— The cybersecurity community during the COVID-19 emergency
Goodbye, Government. Hello, Mafia. (Foreign Policy) From insurgent groups to charities, a range of nongovernmental organizations are stepping in to respond to the coronavirus crisis.
Covid-19 will leave organisations exposed to higher cyber risks (ComputerWeekly) The Covid-19 coronavirus pandemic is likely to leave organisations exposed to higher risks of cyber attacks for months or years to come. According to assessments by the World Economic Forum (WEF) hacking and phishing attacks is likely become the new norm for many companies even as the virus infection rate begins to recede.
How the pandemic will change supply chain strategy (Computing) The emphasis will be more on ensuring a diversity of suppliers and less on cost-cutting say experts
More security concerns from cyberspace and foreign actors (RCI | English) Cyber threats to research, acquisition through business investment
It was only a week ago that the Canadian Security Establishment (CSE) and the Canadian Security Intelligence Service (CSIS) issued an unusual joint statement, “that it is near certain that state sponsored actors have shifted their f
Coronavirus ‘Fake News’ Arrests Are Quieting Critics (Foreign Policy) In Southeast Asia, the coronavirus pandemic has provided a handy excuse for a clampdown on free speech.
Facebook Sided With The Science Of The Coronavirus. What Will It Do About Vaccines And Climate Change? (BuzzFeed News) The social media platform is siding with scientists to stop the spread of harmful misinformation about the pandemic. If it can do it now, why wasn't it doing it all along?
China’s Mask Diplomacy Won’t Work in the Czech Republic (Foreign Policy) Beijing is trying to use the pandemic to regain lost influence. It won’t be that easy.
The DHS Prepares for Attacks Fueled by 5G Conspiracy Theories (Wired) The claim that 5G can spread the coronavirus has led to dozens of cell-tower burnings in Europe. Now, the US telecom industry is on alert as well.
Here’s How Facebook And YouTube Allowed Conspiracy Theorists To Turn Bill Gates Into The Villain Of The Coronavirus Pandemic (BuzzFeed News) After months of conspiracy-mongering, people around the world are demanding Gates be arrested for crimes against humanity. Here’s how things got so bad.
Security agencies come to terms with a spurt in cyberattacks as COVID-19 economy booms (India TV) Cooperative banks are one of the financial institutions that have been at the target of cybercriminals, with several such attacks having been detected in April itself. “Criminals have attempted to profit from the COVID-19 pandemic through increased fraudulent activities,' says cybersecurity expert Dr Nishakant Ojha
Pandemic duties for National Guard include cyber help (FCW) The Maryland National Guard is doing its part to help hospitals and local government detect and deflect malicious online activity during the pandemic.
Contact-tracing app may become a permanent fixture in major Chinese city (Register) Hangzhou wants a 'health and immunity firewall'
How did the Covidsafe app go from being vital to almost irrelevant? (the Guardian) The PM told Australians in April the contact tracing app was key to getting back to normal but just one person has been identified using its data
Survey: Nearly Half of Americans Refusing or Unlikely to Opt-In to COVID-19 Contact Tracing Apps (Security Boulevard) Increased application and software usage heighten security concerns amongst consumers The past few months have placed digital transformation into overdrive, with consumers gravitating toward distance-enabling technology and applications more than ever before. While the benefits of these tools are clear in maintaining a sense of normalcy and continuity in our personal and professional lives, maliciousRead More ›
Secret data and the future of public health: why the NHS has turned to Palantir (New Statesman) In May 2003, the venture capitalist Peter Thiel and four co-founders launched the data-mining company Palantir. Named after an all-seeing crystal ball in JRR Tolkien’s The Lord of the Rings, and initially partially funded by the CIA, the company has secured a series of contentious but lucrative public sector contracts in the US, covering predictive policing, migrant surveillance and the development of battlefield software.
Israel limits coronavirus cellphone surveillance to 'special cases' (Reuters) The Israeli cabinet limited on Sunday the involvement of the Shin Bet security service in the cellphone-tracking of people infected by the coronavirus, saying the measure would be a last resort where epidemiological investigation proves insufficient.
Singapore looking at wearable devices to support COVID-19 contact tracing (ZDNet) To address concerns about battery life and the use of Bluetooth in its contact tracing app, the Singapore government is now developing wearable devices, tied to a lanyard, to help drive the adoption rate of such technologies in the country.
