the near future: the latest about the coming year.
Five predictions for how ransomware attacks will develop in 2021 (Continuity Central) The business of ransomware boomed during 2020 and this trend is expected to continue through 2021. With certain patterns already developing, data integrity company Index Engines makes the following predictions for the effects of ransomware in 2021...
‘Somehow, it managed to get worse’: Ransomware ticks up in 2020 (StateScoop) While cyberattacks against the public sector haven’t slowed down at all, some states are putting more resources into how they help local governments recover.
Why Data Security Will Face Even Harsher Hackers in 2021 (eWEEK) eWEEK PREDIXIONS 2021: Ransomware attacks will shift from “I’ve stolen all your data, now pay me” to “I'm going to extort your CEO with information I’ve found in the data I’ve stolen from you, and if you don't pay, we’ll devalue your stock on Wall Street.”
Predictions: The Top SIEM Threats of 2021 (And How to Prevent Them) (Solutions Review) What are the top SIEM threats of 2021? How can a next-generation SIEM solution help prevent these threats? Find out more here.
AI needed to vet 100 billion cyber threat items per day (The Jerusalem Post) ‘Minority report’ level tech may soon guess cyber crimes before they happen
Cyber secure online shopping: A checklist for your Holiday shopping (AwareGO) Cyber secure online shopping is not just about avoiding fake shops, but also, fake emails, fake deals and fake products. Follow our tips to safe shopping.
Scammers step up efforts to target older Americans during pandemic (TheHill) Older adults have faced a barrage of online scams during the COVID-19 pandemic, with the upcoming holiday season and increased consumer spending likely to intensify the problem.
Cyber scammers target people trying to buy puppies during pandemic (100.3 The Bull) The Better Business Bureau warns that scammers are cashing in on a COVID trend – more people buying dogs – to rip them off. WBBM Newsradio’s Nancy Harty reports.
Cyber Attacks, Threats, and Vulnerabilities
Backdoor and document stealer tied to Russia's Turla group (SC Media) The Crutch toolset was designed to exfiltrate sensitive documents and other files to DropBox accounts controlled by Turla operators.
State-Sponsored Hackers Likely Behind Attacks on COVID-19 Vaccine Cold Chain (SecurityWeek) An unknown threat actor that is likely sponsored by a nation state is believed to be behind a phishing campaign targeting the COVID-19 vaccine cold chain.
Hackers target groups in COVID-19 vaccine distribution, says IBM (Reuters) IBM and U.S. officials are sounding the alarm over hackers targeting companies critical to the distribution of COVID-19 vaccines.
Eli Lily CISO on COVID vaccine suppliers: 'My biggest concern is their being aware they are a target' (SC Media) The comments come on the heels of IBM's discovery that hackers had targeted the cold storage suppliers for COVID-19 vaccine distribution.
Covid-19 Vaccines Are ‘Liquid Gold’ to Organized Crime, Interpol Says (Wall Street Journal) Criminal gangs will likely attempt to get their hands on supplies of new Covid-19 vaccines, international police organization Interpol warned, potentially disrupting supplies of the crucial shots as they become available.
Darknet Drug Dealers Are Now Selling ‘Pfizer COVID Vaccines’ (Vice) When we asked for proof, one replied with a stock image of a vial labelled “Coronavirus Vaccine”.
IceRat: Schadprogramm mit doppeltem Nutzen für Cyber-Kriminelle (Datensicherheit) Bei IceRat haben die Angreifer die Schadfunktionen nicht in eine Datei geschrieben, sondern diese auf mehrere Komponenten verteilt, welche zu der Malware zusammengesetzt wurden.
