Cyber Attacks, Threats, and Vulnerabilities
Mapping MITRE ATT&CK to SandWorm APT’s Global Campaign (Digital Shadows) On Thursday, October 15th, the United States Department of Justice (DoJ) indicted six Russian military officers connected to the SandWorm advanced persistent threat (APT) group, a threat group
Russian Turla hackers breach European government organization (BleepingComputer) Russian-speaking hacking group Turla has hacked into the systems of an undisclosed European government organization according to a new Accenture Cyber Threat Intelligence (ACTI) report.
The Cybersecurity 202: Election operations are holding up so far against a wave of hacks and technical failures (Washington Post) The week before Election Day has seen a wave of digital attacks on election systems and technical foul-ups, but officials are mostly parrying the blows to keep voting going on as planned.
In campaign’s closing days, disinformation arrives via text message and email (Washington Post) A video sent to voters falsely claimed that Joe Biden wants to give “sex changes to second-graders.”
‘Perception Hacks’ and Other Potential Threats to the Election (New York Times) In the final days of voting, election officials and cybersecurity experts are keeping a close eye on a range of possible ways foreign governments and other hackers could interfere.
Election Risks and Other Worries for Local Governments (Digitalware) The coming election, with all of its complexities and potential controversies, is at the forefront of every American’s mind. Our vote on November 3 will determine not only the next President of the United States, but also the balance of power in the US Senate and a host of other federal, state, and
Operation Earth Kitsune A Dance of Two New Backdoors (Trend Micro) We uncovered two new espionage backdoors associated with Operation Earth Kitsune: agfSpy and dneSpy. This post provides details about these malware types, including the relationship between them and their command and control (C&C) servers
Chinese Hackers Expanding Global Footprint Exploiting Common Vulnerabilities, Report Says (International Business Times, Singapore Edition) After the NSA published a list of 25 common vulnerabilities, cybersecurity research firm Check Point found that Chinese hackers have been exploiting them to expand globally
Cyberattacks target international conference attendees (Microsoft on the Issues) Today, we’re sharing that we have detected and worked to stop a series of cyberattacks from the Iranian threat actor Phosphorous masquerading as conference organizers to target more than 100 high-profile individuals, including potential attendees of the upcoming Munich Security Conference and the T20 Summit in Saudi Arabia.
Microsoft detects cyberattacks from Iran-linked actor engaged in intelligence collection (Reuters) Microsoft Corp <MSFT.O> said on Wednesday that it detected and attempted to stop a series of cyberattacks from Phosphorus, which the company described as an 'Iranian actor', with the attacks aimed to target over 100 high-profile individuals.
Microsoft: Iranian attackers hacked security conference attendees (BleepingComputer) Microsoft disclosed today that Iranian state-sponsored hackers successfully hacked into the email accounts of multiple high-profile individuals and potential attendees at this year's Munich Security Conference and the Think 20 (T20) summit.
Microsoft warns that Iranian hackers are targeting the Munich Security Conference (SiliconANGLE) Microsoft warns that Iranian hackers are targeting the Munich Security Conference - SiliconANGLE
Building wave of ransomware attacks strike U.S. hospitals (Reuters) Eastern European criminals are targeting dozens of U.S. hospitals with ransomware, and federal officials on Wednesday urged healthcare facilities to beef up preparations rapidly in case they are next.
European ransomware group strikes US hospital networks, analysts warn (CyberScoop) An Eastern European cybercriminal group has conducted ransomware attacks at multiple U.S. hospitals in recent days in some of the most disruptive cyber-activity in the sector during the coronavirus pandemic, cybersecurity company FireEye said Wednesday.
Ryuk Ransomware Delivered Using Malware-as-a-Service Tool (BankInfo Security) The operators behind the Ryuk strain of malware are increasingly relying on a malware-as-a-service tool - the Buer loader - to deliver the malware, rather than
FBI warns ransomware assault threatens US healthcare system (ABC News) Federal agencies say cybercriminals are unleashing a major ransomware assault against the U.S. healthcare system
FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals (KrebsOnSecurity) On Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of…
Hospitals being hit in coordinated, targeted ransomware attack from Russian-speaking criminals (Washington Post) Russian-speaking cybercriminals in recent days have launched a coordinated attack targeting U.S. hospitals already stressed by the coronavirus pandemic with ransomware that analysts worry could lead to fatalities.
