The CyberWire Daily Briefing 1.22.19

Cyber Attacks, Threats, and Vulnerabilities

Europe’s most hackable election (POLITICO) The EU faces hackers, trolls and foreign agents as it gears up for a vote in May.

Facebook, Germany to Collaborate Against Election Interference (Wall Street Journal) Facebook operating chief Sheryl Sandberg said the company will work with the German ministry for information security to guide policy throughout Europe on election interference.

Washington fears new threat from 'deepfake' videos (TheHill) Lawmakers and experts are sounding the alarm about "deepfakes," forged videos that look remarkably real, warning that they are growing increasingly easy to create and harder to detect.

Analysis | The Cybersecurity 202: How does a country spy on its citizens? A cybersecurity company got an inside look (Washington Post) Government surveillance is getting more accessible.

SSDP amplification attacks rose 639% (Help Net Security) The Nexusguard Q3 2018 Threat Report has revealed the emergence of an extremely stealthy DDoS attack pattern targeting communications service providers

New tricks with old methods (Nexusguard) In Q4 2018, 50% more ASNs suffered from a new type of stealthy network attacks carried out in a piecemeal fashion.

Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution (Help Net Security) A Marvell Avastar Wi-Fi vulnerability can be exploited to compromise devices without user interaction, Embedi researcher Denis Selianin has found.

Google Play malware used phones’ motion sensors to conceal itself (Ars Technica) To elude emulators, banking trojan would trigger only when infected devices moved.

Fallout Exploit Kit: A deep dive into the exploit kit’s campaigns distributing various malware strains (Cyware) Fallout exploit kit was first spotted in a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and more. Later, the exploit kit was spotted distributing GandCrab ransomware, SAVEfiles ransomware, Kraken Cryptor ransomware, DanaBot trojan, Nocturnal malware, GlobeImposter ransomware, AZORult variants, Vidar malware, and more.

Qealler — The Silent Java Credential Thief (Security Boulevard) Qealler is a new type of malware that CyberArk Labs recently detected in a spam campaign targeting corporate mailboxes in the UK. At first sight, it looks to be a simple, harmless file that can...

Researchers analyze DDoS attacks as coordinated gang activities (Help Net Security) In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related

Former Employee Hacks Popular WordPress Plugin’s Website (SecurityWeek) The website for a popular WordPress plugin was hacked over the weekend, when a former employee abused a previously implemented backdoor to take over the domain.

WPML.org Site Back to Normal After an Attack During the Weekend - WPML (WPML) Our site got hacked during the weekend, causing loss of client data. We just finished rebuilding the site and it's back to working state. Many of our

DarkHydrus APT Uses Google Drive to Send Commands to RogueRobin Trojan (BleepingComputer) New malicious campaigns attributed to DarkHydrus APT group show the adversary's use of a new variant of the RogueRobin Trojan and of Google Drive as an alternative command and control (C2) communication channel.

Check Point Forensic Files: GandCrab Returns with Friends (Trojans) (Check Point Software Blog) SandBlast Agent’s Behavioral Guard robust detection engine is capable of adapting to a malware’s evolution over time. It is also sufficiently robust to handle the prevention of several malware variants simultaneously.

Websites Can Exploit Browser Extensions to Steal User Data (SecurityWeek) Web applications can exploit browser extensions to access privileged capabilities and steal sensitive user information, including credentials, a researcher has discovered.

Flaws in Omron HMI Product Exploitable via Malicious Project Files (SecurityWeek) Omron’s CX-Supervisor HMI/SCADA designer is affected by several vulnerabilities that can be exploited for DoS attacks and remote code execution using specially crafted project files.

