Cyber Attacks, Threats, and Vulnerabilities
North Korean state hackers reportedly planning COVID-19 phishing campaign targeting 5M across six nations (ZDNet) Singapore, Japan, and the US are amongst six nations targeted in a COVID-19 themed phishing campaign that is reportedly scheduled for June 21, during which 8,000 businesses in Singapore may receive email messages from a spoofed Ministry of Manpower account.
Twitter, Facebook see new tactics in foreign disinformation efforts (TheHill) Officials from Twitter and Facebook said Thursday that while they have not seen any “coordinated” efforts by malicious foreign groups to spread disinformation around the 2020 elections, the groups' tactics are changing and evolving.
Australia hit by massive cyber attack (NewsComAu) Australia is currently being hit with a massive cyber attack by a foreign government, Prime Minister Scott Morrison has revealed.
Australia Is Being Cyberattacked by State Actor, Prime Minister Says (Wall Street Journal) Businesses and government agencies in Australia are being targeted by a sophisticated state actor in a large-scale cyberattack, raising alarm that disruption caused by the coronavirus is increasing the vulnerability of institutions.
Australian cyber attack not ‘sophisticated’ – just a wake-up call for businesses, experts say (the Guardian) The ‘state-based cyber actor’ Morrison announced as having targeted Australia is exploiting well-known vulnerabilities, they say
'Unsophisticated' cyberattack reflective of govt 'under-investment in cybersecurity' (Sky News Australia) UNSW Cybercrime Expert Richard Buckland says the cyberattack on Australia was “not very sophisticated” and the fact “that we’ve been caught out so badly speaks to a widespread underinvestment in cyber security.
Cyber attack on Australia: What is a state-based actor and who could be responsible? (9News) A state-based actor refers to a person or group acting on behalf of a government or government body.
Australia is under sustained cyber attack, warns the government. What's going on, and what should businesses do? (The Conversation) Australia is coming under sustained cyber attack by a 'state-based' actor, says Prime Minister Scott Morrison, as hackers try to exploit vulnerabilities in business and government software systems.
'In for a rude shock': Cyber insecurity warnings (Australian Financial Review) Days before a massive, state-led cyber assault on Australia was revealed, cyber security experts were raising alarm bells about Australia's insecurity.
China opens another front, steps up cyberattacks that target India: Intel (Hindustan Times) A variety of targets were zeroed in on, including government websites and the banking system including ATMs.
'Cyber attacks' are retaliation from China's spy agency for Huawei's 5G ban, insiders say (ABC) "Cyber attacks" on Australian government and industry bodies are most likely being directed by China's premier intelligence agency in retaliation for banning telco Huawei from the 5G network, experts tell the ABC.
Scott Morrison cries 'Cyber wolf!' to deniably blame China (ZDNet) Australia's prime minister didn't name China as the source of recent 'sophisticated' cyber attacks in Friday's press conference. He didn't have to.
Activists fighting for release of Bhima Koregaon 11 targeted by spyware: Amnesty (Livemint) The activists received carefully crafted and personalized emails impersonating colleagues or loved ones.The emails carried malicious PDF files, clicking on which, activated a Windows spyware on their system, allowing hackers to monitor the actions and communications of the targets remotely
Austrian Telecoms Operator Played Six-Month Game of Cat-and-Mouse With Hacker (Wall Street Journal) When A1 Telekom Austria detected a hacker on its network in December, the company’s security team didn’t kick the intruder out immediately. Instead, they the sophisticated intruder’s behavior.
Malicious Chrome Extensions Downloaded Over 33 Million Times (Infosecurity Magazine) Mass global surveillance campaign uncovered
Bundlore adware brings a new nest of risks to Mac users (Naked Security) A new SophosLabs report digs into the latest browser-hijacking “bundleware” targeting Mac users
Researchers: Qbot Banking Trojan Making a Comeback (BankInfo Security) The notorious Qbot banking Trojan is making a comeback with new features and capabilities that enable it to more effectively steal victims' financial data and
New Cisco Webex Meetings flaw lets attackers steal auth tokens (BleepingComputer) A new vulnerability found in the Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information including usernames, authentication tokens, and meeting information.
IBM Maximo fixes a vulnerability discovered by Positive Technologies experts - “Hacker” (SysDVD) Share this A critical vulnerability in the IBM Maximo Asset Management system could make it easier for attackers to infiltrate the internal network of large companies. This CMMS class system is used to manage maintenance and repair of production assets in the largest pharmaceutical, oil and gas, automotive, aerospace, railway companies, airports, nuclear power plants...
