Dateline
Ukraine at D+76: Attribution and condemnation of Russia's AcidRain cyberattack on the KA-SAT network. (The CyberWire) Western governments join the EU in attributing the cyberattack against Viasat's KA-SAT network to Russia, and add their condemnation to what they characterize as an indiscriminate attack.
Russia-Ukraine latest news: Boris Johnson signs historic military deals with Sweden and Finland (The Telegraph) Boris Johnson will sign historic security assurance declarations with Sweden and Finland in the face of Russia's invasion of Ukraine, pledging to "bolster military ties" and support both countries should they come under attack.
Russia-Ukraine war: trapped and wounded Azovstal soldiers plead for rescue; Boris Johnson in Sweden to discuss security – live (the Guardian) Photos published by Azov Regiment purport to show conditions in steel plant; British PM visits Sweden and Finland, who have ambitions to join Nato
Russia pounds Ukraine's vital port of Odesa, Mariupol plant (AP NEWS) Russian forces pounded away at the vital port of Odesa, Ukrainian officials said Tuesday, as part of an apparent effort to disrupt supply lines and weapons shipments. On the other end of the southern coast, they hammered a steel plant where Ukrainian fighters are denying Moscow full control of another critical port.
Ukraine morning briefing: Five developments as Russia battles to defend Snake Island (The Telegraph) Plus: West claims Russia behind massive cyberattack and activist leader of band Pussy Riot escapes Moscow in disguise
How the Israeli army perceives the Russian-Ukraine war, 70 days in (Haaretz) Israel has been drawing its own conclusions from Putin's failure in Ukraine: From the resurgence of large-scale wars to the drawbacks of urban fighting
'I quit the Wagner group after the Kremlin sent me to Syria – here's why' (The Telegraph) Ex-Wagner Group fighter says recruiters asked him to fight alongside invading force, but he knew that Putin’s men weren’t up to the task
Vladimir Putin ‘gearing up for a prolonged war and will not stop at Donbas’ (The Telegraph) Russian leader’s retreat from Kyiv was ‘temporary shift’ and he is likely counting on Western resolve weakening, warns US intelligence chief
America Must Embrace the Goal of Ukrainian Victory (Foreign Affairs) It’s time to move past Washington’s cautious approach.
US, Western Europe fret over uncertain Ukraine war endgame (AP NEWS) An interminable and unwinnable war in Europe? That’s what NATO leaders fear and are bracing for as Russia’s war in Ukraine grinds into its third month with little sign of a decisive military victory for either side and no resolution in sight.
Vladimir Putin is ‘more dangerous than Adolf Hitler or Joseph Stalin’ (The Telegraph) Mateusz Morawiecki, the Polish prime minister, says the Russian leader’s ‘monstrous ideology’ poses a deadly threat to Europe
Vladimir Putin is trapped in his own rhetoric – and has no way out (The Telegraph) In one sense, Putin is quite right: victory in this war is an existential question, not for Russia but for him personally
Former Soviet States Are Distancing Themselves From Their Old Imperial Master (Foreign Policy) The war in Ukraine is prompting countries from Kazakhstan to Moldova to reexamine their colonial past and seek diplomatic allies beyond the Kremlin.
Kaliningrad Could Be the Next Flashpoint in the EU’s Standoff With Russia (World Politics Review) Kaliningrad has remained quiet recently as a sense of patriotism mixed with tight regime repression has deterred any open expressions of dissent. Yet the deepening crisis faced by its inhabitants mean that it could soon become a geopolitical flashpoint between the EU and Russia as volatile as Ukraine or Belarus.
Germany reopens embassy in Kyiv, supports war crimes probes (AP NEWS) German Foreign Minister Annalena Baerbock on Tuesday reopened her country's embassy in Kyiv that was closed more than two months ago following the Russian invasion .
Russia hacked an American satellite company one hour before the Ukraine invasion (MIT Technology Review) The attack on Viasat showcases cyber’s emerging role in modern warfare.
Russia responsible for satellite hack causing chaos across Europe (The Telegraph) Cyber attack shut down 5,800 German wind turbines ahead of Ukraine invasion
E.U., U.K. and U.S. accuse Russia of cyberattack on internet provider (NBC News) The attack hit the European networks of the internet satellite company Viasat just as Russia began its invasion of Ukraine on Feb. 24.
Russia downed satellite internet in Ukraine -Western officials (Reuters) Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of modems offline at the onset of Russia-Ukraine war, the United States, Britain, Canada, Estonia and the European Union said on Tuesday.
