Cyber Attacks, Threats, and Vulnerabilities
Russia planned cyber-attack on Tokyo Olympics, says UK (the Guardian) Foreign secretary condemns ‘cynical and reckless’ bid to disrupt Games, before they were postponed
UK accuses Russian GRU military intelligence of conducting malicious cyber campaigns to sabotage Tokyo Olympics (Computing) British official have also disclosed details of Russian attempts to target 2018 Winter Olympic and Paralympic Games in South Korea
Russian cyber-attack spree shows what unrestrained internet warfare looks like (the Guardian) US indictment of operatives, accused of launching several attacks, gives a detailed account of how they went about their business
Industry alert pins state, local government hacking on suspected Russian group (CyberScoop) Suspected Russian hackers were behind multiple recent intrusions of U.S. state and local computer networks, according to an industry analysis obtained by CyberScoop.
NSA publishes list of Top 25 vulnerabilities currently targeted by Chinese hackers (ZDNet) NSA urges US public and private sector to apply patches or mitigations to prevent attacks.
U.S. Spy Agency Warns Beijing's Hackers Aiming at U.S. Defense Industry, Military (Wall Street Journal) The National Security Agency warned that Chinese government hackers were taking aim at U.S. computer networks involved in national defense, characterizing the threat posed by Beijing as a critical priority in need of urgent attention
NSA Warns Chinese State-Sponsored Malicious Cyber Actors Exploiting 25 CVEs (National Security Agency Central Security Service) NSA released a new cybersecurity advisory detailing 25 vulnerabilities that Chinese state-sponsored malicious cyber actors are currently exploiting or targeting to encourage stakeholders to apply
Hackers Planted Trump Smears—and Pro-Iran Trolls Spread Them (The Daily Beast) Twitter suspended roughly 80 accounts tied to Iran after an investigation by The Daily Beast and Mandiant Threat Intelligence.
Iranian hackers attempt to carry out destructive attacks against Israeli companies (Israel Defense) Teams from cyber companies Profero and ClearSky identified attempts by hackers from the 'MuddyWater' group to inject destructive malware into the systems of Israeli companies
Operation Earth Kitsune: Tracking SLUB’s Current Operations (Trend Micro) A watering hole campaign we dubbed as Operation Earth Kitsune is spying on users’ systems through compromised websites. Using SLUB and two new malware variants, the attacks exploit vulnerabilities including those of Google Chrome and Internet Explorer.
Why OneDrive and Sharepoint Attacks Are Successful and How to Fight Back (Proofpoint) Threat actors have followed the enterprise migration to the cloud. They compromise and take over user accounts to move laterally inside an organization, steal data, or communicate with your business partners or customers to request fraudulent wire transfers.
This new malware uses remote overlay attacks to hijack your bank account (ZDNet) Vizom disguises itself as popular videoconferencing software many of us are relying on during the pandemic.
Credential Harvesting Made Easy - How Common Asset Discovery Configurations Are Enabling Hackers To Move Laterally - Randori (Randori) Our industry pays lots of attention to vulnerabilities and the need for patching. And yes, there is a need for this. But in the past couple decades, we’ve over-indexed on vulnerability management.
GravityRAT Comes Back to Earth with Android, macOS Spyware (Threatpost) The espionage tool masquerades as legitimate applications and robs victims blind of their data.
Trickbot Tenacity Shows Infrastructure Resistant to Takedowns (Dark Reading) Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.
Google’s Waze Can Allow Hackers to Identify and Track Users (Threatpost) The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
Ransomware gang donates part of ransom demands to charity organizations (ZDNet) The Darkside ransomware gang has donated $10K it received as part of ransom demands to Children International and The Water Project.
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack (Threatpost) Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.
How vulnerable are U.S. political campaigns to election interference from spoofed email? (Valimail) How much can you trust that a political fundraising email really came from who it appears to come from — or that if you click the links in the message, that the money you donate will actually end up in the account of who you intended to support?