Hackers Wield Commoditized Tools to Pop West African Banks (BankInfo Security) Banks in West Africa have been targeted by at least four hacking campaigns since mid-2017, with online attackers wielding commoditized attack tools and "living

Symantec Spots Cyberattacks in West Africa (PYMNTS.com) Hackers are targeting financial firms in the Ivory Coast, Cameroon, Congo, Ghana and Equatorial Guinea, using commodity malware and living off the land tools, reported Symantec, the cybersecurity company, in a new blog post. According to the company’s Thursday (Jan. 17) blog post, banks and other financial firms in a number of West African countries have been […]

Hackers Actively Scanning for ThinkPHP Vulnerability, Akamai Says (TechBizWeb) Have you been attacked? Digitpol the global investigation firm can help you, visit Digitpol’s website to learn more. There is widespread scanning for a recently disclosed remote code execution vulnerability in the ThinkPHP framework, Akamai reveals. ThinkPHP, a web framework by TopThink, is a Chinese-made PHP framework used by a large number of web developers …

ThinkPHP Exploit Actively Exploited in the Wild (Akamai) While investigating the recent Magecart card skimming attacks, I came across a payload I was not familiar with. Further research into it lead me to discover that in December a researcher disclosed a remote command execution vulnerability in ThinkPHP, a...

Fake outstanding payment delivers Formbook and an unknown malware at same time (My Online Security) A slightly unusual malware campaign this morning. The email is nothing special and spoofs a Maltese Shipping company ( it is highly probable that multiple other companies will also be spoofed with…

Twitter bug exposed some Android private tweets to public view (Naked Security) The latest privacy glitch, which went unnoticed for over four years, may trigger yet another EU privacy probe.

There's Much More To Collection 1 Than 772 Million Leaked Records (Forbes) As scary as Collection 1 isn't the only mammoth stash of credentials floating around.

Attackers used a LinkedIn job ad and Skype call to breach bank’s defences (Naked Security) A Chilean Senator has taken to Twitter with alarming news – the company running the country’s ATM network suffered a serious cyberattack.

Youth-run agency AIESEC exposed over 4 million intern applications (TechCrunch) AIESEC, a non-profit that bills itself as the “world’s largest youth-run organization,” exposed more than four million intern applications with personal and sensitive information on a server without a password. Bob Diachenko, an independent security researcher, found an unprotecte…

Zero day virus closes North Bay's cancer clinic this week (North Bay Nugget) North Bay Regional Health Centre’s satellite chemotherapy clinic was closed for three days this week because of a so-called zero day virus in the computer systems at Health Sciences North in Sudbur…

Hospital computer systems in northeast step closer to normal (Sudbury Star) Things are starting to return to normal after a virus got into the computer system at Health Sciences North — along with 23 other hospitals across the northeast -Wednesday morning.“This…

'Faster Payments' glitch affecting Lloyds, Halifax and Bank of Scotland (Computing) No-so-Faster Payments borkage hits Lloyds Banking Group,Software ,Halifax,Lloyds Bank,Bank of Scotland,

Fees phishing scam targets schools (BBC News) Parents at Newcastle's Royal Grammar School were sent fraudulent emails offering reduced fees.

Vandal severs Telstra services in Lismore (CRN Australia) Crews work to restore vandalised cables.

Security Patches, Mitigations, and Software Updates

Temporary fix available for one of the two Windows zero-days released in December (ZDNet) Microsoft did not issue official fixes during the recent January Patch Tuesday update window.

Microsoft sets death date for Windows 10 Mobile (CRN Australia) "We recommend that customers move to a supported Android or iOS device."

SUSE-SU-2019:0130-1 | SUSE (SUSE Security Update) Security update for wireshark

Malwarebytes Fixes Windows 7 Freeze Problem in New Update (BleepingComputer) Malwarebytes released an update today for the component package that fixes the problem with Windows 7 stations freezing. The problem manifests on systems with the Web Protection feature enabled in the security solution.

Cyber Trends

A blitzkrieg reborn: Weaponizing cyberspace (Capitol Weekly) Whether the president colluded with Russia, was blackmailed or merely is a dupe, evidence points to Russian interference in the 2016 presidential election.

Social media as an instrument of combat (Business Statdard) The Age of Information that set in with the success of IT revolution some three decades ago pushed the world economy and cross-border human interactions up in a transformational manner and established globalisation as a new reality.