Privacy advocates demand clarity over Covid-19 datastore (ComputerWeekly) Government and NHS face questions about the involvement of private technology companies with coronavirus datastore.
()
Fake Thai Chana websites phish for personal data (Bangkok Post) The Centre for Covid-19 Situation Administration (CCSA) has warned that fraudulent websites bearing the name of the government's Thai Chana platform are trying to steal personal information from shoppers.
Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices - Experts Reaction (Information Security Buzz) Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to capture sensitive data from the other device. The bugs allow Bluetooth Impersonation …
Matt Hancock's app becomes haven for trolls during lockdown (The Telegraph) The app lets anyone sign up to post messages for Matt Hancock in a dedicated channel
Online porn and gaming surge in lockdown, study finds (The Telegraph) Adult content has experienced a 292pc rise in traffic with millions of people spending more time at home
Telework capacity quadruples during pandemic, VA says (Federal News Network) A four-fold increase in telework capacity, as well as a new chat bot and data visualization tool, are all helping the Department of Veterans Affairs respond to the coronavirus pandemic.
Maintaining Cyber Security With a Remote Workforce (Bytestart) With unprecedented numbers of people working from home, businesses have to ensure staff are safeguarded when working remotely. We asked Scott Lester, Cyber Lab Manager at 6point6 to explain how…
Could the pandemic force the intelligence community to reconsider workplace flexibilities? (Federal News Network) The pandemic has shown federal and industry leaders in the intelligence community: the nature of classified work may be ripe for change.
A legal perspective on data breaches and home working (ComputerWeekly) Legal experts from Fieldfisher share guidance on how to deal with cyber attacks during the coronavirus crisis, and what the ICO expects in terms of notification
Small firms seize digital lifeline to get back to business (ComputerWeekly) Research shows Covid-19 crisis has kick-started a small business digital revolution to power recovery, with over a quarter of firms responding to running their businesses remotely with videoconferencing.
Using Zoom During Covid-19 Lockdown Exposes Users To New Data and Privacy Cyberattacks (Grit Daily News) In light of the Covid-19 pandemic, the usage of some applications, such as Zoom, that enable virtual meetings has skyrocketed.
()
Remote Workforce Security - the Long Game (BankInfo Security) "Risk acceptance" were the operative words as organizations quickly deployed remote workforces in response to the global crisis. But now, as this
Red Cross appeals to hackers to stop hitting hospitals (Fudzilla) Appealing to hackers' better nature and sense of social responsibility... yeah that will work The Red Cross is asking hackers nicely to stop planting ransomware in hospitals while it is trying to sort out the Corona Virus. In a letter published Tuesday and signed by a group of poli...
The Latest: UN warns cybercrime on rise during pandemic (ABC News) The U_N_ disarmament chief says the COVID-19 pandemic is moving the world toward increased technological innovation and online collaboration, but “cybercrime is also on the rise, with a 600% increase in malicious emails during the current crisis.”
Cybercriminals exploiting virus fears to gain access to corporate IT systems (BizEdge) COVID-19 may have changed the way many people work, but this doesn’t have to mean companies must accept lower levels of security.
Huge rise in hacking attacks on home workers during lockdown (the Guardian) Cybercriminals are exploiting fears and chaos caused by coronavirus, says security firm
With Systems Overwhelmed, Thieves Using Past Security Breaches To Rip Off Unemployment Benefits (CBS Chicago) A recording that asks for patience on the Illinois Department of Employment Security phone line is not well received by Reginald Fitzgerald.
How Missed 'Red Flags' Helped Nigerian Fraud Ring Bilk Washington's Unemployment System Amid Coronavirus Chaos (The Chronicle) Earlier this spring, as Washington began to pay out enhanced unemployment benefits to tens of thousands of laid-off and furloughed workers, a criminal organization halfway around the world spied an
Riding the State Unemployment Fraud ‘Wave’ (KrebsOn Security) When a reliable method of scamming money out of people, companies or governments becomes widely known, underground forums and chat networks tend to light up with activity as more fraudsters pile on to claim their share. And that's exactly what appears to be going on right now as multiple U.S. states struggle to combat a…
Lawsuit filed over Ohio Pandemic Unemployment data breach (WFMJ) A class-action lawsuit has been filed against a global consulting firm that recently reported that some people who have applied for Pandemic Unemployment Assistance may have had their personal data ex
'Scrutinized for years:' PPP loan investigations could last a long time (Washington Business Journal) PPP loan recipients need to keep diligent records, because you never know who will ask for what and when.
