News on the C2C market and the underworld. New AWS feature susceptible to abuse. CISA releases ICS advisories.

By the CyberWire staff

At a glance.

Godfather banking Trojan has deep roots in older code.
FuboTV disrupted around World Cup coverage.
Guardian hit with apparent ransomware attack.
Threat actor abuses AWS Elastic IP transfer.
Criminals impersonating other criminals' underworld souks.
Moldova may be receiving more Russian attention in cyberspace.
CISA releases six industrial control system advisories.

Godfather banking Trojan has deep roots in older code.

Group-IB reported this morning that the Godfather banking Trojan is currently in wide use against popular financial services worldwide. The researchers say, "Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including banking applications, cryptocurrency wallets, and crypto exchanges." The malware is based on the old Anubis Trojan, updated and improved. Godfather is offered in the C2C malware-as-a-service market, and it's distributed in the form of Trojanized applications, Group-IB says, sold in Google Play.

How to Stay Secure in a World of Distractions: Get the Report

1Password’s annual State of Access report explores how a time of “permacrisis” has direct implications to today’s workforce. The evidence is clear: with employee distraction at an all-time high, good cybersecurity habits are slipping. Download the report to learn more about this idea of “permacrisis”, how it directly impacts your employees’ security hygiene, and how implementing human-centric security solutions is crucial in today’s climate.

FuboTV disrupted around World Cup coverage.

Streaming service FuboTV reported that it fell victim to a cyberattack last Wednesday that knocked out access to the service during the time of the World Cup semifinal game between France and Morocco. The Record reports that at around 9:20 AM that day the company reported an investigation into account-related issues, namely, logging into and creating accounts. They reported working to resolve the issue throughout the day, though they acknowledged at midnight that some people were still unable to access the service. The Hollywood Reporter says that a statement from the company, released Thursday morning following the incident, saying that “the incident was not related to any bandwidth constraints on Fubo’s part,” and “FuboTV takes this matter very seriously. Once we detected the attack, we immediately took steps to contain the incident and worked to restore service to all of our users as quickly as possible. Service was fully restored by last evening. We deeply regret the disruption caused by this incident in the meantime.” The statement has since been updated, noting that disruptions to the service are no longer a concern, and that the World Cup final went off without a hitch. For more on the FuboTV incident, see CyberWire Pro.

Add value to your lead generation strategy

The CyberWire can help you fill your funnel and build partnerships with valuable leads. With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust us to get their messages out. Feature your brand with the source that top security leaders choose. Learn more.

Guardian hit with apparent ransomware attack.

The British newspaper, the Guardian, was hit late yesterday by what appears to have been a ransomware attack. It seems to have affected mostly back office infrastructure, and the paper says it expects to publish both print and online editions as usual.

Threat actor abuses AWS Elastic IP transfer.

Mitiga yesterday released research discussing a new potential threat vector that leverages an AWS functionality known as Elastic IP transfer. In October of this year, a new Amazon VPC (Virtual Private Cloud) feature was released, called “Elastic IP transfer.” The function allows for the transfer of Elastic IP addresses between AWS accounts. Something important to note is that the Elastic IP transfer capability extends beyond the user, and even their organization; the EIPs can be transferred between any active AWS accounts. If the correct permissions are enabled on the AWS account of a potential victim, a malicious actor can dive in with a single API and transfer the EIP of the victim to their own account. This is noted to be a later-stage attack, occurring after initial compromise. For more on Elastic IP transfer abuse, see CyberWire Pro.

Criminals impersonating other criminals' underworld souks.

Sophos has uncovered a scam campaign that’s impersonating various criminal marketplaces. The researchers first found a spoofed version of the Genesis Market, which asked users to pay a $100 deposit in order to access the site (the real Genesis Market is invite-only). This led the researchers to discover nineteen other sites set up by the same actor. The sites contained some errors, but they appear professional and “appeared prominently in search engine results.” The scammer or scammers also advertised the sites on Reddit, and their Bitcoin addresses have received more than $132,000. The researchers believe the scam is “designed to take advantage of inexperienced researchers, would-be threat actors, and the generally curious.” The researchers found circumstantial evidence tying the scam to a user on a criminal forum with the username “waltcranston,” an apparent Breaking Bad fan who was listed as a meth dealer on several underground marketplaces. Waltcranston was accused by several members of these forums of setting up scam sites after retiring from dealing drugs. For more on the scam, see CyberWire Pro.

