Las Vegas: the latest from Black Hat 2019 (with some BSides and Def Con)
Black Hat USA 2019 Cybersecurity Conference: Day 2 News (MSSP Alert) Black Hat USA 2019 conference news spans MSSPs, Arctic Wolf Networks, AT&T Cybersecurity, BlackBerry, CrowdStrike, DFLabs, Digital Guardian, enSilo, Jask, Ping Identity, Proficio, Qualys, Secureworks & more.
APT41: A Dual Espionage and Cyber Crime Operation « APT41: A Dual Espionage and Cyber Crime Operation (FireEye) APT41 is a prolific Chinese cyber threat group that carries out state-sponsored espionage activity.
Chinese State Hackers Attack Video Games And Cryptocurrencies For ‘After Hours’ Personal Gain: Report (Forbes) The latest report into China's state hackers has a nasty twist. Those same hackers have been abusing the tools of their espionage trade for significant financial gain.
Chinese cyber spies are stealing money from video game firms on the side (ZDNet) Researchers at FireEye say contractors working for the state-sponsored APT41 group are still targeting video games companies outside of work.
APT41 Is Not Your Usual Chinese Hacker Group (PCMAG) APT41 is 'highly agile and persistent,' FireEye says. In one instance, the group deployed over 150 unique pieces of malware in a year-long campaign against a single target.
Meet APT41, the Chinese hackers moonlighting for personal gain (CyberScoop) In a first for China-based group, FireEye said, the hackers are using malware typically reserved for spying for personal gain.
Black Unicorn Awards – Winners (Cyber Defense Awards) Of the 100 accepted nominations, only 50 made the cut. Of those 50, 20 are notable mentions which we will continue to watch as they operate their businesses. Of those 50, 30 made the cut as finalists. Of these 30 finalists, 10 winners are currently being selected by Judges Robert Herjavec, David DeWalt and Gary Miliefsky, 3 industry experts.
Black Unicorn Report (Cyber Defense Magazine) Predictions of Cybersecurity companies with current and future potential to reach a $1B valuation
Mimecast Rejected Over 67 Billion Emails. Here's What It Learned (Dark Reading) New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.
Mimecast Threat Intelligence Report: Black Hat Edition (Mimecast Threat Center) The Mimecast Threat Intelligence Report: Black Hat Edition capitalizes on research conducted by the Mimecast Threat Center alongside Mimecast engineers with the objective of enhancing our email and web security services.
Mimecast introduced community based tailored threat intelligence tool at Black Hat 2019 (Packt Hub) Yesterday, at Black Hat 2019, Mimecast Limited, a leading email and data security company, introduced Mimecast Threat Intelligence which offers a deeper
VMRay Announces Partnership With SentinelOne to Combat Evasive Malware (Yahoo) VMRay, a provider of automated malware detection and analysis solutions, today announced a new partnership with SentinelOne, the autonomous endpoint protection company. The new partnership will enable SentinelOne customers to dramatically
McAfee Announces New Partnerships and Certified Integrations (Yahoo) McAfee Security Innovation Alliance and McAfee CASB Connect Program Now Includes 158 Partners Worldwide
Will Congress ever get better at technology security? (Fifth Domain) Budgets, physical limitations and partisan politics hamper Congress' ability to become more savvy to rapidly changing technology.
Black Hat: Flaws in Kid’s Tablet App Raise Privacy Woes (Threatpost) Several serious privacy flaws in a kid's tablet were disclosed this year at Black Hat, which could allow a bad actor to track or send messages to children.
#BSidesLV: DNC CISO Talks Need to be Secure by Design (Infosecurity Magazine) Democrats CISO talks of need to tear up
#BSidesLV: I Am The Cavalry Reflect on Six Years of Achievement, More to Accomplish (Infosecurity Magazine) I Am the Cavalry reflect on six years of achievement and contemplate next steps
Cyber Attacks, Threats, and Vulnerabilities
New Intel SWAPGS Flaw Spells Bad News for Users (Infosecurity Magazine) Firms and consumers urged to patch
Researchers discover troubling new security flaw in all modern Intel processors (The Next Web) The flaw could see attackers steal passwords, login credentials, and more.
Twitter ‘fesses up to more adtech leaks (TechCrunch) Twitter has disclosed more bugs related to how it uses personal data for ad targeting that means it may have shared users data with advertising partners even when a user had expressly told it not to. Back in May the social network disclosed a bug that in certain conditions resulted in an account’s …
New Echobot Botnet Variant Uses Over 50 Exploits to Propagate (BleepingComputer) A new variant of Echobot botnet has been spotted to include over 50 exploits leading to remote code execution (RCE) vulnerabilities in various Internet-of-Things devices.
LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks (TrendLabs Security Intelligence Blog) Our analysis of a new LokiBot variant shows that it has improved its capabilities for staying undetected within a system via an updated persistence mechanism and the use of steganography to hide its code.
Zero-Day Bug in KDE 4/5 Executes Commands by Opening a Folder (BleepingComputer) An unpatched zero-day vulnerability exists in KDE 4 & 5 that could allow attackers to execute code simply by tricking a user into downloading an archive, extracting it, and then opening the folder.
Cryptolocking WordPress Plugin Locks Up Blog Posts (Threatpost) A new type of malicious plugin has been spotted in the wild with the capability of targeting individual blog posts.
With warshipping, hackers ship their exploits directly to their target’s mail room (TechCrunch) Why break into a company’s network when you can just walk right in — literally? Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certain…
New ‘warshipping’ technique gives hackers access to enterprise offices (ZDNet) Delivery workers may inadvertently provide the bridge between hacker and victim.
Package Delivery! Cybercriminals at Your Doorstep (Security Intelligence) Find the latest security analysis and insight from top IT security experts and leaders, made exclusively for security professionals and CISOs.
Capital One Cyberattack Technical Analysis and Detection Using Security Analytics (Securonix) On July 29, 2019, we learned of a massive cyberattack and data breach targeting Capital One. The Securonix Threat Research Team has been actively investigating the details of the attack to help our customers detect,…
El Paso and Dayton Tragedy-Related Scams and Malware Campaigns (CISA) In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events.
iovation Research: Fraudsters Increasingly Leveraging Mobile Devices for Schemes (iovation) TransUnion company explores top continents and countries for risky mobile transactions, and types of behavior businesses to need to look for to catch mobile fraud
Baldr malware unpicked with a little help from crooks’ bad opsec (Naked Security) New research from Sophos takes an exhaustive look at the Baldr password stealer.
Baldr vs The World: A SophosLabs report (Sophos News) A new stealer enjoys a wild ride, but is it a flash in the pan or a long term threat?
Clever Amazon Phishing Scam Creates Login Prompts in PDF Docs (BleepingComputer) The goal of any phishing scam is to make you do something you shouldn't do. Such is the case with a phishing campaign that utilizes PDF attachments that display login prompts that to many would look legitimate.
Secretive 'Machete' hacker group steals GBs worth of sensitive files from the Venezuelan military (The Next Web) ESET researchers uncover a cyber-espionage campaign — operated by Machete — stealing sensitive documents from the Venezuelan military forces.
MegaCortex Redesign is a $5.8m Challenge to Firms (Infosecurity Magazine) Ransomware authors improve automation and usability
Bishop Fox Uncovers Security Flaws in Mass Transit Mobile Apps (PR Newswire) Bishop Fox, the largest private professional services firm focused on offensive security testing, has uncovered an...
This cryptocurrency stealing malware was blocked more than 360,000 times over the past year (Hard Fork | The Next Web) According to the latest figures from cybersecurity firm Avast, a cryptocurrency stealing malware has been blocked more than 360,000 times by its software.
Hackers love to see you on Wi-Fi, home or public (Gulf News) You might actually be surprised how easy it is to hack into your home Wi-Fi network
Shape Security Blog : Healthcare CAPTCHA: The Cure that’s Worse than the Disease (Shape Security Blog) A healthcare insurer was forced to use a CAPTCHA. 70% of their aged patients could no longer refill their prescriptions. It was a complete disaster.
Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs (Threatpost) Flaws in Qualcomm chipset expose millions of Android devices to a hacking threat.
New tool for cybercriminals: Apps that generate international phone numbers (ETCIO.com) The apps provide users the option to get a local number in a foreign country and make international calls
Exclusive: High-security locks for government and banks hacked by... (Reuters) Hackers could crack open high-security electronic locks by monitoring their powe...
African bank foils suspected North Korean cyber attack (ComputerWeekly.com) An African bank is among the financial institutions to be targeted by North Korea’s multi-billion dollar cyber theft campaign to support its weapons programmes.
Oh Snoop: Why Truecaller knows when your salary is credited (ETCIO.com) Truecaller UPI signup fiasco is more than just a phonebook snoop. From the message of salary credited to your personal data, it has more twist than yo..