Ransomware Activity Targeting the Healthcare and Public Health Sector (CISA) This joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain.
New Emotet delivery method spotted during downward detection trend (Malwarebytes Labs) Emotet got a superficial facelift this week, hiding itself within a fake request asking users to update Microsoft Word to take advantage of new features.
EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone (SecurityWeek) The results of 13 million medical exams relating to around 3.5 million U.S. patients are unprotected and available to anyone on the Internet, with more than 2 petabytes exposed.
German infectious disease agency hit again by hackers after arson attack (Reuters) Germany's Robert Koch Institute for infectious disease control was targeted again by hackers on Wednesday, days after its headquarters was damaged in an arson attack, the Interior Ministry said.
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser (FireEye) Mandiant Threat Intelligence has tracked several loader and backdoor campaigns that lead to the post-compromise deployment of ransomware.
REvil ransomware gang claims over $100 million profit in a year (BleepingComputer) REvil ransomware developers say that they made more than $100 million in one year by extorting large businesses across the world from various sectors.
Keeping ransomware cash away from your business (Malwarebytes Labs) Ransomware gangs are in the news for donating stolen funds to charitable organisations. Is this a good thing, or ultimately a terrible idea?
A Lesson in Phishing: University Account Takeover (INKY) If your business works with any universities, you’ll want to know about the latest phishing scam involving university account takeovers. Learn how hackers are harvesting credentials from businesses and what you can do to protect your company’s interests.
Fake COVID-19 survey hides ransomware in Canadian university attack (Malwarebytes Labs) Universities are a hot target for ransomware right now. In this latest attack, a threat actor was targeting the University of British Columbia.
COVID-19-related scams cost Americans over $160 million (Atlas VPN) According to data analyzed by the Atlas VPN research team, Americans lost more than $160 million to COVID-19-related scams since the start of 2020. In total, US citizens reported over 118 thousand fraud cases, with 49.2% of those reports indicating a financial loss.
SMBGhost - the critical vulnerability many seem to have forgotten to patch (SANS Institute) You probably remember that back in March, Microsoft released a patch for a vulnerability in SMBv3 dubbed SMBGhost (CVE-2020-0796), since at that time, it received as much media attention as was reasonable for a critical (CVSS 10.0) vulnerability in Windows, which might lead to remote code execution
Immutable Storage Subversion Attacks Present Severe Threat to Unprotected Backup Data
(Asigra) Asigra Inc., a leader in backup and recovery software that delivers comprehensive backup repository cyber protection, today emphasized the importance of cybersecurity-enabled backup and recovery with software integrated step-up multi-factor authentication (AKA: Deep MFA).
Nitro Data Breach Could Spell Trouble for Google, Apple, Microsoft and Others (DivvyCloud) Now, more than ever, we rely on PDFs for many business and personal uses. Whether you’re filling out a job application, health insurance form, lease, or mortgage application, it’s likely that you’ll be including some sensitive or personally identifiable information, which, in the hands of bad actors, can be misused, sold, or exposed in ways that place you at risk. Therefore, it’s essential for PDFs to remain secure.
Vulnerabilities on the corporate network perimeter (Positive Technologies) A proper security assessment of corporate infrastructure takes time and requires highly qualified security experts. Security assessment tools can help to fill this need. These tools are special systems that automatically detect open network ports and available services, software vulnerabilities, as well as configuration flaws in equipment, servers, and protection tools.
True, the social networking app that promises to ‘protect your privacy,’ exposed private messages and user locations (TechCrunch) Exclusive: The privacy-focused social app exposed private messages, posts, and users' location data.
Hackers Can Open Doors by Exploiting Vulnerabilities in Hörmann Device (SecurityWeek) Hackers could remotely open garage doors and gates by exploiting vulnerabilities found in a gateway device made by Hörmann
Microsoft Defender ATP scars admins with false Cobalt Strike alerts (BleepingComputer) Administrators woke up to a scary surprise today after false positives in Microsoft Defender ATP showed network devices infected with Cobalt Strike.
