Dateline: Hybrid wars in Ukraine, Russia, Israel, and Gaza.
Ukraine at D+262: Shifting Kremlin narratives. (CyberWire) Russian influence operations take a pro-mobilization turn domestically, an anti-neocolonialist line internationally.
Israel fights Hamas deep in Gaza City and foresees control of enclave’s security after war (AP News) That was the clearest indication yet that Israel plans to maintain control over the coastal enclave one month into a conflict that has claimed thousands of lives and leveled whole swaths of the territory.
‘We saw death’: families flee past tanks as Israel begins to storm Gaza City (the Guardian) Civilians given four-hour window to leave encircled capital but fears many are still trapped
Hamas terrorists’ last stand at Gaza hospital (The Telegraph) In showdown witnessed by a Telegraph reporter, Israeli warplanes, tanks and infantry corner last remains of 1,000-strong battalion
Hamas chief 'hiding in bunker' as Israel presses Gaza offensive (The Telegraph) Hamas leader Yahya Sinwar is “hiding” in a Gaza bunker after being cut off from other members of the terrorist group, Israel has claimed.
Opinion: I’m an expert in urban warfare. Israel is upholding the laws of war (CNN) All war is hell. All war is killing and destruction, and historically civilians are inordinately the innocent victims of wars. Urban warfare is a unique type of hell not just for soldiers, who face assaults from a million windows or deep tunnels below them, but especially for civilians.
G7 nations announce a unified stance on Israel-Hamas war after intensive meetings in Tokyo (AP News) Top diplomats from the Group of Seven leading industrial democracies have announced a unified stance on the Israel-Hamas war after intensive meetings in Tokyo, condemning Hamas, supporting Israel’s right to self-defense and calling for “humanitarian pauses” to get aid to desperate civilians in Gaza.
Israel-Hamas War: G7 Calls for Pause in War as Israeli Troops Reach Heart of Gaza City (New York Times) Foreign ministers from the Group of 7 nations put more pressure on Israel to allow more aid into Gaza and protect civilians.
Reoccupying Gaza ‘Not the Right Thing to Do,’ White House Tells Israel (New York Times) The U.S. caution came after Prime Minister Benjamin Netanyahu floated the idea that Israel might oversee security for the Gaza Strip indefinitely.
Rep. Rashida Tlaib censured by House over Israel-Hamas comments (ABC News) House Democrats' effort to block the GOP resolution failed Tuesday.
Opinion | For America’s Jews, Every Day Must Be Oct. 8 (New York Times) We got our wake-up call the day after the massacre. It’s time to act.
Cyber Escalation in Modern Conflict: Exploring Four Possible Phases of the Digital Battlefield (Flashpoint) Explore four cyber warfare phases in conflicts like Israel-Hamas & Russia-Ukraine, understanding threats in virtual and physical battlefields.
Cyberspace remains unaffected amidst geopolitical turmoil (Sectrio) Explore the factors that contribute to the resilience of cyberspace amidst ongoing geopolitical instability and why is it so? Identify ground realities today!
Ukraine/United States : US firm Cisco gaining dominance in Ukraine thanks to USAID's cyber assistance programmes (Intelligence Online) Cisco is playing a leading role in American technical assistance projects in Ukraine that are run by the US development agency USAID.
Russia-Ukraine war: List of key events, day 623 (Al Jazeera) As the war enters its 623rd day, these are the main developments.
Russia-Ukraine war live: Russia has attacked Ukrainian energy system 60 times ahead of winter, says Kyiv (the Guardian) Energy ministry says ‘after each new attack, the need for energy equipment grows’ as it calls for continued aid
Ukraine reports fresh success in the Battle of the Black Sea (Atlantic Council) Ukraine's success in the Battle of the Black Sea should convince the country's Western partners to finally abandon their cautious approach and provide the Ukrainian military with the weapons they need to defeat Russia, writes Peter Dickinson.
EU Set to Proceed on Ukraine Membership Bid With Conditions (Bloomberg) The bloc will say Ukraine still needs to finish three reforms. European Commission will present enlargement report this week.
Ukraine Fatigue Risks ‘Putin Lookalike,’ Romanian Leader Says (Bloomberg) Romanian premier Ciolacu pledges support in stark warning. War fatigue costs greater than Russian victory, Ciolacu says.
As war frustrations rise, stalemate tests Zelensky and top general Zaluzhny (Washington Post) After months of heavy losses in a largely stalled counteroffensive against Russia, tension among Ukraine’s senior leaders has spilled awkwardly into the open in recent days — prompting President Volodymyr Zelensky to call for a halt to political infighting.
