The CyberWire Daily Briefing, 12.2.19

Cyber Attacks, Threats, and Vulnerabilities

Dutch Govt Warns of 3 Ransomware Infecting 1,800 Businesses (BleepingComputer) A confidential report from the National Cyber Security Centre (NCSC) in the Netherlands informs that at least 1,800 companies are affected by ransomware across the world.

Cyber attack targets UK’s nuclear industry (The Telegraph) GCHQ cyber experts have been called in after a digital attack on a major player in Britain’s nuclear power industry triggered a security crisis.

RevengeHotels: cybercrime targeting hotel front desks worldwide (SecureList) RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil.

Data of 21 million Mixcloud users put up for sale on the dark web (ZDNet) Emails, usernames, and strong-hashed passwords sold for $2,000.

Mixcloud Investigating Alleged Data Breach Impacting 21 Million Users (Vice) Mixcloud is investigating data for sale on the dark web after Motherboard alerted the company of the issue.

Advanced Hacking Groups Keep Showing Up, Old Ones Evolve (BleepingComputer) Advancements in the threat landscape are clear from one year to another. Since last year, security researchers have seen new adversaries along with methods of compromise and more overt cyberattacks.

HPE warns of impending SSD disk doom (Naked Security) The company has revealed that many of its SSDs are set to permanently fail by default after 32,768 hours of operation.

Crypto Exchange Upbit Confirms Theft of $49M in Ether (CoinDesk) 342,000 ether have been taken from the wallets of South Korean crypto exchange Upbit, the firm's CEO says.

Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network (BleepingComputer) In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform.

Security Firm Prosegur Hit By Ryuk Ransomware (GovInfo Security) Global security company Prosegur has blamed Ryuk ransomware for a service disruption that started Wednesday, which may have hampered networked alarms. Prosegur

Palo Alto Networks hit by data leak (TechRadar) Third-party vendor leaked employees' personal information online

New Chrome Password Stealer Sends Stolen Data to a MongoDB Database (BleepingComputer) A new trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords.

Magento Marketplace suffers data breach exposing confidential details of users (Computing) Magento's platform has been targeted in the past by Magecart scammers, but it claims its core products and services were not exposed in this latest incident

Adobe Magento Marketplace Exposed User Info in Data Breach (BleepingComputer) Magento Marketplace users were informed this week that a vulnerability allowed an unauthorized third party to gain access to some account information.

Fake Steam Skin Giveaway Site Steals your Login Credentials (BleepingComputer) A fake Steam skin giveaway site has been created that states it gives away news skins every day, but in reality it just steals your login credentials.

Hackers have reportedly figured out how to reactivate people's canceled Netflix accounts and start charging them again for monthly subscriptions (Business Insider) The hacks were reportedly enabled by the fact that Netflix stores customer data for 10 months after someone cancels an account.

Netflix account freeze – don’t click, it’s a scam! (Naked Security) The telltale signs are all there… but if you’re in a hurry, this Netflix scam passes the “visual appeal” test.

Google caught a Russian state hacker crew uploading badness to the Play Store (Register) Adtech firm also sent 12k phishing warnings to users of its services

5 scams to watch out for this shopping season (WeLiveSecurity) Black Friday and Cyber Monday are just around the corner and scammers are gearing up to flood you with bogus offers. Here are some of the most common types of shopping scams you should watch out for.

Beware of Thanksgiving eCard Emails Distributing Malware (BleepingComputer) With Thanksgiving being celebrated in the United States, malware distributors are sending out holiday themed emails to distribute the Emotet Trojan and other malware.

'Grinch bots' are here to ruin your holiday shopping (NBC News) Didn't catch that hot item online? That may be because you're competing with bots programmed to sweep up the best deals.

These holiday scams are heavy on naughty, totally lacking in nice (SentinelSource.com) It’s the most wonderful time of the year. But for consumers, it’s also the most dangerous.

New Ransomware Targets Removable And Attached Drives (neoRhino IT Solutions) There's a new and unusual ransomware strain making the rounds that you should be aware of. Called 'AnteFrigus,' it is primarily distributed via 'malvertising' that redirects users to the RIG exploit kit. One of the most unusual features of this...

