Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+608: Privateers are rising. (CyberWire) Ukraine's successes in the Black Sea are part of a long-war strategy. Russian privateers are increasingly active against Ukrainian targets, and are paying particular attention to financial transactions.
As War Rages in Gaza, Violence Surges in the West Bank (TIME) At least 95 Palestinians have been killed by Israeli soldiers and armed settlers since Oct. 7.
How Hamas is trying to leverage hostage deal to win war (Telegraph) Israel will not withdraw just to rescue hostages - Hamas is playing its last card as it gambles with 200 lives, say analysts
Violent videos and ‘brutal voyeurism’ are redefining modern war (Washington Post) The Israel-Gaza and Ukraine wars have flooded the web with grisly content. One researcher says, ‘It’s like there are suddenly many more movie theaters in town, and some of them are much more friendly toward snuff films.’
U.S. details intelligence it says clears Israel in Gaza hospital blast (Washington Post) American officials claim ‘high confidence’ that the al-Ahli Hospital explosion was not Israel’s fault, but they are less certain a Palestinian group was to blame
Cyber operations linked to Israel-Hamas fighting gain momentum (CyberScoop) Amid a flurry of exaggerated claims of cyber attacks, experts caution that attacks on digital systems may intensify as the conflict drags on.
Hamas’ online infrastructure reveals ties to Iran APT, researchers say (CSO Online) An analysis from Recorded Future’s Insikt Group research unit offers insight into the online infrastructure used by Hamas, as well as its apparent links to the Iranian government.
Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future (Recorded Future) Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization
Israel Calls for UN Secretary-General To Resign After He Seeks To Justify Hamas’s Slaughter of Israelis on October 7 (The New York Sun) Comments infuriate the Jewish community and the Jewish state, even as Secretary Blinken praises the UN boss.
Israel-Hamas war live: Israel vows to ‘teach the UN a lesson’ as row over secretary-general’s speech escalates (the Guardian) Israel calls on António Guterres to resign after his speech and says it has denied a visa to a UN official
Opinion Let’s not forget the Palestinian Authority’s role in this catastrophe (Washington Post) Apologists for Hamas ignore the terrorist group’s role in terrorizing Palestinians, absconding with aid intended for civilians and using civilians as human shields, a war crime.
Russia maneuvers carefully over the Israel-Hamas war as it seeks to expand its global clout (AP News) Russia has issued carefully calibrated criticism of both sides in the war between Israel and Hamas. But the conflict also is giving Moscow bold new opportunities — to advance its role as a global power broker and challenge Western efforts to isolate it over Ukraine.
Cyber operations linked to Israel-Hamas fighting gain momentum (CyberScoop) Amid a flurry of exaggerated claims of cyber attacks, experts caution that attacks on digital systems may intensify as the conflict drags on.
Live Briefing: Russia Invades Ukraine (Radio Free Europe | Radio Liberty) Russia's Black Sea Fleet was engaged early on October 24 in repelling a Ukrainian attack on the Crimean city of Sevastopol, the Moscow-installed governor of the Black Sea port has said.
Russia-Ukraine war: List of key events, day 609 (Al Jazeera) As the war enters its 609th day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 609 (the Guardian) Volodymyr Zelenskiy says it is a ‘question of time’ before Ukraine regains control over Crimea; Russian forces continue pounding eastern Ukrainian city of Avdiivka
Russia presses counter-counteroffensive in northeast Ukraine (Washington Post) With the world focused on the war between Israel and Hamas, Russia has launched ferocious attacks in eastern Ukraine, simultaneously ramping up its efforts to encircle the city of Avdiivka in the Donetsk region and pummeling the area around the formerly occupied cities of Kupyansk and Lyman.
Battle of Avdiivka: Putin's new offensive continues despite heavy Russian losses (Atlantic Council) Russia has returned to the offensive in Ukraine in recent weeks with a major assault on the town of Avdiivka. The Russian offensive continues despite reports of catastrophic losses, underlining Putin's determination to secure victory at any price in Ukraine, writes Olivia Yanchik.
