Dateline
Ukraine at D+202: The limitations of elites. (CyberWire) Ukraine continues to retake ground in its counteroffensive, and Russian units, including the vaunted 1st Guards Tank Army, have been very roughly handled and withdrawn from the front. In fairness to the 1st GTA, it's easy to read too much into an "elite" designation. Not much new in cyber, but Ukraine says it's handling Russian activity the way it handles cyber criminals.
Russia-Ukraine war: List of key events, day 203 (Al Jazeera) As the Russia-Ukraine war enters its 203rd day, we take a look at the main developments.
Russia-Ukraine war live: Zelenskiy makes surprise visit to recaptured Izium; Russia ‘almost certainly’ using weapons from Iran (the Guardian) Zelenskiy compares situation in Izium to Bucha; Russia has probably used Iranian drones for first time, says UK
Liberated Ukraine residents rejoice as Russian troops "running away" from key city of Kharkiv (CBS News) Residents in liberated towns and villages across a huge swath of ground retaken by Ukraine's forces crying tears of joy, but Russia has left devastation in its wake.
Here’s what Russian soldiers left behind when they withdrew from Izyum (Washington Post) The Ukrainian counteroffensive in the country’s northeast has forced Russia to surrender a wide swath of territory that it spent months, and many lives, capturing.
Ukraine’s counteroffensive explained in maps (Al Jazeera) Ukraine says it has recaptured 8,000 square kilometres (3,090 square miles) of territory from Russian forces this month.
Ukraine war: Shock and joy in newly liberated villages (BBC News) "They asked 'is anyone alive?' and I realised they were ours," says one woman. "They were so beautiful."
Russia-Ukraine war latest: 150,000 Ukrainians freed from Russian rule (The Telegraph) Some 150,000 Ukrainians have been freed from Russian occupation, Ukrainian officials announced on Wednesday, as well as an area roughly the size of the Greek island of Crete as the counter-offensive continues.
Ukraine Latest: Zelenskiy Says 6,000 Square Kilometers Regained (Bloomberg) Vladimir Putin will hold bilateral meetings this week with leaders of China, India, Turkey and Iran, the Kremlin said, as the Russian leader seeks to use a summit in Uzbekistan to counter his diplomatic isolation.
Ukrainian offensive thwarted Russia’s annexation plans in Kharkiv (Washington Post) In liberated towns and villages, occupation officials were already imposing Russian school curriculum
Vladimir Putin's elite ‘bodyguards of Moscow’ unit pulverized in Ukraine (The Telegraph) The 1st Guards Tank Army, the pride of the military’s mobile ground forces, has been 'severely degraded' by the war
Britain helped plot Ukraine counter-offensive to take back Kharkiv (The Telegraph) London and Washington have been deeply involved in assessing and advising on Ukrainian military manoeuvres
Ukraine’s advances pose question for world: can Kyiv actually win? (the Guardian) As world leaders prepare for a meeting of UN general assembly, the raging war of narratives shows no sign of abating
A Ukrainian Victory Would Liberate Eastern Europe (Foreign Policy) An outright win for Kyiv now looks possible.
Putin's Kharkiv disaster is his biggest challenge yet. It has left him with few options (CNN) Vladimir Putin has spent years cultivating a reputation as a strong foreign policy strategist who can outsmart Western leaders and restore Russia to its former glory. That image has suffered significant damage in the past few days.
Ukrainian victory shatters Russia’s reputation as a military superpower (Atlantic Council) The stunning success of Ukraine’s counteroffensive in the Kharkiv region has exposed the rotten reality behind Russia’s military superpower reputation and convinced many that a decisive Ukrainian victory is now possible.
Predictions of Putin’s Demise Are Greatly Exaggerated (Foreign Policy) The Russian autocrat’s end has been predicted, wrongly, for two decades.
