— The cybersecurity community during the COVID-19 emergency
UN chief calls for attention to nuclear, cyberspace security amid pandemic (China.org.cn) United Nations Secretary-General Antonio Guterres on Thursday said that attention should be given to increasing risk of nuclear proliferation and the lawlessness of cyberspace, while the international community has been fighting the COVID-19 pandemic.
Controversial Tech Firms Look to Profit From COVID-19 (Top10vpn) This report documents the controversial companies currently advertising surveillance technologies in response to the outbreak of COVID-19.
Five Data Breaches that Put Victims at Greater Risk of COVID-19 Scams (CUInsight) Amid widespread predictions that COVID-19 will generate a wave of financial and identity crime, Breach Clarity today released analysis of recent data breaches that identifies risk for COVID-19 scams. The San Francisco fraud prevention and detection technology firm used its proprietary algorithm to analyze more than 1,000 elements of these five data breaches to produce …
NSA's cyber wing looks to safeguard COVID research and expand outreach (FCW) The spy agency's deputy director said its new cyber directorate is focused on protecting vaccine research from hackers and supporting activities that help get Americans back to work.
Beyond the Crisis: Cybersecurity for the Long Haul (GovInfo Security) The remote workforce brings more flexibility. But it also comes with unique challenges such as VPN congestion, a greater attack surface and a lack of visibility for
Employer data goes AWOL under Covid-19 lockdowns (The Parallax) During the Covid-19 era, data loss is striking organizations more than ever before, according to new reports suggesting that there are big flaws in their defenses.
Dozens of fake websites impersonating UK supermarket chains (teiss) Cyber criminals are setting up fake domains to impersonate popular supermarket brands and lure online shoppers into sharing their information.
More than 80% of State Governments and Health Departments Exposed to Email Fraud Risk (Proofpoint) During the COVID-19 pandemic, states are on the front line as they work to ensure the safety of their constituents and communities.
Despite Reduced IT Budgets Due to COVID-19, IT Decision-Makers Continue Cloud and Analytics Investments (Yellowbrick Data) Yellowbrick Data survey shows almost two-thirds are investing more in analytics infrastructure and 55 percent are looking at a hybrid-cloud (not a cloud-only) strategy.
Cybersecurity among six sectors booming during Covid-19, with Q1 funding exceeding $1.5B | SC Media (SC Media) As the Covid-19 pandemic continues to hobble economies around the world, cybersecurity is one of six sectors currently booming, with first quarter funding
A math error may explain why many PPP loans will fall short of forgiveness. But there are fixes. (Silicon Valley Business Journal) Congress and the SBA have offered different definitions of a "month."
As States Reopen, the Boss Wants to Know What You’re Up To This Weekend (Wall Street Journal) Managers worry that safeguards at work to limit the spread of the coronavirus could be undone if workers take risks off the job. Yet legal authorities say employers have to tread carefully to avoid violating employee privacy.
Remote Work Has Its Perks, Until You Want a Promotion (Wired) Companies like Facebook and Twitter expect many employees to work far from headquarters after the pandemic. That calls for a change in corporate cultures.
Cyberinc Browser Isolation Platform Protects Remote Workers from Phishing, Ransomware and Malware, Helping Organizations Maintain Business Continuity (Cyberinc) Company is Offering Free Use of Isla Isolation Platform to Help Companies Provide Secure Remote Access to Up to 50 Users Until August 31
Artificial intelligence startup dives into COVID-19 contact tracing, targets privacy worries (WRAL TechWire) Believing that artificial intelligence can improve so-called "contact tracing" in the battle against COVID-19 and also protect people's privacy, Raleigh-based startup Diveplane is rolli
IBM debuts supply chain tools for a post-COVID world (TechRepublic) IBM Sterling revealed its latest supply chain enhancements that will help simplify transactions and deepen transparency between trading partners.
Cyber Attacks, Threats, and Vulnerabilities
NSA warns of ongoing Russian hacking campaign against U.S. systems (Reuters) The U.S. National Security Agency on Thursday warned government partners and private companies about a Russian hacking operation that uses a special intrusion technique to target operating systems often used by industrial firms to manage computer infrastructure.
NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers (Wired) In a rare public warning, the US spy agency says the notorious arm of Russian military intelligence is targeting a known vulnerability in Exim.
Russian Military Hackers Behind Ongoing Cyber Attack, NSA Warns U.S. Organizations (Forbes) The National Security Agency (NSA) has today issued an advisory concerning an ongoing Russian military hacking campaign.
