Iran confirms cyberattacks. Silent Librarian is back. Not spies, just crooks. Election disinformation. Content moderation.

Cyber Attacks, Threats, and Vulnerabilities

Similar to the attack on the Bundestag – NRK Norway... (AlKhaleej Today) In the spring of 2015, hackers broke into the German Bundestag’s IT system and stole large amounts of data, including many emails from parliamentarians in Germany’s National Assembly.

Russian embassy denies accusations of hacker attacks in Norway (112 UA) The Russian embassy referred to the fact that Russia does not blame the authorities of other countries in such cases, despite millions of hacker attacks on its institutions

Norway blames Russia for cyber attack (The Independent Barents Observer) The email system at the Norwegian Parliament was hacked on August 24. Foreign Minister Ine Eriksen Søreide now points the finger of blame on Russia.

Iran acknowledges cyberattacks on government departments (Washington Post) Iran’s cybersecurity authority acknowledged cyberattacks on two governmental departments this week, state media reported Thursday.

Online Disinformation Campaigns Undermine African Elections (Bloomberg) Some governments use social media to dominate the narrative around campaigns.

SourMint: iOS remote code execution, Android findings, and community response (Snyk) We disclosed our new findings to Apple on October, 2nd and one day later, on October 3rd Apple sent out a notification to affected app developers sharing that

Late-game election security: What to watch and watch out for (CSO Online) Despite disruption of the Trickbot botnet network, last-minute leaks of stolen documents and post-election undermining of trust in the election system remain big concerns.

Hackers posing as notorious APT groups threaten organisations with DDoS attacks (Computing) The new and unidentified hacking group is masquerading as other, infamous groups to convince firms to pay its ransom demands

2020 Ransom DDoS Campaign Update (Radware) Radware and the FBI warned in August about a global ransom DDoS campaign targeting financial institutions and other industries worldwide. Radware has witnessed an increase of new extortion letters from organizations across the globe.

Meet FIN11, a cybercrime outfit going after pharma companies while leaning on extortion (CyberScoop) Researchers have pieced together details about a newly-identified, financially-motivated hacking group they say is behind bold, large and long-running malware campaigns.

This major criminal hacking group just switched to ransomware attacks (ZDNet) A newly detailed financial cybercrime group has been conducting attacks around the world since 2016 - but now they've switched to ransomware because it's the biggest and easiest pay day.

FIN11 Spun Out From TA505 Umbrella as Distinct Attack Group (SecurityWeek) FIN11 is a new designation for a financially motivated hacking group that may previously have been obscured within the activity set and group usually referred to as TA505.

What's behind the rise of QAnon in the UK? (BBC News) How one woman helped spread a conspiracy theory across Britain.

Silent Librarian APT right on schedule for 20/21 academic year (Malwarebytes Labs) A threat actor known as Silent Librarian/TA407/COBALT DICKENS has been actively targeting universities around the world via spear phishing campaigns.

Iranian APT group hits schools, universities in global spear phishing attacks (HackRead) The APT group known as Silent Librarian has increased its spear phishing attacks as schools and universities are back.

After blows from Cyber Command and Microsoft, TrickBot lives on (CyberScoop) Disrupting a well-oiled botnet, or network of compromised computers used to launch attacks, isn’t easy. It’s little surprise, then, that in the days after U.S. Cyber Command and Microsoft took aim at TrickBot, one of the world’s largest botnets, parts of the zombie computer army still appear to be active.

A Trickbot Assault Shows US Military Hackers' Growing Reach (Wired) Despite the operation's short-term effects, it sets new precedents for the scope of Cyber Command's mission.

SonicWall VPN Portal Critical Flaw (CVE-2020-5135) (The State of Security) Tripwire VERT has identified a stack-based buffer overflow in SonicWall Network Security Appliance (CVE-2020-5135). Craig Young has the details.

Windows “Ping of Death” bug revealed – patch now! (Naked Security) No one has figured out how to run code with this bug yet – but if they do, you can bet that someone will turn it into a computer worm.