Kids’ smartwatch security tracker can be hacked by anyone (Naked Security) For researchers at testing outfit AV-Test, the SMA M2 kids’ smartwatch is just the tip of an iceberg of terrible security.

Beware gifts bearing 'backdoors' and other security vulnerabilities this holiday season (USA TODAY) Don't be fooled by the discounts these companies offer. The cost to your privacy could be much greater than you bargained for.

Cyber-fraudsters increasingly collecting users’ selfies and IDs (Planet Biometrics News) In the third quarter of 2019, Kaspersky experts have detected a surge in fraud related to the stealing of personal and confidential documents through photos and selfies (often required for registration or identification purposes). In phishing emails, seemingly from payment systems and banks, users were asked under various pretexts to confirm their identity by going to a special page and uploading a selfie alongside a photo of the ID document.

Webroot: Don't be a security scrooge this holiday season (KGUN) The holiday season brings travel, giving back, shopping for our friends and family, and preparing for the New Year. But with all the holiday cheer, we may find ourselves becoming less cautious, especially when it comes to online safety

Facebook and Instagram back up after big Thanksgiving outages (The Verge) Good luck sharing Thanksgiving photos today

Facebook Says Outages Have Been Resolved (Wall Street Journal) Facebook said it identified the cause of a widespread outage of its Facebook, Messenger and Instagram platforms and had started restoring full access to affected users.

Cybersecurity: The web has a padlock problem - and your internet safety is at risk (ZDNet) We've been taught to look out for that little padlock to ensure a website is secure. But it's dangerous to rely on just one detail.

It’s Way Too Easy to Get a .gov Domain Name (KrebsOnSecurity) Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org.

Hacker’s paradise: Louisiana’s ransomware disaster far from over (National Cyber Security) Louisiana has brought some of its services back as it recovers from a targeted ransomware attack using the Ryuk malware on November 18.

Analysis: Louisiana cyberattack disrupts, but not worst-case (Shreveport Times) The cyberattack on state government offices was nowhere near the worst-case scenario.

Report: Millions of Americans at Risk After Huge Data and SMS Leak (vpnMentor) Introduction Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breached database belonging to the American communications company,

New phone scam targets businesses (Johnson City Press) Someone with a new phone scam has area businesses in its sights by trying to convince an employee their boss is stealing from the establishment. “Businesses have received calls –

Oyster card accounts locked with users asked to reset passwords (Computing) TfL acts for a second time following August security breach - again blaming the risk of credential stuffing

How SA came under sustained attack from hackers (Gadget) South Africa’s financial services sector experiences single longest running attack globally, according to new Mimecast report

Nearly half of Aussies can’t identify fake NAB website - survey (Security Brief) Phishing continues to be one of the leading attack methods because it allows cybercriminals to target people at scale using social engineering.

Phishing emails are still managing to catch everyone out (ZDNet) While the move to cloud computing is boosting security for some parts of the business, basic mistakes are still giving hackers a foot in the door.

A Pennsylvania County’s Election Day Nightmare Underscores Voting Machine Concerns (New York Times) How “everything went wrong” in Northampton County.

Analysis | The Cybersecurity 202: Pennsylvania voting debacle gives ammunition to paper ballot push (Washington Post) An apparent software glitch led to a hugely incorrect vote count.

Ohio Election Day cyber attack attempt traced to Panama (The Repository) Ohio Secretary of State Frank LaRose said that the “SQL injection” attack was detected by the state’s internal systems. He called the

Russian firm's attempt to hack Ohio voting systems thwarted (TheHill) State election officials said Ohio detected and stopped an election-related cyberattack earlier this month, The Associated Press reported.

Most 2020 candidates are still at risk of DNC-style attacks (TechCrunch) Only seven out of 21 candidates are using a basic email security feature that helps prevent targeted phishing attacks.

Rudy Giuliani’s security company gets an “F” for website security (Quartz) The president's cybersecurity adviser doesn't maintain even the most rudimentary security protocols.

