Cyber Attacks, Threats, and Vulnerabilities
'Ghostwriter' Influence Campaign: Unknown Actors Leverage Website
Compromises and Fabricated Content to Push Narratives Aligned With
Russian Security Interests (FireEye) We have tied together several information operations that we assess are part of a broader influence campaign aligned with Russian security interests.
Cyber-enabled disinformation campaign targeted US-Poland alliance - New Eastern Europe - A bimonthly news magazine dedicated to Central and Eastern European affairs (New Eastern Europe) Polish authorities have blamed Russia for a cyberattack in April, which planted forged documents and news articles on various military and news websites.
US officials tell AP: Russia spreading virus disinformation (AP NEWS) Russian intelligence operatives are using a trio of English-language websites to spread disinformation about the coronavirus pandemic, seeking to exploit a crisis that America is...
Declassified intel says Russia is spreading coronavirus disinformation: reports (TheHill) Newly declassified intelligence reportedly shows that Russian operatives are using a variety of English-language websites to spread disinformation about the novel coronavirus.
Russian Intelligence Agencies Push Disinformation on Pandemic (New York Times) Declassified U.S. intelligence accuses Moscow of pushing propaganda through alternative websites as Russia refines techniques used in 2016.
Follow the Money: How Digital Ads Subsidize the Worst of the Web (Wired) From Covid conspiracies to election scams, automated advertising software plays a large—and largely unseen—role.
The Vatican Is Said to Be Hacked From China Before Talks With Beijing (New York Times) In one attack, the hackers weaponized an electronic file with a letter that had a note of condolence from Cardinal Pietro Parolin, the Vatican’s secretary of state.
U.S. cybersecurity firm says Beijing-linked hackers target Vatican ahead of talks (Reuters) Hackers linked to the Chinese government have infiltrated Vatican computer networks, including the Roman Catholic Church's Hong Kong-based representative, a U.S. firm that tracks state-backed cyber attacks said on Wednesday .
Group says China hackers infiltrated Vatican ahead of expected talks (TheHill) A cybersecurity firm has concluded that Chinese hackers penetrated the Vatican’s computer networks in recent months during the lead-up to negotiations between the Catholic Church and Beijing.
Chinese State-Sponsored Group ‘RedDelta’ Targets the Vatican and Catholic Organizations (Recorded Future) Insikt Group identified a cyberespionage campaign attributed to a suspected Chinese state-sponsored threat activity group, which they refer to as RedDelta.
North Korean hackers behind custom ransomware attack targeting wealthy groups | NK News (North Korea News) North Korean state-sponsored hackers are implicated in a custom ransomware strain targeting wealthy companies, researchers from cybersecurity firm Kaspersky Labs said in a report published on Tuesday. If true, the series of attacks follow a larger cybercrime trend of ransomware-deploying groups pivoting from indiscriminate attacks with low payouts to more laborious, high-reward target operations going …
VHD ransomware is owned and operated by Lazarus group, researchers find (Computing) The first reports of VHD ransomware had appeared in March this year
WhatsApp confirms 2019 attack on Catalan politician’s cellphone (EL PAÍS) Roger Torrent, the speaker of the regional parliament and a supporter of independence, was targeted with a program used by government clients worldwide
Business giant Dussmann Group's data leaked after ransomware attack (BleepingComputer) The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack.
FBI warns of disruptive DDoS amplification attacks (WeLiveSecurity) The FBI has warned private sector organizations about a ramp-up in the use of built-in network protocols for large-scale DDoS amplification attacks.
Cyber Actors Exploiting Built-In Network Protocols to Carry Out Larger, More Destructive Distributed Denial of Service Attacks (FBI) Cyber actors have exploited built-in network protocols, designed to reduce computational overhead of day-to-day system and operational functions, to conduct larger and more destructive distributed denial of service (DDoS) amplification attacks against US networks.
Industrial VPN vulnerabilities put critical infrastructure at risk (BleepingComputer) Security researchers analyzing popular remote access solutions used for industrial control systems (ICS) found multiple vulnerabilities that could let unauthenticated attackers execute arbitrary code and breach the environment.
