COVID-19 vaccine info stolen from EMA. Emissary Panda is after Mongolia. Ransomware and SQL databases. FireEye hack updates.

Dateline

Ransomware gangs are getting faster at encrypting networks. That will make them harder to stop (ZDNet) The window for finding attackers on your network before ransomware is deployed is getting much smaller.

Radware Threat Researchers Live: 2021 Predictions (Radware Blog) In the latest episode of Radware Threat Researchers Live, Pascal Geenens & Daniel Smith share their top 10 cybersecurity predictions for 2021.

America Must Take North Korea's Cyber Warfare Capabilities Seriously (The National Interest) While it has not launched any new missiles since July, North Korea instead demonstrated its hostility with cyber-attacks throughout 2020. What can Washington do to push back?

G DATA IT-Security-Trends 2021: Cyberattacken werden aggressiver, gezielter und intelligenter (UNITED NEWS NETWORK GmbH) Mit Malware-as-a-Service und Polyglotts führen Kriminelle komplexe Angriffe durch, die für Sicherheitslösungen nur schwer zu verteidigen sind

Spammers Get Better at Impersonating Banking Services, Use Lingo and Legit Layouts to Con Victims (HOTforSecurity) E-mail-based attacks mimicking well-known financial institutions and online payment services have surged over the Halloween and Black Friday season, as cybercriminals continue to leverage restrictions brought on by the pandemic. Although coronavirus-related email... #ANZBank #bankofamerica #covid19

Stalkerware, the latest privacy threat groups vow to fight (ZME Science) Malwares keep security trackers and news sites busy enough, but a hellish offshoot is causing concern, too. It's called stalkware.

Cyberweek 2020 Attracted Both Online Shoppers and DDoS Attackers (Security Boulevard) As we close out 2020, it should come as no surprise that Cyberweek (the week of Thanksgiving through Cyber Monday) proved big for DDoS attacks. Threat actors were out in force during this key shopping season, and they shifted their sights toward disrupting digital commerce-related industries.

U.S. Retailers: How a Grinch Will Steal Your Holiday This Year (CyberPion) On top of a challenging economic year, retailers, e-tailers, and their customers face a growing threat this holiday season: the rise in cyber-attacks. While businesses have lived with this threat ever since the birth of online sales, this season will be different for several reasons. Our cursory scans of the Top 30 U.S. Retailer’s online […]

How to stay cyber secure while online shopping (WAND-TV) With the ongoing pandemic, more people than ever are relying on online shopping for the holidays. That is why it is more important than ever to

Cyber Attacks, Threats, and Vulnerabilities

Security Advisory Regarding the Recent FireEye Breach Reports (Hurricane Labs) This post outlines details of the recent FireEye breach, including background information and recommended detection and mitigation actions.

Theft of Cybersecurity Tools | FireEye Breach (Qualys Security Blog) On December 8, 2020, FireEye disclosed theft of their Red Team assessment tools. These tools are used by FireEye to test and validate the security posture of their customers. According to FireEye…

FireEye’s ethical hacking tools stolen in state-backed attack (ComputerWeekly) Hacking tools used to conduct red team penetration testing were stolen in the state-backed attack on security firm FireEye.

FireEye cybersecurity tools compromised in state-sponsored attack (The Verge) No customer data on its primary systems was accessed.

Cybersecurity Firm FireEye Hacked By Nation-State (PYMNTS.com) The cybersecurity firm FireEye — which counts numerous government agencies among its clients — said its proprietary tools were hacked by a suspected nation-state.

FireEye Hack Portends a Scary Era of Cyber-Insecurity (Bloomberg Opinion via Yahoo) Unless you’re an information technology guru, or someone whose professional duties include protecting computer networks from cyberattacks, you may not have heard of FireEye Inc., a little Milpitas, California, company specializing in digital warfare.

Nation-State Hackers Breach Cybersecurity Firm (CFO) The hack of FireEye "demonstrates that even the most sophisticated companies are vulnerable to cyberattacks."