Moldova may be receiving more Russian attention in cyberspace.

Balkan Insight reports that Telegram chatter posted online that represents itself as originating with Moldovan leaders is fabricated. The communications were presented as exchanged among Moldova's president and two cabinet ministers. "The ministers and the office of pro-European President Maia Sandu say the content of the alleged conversations is fake, but Iurie Turcanu, Moldova’s deputy prime minister in charge of digitalisation, said the attacks themselves are real and increasingly sophisticated." The fabricated contents suggested collusion between the government and criminal elements, and the campaign is regarded as a Russian disinformation effort.

The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.

CISA releases six industrial control system advisories.

The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released six industrial control system (ICS) advisories. They cover systems by Fuji, Rockwell, ARC, and Prosys.

Dateline Moscow and Kyiv: President Zelenskyy to address US Congress.

Ukraine at D+300: Solidifying allied support. (CyberWire) As fighting continues in Bakhmut, both sides continue diplomatic efforts, but only with their respective friends, not one another.

Russia-Ukraine war: List of key events, day 301 (Al Jazeera) As the Russia-Ukraine war enters its 301st day, we take a look at the main developments.

Ukraine-Russia war latest: Kremlin warns no chance of peace talks as Zelensky prepares to meet Biden (The Telegraph) The Kremlin said that it sees no chance for peace talks with Ukraine as Volodymyr Zelensky heads to the US to meet Joe Biden.

Russia-Ukraine war live: Zelenskiy heads to US as Putin promises to improve nuclear combat readiness (the Guardian) Ukrainian president expected to meet with president Joe Biden and Congressional leaders on Wednesday evening

Belarus says its Russian S-400, Iskander missiles enter ‘combat duty’ (Defense News) The move comes as analysts are seeing Moscow’s rising pressure on Minsk to increase the satellite nation’s involvement in the Russian invasion of Ukraine.

Belarus Is Inching Toward Invading Ukraine (Foreign Policy) Signs are growing that an invasion from the north could be imminent.

Putin Describes Situation in Occupied Ukrainian Territories as ‘Extremely Difficult’ (Wall Street Journal) The Russian president made a rare admission that the war in Ukraine is facing obstacles.

Vladimir Putin stays in Moscow as Volodymr Zelensky meets his soldiers on the frontline (The Telegraph) Even the most avid Kremlin supporters had a hard time hiding their disappointment with the Russian leader’s lack of touch

Surrender to a Drone? Ukraine Is Urging Russian Soldiers to Do Just That. (New York Times) Capitalizing on reports of low Russian morale, Ukraine has begun offering enemy troops detailed instructions on how to make their way over the battlefield and lay down their arms.

Russia-Ukraine War: Zelensky Is Expected to Visit Washington (New York Times) A risky trip to Washington would be the first time the Ukrainian leader left his country since Russia invaded in February.

Zelenskyy to meet Biden, address Congress as war rages on (AP NEWS) Ukrainian President Volodymyr Zelenskyy was making his way to Washington on Wednesday for a summit with President Joe Biden and to address Congress in his first known trip outside the country since Russia’s invasion began in February.

A Free World, If You Can Keep It (Foreign Affairs) Ukraine and American interests.

A ‘good’ war gave the algorithm its opening, but dangers lurk (Washington Post) To see the human face of the “algorithm war” being fought in Ukraine, visit a company of raw recruits during their five rushed weeks at a training camp here in Britain before they’re sent to the front in Ukraine.

US to send $1.8 billion in aid, including Patriot battery, to Ukraine (Military Times) Officials tell The Associated Press the U.S. will send $1.8 billion in military aid to Ukraine in a package expected to be announced Wednesday.

U.S. Sends Gear to Repair Ukraine's Electric Grid (U.S. Department of Defense) The U.S. has committed more than $53 million in support for Ukraine's electric grid which officials say will be critical for emergency repairs in the face of Russia's attacks.

The partition of Ukraine would only encourage Putin's imperial ambitions (Atlantic Council) Advocates of appeasement believe the best way to end the Russian invasion of Ukraine is by offering Ukrainian land in exchange for peace but this will only encourage Putin's imperial ambitions, writes Benton Coblentz.

2022 REVIEW: Why has Vladimir Putin’s Ukraine invasion gone so badly wrong? (Atlantic Council) Vladimir Putin hoped his invasion of Ukraine would result in a quick and historic victory. Instead, he ends 2022 with Russia's reputation as a military superpower in tatters. Why has the invasion of Ukraine gone so badly wrong?

