Dateline Moscow and Kyiv: Ukraine receives Polish, Slovak MiGs.
Ukraine at D+386: Tactical pause, ongoing cyberespionage. (CyberWire) China offers a show of support for Russia as the offensive at Bakhmut stalls. Fancy Bear exploits a recently patched Outlook vulnerability.
Russia-Ukraine war: List of key events, day 387 (AL Jazeera) As the Russia-Ukraine war enters its 387th day, we take a look at the main developments.
Wagner’s convicts tell of horrors of Ukraine war (Reuters) Reuters tracked down and interviewed five Russian prisoners who fought in Ukraine in return for freedom. They gave the most detailed insider account yet of Wagner's convict army.
Russian Wagner Group puts €15m bounty on Italian minister’s head (The Telegraph) Guido Crosetto has been critical of the Kremlin, making him a possible assassination target for the mercenary group
Poland to launch MiG-29 deliveries to Ukraine within days (Defense News) The Polish Air Force has between 11 and 19 MiG-29s in its fleet, according to the country's president.
Poland defies Putin with landmark decision to give Ukraine fighter jets (Atlantic Council) Poland is set to become the first Western nation to supply Ukraine with fighter jets, Polish President Andrzej Duda has confirmed. Duda said Ukraine would receive four Polish Soviet-era MiG-29 jets “in the next few days.”
Russia Wants a Long War (Foreign Affairs) The West needs to send Ukraine more arms, more quickly.
The Russia That Might Have Been (Foreign Affairs) Moscow squandered its power and influence.
UN-backed investigation accuses Russia of war crimes in Ukraine (Al Jazeera) Russia’s forced transfers of Ukrainian children in areas under its control amounts to a war crime, investigators say.
Ukraine demoted commander who gave interview about ill-trained troops (Washington Post) A Ukrainian battalion commander who gave an interview to The Washington Post describing how ill-trained troops were weakening Ukraine’s position on the battlefield quit his post this week, after his superiors demoted him because of his remarks, he said.
China's Xi to visit Putin amid Beijing's bolder global role (AP NEWS) Chinese President Xi Jinping plans to visit Russia from Monday to Wednesday, an apparent show of support for Russian President Vladimir Putin amid sharpening East-West tensions over the war in Ukraine and the latest sign of Beijing’s emboldened diplomatic ambitions.
Xi Jinping to visit Russia in show of support for Vladimir Putin (the Guardian) China says president will meet Russian leader next week with aim of deepening partnership
Russia’s friends are a motley—and shrinking—crew (The Economist) They are a coalition of the failing; the Soviet Remembrance Society; and a gang of opportunists
Opinion | The American Case for Supporting Ukraine (Wall Street Journal) The U.S. can back its allies and send a message to the Chinese, without sparking a wider war in Europe.
The Surprising Success of U.S. Military Aid to Ukraine (Foreign Affairs) Kyiv’s determination has improved Washington’s spotty track record.
Ukraine’s Cyber Defense Offers Lessons for Taiwan (Defense One) Washington should work with Taipei to stiffen the island's defenses against network attacks.
Poland says it foiled a Russian spy ring seeking to sabotage arms shipments to Ukraine. (New York Times) The sabotage, the Polish interior minister said, was planned “at the request of Russian intelligence” and “aimed at paralyzing the supply of equipment, weapons and aid to Ukraine.”
Russia-aligned ‘Winter Vivern’ hackers spotted targeting Ukraine, Europe, India (Record) The APT group known as Winter Vivern had been relatively quiet, according to researchers, but it launched a new cyber-espionage campaign earlier this year.
CVE-2023-23397: Exploitations in the Wild – What You Need to Know (Deep Instinct) On March 14, 2023, Microsoft released a security fix for an elevation-of-privilege vulnerability (CVE-2023-23397) in Microsoft Outlook. A specially crafted email can trigger the vulnerability automatically when it is retrieved and processed by the Outlook client. Such an email could lead to exploitation before the email is viewed in the Preview Pane, which allows an attacker to steal credential hashes by forcing the target’s devices to authenticate to an attacker-controlled server.
Outlook zero day linked to critical infrastructure attacks (Cybersecurity Dive) State-linked actors have targeted oil and gas, transportation and defense industries in Europe.
Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine (Computer Weekly) A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly.
Microsoft Pins Outlook Zero-Day Attacks on Russian Actor, Offers Detection Script (SecurityWeek) Microsoft’s is blaming a “Russian-based threat actor” for in-the-wild attacks hitting its flagship Microsoft Outlook
Russian hackers could be regrouping ahead of elections, Microsoft warns (NBC News) Microsoft's report came on the same day that a cybersecurity company said Russia had been able to exploit a previously unknown vulnerability in the Outlook email program.
Russian spies still threaten West despite Ukraine fiasco: Ex-intel chief (Newsweek) Mikk Marran, who headed Estonia's foreign intelligence service until last year, told Newsweek that Moscow's spies are still conducting foreign operations.
Major museums around the world are quietly recategorizing works from Russian to Ukrainian (CNN) The Metropolitan Museum of Art in New York is among several institutions quietly reclassifying some of its paintings. For one Ukrainian woman, these changes are a vindication.
Kazakhstan Impounds Russia’s Cosmodrome Assets at Baikonur (Defense Security Monitor) The government of Kazakhstan has impounded all assets belonging to Russia at the Baikonur Cosmodrome. What this translates to? Time will tell; however, the importance of Baikonur to Roscosmos and t…
Attacks, Threats, and Vulnerabilities
FBI, CISA, and MS-ISAC Release #StopRansomware: LockBit 3.0 | CISA (Cybersecurity and Infrastructure Security Agency CISA) The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0.
Chinese SilkLoader Malware Sold to Russian Cyber-Criminals (Infosecurity Magazine) Cobalt Strike beacon loader migrates across criminal ecosystems
Adobe Acrobat Sign abused to push Redline info-stealing malware (BleepingComputer) Cybercriminals are abusing Adobe Acrobat Sign, an online document signing service, to distribute info-stealing malware to unsuspecting users.
BianLian Ransomware Gang Continues to Evolve ([redacted]) The BianLian ransomware group continues to exhibit a high level of operational security and skill in network penetration. Read the research from [redacted].
BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion (Dark Reading) The ransomware group has already claimed 116 victim organizations so far on its site, and it continues to mature as a thriving cybercriminal business, researchers said.
Netskope Threat Coverage: BlackSnake Ransomware (Netskope) Summary BlackSnake is a ransomware-as-a-service (RaaS) group that first appeared in a hacking forum in August 2022, where the operators were seeking
Uncovering HinataBot: A Deep Dive into a Go-Based Threat (Akamai) Akamai researchers on the Security Intelligence Response Team (SIRT) have discovered a new Go-based, DDoS-focused botnet. The malware appears to have been named “Hinata” by the malware author after a character from the popular anime series, Naruto. We are calling it “HinataBot.”
Here's how Chinese spies exploited a critical Fortinet bug (Register) Looks to be the same baddies attacking VMware hypervisors last year
Fortinet zero-day attacks linked to suspected Chinese hackers (BleepingComputer) A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability (CVE-2022-41328) to deploy malware.
Microsoft OneNote File Being Leveraged by Phishing Campaigns to Spread Malware (Fortinet Blog) An in-depth analysis of a phishing campaign utilizing a Microsoft OneNote file. Learn about the contents of this malicious attack from how it executes, to evading detection, and fully controlling t…
Previously Undiscovered TeamTNT Payload Recently Surfaced (Cado Security) Cado Labs analyzes previously undiscovered TeamTNT malware sample following a high-profile and sophisticated cloud attack.
CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign (IT Security News) CrowdStrike researchers discovered the first-ever cryptocurrency mining campaign aimed at Dero mining since February 2023. CrowdStrike has discovered the first-ever Dero cryptojacking campaign aimed at Kubernetes infrastructure. Dero is a general-purpose, private, and decentralized application platform that allows developers to deploy powerful and unstoppable applications. It claims to offer improved privacy, anonymity and higher monetary rewards compared
Fresh Phish: Silicon Valley Bank Phishing Scams in High Gear (INKY) It's not surprising that bad actors are taking advantage of the collapse of Silicon Valley Bank and use it as a lure for phishing attacks. INKY discovered and caught the first scheme to steal Microsoft account credentials. Make sure you're not at risk.
