DDoS at New Zealand's stock exchange. Flash alert warns of GoldenSpy. Hacker mercenaries. Thailand cracks down on social media.

Cyber Attacks, Threats, and Vulnerabilities

New Zealand's stock exchange hit by second cyber attack (Reuters) Trading on New Zealand's stock exchange was halted for several hours on Wednesday after what appeared to be a second offshore cyber attack in as many days, bourse operator NZX Ltd said.

DDoS attack strikes NZX again, halts trading for second time in two days (Security Brief) A joint statement from NZX and Spark, of which NZX is a customer, revealed the attack was successful in downing system and network connectivity for a brief time yesterday afternoon.

New Zealand Stock Trading Interrupted by Second Cyber Attack (Bloomberg) New Zealand’s stock exchange was halted for more than three hours on Wednesday as it came under cyber attack for a second day.

FBI/CISA Warn US Firms of State-Mandated Tax Malware (Infosecurity Magazine) Persistent Chinese attempts to obfuscate raises threat levels

Lazarus hackers target cryptocurrency orgs with fake job offers (BleepingComputer) North Korean hackers tracked as the Lazarus Group have been observed while using LinkedIn lures in an ongoing spear-phishing campaign targeting the cryptocurrency vertical in the United States, the United Kingdom, Germany, Singapore, the Netherlands, Japan, and other countries.

DPRK-aligned threat actor targeting cryptocurrency vertical with global hacking campaign (PR Newswire) Today, cyber security provider F-Secure published a report linking an attack against an organization working in the cryptocurrency vertical to...

Lemon_Duck cryptominer targets cloud apps & Linux (Sophos News) An aggressive cryptojacker tests new exploits as it rapidly adopts upgraded features

Hack-for-Hire Group Targets Financial Sector Since 2012 (SecurityWeek) A hack-for-hire group has been targeting organizations in the financial sector since 2012 for cyber-espionage purposes

DeathStalker cyber-mercenary group targets the financial sector (Security Affairs) A hack-for-hire group, tracked as DeathStalker, has been targeting organizations in the financial sector since 2012 Kaspersky researchers say. DeathStalker is a hack-for-hire group discovered by Kaspersky, it has been targeting organizations worldwide, mainly law firms and financial entities, since 2012. Victim organizations are small and medium-sized businesses located in Argentina, China, Cyprus, India, Israel, […]

Mercenary APT Group Spotted Targeting Autodesk Software (Infosecurity Magazine) Bitdefender claims hackers-for-hire stole IP from architectural firm

Malicious Autodesk plugin at root of cyber-espionage campaign (CyberScoop) Hackers-for-hire appear to be running real estate sector cyber-espionage campaigns, according to new BitDefender research.

APT Hackers Exploit Autodesk 3D Max Software for Industrial Espionage (The Hacker News) It's one thing for APT groups to conduct cyber espionage to meet their own financial objectives. But it's an entirely different matter when they are used as "hackers for hire" by competing private companies to make away with confidential information

Mercenary hacker group targets companies with 3Ds Max malware (ZDNet) Hacker-for-hire group uses a malicious 3Ds Max plugin to infect companies with malware and steal proprietary information.

More Evidence of APT Hackers-for-Hire Used for Industrial Espionage (Bitdefender) Bitdefender researchers recently investigated a sophisticated APT-style cyberespionage attack targeting an international architectural and video production company, pointing to an advanced threat actor and a South Koreanbased C&C infrastructure.

Android Spyware Abusing App Icons for Amazon, Netflix, and Other Popular Apps (SonicWall) Mobile applications have made our life easy be it entertainment, social media, e-commerce or banking, an app is available for everything. Popular app names are misused by malware authors to victimize users.

Ryuk successor Conti Ransomware releases data leak site (BleepingComputer) Conti ransomware, the successor of the notorious Ryuk, has released a data leak site as part of their extortion strategy to force victims into paying a ransom.

Enterprise Scale: How Public Storage Buckets Leaked Private Credentials (UpGuard) Several large storage buckets under the control of Hortonworks were configured for public access, exposing credentials and other internal data.