Ransomware Locks Medical Records at Great Plains Health (BleepingComputer) Great Plains Health medical center is recovering from a ransomware incident that hit its computer network at the beginning of the week and forced switching to pen and paper to maintain activity.

“No indication” data lost during cyber attack on James Fisher and Son (The Mail) Cumbrian marine services firm James Fisher and Sons has said there is no indication that personal or commercially sensitive data was lost during a…

The worst cyber attack in DoD history came from a USB drive found in a parking lot (We Are The Mighty) The NSA and DoD quickly determined the cause of the infection, and banned thumb drives as a response. They then collected thousands of thumb drives from officers and other troops in the field, finding they were all infected with the worm as well. Reports of new infections to the network didn't slow ...

Cyber Trends

Top 25 Most Dangerous Vulnerabilities Refreshed After 8 Years (BleepingComputer) For the first time in eight years, the list with the most dangerous 25 software vulnerabilities received an update that promises to be relevant for current times.

Group-IB annual report on trends and forecasts in cyberthreat landscape (Group-IB) Strategic intelligence data on state-sponsored groups, industry-specific cyberthreats, targeted attacks on banks and banking clients

Most businesses have yet to allocate a CCPA compliance budget (Help Net Security) Only 15% of organizations report having a mature approach to data privacy, 59% have yet to allocate a CCPA compliance budget.

The $6 Trillion Problem The Energy Industry Is Ignoring (OilPrice.com) The $6 Trillion Problem The Energy Industry Is Ignoring

A decade of hacking: The most notable cyber-security events of the 2010s (ZDNet) ZDNet takes a look over the most important data breaches, cyber-attacks, and malware strains of the last decade.

Marketplace

Cyber-security M&A - a victim of nationalism and macroeconomics? (SC Magazine) Governments working to close the shutters on possible routes into their country's national security infrastructure have begun to vet M&A or other corporate transactions entailing investing in technology.

Palo Alto Networks brings its cyber startup acquisitions together in Prisma Cloud (SiliconANGLE) Palo Alto Networks brings its cyber startup acquisitions together in Prisma Cloud - SiliconANGLE

Palo Alto Adds to Cloud Security Suite With Aporeto (Channelnomics) Company building out Prisma portfolio through acquisitions

SecuLetter Attracts a USD 6 Million Series B Funding (PR Newswire) SecuLetter, a member company of the Born2Global Centre, has attracted a USD 6 million series B investment, and received corporate valuation of...

The fall and rise of a spyware empire (MIT Technology Review) Human rights abuse and a decimated reputation killed Hacking Team. The new owners want to rebuild.

Huawei CEO Speaks Out About US Ban (Pandaily) In an interview with CNN, Ren Zhengfei decided to break the silence and address the issue implying that the the US has treated Huawei unfairly.

Exclusive: China's ByteDance moves to ringfence its TikTok app amid U.S. probe - sources (Reuters) ByteDance has stepped up efforts to separate its social media app TikTok from mu...

An update on recent content and account questions (Newsroom | TikTok) By Eric Han, Head of Safety, TikTok USThere has been significant interest and confusion regarding a user's two TikTok accounts and her viral video talking about the Uighur community in China. In this

Facebook Ruined Democracy, Says Palo Alto’s Nir Zuk (CTECH) In the race between two of the world’s most dominant cybersecurity companies, Palo Alto may have pulled ahead, but Check Point still looms in the rear view mirror

Tech’s Pioneers Have Been Left Behind. Their Stocks Are Cheap—and Complicated. (Barron's) As Xerox makes a daring bid for HP Inc., old-line tech struggles for relevance. Weighing the future of tech pioneers like Cisco, IBM, Intel, and Oracle.

Palo Alto Networks' Cybersecurity Transformation Is Yielding Results (The Motley Fool) And it made its eighth acquisition in two years.

Proofpoint Augments DLP Capabilities With ObserveIT Buyout (Yahoo) Proofpoint (PFPT) acquires ObserveIT's technologies to allow enterprises monitor user activity with sensitive data, identify the location of the activity and rectify the risk.

