the near future: the latest about the next few months.
Automation to shape cybersecurity activities in 2021 (Help Net Security) Automation will play a major role in shapingcyber security attack and defence activities in 2021, according to WatchGuard researchers.
Warning: Domestic cyber terrorism on the rise in 2021 (Includes interview) (Digital Journal) This year has been rocky, yet as businesses attempt to re-build for 2021, next year will see a continuation of challenges and some new threats emerging. These include new cyber-threats, both internal and external to the nation state.
Bad Bots and DDoS fuel record cyber risk (Security Brief) How many attackers are going to hide within this expected traffic spike?
Five trends we'll see in 2021 as enterprises accelerate their cloud modernisation journeys (Computing) With light at the end of the pandemic tunnel, here are the key ways businesses will make the most of their investment in cloud
What to expect on Cyber Monday during coronavirus pandemic (Shreveport Times) Cyber Monday has grown in popularity in recent years. The COVID-19 pandemic will likely have its own effect on Cyber Monday.
Cyberkriminellen keine Weihnachtsgeschenke machen (Mimikama) Leichtsinn kommt vor dem Betrug - Vorsicht beim Onlineshopping.
Top anti-Black Friday campaigns: Patagonia, Allbirds & more reject consumerism (The Drum) This year, a cohort of brands are eschewing Black Friday and rejecting the hyper-consumerism of the annual bargain bonanza to instead highlight the climate crisis and offer social commentary. Here, The Drum explores the best creative responses to the growing anti-Black Friday movement.
Cyber Attacks, Threats, and Vulnerabilities
Exclusive: Suspected North Korean hackers targeted COVID vaccine maker AstraZeneca - sources (Reuters) Suspected North Korean hackers have tried to break into the systems of British drugmaker AstraZeneca in recent weeks, two people with knowledge of the matter told Reuters, as the company races to deploy its vaccine for the COVID-19 virus.
Digitally Signed Bandook Malware Once Again Targets Multiple Sectors (The Hacker News) Digitally Signed Bandook Windows Malware Once Again Compromise High Value Targets in Multiple Sectors
Shadows From the Past Threaten Italian Enterprises (Yoroi) Introduction The modern cyber threat landscape hides nasty surprises for companies, especially for the most structured and complex companies. Many times, threat actors develop very dangerous and effective techniques using tools and technologies in a smart, unattended way. This is the case of a particular cyber criminal group operating cyber intrusion against one of the […]
Microsoft Teams: Proof of Concept Malware Attack Found In Wild (Avanan) Avanan researchers have discovered a new Microsoft Teams malware attack, representing an escalation in the type of methods used by hackers and a preview of the set of attacks to come.
Investigation with a twist: an accidental APT attack and averted data destruction (PT Security) Investigation with a twist: an accidental APT attack and averted data destruction
Zero Day: cPanel® & WHM® Vulnerability (Digital Defense) Two-Factor Authentication Bypass Flaw Could Affect Over 70 Million Domains
What is an SMB Relay Attack? (Heimdal Security Blog) An SMB Relay attack can cripple your entire corporate network. Learn more how to protect your assets against relays.
BBB Scam Alert: That Zoom invite is really a phishing scam (Better Business Bureau) The popular video conferencing platform Zoom has seen usage grow exponentially in 2020. With a huge user base to target, con artists are using old tricks in new scams to try to steal your information.
Stantinko Proxy Trojan Masquerades as Apache Servers (SecurityWeek) A threat group tracked as Stantinko was observed using a new version of a Linux proxy Trojan that poses as Apache servers to remain undetected
New Egregor Ransomware Steps into Maze Group’s Shoes (Infosecurity Magazine) Triple-digit increase in attacks since September
Sophos notifies customers of data exposure after database misconfiguration (ZDNet) Exclusive: Company says that only a small subset of customers were impacted.
A hacker is selling access to the email accounts of hundreds of C-level executives (ZDNet) Access is sold for $100 to $1500 per account, depending on the company size and exec role.
Hacker selling hundreds of CEO, CFO email passwords on dark web (The Statesman) A hacker is selling password for the Microsoft email accounts of hundreds of top-level executives of hundreds of companies on the Dark Web for nearly
Hacker publishes credentials stolen from Fortinet's FortiGate VPNs (SiliconANGLE) A hacker has published a list of credentials for nearly 50,000 Fortinet Inc. FortiGate virtual private networking systems connected to the internet that can be exploited using a known vulnerability.
