the near future: the latest about the next few months.
2021 Security Crystal Ball: Trends and Predictions for the Year Ahead (Cybereason) Here are a handful of likely moves from the cyber adversaries in 2021 and where the risk lies.
Datto, Forcepoint, Secureworks Offer Cybersecurity Predictions for 2021 (Channel Futures) Cybersecurity predictions for 2021 include more uncertainty, increasing cyberattacks, mounting pressure on MSPs and more.
Six Trends Shaping the 2021 Cybersecurity Outlook (IT Security Expert) A UK view on Cyber (IT Security) & Information Security. Covers everything Computer Security from the basics to the advanced
The State of Industrial Cyber-Security in 2020 and Outlook for 2021 (Radiflow) Luckily, it’s almost over.
E-Skimming is on the Rise this Holiday Season - How Can Retailers Stay Safe? - (Enterprise Times) Retailers and shoppers need to be cyber aware this holiday season as cyber criminals step up cyberattacks like e-skimming
Cyber Attacks, Threats, and Vulnerabilities
SUNBURST, TEARDROP and the NetSec New Normal (Check Point Research) Foreword In December 2020, a large-scale cyberattack targeting many organizations – predominantly tech companies, mainly in the United States, but not only there – was discovered to have been going on for several months. The attack was of a degree of sophistication that led to a quick consensus of involvement by a foreign government, and...
Qualys Researchers Identify 7+ Million Vulnerabilities Associated with SolarWinds/FireEye Breach by Analyzing Anonymized Vulnerabilities across Worldwide Customer Base (PR Newswire) Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced its research...
Why the Russian hack is so significant, and why it's close to a worst-case scenario (NBC News) Experts say it's potentially the largest spying operation against the U.S. in history — and it ran without being noticed for nine months.
Why The IT Community Should Be Concerned About The SolarWinds Hack (My TechDecisions) There is still much we're learning about the SolarWinds hack, but one thing is clear: the IT security community got outplayed.
SolarWinds Orion Security Breach: Cyberattack Timeline and Hacking Incident Details - ChannelE2E (ChannelE2E) How the SolarWinds Orion security breach occurred, and a timeline of events involving FireEye, Microsoft, the National Security Council (NSC) & more.
Here is what we know — and don't know — about the suspected Russian hack (CBS News) Cybersecurity experts say the economic, societal, and military impact of this hack cannot be overemphasized.
City Of Tulsa, OU Confirm They Are Customers Of Company Hit By Cyberattack (NewsOn6) The City of Tulsa and the University of Oklahoma both confirmed they are customers of SolarWinds, the company that was hit by a recent cyberattack. The U.S. suspects the attack was carried out by Russian hackers.
Seattle City Light disconnects software implicated in massive government hack, says it wasn't compromised (KUOW) Seattle City Light was using the computer software that's been widely infiltrated by hackers. But utility officials say its network remains secure.
Vietnamese medical company suffers devastating data leak (SafetyDetectives) Vietnamese medical company suffers devastating data leak
Led by Anurag Sen, the Safety Detectives cybersecurity team discovered an unsecured ElasticSe
Personal data leak at one of Britain's largest pension providers (The Telegraph) Now: Pensions manages savings pots for 1.8 million people
Thousands of customer records exposed after serious data breach (TechRadar) Business app developer fails to follow basic security practises for Microsoft Azure blob storage
Ransomware: Attacks could be about to get even more dangerous and disruptive (ZDNet) Cyber criminals are still successfully conducting ransomware campaigns while demanding higher ransoms than ever - and things could be about to get a lot worse.
New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices (The Hacker News) New critical vulnerabilities in a low-level Treck TCP/IP software library affect millions of IoT devices.
Does a friend “need money urgently”? Check your facts before paying out… (Naked Security) Don’t get scammed by fake online requests to help a friend online. Check your facts first – here’s why.
How U.K. Racing Team McLaren Almost Got Phished
(Wall Street Journal) On a Grand Prix race weekend, McLaren’s CEO received an email requesting payment with a click-through link. But the supplier wasn’t real, nor was the link.
Potential privacy breach of Saskatchewan health records in January 2020 malware attack (Global News) A breach of personal health information potentially occurred on systems administered by eHealth for the Saskatchewan Health Authority and the Ministry of Health.
Palos Area Getting Clobbered With Fraudulent Unemployment Claims (Patch) Fraudulent IDES claims have spiked in the Palos area, leading to concerns about identity theft.
Huntsville City Schools warns about personal information possibly compromised in cyber attack (WAAY News) The school system's IT team has been working for three weeks on the attack.
The realities of ransomware: Five signs you’re about to be attacked (Saudigazette) The realities of ransomware: Five signs you’re about to be attacked
Security Patches, Mitigations, and Software Updates
Microsoft Ups Security of Azure AD, Identity (Dark Reading) A roundup of Microsoft's recent security news and updates that focus on protecting identity.
