the near future: the latest about the next few months.
Phishing Summary 2020 - Trends and Highlights (Akamai) 2020 was a challenging year for many of us, as the COVID-19 pandemic disrupted life and introduced challenges in almost all elements of living. 2020 was also challenging from a cybersecurity point of view, as nearly the entire workforce moved...
The Past is Prologue: A Cyber Preview for 2021 (JD Supra) As we all look forward to closing the book on 2020 and await the promise of a new year, we can see the coming landscape in cybersecurity and cyber...
Trend Micro Global Study: The Data Dilemma (Trend Micro) COVID-19 has forced many organizations to reassess and accelerate their digital transformation strategy in order to adapt to the 'new normal'.
Cybersecurity in 2021: 5 Trends Security Pros Need to Know (Dice Insights) With 2021 fast approaching, here are five trends that cybersecurity, IT pros and developers need to follow to keep ahead.
Top 10 Cybercrime and Cybersecurity Trends for 2021 (ImmuniWeb) ImmuniWeb brings you our forecast of top cybercrime and cybersecurity trends that will likely predominate the global cyber threat landscape in 2021.
Pandemic Pumps Up Companies’ Vulnerabilities To Cyber Attacks (JD Supra) A business’ risk of suffering a cyber event is often discussed, but not always easy to quantify. Recently, Allianz Global Corporate & Security...
CyberArk State of Remote Work Study: Poor Security Habits Raise Questions About the Future of Remote Work (CyberArk) A new remote workforce study from CyberArk (NASDAQ: CYBR) found that the majority of employees feel more productive at home and want to continue...
From weaponized AI to threats against the vaccine rollout, here are 6 cybersecurity trends to watch in 2021 (FierceHealthcare) Could 2021 be the year that healthcare finally gets smart about cybersecurity? Many in the industry say real change needs to happen as the situation has become a matter of life and death. Here are six threats and trends to watch in 2021.
Cyber Attacks, Threats, and Vulnerabilities
Who is the Threat Actor Behind Operation Earth Kitsune? (Trend Micro) Recently, we uncovered the Operation Earth Kitsune campaign and published a detailed analysis of its tactics, techniques, and procedures (TTPs). While analyzing the technical details of this malware, which includes two new espionage backdoors, we noticed striking similarities to other malware attributed to the threat actor known as APT37, also known as Reaper or Group 123.
DHS, State and NIH join list of federal agencies — now five — hacked in major Russian cyberespionage campaign (Washington Post) The Russian Foreign Intelligence Service is believed to be behind an operation presumed to have caused extensive damage.
Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit (New York Times) The Pentagon, intelligence agencies, nuclear labs and Fortune 500 companies use software that was found to have been compromised by Russian hackers. The sweep of stolen data is still being assessed.
Hack of Federal Agencies Shows Cyber Dangers to Supply Chains (Wall Street Journal) A suspected Russian hack that is rippling across federal agencies and U.S. businesses highlights the far-reaching impacts of attacks on supply chains.
Russian hack was ‘classic espionage’ with stealthy, targeted tactics (Washington Post) Some malware used in the attack had never been seen before by investigators.
The SolarWinds Breach: Why Your Work Computers Are Down Today (Lawfare) A quick guide to the news of a major cyber intrusion by the Russian government.
EXPLAINER: How bad is the hack that targeted US agencies? (Washington Post) Governments and major corporations worldwide are scrambling to see if they, too, were victims of a global cyberespionage campaign that penetrated multiple U.S. government agencies and involved a common software product used by thousands of organizations.
SEC filings: SolarWinds says 18,000 customers were impacted by recent hack (ZDNet) In SEC documents filed today, SolarWinds said it notified 33,000 customers of its recent hack, but that only 18,000 used a trojanized version of its Orion platform.
18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack (Dark Reading) Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.