Ukraine’s Counteroffensive Is More Successful Than You Think (Foreign Policy) The focus on the stalled land war obscures major successes in Crimea and the Black Sea.
Ukraine's Siberian Battalion recruits Russians to help fight Moscow (Reuters) At a simple shooting range outside Kyiv, a group of 20 Russian citizens clad in Ukrainian uniforms practiced firing assault rifles and machine guns.
Russian morale has broken against the steel hearts of Ukraine (The Telegraph) The moral is to the physical as three to one
Finland Says Gas Pipeline Likely Broken By Ship Dragging Anchor (RadioFreeEurope/RadioLiberty) Damage to a Baltic Sea gas pipeline earlier this month is believed to have been caused by a ship dragging a large anchor along the seabed, Finnish police said on October 24.
Ukraine’s EU membership bid set to receive big boost in November (Atlantic Council) The European Commission is expected to give Ukraine the green light to begin EU accession talks in early November, marking a significant step forward in the country’s European integration ambitions, writes Peter Dickinson.
Ukraine Launches Joint Venture With German Arms Maker Rheinmetall, Says PM (RadioFreeEurope/RadioLiberty) Ukraine has set up a joint defense venture with German arms manufacturer Rheinmetall to service and repair Western weapons sent to help Kyiv against Russia's full-scale invasion.
Ukraine cyber officials warn of a ‘surge’ in Smokeloader attacks on financial, government entities (Record) Suspected Russian cybercriminals have increased their attacks against Ukrainian financial and government organizations using Smokeloader malware, according to Ukrainian cybersecurity officials.
Bloomberg: Russia steps up cyberattacks to disrupt Ukraine’s key services (Euromaidan) Ukraine recorded nearly 4,000 cyber incidents from January 2022 to September 2023, with most coming from Russia, according to government data seen by Bloomberg.
Pro-Russia group behind today’s mass cyberattack against Czech institutions (Expats.cz) Russia-based hackers managed to disrupt the websites of the Prague Airport, Interior Ministry, and Chamber of Deputies – but no data was stolen.
Hackers backdoor Russian state, industrial orgs for data theft (BleepingComputer) Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations.
EU On Track To Quit Russian Fossil Fuels (RadioFreeEurope/RadioLiberty) The European Union is on track toward its goal of ending Europe's reliance on Russian fossil fuels within this decade, the European Commission said.
Russia-Ukraine war live: Russia set to withdraw from global treaty banning nuclear weapons tests (the Guardian) The law has passed through parliament and will now go to Vladimir Putin for signing
Armenia Summons Russian Envoy To Protest 'Insulting Statements' In TV Broadcast (RadioFreeEurope/RadioLiberty) Armenia has summoned the Russian ambassador to protest "insulting statements" made against Armenian officials during a Russian television broadcast.
Ukraine’s Stolen Children review – the laughter of the Russian children’s commissioner is shocking (the Guardian) This calm, vivid documentary looks at the thousands of youngsters missing amidst the invasion – and their families’ search. Be warned: the Russian response may cause outrage
Turkey’s president submits bill to ratify Sweden’s Nato membership (the Guardian) Erdoğan signs protocol and sends it to Turkish parliament after agreeing to Sweden’s membership at Nato summit in July
'We Want Him Home,' Says Sister Of U.S. Reporter Detained In Russia (RadioFreeEurope/RadioLiberty) The sister of Wall Street Journal reporter Evan Gershkovich, who has been detained in Russia on spying charges, appealed for his release on October 24 ahead of his upcoming 32nd birthday.
Alsu Kurmasheva arrest: Russia has detained two US journalists this year (Atlantic Council) The Russian authorities have detained Radio Free Europe/Radio Liberty journalist Alsu Kurmasheva for failing to register as a foreign agent, making her the second US journalist to be jailed in Russia so far this year.