U.S. Accuses Russian Military Hackers of Attack on Email Servers (New York Times) The unusually public complaint showed that American spy agencies are becoming more aggressive in calling out Moscow’s interference as the presidential election approaches.
Hackers linked with Russian military intelligence are exploiting Exim mail transfer agent bug to target US organisations, NSA warns (Computing) The particular group is referred to as "Sandworm" in cyber security community
Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actor (National Security Agency Central Security Service) Russian military cyber actors, publicly known as Sandworm Team, have been exploiting a vulnerability in Exim mail transfer agent (MTA) software since at least last August.
Industrial Suppliers in Japan, Europe Targeted in Sophisticated Attacks (SecurityWeek) Threat actors have targeted industrial suppliers in Japan and several European countries in sophisticated attacks that employed various techniques to make malware detection and analysis more difficult
Steganography in targeted attacks on industrial enterprises (Kaspersky ICS CERT) Kaspersky ICS CERT experts have identified a series of targeted attacks on organizations located in different countries. As of early May 2020, there are known cases of attacks on systems in Japan, …
Cyber vulnerabilities of self-driving cars laid bare in study by tech giants (SC Magazine) Government-backed project by telecoms and tech giants develops cybersecurity blueprint for self-driving cars at a critical time with projected growth worth £28 billion expected by 2035.
NTT Warns 600+ Customers May Have Been Hit in Data Breach (Infosecurity Magazine) IT services giant said Singapore data center was incursion point
Michigan State University hit by ransomware gang (ZDNet) The operators of the NetWalker ransomware gang have given MSU officials seven days to pay the ransom or they will leak stolen university files.
Michigan State University network breached in ransomware attack (BleepingComputer) Michigan State University received a deadline to pay ransomware attackers under the threat that files stolen from the institution's network will be leaked to the public.
IT News Online - Austrian City of Weiz Falls Victim to NetWalker's Ransomware Attack (IT News Online) The ransomware group NetWalker has published extracts of data stolen from the network of the Austrian city of Weiz. Among the published extracts are, among other things, building applications and building inspections.
Minneapolis city websites victim of cyber attack (Bring Me The News) Most of the websites and services attacked were back up by 9 a.m. Thursday.
Notice of Data Security Incident (Minted) We recently became aware of a report that mentioned Minted as one of ten companies impacted by a potential cybersecurity incident.
Vulnerabilities Disclosed in Q1 2020 Decreased by 19.8% (Risk Based Security) Today we released our 2020 Q1 Vulnerability QuickView Report, which revealed that the number of vulnerabilities disclosed in Q1 2020 has decreased by 19.8% compared to Q1 2019, making this likely the only true dip observed within the last 10 years. Many factors have been identified as potential cont
Trouble at the top (Mobileiron.com) MobileIron commissioned independent market research agency Vanson Bourne to conduct a study examining C-Suite attitudes towards their organization’s mobile security protocols. Between February and March 2020, 300 IT decision makers and 50 C-level executives at enterprise organizations were interviewed in the US, UK, France, Germany, Belgium, and the Netherlands.
CXOs are the weakest link in mobile device security and most likely to suffer cyber attacks (ZDNet) A new study by MobileIron reveals that C-level executives feel frustrated by mobile security protocols and often request to bypass them.
Let Your Voice Be Heard ((ISC)² Blog) Last week, (ISC)2 launched the annual Cybersecurity Workforce Survey and we need to hear from you. When the study is released later this year, it will be shared with government agencies and security policy makers, as well as referenced in countless media reports. The report is often used by organizations of all sizes around the world as a benchmark for security hiring strategies. Your participation in the survey will help shape the conversation around the cybersecurity workforce during the year to come. Build awareness for the issues that matter most to professionals like you by telling us about what you...
Shadowserver, an Internet Guardian, Finds a Lifeline (Wired) Ten weeks ago, Shadowserver's main source of funding dried up. Now it's back on level footing.
Cisco Nears $1 Billion Takeover of Software Maker ThousandEyes (Bloomberg) Cisco Systems Inc. is in advanced talks to buy software company ThousandEyes Inc. for nearly $1 billion, according to people familiar with the matter.
Vesta Secures $125 Million Investment From Goldfinch Partners (Vesta) Private equity firm acquires fintech player, Vesta
Products, Services, and Solutions
AttackIQ Announces New Architecture and Products to Help Enterprises Fully Automate Continuous Security Validation and Remediation (BusinessWire) AttackIQ announces the launch of new architecture and products to help enterprises automate continuous security validation and remediation.