Suspected Russian hackers breached U.S. Department of Homeland Security - sources (Reuters) A team of sophisticated hackers believed to be working for the Russian government won access to internal communications at the U.S. Department of Homeland Security, according to people familiar with the matter.
SolarWinds hackers have a clever way to bypass multi-factor authentication (Ars Technica) Hackers who hit SolarWinds compromised a think tank three separate times.
Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity) Volexity is releasing additional research and indicators associated with compromises impacting customers of the SolarWinds Orion software platform.
FireEye Stumbled Across SolarWinds Breach While Probing Own Hack (Bloomberg) U.S. officals have said Russian government behind the hacks. More than 25 entities have been compromised, people say.
SUNBURST: Russia Fingered in ‘Perfect 10’ Supply Chain Attack (Security Boulevard) Russian spies have been operating inside countless enterprises and government agencies thanks to a hack of IT management vendor SolarWinds.
SolarWinds Hack: 'We're at a Vulnerable Period in History' (GovInfo Security) The supply chain attack targeting SolarWinds was planned for months and intensified since the November election, says Tom Kellermann, head of cybersecurity strategy
GCHQ looking into whether Russian hackers stole UK government secrets (The Telegraph) It comes after the Treasury and Commerce departments revealed they were hacked in a months-long global cyber espionage campaign
GCHQ probes UK impact after cyber attack on US government agencies (Mail Online) National Cyber Security Centre is assessing the UK impact of the US cyber attack which targeted the hugely popular SolarWInds software used by government agencies worldwide.
U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack (Reuters) The U.S. Department of Homeland Security and thousands of businesses scrambled Monday to investigate and respond to a sweeping hacking campaign that officials suspect was directed by the Russian government.
Meet Cozy Bear — the Russian cyber espionage group allegedly behind US government data breach (Business Insider) Cozy Bear, the Russian state-sponsored hacking group behind the latest hack on the US government, has conducted cyber espionage campaigns against the US at least five other times.
10 things to know about the SolarWinds breach (CRN Australia) And the impact on the US Government.
7 Takeaways: Supply-Chain Attack Hits SolarWinds Customers (BankInfo Security) Warning: The breach of FireEye disclosed last week traces to a sophisticated campaign involving Trojanized versions of SolarWinds Orion software used by hundreds of
CISA Orders Federal Agencies to Turn Off SolarWinds Products (Nextgov) A critical flaw in software used throughout government was reportedly used to breach a major security company and at least two federal agencies.
DHS is third federal agency hacked in major Russian cyberespionage campaign (Washington Post) The Department of Homeland Security is the third federal agency to have fallen victim to a major cyberespionage campaign by the Russian government, joining the Treasury and Commerce departments as targets that have been compromised, officials said Monday.
Wilbur Ross: Cyberattack on US Treasury, Commerce Dept. taken 'very seriously' (Fox Business) The cyber hack backed by a foreign government on the U.S. Treasury Department and an agency within the Commerce Department is being taken “very seriously,” Commerce Secretary Wilbur Ross said.
What Investors Need To Know About The US Treasury Cyberattack (Benzinga) U.S. stocks are trading higher despite a successful cyberattack on the U.S. Treasury and the U.S. Commerce Department.
What Happened? On Monday morning, the Trump...
Lock down your Microsoft 365 account to prevent spying eyes, here's how (CNET) The US government suffered a data breach after hackers targeted Microsoft Office software. Here's how to protect your Microsoft apps and accounts.
SolarWinds' federal footprint is large, and compromise is a 'nightmare scenario' for affected agencies (FedScoop) Federal agencies faced the most urgent kind of deadline Monday: They were given until noon, Washington time, to respond to a compromise by foreign hackers in a sensitive piece network management software. The emergency directive from the Cybersecurity and Infrastructure Security Agency (CISA) ordered all agencies using SolarWinds products to review their networks and disconnect or power down the company’s Orion software. Although many …
Our Bases In US Will Be Attacked: Army (Breaking Defense) “We expect adversary actions directed against the homeland,” from cyber attacks to foreign-fomented protests, the new Army Installations Strategy warns. Bases in the US are no longer out of adversaries’ reach – so how do you defend them?
