the near future: the latest about the next few months.
Two-thirds of businesses bracing for Covid-themed phishing surge in new year | Centrify (Centrify) Nearly two-thirds (64 per cent) of business decision makers are anticipating Covid-themed phishing attacks targeting their company to increase in 2021, according to new research from Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions.
WhiteHat Security Unveils Top Application Security Predictions for 2021 (PR Newswire) WhiteHat Security, a wholly-owned, independent subsidiary of NTT Ltd. and a world leader in application security, today released its top...
IEEE Computer Society Reveals Its 2021 Technology Predictions (PR Newswire) /PRNewswire/ -- The IEEE Computer Society (IEEE CS) has revealed its 2021 Technology Predictions Report focusing on the pandemic's impact on human lives,...
2021 Threat Landscape (Menlo Security) Cyberthreats will continue to grow in volume and sophistication in 2021. Take a look at what to expect in the new year.
The banker in 2050: The role of the human in fighting financial crime for the digital age (BAE Systems) 1950 to 2050: how will the banker have evolved?
Cybersecurity Predictions for 2021 (Deep Instinct) With 2020 coming to an end (a wonderful thing for many of us) how is the cybersecurity landscape shaping up […]
The Cyber Pandemic is Here - Protect Your Organization (Check Point Software) The COVID-19 pandemic has had a dramatic effect on organizations globally. As previously reported, threat actors will always seek to take advantage of
Restore Privacy Cautions Consumers: Holiday Shopping Season Scams are on the Rise | Restore Privacy (Restore Privacy) Taking simple steps to protect your identity can save you a whole lot of trouble. Restore Privacy, a company that publishes FREE cybersecurity tools and resources, is cautioning consumers about an uptick in scam activity onset by the holiday season. Traditionally, cybercriminals have always viewed that special time of year as a […]
Report: Fraudsters Bank on Targeted, High-Value Attacks During 2020 Holiday Shopping Season (Sift) While e-commerce merchants see massive sales surge, average fraudulent purchase value jumped 70% year-over-year in October and November 2020
Fortinet warns of looming cyberthreats for next year (Bangkok Post) Advanced malware targeting intelligent edge, swarm attacks and infrastructure-targeted ransomware are among critical cyberthreats which must be closely monitored in 2021, says Fortinet Thailand, a local unit of the US cybersecurity firm.
Cyber Attacks, Threats, and Vulnerabilities
SunBurst: the next level of stealth (ReversingLabs) SolarWinds compromise exploited through sophistication and patience
SolarWinds: The Hunt to Figure Out Who Was Breached (Bank Info Security) A mighty effort is underway to figure out which organizations may have been deeply infiltrated by a suspected Russian hacking group. The hunt is difficult for many
Hack May Have Exposed Deep US Secrets; Damage Yet Unknown (SecurityWeek) It could take years to get answers on what may have been accessed in a widespread cyber espionage campaign uncovered in December 2020 that used SolarWinds software
How suspected Russian hackers outed their massive cyberattack (POLITICO) A cybersecurity firm says a suspicious log-in prompted it to investigate what turned out to be a gaping security hole for the U.S. government and many large companies.
Analysis | The Cybersecurity 202: Russian hack reveals weaknesses in government cybersecurity protections (Washington Post) The government needs better protections and faster recovery plans, lawmakers and experts say.
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ (KrebsOnSecurity) A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a "killswitch" designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned.
FireEye, Microsoft create kill switch for SolarWinds backdoor (BleepingComputer) Microsoft, FireEye, and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself.
Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack (New York Times) The broad Russian espionage attack on the U.S. government and private companies, underway since spring and detected only a few weeks ago, is among the greatest intelligence failures of modern times.
Lithuania Suffers "Most Complex" Cyber-attack in Years (Infosecurity Magazine) Cyber-attack during government’s transition is the most complex to hit Lithuania in years
Pawn Storm’s Lack of Sophistication as a Strategy (Trend Micro) In this entry we share Pawn Storm's recent activities, focusing on their use of some simple methods that typically won't get associated with APT groups.