Report: Major Pharmaceutical Company Exposes Private Data of US Prescription Drug Users (VPNMentor) We can reveal that Big Pharma giant Pfizer has been leaking the private medical data of 100s of prescription drug users in the USA, in a significant data breach discovered by Noam Rotem, Ran Locar, and vpnMentor’s cybersecurity research team.
Possible data breach exposes 2,219 patient files at McLaren Oakland hospital (Crain's Detroit Business) At least 2,219 patients at McLaren Oakland hospital were notified this week that their personal data might have been accessed through a hospital computer.Officials at the 328-bed nonprofit hospital in Pontiac became aware of a computer desktop file containing an unauthorized and unsecured link to a…
IoT Sex Toy Security Flaw | Avast (Avast) A security flaw in an app-connected chastity device for men left this device open to attack from anyone with know-how. It also left the users’ exact locations and private messages open to intruders.
No data breach in cyberattack against Clearwater River Casino (KLEW) Nez Perce Tribe officials at the Clearwater River Casino & Lodge and the It’se Ye-Ye Casino reopened Monday October 19 after an external cyberattack disrupted their computer systems for more than a week. “The privacy and security of our guests is a top priority and thankfully we can confirm that there was not a data breach. We are confident that no personal information stored in our systems was shared or compromised,” stated Nez Perce Tribal Enterprise Executive Officer Kermit Mankiller.
Vulnerability Summary for the Week of October 12, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
'Active Threat' Warning: Patch Serious SharePoint Flaw Now (BankInfo Security) Security experts are urging organizations to patch a newly revealed serious flaw in Microsoft SharePoint as quickly as possible because proof-of-concept exploit
Microsoft Issues Out-of-Band Security Patches for the Window Codec Library and Visual Studio Code (Redmondmag) Microsoft issued two 'out-of-band' security updates late last week.
Cyber Trends
State-Sponsored Hackers and Ransomware Gangs Are Diversifying Tactics to Inflict More Harm, According to Accenture Report (BaytownSun.com) Some of the world’s most skilled nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-sourced tools, actively exploiting corporate email systems and using online extortion to scare victims into paying ransoms, according to the 2020 Cyber Threatscape Report from Accenture (NYSE: ACN).
State-Sponsored Hackers and Ransomware Gangs Are Diversifying Tactics to Inflict More Harm, According to Accenture Report (Accenture) Some of the world's most skilled nation-state cyber adversaries and notorious ransomware gangs are deploying an arsenal of new open-
Cybersecurity is the New Market for Lemons, Research Supports (BusinessWire) New research supports the view that efficacy problems in the cybersecurity market are primarily due to economic issues, not technological ones.
Cybersecurity Technology Efficacy: Is cybersecurity the new “market for lemons”? (Debate Security) Cybersecurity Technology Efficacy: Is cybersecurity the new ``market for lemons``? RESEARCH REPORT The cybersecurity market is failing because the technology isn’t as effective as it needs to be. Based on over 100 comprehensive interviews with business and cybersecurity leaders from [...]
HCL AppScan and Ponemon Institute report reveals how organizations manage threats to their insecure applications. (HCL Software News) Businesses incurred losses that averaged $12 million as a result of attacks on their vulnerable applications.
88% of government agencies say misconfiguration of cloud services is a top security threat; pre-pandemic, only 25% considered it critical (Netwrix) The Netwrix report also revealed that the public sector is most worried about external threats, even though actual incidents were mainly related to insiders.
Marketplace
()
4iQ Raises $30 Million in Series C Funding, Names Kailash Ambwani as CEO (PR Newswire) 4iQ, a leader in Cyber Intelligence, today announced $30 million in Series C funding, led by ForgePoint Capital and Benhamou Global Ventures,...
