Cyber Attacks, Threats, and Vulnerabilities
CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections.
Critical Vulnerabilities in Microsoft Windows Operating Systems (CISA) New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats.
Where did the NSA find a cybersecurity vulnerability? (Government Technology) Answer: In Windows 10.
Microsoft, NSA say security bug affects millions of Windows 10 computers (TechCrunch) Microsoft has released a security patch for a dangerous vulnerability affecting hundreds of millions of computers running Windows 10. The vulnerability is found in a decades-old Windows cryptographic component, known as CryptoAPI. The component has a range of functions, one of which allows develope…
Windows 7 ‘Crazy High’ Security Risk As Crypto Exploit Found In Audio Files (Forbes) If you are still thinking about clinging on to Windows 7, the risks are "crazy high" as this WAV-based attack demonstrates.
Burisma targeted by Russia-linked phishing attack, raising election-meddling fears (The Verge) The Russians used phishing attacks to get login credentials.
Nemty Ransomware to Start Leaking Non-Paying Victim's Data (BleepingComputer) The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom.
49 million user records from US data broker LimeLeads put up for sale online (ZDNet) Data from an exposed LimeLeads Elasticsearch server ends up on a hacking forum.
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices (BleepingComputer) The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.
Experts warn Grindr, other dating apps may pose national security risk (NBC News) NBC News analyzed four popular dating apps, including Tinder and Hinge, finding each collect a range of personal information.
Dating apps Tinder, Grindr and OkCupid accused of leaking sensitive data to advertisers (The Telegraph) Dating apps have been accused of sending sensitive personal information to advertisers in a potential breach of European data laws.
Android Trojan Kills Google Play Protect, Spews Fake App Reviews (BleepingComputer) An Android malware strain camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more.
Buguroo Sounds Alarm About Malicious Apps in Google Play Store (Mobile ID World) Buguroo is warning about malicious applications that are currently available through Google Play. All take advantage of the Android Binder vulnerability
Hackers Demand Ransom From Patients After Breaching Florida Clinic (HealthITSecurity) Hackers breached the server of The Center for Facial Restoration and stole complete medical records of some current and former patients, then demanded a ransom payment from the provider and patients.
P&N Bank discloses data breach, customer account information, balances exposed (ZDNet) The Australian bank says a cyberattack took place during a server upgrade.
Unsecured database exposes passport scans of thousands of British consulting professionals (Computing) Passport scans and other personal data was stored on an Amazon Web Services S3 bucket by a company called CHS Consulting
Panama-Buena Vista Union School District hit with ransomware attack (The Bakersfield Californian) The Panama-Buena Vista Union School District has been hit with a ransomware attack that has affected phone lines, emails and checking student grades, according to a district email.
Calhoun County School District: Malware attack limited; personal data not affected, official says (The Times and Democrat) The Calhoun County School District says it is continuing its efforts to maintain secure computer systems following a malware attack.
Albany Airport Pays Ransom After Its MSP Was Hit By Ransomware (CRN) The Albany (N.Y.) International Airport paid a five-figure ransom to restore data access after getting hit with Sodinokibi Ransomware over Christmas through its managed service provider.
Albany Airport Pays Off Sodinokibi Ransomware Gang: Report (BankInfo Security) Officials at the Albany International Airport paid a ransom to cybercriminals after the facility’s systems were hit with Sodiniokibi ransomware strain, according
What is Sodinokibi? The ransomware behind the Travelex attack (The Daily Swig) We take a closer look at the ransomware-as-a-service model
Cyber attack sees Picanol shares suspended (The Brussels Times) Picanol's shares were suspended on Tuesday morning on the Brussels Stock Exchange in expectation of the publication of a press release, the financial markets regulator (FSMA) announced. Picanol,
Opinion: LifeLabs finally got around to telling me my data was (possibly) hacked (Burnaby Now) I’m a Lifelabs customer who gets blood work regularly tested. This morning (Saturday), I received an email that started out this way: “You may have heard that LifeLabs recently experienced a . . .