Israeli spy firm suspected of accessing global telecoms via Channel Islands (the Guardian) Rayzone appears to have used intermediary in 2018 to lease route into networks from Sure Guernsey
Increase In Attack: SocGholish (Menlo Security) An increase in a drive-by attack called SocGholish tricks users into downloading a malicious payload by impersonating legitimate software updates.
New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data (The Hacker News) Vulnerabilities in standalone 5G networks could allow attackers to steal credentials and falsify subscriber authentication
HPE discloses critical zero-day in server management software (BleepingComputer) Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux.
Zero-day XML mutation flaws in Go programming language can lead to authentication bypass (The Daily Swig) Input-output parsing mismatches have repercussions across the Golang ecosystem
Malicious RubyGems packages used in cryptocurrency supply chain attack (BleepingComputer) New malicious RubyGems packages have been discovered that are being used in a supply chain attack to steal cryptocurrency from unsuspecting users.
Exclusive-Suspected Chinese hackers stole camera footage from African Union - memo (Reuters) As diplomats gathered at the African Union's headquarters earlier this year to prepare for its annual leaders' summit, employees of the international organization made a disturbing discovery.
iOS Spyware Emerges in Longstanding Extortion Campaign (SecurityWeek) An extortion campaign ongoing since at least 2013 has switched to using a new piece of spyware, with both iOS and Android users being targeted.
Lookout Exposes New Spyware Used by Sextortionists to Blackmail iOS and Android Users (PR Newswire) Lookout, Inc., the leader in mobile security, today announced the discovery of Goontact, a new spyware targeting iOS and Android users in...
Malicious Chrome, Edge extensions with 3M installs still in stores (BleepingComputer) Malicious Chrome and Edge browser extensions with over 3 million installs, most of them still available on the Chrome Web Store and the Microsoft Edge Add-ons portal, are capable of stealing users' info and redirecting them to phishing sites.
Cybercriminals Steal Millions by Spoofing Thousands of Mobile Devices (SecurityWeek) Cybercriminals spoofed thousands of mobile devices and used them to steal millions from financial institutions.
CyRC analysis: Authentication bypass vulnerability in Bouncy Castle (Software Integrity Blog) CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. It allows attackers to bypass password checks.
Threat profile: Egregor ransomware is making a name for itself (Malwarebytes Labs) The Egregror ransomware is quickly making a name for itself by victimizing big corporations. How do they do it and what is their background?
Twitter will force users to delete COVID-19 vaccine conspiracy theories (TechCrunch) With COVID-19 vaccinations just beginning, Twitter will ramp up its efforts to tamp down conspiracy theories that might discourage people from getting the vaccine. The newly expanded rules apply to debunked information about the adverse effects of getting vaccinated, misleading tweets claiming the …
Skimming a Little Off the Top: ‘Meyhod’ Skimmer Hits Hair Loss Specialists (RiskIQ) In October, RiskIQ discovered what we believe to be a new Magecart skimmer placed on several e-commerce sites, including websites for the well-known hair treatment company Bosley and the Chicago Architecture Center (CAC), one of Chicago's largest cultural organizations. The skimmer was or has been on both these sites for several months.
Vulnerabilities in standalone 5G networks could allow attackers to steal credentials and falsify subscriber authentication (Telecom Reseller) Attackers can exploit vulnerabilities in new 5G networks to steal subscriber data and impersonate users
RAM-Generated Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems (SecurityWeek) An academic researcher was able to exfiltrate data from air-gapped computers using covert Wi-Fi signals generated by DDR SDRAM.
Cyberattack on Independence Systems Causes Bill-Paying Delay (SecurityWeek) A ransomware attack on the city of Independence’s computer systems has left some residents unable to pay their utility bills.
US-CERT Reports 17,447 Vulnerabilities Recorded in 2020 (Dark Reading) This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019.
2020 saw a surge in detected malicious files — Kaspersky (SecurityBrief) Kaspersky detected more trojans, backdoors and worms than last year, representing an overall 5.2% increase in detected malicious files year-on-year.
Security Patches, Mitigations, and Software Updates
SolarWinds Removes Customer List From Site as It Releases Second Hotfix (SecurityWeek) SolarWinds has released a second hotfix for its Orion platform in response to the recent breach, and the company has decided to remove from its website a page listing its high-profile customers.