Russia’s once-loyal military bloggers turn on Vladimir Putin following humiliating Kharkiv collapse (The Telegraph) As news of defeats poured in, Putin opened a Ferris wheel, visited a boxing gym and celebrated the 875th anniversary of Moscow's founding
Russian Propaganda Finds a Home in Italian Media (Foreign Policy) Since the Ukraine invasion, Italy has become a haven for pro-Kremlin disinformation and propaganda.
Ukraine is winning but needs weapons to end Russia’s genocidal occupation (Atlantic Council) Ukraine's recent Kharkiv counteroffensive was a major breakthrough but the country's Western partners must now deliver more weapons in order to achieve a decisive victory and end Russia's genocidal occupation.
North Macedonia Warned Over Cyber Safety amid Ongoing Attack (Balkan Insight) Authorities in North Macedonia have told public and private entities to beef up their online security after the education ministry was targeted again.
Ukraine’s Cyberwar Chief Sounds Like He’s Winning (WIRED) Yurii Shchyhol gives WIRED a rare interview about running the country’s Derzhspetszviazok and the state of the online conflict with Russia.
DDoS attacks on financial sector surge during war in Ukraine, new FCA data reveals (PR Newswire) Picus Security, the pioneer of Breach and Attack Simulation (BAS) technology, today released cyber incident data obtained from the UK's...
Space Force should heed Ukraine lessons as it revamps structure: CSO nominee Saltzman (Breaking Defense) The Senate Armed Services Committee confirmation hearing for Gen. Chance Saltzman as the next, and second, Space Force chief was free of major fireworks — suggesting an easy 'yea' vote.
Ukraine’s Economy Stabilizes, a Boost Alongside Rapid Military Gains (Wall Street Journal) Businesses have picked up from the depths early in Russia’s invasion, with some companies in areas away from the front lines adding jobs and becoming military suppliers. “We are well trained in recovering from all types of crises.”
Germany's Scholz, Russia's Putin discuss Ukraine in phone call (Reuters) German Chancellor Olaf Scholz urged Russian President Vladimir Putin in a phone call on Tuesday to find a diplomatic solution for the conflict in Ukraine based on a ceasefire and the complete withdrawal of Russian troops as soon as possible, a German government spokesperson said.
Russia is facing defeat in Putin’s gas war against the European Union (Atlantic Council) Vladimir Putin has declared an energy war against the European Union but there are growing signs that the Russian dictator may have overplayed his hand, writes Aura Sabadus.
Moscow’s Gas Freeze Shows EU-Russian Trade Is Doomed (Foreign Policy) Russia is limiting supply in the hope of a short-term price rise.
Attacks, Threats, and Vulnerabilities
Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations (CISA) Actions to take today to protect against ransom operations: • Keep systems and software updated and prioritize remediating known exploited vulnerabilities. • Enforce MFA. • Make offline backups of your data.
Buenos Aires legislature announces ransomware attack (The Record by Recorded Future) The legislature for Argentina’s capital city announced a ransomware attack this week, becoming the latest South American country attacked.
Snake Keylogger credential stealer slithers back on the radar of A/NZ businesses (IT Brief) Snake Keylogger – a .NET keylogger and credential stealer whose main function is to record users’ keystrokes on computers or mobile devices and transmit data to threat actors – has re-emerged on the threat landscape with a brand new malspam campaign targeting IT decision-makers.
Breach of software maker used to backdoor as many as 200,000 servers (Ars Technica) Hack of FishPig distribution server used to install Rekoobe on customer systems.
Magento vendor Fishpig hacked, backdoors added (Sansec) Magento vendor Fishpig hacked, Rekoobe backdoor added
Security Announcements (FishPig) 2022/09/13 An instrusion to the FishPig.co.uk extension license system was detected, causing a small piece of malicious PHP code to be injected pre-obfuscation into the Helper/License.php file. This file is...
CyRC Vulnerability Advisory: Denial-of-service vulnerabilities (CVE-2022-39063) in Open5GS (Application Security Blog) CVE-2022-39063 is a vulnerability in the Open5GS project, an open source implementation of 5G components.