Passwords exposed for almost 50,000 vulnerable Fortinet VPNs (BleepingComputer) A hacker has now leaked the credentials for almost 50,000 vulnerable Fortinet VPNs.
CISA Warns of Password Leak on Vulnerable Fortinet VPNs (Data Breach Today) CISA is warning about a possible password leak that could affect vulnerable Fortinet VPNs and lead to further exploitation. The latest agency notice comes just days
Belden Responds to Data Incident, Notifies Impacted Current and Former Employees, Business Partners (BusinessWire) Belden Responds to Data Incident
Belden Discloses Data Breach Affecting Employee, Business Information (SecurityWeek) Specialty networking solutions provider Belden has disclosed a data breach resulting in the theft of employee and business information
While Twitter was buzzing about a fake Parler data leak, a hacker says he actually breached some user data from the conservative social network (Business Insider) Hackers took data from a Parler email vendor, but the security of the platform itself is intact, the company's CEO says.
Beware! An Email Can Cause Data Breach (Analytics Insight) With the developing threat of viruses, hackers, identity theft, phishing, and spam we have an obligation to have cybersecurity in place and email security must be a priority.
Phishing Emails That Attack When You're Already Down (INKY) The pandemic has devastated individuals, families, and businesses. It’s also provided the perfect opportunity for cybercriminals to take advantage of vulnerabilities. Know the signs of pandemic phishing emails and protect your organization.
The Emerging Ransomware-As-A-Service Economy (Forbes) Ransomware operators now give affiliates a copy of the ransomware, and allow them to engage in attacks with a sizable cut of the profits.
Ransomware attack cripples Baltimore County Public Schools. No timeline for return to class. (Baltimore Sun) The Baltimore County Public Schools system was hit with a ransomware cyber attack, shutting down all network systems, officials said Wednesday.
Audit found ‘significant risks’ in Baltimore County schools’ computer network (Baltimore Sun) State auditors found “significant risks” within Baltimore County public schools’ computer network, according to a report released Tuesday, the day before a ransomware attack shut down the school system.
Baltimore County Schools Says District-Issued Chromebooks Not Impacted By Ransomware Cyber Attack (WJZ CBS) Baltimore County Public Schools said Sunday they now know that BCPS-issued Chromebooks were not impacted by the ransomware cyber attack that forced the schools to shut down Wednesday.
Ransomware Attack Targets Baltimore County Public Schools (BankInfo Security) Officials with the Baltimore County Public Schools are investigating a ransomware attack that distributed virtual learning for students this week. Now, the district
Class canceled in Baltimore County, Md., in latest school ransomware attack (StateScoop) “Looks like we’re getting our first cyber snow day,” wrote a high-school football coach in the 114,000-student school district.
Baltimore County Public Schools Closed Due To 'Ransomware Cyber Attack' (CBS) All Baltimore County Public Schools closed Wednesday after the school system was hit with a ransomware cyber attack, according to officials.
Sopra Steria cyber attack costs to hit €50 million (IT PRO) The NHS supplier fell victim to Ryuk ransomware last month
Manchester United's scouting operation thrown into chaos by cyber attack (Mirror) EXCLUSIVE: United's IT systems were crippled over a week ago by a malicious attack and investigations are ongoing to discover what, if any, sensitive material the hackers may have
Manchester United launches investigations following 'disruptive' cyber attack (CNN) Manchester United has launched investigations as the club continues to tackle a "disruptive" cyber attack.
NCSC Helping Man United Recover from Cyber-Attack (Infosecurity Magazine) NCSC working with Manchester United to “understand the impact” of last week’s attack
Manchester United email servers remain offline amid what is being called a 'ransomware' attack (Register) UK data watchdog has been told and 'forensic' probe is ongoing
Man Utd silent on cyber attack demands report (BBC Sport) Manchester United will not say if they have received ransom demands over the cyber attack on the club last week that forced them to shut down their systems.
Cyberattacks target hospitals (Arkansas Online) At lunchtime on Oct. 28, Colleen Cargill was in the cancer center at the University of Vermont Medical Center, preparing patients for their chemotherapy infusions. A new patient will sometimes be teary and frightened, but the nurses try to make it welcoming, offering trail mix and a warm blanket, a seat with a view of a garden.