Two-thirds of UK healthcare organisations breached last year (ComputerWeekly) The majority of healthcare organisations in the UK experienced a cyber security incident during 2019, with almost half the result of viruses and malware introduced on third party devices
Popular Apps Share Intimate Details About You With Dozens of Companies (Consumer Reports) Consumer Reports shares details of a new study that finds that popular apps share intimate details, such as your sexual preferences and religious beliefs, with a wide variety of companies.
Report: Adult Site Leaks Extremely Sensitive Data of Cam Models (vpnMentor) The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered a leaking S3 Bucket with 19.95GB of visible data on a Virginia-based
Siemens SINAMICS PERFECT HARMONY GH180 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: SINAMICS PERFECT HARMONY GH180
Vulnerability: Protection Mechanism Failure
2.
GE PACSystems RX3i (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: GE/Emerson
Equipment: PACSystems RX3i
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause the system to change to halt-mode, resulting in a denial-of-service condition.
Siemens SINEMA Server (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.9
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SINEMA Server
Vulnerability: Incorrect Privilege Assignment
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices.
Siemens SCALANCE X Switches (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE X Switches
Vulnerability: Missing Authentication for Critical Function
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated attacker to violate access-control rules.
Siemens TIA Portal (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: TIA Portal
Vulnerability: Path Traversal
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code with SYSTEM privileges.
OSIsoft PI Vision (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: OSIsoft LLC
Equipment: PI Vision
Vulnerabilities: Improper Access Control, Cross-site Request Forgery (CSRF), Cross-site Scripting, Inclusion of Sensitive Information in Log Files
2.
Despite Election Security Fears, Iowa Caucuses Will Use New Smartphone App (NPR) The Iowa Democratic Party confirmed to Iowa Public Radio and NPR that it plans to use an Internet-based app to transmit results, but it declined to provide any more specifics or security details.
Security Patches, Mitigations, and Software Updates
Emergency Directive 20-02: Mitigate Windows Vulnerabilities from January 2020 Patch Tuesday (cyber.dhs.gov) On January 14, 2020, Microsoft released a software patch to mitigate significant vulnerabilities in supported Windows operating systems. Among the vulnerabilities patched were weaknesses in how Windows validates Elliptic Curve Cryptography (ECC) certificates1 and how Windows handles connection requests in the Remote Desktop Protocol (RDP) server and client.2
Chrome's privacy protections start arriving later this year (CNET) Google's online ad business benefits from harvesting your personal data, but its browser team is pushing to make the web private by default.
Intel Fixes High-Severity Flaw in Performance Analysis Tool (Threatpost) The flaw, in Intel VTune Profiler, could enable privilege escalation.
Microsoft Releases Patch to Severe Windows Flaw Detected by NSA (Wall Street Journal) The software maker moved to fix a vulnerability in its Windows 10 operating system after the National Security Agency identified the flaw, which could let hackers breach computer networks.
Today's Patch Tuesday brings fireworks and — a magic bullet? (Computerworld) The world is expecting a Thor’s thunder clap of a Windows patch later today. Given Microsoft’s track record with flashy hyper-hyped patches, a bit of skepticism is in order. Here’s a bit of history, and an invitation to a ringside seat.
Update: Don't Panic - prioritise. Critical flaw affects all versions of Windows (SC Magazine) How to priorise patching following Microsoft's Patch Tuesday announcement of Windows critical spoofing vulnerability in the CryptoAPI DLL (Crypt32.dll) - CVE-2020-0601.
Windows 7 gets the Viking funeral it deserves (really) (Windows Central) Windows 7 support officially ended today. That means no more security updates are in store for the aging OS (unless companies pay for them). So, what better way to give Windows 7 the sendoff it deserves than a proper Viking funeral?