2019 S4 Conference – Observations and Challenges Especially for Engineering (Control Global) Addressing the field device level requires engineering expertise and is what makes control system cyber security different than IT/OT cyber security. Automation/process/relay engineers, field instrument/relay technicians, etc. are not OT but Engineering whereas OT is the network engineers and network technicians. Consequently, the real culture gap is between Engineering and IT/OT.

For Industrial Robots, Hacking Risks Are On the Rise (Wall Street Journal) 5G promises to make factories a lot smarter. And that means they’ll be a lot more vulnerable.

Cyberspace becoming more complex (Telangana Today) Cyber security experts say vulnerabilities are growing and mechanisms to counter are the need of the hour.

Serious Security: What 2000 years of cryptography can teach us (Naked Security) Here’s a fascinating history of cryptography that has plenty to teach you – and you don’t need a degree in mathematics to follow along!

Cybercrime could cost companies trillions over the next five years (Help Net Security) Companies globally could incur $5.2 trillion in additional costs and lost revenue over the next five years due to cyberattacks.

Hey, guess what; IoT security still sucks, finds Gemalto and Trend Micro (Rethink) This horse has been beaten past death so much that it’s well on its way to ending up in a dodgy lasagne microwave dinner, but it is still disappointing to see that IoT security capabilities shows no real sign of improvement in the short-term. Two studies, from Gemalto and Trend Micro, illustrate the scale of the problem...

CIO role: Should a CIO manipulate information? (SearchCIO) The Wall Street Journal's report on the CIO of Liberty University using his private company to manipulate data raises interesting questions about the CIO role and personal behavior.

Tidying Up When We Have No Control over Our Digital Lives (WIRED) Never-ending notifications. Pull-to-refresh rewards. There's no escape from surveillance capitalism.

Turn Off Your Push Notifications. All of Them (WIRED) RIP my mentions.

Most Aussie orgs can't detect an IoT breach (Technology Decisions) Nearly two-thirds of Australian organisations are unable to detect when an IoT device has suffered a security breach, according to Gemalto.

Is the Ten Year Challenge a Facebook scam??? (Naked Security) Get a grip.

ERP Maestro's Survey Examines American Beliefs and Behaviors Towards Cybercrime (PR Newswire) ERP Maestro, provider of automated and cloud-based controls for access, security and GRC, today releases The...

Marketplace

In dangerous times, cyber insurance comes of age (Raconteur) Once considered exotic and complex, cyber insurance is now an essential tool for large companies seeking to manage risk

Huawei kicks off unprecedented media blitz (CRN Australia) Low-key founder fronts international media as security fears grow.

Huawei follows laws wherever it operates, founder insists (Nikkei Asian Review) 'We would refuse' to harm clients by handing over data, Ren Zhengei says as more products banned

Huawei's CEO threatens to axe 'mediocre' staff after global security worries (Business Insider) Ren Zhengfei warned that the days of Huawei's explosive growth might be over.

Huawei founder confident the West will eventually buy its 5G products (South China Morning Post) In his first ever TV interview, Ren Zhengfei said Huawei’s wireless and 5G solutions are world class and will solve issues many Western countries face in 5G

The Public Face of Huawei’s Global Fight (Wall Street Journal) Meng Wanzhou, Huawei’s finance chief and daughter of its founder, helped lead the company’s effort to improve its image. With her arrest, she’s caught up in one of the probes ensnaring the company around the world.

Why Silicon Valley’s “growth at any cost” is the new “unsafe at any speed” (Ars Technica) Video: For years, Ashkan Soltani has warned of Facebook's privacy-eroding tendencies.

Opinion | Happy 18th birthday, Wikipedia. Let’s celebrate the Internet’s good grown-up. (Washington Post) On Wikipedia, truth matters more than self-expression.

Fortinet's Progress Is Real, But It Seems Largely Priced In (Seeking Alpha) The company has made considerable progress, especially with its Fabric platform which is an attractive proposition for enterprise customers. While the company h

Trend Micro's ZDI Looks to Acquire More Vulnerabilities in 2019 (eWEEK) Trend Micro's Zero Day Initiative (ZDI) published 1,444 security advisories in 2018, with issues in PDF technologies leading the way.

