Cyber conflict in the Caucasus. Zerologon exploited in the wild. Emotet rising. Silicon Valley's Gilded Age?

Cyber Attacks, Threats, and Vulnerabilities

South Korean Activists Accuse China of Using Huawei to Hack Their Election (The Daily Beast) Conspiracy theories about Chinese influence and interference in the April elections have regained currency as President Moon loses popularity.

Could a cyber-hack trigger the next Chernobyl? (The Telegraph) There has been a steady trickle of skilled hacking groups seeking to break into the computer networks of nuclear power stations

Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated (CyberScoop) More than 200 people have died in clashes between ethnic Armenian separatists and Azerbaijani government forces over the breakaway region of Nagorno-Karabakh in the last 10 days.

US warns: Big surge in Emotet malware campaigns makes it one of today's top threats (ZDNet) CISA's intrusion-detection system has picked up 16,000 alerts over Emotet threats to government networks since July.

CISA alert warns of Emotet attacks on US govt entities (Security Affairs) The CISA agency is warning of a surge in Emotet attacks targeting multiple state and local governments in the US since August. The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August. During that […]

Emotet Malware (CISA) This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC).

Release the Kraken: Fileless APT attack abuses Windows Error Reporting service (Malwarebytes Labs) We discovered a new attack that injected its payload—dubbed "Kraken—into the Windows Error Reporting (WER) service as a defense evasion mechanism.

PoetRAT: Malware targeting public and private sector in Azerbaijan evolves (Cisco Talos) The Azerbaijan public sector and other important organizations are still targeted by new versions of PoetRAT. This actor leverages malicious Microsoft Word documents alleged to be from the Azerbaijan government.

A New Attack Vector Discovered in Comcast's Remote (Guardicore - Data Center and Cloud Security) Guardicore's cybersecurity research team discovered a new attack vector on Comcast's XR11 voice remote that would have allowed attackers to turn it into a listening device – potentially invading remote control security.

Microsoft says Iranian hackers are exploiting the Zerologon vulnerability (ZDNet) Microsoft links back the attacks to an Iranian hacker group known as Mercury, or MuddyWater.

Iranian hackers targeting Zerologon flaw, says Microsoft (TechRadar) Now is the time to patch your organization's domain controllers

CISA and CNMF identify a new malware variant (Security Magazine) The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have identified a malware variant — referred to as SLOTHFULMEDIA — used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal.

FBI, NSA confident in election: 'Security of your vote has never been higher,' says cyber security agency (USA TODAY) William Evanina, director of the National Counterintelligence and Security Center said the "election system remains resilient."

Opinion | Russia Can Interfere Only if We Let It (New York Times) Moscow’s operatives did not invent our crude tribal politics; they just exploited them.

The Cybersecurity 202: Russia’s the top election threat but top Trump officials rarely say it. (Washington Post) Russia remains the prime threat to November's elections, a new Department of Homeland Security report makes clear, even as the Trump administration tries to shift blame to other adversaries.

Pa.’s voter website crash stems from a Unisys-run data center that broke down last weekend in Virginia (Inquirer) Officials won’t say why it crashed. Much of the state’s data — voter registrations, tax payments, and orders from the state liquor monopoly — are held in a building in Loudon County, Va.

Florida Extends Registration Deadline After Voting Website Crashes (New York Times) Florida’s voter registration website experienced more than a million requests per hour, prompting the state to extend the registration deadline.

Facebook now removing all QAnon content (NASDAQ:FB) (Seeking Alpha) Facebook (NASDAQ:FB) says as of today, it's removing any Pages, Groups and Instagram accounts representing the movement around QAnon, "even if they contain no violent content." That's an update to a previous policy where it removed content associated with QAnon when it discussed potential violence.

Facebook bans QAnon across its platforms (NBC News) The change is a significant escalation over its previous actions targeting QAnon and one of the broadest rules the social media giant has put in place in its history.