US and its allies say Russia waged cyberattack that took out satellite network (Ars Technica) February outage came an hour before Russia began its invasion of Ukraine.
Western powers blame Russia for Ukraine satellite hack (The Record by Recorded Future) The European Union and the United Kingdom said the cyberattack on satellite internet provider Viasat in February was “unacceptable.”
Russian cyber operations against Ukraine: Declaration by the High Representative on behalf of the European Union (European Council) The EU issued a declaration strongly condemning the malicious cyber activity conducted by the Russian Federation against Ukraine, which targeted the satellite KA-SAT network, operated by Viasat.
Attribution of Russia’s Malicious Cyber Activity Against Ukraine - United States Department of State (United States Department of State) The United States is joining with allies and partners to condemn Russia’s destructive cyber activities against Ukraine. In the months leading up to and after Russia’s illegal further invasion began, Ukraine experienced a series of disruptive cyber operations, including website defacements, distributed denial-of-service (DDoS) attacks, and cyber attacks to delete data from computers belonging to […]
U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors (CISA) CISA and the Federal Bureau of Investigation (FBI) have updated the joint cybersecurity advisory, Strengthening Cybersecurity of SATCOM Network Providers and Customers, originally released March 17, 2022, with U.S. government attribution to Russian state-sponsored malicious cyber actors.
Russia behind cyber-attack with Europe-wide impact an hour before Ukraine invasion (GOV.UK) UK, EU, US and allies have announced that Russia is responsible for a series of cyber-attacks since the renewed invasion of Ukraine.
Estonia joins the statement of attribution on cyberattacks against Ukraine (Ministry of Foreign Affairs, Republic of Estonia) Estonia joins the coalition attributing the 24 February cyberattacks against the KA-SAT network to Russian Main Intelligence Directorate (GRU).
Statement on Russia’s malicious cyber activity affecting Europe and Ukraine (Canada.ca) The Honourable Mélanie Joly, Minister of Foreign Affairs, the Honourable Anita Anand, Minister of National Defence, and the Honourable Marco Mendicino, Minister of Public Safety, today issued the following statement:
Attribution to Russia for malicious cyber activity against European networks (Australian Government Department of Foreign Affairs and Trade) Australia is committed to working with our partners and allies to shine a light on Russia’s ongoing unacceptable activity in cyberspace and condemns Russia’s
NSA Probing Reach of Software From Russia’s Kaspersky in US Systems (Bloomberg) US fears Kremlin could use software to penetrate key sectors. Kaspersky has denied improper ties to the Russian government.
Is using Kaspersky a security risk? US government ramps up investigation (Tech Monitor) The US government has ramped up a probe into the cybersecurity vendor, leading many to ask: 'is using Kaspersky a security risk?'
Biden signs Ukraine bill, seeks $40B aid, in Putin rejoinder (AP NEWS) Washington sought to portray a united front against Russia’s invasion of Ukraine as President Joe Biden signed a bipartisan measure to reboot the World War II-era “lend-lease” program, which helped defeat Nazi Germany, to bolster Kyiv and Eastern European allies.
U.S. House passes $40 bln bill to bolster Ukraine against Russian invasion (Reuters) The U.S. House of Representatives approved more than $40 billion more aid for Ukraine on Tuesday, as Congress races to keep military aid flowing and boost the government in Kyiv as it grapples with the Russian invasion.
Purdue cybersecurity experts coached guardians of Ukrainian critical infrastructure (Purdue University) Purdue University, a leading seat of cybersecurity expertise, may have helped cybersecurity personnel guarding power plants, the electrical grid and other critical infrastructure in Ukraine successfully fend off recent cyber attacks.
EXPLAINER: Why is Hungary blocking sanctions on Russian oil? (AP NEWS) As the European Union tries to impose sanctions on Russian oil over the war in Ukraine , Hungary has emerged as one of the biggest obstacles to unanimous support needed from the bloc's 27 member nations.
Attacks, Threats, and Vulnerabilities
NPM dependency confusion hacks target German firms (ReversingLabs) Research by ReversingLabs suggests that dependency confusion attacks on npm repositories have been used to compromise leading German firms in recent weeks.
npm Supply Chain Attack Targeting Germany-Based Companies (JFrog) JFrog discovers npm malicious packages indicating a highly targeted dependency confusion attack on leading industrial companies based in Germany. Find out more >
Alert (AA22-131A) Protecting Against Cyber Threats to Managed Service Providers and their Customers (CISA) The cybersecurity authorities of the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA), (NSA), (FBI) are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.
Protecting Against Cyber Threats to Managed Service Providers and their Customers (CISA) Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security roles and responsibilities.