Facebook will offer new account security options in 2021 (Axios) The social network will offer hardware keys and more access to its Facebook Protect program.
Cyber Trends
National Cyber threat Assessment 2020 (Canadian Centre for Cyber Security) Canadian individuals and organizations increasingly rely on the Internet for daily activities. In a COVID-19 context, this trend has accelerated to enable Canadians to work, shop, and socialize remotely in accordance with public health physical distancing guidelines. However, as devices, information, and activities move online, they are vulnerable to cyber threat actors.
Cybersecurity, Communication Lead 2021 Top Five Technology Trends (The Elkhart Truth) JASPER, Ind., Dec. 22, 2020 /PRNewswire/ -- Information technology (IT) underwent a major change in 2020 as organizations were forced to quickly adopt strategies to handle new cybersecurity threats and
Marketplace
Cisco acquires software startup Dashbase to bolster observability in AppDynamics (ZDNet) Cisco plans to integrate Dashbase's logs and events analytics technology into the AppDynamics platform.
Intercede Wins USD200,000 Contract With (London South East) Intercede Group PLC on Tuesday said it has won a new contract worth USD200,000 with a large US defence contractor.
Cyber experts band together in joint defence pact (Australian Financial Review) Some of the nation’s biggest companies have joined forces with cyber security businesses across Australia and around the world to form an unofficial defensive pact to battle increasingly sophisticated hackers.
VMRay Signs Agreement With Factor Group to Expand Into Russian Market (GlobeNewswire) VMRay, a provider of automated malware analysis and detection solutions, today announced that it has signed an agreement with Factor Group, one of the largest value-added distributors in the Russian Federation.
Cybersecurity To Remain Hot In The New Year (Crunchbase News) Despite a pandemic that raged around the globe for the better part of the year, the cybersecurity market retained investor interest in 2020 and many in the sector expect next year to be no different.
IBM Selected for DoD Award to Advance Microelectronics Design Capabilities (HPCwire) WASHINGTON, Dec. 22, 2020 -- IBM has announced a Phase 1 Other Transactions Agreement under the Rapid Assured Microelectronics Prototypes (RAMP) Advanced
Keeper Taps The Karate Kid’s Joe Esposito to Champion the Best Password Manager - Keeper Security Blog - Cybersecurity News & Product Updates (Keeper Security Blog) The year 2020 has been filled with uncertainty, doubt, and catastrophe. If we can make just one small part of our lives easier, that’s a win. Passwords are a thorn in everyone’s side, especially now that so much of our lives has moved online. The human mind isn’t set up …
Samsung, IBM partner to combine "edge computing" with private 5G networks (ETTelecom.com) Samsung Electronics on Wednesday signed a partnership with IBM to combine "edge computing" with private 5G networks, the latest tie-up among big techn..
Fortinet Should Benefit From The SolarWinds-Microsoft Hack (Seeking Alpha) There has been a higher level of activity among IT Security plays during the last week in the stock market.
Cybersecurity Stocks Extend Advance on Bets for Robust Demand (Bloomberg) A recent attack could be a ‘tipping point’ for more spending. Okta and Palo Alto Networks seen as potential winners.
Todd Cione joins Teradata as Chief Revenue Officer (Help Net Security) Teradata announced the appointment of Todd Cione as Chief Revenue Officer, bringing more than 25 years of experience.
Splashtop Announces the Members of its Security Advisory Council (Yahoo) Splashtop Inc., a worldwide leader in remote access and remote support solutions, has assembled leading experts in cybersecurity and compliance to form a Security Advisory Council for the company. This group of advisors helps guide Splashtop toward its rigorous security and compliance goals.
Products, Services, and Solutions
KanREN, Inc. Offers Cybersecurity Threat Protection At No Charge to Its Members (DerbyInformer.com) LAWRENCE, Kan., Dec. 22, 2020 /PRNewswire/ -- KanREN, Inc., a member-based consortium providing Internet and network technologies to education, and public service institutions in Kansas announced today that in response
Secureworks Puts Managed Detection and Response in XDR (SDxCentral) As a managed security services provider for 20 years, Secureworks brings a services-first point of view to XDR.
Coalfire Federal Among First C3PAOs Authorized to Perform CMMC Audits (PR Newswire) Coalfire Federal, a leading cybersecurity services provider to the federal government and Defense Industrial Base (DIB), today announced its...
Top 10 cybersecurity online courses for 2021 (SearchSecurity) There are a plethora of free and paid cybersecurity courses online for serious professionals who want to advance their careers and beginners who want to learn more about cybersecurity. Our panel of leading security experts picked the best of the best online courses for 2021.