An Update to How We Address Movements and Organizations Tied to Violence (About Facebook) Taking action against Facebook Pages, Groups and Instagram accounts tied to QAnon, offline anarchist groups that support violent acts amidst protests, and US-based militia organizations.

Palo Alto Networks Exposes Multi-Million-Dollar Cloud Misconfigurations (SDxCentral) Palo Alto Networks discovered two critical AWS cloud misconfigurations that could have led to a mulit-million-dollar data breach.

Apple's T2 Security Chip Has an Unfixable Flaw (Wired) The Checkm8 vulnerability that exposed years of iPhones to jailbreaking has finally been exploited in Macs as well.

Wi-Fi security: FBI warns of risks of using wireless hotel networks (TechRepublic) Wi-Fi networks in hotels typically favor guest convenience over strong security practices, says the FBI.

The anatomy of a $15 million cyber heist on a US company (BleepingComputer) Experienced fraudsters made off with $15 million from a U.S. company after carefully running an email compromise that took about two months to complete.

Another Gang Hides Ransomware Inside Virtual Machines (Data Center Knowledge) The Maze ransomware attack involved a full Windows 7 install and, like in the Ragnar Locker case, was hidden inside an Oracle VirtualBox.

Inside the Bulletproof Hosting Business: Cybercriminal Methods and OpSec (Trend Micro) Bulletproof hosting (BPH) services have long been crucial parts of the cybercriminal infrastructure. How do they protect malicious activities, and how do cybercriminals use them to stay in business?

Massive data breach in Uganda hits three big tech companies (TechCabal) Unidentified hackers gained access to the system of Pegasus technologies, a third-party service that handles billing for telcos. Reports say up to $200,000 was stolen from Airtel money alone.

Sisters of Charity Health System Informs Patients of Data Breach (HOTforSecurity) As the year unfolds, more victims of the Blackbaud data breach come forward. The Sisters of Charity Health System (SCHS) recently disclosed that intruders may have accessed backup copies used by SCHS for fundraising during the cyberattack on... #Dataexposure #dataleak #SistersofCharityHealthSystem

Miss. ambulance service reports ransomware data breach (EMS1) AAA Ambulance Service reported that some individuals' personal information was accessed during the breach, including names, social security numbers and medical information

Notification of Data Security Incident (AAA Ambulance Service, Inc.) AAA Ambulance Service, Inc. (“AAA”) discovered a data security incident that may have impacted personal information and protected health information belonging to certain individuals.

Former Mayo Clinic employee improperly accessed 1,600-plus patient health records (Star Tribune) Social Security numbers, payment card information and bank account numbers weren't accessed.

Cyber attack: CMA CGM slow to restore e-commerce services (JOC) Some of CMA CGM’s regional subsidiaries are now fully operational following last week’s data breach,as the group’s worldwide agency network is being gradually reconnected.

Hackers Are Getting Bolder With Ransomware Attacks on Schools and Hospitals (Cheddar) Recent victims of ransomware attacks span the public and private sectors and include Universal Health Services, one of the largest hospital systems in the U.S., and the Clark County School District in Las Vegas.

City: Malware notices going out to those affected, internal investigation complete (WBIR) "Notification letters are now being mailed out to those affected, in accordance with applicable law," a city release states.

Trump Covid post deleted by Facebook and hidden by Twitter (BBC News) Twitter hid an identical post saying virus was less lethal than the flu season in most populations.

Security Patches, Mitigations, and Software Updates

Instagram marks its 10th anniversary with new anti-bullying features (Engadget) Instagram is celebrating its tenth anniversary with new anti-bullying features and the return of tis photo map.

Cyber Trends

Payment card security remains lax, says Verizon Business report (ZDNet) The Verizon Business 2020 Payment Security Report highlights that PCI DSS compliance is down 27.5% from 2016.

New research indicates over two thirds of businesses experienced increase in endpoint and IoT security incidents in the past 12 months (GlobeNewswire) Malware, insecure networks, and remote access top list of concerns as organisations embracing home working and hybrid IT face growing cyber threats

Extensive New Poll Finds Most Americans Support Facial Recognition (Security Industry Association) A new survey of 1,000 adults found that most Americans support the use of facial recognition across a wide range of applications.