Machine-in-the-Middle (MitM) BLE Attack (Black Hills Information Security) Ray Felch // Introduction Continuing with my ongoing Smart Lock attack research (see blog Reverse Engineering a Smart Lock), I decided to move my focus to a different type of attack technique, namely a relay attack. The relay attack is a form of MitM attack, not to be confused with the more well-known replay attack. […]
What Attack Surface Skeletons are Hidden in your Closet? (Bugcrowd) But October is Cybersecurity Awareness Month, which is a good reminder to increase awareness on those ghostly forgotten assets or spooky shadow IT. Chances are, you have more assets hidden in the shadows than you think.
WSJ News Exclusive | Hacker Releases Georgia County Election Data After Ransom Not Paid (Wall Street Journal) A website maintained by the hacker lists the county among hacked entities whose “time to pay is over,” according to a review of the hacker’s website.
Enel Group hit by ransomware again, Netwalker demands $14 million (BleepingComputer) Multinational energy company Enel Group has been hit by a ransomware attack for the second time this year.
Vietnamese malware researcher discovers vulnerabilities in Adobe software (VnExpress International) Tran Van Khang, a Vietnamese malware analyst, has detected three vulnerabilities in Adobe's latest update and reported them to the company.
CCMH avoids public disclosure of data breach (Cedar Republican) Last week, on or before Thursday, Oct. 22, staff and administration at Cedar County Memorial Hospital became aware of an online data breach, followed by an apparent attempt to extort
Sky Lakes hit by ransomware attack (Sky Lakes Medical Center) Earlier today, Sky Lakes Medical Center was the victim of a ransomware attack on its computer systems.
Notice to Hospital Patients About Computer Systems Disruption | Sonoma Valley Hospital (Sonoma Valley Hospital) On October 11, Sonoma Valley Hospital experienced a security incident that affected computer systems and triggered a significant downtime event.
The pressures the online gaming community faces when it comes to cybersecurity (Security Magazine) Online games and specifically the Massive Multi-Player (MMO) games, experience multiple attacks from hackers, platform competition that try to block players’ access to the gaming platforms, as well as cheating players that can attack other players slowing their connection, while gaining a competitive advantage. These attacks can take the entire game offline, resulting in hundreds of thousands of dollars lost, according to Radware’s threat research team.
Steelcase hit by cyber attack (Michigan Live) The attack on the company's information technology systems was detected Oct. 22.
Europe’s Core Payments Network Disrupted by Technical Malfunction (Wall Street Journal) The European Central Bank blamed a software defect for a disruption last week that left banks unable to process transactions and securities trades for almost 11 hours.
Cyber Trends
New SonicWall Research Finds Aggressive Growth in Ransomware, Rise in IoT Attacks (SonicWall) Ryuk Ransomware Responsible for One Third of All Ransomware Attacks in 2020 MILPITAS, Calif. — OCT. 29, 2020 — SonicWall Capture Labs threat researchers today unveiled third-quarter threat intelligence collected by the company’s more than 1 million global security sensors. Year-to-date findings through September 2020 highlight cyber criminals’ growing use of ransomware, encrypted threats and …
Veracode State of Software Security: Half of Application Security Flaws Remain Open Six Months After Discovery; Apps with Technical Debt Take Two Times as Long to Fix (Veracode) SOSS Volume 11 finds 76% of applications have at least one security flaw
ESET Threat Report Q3 2020 | WeLiveSecurity (WeLiveSecurity) The ESET Threat Report Q3 2020 look at key trends that shaped the threat landscape in the third quarter of 2020 and brings exclusive ESET research updates.
New Report Shows That the COVID-19 Pandemic Has Not Slowed Down Global Zero Trust Networking Implementation (GlobeNewswire) Survey results released by Enterprise Management Associates and Pulse Secure reports that 60% of organizations have accelerated their Zero Trust projects during the pandemic, while only 15% have slowed down
New Research: Number of Records Exposed Reaches Staggering 36 Billion (RiskBased Security) Today, we released our new 2020 Q3 Data Breach QuickView Report, which reveals that the number of records exposed has increased to a staggering 36 billion. There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion re
Zscaler™ State of Digital Transformation EMEA 2020 (Zscaler) Prior to the pandemic, enterprises were actively migrating private applications to public clouds as well as enabling some users to access applications from any location and from any device.
