the near future: the latest about the next few months.
Covid drives cybercrime to become "more professional" (Capacity Media) The cybercrime ecosystem has become "more structured and professional", due to the huge potential rewards that have emerged during the Covid-19 pandemic.
Code42 Data Exposure Report: COVID-19 Creates Perfect Storm for Insider Risk Growth, Organizations Unprepared to Protect Sensitive Data (Code42) Employees are 85% more likely today to leak files than they were pre-COVID 59% of IT security leaders say insider threat will increase or significantly increase in the next two years More than half of organizations don’t have an insider risk response plan 40% of organizations don’t assess how effectively their technologies mitigate insider threats […]
Cyberattacks on K-12 Likely to Persist Through School Year (Government Technology) Bad news for educators: Even as public schools have been hammered with cyberattacks amidst the pandemic, data shows this trend is likely to continue — or even escalate — throughout the coming academic year.
Mitigating the New Cyber Security Threats of the Work-At-Home Era (Seattle Post-Intelligencer) Remote work is gradually becoming the norm for many U.S. workers, spurred on by the COVID-19 crisis. A recent Gallup poll found that the average number of workdays telecommuters are working from ho…
Researchers found 37,000 fake brand websites aiming to fool holiday shoppers (IT PRO) Hackers are directly scamming end users with high-volume phishing campaigns
Cyber Attacks, Threats, and Vulnerabilities
Emergency Directive 21-01 (CISA) A site for cybersecurity directives and implementation guidance, from the Cybersecurity and Infrastructure Security Agency.
Active Exploitation of SolarWinds Software (CISA) The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 through 2020.2.1, released between March 2020 and June 2020.
CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures:
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise
Multiple Global Victims With SUNBURST Backdoor (FireEye) We have discovered a global intrusion campaign, and we are tracking the actors behind this campaign as UNC2452.
Global Intrusion Campaign Leverages Software Supply Chain Compromise (FireEye) We identified a global campaign involving compromise of the networks of public and private organizations through the software supply chain.
SolarWinds Security Advisory (SolarWinds) SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.
Customer Guidance on Recent Nation-State Cyber Attacks (Microsoft Security Response Center) This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activity in their networks and contribute to a shared defense against this sophisticated threat actor.
Behavior:Win32/Solorigate.C!dha threat description (Microsoft Security Intelligence) Understand how this virus or malware spreads and how its payloads affects your computer. Protect against this threat, identify symptoms, and clean up or remove infections.
Microsoft, FireEye confirm SolarWinds supply chain attack (ZDNet) Known victims so far include the US Treasury, the US NTIA, and FireEye itself.
US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor (HackerNews) The U.S. government Agencies and cybersecurity firm FireEye were hacked using SolarWinds software supply chain attack
Global Espionage Campaign Used Software Supply Chain Hack To Compromise Targets, Including US Gov (SecurityWeek) A sophisticated espionage campaign leveraging a software supply chain attack allowed hackers to compromise numerous public and private organizations around the world using trojanized versions of SolarWinds' Orion.
US government confirms cyber attack on Treasury and Commerce departments by state-backed hackers (Computing) By compromising SolarWinds monitoring software attackers gained unrestricted access to internal email systems of federal agencies
Suspected Russian hackers spied on U.S. Treasury emails - sources (Reuters) Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.
US agencies hacked in monthslong global cyberspying campaign (AP NEWS) U.S. government agencies were ordered to scour their networks for malware and disconnect potentially compromised servers after authorities learned that the Treasury and Commerce...
US National Security Officials Investigating Hacker Intrusions (Voice of America) The Trump administration acknowledged Sunday that several U.S. institutions were hacked on behalf of a foreign government. Cybersecurity experts believe Russia is likely behind the attack on the U.S. Treasury and Commerce departments in what U.S. media is calling one of the most sophisticated attacks on U.S.
Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm (Washington Post) Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months, according to people familiar with the matter.
