— The cybersecurity community during the COVID-19 emergency
Our weird behavior during the pandemic is messing with AI models (MIT Technology Review) In the week of April 12-18, the top 10 search terms on Amazon.com were: toilet paper, face mask, hand sanitizer, paper towels, Lysol spray, Clorox wipes, mask, Lysol, masks for germ protection, and N95 mask. People weren’t just searching, they were buying too—and in bulk. The majority of people looking for masks ended up buying…
WSJ News Exclusive | Chinese, Iranian Hacking May Be Hampering Search for Coronavirus Vaccine, Officials Say (Wall Street Journal) Chinese and Iranian hackers are aggressively targeting American universities, pharmaceutical and other health-care firms in a way that could be hampering their efforts to find a vaccine to counter the coronavirus pandemic, U.S. officials said.
The cyberthreat that could derail the world's race to develop a coronavirus vaccine (CNBC) Pharmaceutical companies working on a vaccine and on drugs and treatments to fight the coronavirus are facing an increased risk of cyberattack, according to cybersecurity experts.
People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations (FBI) The FBI and Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to raise awareness of the threat to COVID-19-related research.
FBI and CISA Warn Against Chinese Targeting of COVID-19 Research Organizations (FBI) The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a public service announcement today warning organizations researching COVID-19 of likely targeting and network compromise by the People’s Republic of China (PRC).
()
Roundup: COVID-19 pandemic delivers extraordinary array of cybersecurity challenges (ZDNet) As the COVID-19 outbreak threatens to overload the healthcare system and the global economy, it's also having a powerful impact on the security of businesses and individuals.
Why Security Misconfiguration Are Higher During Covid-19 (FireMon) There are good reasons your IT security team may be looking a bit sleep-deprived. In addition to the stress of the COVID-19 pandemic everyone is facing, they’re also facing heightened risks to network firewall security as new external assets (websites, web portals, mobile apps and more) are provisioned to enable customers and an expanding remote Read more...
McAfee, CrowdStrike, Palo Alto Networks Track Evolving COVID-19 Cyberattacks (SDxCentral) As cyberattacks and threats continue to grow and mutate along with the COVID-19 pandemic, three security reports from CrowdStrike, McAfee, and Palo Alto Networks shine a spotlight and how these attacks are evolving — and they indicate that businesses aren’t as prepared to secure their now-remote workforce as they think.
Cyberattacks keep offices on their toes (Livemint) Firms are having to boost spending to secure their networks, pushing up costs even as revenues dry up.As employees work remotely during the coronavirus lockdown, cybercriminals are using the opportunity to prey on those working outside secure office networks to steal confidential data
A Guide to Pandemic Scams, and What Not to Fall For (New York Times) Fraudsters see opportunities to target us in these uncertain times. Here are their most popular schemes and how we can protect ourselves.
Nuspire Report Pinpoints Changes in Adversarial Cyber Activity Capitalizing on Coronavirus Pandemic (Nuspire) Quarterly report examines top botnet, malware and exploit activity throughout Q1 2020
We Can’t Stop the Coronavirus Unless We Stop Corruption (Foreign Policy) The world is pouring trillions of dollars into coronavirus vaccines and economic stimulus efforts. But without strict measures, graft will prevent funds from reaching the…
Former NSA Chief: Values Must Not be Compromised in the Name of Security, Not Even During a Pandemic (CTECH) Mike Rogers, who was named head of the NSA at the height of the Snowden scandal is acutely aware of how fragile the public trust is in the intelligence entities of the democratic nations
Cybersecurity Threats to the Food Supply Chain (SecurityWeek) Cyber brings the opportunity of large-scale adversarial interference in food supplies. In military terms this could be a precursor to kinetic warfare, but the cyber age has introduced a new style of cyberwar.
Scams Exploit COVID-19 Giveaways Via Venmo, PayPal and Cash App (Tenable®) The economic impact of COVID-19, which is causing record unemployment, creates a golden opportunity for scammers looking to target vulnerable people desperate for cash to help pay their bills.
Using AI to detect COVID-19 misinformation and exploitative content (Facebook) We’re sharing details about how Facebook is using AI to help detect COVID-19 misinformation and respond to other integrity challenges related to the...
