Cyber Attacks, Threats, and Vulnerabilities
Dozens of US news sites hacked in WastedLocker ransomware attacks (BleepingComputer) The Evil Corp gang hacked into dozens of US newspaper websites owned by the same company to infect the employees of over 30 major US private firms using fake software update alerts displayed by the malicious SocGholish JavaScript-based framework.
()
Ransomware gangs are doing their homework before encrypting corporate data (CyberScoop) The lengthy amount of time that criminal hackers are sitting undetected on the networks of U.S. businesses is giving them powerful leverage to extort their victims, according to a Department of Homeland Security cybersecurity official.
Ransomware Gangs Don’t Need PR Help (KrebsOnSecurity) We've seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Such coverage is potentially quite harmful and plays deftly into the hands of organized crime. Often the rationale behind…
Taurus: The New Stealer in Town (Zscaler) Taurus is a new stealer being sold on dark forums by the Predator the Thief cybercrime group.
Password thieves target at-home workers with "brute force" attacks (Axios) Brute force attacks break into systems by trying out vast numbers of possible passwords.
Connection discovered between Chinese hacker group APT15 and defense contractor (ZDNet) Lookout said it linked APT15 malware to Xi'an Tianhe Defense Technology, a Chinese defense contractor.
Snake ransomware poses unique danger to industrial systems (SearchSecurity) The new Snake ransomware family, also known as Ekans, has broadened the threat landscape and poses a unique danger to companies with industrial control systems.
Xerox apparent victim of Maze attack (SC Media) It appears that Xerox is among the victims of Maze ransomware attackers, if screenshots posted by the ransomware’s operators are legitimate. The hackers
Hacker ransoms 23k MongoDB databases and threatens to contact GDPR authorities (ZDNet) The hacker has attempted to ransom nearly 47% of all MongoDB databases left exposed online.
CERT-In is warning about new 'Tycoon virus’ targeting your PC (ETCIO.com) This ransomware found by BlackBerry Threat Intelligence and UK Cyber Response Services is said to be a multi-platform Java-based malware that can be u..
TrickBot malware now checks screen resolution to evade analysis (BleepingComputer) The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine.
Using CyCognito Platform, Researchers Uncover Zero-Day Vulnerability on Cisco Routers (CyCognito) Router and switch market leader has Cross-Site Scripting (XSS) vulnerability that gives attackers access to admin actions and sensitive information as well as the ability to phish for credentials and potentially move laterally.
CyCognito Platform Automatically Detects Four Zero Day Vulnerabilities (CyCognito) The CyCognito platform continuously applies nation-state scale reconnaissance to map organizations' attack surfaces.
()
EvilQuest: Inside A 'New Class' of Mac Malware (Threatpost) Mac expert Thomas Reed discusses how EvilQuest is ushering in a new class of Mac malware.
Beware of Subdomain Takeover (Infosecurity Magazine) Subdomain takeover can give attackers access to content published on your web domain
Report: Fast Growing Fitness Brand Exposes Customers in Massive Data Breach (vpnMentor) Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a data breach exposing customers of online fitness company V Shred. V Shred
New Intelligence Reveals that Alina Point-of-Sale Malware is Still Lurking in DNS (The Grand Junction Daily Sentinel) Point-of-Sale (POS) malware is nothing new, and the Alina malware - which cyber criminals use to scrape credit card numbers from POS systems -
()
Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking (The Hacker News) Critical vulnerabilities found in Apache Guacamole, a popular remote desktop application used by system administrators to manage Windows and Linux machines remotely.
CVE-2017-7391: Vulnerability in Magento Mass Import (MAGMI) Plugin Exploited in the Wild (Tenable®) Just as Magento 1 reaches end of life, attackers are exploiting a vulnerability in a Magento plugin from 2017. Site owners should prepare to migrate their stores immediately.
Facebook shared user data with developers after access should have expired (CNET) The social network says it fixed the problem.
Hackers say voting machines are vulnerable. But that’s not the real problem (Yahoo) Mail-in and paper voting is still by far the most secure option, they said
Texts offering to reunite recipients with lost or forgotten money may be phishing scam, state Treasury says (Mlive) The Michigan Treasury is warning residents to beware of text messages they may receive notifying of unclaimed money.