Everything but the kitchen sink: more attacks from the Gitpaste-12 worm (Official Juniper Networks Blogs) Juniper Threat Labs has discovered a new round of Gitpaste-12 attacks exploiting at least 31 distinct vulnerabilities.
Massive Cyber Attack on Israel May Be from Iran (Morningology) Cyber security stocks are seeing a good deal of momentum. For one, the Trump Administration acknowledged reports of a cyberattack on the U.S. Treasury by a foreign government. “The hackers are suspected of targeting the Treasury Department as well as the Commerce Department’s National Telecommunications and Information Administration, or NTIA, a U.S. agency that […]
Moderna COVID-19 vaccine documents accessed in EMA cyberattack (Reuters) Moderna Inc said on Monday it was informed by the European Medicines Agency (EMA) certain documents related to pre-submission talks of its COVID-19 vaccine candidate were unlawfully accessed in a cyberattack on the medicines regulator.
Defence tech service provider firm's data hacked, company claims Rs 50-cr loss (ETCIO.com) The executive claimed that majority of the hacked emails were of "extremely sensitive" nature and "of substantial financial value", owing to the fact ..
More Than 45 Million Medical Images Openly Accessible Online (BusinessWire) The analyst team at CybelAngel has discovered that more than 45 million medical imaging files are freely accessible on unprotected servers.
Medical Imaging Files Exposed on Unprotected Servers (CybelAngel) A report uncovered more than 45 million medical imaging files – including X-rays and CT scans – are freely accessible on unprotected servers.
Google says internal storage quota issue is to blame for outage on Monday (Computing) The authentication system outage lasted for about 45 minutes and took out Google services across the world
Gmail, YouTube, Google Docs and other services go down in multiple countries (Update: slowly coming back online) (TechCrunch) Update: It looks like various services are starting to come back again, but with some glitches (such as the address bar in Gmail not working correctly). A Google spokesperson has now provided us directly with a statement about the outage: Today, at 3.47AM PT Google experienced an authentication sys…
Google Cloud outage takes down Gmail, YouTube, Workspace and more (CRN Australia) Lasted for 45 minutes and hit globally.
Data leak exposes identities of 2m Chinese Communist Party members (teiss) A database stolen from a government server in Shanghai has exposed the identities of two million members of the Chinese Communist Party.
Spotify Changes Passwords After Another Data Breach (Threatpost) This is the third breach in the past few weeks for the world’s most popular streaming service.
Spotify security vulnerability exposed personal data to business partners (The Daily Swig) Music streaming giant believes flaw was present for about seven months
Kaspersky: Gamers face high and ongoing risk of identity theft and bullying (TechRepublic) A survey of gamers worldwide found that gamers deal with bullying and theft of in-game valuables in addition to identity theft.
Phishing Campaign Uses Outlook Migration Message (BankInfo Security) An ongoing phishing campaign designed to harvest Office 365 credentials is using a Microsoft Outlook migration message, according to researchers at Abnormal
GMIT apologises for 'data breach' after lecturers recorded discussing student grades (TheJournal.ie) The video has circulated on social media in recent days.
'A toxic cesspit': Head of Perthshire 'data breach' holiday resort resigns with broadside at members (The Courier) The head of a troubled holiday complex has resigned with a stinging attack on a group of fellow committee members and timeshare owners who he blames for turning the resort into a "toxic cesspit".
CSU San Marcos was hacked in October (EdScoop) Students, staff and faculty were notified earlier this year that a malicious actor had accessed sensitive data, prompting an upgrade to multi-factor authentication.