Rapid Response: TrickBoot (Huntress Labs) The TrickBot malware family has sustained its status as a worthy adversary in the world of cybersecurity since 2016. Even after a recent…
FBI Warns of Auto-Forwarding Email Rules Abused for BEC Scams (SecurityWeek) The FBI has issued a notification to warn organizations of scammers setting up auto-forwarding email rules to facilitate BEC schemes
FINRA Warns Brokerage Firms of Phishing Campaign (SecurityWeek) Cybercriminals are using a fake FINRA domain in a phishing campaign targeting United States organizations, FINRA warns.
Sales of CEO email accounts may give cyber criminals access to the "crown jewels" of a company (TechRepublic) Multiple security professionals said stolen credentials on Exploit.in were part of a tidal wave of business email compromise attacks.
Absa bank embroiled in data leak, rogue employee accused of theft (ZDNet) Personal information belonging to banking customers was compromised.
‘You have 24 hours’: Hackers demand $1m ransom from Israeli firm (Haaretz) Leading Israel insurance firm targeted in cyber attack this week gets ransom note demanding 50 bitcoin: 'If you will not pay, the price will double. After that we will sell your data'
Ransomware gang says they stole 2 million credit cards from E-Land (BleepingComputer) Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack.
Data of 243 million Brazilians exposed online via website source code (ZDNet) The password to access a highly sensitive Ministry of Health database was stored inside a government site's source code.
Kmart nationwide retailer suffers a ransomware attack (BleepingComputer) US department store retailer Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned.
As Baltimore County recovers from ransomware attack, state audits have routinely found security problems in other school districts (Baltimore Sun) In the last six years, state audits routinely have identified cybersecurity vulnerabilities in most of Maryland’s 24 school systems. Experts say cyber attacks on public school systems are on the rise around the country.
Here's how Franklin lost $522K to a fraud attack, and what the town's doing about it. (The Milford Daily News) Town Collector-Treasurer\u00a0Kerri Bertone\u00a0fell victim to a “sophisticated cyber fraud spear-phishing attack.\
()
Cyber Trends
One in 10 businesses sell your personal data (IT-Online) Customer data is a valuable commodity to businesses, which they use to improve and market their products. However, some companies profit from selling your data to other businesses. According to data presented by the Atlas VPN team, one in 10 businesses globally sell customer data to third parties. The numbers are based on The Kaspersky […]
Check Point warns of surge in phishing scams as hackers impersonate delivery vendors (Security Brief) Hackers are impersonating trusted delivery vendors, like Amazon, DHL and FedEx, to commit financial fraud.
The top 10 data breaches of 2020 (Security Magazine) Recent data from Risk Based Security revealed that the number of records exposed has increased to a staggering 36 billion in 2020. There were 2,935 publicly reported breaches in the first three quarters of 2020, with the three months of Q3 adding an additional 8.3 billion records to what was already the “worst year on record.” Here, we bring you our list of the top 10 data breaches of 2020.
Marketplace
UK Cybersecurity Firm Glasswall Raises £18 Million (SecurityWeek) UK-based cybersecurity company Glasswall has raised £18 million ($24 million) to help fund its expansion.
MDR Provider GoSecure Raises $35 Million (SecurityWeek) Managed Detection and Response (MDR) provider GoSecure this week announced that it has secured $35 million in Series E growth funding
Facebook Splits Up Unit At Center of Contested Election Decisions (The Information) Facebook is breaking up its unit focused on the social network’s role in elections globally, dispersing the team of roughly 300 through a sweeping reorganization beginning this week, according to internal memos seen by The Information. Employees from Civic Integrity, who have been at the center ...
Facebook to Remove Covid-19 Vaccine Misinformation From Platforms (Wall Street Journal) The social-networking giant updated its misinformation policy on the coronavirus to include vaccine-related content, as the company looks to fight claims it isn’t doing enough to protect its billions of users.
Facebook to start policing anti-Black hate speech more aggressively than anti-White comments, documents show (Washington Post) The company is overhauling its algorithms that detect hate speech and deprioritizing hateful comments against Whites, men and Americans.