How the Pandemic is Reshaping the Bug Bounty Landscape (Threatpost) Bugcrowd Founder Casey Ellis talks about COVID-19's impact on bug bounty hunters, bug bounty program adoption and more.
Half of workers admit to opening suspicious emails (ITProPortal) Most employees have received some cybersecurity training, but it's not always effective.
Most companies have high-risk vulnerabilities on their network perimeter (Help Net Security) An instrumental scanning of the network perimeter of selected corporate information systems showed high-risk vulns at most companies.
Blockchain hackers have stolen over $13.6 billion in 330 hack events (Atlas VPN) According to data analyzed by the Atlas VPN team, hackers stole $13.6 billion through 330 blockchain hack events.
Top 10 Most Impactful and Rewarded Vulnerability Types | HackerOne (HackerOne) The biggest bounties paid and most critical vulnerabilities reported through the HackerOne Platform through April 2020.
Marketplace
What could your company do with $2M? (DataTribe) This is the last week for teams to submit an application for the $2M DataTribe Challenge. The application window is open through Friday, October 30th. The DataTribe Challenge brings together the best entrepreneurs in the world to looking to disrupt cybersecurity and data science. DataTribe selects three finalists that split $20,000 in prize money and one winner that could receive up to $2 million in seed capital.
Enso Security raises $6M for its application security posture management platform (TechCrunch) Enso Security, a Tel Aviv-based startup that is building a new application security posture management platform, today announced that it has raised a $6 million seed funding round led by YL Ventures, with participation from Jump Capital. Angel investors in this round include HackerOne co-founder an…
Zerto Gains Momentum with Leadership Recognition in the Backup and Recovery Market (BusinessWire) Zerto has been named the Leader in the 2020 Software Reviews/Info-Tech Backup and Availability Software Data Quadrant Report.
Is Twitter Going Full Resistance? Here’s the Woman Driving the Change. (POLITICO) The war between conservatives and Twitter is heating up, in part because of Vijaya Gadde’s unheralded influence on the iconic social-media company.
BT hands Ericsson major 5G contract as Huawei snub continues (Channel Web) Nordic vendor will help manage 50 per cent of 5G traffic going through BT and its EE provider
Part Two: Huawei Enlists Russian Talent and Technology to Ensure Future Innovation (Council on Foreign Relations) Huawei is expanding its presence in Russia to sustain its growth.
Government to spend up to £20m on ‘border flow’ contract with CIA-backed big data firm Palantir (PublicTechnology.net) The government will spend up to £20m with big data firm Palantir to deliver a “border flow service”. Newly published procurement information reveals that the Cabinet Office has awarded an initial one-year deal that will be worth £7.85m to the US firm.
Air Force awards contract for new cyberspace test facility, munitions complex at Eglin AFB (U.S. Air Force) The Air Force Civil Engineer Center is leading the construction of $107 million in state-of-the-art facilities at Eglin Air Force Base.
Barracuda eyes Indochina markets (ComputerWeekly) Barracuda is looking to expand its local presence and headcount in fast-growing emerging markets of Vietnam, Cambodia and Laos
NINJIO Celebrates Cybersecurity Awareness Month and Creativity with Inaugural AWARE Award (NINJIO) NINJIO and IASAP announce the winner of their first-ever “Submit a Story” contest in conjunction with NCSAM.
AttackIQ Launches New Informed Defenders Executive Council to Share Expertise and Improve Cybersecurity Effectiveness (BusinessWire) AttackIQ launches the Informed Defenders Executive Council to share tech, defense best practices and skills for improving security effectiveness.
TrueFort Adds Former Citi CTO to Board of Advisors (BusinessWire) TrueFort is filling an unmet need for application-centric security capabilities that protect businesses from data breaches said Motti Finkelstein.
VMware appoints ex-Dell exec as UK channel boss (Channel Web) Andrew Corcoran named as new partner and channel sales boss for virtualisation leader's UKI operations
Shift5 Announces Appointment of Scott Shreve as Head of Product (PR Newswire) Shift5 is pleased to announce the appointment of Scott Shreve as Head of Product. Shift5 delivers cutting-edge cybersecurity solutions that...