Big Brother is eyeing some PPP loans. Here's why it might be time to give the money back. (Silicon Valley Business Journal) Public blowback caused the SBA to issue new guidance.
Class action lawsuit filed against ODJFS consultant after Ohio Pandemic Unemployment Assistance data leak (Cleveland19) A class action lawsuit was filed against Deloitte Consulting on Thursday, after 26 people — who had filed for Pandemic Unemployment Assistance — were accidentally given the ability to view a screen only meant for Ohio unemployment staff members.
()
Varonis Announces New Platform Update Featuring Remote Work Cybersecurity Capabilities (GlobeNewswire) Updates to the Varonis Data Security Platform help enterprises better secure their remote workforces with greater visibility and threat detection related to VPN and data access activity
ThetaRay launches FAST START to tackle financial crime in COVID-19 times (IBS Intelligence) ThetaRay, announced the launch of FAST START, a new offering designed to address the needs of financial institutions during COVID-19.
Cyber Attacks, Threats, and Vulnerabilities
Iran and Israel: Already at War in Cyberspace? (The National Interest) An Iranian cyber-attack on Israeli water infrastructure provoked a response from Jerusalem in May. Is this the start of something far more troubling?
Iran struck first. 'Israel' retaliated massively. Behind the cyber war rattling the Middle East (Haaretz) The retaliation attributed to Israel by Washington Post aimed neither to cause physical damage nor casualties, but to send a warning: We can harm you tenfold
Israel response to cyber attack sends clear warning to Iran (Al-Monitor) The Israeli authorities reportedly took Iran's cyber attack on its water systems very seriously, retaliating quickly and warning Tehran of its capabilities.
Turla hacker group steals antivirus logs to see if its malware was detected (ZDNet) Turla, one of Russia's most advanced hacker groups, has created malware that gets its orders from email attachments sent to an arbitrary Gmail inbox.
From Agent.BTZ to ComRAT v4: A ten‑year journey (WeLiveSecurity) ESET researchers have uncovered a new version of ComRAT, a backdoor that the Turla APT group has been using for years and that now uses the Gmail web interface for Command and Control.
Indian hackers take down Civil Aviation Authority website (Himalayan Times) An Indian hacker, Ghost057-5P3C706, has taken down the website of Civil Aviation Authority of Nepal (CAAN)and placed an Indian flag along with a message on the home page.
Hacker Stealing SQL Databases to Extort Online Shop Owners (TechNadu) There’s a new wave of SQL database encryption, stealing, and extortion that targets e-commerce websites from around the globe.
A massive database of 8 billion Thai internet records leaks (TechCrunch) The unprotected database contained DNS queries on millions of Thail internet users.
Thai Database Leaks 8.3 Billion Internet Records (Rainbowtabl.es) Thai database leaks 8.3 billion Internet records Including DNS queries and NetFlow data.
Hackers Just Dropped a Jailbreak They Say Works for All iPhones (Vice) The new unc0ver jailbreak relies on a vulnerability that the researcher who found it says Apple is unaware of.
Hackers release 'unc0ver' 5.0 jailbreak tool that works on iOS 13.5 (AppleInsider) A jailbreaking tool that claims to work with iPhones running iOS 11.0 to the latest iOS 13.5,was released on Saturday, one that takes advantage of a zero-day exploit that Apple has yet to fix.
New Unc0ver jailbreak released, works on all recent iOS versions (ZDNet) New "Unc0ver" jailbreak unlocks devices, even those running the current iOS 13.5 release.
New jailbreak tool works on Apple’s just-released iOS 13.5 (The Verge) The practice of jailbreaking has dwindled in recent years
New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug (The Hacker News) Hackers release the Unc0ver 5.0.0 tool that can jailbreak any iPhone using an unpatched zero-day vulnerability in iPhone and iPads.
Discord client turned into a password stealer by updated malware (BleepingComputer) A threat actor converted the AnarchyGrabber trojan into a new malware that steals passwords and user tokens, disables 2FA, and spreads malware to a victim's friends.
Malware opens RDP backdoor into Windows systems (Help Net Security) Sarwent malware can open the RDP port on Windows computers to make sure that crooks can find their way back into the system through the backdoor.