Cyberthreat Hunter FireEye Hacked by Nation-State Attackers (TechNewsWorld Headlines) Cybersecurity firm FireEye, which has been prominent in the fight against nation-state cyberthreats, has been itself attacked by "a highly sophisticated threat actor, one whose discipline, operational security, and techniques," company CEO Kevin Mandia announced Tuesday. This indicates the attack is likely state-sponsored, by a nation "with top-tier offensive capabilities."

The FireEye breach: A body blow…but not a knockout (SC Media) We will never prevent nation-state actors from compromising their targets. However, we can focus on areas that we control that do make their jobs harder.

No pandas, just people: The current state of China's cybercrime underground (Intel 471) China's internet is a lot different than the rest of the world. Yet, that hasn't stopped its population from engaging in cybercrime.

Avast Identifies APT Group Targeting Government Agencies in East Asia (Yahoo) Avast (LSE:AVST), a global leader in digital security and privacy products, has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.

Ransomware Attacks on MySQL Databases: PLEASE_READ_ME Campaign (Guardicore Labs) Guardicore Labs uncovers an opportunistic Ransomware campaign which targets internet-facing MySQL servers. The attackers use Double Extortion, and publish the data to pressure victims into paying the ransom.

Researchers Uncover New Cyber-Espionage Campaign Targeting Middle Eastern Politicians (Infosecurity Magazine) Campaign uses three previously unidentified malware variants

'MoleRats' hackers leverage Facebook, Dropbox to spy on Egypt, Palestinians (CyberScoop) An Arabic-speaking hacking group that’s used phishing emails laden with sensational headlines focused on the Middle East to spy on government officials is leveraging recent diplomatic activity to conduct espionage.

Credit card stealer hides in CSS files of hacked online stores (BleepingComputer) Credit card stealer scripts are evolving and become increasingly harder to detect due to novel hiding tactics. The latest example is a web skimmer that uses CSS code to blend within the pages of a compromised store and to steal customers' personal and payment information.

Attacking SCADA Part III: Hardcoded Salt in Schneider Electric EcoStruxure Machine Expert (CVE-2020-28214) (Trustwave) When the engineer activates the passwords for application protection, the passwords are hashed and stored in the local project file, which ends with the extension smbp. If we open this file in a notepad, we can find the hashed passwords in this section.

Iranian-Linked Android Spyware Sneaks Into Private Chats (GovInfo Security) A hacking group behind an Android spyware variant has recently added fresh capabilities that include the ability to snoop on private chats on Skype, Instagram and

Rana Android Malware (ReversingLabs) Your past catches up, sooner or later...

Ransomware forces hosting provider Netgain to take down data centers (BleepingComputer) Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November.

Impersonator Syndrome: Supply chain lures and COVID-19 cures (Digital Shadows) It’s been a tough few months for the healthcare industry (and for all of us in general). While we’ve reported on recent Q3 ransomware campaigns targeting the healthcare industry, a new campaign targeting COVID-19 vaccine supply chain partners has emerged.

EU Agency Assessing Covid-19 Vaccines Hit by Cyberattack (SecurityWeek) The EU's medicines regulator targeted in cyberattack, just weeks before it is due to decide on special approval for two coronavirus vaccines.

Hackers accessed vaccine documents in cyber-attack on EMA (the Guardian) Papers relating to Pfizer/BioNTech vaccine reportedly targeted in attack on European Medicines Agency

Pfizer, BioNTech Vaccine Docs Exposed In EU Regulator Hack (Law360) Regulatory documents related to a COVID-19 vaccine candidate produced by Pfizer and BioNTech were "unlawfully accessed" during a cyberattack at the European Union's top authority for approving medicines, the companies said Wednesday.

They're Here! COVID-19 Vaccine Phishes Finally Arrive (KnowBe4) COVID-19 vaccine phishing emails and templates

COVID Email Scams Aren't Going Away (Armorblox) This blog will highlight four representative email attacks that use the context around the COVID 19 pandemic as a lure.

From romance scams to phantom PPE, banks battle coronavirus crimewave (Reuters) Fraud risk analyst Rajendran Raj was used to the odd out-of-hours alert from authorities, but a call one Saturday in March heralded a new era, of tackling criminals seeking to cash in on coronavirus.