F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388) (SANS Institute) TL;DR: Patch your BIG-IP and disconnect the management interface from the internet. Now.
Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques (Proofpoint) Proofpoint has analyzed a novel malware variant which utilizes significant anti-analysis and anti-reversing capabilities.
A10 Networks finds over 15 million DDoS weapons in 2021 (SecurityBrief Australia) A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover (WhiteSource) Using data from Diffend, the WhiteSource research team conducted an impact analysis of a recent critical CVE disclosed for RubyGems.
Spoofing SaaS Vanity URLs for Social Engineering Attacks (Varonis) Many SaaS applications offer what’s known as vanity URLs — customizable web addresses for landing pages, file-sharing links, etc. Vanity URLs allow you to create a personalized link that looks like this:
Okta's Data Breach Debacle After Lapsus$ Attack: Postmortem (Bank Info Security) A hacking group called Lapsus$ caused major headaches for identity vendor Okta in March when it dropped incriminating but misleading screenshots of a security
Cornwall Council data breach: Children's details published (BBC News) The details include a teenager's personal mobile number and part of a court document.
For Queer Nigerians, online dating can come with deadly risks (The Record by Recorded Future) In Nigeria and other countries that criminalize homosexuality, online dating represents both an opportunity and a threat for queer communities.
CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerability in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.
CISA adds F5 vulnerability to catalog of exploited bugs (The Record by Recorded Future) CISA added a vulnerability affecting F5’s BIG-IP product to its list of known exploited vulnerabilities on Tuesday following reports that it was being actively exploited.
Security Patches, Mitigations, and Software Updates
Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited (SecurityWeek) Microsoft on Tuesday released critical software updates to fix at least 73 documented security flaws in the Windows ecosystem and warned that unknown attackers are already launching zero-day man-in-the-middle attacks.
Microsoft Azure Vulnerability Allowed Code Execution, Data Theft (SecurityWeek) Microsoft on Monday shared information on patches and mitigations for a vulnerability impacting Azure Data Factory and Azure Synapse Pipelines.
Microsoft Releases Security Advisory for Azure Data Factory and Azure Synapse Pipelines (CISA) Microsoft has released a security advisory to address a remote code execution vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Microsoft Advisory ADV220001 for more information and to apply the necessary updates.
Adobe Warns of 'Critical' Security Flaws in Enterprise Products (SecurityWeek) Adobe ships patches for at least 18 serious security defects in multiple enterprise-facing products and warned that unpatched systems are at risk of remote code execution attacks
SAP Security Patch Day May 2022: Spring4Shell vulnerability has been patched in six SAP applications (Onapsis) SAP has released 17 new and updated SAP Security Notes in its May 2022 patch release, including the notes that were released since last patch day. As part of this month’s patch release, there are four HotNews notes and two High Priority notes.
Adminer in Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Adminer Equipment: Adminer Vulnerability: Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of this vulnerability could allow reading of database credentials and loss of sensitive information.
Eaton Intelligent Power Protector (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Protector (IPP) Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code using untrusted data.
Eaton Intelligent Power Manager Infrastructure (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager Infrastructure Vulnerabilities: Cross-site Scripting, Reflected Cross-site Scripting, Improper Neutralization of Formula in a CSV File 2.
Eaton Intelligent Power Manager (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager (IPM) v1 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code using untrusted data.
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: AVEVA InTouch Access Anywhere and AVEVA Plant SCADA Access Anywhere Vulnerability: Exposure of Resource to Wrong Sphere 2.
Mitsubishi Electric MELSOFT GT OPC UA (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT GT OPC UA Client Vulnerabilities: Out-of-bounds Read, Integer Overflow or Wraparound 2.
Trends
Five years after the WannaCry dumpster fire, ransomware remains a global threat (Digital Shadows) It has been five years since the dumpster fire we all remember as WannaCry. WannaCry is self-propagating ransomware that held hundreds of thousands of devices around the world hostage in 2017. While the WannaCry attack was catastrophic, the worm-like ransomware attack also served as a lesson for cybercriminals and network defenders alike. From a cybercriminal’s
Ransomware tracker: the latest figures (The Record by Recorded Future) Colonial Pipeline, JBS Foods, Kaseya — we’re only halfway through 2021, but it can already be dubbed the year of ransomware.