How Facebook is using AI to combat COVID misinformation and detect "hateful memes" (The Verge) Facebook sheds light on its new AI-powered moderation.
European comms bodies set up standards group, call for vigilance on contact-tracing apps (ComputerWeekly) New ETSI group will develop standardisation framework for secure smartphone-based proximity tracing systems, helping to break Covid-19 transmission chains.
Draft Covid-19 contact tracing legislation proposes formal oversight (ComputerWeekly) Human Rights Committee chair Harriet Harman has outlined a proposed bill to guarantee the security and privacy of data generated by the UK’s Covid-19 contact tracing app.
()
MPs take part in first live test of remote voting during Covid-19 debate (ComputerWeekly) MPs will use phones and computers to vote from their homes in a House of Commons debate today in the biggest change in parliamentary procedure for 150 years.
Online Voting Has Worked So Far. That Doesn’t Mean It's Safe (Wired) Proponents of mobile and internet voting point to its uneventful track record. That's not good enough.
Putin Is Well on His Way to Stealing the Next Election (The Atlantic) RIP democracy
House Democrats introduce coronavirus rescue bill that would direct more than $3 trillion to states, individuals, health systems (Washington Post) House Democrats unveiled a sprawling coronavirus rescue bill Tuesday that would direct more than $3 trillion to state and local governments, health systems, and a range of other initiatives, setting up a huge clash with Senate Republicans and the White House over how to deal with the sputtering economy.
Analysis | The Cybersecurity 202: Democratic coronavirus bill shows how partisan election security has become (Washington Post) The bill goes a long way to ensure safe elections during the pandemic but will go nowhere with Republicans.
House Democrats' Partisan Wish List Jeopardizes Elections (Committee on House Administration Republicans) Congress has already provided over $1.25 billion since 2018 to help states update their election infrastructure, $400 million alone from the previous CARES Act to help states make COVID-19 preparations, and the Election Assistance Commission is working around the clock to provide coronavirus guidance and resources for states to administer their elections. It's time for House Democrats to stop trying to take advantage of a national emergency to push their own political agenda.
Remote Courtrooms Here To Stay As Judges Tackle Backlogs (Law360) Federal and state court judges say they are likely to rely heavily on remote courtrooms, including virtual trials, as the prospect of fully reopening the justice system to its former capacity remains a distant goal for many, and case backlogs and delays continue to mount.
()
Coronavirus: Massive Palm Beach County School District Student Password Breach (BocaNewsNow) The Palm Beach County School District is in the midst of a massive computer security crisis that draws into question the authenticity of every assignment completed by every student since “distance learning” began, after BocaNewsNow.com learned that an elementary school student hacked the school district’s password system.
Entrust Datacard Consumer Survey Reveals Poor Password Hygiene Among Remote Workers (BusinessWire) On World Password Day 2020 a new Entrust Datacard work-from-home survey highlights the critical need to address data security challenges.
Security Chiefs Look to Justify Cybersecurity Costs During Business Downturn (Wall Street Journal) The coronavirus pandemic has caused a range of businesses to furlough or layoff employees and freeze technology and cybersecurity projects as they anticipate a financial hit from the health crisis.
Twitter Will Allow Employees To Work At Home Forever (BuzzFeed News) Two months into working from home, Twitter makes it permanent for some.
Apple Plans to Return More Staff to Offices in Break From Rivals (Bloomberg) Company to start letting more workers return to major offices. Google, Facebook will allow remote work through end of 2020.
Michael Dell: Work From Home Will Be 'Permanent Feature' (CRN) Michael Dell said customers have shifted from rapidly implementing work at home setups to ensuring they’re sufficiently hardened and secure for long-term use.
HPE restructures for ‘post COVID-19 world’ (CRN Australia) With a new CTO and GreenLake Cloud Services business group.
The Cloud Powers Fortinet Higher During the Coronavirus Lockdown (The Motley Fool) As remote work increased in relation to COVID-19, cybersecurity’s importance took a quantum leap higher.