Survey: IT Remains Blind to Millions as a Quarter of Remote Workers Would Rather Suffer in Silence than Engage Tech Teams (NetMotion Software) As our workforce shifted to a Work From Anywhere model this year, the relationship between IT and the employees they serve has undergone a dramatic change.

Two thirds of businesses saw rise in security incidents in the past 12 months (ITProPortal) Businesses everywhere expect to be compromised through their IoT devices sooner rather than later.

Marketplace

DISA seeks Defensive Cyber Ops support | Intelligence Community News (Intelligence Community News) Defensive cyberspace operations is defined as missions to preserve the ability to utilize blue cyberspace capabilities and protect data.

Telos,cybersecurity provider for Amazon and the CIA, files for $242M IPO (Seeking Alpha) Telos (TLS) provides cyber security and identity management solutions. The company is seeking $241.5M in a Nasdaq IPO under the "TLS" ticker.

ZeroFOX acquires Cyveillance threat intelligence business from LookingGlass (News Break) ZeroFOX has acquired LookingGlass Cyber Solutions' Cyveillance threat intelligence business. Announced on Tuesday, the deal is designed to merge the ZeroFOX Digital Risk Protection Platform and Cyveillance's threat intelligence data trove and dark web intelligence capabilities. ZeroFOX says that snapping up the business, previously a subsidiary of LookingGlass, is a...

Cyveillance business unit acquired by ZeroFOX in groundbreaking partnership (LookingGlass Cyber Solutions Inc.) LookingGlass Cyber Solutions and ZeroFOX have finalized a groundbreaking partnership, with ZeroFOX acquiring the talent and assets of the Cyveillance, October 6, 2020

Baltimore-based cybersecurity company ZeroFOX acquires threat intelligence firm (Baltimore Sun) A South Baltimore cybersecurity company has acquired an Internet intelligence firm headquartered in Reston, Virginia, creating the industry’s largest threat intelligence team

ZeroFOX acquires threat intelligence brand Cyveillance, grows to 400+ employees (Technical.ly Baltimore) Through the acquisition from LookingGlass Cyber Solutions, Federal Hill-based ZeroFOX is adding a big data store, analyst talent and a Reston, Virginia, presence.

Salesforce-Backed Tanium Quietly Raising New $200M Round (CRN) Tanium Orion Hindawi told CRN in December that he rather the company stay private despite all its funding.

Maitland cybersecurity firm ThreatLocker to use VC to continue rapid growth (Orlando Business Journal) A Maitland-based cybersecurity firm’s recent investment deal will help it continue what its CEO calls a “big growth stretch.”

NormShield Secures $7.5 Million in Series A Funding (PR Newswire) NormShield, the cyber risk rating company, announced today the closing of $7.5 million in Series A funding led by Moore Strategic Ventures, LLC...

Tanium Raises $150M in Funding Round (FinSMEs) Tanium, an Emeryville, Calif.-based provider of unified endpoint management and security built for the world’s most demanding IT environments, completed the sale of an additional $150m in common stock

Palantir Stock Looks Attractive At $9, But There Are Two Key Concerns (Forbes) Palantir, the big data and analytics software company, debuted on the public markets last month and is currently valued at about $15 billion, or about $9 per share, trading at about 14.5x projected 2020 Revenues. This appears like an attractive valuation, considering that Palantir is on track to...

Peter Thiel's dystopian cyberpunk business Palantir bombed its Initial Public Offering (Boing Boing) When you search for “Palantir” on Google, the search engine prompts with a few people related search options. The Top 2 being: “What does Palantir do?” and “Why is Pal…

DIA awards nearly $800 million in work to major defense primes (C4ISRNET) The DIA made two awards to Northrop Grumman and GDIT

Big Tech holding up after antitrust report: At the Open (SeekingAlpha) Megacap stocks are holding onto premarket gains despite a House antitrust report saying that business separations may be needed.

