Dateline
Ukraine at D+259: Russian military takes responsibility for retreat. (CyberWire) Russia's retreat from Kherson represents a major setback. Threatened Russian interference with US elections did not materialize. An SVR phishing campaign is reported, and some security researchers warn that Russian hacktivist auxiliaries may grow more dangerous over time.
Ukraine war latest: Ukraine closes in on Kherson as Russia retreats (The Telegraph) Ukraine has advanced seven kilometres in two different directions in the south and captured 12 settlements in the last 24 hours, Ukraine's army chief says
Russia-Ukraine war: List of key events, day 260 (Al Jazeera) As the Russia-Ukraine war enters its 260th day, we take a look at the main developments.
Russia-Ukraine War: Russia Says It’s Withdrawing From Kherson City, a Blow to Putin’s War Effort (New York Times) The city was the only regional capital to fall to Russian forces since they invaded Ukraine in February. A Russian retreat would be a major victory for Kyiv’s forces.
Russia withdraws from Kherson in highly symbolic defeat (The Telegraph) Loss of the only Ukrainian regional capital the Kremlin had captured will prove greatly embarrassing for Vladimir Putin
Russia Suffers 'Catastrophic Strategic Disaster' in Ukraine (U.S. Department of Defense) Russian President Vladimir Putin's invasion of Ukraine has been "a massive strategic failure," Colin H. Kahl, the undersecretary of defense for policy, said.
Putin makes top brass take the fall for Kherson humiliation – and that’s no accident (The Telegraph) The Russian president is clinging on to other parts of southern Ukraine in the faint hope he will be painted as a tactical genius
Opinion Why the Russian retreat from Kherson is so significant (Washington Post) Adolf Hitler was notorious during the German invasion of the Soviet Union for refusing to give his troops permission to retreat even when that was the only tactical move that made any sense. Even when the Red Army was encircling the German Sixth Army outside Stalingrad in late 1942, the Füehrer refused permission for his troops to stage a breakout. “I won’t go back from the Volga!” he shouted.
100,000 Russian military casualties in Ukraine: US general (Al Jazeera) Russian and Ukraine forces have each suffered about 100,000 troops killed or wounded in action, US general estimates.
Pentagon: Russia has likely lost half its tanks in Ukraine (The Hill) Russia has likely lost half its tanks, used up most of its precision-guided weapons and suffered tens of thousands of casualties so far in its war against Ukraine, the Pentagon’s top poli…
Russia deportations probable ‘crimes against humanity’: Amnesty (AL Jazeera) Civilians tell rights group they endured ‘abusive screening processes’ as they were taken from Ukraine to Russia.
Russian leader in Kherson 'killed' (The Telegraph) Kirill Stremousov, the Russian-installed deputy head of Ukraine's southern Kherson region, was said to have died in a car crash
“Wonder Weapons” Will Not Win Russia’s War (Defense One) Russia’s turn to kamikaze drones is premised on a flawed strategy.
Russia’s security chief discusses Ukraine, trade on visit to Iran (Al Jazeera) Nikolai Patrushev meets his Iranian counterpart and Iran’s president, as Moscow and Tehran look to deepen ties.
Russia, Iran hold security talks amid suspected drone supplies (Your Middle East) Iran acknowledged for the first time on Saturday that it had supplied Moscow with drones but said they were sent before the war in Ukraine, where Russia has used drones to target power stations and…
Russia's Putin won't attend upcoming G-20 summit in Bali (AP NEWS) Russian President Vladimir Putin will not attend the Group of 20 summit in Indonesia next week, an Indonesian government official said Thursday, avoiding a possible confrontation with the United States and its allies over his war in Ukraine.
Putin won't travel to G20 summit in Bali, but may make virtual appearance (Axios) Russian officials said earlier this year he would travel to Bali despite the invasion of Ukraine.
Long-term assistance command to oversee training mission with Ukraine (Military Times) Security Assistance Group-Ukraine represents the Pentagon’s first move to create more long-term force structure in Europe since Russia’s invasion.
As Swiss block ammo transfer for Ukraine, tensions with Germany grow (Breaking Defense) Germany is the largest importer of Swiss-made weapons, and some politicians are looking to leverage that.