New VPN flaws highlight proven pathway for hackers into industrial organizations (CyberScoop) A new report from Claroty found bugs in VPN servers and devices that could allow access to industrial computers that are used to connect to machinery.
Doki, an undetectable Linux backdoor targets Docker Servers (Security Affairs) Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers Cybersecurity researchers at Intezer spotted a new completely undetectable Linux malware, dubbed Doki, that exploits undocumented evasion techniques while targeting publicly accessible Docker servers. The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba […]
()
WordPress plugin vulnerability exposes 80,000 sites to remote takeover (The Daily Swig) Critical bug in wpDiscuz add-on has now been patched
OkCupid Security Flaw Threatens Intimate Dater Details (Threatpost) Attackers could exploit various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles.
Hacker leaks 386 million user records from 18 companies for free (BleepingComputer) A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.
Emotet malware now steals your email attachments to attack contacts (BleepingComputer) The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails attempting to infect targets' systems.
()
Promo Data Breach FAQ (Promo) What happened?
On July 21, 2020, our team became aware that a data security vulnerability on a 3rd party service had caused a breach affecting certain non-finance related Slidely and Promo user data. We immediately stopped all suspicious activity and launched an internal investigation to further learn about what happened.
Alcohol delivery service Drizly hit by data breach (TechCrunch) A well-known data seller on the dark web claims to be selling the site's stolen user data.
Major retailer sees customer data sold on dark web (Insurance Business) Grocery delivery service insists that it has not suffered a data breach, but victims beg to differ
Hacker plays cat-and-mouse with the EBRD’s Twitter account (Graham Cluley) The European Bank for Reconstruction and Development (EBRD) found itself very publicly tussling with a hacker on its Twitter account this morning.
Mich. Online Bar Exam Disrupted By Apparent Cyberattack (Law360) Michigan's online bar exam, the first such test to go forward so far, experienced a cyberattack that caused a serious technical problem on Tuesday, the test's technology provider said, as test takers were initially unable to log in for the second part of the exam.
Cyber Attack Said to Disrupt Michigan’s Online Bar Exam (1) (Bloomberg Law) The Michigan bar exam was the subject of a cyber attack that caused a temporary glitch for test takers, according to state bar officials and the software company administering the online exam.
National Trust joins victims of Blackbaud hack (BBC News) The charity says a database containing details of its volunteers and fundraisers has been affected.
Newcastle University hit by data breach after software supplier hacked (Northeast Chronicle) A number of institutions across the world were affected after the cyber attack on Blackbaud, a provider of alumni database software, including Newcastle University
Auckland University alumni and donor information stolen by hackers (NZ Herald) A ransom was paid for the information's return.
Texas Tech Foundation information part of international data security breach (KCBD) The Texas Tech Foundation has reported that certain private information may have been part of a ransomware attack affecting more than 200 international organizations.
Western News - Blackbaud data breach (Western News) Western University recently learned that a third-party service provider – Blackbaud, one of the world’s largest customer relationship management (CRM) providers – has experienced a ransomware attack that impacted many of its clients around the world, including Western.
Blackbaud Data Breach: Do You Need to Notify Affected Individuals or EU Data Protection Authorities? (JD Supra) On July 16, 2020, Blackbaud, a U.S. based cloud computing provider and one of the world’s largest providers of education administration, fundraising,...
Hacker gang behind Garmin attack doesn't have a history of stealing user data (ZDNet) There's a high probability that Garmin user data might be safe, after all.
Garmin Confirms Services Upended by Ransomware Attack (TechNewsWorld) Garmin confirmed Monday that many of its online services have been disrupted by a cyberattack on its systems that occurred on July 23, 2020. Services disrupted by the attack, which encrypted data on the systems, included website functions, customer support, customer facing applications, and company communications, the company noted in a statement.