Credential Harvesting: Virtually Hijacking Your Employee’s Credentials (INKY) At the very foundation of email phishing is credential harvesting. Hackers want your passwords and sensitive data and to get it they have devised some elaborate phishing schemes. Learn more and see how you can protect yourself and your company.
AcidBox Malware Uncovered Using Repurposed VirtualBox Exploit (Threatpost) A “very rare” malware has been used by an unknown threat actor in cyberattacks against two different Russian organizations in 2017.
Keeping tabs on the Blue Mockingbird Monero miner (Red Canary) Watch Red Canary Intelligence Analyst Tony Lambert walk through how to detect—and what's interesting about—the Blue Mockingbird Monero miner.
Hackers Trigger Far-Reaching Disruption by Targeting Low-Profile Firm (Wall Street Journal) Small and midsize companies are fighting a rising tide of cyberattacks largely out of public view, posing an underappreciated risk for the bigger companies and institutions that use their services.
Amazon 'thwarts largest ever DDoS cyber-attack' (BBC News) The company's cloud-computing division says it fended off a flood of data over a three-day period.
Wells Fargo phishing baits customers with calendar invites (BleepingComputer) Wells Fargo customers are being targeted by a phishing campaign impersonating the Wells Fargo Security Team and luring potential victims to phishing pages with the help of calendar invites.
Cognizant says maze ransomware attackers hijacked tax ID, social security, passport data (CRN Australia) According to two letters filed with California state regulators.
Notice of Data Breach (Cognizant via California OAG) On behalf of Cognizant Technology Solutions, I am writing to inform you about a recent incident that may have involved your Cognizant corporate credit card.
H&R Block SBN to Consumers - Office of the Vermont Attorney General (Office of the Vermont Attorney General) On or about June 5, 2020, H&R Block conducted an internal security review...
Aussie surfer’s hacked Instagram sent sexually explicit images to her 40,000 followers (Graham Cluley) 18-year-old Blaze Angel Roberts is a talented surfer.
DHS Alerts to Ransomware Campaign Targeting Remote Access Systems (HealthITSecurity) Hackers are targeting unpatched remote access systems, such as RDP and VPNs, as well as enterprise systems without MFA, to gain footholds onto victims' networks and later deploy ransomware.
The thought the electric grid is cyber secure is a fallacy – key information is publicly available (Control Global) There are many reasons that prevent the electric grid from being cyber secure. Moreover, some of these issues can directly facilitate cyber attacks on the electric grid...
Treck TCP/IP Stack (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely
Vendor: Treck Inc.
Equipment: TCP/IP
Vulnerabilities: Improper Handling of Length Parameter Inconsistency, Improper Input Validation, Double Free, Out-of-bounds Read, Integer Overflow or Wraparound, Improper Null Termination, Improper Access Control
Rockwell Automation FactoryTalk View SE (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.0
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Rockwell Automation
Equipment: FactoryTalk View SE
Vulnerabilities: Improper Input Validation, Improper Restriction of Operations Within The Bounds of a Memory Buffer, Permissions, Privileges, and Access Controls, Exposure of Sensitive Information to an Unauthorized Actor
2.
Rockwell Automation FactoryTalk Services Platform (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level.
Vendor: Rockwell Automation
Equipment: FactoryTalk Services Platform
Vulnerability: Improper Input Validation
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute remote COM objects with elevated privileges.
ICONICS GENESIS64, GENESIS32 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.4
ATTENTION: Exploitable remotely
Vendor: ICONICS
Equipment: GENESIS64, GENESIS32
Vulnerabilities: Out-of-Bounds Write, Deserialization of Untrusted Data, Code Injection
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution or denial of service.
Mitsubishi Electric MC Works64, MC Works32 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.4
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: MC Works64, MC Works32
Vulnerabilities: Out-of-bounds Write, Deserialization of Untrusted Data, Code Injection
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow remote code execution, a denial-of-service condition, information disclosure, or information tampering.
Johnson Controls exacqVision (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.8
ATTENTION: Exploitable remotely
Vendor: Exacq Technologies, a subsidiary of Johnson Controls
Equipment: exacqVision
Vulnerability: Improper Verification of Cryptographic Signature
2.
BD Alaris PCU (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Becton, Dickinson and Company (BD)
Equipment: Alaris PCU
Vulnerability: Uncontrolled Resource Consumption
2.