Ukraine kickstarts European enlargement, just as US backs away (POLITICO) As US support for Ukraine risks waning and the EU pulls Kyiv closer, Brussels could have to shoulder a much larger share of the burden.
A top Chinese military official visits Moscow for talks on expanding ties (AP News) A senior Chinese military official is visiting Moscow and is hailing strong ties between the countries during a trip that underlined growing cooperation between them.
It Sure Seems Like North Korea Gave Russia 500,000+ Artillery Shells to Use in Ukraine (Popular Mechanics) That could have a serious impact in battles to come.
Peace is impossible while Vladimir Putin denies Ukraine’s right to exist (Atlantic Council) While calls to end the bloodshed in Ukraine are perfectly understandable, anyone advocating a compromise peace deal with Vladimir Putin must first reckon with the genocidal reality of Russia’s invasion, writes Taras Kuzio.
Opinion Could this man bring down Putin? (Washington Post) Ilya Ponomarev, a renegade former member of Russia’s parliament, has a provocative idea: He argues that the only way to end the Ukraine war on acceptable terms is through a coup that topples Russian President Vladimir Putin.
Ukraine's president rules out holding elections next spring and calls for unity in fighting Russia (AP News) Ukrainian President Volodymyr Zelenskyy has ruled out a presidential vote next spring and is urging his countrymen to avoid political divides, saying the country must concentrate all its resources on fighting Russian aggression.
How Ukraine is Pioneering New Ways to Prosecute War Crimes (TIME) An interview with Ukraine's prosecutor general Andriy Kostin on crowd-sourcing war crimes evidence
Faith leaders highlight Russian religious persecution in occupied Ukraine (Atlantic Council) A delegation of Ukrainian faith leaders recently visited the United States and participated in a panel discussion to address Russia's policies of religious persecution and repression in occupied Ukraine.
France investigates Russian involvement in anti-Semitic graffiti campaign (The Telegraph) Hundreds of Stars of David have been smeared on walls in and around Paris since the Hamas attack on Israel on Oct 7
Dozens Of Women In Moscow Make Rare Public Call For Their Husbands' Return From Ukraine War (RadioFreeEurope/RadioLiberty) Dozens of women rallied in Moscow on November 7, demanding that their husbands, who have been mobilized to fight in Russia's invasion of Ukraine, return home, a rare display of protest amid a crackdown on any dissent over the conflict.
‘If Not Me, Who?’: As Ukraine Seeks Troops, Women Prepare for the Call (New York Times) With so much in the war against Russia hinging on refilling the ranks of soldiers, efforts are underway to draw more Ukrainian women into the army.
The Kremlin’s Efforts to Covertly Spread Disinformation in Latin America (United States Department of State) The Russian government is currently financing an on-going, well-funded disinformation campaign across Latin America. The Kremlin’s campaign plans to leverage developed media contacts in Argentina, Bolivia, Chile, Colombia, Cuba, Mexico, Venezuela, Brazil, Ecuador, Panama, Paraguay, Peru, and Uruguay, among other countries in Latin America, in order to carry out an information manipulation campaign designed to […]
U.S. Says Russia Funds Latin America-Wide Anti-Ukraine Disinformation Drive (RadioFreeEurope/RadioLiberty) The United States has accused Russia of financing a Latin America-wide disinformation campaign, which feeds media contacts with propaganda and fake news aimed at weakening support for Ukraine and boosting anti-U.S. and anti-NATO sentiments.
Attacks, Threats, and Vulnerabilities
Python obfuscation traps (Checkmarx.com) In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example involves developers being targeted by seemingly legitimate Python obfuscation packages that harbor malicious code.
Confluence to Cerber: Exploitation of CVE-2023-22518 for Ransomware Deployment (Huntress) CVE-2023-22518 is being exploited in Confluence for Cerber ransomware deployment. Read up on Huntress’ observations and mitigation guidance.
Chinese APT Targeting Cambodian Government (Unit 42) Cambodian government entities were targeted by a Chinese APT masquerading as cloud backup services. Our findings include C2 infrastructure and more.
Chinese cyberspies have widely penetrated networks of ally Cambodia (Washington Post) Chinese hackers widely penetrated Cambodian government networks, new report finds
The rise of .ai: cyber criminals (and Anguilla) look to profit (Netcraft) Given the global interest in artificial intelligence (AI), it comes as no surprise that cybercriminals are looking to exploit the media hype. 2023 has seen ...