Garmin may have paid hackers ransom, reports suggest (ComputerWeekly) Garmin’s services are coming back online but the company remains tight-lipped about what exactly happened to it
Anatomy of a Breach: Criminal Data Brokers Hit Dave (BankInfo Security) Mobile banking startup Dave is just the latest victim of criminal data brokers. Extensive evidence now points to Dave having been hit by a ShinyHunters, which has
Twitter Bitcoin scam reached over 37% of Twitter’s userbase (Atlas VPN) On July 15th, 2020, between 20:00–22:00 UTC, cybercriminals took over multiple high-profile Twitter accounts to promote a Bitcoin scam. Hackers sent out tweets asking people to send cryptocurrencies to a specified wallet, and in return, the sent amount would be doubled and returned to the sender.
Cosmetics firm Avon faces new cyber security incident (ComputerWeekly) Technical information relating to Avon’s web and mobile sites was inadvertently left exposed on an unsecured Microsoft Azure server.
Twitter Hack Exposes Massive Cyber Security Flaw (ValueWalk) Although cyber attacks and Twitter hacks aren’t new phenomena, this particular incident has opened up a public discussion about security
Special Report: Rite Aid deployed facial recognition systems in hundreds of U.S. stores (Reuters) Over about eight years, the American drugstore chain Rite Aid Corp quietly added facial recognition systems to 200 stores across the United States, in one of the largest rollouts of such technology among retailers in the country, a Reuters investigation found.
Temperature Checks Raise Privacy Concerns as Europeans Return to Offices (Wall Street Journal) European authorities are investigating some companies for potential privacy violations for taking employees’ temperatures as they return to work during the coronavirus pandemic.
Samaritan shuts down computer system after ‘potential security incident’ (WWNY News 7) The hospital did not disclose further details about the nature of the incident, but hospitals around the world have been the target of malware in recent years.
HMS Industrial Networks eCatcher (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.6
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: HMS Industrial Networks AB
Equipment: eCatcher
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could crash the device being accessed. In addition, a buffer overflow condition may allow remote code execution with highest privileges.
Secomea GateManager (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Secomea
Equipment: GateManager
Vulnerabilities: Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient Computational Effort
2.
Softing Industrial Automation OPC (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Softing Industrial Automation, GmbH
Equipment: OPC
Vulnerabilities: Heap-based Buffer Overflow, Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the device being accessed. A buffer-overflow condition may also allow remote code execution.
Delta Industrial Automation DOPSoft (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: Delta Electronics
Equipment: Delta Industrial Automation DOPSoft
Vulnerabilities: Out-of-bounds Read, Heap-based Buffer Overflow
2.
Security Patches, Mitigations, and Software Updates
Firefox 79 is out – it’s a double-update month so patch now! (Naked Security) It’s a Blue Moon month for Firefox – the second full update in July!
The AT&T Galaxy S10 series is receiving the July security patch (Android Police) Shortly after the Galaxy S20 series started receiving the July security patch in Korea and Europe, unlocked US models started receiving it, too, as
Microsoft to retire SHA-1 Windows content on August 3, 2020 (WinCentral) Microsoft has announced that it is planning to retire all content from Microsoft download center that is only windows-signed for SHA-1. Such downloads will be retired on August 3, 2020, post which they won’t be available to download and install. Microsoft has also made it clear that starting August 2019, devices without SHA-2 support have...
Cyber Trends
93% of Security Professionals Lack the Necessary Tools to Detect Security Threats, According to LogRhythm Report (BusinessWire) LogRhythm, the company powering today’s security operations centers (SOCs), today announced the release of its report, The State of the Security Team:
IBM Report: Compromised Employee Accounts Led to Most Expensive Data Breaches Over Past Year (IBM News Room) Customer Personal Data Exposed in 80% of Breaches Analyzed; AI and Automation Significantly Reduce Costs
Cost of a Data Breach Study (IBM) Download the Cost of Data Breach Study to learn more about the global impact of a data breach and how data breaches affect individual nations.
Tanium Report Reveals 90 Percent of Organizations Experienced an Increase in Cyberattacks due to COVID-19 (Baytown Sun) Tanium, the provider of unified endpoint management and security built for the world's most demanding IT environments, today announced the results of a global survey of 1,000 CXOs revealing the ongoing effects of COVID-19 on enterprise and government organizations.