Hackers are selling more than 85,000 SQL databases on a dark web portal (ZDNet) Hackers break into databases, steal their content, hold it for ransom for 9 days, and then sell to the highest bidder if the DB owner doesn't want to pay the ransom demand.

D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw (Threatpost) Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware.

Game over? Vulnerabilities on Valve's Steam put hundreds of thousands gamers at risk (Check Point Software) Highlights: CP<R> found four major vulnerabilities in the popular Valve games networking library. All vulnerabilities were acknowledged and received

Vermont Hospital Cyberattack Cost Estimated at $1.5M a Day (SecurityWeek) A late October cyberattack on the computer systems of the University of Vermont Medical Center is costing the hospital about $1.5 million a day in lost revenue and recovery costs, its CEO said.

The Technology 202: Facebook removes some pages appearing to coordinate to push health misinformation (Washington Post) Facebook just took down prominent pages that were directing their millions of followers to false claims about the coronavirus, the flu vaccine, and other health issues.

Supporting the 2020 U.S. election (Youtube) Updates to our work supporting the integrity of the 2020 U.S. election.

Security Patches, Mitigations, and Software Updates

Adobe to block Flash content from running on January 12, 2021 (ZDNet) Adobe releases final Flash update with stronger language asking users to uninstall the app before its EOL.

December 2020 Android Updates Patch 46 Vulnerabilities (SecurityWeek) A total of 46 vulnerabilities patched with the release of the December 2020 security updates for Android.

SAP Releases Four 'Hot News' Notes on December 2020 Patch Day (SecurityWeek) SAP released 11 new and two updated security notes on December 2020 Security Patch Day, including four Hot News notes.

Siemens, Schneider Electric Address Serious Vulnerabilities in ICS Products (SecurityWeek) Siemens and Schneider Electric have addressed several critical and high-severity vulnerabilities in their industrial automation products

Cyber Trends

International Cyber Benchmarks Index™, for November 2020 (Neustar) The latest International Cyber Benchmarks Index™, for November 2020, is 41.8, maintaining the upward trend.

DTEX’s Remote Workforce Security Study Identifies Corporate Security Concerns: Data Leakage via Endpoints, Lack of User Activity Visibility & Regulatory Compliance - DTEX Systems (DTEX Systems) Report Reveals Only 30% of Companies Fully Prepared to Secure a Complete Shift to a Remote Workforce

Your Boss is Your Biggest Cyber-threat, Global Remote Work Survey Finds (Yahoo) OneLogin, a global leader in identity and access management (IAM), today announced results from its recent Covid-19 State of Remote Work Survey 2.0, which uncovered shocking security practices from senior management in areas such as password and device security. The survey found that:

Data leaks surge by 1,453% in 5 years to a record 36 billion cases in 2020 alone (Atlas VPN) With a global pandemic, devastating wildfires, racial tension, and political divide, it is not surprising that 2020 was named the most challenging year in the past decades. The year has been grim for data privacy as well, with leaked personal data records reaching numbers the world has never seen before.

IT Infrastructure & The Pandemic: Learn What’s Changed in Tech, and What You Should Do Next (INAP) In 2020, IT leaders are reevaluating their infrastructure strategies to accommodate new challenges brought on by the pandemic.

Misery of Ransomware Hits Hospitals the Hardest (Threatpost) Ransomware attacks targeting hospitals have exacted a human cost as well as financial.

Marketplace

Bionic Emerges from Stealth with $17 Million in Funding to Empower Enterprises with Application Intelligence (PR Newswire) Bionic, the application intelligence company, today emerged from stealth with $17 million in funding and an innovative platform that gives...

Hunters Receives Growth Funding from Snowflake Ventures for its Open XDR (BusinessWire) Hunters today announced that Snowflake Ventures has joined Hunters’ Series A investors alongside Okta (OKTA) and Microsoft (MSFT) M12 venture arm, fur

VMRay Closes $25 Million Series B (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Thoma Bravo Announces Strategic Growth Investment in Venafi (Digital Journal) “Machine identity management is a top priority in cybersecurity because it is foundational for digital transformation,” said Jeff Hudson, CEO of Venafi.

CyberCX eyes Australian government with Foresight acquisition (ZDNet) The addition of Foresight is touted by CyberCX as being another substantial capability for delivering cybersecurity solutions to major government clients.

