the near future: the latest about the next few months.
Six cryptographic trends we'll see next year (Help Net Security) The movement toward broad acceptance of cloud-based encryption and key management will accelerate. What cryptographic trends are coming?
6 security predictions that will impact healthcare in 2021 (TechRepublic) Attacks against COVID-19 vaccine developers will continue, while more reports will surface about patient data leaks in the cloud, says Kaspersky.
COVID-19's lasting effect on cybersecurity and what to expect in the new year (Mobileiron.com) Let's face it — 2020 was a difficult year for cybersecurity. Hacks, scams, and ransomware attacks were at an all-time high... cybersecurity has faced a slew of unprecedented attacks. With remote work extended into 2021... Read more.
Top 20 Predictions Of How AI Is Going To Improve Cybersecurity In 2021 (Forbes) What 20 Leading Cybersecurity Experts Are Predicting For 2021
Future Insights - Where is Your Data? You’ll Find Out in 2021 (Forcepoint) So, as we near the end of 2020 I imagine there are many CISOs, CIOs and indeed business leaders sitting out there, patting themselves on the back as they survey their workforces, established in remote / hybrid office-and-home systems, happily and productively accessing data and continuing to work in an entirely new way.
Future Insights - The Rise of Insider Threat-as-a-Service (Forcepoint) The biggest threats will come from where you least expect
Future Insights - In 2021 and Beyond, Disinformation is Inevitable (Forcepoint) In 2021 and beyond, disinformation is inevitable as people continue to believe what they read at face value without any additional research.
Future Insights - People Do People Things (Forcepoint) As 2020 comes to an end, the importance of understanding the relationship between humans and technology is at an all-time high. Widespread shifts in the fabric of our society, prompted by the ongoing pandemic, exposed weaknesses in security tools and protocols for remote workers, highlighted issues of network reliability and accessibility, and demanded that humans find innovative ways to keep organizations running.
Future Insights – Inherent Bias in Machine Learning (Forcepoint) Cracks in Trust and How to Mend Them
Future Insights - The Emergence of the Zoom of Cybersecurity (Forcepoint) I always love looking towards the future, but in 2020 it seems that the future rushed right at us, startling us and shaking us all up. Now we’ve had a little time to adapt, we can regroup, reassess, and take steps forward again.
National Cyber Security Centre reveals six steps to safer online Christmas shopping (Microsoft News Centre UK) New figures reveal that cybercriminals stole an average of £775 from each victim last year.
Cyber Attacks, Threats, and Vulnerabilities
Russian intelligence services exploit virtual workspace vulnerabilities. (The CyberWire) Russian intelligence services are exploiting a VMware vulnerability in the wild. NSA strongly recommends applying available patches to virtual workplace products.
China tweet that enraged Australia propelled by 'unusual' accounts, say experts (CRN Australia) Amplified across social media by unusual accounts, of which half were likely fake.
North Korea Shows Its Softer Side. ‘It’s Finally Kimchi Season.’ (Wall Street Journal) Leader Kim Jong Un’s propaganda machine is turning off the vitriol and turning on the charm.
'Ransomware Is Quickly Becoming a National Emergency' Amid Pandemic: CISA Acting Director Testifies (The Sociable) "Ransomware is quickly becoming a national emergency" amid the pandemic, CISA Acting Director Brandon Wales testifies in a Senate hearing.
Hackers threaten to disrupt COVID-19 vaccine supply chain (TheHill) Government officials and health-care groups are growing increasingly concerned about nation states and criminal hackers targeting the supply chain for COVID-19 vaccines.
Former cybersecurity chief says Russia, China, Iran and North Korea are trying to steal coronavirus vaccine IP (CNBC) Former CISA director said Sunday that adversaries have attempted to steal intellectual property related to the coronavirus vaccine.
UAE target of cyber attacks after Israel deal, official says (Reuters) The United Arab Emirates was the target of cyber attacks after establishing formal ties with Israel, the Gulf Arab state's cyber security head said on Sunday.
CISA Warns of Iran’s Offensive Cyber Capabilities (Nextgov.com) One observer suggests the alert is meant more for the adversary than defenders.