Self-driving cars can be forced to brake by hijacked billboards (ZDNet) Researchers demonstrate how “phantom objects” can fool autonomous vehicles and prompt particular actions.

They’re back: inside a new Ryuk ransomware attack (Sophos News) After a long lull, Ryuk returns with new tools and tactics.

Ransomware Gangs Outsource Network Access to Drive Success (Infosecurity Magazine) Accenture warns of increasingly prevalent dark web partnership

Data Breach May Have Affected As Many As 30,000 Colorado State Employees (CBS 4 Denver) As many as 30,000 employees of the State of Colorado may have been affected by a data breach.

London Borough of Hackney suffers ‘serious’ cyberattack (BleepingComputer) The city council systems for the London Borough of Hackney have been hit with a 'serious' cyberattack that impacts many of their services and IT systems.

Hackney Borough Council suffers serious cyber attack (Computing) The Council is currently working with security experts to protect data

Hackney Council hit by a serious cyber attack, NCSC confirms (teiss) London's Hackney Council has confirmed that many of its online services and IT systems have been affected by a serious cyber attack.

Barnes & Noble confirms cyberattack, suspected customer data breach (ZDNet) The bookseller’s security incident also impacted Nook services.

L+M hospital donor information hacked in ransomware attack (The Day) New London — Lawrence + Memorial Hospital has reported a ransomware attack involving a company the hospital uses for donor

Netsparker Research Finds Executive Overconfidence is a Security Risk (PR Newswire) Netsparker, the leading enterprise dynamic application security testing (DAST) solution, teamed up with Dimensional Research to understand the...

Attorney-Client Confidentiality Threatened by Cyber Sabotage: Report (The Crime Report) Due to a lack of preparedness in the legal world, many lawyers and their clients are battling to make sure their communications stay between them — and away from the eyes and ears of hackers domestically and abroad, a new NYCLU report details.

More BEC Criminal Gangs Are Based in US (BankInfo Security) Business email compromise scams continue to proliferate around the globe, with the U.S. now second only to Nigeria as a home base for the cybercriminal

Cache Creek Casino And Resort, Closed For Weeks Due To Cyber Attack, Reopens (CBS Local Sacramento) Cache Creek Casino and Resort is back open after a cyber-attack knocked it out of business for several weeks.

Security Patches, Mitigations, and Software Updates

US Cyber Command: Patch Windows 'Bad Neighbor' TCP/IP bug now (BleepingComputer) US Cyber Command warns Microsoft customers to immediately patch their systems against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month's Patch Tuesday.

Microsoft Addressing 87 Vulnerabilities in October Security Patch Bundle (Redmondmag) Microsoft's October bundle of security patches, released on Tuesday, brings fixes for just 87 common vulnerabilities and exposures (CVEs) across Windows, Office, SharePoint and many other software products.

Microsoft Fixes Fewer Than 100 Bugs for First Time Since February (Infosecurity Magazine) October Patch Tuesday still contains plenty to keep sysadmins busy

October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug (Threatpost) There were 11 critical bugs and six that were unpatched but publicly known in this month's regularly scheduled Microsoft updates.

Adobe fixes critical security vulnerability in Flash Player (BleepingComputer) Adobe has released a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website

Cyber Trends

Cryptographic Solutions Delivering Cloud, IoT, Blockchain and Digital Payment Security (nCipher Security) nCipher Security empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.

Tactical vs Strategic: CISOs and Boards Narrow Communication Gap (SecurityWeek) A global survey of almost 1000 CISO/Senior IT decision makers shows positive signs of Boards' willingness to invest in cybersecurity -- with perhaps one major rider.

Pandemic-Driven Change: The Effect of COVID-19 on Incident Response (Secure Works) This report examines how the global pandemic increased security risk and impacted incident response.