Cyber Trends
Cyber Leads Global Business Risks for First Time: Allianz Risk Barometer 2020 (BusinessWire) Allianz 9th annual survey of top business risks attracts record participation of 2,700+ experts from over 100 countries
Q4 2019 KnowBe4 Finds Security-Related and Giveaway Phishing Email Sub (PRWeb) KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed the results of its Q4 2019 top-clicked
Cyber Everywhere: What challenges leaders see in cybersecurity and cyber risk management (CyberScoop) We discuss the findings of a 2019 C-suite survey that explores how leaders are incorporating cybersecurity more holistically into their enterprises.
Herjavec Group releases 2020 Cyber Conversations for the C-Suite Report (Yahoo) Herjavec Group, a leader in global cybersecurity operations, specializing in Managed Security Services for enterprise level organizations, has launched its annual Cyber Conversations for the C-Suite Report. This year's 2020 edition is dedicated to how cybersecurity executives and business executives
Censornet: securing the future of the manufacturing industry (Manufacturing Global) Manufacturing Global hears from Censornet CEO Ed Macnair who reasons that while digital might hold the key to the future for manufacturing in the UK, the cybersecurity risks it brings must be addressed.
Cyberattackers lurking longer inside computers, report finds (Roll Call) Hackers remained undetected for an average of 95 days before discovery last year, compared with an average of 85 days in 2018, according to a report.
Doctored images have become a fact of life for political campaigns. When they’re disproved, believers ‘just don’t care.’ (Washington Post) There’s an explosion of online disinformation from politicians. They do it for a simple reason: It works, and there’s no price to pay.
New Wars Will Be Fought In Cyberspace (Kashmir Observer) There have been several scenarios including upgrades in surveillance, sharing of international databases and eye in the sky activity coupled with tailing suspects on the information highway
CYBERSECURITY: Why Nigeria faces unprecedented cyber-attacks in 2020 (Vanguard News) Emerging technologies, such as the Internet of Things IoT, Cloud Technology, and Smart Phones are having a great impact on our daily lives.
Marketplace
How Britain’s technology industry shrugged off Brexit fears – and kept on growing (The Telegraph) Just days after the result of the EU referendum was announced, a German political party hired a van for an unusual publicity stunt.
Israeli cybersecurity startups raised $6.32b in 2013-2019 (Israel21c) New report released ahead of Cybertech Global Tel Aviv 2020, where 18,000 worldwide delegates will discuss the industry’s strengths and challenges.
Very Good Security Announces Strategic Investment From Visa (BusinessWire) Very Good Security (VGS), a leader in modern data security and custodianship, announced today that it has received a strategic investment from Visa In
Anti-bot startup Kasada raises $7M in Series A from CIA’s venture fund In-Q-Tel (TechCrunch) Kasada, an anti-bot startup we profiled earlier this year, has raised $7 million in its Series A with In-Q-Tel, the non-profit venture arm of the intelligence community, as the startup’s latest investor. The Sydney and Chicago-based company helps to fight online bots using its proprietary ant…
Trusona raises $20 million to bring passwordless authentication to more businesses (VentureBeat) Trusona, an authentication platform that helps businesses verify logins without passwords, has raised $20 million in a round led by Georgian Partners.
Cellebrite expands to computers with $33M acquisition of BlackBag Technologies forensics firm - 9to5Mac (9to5Mac) The Israeli forensics firm Cellebrite has announced a $33 million acquisition that it says will help it expand its forensics capabilities beyond smartphones. The company has acquired BlackBag Technologies, which is a separate forensics firm with a focus on computer forensics. In a press release announcing the acquisition, Cellebrite co-CEO Yossi Carmil said that the …
An Israel-U.S. Merger Creates An Apple Hacking Powerhouse For The Feds (Forbes) Cellebrite buys Blackbag, combining the latter's Apple Mac hacking expertise with the former's vast smartphone forensics capabilities. It comes at a time when U.S. law enforcement claims it's struggling to get into iPhones of critical investigations.