Agencies Hacked in Foreign Cyber Espionage Campaign (Wall Street Journal) Multiple federal agencies, including the Treasury and Commerce departments, have had some of their computer systems breached as part of a widespread campaign believed to be the work of the Russian government.
Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect (New York Times) In one of the most sophisticated and perhaps largest hacks in more than five years, email systems were breached at the Treasury and Commerce Departments. Other breaches are under investigation.
U.S. Commerce Department confirms security "breach" (CBS News) The FBI and the Cybersecurity and Infrastructure Security Agency are investigating the breach, which may have affected other government agencies.
iTWire - SolarWinds product used to attack private, public sector: FireEye claim (ITWire) American cyber security firm FireEye, which last week said it had suffered a breach and lost its attack tools, says it has identified a global campaign to compromise public and private sector bodies through corruption of software supply chains, using software that runs on Windows. Chief executive Ke...
Russia Suspected In Months-Long Cyber Attack On Federal Agencies (NPR) Hackers invaded computer systems at the departments of Treasury and Commerce starting in the spring, according to reports.
US Calls On Federal Agencies To Power Down SolarWinds Orion Due To Security Breach (CRN) The U.S. government has directed all federal civilian agencies to disconnect or power down SolarWinds Orion IT management tools because they are being used to facilitate an active exploit.
Hackers break into Treasury Department computers (The Washington Times) Hackers got into computers at the U.S. Treasury Department and possibly other federal agencies, touching off a government response involving the National Security Council.
US Treasury, Commerce Department breached, agency says (ABC11 Raleigh-Durham) It is unclear who is behind the attack.
FireEye Breach - Beyond the signatures (RSA Link) I'm certain everyone reading this was just as shocked by the recent news about the FireEye breach as I was and is diligently trying to assess their
Trickbot trojan, poor security led to FireEye intrusion: claims (iTWire) American cyber security company FireEye, which announced a couple of days ago that it had been compromised by unknown attackers who stole its offensive tools, has been accused of having poor Internet-facing security by a British company that specialises in PKI. And a Danish firm, CSIS Cyber, says Fi...
Russia had nothing to do with suspected U.S. Treasury email snooping, says Kremlin (Reuters) Russia had nothing to do with alleged monitoring by hackers of internal email traffic at the U.S. Treasury and Commerce departments, the Kremlin said on Monday.
The Cybersecurity 202: A Russian mega-hack is further damaging Trump’s cybersecurity legacy (Washington Post) A Russian hacking campaign that breached the Treasury and Commerce departments and ran roughshod through critical companies across the globe is a final stain on the Trump administration’s cybersecurity legacy.
When a top cybersecurity firm gets hacked, what is the takeaway for the average netizen? (USA TODAY) Cybersecurity firm FireEye said this week it had been breached by hackers for a foreign government. If so, what chance does the average person have?
Cyberattack on Intel: Hackers claim they breached the network of chipmaker Habana Labs (CTECH) Pay2key account posts images of breached materials on Twitter; attack seen as criminally motivated
Who hacked Israel's supply chain and what did the cyberattack on Intel Israel achieve? (CTECH) CTech Daily Roundup: Cyberattack on Intel Israel: Hackers claim they breached the network of chipmaker Habana Labs
Territory disputes between India and its neighbours are targets for malware campaigns (The Hindu) The group’s target include multiple government and military units, primarily in Nepal and Afghanistan, researchers at Trend Micro, a cybersecurity firm, said in a report.
Ethiopia: TPLF Twitter Bots Disseminating Up To 25K Pieces Of Fake News (Geeskaafrika) Addis Ababa, December 12, 2020 – Information Network Security Agency (INSA) stated that the TPLF Clique was disseminating up to 20,000 pieces of
Facebook links APT32, Vietnam's primary hacking group, to local IT firm (ZDNet) Facebook suspends accounts linked to APT32, says the group used its platform to spread malware.
Facebook Shutters Accounts Used in APT32 Cyberattacks (Threatpost) Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.