Chinese ad platform de-monetizes 1,200 popular iOS apps (SC Media) Malicious code embedded in the Chinese mobile ad platform Mintegral SDK, used by 1,200-plus iOS apps downloaded more than 300 million times monthly, is

Chinese ad platform using iOS SDK to steal ad revenue and exfiltrate data (Computing) More than 1,200 iOS apps use Mintegral's malicious SDK

'Meow' attacks top 25,000 exposed databases, services (SearchSecurity) According to the latest research, the 'meow' attacks have destroyed more than 25,000 misconfigured databases on the internet, the majority of which were free MongoDB and ElasticSearch databases.

Zero-day Safari browser flaw creates social engineering risk (The Daily Swig) ‘Oversharing’ web bug remains unresolved, researcher claims

FBI informant provides a glimpse into the inner workings of tech support scams (ZDNet) Court documents expose how tech support scammers operate.

Warning! Don’t Fall for This Tricky Netflix Phishing Email (Distractify) There’s a new phishing scam plaguing Netflix users. It claims that your billing information needs to be updated, but it’s not really from Netflix.

Hackers stole my Facebook page, then Facebook sold them ads: A cautionary tale (WHEC News10NBC) In consumer news, your Facebook account.

New Binance Exclusive Reveals The Bitcoin Exchange Might Have A Serious Problem (Forbes) Researchers have compiled information that could be damaging to Binance, one of the largest bitcoin exchanges in the world—suggesting the exchange is failing to prevent Ryuk hackers from turning the stolen bitcoin into cash...

Binance cleaned over $1M in Ryuk ransomware proceeds: report (CoinGeek) Binance accounts may have been used to launder over a million dollars in proceeds from the "Ryuk" ransomware, according to a new report.

DarkSide Ransomware hits North American real estate developer (BleepingComputer) North American land developer and home builder Brookfield Residential is one of the first victims of the new DarkSide Ransomware.

Insulin pumps among millions of devices facing risk from newly disclosed cyber vulnerability, IBM says (MedTech Dive) The firm's hacking team said the vulnerability may allow criminals to remotely alter patient dosing, as well as manipulate readings from medical device monitors "to cover up concerning vital signs or create false panic."

Chinese phones with built-in malware sold in Africa (BBC News) The malicious code could sign owners up to subscription services without permission.

Shoring Up the 2020 Election: Secure Vote Tallies Aren’t the Problem (Threatpost) With many in the public sphere warning about a potential compromise of the integrity of the Presidential Election, security researchers instead flag online resources and influence campaigns as the biggest problem areas.

Advantech iView (CISA) 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: iView Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read/modify information, execute arbitrary code, limit system availability, and/or crash the application.

WECON LeviStudioU (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd (WECON) Equipment: LeviStudioU Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application.

Emerson OpenEnterprise (CISA) 1. EXECUTIVE SUMMARY CVSS v3 3,8 ATTENTION: Low skill level to exploit Vendor: Emerson Equipment: OpenEnterprise SCADA Software Vulnerability: Inadequate Encryption Strength 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to credentials held by OpenEnterprise used for accessing field devices and external systems.

YMCA Twin Cities reveals data breach, says vendor paid ransom to hacker (Bring Me The News) Details impacted include members' names and addresses.

Scranton’s computer systems victims of ransomware cyber-attack (PAhomepage.com) According to a press release, on August 24th, 2020, the city of Scranton reported an incident that affected the operability of certain non-emergency response computer systems.

Ransomware cyber-attack on Scranton's computer systems (WILK-FM) Scranton officials say it was a ransomware cyber-attack that affected the city's non-emergency computer systems this past weekend.

Cyber attack threatens security, finances of Torrington City Hall (Republican-American) Hackers hit City Hall with a crippling ransomware attack last week and the city slowly is regaining access to its computer systems. The attack struck the city’s information…

Cyber attack cripples remote learning for Haywood students (The Mountaineer) Cyber criminals targeting Haywood County Schools with ransomeware derailed remote learning this week, with school called off Monday, Tuesday and Wednesday so far.

NC food banks, universities attacked in widespread Blackbaud data breach of nonprofits (Herald-Sun) The Food Bank of Central & Eastern North Carolina told donors Friday that it was a victim in a widespread data breach that has affected numerous nonprofits.