Patients of a Vermont Hospital Are Left ‘in the Dark’ After a Cyberattack (New York Times) A wave of damaging attacks on hospitals upended the lives of patients with cancer and other ailments. “I have no idea what to do,” one said.
U of Vermont Medical Center continuing cyber-attack recovery (WHDH) The University of Vermont Medical Center is continuing to recover from the cyber attack late last month that crippled access to...
Fertility Clinic Admits Hackers Stole Info From Patients (The Daily Beast) U.S. Fertility, one of the country’s largest networks of clinics, announced a breach that gave hackers access to patients’ personal data, and possibly their health information.
Data breach impacts patient information at one of the largest US fertility networks (New York Post) US Fertility, one of the largest networks for fertility clinics in the country, said hackers gained patient information — including names, addresses and Social Security numbers — throug…
Highland man victim of two NHS Highland data breaches in past 18 months (Press and Journal) A Highland man has spoken of his devastation after his personal information was revealed for a second time in 18 months following the latest NHS Highland data breach.
Personal data of 16 million Brazilian COVID-19 patients exposed online (ZDNet) Among those affected by the leak are Brazil President Jair Bolsonaro, seven ministers, and 17 provincial governors.
Major sanitary data leak in Brazil: personal records of 16 million patients infected with Covid-19 exposed (MercoPress) Personal details of millions of Brazilians infected with Covid-19 have been exposed after passwords to systems from the Ministry of Health (MoH) were openly published online, it has been revealed.
Baidu Maps could have leaked details of millions of users (TechRadar) Two Baidu apps were found to be leaking user details
Banijay Confirms Internal Data Was Stolen In Cyber Attack & Warns Ex-Employees They May Be Affected (Deadline) EXCLUSIVE: Banijay, the world’s largest independent production company, has told staff that internal data was stolen after it was the victim of a cyber attack last week that could impact hund…
MasterChef, Big Brother producer hit by DoppelPaymer ransomware (BleepingComputer) French multinational production and distribution firm Banijay Group SAS was hit earlier this month by a DoppelPaymer ransomware attack and had sensitive information stolen by the ransomware operators during the incident.
Canon publicly confirms August ransomware attack and data breach (Security Affairs) Canon finally confirmed that it has suffered a ransomware attack in early August that resulted in the theft of data from its servers. Canon has finally confirmed that it was the victim of a ransomware attack in early August and that the threat actors also stole data from its servers. In August, BleepingComputer first revealed […]
Pennsylvania county pays 500K ransom to DoppelPaymer ransomware (BleepingComputer) Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend.
Incoming Texas freshmen threatened with doxxing if they join conservative campus groups (Campus Reform) The group, Autonomous Student Network, was previously banned from Twitter after releasing information belonging to Brett Kavanaugh supporters. A Texas group is threatening to release personal information of incoming freshmen who plan to join conservative student groups.
GoDaddy scam shows how vishing is more deceptive than an email phish (SC Media) Unlike with an email-based phish where an employee might be observant enough spot a telltale red flag, such as multiple typos or the wrong sender address, there's little time to key in on suspicious circumstances in the midst of a dialogue.
Instagram users urged to watch out for password reset scam - how to spot it (Mirror) Several Instagram users have reported receiving a reset password text, claiming to be from Instagram this week
AWS outage hits company's own services (Computing) Sites like The Washington Post and Roku, as well as Amazon’s own services, were affected
Prolonged AWS outage has taken down a big chunk of the internet, recovery may take ‘a few hours’ (The Verge) The issue seems fairly widespread.
5 Signs Someone Might be Taking Advantage of Your Security Goodness (Dark Reading) Not everyone in a security department is acting in good faith, and they'll do what they can to bypass those who do. Here's how to spot them.
Security Patches, Mitigations, and Software Updates
2FA Bypass Vulnerability Patched in cPanel & WebHost Manager (SecurityWeek) cPanel last week released patches to address three vulnerabilities in cPanel & WebHost Manager (WHM), including one leading to two-factor authentication (2FA) bypass.
0day release a micro-patch for Windows 7 zero-day vulnerability (MSPoweruser) Unless you have an Extended Security Update contract most Windows 7 users are no longer receiving patches from Microsoft. Unfortunately, nearly 1 in 4 Windows users are still running Windows 7, and a recently discovered local privilege escalation vulnerability (which also affects Windows Server 2008 R) means your installation is no longer secure. In short, […]
Drupal issues emergency fix for critical bug with known exploits (BleepingComputer) Drupal has released emergency security updates to address a critical vulnerability with known exploits that could allow for arbitrary PHP code execution on some CMS versions.