Students targeted with university-themed phishing emails (TechRadar) Scam looks to steal Office 365 credentials
Cruise Company Hurtigruten Hit By 'Serious' Cyber Attack (gCaptain) Norwegian cruise company Hurtigruten said it had suffered a serious ransomware cyber attack on Monday and several of its systems are paralysed....
Vulnerability Summary for the Week of December 7, 2020 (CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
Cyber Trends
Into the cyber wilderness: The rise of big game hunting (ITProPortal) Hackers are targeting bigger organizations in an attempt to steal high-value assets or data.
The Veriff Fraud Report 2020 (Veriff) We're proud to present our Fraud Report 2020, free to download right now, no email required.
Global cybersecurity industry faces a workforce gap of 3.12 million in 2020 (Atlas VPN) More than half of the world's population is connected to the internet. Countless new companies pop up every day that use the power of the web to sell their goods and services. In response, cybercrime is also at an all-time high, bringing the need for cybersecurity professionals. Unfortunately, the supply of skilled workers did not keep up with the demand.
New Research Highlights Barriers to Adoption of Zero Trust Framework (One Identity)
Survey of over 1,200 IT Security Pros highlights rapid changes in Microsoft Active Directory and Azure Active Directory as a key impact of COVID-19
Nine in ten organizations have concerns around storing access credentials in the cloud
One Identi...
Global New Account Fraud Decreased 23% in 2020, According to Jumio's Holiday Fraud Report (Jumio) Report also found that the catch rate for selfie fraud was five times greater than for ID fraud, highlighting the growing importance of capturing a selfie during onboarding to deter new account fraud.
New Research Uncovers the State of Security in the Workplace (Dashlane Blog) Dashlane recently conducted a survey with Harris Poll that explored what U.S. employees think about online security and password management.
Marketplace
4iQ and Alto Analytics Merge and Rebrand as Constella Intelligence (PR Newswire) 4iQ, the leader in identity intelligence, and Alto Analytics, a leader in applying AI & data science to the digital public sphere, today...
Refinitiv Acquires GIACT, Enhances Cyber Crime Fighting Capabilities (Payments Journal) There’s no doubt that all this staying home is boring, so it’s no wonder people have picked up new hobbies since the start of the pandemic. Some folks have taken to puzzles or Sudoku, while others prefer to binge watch every season of Ozark. Criminals were not immune either, picking up new skills and accelerating their attacks.
ManTech Acquires Tapestry Technologies to Expand Defensive Cyber Capabilities (GlobeNewswire) ManTech International Corporation (Nasdaq: MANT) has completed the acquisition of Tapestry Technologies, a leading provider of advanced cyber solutions. Headquartered in Chambersburg, Pennsylvania, and founded in 2005, Tapestry Technologies offers a full range of cyber defense solutions and expertise, including cyber architecture and policy development, DevSecOps-based systems and software engineering and cyber training.
ManTech closes second cyber-focused deal in a month (Washington Technology) ManTech completes its second acquisition of a cybersecurity-focused company in nearly a month and is also touting talent as part of the equation.
Outpost24 Announces Completion of €19m Funding Round (Infosecurity Magazine) Outpost24 will use the funding to expand its services globally
At-Bay raises $34 million in Series C round (Insurance Business Magazine) It will use the capital to grow headcount and launch new products
Cybersecurity Stocks Rise, SolarWinds Plunges Amid Reports Of Russian Hacking (Investor's Business Daily) Cybersecurity stocks rallied amid reports that Russian hackers had accessed U.S. government agencies via SolarWinds' network management software.
Cisco to hire 1,200 from top colleges - ET CIO (ETCIO.com) A majority, 95% of the college recruits are going to be from engineering colleges such as IITs and National Institutes of Technology, Anupam Trehan, d..
The World’s Largest Live Hacking Event (HackerOne) HackerOne and The Paranoids partnered to bring you the largest live hacking event in the world
HackerOne, Verizon weigh pros and cons of making live hacking contests virtual (CyberScoop) Among all the ways COVID-19 has affected the cybersecurity world, perhaps nothing is more impossible than live hacking events, which were once a staple of the industry.