Censys Releases Free One-Click Tool To Check Work-From-Home Security (Censys) “Home Network Risk Identifier” Finds Exposed Vulnerabilities in Seconds
LogMeIn Introduces Remote Deployment to Help IT Admins Remotely Install GoToMyPC During Shift to Remote Work (GlobeNewswire) LogMeIn Inc. (NASDAQ: LOGM), a leading provider of solutions for the work-from-anywhere era, has launched Remote Deployment for GoToMyPC enabling IT administrators and business professionals to remotely deploy, install, and configure GoToMyPC remote access software across any number of computers simultaneously.
Dimension Data offers free incident response to hospitals targeted by cyberattacks (htxt.africa) Tony Walt, managing executive for Dimension Data Security, explains why the firm is freely offering this incident response service.
Cyber Attacks, Threats, and Vulnerabilities
US Exposes New North Korean Malware Tools (Decipher) The U.S. government has published details of three new malware tools it says are in use by North Korean state-sponsored attackers.
Researchers Analyze Entry Points, Vectors for Manufacturing System Attacks (SecurityWeek) Researchers analyzed the possible entry points and attack vectors for targeting smart manufacturing systems and discovered several new vulnerabilities in the process
Phishing attack evades Microsoft 365 security (BetaNews) Researchers at email protection company Armorblox have uncovered a targeted email phishing attack designed to get past Microsoft 365 security.
Vulnerabilities in 'Page Builder' Plugin Expose 1 Million WordPress Websites (SecurityWeek) Two high severity vulnerabilities addressed recently in SiteOrigin’s Page Builder WordPress plugin could allow an attacker to execute code in a website administrator’s browser
()
Hackers' private chats leaked in stolen WeLeakData database (BleepingComputer) Ironically, the database for the defunct hacker forum and data breach marketplace called WeLeakData.com is being sold on the dark web and exposes the private conversations of hackers who used the site.
Toll Group reveals stolen data may show up on dark web (CRN Australia) Company last week revealed it was hit by ransomware attack.
Shipping Giant Toll Confirms Hackers Stole Data in Recent Attack (SecurityWeek) After initially claiming that it found no evidence of data being stolen as a result of the recent ransomware attack, Australian shipping giant Toll has admitted that some data has been stolen
Toll Group resists ransom demands from hackers after cyber attack (Loadstar) Toll Group is having a tough year, and has confirmed that the “unusual activity” on its servers last week was a cyber attack, which has now led to ransom demands.
Healthcare giant Magellan Health hit by ransomware attack (BleepingComputer) Fortune 500 company Magellan Health Inc announced today that it was the victim of a ransomware attack on April 11, 2020, which led to the theft of personal information from one of its corporate servers.
[Ransomware disclosure by Magellan Health] (Magellan Health) Magellan was recently the victim of a criminal ransomware attack
Thunderspy – why turning your computer off is a cool idea! (Naked Security) Thunderbolt ports can provide direct access to the memory in your laptop… just how hard is it for crooks to do so when you aren’t looking?
()
Top 10 Routinely Exploited Vulnerabilities (CISA) The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors.
Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update A) | (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
--------- Begin Update A Part 1 of 2 ---------
Equipment: IE/PB-Link, RUGGEDCOM, SCALANCE, SIMATIC, SINEMA
--------- End Update A Part 1 of 2 ---------
OSIsoft PI System (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: OSIsoft
Equipment: PI System
Vulnerabilities: Uncontrolled Search Path Element, Improper Verification of Cryptographic Signature, Incorrect Default Permissions, Uncaught Exception, Null Pointer Dereference, Improper Input Validation, Cross-site Scripting, Insertion of Sensitive Information into Log File
2.
Eaton Intelligent Power Manager (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Eaton
Equipment: Intelligent Power Manager
Vulnerabilities: Improper Input Validation, Incorrect Privilege Assignment
2.
Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: KTK, SIDOOR, SIMATIC, and SINAMICS
Vulnerability: Uncontrolled Resource Consumption
2.
Siemens SIPROTEC 5 and DIGSI 5 (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely; low skill level to exploit
Vendor: Siemens
Equipment: SIPROTEC 5 and DIGSI 5
Vulnerabilities: Improper Input Validation
2 UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-19-190-05 Siemens SIPROTEC 5 and DIGSI 5 (Update B) that was published December 10, 2019 on the ICS webpage on us-cert.gov.