In Ukraine, I saw the greatest threat to the Russian world isn’t the west – it’s Putin | Timothy Garton Ash (the Guardian) The Kremlin’s imperial war has made its own culture a common enemy for people across its former empire, says Guardian columnist Timothy Garton Ash

Our country of the year for 2022 can only be Ukraine (The Economist) For the heroism of its people, and for standing up to a bully

No One Would Win a Long War in Ukraine (Foreign Affairs) The West must avoid the mistakes of World War I.

Standing with Russia, or staying silent, protects genocide (The Hill) This month, in a unanimous vote, the Senate Foreign Relations Committee passed Senate Resolution 713, which correctly identifies and designates Russian atrocities in Ukraine as genocide. Led by Ran…

Telegram Hack Exposes Growing Russian Cyber Threat in Moldova (Balkan Insight) A Moldovan minister tells BIRN that the cyber-attacks facing Moldova since Russia’s invasion of Ukraine are on a whole new level.

Kremlin-linked hackers tried to spy on oil firm in NATO country, researchers say (CNN) A Kremlin-linked hacking group known for focusing on Ukraine has stepped up its spying efforts against Ukraine's NATO allies in recent months -- in part by trying to hack a big oil firm in a NATO country in August, according to US cybersecurity firm Palo Alto Networks.

Russian hackers attempted to breach petroleum refining company in NATO country, researchers say (CyberScoop) The Russian hacking group Trident Ursa is mostly known for phishing campaigns targeting organizations in NATO states.

Ukraine attacks changed Russian GPS jamming (GPS World) Two Russian airbases deep inside the country were attacked on the December 5: the Engels-2 base in the Saratov region and Dyagilevo near Ryazan. The next day an oil tank at the Kursk airfield closer to the border with Ukraine was hit and set on fire.

Russian oligarch who criticised Ukraine war has $1bn hotel complex seized (The Telegraph) The court order came after Oleg Deripaska was asked by the Kremlin to stop publicly condemning the invasion

Sewing for Ukraine: volunteers make army uniforms for women (Reuters) Yuliia Mykytenko smiles as she adjusts her new trousers, confident she's finally found a Ukrainian army uniform that fits after 10 months of war with Russia.

Attacks, Threats, and Vulnerabilities

Godfather: A banking Trojan that is impossible to refuse (Group-IB) Group-IB discovers banking Trojan targeting users of more than 400 apps in 16 countries

Okta source code stolen in GitHub hack (Computing) Security provider Okta has been breached, with attackers apparently stealing the company's source code.

Okta's source code stolen after GitHub repositories hacked (BleepingComputer) In a 'confidential' email notification sent by Okta and seen by BleepingComputer, the company states that attackers gained access to its GitHub repositories this month and stole the company's source code.

Elastic IP Hijacking — A New Attack Vector in AWS (Mitiga) Mitiga Researchers found a new post-exploitation attack method, a novel way in AWS that may enable adversaries to hijack static public IP addresses for malicious purposes.

ChatGPT: Emerging AI Threat Landscape (Trustwave) ChatGPT has been available to the public since November 30, 2022. Since then, it has made headlines – from being temporarily banned from Stack Overflow because...

OpwnAI: AI That Can Save the Day or HACK it Away (Check Point Research) Latest Research by our Team

ChatGPT can be used to generate malicious code, finds research (mint) Researchers at Check Point used ChatGPT and Codex used standard English instructions to create code that can be used to launch spear phishing attacks

Cybersecurity firms examine ChatGPT threat model (TechHQ) Among the millions of users who have joined OpenAI’s chat bot preview are security experts keen to probe the ChatGPT threat model in detail.

The scammers who scam scammers on cybercrime forums: Part 3 (Sophos News) A shadowy sub-economy is more than just a curiosity – it’s booming business, and also an opportunity for defenders. In the third part of our series, we look at the curious case of twenty fake marke…

OWASSRF: CrowdStrike Identifies New Method for Bypassing ProxyNotShell Mitigations (CrowdStrike) Learn how CrowdStrike recently discovered a new exploit method using CVE-2022-41080 and CVE-2022-41082 to achieve remote code execution (RCE) through Outlook Web Access.

Ransomware gang uses new Microsoft Exchange exploit to breach servers (BleepingComputer) Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web Access (OWA).