Hackers modify attack routine in attempt to deploy Ragnarok ransomware on networks protected by Sophos firewall (Computing) An SQL injection zero-day in the Sophos firewall was exploited to infiltrate corporate networks
Ragnar Locker Ransomware Uses Virtual Machines for Evasion (SecurityWeek) The Ragnar Locker ransomware has been deploying a full virtual machine to ensure that it can evade detection
The ransomware that attacks you from inside a virtual machine (Naked Security) In a recent attack, Ragnar Locker ransomware was seen encrypting victim’s files while shielded from security software inside a virtual machine.
Hackers Can Target Rockwell Industrial Software With Malicious EDS Files (SecurityWeek) Rockwell Automation has patched two vulnerabilities related to EDS files that can allow hackers to spread in a targeted organization’s OT network and compromise systems
Vigilante hackers target 'scammers' with ransomware, DDoS attacks (BleepingComputer) A hacker has been taking justice into their own hands by targeting "scam" companies with ransomware and denial of service attacks.
Fake supreme court subpoena phishing scam steals Office 365 credentials (HackRead) The new phishing scam redirects users multiple times and also uses CAPTCHA before stealing credentials.
Ransomware Gang Posting Financial Details From Bank Attack (BankInfo Security) The Maze ransomware gang has started releasing payment card data from an attack that happened earlier this year at Banco BCR, which is the state-owned Bank of Costa
Hackers Start Leaking Files Stolen From Shipping Giant Toll (SecurityWeek) Hackers claim to have obtained over 200 GB of archived data from Australian shipping giant Toll and they have already started leaking it after the company refused to pay a ransom
Hacker Sells Tens of Thousands of Ledger, Tezor, and Keepkey Users’ Info (Cointelegraph) The customer databases of Trezor, Ledger, and Keepkay have allegedly been listed for sale by the perpetrating hacker
Data of 3.5 million Zoomcar customers up for sale (ETCIO) The data includes names, email ids, passwords, mobile numbers and IP addresses. The hacker is offering to sell data of 9 million Zoomcar users for $30..
Hackers leak data of 29 million Indian job seekers for download (HackRead) The trove of Indian job seekers data is being downloaded by threat actors worldwide.
Identities of historical abuse victims exposed in email data breach (ITV News) The identities of 250 survivors of historical institutional abuse (HIA) have been exposed in a data breach, it has been confirmed. A newsletter was circulated in an email by the HIA Interim Advocate's Office on Friday which revealed the names of recipients in error.
Data breach apology by Northern Ireland abuse victims' advocate 'not enough' (Belfast Telegraph) An apology from Northern Ireland abuse victims' advocate Brendan McAllister for a serious data breach at his office does not go far enough, it has been claimed.
Hacker extorts online shops, sells databases if ransom not paid (BleepingComputer) More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the damage is likely much larger.
Thousands of enterprise systems infected by new Blue Mockingbird malware gang (ZDNet) Hackers are exploiting a dangerous and hard to patch vulnerability to go after enterprise servers.
()
Hackers leak credit card info from Costa Rica's state bank (BleepingComputer) Maze ransomware operators have published credit card data stolen from the Bank of Costa Rica (BCR). They threaten to leak similar files on a weekly basis.
Winnti Group hits video gaming firms in Asia with PipeMon malware (Computing) PipeMon is a modular backdoor that mimics print processing software
()
The Link Between IoT Botnets and the ' 'ISP's Unpreparedness (Security Boulevard) For the past few years, IoT botnets have set new standards in DDoS attacks. From the notorious Mirai incident in September 2016 that broke the US Internet to ' 'GitHub's record-breaking 1.3 Tbps attack in 2018, cyber-criminals have been constantly trying to outdo themselves.
()
Fresenius says cyber-attack led to release of patient data (Securing Industry) Fresenius has confirmed that a ransomware attack earlier this year resulted in the publication of confidential patient data.
Houseparty hires firm that linked Saudi Crown Prince to Jeff Bezos hack over cyber attack rumours (The Telegraph) Houseparty has hired a consultancy firm, which sensationally linked the Crown Prince Mohammed bin Salman to the hacking of Jeff Bezos’ phone, to investigate claims it fell victim to a cyber attack in March.