Scammers target Cloudflare CEO with Silicon Valley Bank-themed spearphishing (CyberScoop) The collapse of the U.S. tech industry's bank of choice has prompted a massive amount of fraud attempting to capitalize on its downfall.
Kaspersky releases decryptor for ransomware based on Conti source code (Record) Cybersecurity firm Kaspersky on Thursday released a decryptor that could help victims who had their data locked down by a version of the Conti ransomware.
HC3 Shares Black Basta Ransomware Threat Intelligence Data (HIPAA Journal) The Health Sector Cybersecurity Coordination Center (HC3) has shared threat intelligence information about the Black Basta ransomware group to help The Health Sector Cybersecurity Coordination Center has shared threat intelligence information about the Black Basta ransomware group to help network defenders prevent and rapidly detect attacks in progress.
Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets (BleepingComputer) Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars.
The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity (WeLiveSecurity) ESET Research uncovers a campaign by APT group Tick against a data-loss prevention company in East Asia and find a previously unreported tool used by Tick
ESET Research: Tick cyberespionage group compromises data-loss prevention software developer in East Asia (EIN News) ESET researchers have uncovered a compromise of an East Asian data-loss prevention (DLP) company. During the intrusion, the attackers deployed at least three
Social InSecurity: Armorblox Stops Attack Impersonating Social Security Administration (Armorblox) In today’s Blox Tale, we will shine a light on a recent email attack that targeted a national educational institution, and attempts to prey on the trust and uncertainty that many end-users experience during tax season. This email attack bypassed Microsoft 365 email security and had the potential of compromising over 160,000 end users.
TikTok, a leakware installed on 2 billion mobile devices (Pradeo) The White House, the European Union, Canada and other countries in Europe have banned the use of the TikTok mobile app by their members and agencies.
DNSFilter: How to Block TikTok in a Single Click (And Why You Should) (DNS Filter) Thirty-two states in the United States have already banned the app on government devices due to security concerns. Here's how to block it with DNSFilter.
Your Car Could Be Spying on You. Good! (WIRED) Automakers are adding cameras and algorithms that monitor and nudge drivers to improve safety and ensure people supervise automated driving aids.
Latitude cyberattack leads to data theft at two service providers (BleepingComputer) Latitude Financial Services (Latitude) has published a notice on its website today informing that it has suffered a ransomware attack that resulted in the theft of some customer data.
Latitude Group, parent company of Genoapay and Gem, hit by cyber attack (Newshub) An Australian-listed company that operates in New Zealand has confirmed they've been the victim of an attack.
Hospital CEO Provides Update On Cyber Attack; Owrey Reports Medical Records Not Hacked (Maryland Coast Dispatch Newspaper) The investigation into the cyberattack at Atlantic General Hospital is wrapping up, according to hospital leadership. Don Owrey, president and CEO
Cyber attack prompts Lansing Community College to cancel classes (The Detroit News) Offiicals said classes and activities for Thursday and Friday are canceled in response to an \
Security Patches, Mitigations, and Software Updates
Google warns users to take action to protect against remotely exploitable flaws in popular Android phones (TechCrunch) The four vulnerabilities found in Samsung chips can be exploited to compromise Android devices "silently and remotely" over the cell network.
CISA Releases Eight Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency CISA) CISA released eight Industrial Control Systems (ICS) advisories on March 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Trends
Layoffs Fuel 35% Increase in Data Theft by Departing Employees, According to DTEX Systems 2023 Insider Risk Investigations Report (Business Wire) Investigation-driven Findings Identify Rise in IP and Data Theft Incidents, Major Spike in HR-driven Investigations & Spotlight Escalated Risk Among Departing Employees
Q1 2023 Digital Trust & Safety Index: Payment fraud data and insights from Sift’s global network (Sift Resources) Explore new payment fraud data and consumer insights in Sift's latest Digital Trust & Safety Index.
HP Wolf Security Threat Insights Report Q4 2022 (HP Wolf Security) Don’t let cyber threats get the best of you. Read the HP Wolf Security Threat Insights Report for Q4 2022 to learn more about cyber threats and cyber security.