Cloud Security Firm Wiz Emerges From Stealth With $100M in Funding (SecurityWeek) Cloud security startup Wiz emerges from stealth mode with $100 million in Series A funding.

Zero To $100 Million In Nine Months: Index, Sequoia Back Cybersecurity Company Led By Former Microsoft Execs (Forbes) Assaf Rappaport left Microsoft last year to launch cybersecurity startup Wiz, which has just raised $100 million.

New Veteran Owned Company Turns Their Experience to Securing IT Throughout the Valley (PR Newswire) Honest Rockies, IT officially announces the formation of its Veteran Owned and Operated Business that focuses on business security and ensuring...

New Report Explores Relationship Between Cybersecurity Ratings and Stock Performance (PR Newswire) The Journal of Cyber Policy today announced the publication of its latest report, Cybersecurity Ratings and Stock Performance. The report...

Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020 (BusinessWire) Valimail, the global leader in zero-trust, identity-based anti-phishing solutions, is experiencing momentous growth in 2020.

Facebook slides to day's low as FTC, states announce antitrust lawsuit; U.S. may seek WhatsApp, Instagram divestment (NASDAQ:FB) (SeekingAlpha) Facebook (NASDAQ:FB) is 2.9% lower, hitting its lows of the day, after announcement of lawsuits filed by the Federal Trade Commission and a coalition of states charging the company with an illegal monopoly.

Facebook’s antitrust problems are jeopardizing its plans for WhatsApp (Quartz) The company has big plans to turn the messaging app into a global payments platform.

Apple responds to WhatsApp's criticism on privacy labels (ETCIO.com) The latest chapter in Facebook-Apple rivalry is about privacy labels on apps.

Google CEO pledges to investigate exit of top AI ethicist (Axios) Sundar Pichai also apologized for what he acknowledged was a breach in trust with staff.

Pwine Award Winners 2020 (Pwnie Awards) The results are in – congratulations to all of you, you brilliant people!

Cybersecurity & Privacy Group Of The Year: Latham (Law360) Latham & Watkins LLP narrowed a consolidated data breach class action against Facebook from 16 plaintiffs to one and achieved a preliminary settlement with no damages, earning the firm a spot among Law360's 2020 Cybersecurity & Privacy Practice Groups of the Year.

TruSTAR Achieves Record Growth And Expands Leadership Team With Industry Security Veterans (PR Newswire) TruSTAR, a leader in data-centric security automation, today announced record growth fueling its expansion of the leadership team. In less than...

Gong Hires Chief Information Security Officer Amidst Massive Growth (PR Newswire) Gong, the revenue intelligence platform leveraging artificial intelligence to transform revenue teams, has announced the appointment of Jack...

Claroty Expands Leadership Team with VPs of Engineering and Product Management (Claroty) Newly Appointed Executives Join Seasoned Leadership Team to Continue Driving Industrial Cybersecurity Company’s Strategic Growth

Randori Expands Security Leadership As Company Scales to Meet Enterprise Demand for the Attacker's Perspective (PR Newswire) Randori, creators of the world's first automated attack platform, today announced the expansion of its security leadership team with the...

BehavioSec Names Alberto Yepez Chairman of the Board and John McCormack Chief Financial Officer (BusinessWire) BehavioSec announced additions to its leadership team and Board of Directors, naming Alberto Yepez Chairman of the Board and John McCormack as CFO.

Products, Services, and Solutions

Gupshup Launches a New Messaging Channel, GIP, to Enhance Business Communications with Consumers (BusinessWire) Gupshup today announced the launch of a new IP-based messaging channel that will enhance the way businesses communicate with consumers. The Gupshup IP

Global Foreign Exchange Bank Chooses Appdome to Secure its FX Trading App (PR Newswire) Appdome, a no-code mobile security and solutions platform, today announced that Grupo Financiero Monex, a global foreign exchange bank with...

OpenSSF Launches Open Source Tool for Evaluating SAST Products (SecurityWeek) OpenSSF announces an open source tool designed for evaluating the ability of static analysis security testing (SAST) products to detect vulnerabilities.