Illusive Networks Expands Attack Surface Management Solution to the Cloud (PR Newswire) Illusive Networks®, the leader in deception-based cyber defense solutions, today announced the extension of Illusive Attack Surface Manager...
TrapX Security Launches New Service to Track Threat Actors #94719 (New Kerala) United States News: TrapX Security Launches New Service to Track Threat Actors - TrapX Security, the global leader in cyber deception technology, has released an update to its revolutionary threat detection platform, DeceptionGrid 7.0....
Technologies, Techniques, and Standards
Culture Shock: Improving Company Culture Through Technology (Global Banking & Finance Review) As the modern workforce continues to evolve, one of the biggest challenges that small business owners and entrepreneurs often face is building an appealing
The Unaddressed Gap in Cybersecurity: Human Performance (MIT Sloan Management Review) No amount of tech investment can outweigh closing the human performance gap — the best defense against cyberattacks.
Design and Innovation
Facebook will verify identities for suspiciously popular accounts (Engadget) Facebook is now verifying IDs for profiles that have both suspicious behavior and posts that quickly go viral.
The Future Of Work Now: Cyber Threat Attribution At FireEye (Forbes) A FireEye cyber threat analyst uses machine learning to identify threat groups.
DoD Begins Embedding AI Ethics Principles in RFPs (MerTalk) When the Department of Defense awarded a big artificial intelligence tech contract earlier this month, it marked one of the department’s first attempts at building its AI ethical principles into a request for proposals.
Research and Development
Army scientist receives top honors for pioneering big data security (EurekAlert!) Dr. Cliff Wang, an Army scientist earned top honors from IEEE for big data security and privacy research. IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
Legislation, Policy, and Regulation
America rethinks its strategy in the Wild West of cyberspace (The Economist) The challenge of defence in the world’s most lawless battlefield
Beijing Has Lit Hong Kong’s Funeral Pyre (Foreign Policy) Hong Kongers will fight the imposition of mainland security measures fiercely but alone.
China’s Surging Nationalism Has Claimed Hong Kong (Foreign Policy) The new national security measures won’t be the end of Beijing’s belligerence.
China Seen As Rising Military Power In Central Asia, Foreshadowing Future Friction With Russia (Radio Free Europe | Radio Liberty) China is steadily increasing its security footprint in Central Asia and closing the gap with Russia, a trend that could see Moscow’s influence “undermined in the coming decade,” according to a new report.
Kennan Cable No. 52: In Russia’s Shadow: China’s Rising Security Presence in Central Asia (Wilson Center) On April 2, a plane carrying 500 kilos of testing equipment and PPE from China landed in Almaty.
Huawei's ambitions for Canada stalled by rift with China, security expert says (CTVNews) Huawei Technologies Co.'s push to become a leading supplier of 5G technology in Canada appears to be in jeopardy after the Chinese tech giant's CFO suffered a legal setback in a B.C. court, prompting an angry response from Beijing.
The Latest U.S. Blow To China's Huawei Could Knock Out Its Global 5G Plans (NPR) The Trump administration issued tough export rules this month, which analysts say could spell a death knell for the company's worldwide mobile network ambitions.
Hong Kong’s business hub status imperiled by security law (Federal News Network) A security law proposed by China could imperil Hong Kong’s status as one of the world’s best places to do business…
Hong Kong Security Law: Is This the Tipping Point? (AskTraders.com) The Hong Kong National Security Law being pushed by China’s communist government is the latest bone of contention between the US and China. It seems like its just a matter of time before the two countries unleash another full-blown trade war that could disrupt the global economy once more. However, investors have chosen to ignore…
Trump Signs Executive Order Targeting Social Media (Wall Street Journal) The executive order seeks to limit the broad legal protection that federal law provides to social media and other online platforms.
Trump signs order that could punish social media companies for how they police content, drawing criticism and doubts of legality (Washington Post) President Trump on Thursday is set to sign an executive order that could open the door for federal regulators to punish Facebook, Google and Twitter for the way they police content online.
Officials Weigh In On Trump's Draft Of Social Media Order (Media Post) According to a draft of the order, it will call for the FCC to propose rules about when and how social-media companies edit content online without forfeiting their protections under Section 230 of the
Communications Decency Act.
Trump’s Social Media Executive Order Is Purely for Show (Wired) The president has targeted Twitter, Facebook, and other platforms, but has little actual power over how they operate.