Apple Patches Tens of Code Execution Vulnerabilities in macOS (SecurityWeek) Apple patches approximately 30 macOS vulnerabilities leading to code execution.
iOS 14.3: Here Are 9 New Security Reasons To Update Your iPhone Now (Forbes) Apple’s newly-launched iOS 14.3 fixes nine security vulnerabilities, some of which could be serious.
Cyber Trends
Cyberattacks Are on the Decline (Foreign Policy) But as the Russian hack of the U.S. government shows, they are getting worse.
Top retailers remain vulnerable to email brand spoofing (Valimail) Retailers in 2020 are leaning heavily on e-commerce, thanks to the pandemic, and during the holiday season that means they are redoubling their email efforts. There is a problem, however: Most retailers have not devoted the same level of effort to securing email as they have to optimizing its effectiveness.
Cyber insurance leaves something to be desired after 2020 events (Insurance Business Magazine) It's time to take a close look at policies and make sure they’re working for insureds
Poll: Pandemic Is Fueling a Resurgence in QR Codes (WhatTheyThink) Poll: Pandemic Is Fueling a Resurgence in QR Codes
How employees view and manage company security (Help Net Security) A new survey sheds light on how employees view and manage company security. They aren't taking security as seriously as they should.
80% of Government and Education Sector Software Apps Have Flaws, But Sector Shows Progress Toward Stronger Code Security, According to Veracode (BusinessWire) AppSec leader Veracode reveals 80% of government and education software have flaws and offers tips for improved DevSecOps in the sector
1 in 5 employees fall for phishing emails even after a security training (Atlas VPN) According to the data presented by the Atlas VPN team, one-fifth (19.8%) of employees fell for phishing emails even if they have gone through security awareness training.
Infrascale Survey Reveals that SMB and Mid-Market Business Executives Feel More Competitive With the Aid of Managed Service Providers (Infrascale) Research from Infrascale, a cloud-based data protection company that provides industry-leading cloud backup and disaster recovery solutions, indicates that most SMB and mid-market business executives (68%) believe working with a managed service provider (MSP) helps them stay ahead of their competition.
Marketplace
Data Protection Firm BigID Raises $70 Million at $1 Billion Valuation (SecurityWeek) Data protection firm BigID has raised $70 million in a Series D funding round, bringing the valuation of the company to more than $1 billion.
Truyo, an IntraEdge company, secures investment from Intel (PR Newswire) Truyo, an IntraEdge company and developers of the Truyo Privacy Platform and Health-Check Management Solutions, today announced a strategic...
SafeToNet Acquires Net Nanny (PR Newswire) SafeToNet Limited, a leading force in child online safety, announces the acquisition of Philadelphia-based Content Watch Holdings, Inc., parent...
BigID Announces $70 Million in New Investment, Raising the Company's Valuation to $1B (BusinessWire) BigID, a leader in data discovery and intelligence for privacy, protection and perspective, today announced a $70M million series D financing, bringin
Cambridge Quantum to Invest Record Funding in Near-Term Solutions, Including Cybersecurity (HPCwire) CAMBRIDGE, England, Dec. 16, 2020 -- Cambridge Quantum Computing (CQC), a global leader in quantum software and quantum algorithms to take full advantage
BAE Systems to recruit for 1,250 new roles - its highest number ever (Business Live) It's a record for the firm, with opportunities available in a variety of roles from accountancy to mechanical fitting
Offensive Security Launches Bounty Program for User-Generated Machines (BusinessWire) Offensive Security, the leading provider of hands-on cybersecurity training and certification, today announced a new bounty program for user generated
CyberGRX Drives Significant Growth in 2020; Advances Global Third-Party Cyber Risk Market (BusinessWire) CyberGRX demonstrated significant growth during a year marked by seismic shifts and challenges, advancing the global third-party cyber risk market.