Unit21 raises $13 million to turn AI into a fraud-fighting machine (VentureBeat) Startup Unit21 has raised $13 million in funding for its no-code, machine learning-powered fraud monitoring tools complete with case management tracking.
New Israeli cyber startup focuses on the dangers of airborne attacks (CTECH) AirEye, founded by three veteran cyber executives, aims to embark on series A funding in the upcoming weeks
Guardsquare Acquires App-Ray Technology to Advance Mobile App Protection with Continuous Security Testing (Odessa American) Guardsquare, the mobile application security platform, today announced the acquisition of App-Ray‒a leading provider of Mobile Application Security Testing (MAST).
McAfee IPO: will the stock benefit from the tech hype? (Capital) Tech companies have been dominating the IPO market so far in 2020. It seems like the famous cybersecurity business McAfee hopes that investor enthusiasm for the IT industry will extend to its initial public offering that is going to happen later this week.
The Best Cybersecurity Companies To Work For Based On Glassdoor (Forbes) The U.S. Bureau of Labor Statistics predicts cybersecurity jobs will grow 31% through 2029, over seven times faster than the national average job growth of 4%.
TikTok Tightens Crackdown On QAnon, Will Ban Accounts That Promote Disinformation (NPR.org) The action hardens the video-sharing app's previous enforcement against QAnon that targeted specific hashtags on the app but let the videos remain.
Facebook Is Already Preparing for a Biden Presidency (Medium) How the prospect of a “blue wave” is changing content moderation.
Webcast: Infosec Mentoring | How to Find and Be a Mentor & Mentee (Black Hills Information Security) They say it “takes a village” to help raise a child… well, it also takes a village to help raise an infosec professional. With so many technologies, techniques, and tools and the need for soft-skills and the ability to navigate different types of relationships, we all need help. That’s where a formal mentor can be […]
Bug bounty reporter cashes out on someone else's exploit (BleepingComputer) Bug bounty programs have gained increased momentum and interest from the security research community for their role in promoting security awareness and responsible vulnerability disclosure. But they are not without their fair share of problems.
DatChat Launches "Our Privacy is Under Attack" Public Awareness Campaign to Combat Social Media Censorship and Protect the Right to Free Speech (PR Newswire) In response to Facebook and Twitter censoring and banning posts shared about Hunter Biden's laptop from the New York Post, DatChat has launched...
OpenStack Foundation Announces Corporate Name Change to Open Infrastructure Foundation to Reflect Broader Commitment to Open Source Software (PR Newswire) OpenStack Foundation announced yesterday that it is changing its corporate name to Open Infrastructure Foundation (OIF) starting in 2021. The...
Czech-born cyber security giant Avast opens office in Romania (Intellinews) Czech-born cyber security solutions provider Avast Software, one of the world's largest IT security companies with an annual turnover of over $800mn, ...
Virtru Expands Executive Team to Accelerate Product Innovation and Growth in Key Markets (Virtru) Virtru announces the addition of two executives—Dana Morris and Will Peppo—charged with advancing the open Trusted Data Platform and further accelerating the adoption of data encryption solutions for secure collaboration.
Webroot Channel Chief Charlie Tomeo Steps Aside (CRN) Charlie Tomeo, who has led channel sales at Webroot for the last seven of his 15 years at the company, is leaving Webroot.
Michelle Sutphin Joins SAIC as Chief Security Officer | WashingtonExec (WashingtonExec) Technology integrator Science Applications International Corp. announced Michelle Sutphin has joined as chief security officer. In her new role, Sutphin
Products, Services, and Solutions
Pindrop® Helps Enterprises Anticipate Fraud up to 60 Days Before it Happens through New IVR Solution (Digital Journal) From Pindrop’s Client Forum Exchange, CFX Thriving Together, the pioneer in fraud detection and authentication today announced the launch of a new IVR solution that extends Pindrop’s groundbreaking fraud monitoring and detection capabilities into the IVR to provide enterprises with preventative and real-time fraud detection across the contact center.