Black Shadow Hackers Demand 200 BTC Ransom from Israeli Insurance Giant Shirbit (Bitcoin News) One of the largest insurance companies in Israel has been hit by a ransomware attack, and the threat actors started to release sensitive data, as the firm
‘Ideological cyber terror’: Israeli firm refuses to pay hackers’ ransom (Haaretz) Shirbit insurance insists motive attack is strategic and not financial; sensitive information dumped on internet after ransom deadline passes
‘Be a mensch’: Hackers leak negotiation texts as Israeli insurer refuses ransom (Times of Israel) Cybercriminals release sensitive data as Shirbit laments 'terrorism,' claims attack is meant to cause strategic harm with no financial motive; talks appear to show otherwise
Shirbit hackers release more data as company refuses to pay ransom (The Jerusalem Post) Medical information, checks and pay stubs were among the customer information released.
Cyber authority to victims post-Shirbit hack: Get new identity cards (The Jerusalem Post) Check Point: Major spike in cyberattacks on Israeli companies
Who's behind this week’s massive cyberattack – and why Israel should worry (Haaretz) Amateurs or a foreign state? Cyber-criminals or hacktivists? Here’s everything you need to know about the ‘anti-Israel’ cyberattack on Shirbit insurance
The Shirbit hack was a warning (Israel Hayom) If you think the ongoing cyberattack on the Shirbit insurance agency was bad, just wait until the black hats break into your city's databases. They're bound to find a treasure trove of even more sensitive information.
Iranian Hackers Access Unprotected ICS at Israeli Water Facility (SecurityWeek) Iranian hackers have accessed an unprotected industrial control system (ICS) at a water facility in Israel.
What We’ve Learned from the December 1st Attack on an Israeli Water Reservoir (Otorio) What Happened? On the night of December 1st, 2020, an Iranian threat-actor published a video of a breach in an Israeli reclaimed water reservoir HMI system.
DeathStalker APT group seen in US for first time this year, targeting user devices (SC Media) Kaspersky researchers reported that the attack featured a new strain of malware centered around a backdoor that aims to take over user devices.
Hacker-for-Hire Group DeathStalker Implements New Malware (BankInfo Security) The hacker-for-hire group DeathStalker, known for conducting espionage campaigns against small and medium-sized businesses, has started using a new malware strain
Kaspersky catches hacker-for-hire group using 'PowerPepper' malware (CyberScoop) The hack-for-hire business is thriving. Following the revelation in November that a new mercenary group had targeted organizations in South Asia, researchers on Thursday outlined how another suspected hack-for-hire shop has used malicious code to try to breach organizations in Europe and the Americas.
Aurora is being ignored despite attacks and incidents (Control Global) Given the sensitivity of this blog, it is reasonable to ask why write the blog and why now? The answer to why write the blog is because there are still those who question whether Aurora is real as well as the validity of the 2007 Idaho National Laboratory (INL) Aurora generator test. The answer to why now is because I recently received a second independent confirmation of the Iranshahr incident being an Aurora attack.
Google removes some IAC browser extensions for 'policy violations' (Reuters) Alphabet Inc's Google said on Sunday it has removed a number of browser extensions of online conglomerate IAC/InterActive Corp for "policy violations" and is reviewing "enforcement options."
Android apps with 200 million installs vulnerable to security bug (BleepingComputer) Android apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020.
This ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range (Wired) A Google researcher found flaws in Apple's AWDL protocol that would have allowed for a complete device takeover.
Novel Online Shopping Malware Hides in Social-Media Buttons (Threatpost) The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images.
Johnson & Johnson CISO: Healthcare orgs are seeing nation-state attacks every single minute of every single day (ZDNet) Johnson & Johnson is one of six COVID-19 research companies that have been recently targeted by North Korean state-sponsored hackers.
Researchers Bypass Next-Generation Endpoint Protection (Dark Reading) Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
Dental clinic learns of ransomware attack after phone call from hackers (HackRead) The ransomware attack was carried out by the Conti ransomware operator in November 2020.
Ransomware gangs are now cold-calling victims if they restore from backups without paying (ZDNet) Tactic used since August by ransomware gangs like Sekhmet, Maze, Conti, and Ryuk.
Largest global staffing agency Randstad hit by Egregor ransomware (BleepingComputer) Staffing agency Randstad NV announced today that their network was breached by the Egregor ransomware, who stole unencrypted files during the attack.
