The CyberWire Daily Briefing, 2.18.20

Cyber Attacks, Threats, and Vulnerabilities

How the Iowa caucuses came ‘crashing down,’ under the watchful eye of the DNC (Washington Post) Six hours before Iowa's first-in-the-nation presidential caucuses were set to begin, an engineer for the Democratic National Committee offered a frank appraisal of the software that would be used to verify the results collected by hundreds of volunteer precinct leaders across the state.

Japan reveals Russia's 'dark power' in SoftBank spy incident (Nikkei Asian Review) Surprise move aimed at checking Kremlin's espionage ahead of 2020 Tokyo Olympics

Hackers Join Forces Against U.S. And Israeli Targets: This Is What An Iranian Cyber Attack Looks Like In 2020 (Forbes) Iran state-sponsored "advanced" hacker groups have likely combined to target aviation, energy, government and telecommunication targets, research reveals.

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world (ZDNet) Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.

Report: Iran carried out cyber attack against 'hundreds of Israeli computers' (i24NEWS) It's unlikely, however, Tehran was able to acquire any information concerning advanced nuclear technology.

Fox Kitten – Widespread Iranian Espionage-Offensive Campaign (ClearSky) During the last quarter of 2019, ClearSky research team has uncovered a widespread Iranian offensive campaign which we call “Fox Kitten Campaign”; this campaign is being conducted in the last three years against dozens of companies and organizations in Israel and around the world.

Honey Trap Malware—Here Are The Hamas Dating Apps That Hacked Israeli Soldiers (Forbes) Israel has confirmed that a Hamas honey trap cyber operation targeted hundreds of its soldiers. Here's why this malware was so dangerous.

Israeli army: Hamas hackers tried to ‘seduce’ soldiers (Washington Post) The Israeli military says it it has thwarted an attempt by the Hamas militant group to hack soldiers’ phones by posing as young, attractive women on social media

Why did the Israeli military tweet this thirst trap? (The Daily Dot) On Sunday morning, the Israeli Defense Force (IDF) tweeted a caption-less mirror selfie of a young woman with originally zero context.

Hamas Android Malware On IDF Soldiers-This is How it Happened (Check Point Research) Introduction: Earlier today, IDF’s spokesperson revealed that IDF (Israel Defense Force) and ISA (Israel Security Agency AKA “Shin Bet”) conducted a joint operation to take down a Hamas operation targeting IDF soldiers, dubbed ‘Rebound’. In this article, we will describe the capabilities and provide technical analysis of the malware used, along with the attack’s affiliation... Click to Read More

Huawei cyber security chief says no operator gives it access to intercept equipment (Reuters) Huawei's cyber security chief said on Friday that he was not aware of any m...

World Health Organization Warns of Coronavirus Phishing Attacks (BleepingComputer) The World Health Organization (WHO) warns of ongoing Coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware.

Severe vuln in WordPress plugin Profile Builder would happily hand anyone the keys to your kingdom (Register) Remote attackers were able create their own admin accounts

Unsafe WordPress Plugin Installed on Nearly 200,000 Sites (BleepingComputer) The developers of the ThemeGrill Demo Importer for WordPress have updated the plugin to remove a critical bug that gives admin privileges to unauthenticated users.

Targeted Phishing Attack Aims For Well-Known Corporate Brands (BleepingComputer) A targeted phishing attack using SLK attachments is underway against thirteen companies, with some of them being well-known brands, to gain access to their corporate networks.

LokiBot Impersonates Popular Game Launcher and Drops Compiled C# Code File (TrendLabs Security Intelligence Blog) We discovered LokiBot impersonating a popular game launcher to trick users into executing it on their machines and dropping a compiled C# code file.

Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers (Eclypsium) New research from Eclypsium shows unsigned firmware in WiFi adapters, USB hubs, trackpads, laptop cameras and network interface cards provides pathways for malicious attackers to compromise laptops and servers.

Cybersecurity warning: Almost half of connected medical devices are vulnerable to hackers exploiting BlueKeep (ZDNet) A new report suggests that vulnerabilities in medical devices could put hospital patients at risk from hackers - but there are some simple ways to protect against these attacks.

There's finally a way to remove xHelper, the unremovable Android malware (ZDNet) Malwarebytes researchers find a way to remove the malware, but they still don't know how it really operates.