Organizations are Never the Same After Being Hit by Ransomware, According to Sophos Global Survey (Sophos) The Confidence of IT Managers and Approach to Battling Cyberattacks is Vastly Different Between Those Who’ve Been Impacted by Ransomware and Those who Have Not, Survey Shows

Research Reveals Most Cybersecurity Professionals Embrace Automation, Yet Half of Younger Staffers Fear Being Replaced by Technology (BusinessWire) Today, Exabeam has released their 2020 Cybersecurity Professionals Salary, Skills and Stress Survey.

Cybersecurity: the Human Challenge (Sophos) This comprehensive survey of 5,000 IT managers reveals the reality of the human side of cybersecurity. It explores plans for human-led threat hunting, the impact of the cybersecurity skills shortage, and how ransomware affects IT teams over and above any financial, reputational and operational impact.

Expert: Home is ‘new battleground’ for cybersecurity (Idaho Business Review) Internet-connected devices, such as smart TVs, can be a security risk.

Cybersecurity in a Pandemic (The UCSB Current) National Cybersecurity Awareness Month hits a chord this year as faculty, students and staff navigate a new, virtual world

Marketplace

Managed Security Services Company deepwatch Raises $53 Million (Pulse 2.0) deepwatch — a leading provider of intelligence-driven managed security services — announced it has closed a $53 million Series B investment.

FOSSA Accelerates Growth, Hits Significant Milestones (FOSSA) Open Source Management Leader Lands $23.2 Million in Series B Funding, Launches New Security Management Capability and Expands Global Footprint

Cyberpion raises $8.25M in seed funding to help businesses secure assets beyond their firewall (TechCrunch) Hijacking a company’s DNS or injecting code into third-party tools are the kind of attacks that many companies aren’t equipped to handle. Cyberpion, a new security startup founded by a number of experienced security experts, aims to help enterprises identify and neutralize these kinds o…

Announcing our Series A - acceldata (acceldata) Announcing our Series A fundraise to bring Data observability to the modern enterprise

Accurics raises $20m, continues mission to enhance cloud-native security (IT Brief) Accurics, a cloud cyber resilience company specialising in cloud native infrastructure, states the new investment will support the company's market momentum and help in continued development of technology.

Highly Rated Cybersecurity Firm Fortinet Gets Another Rating Upgrade (Investor's Business Daily) Fortinet has outperformed 73% of all stocks over the past 52 weeks. But the rating hike for the cybersecurity software maker doesn't tell the whole story.

Armis Expands Executive Team With Appointment of Brian Gumbel as Chief Revenue Officer (PR Newswire) Armis®, the leading agentless device security platform, today announced that Brian Gumbel, formerly CRO at Sisense, has joined as its new CRO...

Former Executive Chairman Of RSA Security Art Coviello Jr. Joins SKOUT CYBERSECURITY As Senior Advisor (PR Newswire) SKOUT CYBERSECURITY announced today security industry visionary and investor Art Coviello Jr. is now serving as a Senior Advisor to the company....

Shane McNamee joins Avast as Chief Privacy Officer (Help Net Security) Avast has announced the appointment of Shane McNamee as Chief Privacy Officer to oversee Avast's global privacy strategy.

SentinelOne Appoints Brian Hussey as VP of Cyber Threat Response (StreetInsider.com) Vigilance MDR Thrives While Addressing Rapidly Expanding Enterprise Demand

Products, Services, and Solutions

Byos Introduces Endpoint Micro-Segmentation Solution to Extend Zero Trust Access to Any Remote Wi-Fi Connection (BusinessWire) Byos Introduces Endpoint Micro-Segmentation Solution to Extend Zero Trust Access to Any Remote Wi-Fi Connection; Ideal for WFH environments

ImmuniWeb Discovery to Intelligently Automate Penetration Testing Scoping and Scheduling (ImmuniWeb) The data-driven and risk-based approach prevents insufficient or incomplete testing, and precludes excessive or redundant testing by leveraging award-winning Machine Learning technology.

What's New in Web Security (Akamai) With Akamai's web security portfolio, the top focus this October is on the web application firewall (WAF), with exciting new capabilities: API Discovery and Adaptive Security Profiles.