Microsoft launches Azure DevOps bug bounty program (Help Net Security) Microsoft has launched yet another bug bounty program and is urging security researchers to look into the security of Azure DevOps.

Ericom Software Snags Ex-Symantec Exec David Canellos For CEO Role (CRN) New Ericom Software CEO David Canellos plans to focus on boosting cross-selling the company's entire portfolio and pursuing integrations with other security technologies.

Exclusive: Local cyber firm beefs up exec team with veteran hires (Washington Business Journal) [Atomicorp's] new leaders have some serious resumes coming into the company.

Products, Services, and Solutions

PrinterLogic's 18.3 Release Brings Added Security, Ease of Use (PrinterLogic) Version 18.3 of PrinterLogic brings several highly requested security and mobile features, including CAC/PIV authentication, FIPS certification and app-based print release.

Welcome to a New ERA™ - The First Auto-Generated Security Agent for IoT Devices (VDOO) Read about the new VDOO product - ERA™ - The First Auto-Generated Security Agent for IoT Devices

WhiteHat Security Launches New ‘Essentials’ Product Line for High-speed, Fully-automated Security Testing with Comprehensive Code Coverage (BusinessWire) WhiteHat Security, the leading application security provider committed to securing digital business, today announced the general availability (GA) of

NSA preps public release of powerful cybersecurity tool (Washington Examiner) The National Security Agency is preparing to release to the public a powerful cybersecurity tool used within the spy agency to analyze computer viruses, winning outside praise and helping rehabilitate the agency’s reputation after years of controversy.

Emsisoft Browser Security Protects You from Malicious Sites (BleepingComputer) For those looking for extra protection while browsing the web, Emsisoft has a released a browser extension that will block you from interacting with known phishing, malware, or scam sites.

ANSecurity And Gemalto Help Trustology Deliver Blockchain Technology To Secure Digital Assets (Security Informed) ANSecurity, a specialist in advanced network and data security, has announced a successful project with Gemalto to help Trustology deliver innovative Blockchain technology used to secure digital...

Credit Bureau Connection Announces New Synthetic Identity Fraud Prevention Solution (PR Newswire) Credit Bureau Connection (CBC), the industry leader of credit reports, compliance solutions, alternative credit...

How to tackle phishing with machine learning (TechRepublic) Learn how one company is capitalizing on machine learning to address phishing problems.

Verizon customers get spam and robocalling protection for free (Notebookcheck) Although some customers received protection from spam and robocalling in the past, now Verizon is ready to provide these useful security features to all its customers. These two treats will be offered for free starting in March, revealed Joe Russo, senior vice president of network operations for Verizon.

Kaspersky CyberTrace – A Free Threat Intelligence Tool to Identify What Threats Pose A Danger (CIOL) With the number of available threat intelligence sources continuing to grow, a third of CISOs feel under pressure as they cannot consume cybercrime intelligence easily or effectively. To help large

Peek-a-boo! CAST helps you look inside software to find what might kill your business (diginomica) CAST Software has been stopping some of the more edgy, extravagant applications developments from being freely used in business without serious inspection and evaluation, an important task.

Technologies, Techniques, and Standards

Is cyber security evolving to meet NIS requirement in the utility sector? (Information Age) Daniel Lewis, CEO of Awen Collective, explains why utility companies need to evolve their cyber security to meet the NIS directive

Shadow IT, IaaS & the Security Imperative (Dark Reading) Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.

How to avoid becoming the next victim of a Magecart attack (www.SecurityInfoWatch.com) Make sure your web servers and the software running on them have the latest security updates

Huawei vs US: why trade secrets need to be carefully managed (Computing) Trade secrets don't enjoy the same legal protection as patents, warns Withers & Rogers patent attorney John-Paul Rooney. So how should they be protected?

Beware the man in the cloud: How to protect against a new breed of cyberattack (Help Net Security) To gain access to cloud accounts, a MitC attack takes advantage of the OAuth synchronisation token system used by cloud applications.