Vladimir Putin has not suffered a heart attack and is not using body doubles, says Moscow (The Telegraph) The Kremlin also laughs off claims the Russian president uses a body double for public appearances
Attacks, Threats, and Vulnerabilities
Canada Says Firm That Arranges Military Movements Hit by Cyberattack (The Defense Post) Canada said the company that assists the Canadian military when it moves around the world has recently been hacked.
Chinese Cybercriminals Target India's Digital Payment Ecosystem: Victims Lost Rs 37 Lakhs, so far! (Dazeinfo) Chinese cybercriminals are found targeting Indian loan seekers through over 55 deceptively malicious Android apps. This scam involves UPI.
Salt Security Discovers Flaws in Social Login Mechanism Impacting 1000s of Websites and Exposing Billions of Users to Account Takeover (PR Newswire) Salt Security, the leading API security company, today released new threat research from Salt Labs highlighting API security vulnerabilities...
Oh-Auth - Abusing OAuth to take over millions of accounts (Salt Labs) It’s extremely important to make sure your OAuth implementation is secure. The fix is just one line of code away. We sincerely hope the information shared in our blog post series will help prevent major online breaches and help web service owners better protect their customers and users.
Stealth Techniques Used in 'Operation Triangulation' iOS Attack Dissected (SecurityWeek) Kaspersky analyzes the stealth techniques that were used in the ‘Operation Triangulation’ iOS zero-click attacks.
'Log in with...' Feature Allows Full Online Account Takeover for Millions (Dark Reading) Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires — and other online services likely have the same problems.
VMware warns admins of public exploit for vRealize RCE flaw (Computing) VMware has alerted its users to a significant security threat to its vRealize cloud management solution, now known as VMware Aria Operations for Logs.
AI vs. human deceit: Unravelling the new age of phishing tactics (Security Intelligence) Phishing is a tried and true way for threat actors to get the information they want. Let's explore their newest tactics and how to spot them.
Rockwell Automation Stratix routers vulnerable to Cisco IOS XE vulnerability (BeyondMachines) Rockwell Automation has reported an actively exploited vulnerability in Cisco IOS XE software affecting specific versions of Stratix products. Cisco has released a patch as of October 23. Affected customers should apply mitigating measures and seek guidance from Rockwell Automation on updating their devices.
Number of Cisco Devices Hacked via Zero-Day Remains High as Attackers Update Implant (SecurityWeek) The number of Cisco devices hacked via recent zero-days remains high, but the attackers have updated their implant.
1Password suffers cybersecurity incident after latest Okta breach (Tech Monitor) The fall-out from Okta's latest security problem has hit password management company 1Password, which claims user data is safe.
Customers speak out over Okta’s response to latest breach (Computer Weekly) Customers of identity specialist Okta have again been attacked via a compromise of its systems, and are claiming Okta’s response leaves something to be desired
Canada says China-linked influence campaign targeted lawmakers, prime minister (Record) Canada has accused China-linked threat actors of spreading disinformation and propaganda about its politicians on social media.
Cyber attack launched against Canadian MPs linked back to China (True North) A series of “spamouflage” cyber attacks on Canadian politicians has been linked to China, which has operated numerous bot networks responsible for leaving thousands of comments on the social media accounts of Prime Minister Justin Trudeau and others.
Cyberattack at 5 southwestern Ontario hospitals leaves patients awaiting care (CBC News) As five southwestern Ontario hospitals grapple with a cyberattack they say has caused delays, some patients and their families say they've been left waiting for hours and had procedures cancelled.
Millions of Highly Sensitive Patient Records Exposed in Medical Diagnostic Company Data Breach (Website Planet) Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password protected database that contained over 12
Cyber-attack shuts down South Florida imaging clinic (Islander News) A South Florida-based outpatient radiology and oncology services company, which recently filed for Chapter 11 protection, is now the victim of a ransomware attack which could potentially impact thousands of
August 2023 Data Incident (U-M Public Affairs) This notice is to inform you about an incident that involved unauthorized access to personal information maintained by the University of Michigan.