Confluera Exits 2020 with Record Growth Rate, Driven by Strategic Partnerships, Award Recognitions and Product Innovation (BusinessWire) Confluera, the leading provider of the Extended Detection and Response (XDR) solution, achieved record growth in 2020, exiting the year with a custome
2021 will be full "stream" ahead, says Splunk President and CEO (iTWire) Global machine data acquisition and investigation software provider, Splunk, has continued its acquisition path in 2020 and moves into 2021 focused on its cloud journey and customer innovation. Doug Merritt, President and CEO of Splunk, spoke exclusively with iTWire. Splunk is well-known, and even b...
Making Space in Cybersecurity (R Street) “Cybersecurity is a global problem that necessitates wide ranging dialogues with experts of all backgrounds, nationalities, and career paths.” Cybersecurity Coalition Pledge: “Making Space” The modern field of cybersecurity would not exist without the work of women, people of color, and other thought leaders from underrepresented communities. Many of our nation’s first computer programmers were […]
Facebook rolls out full-page ads, website complaining Apple is forcing it to get consent before tracking you (The Register) Small-biz campaign tugs at heart strings, inadvertently promotes how iGiant is improving privacy
Facebook highlights small business impact in Apple battle (TechCrunch) Facebook already made it clear that it isn’t happy about Apple’s upcoming restrictions on app tracking and ad targeting, but the publicity battle entered a new phase today. Over the summer, Apple announced that beginning in iOS 14, developers will have to ask users for permission in ord…
Google's internal fight over Timnit Gebru case escalates as researchers demand the removal of senior executive (Computing) Members of Google's Ethical AI team want vice president to be removed from the reporting structure
One Identity Extends Channel Momentum As Demand for Identity-Centric Security Accelerates (GlobeNewswire) Nearly 70 percent of global sales linked to channel, highlighting demand for identity-centered security to address the virtual workforce. Multi-tiered program reached 10x more partners through new virtual partner enablement bootcamps. Over 970 attended global virtual UNITE user and partner conference, almost 100% year-over-year growth from the 2019 conferences.
Bitglass Receives Seven Honors for Cloud Security Excellence and Two Industry Recognitions in H2 2020 (BusinessWire) Bitglass, the Total Cloud Security Company, announced today that it has won multiple awards and been recognized by industry experts throughout 2020. T
The Top 25 Cybersecurity IT Executives of 2020 (PRWeb) NEW YORK (PRWEB) December 16, 2020
The IT Services Report is pleased to announce The Top 25 Cybersecurity IT Executives of 2020. As companies look to digitize their operations, particularly with
IBM Board Appoints CEO Arvind Krishna As Chairman, Replacing Rometty (CRN) IBM’s board of directors appointed CEO Arvind Krishna as its chairman, taking over from executive chairman and former chief executive Ginni Rometty.
Cerberus Sentinel Announces Bryce Hancock as New Chief Operating Officer (GlobeNewswire) U.S. cybersecurity services firm expands leadership team
Zscaler names new ANZ boss (CRN Australia) Steve Singer replaces Budd Ilic.
EfficientIP expands leadership team with two new senior appointments (Help Net Security) EfficientIP announced two senior appointments – Thierry Drilhon as chairman of the board and Cécile Ferreboeuf Clayes as a new board member.
Peter MacKay hired as advisor at Deloitte Canada and McInnes Cooper (IT World Canada) Canadian lawyer and former senior cabinet minister in the country’s federal government Peter MacKay has been hired as a strategic advisor to Deloitte Canada and Canadian law firm McInnes Cooper.
Plurilock Adds Information Technology and Cybersecurity Expert, Chris Pierce as Advisor (Yahoo Finance) Former US Navy Lieutenant held multiple leadership roles at Booz Allen Victoria, British Columbia--(Newsfile Corp. - December 16, 2020) - Plurilock Security Inc. (TSXV: PLUR) ("Plurilock" or the "Company"), an innovative cybersecurity company that provides frictionless and continuous authentication using machine learning and behavioral biometrics, this week announced that Chris Pierce has agreed to serve as an advisor to the company. Chris will provide guidance on strategy, partnerships and enterprise commercialization opportunities.Mr. Pierce is ...
