiles to land jobs at crypto firms—sometimes successfully.
Phishers Bounce Lures Off Unprotected Snapchat, Amex Sites (INKY) Open redirect was at the heart of a slew of recent phishing attacks detected by INKY. In these instances, reputable (but unprotected) sites — specifically, American Express and Snapchat — were abused to send traffic to credential harvesting sites.
Behind the rise of ransomware (Atlantic Council) Between 2016 and 2019, cybercriminals shifted from automated ransomware campaigns that emphasized scale to targeted extortion operations against organizations. This adaption made ransomware more disruptive and more profitable, culminating in the 2021 surge in ransomware. Though the US government has devoted more attention to ransomware since 2021, ransomware remains a significant and long-term threat to the US economy.
From Babuk Source Code to Darkside Custom Listings — Exposing a Thriving Ransomware Marketplace on the Dark Web (Venafi) Venafi announced the findings of a dark web investigation into ransomware spread via malicious macros. Find out how Venafi can help block macro-enabled ransomware.
Ransomware in PyPI: Sonatype Spots 'Requests' Typosquats (Sonatype) Sonatype has spotted multiple typosquats of the popular Python library, 'requests' that contain ransomware scripts.
Spanish research center suffers cyberattack linked to Russia (AP NEWS) Spain’s leading scientific research body was targeted by a cyberattack that national authorities suspect had its origin in Russia, the country's science ministry said Tuesday. Spain’s science ministry said the Spanish National Research Council was targeted by the ransomware attack on July 16-17.
Over 3,200 apps leak Twitter API keys, some allowing account hijacks (BleepingComputer) Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app.
Go-Based Apps Vulnerable to Attacks Due to URL Parsing Issue (SecurityWeek) ParseThru attack allows HTTP parameter smuggling against Go-based applications, enabling threat actors to conduct unauthorized actions.
New 'ParseThru' Parameter Smuggling Vulnerability Affects Golang-based Applications (The Hacker News) Researchers have discovered a new "New ParseThru" parameter smuggling vulnerability affecting GoLang-based applications.
Malicious 'typosquat' Python packages with ransomware scripts discovered (Computing) Victims are offered the decryption key without payment, but the prank demonstrates how easy such an attack can be
Attackers cause Discord discord with malicious npm packages (Register) LofyLife campaign comes amid GitHub security lockdown
European Missile Maker MBDA Denies Hackers Breached Systems (SecurityWeek) European missile maker MBDA denies that its systems have been breached after hackers offered to sell data stolen from the company.
EU missile maker MBDA confirms data theft extortion, denies breach (BleepingComputer) MBDA, one of the largest missile developers and manufacturers in Europe, has responded to rumors about a cyberattack on its infrastructure saying that claims of a breach of its systems are false.
First Choice patients' data compromised in breach (Becker's Hospital Review) Albuquerque, N.M.-based First Choice Community Healthcare notified patients Aug. 1 that a March data breach compromised the protected health information of patients.
Big Clinic Breach Tied to Vendor's 2021 Ransomware Attack (GovInfo Security) A Florida operator of urgent care clinics recently reported to federal regulators a health data breach affecting more than 258,000 individuals tied to a vendor's
Apple Valley Unified alerts parents of data breach (KPVI) AVUSD did not specify to families what data specifically was shared with Illuminate Education that could be a part of the breach.
Some Neopets users are locked out of their accounts following data breach (Polygon) Please, my pets are starving
Bulletin (SB22-213) Vulnerability Summary for the Week of July 25, 2022 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
VMware patches critical admin authentication bypass bug (Register) Meanwhile, a security update for rsync
VMware Ships Urgent Patch for Authentication Bypass Security Hole (SecurityWeek) VMWare patches dangerous security flaw that allows malicious actor with network access to the UI to obtain administrative access without the need to authenticate.
VMware urges admins to patch critical auth bypass bug immediately (BleepingComputer) VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.
Delta Electronics DIAEnergie (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: Path Traversal, Incorrect Default Permissions, SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution, causing a user to carry out an action unintentionally.
Delta Electronics DIAEnergie (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Delta Electronics
--------- Begin Update A Part 1 of 3 ---------
Mitsubishi Electric FA Engineering Software Products (Update D) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerabilities: Heap-based Buffer Overflow, Improper Handling of Length Parameter Inconsistency 2.
Mitsubishi Electric Factory Automation Engineering Products (Update F) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation Engineering products Vulnerability: Unquoted Search Path or Element 2.
Mitsubishi Electric Factory Automation Products Path Traversal (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric, Factory Automation products Vulnerability: Path Traversal 2.