Siemens SINAMICS (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SINAMICS
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION
This updated advisory is a follow-up to the advisory update ICSA-19-227-04 Siemens SINAMICS (Update B) that was published December 10, 2019, to the ICS webpage on us-cert.gov.
3S-Smart Software Solutions GmbH CODESYS V3 Library Manager (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.6
ATTENTION: Low skill level to exploit
Vendor: 3S-Smart Software Solutions GmbH
Equipment: CODESYS V3 Library Manager
Vulnerability: Cross-site Scripting
2.
Interpeak IPnet TCP/IP Stack (Update D) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River
Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River
Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Injection, Null Pointer Dereference
Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update C) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Siemens
Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC
Vulnerability: Incorrect Calculation of Buffer Size
2.
Security Patches, Mitigations, and Software Updates
Microsoft patches 111 vulnerabilities in May 2020 Patch Tuesday (Computing) No zero-days patched in the latest release
Adobe Patches 36 Vulnerabilities in Acrobat, DNG SDK (SecurityWeek) Adobe has patched 36 vulnerabilities in Acrobat, Reader and the DNG SDK, and while some flaws have been rated critical the vendor believes they are unlikely to be exploited too soon
Instagram iOS update brings bulk comment deleting, control for who can mention or tag you (9to5Mac) Instagram is rolling out some changes today to keep the platform a more positive place for users. Two features rolling out now include the ability to control who can tag or mention you in comments, captions, or Stories as well as the ability to delete comments in bulk. Instagram noted in a blog post today …
Squid patches security flaws in HTTP digest authentication (The Daily Swig) Vulnerabilities have lain undiscovered since 2001
Huawei denies involvement in buggy Linux kernel patch proposal (ZDNet) Huawei says employee submitted code as part of a personal project, not on behalf of the company.
Cyber Trends
Digital Fraudsters Increase Attacks Against Multiple Industries During Pandemic; Use COVID-19 Scams to Target Younger Generations (TransUnion) TransUnion quarterly global fraud analysis also examines the types of fraud targeting businesses and where it originates
Marketplace
Stand-alone cyber insurers need more agents and brokers (PropertyCasualty360) Insurers may need to reconsider the product's design, pricing and marketing strategy to get their distribution force more enthusiastically on board.
Semperis Announces $40 Million in Growth Funding After Completing Six Consecutive Profitable Quarters (BusinessWire) Semperis, a pioneer of identity-driven cyber resilience for enterprises, receives $40 Million in Series B Funding Led by Insight Partners
SonarSource Acquires RIPS Technologies and Accelerates in the Application Security Market (PR Newswire) SonarSource, maker of SonarQube and leader for Code Quality and Code Security solutions, today announced the acquisition of RIPS Technologies,...
Verint Closes $200 Million Investment by Funds Advised by Apax Partners (Directors' Club) Verint® announced it has closed the first tranche under the two tranche investment agreement with funds advised by Apax Partners signed in December in
Varonis Systems’ $253 Million Convertible Senior Note Offering (Global Legal Chronicle) White & Case LLP has advised Varonis Systems, Inc. on the offering.
CACI Awarded $465 Million Task Order to Provide Expertise for U.S. Army C5ISR Missions (BusinessWire) CACI International Inc (NYSE: CACI) announced today that it has been awarded a five-year single-award task order, with a ceiling value of more than $4
Facebook is quietly helping to set up a new pro-tech advocacy group to battle Washington (Washington Post) Facebook is working behind the scenes to help launch a new political advocacy group that would combat U.S. lawmakers and regulators trying to rein in the tech industry, escalating Silicon Valley’s war with Washington.
Deloitte lays off 200 consultants and auditors in Toronto (Consulting) Deloitte Canada has laid off approximately 200 people in its Toronto headquarters, according to a report from Business Insider.
Invicti Security Reports Record Growth and Profitability (Invicti) Enterprise driving demand for web application security leaders Netsparker and Acunetix
()
XM Cyber Named a Gartner 'Cool Vendor' in Security Operations and Threat Intelligence (PR Newswire) XM Cyber, the multi-award-winning breach and attack simulation (BAS) leader, was recognized as a "Cool Vendor" in Gartner's May 2020 "Cool...