BIOTRONIK CardioMessenger II (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.6
ATTENTION: Exploitable with adjacent access/low skill level to exploit
Vendor: BIOTRONIK
Equipment: CardioMessenger II-S T-Line, CardioMessenger II-S GSM
Vulnerabilities: Improper Authentication, Cleartext Transmission of Sensitive Information, Missing Encryption of Sensitive Data, Storing Passwords in a Recoverable Format
2.
Baxter Sigma Spectrum Infusion Pumps (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Baxter
Equipment: Sigma Spectrum Infusion Pumps
Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Operation on a Resource After Expiration or Release
2.
Baxter Phoenix Hemodialysis Delivery System (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Baxter
Equipment: Phoenix Hemodialysis Delivery System
Vulnerability: Cleartext Transmission of Sensitive Information
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker with unauthorized network access to view sensitive data.
Baxter PrismaFlex and PrisMax (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Baxter
Equipment: PrismaFlex and PrisMax
Vulnerabilities: Cleartext Transmission of Sensitive Information, Improper Authentication, Use of Hard-Coded Password
2. RISK EVALUATION
Successful exploitation of these vulnerabilities may allow an attacker with network access to view and alter sensitive data.
Baxter ExactaMix (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Baxter
Equipment: Baxter ExactaMix EM 2400 & EM 1200
Vulnerabilities: Use of Hard-coded Password, Cleartext Transmission of Sensitive Data, Missing Encryption of Sensitive Data, Improper Access Control, Exposure of Resource to Wrong Sphere, Improper Input Validation
2.
Security Patches, Mitigations, and Software Updates
Cisco Pushes Full Stack Visibility Vision (SDXcentral) Cisco today updated its intent-based networking portfolio to simplify automation and provide insights for IT professionals.
Security Bulletin: IBM Maximo Asset Management is vulnerable to server side request forgery (SSRF) (CVE-2020-4529)
(IBM) IBM Maximo Asset Management is vulnerable to server side request forgery (SSRF)
Drupal fixes three vulnerabilities, including one RCE (Help Net Security) Drupal's security team has fixed three vulnerabilities in the popular CMS, one of which (CVE-2020-13663) could be exploited to achieve RCE.
DigDash fixes SSRF flaw (The Daily Swig) Three flaws, including pre-auth attack that could expose user credentials, patched in visualization software
Researchers outline flaws in COVIDSafe app, urge users to upgrade (iTWire) A number of researchers have detailed four major vulnerabilities in the Australian Government's COVIDSafe application for the iPhone and Android systems, and advised users to upgrade at once. The main patches issued were to fix: A bug in the way COVIDSafe reads Bluetooth messages on iPhones. Thi...
DTA fixed COVIDSafe Bluetooth vulnerability 21 days after it was notified (ZDNet) Researchers detail Android vulnerability in COVIDSafe that allowed the Bluetooth connection of any untrusted device that happened to be in range.
Cyber Trends
CyberGRX Study Finds Cyber Risk Rises as Businesses Rush to Embrace Digital Transformation (BusinessWire) CyberGRX today announced the results of their study on preparedness for digital transformation, executed by Ponemon Institute.
A View of COVID-19’s First Wave of Cybersecurity (Infosecurity Magazine) What we have learned from threats and scams of the first few months of COVID-19
How the pandemic affected DDoS attack patterns, global internet traffic (Help Net Security) There has been a shift in internet traffic patterns coinciding with an increase in DDoS and other types of network attacks in recent months.
Businesses believe the pandemic will change the security landscape forever (ITProPortal) Remote workers could pose a serious threat to cybersecurity.
New report finds cybersecurity investment generates substantial ROI as (PRWeb) A comprehensive study conducted by ESI ThoughtLab reveals that increased investment in cybersecurity can generate a significant ROI of 179% and provide greater
Shrinking Cyber-Universe (Modern Diplomacy) In 2019, the book «India’s strategic options in a changing cyberspace» written by Cherian Samuel and Munich Charma was published. (New Delhi, Pentagon Press LLP in association with Institute for Defence Studies and Analyses, 2019). In their work, the authors examine the general concept of cyberspace, while extrapolating it to India’s cyberspace dimension. Cybersecurity problems […]
Marketplace
Uptycs lands $30M Series B to keep building security analytics platform (TechCrunch) Every company today is struggling to deal with security and understanding what is happening on their systems. This is even more pronounced as companies have had to move their employees to work from home. Uptycs, a Boston-area security analytics startup, announced a $30 million Series B today to hel…
Army starts bidding for $1B cyber training opportunity (Washington Technology) The Army releases a long-awaited final solicitation for its almost $1 billion Cyber Trident training platform contract.