Can Zscaler Still Scale Up in Q3? (The Motley Fool) The leading cybersecurity outfit still has a lot of potential, though investors have to pay up for a piece of the action.

3 Reasons This Stock Is a Top Cybersecurity Pick (The Motley Fool) The improvement in key metrics and steps to boost growth make this cybersecurity stock a long-term pick.

Ottawa’s AI ethics test didn’t consider Palantir’s controversial work with U.S. law enforcement (The Logic) Civil rights groups have criticized the company’s contracts with immigration authorities and police forces

ExtraHop : Honored as One of Washington‘s Best Companies to Work For by Seattle Business Magazine (Hoback Herald) ExtraHop®, provider of enterprise cyber analytics from the inside out, announced today it has been honored as one of Washington’s best companies to

Crypto Needs Journalists More Than It Wants to Admit (Fortune) A battle between a huge crypto exchange and a tiny news startup highlights one of crypto's biggest problems - its distaste for facts.

Can industry help Homeland Security develop its cyber workforce? (Fifth Domain) DHS seeks input from industry on several project objectives for its forthcoming cybersecurity talent management system.

Twitter says it won’t delete tweets from those who have died (Naked Security) It “was a miss on our part”, Twitter said.

Twitter pauses plan to delete inactive accounts (Axios) The move comes amid concerns it would delete accounts from those who had died.

Five cybersecurity certifications that provide value to employers (Help Net Security) Wondering about cybersecurity certifications value? Here are a few guiding thoughts on how you should be thinking about professional certifications.

ICIT Honors Dr. Ron Ross (NIST) and Suzette Kent (OMB) at 2019 ICIT Gala & Benefit (Yahoo) ICIT (Institute for Critical Infrastructure Technology) honored Dr. Ron Ross (Fellow, NIST) and Suzette Kent (Federal CIO, Office of Management and Budget) as its 2019 Pioneer and 2019 Pinnacle Award Recipient respectively. The honorees were recognized at the 2019 ICIT Gala & Benefit held Nov 7, 2019

Party like a spy: Spookstock is intel world's hush-hush bash (Star Tribune) Sometime earlier this year, one of the most elite social events in Washington took place, but without any fanfare or news coverage.

American cybersecurity business to expand Manchester operations (Prolific North) Global cybersecurity consultancy, Coalfire, is investing in a 5,500sq ft office space in City Tower.

Channel veteran Nigel Spence joins Check Point (ARN) Long-time channel manager Nigel Spence has joined cyber security vendor Check Point to oversee its cloud partnerships.

Meet the Briton helping Silicon Valley scour the dark web for ‘multi-billion dollar’ crimes (The Telegraph) Homegrown Tech Talent:

FTI Consulting Expands Global Cybersecurity Practice with Two Senior Managing Director Appointments (Benzinga) FTI Consulting, Inc. (NYSE:FCN) today announced the continued expansion of its Cybersecurity practice with the appointment of two...

Products, Services, and Solutions

"World’s first" secure IoT beacon device launched (The Internet Of All Things) The IoT Security Beacon embeds the Bluetooth 5 RSL10 System-in-Package (RSL10 SIP) from ON Semiconductor.

Trend Micro launches Cloud One to meet strategic cloud priorities (Channel World) Cloud One allows developers to rapidly build applications using the cloud services they want while managing their organization’s risk.

Westpac hires IBM to probe its AUSTRAC debacle (iTnews) Big Blue's Promontory retained to rake over regulatory scandal.

GitGuardian, the security startup hunting down online secrets to keep companies safe from hackers (Cloud Pro) More than 3,000 company credentials unwittingly end up online everyday. GitGuardian helps firms plug these leaks

Endace and Athena Dynamics partner to expand cybersecurity and network monitoring market (Help Net Security) Endace, a world leader in high-speed network recording, playback and analytics hosting, has announced a partnership with Athena Dynamics in Singapore.

Technologies, Techniques, and Standards

Enterprise neglect leaves Black Friday cybersecurity responsibility to customers (CIO Dive) Cybercriminals feed on shoppers with weak personal cyber hygiene. Have companies done enough to protect customers?