Security Patches, Mitigations, and Software Updates
CISA Releases One Industrial Control Systems Advisory (Cybersecurity and Infrastructure Security Agency | CISA) CISA released one Industrial Control Systems (ICS) advisory on October 24, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-297-01 Rockwell Automation Stratix 5800 and Stratix 5200
Citrix urges 'immediate; patch for critical NetScaler bug as exploit POC made public (Register) At this point, just assume your kit is compromised
Citrix urges NetScaler ADC, Gateway customers to patch (Cybersecurity Dive) The company warned of session hijacking and targeted attacks against a critical vulnerability.
Trends
Cyber Threat Intelligence Index: Q3 2023 Edition (Flashpoint) Flashpoint's Cyber Threat Intelligence Index Q3 2023 provides data and insights on the most impactful events and threats of 2023 so far.
Flashpoint’s Cyber Threat Intelligence Index: Q3 2023 Edition (Flashpoint) Data, insights, and analysis on the most impactful events and threats of Q3 2023—from ransomware and vulnerabilities to data breaches and insider threat.
NCC Group Monthly Threat Pulse - September 2023 (Mynewsdesk) September saw a new record of 514 victims, marking a year-on-year increase of 153% from 2022. New threat actors, including LostTrust and RansomedVC, rank...
Cyber Threat Intelligence Report (NCC Group) Welcome to NCC Group’s monthly Cyber Threat Intelligence Report, bringing you exclusive insight into the latest Threat Intelligence, updates on recent and emerging advances in the threat landscape and a deep understanding of the latest Tactics, Techniques and Procedures (TTPs) of threat actors.
2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report (Business Wire) Industry-Wide Ransomware Attacks Set to Maintain Record-Setting Pace for Duration of 2023
Veracode Reveals Automation and Training Are Key Drivers of Software Security for Financial Services (Business Wire) 72% of Financial Services Applications Contain Security Flaws; API-launched Scanning and Interactive Security Training Drop Probability of Flaw Introduction to 22%
Ransomware attacks on US healthcare organizations cost $20.8bn in 2020 (Comparitech) We've gathered data on ransomware attacks involving hospitals and healthcare organisations to understand the true cost of this crime in the US.
2023 Consumer Survey: Brand Loyalty In the Age of the Digital Economy (Ping Identity) Read the results of Ping’s 2023 global consumer survey to understand how secure digital experiences impact customer loyalty.
Nastiest Malware 2023 (Webroot Community) We've been doing the Nastiest Malware series for over 5 years now and in that time, we have seen a steady increase in the number and sophistication of malware attacks. Ransomware has been the most prevalent type of malware, with cybercriminals increasingly targeting businesses and organizations. Cri...
Ransomware and Cyber-extortion Trends in Q3 2023 (ReliaQuest) In the third quarter of this year, ReliaQuest observed numerous high-profile ransomware campaigns, large-scale extortion attempts using innovative techniques, and several new groups that quickly made their presence known. In this blog, the key insights from our research.
JPMorgan Chase CISO explains why he's an 'AI optimist' (Security | TechTarget) JPMorgan Chase & Co. CISO Pat Opet spoke with TechTarget Editorial about investing in generative AI and staying on top of emerging threats.
Akamai research finds more sophisticated phishing threats in hospitality industry (SiliconANGLE) New research from Akamai Technologies Inc. shows the increasing level of sophistication that attackers will use on a series of phishing attacks targeting hospitality websites.
Marketplace
RTX, the company formerly known as Raytheon, to sell its cybersecurity business for $1.3B (NBC Boston) RTX to sell its cybersecurity business for $1.3B
Accenture Acquires MNEMO Mexico, a privately held company specializing in managed cybersecurity services (Accenture) Accenture Expands Cybersecurity Services Capabilities in Latin America with Acquisition of MNEMO Mexico.
ZeroFox Renews and Expands 8-Figure Contract with Critical U.S. Federal Agency (GlobeNewswire News Room) Extended partnership ensures essential threat intelligence and protection across the entire external attack surface...