Donald Trump signs executive order seeking to strip Twitter and Facebook of 'liability shield' (The Telegraph) US president signed order on Thursday after row over Twitter fact checking
Twitter Flags Trump Tweet About Minneapolis Protests for ‘Glorifying Violence’ (Wall Street Journal) Twitter placed a notice on a tweet from President Trump, shielding it from view for breaking what the company said are its rules about glorifying violence.
Twitter hides Trump tweet for 'glorifying violence' (Reuters) Twitter hid a tweet from President Donald Trump on Friday, accusing him of breaking its rules by "glorifying violence" in a message that said looters at protests in Minneapolis would be shot.
Trump claims social media is run by the 'radical left' - does he have a point? (The Telegraph) President Trump has long argued that social media firms are anti-conservative
Trump’s Move to Crack Down on Social Media Sets Up Legal Battle (Wall Street Journal) The president’s executive order centers on protections Washington established for online platforms in the 1990s. These are some of the legal questions set to emerge as the move faces likely court challenges.
White House Order To Tackle Twitter Bias On Shaky Ground (Law360) President Donald Trump signed an executive order Thursday urging the Federal Communications Commission to regulate big tech platforms, inflaming a long-simmering debate over the agency's authority to police internet content.
Trump versus Twitter: How the President's social media clampdown could change the internet (The Telegraph) Questions over whether Donald Trump's executive order on social media companies can be used to change US law
The Two Things To Understand About Trump's Executive Order On Social Media: (1) It's A Distraction (2) It's Legally Meaningless (Techdirt) We've officially reached pure silly season when it comes to internet regulations. For the past two years now, every so often, reports have come out that the White House was exploring issuing an executive order trying to attack Section 230 and...
‘Rammed it through’: Trump's Twitter order riles staffers and tech reformers (Protocol) The hasty move angered many Section 230 reformers who believe the administration's actions undermine their cause.
Trump signs executive order targeting protections for social media platforms (Axios) The president has escalated his attacks against Big Tech in recent days.
Diving into the Newest Directorate of the National Security Agency (ClearanceJobs) In October 2019, the National Security Agency (NSA) redefined its cybersecurity mission by enhancing partnerships with industry through collaboration and information sharing. A new Directorate was born: the Cybersecurity Directorate.
Litigation, Investigation, and Law Enforcement
U.S. Charges North Korea Officials With Illegally Transferring $2.5 Billion (Wall Street Journal) U.S. authorities unsealed a sweeping indictment charging more than 30 people with helping North Korea illegally transfer $2.5 billion since 2013, amid dim hopes for resumption of long-stalled nuclear talks between the two countries.
Researchers ID Hacktivist Who Defaced Nearly 5,000 Websites (Dark Reading) Opsec mistakes lead a Check Point researcher to an individual in Brazil who was behind a longtime hacking campaign.
How one hacktivist became a full-fledged cybercriminal (TechRepublic) Though hacktivism can sometimes stem from a legitimate cause, one person couldn't resist turning to true cybercrime, according to Check Point Research.
Judge rules Capital One must hand over Mandiant's forensic data breach report (CyberScoop) A court has ruled that Capital One must allow plaintiffs to review a cybersecurity firm’s forensic report related the bank's 2019 data breach.
Pablo Escobar’s brother sues Apple for $2.6b over FaceTime flaw (Naked Security) Roberto Escobar says a FaceTime eavesdropping bug led to his address being leaked, assassination threats, and being forced into hiding.
Macy's Says No Harm, No Suit Over Major Data Breach (Law360) A proposed class of Macy's shoppers cannot show that a 2019 data breach harmed them in any concrete way, the retail giant told a Massachusetts federal judge late Wednesday in a bid to have the case tossed.
Advocacy Orgs Say Clearview AI Broke Biometric Privacy Law (Law360) The American Civil Liberties Union and other advocacy groups hit Clearview AI Inc. with a lawsuit in Illinois state court Thursday claiming the facial recognition technology company has violated the biometric privacy rights of their members, program participants and other Illinois residents on a "staggering scale."
Ex-Cafe Worker Must Fix $3.2M Deal In Biometric Data Case (Law360) An Illinois federal judge on Thursday rejected a former cafe employee's proposed $3.2 million settlement she'd hoped would end her proposed class action alleging Corner Bakery Cafe misused its employees' biometric data, ruling that it wrongly limits class members' ability to object to the deal or appeal.