Cyber security leaders prepare as criminals gear up for 'Cyber Monday' (WDTV) The deals will be hot and consumers are looking to take advantage. But criminals are also hoping to cash in this Cyber Monday.

The DAA Announces the Development of New CCPA Tools for Ad Industry (Cooley) On November 25, 2019, the Digital Advertising Alliance announced it is developing cross-industry tools for publishers, brands, agencies and adtech to provide a mechanism to opt out under the Califo…

How can financial institutions prevent shopping season fraud? (Help Net Security) In order to prevent shopping season fraud, financial institutions need to take responsibility to ensure the shopping season doesn't create problems.

Post NordVPN Data Exposure: Using Domain Threat Intelligence to Prevent MitM Attacks (CircleID) NordVPN admitted last month that its data center located in Finland was hacked on March 5, 2018. While the virtual private network (VPN) service provider claimed it learned of the incident as early as April 13, 2019, it only confirmed the compromise last month after reports that its expired Transport Layer Security (TLS) certificate and its private key were leaked.

Windows 10 Clone On The Menu As Hackers’ Favorite Hacking Tool Gets Update (Forbes) Kali Linux is more of a hacking tool than an OS. It comes with hundreds of preinstalled penetration testing applications, the Metasploit Framework (used for creating and executing security exploits) supports it as a platform and, oh yes, it can now pretend to be Windows 10.

Pennsylvania Completes Pilot Post-Election Audits Using Cutting-Edge Security Measure (MyChesCo) Secretary of State Kathy Boockvar announced that pilot enhanced post-election audits performed in Mercer County and Philadelphia provided valuable insight into how these audits can confirm the …

CIS Debuts New Benchmarks, Hardened Images at AWS re:Invent (PR Newswire) The Center for Internet Security, Inc. (CIS®) launched a new Department of Defense (DoD) STIG compliant CIS Benchmark and Hardened Image for...

How the Defense Digital Service revamped Army cyber training (Fifth Domain) Forces currently have to go to multiple locations for different levels of training prior to going to the operational force.

Make it fun: A cyber exec’s take on training a workforce (Fifth Domain) Circadence’s Keenan Skelly talks about some of the best ways to train the workforce on cyber.

Design and Innovation

Contract for Web Can't Fix Privacy Problems If Security Isn't Included (Decipher) As the inventor of the World Wide Web, Tim Berners-Lee proposed the [Contract for the Web](https://contractfortheweb.org/) as a way to address problems such as misinformation, mass surveillance and censorship online, but the list is not a realistic blueprint for action.

Can Artificial Intelligence Break Your Porn Habit? Lamar Odom Thinks So (Observer) Meet the growing “purity-industrial complex,” in which eager entrepreneurs are rolling out AI-powered purity solutions.

Research and Development

'Magnetic domain wall' circuit design could enable magnetic wave-based computing - little or no electricity required (Computing) Creating a practical magnetic-waves-based device requires efficient modulation of spin-wave propagation

Defence offers $4.5M for cyber security research (ARN) Australia’s Department of Defence has laid down $4.5 million in funding for technology companies and academics to design its cyber security future.

Can a computer have intuition? (Verizon) Developers programmed computers to have intuitive thinking.

Legislation, Policy and Regulation

Access to internet via mobile data restored: ISNA (Tehran Times) Access to the internet through mobile data networks is being restored in Tehran and some other provinces, according to ISNA.

USA – Iran: Cyber war part of hybrid war (Modern Diplomacy) Tensions are runing high again after a lull of several weeks in an open propaganda battle and a psychological war between the United States and its allies, on the one hand, and the Islamic Republic of Iran (IRI), on the other. Apparently, the current situation could hardly be described as a lull as Washington, with […]

China and Russia Beware: How the Pentagon Can Win the Tech Arms Race (The National Interest) The DoD is in need of reform.

Can ‘defend forward’ lead to greater cyber deterrence? (Fifth Domain) While deterrence above armed conflict has largely worked, deterrence in cyberspace below that threshold has not.