VMware patches security flaws leading to RCE in SD-WAN Orchestrator (The Daily Swig) Research concludes four-part series unearthing RCE chains in ‘single point of failure’ SD-WAN products
UK Spies Urge Firms to Patch MobileIron Bug ASAP (Infosecurity Magazine) Suspected Chinese state actors already exploiting CVE in the wild
Cyber Trends
Quarterly Financial Crime Report - Q4 2020 Edition (Feedzai) The Quarterly Financial Crime Report Q4 2020, reports on fraud trends as captured by Feedzai’s exclusive data from over 4 billion global transactions.
The Widening Security Holes in Our ‘Datasphere’ (The Crime Report) Cybercrime is predicted to cost the world $10.5 trillion annually by 2025. That would represent the greatest transfer of economic wealth in history, writes a computer security expert.
Is Africa a Goldmine of Cybersecurity Opportunities? (IT News Africa) Africa presents a wealth of opportunities for startups and innovators looking to address cybersecurity risk across the increasingly digitised continent – according to Anna Collard, SVP of Content Strategy & Evangelist for KnowBe4 Africa. Collard goes on to say that cybersecurity presents an incredible market opportunity in Africa, with the number of Internet users soaring […]
()
Clario Research Reveals Consumers Surrender To Cybercriminals As The US Government Fails To Support Victims (PR Newswire) A recently released report from Clario and Demos shows that people in the US may be surrendering to cybercriminals and lack confidence in the...
The Great Cyber Surrender: How police and governments abandon cybercrime victims (Demos) Demos is Britain’s leading cross-party think-tank. We produce original research, publish innovative thinkers and host thought-provoking events.
China rises as world's data superpower as internet fractures (Nikkei Asia) Asian 'data sphere' gives the country twice the information flows of the US
Top tips ahead of National Computer Security Day (Digital Journal) Ahead of National Security Day in the U.S., a new poll finds that most citizens would agree that the growing amount of data, apps and devices makes it high time to create a new, more secure and controlled Internet.
Marketplace
Banking Cybersecurity Provider DefenseStorm Raises $19 Million (SecurityWeek) Banking cybersecurity and cybercompliance solutions provider DefenseStorm on Tuesday announced that it raised $12 million in Series B funding, along with $7 million in growth capital financing
Tehtris Raises €20M in Series A Funding (FinSMEs) Tehtris, a Paris, France-based provider of cybersecurity solutions, raised €20M in Series A funding
Howden buys cyber and technology-focused broker (Insurance Times) The company says the purchase 'supercharges our growth in this important market'
Merger creates fraud protection company (IT-Online) Customer Fraud Solutions, a fraud and risk management company, has converged with MoData to create MoData Digital Services (MDS). MoData Digital Services offers customer-friendly protection against fraud and other security threats — a necessity during a period where digital adoption is on the rise, as more companies are at risk of fraud. As digital adoption […]
IBM Acquires Instana to Advance AI, Hybrid Cloud Landscape (HITInfrastructure) IBM acquires Instana to help expand its hybrid cloud landscape and overcome the challenges of managing application performance across two to 15 clouds.
RDeYe, go-to cyber-intelligence integrator in South America (Intelligence Online) In just a few years, former IDF CIO Ram Dor's firm has carved out a significant market share in cyber consulting to Latin American countries.
Exclusive: Foxconn to shift some Apple production to Vietnam to minimise China risk (Reuters) Foxconn is moving some iPad and MacBook assembly to Vietnam from China at the request of Apple Inc, said a person with knowledge of the plan, as the U.S. firm diversifies production to minimise the impact of a Sino-U.S. trade war.
Second Swiss firm allegedly sold encrypted spying devices (SWI swissinfo.ch) A second Swiss company beyond Crypto AG allegedly manufactured manipulated devices used for spying by foreign intelligence.
Products, Services, and Solutions
Group-IB Brings New Type of Solution for Threat Hunting and Attack Prevention to Market (PR Newswire) Group-IB, a global threat hunting and intelligence company, has revealed the results of its years-long development of proprietary high-tech...
Group-IB launches new threat hunting and attack prevention solution (Help Net Security) Group-IB launches the Threat Intelligence & Attribution solution, designed to create and customize a cyber threat map for a specific company.
