Cyber Attacks, Threats, and Vulnerabilities
Norway Says Russia Behind Cyber Attack on Parliament (SecurityWeek) Norway's government on Tuesday said that it believes Russia was behind an August cyber attack targeting the email system of the country's parliament.
Norway blames Russia for cyber-attack on parliament (BBC News) Moscow said there was no evidence for the accusation, calling it a "serious and wilful provocation".
Is the UAE tied to Bahamut, the mercenary Middle Eastern hacker group? (TRT World) Bahamut’s methods are surprisingly similar to those used by the UAE throughout the Middle East, and the group has used some of the same software used by the UAE in the past.
'Major' cyberattack targets government agencies in Iran (The Jerusalem Post) Iran denied that there was any evidence of a widespread attack on any other agencies so far except for the two that were mentioned.
Google warns of severe 'BleedingTooth' Bluetooth flaw in Linux kernel (ZDNet) Intel recommends updating to Linux kernel 5.9 to mitigate a serious flaw Google found in the Linux Bluetooth stack.
Clickbait to Checkmate: SMS-based scam targets US smartphones and accesses victim locations (Digital Shadows) Since the start of the COVID-19 pandemic, Digital Shadows has observed a significant increase in the number of SMS-based phishing campaigns (smishing) in the wild. Many of these campaigns have taken
Creepy covert camera “feature” found in popular smartwatch for kids (Naked Security) This popular smartwatch aimed at kids had a backdoor that received covert encrypted commands via SMS.
FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft (FireEye) We introduce FIN11, a highly active group that Mandiant Threat Intelligence recently promoted to a FIN (or financially motivated) threat actor.
Anatomy of Ryuk Attack: 29 Hours From Initial Email to Full Compromise (SecurityWeek) An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environment compromise and the encryption of systems
Miami-based tech company suffers massive 1TB customer and business data leak (CyberNews) The Miami-based tech company Intcomex has suffered a major data breach, with nearly 1 TB of its users' SSNs, passports, & other data leaked.
Study Finds 400,000 Vulnerabilities Across 2,200 Virtual Appliances (SecurityWeek) A scan of 2,200 virtual appliance images revealed the existence of over 400,000 vulnerabilities, including in the appliances of major vendors
Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes (Threatpost) Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.
Is WhatsApp Really End-to-End Encrypted? Are My Chats Secure? (TheQuint) The encryption does not extend to back-up files of the chats that are saved on the device or on cloud services.
Treasury Unit Warns Banks of Unemployment Fraud (Wall Street Journal) As U.S. jobless claims swell during the pandemic, authorities are urging financial institutions to watch for schemes involving unemployment insurance payments.
Phishers use taxman con to hook home insurance giant (TimesLIVE) More than 3,000 BetterSure clients targeted, but firm insists no personal data has been compromised
Fake Twitter accounts posing as Black Trump supporters appear, reach thousands, then vanish (Washington Post) The speed with which the accounts gain followers shows how far false messages can spread before Twitter can block them
Footage from '50,000' home cameras hacked and sold on porn sites (AsiaOne) Security cameras in Singapore homes have been hacked, with the footage stolen and shared online. Clips from the hacked footage have been uploaded on pornographic sites recently, with several explicitly tagged as being from Singapore. The videos, which can last from under a minute to more than 20 minutes, feature couples, breastfeeding mothers and even children. Most of them are...
Siemens SCALANCE W1750D, M800, S615, and RUGGEDCOM RM1224 (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.1
ATTENTION: Exploitable remotely/low skill level to exploit.
Vendor: Siemens
--------- Begin Update C Part 1 of 3 --------
Equipment: SCALANCE W1750D, M800, S615, and RUGGEDCOM RM1224
--------- End Update C Part 1 of 3 --------
Siemens Industrial Products (Update J) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Products
Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption
2.
Siemens Industrial Products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.5
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: Siemens Industrial Products containing certain processors
Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor
2.
Siemens SIMATIC S7-300 and S7-400 CPUs (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC S7-300 and S7-400 CPUs
Vulnerability: Insufficiently Protected Credentials
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-252-02 Siemens SIMATIC S7-300 and S7-400 CPUs that was published September 8, 2020, to the ICS webpage on us-cert.gov.