“Passive reliance on toxic revenues no longer acceptable for MNOs” Upstream says at Global Carrier Billing Summit 2020 (RealWire) Head of Secure-D at Upstream, Geoffrey Cleaves, on the pressure to keep mobile users safe amid increasingly sophisticated fraud London, October 7th, 2020 Fraud prevention technology will cut toxic revenue for mobile network operators (MNOs), keep customers safe, safeguard user experience and cut down complaints

News Corp. changes its tune on Big Tech (Axios) Today, "the terms of trade truly have changed."

Gartner names Humio a Cool Vendor in Performance Analysis (Humio) Humio, the only log management platform enabling complete observability for all streaming logs in real time and at scale, self-hosted or in the cloud, today announced that Gartner has recognized it as a Cool Vendor based on the October 5, 2020 report titled “Cool Vendors in Performance Analysis”.

Jetico Announces Commitment to Global Efforts Supporting Online Safety and Privacy for Cybersecurity Awareness Month (PR.com) Jetico today announced its commitment to Cybersecurity Awareness Month by signing up as a Champion and joining a growing global effort to promote the awareness of online safety and privacy.

Spyderbat Bolsters Team In Their Mission to Redefine Cybersecurity Ope (PRWeb) Spyderbat, Inc., has appointed serial entrepreneur and cybersecurity veteran John McHale to the company’s board of directors while also expanding the produc

Bugcrowd Appoints David Castignola as Chief Revenue Officer (BusinessWire) Bugcrowd, the crowdsourced cybersecurity platform, today announced the appointment of David Castignola as Chief Revenue Officer (CRO). Castignola’s ap

vArmour Appoints Chris Dentiste as Chief Financial Officer to Bolster Business Leadership and Corporate Strategy (GlobeNewswire) Finance veteran brings 30 years of security and high-tech industry experience to drive business growth and maximize profits

Digital Guardian Appoints Tim Bandos as Chief Information Security Officer (Digital Guardian) Digital Guardian, a leader in data loss prevention and managed detection and response, today announced Tim Bandos will become Chief Information Security Officer (CISO).

IDology Appoints Christina Luttrell as CEO (PR Newswire) IDology, a GBG company, today announced that Christina "Chris" Luttrell has been appointed as CEO. Previously COO of IDology, Luttrell has been...

LookingGlass Expands Executive Team Leading Company’s Vision of Next-Generation Cybersecurity Products (LookingGlass Cyber Solutions Inc.) Industry veterans bring decades of government and commercial cyber risk experience to LookingGlass’ product portfolio empowering customers to anticipate and block threats across the extended enterprise, October 7, 2020

Robert Cariddi, Former SVP of Sales at SentinelOne and WhiteHat Security, Joins Acreto as Chief Revenue Officer (PR Newswire) Former Senior Vice President of Sales at WhiteHat Security and SentinelOne, Robert Cariddi, has joined cybersecurity startup Acreto as the...

Products, Services, and Solutions

DH2i Launches DxOdyssey for IoT, Edge-Optimized Software Defined Perimeter (SDP) Solution | DH2i (DH2i) The DH2i team is excited to announce the general availability of DxOdyssey for IoT - our edge-optimized Software Defined Perimeter (SDP) solution.

Snyk and PerimeterX Partner to Address Open Source JavaScript Risk Increasingly Common in Web Applications (PerimeterX) Protect your web apps against account takeover, carding, denial of inventory, scalping, skewed analytics, digital skimming, Magecart, PII harvesting, scraping.

Okta Unites User Identity and Device Identity for Customer Facing Applications Through New Okta Devices SDK (Okta) New embeddable developer tooling simplifies and secures passwordless login and omnichannel customer experiences

CipherCloud Introduces Advanced Data Discovery, Extending its End-to-End Data Security Platform (BusinessWire) CipherCloud's Data Discovery automates protection of sensitive data for security and privacy across cloud, compliance with GLBA, GDPR, PCI, CCPA

ST Engineering Accelerates Hybrid Multi-Cloud Management and Governance Capabilities with Investment in CloudSphere (CloudSphere) ST Engineering today announced that its Corporate Venture Capital unit has joined in the closing of a strategic investment round in CloudSphere Limited.