How to remove Oxar OXR ransomware (Virus Removal Guide) (MalwareTips Guides) If your documents are encrypted with a OXR extension, then your PC is infected with the Oxar ransomware. Oxar is a file-encrypting ransomware, which encrypts the personal documents found on victim’s computer (extensions: .OXR, .FDP, .PEDO or .ULOZ), then displays a message which offers to decrypt the data if a payment in Bitcoin is made. …

Machine learning trumps AI for security analysts (Help Net Security) Machine learning is an algorithm that gives the software applications it is applied to the ability to autonomously learn from its own environment.

Deloitte: Natural Language Processing Key to Utilize Unstructured Gov’t Data - GovCon Wire (GovCon Wire) A Deloitte report has urged agencies to explore artificial int

How more women on cybersecurity teams can create advantages (Fifth Domain) Industry leaders say a gender gap in the cybersecurity sector could represent an unaddressed tactical disadvantage for government and businesses alike.

Agents of disruption: Four testing topics argue the case for agentless security (Help Net Security) Let me introduce myself. I’m a set of flaws in your otherwise perfect, agent-based security world. Like all disruptive agents, I derail your best-laid

Shodan Safari, where hackers heckle the worst devices put on the internet (TechCrunch) If you leave something on the internet long enough, someone will hack it. The reality is that many device manufacturers make it far too easy by using default passwords that are widely documented, allowing anyone to log in as “admin” and snoop around. Often, there’s no password at …

Design and Innovation

Securing the Digital Economy: Reinventing the Internet for Trust (Accenture Strategy) When a person creates an online account, makes a purchase from a website or downloads an app, it’s not just the exchange of data, goods or services taking place. It’s a transaction in the ultimate currency: trust. Today, there is a real risk that trust in the digital economy is eroding.

Research and Development

IBM unveils quantum computing system (Gasworld) More than 50 years of advances in mathematics, materials science and computer science have transformed quantum computing from theory to reality.

PlatON Partners With Top University Researchers on Cryptography (AP NEWS) PlatON, a pioneering global privacy-preserving computing network, has announced a partnership with top university professors in the US as part of an effort to strengthen its cybersecurity and cryptography research, specifically in the area of designing and building protocols for secure multi-party computation (MPC).

Academia

Oxford University’s chancellor warns of national security risks when academics collaborate with China (The Telegraph) Oxford University’s chancellor has warned of national security risks when academics collaborate with China.

Universities cyber attack each other to test defences (UKAuthority) Twenty UK universities have signed up to take part in a cyber attack exercise that aims to expose weak spots in their systems that could be exploited by illegal hackers.

Iowa State adopts new cybersecurity system to protect campus community (The Ames Tribune) Iowa State University recently adopted a new identity and access management security platform, which resulted in a decrease in compromised student and

Legislation, Policy and Regulation

Canada dismisses Chinese threats over potential 5G network ban for Huawen (Computing) China had warned of 'repercussions' should Canada bar Huawei from the country's 5G networks,

For the security of Canadians, Huawei should be banned from our 5G networks (The Globe and Mail) China is willing to take extreme measures for its national interests; we must do the same

France considers bill amendment to target Huawei: Les Echos (Reuters) France is considering introducing a bill amendment to empower its security and d...

Future Wars Will Be Fought In Cyber Domain, Says Army Chief (NDTV.com) Army Chief General Bipin Rawat today said there is a need to focus on incorporating Artificial Intelligence (AI) and big data computing into the Armed forces' system, saying the northern adversary of the country (China) is spending "huge money" on this technology.

EU Copyright Directive compromise rejected by 11 countries (Computing) Copyright Directive and accompanying regulation unlikely to be passed before May's European elections,

CPJ joins letter expressing concern about proposed cyberspace law in Venezuela (CPJ) The Committee to Protect Journalists joined more than 30 regional and international rights organizations expressing concern about a proposed law in Venezuela that would expand the powers of the government to control and monitor internet use without institutional checks....