Operation StealthyTrident: corporate software under attack (WeLiveSecurity) LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in the Mongolian supply-chain attack Operation StealthyTrident.
EU Vaccine Agency Victim of Cyberattack (Voice of America) The head of the European Union’s medical agency confirmed Friday it had been the subject of a cyberattack for the past two weeks but said it will not impact its ongoing evaluation of COVID-19 vaccines.
The cyberattack was originally announced Wednesday, with the agency providing few details.
Cyber Attack on EU Drug Regulator Has Not Disrupted Work on COVID-19 Vaccines (Insurance Journal) BRUSSELS – The head of the European Union drug regulator said on Thursday the agency's work assessing COVID-19 vaccines had not been disrupted by a cyber
EU drugs regulator confirms data breach in cyber attack (Yahoo) Europe's drugs regulator confirmed on Friday data had been breached in a cyber attack that was disclosed days before, while adding that a limited number of third-party documents were unlawfully accessed.
Was there a “COVID-19 vaccine hack” against the European Medicines Agency? (Naked Security) Just because a medical agency is “obviously” on the cybercriminal radar doesn’t mean that the rest of us are “obviously” off it.
Cyber attack (Professional Security) Cyber attack European Medical Agency hostile nation state Covid-19 vaccines
Outsourcing Disinformation (Lawfare) Why foreign actors are hiring firms with cheap labor and local knowledge to post inauthentic content to social media.
Google Suffers Widespread Outage (Wall Street Journal) More than a dozen Google services, including Gmail and YouTube, were temporarily offline in swaths of the globe, interrupting access for both individuals and businesses.
Google services are back online after a major hour-long outage that hit YouTube, Gmail, and Google Maps (Business Insider) Per Downdetector, the Google outage affected YouTube, Gmail, Google Maps, and more, and began at roughly 6:30 a.m. Eastern Time.
65% of businesses faced one or more insider cyberattacks in the last 12 months (Atlas VPN) Most cybersecurity landscape data is focused on outsider attacks; however, recent findings reveal that insider threats are becoming more common. Attacks originating from within the company are much more elusive since standard security practices do not work.
If that CyberPunk 2077 deal seems to good to be true, it probably is (TechRadar) Cyber fraudsters peddling malware-rigged Cyberpunk 2077 copies ahead of launch
Lack of IOT HVAC control system cyber security and potential real-world impacts (Control Global) Much has been written about the lack of cyber security in IOT devices. Much has also been written about the lack of cyber security in process sensors/actuators/drives (Purdue Reference Model Level 0,1 devices). Cybersecurity risk for buildings/facilities has been explicitly acknowledged by the electrical and control system community, recently in a December 3, 2020 Schneider Electric webinar on control system cyber risk. As buildings and facilities are ubiquitous, this can be a very expansive problem.
Kaspersky detects four-digit increase in threats disguised as e-learning platform in SEA (Borneo Post Online) KUCHING: Kaspersky has detected a four-digit increase in threats disguised as e-learning platform in Southeast Asia (SEA). In a statement, it explained that with the risks of Covid-19 expected to be present until a vaccine is available, educational institutions across SEA are forced to adapt to this unique situation. The unexpected disruption required educators toRead More
Lawyers' Data Targeted In String Of Bar Association Hacks (Law360) A recent cyberattack targeting the Washington State Bar Association's website and its members' payment information is just one of a handful of data security incidents that legal professional associations have reported this year, according to public records and cybersecurity experts.
Cyber attack hits council searches and will take months to recover (Estate Agent Today) A cyber-attack on a London council has caused transactions to fall through or at least be significantly delayed.
Ledger Wallet Customer Data Leak Invokes Threats, Phishing Scams, User Allegedly Loses Life Savings (Bitcoin News) The cryptocurrency hardware wallet firm Ledger was hacked last June and over a million emails were exposed, according to reports from the company at the
Baltimore County executive says school officials are refusing to provide information about ransomware attack (Baltimore Sun) In a highly critical letter sent Friday to schools Superintendent Darryl Williams, the Democratic county executive called it “troubling” that school officials are not cooperating with county police, who want access to third-party consultants retained by the county school system to help respond to the ransomware attack.