Ransomware hits helicopter maker Kopter (ZDNet) Data from Kopter's internal network has been published on the LockBit gang's blog, hosted on the dark web.
3 Million Pluto TV Users' Data Was Hacked, But the Company Isn't Telling Them (Vice) The data includes email addresses, IP addresses, and hashed passwords.
Ransomware Incident Impacts Greater Baltimore Medical Center Computer Systems (WJZ CBS13) The Greater Baltimore Medical Center confirmed Sunday evening they detected a ransomware incident that brought some of their systems down earlier Sunday.
GBMC Health Care reschedules some procedures because of IT systems outage, ‘ransomware incident’ (Baltimore Sun) Greater Baltimore Medical Center says it learned Sunday morning that GBMC HealthCare’s information technology systems experienced a “network disruption.”
Same Ransomware That Hit K-Mart Disrupts Mass Transit Service In Vancouver (Forbes) It’s been a busy week for the cybercriminals behind the devastating Egregor ransomware.
Kmart’s Troubles Worsen As Struggling Retailer Falls Victim To Ransomware (Forbes) US department store Kmart, which is already battling widespread store closures, has been hit by a ransomware attack that has knocked out the retailer’s back-end services.
Ransomware halts classes for 115,000 Baltimore pupils (BBC News) Baltimore County public schools shut after a cyber-attack knocks lessons offline.
Huntsville City Schools returning to class Monday after cyber attack (WAAY News) Huntsville City Schools will return to classes on Monday after a cyber attack sent students home earlier this week.
Cyber Attack Investigation Could be Lengthy (WAAY News) WAAY-31's Sophia Borrelli Discusses the impact that a Cyberware attack has had on the Huntsville City School Systems and how it affects virtual learning.
Springfield Schools offering free credit monitoring following cyber attack (WesternMassNews.com) A cyber attack targeting Springfield Public Schools a couple months ago now has school leaders taking action.
()
Firm that built NHS Nightingale Hospital hit by cyber attack (BirminghamLive) The impact from the attack on RMD Kwikform's operations is not yet known
Security Patches, Mitigations, and Software Updates
VMware Rolls a Fix for Formerly Critical Zero-Day Bug (Threatpost) VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to "important."
VMware Clears Command Injection Hole (ISSSource) VMware has a fix available to handle a command injection vulnerability in multiple products.
Cyber Trends
The Hidden Costs of Cybercrime (McAfee) Since 2018, we estimated that the cost of global cybercrime reached over $1 trillion. We estimated the monetary loss from cybercrime at approximately $945 billion. Added to this was global spending on cybersecurity, which was expected to exceed $145 billion in 2020. Today, this is $1 trillion dollar drag on the global economy.
Covid is Causing Shipping Issues, But Natural Competitive Forces Are Causing Darknet Market Consolidation (Chainalysis) Darknet markets have long fascinated the public, starting with the infamous Silk Road, which accounted for nearly 20% of all Bitcoin activity during its heyday in 2013.
The IronNet December Threat Intelligence Brief (IronNet) The IronNet December Threat Intelligence brief covers recent Indicators of Compromise, new threat intelligence rules, and analysis of community threat research.
Pandemic, cyber attack & data fraud remains top concern for Companies: Study (United News of India) The continued effects of the COVID-19 pandemic, or a new public health crisis, emerged as the top risk concerns for Indian companies, according to a joint study conducted by Marsh, the world’s leading insurance broker and risk adviser, and RIMS, the risk management society.
Do cybersecurity like a boss: 35 experts to follow on Twitter (TechBeacon) Do cybersecurity like a boss. Follow these folks and you will keep one step ahead.
One in ten businesses sell your personal data to third parties (Atlas VPN) Customer personal data is a valuable commodity to businesses, which they use to improve and market their products. However, some companies profit from selling your data to other businesses. According to data presented by the Atlas VPN team, one in ten businesses globally sell customer data to third parties.
In 2020, Disinformation Broke The US (BuzzFeed News) Lies about science, civil rights, and the vote itself have turned Americans against one another.
From Kashmir to BigBasket, India under attack in cyber space (ET Telecom) This year, till August, India faced nearly 7 lakh cyber attacks, as per the data compiled by the Indian Computer Emergency Response Team (CERT-In).