Fourth Florida city in two months reports it was swindled in cyber scam (The Center Square) A fourth Florida municipality since June has acknowledged it has been cyber-scammed but, unlike the three other cases, this time the theft did not include a date breach, “ransomware” or
Downtown Naples will continue despite lost funds after spear phishing attack (Naples Daily News) The Eighth Street South Project will continue as planned despite loss of funds after spear phishing attack
Joe Biden and Kamala Harris were top targets of misinformation around July primary debates, report says (Newsweek) The falsehoods identified by VineSight were not run-of-the-mill social media jabs, but high-performing tweets that passed a certain threshold for virality.
Democrats and Doctors Behind Latest Wave of Leaked Data (Threatpost) Patient medical history and over 6 million email addresses tied to Democrats were detailed in a misconfigured storage buckets over the past few weeks.
Controversy after Storm Area 51 temporarily taken down (KTNV) Controversy is swirling after a viral Facebook event calling for people to storm Area 51 was abruptly taken down and then restored hours later.
Indie developer flooded with racist, misogynist abuse after announcing Epic partnership (TechCrunch) The two developers of an indie game called Ooblets have been subjected to "tens of thousands if not hundreds of thousands" of abusive messages following their decision to put their game on the Epic Games Store. It's a worrying yet entirely unsurprising example of the toxic elements of the gaming co…
We did the thing (Ooblets) A rather large announcement
Security Patches, Mitigations, and Software Updates
SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS (BleepingComputer) Both Microsoft and Redhat have released advisories about a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system.
Silent Windows update patched side channel that leaked data from Intel CPUs (Ars Technica) It took a year, but the patch fixes a new speculative-execution flaw found by Bitdefender.
iOS 13 privacy feature will force total overhaul for Facebook apps (Ars Technica) Apple is set for another privacy showdown with Facebook and VoIP apps.
NVIDIA patches high-severity bugs in Windows GPUs and SHIELD (Naked Security) NVIDIA has patched five bugs in its Windows GPU display driver, three of which could allow an attacker to execute code on the system.
Cylance Protect AV vulnerability patched (SC Magazine) Cylance has patched a vulnerability in the antivirus product that allowed attackers bypass the system's machine learning algorithm and insert suspect code
Cyber Trends
State of Threat Detection and Response (Fidelis Security) Key insights include: Confidence in security defenses have a ripple effect - Nearly half of respondents (49.02%) don’t have visibility of their entire cyber terrain and over half (55.03%) don’t have control over blind spots which lowers their confidence in their organization’s ability to identify insider threats...
Affordable Tools and Shared Responsibilities Define Midmarket IT Security Trends (Solar Winds) Midmarket companies face considerable business challenges as they adopt and embrace technology that will help them grow into the enterprises of tomorrow.
Cloud Security Alliance Report Lists Top 11 Threats (MeriTalk) The Cloud Security Alliance (CSA) released its Top Threats to Cloud Computing Report today. The report, which was created after surveying 241 cloud industry experts, highlights the top 11 threats facing cloud computing. The report noted that cloud security issues are “often the result of the shared, on-demand nature of cloud computing.”
Has Medical Device Security, Awareness Improved in Healthcare? (HealthITSecurity) As the threat landscape continues to expand and with healthcare's reliance on legacy platforms, HealthITSecurity.com asked two leaders whether the sector is improving its medical device security.
Why Modern Identity Verification is Crucial in Today’s Threat Landscape (Infosecurity Magazine) Multiple digital identity checks for remote verification will help increase pass rates
M&A activity can create cybersecurity holes, ACSC warns (CSO) Merger mania is seeing new organisations absorbed quickly – but without care, exploitable security gaps are inevitable
Cybersecurity Leaders Face Challenges with Cyber Transformation (Security Magazine) CSOs and CIOs ranked cybersecurity transformation as one of the most challenging aspects of cyber risk management that are related to the entire infrastructure.
Kellermann: Hackers Emboldened by Lack of Prosecutions (BankInfo Security) The hacking subculture has been emboldened by a lack of prosecutions for cybercrime worldwide, says Tom Kellermann of Carbon Black, who addresses the evolving
'Critical national infrastructure is a tempting target for cyber threat actors' (Express Computer) California based cybersecurity company CrowdStrike effectively tackles the most modern-day and malicious cyber threats. Mike Sentonas, VP Technology of CrowdStrike, claims that none of the establishments which are under Crowdstrike shelter, fell to prey to any internet crime
Email - everybody's darling - Why users and hackers love email (SC Magazine) 55% of US workers think that email communication prevents them from doing their job properly with both spam as well as loss and theft of data major concerns which encrypting data has not overcome.