Target Drops Symantec, Taps CrowdStrike For Fast Deployment (CRN) Target in recent months ditched Symantec and deployed CrowdStrike Falcon across their entire 368,000-employee environment in less than 10 days, said President and CEO George Kurtz.
Sherry Lowe joins Exabeam as chief marketing officer (Help Net Security) Exabeam announced the appointment of technology industry veteran Sherry Lowe to chief marketing officer (CMO).
Products, Services, and Solutions
Licel Introduces Alice - a Real-time Attack Telemetry System that Reveals the Cyber Threats Facing Apps (PR Newswire) The global app security company, Licel, announced the arrival of their latest product this week. In a world of ever-changing threats to app...
Kudelski Security Expands Research and Advisory Services to Quantum Security (PR Newswire) Kudelski Security, the cybersecurity division within the Kudelski Group (SIX:KUD.S), announced today the launch of a new focus on quantum...
Intelligent SOC-as-a-Service Right-Sizes Cybersecurity (Netenrich) Intelligent SOC service gives enterprises choice, flexibility and scale to buy what they need now to gain security operations efficiencies.
Telos Corporation Supports the Launch of Professional Services in AWS Marketplace (Telos Corporation) Telos® Corporation, a leading provider of cyber, cloud and enterprise security solutions for the world’s most security-conscious organizations, today announced that it is participating in the launch of…
Nozomi Networks and Chinook Systems Team to Deliver OT & IoT Security Solutions for Industrial and Critical Infrastructure Facilities (Nozomi Networks) Chinook offers Nozomi Networks’ Operational Technology (OT) and Internet of things (IoT) visibility and anomaly detection solutions to its government, healthcare, transportation and defense industrial base customers.
()
HackerOne Now Available in AWS Marketplace (BusinessWire) HackerOne, a leading hacker-powered security platform, announced today that it is making its debut in AWS Marketplace. Amazon Web Services (AWS) custo
Open Source Tool Helps Secure Siemens PCS 7 Control Systems (SecurityWeek) Industrial cybersecurity company OTORIO has released an open source tool designed to help organizations harden Siemens PCS 7 DCS environments
Dell Announces New Supply Chain Security Offerings (SecurityWeek) Dell announces new security offerings to help protect organizations against threats targeting the supply chain, the boot process and data
New Solid-State Drive Delivers Fast, Secure Storage (GlobeNewswire) Ultra-portable, water-resistant solid-state drive integrated with industry-leading encryption
Okta expands deployments for Canadian Western Bank, First National of Nebraska, and Nota (Help Net Security) Okta expanded deployments for Canadian Western Bank, First National of Nebraska, and Nota, powered by M&T Bank.
Okta set for govt customers after meeting security standard (iTWire) Global identity provider Okta says it has completed the requirements of the Information Security Registered Assessors Program which ensures that Federal Government entities can access high-quality information and communications technology assessment services. The company said in a statement on Wedne...
Cellebrite Announces Industry's First All-In-One Solution For Data Triage & Collection from Windows & Apple Computers (PR Newswire) Cellebrite, the global leader in Digital Intelligence (DI) solutions for the public and private sectors, today announced the Q1 2021 launch of...
Amazon's Panorama box lets firms check if staff follow coronavirus rules (BBC News) AWS Panorama adds a range of employee monitoring powers to existing workplace camera systems.
How AMD’s full-stack, multi-layered features ensure security in a changing world
(YourStory.com) By combining hardware-based security features and associated software protections, AMD is helping to better protect users against many cyberattacks including sophisticated low-level firmware attacks.
Technologies, Techniques, and Standards
NERC expands IT-focused cybersecurity program as hackers actively target grid operations tech (Utility Dive) Previously focused on the IT-side of utility operations, the Cybersecurity Risk Information Sharing Program will now include two pilots scanning for threats to operational technologies.