Defend. Resist. Repeat: Ukraine’s lessons for European defence (ECFR) Ukraine has mounted an innovative response to Russian aggression in 2022. The rest of Europe can learn from this – but should continue to provide weapons and training in return
What's 'Putin's chef' cooking up with talk on US meddling? (AP NEWS) Yevgeny Prigozhin has had many roles: Convicted felon and hot dog vendor. Owner of a swanky St. Petersburg restaurant and holder of lucrative government catering contracts. Founder of a mercenary military force involved in Russia's various conflicts.
They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming (Mandiant) APT29 successfully phished a European diplomatic entity and abused the Windows Credential Roaming feature.
APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network (The Hacker News) Russia-linked APT29 hackers has been found leveraging a "lesser-known" Windows feature called "Credential Roaming" in attack on European diplomatic.
CAUTION‼️ russian hackers are sending emails with malicious links from the SSSCIP (State Service of Special Communications and Information Protection of Ukraine) The experts of the Computer Emergency Response Team of Ukraine CERT-UA detect mass emails containing malicious links allegedly on behalf of the State Service of Special Communications and Information Protection of Ukraine. This activity is attributed to the UAC-0010 group (Armageddon).
Russian hackers send out emails under the name of Ukraine's State Service of Special Communications and Information Protection (Yahoo) Russian hackers are sending out emails with malicious links under the name of the State Service of Special Communications and Information Protection of Ukraine. Source: Official website of the State Service of Special Communications and Information Protection of Ukraine Quote: "Specialists from the government's Computer Emergency Response Team of Ukraine CERT-UA have recorded a mass distribution of emails with malicious links allegedly under the name of the State Service of Special Communication
Russia Carrying Out Cyber Attacks On Ukraine's Energy Facilities For Maximum Blackout - SSU (Ukrainian News) Russia carries out numerous cyber attacks on Ukraine's energy facilities to cause a maximum "blackout." This was told by the head of the Cybersecurity Department of the SSU Illia Vitiuk.
Russian hacktivist ‘noise’ may hide real dangers (Cybernews) As pro-Russian hacktivist groups become progressively more organized, their ranks could grow with far more resourceful cadres tied to the government.
Cyber ambassadors call for international rules to prevent attacks (The National) Ukraine has proved to be a 'wake-up call' to threats, with a global agreement required for 'rules of the road'
ISRAEL/UKRAINE : Israel's Cyberglobes is SBU's new OSINT supplier (Intelligence Online) Israeli open source intelligence firm Cyberglobes has scooped up a contract, previously held by Rayzone and Ultra, to supply Ukraine's internal intelligence service, the SBU.
Attacks, Threats, and Vulnerabilities
Statement from CISA Director Easterly on the Security of the 2022 Elections (Cybersecurity and Infrastructure Security Agency) Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly issued the following statement today on the security and the resilience of the 2022 elections:
No ‘Specific or Credible’ Cyber Threats Affected Integrity of Midterms, CISA Says (Nextgov.com) Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.
U.S. vote counting unaffected by cyberattacks, officials say (PBS NewsHour) No digital intrusions are known to have affected the counting of the midterm vote. Officials on Election Day kept close watch for domestic and foreign threats.
After cyber attack, NY county is extra careful with big vote (AP NEWS) Uncertainty over the outcome of New York's governor's race was prolonged on Election Night when officials in one of the state's most populous counties spotted an unexpected slowdown in the wireless transmission of vote totals, and took action amid lingering concerns over a cyber attack two months ago.
How Hackers Target Nations (Avanan) Governments are on the receiving end of scores of attacks a day.
Civil society groups report surveillance and intimidation at Cop27 (the Guardian) Attenders say actions of Egyptian authorities are threatening their participation at conference
Hack the Real Box: APT41’s New Subgroup Earth Longzhi (Trend Micro) We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August.
New hacking group uses custom 'Symatic' Cobalt Strike loaders (BleepingComputer) A previously unknown Chinese APT (advanced persistent threat) hacking group dubbed 'Earth Longzhi' targets organizations in East Asia, Southeast Asia, and Ukraine.
North Korea attempted to hack Israeli crypto firm, siphon off funds (The Business Standard) Hackers from North Korea earlier this week tried to hack into the systems of an Israeli company that deals in the field of cryptocurrency, according to reports in Israel.