Semperis and TrustKey Partner to Deliver Comprehensive Directory Protection to the South Korean Market (Semperis) Partnership Extends Award-Winning Hybrid Identity Protection Solution to Boost Resiliency for Global Organizations Across South Korea
Microsoft Ups Security of Azure AD, Identity (Dark Reading) A roundup of Microsoft's recent security news and updates that focus on protecting identity.
Secureworks Puts Managed Detection and Response in XDR (SDxCentral) As a managed security services provider for 20 years, Secureworks brings a services-first point of view to XDR.
Technologies, Techniques, and Standards
National Cybersecurity and Protection System Documents (CISA) CISA released a draft of the National Cybersecurity and Protection System (NCPS) Cloud Interface Reference Architecture (CIRA) on December 19, 2019. A final version of Volume 1 is below.
Request for Comments:
TIC 3.0 Core Guidance Documents (CISA) TIC 3.0 core guidance documents are intended to be used collectively in order to achieve the goals of the program. The documents are additive; each builds on the other like chapters in a book. The final core guidance is available below.
The TIC 3.0 core guidance includes:
'More of an Art Than a Science:' Behind the Government’s Effort To Measure Cybersecurity | The Record by Recorded Future (The Record by Recorded Future) A dirty little secret of cybersecurity is that no one really knows how to measure it.
CISA Releases Draft TIC Use Case for Remote Users (Meritalk) The Cybersecurity and Infrastructure Security Agency (CISA) released a draft version of a Trusted Internet Connections (TIC) Use Case focusing on access for remote users and user-owned mobile devices, setting the stage for more direct network access to agency and cloud-based resources.
After the FireEye and SolarWinds breaches, what’s your failsafe? (TechCrunch) Breaches of this magnitude are going to happen. If they’re something your organization needs to be resilient against, then it’s best to be prepared for them.
NATO, We Want to Go to War With You (Foreign Policy) Wargames can provide essential cybersecurity training for soldiers. But they won’t succeed unless the players confront real, independent hackers.
Opinion | We Can Take Advantage of the Russian Hack. Here’s How. (POLITICO) The sophisticated attack revealed cracks in our cyber armor that we need to fix.
Farmers get their own security advice as cyberattacks increase (ZDNet) Update your operating system, turn on antivirus and enable two-factor authentication for online accounts, UK cybersecurity agency tells farmers.
The SolarWinds Attack - What Should a Business Do? (JD Supra) As if 2020 has not been bad enough, the world is now reacting to an unprecedented data security breach. Your company should convene its cybersecurity...
Research and Development
Researchers in Abu Dhabi build first national crypto library for the UAE (Gulf Business) Library to safeguard vital and confidential sources of information
Legislation, Policy, and Regulation
Which NDAA cyber provisions have the most impact for DoD? (C4ISRNET) Lawmakers make several changes impacting oversight of DoD cyber operations.
'Good riddance,' China says as Germany leaves UN Security Council (The Sydney Morning Herald) Beijing's frosty words come after Germany's UN envoy appealed to China to free two detained Canadians for Christmas.
Tanzania 'using Twitter's copyright policy to silence activists' (BBC News) Twitter's policy on the infringement of copyright is used to muzzle critics, activists say.
Congresses presses Pentagon to settle future of cyber and trusted computing platform for network security (Military & Aerospace Electronics) Senate bill would require DOD leaders to switch the JRSS platform to a program of record by the end of federal fiscal year 2021 next October.
US lawmakers create US$1.9 billion fund to remove Huawei, ZTE gear (South China Morning Post) Covid-19 relief package includes subsidies to ‘rip and replace’ equipment deemed to be threats to national security.
Huawei and China frozen out in Sweden after appeals court upholds 5G ban (South China Morning Post) Chinese firms Huawei and ZTE excluded from 5G networks on security grounds, while polls rank human rights and democracy as top priorities in dealing with China.
The livestreaming app connecting the working class (Rest of World) Bigo is a phenomenon everywhere but the West, but its popularity with the masses in Pakistan may have led to the app being banned.
US Congress Passes Significant Legislation on the Security of the Internet of Things (Lexology) The recent enactment of the “Internet of Things Cybersecurity Improvement Act of 2020” (the “Act”) promises new scrutiny of security in the Internet…
No, the United States Does Not Spend Too Much on Cyber Offense (Council on Foreign Relations) Contrary to arguments that the United States spends too much on cyber offense, more spending on offensive and defensive capabilities could be in the cards for the future.
U.S. Urges American Firms to Shun Chinese Data Service Companies (Bloomberg) Homeland Security warns of trade secret, competition risks. Advisory comes after hack that Trump advisers blame on Russia.