Olszewski calls out BCPS superintendent on ransomware; Williams responds (WBAL) Baltimore County Executive Johnny Olszewski sent a scathing letter to the school superintendent over the handling of the ransomware cyberattack.
Critical CSRF vulnerability found on Glassdoor company review platform (ZDNet) The critical flaw impacted both job seeker and employer accounts on the web domain.
Subway sandwich scam mystifies loyalty card users (Naked Security) Subway customers have been on the receiving end of a curiously complex phishing scam. We investigate.
Laurentian U. fends off cyber attack (Sudbury.com) The university experienced a Distributed Denial of Service Attack, which it was able to stop within minutes
Data breach affects more than half of East Devon Council (BBC News) Thirty-seven of 60 councillors had to change passwords after the breach, a council meeting hears.
Security Patches, Mitigations, and Software Updates
Pyramid Solutions Announces of End of Life for BridgeWay 1.0 Gateway Devices (PR Newswire) Pyramid Solutions announced the end of life dates of the Pyramid Solutions BridgeWay v1.0 Gateway devices with the release of v2.0 BridgeWay...
Cyber Trends
Study: U.S. Military Communications Technology and Cyber Defense Challenges Remain (PR Newswire) Despite the Department of Defense (DoD) making strategic moves to improve its communications technologies, a new study finds challenges still...
Top US states least likely to go bankrupt after a cyberattack (Security Magazine) Verizon cybersecurity leaders evaluated which states’ businesses fare best after cyberattacks. To determine the odds of a business recovering from a cyberattack in any given state, they analyzed a host of factors, including internet privacy laws and the number of cyberattacks businesses within each state suffer each year. Here’s what they found.
Marketplace
DataTribe Announces SightGain as Winner of Third Annual Cybersecurity Startup Challenge (BusinessWire) DataTribe awards SightGain as the winner of The Third Annual DataTribe Challenge.
Machine Identity Management Unicorn: Thoma Bravo Majority Stake Drives Venafi Valuation To $1.15B (CRN) Here's a look at why leading private equity cybersecurity investor Thoma Bravo has acquired a majority stake in machine identity management software maker Venafi.
FireEye Closes $400 Million Strategic Investment Led by Blackstone (BusinessWire) FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that the $400 million strategic investment led by funds managed b
Orca Wins $55M for Cloud Security Fight Against Palo Alto Networks (SDxCentral) Orca Security scored a $55 million Series B in its fight against cloud security heavyweights including Palo Alto Networks.
BAE lets go of commercial cyber (Washington Technology) BAE Systems becomes the latest in a group of government contractors to find a new home for the commercial cybersecurity business.
Former CEO helps buy back cybersecurity firm from BAE Systems, puts HQ in Morrisville (Triangle Business Journal) A private investment group led by a former CEO has bought a company from international giant BAE Systems, naming Morrisville as the headquarters.
New Relic Signs Definitive Agreement to Acquire Pixie Labs, a Next Generation Machine Intelligence Observability Solution for Developers Using Kubernetes (BusinessWire) Today, New Relic, Inc. (NYSE: NEWR), a leader in observability, announced it has signed a definitive agreement to acquire Pixie Labs, a next generatio
Why NortonLifeLock Is Buying Avira For About $360 Million (Pulse 2.0) NortonLifeLock (NASDAQ: NLOK) recently announced it is buying Avira in an all-cash transaction for approximately $360 million from Investcorp Technology Partners. These are the details.
Salaries in one of the hottest tech sectors revealed: How much 24 cybersecurity companies including CrowdStrike, FireEye, and Palo Alto Networks pay analysts, engineers, and other roles (Business Insider) An analysis of newly-released federal pay data reveals salaries at 24 major cybersecurity companies, many of which are still hiring aggressively.