Akamai launches new API security tool (BetaNews) APIs have become an important mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, using back end data and logic to create new and innovative offerings.

Akamai and Snyk Partnership Creates a Powerful Combination for In-Browser Script Protection (Akamai) A web experience begins with the sum of the code you created. But it also includes all the code the user is put in contact with when loading your website. This means the attack surface to monitor for web application software threats is not just your code repositories, but the sum of the assets real users encounter from the entire web application supply chain. This includes your codebase, open-source libraries used as dependencies (e.g., npm packages), third-party scripts loaded via script tags, and more.

Akamai Launches New Digital Badge Program for Channel Partners (Akamai) Partner enablement framework provides capabilities to manage customer lifecycle from prospecting through implementation for Akamai products.

Self-healing Cloud Infrastructure for Tomorrow’s Applications (Accurics) Enable cyber resilience by self-healing cloud infrastructure and codifying security throughout the development lifecycle.

No More Single Glass of Pain: ReliaQuest's GreyMatter Unified SaaS Security Platform Delivers Open XDR Approach (PR Newswire) ReliaQuest, a global leader in cybersecurity, today announced its unique "Open XDR" approach that solves modern enterprise cybersecurity...

BAE Unveils Cybersecurity Platform for Military Platforms; Michael Weber Quoted (ExecutiveBiz) BAE Systems has introduced a product suite the company designed to help military customers protect v

BAE Systems launches GXP Fusion™ application to increase situational awareness (BAE Systems) GXP Fusion will meet the complex data challenges confronting modern intelligence analysts

Palo Alto Networks Introduces Comprehensive Cloud Native Security Platform (Financial Buzz) Palo Alto Networks (NYSE: PANW) reported Prisma Cloud 2.0, a cloud native security platform that

Zscaler Becomes First Cloud Security and Zero Trust Vendor to Successfully Complete Australian Information Security Registered Assessors Program Assessment (PRWire) Achievement Confirms Zscaler Zero Trust Exchange and Zscaler Solutions Provide Assurance in Helping Australian Government Combat Cybersecurity Risks

Proofpoint Launches Compliant Capture and Archiving for Microsoft Teams (GlobeNewswire) Latest innovation captures and manages real-time digital communications across the most popular channels including Microsoft Teams

Onfido Wins “AI-Based CyberSecurity Solution of the Year” in the 2020 CyberSecurity Breakthrough Awards (StreetInsider.com) CyberSecurity honors Onfido for its innovative artificial intelligence technology powering its fast and secure remote identity verification

Cellebrite Launches "Connect" Global Virtual Summit Series (INSIDENOVA.COM) Participants Will Learn Firsthand How To Transform Their Organizations' Digital Investigation Efforts

ReversingLabs Wins Threat Intelligence Platform of the Year in 2020 Cybersecurity Breakthrough Awards (GlobeNewswire) ReversingLabs Titanium Platform Recognized for Unique “Glass Box” Human Readable Machine Learning Technology

IronNet Named "Overall Incident Response Solution of the Year" by 2020 CyberSecurity Breakthrough Awards (PR Newswire) IronNet Cybersecurity Inc., the leader in Collective Defense and Network Detection and Response (NDR), today announced that its IronDome...

IBM brings more threat intelligence into Cloud Pak for Security (SiliconANGLE) IBM Corp. today previewed upcoming updates to its Cloud Pak for Security product that it says will give cybersecurity professionals a more complete view of the risks facing their organizations.

Vectra expands intelligent cyberattack detection and response capabilities with CrowdStrike (PR Newswire) Vectra AI, a leader in network detection and response (NDR), today announced expanded response capabilities for its flagship product, Cognito...

Truepic Breakthrough Charts a Path for Restoring Trust in Photos and Videos at Internet Scale (PR Newswire) Today, Truepic Inc., the leader in provenance-based photo and video authentication, announced that it has successfully achieved the world's...