Cryptocurrency Miner Leveraging Microsoft Azure (SafeBreach) SafeBreach Labs developed the first free, undetectable cloud-based cryptocurrency miner leveraging Microsoft Azure’s Automation Service.
Cyber Security of Space Systems ‘Crucial,’ As US Space Force Official Notes Recent Attacks (Via Satellite) A number of recent cyberattacks on space systems highlight the need for their improved security, a U.S. Space Force official said on
Report Examines Cyber Threat Trends Facing Retail and Hospitality This Holiday Season (RH-ISAC) Phishing and fraud remain critical concerns for the consumer-facing industry, with return fraud and gift card fraud increasing dramatically during the holidays.
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto (BleepingComputer) Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets.
Looney Tunables bug exploited for cryptojacking (Help Net Security) Kinsing threat actors have been exploiting the recently disclosed Looney Tunables vulnerability to target cloud-native environments.
Atlassian confirms ransomware is exploiting latest Confluence bug (Record) An Atlassian spokesperson said the company had evidence to support what cybersecurity researchers reported over the weekend: A vulnerability affecting the Confluence Data Center and Confluence Server products was being used in cybercrime.
Indian journalist targeted with NSO spyware, anti-corruption group says (Reuters) Government-backed hackers tried to plant spyware made by NSO Group on the iPhone of an Indian journalist working for the Organized Crime and Corruption Reporting Project (OCCRP) in August, the organization’s co-founder said on Monday.
Windows 11 security ineffective against attacks on old device drivers, say researchers (Computing) Controls Microsoft rolled out to protect Windows 11 from hackers seeking to exploit security vulnerabilities in hardware device drivers are inadequate, security researchers at VMware claimed last week.
Optus outage causes chaos in Australia before services restored (Reuters) Some 10 million Australians could not access the internet.
Singapore’s Marina Bay Sands Says It Was Hit in Data Breach (Bloomberg) Singapore luxury casino Marina Bay Sands said an unauthorized third party accessed its customer data of about 665,000 non-casino rewards program members.
Marina Bay Sands discloses data breach impacting 665,000 customers (BleepingComputer) The Marina Bay Sands (MBS) luxury resort and casino in Singapore has disclosed a data breach that impacts personal data of 665,000 customers.
Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach (CNA) Some email addresses and mobile phone numbers were affected by the security incident.
TransForm says ransomware data breach affects 267,000 patients (BleepingComputer) Shared service provider TransForm has published an update on the cyberattack that recently impacted operations in multiple hospitals in Ontario, Canada, clarifying that it was a ransomware attack.
Hundreds of Hawaii food stamp, financial assistance recipients targeted in cyber attack (Hawaii News Now) Some saw their accounts emptied after fraudulent purchases.
Dallas County reviewing data leaked by ransomware gang (Record) The Play ransomware gang posted data purportedly stolen from Dallas County to its leak site.
Data claimed to be from Dallas County cyber attack posted online, officials say (WFAA) Ransomware cybercrime organization known as “Play” claimed responsibility and had threatened to reveal private county documents on Nov. 3. That release was delayed.
Boeing data leaked, attackers promise more (Cybernews) The Boeing Company, a global commercial jetliner manufacturer and US military and defense contractor, had the company’s data leaked by the LockBit ransomware gang.
CISA Sees Smooth Election Day Operations, No ‘Credible’ Threats (Meritalk) The Cybersecurity and Infrastructure Security Agency (CISA) – which in recent years has taken an outsized role in helping to ensure the security of elections run by state and local authorities throughout the country – said today that it had seen no credible threats to election infrastructure and processes as many states held off-year elections for state legislative and other offices.
CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency | CISA) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-22518 Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Security Patches, Mitigations, and Software Updates
Critical Vulnerabilities Expose Veeam ONE Software to Code Execution (SecurityWeek) Veeam Software has rolled out patches to cover code execution vulnerabilities in its Veeam ONE IT monitoring product.
CISA Releases Guidance for Addressing Citrix NetScaler ADC and Gateway Vulnerability CVE-2023-4966, Citrix Bleed (Cybersecurity and Infrastructure Security Agency | CISA) Today, CISA, in response to active, targeted exploitation, released guidance for addressing Citrix NetScaler ADC and Gateway vulnerability CVE-2023-4966. The vulnerability, also known as Citrix Bleed, could allow a cyber actor to take control of an affected system.