Siemens SIPORT MP (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIPORT MP
Vulnerability: Use of client-side authentication
2.
Siemens Desigo Insight (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.4
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Desigo Insight
Vulnerabilities: SQL Injection, Improper Restriction of Rendered UI Layers or Frames, Exposure of Sensitive Information to an Unauthorized Actor
2.
Fieldcomm Group HART-IP and hipserver (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Fieldcomm Group
Equipment: HARP-IP Developer kit, hipserver
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may allow remote code execution.
Flexera InstallShield (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.3
ATTENTION: Low skill level to exploit
Vendor: Flexera
Equipment: InstallShield
Vulnerability: Untrusted Search Path
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow execution of a malicious DLL.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Flexera InstallShield are affected:
LCDS LAquis SCADA (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Low skill level to exploit
Vendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas Ltda ME
Equipment: LAquis SCADA
Vulnerability: Out-of-bounds Read
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute code under the privileges of the application.
MOXA NPort IAW5000A-I/O Series (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: MOXA
Equipment: NPort IAW5000A-I/O Series
Vulnerabilities: Session Fixation, Improper Privilege Management, Weak Password Requirements, Cleartext Transmission of Sensitive Information, Improper Restriction of Excessive Authentication Attempts, Exposure of Sensitive Information to an Unauthorized Actor
2.
Carnival Corp. data breach may have impacted three brands (Seatrade Cruise News) A Carnival Corp. & plc data breach in early August indicates possible third-party access to personal information related to Carnival Cruise Line, Holland America Line and Seabourn, as well as casino operations.
Microsoft leads effort to disrupt infamous TrickBot botnet (SiliconANGLE) Microsoft Corp. today claimed to have disrupted the infamous TrickBot botnet in partnership with other companies, but there’s evidence that only part of the botnet has been taken down.
Microsoft seeks to disrupt Russian criminal botnet it fears could seek to sow confusion in the presidential election (Washington Post) The software giant won a court order to seize servers used by the Trickbot botnet, a network of infected computers that Microsoft says might have been used to lock up voter-registration systems.
Microsoft seeks to defend US election in botnet takedown (Gulf-Times) A coalition of technology companies used a federal court order unsealed on Monday to begin dismantling one of the world’s most dangerous botnets in an effort to pre-empt disruptive cyber-attacks before next month’s US presidential election.
Microsoft attempts takedown of global criminal botnet (WDIV) Microsoft announced Monday that it has taken legal action seeking to disrupt a major cybercrime digital network that uses more than 1 million zombie computers to loot bank accounts and spread ransomware.
Election Systems Under Attack via Microsoft Zerologon Exploits (Threatpost) Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.
()
Virginia’s Voter-Registration Site Goes Offline on Last Day to Register (Wall Street Journal) Virginia’s voter-registration website went offline on the state’s last day to register before the Nov. 3 election in what officials attributed to an accidental cutting of a fiber-optic cable.
Security Patches, Mitigations, and Software Updates
Microsoft patches 87 vulnerabilities in October 2020 Patch Tuesday update (Computing) Twelve of them are listed as 'Critical'
Microsoft Patch Tuesday, October 2020 Edition (KrebsOnSecurity) It's Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it's once again time to backup…
Zero Day Initiative — The October 2020 Security Update Review (Zero Day Initiative) October is here and with it comes the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month. Adobe Patches for October 2020 Adobe released only one patch for October. It fi
Adobe Patches Critical Code Execution Vulnerability in Flash Player (SecurityWeek) Adobe announced on Tuesday that it has patched a critical code execution vulnerability in Flash Player. This is the only flaw fixed this Patch Tuesday
Acronis Patches Privilege Escalation Flaws in Backup, Security Solutions (SecurityWeek) Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges
Cyber Trends
Cyber Conflict (The Johns Hopkins University) The scores in the Heat Index are based on the analytic judgments of the project team based on the approach described in the Methodology section. Using multiple sources of open-source information, the team assesses the likelihood of future cyber attacks and assigns scores to each factor. These scores are reevaluated periodically as warranted. The scores may change in response to additional information about the cyber capabilities of each country or developments in the geopolitical situation that may affect the grievance outlined in each scenario.