Marketplace
Investcorp announces the sale of leading cybersecurity provider, Avira, to NortonLifeLock for US $360 million (PR Newswire) Investcorp today announced that it has entered into a definitive agreement to sell Avira (or the "Company") to NortonLifeLock (NASDAQ: NLOK), a...
Cybersecurity Company Deduce Raises $7.3 Million (Pulse 2.0) Deduce — a leading provider of cybersecurity solutions powered by real-time customer identity — announced it has raised $7.3 million in funding
Imprivata Acquires Patient Privacy Intelligence Company FairWarning (HIT Consultant) Imprivata acquires FairWarning Technologies, a provider of patient privacy intelligence to offer single Digital Identity platform.
PKWARE acquires Dataguise to expand global footprint (CTOvision.com) PKWARE has acquired Dataguise, a company with innovative technology for businesses to discover and protect personal data stored across diverse IT systems and environments. Combining Dataguise’s best-in-class ability to discover and […]
Shares of Chinese Companies on U.S. Blacklist Fall as Index Eviction Looms (Wall Street Journal) Shares of some companies the U.S. government says support China’s military fell Monday, after index compiler FTSE Russell said it would drop the stocks from major indexes.
Facebook’s Oversight Board plays it safe (Columbia Journalism Review) <p>This week saw the long-awaited public debut of Facebook’s Oversight Board, a group of twenty eminent lawyers, human rights experts, politicians, and journalists who superintend an appeals process for those who wish to have posts that have been removed by Facebook reinstated. The Oversight Board announced the first six cases it would hear, a small […]</p>
More than 1,200 Google workers condemn firing of AI scientist Timnit Gebru (the Guardian) More than 1,000 researchers also sign letter after Black expert on ethics says Google tried to suppress her research on bias
We read the paper that forced Timnit Gebru out of Google. Here’s what it says (MIT Technology Review) The company's star ethics researcher highlighted the risks of large language models, which are key to Google's business.
Bugcrowd Pays Over $2 Million to Researchers for Samsung Mobile... (Enterprise Security) Bugcrowd fortifies researcher partnerships by providing timely and secure payments.
Keeper Security Aims to Double in Size as Cybercrime Booms (Built In Chicago) The 204-person company will likely double in size over the next year, Guccione said, and is currently hiring across its teams, with a focus on engineering, software development and sales.
CrowdStrike CEO: Most Customer Deals Are Partner Led (MSSP Alert) Most of CrowdStrike's Q3 customer wins were partner-led deals, and sales via the Amazon Web Services (AWS) marketplace are growing, CrowdStrike CEO George Kurtz says.
Booz Allen Receives $50M Army Contract for ISR R&D Modernization (ExecutiveBiz) Booz Allen Hamilton has received a $49.9M contract to help the U.S. Army modernize research and deve
On cloud nine: Why these cloud security stocks are soaring (Fortune) Big earnings beats from companies including CrowdStrike, Zscaler, and Okta are "another seminal moment in this cloud transformation," says one analyst.
Far From Being Overdone, Palantir Stock Is Set to Run (InvestorPlace) Palantir stockhas done way better than expected, and as seen this year with hot tech stocks, the momentum can continue for a while.
Major Canadian PRI signatories buy Palantir’s controversial non-voting shares (Responsible Investor) Named after a crystal ball in Lord of the Rings, some are concerned that Palantir offers fictional shareholder rights
Socure Wins American Financial Technology Award for the “Best New Data and Data Services Technology” From WatersTechnology (BusinessWire) Socure, the leader in Day Zero identity verification, today announced that it has won the “Best New Technology Introduced over the Last 12 months – Da
Op-ed: A Silicon Valley founder on why he replaced himself as CEO (CNBC) The tech sector is full of start-ups led by big personalities. More need to get over fears about succession planning and do what I did: Give up the CEO role.
KnowBe4 Awarded Gold Medal in Security for Inc.’s 2020 Best in Business List (GlobeNewswire) First annual recognition program celebrates companies making the biggest impact on their communities, their industries, the environment, or society as a whole
Cybersecurity & Privacy Group Of The Year: Cooley (Law360) Cooley LLP helped Facebook reach the largest cash settlement ever in a privacy case, resolving litigation that could have led to tens of billions of dollars in damages, while swiftly steering videoconferencing platform Zoom through probes from state and federal regulators, earning the firm a place among Law360's 2020 Cybersecurity & Privacy Groups of the Year.