The Need to Change the Paradigm of Control System Cyber Security - Part 2: Lack of Control System Cyber Incident Information Sharing (The First Global Cybersecurity Observatory) OT cyber security depends on the ability to expeditiously identify cyber incidents/attacks. Yet, that is not happening for technological and other reasons. This paper identifies the issues associated with the lack of identifying and sharing information about control system cyber incidents.
Reverse Engineering Tools: Evaluating the True Cost (Threatpost) Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears.
Council Post: 11 Expert Tips For Young Tech Execs Recovering From A Devastating Hack (Forbes) Dealing with a major systems hack doesn’t just mean addressing the present problem; it also requires building better protections so it’s less likely to happen again.
Keeping your tech updated could save you a lot of money in a data breach (TechRadar) The cost of a data breach is higher for firms with outdated tech
()
Design and Innovation
Amazon announces new machine learning tools to help customers monitor machines and worker safety () AI-enhanced tools promise safety and efficiency gains in industrial settings, but privacy campaigners fear mission creep
Research and Development
Chinese scientists demonstrate quantum supremacy (Computing) Boson sampling device can accomplish a specific task in 200 seconds that would take the most powerful supercomputer 600 million years
Bitglass Awarded Second Patent for Cloud Access Control (BusinessWire) Bitglass, the Total Cloud Security Company, has been awarded U.S. Patent No. 10,855,671 for another fundamental invention in transparent, contextual a
Academia
Cyber Attack Causing Students To Fall Behind? (WAAY News) Sophia Borrelli spoke to parents of students in the Huntsville City School District after some parents expressed concerns about their children falling behind this year.
UWF re-designated as Cybersecurity Regional Hub for the Southeast US with expanded mission, region and partnerships (University of West Florida Newsroom) The University of West Florida has been re-designated by the National Security Agency and Department of Homeland Security as the Southeast Centers of Academic Excellence in Cybersecurity (CAE-C) Regional Hub. “This prestigious re-designation recognizes the excellent and innovative contributions by UWF’s Center for Cybersecurity,” UWF President Martha D. Saunders said. “UWF has developed a number […]
Legislation, Policy, and Regulation
Cybersecurity and Privacy Must Both Be Fundamental Rights (Medium) During the pandemic, hundreds of millions of people are working and learning from home to minimize spread of the coronavirus.
US, Estonia Partnered to Search Out Cyber Threat From Russia (SecurityWeek) U.S. Cyber Command conducted a cyber operation with Estonia to preemptively identify cyber threats from Russia and other adversaries that could be used against U.S. networks.
US, Estonia partnered to search out cyber threat from Russia (AP NEWS) In a modern twist on old-fashioned war games, the U.S. military dispatched cyber fighters to Estonia this fall to help the small Baltic nation search out and block potential...
U.S. Boosts China Spying Budget to Meet Growing Economic, National-Security Threat (Wall Street Journal) While the precise amounts are classified, U.S. officials said spending on China is being increased across the roughly $85 billion annual intelligence budget to glean secrets from the country, analyze its current actions and predict its future course.
United States adds China's SMIC and CNOOC to Defense blacklist (Reuters) The Trump administration on Thursday added China's top chipmaker, SMIC, and oil giant CNOOC to a blacklist of alleged Chinese military companies, drawing condemnation from Beijing as President-elect Joe Biden prepares to take office.
How Biden could galvanize the world against Huawei (POLITICO) Foreign allies hope for ‘less noise,’ more practical solutions.
Ratcliffe says Biden getting "all of the same intelligence" as Trump, warns of China threat (CBS News) Ratcliffe told CBS News senior investigative correspondent Catherine Herridge that Biden and Harris are "receiving full classified briefings."
The Cybersecurity 202: The Biden administration will probably get a White House cyber czar (Washington Post) The incoming Biden administration will likely include a White House cybersecurity director who will coordinate government efforts to secure the nation against hacking. Congress wants to make sure of it.