India’s Plan to Curb Hate Speech Could Mean More Censorship (WIRED) India's government has proposed rules that would require encrypted messaging services like WhatsApp to decrypt data, threatening the security of users globally.

Ontario electric utilities to report soon on their on cyber security maturity (IT World Canada) The federal and provincial governments have been urging critical sectors of the economy to toughen their cybersecurity defences for at

Four cybersecurity priorities for Congress to confront active threats (TheHill) Every individual who uses a phone or laptop to perform a function of their job is part of the cyber workforce.

Can State’s New Cyber Bureau Hack It? (Foreign Policy) The U.S. State Department is working to stand up a new cybersecurity bureau, but it's hobbled by debates with lawmakers on its purpose and mandate.

Impact of U.S. Government Shutdown on Cybersecurity: Feedback Friday (SecurityWeek) Cybersecurity professionals comment on the impact of the U.S. government shutdown, which is the longest in U.S. history, nearing one month.

The shutdown is breaking government websites, one by one (Washington Post) Over 130 Web security certificates belonging to federal agencies have now expired, making it harder to access online services, researchers say.

Marco Rubio Proposes New Federal Data Privacy Bill (SecurityWeek) Republican Senator Marco Rubio has introduced a bill called the "American Data Dissemination Act" which is designed to provide privacy legislation for the entire nation.

Natl' Guard cyber units protect country's interests, still face training issues (Federal News Network) National Guard cyber teams are helping with police networks, elections and national missions.

Analysis | The Cybersecurity 202: What do Kamala Harris, Elizabeth Warren and Kirsten Gillibrand have in common? Cybersecurity chops (Washington Post) All three Democratic candidates have pushed for major reforms.

This is how Sunderland City Council is looking to stop a rise in cyber attacks (Chronicle) In the past six months, Sunderland City Council has seen a rise cyber attacks

Litigation, Investigation, and Enforcement

American charged by Russia with espionage was handed classified material, lawyer says (Washington Post) Paul Whelan, 48, was given a flash drive containing secret information during a visit to Moscow in December.

Phishing Attack Allegedly Targeted US DNC After 2018 Midterms (BleepingComputer) According to documents added to an amended complaint filed on January 17, the Democratic National Committee says that it was allegedly targeted by a Russian intelligence-coordinated phishing attack just a few days after the 2018 midterms.

Google Fined $57 Million in Biggest Penalty Yet Under New European Law (Wall Street Journal) Google was fined $57 million by a French regulator—the biggest penalty levied yet under a new European privacy law—alleging the search-engine giant didn’t go far enough to get valid user consent to gather data for targeted advertising.

Industry reactions to Google's €50 million GDPR violation fine (Help Net Security) On 21 January 2019, the CNIL imposed a financial penalty of €50 million against Google, in accordance with the General Data Protection Regulation.

Google’s €50m GDPR Fine Heralds a New Era (Infosecurity Magazine) French regulator punishes firm for lack of transparency, valid consent and adequate info

Report: Facebook's Privacy Lapses May Result in Record Fine (SecurityWeek) Facebook may be facing the biggest fine ever imposed by the U.S. Federal Trade Commission for privacy violations that breached a commitment to protect the personal information of its social network’s 2.2 billion users.

Russia Accuses Facebook, Twitter of Failing to Comply With Data Laws (Wall Street Journal) Russia launched administrative action against Facebook and Twitter for failing to comply with its data laws, days after Facebook removed the accounts of what it said were two Russia-based misinformation campaigns.

Inside the Mueller team’s decision to dispute BuzzFeed’s explosive story on Trump and Cohen (Washington Post) The special counsel's office did not realize the extent of what the story would allege before it was published.

US to formally seek extradition of Huawei exec Meng Wanzhou: Report (CNBC) Canada's ambassador to the United States David MacNaughton, in an interview, did not say when the formal extradition request will be made but the deadline for filing it is Jan. 30, according to the Globe and Mail.

Huawei executive arrested in Poland says spying allegations ‘groundless’ (Global News) The case comes as a range of Western countries have either taken steps or said they are considering measures to limit access of Huawei to their markets.