The global state of anti-money laundering: What consumers think and why that matters (BAE Systems) The sheer scale of AML regulation expansion in recent times is astounding. Banks are having to adapt rapidly to manage risk, but must also control cost. We asked financial institutions about their challenges and goals for AML management, and we asked their customers what their expectations are.
Global Pandemic Has Accelerated Cloud Transformation for Nearly Half of Organizations, Reveals Centrify Survey (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today released new research that found nearly half of IT decision makers' companies had to accelerate their cloud migration plans (48%) and IT modernization overall (49%) during the COVID-19 pandemic.
Morphisec Releases Government & Election Cybersecurity Threat Index as (PRWeb) 63% of government workers say they are worried that cyberattacks on candidates, political parties, and voting infrastructure will impact the
Cyberattackers ‘won’t go easy’ just because firms are in a state of flux (Silicon Republic) Huawei Ireland’s Neil Redmond talks about the importance of cybersecurity teams and which industries are the most vulnerable to attacks.
Marketplace
DISA sends message to large companies: Meet small business goals or risk getting off-ramped (Federal News Network) DISA received the 2020 Verdure award from DoD for its approaches to balancing the development of efficient procurement methods.
Online Infrastructure Security Firm Cyberpion Emerges From Stealth (SecurityWeek) Online infrastructure security solutions provider Cyberpion on Tuesday emerged from stealth mode after raising $8.25 million in seed funding
DevSecOps Company apiiro Emerges From Stealth With $35 Million in Funding (SecurityWeek) DevSecOps and risk management solutions provider apiiro on Tuesday emerged from stealth mode with $35 million in funding
PE-Backed Cybersecurity Brand McAfee Aims For $759M IPO (Law360) Cybersecurity software creator McAfee, which is backed by private equity firms TPG and Thoma Bravo, on Tuesday launched an initial public offering guided by Ropes & Gray and Wilson Sonsini to lock down $758.5 million to repay loans and repurchase newly issued securities.
Network Designs, Inc. (NDi) Awarded U.S. Army Contract for Secure Classified Remote Access as a Service (SCRAaaS) (StreetInsider.com) Network Designs Inc. (NDi) is pleased to announce we were awarded a contract by the U.S Army's Network Enterprise...
DISA Awards Zimperium Mobile Threat Defense (MTD) Mobile Endpoint Protection Production OTA (BusinessWire) DISA, a US DoD organization, select Zimperium’s Mobile Threat Defense to deliver Mobile Endpoint Protection to their unclassified mobile offerings.
AFWERX Selects DISCUS Software Company (AiThority) AFWERX, selected DISCUS Software in the Enabling Technologies for Reverse Engineering and Additive/Agile Manufacturing Challenge.
Nobel laureate Kip Thorne chairs the ESET Science Award International jury in 2020 (ESET) The laureates of this year’s ESET Science Award will be decided by the International jury chaired by a Nobel laureate, Kip Thorne. An American physicist known for his work in gravitational physics and astrophysics, Thorne is one of the three scientists who were awarded the 2017 Nobel Prize in Physics.
Ermetic Unveils Board of Advisors Featuring Top Executives from Atlassian, Google, Netflix and Publicis Groupe (BusinessWire) Who’s who list of experts from technology, media and communications sectors will provide strategic business and technology advice for the company.
VMware ANZ hires Sean Kopelke as technology director out of Microsoft (CRN Australia) Sean Kopelke to lead technology teams in Australia and New Zealand.
Huawei appoints first every chief security office in GCC (Gulf Business) Aloysius Cheang takes up role as CSO for Huawei UAE
Former U.S. Associate Deputy Attorney General Sujit Raman Joins Sidley in Washington, D.C. (Sidley) Sidley is pleased to announce that Sujit Raman joined the firm as a partner in its Washington, D.C. office. Mr. Raman will be a member of the Privacy and Cybersecurity practice group, and will contribute to the firm’s globally regarded litigation, national security, and trade practices.