Congress set to establish White House national cyber director, enact other Solarium Commission recommendations (CyberScoop) Congress is on the verge of creating a Senate-confirmed national cyber director within the White House who would advise the president on cybersecurity and coordinate federal government cyber work.
Final NDAA Calls for the Establishment of a National Cyber Director (Nextgov) A key architect of the bill’s cyber provisions also highlighted an ammendement that would codify cybersecurity roles for sector-specific agencies.
Cyber Command deployed personnel to Estonia to protect elections against Russian threat (CyberScoop) The Pentagon deployed Cyber Command personnel to Estonia in recent months as part of a broader effort to protect U.S. elections against foreign hacking.
Compromise defense bill confronts a rising China (Defense News) Eyeing China’s rise as a global military and economic power, lawmakers unveiled a compromise defense policy bill Thursday that targets China on multiple fronts, with $6.9 billion prescribed for a new Pacific Deterrence Initiative over two years.
Rounds Statement on Inclusion of National Cyber Director in NDAA Conference Report (South Dakota War College) Rounds Statement on Inclusion of National Cyber Director in NDAA Conference Report WASHINGTON —U.S. Sen. Mike Rounds (R-S.D.), Chairman of the Cybersecurity Subcommittee of the Senate Armed Service…
Senate Passes Bipartisan Defense Bill, Including Key Provisions Introduced By Senator Hassan to Protect National Security | U.S. Senator Maggie Hassan of New Hampshire (The Official U.S. Senate website of Senator Maggie Hassan of New Hampshire) Bipartisan Legislation Includes Senator Hassan’s Amendments to Establish a Cybersecurity State Coordinator in Each State, Strengthen Efforts to Protect Overseas Service Members from Small Drones
Defense bill set to pass with state cybersecurity programs (StateScoop) The National Defense Authorization Act would grow the National Guard’s cyber roles and create a federal cybersecurity adviser for every state.
On Section 230, It's Trump vs. Trump (Wired) The president is urging Congress to repeal a law that his own trade agreements commit the country to.
Why Biden Might Follow Trump’s Lead on Cybersecurity Policy (The Record by Recorded Future) In interviews with The Record, and at a series of online events this week, experts said the Biden administration will likely build on Trump's cyber efforts.
CISA set to receive subpoena powers over ISPs in effort to track critical infrastructure vulnerabilities (SC Media) The provision, included in the National Defense Authorization Act, will allow CISA to obtain subscriber information for vulnerable IT assets related to critical infrastructure.
CISA doesn't plan to tackle COVID vaccine disinformation (FCW) CISA’s acting director Brandon Wales said his agency is not the right source to counter anticipated disinformation about coronavirus vaccines.
The sad, scary case of the National Counterterrorism Center (Washington Post) The incoming Biden administration must quickly address a potentially dangerous intelligence problem the Trump administration has allowed to fester — the decline and demoralization of the National Counterterrorism Center, which is supposed to coordinate protection of the homeland but has been starved of resources.
Schools Aren't Doing Enough to Protect Their Networks, Top Cybersecurity Official Warns (Education Week) The nation's top cybersecurity official urged schools to take advantage of free federal resources for safeguarding their networks.
Cybersecurity under fire: CISA’s former deputy director decries post-election vilification (CSO Online) Matt Travis talks about CISA's role in the recent US elections and how President Trump and his surrogates have politicized the security function.
A former deputy director emerges as a top contender to lead the C.I.A. (New York Times) David S. Cohen, a former deputy C.I.A. director, is President-elect Joseph R. Biden Jr.’s leading choice to head the spy agency, according to multiple people familiar with the process.
Ousted CISA chief would consider role in Biden administration (FCW) Chris Krebs, fired by President Trump via Twitter in November, continued to re-enforce his message that the 2020 elections were secure.
