the near future: the latest about the next few months.
Users will revolt over smart device privacy says WatchGuard (PCR) 2021 will mark a tipping point when consumers will begin to fully-understand and revolt against the
Threat Spotlight: When bad bots attack (Barracuda Blog) Holiday shopping season makes e-commerce sites an attractive target for cybercriminals using bots to run distributed denial of service (DDoS) attacks, make fraudulent purchases, and scan for vulnerabilities they can exploit.
New study reveals how holiday shopping and spending has changed in 2020 (Travis Credit Union) Most years, holiday shopping and festivities in November and December are accompanied by big sales and large crowds. But as the 2020 holidays approach and COVID-19 looms, many people have had to re-evaluate how much money they’ll spend—and where they’ll spend it
Cyber Attacks, Threats, and Vulnerabilities
Chinese step up attempts to influence Biden team - US official (BBC News) A US intelligence official says Beijing is targeting people close to the incoming US president.
China aims its influence operations at incoming Biden administration, top intel official says (CyberScoop) China has increased its influence operations targeting incoming Biden administration personnel and their associates since the presidential election, the top U.S. counterintelligence official said Wednesday.
()
IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain (Security Intelligence) IBM X-Force recently uncovered a global phishing campaign targeting organizations associated with the COVID-19 vaccine cold chain.
KnowBe4 Warns of Potential Phishing Attacks Exploiting COVID-19 Vaccine Progress (KnowBe4) KnowBe4 Warns of Potential Phishing Attacks Exploiting COVID-19 Vaccine Progress
TrickBot adds firmware tool that researchers say could lead to 'bricking' devices (CyberScoop) The malicious software known as TrickBot has morphed again, this time with a module that probes booting process firmware for vulnerabilities, possibly setting the stage for attacks that could ultimately destroy devices, researchers say...
The Internet’s Most Notorious Botnet Has an Alarming New Trick (Wired) The hackers behind TrickBot have begun probing victim PCs for vulnerable firmware, which would let them persist on devices undetected.
TrickBot Now Offers 'TrickBoot': Persist, Brick, Profit (Eclypsium) Researchers discover a new module in the TrickBot toolset aimed at detecting UEFI / BIOS firmware vulnerabilities
Hackers steal credentials from LSU amid global phishing campaign (EdScoop) The attacks used false university domains and focused on credential harvesting and financial theft.
Mind the gap: CERT report reveals security holes across Polish education sector (The Daily Swig) Concerns raised about the safety of student and staff data
Three Estonian ministries had significant data breaches in November (Estonian World) According to the Estonian Information System Authority – also known by its Estonian acronym, RIA – three Estonian ministries reported cybersecurity incidents in November that resulted in significant breaches of personal data.
SEO Scammers Distribute Malware via WordPress Sites: Akamai (Toolbox) Cybercriminals are always looking for new ways to launch attacks and with more businesses going online, WordPress sites have become a potential target for a lucrative payoff. Akamai security researchers discovered hackers are setting up fake e-commerce digital storefronts atop legitimate WordPress sites to introduce malware, which also manipulates the search engine rankings.
Account Hijacking Site OGUsers Hacked, Again (KrebsOnSecurity) For at least the third time in its existence, OGUsers -- a forum overrun with people looking to buy, sell and trade access to compromised social media accounts -- has been hacked.
HAMC experiences ransomware data breach (McDonough Voice) The McDonough County Housing Authority had a ransomware data breach on Nov. 17. The HAMC will also be voting on leases at its December meeting.
AspenPointe breach compromises data of 295,617 patients (teiss) AspenPointe has said it suffered a data breach in September that resulted in the loss of personal and medical information of 295,617 patients.
()
Stuller headquarters hit by cyber attack; customer information not compromised (The Advocate) Stuller was hit with a cyber attack on its system early Saturday that has created a variety of problems for the company, one official said.
Absa says credit analyst sold personal info of 200,000 clients (Business Insider) The person had access to the group’s risk modelling processes.
‘Business as usual’: Despite some problems, Baltimore County schools resume online lessons after ransomware attack (Baltimore Sun) “Despite a few hiccups everything has gone relatively smoothly,” said Charles Herndon, a school system spokesman. “We are hearing good reports from the teachers and principals.”