CISA Releases One Industrial Control Systems Advisory (Cybersecurity and Infrastructure Security Agency | CISA) CISA released one Industrial Control Systems (ICS) advisory on November 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-311-01 GE MiCOM S1 Agile
Microsoft Authenticator now blocks suspicious MFA alerts by default (BleepingComputer) Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage.
Android 14’s storage disaster gets patched, but your data might be gone (Ars Technica) Google's "solution" can't do anything for bootlooping devices.
23andMe data theft prompts DNA testing companies to switch on 2FA by default (TechCrunch) The move to improve user account security comes after a hacker claimed the theft of millions of 23andMe user records data.
Meta, Discord and others unveil effort to combat online child sexual exploitation and abuse (TechCrunch) A coalition of tech companies have announced Lantern, a program designed to make it easier to detect -- and combat -- child sexual exploitation and abuse online.
Trends
Small business recoils from cost of cyber security (Cyber Daily) The main barrier to more secure digital systems is price, a Mastercard survey finds, and raising revenue has become a higher priority. Editor’s note: This story
McAfee’s 2023 Scam Study Results: Scam Texts More Painful Than Getting a Root Canal (Business Wire) Most Americans would opt for a one-time root canal rather than face a year of scam messages
Marketplace
Attack Surface Management Technology Provider Cavelo Announces CAD$5M Funding Round (PR Web) Financing Comes as Data Privacy and Data Security Requirements Fuel Cavelo's Customer Acquisition, 272% Year-over-Year Revenue Growth
Baltimore cybersecurity company faces delisting from Nasdaq (Maryland Inno) One of Baltimore’s largest cybersecurity companies is at risk of being delisted from the Nasdaq stock exchange despite recently winning a large federal contract.
Budget Cuts, Layoffs Add to Pressure on Cyber Teams (Wall Street Journal) In a new survey, almost half of cybersecurity professionals say their teams have had cutbacks in spending or personnel in the past year.
90 Percent of Cybersecurity Professionals Work on Vacation and Deal with Frequent Interruptions to Daily Life (Business Wire) Overwhelming majority of survey respondents said they check email, Slack and other forms of work communication even when on vacation
CISA Seeks Next-Gen Cybersecurity Experts From Underserved Communities (The Defense Post) CISA has awarded $3 million in contracts to two non-profits to hire and educate new digital security personnel from underserved communities
Coro Ranked Number 38 Fastest-Growing Company in North America on the 2023 Deloitte Technology Fast 500™ (Business Wire) Attributes 4861% Revenue Growth to Delivering Enterprise-Grade, Affordable Cybersecurity for the Midmarket
WSJ News Exclusive | X’s Elon Musk Hired a CEO With TV Roots. She’s Showing Them. (Wall Street Journal) Linda Yaccarino is drumming up video deals with NFL, NBA and others as “training wheels” for nervous brands.
Camelot Secure Continues to Redefine Cybersecurity Excellence; Sherri Thomas, Chief Revenue Officer, Makes Shortlist for Cyber Woman of the Year 2023 (Camelot Secure) Camelot Secure's Sherri Thomas, has been shortlisted by the 2023 Cyber Security Award judging panel as a Cyber Woman of the Year .
Access Announces Promotion of Tony Skarupa to CEO (GlobeNewswire News Room) Former CFO to Lead Information Management Services Provider; Additional Senior Management Positions Announced...
Products, Services, and Solutions
Buoyant and SUSE Expand Partnership to Provide Secure Edge Computing Deployments (PR Newswire) Partnership fueled by growing demand for Cloud Native environments, modernization of legacy infrastructures and need for secure connected...
SentinelOne® Empowers Security Teams with Unprecedented Insight Through Singularity™ Threat Intelligence (SentinelOne) New solution powered by Mandiant Threat Intelligence expands company’s ability to deliver deep insights needed to protect against threats and mitigate risk
Varonis Expands Microsoft Exchange Online Protection to Prevent Sensitive Email Exposure (Varonis) Unprecedented coverage for Microsoft 365 helps organizations reduce their email attack surface, stop data exfiltration, and control generative AI risk
Druva Expands Multi-Cloud Protection with Secure Azure Backup (Druva) Agentless, cloud-native SaaS solution delivers secure, air-gapped backups at 40% lower TCO
Bitwarden Launches Passkey Management For All Users to Create, Manage, and Store Passkeys in Their Vaults (Business Wire) Providing everyone with fast, secure, and convenient passwordless authentication across accounts
Sensing Clues Saves Wildlife Using Geospatial Intelligence with Progress (Progress) Using MarkLogic Data Hub, the Dutch nonprofit created a 360-degree view of protected nature areas to give rangers better situational awareness and help prevent animal poaching
Egress Announces Integration with CrowdStrike to Prevent Cloud Email-based Threats Driven by Human Risk (GlobeNewswire News Room) Integration with the AI-native CrowdStrike Falcon® Platform enhances Egress’ adaptive security model with identity risk data to prevent the risky human...