Seattle’s ExtraHop expects $100M ARR in 2020, IPO the following year (TechCrunch) Hello and welcome back to our regular morning look at private companies, public markets and the gray space in between. Today we’re continuing our series on companies that have reached the $100 million annual recurring revenue (ARR) threshold, or are about to. ExtraHop is the company of the da…
Wind River Extends Embedded Security and Linux Leadership With Acquisition of Star Lab (Valdosta Daily Times) Wind River ®, a leader in delivering software for the intelligent edge, today announced its acquisition of Star Lab, a leader in cybersecurity for embedded systems.
Kubernetes gets a bug bounty program (TechCrunch) The Cloud Native Computing Foundation (CNCF) today announced its first bug bounty program for Kubernetes, the ubiquitous container orchestration system originally built by Google. To run this program, the CNCF is partnering with Google and HackerOne and bounties will range from $100 to $10,000. Kub…
Q4 Success Caps Thycotic's Tremendous 2019 (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25 of the Fortune 100, today...
Principal® Joins Cyber Readiness Institute Board of Advisors (Yahoo) The Cyber Readiness Institute (CRI) is pleased to welcome Principal Financial Group® to its Board of Advisors.
AttackIQ Continues to Grow Executive Team Promoting Stacey Meyer to VP of Federal Operations (BusinessWire) AttackIQⓇ, the leading independent vendor of breach and attack simulation solutions, today announced the promotion of Stacey Meyer to vice president o
Imperva Appoints Chief Customer Officer and Chief Revenue Officer (AiThority) Imperva, Inc., the cybersecurity leader championing the fight to secure data and applications wherever they reside, announced the appointment
Forcepoint continues Symantec raid with new regional hire (ARN) Forcepoint has continued to appoint executives impacted by the recent retrenchment at Symantec, hiring Bjorn Engelhardt as regional leader.
Exclusive Networks Hires Christina Banker as New VP of North American Sales (EIN News) Exclusive Networks is proud to announce Christina Banker’s appointment as the company’s new Vice President of North American Sales.
Products, Services, and Solutions
Nexsan Adds RoCE and Private Blockchain Technology to Award Winning Assureon® Solution (Nexsan) Nexsan Assureon 8.3 includes Private Blockchain to protect and secure digital assets and RDMA over Converged Ethernet (RoCE) to enable over a 2x performance improvement for data retrieval
Cybersecurity Innovator CUJO AI Deploys Cloud-Native Networking Software from Aviatrix (Aviatrix Blog) Delivers Secure User Access and Global Transit Network Across AWS, Azure and GCP
ReliaQuest Opens GreyMatter UI and Introduces Advanced Capabilities to Award-Winning Cybersecurity Solution (PR Newswire) ReliaQuest, a leader in enterprise security, today announced it has opened the user interface and added three expanded capabilities to...
Thycotic Enhances PAM Ecosystem with Third Party Integrations (PR Newswire) Thycotic, provider of privileged access management (PAM) solutions to more than 10,000 organizations, including 25 of the Fortune 100, today...
CRITICALSTART Announces New Partnership with Fast-Growing Endpoint Protection Security Leader SentinelOne (PR Newswire) CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, today announced a new partnership with SentinelOne, the...
Kudelski Security Expands Specialized Partner Ecosystem (PR Newswire) Kudelski Security, the cybersecurity division of the Kudelski Group (SIX: KUD.S), today announced a major expansion to its partner ecosystem to...
STEALTHbits Offers New Capabilities to Strengthen Enterprise Passwords and Harden Active Directory Security in StealthINTERCEPT 7.0 (BusinessWire) STEALTHbits Technologies has announced the release of StealthINTERCEPT 7.0 real-time Active Directory (AD) policy enforcement solution.