IronNet Launches Premium Professional Services Offerings in AWS Marketplace (PR Newswire) IronNet Cybersecurity, a leader in Network Detection and Response and Collective Defense, announced today that it is one of the first Amazon...

ITC Secure launches Healthcare Dome with Government of Jersey to protect the UK healthcare sector (BusinessWire) ITC Secure (ITC), the leading managed security services provider (MSSP), specialist cyber advisory firm and Microsoft Gold partner, today announced th

Screenlyy Selects Acuant to Provide its Most Comprehensive Customer Verification Solution to Date for Guest Screening (Yahoo) Acuant Helps Screenlyy Keep Users, Their Property, and Their Community Secure with Identity Verification Technology

New Web Series 'Mom Don't Click That' Tells Stories of Cyber Scams Through Our Parents' Eyes (PR Newswire) Anyone can fall for a cyber scam, but being willing to talk about it is another matter. Take an illuminating and light-hearted look at modern...

Ninth Wave, the Open Finance Connectivity Leader, Announces New Collaboration with HOA-Software Provider Vantaca (BusinessWire) Ninth Wave, the open finance connectivity leader, announces a new partnership with HOA-software provider Vantaca.

GlobalPlatform’s ‘Integrated’ Secure Element Specifications Leveraged by ETSI and Updated Following Live Implementations (GlobalPlatform) The standard for secure digital services and devices

Lattice Semiconductor Launches New FPGA For Cyber-Resilient Systems (Forbes) #1-Ranked Industry Analyst Patrick Moorhead dives deeper as earlier this week, Lattice Semiconductor announced its newest product built on the Lattice Nexus FPGA platform, the Mach-NX.

TPx Combines Fortinet’s Industry-Leading SD-WAN and Security in a Powerful Single Offering (Telecom Reseller) TPx, a premier managed services provider delivering award-winning managed IT, security, unified communications and connectivity, announced today that it now offers MSx Managed Firewall service with Fortinet’s integrated SD-WAN to make enterprise-grade networking and cybersecurity services accessible to all.

Checkmarx makes its automated AST solution available to all DoD agencies (Help Net Security) Checkmarx is making its automated application security testing solution available to all DoD agencies in the form of a hardened container.

This VPN-email security duo can protect you online for a year for under $45 (The Next Web) TLDR: The Premium Privacy Bundle Ft. ZenMate VPN and StartMail helps you protect your online activity and your emails with iron-clad security measures for one year. The numbers surrounding the true cost of identity theft are staggering. It costs the U.S. mortgage industry $1 billion every year, according to the Federal Trade Commission. The health …

Vade Secure Releases Fully Customizable MTA Builder For ISPs and Telcos | Vade Secure (Vade Secure) Global cybersecurity leader launches new email transfer system as it celebrates major milestone.

Aryaka Announces the Industry’s Most Flexible VPN for Hybrid Workplaces and the “Anywhere” worker (Aryaka) San Mateo, CA. – December 10, 2020 – Aryaka Networks, the leader in fully managed Cloud-First WAN solutions, today unveiled SmartSecure Private Access, the industry’s most flexible managed Virtual Private Network (VPN) for remote workers. Built on the architectural principles for SD-WAN and Secure Access Service Edge (SASE) and delivered as a fully managed service, […]

Atakama Expands Channel Market Reach with New Ingram Micro Distribution Relationship (PR Newswire) Atakama Inc., the data security company that introduced the first Zero Trust file system through multi-factor encryption, announced today a U.S....

FireMon and DLT Solutions Partner to Deliver Agile Network Security Policy Management to the Public Sector (BusinessWire) FireMon, the leading network security policy management company that brings visibility, control, agility, and automation to enterprise cloud and hybri

Technologies, Techniques, and Standards

Threat Data Collection Through Cyber Counterintelligence (CCI) (EC-Council Official Blog) Introduction Cyberspace is an unpredictable domain, with cybercriminals constantly devising advanced techniques and technologies to exploit system vulnerabilities and networks.[1] In a recent Microsoft survey, 22% of organizations across the world ranked cyber risks to be the top concern over other significant business risks. A lack of robust cyber defense led to companies being extorted... Read More

What to Do—and What Not to Do—in the Aftermath of a Cybersecurity Attack (Wall Street Journal) Among the most-important: Don’t create fear and uncertainty by firing the people who may know best how to recover from the attack

Lawyer up: Following a breach, companies often call outside counsel first (SC Media) BakerHostetler assisted in about 1,600 cases tied to cyber breaches this year — about 60 percent more than 2019.