Baltimore County Students, Staff Rush To Make Sure There Are No Lingering Ransomware Issues On Devices After Cyberattack (WJZ 13 CBS Local) Baltimore County Public Schools officials say virtual learning will resume Wednesday after a ransomware cyberattack last week.
Understanding Business Email Compromise: An organisation's most expensive enemy (Computing) Online fraud in the business world is growing more sophisticated - and expensive.
How Cybercriminals Answer "What do you do for a living?" (Digital Shadows) Have you ever wondered how cybercriminals explain their mysterious means of income to others?
Cyber Trends
Open source software security vulnerabilities exist for over four years before detection (ZDNet) GitHub research suggests there is a need to reduce the time between bug detection and fixes.
Twitter Employees and Zoom Users Top Dashlane's List Of 2020's "Worst Password Offenders" (PR Newswire) Dashlane today announced its fifth annual list of the year's "Worst Password Offenders." As our lives have migrated almost entirely online due...
Coronavirus Pandemic Accelerated Cybersecurity Awareness at Mastercard, Rockwell Automation (Wall Street Journal) Businesses are raising awareness of cybersecurity threats and staying in closer touch with employees as they try to defend networks supporting larger work-from-home populations since the Covid-19 outbreak began.
Data Breach Report - the world's biggest data breaches (Uswitch) The Uswitch Data Breach Report highlights the largest data breaches, most commonly stolen data, and the most affected companies from an increase in cyberattacks.
Marketplace
DataTribe Announces Third Annual Cybersecurity Start-Up Challenge Finalists (StreetInsider.com) oak9, Scanta and SightGain Awarded Finalists. DataTribe, a global cyber foundry that invests in and co-builds next-generation cybersecurity and data science companies, announced today the finalists of its third annual DataTribe Challenge. The competition is poised to identify seed stage start-ups with a vision to disrupt cybersecurity and data science.
NetSPI Acquires Silent Break Security (Southernminn.com) NetSPI, the leader in enterprise security testing and vulnerability management, today announced its acquisition of Silent Break Security, a Utah-based security testing firm which
CIT Invests in CySecure to Advance the Next Generation of Identity and Authentication Solutions (GlobeNewswire) PKI based verification and Self-Sovereign Identity solutions eliminate data breach liability for businesses and allow end users to maintain possession and control of their identity
Security Industry Association Strengthens Identity Expertise through Addition of IdTA Members (Security Industry Association) SIA announces that Identification Technology Association members will guide new SIA Identity and Technology Advisory Board as IdTA ceases operations.
()
Centrify Momentum Fueled by Digital Transformation Including Secure Cloud and DevOps Acceleration (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today announced significant sales momentum across all regions and industries as organizations seek to secure privileged access to an increasingly decentralized modern attack surface driven by digital transformation.
Mimecast Appoints New CIO to Lead Digital Transformation (GlobeNewswire) Shahriar Rafimayeri will Focus on Digital Transformation to Further Elevate Customer, Partner and Employee Experience
Cyble Expands Technical Leadership (Outlook India) usiness Wire India Cyble, a fast-emerging Cyber Threat Intelligence Service & Solutions provider, today announced that it has appointed Arnab Chakraverty as Director, Products.
Two Tech Industry Titans Join Salient Systems Board of Directors (The Argus-Press) Salient Systems has appointed Tom Bogan and Lane Bess to its Board of Directors. Both are titans in enterprise software and bring a wealth of experience and knowledge to guide Salient’s next stage of growth.
Turing Award Winner Dr. Whitfield Diffie, Founder of Asymmetric Encryption, Joins Findora (PR Newswire) Recently, Findora Advanced Research Center welcomed Dr. Whitfield Diffie, one of the best-known modern cryptography gurus in the world, to be...
Confiant Hires PCH exec Steve Rubinstein for COO role (PR Newswire) First-to-market creative verification, ad blocking and malvertising detection solution Confiant, has hired Steve Rubinstein, to lead operations...