Orca Security 2020 State of Public Cloud Security Risks Report (Orca Security) Orca Security Research Finds Public Cloud Environments Rife with Neglected Workloads, Authentication Issues, and Lateral Movement Risk
AHEAD Unveils “State of Modern Applications in the Enterprise” 2020 Report Detailing Progress of U.S. Enterprises in Delivering Better Software, Faster (BusinessWire) AHEAD a leading provider of enterprise cloud solutions, today announced the release of the “State of Modern Applications in the Enterprise” 2020 repor
Maritime cyber attacks increase by 900% in three years (Streetjournal Magazine) Cyber-attacks on the maritime industry’s operational technology (OT) systems have increased by 900% over the last three years with the number of reported incidents set to reach record volumes by year end.
Marketplace
Cybellum Closes $12M in Series A Funding to Redefine Automotive Cybersecurity Risk Assessment (Yahoo) Cybellum, a leader in Automotive Cybersecurity Risk Assessment, today announced a $12 million round A funding, bringing total investment in the company to $15 million.
Ermetic Raises $17M in Series A Funding led by Accel for Cloud Infrastructure Entitlements Management Platform (BusinessWire) According to Gartner, 75% of cloud security failures will result from inadequate management of identities, access, and privileges by 2023.
Cyber startup scores $1.3m to protect IoT devices (Information Age) AI detects performance deviations.
UNSW Sydney researchers attract $1.3 million investment for cyber security spin-out (India Education Diary) UNSW researchers have raised $1.3 million in a deal from IP Group, to fund a spin-out business based on their technology that protects Internet of Things (IoT) devices from cybercrime. Dr Hassan Ha…
NYPA and Siemens Energy, Inc. to Lead World-Class Cybersecurity Center of Excellence (New York Power Authority) Center to Develop Innovative Cybersecurity Best Practices that Will Serve as a Model for Deployment at Other Public and Private Utilities. NYPA’s Advanced Grid Laboratory for Energy to Test Cybersecurity Solutions, Pilot New Systems.
NCSC inducts six security startups to Cyber Accelerator (ComputerWeekly) 10-week programme will guide some of the UK’s most innovative security startups as they scale their businesses for future growth
Coalfire Federal Wins US Patent Office Cyber Contract (PR Newswire) Coalfire Federal, a pure-play government cybersecurity advisory services and assessment firm, today announced it has been awarded the United...
Anchore Announces International Expansion To Meet Growing Demand (PR Newswire) Today, Anchore, an industry leader in policy-based container security and compliance solutions for small businesses, major enterprises and...
BT closer to 5G deal with Ericsson and lukewarm on open RAN (Light Reading) The odds shorten on a 5G deal between BT and Ericsson after comments by the UK incumbent's chief technology officer this week.
Exclusive: ByteDance investors value TikTok at $50 billion in takeover bid - sources (Reuters) Some investors of TikTok's parent company ByteDance seeking to take over the popular social media app are valuing it at about $50 billion, significantly more than peers such as Snap Inc , according to people familiar with the matter.
ByteDance AI research head to leave as pressure mounts on TikTok (ETCIO.com) Beijing-based ByteDance said on Tuesday the head of its artificial intelligence lab will leave the company, as its short-video app TikTok faces US scr..
Perspecta names Jennifer Swindell as senior vice president and general manager of its risk decision group (Yahoo) Perspecta Inc. (NYSE: PRSP), a leading U.S. government services provider, announced today that it has named Jennifer Swindell as senior vice president and general manager of the company's risk decision group. In this position, Swindell is responsible for advancing the company's trusted workforce
Hewlett Packard Enterprise Top Lawyer Becomes Chief Operating Officer (Corporate Counsel) As COO, John Schultz now manages HPE's operations, legal and administrative affairs organization.
Huawei Canada's Chief Security Officer Recognized Among Top Women in Cyber Security (PR Newswire) IT World Canada (ITWC) and the Women in Security and Resilience Alliance (WISECRA) have named Huawei Canada's Chief Security Officer, Olivera Zatezalo,...
CrowdStrike announces two executive hires, with aim to expand in A/NZ (Security Brief) The endpoint protection company says both executives will be responsible for boosting customer experience (CX) while delivering success mutually with CrowdStrike’s partner team as part of their new roles.