()
Android security: This fake message about a missed delivery leads to data-stealing malware (ZDNet) FakeSpy malware spreads via SMS phishing, using each infected victim to further distribute itself - and researchers say the cyber criminal operation behind it is finding a lot of success.
The Reserve Trust Company - Notice Of Data Breach (Stockhouse) The Reserve Trust Company ("Reserve Trust") is providing notice of a recent data privacy event that may have affected certain personal information.
()
Security Patches, Mitigations, and Software Updates
F5 fixes critical vulnerability discovered by Positive Technologies in BIG-IP application delivery controller (Positive Technologies) F5 fixes critical vulnerability discovered by Positive Technologies in BIG-IP application delivery controller
Firefox 78 is out – with a mysteriously empty list of security fixes (Naked Security) TLS 1.0 and TLS 1.1 are now considered security risks and blocked by default.
Netgear is releasing fixes for ten issues affecting 79 products (Security Affairs) Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products. Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI). […]
Cyber Trends
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity (Dark Reading) While financial institutions and government remain popular targets, COVID-19 research organizations are now also in the crosshairs.
New report: COVID-19 Threat Intelligence Insight from the Telco Security Alliance (AT&T Cybersecurity) AT&T Cybersecurity along with three members of the Telco Security Alliance (TSA) published a new report today, “COVID-19 Insight from the Telco Security Alliance.” The report provides insight into some of the threat groups (as well as analysis of their campaigns) that are taking advantage of the global pandemic while nations and organizations are vulnerable.
Are businesses prepared for the ‘return to work’ security risks? (Global Security Mag Online) As lockdown eases, many businesses are preparing for employees to return to work. But are their corporate networks ready, with adequate security measures in place, to ensure their systems are protected from the increased risk of a cyber attack owing to staff and their equipment working from home.
()
The next cybersecurity headache: Employees know the rules but just don't care (TechRepublic) Employees are still ignoring cyber security best practice despite being more aware of the risks.
CIOs are apprehensive about interruptions due to expired machine identities (Help Net Security) Cybercriminals are targeting machine identities, including TLS keys and certificates, and their capabilities to use in attacks.
Data breaches hit millions of school records – report (Insurance Business) Schools across the country have experienced more than 1,300 data breaches since 2005
Schools Already Struggled With Cybersecurity. Then Came Covid-19 (Wired) A lack of dedicated funding and resources made it hard to keep data secure—and that was before classes moved almost entirely online.
Key cybersecurity industry challenges in the next five years (Help Net Security) What key challenges will the cybersecurity industry be dealing with in the next five years? Pete Herzog, Managing Director at ISECOM, opines.
Average fraud costs companies more than $1.5 million (Security Magazine) A single case of occupational fraud costs the victim organization an average of more than $1.5 million, says a new report from the Association of Certified Fraud Examiners (ACFE).
Indian enterprises are struggling with insider threats, data breaches: Survey (ETCIO.com) 98% of organisations across India have seen COVID-19 impact business functioning, with CIOs facing challenges in helping their teams to communicate ef..
Marketplace
Did a Chinese Hack Kill Canada’s Greatest Tech Company? (Bloomberg) Nortel was once a world leader in wireless technology. Then came a hack and the rise of Huawei.
Nokia phone maker acquires cybersecurity firm Valona Labs (Outlook India) HMD Global, the home of Nokia phones, on Thursday announced it has acquired assets of mobile, enterprise and cybersecurity software firm Valona Labs for an undisclosed amount.
Seattle startup Integris acquired by data privacy giant OneTrust (GeekWire) OneTrust, an Atlanta-based privacy software company valued at nearly $3 billion, has acquired Seattle startup Integris Software. Founded in 2016, Integris helps companies manage personal information…
()
The 2020 TinySeed Accelerator Batch (TinySeed: The Startup Accelerator for Bootstrappers) We were blown away by the sheer number and quality of the applications we received for TinySeed’s second batch. Over the last few months we’ve been working hard to narrow down the field of amazing candidates, and today we’re proud to announce that these twelve companies are in our 2020 batch of star
6 cybersecurity start-ups shaking up the industry (Silicon Republic) We look at the six cybersecurity start-ups that have been named Technology Pioneers this year by the World Economic Forum.