King & Union Introduces Fractional Ownership of Premium Threat Intelligence (INSIDENOVA.COM) ALEXANDRIA, Va., Oct. 15, 2020 /PRNewswire/ -- Today King & Union and its threat intelligence partners democratized threat intelligence data for thousands of organizations by launching Avalon Marketplace. Avalon marketplace

Technologies, Techniques, and Standards

The Chinese MSS Is Attacking Us with Our Own Tools (Nextgov.com) Here’s how to get ahead of the adversary with integrated cyber defenses.

Creating and Weaponizing Deep Fakes (Avast) Professor Hany Farid of UC Berkeley spoke at Avast’s CyberSec&AI Connected virtual conference last week, where he explained the evolution, prevalence and risks associated with deep fake content.

Design and Innovation

Twitter, Like Facebook, to Remove Posts Denying the Holocaust (Bloomberg) Twitter Inc. will remove posts that deny the Holocaust for violating its hateful conduct policy, according to a company spokeswoman.

YouTube bans coronavirus vaccine misinformation (Reuters) Alphabet Inc's YouTube said on Wednesday it would remove videos from YouTube containing misinformation about COVID-19 vaccines, expanding its current rules against falsehoods and conspiracy theories about the pandemic.

Council Post: The P-Word Is No Longer Dirty (Forbes) Once a taboo subject, brands should now see the value in publicly demonstrating their commitment to protecting consumer data from phishing attacks.

Academia

50 Colleges Where You Can Get a Cybersecurity Degree Online Now (Digital Guardian) You can gain many valuable cybersecurity skills online now. To celebrate National Cyber Security Awareness Month (NCSAM) we put together a list of 50 schools offering cybersecurity degrees online.

American Public University System Names Lt. Gen. Vincent Stewart, Former Deputy Commander of U.S. Cyber Command, to Board of Trustees (PR Newswire) American Public University System (APUS) has appointed retired U.S. Marine Corps Lt. Gen. Vincent Stewart to its Board of Trustees. Stewart...

Legislation, Policy and Regulation

National cyber security agency begins operations (The Scoop) The Ministry of Transport and Infocommunications has revealed that Brunei’s national cyber security agency has been in operation since August 1, although its official website was launched Tuesday.

Safe, secure cyberspace a top priority for Brunei (The Star Online) The establishment of Cyber Security Brunei (CSB) is hoped to spur interest in careers as cybersecurity experts and professionals among local youth, said Minister of Transport and Infocommunications Abdul Mutalib Mohammad Yusof.

CSIS agents said seeking judicial warrants was 'a necessary evil' (CP24) Canadian Security Intelligence Service employees see the spadework needed to obtain a judicial warrant as “a necessary evil” that detracts from more valuable activities, says an independent review that calls for a cultural shift inside the spy agency.

There Is a Solution to the Huawei Challenge (Center for American Progress) To compete at full strength in 5G, the United States must first counter China's market-distorting industrial policies.

US advisory meant to clarify ransomware payments only spotlights widespread uncertainty (CyberScoop) If a Treasury Department advisory threatening financial penalties against anyone paying ransomware hackers was intended to send a clear message,

Should ransomware payments be banned? Experts weigh in (SearchSecurity) Five experts from five different organizations give their take on whether ransomware payments should be banned. Overall, all five stopped short of recommending a ban.

Weighing Effects of Treasury's Ransomware Pay Warnings on Cyber Insurers and Victims (Insurance Journal) Recent warnings from the U.S. Treasury about paying ransomware demands are unlikely to substantially change how cyber insurers cover or handle such

Justice Department Launches Cryptocurrency Enforcement Framework (Chief Investment Officer) The guide provides an overview of the threats faced by the illicit use of cryptocurrencies and ways to combat them.

CISA confident on election cybersecurity (FCW) The Cybersecurity and Infrastructure Security Agency's efforts to help state and local governments secure their election critical infrastructure are in an intense home stretch for 2020, according to the agency's top risk manager.