Products, Services, and Solutions
Ericsson delivers first U.S. manufactured commercial 5G base station to Verizon (PR Newswire) Verizon (NYSE, Nasdaq: VZ) is the first recipient of a U.S. manufactured commercial 5G base station from Ericsson's (NASDAQ: ERIC) new...
One Identity and Ping Identity Join Forces to Provide Customers with Best-in-Class Identity-Centered Security (One Identity)
Brings together two of the industry’s most innovative platforms in identity security to enable secure use of increasingly common hybrid cloud deployment model
Unites access management from Ping and identity administration and governance from...
Ping Identity Announces New Global Partner Program Offerings (BusinessWire) Ping Identity (NYSE: PING), the Intelligent Identity solution for the enterprise, today announced the launch of its revamped Global Partner Program, w
Pulse Secure Delivers New Cloud-based, Zero Trust Service for Multi-Cloud and Hybrid IT Secure Access (Pulse Secure) New Pulse Zero Trust Access (PZTA) service enhances productivity, simplifies management and mitigates cyber risks as enterprises embrace increased workforce mobility and utility computing
Untangle Extends Partnership with Bitdefender to Facilitate Endpoint Management (Untangle) Integration simplifies IT network administration for SMBs with added endpoint monitoring and management capabilities SAN JOSE, Calif.– July, 28, 2020 –
Cyabra Launches New Era in Fight Against Disinformation and Deepfakes (BusinessWire) Cyabra, a data visualization software company that uncovers disinformation and empowers brands, today unveiled its latest innovation in fighting the s
BigID Application Development Framework empowers customers to get more value from their data (Help Net Security) BigID introduced the Application Development Framework for any data discovery platform, empowering customers to get more value from their data.
Dragos Unveils Fortinet SIEM Integration for Network Threat Detection (MSSP Alert) ICS & OT cybersecurity solutions provider Dragos adds the Fortinet security information & event management solution to help SOC teams visualize cyber threats.
NetSPI Brings Scale, Agility, and Speed to Static Application Security Testing and Secure Code Review (MDJOnline.com) To mitigate possible security vulnerabilities early in the fast-paced software development life cycle process, today NetSPI, the leader in enterprise security testing and vulnerability
ERP Data Security Leader, Appsian, Releases Appsian360; the First Data Access & Usage Analytics Platform for SAP and PeopleSoft (PR Newswire) Appsian, the global leader in Enterprise Resource Planning (ERP) data security and compliance solutions, today announced the release of their...
Telegistics wins Check Point value-added security distributorship (Reseller News) Telegistics has been appointed as a new value-added distribution partner for leading cyber security provider Check Point Software.
Cellebrite Adds Cryptocurrency & Blockchain Investigations Solution to Industry Leading Digital Intelligence Platform (PR Newswire) Cellebrite, the global leader in Digital Intelligence (DI) solutions for public and private sectors, today announced the launch of Cellebrite...
Votiro Announces Strategic Partnership with Thales (BusinessWire) Votiro announced a partnership and distribution agreement with Thales to protect government agencies from all file-borne threats.
Sonrai Security Introduces Automation Engine for Identity and Data Governance in the Cloud (Yahoo) Sonrai Security, a leader in identity and data governance, today announced the Governance Automation Engine for Sonrai Dig, re-inventing how customers ensure security in AWS, Azure, Google Cloud and Kubernetes by automatically eliminating identity risks and reducing unwanted access to data. This enables
Mandiant MDR Service No Longer Exclusive To FireEye Products (CRN) FireEye will later this year make its Mandiant Managed Defense service available on third-party endpoint technology for the first time to expand its addressable market.
Green Hills Software Welcomes Argus Cyber Security into Its Rich EcoSystem of Automotive Partners (WFMZ) Green Hills Software, the worldwide leader in embedded safety and security, and Argus Cyber Security, a global leader
Verimatrix Releases WhiteBox Technology Upgrade for Enterprise Security Integrators (WebWire) Verimatrix, (Euronext Paris: VMX), the leader in powering the modern connected world with people-centered security, announced general availability of its latest tool, Verimatrix WhiteBox 3.7. Verimatrix WhiteBox is one of the company's premiere code protection solutions in its Application Shielding family of products.