EU raises eyebrows at possible US encryption ban (Naked Security) EU officials have warned that they may not take kindly to a US encryption ban or insertion of crypto backdoor technology.

France Not Ruling Out Response to Cyber Attack on Hospital (Bloomberg) Rouen hospital hit by ransomware Nov. 15 and halted for days. Cyber attackers increasingly attack health services worldwide.

Draft Code of Practice: securing the Internet of Things for consumers (Lexology) Although expressed as a voluntary code, it's also possible that regulators such as the ACCC could rely on the international norms reflected in the…

China seeks to root out fake news and deepfakes with new online content rules (Reuters) Chinese regulators have announced new rules governing video and audio content on...

China launches mandatory face scans for mobile users (Quartz) The new policy went into effect Sunday amid worries about privacy and surveillance.

When China Rules the Web (Foreign Affairs) China is set to remake cyberspace in its own image. That will make the Internet less open and allow Beijing to reap vast economic, diplomatic, and security benefits that once flowed to Washington.

Wary of China, Germany Plans Rapid State Intervention to Protect Key Industries (New York Times) Germany set out plans on Friday to create a government committee to step in quickly to protect companies against foreign takeovers, a sign of concern about China and others acquiring its technology.

Germany to debate China's role in 5G (ECNS) Germany's ruling Christian Democratic Union unanimously voted to hold a debate in the Bundestag on the involvement of foreign suppliers in the country's network infrastructure.

Row over Chinese 5G equipment further strains U.S.-German relations (CBS News) U.S. Ambassador Richard Grenell called a German official's remarks this week "an insult to the thousands of American troops who helped ensure Germany's security."

Germany's difficult choice could be whether to alienate the US or China (CNBC) The alliance between Berlin and Washington has been historically important and secure but has waned in recent years, even before Trump's arrival in the White House.

Exclusive: U.S. weighs new regulations to further restrict Huawei suppliers - sources (Reuters) The U.S. government may expand its power to stop more foreign shipments of produ...

US weighs new regulations to further restrict Huawei suppliers (CNBC) The U.S. Commerce Department in May placed Huawei Technologies on a trade blacklist, citing national security concerns. Putting Huawei on the list allowed the U.S. government to restrict sales of U.S.-made goods to the company.

Turkey to host international cybersecurity exercise (DailySabah) Turkey is set to host Cyber Shield 2019, an international cybersecurity exercise, in Ankara on Dec. 19-20. Participants from around the globe will take...

CISA partners with OMB to stand up vulnerability disclosure policies at civilian agencies (Federal News Network) CISA and OMB will require civilian agencies to develop vulnerability disclosure policies.

DHS issues draft order requiring agencies to bolster cybersecurity (TheHill) The Department of Homeland Security’s (DHS) cybersecurity agency on Wednesday issued a draft order that would require federal agencies to increase protections against cyber vulnerabilities.

How Homeland Security plans to secure government websites (Fifth Domain) DHS's cyber unit issued a draft directive to secure federal government websites.

How America fails its whistleblowers (Vox) Whistleblowers who work with classified information have a few options. All of them are bad.

Stopping Grinch BOTS (US House of Representatives) “Allowing grinch bots to rig prices and squeeze consumers during the holiday season hurts American families, small business owners, product makers and entrepreneurs. We will not allow this market manipulation to go unchecked.”

Northern Comdr, Army vice chief among 3 in race for COAS (Daily Excelsior) Govt to name CDS, new Army chief PM, MoD to take call shortly Sanjeev Pargal JAMMU, Nov 29: While appointment of Army chief Gen Bipin Rawat as first Chief

Litigation, Investigation, and Enforcement

Opinion | The Criminal Silicon Valley Is Thriving (New York Times) Eastern Europe’s cybercriminals are highly sophisticated. Can they be coaxed into more honest work?

Has Huawei’s Darkest Secret Just Been Exposed By This New Surveillance Report? (Forbes) A new report claims Huawei has not been truthful about its surveillance work for the Chinese state. And the timing could not be worse.