Keeper Bolsters its Executive Team with Two Cybersecurity Industry Veterans, Fueling its Growth Plans for 2021 (MDJOnline.com) Keeper Security, provider of the highly-rated cybersecurity platform for preventing password-related data breaches and cyberthreats, announced today the appointment of two key additions to
Products, Services, and Solutions
Lucideus Launches SAFE Me, Redefines The Way Consumers Secure And Protect Their Digital Lives (Aithority) A one of its kind mobile application, SAFE Me empowers consumers to proactively defend against a growing number of cyber threats
Cyber Security Cloud Launches WafCharm on Microsoft Azure (Cyber Security Cloud , Inc.) AI automation of WAF rules now available to 60% of the world's cloud users Cyber Security Cloud, Inc. (CSC) is pleased to announce the availability of WafCharm on Microsoft Azure. Already availab
Aon Launches Digital Cyber Insurance for Small and Middle Market Businesses (PR Newswire) Aon plc (NYSE: AON), a leading global professional services firm providing a broad range of risk, retirement and health solutions, today...
Bitglass Achieves FedRAMP Certification for Its Total Cloud Security Platform (BusinessWire) Bitglass, the Total Cloud Security Company, has achieved FedRAMP Authorization by the Federal Risk and Authorization Management Program (FedRAMP). Fed
Protegrity Partners With Servian, Expanding Global Reach in Australia and New Zealand (BusinessWire) Protegrity, the data-security solutions provider, has partnered with Servian, one of Australia’s leading IT consultancies, to deliver effective data p
Skyflow Joins Financial Data Exchange to Transform Secure Sharing of Banking Data (BusinessWire) Skyflow, the leader in protecting privacy for enterprises, today announced it is joining the Financial Data Exchange (FDX) to help speed the financial
Lumen and Itential Team Up to Offer Automation Through Lumen Network Consulting Services (Itential) Lumen announced today it’s teaming with Itential®, the leader in intelligent automation for multi-domain networks, to offer their Automation Platform as part of Lumen Network Consulting Services.
Hillstone Networks Unleashes Network Security OS Upgrades with Future-Proof Platform (BusinessWire) Hillstone Networks, a leading provider of Enterprise Network Security and Risk Management solutions, announces a major upgrade in its flagship operati
Protegrity Partners With Servian, Expanding Global Reach in Australia and New Zealand (Odessa American) Protegrity, the data-security solutions provider, has partnered with Servian, one of Australia’s leading IT consultancies, to deliver effective data protection to companies across Australia and New Zealand (ANZ) that are implementing AI, analytics, customer engagement, and cloud solutions.
FireMon Partners with Zscaler to Ensure Security and Compliance across the Entire Hybrid Network (FireMon) As enterprises move to hybrid-cloud networks, they need more visibility than ever. But, despite the compelling business case of cloud-first technologies like Secure Access Service Edge (SASE), technology leaders often worry about maintaining visibility and control across an increasingly complex hybrid network. Through its new partnership with Zscaler, FireMon has responded to this need by Read more...
IRI Upgrades Data Masking Software for DBs, Files, and Big Data Streams (PR Newswire) Innovative Routines International (IRI), Inc., a leader in big data management and data-centric security, has announced major new versions of...
VergX Expands Relationship with Versa Networks to Deliver Enhanced SASE and Secure SD-WAN Solutions (PR Newswire) VergX, a leading software defined, wide area network (SD-WAN) and security service provider, today announced it has expanded its strategic...
PwC boosts cybersecurity offering with Palo Alto Networks partnership (Silicon Republic) PwC Ireland said its partnership with Palo Alto Networks will help relieve the day-to-day burden of security operations for its clients.
IBM Supports its Cloud Services with Quantum-Safe Cryptography Support (Database Trends and Applications) IBM is releasing a series of cloud services and technologies designed to help clients maintain the highest available level of cryptographic key encryption protection to help protect existing data prepare for future threats in the cloud. Pioneered by IBM Research scientists, the company is now offering quantum-safe cryptography support for key management and application transactions in IBM Cloud, making it the industry's most holistic quantum-safe cryptography approach to securing data available today, according to the vendor.