F-Secure updates TOTAL cyber security package. (TechBuzzIreland) Cyber security provider F-Secure has released the latest version of its premium cyber security service TOTAL. TOTAL has undergone updates and improvements to offer users the very best in online pro…
Kaspersky ICS Cert Becomes New Member of the Global Forum of Incident Response and Security Teams (First) (Al Bawaba) After rigorous assessment, Kaspersky’s Industrial Systems Emergency Response Team (ICS CERT) has officially joined FIRST - the global Forum of Incident
Palo Alto Networks launches enterprise data loss prevention service (Security Brief) As a single centralised cloud service, Palo Alto Networks Enterprise DLP can be deployed across an entire large enterprise in minutes with no need for additional infrastructure.
Palo Alto seeks to protect 5G-enabled PHL enterprises from threats (Business World) American multinational cybersecurity company Palo Alto Networks, Inc. is seeking to work with Philippine businesses for protection against cyber threats as they adopt 5G technology to accelerate their digital transformation journey.
Mitsubishi Electric and Radiflow cooperation enhances industrial cyber security (Design Product & Applications) Mitsubishi Electric has announced a new collaboration with Radiflow, a provider of OT cyber security solutions for industrial automation networks.
SecZetta and Prevalent Announce Partnership Aimed at Strengthening Third-Party Identity Risk Management (SecZetta) SecZetta and Prevalent announce partnership.
Milton Security Releases Map 2.0 to Detect and Mitigate Ransomware Attacks (The Press) Milton Security, a global leader in Cybersecurity who offers true Extended Detection & Response (XDR) and Managed Detection & Response (MDR) today announced
Technologies, Techniques, and Standards
Good backups are not a cure-all for ransomware attacks, say infosec pros (SC Media) In a webinar earlier this month, 78 percent of surveyed attendees said backups won’t save companies from the aftermath of a ransomware attack.
Organizations risk failing cyber security assessments on home networks protection (Continuity Central) With various levels of lockdowns in place in many European countries, are smaller companies fighting a losing battle when it comes to renewing cyber security certification? Richard Hughes believes this is the case…
ITU completes evaluation for global affirmation of IMT-2020 technologies (ITU) 5G will be the backbone of the global digital economy
ESG Report - Stopping Phishing Attacks Closing the Mobile Gap (INKY) Mobile devices have become a critical tool for the modern worker. Most mobile devices lack many of the most basic security controls provided in desktop email clients, making mobile devices more prone to successful email phishing attacks.
Soldiers train on cyber defense (Manila Bulletin) The Armed Forces of the Philippines is continuously enhancing its cyber defense capabilities as threat groups and hostile forces take advantage of cyber space, a military official said Saturday.
Design and Innovation
Pentagon innovates new weapons to 'fight through' next-gen cyberattacks (Fox News) The flight trajectory of ICBMs, targeting accuracy of an Abrams tank 120mm cannon, sharing of enemy location intelligence in real-time or the decreasing of critical sensor-to-shooter times for small arms, missile attacks, bomber strikes and other weapons systems … increasingly rely … on computer systems.
Academia
University of Tulsa helping lead project to build up nation's cybersecurity workforce (Tulsa World) The effort, under the oversight of the federal Department of Homeland Security’s Critical Infrastructure Resilience Institute, is being funded with a $2 million grant from the DHS science and technology
Failing grades spike in Virginia’s largest school system as online learning gap emerges nationwide (Washington Post) A report on student grades from one of the nation’s largest school districts offers some of the first concrete evidence that online learning is forcing a striking drop in students’ academic performance, and that the most vulnerable students — children with disabilities and English-language learners — are suffering the most.
Legislation, Policy, and Regulation
The Radicalization of Bangladeshi Cyberspace (Foreign Policy) After the pandemic pushed people online, Islamist extremist groups reached an even wider audience. But the authorities are fighting back.
India, Sri Lanka, Maldives agree to improve intel sharing (The Hindu) Meet seeks to promote cooperation in Indian Ocean Region, with focus on maritime security.
North Korea’s Kim vents fury as pressure mounts over virus and economy, South says (Washington Post) Under pressure from the coronavirus pandemic and an ailing economy, North Korean leader Kim Jong Un is responding with fury, allowing at least two executions in the past three months, South Korea's intelligence agency told a parliamentary briefing on Friday.