NeuVector Names Jon Shaw as EMEA Sales Director as Global Demand for End-to-End Container Security Grows (GlobeNewswire) The veteran enterprise security sales executive will bring the Full Lifecycle Container Security leader to more EMEA businesses and spearhead new channel initiatives in the region
Illumio Welcomes Jennifer Johnson to its Board of Directors (GlobeNewswire) Industry veteran brings over 20 years of Security and IT go-to-market experience to support Illumio’s aggressive growth and Zero Trust leadership
Centrify Appoints Charlie Velasquez as Chief Financial Officer | Centrify (Centrify) Centrify, a leading provider of Identity-Centric Privileged Access Management (PAM) solutions, today announced that Charlie Velasquez has joined the company as Chief Financial Officer (CFO).
Products, Services, and Solutions
BeyondTrust Adds Remote Support Integration for ServiceNow CSM (AiThority) BeyondTrust, the worldwide technology leader in Privileged Access Management (PAM), announced a new integration between its leading Remote Support solution and ServiceNow
Rostelecom-Solar partners Siemens for industrial cyber training (Telecompaper) Russian company Rostelecom-Solar, a subsidiary of the national telecom operator Rostelecom focused on cyber-security solutions, has concluded a cooperation agreement with Siemens Russia. As a result, products from Siemens are used for the deployment of a cyber-polygon for industrial companies to carry out training in cyber-protection.
Safe-T and Accenture Spain Launch Secure Remote Access Managed Security Service (AiThority) Safe-T Group a provider of secure access solutions for on-premise and hybrid cloud environments, announced the launch of a joint secure remote access MSS
Google Chrome, Eset extend collaboration against online threats (Telecompaper) Slovakia-based cyber-security specialist Eset and Google have extended their cooperation on Chrome Cleanup, part of Chrome's Safe Browsing feature. As applied in Chrome Cleanup, Eset's technology is used by Google to alert users about unwanted or potentially harmful software attempting to sneak into end-user devices by, for example, getting bundled into the download of legitimate software or content. Using Eset's security technology, Google Chrome then provides users with the option to remove the unwanted software.
Unisys enhances biometric authentication capabilities of Stealth platform (Biometric Update) Unisys has announced an update to the biometrics capabilities of its Stealth platform to include passive liveness detection and single sign-on technologies. Stealth is an adaptive, risk-based authe…
DigiCert Solves Challenge of PKI Management in the IoT Device Supply Chain and at the Edge with New IoT Device Manager Release (AiThority) DigiCert, helps companies and manage digital certificates at any point during the product lifecycle with release of the IoT Device Manager.
Tufin SecureCloud now supports the Google Cloud Platform (Help Net Security) Tufin SecureCloud now supports Google Cloud, allowing customers to use SecureCloud to define and monitor compliance with security guardrails.
Sophos unveils new open AI developments to sharpen defenses against cyberattacks (SecurityBrief New Zealand) While it is common practice to share AI methodologies and findings in other industries, cybersecurity has lagged in this effort.
Atlantica Digital and NanoLock Partnership Carves a Niche for IoT... (Enterprise Security) NanoLock Security and Atlantica Digital partners to provide innovative managed security service to protect smart meters and connected devices of...
Lumacron debuts Draco: a 200G traffic autodiscovery platform (Light Reading) New system auto-discovers WAN protocols and IDs packet streams mapped to that traffic.
Telenor Myanmar Taps Akamai for Subscriber Security (Yahoo Finance) Akamai (NASDAQ: AKAM), the intelligent edge platform for securing and delivering digital experiences, announced that Telenor Myanmar is using Akamai's SPS Shield product to help protect subscribers from a host of cybersecurity threats. Available as Telenor Business Web Shield to Telenor Myanmar Business customers, the service automatically activates defenses against bots, malware, phishing and other types of attacks.
Verizon Business Adds Silver Peak to SD-WAN Roster (Channelnomics) Visit the post for more.
Google Chrome and ESET collaborate in fight against online threats (ESET) Company news from the maker of legendary NOD32 technology.
Cyberbit and Optiv Partner to Bring Cyber Range Training to SOC Teams in North America (BusinessWire) Cyberbit, the world’s leading provider of Cyber Skills Development Platforms, today announced a new partnership with Optiv, a security solutions integ
SafeBreach Hacker's Playbook Updated for US-CERT Active Exploitation of SolarWinds (SafeBreach) SafeBreach Labs has updated the SafeBreach Hacker's Playbook with new attack methods for malware samples described in US-CERT Active Exploitation of SolarWinds Software.