VulnHub joins the OffSec Family (Offensive Security) We have exciting news to announce! As part of Offensive Security’s ongoing commitment to information security community projects, we are pleased to announce that VulnHub has become part of the OffSec family.
Vodafone Chooses BlackBerry AtHoc for Secure Crisis Communications Offering (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced an expanded partnership with Vodafone to offer BlackBerry® AtHoc® as its emergency alert...
Tangoe Achieves ISO 27001 Security Certification (BusinessWire) Tangoe®, the global market leader in enterprise technology expense management and managed mobility services, today announced it has successfully compl
Technologies, Techniques, and Standards
NSA & CISA Call for Action to Lower OT/IoT Cybersecurity Exposure (Nozomi Networks) The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) recently issued an Alert (AA20-205A). It urges all Department of Defense (DoD), National Security Systems (NSS), Defense Industrial Base (DIB), and U.S. critical infrastructure facilities to take immediate action to secure their operational technology (OT) assets.
In an evaporating OODA loop, time is of the essence (C4ISRNET) The time needed to observe and assess, direct resources, make decisions, and take action will be too long to be able to muster a successful cyber defense.
Cloud Advisory Board Securealities Report (Coalfire) Coalfire, in collaboration with our Cloud Advisory Board (CAB), developed this research report as a way to give back to the cyber community by helping leaders maximize cybersecurity in the cloud. Material for the report was developed based on our direct experience in secure cloud migrations and real-world insights from our board members.
Interview: Microsoft's Ann Johnson on digital empathy and zero trust (Security Brief) “Digital empathy means creating an environment and rolling out tools that are forgiving of employee mistakes, Johnson explains.
Pandemic Forcing Pentagon to Learn Tough Cybersecurity Lessons (USNI News) The Navy took some risk in permitting hundreds of thousands of service members and civilian employees to use personal laptops and cell phones at home during the COVID-19 pandemic to transact normal business, the service’s top cybersecurity official said. But allowing the use of personal devices was a calculated risk the Navy needed to take, …
Colorado official details plans for penetration testing of election systems (StateScoop) Trevor Timmons, CIO for the Colorado secretary of state, explained a new partnership with the security firm Synack to test election systems ahead of Nov. 3.
The Blurring Line Between Privileged and Non-Privileged Users (Cyberark) “Identity truly is the new perimeter” was one of the big topics at Impact Live. This is because organizations are dealing with a new set of operational and security challenges related to...
Why IAM is the best pre-emptive cybersecurity strategy for your business (ITProPortal) Protecting against breaches of any kind (e.g., distributed denial of service (DDoS), man-in-the-middle) is crucial to helping your business survive and grow.
How to Increase Business Security Using a Honeypot (Finance Magnates) One of the best ways to arm yourself against cybercriminals is by setting a lure.
Design and Innovation
How to Spot—and Avoid—Dark Patterns on the Web (Wired) You've seen them before: the UX ploys designed to trick you into spending money, or make it nearly impossible to unsubscribe. Here's what to look out for.
Research and Development
DARPA wants to find a better way to secure new code in legacy systems (C4ISRNET) A new $40 million project is looking to find ways to more securely integrate new code with legacy systems.
UC Riverside computer scientists receive grant to improve security of visual artificial intelligence (University of California Riverside News) Amit Roy-Chowdhury leads project that will develop robust context-aware machine vision for computers
Academia
Missouri S&T receives additional NSF grant to train cybersecurity experts (News and Events) Researchers at Missouri S&T will continue to combat cybersecurity threats by training the next generation of experts in the field with a $225,000 grant from the National Science Foundation. The grant will fund Missouri S&T’s computer science department’s “Scholarship for Service” master of science d
Fullstack Academy Brings Coding and Cybersecurity Training to the Bay Area by Partnering with Cal State East Bay (PR Newswire) As demand for coding and cybersecurity professionals in Northern California and surrounding regions continues to build, Fullstack Academy...