India’s decision to ban apps based on ‘National security excuse’, violates WTO rules, says China (City Today) India banned 43 of the apps on Tuesday
Critics say France's security bill will make it a democratic outlier - CNN Video (Azad Hind News) The French National Assembly have voted on a “global security bill” that human rights advocates say will make it harder to hold police to account. The most controversial article forbids the publication of images “that allow the identification of a law enforcement officer, with the intent to cause them harm.” The law will not take […]
Regulating Big Data – European Commission Introduces Data Governance Bill (cyber/data/privacy insights) The European Commission published on November 25, 2020 a proposal for a Regulation on European Data Governance, also dubbed the Data Governance Act. It is one of several incoming pieces of legislation proposed at the EU level (including the Digital Services Act, expected in early December) in order
Dutch Group Calls for Scrutiny of Palantir Over Opaque Partnerships With EU Law Enforcement Agencies, Possible Privacy Violations (CPO Magazine) SOMI contends that Palantir could be participating in both knowing and unknowing privacy violations based on its involvement with 'predictive policing' technologies.
Forcepoint official welcomes PM's decision on cyber-security role (iTWire) A senior official from the Australian arm of Forcepoint, an American multinational security software developer, has welcomed the news that Australian Prime Minister Scott Morrison will create a cyber security role in his cabinet when he carries out a reshuffle next month. Nick Savvides, Forcepoint’s...
Huawei: UK bans new 5G network equipment from September (the Guardian) Digital secretary says he is setting ‘clear path for complete removal of high risk vendors’ from 5G networks
UK bans installation of Huawei 5G telecom gear from Sep 2021 (The Siasat Daily) London, Nov 30 : The UK government announced on Monday that the Chinese telecom giant Huawei will not be able to install its 5G equipments in the country
UK telecommunications security bill set to lock out high risk service providers in wake of Huawei row (Jurist) The UK government Tuesday introduced a new Telecommunications (Security) Bill that aims to give it power to govern the activities of providers of public electronic communications network or/and public...
China threatens economic pain for UK over Huawei crackdown as Trump exit looms (Washington Examiner) British plans to crack down on the use of Chinese telecommunications giant Huawei and other “high-risk” equipment run the risk of economic retaliation, according to senior Chinese officials.
Filling the 5G gap left by the Huawei ban is going to be expensive (ZDNet) The UK government has pledged £250 million to diversify the country's 5G supply chain in the wake of a ban on Huawei's equipment.
UK PM's shambolic broadband U-turn shows the cost of banning Huawei (CGTN) What has Britain actually gained by making such a costly decision to exclude Huawei?
AG Bill Barr Gives Year In Review On The DOJ’s China Initiative (Corridor News) On the two-year anniversary of the Attorney General’s China Initiative, the Department continues its
The emerging cybersecurity headaches awaiting Biden (Axios) Biden's advisers will have to wrestle with the ascendancy of new adversaries and cyberpowers.
Top Contenders for Biden’s Cabinet Draw Fire From All Sides (New York Times) Lists of names of those the president-elect is said to be considering are flying across Washington, prompting lawmakers and interest groups to raise questions about some top contenders.
Ex-cyber official Chris Krebs gives first interview since Trump fired him (New York Post) Former US cybersecurity official Chris Krebs has given his first on-record interview since being fired by President Trump for calling the Nov. 3 election the “most secure” in US history…
Krebs says Trump firing by tweet was 'not how I wanted to go out' (CNN) Christopher Krebs, the former top cybersecurity official, said President Donald Trump's decision to unceremoniously fire him via tweet last week was "not how I wanted to go out."
It's time to secure our digital sidewalks (TheHill) When we invest in crossing the digital divide, why not also talk about how cyber threats can impact our most at-risk populations?
Litigation, Investigation, and Law Enforcement
The Supreme Court will hear its first big CFAA case (TechCrunch) The court's decision could fundamentally change how millions use their computers and access online services.
TikTok Stars Proved Key in Strategy to Fight U.S. Ban (Wall Street Journal) A lawsuit by popular users looked like a grass-roots effort, but the legal action was orchestrated behind the scenes by TikTok and parent company ByteDance, according to people familiar with the effort.
