Cyber Attacks, Threats, and Vulnerabilities
Hacks on Louisiana Parishes Hint at Nightmare Election Scenario (Washington Post) James Wroten called the clerk of court in Vernon Parish, Louisiana last November with an urgent message.
"Distinguished Impersonator" Information Operation That
Previously Impersonated U.S. Politicians and Journalists on Social Media
Leverages Fabricated U.S. Liberal Personas to Promote Iranian Interests (FireEye) Details of an ongoing operation that we believe is being conducted in support of Iranian political interests.
Facebook removes accounts run from Iran targeting Americans (CNN) Facebook announced Wednesday morning that it had removed a small network of fake social media accounts it said were run from Iran and were posting about US politics.
Iranian Digital Influence Efforts: Guerrilla Broadcasting for the Twenty-First Century (Atlantic Council) Iran has invested significant resources and accumulated vast experience in the conduct of digital influence efforts locally and globally.
WSJ News Exclusive | U.S. Officials Say Huawei Can Covertly Access Telecom Networks (Wall Street Journal) Huawei can covertly access mobile networks via back doors meant for law enforcement, the U.S. has told allies in a bid to show the Chinese firm poses a security threat.
White House Official Says Huawei Has Secret Back Door to Extract Data (New York Times) The allegation that Huawei maintains access to the data that flows through its network is the latest step in a campaign to thwart the Chinese telecom giant’s rise.
US says it can prove Huawei has backdoor access to mobile-phone networks (Ars Technica) US hasn't made evidence public but reportedly shared it with UK and Germany.
China denies cybertheft following Equifax accusations (Fifth Domain) The Justice Department accused Beijing on Monday of engineering one of the biggest hacks in history targeting consumer data.
The intel on China’s counterintelligence threat to America (Boston Globe) China’s assault on US technological know-how is so pervasive that in 2018 the attorney general formed the “China Initiative” specifically to combat the problem.
Concern over Coronavirus Leading to Global Spread of Fake Pharmacy Spam (Imperva) High levels of concern around the Coronavirus are currently being used to increase the online popularity of spam campaigns designed to spread fake news and drive unsuspecting users to dubious online drug stores.
Phishing emails lure victims with news of coronavirus' impact on shipping (SC Media) Cybercriminals have launched a phishing campaign that targets global companies with emails that suggest the coronavirus could disrupt shipping operations.
More Phishing Campaigns Tied to Coronavirus Fears (BankInfo Security) As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range
Unit 42 Discovers Malicious Activity in Kuwaiti Organization’s Webpage (CISO MAG | Cyber Security Magazine) Security experts from Unit 42, a threat intelligence unit of Palo Alto Networks, discovered a Kuwait organization’s webpage used in a security exploit.
We've never met six-year-old Kate — but a total stranger was able to track her every move (ABC News) A software bug in a popular GPS tracking device for kids shows how easy it is to accidentally expose personal information to strangers.
Facebook’s Twitter and Instagram accounts hijacked (Naked Security) In full glare of the world, Facebook admins have found themselves in an unseemly struggle to wrestle back control of the company’s Twitter accounts.
The Ancient Microsoft Security Flaws Driving Cybercrime In 2020 (Forbes) New research reveals that very old Microsoft vulnerabilities are still causing very real problems.
KBOT Malware Is the First 'Living' Virus Spotted in Years (Security Intelligence) Security researchers recently spotted KBOT malware, the first "living" computer virus they've discovered in years.
Synergy Systems & Solutions HUSKY RTU (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Synergy Systems & Solutions (SSS)
Equipment: HUSKY RTU
Vulnerabilities: Improper Authentication, Improper Input Validation
2.
Siemens SIMATIC CP 1543-1 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC CP 1543-1
Vulnerabilities: Improper Access Control, Loop with Unreachable Exit Condition
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow for remote code execution and information disclosure without authentication, or unauthenticated denial of service.
Siemens Industrial Products SNMP Vulnerabilities (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Various SCALANCE, SIMATIC, SIPLUS products
Vulnerabilities: Data Processing Errors, NULL Pointer Dereference
2.
Siemens PROFINET-IO Stack (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Siemens PROFINET-IO Stack
Vulnerability: Uncontrolled Resource Consumption
2. RISK EVALUATION
Successful exploitation of this vulnerability could lead to a denial-of-service condition.
Siemens SIMATIC S7 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC S7
Vulnerability: Uncontrolled Resource Consumption (Resource Exhaustion)
2.