Opsec Mistakes Reveal COBALT MIRAGE Threat Actors (Secureworks) Artifacts exposed personas and companies associated with the Iranian threat group.
China says NSA used multiple cybersecurity tools in attacks against Chinese university (ZDNET) National Computer Virus Emergency Response Center releases a report that claims "41 types of cyber weapons" were used by the US National Security Agency in recent attacks against Northwestern Polytechnical University during which a "large amount of sensitive data" was breached.
Global Companies Face Increased Threats of Violence Amid Geopolitical and Social Unrest, New Constella Survey Reveals (PR Newswire) A recent survey conducted by Constella Intelligence and commissioned by ASIS International revealed that organizations are confronting a...
Hackers Are Exploiting a French Government Website to Phish Employers (Vade) Vade has detected a new type of phishing campaign exploiting a job recruitment platform.
Cisco confirms data breach following Yanluowang ransomware attack in May (IT PRO) The tech giant insists its business was unaffected by the attack
Napa Valley College Alerts 8,000 About Possible Data Breach (GovTech) Forensic investigators say a ransomware attack in June that shut down the college's website and network systems could have given intruders access to first and last names, Social Security numbers and other data.
Napa Valley College ransomware attack caused possible data breach (North Bay Business Journal) About 8,000 people with some association to Napa Valley College recently received letters informing them of a possible data breach of personal information that occurred during the ransomware attack that struck NVC in June.
LAUSD Board Could Declare Emergency Over Cyber Attack (NBC Los Angeles) A hack last week crashed the District’s website, student and staff emails, and the system teachers use to post lessons. Video aired during Today in LA on Tuesday, Sept. 13, 2022.
How Much Do Game Developers Know About You? (TechRobot) How Much do Game Developers Know About You? An in-depth study about games and developers and what they know about us.
Security Patches, Mitigations, and Software Updates
Adobe Patches 63 Security Flaws in Patch Tuesday Bundle (SecurityWeek) Adobe rolls out security fixes for at least 63 security vulnerabilities in a wide range of Windows and macOS software products
Microsoft Releases September 2022 Security Updates (CISA) Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s September 2022 Security Update Guide and Deployment Information and apply the necessary updates.
Microsoft's September Patch Tuesday fixes five critical bugs (Computing) In a relatively quiet month, there are nevertheless several fixes for sysadmins to be aware of
Microsoft Raises Alert for Under-Attack Windows Flaw (SecurityWeek) Patch Tuesday: Microsoft says its security teams have detected zero-day exploitation of a critical vulnerability in its flagship Windows platform.
SAP Security Patch Day September 2022 (Onapsis) SAP Patch Day for September 2022 includes 16 new and updated Security Notes (including the notes that were released or updated since last Patch Tuesday).
Apple Releases Security Updates for Multiple Products (CISA) Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:
Apple fixes eighth zero-day used to hack iPhones and Macs this year (BleepingComputer) Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year.
Apple Will Let You Remove Rapid Security Response Updates in iOS 16 (Mac Rumors) Apple in iOS 16 added a new Rapid Security Response feature that's meant to make it quicker and easier for the company to deploy security improvements to iPhone users without a full iOS update. By default, Rapid Security Responses are installed automatically, but Apple has implemented a way to remove them.
Trends
Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments (Security Intelligence) As more businesses move to the cloud and fall behind on basic security best practices, more risk is introduced to their organizations. Explore highlights from the 2022 X-Force Cloud Threat Landscape Report.
The State of Threat Hunting (DomainTools) In this report, in partnership with Cybersecurity Insiders, we review feedback from cybersecurity professionals on the role and benefits of threat hunting for today’s Security Operations Centers (SOCs).
New Pen Test Research Reveals Rapid External Risk Mitigation the Top Priority in Vulnerability Management Programs (PR Newswire) Global cybersecurity pioneer Coalfire today released its fourth annual Securealities Penetration Risk Report reflecting the results of more...