Legislation, Policy, and Regulation
Opinion: Like it or not, cyberespionage is now a permanent part of geopolitics (The Globe and Mail) The recent COVID-19 spying that made headlines is not an aberration, but the public tip of an iceberg of international cyber competition that has played out online for years
New Zealand Suspends Extradition Treaty With Hong Kong Over New Security Law (Wall Street Journal) The New Zealand government suspended its extradition treaty with Hong Kong, joining the U.K. and others in protesting Beijing’s decision to impose a new security law on the city.
EU Levels Sanctions Over Hong Kong Security Law, Inching Toward Tough U.S. Stance on China (Wall Street Journal) The European Union imposed sanctions on China over its treatment of Hong Kong, inching the bloc closer to the Trump administration’s more hawkish stance toward Beijing.
EU to limit export of ‘sensitive’ tech in response to Hong Kong security law (POLITICO) Foreign ministers express ‘grave concern’ over China’s crackdown in the region.
Human rights activists urge Israel to stop spy tool exports to Hong Kong police (Haaretz) Petitioners say Israel's Cellebrite phone-cracking product is a 'dual-use' technology attacking pro-democracy protesters in Hong Kong
New head of GCHQ cyber security agency announced (The Independent) Lindy Cameron begins the role amid tensions around the Russia report
Ten Suggestions for a ‘Russia Strategy’ for the United Kingdom - War on the Rocks (War on the Rocks) The release of a long-delayed report on Russian interference in the United Kingdom by the British cross-party Intelligence and Security Committee has
()
Three questions the House should ask about antitrust and Section 230 (TheHill) The CEOs of Apple, Amazon, Google and Facebook are expected to appear this week before the House Judiciary Antitrust Subcommittee.
The five questions tech tycoons could face when they appear before Congress (The Telegraph) The hearing later this month will be the first time that Amazon chief executive Jeff Bezos has appeared before Congress
What to expect when tech’s tycoons come to Washington (The Telegraph) The chief executives of Amazon, Apple, Facebook and Google will give evidence in front of Congress on Wednesday
Congress has battled airlines, banks, tobacco and baseball. Now it’s preparing to clash with Big Tech. (Washington Post) Congress brought the country’s big banks to heel after the financial crisis, cowed a tobacco industry for imperiling public health and forced airline leaders to atone for years of treating their passengers poorly.
Big Tech to Appear Before Congress on Wednesday (Wall Street Journal) Big Tech will come under the national spotlight as four of its leaders face questions from members of Congress aiming to rein in what they believe is excessive power in the hands of a few giant companies.
Amazon, Apple, Facebook and Google Prepare for Their ‘Big Tobacco Moment’ (New York Times) The tech C.E.O.s will appear together at a congressional hearing on Wednesday to argue that their companies do not stifle competition.
Statement by Jeff Bezos to the U.S. House Committee on the Judiciary (US Day One Blog) Testimony before the Subcommittee on Antitrust, Commercial, and Administrative Law
Zuckerberg: Facebook has ‘more to do’ on fighting disinformation (POLITICO) But the CEO's prepared statement for a major House hearing also asserts that "companies aren’t bad just because they are big."
Too Big to Prevail: The National Security Case for Breaking Up Big Tech (Foreign Affairs) When executives at the biggest U.S. technology companies are confronted with the argument that they have grown too powerful and should be broken up, they have a ready response: breaking up Big Tech would open the way for Chinese dominance and thereby undermine U.S. national security.
Bill Gates: with private messaging we can't "intervene" in removing conspiracies and "misinformation" (Reclaim The Net) Bill Gates has some words on end-to-end encryption being able to bypass censorship.
Sens. Support Targeted Updates To Big Tech Liability Shield (Law360) Democratic Sen. Brian Schatz, D-Hawaii, lent his support for targeted updates to the so-called Big Tech liability shield during a Tuesday Senate Commerce subcommittee hearing, joining a chorus of bipartisan voices that say it makes sense to update a nearly 25-year-old law to weed out harmful content in the modern internet age.