Siemens SCALANCE X Switches (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 4.2
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SCALANCE X switches
Vulnerability: Protection Mechanism Failure
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to perform administrative actions.
Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC
Vulnerability: Incorrect Calculation of Buffer Size
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker with network access to cause a denial-of-service condition.
Siemens SCALANCE S-600 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SCALANCE S-600 Firewall
Vulnerabilities: Resource Exhaustion, Cross-site Scripting
2. RISK EVALUATION
These vulnerabilities could allow a remote attacker to conduct denial-of-service or cross-site scripting attacks. User interaction is required for a successful exploitation of the cross-site-scripting attack.
Siemens SIPORT MP (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 6.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIPORT MP
Vulnerability: Insufficient logging
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow the attacker to create special accounts with administrative privileges.
Siemens SIMATIC S7-1500 (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SIMATIC S7-1500 CPU family
Vulnerability: Resource exhaustion
2. RISK EVALUATION
This vulnerability could allow a remote attacker to conduct denial-of-service attacks.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of SIMATIC are affected:
Siemens OZW Web Server (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 5.3
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: OZW web server
Vulnerability: Information disclosure
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow unauthenticated users to access project files.
Siemens SIPROTEC 4 and SIPROTEC Compact (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SIPROTEC 4 and SIPROTEC Compact
Vulnerability: Improper Input Validation
2. RISK EVALUATION
This vulnerability could allow an attacker to conduct a denial-of-service attack over the network.
Digi ConnectPort LTS 32 MEI (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 2.4
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Digi International
Equipment: ConnectPort LTS 32 MEI
Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Cross-site Scripting
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could limit system availability.
Siemens SIMATIC Products (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3.1 3.7
ATTENTION: Exploitable remotely
Vendor: Siemens
Equipment: SIMATIC CP 1626; HMI Panel (incl. SIPLUS variants); NET PC software; STEP 7 (TIA Portal); WinCC (TIA Portal); WinCC OA; WinCC Runtime (Pro and Advanced); TIM 1531 IRC (incl. SIPLUS variant)
Vulnerability: Exposed Dangerous Method or Function
2.
Siemens Industrial Real-Time (IRT) Devices (Update B) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Real-Time (IRT) Devices
Vulnerability: Improper Input Validation
2.
Siemens PROFINET Devices (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: PROFINET Devices
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update B) that was published January 14, 2020, to the ICS webpage on us-cert.gov.
Siemens Industrial Products (Update D) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: Industrial Products
Vulnerabilities: Integer Overflow or Wraparound, Uncontrolled Resource Consumption
2.
Siemens Industrial Products with OPC UA (Update E) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3.1 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SINEC-NMS, SINEMA, SINEMURIK Industrial Control Products with OPC UA
Vulnerability: Uncaught Exception
2.
Siemens SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM (Update F) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC, SIMOCODE, SINAMICS, SITOP, and TIM
Vulnerability: Out-of-bounds Read
2.
Meet the Guy Selling Wireless Tech to Steal Luxury Cars in Seconds (Vice) Motherboard obtained a video of a so-called relay attack from EvanConnect, who sells keyless repeaters that can be used to break into and steal luxury cars.
Valentine's & Chocolate Don't Always Equal Love (Check Point Software) With Valentine’s Day approaching, lovers around the world are working on finding the best way to celebrate with their loved ones. Meanwhile – cyber
Deepfakes and deep media: A new security battleground (VentureBeat) As deepfakes become more sophisticated, it'll take equally sophisticated detectors to spot and remove them. Here's the work on the cutting edge.
Disruptionware: The Newest Form of Cyberattack is Targeting the Health Care Industry (JD Supra) Beware, health care providers — there’s a new form of cyberattack coming to an organization near you! Disruptionware is an “emerging category of...
Analog device vulnerability is a major threat to infrastructure, but the culture gap persists which could be an existential problem (Control Global) Cybernetics was originally defined as a transdisciplinary approach for exploring regulatory systems—their structures, constraints, and possibilities. Norbert Wiener defined cybernetics in 1948 as "the scientific study of control and communication in the animal and the machine." In other words, it is the scientific study of how humans, animals and machines control and communicate with each other. It’s worth remembering that Wiener’s illustrative example was an engine governor, an analog device if there ever was one.
Rockdale County government faces second cyber attack (On Common Ground News) Rockdale County officials announced at a news conference today that the county is aggressively responding to a ransomware attack on the government’s computer network. County officials said they have contacted the Georgia Technology...