College of the Desert Riled by Malware Attack (Inside Higher Ed) The College of the Desert experienced a malware attack Sunday that brought down email and web servers.

Customers complain of delays after ransomware attack on delivery company Canpar Express (Montreal CTV News) Canadian delivery company Canpar Express experienced a ransomware attack Wednesday, and the company is investigating as customers are forced to hold their deliveries.

Security Patches, Mitigations, and Software Updates

Microsoft Patches Code Execution, Privilege Escalation Flaws in Azure Sphere (SecurityWeek) Recently addressed Microsoft Azure Sphere vulnerabilities could lead to the execution of arbitrary code or to elevation of privileges

Safari security breach can expose user browsing history, already fixed in iOS 14 beta (9to5Mac) A new security breach found in iOS 13 and macOS Catalina can lead anyone to get the user’s navigation history in Safari. Due to an unexpected behavior, Safari Web Share API is able to access internal system files such as the browsing history database, which can be easily shared through other apps. As explained by […]

Apple's iOS 14 Public Beta 6 Is Out, Features Spatial Audio & Small Tweaks to Mail, App Library, Photos & More (Gadget Hacks) At first, it may look like it's mostly a behind-the-scenes update, but iOS 14 public beta 6 is more than just that. The biggest addition to iOS 14 for iPhone in this version is the beginning of Spatial Audio, an AirPods Pro feature. Other notable changes in beta 6 appear in Maps, Mail, App Library, Photos, the home screen, and widgets, as well as in apps where you choose times.

Firefox 80 released with new and faster extensions blocklist (BleepingComputer) Mozilla has released Firefox 80 today, August 25th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with new features, bug fixes, changes, enterprise improvements, and several security fixes.

Cyber Trends

Report: 90% of OT leaders have experienced at least one intrusion in the past year (ITWeb) OT security remains a challenge for leaders across industries, says Doros Hadjizenonos, regional sales director at Fortinet.

Attacker’s behaviour shaped by systemic factors, not COVID (ITWeb) We may be seeing what’s easy to believe, and missing some of what is really significant in terms of what happened.

Smart cities — a cybersecurity wildfire waiting to happen? (TechHQ) The smart city is an exciting concept where technology is used to enhance citizens’ lives, make governance more effective and resource consumption more

It's time to wipe the security slate clean and start over (SiliconANGLE) Thousands of internet posts, including quite a few from theCUBE, have highlighted the increased security risk created by an expanding attack surface area. In the fight to protect sensitive data, companies have gathered security tools boxes filled with solutions and established set-in-stone routines to reduce potential exposure.

82% of IT leaders plan to adopt 5G in the next 6 – 12 months (Atlas VPN) According to data acquired Atlas VPN investigation, 82% of IT leaders across different industries plan to implement a 5G connection in the next 6 - 12 months.

Marketplace

ConvergeOne Announces Strategic Acquisition Of Altivon (PR Newswire) ConvergeOne, a leading global IT services provider of collaboration and digital infrastructure solutions, today announced that it has acquired...

AffirmLogic Secures $25 Million Equity Financing (Valdosta Daily Times) Today, AffirmLogic, the leader in applying mathematical foundations to compute the deep meaning of software, announced the close of a $25 million equity financing round.

SaaS Security Platform Provider ReliaQuest Raises $300 Million (SecurityWeek) SaaS security platform provider ReliaQuest raises $300 million in a funding round led by KKR

Tampa cybersecurity firm ReliaQuest raises $300 million (St Pete Catalyst) One of the fastest-growing technology companies in the Tampa-St. Petersburg area has hit a milestone. KKR, a global investment firm, led a more than $300 million funding round for ReliaQuest, a cybersecurity company headquartered in Tampa. Ten Eleven Ventures and Brian Murphy, ReliaQuest founder and CEO, also participated in the investment round. The new money [...]

MDR Funding: Blackpoint Cyber Confirms Series B Financing (MSSP Alert) Blackpoint Cyber, a managed detection & response (MDR) cybersecurity service provider, raises Series B funding & adds former Cisco executive to board.