“RisePro” Stealer and Pay-Per-Install Malware “PrivateLoader” (Flashpoint) RisePro's presence on Russian Market, and the appearance of the stealer as a payload for a pay-per-install service, may indicate its growing popularity—and viability—within the threat actor community.

New 'RisePro' Infostealer Increasingly Popular Among Cybercriminals (SecurityWeek) A new information stealer called RisePro is being distributed by pay-per-install malware downloader service ‘PrivateLoader’.

Novel Rust-based Agenda ransomware variant discovered (SC Media) Ransomware-as-a-service operation Qilin has developed a novel Rust-based variant of the Agenda ransomware strain, which was originally based in the Go programming language and was used to compromise the healthcare and education sectors in Indonesia, Thailand, Saudi Arabia, and South Africa, The Hacker News reports.

Clop ransomware group targeting provider-patient trust, infecting medical images (SC Media) Hold Security has observed the Clop ransomware group interacting with providers as if they were patients in order to send them medical images infected with malware.

Guardian hit by serious IT incident believed to be ransomware attack (the Guardian) Incident has hit parts of media company’s technology infrastructure, with staff told to work from home

Eufy camera security breach admission leaves many questions unanswered (9to5Mac) Brand owner Anker has finally responded to proof of a major Eufy camera security breach, but its official statement still leaves a great many questions unanswered. The company has now admitted that it lied to users about all footage and images being stored locally, and never sent to the cloud, after a security researcher proved […]

Germany's Thyssenkrupp Hit By Cyberattack (Barron's) German industrial giant Thyssenkrupp on Tuesday said it was fending off a cyberattack against two of its divisions, but that no data appeared to have been lost.

Play Ransomware Gang Claims Responsibility for Cyber Attack on H-Hotels (Information Security Buzz) H-Hotels (h-hotels.com) have recently been the target of a cyber-attack, which has led to disruptions in the company’s communication systems. The Play ransomware gang has claimed responsibility for the attack. At this point, it is unclear whether the claims made by the Play criminal gang are genuine; however, H-Hotels is looking into the matter as quickly as possible.

Report: World-Renowned Education Company Exposes Details of Over 100,000 Students Worldwide in Massive Data Breach (vpnMentor) vpnMentor's research team has discovered a data breach related to McGraw Hill, an education publishing company based in the USA. McGraw Hill’s online education platform is used by

McGraw Hill exposed student data and grades, online privacy firm says (Higher Ed Dive) VpnMentor said the data breach exposed over 117 million files filled with hundreds of thousands of grades and email addresses.

McGraw Hill confirms data exposure of students' emails and grades (EdScoop) Education publisher McGraw Hill misconfigured a cloud storage device, exposing the emails and grades of students across the U.S. and Canada.

McGraw Hill's S3 buckets exposed 100,000 students' grades (Register) Educator gets an F for security

Ransomware hackers take demands directly to college students: ‘For you, it’s a sad day’ (NBC News) A hacker group broke into Knox College's computer system and gained access to student data, a common ransomware tactic. But this group had a new wrinkle for Knox students.

Timeline: San Diego Unified Waited 5 Weeks to Notify Employees and Families of Data Breach (NBC 7 San Diego) The San Diego Unified School District has confirmed new details regarding the timeline of its “cybersecurity incident,” in a report it filed with the state Attorney General’s office on Dec. 12.

Cybersecurity Pros Bracing for Possible Holiday Cyber Event (Channel Futures) Is a major cyber event about to occur, creating a nightmare for cyber defenders? Major cyber events occurred around the holidays in 2020 and 2021.

The terrifying ways employers can spy on your online life (New York Post) Got a spicy side hustle? They’ll find out.

Security Patches, Mitigations, and Software Updates

Fuji Electric Tellus Lite V-Simulator (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code.

Rockwell Automation GuardLogix and ControlLogix controllers (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: GuardLogix, ControlLogix, Compact Logix, and Compact GaurdLogix controllers Vulnerability: Improper Input Validation 2.

ARC Informatique PcVue (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: ARC Informatique Equipment: PcVue Vulnerabilities: Cleartext Storage of Sensitive Information, Insertion of Sensitive Information into Log File 2.

Rockwell Automation MicroLogix 1100 and 1400 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: MicroLogix 1100 and 1400 Vulnerabilities: Cross-site Scripting, Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of these vulnerabilities could create a denial-of-service condition or allow for remote code execution.