Vulnerability Summary for the Week of May 18, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Google Messages preparing end-to-end encryption for RCS (9to5Google) A "dogfood" build of Google Messages has revealed that the app is preparing to launch end-to-end encryption for RCS messaging.
Microsoft Confirms New Windows 10 Update Warning (Forbes) Microsoft has issued a Windows 10 update warning as an update already released to millions of users, continues to go from bad to worse...
Cyber Trends
Trading in the Dark (TrendMicro) An Investigation into the Current Condition of Underground Markets and Cybercriminal Forums
The FBI's 2019 Internet Crime Report: 10 Facts You'll Want To Know (INKY) The cost of cybercrime in the U.S. continues to escalate. See what types of fraud hit hardest with these facts from the FBI’s 2019 Internet Crime Report and make sure you don’t become a 2020 statistic.
Industry Reactions to Verizon 2020 DBIR: Feedback Friday (SecurityWeek) Industry professionals comment on the findings in Verizon’s 2020 Data Breach Investigation Report (DBIR).
Compliance Layoffs, Budget Cuts Raise Prospect of Looser Internal Oversight (Wall Street Journal) Compliance departments finding themselves in the crosshairs of corporate cost-cutters are raising concerns about the potential for mistakes or misbehavior to go undetected.
Marketplace
Quick Heal invests in Singapore-based Ray for cyber security solutions (Hndu BusinessLine) Quick Heal Technologies, a cybersecurity and data protection solutions provider, today announced a strategic investment of ₹2 crore in Ray Pte. Ltd., a Singapore based start-up specializing in next-g
Investment in U.S. could open opportunities for TSMC: analyst (Focus Taiwan) Taipei, May 24 (CNA) Taiwan Semiconductor Manufacturing Co. (TSMC), the world's biggest contract chipmaker, which recently unveiled plans to build a plant in Arizona, the United States, is expected to secure opportunities for cooperation in developing key technologies with the U.S. and China, an industry analyst said Sunday.
Huawei’s Nightmare Week Is About To Get Much Worse (Forbes) Huawei looks set to face an immediate reality check as the consequences of America's latest attack hit home.
Former Salesforce Execs Launch Data Protection Startup (Dark Reading) Cloud-based API service stores and manages sensitive consumer data with a zero-trust, database-as-a service approach.
StarHub chief quashes talk of merger with M1 (The Straits Times) Mainboard-listed StarHub's chief executive Peter Kaliaropoulos rebuffed speculation of a possible merger between the telco and its 5G bid partner M1 at its virtual annual general meeting (AGM) yesterday.. Read more at straitstimes.com.
Investigation launched into Willis and Aon merger (Captive Insurance Times) Bragar Eagel & Squire (BES), a US stockholder rights law firm, has launched an investigation into whether the board members of Willis Towers Watson breached fiduciary duties or violated the federal securities laws in connection with the company’s proposed merger with Aon.
Nixu Adds English as its Official Language to Serve Capital Market and Stakeholders Better (Cision) Nixu, the European cybersecurity services company listed on the Nasdaq Helsinki stock exchange, has become strongly an international company in recent years.
Joe Rogan helped create a podcast culture on YouTube, and now he’s leaving it (The Verge) Joe Rogan’s departure from YouTube brings big questions about YouTube to the plate.
Palo Alto Networks shines in Q3 amid remote work spurs security demand (ZDNet) For the fourth quarter, Palo Alto Networks projected non-GAAP earnings of $1.37 a share to $1.40 a share on revenue $915 million to $925 million. Analysts were looking for non-GAAP earnings of $1.31 a share on revenue of $916.8 million.
Kaspersky Snags RSA Leader To Drive Threat Intelligence Sales (CRN) Kaspersky has hired RSA sales leader Randall Richard to grow the company’s threat intelligence business and revolutionize its approach to the channel in the enterprise.
Products, Services, and Solutions
Introducing Feedly for Cybersecurity (Feedly) 150,000 cybersecurity professionals use Feedly to keep up with the latest security news and research insights about critical threats (vulnerabilities, malware, data breaches, threat actor groups, etc.)