Northrop Grumman’s Jennifer Walsmith Named WashingtonExec Intelligence Council Chair (WashingtonExec) Jennifer Walsmith, sector vice president and general manager of the Cyber and Intelligence Mission Solutions division within Northrop Grumman’s Mission
NSA’s National Cryptologic Museum gets new director (Federal News Network) The popular National Cryptologic Museum has been closed to the public, but it hasn’t been static. It’s acquired new exhibits and is planning to relocate into a new National Security Agency location.
Maine Native named Chief Information Security Officer of the Year (Press Herald) Aimee Barricelli, senior vice president, chief information security officer, at Webster Bank in Waterbury, Connecticut — who has ties to Old Orchard Beach — has been named 2020 Chief Information Security Officer of the Year by the American Cyber Awards. The national awards program reviews the industry, searching for those who are pushing the boundaries …
Fugue Appoints Josh Stella as CEO and David Mitchell as President and COO (Fugue) Fugue has appointed founder and CTO Josh Stella as CEO, and David Mitchell as President and COO to accelerate company growth.
Products, Services, and Solutions
IFB launches threat intelligence service amid rising Covid cyber threats (Digit) IFB has launched Threat Intelligence, a new cybersecurity service designed to help businesses stay secure in response to Covid-19.
Intezer Protect Community Edition Now Available (Intezer) Free Cloud Workload Protection. Protect your compute resources in runtime against unauthorized and malicious code.
Cofense Introduces Industry Changing Phishing Detection and Response (PDR) Platform (BusinessWire) Cofense today introduced its Phishing Detection and Response (PDR) platform, which provides a comprehensive approach to stopping phishing attacks.
SLT launches Kaspersky internet security service (Telecompaper) Sri Lanka operator SLT has introduced a Kaspersky internet security product on the local market. Customers who take up SLT's offering will receive different protection layers designed to keep their device secure from threats on the internet while maintaining their device's performance. Product features include device security, online transactions, which includes banking and shopping, password management, parental control etc.
SolarWinds Showcases Latest Updates to Orion Platform at GITEX Technology Week 2020 (BusinessWire India) SolarWinds (NYSE:SWI), a leading provider of powerful and affordable IT management software, today announced its participation at GITEX Technology Week, December 6 – 10, 2020, in Dubai, United Arab Emirates.
Atlantica Digital and NanoLock Security Partner to Protect Tens of Millions of Smart Meters and Connected Devices in Italy and Throughout Europe (Energy CIO Insights) New managed security service powered by the Israeli cybersecurity provider and operated by Atlantica and Atlantica CyberNext will secure connected devices...
Authentic8 expands availability of Silo across Google Cloud’s infrastructure (Help Net Security) Authentic8 partners with Google Cloud to expand availability of Silo across Google Cloud’s infrastructure with 1-click procurement.
Certis Launches Next-Generation Security Solution (Acrofan) Purpose-built robots, artificial intelligence (AI) and manpower to provide safe and enriching experiences to the community
Wandera Launches Wandera Private Access for Secure Remote Connectivity (TechSpective) Companies of all sizes and across all industries have been forced to adapt to a business model where most—or all—employees work from home and connect
Netenrich debuts its Intelligent Security Operations Center (SiliconANGLE) Cybersecurity firm Netenrich Inc. today announced the general availability of its Intelligent Security Operations Center that’s aimed at helping midsized enterprises and managed service providers better manage their cybersecurity investments according to their evolving needs.
CyCraft Expands Support for Cloud and On-Prem Security Solutions with Latest in Network Detection and Response (PR Newswire) CyCraft Technology, the fastest-growing cyber security firm in Asia, announced its release of their latest AI-driven security product in the...
SentinelOne Selected for SLP Plus Contract Vehicle (Techwire.net) SentinelOne is now available for purchase via the California Software Licensing Program (SLP) Plus vehicle.