How the Great Resignation Fueled the Great Employee Data Heist (Cyberhaven) Companies are hemorrhaging sensitive data, from customer information to software source code. The culprit is not hackers or ransomware gangs, but their own employees. That’s the conclusion of Cyberhaven’s groundbreaking 2022 Insider Risk Report report, The Great Data Heist (download a free copy here). The findings are based on anonymized data from over 1.4 million […]
STUDY: 90% of Security Leaders Believe Their Organization is Falling Short in Addressing Cybersecurity Risk (Foundry) Insight into Foundry's 2022 Security Priorities study, which outlines the cybersecurity related initiatives IT leaders are focused on now and in the future.
Marketplace
Opus Security Scores $10M for Cloud Security Orchestration (SecurityWeek) Israeli startup Opus Security has banked $10 million in seed round funding to build technology for cloud security orchestration and remediation.
Industrial IoT startup Litmus Automation bags new cash to grow its product (TechCrunch) Litmus Automation, an internet of things startup focused on industrial applications, has raised $30 million in a venture funding round.
SandboxAQ Acquires Cryptosense to Accelerate Delivery of Security Solutions to Global Organizations (PR Newswire) SandboxAQ, an enterprise SaaS company delivering the compound effects of AI and Quantum tech (AQ) to governments and the Global 1000, today...
Dig Security Secures $34 Million Series A Investment Led By SignalFire to Deliver Real-time Data Security for the Cloud (PR Newswire) Dig, the cloud data security leader, today announced that it has secured a $34 million Series A investment led by San-Francisco-based venture...
Tanium confirms 'organizational changes' following layoff report (Seattle Business Journal) Tanium is the latest billion-dollar company in the Seattle area to trim its workforce this summer.
Skybox Security featured in 6 Gartner® Hype Cycles™, 2022 (Business Wire) Skybox Security is proud to announce that Gartner® featured its cybersecurity solutions in six Hype Cycle Reports™ this year. Gartner Hype Cycles eval
Critical Start Continues Accelerated Growth with Executive Leadership Appointments and Promotions (Critical Start) Company hires new Chief Revenue Officer, Chief Information Security Officer, and Chief Financial Officer; promotes new senior leaders for Product, People Strategy
Gary Abad Joins LogRhythm as the VP of Global Channels (Business Wire) Industry Veteran Rejoins LogRhythm to Grow the Company’s Channel Partner Program
Derek Smith Joins SonarSource as General Counsel (Business Wire) SonarSource, the leading platform for clean code, announced that former Airbnb executive, Derek Smith has joined the company as General Counsel.
Products, Services, and Solutions
Fastmail and Bitwarden to Offer New Email Alias Integration (PRWeb) Fastmail, the privacy-focused email provider with a mission to expand online privacy and protect user data, today announced their new partnership with Bitw
JFrog Collaborates with the Rust Foundation to Root-out Open Source Software Vulnerabilities (Business Wire) JFrog Ltd. (“JFrog”) (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform, today announced a new initiative with the
Habito Reports Significant Increase in Mortgage Fraud Detection Following Implementation of Resistant AI Document Forensics Solution (Resistant.AI) Habito Reports Significant Increase in Mortgage Fraud Detection Following Implementation of Resistant AI Document Forensics Solution. 30% Improvement in Fraud Detection Plus Major Time Savings Investigating Each Suspicious Case.
Varonis Unveils One-Click Permissions Comparison and Analysis for Salesforce (Varonis) Data security leader adds game-changing new features for Salesforce admins, saving them hours in their day while improving Salesforce security posture
Compare Salesforce user permissions with ease (Varonis) Salesforce complexity breeds risk and creates headaches for admins. With complicated Profiles, Roles, Permission sets, and Groups, it is incredibly difficult and time-consuming to understand what a user can and cannot do in the CRM tool.