Motion Recruitment Expands Market Specialization Model into DataOps and Cybersecurity (PR Newswire) Motion Recruitment, a leading North American provider of IT Staffing for contract, contract-to-hire and direct hire recruitment, today...

Rapid7 Announces Cloud Identity and Access Management Governance Module for DivvyCloud (GlobeNewswire) Security professionals can now simplify cloud identity and access management at scale to help prevent security incidents and data breaches

BlackBerry Persona Delivers Industry's First User Behavior AI Technology for Cybersecurity (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced BlackBerry Persona® Desktop, a user and entity behavior analytics (UEBA) solution that...

BlackBerry Launches New AI-Powered Mobile Threat Defense (MTD) Solution to Protect Against Mobile Malware and Phishing Attacks (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today unveiled BlackBerry® Protect Mobile, a new mobile threat defense (MTD) solution that extends the...

BlackBerry Launches New Unified Partner Program (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced a new global partner program – the BlackBerry Partner Program that combines the...

BlackBerry Unveils Industry's First Unified Endpoint Security (UES) Solution for AI-powered Cybersecurity (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced BlackBerry® Cyber Suite, the industry's first, comprehensive, AI-powered unified...

Ostendio Expands MyVCM Auditor Connect with Drummond Partnership (PR Newswire) Ostendio Inc., a leading provider of integrated risk management software, and Drummond Group LLC, a trusted industry leader in comprehensive...

Dhiraagu selects BroadForward for Next Generation EIR and DSC core network functions (PR Newswire) Today, the leading telecom and digital service provider in the Maldives, Dhiraagu announced that the BroadForward Equipment Identity Register...

StackRox and Robin.io Partner to Deliver Hardened Security, Compliance and Data Management for Stateful Applications on Kubernetes (StackRox) StackRox Kubernetes Security Platform now available as a Robin.io enterprise application bundle

Digital Shadows launches access key alerts – to mitigate the growing problem of credentials exposed during software development (Digital Shadows) Customers of Digital Shadows will now be able to identify in near real-time where these keys have been exposed. Most leakage is accidental, due to poor security practices – such as sensitive data

Confluera Launches Innovative Reseller Program to Advance Detection and Response Capabilities in the Global XDR Market (BusinessWire) Confluera, the autonomous detection and response company, today announced the launch of its Confluera 2020 Reseller Program which will be underpinned

CyberSecure and Tellabs Form Innovative Partnership to Deliver Unmatched Network Security (PR Newswire) CyberSecure IPS and Tellabs have announced a global, go-to-market partnership with far-reaching consequences for the network technology and...

Trend Micro Extends Smart Factory Protection with First-of-Its-Kind Industrial IPS Array to Protect Large-Scale Industrial Networks (inForney.com) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity, today announced a first of its kind intent-based industrial intelligent IPS array

HID Global Enables Employees to Open Doors and Authenticate to Systems, Hands-Free, Using Nymi Workplace Wearables (HID Global) HID Global, a worldwide leader in trusted identity solutions, today announced that its next-generation Seos® credential technology will enable Nymi Band 3.0 users to seamlessly open doors and authenticate to systems, devices and machines.

BlackBerry combines enterprise and Cylance partner programs (CRN Australia) “BlackBerry Partner Program” features new unified sales portal.

M.Tech signs US-based cloud security analytics platform Securonix (CRN Australia) Vendor increasing APAC presence after strong growth.

FireEye’s Mandiant debuts new SaaS threat intelligence suite (ZDNet) The threat intelligence solution is the first of many planned to augment global security teams.

Corr-Serve signs up senhasegura for SA (ITWeb) The Brazilian company provides privileged access management, working against data theft through traceability of administrator actions on networks, servers, databases and devices.