Lifars Launches New Hackbit Solution to Expedite Cyber Penetration Tes (PRWeb) LIFARS LLC, a leader in cybersecurity services, including incident response, digital forensics, ransomware mitigation and cyber resiliency services, announced t
Platform9 and MayaData announce partnership to optimize high-performance workload delivery with managed Kubernetes (PR Newswire) MayaData and Platform9 today announced a collaboration for the deployment and operation of performance-sensitive stateful workloads on...
New WSO2 Identity Server Release Helps Speed the Delivery of Customer IAM-Powered Applications (GlobeNewswire) WSO2 Identity Server increases ease of use with new UI, SDKs and group role assignments; enhances security via new default symmetric key encryption for sensitive data and cross-origin resource sharing
Technologies, Techniques, and Standards
()
The U.S. Government is Creating Security Standards for IoT Devices (Nozomi) A new security bill is awaiting signature by President Trump. It directs the National Institute of Standards and Technology (NIST) to create minimum cybersecurity standards for IoT devices owned or controlled by the U.S. government.
NERC expands IT-focused cybersecurity program as hackers actively target grid operations tech (Utility Dive) Previously focused on the IT-side of utility operations, the Cybersecurity Risk Information Sharing Program will now include two pilots scanning for threats to operational technologies.
Why Data Privacy Is Crucial to Fighting Disinformation (Defense One) Information collected as we go about our daily lives can be weaponized into influence operations that are harder to detect.
New internet browsing tools bolster DoD cybersecurity (C4ISRNET) DISA's Cloud Based Internet Isolation tool is making telework safer from cyber threats.
Council Post: A Guide To Digital Privacy In The Era Of Covid-19 (Forbes) In the new world of remote work, privacy must become our No. 1 priority.
The challenges of keeping a strong cloud security posture (Help Net Security) Badri Raghunathan, Director of Product Management for Container and Serverless Security at Qualys, talks about strong cloud security posture.
Practical Guidance on Protecting Trade Secrets While Working Remotely (Entrepreneur) These intellectual property lawyers explain best practices you can use to keep your trade secrets secret while you and your employees work outside the office.
Unilever Focuses on Factory Cybersecurity as Pandemic Sparks Run on Consumer Staples (Wall Street Journal) To identify areas that are critical to its cybersecurity efforts, Unilever takes a simple approach.
Design and Innovation
DISA Puts Trust in Zero Trust With New Strategy, Testing Lab (Breaking Defense) “Zero Trust [is] where we see a lot of departmental capabilities moving over the next 12 to 18 months,” said John Hale, chief of cloud services at DISA
Jim Whitehurst touts IBM's new quantum security, 'choice' in cloud (WRAL TechWire) IBM President Jim Whitehurst went on national TV Monday to tout the release of new products designed to protect data from the threat of quantum computing hackers and Big Blue's advantage of "
Legislation, Policy, and Regulation
U.S. Tech Giants Face Tighter Regulation in Europe (Wall Street Journal) The European Union plans to introduce in coming weeks new proposals aimed at changing behavior—and in some cases, business models—at large online platforms, reasserting the bloc’s role as global tech cop.
Nigeria: Addressing Emerging Security Threats of Cyberattacks (allAfrica.com) Undeniably, cyber threats such as cyber terrorism, espionage, theft and Distributed Denial of Service against persons, businesses or critical national infrastructure is detrimental to the internal security of a nation. To address these threats and its attendant consequences, the Nigerian Army recently held an inter-agency workshop on how to mitigate these vulnerabilities through cyber operations known as cyber warfare, writes Chiemelie Ezeobi
President Trump’s Legacy on Cyberspace Policy (Council on Foreign Relations) President Trump’s legacy on cyberspace policy has been consequential but not transformative, an unsurprising outcome for a one-term president.
Trump threatens to veto major defense bill unless Congress repeals Section 230, a legal shield for tech giants (Washington Post) President Trump on Tuesday threatened to veto an annual defense bill authorizing nearly $1 trillion in military spending unless Congress opens the door for Facebook, Twitter and other social media sites to be held legally liable for the way they police their platforms.
Why the Biden administration needs a National Cyber Director more than ever (CyberScoop) As the Biden-Harris administration thinks about cyber appointments and cyber strategy for the first 100 days of the administration, appointing a National Cyber Director role requiring Senate confirmation is critical...