Cowbell Cyber Teams with Keystone to Deliver Agents Innovative Cyber Coverages (PR Newswire) Cowbell Cyber, the industry's first AI-powered cyber insurance provider for small to mid-sized businesses (SMBs), today announced it has teamed...
Datadobi and Wasabi Announce Technology Alliance Partnership (BusinessWire) Datadobi and Wasabi announced a Technology Alliance Partnership.
Quantum Xchange Announces Quantum-Safe Encryption for Hybrid Cloud Environments (PR Newswire) Quantum Xchange, a leader in quantum-safe products and services for crypto agility and quantum readiness, today announced the general...
Platform9 Launches the Industry's Only SaaS Managed Bare Metal Orchestration Platform (PR Newswire) Platform9, the first company to provide open-source SaaS managed solutions for private and edge clouds, today unveiled the industry's only...
Bundled Cybersecurity Insurance Solution Launched by Transmosis CyberOPS (PR Newswire) Transmosis, a nationally recognized leader in small business cybersecurity protection, today announced a new integrated product offering in...
Dasera’s Latest Release Secures the Entire Data Lifecycle for Cloud Data Stores (BusinessWire) Cloud Data Lifecycle Security startup Dasera announced today that it has launched its Yellowstone release for cloud data warehouses and data lakes. Ta
Coalfire Authorized As CVE Numbering Authority (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, has been approved by the Common Vulnerabilities and Exposures (CVE)...
Technologies, Techniques, and Standards
Rounding Up Your IoT Security Requirements: Draft NIST Guidance for Federal Agencies (NIST) IoT devices are becoming integral elements of federal information systems, which is why NIST has released for
Summation and Average Queries: Detecting Trends in Your Data (NIST) This post is part of a series on differential privacy.
5G Security Problems Must Be 'Addressed from the Offset' (Channel Partners) Positive Technologies unveiled a report about standalone 5G core networks. The 5G networks of the future offer significantly different issues.
Top Considerations When Auditing Cloud Computing Systems (Security Boulevard) As today’s organizations migrate to the cloud, they expose themselves to a rapidly growing threat landscape. As if ... Read More The post Top Considerations When Auditing Cloud Computing Systems appeared first on Hyperproof.
4 reasons to involve CISOs in mergers and acquisitions planning (SearchCIO) Jaime Fox and Deborah Golden break down four reasons that companies should include their CISOs more often in mergers and acquisitions. CISOs can help identify potential security risks, will better understand their new threat landscape, can help speed up cyber processes and more.
Remote working is risky: How to fend off potential cyber attacks (Business Standard) RDP attacks allow cybercriminals to also record keystrokes and steal sensitive information
10 Ways to Protect Against DDoS Attacks (Security Boulevard) Distributed denial-of-service (DDoS) attacks continue to grow in size, frequency, and complexity, threatening businesses and service providers around the world. A warning was recently issued about a steep uptick of DDoS attack threats demanding bitcoin ransom with thousands of organizations across industries and around the world targeted. In June, AWS disclosed a record-setting 2.3 Tbps DDoS attack, breaking the previous record, a 1.3 Tbps attack mitigated by Akamai back in 2018.
Research and Development
Algorithmic Warfare: ‘Hack the Building’ Spotlights Vulnerabilities (National Defense) The Defense Department has long been sounding the alarm on the increased need for enhanced cybersecurity measures across its programs to protect data and communications.
Academia
Ten university projects awarded grants to boost WA defence research (Mirage News) WA Government announces 10 successful projects that will share $120,000 for Defence-relevant student-led research Defence Science Centre (DSC) Research...
Partnerships boost Indiana State University in field of cybersecurity (Terre Haute Tribune-Star) Indiana State University’s rapidly growing cybersecurity program has announced three partnerships that will make students even more marketable in a field burgeoning with jobs.
Legislation, Policy, and Regulation
Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) (CISA) Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign. Pursuant to Presidential Policy Directive (PPD) 41, the FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident.