Google stymies media companies from chipping away at its data dominance (Reuters) Alphabet Inc's Google upended plans by European media companies to block it from harvesting data about their readers and slash some of its dominance in online advertising, seven people involved in the talks said this month.
Google stops pushing scam ads on Americans searching for how to vote (Naked Security) No US entity charges citizens for registering to vote, but plenty of Google ads were happy to do so – and to grab your PII in the process.
Facebook frustrates advertisers as boycott over hate speech kicks off (Reuters) Advertisements for more than 400 brands including Coca-Cola and Starbucks vanished from Facebook on Wednesday, after the failure of last-ditch talks to stop a boycott over hate speech on the site.
Zoom misses its own deadline to publish its first transparency report (TechCrunch) The company said it would publish a transparency report after Chinese authorities demanded it take action against U.S.-based Zoom users.
Zoom confirms it missed this major security milestone (TechRadar) In the past 90 days Zoom has enhanced its bug bounty program, conducted penetration tests and moreZoom CEO sets out what's next for privacy and security
Zoom CEO says 90-day privacy pledge just a first step (Outlook India) Zoom CEO Eric Yuan has announced to double down on the efforts to bring meaningful change to its video meet app after the 90-day pledge ended, saying the company would put mechanisms in place to make sure that security and privacy remain a priority in each phase of its product and feature development.
Ethical hackers are busy stamping out bugs during the pandemic (Marketplace) Platforms like Synack connect hackers with companies trying to find holes in their systems.
Patty Trexler Joins SentinelOne to Lead Government, Healthcare, and Education Go-To-Market (Yahoo) SentinelOne, the autonomous cybersecurity platform company, today announced that Patty Trexler has joined SentinelOne as Vice President, Government, Healthcare, and Education, to lead company efforts across the public sector. With Trexler onboard, SentinelOne will specifically expand its work in the
ESET promotes Parvinder Walia to President of Asia Pacific & Japan (Yahoo) ESET, a global leader in cybersecurity, has named Parvinder Walia as President of Asia Pacific & Japan (APJ) to oversee the continued expansion and development of the business in the region. Parvinder will be responsible for driving ESET's go-to-market strategy and accelerating business expansion
GrammaTech Appoints Andrew Meyer as Chief Marketing Officer (PRWeb) GrammaTech, a leading developer of software-assurance tools and advanced cyber-security solutions, today announced it has appointed Andrew Mey
Products, Services, and Solutions
Ordr Redefines IoMT and Enterprise IoT Security with Broader, Deeper Classification and Insights (Ordr) Ordr latest release expands classification capabilities for healthcare devices and building automation and control systems, enhances device insights and expands integrations. This release also addresses Ripple20 vulnerabilities.
iProov to Provide Biometric Technology to Challenger Bank Knab, Part of AEGON (BusinessWire) iProov, a world leader in spoof-resistant, biometric facial authentication technology, today announced that its technology is to be deployed by Dutch
NETSCOUT Collaborates With Oracle to Support Customers’ Digital Transformation Needs With End-to-end, Application-level Visibility and Troubleshooting for Hybrid Cloud Environments (BusinessWire) NETSCOUT SYSTEMS, INC., (NASDAQ: NTCT), a leading provider of service assurance, security, and business analytics, today announced that it is collabor
RiskIQ and Splunk Partner to Deliver Best-in-Class Attack Surface Visibility and Protection (GlobeNewswire) New RiskIQ Apps for Splunk Provide Global Asset Visibility and Rich Context for Security Operations
Proofpoint dévoile sa nouvelle plateforme ObserveIT (Global Security Mag Online) Proofpoint lance sa nouvelle plateforme de gestion des menaces internes (ITM) ObserveIT, basée sur le cloud. Cette solution propose de nombreux services : détection des risques internes, réponse rapide aux incidents, visibilité complète de l'activité des utilisateurs, interactions entre les données et mise en contexte de la menace.
Cryptography Startup Brings Private Payment Channels to Tezos Blockchain (CoinDesk) Cryptography firm Bolt Labs has launched a private payment solution, zkChannels, on Tezos.
Gigamon solution achieves VMWare Ready certification (Help Net Security) In a significant milestone in the support of DX, Gigamon announces that the GigaVUE Cloud Suite for VMware has obtained VMware Ready certification.