Titania launches evidence-based PCI DSS 4.0 Compliance Reporting (SecurityInfoWatch) Automating ready-mapped network device checks, with drill-down access to testing procedures, the compliance report demonstrates how routers, switches and firewalls ‘pass or fail...
GCU Selects CyberArk To Reduce Identity Security Risk For Thousands Of Staff And Students (SecurityInformed) CyberArk, the identity security company announced that Glasgow Caledonian University (GCU) has selected the CyberArk Identity Security Platform to power its mission-critical identity and access management modernisation initiatives and improve security for its more than 27,000 staff and students.
WISeKey’s Subsidiary WISeSAT.space Ushers a New Era of Smart Containers, Deploying its Cutting Age Track & Trace Technology for Caspian Container Company SA, a Container Logistics Arm of Integral Group (GlobeNewswire News Room) WISeKey’s Subsidiary WISeSAT.space Ushers a New Era of Smart Containers, Deploying its Cutting Age Track & Trace Technology for Caspian Container...
NIKSUN Once Again Achieves U.S. Department of Defense Information Networks (DoDIN) Approved Products List (APL) Status (EIN News) NIKSUN® Inc., the world leader in developing real-time and forensics-based cyber security, compliance, and network-to-application performance monitoring
The expert guide to safe shopping and avoiding fake websites in 2023 | F-Secure (F‑Secure) F‑Secure experts deliver the ultimate guide to safe shopping and avoiding fake websites.
Role-Based Access Control Is Critical to Your Security Stack (Duo Security) With new Role-Based Access Control for subaccounts, Duo delivers even stronger security with high productivity. Learn about RBAC and all its benefits.
Commvault Joins Forces with Leading Security, AI Companies to Help Customers Stay Ahead of Bad Actors and Escalating Cyber Threats (PR Newswire) Key integrations between Commvault Cloud and security and AI partners can help customers advance data insights as well as threat detection, protection, mitigation, and recovery
Introducing the First True Cloud Platform for Cyber Resilience in the Hybrid Enterprise: The Commvault Cloud, Powered by Metallic AI (PR Newswire) Commvault, a leading provider of cyber resilience and data protection solutions for hybrid cloud organizations, today...
Keeper Security Announces Integration with ServiceNow to Empower DevOps Teams With Next-Gen Secrets Management (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, passkeys, privileged...
Orca Security Expands AI Portfolio with Google Cloud Vertex AI Integration (Orca Security) Latest AI-Driven Cloud Security Enhancement Accelerates Risk Remediation to Significantly Improve Security Outcomes
Rubrik Introduces Ruby (Rubrik) Rubrik is adding Ruby, the generative AI companion for data security, to its portfolio of strong AI capabilities. Rubrik's AI capabilities accelerate cyber detection, recovery and resilience for all levels of cyber expertise.
DTS Achieves Perfect Score on Joint Surveillance Voluntary Assessment (PR Newswire) DTS, which delivers cyber, consulting, and management services, announced that it has earned a perfect score of 110 on its Joint...
PlainID Announces Strategic Partnership with Microsoft's Leading Business Intelligence Provider Power BI (PR Newswire) PlainID, the Authorization Company™, has announced the launch of its PlainID Authorizer for Microsoft's Power BI. The Authorizer will be...
Technologies, Techniques, and Standards
DHS Unveils New Shields Ready Campaign to Promote Critical Infrastructure Security and Resilience (Cybersecurity and Infrastructure Security Agency) Today, the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Emergency Management Agency (FEMA) launched the new “Shields Ready” campaign to encourage the critical infrastructure community to focus on strengthening resilience. Resilience is the ability to prepare for, adapt to, withstand, and rapidly recover from disruptions caused by changing conditions.