Darktrace Says Its AI Can Be Used for Employee Monitoring (BloombergQuint) Darktrace Says Its AI Can Be Used for Employee Monitoring
'Free Speech' Social Networking Platform Yauped Released Today on the App Stores as More Users Are Looking for Unbiased Options (PR Newswire) Many of today's big social media platforms have evolved into industry giants, with big-tech backing that is made to sell you, your data, and...
Technologies, Techniques, and Standards
NGA Deputy Discusses Technology in Government at Cyber Summit (U.S. Department of Defense) Technology innovation is about people and making sure the best employees are hired, the deputy director of the National Geospatial-Intelligence Agency said.
NGA’s Stacey Dixon on Accelerating Workforce Innovation (Executive Gov) Stacey Dixon, deputy director of the National Geospatial-Intelligence Agency (NGA) and a 2020 Wash10
Cyber Airmen train in weapons competition to increase cyber security (Sixteenth Air Force) Members of the 688th Cyberspace Wing participated in the annual Weapons Cyber Competition Nov. 16-20.The competition provided an opportunity to hone and sharpen technical skills by providing a
Darktrace Cyber Intel Director Justin Fier on Defending Healthcare (Computer Business Review) "I hope all medical institutions large and small are running drills around how to operate in an offline capacity" says Darktrace's Justin Fier.
The Number Of Cases Of Identity Theft In 2020 Is Alarming: Here's How To Avoid Becoming A Victim (International Business Times) With the Coronavirus keeping us all occupied and out-of-sorts, experts have seen a drastic rise in identity theft. Here's a refresher on how to keep your personal information—and your money—safe.
3 Ways to Ensure That Your Kids Aren’t Talking to Strangers Online (Programming Insider) Mobile phones have fast transformed itself from being a mere communication device to a must-owned gadget. From kids to teens, men, and women, everyone today has a mobile device. Now as much as this seems
AWS Instance Metadata Service (IMDS) Best Practices (Check Point Software) Omer Shliva Cloud Guard Dome9 Research Introduction Metadata is "data that provides information about other data” (Wikipedia). In other words, Metadata is
Design and Innovation
Juniper Plans to Mist-ify 128 Technology’s SD-WAN (SDxCentral) 128 Technologies will play a key role in the next phase of Juniper's Mist artificial intelligence-driven WAN said Juniper's Sudheer Matta.
Dell has established new ways to protect its PC and server supply chains (ITProPortal) The company introduced a whole swathe of new products and services.
Research and Development
Decentralized vs. Distributed Organization: Blockchain, Machine Learning and the Future of the Digital Platform (Organization Theory) The terms decentralized organization and distributed organization are often used interchangeably, despite describing two distinct phenomena. I propose distinguishing decentralization, as the dispersion of organizational communications, from distribution, as the dispersion of organizational decision-making.
Legislation, Policy, and Regulation
Five Cyber Strategies to Forget in 2021 (Center for Strategic and International Studies) There is an exuberant public discussion of cybersecurity. However, at times this discussion is not as well thought out as one might hope.
The Cybersecurity 202: Global losses from cybercrime skyrocketed to nearly $1 trillion in 2020, new report finds (Washington Post) Estimated global losses from cybercrime are projected to hit just under a record $1 trillion for 2020 as the coronavirus pandemic provided new opportunities for hackers to target consumers and businesses.
US Senators Warn of National Security Threats From China (BankInfo Security) The top Republican and Democrat on the U.S. Senate Intelligence Committee have issued a warning about the national security threats posed by the Chinese government.
US defence bill includes 5G rules to put pressure on Huawei, ZTE (South China Morning Post) Congress plans to require the Defence Department to reconsider sending military equipment or troops to a country if it uses Chinese 5G technology.
Cyber czar, CISA subpoenas included in must-pass defense bill (FCW) Lawmakers are poised to vote on a defense policy bill that would advance dozens of recommendations made by a cyberspace commission.
US and Australia to develop shared cyberattack training platform (BleepingComputer) The United States and Australia have signed a first-ever bilateral agreement that allows the U.S. Cyber Command (USCYBERCOM) and the Information Warfare Division (IWD) of the Australian Defense Force to jointly develop and share a virtual cyber training platform.