Pay Up, Or We’ll Make Google Ban Your Ads (KrebsOnSecurity) A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.

Strike Two: Google Eliminates ToTok From Google Play Again For Mass Spying People (Tech Times) The app was reinstated in Play Store last January but has been pulled out again.

Alleged spying app ToTok removed from Google Play Store (9to5Google) Last year, the New York Times reported how a chat app gaining traction worldwide was actually being used as a spying tool. Google Play removes ToTok...

2016 Election Attack Revealed a Month Before 2020 Primary (Governing) Florida’s supervisor of elections has divulged a previously unreported ransomware virus in the elections department just weeks before the 2016 election. As the state preps for March primaries, concerns of security are amplified.

Blake Dowling: United we stand; divided we fall, cyber-speaking (Florida Politics - Campaigns & Elections. Lobbying & Government.) Do you think they checked party affiliation while hacking millions of our most personal records?

US election warning: Cyber attack expert cautions 2020 poll to be ‘dirtiest EVER’ (Express) THE US Presidential election will be won and lost online more than any other poll in history. But a digital propaganda expert believes digital misinformation and disinformation coupled with geopolitics will make this poll ‘the dirtiest ever'.

MIT Researchers Raise Security, Privacy Concerns With Voatz App (MeriTalk) While the 2020 election cycle has been officially underway for less than a month, there have already been significant technology concerns. While the most notable tech concern was the Feb. 3 Iowa Caucus, researchers at the Massachusetts Institute of Technology (MIT) raised additional concerns in a report published Feb. 13.

Voatz Internet Voting App Is Insecure (Schneier on Security) ...The company's response is a perfect illustration of why non-computer non-security companies have no idea what they're doing, and should not be trusted with any form of security.

Nearly a quarter of malware now communicates using TLS (Sophos) Encryption is one of the strongest weapons malware authors can leverage: They can use it to obfuscate their code, to prevent users (in the case of ransomware) from being able to access their files, and for securing their malicious network communication.

It is with a heavy heart we must inform you, once again, folks are accidentally spilling thousands of sensitive pics, records onto the internet (Register) Plus: Iranians accused of hacking IT service providers to get at their customers

Chinese army’s elite hackers steal Equifax data on 13m Britons (Times) The personal information of more than 13 million Britons was stolen by a team of Chinese military hackers in an elaborate “criminal heist” spanning the globe.Four members of the People’s Liberation

PhotoSquared app leaks photos & home addresses of 100,000s of users (HackRead) Another day, another data breach putting user data at risk – This time, PhotoSquared, a popular photo app for Android and iOS has suffered a massive leak after exposing highly personal data of hundreds and thousands of users.

Personal information belonging to 144,000 Canadians breached by federal departments and agencies (CBC) Federal departments or agencies have mishandled personal information belonging to 144,000 Canadians over the past two years, according to new figures tabled in the House of Commons — and not everyone who was swept up in a privacy breach was told about it.

Many municipalities hit by cyber stick-ups (CommonWealth Magazine) DOZENS OF MASSACHUSETTS MUNICIPALITIES have been targeted by ransomware attacks — cyberattacks on computer systems that are designed to extort money. A shocking investigation from NBC 10 Boston found that many municipalities have been attacked and at least 10 municipalities have ponied up the cash, all of it taxpayer money. Many of the payments have(...)

Hackers are selling card details of EE customers on the dark web (The Sun) HACKERS are selling card details of EE customers on the dark web. Our investigator was offered data — including name and address, card number, expiry and security digits — for just £29. The seller …

Port Lavaca City Hall suffers cyber attack (The Victoria Advocate) Port Lavaca City Hall’s server fell at the hands of the Russian ryuk virus last week.

Incident Of The Week: Quaker Steak & Lube Alerts Customers To Payment Card Incident (Cyber Security Hub) Several independently owned restaurants in the Quaker Steak & Lube chain announced their retail point-of-sale terminals were remotely accessed and infected with malware that captured customer payment card data. Cyber Security Hub explains the scope and cause of this data breach.