Tripwire expands industrial cybersecurity capabilities (Tripwire) Tripwire introduces new line of hardware appliances and joins ISA Global Security Alliance to advance industrial cybersecurity
Mainstream Technologies receives elite cybersecurity rating (Talk Business & Politics) Little Rock-based Mainstream Technologies, Inc. announced Tuesday (Jan. 14) it has received the MSPAlliance Cyber Verify Risk Assurance Rating for Managed Services and Cloud Providers. Cyber Verify is designed to...
Intezer Launches Cloud Security Product, Intezer Protect, Leveraging Genetic Malware Analysis Technology (Yahoo) New York-based cybersecurity company, Intezer, today unveiled its new runtime cloud security product, Intezer Protect, powered by the company's Genetic Malware Analysis technology.
Enroll in the new Advanced Protection Program in an instant (Google) If you have an Android phone or iPhone, you can enroll in the Advanced Protection Program with just a few clicks.
AtScale Brings Unprecedented Big Data Analytics Scale and Performance across Heterogeneous Data Platforms with 2020.1 Release (Globe Newswire) Delivers Intelligent Data Virtualization and Expands Autonomous Data Engineering Capabilities for Today’s Cloud Analytics Workloads
Introducing Cloudflare for Campaigns (The Cloudflare Blog) Cloudflare for Campaigns is designed to make it easier for all political campaigns and parties to get access to cybersecurity services.
AttackIQ Selected by NTT Ltd as a Strategic Technology Partner to Provide a Holistic Predictive Threat Intelligence Solution (BusinessWire) AttackIQⓇ, the leading independent vendor of continuous security validation solutions, today announced the company was chosen by NTT Ltd. to collabora
MorganFranklin Consulting Adds Cybersecurity Practice As Firm Continues Rapid Growth (Yahoo) MorganFranklin Consulting, a leading management and technology advisory firm that specializes in solving complex transformational challenges for its clients, today officially announced the addition of comprehensive and robust end-to-end cybersecurity services through the rebrand of Vaco’s cybersecurity
Technologies, Techniques, and Standards
Estonia and the US to build joint cyber threat intelligence platform (ERR) A joint platform for sharing cyber threat intelligence will be built by Estonia and the United States to enhance the cyber defence capabilities of both countries and exchange information.
Threats Making WAVs - Incident Response to a Cryptomining Attack (Guardicore - Data Center and Cloud Security) Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.
Security can become a 'horrific tollgate' to business efficiency, CIO says (CIO Dive) When overhauling the furniture retailer's connectivity solutions, Rent-A-Center's Mike Santimaw had to shift the security-focused model of the business.
How investment dealers can get advisors to play a role in cybersecurity readiness (The Globe and Mail) Now that IIROC has made it mandatory for dealers to report cybersecurity incidents, they need to step up awareness among their advisors
Design and Innovation
Truly Secure Voting Is on the Way (Scientific American) Unfortunately, it won’t be here by 2020
Microsoft's new tool detects & reports pedophiles from online chats (HackRead) The perks of the internet are quite obvious and known to all but as they say “with every blessing comes a curse,” similarly, the digital boom has brought along various concerns, online child exploitation being one.
How the Army uses tech to balance awareness with battlefield distractions (Army Times) The Army is working on research to balance awareness with battlefield distractions through the use of cognitive studies and innovative technologies.
Research and Development
Instant, secure ‘teleportation’ of data in the works (Network World) Quantum teleportation, where information is sent instantaneously, will secure the Internet, researchers say. Scientists are making progress.
Academia
LSU Awarded $3.4 Million NSF Cybersecurity Training Grant (Globe Newswire) Hiring for cybersecurity positions in the United States has become a dire situation. Companies need more workers with an ever-increasing level of skill and there are not enough qualified applicants for most positions.
Legislation, Policy, and Regulation
Russian prime minister resigns amid government shake-up under Putin (Washington Post) Russia’s prime minister submitted his resignation Wednesday as part of a surprise government shake-up directed by President Vladimir Putin.