Why CrowdStrike, Okta, and Cloudflare Stocks Surged Today (The Motley Fool) Online security has never been more important.
VMware CEO says cybersecurity is 'a chaotic mess right now' and that his firm plans to build more safety tools into its own products (Business Insider) VMware CEO Pat Gelsinger said defending against cyberattacks will be one of its major goals in the next decade.
WSJ News Exclusive | In India, Facebook Fears Crackdown on Hate Groups Could Backfire on Its Staff (Wall Street Journal) The company balked at removing a Hindu nationalist organization after warnings from its security team that its business prospects and local staff might face harm.
After The US Election, Key People Are Leaving Facebook And Torching The Company In Departure Notes (BuzzFeed News) A departing Facebook employee said the social network's failure to act on hate speech “makes it embarrassing to work here.”
Broadcom Cyber Security Aggregator Program: Jump-starting Symantec Partners? (ChannelE2E) Broadcom global cyber security aggregator program (CSAP) engages Symantec distributors such as Arrow, Synnex & Tech Data. Are SMB partners the target?
Saudi Arabia Inks Agreement with Dell Technologies to Bolster AI Sector (Al Bawaba) The Saudi Data and Artificial Intelligence Authority (SDAIA) signed an agreement with the American multinational computer company Dell Technologies, com
Comodo Announces Open Seas as Newest MSSP Partner (Yahoo) Comodo, the world’s leader of next-generation cybersecurity announced a partnership with Open Seas, a leading UK based technology consulting firm. Together Comodo and Open Seas will bring Comodo'...
Corero Network makes more inroads into Tier 1 market (Proactiveinvestors UK) Contract wins in October and November included a Tier 1 UK telecoms and communications provider and a Tier 1 Asian communications provider
Oracle is moving its headquarters from Silicon Valley to Austin, Texas (CNBC) Oracle is the latest tech company to relocate from California to Austin, Texas.
Oracle’s HQ move to Texas could prompt others to join the Bay Area exodus (Silicon Valley Business Journal) “These high-profile moves create precedent and raise the comfort for other companies to do likewise,” said John Boyd, a site selection consultant.
Palo Alto Networks Shareholders Oppose Board Nominees, Exec Pay (CRN) Discontent is rising among Palo Alto Networks shareholders, with a plurality opposing three board nominees in the past two years and executive pay for three years running.
SolarWinds Names Pulse Secure CEO to Lead Company (Channelnomics) Sudhakar Ramakrishna to take the helm as vendor continues to evaluate MSP spin-off
SolarWinds names new CEO as potential spin-off inches forward (CRN Australia) As company reveals plans to spin-off of its MSP tools business.
Top 10 Contracting Execs to Watch in 2020: Booz Allen Hamilton's Linda Asher (WashingtonExec) Linda Asher leads corporate contracting, procurement and pricing operations for Booz Allen Hamilton, with a focus on contracting and acquisition
SolarWinds Names New CEO As Potential Spin-off Inches Forward (CRN) SolarWinds Corporation has announced a new CEO for its solution provider business, at the same time it announced a confidential filing related to a spin off of its MSP tools business.
Comodo Cybersecurity appoints new ANZ boss (CRN Australia) Greg Wyman launches ANZ office after one year at Bufferzone Security.
Products, Services, and Solutions
IBM and Port of LA announce new $6.8M cyber centre (Digital Ship) IBM Security and the Port of Los Angeles have announced a $6.8 million, three-year agreement to design and operate a Port Cyber Resilience Centre (CRC...
Los Angeles and IBM in cyber security deal (Port Strategy) The Los Angeles Board of Harbor Commissioners has approved an agreement with IBM to design and operate a cyber resilience centre (CRC) at the Port of Los Angeles.