The 2020 Election May Be the Most Secure in U.S. History (Foreign Affairs) Cyberattacks and COVID-19 Still Threaten the Vote, but States Are Prepared for Both

Defending U.S. Voting Processes Now and into the Future (Infosecurity Magazine) 2020 has created the perfect storm of challenges for the democratic process this year.

New York Regulator Urges Oversight for Social-Media Giants (Wall Street Journal) In a report about the cyberattack that hit Twitter in July, the New York State Department of Financial Services also said big social-media platforms should be designated as systemically important.

DFS Calls for Regulation of Social Media Giants (Infosecurity Magazine) Twitter’s inadequate cybersecurity prompts New York State to recommend regulation of social media companies

New Jersey CISO extols virtues of security centralization (StateScoop) The unique structure of New Jersey’s cybersecurity organization has advantages, said CISO Michael Geraghty, including catching vulnerabilities, like one that was being exploited by a Russian actor in January.

SecurityScorecard’s ‘State of the States’ Report Explained (SecurityScorecard) SecurityScorecard released a report that reviews the overall cybersecurity posture, including election-related infrastructure, of all 56 U.S. states and territories leading up to the presidential election.

Litigation, Investigation, and Enforcement

Rulings on TikTok, WeChat bans show limits of US national security claims (South China Morning Post) Decisions are the first substantial legal setback to the Trump administration after a series of actions against Chinese companies in the name of national security.

TikTok Rivals Seek to Exploit U.S. Action, Lawyers Say in Court Filings (Wall Street Journal) The Trump administration’s attempted ban on TikTok threatens to devastate the video-sharing app’s user base and competitive position, lawyers for the company argued Wednesday.

Trump Admin Tells 9th Circ. WeChat Limits Don't Curb Speech (Law360) The Trump administration urged the Ninth Circuit on Wednesday to issue an emergency stay of a lower court's preliminary injunction preventing the cutting off of U.S. transactions with WeChat, arguing the government's effort is not a First Amendment violation because it only seeks to ban certain transactions and not speech.

DC Circ. Expedites Trump's TikTok App Store Ban Appeal (Law360) The D.C. Circuit on Wednesday agreed to fast-track the Trump administration's appeal of a lower court ruling that temporarily blocked the government from banning new video-sharing app TikTok downloads from U.S. app stores.

Homeland Threat Assessment: October 2020 (Department of Homeland Security) In my role as Acting Secretary, I receive intelligence, operational, law enforcement, and other information on a daily basis. This Homeland Threat Assessment (HTA), the first of its kind for the U.S. Department of Homeland Security (DHS), draws upon all sources of information and expertise available to the Department, including from intelligence, law enforcement, and our operational Components.

Aviation Cybersecurity: FAA Should Fully Implement Key Practices to Strengthen Its Oversight of Avionics Risks (US Government Accountability Office) Modern airplanes are equipped with networks and systems that share data with the pilots, passengers, maintenance crews, other aircraft, and air-traffic controllers in ways that were not previously feasible...

Release of the 19th Joint Assessment of Section 702 Compliance (IC on the Record) Today, the DNI, in consultation with the Department of Justice, is releasing in redacted form the 19th Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702 of the Foreign Intelligence Surveillance Act, Submitted by the Attorney General and the Director of National Intelligence (“Joint Assessment”). The DNI is releasing this semiannual assessment proactively, in keeping with the Principles of Intelligence Transparency for the Intelligence Community.

Smoking-gun email reveals how Hunter Biden introduced Ukrainian businessman to VP dad (New York Post) Hunter Biden introduced his father, then-Vice President Joe Biden, to a top executive at a Ukrainian energy firm less than a year before the elder Biden pressured government officials in Ukraine in…

Hunter Biden emails show leveraging connections with his father to boost Burisma pay (New York Post) Hunter Biden discussed leveraging his connection to his father in a bid to boost his pay from a Ukrainian natural gas company, according to an email he sent around the time he joined the firm’s cor…

Joe Biden denies meeting Burisma official as purported Hunter Biden emails leaked (The Telegraph) The New York post published reports based on Hunter Biden's purported emails

Stock Market Insights | Seeking Alpha (SeekingAlpha) A New York Post story on Hunter Biden and Ukraine's Burisma natural gas company has run into sharing roadblocks on key social media platforms, igniting partisan controversy today.