Toxicity in Gaming Is Dangerous. Here's How to Stand Up to It (Wired) Players often rationalize behaviors like harassment as a part of video game culture. But new research shows it has long-term negative effects.

10 Ways Device Identifiers Can Spot a Cybercriminal (Dark Reading) Device IDs, which are assigned to mobile devices to distinguish one from another, can help organizations flag fraud, cyberattacks, and other suspicious activities.

Council Post: Is Zero Trust Data Security Possible? (Forbes) Here are four core principles of zero trust to implement when deploying a zero trust data security solution.

AI Is Reshaping the US Approach to Gray-Zone Ops (Defense One) Artificial intelligence and machine learning tools aren’t just for big hot wars, but also for places where the battle lines aren’t clear.

Joyriding with SILENTTRINITY - UPDATES (Black Hills Information Security) Jordan Drysdale // tl;dr SILENTTRINITY (ST) is one of our favorite C2 tools at BHIS. It’s multiplayer, modern, and multiserver. The code has been revised significantly of late, especially the installation… and the instructions in the original blog I wrote are no longer accurate. https://www.blackhillsinfosec.com/my-first-joyride-with-silenttrinity/ Also, please read the call to arms. Help and support […]

Webcast: Getting Started with Burp Suite & Webapp Pentesting (Black Hills Information Security) Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many webapp pentesters and bug bounty hunters. It’s easy to get started in Burp, but not all of its features are easy to find or simple […]

Webcast: Pretty Little Python Secrets - Episode 2 - Python Development & Packaging as Beautiful as a Poem (Black Hills Information Security) Have you ever tried packaging a Python library/app in order to upload it to the Python Package repository (Pypi)? Not so straight forward is it? There’s a gazillion files you need (setup.py, Manifiest.ini, etc..) which all do different things. On top of that, there’s a decent amount of overhead to configure the necessary settings in […]

Where Do I Put My Zeek Sensor? (Active Countermeasures) Intro While AI-Hunter and RITA Threat Hunting tools can be placed almost anywhere you’d like – any available data center, DR site, or […]

Research and Development

Bill has $25M for Rome Lab projects (Rome Daily Sentinel) Congressman says approved House defense spending plan has language to protect DFAS and AIS

Legislation, Policy and Regulation

NATO needs continuous responses in cyberspace (Atlantic Council) To assure the security of its members going forward, NATO needs its own continuous response campaign to cyber threats.

Canada doesn’t have a ‘Huawei problem’, says report, it has a 5G strategy problem (IT World Canada) Adversaries already probe Canada's network infrastructure, the Citizen Lab report argues. So Canada needs a vendor-neutral approach to allowing any company to supply gear to telcos

Can Russia and Turkey cooperate in cyberspace? (Daily Sabah) Russia’s largest bank Sberbank’s virtual assistant Athena’s question to Russian President Vladimir Putin and the president’s response, at the “AI (Artificial...

Google, Facebook Win Key Concession in Law to Pay for News in Australia (Bloomberg) Law to reflect any value platforms generate for publishers. Legislation has turned Australia into a test case for action.

France Declares War on Crypto Anonymity, Cites 'Terrorism' in KYC Mandate (CoinDesk) The French finance ministry is imposing sweeping KYC rules on all VASPs in the country.

Romania is enacting the secondary legislation pertaining to cybersecurity in an effort to avoid European sanctions (Lexology) On October 30, 2020, the European Commission sent a reasoned opinion regarding Romania's failure to notify the national measures…

Sens. Pressed To Find Path To Replace EU Data Transfer Pact (Law360) A Federal Trade Commission member was among those urging a U.S. Senate panel Wednesday to find ways to quickly address concerns that led Europe's top court to strike down the Privacy Shield data transfer pact this year, arguing that a federal privacy law and government surveillance changes would help bridge the divide.