Theta Lake’s Compliance Archive Capture for Persistent Chat, Mobile Messaging, and Meetings Drives Exponential Company Growth (Business Wire) Theta Lake announced key growth milestones on multiple fronts.
Synack Joins the Microsoft Intelligent Security Association, Bringing the Power of Continuous and on Demand Security to Microsoft Azure (PR Newswire) Synack, a premier platform for on-demand security expertise, announced that it has joined the Microsoft Intelligent Security Association (MISA)...
IBM security SIEM SOAR IBM Steps Up to Showcase Unusual Security Competency (TechSpective) Last week, IBM had an analyst briefing on its security efforts and, unsurprisingly, it was one of the most comprehensive I have ever seen. For much of the 80s and 90s, upcoming companies like Apple, Microsoft and Sun Microsystems seemed …
Airtel and IBM to Work Together to Bring Secured Edge Cloud Services to Indian Enterprises (IBM Newsroom) IBM and Bharti Airtel announced their intent to work together to deploy Airtel's edge computing platform in India, which will include 120 network data centers across 20 cities.
Egnyte announces several new additions to its packages for managed service providers and advanced ransomware recovery (Source Security) Egnyte, the secure platform for content collaboration and governance, announces several new additions to its packages for managed service providers (MSPs), including industry-specific solutions and advanced ransomware recovery.
KPMG in India Teams with CyberArk to Deliver Identity Security Solutions (CXOToday.com) Move will help organisations reduce their overall attack surface, protecting identities and improving their security posture KPMG in India today announced it i
CyberCX secures multiyear deal with Water Corporation WA (CRN Australia) To deliver SOC and managed security services.
Concentric AI Partners with Snowflake to Enhance Data Security Posture Management for Joint Customers (AP NEWS) Press release content from Business Wire. The AP news staff was not involved in its creation. Concentric AI, a leading vendor of intelligent AI-based solutions for protecting business-critical data, today announced it has partnered with Snowflake, the Data Cloud company, to integrate its Semantic Intelligence™ solution. This integration benefits joint customers by making Concentric AI’s data security posture management capabilities readily available on the Snowflake Data Cloud.
Technologies, Techniques, and Standards
What is Insider Risk? (AwareGO) When an employee is responsible for a security breach or a data leak, it is called an insider risk because it comes from within the workplace.
Rezilion and Ponemon Release New Report; Finds Thousands of Hours Lost to Vulnerability Backlog Management Due to Lack of Prioritization and Automation (PR Newswire) Rezilion, an automated vulnerability management platform accelerating software security, and Ponemon Institute announced today the release of...
Ponemon and Rezilion: The State of Vulnerability Management in DevSecOps (Rezilion) Rezilion and the Ponemon Institute find that organizations are losing thousands of productivity hours on vulnerability management efforts due to a lack of prioritization and automation.
How to get inside the mind of hackers (Register) Spanish speaking SANS experts can help the LATAM cyber community detect and respond to attacks
Many OT cyber security experts don’t understand the systems they are trying to secure – the square peg in the round hole (Control Global) There is an old saying about not forcing a square peg into a round hole. The square peg is IT and Operational Technology (OT) network security. The round hole is the insecure Industrial Control System (ICS) field device.
Research and Development
What are quantum-resistant algorithms—and why do we need them? (MIT Technology Review) When quantum computers become powerful enough, they could theoretically crack the encryption algorithms that keep us safe. The race is on to find new ones
Dragon tails: Preserving international cybersecurity research (Atlantic Council) A quantitative study on whether legal context can impact the supply of vulnerability research with detrimental effects for cybersecurity writ large through the coordinated vulnerability disclosure process (CVD), using recent regulations in China as a case study.
Legislation, Policy, and Regulation
Indonesia Set to Pass New Data Privacy Law After Spate of Leaks (Bloomberg) Breaches include alleged data leak of 105 million Indonesians. Move comes as its digital economy to grow $146 billion by 2025.