What's Wrong with Manufacturing? (The Hacker News) Industry under fire: Manufacturing seems to be exceptionally impacted by cyberattacks. Why could that be? Is it the vulnerable machinery?
Marketplace
Fenix24 Secures Funding from Leading InsurTech Investor Eos Venture Partners (PR Newswire) Fenix24, an industry-leading cyber disaster recovery firm that is transforming the post-breach restoration process and impact, announced a $5...
ThreatLocker enters agreement to acquire assets of HyperQube and appoints Craig Stevenson to Leadership Team (GlobeNewswire News Room) ThreatLocker®, a pioneer in endpoint protection technologies, today announced that it has entered into...
Is cybersecurity recession-proof? (Security TechTarget) Is cybersecurity recession-proof? In an economic downturn, consider the field resilient but not invincible. Learn more from an independent expert.
Shards of Silicon Valley Bank Are for Sale, but No One Is Buying Yet (New York Times) Big rivals are thus far shying away from scooping up the bank’s assets.
Silicon Valley Bank rescue: A sigh of relief for tech business (Investment Week) Various triggers have been highlighted as contributing to the collapse of one of America’s top 20 largest banks - Silicon Valley Bank (SVB).
It’s not 2008: Keep calm as central banks carry on (Atlantic Council) This week's financial drama may look familiar, but the world's financial firefighters have been preparing for this moment for nearly fifteen years.
Camelot's Director of Homeland Security Programs, Dr. Wendy Hayes, Recognized as Part of the SIA's 2023 Women in Security Forum Power 100 (Yahoo Entertainment) "Being recognized as part of the Security Industry Association's 2023 Women in Security Forum Power 100 is a tremendous honor. It is a testament to our work at Camelot to advance diversity, inclusion, innovation, and leadership in the security industry. I am proud to be part of a team committed to developing a multidisciplinary perspective in cybersecurity," Dr. Hayes said.
Kordia Group hires former Vodafone NZ cyber leader as CISO (Reseller News) Kordia Group has appointed former Vodafone NZ security services manager Joshua Reedy as its new chief information security officer.
Products, Services, and Solutions
New infosec products of the week: March 17, 2023 (Help Net Security) The featured infosec products this week are from: Atakama, Elevate Security, Hornetsecurity, HYPR, and ReversingLabs.
Cloudflare Democratizes Post-Quantum Cryptography By Delivering It For Free, By Default (Cloudflare) Already powering more than 99% of all websites that support NIST standard track post-quantum cryptography today, Cloudflare aims to help defend online users against threats of advanced computing
Post-quantum crypto should be free, so we’re including it for free, forever (The Cloudflare Blog) Cloudflare makes the most advanced cryptography free for everyone, and it’s in beta today
Guild Education Chooses Salt Security for API Security (PR Newswire) Salt Security, the leading API security company, today announced that Guild Education, the leader in opportunity creation for America's...
Nuspire Introduces Managed Microsoft Defender Solution (PR Newswire) Nuspire, a leading managed security services provider (MSSP), has announced the launch of its Managed Microsoft Defender services for Endpoint,...
Hackuity Drives Security Prioritization by Partnering with Appurity (Hackuity) Hackuity, the risk-based vulnerability management company, today announced a new partnership with Appurity, a specialist in mobile and application security.
HYPR Leads the Passwordless Revolution with the Launch of Microsoft-Approved and Compatible Enterprise Passkeys (HYPR) HYPR announced its newest offering, Enterprise Passkeys for Microsoft Azure and integrated with Microsoft Entra.
Aware and Anyline Partner to Bring Full eKYC Technology to Leading Pakistani Bank (GlobeNewswire News Room) Anyline Integrates Knomi® into Customers’ Identity Verification Processes...
ngrok Expands Free Access to Security Features (GlobeNewswire News Room) ngrok simplifies security for developers by adding OAuth and webhook validation to its free plan...