Laughton Joins Coalfire's Growing Ranks Of Top Women Cyber Executives (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today announced the promotion of Karen Laughton to vice president,...
DataTribe Appoints John Funge as Startup Foundry’s Managing Director (Yahoo Finance) DataTribe appoints John Funge, currently Chief Product Officer (CPO) at DataTribe, to Managing Director.
Products, Services, and Solutions
vArmour Introduces New Product to Manage User Access Risks of Distributed Workforces (GlobeNewswire) Module uses relationships to visualize and control user access to every application enterprise-wide
BitDam Expands its Offerings to Latin America (PRWeb) BitDam, a leading provider of cybersecurity solutions that protect enterprise communications from unknown threats hidden in files and links, today announced...
Omada Identity Cloud (Omada) Extends Intelligent Decision Support and Enhanced Configurability Features to the Cloud
KnowBe4 Offers Work From Home Resource Center (PR Newswire) KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has launched a...
Ping Identity Unveils Advanced Passwordless Features to Transform Digital Experiences (BusinessWire) Ping Identity (NYSE: PING), the intelligent identity solution for the enterprise, today announced PingZero, a suite of passwordless authentication fea
SolarWinds RMM Merges with Endpoint Detection and Response (Channel Futures) These endpoint detection and response capabilities are now able to mitigate risk by monitoring and managing endpoint security from a single dashboard.
Falanx Group joins SolarWinds Technology Alliance Program (DirectorsTalk Interviews) Falanx Group Limited (LON:FLX), the AIM listed provider of cyber security and strategic intelligence services, has announced that its cyber security
Thales Launches Its Identity Verification Suite, a Secure Biometric Solution for Customer Onboarding (Cadillac News) Thales, world leader in digital security, has launched its Identity Verification Suite, in response to the rising need of remote client onboarding. With privacy and user experience as its heart, the IDV Suite enables a secure and 100%-AI identity verification service.
Lumen automates DDoS mitigation as attacks surge worldwide (PR Newswire) Cybersecurity experts have seen a dramatic rise in sophisticated distributed denial of service (DDoS) attacks in recent months. Downtime from...
TrapX Introduces Industry-First Deception-As-A-Service Solution, TrapX Flex™ (TrapX Security) New Hosted Solution Addresses Critical Visibility Gap to Protect
Corporate, Cloud Assets and Reduce Remote Worker Risk
Mobolize Announces Technology Partnership with Akamai to Enable Security on Mobile Devices (BusinessWire) Mobolize, the recognized leader for providing an on-device Data Management Engine that provides security, connectivity and optimization on mobile devi
CloudVector Launches Enterprise Edition – Comprehensive Protection for Advanced API Risks (CloudVector) AI-enhanced approach to discover, monitor and secure all APIs enables granular visibility and control; Unique micro sensor architecture mitigates API data breaches with zero performance impact on agile DevOps
Gigamon Expands Cloud Ecosystem Reach with Ingram Micro Agreement (BusinessWire) Gigamon and Ingram Micro sign distribution agreement to deliver world-class cloud solutions to ecosystem channel partners across the US.
Exabeam Extends Security Management Platform with AWS, Google Cloud Platform and Microsoft Azure Cloud Storage Monitoring (Exabeam) Exabeam helps identify user and object anomalies and enables security teams to more efficiently detect, prioritize and investigate[...]
ESET launches ESET Cloud Office Security to provide advanced protection for Microsoft 365 (ESET) News about ESET's product launches and updates, directly from the maker of legendary NOD32 technology.
ESET Launches New Data Security Guide for Small to Medium-Sized (ESET) Dedicated website will offer guidance on privacy policies, emerging cybersecurity threats and general best practices
Index Engines hones CyberSense for backup data protection (SearchDataBackup) Index Engines updated its CyberSense ransomware detection and recovery tool with increased data throughput and new database support. The product scans backups for potential attacks.
Cowbell Cyber Brings Essential Cyber Insurance Coverages to Manufacturing and Construction (Cowbell Cyber) Cowbell brings an admitted insurance product that addresses exposures unique to manufacturing, construction and other classes of business.