Why the US and China need a detente in cyberspace (South China Morning Post) As accusations of cyberattacks fly between the US and China, the digital realm has become central to both nations’ security strategies. Cyber diplomacy must therefore play a bigger role in managing tensions, with more international guidelines needed.
US fouling cyberspace with its malevolent actions: China Daily editorial (China Daily) Following the release of a report by the National Computer Virus Emergency Response Center and the cyber security company 360 on the results of investigations into thousands of malicious cyberattacks on China's Northwestern Polytechnical University, China's Foreign Ministry lodged solemn representations with the US embassy on Sunday.
The White House is releasing important cybersecurity guidance today (Washington Post) First in The Cybersecurity 202: Much-awaited security guidance arrives today from the Biden administration
CISA Strategic Plan 2023-2025 (CISA) I am proud to share the 2023 – 2025 CISA Strategic Plan, the first comprehensive Strategic Plan since CISA was established as an Agency in 2018. The Strategic Plan represents a forward-leaning, unified approach to achieving our vision of ensuring secure and resilient critical infrastructure for the American people.
CISA strategy calls for cultivating ‘high-performing workforce' (Federal News Network) “Agency unification” and bolstering the workforce are major facets of CISA’s latest strategic plan.
“Proactive cyber defense” to be introduced to critical infrastructure (Databreaches.net) The government is considering introducing an “active cyber defense” system to detect signs of an attack and identify the source of the attack in order to strengthen defense against cyber attacks on critical infrastructure such as communications and electricity. Adjustments will be made in the direction of incorporating the policy into the national security Strategy to be revised by the end of the year.
U.S. government offensive cybersecurity actions tied to defensive demands (CSO Online) Current and former U.S. government officials explain the country's "defense forward" and offensive cybersecurity policies and their risks.
Request for Information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Federal Register) The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Request for Information (RFI) to receive input from the public as CISA develops proposed regulations required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Among other things, CIRCIA...
U.S. Treasury Department releases Tornado Cash guidance (Axios) The government provides a roadmap for people who used Tornado Cash for lawful transactions to withdraw their stuck funds.
Data sovereignty strategies embraced by 98% of IT decision makers in Europe and U.S., according to new research (PR Newswire) Scality today announced the results of an independent survey of IT decision makers across France, Germany, the U.K., and the U.S. about their...
Litigation, Investigation, and Law Enforcement
Darktrace admits to £3.25m accounting error (Accountancy Today) The British-American information technology company that specialises in cyber-defence, Darktrace, re
Victoria's working with children checks the worst in Australia, ombudsman finds (ABC) Victoria's working with children checks are the worst in the nation, an investigation by the state's ombudsman has found, and must be changed to protect children from predators.
‘Serious shortfalls’ in Victoria’s working with children checks: Ombudsman (Brisbane Times) Ombudsman Deborah Glass has urged an overhaul of Victoria’s working with children check scheme, after finding authorities missed multiple red flags before a boy was assaulted.
Data Security at Risk: Testimony from a Twitter Whistleblower (United States Senate Committee on the Judiciary) Full Committee DATE: Tuesday, September 13, 2022. TIME: 10:00 AM. LOCATION: Hart Senate Office Building Room 216. PRESIDING: Chair Durbin.
Twitter Employees Have Too Much Access to Data, Whistleblower Says (Wall Street Journal) Former Twitter security executive Peiter Zatko, who has accused the company of widespread security failures, said in testimony at a Senate hearing Tuesday that employee access to user data could cause “real harm.” Twitter has pushed back against Zatko’s charges, saying his comments are misleading. Photo: Brendan Smialowski/AFP/Getty Images
Twitter whistleblower reveals employees concerned China agent could collect user data (Reuters) The FBI informed Twitter Inc of at least one Chinese agent working at the company, U.S. Senator Chuck Grassley said during a Senate hearing on Tuesday where a whistleblower testified, raising new concerns about foreign meddling at the influential social media platform.