DIGISTOR® Secure Data Storage Receives Common Criteria Certification, NIAP Listing (Business Wire) Certification includes all DIGISTOR FIPS-certified SSDs making them the first NIAP-listed PCIe/NVMe and SATA SSDs available at COTS-level pricing
HYPR Leads the Passwordless Revolution with the Launch of Microsoft-Approved and Compatible Enterprise Passkeys (HYPR) HYPR announced its newest offering, Enterprise Passkeys for Microsoft Azure and integrated with Microsoft Entra.
KnowBe4 Launches Phishing Security Resource Kit To Help Combat the Most Common Form of Social Engineering (KnowBe4) KnowBe4 Launches Phishing Security Resource Kit To Help Combat the Most Common Form of Social Engineering
Cisco, Telenor Re-Up Security, Multicloud, ESG Efforts (SDxCentral) Cisco and Telenor re-upped a long-standing agreement to develop cybersecurity, multicloud, and ESG services.
Palo Alto Networks announces AI-powered SASE solution (Technology Magazine) With an integrated Prisma SASE, organisations can harness the power of AI across networking and security to enable a great user experience
Quick Heal Becomes the 1st Indian Company to Collaborate With NIST-NCCoE’s Data Classification Project (ndianWeb2.com) Quick Heal, a global cyber security solutions provider, has been listed as the first and only Indian company to work as an official collaborator on th
Orange Cyberdefense launches new managed security services (Daily Host News) Orange Cyberdefense launches new managed security services - Managed Workspace Protection for Microsoft 365 Defender and Managed Threat Detection [xdr] for Microsoft 365 Defender.
Orange Cyberdefense collaborates with Microsoft to release two new managed services (IT PRO) New managed workspace protection and XDR offerings aim to help businesses “stay ahead of threats”
IBM Collaborates With Cohesity to Launch IBM Storage Defender Solution (StorageReview.com) IBM and Cohesity have collaborated on a solution that increases data security and resiliency…
etisalat by e& UAE and Cyberint Join Forces to Strengthen Cyber Security (PR Newswire) Cyberint, the leader in Impactful Intelligence and etisalat by e&, the brand representing the UAE telecoms pillar of e&, announced a joint...
Passwordless future: NordPass introduces a solution to store and manage passkeys (GlobeNewswire News Room) The password management company NordPass, created by the world’s leading VPN provider NordVPN, announced it...
Technologies, Techniques, and Standards
Global DNS Traffic Report Shows Public Resolvers Dominate the Internet (NS1) Analysis of 7.5 trillion DNS queries reveals timely insights about global network infrastructure
How International Acquisitions Can Become a Cybercrime Frontier (Nextgov.com) Public entities like the FBI and Department of Treasury are carefully monitoring international business transactions as potential backdoor threats to U.S. national security.
Meta Develops New Kill Chain Thesis (SecurityWeek) Meta developed a new cyber kill chain model that it thinks will be more inclusive and more effective than the existing kill chain models.
A zero-trust roadmap for cybersecurity in manufacturing — from a 98-year-old company (VentureBeat) Manufacturing is the most-attacked industry. How one manufacturer is modernizing its cybersecurity with a zero-trust approach
Cyber attribution: Vigilance or distraction? - Help Net Security (Help Net Security) Cyber attribution is a process by which analysts collect evidence, build timelines and piece together evidence in the wake of a cyberattack.
Leveraging Behavioral Analysis to Catch Living-Off-the-Land Attacks (Dark Reading) Attackers are increasingly staying under the radar by using your own tools against you. Only behavioral AI can catch these stealthy attacks.
Design and Innovation
Opensource OS Approach Self-Detects Attacks & Self-Restores in Seconds (RSA Conference 2023) An opensource multi-node OS approach built on a DBMS foundation replaces Linux, Kubernetes and many security add-ons.
U.S. Copyright Office says some AI-assisted works may be copyrighted (Reuters) The U.S. Copyright Office issued new guidance on Wednesday to clarify when artistic works created with the help of artificial intelligence are copyright eligible.
The “can my parents use this thing right now” test (Garbage Day) Read to the end for a good Twitter reply
Chinese tech giant Baidu just released its answer to ChatGPT (MIT Technology Review) The CEO said Ernie Bot isn’t perfect, but that it will “impact every single company.”
OpenAI checked to see whether GPT-4 could take over the world (Ars Technica) "ARC's evaluation has much lower probability of leading to an AI takeover than the deployment itself."