NSA found a dangerous Microsoft software flaw and alerted the firm — rather than weaponizing it (Washington Post) The National Security Agency recently discovered a major flaw in Microsoft’s Windows operating system — one that could expose computer users to significant breaches, surveillance or disruption — and alerted the firm about the problem rather than turning it into a hacking weapon, officials announced Tuesday.
The Cybersecurity 202: Intelligence official pledges heightened transparency on election threats (Washington Post) The U.S. intelligence community will share all the information it can about hacking threats against the 2020 election following the last presidential race that saw substantial interference from Russia.
After Soleimani, 'maximum pressure' campaign against Iran has entered a critical phase (Washington Examiner) Less than 24 hours after Defense Secretary Mark Esper warned of possible preemptive action against Iran, a historic strike killed Quds Force leader Qassem Soleimani, Iranian proxy militia commander Abu Mahdi al Muhandis, and other Islamic Revolutionary Guard Corps officers. These individuals, and…
Cyber security expert says U.S. response needs “careful calculation” (WHBQ) Cyber security expert says U.S. response needs “careful calculation” if Iran carries out cyber attack
Why we’re introducing a resolution on war with Iran (Washington Post) For more than 40 years, the United States and Iran have had a troubled relationship. Because of the Iranian regime’s insistence on spreading terror throughout the region and its efforts to develop nuclear weapons, multiple administrations have considered a broad range of options — both military and diplomatic — to counter these threats.
Senate Cybersecurity Co-Chairman to Pompeo: How Is State Dept. Protecting Systems from Iran? (Homeland Security Today) Warner cites two separate reports by the Department of State’s Office of the Inspector General (OIG) that detail a number of cybersecurity risks presented by the structure of the Department of State and by hiring freezes affecting the department.
Sen. Warner presses State Department for plan to address Iranian cyber threats (13newsnow.com) Senator Warner is looking for answers on how the U.S. State Department plans to defend its information security systems.
As the UK nears a decision on Huawei, what’s the story so far? (The Telegraph) After more than a year of debate and intense lobbying, the UK is finally nearing a decision on whether to allow China's Huawei to supply parts the its 5G network.
UK rebuffs US presentation on Huawei security risks (the Guardian) A source said the threat outlined by US officials had already been ‘factored into our planning’
Huawei 5G: the UK has been warned not to allow parts of the network's service – here's what to do if you have a Huawei phone (Scotsman) It "would be madness" to use technology provided by Huawei to help build the UK's 5G network, the British government has been warned by the US.
Trump’s Most Critical Huawei Threat Just Confirmed In ‘Surprisingly Outspoken’ Interview (Forbes) There can be no doubt now as to the seriousness of U.S. threats against the U.K. over Huawei—threats with serious implications for global security.
Ben Wallace interview: We can’t rely on US (Times) Britain must prepare to fight wars without America, the defence secretary has warned, amid concerns that President Donald Trump will pursue an ever more isolationist foreign policy.In an interview
Trump administration moves toward blocking more sales to Huawei, sources say (CNBC) The U.S. government is nearing publication of a rule that would vastly expand its powers to block shipments of foreign-made goods to China's Huawei, as it seeks to squeeze the blacklisted telecoms company, two sources said.
FCC Signals It May Be Prepared to Greatly Expand Its Proposed Ban on Huawei and ZTE Equipment (JD Supra) As previously reported, the FCC’s ban of Huawei and ZTE equipment and services from projects subsidized by the FCC’s Universal Service Fund (USF)...
Marco Rubio: US Needs to Create 5G Alternative to Chinese Backed Huawei, ZTE (Florida Daily) U.S. Sen. Marco Rubio, R-Fla., is pushing on Capitol Hill for Western alternatives to Chinese companies like Huawei and ZTE in order to develop 5G communications.
'We want to win the next war': US Army will revamp cyber operations to counter Russia and China (Washington Examiner) As warfare continues to enter the digital realm, the Army plans to transform its cyber operations branch into a full-scale information warfare command, according to a top U.S. general.