Chances Are Your Kansas County's Website Is Easy Pickings For Hackers (KCUR) When it comes to cybersecurity, most Kansas counties are behind. Overall, only eight county websites end in .gov, a domain extension that

Pass or Fail? Aruba’s WIPS Gets Tested by Independent Lab (Secplicity - Security Simplified) As the second largest access point (AP) supplier by market share, Aruba Networks, a HPE company, has worked hard to provide worldwide businesses with enterprise-grade Wi-Fi connectivity. You’ll see the company’s APs in many schools, retail locations and airports, among other places. Want a fun scavenger hunt idea? Look up at the ceiling next time …

Op-ed: So, can hackers take over a satellite? (Navy Times) The author makes a pitch for better safeguards in an era of cheaper satellites and delivery systems.

Vulnerability Summary for the Week of February 10, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Security Patches, Mitigations, and Software Updates

Microsoft pulls security update after reports of issues affecting some PCs (ZDNet) A standalone security update released as part of the February Patch Tuesday cycle has created headaches for some owners of PCs running Windows 10. After investigating reports of those issues, Microsoft has yanked KB4524244 from its update servers.

Warnings Issued For Millions Of Microsoft Windows 10 Users (Forbes) Every version of Windows 10 is impacted by a new Microsoft upgrade warning...

Cyber Trends

New report finds internet users overwhelmed by identity theft worries (F-Secure) A new report from cyber security provider F-Secure finds a steady barrage of major data breaches have left a vast majority of consumers worried about the online crimes that lead to identity theft and account takeovers.

A Cybersecurity 2020 Priority: Protecting New Technologies Against Old Attacks (Peerlyst) If you ask me to predict what the evolving security threat landscape will look like this year, and what the industry must do to keep pace, you probably won’t like the answer. My expectations for 2020: the same as 2019, but worse.

What's Wrong With Tech Folks Who Attack The Tech Media. And What's Wrong With Tech Media Today. (Hunter Walk) Lots of mutual bad faith. Reporters I respect indulging themselves in screenshotting and quote dunking tech folks, performative for their tribe. Executives, investors and other prominent SV persona…

Marketplace

Enveil Raises $10 Million in Series A Funding (Globe Newswire) Data security company delivers groundbreaking privacy-preserving capabilities to enable critical business functions

Former NSA director's Fulton cyber firm raising another big funding round (Baltimore Business Journal) Former NSA Director Keith Alexander turned down $100 million to launch IronNet. Over five years later, it is one of the most well-funded cyber companies in the state.

Dell Nears Deal to Sell RSA Security Business to Private-Equity Firm STG (Wall Street Journal) Dell Technologies is nearing a deal to sell its RSA cybersecurity business to a private-equity firm for more than $2 billion, according to people familiar with the matter.

Report: Dell in talks to sell RSA cybersecurity firm to STG Partners for $2B+ (SiliconANGLE) Dell Technologies Inc. is close to selling its venerable RSA Security LLC business to private-equity firm STG Partners LLC for more than $2 billion, according to a report Monday night in the Wall Street Journal.

Cyber Intelligence Firm NSO Group Acquires Convexum (CISO MAG | Cyber Security Magazine) Israel cyber intelligence and surveillance company NSO Group recently acquired drone technology startup Convexum in a cash deal of US$60 million.

Huawei plans ‘Made in Europe’ 5G products (Free Press Journal) Abraham Liu, Huawei's chief representative to the EU Institutions, said in an interview that the decision came from Huawei's global industrial setup and long-term commitment to Europe, which has a strong industrial base.

Mark Zuckerberg’s Europe trip won’t be a vacation (Quartz) On Monday, Zuck will meet with top EU digital authorities two days before they present their plan to rein in US and Chinese tech giants.

Google Cuts Jobs at Cloud-Computing Group (Wall Street Journal) The company said it is cutting jobs at its cloud-computing unit as part of a reorganization aimed at improving operations at the business that has become more central to parent Alphabet.

VMware lays off executives in edge computing and Internet of things (Silicon Valley Business Journal) The software giant is laying off its chief technology officer for edge computing and the Internet of things, plus two vice presidents and two directors who focus on edge and IoT.

Why Cisco Shouldn't Buy FireEye (The Motley Fool) FireEye's stock price spiked on rumors of a buyout offer from Cisco.