IBM Collaborates with AWS on Security for Hybrid Cloud (PR Newswire) IBM Security (NYSE: IBM) today announced new technology initiatives leveraging Amazon Web Services (AWS), designed to help clients simplify and...
General Dynamics Unveils Space & Avionics Tech Encryption Module (ExecutiveBiz) General Dynamics has introduced a cryptographic module the company designed to secure communications
These free tools from Recorded Future can make you a security intelligence expert (Graham Cluley) Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! There has never been a better time than 2020 to be a cybercriminal.
ThreatConnect Releases Risk Quantifier 5.0 (Dark Reading) Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.
Cybereason vs. Ryuk Ransomware (Cybereason) Ryuk ransomware is most often seen as the final payload in a larger targeted attack against a corporation, and since its return in September, it has been mainly delivered via TrickBot or BazarLoader infections.
Check Point CloudGuard is a launch partner for AWS Outposts to Enhance AWS Hybrid-Cloud Security (Check Point Software) Check Point is a launch partner for Amazon Web Services (AWS) Outposts. This recognizes that Check Point CloudGuard has demonstrated successful integration with AWS Outposts deployments.
Qualys launches UAE Cloud to empower Middle East organisations (Intelligent CIO Middle East) Qualys, a pioneer and leading provider of cloud-based security and compliance solutions, have launched the Qualys UAE Cloud, a platform that will allow public and private enterprises across the Middle East to innovate as the cloud specialist brings them unprecedented security and visibility across their hybrid IT environment. The move comes as regional cloud migration […]
New security solutions from Dell Technologies protects supply chain from top to toe (Nasi Lemak Tech) Dell Technologies has announced the addition of several new features to its suite of security solutions targeting supply chain and servers in both hardware and software.
TriVir Achieves Accredited Delivery Partner Status in the ForgeRock Trust Network Partner Program (PR Newswire) TriVir, a high-end professional services consultancy specializing in delivering custom identity solutions, announced today that it has been...
TalaTek Achieves CMMC AB Registered Practitioner Organization Designation (TalaTek, LLC) Company Continues to Expand Expertise in CMMC Compliance :: TYSON’S CORNER, Va., December 14, 2020 – TalaTek, an integrated risk management firm, today announced that it has been recognized by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Board (AB) as a Registered Practitioner Organization (RPO).
Technologies, Techniques, and Standards
Huawei’s inclusion in 5G working groups raises security concerns (The Sunday Guardian Live) Experts cite two Chinese laws that force Chinese telecom companies operating in foreign countries to share any information that Chinese agencies want from them. These two laws override every contract that a Chinese company signs with India. NEW DELHI: Amid increasing pressure from domestic industry lobbying
Kaspersky researcher provides protection tips for tainted QR codes (Information Age) With the risk of QR codes being hijacked by threat actors emerging, Kaspersky researcher David Emm gave his tips on how to evade attacks
Reducing the risk of online fraud using IP decisioning data (Global Banking & Finance Review) By Brian McCann, president of security solutions, Neustar In today’s contemporary world, many of us rely on digital products and services to work, shop and entertain. The opportunity therefore exists for us to be targeted and manipulated on multiple devices, via various channels. As a result, cyberattacks have exploded. Ultimately, our approach to digitisation is […]
Systemic risk assessment key to curbing down cyber threats (Daily Star) Financial sector of Bangladesh is lagging behind in terms of cybersecurity particularly when pandemic has driven banking online and systemic risk assessment can be a key in reducing cyber threats to the financial sector.
How Space Shuttle operations prepared me for modern security threats (Austin Business Journal) In the late 1980s and early 1990s, I worked as an instructor at NASA’s Johnson Space Center in the Space Shuttle training division.
Design and Innovation
How do you fix a flying computer? Seeking resilience in software-intensive mission systems (Atlantic Council) Defense organizations confront unanticipated and highly impactful disruptions, but must continue to operate using complex mission systems.
OpenTitan and Microsoft Pluton - The security chips of the future (CNX Software - Embedded Systems News) A look at Google OpenTitan and Microsoft Pluton security chips that will be found in processors at different levels of the security stack.