Google Reveals Spyware Vendor's Use of Samsung Phone Zero-Day Exploits (SecurityWeek) Google has detailed an exploit chain believed to be used by a spyware vendor to target Samsung phones.
Kaspersky researchers uncover previously unknown cyber threats (SecurityBrief Australia) APT actors are now strenuously used to create attack tools and improve old ones to launch new malicious campaigns.
Windows devices targeted by updated IceXLoader (SC Media) Thousands of enterprise and personal machines running on Windows around the world may have been impacted by the updated IceXLoader malware loader.
Abusing Microsoft Customer Voice to Send Phishing Links (Avanan) Hackers are using Microsoft Customer Voice to send phishing links.
15,000 sites hacked for massive Google SEO poisoning campaign (BleepingComputer) Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.
Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network (The Hacker News) Researchers have linked the hacker group "Keksec" to a new campaign that uses malicious Chromium-based browser extensions to spy on hacked computers.
The Case of Cloud9 Chrome Botnet (Zimperium) Web browsers contain the most lucrative pieces of information about a user and thus are becoming an interesting target for malware developers. Every keystroke or session cookie can contain very private information about a user, and access to such information can create critical security and privacy issues.
This virus is sold for $118 on the Dark Web and has already infected millions of computers (Gearrice) IceXLoader, as explained by The Hacker News, is a basic malware that is sold on underground forums on the Dark Web. It sells for $118 and is commonly
Checkmk: Remote Code Execution by Chaining Multiple Bugs (2/3) (SonarSource) The second article of this series outlines how an attacker can leverage the ability to forge arbitrary LQL queries to gain access to the NagVis component.
Camping World and Good Sam Announce Recent Data Breach That Leaked Sensitive Consumer Information (JD Supra) On November 7, 2022, CWGS Group, a holding company that does business under the name Camping World and Good Sam filed, reported a data breach with the...
Medibank breach: Hackers start leaking health data after ransomware attack (TechCrunch) Russian-speaking cybercriminals are leaking sensitive personal and health data stolen from Australia's largest health insurance firm.
Medibank: Hackers release abortion data after stealing Australian medical records (BBC News) People affected by the breach say they have already been targeted by scammers and malware attacks.
Security Patches, Mitigations, and Software Updates
‘High-severity’ vulnerability found in computers used by large oil and gas utilities (The Record by Recorded Future) The makers of a popular computer system used widely by large oil and gas utilities worldwide have patched a vulnerability discovered by security company Claroty.
ICS Patch Tuesday: Siemens Addresses Critical Vulnerabilities (SecurityWeek) Siemens and Schneider Electric have released their Patch Tuesday security advisories for November 2022.
Lenovo driver goof poses security risk for users of 25 notebook models (Ars Technica) Hackers can exploit vulnerabilities to install malicious firmware that survives reboots.
Lenovo Notebook BIOS Vulnerabilities (Lenovo Support US) Lenovo Security Advisory: LEN-94952
Intel, AMD Address Many Vulnerabilities With Patch Tuesday Advisories (SecurityWeek) Intel and AMD have patched many vulnerabilities in their products, including high-severity flaws, with their Patch Tuesday updates.
Citrix Releases Security Updates for ADC and Gateway (CISA) Citrix has released security updates to address vulnerabilities in Citrix ADC and Citrix Gateway. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Updates CTX463706 and apply the necessary updates.
VMware Releases Security Updates (CISA) VMware has released security updates to address multiple vulnerabilities in VMware Workspace ONE Assist. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0028 and apply the necessary updates and workarounds.
Microsoft Releases November 2022 Security Updates (CISA) Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment Information and apply the necessary updates.
Microsoft releases patches for 68 vulnerabilities, including ‘ProxyNotShell’ zero-days (The Record by Recorded Future) Microsoft released fixes for 68 vulnerabilities this week, including two zero-days known collectively as “ProxyNotShell” and nine others rated critical.