Palo Alto Networks reveals 2020 partner award winners (ARN) Palo Alto Networks has revealed the winners of its 2020 Australian Partner Awards, recognising partners that play a key role in driving innovation, sales and services and delivering security.
Secure Cyber Defense growing Miamisburg operations with 16 new employees (Dayton Business Journal) As costly cybersecurity attacks hinder U.S. businesses and government agencies, the need for companies with trained cybersecurity experts continues to grow.
Alexandre BLANC Cyber Security on LinkedIn: #cybersecurity #informationsecurity #infosec | 262 comments (LinkedIn) I'm absolutely excited, and honored to announce that I joined VARS Corporation today, as vCISO. I could not wait anymore to make the announcement!
Products, Services, and Solutions
Sophos-ReversingLabs (SOREL) 20 Million sample malware dataset (Sophos AI) The Sophos AI team is excited to announce the release of SOREL-20M (Sophos-ReversingLabs – 20 million) – a production-scale dataset […]
SafeBreach Hacker's Playbook Updated for US-CERT Alert AA20-345A (SafeBreach) SafeBreach Labs has updated the Hacker's Playbook with new attack methods for malware samples described in US-CERT (AA20-345A) which addresses attacks on educational institutions.
SafeBreach Hacker's Playbook Updated for US-CERT Active Exploitation of SolarWinds (SafeBreach) SafeBreach Labs has updated the SafeBreach Hacker's Playbook with new attack methods for malware samples described in US-CERT Active Exploitation of SolarWinds Software.
Infocyte Community Edition: Free Infocyte Platform Access (Infocyte) Infocyte is launching its first free community edition of our solution. To sign up, please enter your information and a member of our team will reach out to you for next steps.
Fime helps to bring SCA to in-app payments with EMV® 3DS SDK testing accreditations. (FIME) Fime’s EMV 3DS Test Platform has been qualified and its lab accredited by EMVCo for Software Development Kit (SDK) type approval testing for Android and iOS apps.
CloudKnox Security Advances CIEM Market with Comprehensive Multi-Cloud Serverless Functions Support and Seamless ServiceNow Integration (BusinessWire) CloudKnox Security Advances CIEM Market with Comprehensive Multi-Cloud Serverless Functions Support and Seamless ServiceNow Integration.
CipherCloud Introduces Multi-Cloud Security Posture Management - Protecting Customers from Risky Configuration Exposures (BusinessWire) CipherCloud Introduces Multi-Cloud Security Posture Management - Protecting Customers from Risky Configuration Exposures
Tehama Launches on AWS Marketplace (BusinessWire) Tehama Enterprise Desktop as a Service (DaaS) is now available on AWS Marketplace. Tehama enables enterprises to create cloud-based virtual offices.
Swimlane Integration with Stellar Cyber Brings Customized Automation to Incident Response (BusinessWire) Swimlane announces new product integration with Stellar Cyber, bringing custom automation to incident response.
Sophos Announces 4 New Open Artificial Intelligence Developments (GlobeNewswire) SophosAI Advances the Practices and Language that Will Transform the Cybersecurity Industry with Much-needed Transparency and Openness
Persona Launches Free Identity Verification Offering (BusinessWire) Persona, identity infrastructure for real-time verification and protection, today launched its free Starter plan out of beta, the first permanent free
Onfido Announces New Identity Verification Solution on Salesforce AppExchange (Onfido) Remote identity verification enables banks to go branchless faster
Asigra Cloud Backup with Deep MFA Brings Enhanced Ransomware Defense to Microsoft Office 365 (Techtoday Newspaper) Cloud-Based Data Protection Platform Mitigates Ransomware Threat to Popular Business Application Suite
Okera Introduces Industry's First Adaptive Security Plane with nScale™ Elasticity (PR Newswire) Okera today announced the next evolution of the Okera Dynamic Access Platform (ODAP) and the introduction of the industry's first "co-located"...