ForgeRock Updates GSA Schedule (ForgeRock) I’m excited to announce that the ForgeRock Identity Governance and ForgeRock Autonomous Identity solutions are now available on the GSA Schedule, which means ForgeRock’s complete IAM and IGA platform can be purchased on the GSA Schedule with Carahsoft. ForgeRock has a long-standing partnership with Carahsoft within the public sector market across US Federal Agencies and State Governments.

Checkmarx provides automated security scans within GitHub repositories (Help Net Security) Checkmarx announced a new GitHub Action to bring comprehensive, automated static and open source security testing to developers.

Technologies, Techniques, and Standards

CISA Issues Telework Security Toolkit (Executive Gov) The Cybersecurity and Infrastructure Security Agency (CISA) has released a toolkit to help agencies,

Your Best Cyber Defense Isn’t a ’60s Super Spy. It’s You. (SME) Since its first volume, in 2006, this publication has followed the story of the F-35 Joint Strike Fighter, which, through trial and sometimes painful error, has gone from a daring design to a distributed manufacturing supply chain to, finally, a warplane in service around the globe.

Cybersecurity Awareness: 6 Myths And How To Combat Them (Security Intelligence) Cybersecurity awareness has changed over the past few years. Clearing up today's myths can help IT and the C-suite understand each other's needs.

COVID-19 Cybercrime and Scams (Security.org) Since the beginning of the COVID-19 pandemic, the Federal Trade Commission (FTC) has seen a huge spike in reported scams, from phishing to misinformation online. From January to September, there have been 211,000 reports overall1. We’ve researched and collected dozens of examples of COVID-19 scams (provided …

ESET Cybersecurity Awareness Training (ESET) ESET Cybersecurity Awareness Training is specifically designed to educate your workforce—because employees who recognize phishing, avoid online scams and understand internet best practices add a vital layer of protection for your business.

Design and Innovation

Why we invite security researchers to hack Azure Sphere (Microsoft Security) We invited some of the world’s best researchers and security vendors to try to break our Azure Sphere device by using the same attacks and methods employed by malicious actors. We received 16 bounty-eligible submissions which earned a combined payout of $374,300. Learn why we ask to get hacked.

Raytheon Intelligence & Space Launches DejaVM to Combat Cyber Threats; John DeSimone Quoted (ExecutiveBiz) Raytheon Technologies' intelligence and space business has developed DejaVM, a new hardware emul

Research and Development

DHS awards $1M for cybersecurity information sharing tool (Homeland Preparedness News) The Department of Homeland Security (DHS) Small Business Innovation Research (SBIR) Program awarded $1 million to InferLink Corp. to develop a tool for sharing cybersecurity information. Inferlink, based in El Segundo, Calif., awarded the Phase II contract to InferLink based … Read More »

Academia

Black Girls Code, BlackGirlsCode, Women of Color in Technology (Black Girls Code) Black Girls Code, BlackGirlsCode, STEM education San Francisco, Technology training for girls, diversity learning, Social Entrepreneurship in San Francisco, Diversity, underrepresented youth, ruby training for kids, games for change

Legislation, Policy and Regulation

Germany battles over Huawei’s 5G role (Asia Times) Battle lines are being drawn in the Bundestag over Huawei’s role in Germany’s 5G broadband buildout, as Chancellor Angela Merkel’s government submits crucial draft IT security legislation later thi…

Ukraine plan to tackle hackers sparks privacy fears (Reuters) From crashing supermarket tills to messing with radiation readouts, Ukraine is hoping to tackle an ever-growing list of cyber attacks with a new law that rights experts warn could give authorities excessive powers to pry into the lives of citizens.

Democrats urge halt to security aid to Azerbaijan in Armenia conflict (Defense News) A growing number of Democrats in Congress are calling for the Trump administration to immediately suspend U.S. security aid to Azerbaijan as fighting between Armenian and Azerbaijani forces over the separatist territory of Nagorno-Karabakh reaches its second week.