Bulgaria Extradites Russian Hacker to US: Embassy (SecurityWeek) Bulgaria has extradited Alexander Zhukov indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday.

DEMOCRATIC NATIONAL COMMITTEE, Plaintiff, v. THE RUSSIAN FEDERATION... (UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF NEW YORK) Plaintiff the Democratic National Committee (“DNC”) brings this Complaint against The Russian Federation (“Russia”); Aras Iskenerovich Agalarov (“Aras Agalarov”); Emin Araz Agalarov (“Emin Agalarov”); Joseph Mifsud (“Mifsud”); WikiLeaks; Julian Assange (“Assange”); Donald J. Trump for President, Inc. (“the Trump Campaign”); Donald J. Trump, Jr. (“Trump, Jr.”); Paul J. Manafort; Jr. (“Manafort”); Roger J. Stone, Jr. (“Stone”); Jared C. Kushner (“Kushner”); George Papadapoulos (“Papadapoulos”); and Richard W. Gates, III (“Gates”); and alleges as follows:

DNC: Russian Hackers Attacked Us Again After Midterm Elections (SecurityWeek) The US Democratic National Committee (DNC) says it was again targeted by Russian hackers shortly after last year’s midterm elections.

DNC Claims Russian Hackers Targeted Staffers After Midterms (Infosecurity Magazine) Civil case against alleged Kremlin/Trump conspiracy updated with new revelations

DNC alleges it was targeted in phishing attack after midterms (ABC News) The DNC's latest complaint is part of an ongoing lawsuit.

DNC says it was targeted by cyber attack days after 2018 miderms: court docs (New York Post) The Democratic National Committee was targeted by a cyber attack days after the 2018 midterm elections, the political organization reportedly revealed in a court documents filed Thursday night...

PN mum on "theft" of Delia’s passwords (Newsbook) A spokesperson for the Partit Nazzjonalista did not answer questions by Newsbook.com.mt about whether it is true that several passwords of party leader Dr Adrian Delia were stolen and whether Delia had reported the matter to the police.

What Mueller's extraordinarily unprecedented move to dispute BuzzFeed's story on the record tells us (SFGate) Experts are flummoxed by a statement the special counsel Robert Mueller put out disputing a BuzzFeed News report that indicated President Donald Trump told Michael Cohen to lie to Congress about the proposed Trump Tower Moscow deal.

Senator Wyden Hammers T-Mobile For Empty Promises on Sale of Cell Phone Location Data (Motherboard) The Senator expressed “disappointment” and “disbelief” at CEO John Legere’s unfulfilled promise to end the sale of geolocation data to “shady middlemen.”

Odisha Police building capacity to tackle cyber crime (Odisha TV) From hacking air traffic systems to stealing data from cellphones, there has been a significant rise in the number of cyber crimes posing a serious challenge for the Odisha Police. During the 61st Senior Police Officers' Conference in Bhubaneswar today, several sessions were organised to discuss and prepare strategies to tackle the challenges posed by cyber crime.

Football leaks suspected hacker hires Edward Snowden's lawyer (Mail Online) Suspected computer hacker Rui Pinto, who has been linked to the Football Leaks scandal is being represented by Edward Snowden's lawyer William Bourdon following his arrest in Hungary.

Arrested Portuguese hacker is Football Leaks 'whistleblower': lawyers (Reuters) A Portuguese man arrested in Hungary on suspicion of extortion and secrecy viola...

Employee’s firing prompts Baltimore IT security review (Washington Times) A Baltimore employee was found with hacking tools on his city computer, prompting the mayor to order a security review.

Former Baltimore city IT worker who was target of investigation loses job with Baltimore County schools (Baltimore Sun) A former Baltimore public works IT staffer who was found to have hacking tools on his city-issued computer and backdoor access to the department director's computer says he's lost his new job working for the Baltimore County Public School system.

Election vulnerabilities. CNIL fines Google over lack of transparency. Facebook, Twitter regulatory issues. Spy-charge update.