IBM Pulls Out Of RSA Conference Due To Coronavirus Outbreak (CRN) IBM Friday became the first high-profile vendor to publicly cancel its participation in the RSA Conference in response to the coronavirus outbreak.

Trustonic Joins Car Connectivity Consortium to Protect Connected Car Apps (Trustonic) Trustonic will contribute to the further development of the Digital Key specification, offering its significant experience of working with automakers and Tier 1 vendors.

How This Cybersecurity Marketplace is Making the World Safer - Grit Daily News (Grit Daily News) Konstantine Zucerkman and his team at CYBRI are making the world safer one network at a time with their cybersecurity marketplace.

Arctic Wolf Names Dan Larson as Senior Vice-President of Marketing (BusinessWire) Arctic Wolf®, a leading security operations center (SOC)-as-a-service company, today announced the addition of Dan Larson as Senior Vice-President of

Products, Services, and Solutions

Microsoft to deploy ElectionGuard voting software for the first time tomorrow (ZDNet) Residents in Fulton, Wisconsin will elect representatives for the Wisconsin Supreme Court via voting machines running Microsoft's ElectionGuard voting software.

This could be Microsoft's most important product in 2020. If it works (CNET) ElectionGuard isn't designed to make voting machines safe from hackers. It's meant to make hacking them pointless.

Google redraws the borders on maps depending on who’s looking (Washington Post) The Silicon Valley firm alters maps under political pressure and the inscrutable whims of tech executives

NetSPI Introduces Penetration Testing as a Service (PTaaS) Powered by Resolve (NetSPI) PTaaS will be demoed at RSAC 2020, showcasing how the delivery model enables organizations to keep pace with today’s cybersecurity landscape.

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers (The Last Watchdog) When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses. Related:Promise vs. pitfalls of IoT For small- and mid-sized businesses, firewalls, antivirus suites and access management systems represent the entry stakes for participating in today’s digital economy. Security-mature SMBs go the […]

Sophos Launches “Xstream” Version of XG Firewall (Globe Newswire) SophosLabs Research Indicates 44% of Prevalent Information Stealers use Encryption to Hide Stolen Data

Netsurion Integrates MITRE ATT&CK Framework with Co-Managed SIEM (Globe Newswire) Netsurion, a leading managed security service provider, today announced the integration of the MITRE ATT&CK® framework with the upcoming 9.3 release of its co-managed SIEM, EventTracker, which delivers SOC-as-a-Service (SOCaaS) by including the company’s 24/7 security operations center (SOC).

Hyatt Celebrates its First Anniversary on HackerOne (HackerOne) After becoming the first hospitality brand to launch a public bug bounty program, Hyatt recently celebrated its first anniversary of the collaboration with HackerOne! Hyatt’s purpose – to care for people so they can be their best – extends beyond guests staying in its hotels; it covers colleagues, customers and hotel owners who utilize Hyatt’s web and mobile applications. As a purpose-driven hospitality brand with 875+ properties in more than 60 countries, its more than 120,000 colleagues engage with tens of thousands of guests around the globe every day.

Fortinet launches its next-gen firewall, NP7 security processing unit (ZDNet) The FortiGate 1800F has custom silicon to handle security issues and maintain application performance.

Technologies, Techniques, and Standards

Contactless Operating Mode Requirements Clarification (U.S. Payments Forum) As contactless payments continue to take hold in the U.S., many merchants and issuers are looking to provide these capabilities to their customers. Contactless emerged in the U.S. before the migration to EMV chip technology...

IRS urges tax professionals, taxpayers to protect tax software accounts with multi-factor authentication (Internal Revenue Service) The IRS and its Security Summit partners today called on tax professionals and taxpayers to use the free, multi-factor authentication feature being offered on tax preparation software products.

Cyber insurance - getting in the way of incident response? (SC Magazine) Following a breach insurers may provide a breach coach & bring in a pre-approved incident response vendor for clean-up efforts & forensic investigations, delaying reaction time, sidelining your IR plans.

Design and Innovation

Facebook won’t catalog sponsored Mike Bloomberg memes as political ads (The Verge) Bloomberg’s bad memes might just be the beginning.

How Understanding Hackers Changed This Entrepreneur’s Life (Medium) An early developer of the cryptocurrency Zcash on how Steven Levy’s ‘Crypto’ inspired her interest in privacy

The 'Robo Revenge' App Makes It Easy to Sue Robocallers (Wired) Mac malware, a Bitcoin mixer, and more of the week's top security news.