Defector spy not of enough interest to be a threat, intelligence agencies say (news.com.au) A Chinese defector - claiming to be a former spy - reportedly had never been considered enough of a threat to attract any interest from intelligence agencies. The Daily Telegraph reports advice given to the government's National Security Committee of Cabinet claimed Mr Wang had not been deemed a foreign agent at a level that…

Law Enforcement Shuts Down Imminent Monitor Malware, Makes Arrests (BleepingComputer) Law enforcement agencies from numerous countries have shut down the Imminent Monitor Remote Access Trojan (RAT) and have arrested thirteen of its most prolific users.

ACT Government hacks expose weaknesses in territory's cyber security: expert (ABC News) Two hacking attacks on the ACT Government show a lack of basic cyber hygiene, according to a security expert, who warns smaller governments are a potential target for criminals.

Exclusive: EU antitrust regulators say they are investigating Google's data collection (Reuters) EU antitrust regulators are investigating Google's collection of data, the ...

Apple changes Crimea map to meet Russian demands (BBC News) Apple Maps now shows Crimea - annexed from Ukraine in 2014 - as part of Russia, when viewed there.

India plans security audit of WhatsApp after hacking attempt (Reuters) India wants to conduct an audit of WhatsApp's security systems following re...

Government plans WhatsApp security systems audit (The Times of India) India Business News: The government wants to conduct an audit and inspection of security systems and processes of Facebook-owned instant messenger WhatsApp over the Pegasu

WhatsApp snooping: Questions on how India tackling data breach (Sify) The WhatsApp snooping row that involves privacy infringement of 121 Indian users out of 1,400 globally via third-party Israeli Pegasus spyware is now witnessing serious questions on the part of the government in handling such a crucial matter in the absence of a robust digital legal framework.

Airbus fires 16 over suspected German army spying: report (The Local Germany) European aviation giant Airbus has fired 16 employees over a case that had prompted Germany to open a probe into suspected industrial espionage, German media reported Sunday.

A convicted German murderer won the right to have all mention of his crime scrubbed from internet search results under 'right to be forgotten' laws (Business Insider) The man finished a life sentence in 2002 for shooting dead two people in 1981. He told the court he wants to live his new life free from his past.

Facebook issues corrective label on user's post under new Singapore fake news law (Reuters) Facebook said on Saturday it had issued a correction notice on a user's pos...

Huawei plans legal challenge to latest US pressure: report (Space Daily) Chinese telecoms giant Huawei is preparing a legal counterpunch against new moves by American regulators to bar the company from accessing $8.5 billion in US federal funds for services and equipment, a report said Friday.

Jeffrey Epstein, Blackmail and a Lucrative ‘Hot List’ (New York Times) A shadowy hacker claimed to have the financier’s sex tapes. Two top lawyers wondered: What would the men in those videos pay to keep them secret?

Facebook Breach Victims Can Sue For 'Reasonable' Security (BankInfo Security) Victims of a massive 2018 Facebook data breach can continue a class-action lawsuit to try and force the social network to maintain "reasonable"

In new world of data breaches and dark web deals, identity theft goes mainstream: JPSO (National Cyber Security) Identity theft used to be a more complicated, hands-on racket that included mail theft, dumpster diving, scam telephone calls and emailed offers.

Researcher Arrested for Allegedly Teaching North Korea About Cryptocurrency (Vice) Virgil Griffith has been arrested for allegedly giving a presentation on cryptocurrency in North Korea, where discussion touched on evading sanctions. Griffith maintains his presentation contained basic concepts that could be found online.

An NSA contractor allegedly scammed the Pentagon out of $100,000 (Quartz) The nation's signals intelligence agency is a prime target for fraud.

Hawaii man indicted on charges of cyberstalking family in Utah (Maryland Daily Record) U.S. prosecutors arrested Loren Okamura, whom they accuse of sending hundreds of unwanted service providers to the home, including plumbers and prostitutes.

ANSSI won't rule out retaliation. Facebook flags what Singapore thinks is fake news. MixCloud breached. Shopping safely online.

Bring your own context.