UiPath and eSentire Partnership the First to Bring End-to-End… (eSentire) New strategic partnership enables organizations to automate Microsoft Security configuration and response for faster, more effective threat protection
Panaseer launches Continuous Controls Monitoring for Risk and Compliance (Global Security Mag Online) Panaseer is launching a new capability that solves one of the biggest challenges in risk management – data-driven security compliance and policy adherence monitoring. Its new compliance offering enables quantitative, continuous monitoring for internal policies and regulations. This monitoring capability gives risk, audit and compliance individuals information that security controls are deployed and operating correctly via its continuous controls monitoring (CCM) platform.
Cysiv Partners with Google Cloud to Accelerate Growth (PR Newswire) Cysiv, a SOC-as-a-Service company, today announced it has become part of the Google Cloud Technology Partner Co-sell Program. Google Cloud's...
HID Global Works With Temenos to Help Banks Meet Heightened Demand for Trusted Mobile and Online Transactions (BusinessWire) HID has collaborated with Temenos to expand the features of its multi-factor authentication solution that is available via the Temenos MarketPlace.
Acuant's Award-Winning Ozone® Chip Authentication Goes Mobile (PR Newswire) Acuant, a leading global provider of identity verification solutions, today announced the availability of Ozone® on mobile applications to...
Quzara Cybertorch™ Announces MSSP Medallion Capabilities powered by Tenable (PR Newswire) Quzara LLC, today announced deeper integrations with Tenable as a certified Medallion Level Managed Security Service Provider (MSSP)...
EHNAC and UDAP.org Announce Launch of Trusted Dynamic Registration & Authentication Accreditation Program (Accesswire) Supports scaling the interoperability requirements within ONC and related CMS Final Rules with a focus on technical standards; Enables trust and transparency for organizational and individual access to data
Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks (Security Affairs) Group-IB assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering web-bot and social engineering attacks Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering a wave of web-bot and social engineering attacks, and customer account takeovers. Powered with Group-IB’s solution for online fraud prevention Secure […]
EZ VPN™ - The Cloud Remote Access VPN for Anyone to Use (PR Newswire) As we begin to shift towards a growing remote workforce, there is much to consider regarding the accessibility of corporate network devices...
Aruba, WWT Score Comcast Business Secure Work From Home Deal (CRN) Here's a look at the blockbuster Comcast secure work from home deal won by Aruba and World Wide Technology (WWT).
Zscaler first cloud security vendor to complete IRAP assessment (Channel Life) Zscaler completed IRAP’s two security assessment stages, as dictated in the Australian Government Information Security Manual (ISM).
Card-Issuing System Aims To Standardize Security (PYMNTS.com) Entrust said its Sigma Instant Desktop Issuance product will set "the standard for simple, secure and smart instant-ID solutions" across a range of industries.
ReliaQuest's GreyMatter Unified SaaS Security Platform Delivers Open XDR Approach (Dark Reading) Vendor-agnostic platform helps Fortune 1000 customers maximize value of their existing cybersecurity investments.
Thwarting Malware Attacks with Bitglass (Bitglass) With most organizations migrating to the cloud, the need for a total cloud security solution becomes necessary to protect against cyberthreats.