Finland introduces telecom security law without mentioning China (Taiwan News) Legislators worried about Chinese backlash against Nokia

Report urges U.S. action against Chinese telecom giant ZTE over corruption record (The Washington Times) Chinese telecommunications company ZTE has been involved in international bribery incidents around the world but so far escaped prosecution by the Justice Department for corrupt practices, according to a report commissioned by hedge fund manager J. Kyle Bass.

U.S. Policy on China May Move from ‘America First’ to America & Co. (Bloomberg) A tech entrepreneur in the State Department is using network theory to counter Chinese pressure.

Congress About to Pass Security-Heavy Defense Bill (Decipher) The House of Representatives overwhelmingly passed the National Defense Authorization Act and the Senate is expected to vote on the defense appropriations bill this week.

Why Certain Cybersecurity Provisions Made it into the NDAA and Others Didn’t (Nextgov.com) An effort to establish a public-private collaboration environment was cut from the final bill but a controversial insurance provision was retained.

Defense policy bill prepares Pentagon for operational 5G (C4ISRNET) The plan taps the CIO as the lead on the issue in the future and establishes a 5G cross-functional team.

DoD officials: Small changes in thinking about electronic warfare tools could give U.S. upper hand (C4ISRNET) The military wants to begin taking a more holistic view of electronic warfare capabilities rather than specific platforms to outmaneuver adversaries.

DoD Needs Tighter Reins On EW Acquisition (Breaking Defense) "When you build an EW system, you're not building an airplane, or you're not building a submarine or you're not building a ground system, you're building a system that's capable of using the RF spectrum in particular way," says DoD's EW czar David Tremper.

Intimate Imagery and Privacy Protection Act of 2020 (US Senate) Ms. HASSAN introduced the following bill; which was read twice and referred to the Committee on... To provide civil relief for victims of the disclosure of certain intimate images, and for other purposes.

Trump Officials Reviewing DOD Support To CIA (Defense One) Some officials familiar with the review see it as an effort to cut vital DOD support to the agency.

Report Sheds Light on How Biden’s Future NSC Chief Wants to Reshape U.S. Foreign Policy (Foreign Policy) Jake Sullivan spent several years working on a less ambitious approach to U.S. global interests that could disappoint both internationalists and progressives.

Modernizing the Department of Homeland Security (Lawfare) How can a Biden administration best reorient the department to serve the nation’s safety?

Biden's choice for Homeland Security secretary spells trouble (TheHill) The inspector general's report suggests Mayorkas should be objectionable to more than just Republicans.

The Cybersecurity 202: Security advocates see a possible silver lining in Trump’s election assaults (Washington Post) Attacks on the voting company Dominion and the integrity of the election by President Trump and his allies are posing a conundrum for election security advocates.

Why Big Tech Wants (Some) Facial Recognition Rules (Washington Post) The world’s biggest technology companies can usually be counted on to oppose rules reining in new products, but some are making an exception for facial recognition software.

Bucharest to host new EU cyber research hub (POLITICO) The Romanian capital pipped Brussels in the second round of voting.

7 cities are competing to host the EU’s new cyber center. Here’s how they stack up. (POLITICO) The center will manage billions in EU funding for cybersecurity research.

Army, Navy name top advisers to guide cyber readiness (C4ISRNET) The advisers' duties will include providing insights on recruitment and training of cyber forces.

Litigation, Investigation, and Enforcement

Facebook Hit With Antitrust Lawsuits by FTC, State Attorneys General (Wall Street Journal) The Federal Trade Commission and a bipartisan group of state attorneys general brought broad antitrust allegations against the social-media giant, accusing it of a yearslong campaign to buy up or freeze out potential rivals.

U.S., states sue Facebook as an illegal monopoly, setting stage for potential breakup (Washington Post) The U.S. government and 48 attorneys general filed landmark antitrust lawsuits against Facebook on Wednesday, seeking to break up the social networking giant over charges it engaged in illegal, anti-competitive tactics to buy, bully and kill its rivals.

FTC Sues Facebook for Illegal Monopolization (Federal Trade Commission) The Federal Trade Commission today sued Facebook, alleging that the company is illegally maintaining its personal social networking monopoly through a years-long course of anticompetitive conduct.