Research and Development
Super Slow Computer Programs Reveal Math's Fundamental Limits (Wired) The goal of the “busy beaver” game is to find the longest-running computer program. Its pursuit has surprising connections to profound questions in math.
()
Intel Agencies Seek to Perfect Biometric Recognition from Drones (Nextgov) Intelligence and military researchers want to merge facial recognition with other biometric methods to identify people from long distances and steep angles
Legislation, Policy, and Regulation
CDL-AD(2020)037-e Study - Principles for a fundamental rights-compliant use of digital technologies in electoral processes, approved by the Council for Democratic Elections at its 70th meeting (online, 10 December 2020) and adopted by the Venice Commission at its 125th Plenary Session (online, 11-12 December 2020) (Venice Commission :: Council of Europe) 1. At its 119th plenary session (June 2019), the Venice Commission adopted the Joint report of the Venice Commission and of the Directorate of information society and action against crime of the Directorate General of Human Rights and Rule of Law (DGI) on the Use of digital technologies and elections (hereafter: the Joint report), previously adopted by the Council for Democratic Elections on 20 June 2019 (CDL-AD(2019)016), and decided to elaborate a Set of principles for a fundamental rights-compliant regulation of the use of digital technologies in electoral processes.
Facebook, Alphabet and other tech giants could face EU fines of 10% sales under draft 'gatekeeper' regulations (SeekingAlpha) Tech giants that the EU deems "gatekeepers" could face fines worth up to 10% of annual revenue if they fail to follow antitrust obligations, including not unfairly favoring their own services over competitors.
Study of Iran’s Regime Cyber Activity Exposes Demonization Campaign Against the Iranian Resistance (NCRI) Treadstone 71, a cyber security monitor with special focus on the Iranian regime, has published an analysis of disinformation activities and social
Treadstone 71 Report on Iran’s Cyberterrorism Against MEK Confirms Regime’s Fear of Its Viable Alternative - NCRI (NCRI) A new comprehensive report by Treadstone 71, a cybersecurity company, on Iran’s disinformation campaign mainly against Mrs. Maryam Rajavi, the
Senate sends massive defense bill to Trump - Roll Call (Roll Call) The Senate easily cleared the annual Pentagon policy bill with broad bipartisan support, but the measure awaits a veto from President Donald Trump.
Congress Fears DoD Not Prepared For NC3 Cyber Attacks (Breaking Defense) NC3 is "the last line of communication capabilities and associated equipment that we know will always be there during our worst day," explains Air Force Lt. Gen. James Dawkins, deputy CSAF for strategic deterrence and nuclear integration.
FCC begins process of halting China Telecom U.S. operations (Reuters) The U.S. Federal Communications Commission (FCC) said on Thursday it begun the process of revoking China Telecom's authorization to operate in the United States as it took further steps to crack down on China's role in U.S. telecommunications.
FCC Adopts Order to Rip and Replace Huawei, ZTE Equipment Amid 5G Security Challenges (Nextgov) The senior Democrat on the commission noted China’s continued leadership of global 5G standards development in urging further action.
Senate overwhelmingly passes defense bill despite Trump veto threat (Axios) Both the House and Senate have now passed the bill by a veto-proof majority.
Presidential Advisers Make the Case for a New Cybersecurity Center for Sharing Threats (Nextgov) Current federal efforts to help mitigate threats against privately operated critical infrastructure fall short, according to a National Infrastructure Advisory Council report.
Fourth Proposed Revisions to the CCPA: Additional Minor Modifications (cyber/data/privacy insights) On December 10, 2020, the California Attorney General published a fourth set of proposed modifications to the California Consumer Privacy Act. This follows revisions proposed in February, March, and October 2020. As a reminder, the CCPA is in effect and being enforced by both the California AG and t
Data Incident Sparks Cybersecurity Investment in Meadville, Pa. (Government Technology) After suspicious traffic on the city server forced computers to be shut down to external access for several days, city leaders voted to double the budget for the information technology department.