Free ImmuniWeb Tool Allows Organizations to Check Dark Web Exposure (SecurityWeek) Web security company ImmuniWeb this week announced a free tool that allows businesses and government organizations to check their dark web exposure
Cybereason and Wandera Partner to Empower Customers in Detecting Cross-Platform Attacks (PRWeb) Cybereason, a leader in endpoint protection, and Wandera, a leader in mobile threat defense and zero trust network access, today announced a partnership that will prov
NGRAVE’s Crypto Hardware Wallet Earns World’s Top Security Standard (Medium) With EAL-7 certification, the NGRAVE ZERO is the blockchain industry’s most secure wallet and the top choice for security-conscious crypto…
Bitdefender signs distie deal with Bluechip Infotech (CRN Australia) Replaces previously announced distie arrangement.
Akamai To Help Combat Credit Card Skimming, Sophisticated Magecart-Style Attacks With Page Integrity Manager (Akamai) Akamai today announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience
Sixgill Integrity 2.0 Makes Blockchain Data Integrity Easy and Practical for Enterprise (BusinessWire) Sixgill, LLC, a leader in data automation and authenticity products and services, announced the release of Integrity 2.0, a powerful data authenticity
Appdome Joins Microsoft Intelligent Security Association (Markets Insider) Appdome, a no-code mobile integration and solutions platform, today announced that it has joined the M...
Technologies, Techniques, and Standards
()
Cybersecurity Best Practices for Industrial Control Systems (CISA) Industrial Control Systems (ICS) are important to supporting US critical infrastructure and maintaining national security. ICS owners and operators face threats from a variety of adversaries whose intentions include gathering intelligence and disrupting National Critical Functions.
Secure design principles (NCSC) Guides for the design of cyber secure systems
Did You Know eBay Is Probing Your Computer? Here’s How To Stop It (Forbes) Going, going, gone too far? The world's most famous online auction site probes your computer when you connect. Here's why, and what you can do about it.
()
eBay port scans visitors' computers for remote access programs (BleepingComputer) When visiting the eBay.com site, a script will run that performs a local port scan of your computer to detect remote support and remote management applications.
Why is This Website Port Scanning me (Null Sweep) Investigation of the practice of port scanning site visitors for fingerprinting and tracking.
How effective security training goes deeper than ‘awareness’ (ComputerWeekly) Cyber criminals are constantly developing their techniques and strategies, so security training needs to do the same
Juveniles in cyberspace: How to ensure protection amid surge in online abuse cases? (The Express Tribune) Sexual abusers trying to exploit children’s growing exposure to web as they turn to online learning
Webcast: Kerberos & Attacks 101 (Black Hills Information Security) Join the BHIS Discord discussion server: https://discord.gg/aHHh3u5 We’re really excited to have a close member of our BHIS extended family, Tim Medin from Red Siege InfoSec, here for a webcast on Kerberos & Attacks 101. Tim is the creator of Kerberoasting. Want to understand how Kerberos works? Would you like to understand modern Kerberos attacks? …
Tshark Examples - Theory & Implementation (Active Countermeasures) Intro This blog is a merger of two past blogs we did revolving around T-shark. The first blog explains how to extract fields […]
BeaKer - Instant Forensics! (Active Countermeasures) Intro In AI-Hunter 3.8.0 we introduced BeaKer – the supporting tool that makes it possible to investigate the source of network connections without […]
Design and Innovation
Chrome: 70% of all security bugs are memory safety issues (ZDNet) Google software engineers are looking into ways of eliminating memory management-related bugs from Chrome.
Wikimedia is writing new policies to fight Wikipedia harassment (The Verge) A new plan will be unveiled this year.
Breaking Cryptography: Securing Machine Identities in a Post-Quantum World (Infosecurity Magazine) The next quantum generation of machine identities could be unhackable
Influencers Say Instagram Is Biased Against Plus-Size Bodies, And They May Be Right (BuzzFeed News) Plus-size influencers have long complained about their posts being flagged on social media, and there are a few reasons why it might be happening.
How to Create Actionable IoT & ICS Security Dashboards for Management & Auditors (CyberX) Use these three simple considerations to build effective security dashboards that bridge the gap between data and actions.
Academia
Radiance Expands Academic Partnership with Auburn University for Additional Master's Degree (PR Newswire) Radiance Technologies is paving the way to upskilling their workforce. In 2019, Radiance University established a partnership with Auburn...
Cleveland State Gearing Up For Technology Surge (Chattanoogan) Living a life dependent on technology has made it more and more obvious that the systems which support it need protecting. As a result, the need to secure these systems has also grown. After consulting local employers on Cleveland State Community College’s Business Advisory Committee, the college decided to do something about it.