New DoD concept meant to govern cyber investment moves (Federal News Network) The Defense Department has established a concept it calls the Joint Cyber Warfighting Architecture. It’s supposed to govern investment decisions and make sure systems across the military services work together.
Most agencies still on their own to fill cyber talent gaps, solarium says (Federal News Network) As the definition of a job in the field continues to grow and evolve, agencies must get creative in how they’re recruiting new cyber talent.
Prepping the cyber workforce of the future (FCW) Big picture skills like digital literacy and critical thinking are more important to building a public-sector cybersecurity workforce than small gains in federal hiring procedure, experts say.
()
Democrats’ Unease Mounts as Biden Considers a CIA Director (Wall Street Journal) Michael Morell, a leading candidate for the job, faces criticism for his defense of the spy agency’s interrogation tactics after the Sept. 11, 2001, terrorist attacks.
Litigation, Investigation, and Law Enforcement
More than 1,000 visiting researchers affiliated with the Chinese military fled the United States this summer, Justice Department says (Washington Post) Following an FBI investigation this summer, more than 1,000 researchers who had hidden their affiliation with the Chinese military fled the United States, the Justice Department said Wednesday.
The Big CFAA Questions High Court Is Considering (Law360) The U.S. Supreme Court heard oral arguments Monday in Van Buren v. U.S., a case that will clarify the scope and application of the Computer Fraud and Abuse Act, and could affect any company that provides or limits data access to employees or insiders, say Mark Krotoski and Jonathan Justl at Morgan Lewis.
Google illegally spied on workers before firing them, US labor board alleges (The Verge) Laurence Berland and Kathryn Spiers were fired in the wake of employee organizing efforts. Now, the NLRB says the terminations violated labor law.
Twitter Data-Breach Decision Coming Soon, Privacy Watchdog Says (Wall Street Journal) The ruling in the case of a data breach that Twitter disclosed in January 2019 will include a fine, the leader of Ireland’s data protection office said.
Trump fired me for saying this, but I’ll say it again: The election wasn’t rigged (Washington Post) On Nov. 17, I was dismissed as director of the Cybersecurity and Infrastructure Security Agency, a Senate-confirmed post, in a tweet from President Trump after my team and other election security experts rebutted claims of hacking in the 2020 election.
()
()
The Cybersecurity 202: Violent threats only make elections more vulnerable, experts fear (Washington Post) A volley of violent threats against election workers will only make it harder to administer elections safely and securely in the future, experts fear.
DOJ, Google Sent 'Back To The Drawing Board' On Secret Info (Law360) Google and the U.S. Department of Justice must try again to jointly craft a protective order governing the agency's antitrust suit against the company after a D.C. federal judge on Wednesday found that the DOJ's proffered order was too broad and made it extremely difficult for in-house corporate counsel to participate in the case.
9th Circ. Affirms Qatar's Immunity From Hacking Claims (Law360) The Ninth Circuit ruled Wednesday that Qatar is immune to a top Republican fundraiser's lawsuit claiming it hacked his email and leaked documents in a smear campaign after he said the country supported terrorism, finding no sovereign immunity exception applied.
Overcoming Immunity Of Foreign Gov't Cyberattack Sponsors (Law360) To combat the emerging threat of foreign state-sponsored cyberattacks on U.S. businesses and citizens, litigants need to creatively argue for exceptions to immunity under the Foreign Sovereign Immunities Act for foreign governments, say Jerry Goldman and Bruce Strong at Anderson Kill.
Vaccine warning (Professional Security) Interpol cyber-attack vaccine warning COVID-19
Taiwan is crucial to global fight against cybercrime (Korea Times) Taiwan is crucial to global fight against cybercrime
'Brazen' JPMorgan Hacker Deserves Up To 19 Years, Feds Say (Law360) A "brazen and prolific computer hacker" from Russia should be sentenced to 15 to 19 years behind bars for his part in a gargantuan hacking and fraud scheme that victimized over 80 million JPMorgan Chase & Co. customers, New York federal prosecutors said Tuesday.
Dell customer seeks compensation for years of scam calls after personal data leaked (Moose Jaw Today) A proposed class action suit has been launched against Dell Technologies on behalf of thousands of Canadians whose personal information was compromised in a data breach.