Technologies, Techniques, and Standards
SC Digital Congress: NATO cybersecurity chief: ‘We may never return to offices 100 per cent’ (SC Magazine) Keynote speaker for SC Media UK's digital congress, NATO Cyber Security Centre chief Ian West tells delegates about how the agency faced the challenges posed by the Covid-19 pandemic.
Defending Against Malicious Cyber Activity Originating from Tor (CISA) This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques.
US Govt shares tips on defending against cyberattacks via Tor (BleepingComputer) The Cybersecurity and Infrastructure Security Agency (CISA) today issued guidance on how to protect against cyberattacks launched from the activity originating from or routed through the Tor anonymity network.
NSA to release advisory on VPN security amid telework boom (FCW) Organizations that spent the past decade hardening their corporate networks must now contend with their workforce signing in from insecure, unmanaged personal devices at home.
Siemens und NATO CCDCOE vertiefen Zusammenarbeit bei Cyber-Sicherheit für kritische Infrastrukturen, Siemens AG, Pressemitteilung (UNITED NEWS NETWORK GmbH) Siemens AG, Siemens Smart Infrastructure und das NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) haben ein Memorandum o…
Federal Reserve shares tips on mitigating synthetic identity fraud (BleepingComputer) The U.S. Federal Reserve today issued guidance on how financial organizations from the United States can mitigate payment fraud attempts scammers carry out with the help of synthetic identity accounts.
Lion attack puts spotlight on cyber security (Brews News) Cyber security experts provide tips on securing systems after the cyber attack on Lion which stopped production for nearly three weeks.
Don't Slow Cybersecurity Spending: Steer into the Skid with a Tight Business Plan (Dark Reading) We all know there are slippery conditions ahead, which is why it's never been more important for organizations to maintain and even increase their spending on cybersecurity.
Building ransomware resilience: preparing for the golden hour - teiss (teiss) What businesses do the moment ransomware is detected makes a huge difference to the impact the attack can have on the organisation. Failure to act fast can mean that more files are locked, more devices are penetrated and more money is lost. What organisations do in the ‘golden hour’ following an attack is crucial, and what they achieve in this ‘golden hour’ is dependent on how well trained and prepared they are beforehand.
Be prepared: Why you need an incident response policy (TechRepublic) Smart security teams have updated incident response plans in place before a security breach happens.
Insuring against the high cost of cyber attack - InDaily (InDaily) The threat of cyber attack is real and growing, but very difficult to effectively insure against. Businesses and the legal profession must think and act decisively in order to protect themselves and clients, argues Morry Bailes.
COVID-19 Era Ushers In Cyber Conveniences That Carry Risk (Rockland County Business Journal) As we are increasingly relying upon cyber connectivity, businesses must evaluate cyber vulnerability and take steps to protect themselves.
()
Design and Innovation
Can the U.S. Army Secure Its Future Networks From Hackers? (The National Interest) Highly networked warfare brings great benefits—and great risks.
Research and Development
MIT apologizes, permanently pulls offline huge dataset that taught AI systems to use racist, misogynistic slurs (Register) Top uni takes action after El Reg highlights concerns by academics
Academia
Trend Micro and Girls in Tech Partner to Help Close the Gender Gap in the Technology Industry (BusinessWire) Trend Micro announces an expanded partnership with global nonprofit, Girls in Tech, in effort to close the diversity and talent gap in technology.
PSU now a national center for cybersecurity (KOIN.com) Portland State University is the only research university in the state to be designated a National Center of Academic Excellence in Cyber Research.
Legislation, Policy, and Regulation
Morrison's $1.3 billion for more 'cyber spies' is an incremental response to a radical problem (UNSW Newsroom) The Coalition has announced a new package to boost cyber security. But this is not new money and much more needs to be done to ward off cyber threats.
Chinese military has links to supplier of 5G equipment in Australia (The Sydney Morning Herald) Panda Electronics - a supplier of telecommunications equipment to Telstra and Optus - is 'owned by, controlled by or affiliated with' the Chinese military says the Pentagon.
Security threat: Now deliberations on Huawei, ZTE's future in India (ETCIO.com) After banning 59 Chinese apps, the Indian government is considering whether the presence of China's Huawei Technology Co and ZTE Corp may pose threat ..