Keller Lenkner UK appointed as data breach advisor to Communication Workers Union (Business Up North) Data breach and cybercrime specialist law firm, Keller Lenkner UK, has been appointed to deliver data breach claims support to nearly 200,000 members of the Communication Workers Union (CWU).
Products, Services, and Solutions
Intel Xeon Scalable Platform Built for Most Sensitive Workloads (Intel Newsroom) New security innovations include Intel SGX, memory encryption, firmware resilience and breakthrough cryptographic accelerators.
Nuspire Delivers Advanced Threat Intelligence through Partnership with Recorded Future (Nuspire) Nuspire today announced its partnership with Recorded Future to deliver clients with actionable threat intelligence that reduces risk with real-time data.
Fugue Introduces Next-Generation CSPM to Prove Compliance and Eliminate Cloud Misconfiguration (Fugue) Fugue announced next-generation cloud security posture management (CSPM) capabilities that leverage Fugue’s cloud state machine and Open Policy Agent (OPA).
IBM Advances Cloud Pak for Security to Manage Threats Across Tools, Teams & Clouds (IBM) Open platform leverages AI and automation to streamline threat management across hybrid cloud environments and disparate security tools
IBM Advances Cloud Pak for Security to Manage Threats Across Tools, Teams & Clouds (IBM News Room) IBM (NYSE: IBM) Security today announced new and upcoming capabilities for Cloud Pak for Security, including a first of its kind data security solution that allows companies to detect, respond to...
IBM updates Cloud Pak for Security with new data security hub (ZDNet) IBM said Cloud Pak's new integrated data security hub will bring data security insights directly into threat management and security response platforms
IBM brings more threat intelligence into Cloud Pak for Security (SiliconANGLE) IBM Corp. today previewed upcoming updates to its Cloud Pak for Security product that it says will give cybersecurity professionals a more complete view of the risks facing their organizations.
CrowdStrike Announces Falcon Zero Trust Assessments (ZTA) (CrowdStrike) CrowdStrike Falcon ZTA delivers continuous real-time security posture assessments across all endpoints regardless of location, network or user
CrowdStrike Announces New Cloud Security Module Falcon Horizon (CrowdStrike) A leader in cloud-delivered endpoint and workload protection, CrowdStrike today announced the new Falcon Horizon module to protect multi-cloud environments.
CrowdStrike Bolsters Endpoint Protection Platform with New Capabilities (CrowdStrike) CrowdStrike announced enhancements to the CrowdStrike Falcon platform’s visibility, detection and response capabilities across Windows, macOS and Linux.
Untangle Offers Powerful VPN Choices with NG Firewall 16 Release (Untangle) New WireGuard® VPN Allows for Greater VPN Options in Today's Remote World SAN JOSE, Calif.– October 16, 2020 – Untangle®, Inc., a leader in comprehensive network security for small-to-medium busi
Cynet 360 Receives Five Star Ranking in Gartner Peer Insights Ratings and Reviews Platform (StreetInsider.com) Cynet today announced that the Cynet 360 Autonomous Breach Prevention Platform has been rated a 5.0, the...
Bitglass’ SASE Platform Achieves Perfect Score in KuppingerCole’s CASB Market Compass (BusinessWire) Bitglass, the Total Cloud Security Company, has received full scores across all nine criteria in KuppingerCole’s Market Compass on Cloud Access Securi
New AI Technology Mimics Thousands of Hackers Trying to Break into an Organization, Launched by FireCompass (PR Newswire) FireCompass today unveils its new artificial intelligence powered Continuous Automated Red Teaming (CART) platform that mimics thousands of...
StackRox Selected as Accredited Kubernetes-Native Security Platform for U.S. Department of Defense Iron Bank | StackRox: Kubernetes and container security solution (StackRox: Kubernetes and container security solution) StackRox Kubernetes Security Platform Certified as a Standard Security and Compliance Platform in DoD’s Hardened Container Repository
XM Cyber Receives 2020 CyberSecurity Breakthrough Award for 'Overall APT Solution Provider of the Year' (PR Newswire) XM Cyber, the multi-award-winning leader in breach and attack simulation (BAS), advanced cyber risk analytics and cloud security posture...