Delta 4G Router DX-3021 (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Industrial Automation Equipment: 4G Router DX-3021 Vulnerabilities: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote unauthenticated user to add files, delete files, or change file permissions.

Prosys OPC UA Simulation Server (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Prosys OPC Equipment: UA Simulation Server Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain credentials and gain access to system data.

Trends

2022's 4 Most Common Cyberattack Patterns (Security Intelligence) 2022 was a challenging year for cybersecurity teams. Learn the four most common cyberattack patterns and how to deal with them in the future.

ThreatModeler Survey: IT Leaders Confident in Effectiveness of Tools, Though Many are Looking for More Proactive, Automated Solutions (News Direct) Research finds that enterprises that leverage threat modeling report more confidence in their security and development tools

Ethical principles governing emerging tech are lacking in most organizations (TechRepublic) A Deloitte report discusses the importance of ethics, the types of misuse of new technologies, & how companies can operationalize standards.

Google outlines 6 cybersecurity predictions for 2023 (VentureBeat) Google security leaders share 6 cybersecurity predictions for 2023, anticipating an increase in ransomware and broader adoption of passkeys.

What's Next in Cyber 2022 Global Survey (Palo Alto Networks) Global survey of 1300 C-level executives on what’s next in cybersecurity – focused on security trends and needs.

Marketplace

Germany's VMRay ties up $34 million series B to expand threat detection and analysis (Tech.eu) VMRay is spearheaded by the malware analysis and detection pioneers Dr. Carsten Willems and Dr Ralf Hund.

Cybersecurity M&A Roundup for December 1-15, 2022 (SecurityWeek) A dozen cybersecurity-related merger and acquisition (M&A) deals were announced in the first half of December 2022.

Cybersecurity firms hunker down for hard times (Axios) In a tough economy, customers are buying services like incident response over longterm investments.

Cybersecurity Firms Cut Staff as Fears About Economy, Funding Mount (Wall Street Journal) The wave of layoffs started this summer and has spanned departments, including workers in technical roles.

Twitter Blue for Business now allows companies to identify their employees (TechCrunch) Twitter Blue for Business now provides an additional badge that helps organizations identify brands and people associated with it.

Elon Musk Says He Will Resign as Twitter C.E.O. When He Finds Successor (New York Times) Mr. Musk, who asked his Twitter followers on Sunday if he should step down as head of the service, will remain the company’s owner.

Tech’s Bust Delivers Bruising Blow to Hollowed-Out San Francisco (Bloomberg) Job cuts and remote work are colliding to reshape the center of American innovation.

Channel Futures Names Arlin Sorensen of ConnectWise as one of the Top 20 Managed Services Channel Leaders for 2022 (GlobeNewswire News Room) Channel Futures’ Channel Leaders of the Year list features some of the biggest managed services suppliers in the industry who are stepping up to move the...

Jacques Boschung Appointed as Head of Kudelski Security (Yahoo Finance) The Kudelski Group (SIX:KUD.S), the world leader in digital security, today announced the appointment of Mr. Jacques Boschung as head of Kudelski Security, the Group's cybersecurit

CyberArk Appoints Omer Grossman Global Chief Information Officer (Business Wire) CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced the appointment of Omer Grossman as Global Chief Information Officer

Contrast Security Executives to Help Defend Cyberspace as Active Participants of a Leading Tech Group the Company Co-Founded (Contrast Security) Cybersecurity Tech Accord and its membership of global enterprises continue to partner for a safer and more secure world.

Products, Services, and Solutions

PlainID Launches The PlainID Technology Network to Enable Identity Aware Security for Advanced Access Control (PR Newswire) PlainID, The Authorization Company™, the leading provider of authorization and policy-based access control, officially announces its PlainID...

Aisera Announces Integration of its AI-powered Service Experience Solution with Zendesk's Sunshine Platform (PR Newswire) Aisera, the world's leading AI-driven service experience platform for automated customer experiences (CX), announced today that its solutions...

How CyberCube helps assess risk for cyber insurance (VentureBeat) With the risk of cybercrime at an all-time high, cyber insurance company, CyberCube, announced $50M additional raised, for over $100M total.

Technologies, Techniques, and Standards

US Might Have Targeted Iran Cyber Infrastructure Before Midterm Vote (Iran International) The US military’s Cyber Command disrupted foreign adversaries’, including Iran’s potential interference in the mid-term elections, it said on Monday.