White House activates cyber emergency response under Obama-era directive (CyberScoop) The National Security Council has activated an emergency council to help the government plan its response to a nation-state hacking incident.
White House Holds Urgent Daily Talks on Hacking Linked to Russia (Bloomberg) The White House has convened urgent meetings of officials across multiple agencies to address a breach of U.S. government computer systems attributed to Russia, according to a person familiar with the matter.
Senators want answers regarding SolarWinds cyber attack (Federal News Network) A bipartisan group of senators want the FBI and CISA to submit a report to Congress about the impact of the SolarWinds cyber attack on agencies.
Opinion | I Was the Homeland Security Adviser to Trump. We’re Being Hacked. (New York Times) The magnitude of this national security breach is hard to overstate.
3 lessons from Russia’s cyberhack into U.S. agencies (Washington Post) Cyberspying may be inevitable. Governments can prepare.
The US Federal Government Needs a VP of Engineering, not a CTO (LinkedIn) If you look at the roster of the Biden-Harris transition team, it’s quickly apparent that the incoming administration is tech-forward. Given the systematic dismantlement of the federal government over the last four years, and the significant logistical and scientific needs underpinning a large-scale
Huawei Gets Conditional Green Light in Germany as Government Approves Security Bill (Wall Street Journal) Germany edged closer to allowing the use of Huawei’s technology in 5G mobile networks, giving the Chinese company a victory on a European continent increasingly aligned with the Trump administration’s anti-Huawei views.
Focus of OT and IoT Cybersecurity in Australia’s Critical Infrastructure (Security Boulevard) The Australian Government’s approach to OT/IoT security is a significant step forward, but great challenges still exist for critical infrastructure. The post Focus of OT and IoT Cybersecurity in Australia’s Critical Infrastructure appeared first on Nozomi Networks.
Huawei’s Role in the China-Russia Technological Partnership (Council on Foreign Relations) While Huawei clearly benefits from the China-Russia science and technology partnership, it also helps facilitate it.
German Government Backs Bill Requiring 5G Security Pledge (SecurityWeek) German officials approved a bill that would require companies involved in setting up critical infrastructure such as high-speed 5G networks to guarantee that their equipment can't be used for sabotage, espionage or terrorism.
Telecom Equipment: Citing national security, govt set to bar Chinese telecom gear (The Times of India) India Business News: In a first, the government on Wednesday decided to issue a National Security Directive for the telecommunication sector to mandate scrutiny of telecom
India Trusted Source: Centre likely to blacklist some telecom equipment vendors (One India) The Centre today said that it may blacklist certain telecom equipment vendors and also designate companies as India Trusted Source.
Swedish court allows telecoms regulator to go ahead with Huawei exclusion (Reuters) A Swedish appeals court on Wednesday said telecoms regulator PTS would be able to conduct 5G spectrum auctions, setting aside an earlier ruling, though it remained an option for Chinese telecom equipment maker Huawei to appeal the decision.
Canada likely to become the next 'Five Eyes' nation to ban Huawei 5G (Zee News) There have also been several allegations made against Huawei that the Chinese company has illicitly obtained intellectual property rights of other companies.
Huawei comms chief resigns over 'Uighur alarms' report; UK counterpart also steps down (PR Week) Huawei comms chief resigns over 'Uighur alarms' report; UK counterpart also steps down. From PR Week
EU unveils revamp of cybersecurity rules days after hack (AP NEWS) The European Union unveiled Wednesday plans to revamp the 27-nation bloc’s dated cybersecurity rules, just days after data on a new coronavirus vaccine was unlawfully accessed in a...
New EU Cybersecurity Strategy and new rules to make physical and digital critical entities more resilient (European Commission) Today, the Commission and the High Representative of the Union for Foreign Affairs and Security Policy are presenting a new EU Cybersecurity Strategy.
UK and EU unveil new rules to regulate big tech (Computing) The proposals are expected to create a 'level playing field' for everyone
EU, Britain to Toughen Rules, Fines for Tech Giants (SecurityWeek) Big tech companies face hefty fines in the European Union and Britain if they treat rivals unfairly or fail to protect users on their platforms.