Coalfire Named a "Top Workplace" by The Denver Post for Third Consecutive Year (PR Newswire) Coalfire, a trusted provider of cybersecurity advisory and assessment services, announced today that the company was named one of The Denver...
CyberGRX Recognized as Best Workplace by Inc. Magazine (BusinessWire) CyberGRX has been selected as one of the 395 finalists recognized by Inc. Magazine as a Best Workplace for 2020.
Janice Kennedy of Mandiant Security Validation Recognized as One of CRN’s 2020 Women of the Channel by Tracey Moon (Security Boulevard) Each year, CRN, a brand of The Channel Company, recognizes leading female executives for their accomplishments over the past year and the far-reaching impact they are having on the technology industry going forward
Five FireEye Leaders Honored as CRN 2020 Women of the Channel (BusinessWire) Five FireEye employees have been recognized by CRN for their leadership in the channel.
Coalfire Federal's Bill Malone Named Top Cyber Exec (PR Newswire) Coalfire Federal, a pure-play government cybersecurity advisory services and assessment firm, today announced that its newly appointed...
Illusive Networks Hires Nicole Bucala as VP of Business Development (PR Newswire) Illusive Networks®, the leader in deception-based cyber defense solutions, today announced the hiring of Nicole Bucala as vice president of...
Plurilock adds to board of directors (Planet Biometrics News) Plurilock Security Solutions, a leading provider of behavioral-biometric authentication technologies, has announced the addition of seasoned software executive Ed Hammersla, formerly of Trusted Computer Solutions (TCS), to its board of directors.
Arnold & Porter Hires Privacy Pro From Venable (Law360) Arnold & Porter has grown its partnership with a hire from Venable LLP who will join its privacy and data security practice as the global pandemic makes sound legal advice on those subjects ever more critical for clients.
Products, Services, and Solutions
ThreatQuotient Expands Professional Services Offering (BusinessWire) ThreatQuotient, a leading security operations platform innovator, today announced enhancements to their professional services offering.
Bitdefender and SYNNEX Corp. Announce Distribution Agreement (PR Newswire) Bitdefender, a leading global cybersecurity company protecting more than 500 million systems worldwide, today announced that it has entered...
DivvyCloud by Rapid7 Announces New Infrastructure as Code Security Capability (BusinessWire) DivvyCloud by Rapid7 announces new Infrastructure as Code Security capability to empower enterprises to take a preventive approach to cloud security.
New Sudo Features Integrate Popular Privileged Access Application Into Enterprise Security and IT Strategies (GlobeNewswire) Nearly ubiquitous across Linux deployments, Open Source Sudo software allows a user to act as another user. Version 1.9 enhancements drive centralized logging, auditing and command approval. Python language now supported for third-party plugins.
()
Illumio Evolves Micro-Segmentation by Enabling Self-Service Functionality for Application Teams (GlobeNewswire) New App Owner View feature empowers each application owner to implement their own segmentation security policies, as organizations strive to achieve Zero Trust
Liquid.com Bolsters Security for Cryptocurrency Exchange with Sumo Logic (GlobeNewswire) Company Adopts Sumo Logic’s Cloud SIEM to Secure More than One Billion Platform Transactions Per Day and Support Globally Distributed Team and Multi-cloud Technology Stack
Technologies, Techniques, and Standards
White-Box Encryption: Ending Web App Vulnerability (Infosecurity Magazine) White-box cryptography is a solution that provides software-based key storage.
FIRST aims to update the Traffic Light Protocol standard to increase global adoption (FIRST — Forum of Incident Response and Security Teams) Now inviting participants for next review round
()
SOCOM chief: Door-kickers are out, cyber operators are in (Task & Purpose) The future of U.S. special operations may no longer involve a gaggle of commandos busting through a door, according to U.S. Special Operations Command's top general, but 'cyber operators' tasked with bringing their unique set of tools to bear on adversaries
Y'all Should Be Using Critical Thinking in the Workplace! (Phoenix TS) Regardless of the situation, we’ve all had the same thought; was there something I could have done differently? How could I have been more prepared? What can I do better next time? The answer is simple; critical thinking.