()
Huawei issue focuses spotlight on Sino-UK ties (China Daily) The United Kingdom could be dealt a severe economic setback if Chinese telecom giant Huawei is barred from taking part in creating the country's 5G network, according to experts.
Details of Beijing's new Hong Kong security law revealed: Signals end to more than two decades of autonomy (Register) Legislation to root out subversion, terrorism and collusion with foreign forces following year of civil unrest
Media mogul Jimmy Lai, on China’s new security law: ‘Hong Kong is dead’ (MarketWatch) “It’s worse than the worst scenario imagined. Hong Kong is totally subdued, totally under control,” he said. “It’s sad that Hong Kong is dead.”
U.S. House passes bill to sanction Chinese banks over Hong Kong (Reuters) The U.S. House of Representatives passed legislation on Wednesday that would penalize banks doing business with Chinese officials who implement a national security law that House Speaker Nancy Pelosi called a "brutal, sweeping crackdown" on Hong Kong.
Hong Kong Security Law Means It’s No Longer Business as Usual (Wall Street Journal) The breadth of the law and rapidly deteriorating relations between China and the West raise the prospect that international businesses or their employees could eventually become targets.
Hong Kong Is Part of the Mainland Now (Foreign Affairs) Beijing’s New Security Law Has Stifled the Territory’s Autonomy and Hopes
Time nears for federal contractors to dump Chinese companies (Federal News Network) In today’s Federal Newscast, contractors need to meet a provision in the 2019 Defense authorization bill to not use equipment from Huawei and ZTE.
China: US 'oppressing Chinese companies' in new Huawei move (AP NEWS) China on Wednesday demanded Washington stop “oppressing Chinese companies” after U.S. regulators declared telecom equipment suppliers Huawei and ZTE to be national security threats....
Media Statement Regarding the Federal Communications Commission (Huawei) The Federal Communications Commission (“FCC”) voted today to approve an order that imposes limitations on the use of funding from the FCC’s Universal Service Fund (“USF”) to purchase products and services from companies deemed a threat to national security.
()
Domestic 5G development at core of US communications security plan (CSO Online) New NTIA document outlines White House 5G security goals, which promote home-grown R&D and call for continuous risk assessment and management.
U.S. Warns Businesses Over Supply Chains Tied to Rights Violations in China (Wall Street Journal) The administration said companies face legal risks for involvement with entities in China blamed for human-rights abuses, including the mass detention of Uighur Muslims.
What’s This Unit of Russian Spies That Keeps Getting Outed? (Foreign Policy) Unit 29155 of the GRU is behind plenty of Russia’s high-profile misadventures abroad—and now, apparently, the bounties on U.S. troops in Afghanistan.
()
Protecting undersea cables must be made a national security priority (Defense News) Here are the steps U.S. officials and lawmakers should take to protect undersea cables.
Sen. King stresses urgency of national cyberdefense: “We must plan for the unthinkable” (Newscentermaine.com) King believes the next dramatic, disruptive attack against American people could be a cyberattack that may be hard or even impossible to physically see.
Senators Push for Local Cybersecurity Support in Defense Bill (Wall Street Journal) Proposals would create state-level coordinators in the Department of Homeland Security, and mobilize the National Guard in case of cyberattack.
House Armed Services Committee Presses on With NDAA Markup (Meritalk) The House Armed Services Committee spent Wednesday compiling its version of the annual National Defense Authorization Act, a process that could continue into the late evening or tomorrow if necessary, said the committee’s chairman.
Analysis | The Cybersecurity 202: Get ready for encryption fireworks in Congress today (Washington Post) A Senate committee will spar over an anti-child pornography bill critics say is an encryption killer.
Bill Barr Crosses the Rubicon (Reason) For the first time in twenty years, the Justice Department is finally free to campaign for the encryption access bill it has always wanted
Committee hits roadblock in probing Commonwealth cybersecurity performance (ZDNet) It's a complex accountability tree, but there's no central mechanism allowing a transparent view of where each Commonwealth entity is at with cybersecurity.