Gartner report on Security Awareness Computer-Based Training names Cyber Risk Aware as leading player - Cyber Risk Aware (Cyber Risk Aware) Gartner, a leading independent global research and advisory company, released it’s 2020 Security Awareness Training Market Guide tackling the complexity of the cybersecurity market for CSOs and highlighting Cyber Risk Aware’s platform for being innovative, unique and a leader in cyber security awareness and training solutions.
1touch.io Named “Enterprise Risk Management Solution of the Year" by 2020 CyberSecurity Breakthrough Awards (1touch.io) 1touch.io announced that it has been named “Enterprise Risk Management Solution of the Year" in the fourth annual CyberSecurity Breakthrough Awards program. The award honors Inventa’s ability to accurately and continuously catalog sensitive data at speed to help organizations meet privacy, security, and governance requirements.
INTRUSION’s New Cybersecurity Solution, Shield, Brings Government-Level Cybersecurity to Businesses (News Category Global Banking & Finance Reviews) INTRUSION Inc. (NASDAQ: INTZ), a leading provider of entity identification, high speed data mining, cybercrime and advanced persistent threat detection services, announced today that it is now taking pre-orders on its newest cybersecurity solution for the enterprise, INTRUSION Shield„¢. Shield takes an entirely new approach to protecting an organizations network by not merely alerting to […]
Technologies, Techniques, and Standards
Cybersecurity Awareness Month: Securing Devices at Home and Work (NIST) 2020 saw a major disruption in the way many people work, learn, and socialize online. Our homes are more connected than ever.
The Changing Cyber-Landscape and How Organizations Can Reduce the Risks (Infosecurity Magazine) IT teams need to adapt and become more agile to keep nefarious actors at bay
The Changing Cyber-Landscape and How Organizations Can Reduce the Risks (Infosecurity Magazine) IT teams need to adapt and become more agile to keep nefarious actors at bay
Modernizing Your Security Operations Center for the Cloud (Security Intelligence) Security operations center modernization takes a lot of shifts. However, with these tools and priorities you can be sure you're working in the 21st Century.
Making sense of zero-trust security (ComputerWeekly.com) Implementing zero-trust security is not an easy feat, but enterprises can still get it right if they approach it from a process perspective and get a handle on their infrastructure footprint.
Security expert offers tips on avoiding cyber threats during Prime Day sales (WXMI) A cyber security company is concerned with Amazon’s upcoming Prime Day shopping event and offering tips to avoid threats.
Thriving using Science: the importance of Cyber Security in the modern day society (Yahoo) In this Breakfast Chat with Leading Market Leaders & Entrepreneurs series, we have the opportunity in speaking with the DUO of BI Consulting Group charismatic Dr Christina, a turnaround/business performance psychologist, Partner and Group Managing Director and her husband Marek Boguszewicz, a former
US Army demonstrates a first in electronic warfare (C4ISRNET) The Army has demonstrated an ability that service officials and industry agree is significant.
Academia
ODU launches new cybersecurity school to help close talent gap (Virginian-Pilot) Around 5,000 cybersecurity jobs are currently going unfilled in Hampton Roads.
Legislation, Policy, and Regulation
Philippines starts registering millions for national ID cards (Nikkei Asia) Manila hopes system will spur consumer adoption of electronic payments
CFIUS Rule Puts National Security Spotlight on Investments that Result in Foreign Access to Sensitive Personal Data (Cooley) Personal data is now a strategic asset under federal regulations. On October 15, 2020, a Final Rule by the Committee on Foreign Investment in the United States (CFIUS or the Committee) will become effective, imposing new requirements for foreign investment in light of national security risks related
Five Eyes renew calls for backdoors in security products (SC Media) Federal law enforcement agencies from the U.S. and several of its closest allies cosigned a statement over the weekend calling for tech manufacturers to
Call For Big Tech To Bake Backdoors Into Everything (Information Security Buzz) It has been reported that the nations of the Five Eyes security alliance – Australia, Canada, New Zealand, the USA and the UK – plus Japan and India, have called on technology companies to design their products so they offer access to encrypted messages and content. A joint “International Statement” issued yesterday frames the issue as a matter of public safety.