McAfee Awarded Defense Innovation Unit Contract to Deliver Secure Cloud Management (Olean Times Herald) McAfee, the device-to-cloud cybersecurity company, today announced it has received an Other Transaction Authority (OTA) award from the Defense Innovation Unit (DIU) to prototype a Secure Cloud Management platform. McAfee will prototype its MVISION Unified Cloud Edge (UCE) cybersecurity solution, which integrates its Next-Generation Secure Web Gateway, cloud access security broker (CASB), and data loss prevention capabilities into one cloud-native platform. McAfee will be tasked with controlling access to cloud applications for an initial selection of government-owned workloads.
CACI Wins $1.5B NGA Cyber Contract (WashingtonExec) CACI International has been awarded a $1.5 billion single-award indefinite delivery, indefinite quantity contract to provide transport and cybersecurity
Facebook Removes Trump Campaign Ads for Violating Policy on Use of Hate Symbol (Wall Street Journal) The company said the president’s re-election ads violated its policy against “organized hate.” Some of the content Facebook took down featured a symbol once used by the Nazis, presented without context.
IronNet Cybersecurity Wins Fortress Cyber Security Award (AiThority) IronNet Cybersecurity announced today the company has been recognized by The Business Intelligence Group as a winner for the 2020 Fortress Cyber Security Awards for the second consecutive year
Morphisec Named 2020 Technology Pioneer by The World Economic Forum (PRWeb) Morphisec, the worldwide leader in Advanced Threat Prevention, has been named a 2020 Technology Pioneer by the World Economic Forum. Dedicated
Perspecta to Open Regional Headquarters at Georgia Cyber Center, Create 178 Jobs - AllOnGeorgia (AllOnGeorgia) The jobs will be located on base and at the Georgia Cyber Center.
DomainTools Strengthens Leadership Team With Four New Senior Executives to Accelerate Growth Strategy (DomainTools) DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced the addition of four new members to the company’s leadership team to guide the company through its next phase of growth and expansion.
Avast Appoints Nick Viney to Lead Telco, IoT and Family Security Business Unit (Infosecurity Magazine) Recognized industry leader joins Avast to oversee expanding cybersecurity segments
Optiv Bolsters Executive Team with Chief Services Officer David Martin (AiThority) Optiv Security, a security solutions integrator, announced that it has named David Martin as the company’s chief services officer.
Acronis Appoints Steven McChesney as Chief Marketing Officer (CISO MAG | Cyber Security Magazine) In his new role, Steven McChesney will be instrumental in helping Acronis build awareness around the importance of cyber protection.
Products, Services, and Solutions
AttackIQ Academy Unveils New Cybersecurity Courses and Guest Lecturer Series (BusinessWire) AttackIQ announces major curriculum expansions to the AttackIQ Academy, including a new guest lecturer series.
Extending PC Security While Easing IT Stress with VMware Carbon Black (Direct2DellEMC) As many of us settle into remote working routines, IT teams are settling into their new normal of servicing and securing a fleet of devices from afar.
This password manager is a remote working essential - and it’s also extremely affordable (TechRadar) Juggling your various online accounts made easy
Townsend Security Announces True Usage-Based Licensing for VMware Clou (PRWeb) Townsend Security today announced new flexible licensing of Alliance Key Manager, their FIPS 140-2 compliant encryption key management server (KMS) to VMware
Bitglass’ integration with Duo Security guards company data through verification options (Help Net Security) Bitglass deepens integration with Duo Security, now part of Cisco, a leading multi-factor authentication (MFA) and Zero Trust solution provider.
Fighting Cyber Attacks With Game Theory (Threatpost) Game theory is used in cybersecurity to observe the nature of a cyber incident— where network defenders, attackers, and users, interact and produce outcomes.
Siemens and IBM announce new solution designed to optimize the SLM of assets (Help Net Security) Siemens and IBM announce the availability of a new solution designed to optimize the Service Lifecycle Management (SLM) of assets.
New tools to secure democracy (Microsoft on the Issues) Starting today, we’re bringing Microsoft’s enterprise-grade identity and access management protections to AccountGuard members in the U.S. at no cost to further help secure them ahead of the 2020 elections. We’re also announcing a new partnership with Yubico to provide phishing-resistant security keys.