After massive cyberattack, US hopes to ensure next time isn’t worse (The Christian Science Monitor) Experts say the intrusions into government agencies and businesses have been alarming, but could have done far more damage.
Biden Says Huge Data Breach Poses 'Grave Risk' to U.S., Promises Response (US News) U.S. President-elect Joe Biden said on Tuesday that a widespread data breach of the government apparently carried out by the Russian government poses a "grave risk" to national security that cannot "go unanswered."
Biden says the Pentagon isn't briefing his team on the suspected Russian cyberattack (Business Insider) "The Department of Defense won't even brief us on many things," the president-elect said of the sophisticated cyberattack against the US.
Biden Disputes Trump’s Claim that Hack is Under Control (Nextgov.com) The president-elect called for an official attribution to Russia but said a damage assessment is necessary before discussing the appropriate response.
Biden's options for Russian hacking punishment: sanctions, cyber retaliation (Reuters) President-elect Joe Biden's team will consider several options to punish Russia for its suspected role in the unprecedented hacking of U.S. government agencies and companies once he takes office, from new financial sanctions to cyberattacks on Russian infrastructure, people...
No, the United States Does Not Spend Too Much on Cyber Offense (Council on Foreign Relations) Contrary to arguments that the United States spends too much on cyber offense, more spending on offensive and defensive capabilities could be in the cards for the future.
IoT cyber law signed amid growing vulnerabilities (FCW) The passage of the IoT Cybersecurity Improvement Act of 2020 means that NIST will start to address the gap in post-market guidance to help organizations adequately address newly discovered vulnerabilities in devices already on their networks.
CCA is thrilled with Huawei rip & replace reimbursement prospect (FierceWireless) CCA's Steven Berry called Congress' decision "a huge positive" for impacted carriers.
US Congress passes COVID-19 stimulus bill that would make illegal streaming a felony (NME) The COVID-19 stimulus bill passed by US Congress includes a provision that would increase penalties for illegal streaming operations.
The U.S. Government Is Targeting Cryptocurrency to Expand the Reach of Its Financial Surveillance (Electronic Frontier Foundation) One of the most important aspects of cryptocurrencies from a civil liberties perspective is that they can provide privacy protections for their users. But EFF is concerned that the U.S. government has been increasingly taking steps to undermine the anonymity of cryptocurrency transactions and...
Litigation, Investigation, and Law Enforcement
FBI links Iran to online hit list targeting top officials who’ve refuted Trump’s election fraud claims (Washington Post) The FBI has concluded that Iran was behind online efforts earlier this month to incite lethal violence against the bureau’s director, a former top U.S. cyber expert and multiple state elections officials who have refuted claims of widespread voter fraud promoted by President Trump and his allies, federal and state officials said Tuesday.
Beijing Ransacked Data as U.S. Sources Went Dark in China (Foreign Policy) As Xi consolidated power, U.S. officials struggled to read China’s new ruler.
SolarWinds Claims Execs Unaware of Breach When They Sold Stock (SecurityWeek) SolarWinds told the SEC that its executives were not aware that the company had been breached when they decided to sell stock.
WSJ News Exclusive | Google, Facebook Agreed to Team Up Against Possible Antitrust Action, Draft Lawsuit Says (Wall Street Journal) Facebook and Google agreed to “cooperate and assist one another” if they ever faced an investigation into their pact to work together in online advertising, according to an unredacted version of a lawsuit filed by 10 states against Google last week.
Law enforcement take down three bulletproof VPN providers (ZDNet) The three VPN services provided safe haven for cybercriminals to carry out ransomware attacks, web skimming operations, spearphishing, and account takeovers.
Edward Snowden Pardon and the SolarWinds Hack (City Journal) Edward Snowden’s actions immeasurably weakened the United States and strengthened our adversaries.
Microsoft and Google join Facebook’s legal fight against infamous spyware vendor (The Verge) NSO Group argues it should benefit from sovereign immunity.
Cyberattack limited to one IT application: European regulator (Business Insurance) The European Medicines Agency said on Tuesday that its investigation into a cyberattack had showed the data breach was limited to one IT application.
European medicines regulator says cyberattack limited to one IT application (1450 AM 99.7 FM WHTC | Real News Now) (Reuters) -The European Medicines Agency said on Tuesday that its investigation into a cyberattack had showed the data breach was limited to one IT ap...
Ex-Mt. Gox Exchange CEO Can't Appeal In Fraud Suit (Law360) An Illinois federal judge on Tuesday refused to certify an interlocutory appeal for the former CEO of defunct Japanese bitcoin exchange Mt. Gox as he fights class action claims that the company lost $400 million of investors' money.
Here’s Everything We Know About The Hunter Biden Investigation (Daily Caller) Hunter Biden, is the subject of a probe into possible connections to a prominent Chinese energy firm as well as an investigation into his tax affairs.