Marketplace
Your Company's Surprising Supply Chain Exposure on Huawei (Forbes) U.S. corporate leaders who believe that the firestorm surrounding Huawei won’t singe their companies might want to think again.
DeepCode Raises $4M Seed Round Led by Earlybird to Improve Software Development With AI-Powered Code Reviews (Yahoo) DeepCode, the platform for AI-powered code reviews, today announced that it has raised $4 million (CHF3.92 million) in seed funding led by Earlybird, with participation from 3VC and existing investor btov Partners. DeepCode has previously raised CHF1.1 million. The new funding will enable DeepCode
Defense Intelligence Agency Secures Intel Analysis Solutions (SIGNAL Magazine) BAE Systems Technology Solutions & Services Inc., Rockville, Maryland (HHM402-19-D-0005); Bluehawk LLC,* West Palm Beach, Florida (HHM402-19-D-0008); Booz Allen Hamilton Inc., McLean, Virginia (HHM402-19-D-0007); CACI Inc. – Federal, Arlington, Virginia (HHM402-19-D-0015)...
US Air Force Bug Bounty Program Nets 54 Flaws for $123,000 (Dark Reading) The Air Force brought together 50 vetted hackers to find the vulnerabilities in the latest bug-bounty program hosted by a branch of the US military.
The Air Force sends good guys in to hack its cloud (Fifth Domain) The Air Force invited ethical hackers into its IT networks again this spring and a new series of penetration test found 54 vulnerabilities.
AT&T Launches Public Bug Bounty Program on HackerOne (BleepingComputer) Today AT&T is announcing their launch of a new public bug bounty programs on the HackerOne platform. This program will allow security researchers to report security bugs to AT&T in order receive a monetary reward.
Capital One Breach a Win for Crowdsourced Cybersecurity (Bloomberg) Some offer pats on the back, others dangle ‘bug bounties.’ Security researcher alerted bank to leaked data in GitHub file.
Movers and shakers: ‘Our operating model is so powerful’ - Simon Gillespie of Dimension Data (CIO New Zealand) ICT leaders on the move and in the news
NCC announces Booz Allen Hamilton as Space ISAC's newest founding member (The Colorado Springs Business Journal) Booz Allen Hamilton is the newest founding member of Space ISAC, the National Cybersecurity Center and Space Information Sharing and Analysis Center
Booz Allen and Hypergiant Industries Form Strategic Relationship to Speed the Adoption of Artificial Intelligence (BusinessWire) Booz Allen and Hypergiant Industries Form Strategic Relationship to Speed the Adoption of Artificial Intelligence
Inside the dark web scramble to get far-right conspiracy site 8chan back online (The Independent) Bad actors have thrived on dark web because it allows website owners and visitors to obscure their location and internet address
Revealed: how Peter Thiel’s Palantir quietly won £10m of MoD contracts (NS Tech) The Ministry of Defence (MoD) has quietly awarded more than £10m of contracts to a controversial surveillance company set up by the Paypal billionaire and Trump supporter Peter Thiel, NS Tech can reve
CyberSponse is Proud to Announce the Opening of its New Middle East Office (PRWeb) CyberSponse, the premier SOAR Solution for enterprises, is expanding efforts globally by establishing a new office presence in Dubai, United Arab Emirates.
Kenna Security Names Caroline Japic Chief Marketing Officer (West) Award winning marketing professional will lead a new era of growth
Products, Services, and Solutions
CrowdStrike Introduces CrowdScore, Industry-First CxO Score Measuring Real-Time Threat Level of an Organization (Yahoo) CrowdStrike® Inc., a leader in cloud-delivered endpoint protection, today announced the launch of CrowdScore™, a new industry innovation on the CrowdStrike Falcon® platform. CrowdScore is a simple metric that enables CxOs to instantly see the real-time threat level their organizations are facing, allowing
Harlingen WaterWorks System Transforms VDI Performance and Reliability (PRWeb) Scale Computing, a market-leader in edge computing, virtualization and hyperconverged solutions, today announced that Harlingen WaterWorks System (HWWS), a Te
Proficio Partners with PatternEx to Bring Artificial Intelligence-based Threat Detection to Proficio Clients (Yahoo) PatternEx's Virtual Analyst Platform to Maximize the Productivity of Proficio's Global Team of Security Analysts
42Crunch Adds OpenAPI Editing Tools to its API Security Platform (Security Boulevard) Enables any developer to become a security expert and the driving force of API Security
ForgeRock Delivers Open Source IoT Edge Controller Solution to Secure Device Identities (West) Adds Trusted Identity at Device Level; Released Under Apache 2.0 License for Rapid Adoption in Consumer and Industrial IoT Use Cases
Netwrix to introduce its Data Classification platform (Netwrix) The solution, based on the technology acquired from Concept Searching in December, enables organizations to reduce the exposure of sensitive data, meet compliance requirements, and improve employee productivity.