Technologies, Techniques, and Standards
Hunting for SolarWinds Orion Compromises (Infocyte) Infocyte has published an official Infocyte extension which scans servers for all reported host-based indicators of compromise related to the Solarwinds Orion compromise.
Stronger intel ops needed to prevent repeat of Datu Piang attack (Philippine News Agency) An intensified intelligence gathering and well-coordinated response efforts are needed to prevent a repeat of the attack by members of the Bangsamoro Islamic Freedom Fighters (BIFF) in Datu Piang, Maguindanao, the Philippine National Police (PNP) said on Monday.In a press...
Research and Development
Fighting cyber security battle (Mirage News) National Science Foundation funds Case Western Reserve team working to stop data breaches, protect customer information A pair of Case Western Reserve...
GrammaTech Awarded DARPA Research Contract for AI-Augmented Software Development (BusinessWire) Program is designed to free developers to focus on high-level software design using AI to suggest code, types, tests and verify implementations.
Bastille Networks Receives DHS OTA to Continue Wireless Security Tech Dev’t (ExecutiveBiz) Atlanta, Georgia-based internet of things company Bastille Networks has received an other transactio
Academia
UTSA, Port San Antonio partner to bolster region’s cyber and data innovation (UTSA Today) UTSA and Port San Antonio today announced they have signed a Memorandum of Understanding that will accelerate the organizations’ ongoing efforts to expand the region’s already substantial cybersecurity and data analytics research and development ecosystem and increase workforce education and training, further establishing it as one of the world’s leading technology innovation communities.
Funding helps cybersecurity course access (Antelope Valley Press) Lockheed Martin recently announced that it has secured funding to increase student access to cybersecurity courses.
Legislation, Policy, and Regulation
It’s Too Easy to Hack the U.S. Government (The New Republic) Hackers, likely working for Russia, broke into federal agencies’ networks starting in the spring. The next breach could be even more damaging. Is it time for a truce?
China’s Drive to Make Semiconductor Chips Is Failing (Foreign Policy) The stunning success of U.S. efforts to hobble Huawei shows the fragility of Beijing’s highly centralized tech sector.
Russia’s Wagner Group and the Rise of Mercenary Warfare (Modern War Institute) What role do private military companies (PMCs) such as Russia’s Wagner Group play on the modern battlefield? How should US policymakers and US and allied troops in conflict zones manage threats from armed groups when Russia denies their existence? Is war by private armies a rising trend in modern conflict? Our two guests argue that […]
Europe’s new antitrust rules will annoy, not topple, Big Tech (Quartz) The new antitrust rules will likely create legal headaches for Facebook, Google, Apple, and Amazon—but the law won't fundamentally change their business practices.
Cyber agency issues rare emergency directive after suspected Russian hacking campaign (Axios) One expert warned it could turn out to be "one of the most impactful espionage campaigns on record."
Lawmakers call for action after 'devastating' nation state cyberattack on federal government (TheHill) U.S. officials and experts are calling for action after a devastating cyberattack aimed at the federal government by nation state hackers, which may have exposed sensitive government data for the past several months.
'Massively disruptive' cyber crisis engulfs multiple agencies (POLITICO) The hacks also placed new pressure on the Cybersecurity and Infrastructure Security Agency, which has been without a permanent leader since November.
Quick Thoughts on the Russia Hack (Lawfare) This most recent breach constitutes a stunning display of the U.S. government’s porous defenses of sensitive government networks and databases.
Reported Russian hack of US systems has implications for DoD network security plans (C4ISRNET) The breach highlights security risks posed by third-party vendors.
Reported Russian hack of US systems has implications for DoD network security plans (C4ISRNET) The breach highlights security risks posed by third-party vendors.