US and Australia sign first-ever cyber agreement to develop virtual training range (U.S. Cyber Command) As part of the Dept. of Defense’s efforts to sharpen lethality, reform business practices, and strengthen partnerships in cyberspace, the United States and Australia have launched a first-ever
U.S. Cyberforce Was Deployed to Estonia to Hunt for Russian Hackers (New York Times) An operation ahead of the November election was part of stepped-up efforts by the military to stop Russian interference in American politics.
US, Estonia Partnered to Search Out Cyber Threat From Russia (Voice of America) In a modern twist on old-fashioned war games, the U.S. military dispatched cyber fighters to Estonia this fall to help the small Baltic nation search out and block potential cyber threats from Russia. The goal was not only to help a NATO partner long targeted by its powerful neighbor but also to gain insight on Russian tactics that could be used against the U.S. and its elections.
The U.S. Cyber Command operation occurred in Estonia from late September to early November, officials from both countries disclosed this week, just as the U.S.
Estonia, U.S. Conduct Joint Defensive Cyber Operation (U.S. Department of Defense) U.S. Cyber Command and Estonian Defense Forces' cyber command conducted a joint defensive operation to counter malicious cyber actors and strengthen the cyber defense capability of both nations'
American leadership could save what is left of the global Internet (Washington Post) The global Internet no longer exists. There are already two Internets: the borderless and largely free Internet that you and I use every day; and the Chinese-style Internet walled off from the rest of the world and heavily surveilled by state authorities.
Section 230 — Quartz Weekly Obsession (Quartz) Section 230: The law that made the internet
President Trump’s Legacy on Cyberspace Policy (Council on Foreign Relations) President Trump’s legacy on cyberspace policy has been consequential but not transformative, an unsurprising outcome for a one-term president.
Experts see a shift in cybersecurity under a Biden administration (Washington Examiner) More international cooperation is likely a check against Russia and China.
Fortinet’s Phil Quade: Biden Admin Must Re-Appoint Nat’l Cybersecurity Executive (ExecutiveBiz) Phil Quade, chief information security officer at Fortinet, has said that President-elect Joe Biden
New DoD concept meant to govern cyber investment moves (Federal News Network) The Defense Department has established a concept it calls the Joint Cyber Warfighting Architecture. It’s supposed to govern investment decisions and make sure systems across the military services work together.
Congress could slow funding for cyber battlefield tool (Defense News) The Cyber Situational Understanding program loses $12 million in the NDAA.
How to Revitalize the Intelligence Community: A Long, But Essential To-Do List (Just Security) The president-elect and his DNI should act promptly and assertively to reverse Trump’s mistreatment of the IC and invest in critical technologies.
Pentagon spy agencies to meet with Biden transition team (Washington Post) Pentagon officials said Saturday that leaders of the military’s intelligence services will begin meeting with members of President-elect Joe Biden’s transition team Monday, ending what some current and former officials said was an impasse that undermined the transfer of control.
E.U. Privacy Rule Would Rein In the Hunt for Online Child Sexual Abuse (New York Times) Regulators argue that while abuse imagery on the internet is abhorrent, unchecked scanning for it by tech companies could violate privacy rights. A showdown looms.
Opinion | The Children of Pornhub (New York Times) Why does Canada allow this company to profit off videos of exploitation and assault?
Mastercard to investigate allegations against Pornhub (Reuters) Mastercard Inc said on Sunday it was investigating allegations against Pornhub.com following a newspaper column which said many videos posted on the adult website depicted child abuse.
Litigation, Investigation, and Law Enforcement
U.S. seeks up to 6 months of prison time for ex-FBI lawyer who pleaded guilty to altering email in Russia probe (Washington Post) U.S. prosecutors Thursday called for a prison term of up to six months for a former FBI lawyer who altered an email the bureau relied on to seek court authorization to surveil former Trump campaign adviser Carter Page during the investigation of Russian interference in the 2016 election.
TikTok Sale Deadline on Hold as Talks With U.S. Continue (Bloomberg) No new deadline is expected while deal discussions progress. Administration wants to finalize deal before Trump’s term ends.
Report Points to Microwave ‘Attack’ as Likely Source of Mystery Illnesses That Hit Diplomats and Spies (New York Times) A government-commissioned report provides the most definitive explanation yet for “Havana syndrome,” which struck scores of American employees, first in Cuba and then in China, Russia and other countries.