Technologies, Techniques, and Standards
Calling the bluff of breachstortion gangs (Computing) Confidence in the defences and using backup data to test and assess is key to standing up to the latest criminal demands
Mitre ATT&CK: How it has evolved and grown (SearchSecurity) An overview, background and evolution on the Mitre ATT&CK framework: Vendors and analysts discuss the adoptions and challenges of the framework but agree that overall, it benefits an organization's security posture.
How to Prepare IP Network Infrastructure for 5G Era (Heficed) Press release from Heficed: How to Prepare IP Network Infrastructure for 5G Era.
How to Avoid Data Breaches While Embracing Collaboration (Meritalk) The surging use of collaboration tools like Microsoft Teams and Zoom during the pandemic has dramatically increased the information attack surface for organizations and widened blind spots in data protection. MeriTalk recently connected with Matthew Radolec, Director of Security Architecture & Incident Response at Varonis, to understand how organizations can effectively detect and respond to cyber threats popping up in tools many haven't thought to consider.
()
Update on DoD’s Cloud-Based Internet Isolation (Menlo Security) Menlo CTO Kowsik Guruswamy joins host John Gilroy and Mike Hatcher of By Light to talk about web isolation and their progress on the CBII deployment for DoD.
()
Algorithmic Warfare: Air Force Meshes Info-War Capabilities (National Defense) The Air Force is working to coalesce a number of its information warfare operations as great power competitors Russia and China make investments in their own digital warfighting tools.
Design and Innovation
Can automated penetration testing replace humans? (Help Net Security) Automated penetration testing tools that can be used to automate penetration testing under certain conditions have surfaced, are they good?
Pandemic Forces Companies to Confront Technology Ethics Questions (Wall Street Journal) Matters of ethics eventually will be built into how tech products are conceived and built, said Paula Goldman, chief ethical and humane use officer, at tech giant Salesforce.com.
QAnon learns to survive — and even thrive — after Silicon Valley’s crackdown (Washington Post) Months into Silicon Valley’s crackdown on the far-right QAnon conspiracy theory, dozens of websites, social media apps and e-commerce platforms remain flooded with its debunked claims, showing a durability likely to outlast next week’s presidential election — no matter the outcome.
Research and Development
In a first, researchers extract secret key used to encrypt Intel CPU code (Ars Technica) Hackers can now reverse engineer updates or write their own custom firmware.
Legislation, Policy, and Regulation
The West Is Surprisingly Well-Equipped for Gray-Zone Deterrence (Defense One) Authoritarian officials and oligarchs interact with Western nations in ways that give democratic governments leverage.
China to Reveal How It Plans to Grow Economy Into the 2030s (Bloomberg) The first glimpse into China’s economic plans for the next five and 15 years will be unveiled Thursday when initial details are released on how the country will steer growth and develop industry in the face of an antagonistic external environment.
India, US sign intel-sharing agreement amid tension with neighboring China (Defense News) India and the United States have signed a basic exchange and cooperation agreement for geospatial cooperation, a major defense pact for the exchange of classified geospatial intelligence between their armed forces.
Pompeo, in Indonesia, renews China attacks as US vote looms (AP NEWS) U.S. Secretary of State Mike Pompeo renewed the Trump administration’s rhetorical onslaught against China in Indonesia on Thursday as the American presidential election...
The 2020 Election May Be the Most Secure in U.S. History (Foreign Affairs) Cyberattacks and COVID-19 Still Threaten the Vote, but States Are Prepared for Both
Google to campaign against EU push for tougher rules against big tech (Computing) Technology giants are worried about the impact of new regulations on their business models
Facebook, Google, Twitter CEOs clash with Congress in pre-election showdown (Washington Post) The Senate Commerce Committee’s hearing was set to discuss tech’s content-moderation practices, but antitrust and extremism were also debated
At Hearing, Republicans Accuse Zuckerberg and Dorsey of Censorship (New York Times) Facebook, Google and Twitter C.E.O.s defend their content moderation at a Senate hearing.
Tech CEOs Square Off With Senators in Hearing Over Online Speech (Wall Street Journal) A Senate hearing in which lawmakers tangled with leaders of the largest social-media companies reflected deep discontent with their power to shape political discourse—and equally deep divisions over how to address it.