Academia

IOHK donates $500,000 in cryptocurrency to the University of Wyoming to drive innovative blockchain application (Crypto Economy) IOHK, has today announced a donation of $500,000 to the University of Wyoming’s (UW) Blockchain Research and Development Lab, in Laramie.

Mercyhurst training students on new front lines (GoErie.com) Mercyhurst President Michael Victor: “We enrolled 63 students, the largest cohort ever for an inaugural major at Mercyhurst,” he said.

Northern Kentucky University Cyber Defense team headed to Midwest Regionals for third straight year (Northern Kentucky Tribune) Northern Kentucky University’s Cyber Defense team is once again victorious at the Collegiate Cyber Defense Competition.For the third straight year, NKU students won the Kentucky title and while

The Citadel launches bachelors degree to train America’s future ‘cyber warriors' (Post and Courier) In the fall, The Citadel will launch its first Bachelor of Science in Cyber Operations. The South Carolina military college has spent the past decade advancing cybersecurity education via new

Legislation, Policy and Regulation

China accuses US of hypocrisy over Huawei, highlighting claims it spied on German leader Merkel (CNBC) China's foreign ministry spokesperson brought up old allegations that the U.S. spied on Germany leader Angela Merkel to accuse Washington of hypocrisy over its claims that Huawei is untrustworthy.

U.S. largest state actor of spying in cyberspace: FM spokesperson (ECNS) Facts have proven once again that the United States is the largest state actor of spying in cyberspace, Chinese Foreign Ministry spokesperson Geng Shuang said Monday, urging the United States to clarify to the international community on relevant affairs.

Estonian foreign intelligence warns of growing cyber threats from Russia (Computing) The intelligence agency says Russian threat actors want to exploit security vulnerabilities and promote pro-Russian interests in foreign countries

Russia Blocks Tutanota Email, Service Still Usable Over Tor or VPN (BleepingComputer) Access to the Tutanota secure email service is currently being blocked in Russia, with the block being enacted over the weekend, starting February 14.

The Wily Country (Foreign Affairs) Joshua Yaffa’s “Between Two Fires” traces the lives of ambitious Russians who lived through the transition to the post-Soviet era.

The Real Fight for the Future of 5G (Foreign Affairs) Who will patrol the borders of a new network?

The Future Of 5G May Be Bright, But Is It Secure? (Information Security Buzz) 5G is here to replace not just legacy cellular standards, but a multitude of other wireless and wired communication standards and therefore its scope will cover personal use, business operations, transportation and smart city infrastructure. This, together with its support for dense IoT networks – which could potentially have over 1 million devices per square …

The U.S. is still imposing 20th century-style sanctions on North Korea. That won’t work anymore. (Washington Post) NORTH KOREA’S use of the global Internet has leapt 300 percent in the past three years, and not only because the elite are doing more online shopping. The regime, according to a new report solidifying earlier findings, has seized on Web-based weaponry to commit cybercrimes and circumvent international sanctions.

Germany moves to protect its military-cyber industry (Fifth Domain) A new German strategy document declares defense-related cyber technologies as key national assets, affording the domestic sector some protection from international competition.

Cabinet Orders Senior Government and Military Officials to Replace Cell Phones (Pro Pakistani) The Cabinet Division has reportedly directed the senior government and military officials to immediately replace their cell phones purchased before

Pakistan's National Security At Stake By Pegasus Malware (PhoneWorld) The Cabinet Division has directed the senior government and military officials to immediately replace their cell phones purchased before May 10, 2019, due to fear of data hacking by foreign spy companies.

Intelligence Spats: Australia, Britain and Huawei (International Policy Digest) Amid the diplomatic row over Britain's decision to work with Huawei, Australia senses an opening to get in good with the Americans.

Huawei Is Winning the Argument in Europe, as the U.S. Fumbles to Develop Alternatives (New York Times) Germany seems poised to follow Britain in letting the Chinese maker build next-generation networks, despite last appeals from the United States.

U.S. Weighs New Move to Limit China’s Access to Chip Technology (Wall Street Journal) The Trump administration is considering trade restrictions on China that would limit the use of American chip-making equipment, as it seeks to cut off access to key semiconductor technology, according to people familiar with the plan.