Microsoft Will Make Record Investment in Australia, Aims to Boost Cybersecurity (Wall Street Journal) The U.S. tech giant said it will make its largest-ever single investment in Australia and expand its cloud computing and AI infrastructure in the country.
Microsoft to help Australia’s cyber spies amid $5bn investment in cloud computing (the Guardian) US-based tech company promises to boost Australia’s ability to identify and prevent cyber threats in joint announcement with Anthony Albanese
‘Huge potential for us to grow in the enterprise space’ (Financial Express) For B2B, our focus right now is to create a foothold and establish ourselves in India.
Better the devil you know: Hackers recruited in race to dodge cyber attacks (InQueensland) Some of the world's biggest companies are turning to 'white hat' hackers in the race to stop cyber attacks.
10 Non-Coding Jobs for Computer Science Majors (Analytics Insight) Unleash rewarding non-coding computer science career paths for Computer Science majors
Contrast Security Appoints Peter Daley as Chief Financial Officer (Contrast Security) The Runtime Security leader taps former CrowdStrike executive as the demand for its Secure Code Platform continues to flourish.
Virtru expands public sector leadership team amidst record growth in defense markets (GlobeNewswire News Room) Momentum includes 140% year-over-year revenue growth and successful participation in Bold Quest exercises for the third consecutive year...
Products, Services, and Solutions
ReasonLabs' Online Security & Identity Protection Tool Surpasses 12 Million Users (PR Newswire) ReasonLabs, the cybersecurity pioneer equipping home users with the same level of cyber protection used by Fortune 500 companies, has today...
Scribe Security Harnesses Its Software Trust Hub to Support CISA's Secure Software Development Attestation Form (PR Newswire) Scribe Security, a leading software supply chain security provider, announced today that its solution now enables organizations to validate...
Plume Advances Personalization and Control for Consumers (PR Newswire) Network services and consumer experience pioneer Plume® has introduced new AI-driven personalization features within its HomePass®...
Drata Introduces Role-Based Access Control and User Access Reviews to Further Automate GRC Processes, at Drataverse Digital (PR Newswire) Drata, the leading continuous security and compliance automation platform, today announced the launch of two highly anticipated capabilities:...
Lantronix Expands Automotive Solution Offerings With New Snapdragon Ride SX Development Platform (GlobeNewswire News Room) Lantronix Expands Automotive Solution Offerings With New Qualcomm Snapdragon Ride SX Development Platform...
Fortinet Expands Its Universal SASE Offering to Securely Connect Any User to Any Application (Fortinet) Over 100 FortiSASE cloud locations for worldwide coverage, a new FortiGate SASE appliance, and more flexible security consumption options support enterprise organizations’ adoption of Fortinet Universal SASE
Malwarebytes Announces Consumer Identity Theft Protection Solution to Defend Against Online Fraud and Theft (Malwarebytes Press Center) New offering provides comprehensive security protection alongside credit and financial monitoring, alerts and recovery services to keep personal information safe and secure
Bitdefender Launches New Offensive Cybersecurity Services (Bitdefender) Penetration Testing and Red Teaming Capabilities Added to the Bitdefender Managed Detection and Response Portfolio
Akamai Strengthens DDoS Protection with Launch of Canadian Scrubbing Centers (Akamai) Prolexic cloud scrubbing centers in Toronto and Montreal enhance protection from DDoS attacks.
Aware and PeopleCert Align to Prevent Proxy Testing (GlobeNewswire News Room) First-of-its-Kind Biometrics Application in Examination and Accreditation Market Promises to Eliminate Fraud, Guarantee Test Validity...