Russian group behind Oshkosh cyber attack (WHBY) The FBI believes Russian hackers are to blame for a cyber attack that brought down City of Oshkosh computers. ...
Security Patches, Mitigations, and Software Updates
Microsoft Patch Tuesday, February 2020 Edition (KrebsOnSecurity) Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat.
Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches (Threatpost) There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update.
Microsoft tries again to plug exploited IE zero-day (iTnews) Third time lucky?
Adobe Releases the February 2020 Security Updates (BleepingComputer) Adobe has released its monthly security updates that fix vulnerabilities in numerous Adobe products. As many of these vulnerabilities are classified as Critical, all users are advised to install the applicable updates as soon as possible.
Firefox 73 Released With Security Fixes, New DoH Provider, More (BleepingComputer) Mozilla has released Firefox 73 today, February 11th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with bug fixes, new features, and security fixes.
Intel Patches High-Severity Flaw in Security Engine (Threatpost) The high-severity vulnerability could enable denial of service, privilege escalation and information disclosure.
Cyber Trends
Cybersecurity Trends 2020 (TÜV Rheinland) New thinking on cybersecurity and privacy in a world where digital transformation beckons.
Malwarebytes Finds Mac Threats Outpace Windows for the First Time in Latest State of Malware Report (Malwarebytes Press Center) Malwarebytes today announced the findings of its annual “State of Malware” report.
IBM X-Force: Stolen Credentials and Vulnerabilities Weaponized Against Businesses in 2019 (IBM News Room) Consumer Tech Brands Caught in Crossfire of Phishing Attacks; Misconfigurations Accounted for Over 85% of Exposed Records; Banking Trojans and Ransomware Form Strong Bond.
Understand the threat landscape with fresh intelligence (IBM) The annual X-Force Threat Intelligence Index sheds light on the biggest cyber risks that organizations face today, with data and insights collected over the past year.
New Research from Arkose Labs Shows Human-Driven Fraud Attacks are on the Rise (Arkose Labs) Data Reveals a Surge in Sweatshop-Powered Fraud Alongside Attack Spikes on Online Gaming and Social Media Platforms
MediaPRO Research Reveals Almost Two-Thirds of U.S. Employees Unaware if the CCPA Applies to Their Organization (BusinessWire) MediaPRO’s just-released 2020 State of Privacy and Security Awareness Report highlights employee knowledge gaps across both the cybersecurity and priv
Utility Cybersecurity (Bricata) As the industrial industry becomes more digitized, it also becomes more vulnerable to utility cybersecurity threats. Read more and see how Bricata can help.
Cryptocurrency crime losses more than double to $4.5 billion in 2019, report finds (Reuters) Losses from cryptocurrency crime surged to $4.52 billion last year, as insider t...
FBI: Cybercrime Victims Lost $3.5 Billion in 2019 (BleepingComputer) FBI's Internet Crime Complaint Center (IC3) published the 2019 Internet Crime Report which reveals that cybercrime was behind individual and business losses of $3.5 billion as shown by the 467,361 complaints received during the last year.
Marketplace
Trend Micro Spin-Out Cysiv Gets $26M to Scale Its Cloud-based Cybersecurity Platform (Dallas Innovates) The Series A funding will help the Security Operations Center-as-a-Service provider address the challenges enterprises currently face in protecting their data.
Nightfall Announces Group of All-Star Investors and Extends Slack DLP Integration to Enterprise Grid (Nightfall AI) Nightfall announces an all-star group of new Series A investors, which includes legends from the worlds of business, technology, and sports.
Infrascale Announces Key Leadership Hires and Additional Funding to Support Accelerated Growth (PRWeb) Infrascale, a cloud-based data protection company providing industry leading backup and disaster recovery solutions, today announced the appointment of Russe
Top fraud detection startups in Europe you should know about in 2020 (Silicon Canals ) European technology news from the startup ecosystem. Founder and publisher: Remco Janssen. Follow us on Twitter: @siliconcanals.
Nok Nok, Inventor of FIDO Standards, Welcomes Apple to the FIDO Alliance; Reports Record Growth (PR Newswire) Nok Nok Labs, the leader in passwordless authentication, today announced a record year following broad industry acceptance of FIDO standards –...
Apple joins Microsoft, Samsung, Intel in FIDO security alliance (AppleInsider) Apple is now a member of the FIDO alliance, a body that aims to increase user security while reducing reliance on passwords. It's one of the last major technology firms to join.