Female students up to national cybersecurity challenge (WCIA) Girls across Illinois, despite the transition to remote learning during the global COVID-19 pandemic, have persevered in their cybersecurity learning through the Girls Go Cy…
Roane State to host first Virtual Cybersecurity Summer Camp for kids (Crossville Chronicle) Roane State Community College, in partnership with the Y-12 National Security Complex, has developed a new Cybersecurity Summer Camp for middle and high school-aged students. Originally planned to be held
Legislation, Policy, and Regulation
Beijing to impose Hong Kong security laws 'without delay' (the Guardian) China says it will rush through anti-sedition law as police fire teargas at protesters
China's declaring security law in Hong Kong draws global concern (Kyodo News+) China's parliament says it is enacting a law banning subversion and terrorism acts in Hong Kong to protect the national interest, but the decision has ruffled feathers among foreign governments, particularly the United States that is mulling sanctions in response.
A Huge Blow to Hongkongers' Freedoms (Reason.com) New legislation proposed in Beijing signals the likely end of the "one country, two systems" policy that has allowed Hong Kong to flourish.
VPN installs in Hong Kong surged 150 times in the last 7 days (Atlas VPN) According to Atlas VPN user data, VPN (Virtual Private Network) installs in Hong Kong increased by 150 times in the last 7 days. The rise in the number of installs started on May 21, 2020. In just a single day, the number of installs surged by 520%.
UK government reverses course on Huawei’s involvement in 5G networks (TechCrunch) Conservative members of the United Kingdom’s government have pushed Prime Minister Boris Johnson to draw up plans to remove telecom equipment made by the Chinese manufacturer Huawei from the nation’s 5G networks by 2023, according to multiple reports. The decision by Johnson, who wanted…
Britain planning to reduce Huawei's involvement in 5G (Computing) Government gives in to pressure from MPs and the US
()
China BLOW: UK launches new inquiry into Huawei's risk to security (Express.co.uk) SECURITY officials have launched a review into the risks posed by Huawei to the British telecoms network.
Fresh UK review into Huawei role in 5G networks (BBC News) The National Cyber Security Centre involvement follows new US sanctions on Chinese telecoms giant.
UK looks at impact of U.S. sanctions on Huawei cooperation (Reuters) The United Kingdom is looking carefully at any impact the United States' new sanctions on Huawei might have on British networks, a government spokesman said.
Cyber security review may spell end for Huawei 5G deal (the Guardian) Government set for climbdown after US bans on Chinese telecoms group and growing resistance from backbenchers
Huawei Will Leave U.S.,'Won't Come Back' Over New Ban, Says Security Chief (Bloomberg) The U.S. has increased restrictions on the Chinese telecom giant Huawei, banning any chipmaker using American equipment from supplying gear to the company. Andy Purdy, Huawei U.S.A. chief of security, discusses the restrictions with Emily Chang on "Bloomberg Technology."
US sanctions to slow down deployment of 5G technology: Huawei exec (Yahoo) The U.S. Commerce Department’s move to expand sanctions against Chinese telecommunications giant Huawei threatens to delay the rollout of 5G technology globally, Paul Scanlan, the company’s chief technology officer said.
Trump and friends: Where European countries come down on Huawei (POLITICO) Deadline to beef up 5G security rules shows which capitals tally with US administration on Chinese gear.
A star-spangled spanner in the works: how US secrecy controls Australian weapons (The Sydney Morning Herald) This is a matter of Australia's sovereignty. The lesson of history is that the US will not necessarily leap to Australia's defence in its hour of need, yet Australia cannot even know the source codes of its own weapons systems while America keeps them secret.
()
After more Chinese tech firms are blacklisted by the US, companies speak out (Abacus) Along with various AI companies, cybersecurity company Qihoo 360 was also put on the US entity list
Selective decoupling: phasing out domestic deployment of Chinese telecoms technology (International Law Office) Through an array of legislative and administrative measures, the government has made significant strides in recent years to limit, and perhaps end altogether, the proliferation of Chinese-origin telecoms technology in US infrastructure. While some of the legislation is company agnostic, Chinese telecoms giant Huawei, which remains on the Department of Commerce, Bureau of Industry and Security's Entity List, is a primary target.