Trump officials and Pelosi unite to warn UK over Huawei 5G decision (The Independent) No UK government ministers were present in Munich after late cancellations

World must 'wake up to the challenges presented by China,' says Defense Secretary (CNN) Defense Secretary Mark Esper called on the international community to "wake up to the challenges presented by China," telling an audience of world leaders and top policymakers on Saturday that America's concerns about China should also be Europe's concerns.

‘Nancy Pelosi and Donald Trump see Huawei the same.’ 5G in Europe aligns America’s top political rivals (C4ISRNET) U.S. House Speaker Nancy Pelosi backed President Donald Trump’s warning to European allies that letting Chinese telecom giant Huawei build their next-generation communication network poses a grave threat.

Pelosi warns US allies: 'Don't go near Huawei' (CNBC) House Speaker Nancy Pelosi on Friday warned of Chinese telecom giant Huawei's "insidious aggression" and called on other nations to work with the U.S. as the globe races to develop 5G networks.

The Cybersecurity 202: The Huawei fight is getting a Trumpy spin (Washington Post) The Trump administration’s pressure campaign on allies to break ties with Huawei is taking a very Trumpian turn with bombastic and neck-wrenching tweets replacing private diplomatic warnings.

Pentagon Shifts Stance on Sales to Huawei (Wall Street Journal) The Defense Department has dropped its opposition to a proposed rule that would make it harder for U.S. chip makers and other companies to send shipments to China’s Huawei Technologies.

Esper to allies: Picking Huawei risks intel and security ties with the US (Defense News) The top Pentagon official has called out Beijing as America’s main adversary.

U.S. defense chief warns of Huawei's 'threat' to NATO (Japan Times) Top U.S. officials fired a fresh broadside at Huawei on Saturday, warning the Chinese tech giant poses a threat to NATO if allies allow it to build new 5G

Handling the Huawei threat safely means ditching ‘free market’ foolishness (New York Post) The feds for the first time have accused a large corporation of violating racketeering laws usually used to go after the Mafia. Chinese telecom giant Huawei, they charge, is not a normal business t…

US Energy secretary talks arms control, nuclear budget boost and Iranian cyber attacks (Defense News) Dan Brouillette answered questions on the sidelines of the Munich Security Conference.

Energy Department shakes up cyber leadership with appointment of ex-NSA official (CyberScoop) Department of Energy officials have tapped a veteran of the NSA to lead an office that helps protect U.S. industry from hacking threats.

The risk of a politicized national intelligence director (TheHill) Some directors have conducted themselves in a professional, bipartisan manner — but will we always be so fortunate?

Former No. 2 U.S. intel official says of departure, "I didn't want to be anyone's agenda" (CBS News) Sue Gordon, who was deputy director of national intelligence to Dan Coats, was supposed to become acting DNI after his departure last August. Instead, she resigned when it became clear President Trump would oppose her candidacy.

Homeland Security wants a new cyber coordination group (Fifth Domain) The Department of Homeland Security wants to create a group to 'synchronize' internal cybersecurity efforts.

New INSA White Paper Calls for Greater Information Sharing Between Government and Industry (Homeland Security Today) Paper offers recommendations that government can take to help mitigate the threat of the malicious insider while still respecting individuals’ privacy.

Microsoft president says big tech has 'fundamental responsibility' to protect US voting process (CNBC) "We have a fundamental responsibility as companies and as a technology sector to help protect our candidates from attacks and hacking," Brad Smith explained at the annual Munich Security Conference.

Treat us like something between a telco and a newspaper, says Facebook's Zuckerberg (Reuters) Online content should be regulated with a system somewhere between the existing ...

Colombia Tells Facebook to Boost Security for Users' Data (New York Times) Colombia on Monday issued an ultimatum to Facebook, telling the Silicon Valley-based tech giant it must strengthen its security measures to better protect users' personal data in the Andean country.

Too Big to Prevail (Foreign Affairs) Breaking up and regulating Big Tech—companies such as Amazon, Apple, Facebook, and Google—will bolster national security.

To Bolster Cybersecurity, the US Should Look to Estonia (Wired) The tiny European nation has come a long way after crippling cyberattacks in 2007. Now it offers key lessons in attracting tech talent and educating citizens.