Former NSA Deputy Director Bill Crowell Joins Advisory Board of AI-Pow (PRWeb) The artificial intelligence powered cybersecurity startup Cyber Reconnaissance, Inc. (d.b.a. CYR3CON®) has announced today that entrepreneur and former NSA ...
Jacobs Strengthens Cyber Team with Strategic Hire of SVP (Yahoo) Jacobs (NYSE:J) has hired Caesar Nieves as the senior vice president of its cyber business within the company's Critical Mission Solutions (CMS) line of business. In this role, Nieves will provide senior leadership, strategic vision and focus for Jacobs' cyber business as the company expands
Sauce Labs Appoints Justin Dolly as Chief Security Officer (Yahoo) Sauce Labs Inc., provider of the world’s most comprehensive and trusted continuous testing cloud, today announced the appointment of Justin Dolly as chief security officer. A security industry veteran with more than 20 years of experience, Dolly will develop, implement, and enforce the company’s long-term
Products, Services, and Solutions
Why Randori Is Automating the Red Team Experience (Randori) After two years of development, we’re thrilled to share with you big news: today, we’re unveiling the Randori Attack Platform, the industry’s first automated attack platform.
Randori Launches Automated ‘Attack Platform,’ Industry's First SaaS Solution to Bring Elite Red Team Experience to the Mass Market (Randori) Enables Organizations to Continuously Hack Themselves to Prove Their Most Valuable Assets Are Secure
Source Defense Unveils First Ever Report and Threat Research Lab Dedicated to Client-side Security (PR Newswire) Source Defense, the market leader in client-side web security, today released a new threat research report titled, "Client-Side Web Security...
Open Raven Launches Modern Data Security Platform to Bring Visibility and Control to Enterprise Data Protection (BusinessWire) Open Raven today emerged from stealth with the launch of its modern data security platform that brings visibility and control to enterprise data prote
Netskope Announces General Availability of Zero Trust Secure Access for Hybrid IT Environments (Netskope) Netskope Private Access expands the Netskope platform to provide the world’s definitive cloud-native security infrastructure for all enterprise applications and internet traffic SANTA CLARA, Calif. – Feb. 11, 2020 – Netskope, the leading security cloud, today announced the general availability of Netskope Private Access, a cloud-based Zero Trust Network Access (ZTNA) solution that provides fast and secure …
Kustomer Achieves SOC 2 Type II Certification (MarTechSeries) Independent report confirms company's ongoing commitment to create and maintain a secure operating environment for its client's confidential data Kustomer, the SaaS platform reimagining enterprise customer service, announced the successful completion of its Service Organization Control (SOC) 2 Type II examination with zero exceptions.
DLT Solutions Expands Its Technology Vendor Portfolio in Support of U.S. Public Sector Missions (Yahoo) DLT Solutions, LLC., a wholly owned subsidiary of Tech Data (Nasdaq: TECD) and a premier government technology solutions aggregator, has added new offerings from Glasswall, Illumio, NetBrain, Parasoft, Perfect Sense, TYCHON and ZorroSign to its rapidly expanding technology vendor portfolio.
Pulse Secure Offers Free Remote Access Software to Thousands of Employees Working from Home In Asia During The Coronavirus Health Crisis (Pulse Secure) Pulse Secure, the leading provider of software-defined Secure Access solutions, today announced it is offering free subscriptions of its market-leading secure remote access solution, Pulse Connect Secure (PCS), to companies for their use by employees based in Asia impacted by the Coronavirus health crisis.
Entrust Datacard Simplifies High-Assurance Authentication With Next Generation Passwordless Workforce Login and Fully Digital Customer Identity Proofing () Latest high assurance authentication offerings from Entrust Datacard eliminate employee passwords and accelerate secure customer onboarding.
Forescout Updates Platform to Empower Enterprises to Identify and Act on High-Risk Devices – Faster (Benzinga) New persona-based user interface for Forescout eyeSight provides actionable device context to pinpoint, prioritize and proactively mitigate risks across the extended enterprise...
Farsight Security to Debut Real-Time Security Data Innovations at RSA® Conference 2020 (Globe Newswire) Farsight Security to introduce the industry’s first Newly Active Domains data feed together with SIE Batch, an easier way to consume real-time data via its Security Information Exchange platform
iProov Expands Its Presence in U.S. Biometric Security Market (BusinessWire) iProov™, the leading provider of biometric authentication technology and Genuine Presence Assurance, today announced that it has expanded its footprin
Perception Point Launches Advanced Protection for Salesforce, Defending Against Growing Attack Surface (PR Newswire) Perception Point, a leading cybersecurity firm preventing file, URL, and social-engineering based attacks in any content-exchange channel,...