How DoD can improve its technology resilience (C4ISRNET) Atlantic Council offers ways the Pentagon can better prepare its mission platforms in the face of high-tech adversaries that seek to undermine them.
26 Cyberspace Solarium Commission recommendations likely to become law with NDAA passage (CSO Online) Once passed, the National Defense Authorization Act will create a White House cybersecurity director role, expand CISA's capabilities, and create a K-12 security education assistance program.
State Department grants new enterprise CISO far-reaching oversight authority (Federal News Network) the undersecretary of State for management is creating a new role to oversee cybersecurity and ensure bureaus meet cyber standards.
Four Ways for President Biden to Fix Cyber on January 21 (Lawfare) The Biden administration should catalogue cybersecurity resources; improve federal coordination and response to domestic cyber incidents; and establish the lines of responsibility for the provision of intelligence support to the private sector.
Trump’s chaos made America a sitting duck for cyberattacks (The Verge) We need to do better.
The Cybersecurity 202: Trump took the nation in the wrong direction on cybersecurity, experts say (Washington Post) President Trump took the nation in the wrong direction on cybersecurity, according to a solid majority of experts polled by The Cybersecurity 202.
William P. Barr to depart as attorney general, Trump announces (Washington Post) William P. Barr is stepping down as attorney general, ending a controversial tenure in which critics say he repeatedly used the Justice Department to aid President Trump’s allies, only to have Trump turn on him when he did not announce investigations of political foes and disputed White House claims of widespread election fraud.
Litigation, Investigation, and Law Enforcement
Twitter Fined for Breaking EU Privacy Law in First for U.S. Tech Firm (Wall Street Journal) Two and a half years after going into effect, the European Union’s new privacy law has its first fine for an American tech company in a cross-border case—an overdue development, critics say.
FTC Demands Social-Media, Operations Data From Big Tech Companies (Wall Street Journal) The orders demand the companies turn over detailed, private business information about how they track Americans’ online activities and how they use that data.
FTC orders Amazon, Facebook and others to explain how they collect and use personal data (CNBC) Amazon, TikTok owner ByteDance, Discord, Facebook and its subsidiary WhatsApp, Reddit, Snap, Twitter and Google-owned YouTube were each sent the orders.
FTC launches sweeping privacy study of top tech platforms (Axios) The move appears to be a wide-reaching inquiry into everything major tech companies know about their users and what they do with that data
FTC launching broad probe into big tech privacy/data practices - Axios (NASDAQ:AMZN) (SeekingAlpha) The Federal Trade Commission is launching a broad inquiry into privacy and data collection practices at big tech firms, Axios reports.
Smartmatic Demands Justice for Defamation (Smartmatic) FOX, Newsmax, OAN among those receiving Smartmatic’s retraction demand
DC Circ. Skeptical Of Trump Claims On TikTok Security Risks (Law360) Judges on a D.C. Circuit panel seemed skeptical Monday that the Trump administration has justified its attempt to ban the TikTok mobile app, a move the U.S. Department of Commerce has likened to Cuba travel restrictions that survived a legal challenge almost 30 years ago.
US intel veterans lied about ‘Russian plot’ — and the media bought it hook, line and sinker (New York Post) If there is one thing that the Hunter Biden laptop episode has proved, it is that former directors of the CIA aren’t as adept at evaluating evidence as advertised. Five former directors or acting d…
Australian travel agency criticized over coding event that exposed sensitive user data to external software developers (The Daily Swig) When a ‘design jam’ ends up costing thousands of dollars in new passports
Desjardins had 'series of gaps' in system, leading to massive data breach (Yahoo) The Privacy Commissioner said the financial services cooperative breached several aspects of the privacy act.
China Fines Alibaba, Tencent Unit Under Anti-Monopoly Laws (Bloomberg) Alibaba, China Literature didn’t declare deals to regulators. SAMR is scrutinizing the proposed merger of Huya and DouYu.