Patch Tuesday Update - November 2022 (Balbix) Well daylight savings time for much of the United States has arrived. Changing clocks is always a good reminder to do other maintenance like change your smoke alarm batteries, put in new air filters…
LinkedIn Adds Verified Emails, Profile Creation Dates (KrebsOnSecurity) For whatever reason, the majority of the phony LinkedIn profiles reviewed by this author have involved young women with profile photos that appear to be generated by artificial intelligence (AI) tools. We’re seeing rapid advances in AI-based synthetic image generation…
Trends
BlueVoyant Research Reveals Defending Digital Supply Chains Remains a Business Challenge (PR Newswire) BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released the findings of its...
The State of Supply Chain Defense: Annual Global Insights Report (BlueVoyant) How does an organization successfully mitigate risk within its supply chain once it’s identified? Download our third annual global insights report to learn more.
Research Report | The State of Email Security 2022 (Tessian) The report that captures the true state of email security in 2022, brought to you by Tessian. Read on to discover the latest trends and key findings related to advanced threats and data loss on email in the modern day enterprise.
Toward the cutting edge: SMBs contemplating enterprise security (WeLiveSecurity) ESET's 2022 SMB Digital Security Sentiment Report shows that SMBs’ overall confidence in cyber-resilience for the next 12 months remains low.
DevOps Tools & Infrastructure Under Attack (Wallarm) Key findings from the Wllrm Qurte
Don’t Let Underlying IT Complexity Block Your Road to Successful Authentication - Axiad (Axiad) We asked, and more than 250 of you answered. Survey says: it’s complicated! Our recent...
Ransomware attacks on US government organizations cost over $70bn from 2018 to October 2022 (Comparitech) Between 2018 and October 2022, 330 individual ransomware attacks were carried out against US government organizations, potentially impacting more than 230 million people and costing an estimated $70 billion in downtime alone. Over the last few years, ransomware has become a huge cause for concern for all kinds of organizations. This is no more true […]
Research Report | The State of Email Security 2022 (Tessian) The report that captures the true state of email security in 2022, brought to you by Tessian. Read on to discover the latest trends and key findings related to advanced threats and data loss on email in the modern day enterprise.
Cybersecurity: These are the new things to worry about in 2023 (ZDNET) Today's security problems are still to be fixed. But evolving technologies and a fast-changing world mean there are new challenges, too.
15 cyber threats to prepare for in 2023: from phone-camera hijacking to ransom-vaporware (ITP.net) Cyber breaches are no longer thrilling the news-people. Only the most novel and sinister attacks have the potential to grab the attention of media professionals
UK’s National Cyber Security Centre Releases 2022 Annual Review (JD Supra) The United Kingdom’s National Cyber Security Centre (NCSC) recently released its 2022 Annual Review, which reports on the state of cyber security...
New Era of Online Risks Calls for Innovative Approach to Cyber Insurance, According to Swiss Re (Crowdfund Insider) New Era of Online Risks Calls for Innovative Approach to Cyber Insurance, According to Swiss Re
New Cybersecurity Analysis Reveals 4 Out Of 10 Work Emails Are Unwanted (Yahoo) New research from cyber security provider Hornetsecurity has revealed that 40.5% of work emails are unwanted. The Cyber Security Report 2023, which analysed more than 25 billion work emails, also reveals significant changes to the nature of cyber-attacks in 2022 - indicating the constant, growing threats to email security, and need for caution in digital workplace communications.
Marketplace
Security Posture Management Firm Veriti Emerges From Stealth With $18.5M in Funding (SecurityWeek) Security posture management startup Veriti has emerged from stealth mode with $18.5 million in funding rounds led by Insight Partners, NFX, and AMITI.
More Than 30 Industry-Leading CISOs Personally Invest in Endor Labs’ Mission to Secure Open Source Software for App Development (Business Wire) More Than 30 Industry-Leading CISOs Personally Invest in Endor Labs’ Mission to Secure Open Source Software for App Development
Island raises additional $60M funding for its secure enterprise browser (SiliconANGLE) Island raises additional $60M funding for its secure enterprise browser - SiliconANGLE
Island Extends Its Series B with an Additional $60M Investment (Island) Georgian investment reaffirms Island’s $1.3B Series B valuation and brings the total investment in the company to over $250M
Rapid7 eyes "significant growth opportunity" in APJ (CRN Australia) Security vendor names former VMware figure Rob Dooley to lead expansion.