Canadians Security and Privacy Must Be Protected in The Race To Trace #117270 (New Kerala) Business World: Canadians Security and Privacy Must Be Protected in The Race To Trace - Canadians seem ready to embrace digital contact tracing to help contain COVID-19 through an anonymous mobile app, with a majority prepared to make the app mandatory to go to work or take public transit....
Lawmakers call for more transparency in health agency’s pandemic data collection practices (Washington Post) Sen. Elizabeth Warren is raising privacy concerns over a Health and Human Services program to gather data that involves tech company Palantir.
When will the UK 'track and trace' app be ready - and how will it work? (The Telegraph) The Government has joined forces with Google and Apple to create a new contact tracing app
House of Lords calls for gamer loot boxes to be regulated under gambling laws (ZDNet) Loot boxes, skins, and other in-game purchases could come under new scrutiny in the UK.
Cyber Personnel Unification Boosts Battle Power (SIGNAL Magazine) With the 2020 election fast approaching and tensions with Iran continually shifting, many people are looking to U.S. Cyber Command to help ensure cybersecurity.
()
Litigation, Investigation, and Law Enforcement
Afghan Contractor Handed Out Russian Cash to Kill Americans, Officials Say (New York Times) A small-time businessman became a key middleman for bounties on coalition troops in Afghanistan, U.S. intelligence reports say. Friends saw him grow rich, but didn’t know how.
()
UK competition watchdog accused of 'passing the baton' on tech giants (The Telegraph) The CMA made the recommendations as it released its report into online platforms and digital advertising
()
Tim Cook, Mark Zuckerberg, Jeff Bezos, and Sundar Pichai will all testify before Congress in an antitrust hearing (Business Insider) Facebook, Amazon, and Google had all reportedly been confirmed for the antitrust hearing by mid-June, but Apple had stayed quiet.
Apple CEO Tim Cook agrees to testify in House antitrust investigation (AppleInsider) Apple CEO Tim Cook has agreed to participate in U.S. House Judiciary Committee antitrust probe, making him the last chief executive of four big tech companies targeted in the investigation to signal intent to yield testimony.
AT&T dragged to court, again, over SIM hijacking and cryptocurrency theft (ZDNet) A customer allegedly lost $1.9 million due to AT&T’s handling of a number transfer request.
Woolies hit with AU$1 million spamming fine (ZDNet) ACMA issues its largest fine over five million breaches to a company that made AU$16.5 billion in sales last quarter.
CCPA Round-Up: Enforcement Begins; “CCPA 2.0” Qualifies for November Ballot; Facebook Updates CCPA Stance (Cooley) The California Attorney General’s power to enforce the California Consumer Privacy Act (“CCPA”) took effect today, July 1, 2020, after a busy week of CCPA-related developments that included: The Ca…
Today’s The Day: CCPA Enforcement Begins (JD Supra) As we’ve been writing about in this space for some time, today marks the opening of the CCPA enforcement era. Despite protestations from the business...
A Clickful of Dollars Might Violate The CFAA (JD Supra) United States Magistrate Judge Christopher J. Burke of the District of Delaware recently held that “click fraud” violates the federal Computer Fraud...
Cybersecurity Co. Accused Of Misleading Investors In IPO (Law360) Israeli cybersecurity software company Tufin overstated its business prospects in North America in the lead-up to its $108 million initial public offering, teeing up a drop in its stock price when the company underperformed, an investor told a New York state court Wednesday.
Facebook Taking Row Over Wiretap Act's Reach To High Court (Law360) Facebook is gearing up to appeal to the U.S. Supreme Court a Ninth Circuit ruling reviving claims that it unlawfully intercepted logged-out users' browsing histories, arguing that the dispute presents a chance to resolve a circuit split over whether companies can be held liable under federal wiretap law for receiving communications directly from unknowing users.
Facebook reinstates NSO Group employee accounts amid ongoing lawsuit (CyberScoop) Facebook has reinstated accounts of NSO Group employees following allegations the social media company unfairly blocked the accounts as Facebook sues NSO.
$185K Proposed Settlement Reached in Grays Harbor Data Breach Lawsuit (HealthITSecurity) Grays Harbor Community Hospital and Harbor Medical Group has reached a proposed $185,000 agreement to settle a breach lawsuit filed by the victims of a two-month-long ransomware attack in 2019.