A Pentester’s Voyage - The First Few Hours (Black Hills Information Security) Jordan Drysdale // Many methodologies have been written, but the first few hours on an internal pentest tell the story of an organization’s security culture. This type of test differs from an assumed compromise or pivot in that the tester walks into the network fully armed. requirements.txt Nmap...
Design and Innovation
Secure Technology Alliances Announces Website and New Educational Resources to Advance Adoption of Mobile Driver’s Licenses (Secure Technology Alliance) Today the Secure Technology Alliance took another step forward in its efforts to raise awareness and accelerate adoption of mobile driver’s licenses (mDLs) in the U.S. with the launch of an online educational hub, mDLConnection.com. This website will help to
Legislation, Policy, and Regulation
Estonia Passes 'Huawei Law' for Telecom Security Reviews (Reuters via US News and World Report) Estonia's parliament approved on Tuesday a new Electronics Communications Act to ensure security reviews for telecom gear needed in the development of future networks.
Why China’s Technology Theft Poses a Bigger Challenge Than That of the Soviet Union (The Diplomat) China can better incorporate what it takes to “catch up.”
Echidna or Combat Wombat? Preparing for the Defence Strategic Update (Defence Connect) As Australia’s public and strategic policy community wait with bated breath for the release of the new Defence Strategic Update in response to the changing strategic environment the nation finds itself in, Sam Roggeveen of Lowy Institute and Greg Sheridan of The Australian have entered the debate with interesting points for consideration.
Senate braces for fight over renewing lapsed surveillance powers (POLITICO) The Senate’s civil libertarians aim to place even stricter limitations on surveillance powers.
()
Cyber Command Needs New Acquisition Authorities (Lawfare) A major force program will help solve the problem.
()
COVID-19 constraints delay needed CMMC rule change (FCW) Social distancing requirements have delayed the public hearing needed for a rule change to enforce new cybersecurity standards for contractors.
Continuing Developments in Cybersecurity (JD Supra) The Government continues to take steps to address its Defense Industrial Base supply chain cybersecurity.
IoT Security: Sen. Warner’s Letter to IoT Manufacturers (Security Boulevard) With more IoT devices being used in homes and businesses in the U.S., is Washington finally ready to address the security of these devices?
Litigation, Investigation, and Law Enforcement
INTERPOL Declares “Anti-Ransomware Day” (Infosecurity Magazine) INTERPOL and Kaspersky dub WannaCry’s third anniversary “Anti-Ransomware Day”
Facebook to pay moderators $52m for mental trauma suffered on the job (The Telegraph) Current and former workers will get up to $6,000 each in compensation for PTSD and similar conditions as part of a class action settlement
Facebook will pay $52 million in settlement with moderators who developed PTSD on the job (The Verge) Current and former moderators will all be paid a minimum of $1,000. Selena Scola filed the case in California.
'Cat and mouse game': how Citizen Lab shone a spotlight on Israeli spyware firm (the Guardian) Ron Deibert has helped expose how Israeli spyware firm allegedly facilitated hacking of activists’ phones
Mexican Government Cancels NSO Group Cyber-Surveillance Contract, Launches Corruption Investigation (Tikun Olam) Israeli media watchdog, 7th Eye, reports that the Mexican government officially revealed for the first time that it canceled NSO Group’s contract to provide cyber-hacking tools to the country’s legal, law enforcement and intelligence units.
Tarjeta Informativa (Gobierno de México) Con relación al caso del programa de vigilancia conocido como Pegasus, la Secretaría de Seguridad y Protección Ciudadana precisa lo siguiente...
()
Iron Mountain Discloses Potential Sanctions Violations (Wall Street Journal) The Boston-based information storage and management company said one of its foreign subsidiaries provided products and services for more than a decade to at least two entities blacklisted by the U.S.
U.S. judge puts Justice Department’s move to drop charges against Michael Flynn on hold (Washington Post) The judge says he expects independent groups and legal experts to argue against the bid to exonerate the former national security adviser. The move could re-air evidence and arguments over whether lies Flynn pleaded guilty to were a crime.