Keeper Security Expands Global Presence with Cloud Data Centers in Japan and Canada (PR Newswire) Keeper Security, the leading provider of zero-trust, zero-knowledge and FedRAMP Authorized cybersecurity software, is expanding its global...
Salesforce fires hundreds of employees (Computing) The company says it supports employees affected by such moves
Musk seeks to reassure advertisers, promises rapid changes to Twitter (Washington Post) The billionaire owner answered questions on hate speech, verification and advertiser concerns during a publicly broadcast meeting on Twitter Spaces
U.S. Department of Labor Awards NetCentrics Platinum Medallion Award for Hiring Veterans (EIN News) HIRE Vets Award Recognizes Exemplary Efforts in Recruiting, Employing, and Retaining Our Nation's Veterans
Trellix pinches AWS APJ figure Sam Henderson (CRN Australia) After luring a Cisco exec in September to be its ANZ managing director.
Products, Services, and Solutions
Flashpoint Releases First-of-its-kind Ransomware Prediction Model for Vulnerabilities (Flashpoint) Flashpoint's new ransomware prediction model links individual vulnerabilities to those known to have been used in ransomware operations, helping vulnerability management teams prevent potential cyber extortion events with VulnDB
Elon Musk Says Twitter Is Ditching Gray ‘Official’ Check Mark Hours After Launching It (Wall Street Journal) The label was meant to indicate that the social-media company had verified an account’s authenticity.
Cowbell adds Google Workspace to its Risk Rating Model for Cyber Insurance (PR Newswire) Cowbell, the leading provider of cyber insurance for small and medium-sized enterprises (SMEs), today announced the launch of its Connector for...
Global Cybersecurity Leader eSentire Partners with InfoTrust to Deliver 24/7 Multi-Signal MDR and IR Services Across Australia (GlobeNewswire News Room) eSentire and InfoTrust Partnership Expands eSentire’s Global Footprint in Asia Pacific...
Ordr Partners with Sodexo on Managed Cybersecurity Service for Connected Devices in Healthcare (PR Newswire) Ordr, the leader in connected device security, announced today that it has partnered with Sodexo Healthcare Technology Management to deliver a...
Salt Security Achieves Microsoft Azure IP Co-sell Ready Status (PR Newswire) Salt Security, the leading API security company, today announced that it has achieved Microsoft Azure IP Co-sell Ready status, allowing the...
Gigamon ThreatINSIGHT™ Guided-SaaS NDR Now Available on Amazon Web Services (AWS) Marketplace (Business Wire) Gigamon, the leading deep observability company, today announced the availability of Gigamon ThreatINSIGHT™ Guided-SaaS NDR on the AWS Marketplace. Wi
Incode Announces Strategic Partnership with Hoteza (PR Newswire) Incode Technologies Inc., the next-generation identity verification and authentication platform for global enterprises, today announced a...
Bitdefender Reported Malicious Activity Across All 10 ATT&CK Evaluation Steps in First MITRE Engenuity ATT&CK® Evaluations for Managed Services (Business Wire) Bitdefender announced it achieved 100% coverage of steps in the first MITRE Engenuity ATT&CK Evaluation for Managed Services.
CrowdStrike Achieves 99% Coverage in MITRE ATT&CK Evaluations for Security Service Providers (CrowdStrike) The CrowdStrike Falcon platform’s integration of industry-leading technology and human expertise enabled us to detect 75 of 76 adversary techniques.
SentinelOne Continues Sterling MITRE ATT&CK Evaluation Performance, Now with MDR (Business Wire) SentinelOne (NYSE: S), an autonomous cybersecurity platform company, was recognized in the MITRE Engenuity ATT&CK® Evaluation for Managed Services
MITRE Managed Services Evaluation | 4 Key Takeaways for MDR & DFIR Buyers (SentinelOne) Learn about MITRE's latest evaluation and how MDRs can help organizations to better understand and combat adversary behavior.
A New SBOM Tool, OpenSSL Fixes, GitHub Flaw, Software Supply Chain Help (Linux Insider) Troubles with software supply chain safety have recently grabbed a chunk of negative headline space. That might well set the stage for what to expect in an upcoming State of Open Source Report.