Kaseya Acquires Graphus Security; MSPs Gain Email Phishing Mitigation (ChannelE2E) Kaseya acquires Graphus. MSPs gain cloud-based email security and phishing defense platform for Microsoft Office 365 and Google G Suite.

Plurilock Announces Conditional Approval to List on the TSX-V (Stockhouse) Plurilock Security Solutions Inc., a leading provider of invisible and continuous authentication technologies for enterprises, and Libby K Industries Inc. (TSXV: LBB.P) ("Libby K"), along with 01243540 B.C. Ltd., a wholly owned subsidiary of Libby K., are pleased to announce that they have received conditional approval from the TSX Venture Exchange (the "TSXV") in respect to the "Qualifying Transaction" as such term is defined in Policy 2.4 of the Corporate Finance Manual (the "Policy") of the TSXV (the "Transaction").

Fiddler Secures Strategic Investment from Amazon Alexa Fund (AiThority) Fiddler announced a strategic investment by the Amazon Alexa Fund to advance its explainable monitoring solution.

Palantir files for IPO with manifesto against Silicon Valley surveillance (Los Angeles Times) The secretive data analytics company Palantir released financial documents in advance of its initial public offering — and a screed against its tech world competitors.

Palantir plans to go public as it moves away from reliance on government work (MarketWatch) Palantir Technologies Inc. has created controversy by selling its data software to militaries and other enforcement agencies for years, but it has the...

Leaked S-1 says Palantir would fight an order demanding its encryption keys (TechCrunch) The Trump administration has made several efforts to undermine and weaken encryption.

CIA-backed Palantir slams 'Silicon Valley elite' as it files to go public (The Telegraph) Palantir generated $120m in revenue from the UK in 2019

Palantir CEO takes shots at critics, rivals in filing for direct listing (Silicon Valley Business Journal) The CEO of the company founded by Peter Thiel and other early PayPal executives threw some shade at critics and rivals in a pointed letter that was included in its filing for a direct listing.

Cypherium Listed as Preferred Startup by French Investment Bank (Finance Magnates) Cypherium builds scalable, permissionless hybrid blockchain systems that are designed to support billions of users.

Kudelski Security Recognized as a Leader in Managed Security Services Evaluation (PR Newswire) Kudelski Security, the cybersecurity division within the Kudelski Group (SIX:KUD.S), today announced that it has been recognized by Forrester...

Accenture layoffs hit up to 25,000 staff globally (CRN Australia) Including Australian operations.

Toronto, the new cyber security hub? - IFSEC Global | Security and Fire News and Resources (IFSEC Global) Is Toronto the next hub for cyber security? Shimon Brathwaite certainly believes the evidence suggests so.

Background investigations: How to get a security clearance for a federal job (Federal Times) Every job in the federal government requires some form of background investigation, but not all require security clearances.

Amir Elbaz, BeyondEdge CEO, named to Board of Directors for Building Cyber Security (Help Net Security) BeyondEdge announced its CEO Amir Elbaz has been named to the Board of Directors for Building Cyber Security (BCS).

Kenna Security Adds David La France as Vice President of Engineering (GlobeNewswire) La France, who has led multiple high-revenue teams, will oversee all of Kenna Security’s engineering functions

Corelight Appoints Brian Dye CEO and Michele Bettencourt as Executive Chair of the Board to Usher in Next Growth Phase (PR Newswire) Corelight, provider of the industry's first open network detection and response (NDR) platform, today announced three new leadership...

(ISC)2 Names Professional Membership Association Veteran Clar Rosso as CEO (PR Newswire) ISC)² – the world's largest nonprofit membership association of certified cybersecurity professionals – today appointed Clar Rosso as the...

Products, Services, and Solutions

Nozomi Networks OT and IoT Security Solutions Now Available in the Microsoft Azure Marketplace (Nozomi Networks) Microsoft Azure customers worldwide can now quickly access the OT & IoT visibility and security they are missing across distributed cloud and edge environments with proven solutions optimized for scale, performance and resilience

Panaseer Automates IRM with Archer Integration (Panaseer) Integration enables GRC teams to get automated continuous controls and risk …

Menlo Security Partners with Leading Content Disarm and Reconstruction (CDR) Solutions to Prevent Known and Unknown File-borne Threats (Menlo Security) Menlo Security joins the Microsoft Active Protections Program to provide defenses to customers faster

Distology Announces New Partnership with Award Winning Data & Payment Security Provider (comforte) Distology and comforte have entered into a partnership to provide world class data & payment security.