The FTC is suing Facebook to unwind its acquisitions of Instagram and WhatsApp (The Verge) New York Attorney General Letitia James announced the lawsuit on Wednesday.

48 State AGs File Lawsuit Against Facebook Alleging It Stifled Competition, Compromised Privacy | New York Law Journal (New York Law Journal) New York Attorney General Letitia James, who is leading the action, said Facebook leveraged market power so it could take advantage of users and make billions by converting personal data into a cash cow.”

Attorney General James Leads Multistate Lawsuit Seeking to End Facebook’s Illegal Monopoly (New York Attorney General) AG James Leads Bipartisan Coalition of 48 Attorneys General Charging Anticompetitive Conduct. Facebook Thwarted Competition, Reduced Consumer Privacy for ProfitsClick to read more.

U.S. and states say Facebook illegally crushed competition (Silicon Valley Business Journal) The Federal Trade Commission and more than 40 states accused Facebook of becoming a social media monopoly by buying up its rivals to illegally squash competition, and said the deals should be unwound.

Lawsuits Filed by the FTC and the State Attorneys General Are Revisionist History (About Facebook) These lawsuits will hurt consumers and businesses.

German court forces encrypted email provider Tutanota to create backdoor for blackmail case (CyberScoop) A court in Germany has ordered Tutanota to monitor one user’s account, amid a protracted campaign from governments around the world to weaken encryption.

Al Jazeera journalist files hack and leak suit against Saudi Arabian and UAE crown princes (TheHill) Al Jazeera anchor Ghada Oueiss on Wednesday filed suit against Saudi Arabian Crown Prince Mohammed bin Salman, United Arab Emirates Crown Prince Mohammed Bin Zayed, and a group of other officials for allegedly targe

Suspect in case of Mirai botnet, which knocked major sites offline in 2016, pleads guilty (CyberScoop) The U.S. Department of Justice on Wednesday announced that an unnamed defendant has pleaded guilty in connection with a cyberattack that rocked the internet in 2016.

Calif. Privacy Law Demands Class Discovery Reassessment (Law360) In light of the California Privacy Rights Act’s recent passage, courts must reevaluate case law that permits class contact discovery after opt-out notice so that consumers and employees have greater say in whether their information can be obtained by private litigants and their lawyers, says Steven Katz at Constangy Brooks.

Capital One Tries To Trim Breach Suit, Victims Say It's 'Games' (Law360) Attorneys for Capital One and the victims of a massive data security breach that allegedly affected more than 100 million customers in the U.S. squabbled Wednesday over whether the bank's privacy notice should be considered part of its cardholder agreement, in a hearing over a request for the court to dismiss some of the victims' claims.

Former Cisco engineer gets two years in prison for Webex Teams hack (Silicon Valley Business Journal) The former Cisco Systems Inc. engineer who admitted deploying a code that shut down thousands of Webex Teams accounts after he left Cisco was sentenced to prison on Wednesday.

McCarthy says Swalwell should be disqualified from Intel Committee following spy report (TheHill) House Minority Leader Kevin McCarthy (R-Calif.) took aim at Rep.

Federal criminal investigation into Hunter Biden focuses on his business dealings in China (CNN) After going quiet in the months before the election, federal authorities are now actively investigating the business dealings of Hunter Biden, a person with knowledge of the probe said. His father, President-elect Joe Biden, is not implicated.

FBI and Texas Attorney General's Office investigate data breach affecting 27 million Texas drivers (KRGV) The FBI and the Texas Attorney General's Office are investigating a data breach after the state of Texas sold personal information for profit.

Just one more week to file claim for restitution payment after Equifax data breach (The Hoosier Times) Attorney General Curtis Hill today urged Hoosiers to visit IndianaEquifaxClaims.com and file a claim for a restitution payment in light of the massive Equifax data breach. Hoosiers have just one

COVID-19 vaccine info stolen from EMA. Emissary Panda is after Mongolia. Ransomware and SQL databases. FireEye hack updates.

COVID-19 driven social engineering.

Ransomware: focused, smarter, faster.

Other trends: stalkerware and more action from the DPRK.