House Panel Calls for Congress to Break Up Tech Giants (Wall Street Journal) The biggest U.S. technology companies have leveraged their dominance to stifle competition and innovation, Democrats said in a report following a 16-month inquiry and called on Congress to take antitrust action.

Tech giants' anticompetitive practices investigation - US lawmakers report their findings (Computing) Report concludes that big tech firms like Google, Apple, Facebook and Amazon are monopolies that need to be broken up

House lawmakers condemn Big Tech’s ‘monopoly power’ and urge their breakups (Silicon Valley Business Journal) House lawmakers said that Amazon, Apple, Facebook and Google had exercised and abused their monopoly power as they called for the most sweeping changes to antitrust laws in half a century.

House Democrats say Facebook, Amazon, Alphabet, Apple enjoy 'monopoly power' and recommend big changes (CNBC) Republicans have voiced objections to some of the bolder proposals in the report, such as imposing structural separations.

Big Tech Was Their Enemy, Until Partisanship Fractured the Battle Plans (New York Times) A House report on how to limit the reach of Apple, Amazon, Google and Facebook has been delayed as Democrats and Republicans split on remedies.

Fringe notions on antitrust would destroy small businesses and hurt consumers (US Day One Blog) Misguided interventions in the free market would kill off independent retailers and punish consumers by forcing small businesses out of popular online stores, raising prices, and reducing consumer choice and convenience.

Apple 'Vehemently Disagrees' With U.S. Tech Company Antitrust Report (MacRumors) Earlier today, the U.S. House Judiciary Antitrust Subcommittee completed its ongoing antitrust investigation into the practices of Apple, Facebook,...

Officials urge social media groups to weed out election disinformation targeting minority voters (TheHill) Officials on Tuesday urged social media platforms to take further steps to root out and remove disinformation and misinformation targeting minority groups that could lead to voter disenfranchisement in the upcoming

Cybersecurity and the 117th Congress (Atlantic Council) About eighty congressional subcommittees have jurisdiction over parts of cybersecurity policy: can they effectively govern an evolving field?

GAO makes recommendations to Treasury Dept on cybersecurity for financial sector (Homeland Preparedness News) The Government Accountability Office (GAO) is recommending that the Treasury Department work with other federal agencies and sector partners to enhance cybersecurity within the financial sector. The financial services sector’s reliance on information technology makes it a leading target for … Read More »

CISA Reveals Timeline for Improving Anemic Information Sharing Program (Nextgov) The private sector has been pushing for greater liability protections before participating in a two-way exchange of cyber threats and vulnerabilities with the agency.

Shared cyber defense strategy for gov’t firms pushed (INQUIRER.net) To better fight cybercriminals, the Department of Finance (DOF) has ordered its attached agencies and government financial institutions (GFIs) to band together to cost-effectively strengthen their

House panel urges intelligence community to step up science and technology efforts (TheHill) A House Intelligence Committee subcommittee on Tuesday urged the intelligence community to take steps to boost its science and technology innovation work, warning that without improvements, the U.S. could fall behind other nations including China.

Rightly Scaled, Carefully Open, Infinitely Agile: Reconfiguring to Win the Innovation Race in the Intelligence Community (House Permanent Select Committee on Intelligence, Strategic Technologies and Advanced Research (STAR) Subcommittee) From our nation’s founding moment, innovation has been an essential ingredient of American prosperity and national security.

National Consumer Privacy Law Round-Up: Data Privacy and Security Are Back in Focus (JD Supra) As emergency legislative responses to COVID-19 abate, lawmakers across the country—particularly in Congress—have started to turn their attention back...

Karnataka govt to bring out cybersecurity policy in light of increasing cyber attacks (The News Minute) The Karnataka government will soon bring out a cybersecurity policy in light of increasing cyber attacks, Deputy Chief Minister Dr CN Ashwatha Narayana said on Monday during a government-held event. “Cybersecurity is gaining increased focus in the government in view of the rapid adoption of IT (Information Technology) solutions for delivering public services. Whilst this has many benefits the increased adoption of IT also comes associated with significant cyber risks.