Edward Snowden asks Trump to pardon Wikileaks founder Julian Assange (ZDNet) Snowden claims the pardon would save Assange's life.
Canada court expected to hear from more police witnesses in Huawei CFO's U.S. extradition case (ETTelecom) A Canadian court is expected to hear from additional police witnesses on Friday as the second week of witness testimony wraps up in the case to extrad..
U.S. in talks to resolve criminal fraud charges against Huawei executive (Washington Post) The Justice Department is in talks with lawyers for a top Chinese tech executive under house arrest in Canada to resolve U.S. criminal fraud charges in a case that has strained Beijing’s relations with Ottawa and Washington.
Chinese Professor Pleads Guilty in Huawei Theft Case (Wall Street Journal) Bo Mao, accused of stealing technology for the Chinese technology giant, pleaded guilty to lying to federal agents.
CISA Labels 2 More Alleged Voting Issues as 'Rumors' (NTD) CISA added entries to its Election Security website it says are "designed to debunk common misinformation and disinformation narratives ...
Cybersecurity head fired by Trump says GOP needs to accept Biden's win, warns of foreign threat over vaccine (Newsweek) Chris Krebs pointed out that Republicans have set a double standard, as they've "accepted their outcomes and their races" in the House of Representatives.
Leveraging the Dark Web in Financial Crime Investigations (Authentic8 Blog) 46% of analysts believe using the #darkweb in #financialcrime investigations would be valuable but aren’t currently equipped to pursue such research safely
The coming war on the hidden algorithms that trap people in poverty (MIT Technology Review) A growing group of lawyers are uncovering, navigating, and fighting the automated systems that deny the poor from housing, jobs, and basic services.
New Zealand bourse says reviews into systems and cyber attack completed (Reuters) The operator of New Zealand's stock exchange said on Friday that two independent reviews into system issues this year, including August's cyber attack, have been completed and the undisclosed recommendations were being implemented.
Homeland Security investigating scams related to new COVID-19 vaccines (Fox8) COVID-19 vaccines are on the way — and so are the vaccine scams.
Cyber Fraud Mastermind Can't Appeal £2M Confiscation Order (Law360) A London appeals court refused Friday to allow the mastermind behind one of Britain's biggest cyberscams to challenge an order requiring him to pay £2 million ($2.7 million) to compensate his victims, saying there is no logical basis to reduce the size of the confiscation order.
Finjan Faces $8.7M Fee Bid For 'BS' Juniper Patent War (Law360) Finjan and its lawyers at Kramer Levin could face blowback for their litigation style to the tune of $8.65 million in attorney fees if Judge William Alsup, who said the case evoked "all the BS that goes on" in patent lawsuits, ultimately accepts Juniper Network's claims that the three-year patent war was based on an exceptionally weak case.
Amazon Needn't Supply Docs In Capital One Breach Suit (Law360) A Virginia federal judge on Friday partially denied Capital One customers' push for Amazon to fork over documents and materials related to a massive data security breach that allegedly affected more than 100 million of its customers in the U.S., calling their requests "overbroad" and "not appropriate."
Facebook Nears Default Win Over Website 'Typosquatting' (Law360) A Virginia magistrate judge on Thursday recommended granting Facebook's bid for a default judgment in its suit against 12 domain names its says mimic its web addresses, finding the social media giant established the sites are "confusingly similar" to its own domains through a kind of cybersquatting known as "typosquatting."
Mass. Top Court Hints Facebook Can Shield App Info From AG (Law360) Massachusetts' top appeals court suggested Friday that Facebook can shield from the state attorney general which apps on its platform may have compromised user data, saying attempts to access the information may run afoul of the attorney work product doctrine.
Facebook Wields User Data To Stifle Competition, Suit Says (Law360) A proposed class of consumers has hit Facebook with an antitrust lawsuit in California federal court accusing the social media giant of deceiving consumers about the data-privacy protections it gives users and exploiting the "rich data it deceptively extracted from its users to identify nascent competitors."
Panera Hit With Ill. Biometric Privacy Lawsuit (Law360) Panera LLC broke Illinois' landmark biometric privacy law when it required employees to scan their fingerprints without first getting written permission or providing required information, according to a putative class action filed in Illinois state court Thursday.