Groundbreaking AI-Driven VISO TRUST Platform Transforms Third-Party Cyber Risk Management - Enables Risk Assessments in Minutes, not Months (Business Wire) Identifies High-Risk Vendors with 500% Greater Accuracy, Redefining TPRM Effectiveness, Eliminating Bottlenecks, Enabling Near Real-Time Cybersecurity Control Detection/Analysis
Cycode Launches Raven, an Open Source Security Scanner to Bolster CI/CD Pipeline Security (GlobeNewswire News Room) With GitHub Actions as its first use case, Raven Provides AppSec Teams with a reliable and scalable solution for pipeline security analysis...
Axiomatics Eliminates Barriers to Policy-Driven Authorization with Industry’s First Generative AI-Powered Solution (Axiomatics) Policy Companion enables stakeholders across the enterprise to develop policies that reflect core business priorities & outcomes – in minutes.
CybExer's new partner program debuts with Soliton Systems alliance (ChannelLife Australia) CybExer Technologies launches a new partner program, debuting a strategic alliance with Soliton Systems.
Deep Instinct Offers Data Storage Protection (MSSP Alert) The Deep Instinct Prevention for Storage solution can identify, quarantine and remove malicious files before they execute.
Dimension Data, Cisco launch networking and cyber security service (KBC) Dimension Data has launched a unified network and security service that consolidates several capabilities addressing IT operations and Cyber security risks. This is made possible by taking advantage of the power in cloud delivered services from our strategic partner, Cisco technologies. The new service, Managed Secure Software-Defined Wide Area Network, will enable both large and
Palo Alto Networks Prisma Cloud Revolutionizes Code-to-Cloud Security (Forbes) Its Code-to-Cloud approach dives deep into patterns, behaviors, and anomalies across code, cloud infrastructure, and runtime.
Technologies, Techniques, and Standards
Cybersecurity Awareness Month 2023 Blog Series | Recognizing and Reporting Phishing (NIST) During this week’s blog series, we sat down with two of our NIST experts from the Visualization and Usability Group at NIST —
In a world of deep fakes, securing an organization's crown jewels gets real (ERP Today) The closer you get to full cyber protection, the more costly and resource-intensive it gets. Businesses are focusing on their crown jewels.
They Cracked the Code to a Locked USB Drive Worth $235 Million in Bitcoin. Then It Got Weird (WIRED) Stefan Thomas lost the password to an encrypted USB drive holding 7,002 bitcoins. One team of hackers believes they can unlock it—if they can get Thomas to let them.
FS-ISAC Announces UK Strategic Subsidiary Board (TMC Net) Collaboration to increase resilience across UK financial services ecosystem
One login to rule them all: Should you sign in with Google or Facebook on other websites? (We Live Security) Why use a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?
Here are the pros and cons of the consumer variety of an authentication method called Single Sign-On (SSO), commonly also known as social login, for your personal online accounts.
Army's New Intel Doctrine Prepares for a Quantum Future (Government CIO) Multi-domain operations require modernization of the service's intelligence, surveillance and reconnaissance while investing in new technologies.
Penetration Testing to Ensure PCI Compliance in State and Local Governments (StateTech Magazine) State and local governments that process credit card payments need to know how to conduct a PCI penetration test to remain compliant with the PCI DSS.
Design and Innovation
LinkedIn Tests Generative AI to Field Cybersecurity Questions From Employees and Suppliers (Wall Street Journal) AI chatbot cuts down on wait time for responses, potentially helping staff seal deals with business partners and implement new technologies.
Academia
Kaspersky and UM join hands to develop Malaysia’s cybersecurity talent (Marketing-Interactive) Kaspersky and Universiti Malaya (UM) partner to develop educational programmes and activities to train cybersecurity talent in Malaysia, amidst a growing digital economy.
Legislation, Policy, and Regulation
It's Time to Establish the NATO of Cybersecurity (Dark Reading) Cybercriminals already operate across borders. Nations must do the same to protect their critical infrastructure, people, and technology from threats foreign and domestic.
A Controversial Plan to Scan Private Messages for Child Abuse Meets Fresh Scandal (WIRED) An EU government body is pushing a proposal to combat child sexual abuse material that has significant privacy implications. Its lead advocate is making things even messier.