SpyCloud Report: Fortune 1000 Employees Pose Elevated Cyber Risk to Companies (Business Wire) SpyCloud, the leader in account takeover and fraud prevention, today published its 2022 SpyCloud Fortune 1000 Identity Exposure Report, an annual anal
IT Service Management Named a Top Choice for Managing Identity in the Enterprise, but Email and Spreadsheets are Close Behind, New Research Finds (Business Wire) Clear Skye® Inc today announced the findings of their first-ever “Identity Management Survey,” exploring the state of identity governance and security
Clear Skye & Gradient Flow | Identity Management Survey Research Report (clearskye.com) Better understand the current trends, challenges, and use cases shaping identity management and security in the workplace by downloading the free Identity Management Survey report today.
Utility industry continues to deny that control system cyber incidents are occurring (Control Global) On Thursday, May 5, 2022, EnergyCentral held a podcast “Cyber Resiliency in the Power Industry” with representatives from EPRI...
Marketplace
Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data (Yahoo Finance) Concentric Inc., a leading vendor of intelligent AI-based solutions for protecting business-critical data, announced today it has raised $14.5 million in Series A funding. Led by Ballistic Ventures, a new VC firm solely dedicated to advising and funding early-stage cybersecurity startups, this investment targets the $19B market for data security, access governance, and loss prevention. Citi Ventures also participated in the round as a strategic investment, as did
Cyberpion Bolsters Executive Leadership to Propel External Attack Surface Management (PR Newswire) Cyberpion, a cybersecurity leader in external attack surface management (EASM), announced today the appointment of Tamir Hardof as Chief...
Cover-More Group lands new head of cyber security (iTnews) Following the departure of Amit Ghodekar.
Onapsis Accelerates Expansion into APAC Market With the Appointment of Simon Naylor as Vice President, Asia Pacific (Business Wire) Onapsis, the leader in business-critical application cybersecurity and compliance, today announced the appointment of Simon Naylor as Vice President,
Blackpoint Cyber Welcomes David Rushmer, Director of Threat Research (Business Wire) Blackpoint Cyber, a leading technology-focused cybersecurity company, welcomed to their team David Rushmer as Director of Threat Research. “We are exc
Welcoming Adi Sharabani: Snyk’s new Chief Technology Officer (Snyk) Snyk is excited to announce the addition of Adi Sharabani as our new Chief Technology Officer (CTO).
Products, Services, and Solutions
Sunday Security Lands $4M to Protect the World’s Executive Teams Beyond the Enterprise Perimeter (Business Wire) Sunday Security, an Israeli startup revolutionizing personal cybersecurity for the enterprise, today announced it has raised $4M in seed funding to el
Fenix24 Launches Fast, Intelligent Disaster Recovery Service to Battle Cyber-Terrorism (Business Wire) Foreign nations and criminal gangs are attacking our nation’s infrastructure, hospitals, and schools. Using soft, generic terms like “threat actors” a
Cohesity Delivers FortKnox — Combating Ransomware with a SaaS Data Isolation and Recovery Solution (Business Wire) Cohesity, a leader in next-gen data management, today announced the general availability of Cohesity FortKnox — a software as a service (SaaS) data is
Open Systems’ Co-innovation with Microsoft Exemplifies the Power of This Ecosystem to Transform Security (Business Wire) Open Systems, the only managed detection and response provider with Mission Control, announced it was an initial Microsoft Design Partner invited to c
JFrog and Docker Unveil Integrated Solution for Increasing Container Security (JFrog) New Docker Desktop Extension for JFrog Xray Helps Developers “Shift Left” - Performing Vulnerability Scanning & Violation Flagging Early in the Software Lifecycle
Get Peace of Mind about Security When Deploying Containers from Docker Desktop (JFrog) Have you ever deployed Docker containers and hoped they delivered safe software? Would you like to get peace of mind that the contents of your containers are secure and clear of vulnerabilities? With JFrog Xray’s new integration with Docker Desktop Extensions, you will be able to do just that. By scanning for vulnerabilities locally before …
Druva Enters into Strategic Agreement with AWS to Enhance Data Resiliency as Enterprise Cloud Adoption Accelerates (Druva) Companies Commit to Delivering Cloud-First Data Protection Across Multiple Applications
Fenix24 Launches Rapid Response Service Powered By Cortex XDR (Business Wire) As the threat of ransomware increases, companies need an intelligent, fast solution to quickly respond to threat actors, get their critical systems ba
Black Box Achieves Gold Partner Status in Genesys Ascend Partner Program
(WallStreet.com) Leading IT solutions provider becomes a top-tier partner for the U.S.
New Cybereason Incident Response and Professional Services Subscription Offers Unlimited Incident Response (Cybereason) Cybereason, the XDR company, today launched new Incident Response (IR) and Professional Services subscription bundles with services designed to help organizations measure and optimize their security program, packaged with unlimited incident response services that identify, contain and remediate malicious cyber incidents in minutes.