Strategic Distribution Agreement Between NessPRO And NanoLock Security (Nanonolock Security) NessPro will distribute NanoLock’s unique technology for securing IoT and connected edge devices.
1touch.io Launches Portuguese Version of Solution to Help Enterprises (PRWeb) 1touch.io, the leading provider of data and privacy management control solutions, announced today the general availability of a Portuguese version of its s
Bugcrowd Establishes Standard for Crowdsourced Security Workflow Management | Bugcrowd (Bugcrowd) New standardized workflows, advanced reporting, and enhanced skills matching help operationalize true security intelligence Bugcrowd, the only true SaaS platfor
Bugcrowd Announces Industry’s First Platform-Enabled Cybersecurity Assessments for Marketplaces (Bugcrowd) Bugcrowd for Secure Marketplaces enables bulk adoption of crowdsourced security for marketplace and app store owners Bugcrowd, the only true SaaS platform buil
Arctic Wolf Announces the Arctic Wolf Agent To Protect Endpoints and the Workforce (BusinessWire) Arctic Wolf Networks, a leading security operations center (SOC)-as-a-service company, today announced the Arctic Wolf™ Agent, an endpoint monitoring
Thycotic launches high-velocity vault for securing access to DevOps environments (ITWeb) The vault enforces corporate password and access policies without slowing down the development and delivery of application updates that businesses need to stay competitive, says Jai Dargan, vice-president of product management at Thycotic.
GrayHair Achieves SOC 2 Compliance and HITRUST Controls Mapping (Yahoo) GrayHair Software, the trusted partner and provider of mail tracking and address hygiene services to the largest mailers and mail service providers in the country, today announces the successful completion of a Service Organization Control (SOC) 2® Type II Audit
ThreatConnect Launches Developer Partner Program (Yahoo) ThreatConnect Inc.®, provider of the industry’s only intelligence-driven security operations platform, is excited to announce the launch of its Developer Partner Program. ThreatConnect’s Developer Partner Program will provide third-party companies with the resources and support they need to develop,
After near-miss attack, Hong Kong law firm turns to Darktrace AI (Cambridge Network) Darktrace, the world’s leading cyber AI company has today announced that one of Hong Kong’s largest domestic law firms, ONC Lawyers, is using its cyber AI platform to defend sensitive client information.
Recorded Future Amplifies Orchestration and Automation Strategies With Original Intelligence and Enhanced Integration (Yahoo) New Security Control Feeds Provide Organizations With Uniquely Curated, High Fidelity Indicators of Compromise, While Enhancements to Usability Help Fulfill Promise of SOAR Solutions BOSTON , Aug. 6, 2019 ...
ForgeRock Delivers Open Source IoT Edge Controller Solution to Secure Device Identities (West) Adds Trusted Identity at Device Level; Released Under Apache 2.0 License for Rapid Adoption in Consumer and Industrial IoT Use Cases
KnowBe4 Launches PhishML to Help Identify and Assess Dangerous Message (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced PhishML (Machine Learning), a new
Technologies, Techniques, and Standards
What all the stuff in email headers means—and how to sniff out spoofing (Ars Technica) Parsing email headers needs care and knowledge—but it requires no special tools.
Former DHS, intelligence leaders launch group to protect presidential campaigns from foreign interference (TheHill) Two former Homeland Security secretaries, along with other former top intelligence officials, launched a non-profit group on Tuesday intended to protect presidential campaigns from foreign interference, such as cyber attacks, at no cost.
Using Social Media to Prevent Mass Shootings Faces Challenges (Wall Street Journal) President Trump’s call for law enforcement and social-media companies to develop technology to prevent mass shootings cuts to the heart of several enormous challenges, experts say.
The gap between war games and reality - Observations from the 2019 Naval War College Cyber War Game (Control Global) I participated in the Naval War College Cyber War Games July 25-26, 2019 in Newport, RI. I have provided my observations and recommendations.