Trump Can’t Ban TikTok, but He Can Hurt It (Foreign Policy) Banning a free app is probably impossible, but U.S. authorities have a large toolbox.
GOP Senate COVID Proposal Includes $1B for Huawei rip and Replace (Meritalk) Congress is looking to hammer out its next COVID-19 relief bill in the coming weeks and it looks like it will be a contentious negotiation. As part of its opening salvo, Senate GOP leadership released their policy proposal on July 27.
GOP stimulus bill includes $53 million for DHS cyber agency to protect vaccine research (TheHill) The coronavirus relief package rolled out by Senate Republicans on Monday includes $53 million for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to defend coronavirus
[Letter from six Senators on COVID-19 health data privacy] (US Senate) Dear Leader McConnell, Leader Schumer, Chairman Alexander, and Ranking Member Murray, As you begin negotiations on another coronavirus stimulus package, we write to urge inclusion of commonsense privacy protections for COVID health data.
Langevin Calls Hill Oversight on Cyber ‘Absolutely Essential’ (Meritalk) Rep. Jim Langevin, D-R.I. – one of the pioneering policy voices in Congress on cybersecurity issues – told MeriTalk in an exclusive interview that legislative oversight of Federal government actions in the cybersecurity arena remains “absolutely essential.”
US Army cyber chief outlines ten-year plan for information warfare (C4ISRNET) Lt. Gen. Stephen Fogarty sketched a road map for how his command can transition to information warfare.
Analysis | The Cybersecurity 202: The Trump administration's battle over mail-in voting heads to Congress (Washington Post) Attorney General Barr claimed without evidence U.S. adversaries could flood states with phony ballots.
Inhofe moves to block FCC commissioner’s confirmation over Ligado fight (C4ISRNET) The move may not have much impact on how the Ligado situation plays out, however.
Vermont Amends Data Breach Notification Law, Enacts Student Privacy Act (JD Supra) This post was co-authored with Kaylee Rose, first-year law student at Cumberland School of Law: Vermont Amends Data Breach Notification Law - On July...
Vermont amends data breach notification law with focus on biometric data protection (The Daily Swig | Cybersecurity news and views) Amendments expanding the scope of ‘personally identifiable information’ came into force on July 1
Litigation, Investigation, and Law Enforcement
Islamic State propaganda efforts struggle after Telegram takedowns, Europol says (CyberScoop) The terrorist group's activity has shifted from Telegram to other platforms like TamTam and Hoop Messenger, Europol analysts report.
Bank of Ireland Fined 1.7 Million Euros for Cyber-Fraud, Misleading Regulator (New York Times) Ireland's Central Bank fined the country's largest lender, Bank of Ireland, 1.7 million euros on Tuesday for regulatory breaches that caused loss to a client at its private banking arm and also for misleading the regulator.
()
US files new indictment against former Twitter employees accused of spying for Saudi Arabia (CyberScoop) U.S. prosecutors filed a superseding indictment against former Twitter employees who allegedly spied for Saudi Arabia, according to court filings obtained.
North Macedonia’s prosecutors investigate SEC software procurement after hacker attack (Intellinews) North Macedonia’s Public Prosecution Office has launched a pre-investigation procedure over the procurement of software for election purposes ...
Chili’s Gets Data Breach Class Claims Pared By Federal Court (Bloomberg Law) Chili’s restaurants beat some claims Monday in a Florida federal court that weak security let hackers access credit card data.
Lifespan agrees to pay $1.04 M in data breach settlement (The Public's Radio) A laptop stolen in 2017 contained protected information including the names, medical record numbers, demographic information, and medication information of 20,431 patients.
Lifespan Health System Hit With $1 Million HIPAA Fine (GovInfo Security) Federal regulators have slapped the Rhode Island-based health system Lifespan with a $1 million HIPAA settlement tied to a 2017 data breach involving the theft of
Justices Urged To Reject Web Filter 'Doomsday Scenarios' (Law360) Enigma Software Group USA LLC has urged the U.S. Supreme Court to preserve its unfair competition claims against security software company Malwarebytes and told the justices Malwarebytes was spinning "fictional doomsday scenarios" in an attempt to win the high court's favor.