3-Star: We Must Combat Russian Attempts to Influence Troops Online (Military.com) Russian misinformation efforts are reaching into the military ranks.
How one official wants to increase DHS cyber efficiency (Fifth Domain) The new Cybersecurity and Infrastructure Security Agency assistant director shared that adversaries switching up tactics are challenging CISA, which is looking to evolve how it collects and shares threat indicators.
Census Bureau kicks off 2020 ad campaign amid fears around privacy and hacking (Washington Post) The Census Bureau on Tuesday unveiled an ad campaign to persuade every household in America to fill out the once-a-decade survey, which begins next week in remote parts of Alaska.
As digital reliance grows, agencies brace for cyber attacks (Carolina Coast Online) Most computer- and internet-literate people have probably heard of scams and cyber attacks on individuals, but computer criminals also go after bigger targets, like local governments.
Litigation, Investigation, and Law Enforcement
Exclusive: U.N. sanctions experts warn - stay away from North Korea cryptocurrency conference (Reuters) United Nations sanctions experts are warning people not to attend a cryptocurren...
Democrats press for details on alleged Burisma hack (POLITICO) It's unclear what the Trump administration actually knew about the alleged hack.
Trump slams Apple for refusing to unlock iPhones of suspected criminals (CNBC) "We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers and other violent criminal elements," Trump tweeted.
Apple Said It Is Helping In The Pensacola Shooting Investigation, But It Won't Unlock The Shooter's iPhones (BuzzFeed News) "We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," the company said in a statement.
Apple Denies FBI Request to Unlock Shooter’s iPhone—Again (Threatpost) Refusal to unlock the phones of a Florida shooter could set up another legal battle between Apple and the Feds over data privacy in the case of criminal investigations.
The FBI Can Unlock Florida Terrorist’s iPhones Without Apple (Yahoo) The FBI is pressing Apple Inc. to help it break into a terrorist’s iPhones, but the government can hack into the devices without the technology giant, according to experts in cybersecurity and digital forensics.
Israeli Court to Hear Amnesty Bid to Revoke NSO Export License (New York Times) Amnesty International will ask an Israeli court on Thursday to order Israel to revoke the export license of NSO Group, whose software is alleged to have been used by governments to spy on journalists and dissidents.
Amnesty suit asking Israel to revoke NSO Group's license heads to court - CyberScoop (CyberScoop) Amnesty International is urging an Israeli court to restrict the business of NSO Group, a spyware vendor accused of helping governments spy on dissidents.
Israel must stop NSO Group from exporting its spyware to human rights abusers (Amnesty) NSO's spyware has been used in malicious attacks against human rights activists around the world.
Equifax to pay $380.5 million in data breach settlement in the US (Computing) Equifax settles class-action lawsuit over 2017 data breach that spilt personal data of 147 million Americans (and more than 15.2 million Brits)
Zscaler To Pay $15 Million To Settle Symantec Patent Lawsuits (CRN) Zscaler has agreed to pay $15 million to settle all patent infringement lawsuits filed by Symantec just three months after Broadcom bought the Symantec Enterprise Security business.
Banner Health Agrees to Pay $6 Million for Data Breach (Orthopedics This Week) Phoenix-based Banner Health has agreed to pay $6 million to victims of its 2016 data breach. Banner Health will pay an additional $2.9 million for legal costs.
Meet the Trump Donor Who Allegedly Stalked America’s Ambassador in Ukraine (The Daily Beast) He was a longshot candidate with a penchant for the obscene. Now he’s at the center of the impeachment drama.
A West Point cadet tried to crowdfund money to bring a porn star to the academy's winter banquet (Task & Purpose) A cadet at West Point attempted to crowdfund money to cover travel fare and hotel fees so that his favorite adult film star could be his date to the service academy's annual winter banquet