Security failures cause ‘real harm to real people’ (Washington Post) A Twitter whistleblower on Tuesday testified before Congress that the company’s failure to secure sensitive data causes “real harm to real people,” prompting senators to grapple with Washington’s inability to effectively regulate major social networks.
Twitter whistleblower testifies to Congress, calls for tech regulation reforms (The Record by Recorded Future) Former Twitter security chief Peiter “Mudge” Zatko testified before the Senate Judiciary Committee Tuesday, alleging infiltration of Twitter by foreign agents, widespread lack of data controls and ineffective U.S. regulation.
The Search for Dirt on the Twitter Whistle-Blower (The New Yorker) Many of Peiter (Mudge) Zatko’s former colleagues have received offers of payment for information about him.
Whistle-Blower Says Twitter ‘Chose to Mislead’ on Security Flaws (New York Times) At a Senate hearing, Peiter Zatko, Twitter’s former head of security, told lawmakers that the company lied about its data practices.
Twitter whistleblower says site put growth over security (Computing) And there is at least one Chinese agent at the company
Written Statement of Peiter (“Mudge”) Zatko United States Senate Judiciary Committee September 13, 2022 (Katz Banks Kumin) Chairman Durbin, Ranking Member Grassley, and Members of the Committee. At your request, I appear before you today to answer questions about information I submitted in written disclosures about cybersecurity concerns I raised and observed while working at Twitter.
What we learned when Twitter whistleblower Mudge testified to Congress (TechCrunch) Twitter's former security head testified that the FBI warned Twitter it had a Chinese spy on staff.
How China became big business for Twitter (Reuters) Even as China bars 1.4 billion citizens from Twitter, its local authorities are splurging on global advertising on the site, helping make the country the platform's fastest-growing overseas ad market and one of its largest non-U.S. revenue sources.
Twitter whistleblower exposes limits of FTC’s power (Washington Post) Peiter ‘Mudge’ Zatko alleges that Twitter flouted its promises to regulators to build a comprehensive security program, igniting concerns about enforcement and resources at the Silicon Valley watchdog
Twitter Whistle-Blower Testimony Spurs Calls for Tech Regulator (Bloomberg) Zatko accuses company leaders of ‘lying to users, investors’. Ex-hacker ‘Mudge’ tells Senate Judiciary of dire security gaps.
How Whistleblowers Navigate a Security Minefield (WIRED) Exposing wrongdoing is risky on the best of days. Whistleblower Aid cofounder John Tye explains the extensive steps needed to keep people safe.
Twitter Investors Back Musk’s Takeover Bid After Whistleblower Testifies in Congress (Wall Street Journal) The social-media company said shareholders approved the takeover offer based on a preliminary vote count. Meanwhile, the company’s former head of security said at a Senate hearing that Twitter executives’ “incentives led them to prioritize profits over security.”
Twitter shareholders approve Elon Musk’s takeover deal (Washington Post) Twitter shareholders voted Tuesday to approve Elon Musk’s $44 billion offer to take over the company, a formal step in finalizing the disputed deal that is headed to court in October.
Texas Beats Google’s Push to Toss Out Ad Tech Antitrust Suit (Bloomberg) An antitrust suit by state attorneys general accusing Alphabet Inc.’s Google of monopolizing the technology underlying online advertising can move forward, a New York federal judge ruled.
Google Loses Most of Appeal of EU Android Decision (Wall Street Journal) The tech giant lost most of its appeal to overturn the largest antitrust fine it has so far faced globally, a boost to the European Union’s campaign to rein in alleged anticompetitive conduct by big tech companies.
Tax fraud ring leader jailed for selling children’s stolen identities (BleepingComputer) The owner of a fraudulent tax preparation business, Ariel Jimenez, was sentenced to 12 years in prison for selling the stolen identities of children on welfare and helping "customers" to falsely claim tax credits, causing tens of millions of dollars in tax loss.