Qualcomm Lights-Up World’s First 5G Standalone mmWave Connection, And It’s A Big Deal (Forbes) Today at its annual 5G Summit in San Diego, Qualcomm announced it has achieved a significant milestone in the evolution of 5G wireless network connectivity and the future of wireless broadband services everywhere.
Zerto Extends Leadership in Ransomware Resilience by Bringing New Recovery Capabilities in a Multi-Cloud World (Zerto) Zerto, a Hewlett Packard Enterprise company, has today announced the availability of a series of major product updates, bringing its ransomware recove
Arctic Wolf Launches Arctic Wolf Labs to Advance Security Operations Research and Intelligence Reporting (Business Wire) Arctic Wolf announced the launch of Arctic Wolf Labs, a new research-focused division focused on innovation in the field of security operations.
PlainID, The Authorization Company™, Reveals Industry's First Authorization-as-a-Service Platform Powered by Policy-Based Access Control (PR Newswire) PlainID, the Authorization Company™, announces today the production readiness of its highly anticipated "Authorization-as-a-Service,"...
SOC Prime Launches Industry-First Search Engine for Threat Hunting, Threat Detection, and CTI (Business Wire) SOC Prime, provider of the world’s largest and most advanced threat detection marketplace, today announced the launch of the industry’s first search e
Intel Introduces Project Amber for Cloud-to-Edge and On-Premises Trust Assurance (Intel Corporation) Provides customers and partners a security foundation for confidential computing, secure and responsible AI, and quantum-resistant crypto into the quantum era.
Technologies, Techniques, and Standards
65th Cyberspace Squadron rises to the challenge to protect CFSCC, CSpOC from cyber threats (Space Ref) 65th Cyberspace Squadron rises to the challenge to protect CFSCC, CSpOC from cyber threats - SpaceRef
Academia
Historically significant Illinois college closes as a result of ransomware attack (Pirate Press) As a result of a ransomware assault on a private liberal arts institution in Illinois, Lincoln College has been forced to shut down.
Legislation, Policy, and Regulation
State to gain more ability to monitor DOD cyber ops under White House agreement (CyberScoop) The White House has reached consensus with the State and Defense Departments on how to pare back NSPM-13's precedent-setting delegation of authority to the DOD.
Office of the National Cyber Director Announces Senior Leadership (The White House) Today, the Office of the National Cyber Director announced Kemba Walden as the first Principal Deputy National Cyber Director and Neal Higgins and Rob
White House Adds Three Key Cybersecurity Officials (Decipher) National Cyber Director Chris Inglis has added three officials to his team, including Kemba Eneas Walden, Rob Knake, and Neal Higgins.
Office of the National Cyber Director names three new senior leaders (The Record by Recorded Future) A Microsoft executive, CIA official and cyber policy expert will help unify the U.S. response to major cyberattacks, the White House said.
Ryan Agee: NSA ‘Can and Should’ Do More Unclassified Work (GovCon Wire) Looking for the latest GovCon News? Check out our story: Ryan Agee on NSA's Unclassified Work. Click to read more!
Litigation, Investigation, and Law Enforcement
What we know about Spain’s cyber-espionage spyware scandals (the Guardian) Spain’s Pegasus spyware revelations have come to a head with the sacking of the country’s spy chief
Through the Spyglass: NSO Group Spyware Pegasus in Focus (CircleID) The NSO Group has been known for targeting dissident journalists and bloggers notably with its proprietary spyware Pegasus. In November 2021, for instance, Apple sued the NSO Group for its alleged surveillance and targeting of its device users.
ICE uses data brokers to bypass surveillance restrictions, report finds (The Verge) "The mass collection of data by ICE poses a tremendous risk."
British man charged in New York with hacking into bank computers, stealing millions (Reuters) A British man has been criminally charged in New York with stealing money from investors' accounts by hacking into email servers and computers belonging to U.S. banks and brokerages, causing more than $5 million of losses.
DOJ accuses UK man of hacks on brokerage accounts costing more than $5 million in losses (The Record by Recorded Future) An indictment says Idris Dayo Mustapha hacked into several brokerage firms and accounts, causing more than $5 million in losses.
Appian Wins $2B Jury Verdict In Va. Trade Secrets Suit (Law360) A Virginia jury has awarded tech company Appian more than $2 billion in damages upon finding that Cambridge, Massachusetts-based software company Pegasystems willfully pilfered Appian's trade secrets.