Digital rights body questions India's move to seek backdoor access to encrypted communication (ET CIO) The UK home department, this Sunday, issued a joint statement signed by governments of Australia, Canada, India, Japan, New Zealand and the United Sta..
India joins the idiotic global alliance calling for encyption backdoors (The Next Web) Late last week, India signed a letter with Japan and Five Eyes Alliance (USA, UK, Australia, New Zealand, and Canada) asking tech companies to build backdoors in their end-to-end encrypted systems to enable law enforcement and other authorities to snoop on communications. The letter says companies should provide lawful access to the system and they should also build …
US advisory meant to clarify ransomware payments only spotlights widespread uncertainty (CyberScoop) If a Treasury Department advisory threatening financial penalties against anyone paying ransomware hackers was intended to send a clear message, it may have done the exact opposite.
New York Regulator Urges Oversight for Social-Media Giants (Wall Street Journal) In a report about the cyberattack that hit Twitter in July, the New York State Department of Financial Services also said big social-media platforms should be designated as systemically important.
The Man Who Speaks Softly—and Commands a Big Cyber Army (Wired) Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing.
Litigation, Investigation, and Law Enforcement
The Cybersecurity 202: A ruling against expanding online voting is a win for cybersecurity advocates (Washington Post) A federal judge yesterday dismissed a lawsuit that sought to dramatically expand online voting by military service members and other citizens living overseas, halting an effort that critics say could have made the election far more vulnerable to hacking.
As voters cast their ballots, courts nationwide issue election security edicts (CyberScoop) Legal battles with election security implications raged across the country over the holiday weekend, even with early voting well underway at historic levels in many states.
Groups file lawsuit after Virginia state websites shut down for hours on last day of voter registration (Washington Post) An accidentally severed fiber-optic cable in Virginia effectively shut down most of the state’s online voter registration on its last day Tuesday, prompting voter advocates to file a lawsuit in federal court seeking an extension of the deadline that they argue thousands of voters missed because of the disruption.
Justice Thomas Fires Shots At Big Tech Immunity Shield (Law360) Justice Clarence Thomas told the U.S. Supreme Court on Tuesday it's time to rein in the so-called Big Tech liability shield, arguing that lower courts have been "construing the law broadly" and allowing some of the world's largest internet companies to escape responsibility for harmful third-party-generated content.
Clarence Thomas wants to reel in Section 230 (Axios) Thomas is laying down a marker as the likely confirmation of Amy Coney Barrett looks set to tip the high court further right.
‘Unmasking’ probe commissioned by Barr concludes without charges or any public report (Washington Post) The federal prosecutor appointed by Attorney General William P. Barr to review whether Obama-era officials improperly requested the identities of individuals whose names were redacted in intelligence documents has completed his work without finding any substantive wrongdoing, according to people familiar with the matter.
Employee-Monitoring in Europe Comes Under Spotlight After H&M Fine (Wall Street Journal) Companies have been using tech to watch their workers for a while, sometimes illegally. Some remote workers now report being tracked at home, labor union representatives say.
Supreme Court Won’t Review Security Software Makers’ Rift (1) (Bloomberg Law) The U.S. Supreme Court won’t step into a rift between two security software makers in a case testing the application of an online liability shield.
Star Witness in Case Against Cisco: Its Own Documents (BankInfo Security) Plaintiffs in the patent infringement case Centripetal Networks v. Cisco Networks won the day thanks to clear testimony and using Cisco's own technical documents in unaltered form. By contrast, the judge slammed Cisco for offering disagreeing witnesses and attempting to focus on old, irrelevant technology.
Law Firm Starts Legal Action Over Virgin Media UK Data Breach (ISPreview UK) A consumer action law firm, Your Lawyers, has today announced that they've launched a Group Action Claim against broadband ISP Virgin Media UK, which
What In-House Counsel Should Know About 'Deepfakes' (Law360) As new artificial intelligence technology becomes more accessible, in-house counsel are being warned about the potential for harm in nearly every industry — especially in media, entertainment, finance and politics.