Black Kite Finds Cost of Data Breach Averages $15.01M (Business Wire) Black Kite, the leader in third-party cyber risk intelligence, today released The Cost of a Data Breach: A New Perspective, a global analysis curated
Deception at a scale (VirusTotal) Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better under...
SCADAfence Releases Results of Global Survey of IT and OT Cyber Security Professionals (PR Newswire) SCADAfence, the global leader in cyber security for Operation Technology (OT) & Internet of Things (IoT) environments, today announced the...
Two Big OT Security Concerns Related to People: Human Error and Staff Shortages (SecurityWeek) A survey shows that some of the biggest cybersecurity problems related to OT involve people, specifically human error and a significant shortage of staff.
The CISO Circuit Report – Ransomware Risk in 2022 (Edition 8) (YL Ventures) This edition spotlights today's most pressing concerns around the challenges ransomware presents to enterprise security teams. Discover why few cybersecurity executives see a need for dedicated anti-ransomware solutions, even as they grow more concerned about its inevitable shift to the cloud, and much more in the full report!
Germany’s Cyber Threat Landscape – Top 3 Lessons from the BKA Situation Report (JD Supra) Germany boasts one of the world’s largest, most sophisticated, and international economies. Companies doing business in Germany are thus an...
With Google’s Mandiant deal pending, Microsoft looks to get ahead in security threat intelligence (GeekWire) Microsoft announced two new security threat intelligence products Tuesday morning, the latest moves in a broader effort to help businesses proactively sniff out and prevent cyberattacks. Built in part on… Read More
CMA provisionally clears NortonLifeLock / Avast merger (GOV.UK) The CMA has provisionally cleared the anticipated acquisition of Avast by NortonLifeLock following an in-depth merger investigation.
Netskope Buys Zero Trust Security Company Infiot, Bolsters SASE Capabilities (MSSP Alert) Netskope will use Infiot's zero trust security technology to deliver a "fully integrated, single-vendor SASE platform.”
Netskope Discloses Infiot Acquisition, Launches ‘Borderless WAN’ Offering (CRN) Netskope acquires Infiot
Thoma Bravo doubles down on identity; backer of Inspire Fitness and Spotter raises debut fund (PE Hub) Thoma Bravo agrees to take Ping Identity private for $2.8 billion.
CRN® Honoring Jason Magee of ConnectWise in 2022 Top 100 Executives List in the Disruptors Category (GlobeNewswire News Room) Magee Makes Second Consecutive Appearance on List...
Egnyte Solidifies Investment in India with New Head of India (Egnyte) Egnyte, the most secure platform for content collaboration and governance, today announced the appointment of Sachin Shetty as the Head of India, effective immediately. Shetty will lead all operations in the region, where Egnyte has more than 100 employees in engineering, product, and marketing.
Sigma7 Appoints Jennifer Gold as Chief Technology Officer (Yahoo) Global specialty risk services company Sigma7 announced Jennifer Gold's appointment as Chief Technology Officer. Ms. Gold will oversee all elements of Sigma7's back office and client facing technologies and data strategies, assure Sigma7 maintains industry-leading cyber security, and inform the company's cyber risk advisory and technology acquisition strategies. The addition of Ms. Gold to the rapidly scaling company will support Sigma7's efforts to revolutionize the client experience and elevat
Troy Leach joins Cloud Security Alliance as Chief Strategy Officer (Help Net Security) Troy Leach joins Cloud Security Alliance as Chief Strategy Officer, reporting to the offices of the CEO and President.
CyberGRX Partners with CyberWatch to Present Nineties Inspired Concert at Black Hat (Business Wire) CyberGRX announces schedule of events hosted at the 2022 Black Hat Conference on August 9-12 at the Mandalay Bay Convention Center in Las Vegas.
Products, Services, and Solutions
Pentagon’s secret communications network to get upgrade from Booz Allen (Defense News) “DISA has made clear that we will not forget that the ‘fight’ is fought on SIPRNet,” said Christopher Barnhurst, the agency’s deputy director.
Raytheon Intelligence & Space Selects CrowdStrike to Offer Cybersecurity Customers Best-in-Class Endpoint Security (Raytheon Intelligence & Space) Raytheon Intelligence & Space, a Raytheon Technologies business, has entered into a partnership with CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, to integrate its complementary endpoint security products into RI&S’ Managed Detection and Response (MDR) service.
Claroty Unveils Cybersecurity Platform for Cyber and Operational Resilience (Claroty) New Claroty xDome empowers enterprises to both modernize and protect the continuity of the cyber-physical systems that sustain our lives
Crowdstrike's threat hunting cloud tool launched (SC Magazine) Crowdstrike unveiled a new cloud-based threat hunting service named Falcon OverWatch Cloud Threat Hunting, SiliconANGLE reports.