Trump Considers Forming Panel to Review Complaints of Online Bias (Wall Street Journal) The president is considering establishing a panel to review complaints of anticonservative bias on social media, a move that would likely draw pushback from tech companies.
Opinion | U.S. cybersecurity deficiencies can no longer be ignored (Washington Post) The pandemic threat obscures the vulnerable state of U.S. cyberdefenses — a vulnerability that must be addressed.
Democratic bills crack down on how political campaigns can target ads on Facebook and Google (CNBC) Sophisticated targeting tools are part of what has made digital platforms like Facebook and Google valuable tools for political advertisers.
Analysis | The Cybersecurity 202: GOP launches its biggest attack yet on mail voting in California (Washington Post) Party officials are fighting absentee voting on far narrower grounds than Trump.
Sens. Ask FBI, CISA How to Protect COVID-19 Medical Research Data (HealthITSecurity) Following reports that hackers from the People's Republic of China are targeting COVID-19 medical research, four Senators ask the FBI and DHS CISA how they're protecting the intellectual property.
California Activists Ramp Up Fight Against Facial-Recognition Technology (Wall Street Journal) California privacy advocates are mobilizing to thwart a bill backed by Microsoft that would regulate facial-recognition technology and that is working its way through the state legislature.
New Zealand introduces Bill to block violent extremist content (ZDNet) It would make the livestreaming of objectionable content a criminal offence, censorship calls would be made immediately, and take-down notices would be backed by law.
()
Electronic voting in some Russian regions on extending Putin's term: election chief (Reuters) Remote electronic voting on constitutional changes that could greatly extend Russian President Vladimir Putin's rule will be used in three or four regions but not rolled out nationwide, the Central Election Commission chief said in an interview.
Litigation, Investigation, and Law Enforcement
Europe's data-privacy law turns 2. Has it actually made our information safer? (Marketplace) People expected fines so big they'd put Big Tech out of business. That didn't exactly happen.
()
Russia seeks 18-year jail term for ex-U.S. Marine in spying trial (Reuters) Russian prosecutors asked a court on Monday to sentence former U.S. Marine Paul Whelan, who is on trial accused of spying for the United States, to 18 years in a maximum security prison, his lawyer said.
U.S. tech giants are reportedly providing web services to blacklisted Chinese surveillance firms (CNBC) A new report claims Amazon, Microsoft and Google are among a number of firms providing web services to Chinese surveillance companies that are blacklisted in the U.S.
Tech Giants’ Top EU Privacy Watchdog Attacked Over Slow Pace (Bloomberg) Privacy activist Max Schrems criticizes Irish data authority. Open letter urges EU action amid frustration over long probes.
Egypt’s SIS warns Washington Post over 'misconduct and disinformation' (Ahram Online ) The SIS said the correspondent exhibited 'professional misconduct, disinformation and misinformation in his recent reports on Egypt'
Abuse victims data breach could cost £2.5m in damages (Belfast Telegraph) A serious data breach involving victims of historical institutional abuse could potentially result in compensation claims running into millions of pounds, a legal source has said.
Can I claim compensation if I've been affected by the EasyJet data breach (The Sun) Millions of EasyJet customers had their information stolen by hackers in a mass cyber attack. On Tuesday, May 19, the low-cost airline revealed 9million customers had been affected by the “hi…
Turbulent Times ahead for Easyjet as Airline gets Smacked with an £18 billion Lawsuit for Data Breach - Euro Weekly News Spain Top News News Article (Euro Weekly News Spain) Easyjet is bracing itself against an £18 billion group class action that has been filed against it by customers impacted by the recent large-scale data News Article
German Court Orders VW to Compensate Customers Over Diesel Emissions Scandal (Wall Street Journal) Germany’s highest civil court ruled against Volkswagen in the first case brought by customers seeking damages in connection with the car maker’s emissions-cheating scandal, a landmark ruling that could herald further litigation against Volkswagen and some competitors.
Inside the NSA’s Secret Tool for Mapping Your Social Network (Wired) Edward Snowden revealed the agency’s phone-record tracking program. But thanks to “precomputed contact chaining,” that database was much more powerful than anyone knew.
900 more criminal prosecutions of subpostmasters could be unsafe because of IT failures (ComputerWeekly) Post Office re-examines hundreds of prosecutions that could have resulted from faults in Horizon IT system.