Cowbell accelerates digitization of cyber insurance with platform up[dates (Cowbell Cyber) Cowbell announce enhancements which allows for larger risk underwriting with accuracy and Cowbell Insights for policyholders to mitigate cyber risks

BackupAssist ER Fully Automated Disk to Disk to Cloud Backup Software Launches (Cyber Resilience Blog) Bridges Gap Between Traditional Backup and Disaster Recovery as a Service (DRaaS)

Pulse Secure NAC Extends Zero Trust Network Assurance as Users, Endpoints and IoT Devices Return to a Hybrid Workplace (GlobeNewswire) New Pulse Policy Secure delivers continuous compliance with enhanced endpoint and IoT visibility, control, remediation and threat response

Microsoft Announces Public Preview of Application Guard for Office (SecurityWeek) Microsoft announced on Monday that Application Guard for Office, which is designed to protect users against malicious documents, is now available in public preview

SUPERAntiSpyware Announces Major Upgrade to Professional Edition Anti-Malware Software (TWICE) New Pro X edition features malware detection engine fueled by machine-learning AI

Zenith Systems launches LogPoint for SAP, addressing the SAP security blind spot (ITWeb) The lack of security in ERP systems is addressed in the LogPoint for SAP solution.

Radware Expands the Global Footprint of Its Cloud Security Services (GlobeNewswire) Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, announced the addition of three new scrubbing centers in India, Brazil and Israel.

Polyverse Partners With SUSE to Protect Against Zero-Day Attacks (AiThority) Polyverse Corporation has entered into an agreement with SUSE to provide Polymorphing for SUSE Linux Enterprise Server.

Farm Bureau Insurance of Michigan Adopts Verisk’s LOCATION Platform to Deliver Address-Level Fire Protection Data (GlobeNewswire) Public Protection Classification (PPC) Data to Help Support Digital Transformation of Its Property Underwriting

RackTop Systems Unveils New Features in BrickStor Security Platform... (Enterprise Security) RackTop Systems has announced the availability of primary features in the BrickStor Security Platform (SP) to improve data security.

Telos Helps IronNet Cybersecurity Achieve FedRAMP Ready Status (GlobeNewswire) Cyber risk management solution, Xacta 360, automates and streamlines FedRAMP compliance for collective defense leader

Huawei passes first phase of GSMA 5G security tests (TechRadar) GSMA tests aim to increase industry transparency

Cancel Culture is coming for you (PR Newswire) KLOAKr announced today that they have developed an application that keeps text messages secret by "cloaking" iMessages. KLOAKr uses multiple...

Centrify Continues to Modernize Privileged Access Management for DevSecOps with SSH Key Management (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today added additional modern PAM integration capabilities enabling DevSecOps with new Secure Shell (SSH) key management features included in the 20.4 release of Centrify Privileged Access Service.

Technologies, Techniques, and Standards

Shields Up: A Good Cyber Defense Is an Active Defense (The MITRE Corporation) MITRE Shield offers a free resource for cyber defenders who want to take the advantage of what they can learn from intruders with an active defense.

Cybersecurity Operations: 5 Ways to Cut Costs Without Pain (Security Intelligence) Cybersecurity operations costs can be high. Learn strategies for making sure your SOC can operate on a reduced budget without sacrificing effectiveness.

Council Post: Despite What They Tell You, The Prevention Of Cyberattacks Is Achievable (Forbes) It's critical that IT security staff know that resilient prevention is achievable.

Podcast Episode #19: ‘Is the U.S. Doing Enough to Secure the Grid?' with Joe Weiss of Applied Control SolutionsEnergy Central Jobs (Energy Central Power Perspectives™) In recent months, the federal government and the utility sector have come to a reckoning about the state of cybersecurity on the U.S. grid, leading to an Executive Order from the President to prevent foreign-made equipment to be installed on the grid due to potential creation of backdoors into our vulnerable systems by foreign adversaries.