Facebook Limited The Reach Of An Unconfirmed Story About Joe Biden’s Son Hunter. Twitter Blocked It. (BuzzFeed News) "In many countries, including in the US, if we have signals that a piece of content is false, we temporarily reduce its distribution pending review by a third-party fact-checker."

Hunter Biden’s alleged laptop: An explainer (Washington Post) The New York Post on Wednesday published an article based on emails purportedly obtained from a laptop that Hunter Biden, the son of former vice president Joe Biden, had supposedly left behind for repair in a Delaware shop in April 2019.

Biden campaign lashes out at New York Post (POLITICO) The campaign cast the allegations against Joe and Hunter Biden as “Russian disinformation,” while Republicans complained that social media companies were censoring the story.

Three weeks before Election Day, Trump allies go after Hunter — and Joe — Biden (Washington Post) President Trump’s personal attorney Rudolph W. Giuliani and his former top adviser Stephen K. Bannon, who have attracted the scrutiny of U.S. authorities for their political dealings in recent months, helped make public private materials purported to belong to Democratic presidential nominee Joe Biden’s son in an attempt to swing support to the struggling incumbent.

Twitter, Facebook face blowback after stopping circulation of NY Post story (Ars Technica) Controversial story proved fertile testing ground for social media disinfo policies.

Twitter Cites ‘Hacked Materials Policy’ to Justify Censorship of NY Post Hunter Biden Article | National Review (National Review) The Biden campaign did not dispute the veracity of the emails.

Twitter CEO Admits Handling of NY Post Biden-Burisma Article ‘Was Not Great’ (National Review) Dorsey’s announcement came as Twitter Support posted a thread trying to explain why it had been blocking users from sharing the Post article.

AP Explains: Trump seizes on dubious Biden-Ukraine story (AP NEWS) Looking to undermine rival Joe Biden 20 days before the election, President Donald Trump’s campaign has seized on a tabloid story offering bizarre twists to a familiar line of...

Facebook and Twitter censor potentially damning story about Joe Biden and corruption (Washington Examiner) Social media executives are about to discover the Streisand effect.

Facebook had the chance to stop Biden Ukraine misinformation before, but opted not to (Mother Jones) The company says it will stem the spread of smears it once took money to promote.

Suspect provenance of Hunter Biden data cache prompts skepticism and social media bans (TechCrunch) A cache of emails and other selected data purportedly from a laptop owned by Hunter Biden were published today by the New York Post. Ordinarily a major leak related to a figure involved in a controversy of Presidential importance would be on every front page — but the red flags on this one are so […

Twitter Data-Breach Case Won’t Be Resolved Before Year’s End, Ireland’s Regulator Says (Wall Street Journal) European privacy regulators are unlikely to issue a final ruling on Twitter’s handling of a 2019 data breach before the end of the year, Ireland’s data commissioner said.

Are you owed £5,000 for the Virgin Media data breach? (Your Money) Your Lawyers has launched a group action claim for victims of the Virgin Media data breach worth up to a total of £4.5bn.

Suspended Sentence for Brit Caught in FBI Creepware Sting (Infosecurity Magazine) A British man caught using malware to secretly film people in the privacy of their homes has avoided prison

DVLA Submits Nearly 200 Breach Notifications to ICO (Infosecurity Magazine) Apricorn FOI request points to data lapses

U.S. District Court For The District Of Columbia Finds That Alleged Cybersecurity Vulnerability Is Not Material Under False Claims Act (JD Supra) In a decision sure to bring some comfort to contractors providing information technology equipment and services to the federal government, a U.S....

Wells Fargo Fires Employees Who Applied for SBA Pandemic Loans (Wall Street Journal) Wells Fargo & Co. fired more than 100 employees for allegedly defrauding a federal pandemic-relief program.