Protiviti Delivers Innovative Cybersecurity Offerings on Microsoft Security Solutions (PR Newswire) Global consulting firm Protiviti, a Microsoft® Gold Partner, launches new cybersecurity offerings to support organizations that have invested...
At Mozilla VPN stands for Vague Product News: Foundation reveals security product will launch eventually, with temporary pricing, in unspecified places (Register) But it does have a name. 'Firefox Private Network' is out, ‘Mozilla VPN’ is in.
Rebyc Security Rolls Out Cyber Security Services To Help Companies Proactively Address New and Growing Insecurities In Remote Working (Rebyc Security) Rebyc Security today introduces cyber security penetration testing services to help proactively address new and growing insecurities in remote working arenas.
Technologies, Techniques, and Standards
The NSA is piloting a secure DNS service for the defense industrial base (CyberScoop) In an effort to better protect U.S. defense contractors. against malware-based threats, the NSA is working on a pilot secure Domain Name System service.
NIST Releases Cybersecurity Guidance for Manufacturers of IoT Devices (Lexology) As a part of its Cybersecurity for IoT Program, NIST recently released two publications with the goal of providing cybersecurity guidance and best…
Cloud Security Alliance Offers Guidance on Adhering to Privacy, Security Protocols for Telehealth Data in the Cloud (BusinessWire) The Cloud Security Alliance has released its newest report, Telehealth Data in the Cloud, examining privacy and security of patient data in the cloud
How to detect a botnet infecting IoT devices (IoT Agenda) With the rising number of IoT botnet attacks, security teams must understand how to detect a botnet and what to do if they believe an IoT device has been compromised. Learn which standard cybersecurity practices can prevent botnets co-opting IoT devices and how to identify hijacked devices.
5 Tips for Minimizing Third-Party Risk (Security Magazine) Outsourcing has become a vital part of most business strategies. Not only is it a way to save money, but it’s a simple way to take advantage of expertise you might not currently have in house. But outsourcing can also leave companies vulnerable if the third-party doesn’t have proper cybersecurity procedures.
Gaining the Benefits of Device as a Service, Without Inheriting the Risks (Computer Business Review) The increased robustness of endpoint platforms is making it easier for Device as a Service suppliers to provide appropriate assurances.
Focusing on risk and recovery: a ransomware preparation checklist (Continuity Central) The international business continuity management news, jobs and information portal
HIPAA Compliance for Work-From-Home or Telehealth Programs: Five Frequently Overlooked Considerations (JD Supra) COVID-19 has challenged health care providers to change the way they offer services — from shifting to an increasingly remote workforce to diving into...
How to avoid becoming a victim of a phishing scam (Moneyweb) As fraudsters evolve, we need to become more aware of what information we put out there.
Interview: Skybox Security on toughening up IT defences in a pandemic (TechCentral) Promoted | In this episode of the podcast, TechCentral is joined by Peter Margaris and Simone Santana of Skybox Security for a discussion on why information security must remain a top priority through the Covid-19 pandemic.
Coronavirus tracing app not yet OK’d by privacy watchdog, but outside experts give thumbs up (Global News) The app, announced Thursday by Prime Minister Justin Trudeau, will be beta tested in Ontario starting on July 2 and is expected to launch nationally soon after.
Design and Innovation
I Know All the Cybersecurity Rules. Yet I Still Break Them. (Wall Street Journal) The reasons say a lot about what’s wrong with the rules, and how tech companies could make us safer online.
Academia
UA Little Rock to offer new bachelor’s degree in cybersecurity (Newswise) The University of Arkansas at Little Rock is introducing a new four-year degree program in cybersecurity in the fall 2021 semester to help meet the rising deman
Legislation, Policy, and Regulation
INTERPOL cybercrime director: global response needed to combat cybercrime (The Jerusalem Post) Craig Jones said law enforcement needs to adapt its modus operandi to protect communities from cyber-attacks worldwide
China and India just had their worst clash in forty-five years. What do we know? (Atlantic Council) How can the Indian government save face as well as ensure it does not embroil India in a conflict with China that will hurt an already failing economy?
All the president’s trolls (Rest of World) Ecuador has become, according to one expert, a “test tube” for how to dominate politics using online troll armies.