Ohio invites hackers to try to break into voting websites (WCPO) Ohio calls it a Vulnerability Disclosure Policy. No other state has one, and Ohio Secretary of State Frank LaRose thinks it makes voting safer.

Work-From-Home Cyber Security Risks: Three Ways to Protect Your Network (PR Newswire) Responding to the rapid increase in work-from-home cyber security incidents at small and midsized businesses (SMBs), DIGIGUARD is now focusing...

Design and Innovation

After sending content moderators home, YouTube doubled its video removals (Protocol) The company said it had to "accept a lower level of accuracy" to protect YouTube users when it relied more heavily on algorithmic moderation.

Leaders at Navy’s innovation ‘super-connector’ give advice for getting in the door (Federal News Network) Leaders from NavalX gave advice for pitching to the Department of the Navy and discussed how to connect smaller players to innovation hubs.

Research and Development

The Industrial Age of Hacking (USENIX) There is a cognitive bias in the hacker community to select a piece of software and invest significant human resources into finding bugs in that software without any prior indication of success.

Academia

Colleges Weigh Transparency Versus Privacy When It Comes to Covid-19 Data (Wall Street Journal) As college students return to campus, administrators face a tug of war between providing information about Covid-19 cases and protecting the identities of those infected, leading to a patchwork of reporting.

Legislation, Policy and Regulation

Thailand vows to step up action vs ‘illegal’ online sites (Washington Post) A top official in Thailand said Wednesday that his country will step up action against online content that breaks its laws, two days after forcing Facebook to block a group that was posting material critical of the monarchy.

Canada has effectively moved to block China's Huawei from 5G, but can't say so (Reuters) Canada is the only member of the Five Eyes intelligence-sharing network that has not formally blocked Huawei from 5G networks, but it has effectively done just that, delaying a decision long enough to force telecom companies to exclude the Chinese gear maker.

Banning Huawei won’t be a viable choice for India despite national security interests (Quartz India) India's telecom sector is heavily dependent on both Huawei and ZTE mainly because they are more economical compared to other options.

Taiwan and US join forces on 5G security in move to exclude China (Nikkei Asian Review) Joint declaration bolsters 'Clean Network' initiative as Huawei fights for future

US-China ties | The tap on Huawei has been turned off. What next? (Moneycontrol) Whatever the fates will yield in November, it is clear that US-China relations are not going to get back to what they were before 2018

As TikTok and Huawei Restrictions Mount, Americans See China as Top Threat to Silicon Valley’s Tech Dominance (Morning Consult) With the backdrop of the Trump administration’s continued restrictions and threats against China-based Huawei Technologies Ltd. and ByteDance Ltd.’s TikTok, a new survey indicates that Americans see China as the top threat to Silicon Valley’s dominance in the global tech industry.

Commerce Department Adds 24 Chinese Companies to the Entity List for Helping Build Military Islands in the South China Sea (U.S. Department of Commerce) The Bureau of Industry and Security (BIS) in the Department of Commerce (Commerce) added 24 Chinese companies to the Entity List for their role in helping the Chinese military construct and militarize the internationally condemned artificial islands in the South China Sea.

Doha, like Abu Dhabi, also hooked on Israeli technology (Intelligence Online) While the United Arab Emirates has recently officialised its love-in with Tel Aviv, Qatar is just as keen to avail itself of Israeli private security and intelligence know-how.

US Cyber Forces Go Hunting for Election Trouble (Voice of America) U.S. forces are taking an aggressive approach in cyberspace ahead of November’s presidential election, aiming to wipe out threats from foreign countries and other actors before they have a chance to disrupt voting or other critical, election-related systems. “Cyber Command needs to do more than prepare for a crisis in the future; it must compete with adversaries today,” Gen. Paul Nakasone, head of U.S. Central Command, and senior adviser Michael Sulmeyer said in a piece published Tuesday in Foreign Affairs magazine. The strategy, described by top officials at U.S.

Cyber Command takes the fight abroad (FCW) The head of U.S. Cyber Command defends 'persistent engagement' strategy with adversaries, explaining that proactive cyber operations won't lead the U.S. into an 'all out war.'