Technologies, Techniques, and Standards
The Cybersecurity 202: Nevada officials intend to use Google forms in upcoming caucuses (Washington Post) Election experts are warning about more tech and security red flags as Nevada Democrats race to develop a new game plan for their second-in-the-nation caucuses on Feb. 22.
Nevada Democrats lay out new plan for caucuses, trying to alleviate growing concerns about the process (Washington Post) Campaigns have complained about a lack of transparency and worry about a repeat of Iowa.
How the Iowa Caucuses Became an Epic Fiasco for Democrats (New York Times) The problems that beset the Democratic Party’s first state caucus of the presidential race ran far deeper and wider than one bad app.
City of Pensacola reviewing recommendations from cyberattack assessment (WEAR) The City of Pensacola is reviewing recommendations it's received from a cyberattack assessment. The city’s network was hit by a cyberattack on Dec. 7, 2019. The city says it had Deloitte & Touche LLP to assess the incident and provide observations and recommendations to mitigate the risk of future cyberattacks.
5 tips for you and your family on Safer Internet Day (Naked Security) Why not make Safer Internet Day the excuse you need to do all those cybersecurity tweaks you’ve been putting off?
5 tips for businesses on Safer Internet Day (Naked Security) Safer Internet Day – here’s how to make your business better at cybersecurity, no matter how safe you are already!
‘Safer Internet Day’ Brings the World the 'Rosetta Stone' for Encouraging Good Digital Hygeine - Grit Daily News (Grit Daily News) On Safer Internet Day 2020, The Cybersmile Foundation launched the 'Rosetta Stone' for digital hygiene, which includes twelve modules on different subjects.
Research and Development
Keeping classified information secret in a world of quantum computing - Bulletin of the Atomic Scientists (Bulletin of the Atomic Scientists) The “race” for quantum supremacy against China is significantly overstated. Analysts should redirect attention to protecting classified information against future attacks by quantum computers, a more pressing and manageable problem.
Academia
SOL4CE Cyber/Cyber-Physical Laboratory opens at Purdue University (Purdue University) Purdue University’s CERIAS (Center for Education and Research in Information Assurance and Security) has announced the addition of a new laboratory facility that dramatically increases Purdue’s cyber-physical research, emulation, and analysis capabilities.
Cybersecurity: 4 top Master's programmes in the US (Study International) Our top picks for the best cybersecurity degrees include high-value and interdisciplinary programmes at some of the US's top schools.
Former National Security Agency Director to Lead Cyber Florida at USF (Globe Newswire) The University of South Florida today announced the appointment of J. Michael (Mike) McConnell, retired U.S. Navy vice admiral and former director of the National Security Agency (NSA), as executive director of Cyber Florida.
Deloitte cyber risk expert appointed professor at DMU (De Montfort University Leicester) A top cyber security expert from the world...
Legislation, Policy, and Regulation
BRICS countries to build digital sovereignty (MediaNama) The push towards digital sovereignty is frequently criticized as a Trojan horse for authoritarian measures. It’s tremendously naïve to think it the only explanation. Brazil, Russia, India, China and South Africa are home to 3.2 billion people, 42% of the world’s population. In effect, these countries hold 42% of one of the most valuable resources …
EU backs away from call for blanket ban on facial recognition tech (Financial Times) New draft of AI paper drops suggestion of 5-year moratorium on surveillance technology
Germany set to follow UK on Huawei conundrum – report (Telecoms.com) Huawei looks to have survived another European scare as Germany closes in on a deal which would offer the company restricted freedoms, similar to the position of the UK.
Merkel's conservatives stop short of Huawei 5G ban in Germany (Reuters) Lawmakers from German Chancellor Angela Merkel's ruling conservatives have ...
US pressures allies against using Huawei with new evidence of security risk (Washington Examiner) U.S. officials seeking to convince allies not to use Huawei in their 5G networks are alerting a security flaw that allows the Chinese government-backed telecommunications giant to purloin sensitive information secretly.
State officials press Congress for more resources to fight cyberattacks (TheHill) Top federal and state officials pressed a Senate committee on Tuesday to provide more resources and authorities to fight cyberattacks, an issue of increasing concern in the wake of debilitating attacks on governments entities t
Election Security: DHS Plans Are Urgently Needed to Address Identified Challenges Before the 2020 Elections (GAO) The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has helped state and local election officials secure online voter registration systems, voting machines, and other election infrastructure since 2017. Elections officials we interviewed in 7 of 8 states said they were very satisfied with CISA’s support.Election primaries begin in February.