UK virus-tracing app switches to Apple-Google model (BBC News) Government now intends to launch an app in the autumn but it may still lack contact-tracing tech.
NHS contact tracing fiasco 'puts UK months behind Europe' and 'will cost lives' (The Telegraph) Health officials initially dismissed the help of tech giants in favour of a 'centralised' model, which would let them collect more data
Fortinet products pose security threat over Chinese links: Taiwan lawmaker (Taiwan News) Based in US, Fortinet's management allegedly friendly with Chinese Communist Party
Russia lifts ban on private messaging app Telegram (The Independent) Russia is lifting a ban on the Telegram private messenger app, its government has said. The app has been officially blocked in Russia's since April 2018 when the tech company refused to provide
As China gears up on the cyber offensive, we need herd immunity to boost our national resilience - CityAM (CityAM) With a GDP of $13.5 trillion, dwarfing Britain’s by almost $12 trillion, China is the third most economically powerful country
‘Five Eyes’ look in different directions on Huawei (TechNode) Smaller Five Eyes members are facing unwelcome choices between demands from Washington and Beijing on Huawei, said experts.
New U.S. Huawei rule targets standards, security concerns remain: Ross (Reuters) A new U.S. rule regarding China's Huawei Technologies Co Ltd is a needed "clarification" to help develop standards, U.S. Commerce Secretary Wilbur Ross said on Wednesday, adding that security concerns remain over the telecoms equipment maker.
Former Google CEO Eric Schmidt says there's 'no question' Huawei routed data to Beijing (CNBC) Huawei has often been accused of posing risks to national security, with U.S. officials worried it could enable Chinese espionage.
Chinese Students Are Key to US National Security, Eric Schmidt Says (Defense One) Google CEO-turned-DoD advisor pushes back on notion that turning them away will keep American safer.
Perspective | Nobody reads privacy policies. This senator wants lawmakers to stop pretending we do. (Washington Post) Sen. Sherrod Brown wants to upend years of debate over a potential federal privacy law by shifting the burden away from consumers and onto companies.
DoJ Using Indictments to Establish Cyberspace Norms, Official Says (Meritalk) “One of the things that we are trying to do with our indictments, and that we’ve been trying to do for a number of years, is to establish norms of nation-state behavior in cyberspace,” said John Demers, the Assistant Attorney General for National Security at the Department of Justice.
Polis activates National Guard to help with election cybersecurity (Summit Daily) Colorado Gov. Jared Polis signed an executive order Tuesday activating the Colorado National Guard to assist with cybersecurity defense for the June 30 primary election. The signed order allows for the National Guard’s Defense Cyber...
Litigation, Investigation, and Law Enforcement
Two Canadians Detained in China Indicted on Espionage Charges (Wall Street Journal) Chinese prosecutors formally indicted the two men more than 18 months after they were first detained, advancing a pair of cases widely seen as retribution for Canada’s arrest of a Huawei executive.
France's top court rejects core of law targeting online hate speech (Reuters) France's top court rejected most of a draft law that would have compelled social media giants such as Facebook and Twitter to remove any hateful content within 24 hours, it said on Thursday.
Facebook sues developer over alleged data scraping abuse (CNET) The lawsuit alleges that a data scraper took login credentials from about 5,500 people and then harvested phone numbers of their friends.
Facebook and Twitter Want to Keep the Justice System Skewed (Wired) Their CEOs have pledged support for reform amid the George Floyd protests—while their lawyers are fighting to preserve law enforcement’s advantage in court.
Texts Claim Hack of Encrypted Phone Company Used by Hitmen (Vice) Messages allegedly sent to Encrochat users warned of a law enforcement takeover. Europol said it won’t comment on "ongoing operations."
Judge Koh Questions $30M Atty Fee Bid In Yahoo Breach MDL (Law360) California federal judge Lucy Koh declined Thursday to approve class counsel's $30 million fee bid for securing a $117.5 million deal resolving sprawling Yahoo data breach multidistrict litigation, demanding more billing information from dozens of plaintiffs' firms — including the "markup" on work by first-year law students.
Microsoft Calls For Antitrust App Stores Reviews (PYMNTS.com) Microsoft President Brad Smith has called for more regulation of antitrust rules for app stores, implicating but not naming Apple in that criticism.
Deloitte sued over Illinois data “glitch” (Capitol Fax) A data breach that exposed Social Security numbers and other private information of 32,483 Illinois unemployment applicants resulted in at least one case of identity theft, according to a class-action federal lawsuit.