According to the company, Falcon OverWatch is designed to detect hidden, advanced threats that originate, persist or are operating in cloud environments, provides constant operations and support to avert breaches and other incidents and provides attack alerts as well as adversary tradecraft to disrupt these threats.
Harness Security Testing Orchestration Module is Now Generally Available to Accelerate Secure Software Delivery (Harness.io) We’ve incorporated valuable end user feedback into several key new features, which we are now excited to announce with the General Availability (GA) of the Harness Security Testing Orchestration module.
Karamba Security’s XGuard Selected to Enable HP’s ‘World’s Most Secure Printing’ Mission (Karamba Security) Karamba Security, a leader in end-to-end product security, was selected by HP to enhance security for their newest line of managed printers. The HP LaserJet Managed E800/E700 series is a new portfolio of multi-function printers optimized for a hybrid workforce.
Microsoft's new security tool lets you see your systems like a hacker would (ZDNet) Microsoft brings in its RiskIQ acquisition to launch Defender Threat Intelligence and Defender External Attack Surface Management.
Microsoft puts its RiskIQ acquisition to work (TechCrunch) Microsoft today added two new features to its Microsoft Defender security platform: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. These features are based on the company’s acquisition of RiskIQ and with this launch, Microsoft is now bringing…
Microsoft Releases New Microsoft Defender Security Services, Plus Microsoft Sentinel Solution for SAP (Redmondmag) Microsoft on Tuesday announced three new enterprise-grade security products, which are now commercially released.
Ivanti and SentinelOne Partner to Revolutionize Patch Management and Deliver Autonomous Vulnerability Assessment, Prioritization, and Remediation (Business Wire) Ivanti, the provider of the Ivanti Neurons automation platform that discovers, manages, secures, and services IT assets from cloud to edge, and Sentin
Radware Inks Reseller Deal with DataBank (GlobeNewswire News Room) Delivers DDoS protection and application security solutions...
Worldfirst and AU10TIX Upgrade Partnership to Expand Identity Verification Capabilities in Europe, the Middle East, Africa, and Beyond (AU10TIX) WorldFirst, a global fintech that connects businesses around the world with fast, affordable payments, is proud to expand its longtime partnership with leading global provider of fully automated identity verification technology, AU10TIX. Through sophisticated front-end capabilities that will allow a more robust and seamless onboarding […]
Flow Security Launches Next-Gen Data Security Platform Following $10 Million Funding (Flow Security) Flow Security today announced $10M in seed funding and launched the first data security platform that discovers and protects both data at rest and in motion
Micro Focus' CyberRes Partners with Google Cloud to Enable High-Scale Secure Cloud Analytics with Data Privacy (PR Newswire) CyberRes, a Micro Focus line of business, today announced a partnership with Google Cloud to support the upcoming release of BigQuery remote...
Druva Introduces the Data Resiliency Guarantee of up to $10 Million (Druva) The New Program Offers Robust Protection Across all Five Data Risk Categories: Cyber, Human, Application, Operation and Environmental
SPHEREboard 6.2 Release to Streamline Identity Hygiene with Precise Visibility and Contextual Remediation (PR Newswire) SPHERE, a woman-owned cybersecurity business focused on providing best-of-breed software for access governance across data, platforms and...
SentinelOne and Cribl Partner to Deliver Data Flexibility Across Cybersecurity and Observability (Cribl) Cribl product suite now integrates with SentinelOne’s Singularity XDR Platform
Appdome Announces ThreatScope™, the First Out-of-the-Box Security Operations Center for the Mobile App Economy (PR Newswire) Appdome, the mobile economy's one and only Data-Driven DevSecOps™ platform, today announced the immediate availability of ThreatScope™, a...
Technologies, Techniques, and Standards
Mission Possible: Securing remote access for classified networks (Federal Times) The Federal government understands the significance of remote access on meeting mission objectives now and in the future. Agency leaders are looking to the private sector for technology that helps them maintain the highest security levels while meeting the ease-of-access demands of today’s worker – and can be implemented quickly.
Code Dark: Children’s Hospital Strives to Minimize Impact of Hacks (Wall Street Journal) Hospitals have codes for everything from patient emergencies to hurricanes. Now, Children’s National Hospital in Washington, D.C., has one for cyberattacks.
NIST, CISA Finalizing Guidance for Identity and Access Management Post-SolarWinds (Nextgov.com) The epic intrusion campaign has turned up the brights on vendors providing authentication services, but agencies will still need to be actively engaged for effective implementation.