Top cybersecurity official fired by Trump says allegations of foreign interference in election ‘farcical’ (The Independent) Ousted cybersecurity official speaks for first time since firing, says president’s fraud claims without basis
Cyber security chief fired by Trump rejects election foreign meddling claims, says "the proof is in the ballots" (Newsweek) Christopher Krebs, ex-head of the Cybersecurity and Infrastructure Security Agency told CBS "all votes in the United States of America are counted in the United States of America."
Fired director of U.S. cyber agency Chris Krebs explains why President Trump's claims of election interference are false (CBS News) Chris Krebs, a lifelong Republican, was put in charge of the agency handling election security by President Trump two years ago. When Krebs said the election was the country's most secure ever, Mr. Trump fired him. Now, Krebs speaks to Scott Pelley.
The Cybersecurity 202: Chris Krebs fiercely defends election while President Trump’s attacks on it get weirder (Washington Post) Christopher Krebs last night offered a cool, rational defense of the election’s integrity in his first interview since President Trump fired him as the nation’s top election security official.
Testimony of Fraud-A Nation Deceived. (Tony Rehor) This is Documented testimony from DR. NAVID KESHAVARZ-NIA-This is compelling! I, Navid Keshavarz-Nia, declare as follows: 1. I am 59 years old and have
Gabbard calling on President Trump to pardon Snowden, Assange (KITV) Those she wants pardoned -- Edward Snowden, the man who leaked classified information from the National Security Agency in 2013, and Julian Assange of Wikileaks.
Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members (Group-IB) Group-IB, a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB. A cross-border anti-cybercrime effort that involved INTERPOL’s Cybercrime Directorate, Nigerian Police Force, and Group-IB’s APAC Cyber Investigations Team has resulted in the arrest of three individuals in Lagos.
Report Claims CIA Controlled Second Swiss Encryption Firm (SecurityWeek) Swiss politicians have voiced outrage and demanded an investigation after revelations that a second Swiss encryption company was allegedly used by the CIA and its German counterpart to spy on governments worldwide.
Major BEC Phishing Ring Cracked Open with 3 Arrests (Threatpost) Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares.
A colossus with feet of clay (The Mail & Guardian) South Africa is disproportionately targeted by cybercriminals. Digital attacks call for digital solutions and technology is a the prime weapon in this fight
Security pros fear prosecution under outdated UK laws (ComputerWeekly.com) CyberUp, a group of campaigners who want to reform the Computer Misuse Act, finds 80% of security professionals are concerned that they may be prosecuted just for doing their jobs.
Arrow denies ties to Chinese army as US considers sanctions (CRN) One of Arrow's subsidiaries has appeared in a draft document of firms facing scrutiny by the US government
Coalition Against Stalkerware’s One Year Anniversary Recognizes Milestones, New Members and Celebrates UN’s International Day for the Elimination of Violence Against Women (Bay Town Sun) Today, the UN’s International Day for the Elimination of Violence Against Women also coincides closely with the Coalition Against Stalkerware’s one year anniversary.
Quick Heal helps a retail shop in recovering stolen desktops (InfotechLead) Quick Heal has explained how it helped Hari Preet Fashion, a garment store in Surat, in the recovery of stolen desktops and other items in Gujarat. A group of thieves barged into the retail shop and stole a couple of items, including two desktops, an embroidery machine, garments, a CCTV unit and an LED, in […]
The secret of NSO’s success in Mexico (Haaretz) The hunt for El Chapo, widespread corruption and Israeli cyber firm NSO’s dealings in Mexico reveal dark truth about infamous phone-hacking software Pegasus: ‘The greater the violence, the greater the business opportunities’
Trump administration put Canada in a 'very difficult situation,' Huawei VP says (CBC) Almost two years after Huawei CFO Meng Wanzhou was arrested in Vancouver at the request of U.S. authorities, the Chinese tech giant says it acknowledges Canada is under pressure from its southern neighbour to ban Huawei from its involvement in Canada’s 5G networks.
Chinese police have seized $4.2 billion cryptos from PlusToken Ponzi crackdown (The Block) A Chinese court's final judgment on the case has detailed the breakdown for the first time of all the crypto assets seized by police.
3 men arrested in connection with data hack involving 360,000 Quebec teachers (CBC) The suspects are each facing charges of fraud, identity theft, possession of counterfeit documents, unauthorized use of credit card data, and unauthorized use of a computer.
Google security researcher banned from Call of Duty: Modern Warfare after ‘reverse engineering networking code’ (The Daily Swig) Ned Williamson urges video game developers to accommodate legitimate research