OpenAI co-founder on company’s past approach to openly sharing research: “We were wrong” (The Verge) Should AI research be open or closed? Experts disagree.
Sophos Demonstrates How to Make ChatGPT a Cybersecurity Co-Pilot (Investors Observer) Sophos Demonstrates How to Make ChatGPT a Cybersecurity Co-Pilot
How ChatGPT is changing the cybersecurity game (Help Net Security) The security community needs to consider not only the potential risks but also the cybersecurity opportunities that come with ChatGPT.
Academia
ESET Announces Eighth Annual Women in Cybersecurity Scholarship in North America (ESET) Continuing to embrace equity in the industry, ESET is offering four scholarships to North American women studying in STEM fields
Legislation, Policy, and Regulation
White paper shows China's achievement in law-based cyberspace governance (Global Times) China on Thursday released a white paper on its cyberspace rule of law, elaborating on the
The UK and New Zealand banned TikTok from government phones (Quartz) The countries are the latest to block the Chinese-owned app from official devices following similar bans in the US and Europe
TikTok Sale Likely to Be Rejected by China (The Information) The Chinese government is likely to oppose any attempt by the Biden administration to force TikTok’s Chinese shareholders to sell their stakes in the hugely popular app, said China-based lawyers and investors, setting the stage for a protracted standoff between Beijing and Washington over the ...
TikTok says US threatens ban if Chinese owners don't sell stakes (Reuters) The Biden administration has demanded that TikTok's Chinese owners divest their stakes in the popular video app or face a possible U.S. ban, the company told Reuters on Wednesday.
Biden admin mulling nationwide TikTok ban if Chinese parent company doesn't divest (CBS News) "If protecting national security is the objective, divestment doesn't solve the problem," a TikTok spokesperson told CBS News in a statement.
Senator Warner Wants US Spies to Justify a TikTok Ban (WIRED) WIRED spoke with the coauthor of the Restrict Act, a bipartisan bill to crack down on tech from six “hostile” countries.
Cyber pros plead for help from Biden admin, say feds withholding intel on digital attackers (The Washington Times) Cybersecurity professionals on Thursday called on the Biden administration to help defend health care systems from foreign attackers and said they fear the federal government is withholding actionable intelligence.
White House Tech Council Launches Cyber-Physical Resilience Working Group (Nextgov.com) The President’s Council of Advisors on Science and Technology aims to use the initiative to improve resilience within the nation’s digital networks.
Litigation, Investigation, and Law Enforcement
Officials notify Trump allies whose Social Security numbers were posted online (Washington Post) The federal government is notifying some visitors to the White House during the Trump administration that their Social Security numbers were published on a government website.
FTC Issues Orders to Social Media and Video Streaming Platforms Regarding Efforts to Address Surge in Advertising for Fraudulent Products and Scams (Federal Trade Commission) With fraud on social media surging, the Federal Trade Commission has issued orders to eight social media and video streaming platforms seeking information on how these
U.S. FTC asks social media, video streaming firms info on misleading ads (Reuters) The U.S. Federal Trade Commission (FTC) on Thursday issued orders to eight social media and video streaming firms including Meta Platforms Inc , Twitter, TikTok and YouTube seeking information on how the platforms screen for misleading advertisements.
Senators call on CISA to examine cybersecurity risks of Chinese consumer drones (Record) A bipartisan group of senators asked the Cybersecurity and Infrastructure Security Agency (CISA) to examine consumer drones made by a company with “deep ties” to the Chinese Communist Party.
Amazon sued for not telling New York store customers about facial recognition (NBC News) Thanks to a 2021 law, New York is the only major American city to require businesses to post signs letting customers know they’re tracking biometric information.
Federal judge dismisses phone hacking case of Saudi human rights activist (Courthouse News) While Saudi activist Loujain al-Hathloul may not have personal jurisdiction to sue DarkMatter, a federal judge on Thursday gave her 14 days to amend her complaint to prove otherwise.
Wawa to pay up to $28.5M in data breach settlement (Cybersecurity Dive) The chain’s latest payout will go to the financial institutions involved in the 2019 incident, continuing a series of payments it has made to customers and states over the past year.