Socure Launches DocV, A Fully-Automated and Integrated, Omnichannel Document Verification Solution (BusinessWire) Socure, the leader in Day Zero digital identity verification, today announced DocV, a fully-automated omnichannel document verification service that e
SlashNext Introduces World’s First On-Device AI Mobile Phishing Defense for SMS (BusinessWire) SlashNext, the phishing authority, today announced the world’s first on-device AI mobile phishing defense for IOS and Android with natural language an
Banyan Security Enhances Secure Remote Access for Engineering Resources (Yahoo) Banyan’s Continuous Authorization Can Grant or Revoke Access to Sensitive Engineering Environments and Applications in Real-time Based on Trust
Attivo Networks Enhances Portfolio for Amplified Identity Access Management Control (BusinessWire) Attivo Networks®, an award-winning leader in cyber deception and attacker lateral movement threat detection, today announced innovative enhancements t
Personal Cyber Insurance For The Growing Risk Of Cyberattacks (Forbes Advisor) Here’s an unwelcome scenario: You open your personal laptop and attempt to open a file, only to find your files are locked. You have a message waiting in your inbox. It says your files are encrypted and if you want the decryption key, you need to click on a link and pay $2,500 in bitcoin within 24 h
Blackpoint Unveils Cyber Liability Insurance for MSPs (MSSP Alert) Managed detection & response (MDR) services provider Blackpoint Cyber introduces Blackpoint RISK, a cyber liability insurance solution for its MSP partners.
Technologies, Techniques, and Standards
New Zealand launches data breach notification tool (The Daily Swig) NotifyUs service aids businesses and organizations
Avoiding the snags and snares in data breach reporting: What CISOs need to know (CSO Online) Ambiguities in a growing list of US reporting requirements keep CISOs up at night: Will they be compelled to report every breach even if they can prove the data was untouched? Experts advise on how to avoid trouble.
New Gitjacker tool lets you find .git folders exposed online (ZDNet) Tool can also download your Git repositories, allowing attackers to retrieve sensitive configuration files and source code.
FSB Issues ‘Effective Practices’ to Help Banks with Cyber Response, Recovery (ABA Banking Journal) The Basel, Switzerland-based Financial Stability Board today issued a toolkit of 49 cyber incident response and recovery practices for financial institutions.
Is poor cyber hygiene crippling your security program? (Help Net Security) Cybercriminals are targeting vulnerabilities created by the pandemic-driven worldwide transition to remote work, according to Secureworks.
Army counters Chinese influence in Africa with know-how and friendship (Washington Examiner) U.S. Army Lt. Col. Jon Anderson no longer notices the baboon refuge and sheepherders each day en route to train the Djiboutian National Army from the only American base on the African continent, Camp Lemonnier.
Design and Innovation
US Army looks to use soldiers’ biometric data to secure wearable tech (C4ISRNET) The service is looking to integrate wearables into its augmented reality goggles program.
Research and Development
SentinelOne secures patent for unique approach to uncovering exploits in their initial payload stage (Help Net Security) SentinelOne announced it has secured a new patent from the U.S. Patent & Trademark Office (USPTO), No. 10,762,200.
Academia
Purdue offers new online social engineering and digital forensics short courses and two new cybersecurity certification prep courses (Purdue University) Purdue University is offering new cybersecurity short courses in social engineering and digital forensics as part of a growing suite of offerings through the Purdue Polytechnic Institute’s Cyber Education Network Training Resources (CENTR).
DoD, NSA Partner With HBCUs, MSIs on a Cybersecurity Workforce Diversity Initiative (Meritalk) The Department of Defense (DoD) and the National Security Agency (NSA) have launched a new initiative aimed at increasing diversity in their cybersecurity workforce.
Bernie Skoch Selected as SynED's Cyber Hero for Expanding Cybersecurity Career Pathways (PR Newswire) Today SynED, a national non-profit organization that identifies emerging best practices for effective articulation between employers, job...
Gannon University joins CyberPatriot as Cyber Silver Sponsor (PR Newswire) The Air Force Association's (AFA) CyberPatriot National Youth Cyber Education program announced today that Gannon University has become the...
Telstra partners with UNSW for staff cyber skills (Which-50) UNSW and Telstra have co-developed two micro-credentials for cyber security fundamentals and coding to help build staff capabilities as the risk of
Legislation, Policy, and Regulation
Sweden bans Huawei, ZTE from upcoming 5G networks (reuters) Sweden on Tuesday banned on security grounds the use of telecom equipment from China's Huawei and ZTE in its 5G network ahead of a spectrum auction scheduled for next month, joining other European nations that have restricted the role of Chinese suppliers.