Military’s top cyber official defends more aggressive stance (Military Times) The military’s cyber fighters have moved away from a “reactive, defensive posture” and are increasingly engaging in combat with foreign adversaries online, says the USCYBERCOM leader in a commentary published Tuesday.

The Cybersecurity 202: NSA and Cyber Command chief pledges muscular defense of November election (Washington Post) The country's lead military and intelligence cybersecurity agencies are preparing for a full-scale battle to protect the November election from Russia and other adversaries.

US Cyber Command’s top general makes case for partnering with tech firms (C4ISRNET) Gen. Paul Nakasone, the head of the NSA and Cyber Command, says there's a need for the government and the private tech sector to join forces against burgeoning cyberthreats.

Ex-Intel Chief: 'I Wish We Had Taken More Action' Against Russian Meddling (90.1 FM WABE) Former NSA chief Mike Rogers says the intelligence community knew Russia was taking unprecedented steps during the 2016 election, but only later did it fully grasp the extent of that effort.

Algorithmic Warfare: Army Consolidating Cyber Operations Forces (National Defense) After years of planning, the Army has consolidated its various cyber elements and coalesced them at Fort Gordon, Georgia. The move is creating synergies as the nation faces increased competition in the digital realm, officials said.

NSW pledges AU$60m to create cyber 'army' (ZDNet) As part of the New South Wales government's AU$240 million commitment to all things cyber.

Litigation, Investigation, and Enforcement

Israeli phone hacking company faces court fight over sales to Hong Kong (MIT Technology Review) Human rights advocates filed a new court petition against the Israeli phone hacking company Cellebrite, urging Israel’s ministry of defense to halt the firm’s exports to Hong Kong, where security forces have been using the technology in crackdowns against dissidents as China takes greater control. In July, police court filings revealed that Cellebrite’s phone hacking…

Facebook shares data on Myanmar with United Nations investigators (Reuters) Facebook says it has shared data with United Nations investigators probing international crimes in Myanmar, after the lead investigator said the company was withholding evidence.

Facebook prepares legal action against Thai government's order to block group (CNN) Facebook is planning legal action after the Thai government forced it to block a group deemed critical of the country's monarchy.

Which countries have been the biggest GDPR rule-breakers? (CRN) UK-based financial analysts Finbold rank which EU nations have been the top violators of GDPR this year

European Regulators List Detailed Privacy Violations to Justify Fines (Wall Street Journal) Detailed decisions from regulators can help companies improve privacy and security measures and can help other firms avoid similar failings, privacy experts say.

Russian national arrested in US for conspiracy to commit cyber attack (TASS) The US Justice Department noted that Egor Kriuchkov had allegedly offered $1 million to join the criminal scheme

US officers arrest Russian national for plotting to attack American firm (Computing) Egor Igorevich Kriuchkov allegedly offered an employee at the firm $1 million for help in installing malware onto the company network

Russian accused of plotting computer malware attack against Nevada company (LasVegasSun.com) A Russian man flew to Northern Nevada this summer tooffer an acquaintance $1 million to help hack into their employer’s computer, according to the ...

Police investigators blame Algeria for coronavirus-themed phishing attacks (CyberScoop) An Algerian web developer who claims to have “a demonstrated history of working in the internet industry” has launched coronavirus-themed email scams and helped build other hacking tools, according to a police intelligence report.

Gujarat turns hub of cyber crime during lockdown (The Indian Express) As per data released by the Cyber Crime Cell of Ahmedabad Police, over 15,300 complaints related to financial frauds have been received from all over Gujarat between January and July this year.

NJ 211 and Cybercrime Support Network Launch New Jersey’s First Cybercrime Hotline (GlobeNewswire) NJ 211 and the Cybercrime Support Network (CSN) announce the launch of New Jersey's first cybercrime support and recovery hotline.

Trump's Chicago Hotel Hit With Biometric Privacy Suit (Law360) President Donald Trump's downtown Chicago luxury hotel was hit with a proposed class action Monday accusing it of violating Illinois' landmark biometric privacy law by failing to get workers’ written permission before making them use their fingerprints to clock in and out.