Mass. Gov. Refuses To Back Facial Recognition Tech Ban (Law360) Massachusetts' bid to become the first state in the nation to broadly restrict police from using facial recognition technology hit a snag Thursday, when Gov. Charlie Baker threatened to veto the sweeping police reform bill that housed the proposal unless lawmakers agreed to ax the ban.
Litigation, Investigation, and Law Enforcement
Dark Web’s only Finnish language market Sipulimarket seized (HackRead) Finnish authorities were able to take down Sipulimarket with support from Polish authorities and Europol.
Huawei worked on several surveillance systems promoted to identify ethnicity, documents show (Washington Post) Facing international outcry over its testing of a ‘Uighur alarm’ system, Huawei says it is committed to human rights ‘at the highest level.’ But the tech giant has worked with others to build products touted as capable of identifying ethnicity.
U.S. Schools Are Buying Phone-Hacking Tech That the FBI Uses to Investigate Terrorists (Gizmodo) A Gizmodo investigation has found that schools in the U.S. are purchasing phone surveillance tools from Cellebrite and companies that offer similar tools just four years after the FBI used it to crack a terrorism suspect's iPhone.
Al Jazeera journalist files lawsuit accusing Saudi, UAE crown princes of hack-and-leak (CyberScoop) The lawsuit alleges Mohammed bin Salman and Mohammed bin Zayed coordinated a hack-and-leak operation targeting Al Jazeera anchor Ghada Oeuiss.
Dual Facebook Antitrust Cases Land Before Different Judges (Law360) Although two challenges from the Federal Trade Commission and dozens of state attorneys general to Facebook's acquisitions of Instagram and WhatsApp are likely to be consolidated, they currently are moving forward on parallel tracks and have been assigned to different Washington, D.C., federal judges.
California Seeks to Join Justice Department Antitrust Case Against Google (Wall Street Journal) The state filed court papers seeking to join the Justice Department suit alleging that Google violated federal antitrust laws by entering into exclusionary business agreements that shut out competitors and suppressed innovation.
California is the first Democratic state to ask to join DOJ lawsuit against Google (CNBC) California is the first state with a Democratic administration to seek to join the DOJ and 11 GOP attorneys general in the antitrust lawsuit against Google.
How FinCEN Became a Honeypot for Sensitive Personal Data (CoinDesk) Financial data collected by FinCEN can help law enforcement, but it's also a trove of personal data on people who have not committed a crime.
MobileIron Drops Patent Extortion Claims In BlackBerry Fight (Law360) Mobile security software company MobileIron has agreed to drop both patent infringement and civil extortion claims it leveled against BlackBerry in California federal court and planned to pay Blackberry's legal fees.
BlackBerry Prevails Against MobileIron's Baseless Extortion Claims (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced that earlier this week, a California federal court approved a stipulation submitted by...
Raytheon Worker Blackmails Feds After Getting Into Trouble for Smoking Weed (Vice) A Raytheon missile engineer thought the federal government would be chill with his medical marijuana prescription. They were not.
Hobbyist Cryptographers Seemingly Solve Infamous Zodiac Killer Cipher (Vice) Three cryptographers from around the world have credibly claimed to have cracked one of the most infamous ciphers in history.
The Zodiac Killer sent a cipher 51 years ago. A team of amateur code-breakers just cracked it. (Washington Post) The FBI verified the cipher was "recently solved by private citizens."
Nearly 150 arrested at Paris protest over security bill (MSN) PARIS (AP) — Paris police took nearly 150 people into custody at what quickly became a tense and sometimes ill-tempered protest Saturday against proposed security laws, with officers wading into the crowds of several thousand to haul away suspected trouble-makers. Police targeted protesters they suspected might coalesce together into violent groups like those who vandalized stores and vehicles and attacked officers at previous demonstrations....