Azion Introduces Product Suite for Comprehensive Edge Development (Azion) Azion Build Supports Frictionless Development with Comprehensive Tools and Support for Leading Architectures and Frameworks
Technologies, Techniques, and Standards
Red, purple, or blue? When it comes to offensive security operations, it’s not just about picking one color (Help Net Security) Red team testing goes beyond assumptions and tests what is vital to your business, providing invaluable information to organizations.
Design and Innovation
Winners announced in first phase of UK-U.S. privacy-enhancing technologies prize challenges (GOV.UK) UK and U.S. have announced the winners of the first phase of the privacy-enhancing technologies prize challenges.
IBM and Vodafone Join Forces in Exploration of Quantum Computing Technology and Quantum-Safe Cryptography (IBM Newsroom) Vodafone partners with IBM to prepare for the quantum era of applications in telecommunications
Academia
UTSA Center for Infrastructure Assurance and Security introduces Alan CyBear (UTSA Today) The cultural icon Smokey Bear, with his yellow hat and wildfire prevention tagline, has been familiar to Americans for decades.
Legislation, Policy, and Regulation
NATO’s 2022 Cyber Defense Pledge Conference - United States Department of State (United States Department of State) On November 9 and 10, 2022, NATO’s 2022 Cyber Defense Pledge Conference will take place in Rome, at the Italian Ministry of Foreign Affairs and International Cooperation. The event is co-hosted by Italy and the United States with the support of the NATO International Staff. At the Madrid Summit in June, Allies reaffirmed that resilience […]
North Korea slams US cyber drills as ploy for ‘hegemony’ through cybersecurity | NK News (NK News - North Korea News) North Korea has slammed recent U.S.-led cyber exercises that featured South Korean operators, accusing Washington of seeking “world hegemony” through the drills. The statement against the Cyber Flag 23 exercises published by the DPRK’s foreign ministry on Wednesday comes as the country’s hackers have reportedly stolen hundreds of millions of dollars through cyber crime this […]
Spyware Scandals Prompt Calls for Further Bans in Europe (Wall Street Journal) A Europe-wide moratorium on surveillance software such as NSO Group’s Pegasus and similar products is needed to clamp down on abuses, according to a draft report from European Union lawmakers.
Cyprus MPs launch inquiry into spyware development on the island (Reuters) Cyprus's parliament opened an inquiry on Wednesday into the development of spyware on the island, after a draft European Parliament committee investigation report said it was an important export hub for the surveillance industry.
Japan joins NATO cyber defense centre (Telecoms Tech News) Japan has become the latest member of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).
China casts wary eye as Japan signs up for Nato cybersecurity platform (South China Morning Post) Tokyo’s decision is part of bigger Nato efforts targeting Beijing, Chinese analyst says.
With shows, acquisitions and partners, UAE hopes to emerge as cybersecurity, secure comms hub (Breaking Defense) Two sprawling defense organizations announced cybersecurity expansions as region sees evolving threats.
The U.S. Government’s Battle Plan to Fortify Supply Chains | Focal Point (Tanium) A flurry of guidance from the federal government has galvanized agencies and organizations. Here’s what security executives need to know.
Data-Privacy Bill Advances in Congress, but States Throw Up Objections (Wall Street Journal) The bipartisan legislation would put new limits on how businesses can collect and use consumers’ data, but California and some other states have thrown up objections.
California jumps out in front (again) on data privacy – here’s how (WRAL TechWire) The expansive powers of the California Privacy Protection Agency (CPPA) should not be overlooked, especially since CCPA has already been the subject of four rounds of Attorney General regulations, in some cases imposing rules beyond what was provided in the statute.
Litigation, Investigation, and Law Enforcement
Dickey's Contested $2.35M Data Breach Deal Gets Initial Nod (Law360) A Texas federal judge has signed off on a recommendation to preliminarily approve a $2.35 million settlement to resolve a proposed class action over a data breach at Dickey's Barbecue Restaurants Inc., overriding objections about the deal's fairness from plaintiffs who weren't involved in the negotiations.
L.A. Drops Criminal Charges Against Election Software Executive (New York Times) Eugene Yu was accused of illegally sending data about poll workers to China, in a case that became fodder for election deniers.
Navy engineer, wife sentenced in submarine spy case (Navy Times) A Navy engineer and his wife have been given lengthy prison terms for a plot to sell secrets about nuclear submarines.