UK regulator bans sale of crypto derivatives to retail users (The Block) The U.K.’s Financial Conduct Authority (FCA) has today officially banned the sale of cryptocurrency derivatives and exchange-traded notes to retail users, more than a year after first proposing such a ban.

NSA boss Paul Nakasone in self-isolation after potential coronavirus exposure (CyberScoop) The director of the U.S. National Security Agency, Gen. Paul Nakasone, has entered quarantine out of an abundance of caution after a potential exposure to the coronavirus.

Indiana National Guard activates cyber battalion (Army.mil) Indiana National Guard activates cyber battalion

Maryland National Guard Soldiers Participate in National Cyber Exercise (DVIDS) Soldiers from the Maryland National Guard’s 169 Cyber Protection Team have just wrapped up their part in this year’s Cyber Shield exercise, which ran from September 12—27, and was conducted virtually for the first time due to the coronavirus pandemic.

Litigation, Investigation, and Enforcement

Huawei set to challenge EU discrimination law in Estonia (Telecoms.com) Estonia has drafted a fairly standard law banning high-risk telecoms vendors, but Huawei has reportedly decided to make a stand this time.

Tax Agency Watchdog Is Investigating IRS Use of Cellphone Location Data (Wall Street Journal) Treasury Inspector General for Tax Administration J. Russel George said in a letter to Capitol Hill he was examining the agency’s use of software sold by Venntel, a data company that caters to government clients in the intelligence, military and law enforcement space.

The IRS Is Being Investigated for Using Location Data Without a Warrant (Vice) The IRS used smartphone location data from a contractor to try and track Americans without a warrant.

Here’s Why Cisco Was Ordered To Pay $1.9B To Centripetal Networks For Patent Infringement (CRN) Here's why a federal court ordered Cisco Systems to pay $1.9 billion for infringing on four patents belonging to cybersecurity startup Centripetal Networks.ta.

EU Court Curbs Mass Phone Data Grab by Spy Agencies (SecurityWeek) EU law precludes national legislation that requires telcos and tech companies to carry out the "indiscriminate retention" of data.

Fortinet Alleges Trademark Infringement Against Fortanix (1) (Bloomberg Law) Cybersecurity company Fortinet Inc. sued cloud security company Fortanix Inc. in San Francisco federal court for allegedly infringing its trademarks by using a confusingly similar name.

U.S. judge to hold November 4 hearing on Commerce Dept TikTok ban (Reuters) A U.S. judge said on Tuesday he would hold a Nov. 4 hearing on whether to allow the U.S. government to bar transactions with TikTok, a move that the Chinese-owned short video-sharing app has warned would effectively ban its use in the United States.

EU’s top court limits government spying on citizens’ mobile and internet data (CNBC) The European Court of Justice (ECJ) has ruled that member states cannot collect mass mobile and internet data on citizens.

Leaked: Confidential Amazon memo reveals new software to track unions (Vox) The new tool would also track other non-union threats to the company, like crime and weather.

Google, Oracle Financed Many Supporters in Supreme Court Faceoff (Bloomberg) Alphabet Inc.’s Google and Oracle Corp. will face off in the U.S. Supreme Court on Wednesday in a multibillion-dollar copyright dispute with sweeping implications for technology and media companies worldwide.

DNI Declassifies CIA Memo That Comey Claimed to Have No Memory of Receiving (Epoch Times) The head of the U.S. intelligence community on Oct. 6 declassified a referral sent from the CIA to ...

Trump’s team trusts Russian intelligence over U.S. intelligence (Washington Post) As the election draws near, President Trump’s political appointees, private lawyers and GOP allies on Capitol Hill are escalating their campaign to help the Russians interfere in U.S. politics.

Waikiki man charged for bizarre 'email bomb’ cyber attack targeting HPD (Hawaii News) This type of cyber attack aims to overload servers, essentially "clogging the pipes," a cybercrime expert said.