Army network plan will offset contested comms with multi-path transport-agnostic capabilities (Breaking Defense) “You have to be able to operate with challenges to comms at times, whether it's jamming, lack of available fiber, geography impacting your line of sight, or host-nation spectrum restrictions.”

How to Embed Gen Z in Your Organization's Security Culture (Security Intelligence) Gen Z is comprised of digital natives, yet the generation has the highest victim rates for scams. Empower Gen Z through cybersecurity education.

Legislation, Policy, and Regulation

Congress moves to ban TikTok from US government devices (Federal Times) Rule applies to the executive branch — with exemptions for national security, law enforcement and research — and doesn't appear to cover Congress itself.

FDA pushing for medical device cybersecurity funding, regulations (The Record by Recorded Future) The Food and Drug Administration is pushing for Congress to provide more funding and support to address the cybersecurity of medical devices.

CISA Lined up for 12 Percent Funding Boost in FY2023 (Meritalk) The Cybersecurity and Infrastructure Security Agency (CISA) is in line to receive a 12 percent funding increase under Fiscal Year 2023 appropriations legislation unveiled today – a spending hike that Capitol Hill leaders said will help the agency boost its ability to prevent cyberattacks and secure critical infrastructure.

Congress moves to reauthorize CISA’s cyber defense program (Federal News Network) The Cybersecurity and Infrastructure Security Agency is in line for a budget boost, while the Einstein cyber defense system gets its reauthorization.

Rep. Katko worries CISA will become a 'regulatory behemoth' (Washington Post) Rep. John Katko talks about what’s done and still undone as his congressional career wraps up

Tech Companies Make Final Push to Head Off Tougher Regulation (Wall Street Journal) The industry has spent more than $100 million to fight antitrust measures and other bills in Congress.

Elizabeth Warren's New Financial Surveillance Bill Is a Disaster for Privacy and Civil Liberties (CoinDesk) The proposal would turn blockchains into permissioned ledgers surveilled by centralized gatekeepers.

Litigation, Investigation, and Law Enforcement

Russian hackers accessed JFK airport taxi software: Port Authority (The Record by Recorded Future) Two have been arrested on charges that they conspired with Russian hackers to tamper with JFK airport’s taxi queuing software.

FTX founder Sam Bankman-Fried will fly from Bahamas to U.S. Wednesday to face criminal charges (CNBC) Sam Bankman-Fried is set to return to the U.S., where he faces multiple criminal charges tied to the collapse of his crypto exchange FTX.

Scoop: ProPublica to return SBF funds (Axios) The initial $1.6 million grant was the first of three payments, totaling $5 million over three years.

FTX’s Bankman-Fried Gave Ex-Jane Street Traders Who Formed Modulo Capital $400M (CoinDesk) Founded in early 2022, Modulo operated out of the same luxury Bahamian condominium community where Sam Bankman-Fried and other FTX employees lived.

EU to Probe Broadcom’s $61 Billion Planned Takeover of VMware (Wall Street Journal) Europe’s competition regulator said it is concerned that the deal could limit competition for some hardware.

Broadcom’s $61 Billion VMware Deal Faces In-Depth EU Probe (Bloomberg) EU cites concerns it could raise prices, hurt innovation. EU commission sets new May 11 deadline to review the deal.

European regulators: Broadcom-VMware merger 'would lead to higher prices, lower quality' (CRN) The European Commission has announced an “in depth” investigation of the merger between the two companies

Amazon Agrees to Settle EU Antitrust Cases, Avoiding Fines (Wall Street Journal) The online retail giant settled two antitrust cases related to allegations about its treatment of third-party sellers on its platform, ending some of the bloc’s most advanced cases targeting a U.S. tech company.

Musk’s Twitter Draws Deeper FTC Scrutiny Over Rising Privacy, Security Concerns (Bloomberg) FTC questioned two former senior executives on data security. Review could lead to millions of dollars in fines, Musk order.

Billionaires Are A Security Threat (WIRED) Elon Musk’s Twitter takeover is a case study in destruction. It doesn’t have to be this way.

Zuckerberg weighed naming Cambridge Analytica as a concern in 2017, months before data leak was revealed | CNN Business (CNN) Mark Zuckerberg considered disclosing in 2017 that Facebook was investigating "organizations like Cambridge Analytica" alongside Russian foreign intelligence actors as part of an election security assessment before ultimately removing the reference at his advisers' suggestion, according to a 2019 deposition conducted by the Securities and Exchange Commission and reviewed by CNN.