Litigation, Investigation, and Law Enforcement
WSJ News Exclusive | U.S. in Talks With Huawei Finance Chief Meng Wanzhou About Resolving Criminal Charges (Wall Street Journal) The Justice Department is discussing an arrangement with Meng Wanzhou that would allow her to return home to China from Canada, in exchange for admitting wrongdoing in a criminal case that has strained Beijing’s relations with the U.S. and Canada.
U.S. Used Patriot Act to Gather Logs of Website Visitors (New York Times) A disclosure sheds new light on a high-profile national security law as lawmakers prepare to revive a debate over it in the Biden administration.
DOJ's China hack indictments offer businesses key threat intel, officials say (FCW) A Justice Department official today disclosed that 1,000 Chinese researchers have been expelled from the country for hiding their affiliation with the Chinese military.
U.S. states plan to sue Facebook next week: sources (Reuters) A group of U.S. states led by New York is investigating Facebook Inc for possible antitrust violations and plans to file a lawsuit against the social media giant next week, four sources familiar with the matter said on Wednesday.
The withering email that got an ethical AI researcher fired at Google (Platformer) "Stop writing your documents because it doesn’t make a difference": Timnit Gebru's final message to her peers
Acting chief of cybersecurity stands by statement that got his predecessor fired (Washington Examiner) The acting director of the Cybersecurity and Infrastructure Security Agency said the department stands by the statement it released in mid-November that concluded there was no evidence that voting systems were compromised in the 2020 election, the same statement that got his predecessor fired.
New CISA head stands by fired Krebs’ statement on presidential election integrity (The Washington Times) Brandon Wales, the acting head of the U.S. Cybersecurity and Infrastructure Security Agency, affirmed Thursday its assessment about the presidential election that cost his predecessor his job.
Krebs Unloads About Trump’s Election-Fraud Claims (Nextgov) In the fallout from being fired, the former director of the Cybersecurity and Infrastructure Security Agency is concerned about how his experience will affect the recruitment of future leaders.
Fired US Cybersecurity Chief Considers Legal Action (Infosecurity Magazine) Trump’s former head of election cybersecurity may sue lawyer who said he should be “drawn and quartered”
Valuable Data Privacy Lessons In CNIL’s Enforcement Action Against Carrefour France (JD Supra) In addition to the not-insignificant €2.25 million fine, CNIL's enforcement action against Carrefour France raises some universal points for companies...
Imprisoned hacker ordered to be released, promptly deported (Washington Post) A computer hacker serving 20 years for giving the Islamic State group the personal data of more than 1,300 U.S. government and military personnel has been granted compassionate release because of the coronavirus pandemic and will be placed in ICE custody for prompt deportation, a federal judge ordered Thursday.
Hacker Who Stole Information From Nintendo Sentenced (SecurityWeek) A computer hacker who stole information from Nintendo and was also caught with child pornography on his computer was sentenced Tuesday to three years in prison.
German Court Slashes GDPR Fine for Telecoms Giant by 90% (CPO Magazine) A German court has slashed a GDPR fine assessed to one of the country's largest telecommunications service providers by over 90%, calling it 'unreasonably high.'
MoginRubin Represents Those Affected by Dickey’s BBQ Data Breach of Se (PRWeb) News of a data breach at Dickey’s Barbeque broke in October 2020, revealing that the payment card information of three million customers’ had been stolen and w
Blackbaud Ransomware MDL Appears Set For South Carolina (Law360) More than 15 lawsuits accusing cloud computing provider Blackbaud Inc. of negligently allowing a May ransomware attack that might have exposed health and education clients' unencrypted data appear headed for consolidation in South Carolina federal court.
Zoom Says 'Zoombombing' Privacy Suits Don't Allege Harm (Law360) Putative class actions claiming that Zoom shared unauthorized data, failed to prevent meeting disruptions by third-parties called "Zoombombings," and misrepresented its encryption protocols should be tossed because they don't allege harm, the video-conferencing platform said Wednesday.