More powers for Ofcom to police social media firms (BBC News) Tech firms will need to ensure that illegal content is quickly removed from their platforms.
Ofcom to be handed role of policing UK social media platforms (Computing) Under new legislation, online platforms will be required to remove illegal and harmful content quickly
What to Expect for the PATRIOT Act Reauthorization (Project On Government Oversight) With several controversial provisions of the PATRIOT Act about to expire and recent revelations about misconduct at the FISA Court, now is an important time to learn about what changes Congress can make to our surveillance laws.
What’s in the DHS cyber agency’s budget request (Fifth Domain) While funding requests fluctuated on two federal cybersecurity programs, the Cybersecurity and Infrastructure Security Agency also previewed some new investments it wants to make.
Which cyber programs asked for more money ... and which didn’t? (Fifth Domain) One of the early winners in the Department of Defense’s cyber budget request for fiscal year 2021 is the Joint Cyber Command and Control (JCC2) program, which aims to provide commanders with enhanced situational awareness and assist in battle management as it relates to cyber.
Litigation, Investigation, and Law Enforcement
Switzerland investigating alleged CIA, German front company (Washington Post) Swiss authorities said Tuesday they have opened an investigation into allegations a Zug, Switzerland-based maker of encryption devices was a front operated by the CIA and West German intelligence that enabled them to break the codes of the countries that used their products.
Trump’s Antitrust Officials Get Win With T-Mobile Verdict (Wall Street Journal) The failed legal challenge by state attorneys general to the company’s takeover of Sprint Corp. reaffirmed the federal government’s authority in policing mergers.
Google takes on EU in court over record antitrust fines (Reuters) Google will on Wednesday seek to overturn the first of three hefty European Unio...
FTC Expands Antitrust Investigation Into Big Tech (Wall Street Journal) Federal regulators opened a new front in their investigation of big tech firms, seeking to determine whether the industry’s giants acquired smaller rivals in ways that harmed competition.
How Apple ‘Intercepts’ And Reads Emails When It Finds Child Abuse (Forbes) For the first time, Apple’s methods of reading emails containing potentially illegal material are revealed. The company is proving a lot more helpful to the U.S. government than previously thought.
Russian Citizen Pleads Guilty to Cyber Tax Fraud Scheme That Resulted in More Than $1.5 Million in Losses to Department of the Treasury (US Department of Justice) Earlier today, in federal court in Brooklyn, Anton Bogdanov, a citizen of Russia, pleaded guilty before United States Magistrate Judge Vera M. Scanlon to wire fraud conspiracy and computer intrusion in connection with a scheme in which he and others used stolen personal information to file federal tax returns and fraudulently obtain more than $1.5 million in tax refunds from the Department of the Treasury.
Court docs: Suspect in ‘Brian Kil’ cyber threats case agrees to plead guilty to 41 counts (FOX59) The man behind the “Brian Kil” threats that terrorized Plainfield residents several years ago filed a petition Thursday to plead guilty. Buster Hernandez, 28, is accused of threatening underage girls and forcing them to send sexually explicit material. He targeted hundreds of minors in the United States and one foreign county, including six teen girls from Indiana.
Labour Party could be fined up to £15m by the ICO after leadership contender is reported over alleged data breach (Computing) Computing is the leading information resource for UK technology decision makers, providing the latest market news and hard-hitting opinion.
‘We are not a banana republic’: National security adviser defends Vindman dismissals (POLITICO) Robert O’Brien said the brothers’ removal from the NSC was because they were trying to undermine Trump.
DOJ Nears Decision on Whether to Charge Blackwater Founder Erik Prince (Wall Street Journal) The Justice Department is close to deciding whether to charge Erik Prince in connection with his 2017 testimony about a meeting in the Seychelles with a Russian sovereign-wealth adviser and potential violations of U.S. arms-trafficking regulations, people familiar with the matter said.
Prosecutors quit amid escalating Justice Dept. fight over Roger Stone’s prison term (Washington Post) All four career prosecutors handling the case against Roger Stone withdrew from the legal proceedings Tuesday — and one quit his job entirely — after the Justice Department signaled it planned to undercut their sentencing recommendation for President Trump’s longtime friend and confidant.