A Powerful Tool US Spies Misused to Stalk Women Faces Its Potential Demise (WIRED) Though often viewed as the “crown jewel” of the US intelligence community, fresh reports of abuse by NSA employees and chaos in the US Congress put the tool's future in jeopardy.
Ukraine, Israel and Taiwan are bulwarks of democracy against authoritarianism (The Hill) Recent events have created a moment of “moral clarity.” It should also be seen as a time of strategic clarity.
'Ensure our security': Former military officials plead with Congress to pass Israel, Ukraine aid (USA Today) A group of 30 retired three and four-star military generals and admirals traveled to Capitol Hill Tuesday to push lawmakers to approve an emergency aid package for Israel and Ukraine as war rages on in both countries.
CISA Needs more Money and Less Red Tape, Report Says (Homeland Security Today) The Cybersecurity and Infrastructure Security Agency will need more than money alone to effectively address growing cybersecurity threats to federal civilian agencies in coming years, according to a new study on the agency’s role as the operational lead for protecting the .gov domain.
Cybersecurity regulations for passenger and freight railroads renewed by TSA (Record) “The renewal is the right thing to do to keep the nation’s railroad systems secure against cyber threats, and these updates sustain the strong cybersecurity measures already in place for the railroad industry,” TSA Administrator David Pekoske said.
Trial begins for Coast Guard vet, wife accused of identity theft (Navy Times) Prosecutors say Walter Glenn Primrose spent more than 20 years in the Coast Guard as Bobby Fort, where he obtained secret-level security clearance.
It’s time to go on offense against foreign cyberattacks (The Hill) For years, the People’s Republic of China (PRC) has supported and harbored hacking groups that consistently attack U.S. government cyber networks. Far from the reach of U.S. law enforcement and hid…
Litigation, Investigation, and Law Enforcement
Capcom hackers "taken down" in major international police operation (NME) A major player in the ransomware group that hacked Capcom in 2020 has been arrested in Paris in an international police operation.
Europol sheds more light on Ragnar Locker ransomware disruption (SC Media) Officials at Europol have confirmed that the Ragnar Locker ransomware group's infrastructure has been dismantled alongside the arrest of a primary target working as a developer for the ransomware gang.
States Sue Meta Alleging Harm to Young People on Instagram, Facebook (Wall Street Journal) A group of more than 40 attorneys general are filing lawsuits alleging that Meta Platforms built products with addictive features that harm young users.
41 states sue Meta, claiming Instagram, Facebook are addictive, harm kids (Washington Post) The action marks the most sprawling state challenge to date over social media’s impact on children’s mental health
Here’s how a children’s privacy law figures into that big legal effort against Meta (Washington Post) A bipartisan group of 42 attorneys general are suing Meta, saying that it collects children’s data in a way that violates a federal privacy law as part of a broader complaint against the social media company that it builds addictive features into Facebook and Instagram.
The 5 Instagram Features That US States Say Ruin Teens’ Mental Health (WIRED) These five features of Instagram helped Meta deceptively hook teens and harm their mental health, allege lawsuits filed today by 42 US states.
Inside ICE’s Database for Finding ‘Derogatory’ Online Speech (404 Media) Thumbs up, or thumbs down: that's the option presented to analysts when the tool Giant Oak Search Technology surfaces content from social media and other sources for ICE to scrutinize.
DOJ Civil Cyber-Fraud Initiative False Claim (National Law Review) US Department of Justice Civil Cyber Fraud Initiative CCF Initiative employs False Claims Act FCA to hold entities that put US information at risk accountable
Landmark Decision Handed Down on ICO’s Responsibilities in Handling Subject Access Requests (cyber/data/privacy insights) On 10 October 2023, the England and Wales Court of Appeal handed down its decision in Delo, R. (On the Application Of) v. The Information Commissioner1, in which it upheld an earlier High Court ruling that the UK’s data protection regulator, the Information Commissioner’s Office (ICO), is not oblige