Harnessing threat intelligence at public sector agencies (FedScoop) The intersection between threat intelligence and automation and what that means for the government’s cloud journey.
Recent Hacker Attacks Underscore Need for Multi-faceted Cyber Security (PRWeb) A NYC area cyber security consultant and managed services provider (MSP) argues for increased cyber security in a new article on the eMazzanti Technologies w
Design and Innovation
Post-quantum encryption contender is taken out by single-core PC and 1 hour (Ars Technica) Leave it to mathematicians to muck up what looked like an impressive new algorithm.
Post-quantum cryptography candidate cracked in hours using simple CPU (Computing) Researchers claim to have cracked SIKE using a single-core Xeon processor - a far cry from the exotic world of quantum computers
Ginger Harper of First Horizon appointed to the Alabama School of Cyber Technology and Engineering (ASCTE) Foundation Board (Huntsville Business Journal) Ginger Harper, Senior Vice President, Private Client Group Manager at First Horizon, has been appointed to the Alabama School of Cyber Technology and Engineering (ASCTE) Foundation Board.
Legislation, Policy, and Regulation
SAF's new Digital & Intelligence Service necessary as cyberspace has become a 'battleground' (Mothership) Keyboard warriors are now officially a thing.
Indian Ocean Region island states on Huawei’s radar for alleged surveillance activities (The Economic Times) Huawei, in partnership with Mauritius Telecom, has proposed to build an all-cloud Safe City based on the concept of ‘one cloud and one pool; harnessing centralised, mixed storage of videos, images, voice, and structured data gathered from multiple sources including surveillance cameras. Huawei claims that it is the only vendor in the industry that can simultaneously integrate converged command, intelligent surveillance, intelligent transportation, and cloud computing, and its Safe City solution has been deployed in 230 cities in more than 90 countries and regions.
Federal Bill Would Broaden FTC’s Role in Cybersecurity and Data Breach Disclosures (The National Law Review) Last week, the House Energy and Commerce Committee advanced H.R. 4551, the "Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act"
Privacy bill strips FCC oversight of telecom data abuse, worrying consumer advocates (CyberScoop) The commission would no longer have the authority to enforce its privacy regulations for common carriers such as AT&T and Verizon.
State Department Prepares New Focus on Cyber Diplomacy (VOA) Appointee to run new State Department bureau faces Senate confirmation
Security experts urge Fick's speedy confirmation as first U.S. cyber ambassador (CyberScoop) Supporters called Nate Fick a seasoned cybersecurity leader who is not afraid to take controversial positions.
National Computer Forensics Institute up for reauthorization (FCW) The proposal would continue NCFI’s services through 2028 for any government employee who could help prevent or investigate cyber crimes.
Litigation, Investigation, and Law Enforcement
Spain Nabs Two For Allegedly Hacking Radiation Alert System (HackRead) Spanish police have confirmed arresting two nuclear power employees suspected of hacking Spain’s radioactivity alert network (RAR) operated by the country’s General Directorate of Civil Protection and Emergencies (DGPCE).
ECJ: Lithuanian anti-corruption measure not GDPR compliant (Global Data Review) The highest court in the European Union has ruled that the Lithuanian government’s publication of details relating to the private interests of directors that have received public funding was not proportionate under the GDPR.
Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial (Wired) Roman Sterlingov, accused of laundering $336 million, is proclaiming his innocence—and challenging a key investigative tool.
Phones of top Pentagon officials were wiped of Jan. 6 messages (Washington Post) The DOD is the latest part of the federal government to have deleted official phone communications relevant to investigations into the events of the Jan. 6 attack on the Capitol
Man Hacked T-Mobile Employees to Unlock Cell Phones, Rake in $25 Million (PCMAG) Argishti Khudaverdyan was found guilty of various offenses after he stole login credentials from more than 50 different T-Mobile employees across the US.
T-Mobile Might Owe You Money: Inside the $350 Million Data Breach Settlement (CNET) Here's how to find out if you're eligible to claim a payout.
Robinhood’s Crypto Unit Fined $30 Million by New York’s Top Financial Regulator (Wall Street Journal) The New York State Department of Financial Services alleges that Robinhood violated anti-money-laundering and cybersecurity regulations
Dental Care Alliance data breach $3M class action settlement (Top Class Actions) Dental Care Alliance agreed to pay $3 million to resolve claims it failed to protect consumers from a data breach.
Cops Turn To Google Location Data To Pursue A Death Penalty For 2015 Murder (Forbes) Cops in Kansas City are using a controversial “geofence” warrant to gain access to Google’s huge pool of location data that they hope will help prosecute two men for a series of crimes in 2015, including murder.