Round 2: California AG Revises Proposed CCPA Regulations (Cooley) On February 7 and 10, 2020, the California Attorney General released modifications to the proposed regulations implementing the California Consumer Privacy Act. The modifications substantially revi…

From disinformation to hackers, new 'cybernavigator' racing to protect Minnesota's 2020 elections (Star Tribune) Cybernavigator warns of multiple threats, including attempts at "hacking the mind."

Litigation, Investigation, and Enforcement

Why President Trump asked Ukraine to look into a DNC "server" and CrowdStrike (CBS News) The consensus view of the CIA, NSA, FBI and a Senate investigation is that Russians interfered in the 2016 election. But those findings don't line up with the ever-evolving story President Trump has been telling about Ukraine.

DOJ won't pursue criminal charges against McCabe (Fox News) The Justice Department said Friday it will not pursue criminal charges against former FBI deputy director Andrew McCabe, after a nearly two-year-long investigation into accusations brought by the agency's independent watchdog who found that he lacked "candor" when questioned about leaking to the media.

Justice Dept. Is Investigating C.I.A. Resistance to Sharing Russia Secrets (New York Times) The prosecutor was assigned by the attorney general to scrutinize the agents and analysts who sought to understand Russia’s covert operation to help Donald J. Trump win the 2016 election.

Class action lawsuit filed against two Puerto Rican hospitals for alleged ransomware attacks (CyberScoop) A class action lawsuit was filed earlier this week in the U.S. District Court for the District of Puerto Rico against two Hospital Pavía facilities.

DfE in 'serious data breach' after naming whistleblowers (Schools Week) The disclosure casts doubt on the government's commitment to protecting teachers who raise concerns in the public interest

Mark Zuckerberg: Israeli NSO can try to defend legality of actions (Jerusalem Post) Facebook CEO Mark Zuckerberg released comments Saturday afternoon on the current lawsuit launched that accuses Israeli spyware vendor NSO itself of exploiting a flaw in WhatsApp messaging service.

WSJ News Exclusive | Fraud Case in Charleston, S.C., Shines Light on Web’s Dark Corners (Wall Street Journal) Web-services provider Micfo and founder Amir Golestan face 20 counts of wire fraud in U.S. District Court in South Carolina, a case showing how internet hackers and spammers are able to cloak their identities.

Feds reviewing previously unreported cyber attack on Florida elections office (Raw Story) Less than five weeks before Florida’s March presidential primary, the Department of Homeland Security is investigating a previously unreported cyber attack on Palm Beach County’s elections office, according to Supervisor of Elections Wendy Sartory Link.Link, who was appointed last year by the governor to oversee the county’s beleaguered elections department, said she contacted […]

Google forced to reveal anonymous reviewer’s details (Naked Security) A court has forced Google to reveal the details of an anonymous poster who published an unpalatable review of a dentist.

NSA whistleblower petitions Trump for clemency (TheHill) Reality Winner, the National Security Agency (NSA) whistleblower jailed for leaking classified information on Russia’s interference in the 2016 election petitioned President Trump for clemency Monday.

Fifth domain of warfare: How to fight cybercrime (Sunday Guardian Live) Cyberspace is unique in the sense that you can’t see it but only feel the damage once done. Humans have low understanding of what’s not visible. Jamtara: Sabka Number Ayega is the name of a new Netflix series being streamed. Jamtara is a remote rural area in Jharkhand, India. A bunch of young adults, uneducated but

California Police Have Been Illegally Sharing License Plate Reader Data (Vice) A major audit found that California cops shared data on the movements of millions of drivers without having policies in place, disregarding state law.

Watchdog probes council cyber-attack (BBC News) The ICO is "assessing" Redcar and Cleveland Council after ransomware was apparently used on its systems.

Life of a C.I.A. Coder: Nerf Guns, Pranks and Fat Jokes (New York Times) Trial witnesses describe a raucous workplace culture among officers at the intelligence agency.

UK police deny responsibility for poster urging parents to report kids for using Kali Linux (ZDNet) Updated: Using Discord, too, is apparently a warning sign that your child is turning into a naughty hacker.

Bring your own context.

Coming soon: CyberWire Pro.