FEMA and CISA Release Joint Guidance on Planning Considerations for Cyber Incidents (Cybersecurity and Infrastructure Security Agency | CISA) Today, the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA) released the joint guide Planning Considerations for Cyber Incidents: Guidance for Emergency Managers to provide state, local, tribal, and territorial (SLTT) emergency managers with foundational knowledge of cyber incidents to increase cyber preparedness efforts in their jurisdictions.
Planning Considerations for Cyber Incidents: Guidance for Emergency Managers (FEMA) Emergency management personnel play a central role in preparing for and responding to cyber incidents in their jurisdictions.
Space Operators Should Harden Cryptography Defenses, NSA Cyber Official Says (Via Satellite) Space operators must start planning for and implementing quantum-resistant cryptography now to ensure that space national security
AI Risk-Management Standards Profile for General-Purpose AI Systems (GPAIS) and Foundation Models - CLTC (CLTC) Increasingly general-purpose AI systems, such as BERT, CLIP, GPT-4, DALL-E 2, and PaLM, can provide many beneficial capabilities, but they also introduce risks of adverse events with societal-scale consequences. This document provides risk-management practices or controls for identifying, analyzing, and mitigating risks of such AI systems. The document is intended primarily for developers of these AI systems; others that can benefit from this guidance include downstream developers of end-use applications that build on a general-purpose AI system platform.
Use ‘Find My’ phone apps. But don’t trust them. (Washington Post) Two dangerous cases of mistaken identity using the Find My app showed that location-tracking technology can be useful — but it cannot be trusted.
Design and Innovation
App Defense Alliance Migrates Under Joint Development Foundation with Google, Meta, and Microsoft as the Steering Committee (Linux Foundation) Technology leaders unite for app security across ecosystems.
Research and Development
Next-gen GPS ground system expected to come online this summer: Calvelli (Breaking Defense) "Big software developments fail," said Air Force space acquisition czar Frank Calvelli. "You have to go to smaller systems."
Legislation, Policy, and Regulation
North Korean cyber threats sought to be combated by new consultative group (SC Media) Mounting North Korean cybersecurity activities leveraged to finance the country's weapons program have prompted the U.S., Japan, and South Korea to create a new high-level consultative group aimed at jointly averting such threats, according to The Record, a news site by cybersecurity firm Recorded Future.
Big Tech to face tougher rules on targeted political ads in EU (Reuters) Big Tech firms will face new European Union rules to clearly label political advertising on their platforms, who paid for it and how much and which elections are being targeted, ahead of important votes in the bloc next year.
UK wants prior notice from Big Tech of security rollouts (Register) Campaigners say proposals to reform laws are 'dangerous' and an attack on safety
Safeguards by banks, telcos under shared liability framework to 'materially reduce' phishing scam risks: MAS (CNA) Beyond the proposed framework on determining liability for scam losses, Members of Parliament also raised questions about the process of requesting for physical security tokens from banks.
US consumer finance regulator wants to extend oversight to Big Tech (Financial Times) Proposal would subject digital wallets and payment applications to more scrutiny
Lawmakers unveil first bill to renew controversial surveillance program (Axios) A key group of bipartisan lawmakers Tuesday introduced their blueprint for renewing a controversial surveillance tool before it expires at the end of the year.
Litigation, Investigation, and Law Enforcement
Second Meta whistleblower testifies about failure to protect teens (Computing) Arturo Béjar, a former engineering director at Meta, testified before the US Congress on Tuesday, sharing his personal experience of witnessing his own daughter suffer harassment on Instagram.
Meta ignored warnings on Instagram’s harm to teens, whistleblower says (CNN) Meta’s top executives including CEO Mark Zuckerberg spent years ignoring warnings about harms on platforms it owns such as Instagram, a company whistleblower told a Senate subcommittee on Tuesday.
As Meta chased younger users, employees raised safety concerns (Washington Post) A former engineering and product leader at Meta is expected to testify in Congress about how Meta ignored warnings about youth safety
YouTube’s Ad Blocker Detection Believed to Break EU Privacy Law (WIRED) A complaint filed with the EU’s independent data regulator accuses YouTube of failing to get explicit user permission for its ad blocker detection system, potentially violating the ePrivacy Directive.
What a Bloody San Francisco Street Brawl Tells Us About the Age of Citizen Surveillance (WIRED) When a homeless man attacked a former city official, footage of the onslaught became a rallying cry. Then came another video, and another—and the story turned inside out.
Data broker’s “staggering” sale of sensitive info exposed in unsealed FTC filing (Ars Technica) Judge: Data broker’s motion to sanction FTC “long on hyperbole, short on facts.”