Tech Giants Face New Rules in Europe, Backed by Huge Fines (Wall Street Journal) European officials are pursuing new powers to oversee large digital platforms like Facebook, backed by threats of multibillion-dollar fines, as they seek to expand their role as global tech enforcers.
Biden Faces Early Test on Digital Trade With EU Privacy Talks (Wall Street Journal) Striking a new deal to allow U.S. companies to transfer data from the EU will be a key test for the Biden administration, as such a privacy agreement could play a central role in strengthening trans-Atlantic trade.
The Cybersecurity 202: Democrats and Republicans are ending 2020 as far apart as ever on election security (Washington Post) Any chance of Congress burying old gripes and working together on election security took a serious blow during 2020’s final hearing on the topic.
DoD announces cybersecurity certification pilots (C4ISRNET) The tiered cybersecurity framework grades companies on their cyber hygiene.
Facebook Is a Doomsday Machine (The Atlantic) The architecture of the modern web poses grave threats to humanity. It’s not too late to save ourselves.
Litigation, Investigation, and Law Enforcement
Trump Spy Chief Stirs Dispute Over China Election-Meddling Views (Bloomberg) Ratcliffe’s office says report to Congress will be delayed. Disagreement is over the extent of interference by China.
Investors in breached software firm SolarWinds traded $280 million in stock days before hack was revealed (Washington Post) The timing of the trades raises questions about whether major shareholders used inside information to avoid stark losses after the attack. The company’s share price has plunged roughly 22 percent since its role in the breach was revealed.
US$286M of SolarWinds stock sold before CEO, hack disclosures (CRN Australia) Silver Lake and Thoma Bravo sold US$286 million of company stocks.
Walmart Denies Data Breach In Calif. Motion To Dismiss (Law360) Walmart has urged a California federal judge to toss a proposed class action alleging the retail giant's lax security practices led to an exposure of customers' personal data, saying there was no data breach and scoffing at the plaintiff's claims that he found his information for sale on the so-called dark web.
Delhi Police cyber crime unit busts illegal call centre targeting foreign nationals, 54 arrested (India TV News) The Delhi Police crime branch has arrested 54 people from an illegal call center in a case involving fraud with foreign nationals.
Dutch Hacker Who Claimed To Access Trump’s Twitter Account Will Walk Free After Police Investigation (Forbes) Dutch investigators say they assumed the hacker was able to access Trump’s Twitter account — reportedly by correctly guessing the password to be “maga2020!” — something the White House strenuously denies.
Trump Twitter Account Hacked, No Charges: Dutch Prosecutors (SecurityWeek) Dutch prosecutors said a man had cracked US President Donald Trump's Twitter account in October despite denials from Washington and the company.
Australia sues Facebook over user data (iTnews) Echoing US antitrust case.
Report details widespread illegal extraction of smartphone data by US law enforcement (World Socialist Web Site) An extensive report from Upturn, a nonprofit civil rights organization, shows that law enforcement agencies at the local, state and federal levels are each day routinely extracting smartphone data in violation of the Fourth Amendment’s guarantee against unreasonable searches and seizures.
Australia Watchdog Sues Facebook Over 'Misleading' VPN App (SecurityWeek) Australia's consumer watchdog launched legal action against Facebook, alleging the social media giant "misled" thousands of Australians by collecting user data from a free VPN service advertised as private.
Facebook plans to shift UK users to California (Computing) The changes will move British users outside the scope of the EU privacy laws
Texas and nine other U.S. states sue Google for abusing market power (Reuters) Texas, backed by nine other states, filed a lawsuit against Alphabet Inc-owned Google on Wednesday, accusing it of breaking antitrust law in how it runs its online advertising business.
Ten States Sue Google, Alleging Deal With Facebook to Rig Online Ad Market (Wall Street Journal) A Texas-led antitrust case accuses the search giant of manipulating digital advertising markets, in part through an alleged agreement with rival Facebook aimed at preserving Google’s dominance.
Texas hits Google with antitrust suit over ad tech practices (Axios) The lawsuit is yet another legal battle for Google, embroiled in state and federal antitrust scrutiny.