Clash of the Apps (Infosecurity Magazine) One of the biggest issues I see these days is the deployment of incident response tools to aid an investigation
8 Actionable Tips a CISO Can use to Communicate to the Board or C-suite (Bricata) The growing importance of security to business has made communicating with a board of directors an essential duty for a CISO – here are some tips for getting your message across.
Kazakh Authorities Say Testing Of Web Traffic Spy Tool Near Completion (RadioFreeEurope/RadioLiberty) Kazakhstan's main security service said it will finish testing an encryption-busting root certificate on August 7 that critics say allow it to spy on user activity on the Internet.
Thinking like a Cyber Criminal: Strategies to Keep Small Businesses Secure (Channel Futures) Who are these attackers targeting the networks of small businesses, and what are their motivations? LogMeIn sat down with Attila Torok, Director of Security Engineering at LogMeIn, and asked him to dive into the mindset of these cybercriminals.
Design and Innovation
Can a wearable token improve Army network security? (C4ISRNET) A small identity device could serve as a viable battlefield replacement for Common Access Cards.
Research and Development
DARPA Is Taking On the Deepfake Problem (Nextgov.com) The agency wants to teach computers to detect errors in manipulated media using logic and common sense.
Academia
Hacking with elite white hats (ASU Now: Access, Excellence, Impact) At the world’s largest hacking conference starting Thursday, some of the top hackers around will compete to earn the coveted black badge only the best earn. ASU is playing a leading role at DEF CON, where attendees include cybersecurity professionals, security researchers and federal officials. “It’s considered either the Olympics or the Super Bowl of hacking,” said ASU's Adam Doupé, associate director of the Center for Cybersecurity and Digital Forensics who will be helping to lead the competition efforts.
CSM Students – Turned CSM Employees – Advance in National Cyber FastTrack Competition, Earn Scholarships (The Southern Maryland Chronicle) News Release, College of Southern Maryland Two previous College of Southern Maryland cybersecurity students and who now works at the
LCC awarded elite status by NSA/Department of Homeland Security
(WSYM) LCC has been designated a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) through academic year 2024 by the National Security Agency and the Department of Homeland Security.
Legislation, Policy, and Regulation
Exclusive: China warns India of 'reverse sanctions' if Huawei is blocked - sources (Reuters) China has told India not to block its Huawei Technologies [HWT.UL] from doing bu...
How to Understand the United States and Iran (Foreign Affairs) From the Nuclear Deal to the Brink of Crisis
Atlantic Council Statement on the Appointment of Christopher Porter as National Intelligence Officer for Cyber at the Office of the Director of National Intelligence (Atlantic Council) Atlantic Council President and CEO Frederick Kempe today issued the following statement on the appointment of Christopher Porter, Atlantic Council Senior Fellow and Chief Technology Officer for Global Cybersecurity Policy at...
Israel training autistic adults for cybersecurity jobs (Israel21c) New initiative will enable people with disabilities to fill job openings such as security operations center inspector.
Litigation, Investigation, and Law Enforcement
AT&T employees took bribes to plant malware on the company's network (ZDNet) DOJ charges Pakistani man with bribing AT&T employees more than $1 million to install malware on the company's network, unlock more than 2 million devices.
Leader of Conspiracy to Illegally Unlock Cell Phones for Profit Extradited from Hong Kong (US Department of Justice, Office of Public Affairs) A 34-year-old citizen of Pakistan, who is alleged to have paid insiders at telecommunications giant AT&T to plant malware and otherwise misuse computer networks to unlock cellphones, was charged in a 14-count federal indictment unsealed yesterday following his extradition from Hong Kong to the Western District of Washington.
8chan owner called before Congress following El Paso shooting (RNZ) The online message board 8chan is being called before Congress to testify about its racist and notorious content.
Israeli firm behind WhatsApp spyware hack faces lawsuit from Amnesty International (Easton Caller) Secretive Israeli firm behind WhatsApp spyware hack is sued by Amnesty International over ‘surveillance of its staff‘
Facebook sues two app developers for click injection ad fraud (TechCrunch) Facebook has filed lawsuits against two app developers accused of generating fraudulent revenue using the social media giant’s advertising platform. The company announced the legal action in a blog post Tuesday. “The developers made apps available on the Google Play store to infect thei…
Enforcing Against Click Injection Fraud (Facebook Newsroom) Facebook filed suit against two app developers for misrepresenting that a real person had clicked on their ads.
Fake Dell support rep admits to talking US colleges out of $874,000 (Naked Security) His victims: UCSD and a Pennsylvania university. He hid out in Kenya for nearly 8 months before being nabbed.