Jack Dorsey testifies that Twitter does not have the ability to influence elections during Senate hearing (USA TODAY) The claim came during testy questioning from Sen. Ted Cruz during a hearing in which Dorsey appeared with the CEOs of Facebook and Google.
Section 230 barely rates a mention in Senate's hasty pre-election flogging of tech CEOs (Yahoo) Today's Senate hearing on immensely important legal protections for online platforms quickly proved to be little more than an excuse for Senators to accuse the CEOs of Twitter, Facebook and Google of partisan interference with next week's election. The actual law being considered for revision
'Who the hell elected you?' U.S. Senate tech hearing becomes political showdown (Japan Today) A U.S. Senate hearing to reform an internet law and hold tech companies accountable for how they moderate content quickly turned into a political scuffle as lawmakers not only went after the companies but also attacked each other. Lawmakers are split on ways to hold Big Tech accountable under Section…
Social media CEOs rebuff bias claims, vow to defend election (WNYT NewsChannel 13) Under fire from President Donald Trump and his allies, the CEOs of Twitter, Facebook and Google rebuffed accusations of anti-conservative bias at a Senate hearing Wednesday and promised to aggressively defend their platforms from being used to sow chaos in next week's election.
Tech executives warn lawmakers they see continued foreign interference attempts ahead of election (Washington Post) The chief executives of Facebook, Google and Twitter promised to continue to push back against foreign interference during the hearing.
Lawmakers Urge Next Administration to Focus on Cybersecurity (Wall Street Journal) The slate of complex issues the next administration will inherit goes far beyond ongoing cyber conflicts with Russia, China and Iran, lawmakers and experts say. The federal government needs to bolster its own cyber capabilities, they say, while helping the U.S. navigate the rapid-fire digitization of the global economy.
Lawmaker wants speedier attribution for cyberattacks (C4ISRNET) Rep. Jim Langevin believes nations need to more quickly and publicly attribute malign cyber activity by other nations.
How The Election Will Affect The Federal Privacy Law Fight (Law360) Federal lawmakers have long struggled to craft privacy legislation that would dictate how companies use and share personal information, but if one party is able to control Congress and the presidency in this year's election, the prospects for a national standard are likely to increase significantly.
WSJ News Exclusive | Trump Administration Considers Early Biometric Screening for Visa Seekers (Wall Street Journal) Under the proposal, visa applicants would need to submit their fingerprints and possibly other biometric information to be entered into a new database before they are permitted to submit applications online.
Litigation, Investigation, and Law Enforcement
FBI, DOJ announce indictment against 8 Chinese operatives (Fox News) FBI Director Christopher Wray and Assistant Attorney General for National Security John C. Demers announced an indictment of eight Chinese operatives accused of taking part in a widespread campaign to intimidate and coerce dissidents around the world that have reached U.S. soil.
WSJ News Exclusive | Apple Faces Antitrust Complaint in France Over Privacy Changes in iPhones (Wall Street Journal) Apple’s operating software starting early next year will require apps to get opt-in permission from users to collect their advertising identifier, a number used to deliver targeted ads and check how ad campaigns performed.
Facebook sued over Cambridge Analytica data scandal (BBC News) The company is accused of misusing almost one million users' data in England and Wales.
Dems Ask FCC If Trump Interfered In Social Media Probe (Law360) Two House Democrats have asked the Federal Communications Commission to clarify whether the White House or President Donald Trump's reelection campaign has interfered in a rulemaking that could crack down on perceived social media bias.
How a ‘diabolical’ former DEA staffer conned the intelligence community (Washington Post) Garrison Courtney, who pretended to be in the CIA, was sentenced Wednesday to seven years in prison.
Filter Company Customer Says It Should Be Liable for Data Breach (Bloomberg Law) An air and water filter company acted negligently and violated unfair trade practices law by failing to protect user information from a nearly year-long cyberattack, according to a proposed class action.
‘So many families have been targeted’: US troops say German tax officials are asking for sensitive personal information (Stars and Stripes) Service members targeted by German tax collectors say U.S. military commands leave them to fend for themselves.