China imposes export controls as ECTA denounces Huawei ban (Telecoms.com) The inevitable Chinese retaliation against US sanctions is taking form. Meanwhile a European telecoms lobby group has objected to politically motivated bans.
Pakistan lifts ban on TikTok (TechCrunch) Pakistan Telecommunication Authority said on Monday it has lifted the ban on TikTok, 11 days after the South Asian nation’s telecom authority blocked the popular short video app in the country over problematic videos on the platform. The authority, however, warned that TikTok needs to actively mode…
Japan to join forces with U.S., Europe in regulating Big Tech firms: antitrust watchdog head (Reuters) Japan will join forces with the United States and Europe to take on any market abuses by the four Big Tech companies, the new head of its antitrust watchdog said on Monday, a sign Tokyo will join global efforts to regulate digital platform operators.
Uncertainty Looms Over Post-Brexit Data Flows (Wall Street Journal) Many businesses that operate in the U.K. as well as in the 27 EU member countries want EU officials to grant Britain a so-called adequacy status, proving that its data protection standards are strong enough for the personal information of Europeans to safely travel there. An EU court decision this month highlighting U.K. data retention practices may endanger that process, experts say.
()
JADC2 Needs Pentagon To Overhaul Data Management Policies (Breaking Defense) "There are going to be some vulnerabilities in there. We just have to recognize them immediately, and then be able to sort it out and mitigate it rapidly," Space Force Lt. Gen. Saltzman says.
Fed Takes Cautious Approach to Possibly Issuing Digital Currency (Wall Street Journal) The Federal Reserve is in no hurry to issue a digital currency, Chairman Jerome Powell said, citing unresolved concerns including the potential for theft and fraud.
Third Proposed Revisions to the CCPA: New Illustrative Examples and Minor Changes (cyber/data/privacy insights) On October 12, 2020, the California Attorney General published a third set of proposed modifications to the California Consumer Privacy Act. This follows revisions proposed in February and March 2020 that were largely approved following review by the Office of Administrative Law. As a reminder, the
Litigation, Investigation, and Law Enforcement
U.S. Justice Department hits Google with biggest antitrust lawsuit in two decades (Reuters) The U.S. Justice Department and 11 states filed an antitrust lawsuit against Alphabet Inc's Google on Tuesday for allegedly breaking the law in using its market power to fend off rivals.
Justice Department to File Long-Awaited Antitrust Suit Against Google (Wall Street Journal) The lawsuit, which will be filed today, accuses the search giant of anticompetitive conduct and marks the most aggressive U.S. legal challenge to a company’s dominance in the tech sector in more than two decades.
Department of Justice will charge Google with multiple violations of federal antitrust law today (Washington Post) The lawsuit will kick off a legal war between Washington and Silicon Valley, one that could have vast implications not only for Google but the entire tech industry.
US Charges Six Russian Military Officers in Global Cyberattacks (Voice of America) U.S. prosecutors on Monday announced charges against six Russian military intelligence officers in connection with a global computer hacking campaign that targeted the 2017 French presidential election and the 2018 Winter Olympics in South Korea, and carried out other high-profile cyberattacks.
US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks (ZDNet) The US Department of Justice has unsealed today charges against six GRU officers believed to be members of Sandworm, one of today's most advanced state-sponsored hacking groups.
US charges Russian hackers blamed for Ukraine power outages and the NotPetya ransomware attack (TechCrunch) Prosecutors accused the hackers of launching the "most disruptive and destructive series of computer attacks ever attributed to a single group."
US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit (WIRED) The Department of Justice has named and charged six men for allegedly carrying out many of the most costly cyberattacks in history.
U.S. Charges Six Russian Intelligence Officers With Hacking (Wall Street Journal) The indictment accuses the Russian hackers of knocking Ukraine’s energy grid offline, interfering in the French elections, and damaging computers worldwide in the costly 2017 NotPetya attack.
Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace (US Department of Justice) Defendants’ Malware Attacks Caused Nearly One Billion USD in Losses to Three Victims Alone; Also Sought to Disrupt the 2017 French Elections and the 2018 Winter Olympic Games
FBI Deputy Director David Bowdich’s Remarks at Press Conference Announcing Cyber-Related Indictment of Six Russian Intelligence Officers (Federal Bureau of Investigation) FBI Deputy Director David Bowdich delivered remarks during a press conference in Washington, D.C., with other Department of Justice officials announcing charges against six members of the GRU—Russia’s military intelligence agency—in connection with the worldwide deployment of destructive malware and other disruptive actions.
U.S. charges Russian intelligence officers in several high-profile cyberattacks (Washington Post) The United States on Monday unsealed criminal charges against six Russian government hackers in connection with some of the world’s most damaging cyber attacks, including disruption of Ukraine’s power grid and releasing a mock ransomware virus — NotPetya — that infected computers globally causing billions of dollars in damage.
Russian hackers charged with attacking Olympics, U.S. hospitals (Mashable) The men stand accused of unleashing the damaging NotPetya and Olympic Destroyer malware (among others) on the world.
6 Russians Indicted for Destructive NotPeyta Attacks (BankInfo Security) The U.S. Justice Department unsealed indictments against six Russian military officers on Monday, alleging that they carried out a series of major hacking
CYBERSECURITY: U.S. indicts alleged grid hackers. Could it backfire? (E&E News) A new indictment against six Russian nationals is the latest in a string of Justice Department actions aimed at deterring foreign hackers. But some experts warn the Trump administration's "name and shame" strategy -- replete with splashy "wanted" posters -- could invite retaliation.
United States of America v. Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin (United States District Court for the Western District of Pennsylvania) INDICTMENT COUNT ONE (CONSPIRACY TO COMMIT AN OFFENSE AGAINST THE UNITED STATES)
No Russian conspiracy in Biden laptop scandal: DNI Ratcliffe (The Washington Times) Director of National Intelligence John Ratcliffe said on Monday there is no evidence that Hunter Biden’s explosive emails are part of a Russian disinformation campaign, specifically calling out Rep. Adam Schiff for spreading the conspiracy without evidence.
()
Intelligence Experts Suspicious of DNI Ratcliffe On Laptop Story (Defense One) The chief of the U.S. intelligence community appeared to pre-judge the conclusions of an active FBI investigation.
FBI Examining Hunter’s Laptop As Foreign Op, Contradicting Trump’s Intel Czar (The Daily Beast) DNI Ratcliffe said on Monday there was no intel to support Russia being behind Hunter Biden’s laptop contents. But investigators are still looking into it.
Hunter Biden's laptop: A Russian trick, a hack-job — or just what it looks like? (TheHill) Would the FBI and Delaware US attorney's office have seized the laptop because they thought the whole thing was a fabrication?
Twitter, Responsibility, and Accountability (Stratechery by Ben Thompson) Twitter went too far last week for reasons that go back to 2016 and the unfair blaming of tech for media’s mistakes.
U.S. Treasury’s FinCEN Issues $60 Million Penalty Against Operator of Bitcoin ‘Mixers’ (Wall Street Journal) The civil penalty against Mr. Harmon, who already faces charges by the U.S. Justice Department, is the first of its kind imposed by the Treasury’s Financial Crimes Enforcement Network against a virtual currency “mixer” or “tumbler”—businesses that charge customers a fee to send virtual currencies to a designated address in a manner designed to conceal the source or owner of the currency, according to the agency.
New Yorker Suspends Jeffrey Toobin for Masturbating on Zoom Call (Vice) The call was an election simulation featuring New Yorker all-stars. Toobin apologized for the "embarrassingly stupid mistake."