— The cybersecurity community during the COVID-19 emergency
Analysis | The Cybersecurity 202: Commission that pushed a cybersecurity overhaul hopes coronavirus boosts the effort (Washington Post) The pandemic underscores the importance of being prepared for the next crisis
China’s Coronavirus Information Offensive (Foreign Affairs) Beijing Is Using New Methods to Spin the Pandemic to Its Advantage
Vint Cerf suggests GDPR could hurt coronavirus vaccine development (Register) Essay on role of internet during plague times also suggests online schooling may not be the finished article
Boost for contact tracing app as Isle of Wight pilot achieves more than 50pc take-up (The Telegraph) Hopes of delivering an effective contact tracing programme appear to have been given a boost after the pilot of the new NHSX app achieved more than 50 per cent take-up.
Faulty contact-tracing app would ‘risk spreading the virus’, NHSX advisor warns (The Telegraph) Sir Jonathan Montgomery, chair of NHSX's advisory board, warned the app could give people 'false negatives'
Secret details on NHS contact tracing app left open to public in security blunder (The Telegraph) Details of the future plans for the app were inadvertently left public on Google Drive
()
Harman seeks to bring private member’s bill over contact tracing (ComputerWeekly) Chair of Human Rights Committee aims to put the proposed Contact Tracing (Data Protection) Bill 2020 before parliament as a private member’s bill if necessary.
Most Americans are not willing or able to use an app tracking coronavirus infections. That’s a problem for Big Tech’s plan to slow the pandemic. (Washington Post) Nearly 3 in 5 Americans say they are either unable or unwilling to use the infection-alert apps under development by Google and Apple, suggesting a steep climb to win enough adoption of the technology to make it effective against the coronavirus pandemic, a Washington Post-University of Maryland poll finds.
()
Vaccine misinformation more persuasive than experts, study finds (UPI) Groups that spread vaccine misinformation on social media have more impact than government health agencies and other expert organizations on undecided people, a new study finds.
Microsoft opens up coronavirus threat data to the public (CyberScoop) Microsoft has decided to make its coronavirus-related hacking threat intelligence public, even for non-customers, to boost collective security.
Biases in Perceptions of Information Security Threats (Infosecurity Magazine) In order to maintain both personal and organizational security, individuals must perceive information security risks realistically.
How agencies can defend against pandemic-fueled cyber threats (GCN) Agencies that deploy crucial defense measures will reinforce an ecosystem of protection that is desperately needed to safeguard data in this time of crisis.
Hackers Love The Coronavirus – What Can Your Business Do About It? (CEOWORLD magazine) The COVID-19 outbreak has brought with it a host of new issues and concerns for businesses as they focus their efforts on protecting their employees, workstreams, and revenues. It is a worrying time with rapidly changing scenarios, advice, and understandably the concern for people’s wellbeing is rising. The pandemic has brought a wave of disruption […]
Ready-made COVID-19 Themed Phishing Templates Copy Government Websites Worldwide (Proofpoint) Threat actors are continuing to try and take advantage of people worldwide as the pandemic continues—and most recently their efforts have included using fake websites, associated with COVID-19 financial assistance, to steal credentials.
Criminals boost their schemes with COVID-19 themed phishing templates (Help Net Security) Phishers are incessantly pumping out COVID-19 themed phishing campaigns and refining the malicious pages the targets are directed to.
Hackers Change Ransomware Tactics to Exploit Coronavirus Crisis
(Wall Street Journal) Cyber criminals have adapted their ransomware tactics during the coronavirus pandemic, setting their malware to launch more quickly once inside the networks of health-care providers and other companies.
Fresh Twist for Pandemic-Related Phishing Campaigns (BankInfo Security) Fraudsters are honing their phishing emails tied to the COVID-19 crisis, using fake messages about business continuity plans and new payment procedures to spread
This new, unusual Trojan promises victims COVID-19 tax relief (ZDNet) QNodeService’s codebase may have helped it avoid detection by traditional antivirus solutions.
When we need it most, healthcare is still being hit hard by ransomware (Armenian Reporter) The Fortune 500 for-profit managed healthcare and insurance coverage agency Magellan Health was hit by a ransomware assault this week. The American outfit
Interserve hit by cyber attack as hackers target hospital construction firms (CityAM) Outsourcing group Interserve has been left reeling from a cyber attack earlier this month as criminals target construction firms involved in the UK’s coronavirus response.
Covid-19 lockdowns push organised gang crime online says UK’s top cyber cop (SC Magazine) Organised criminal networks have been forced online to find new sources of cash because transporting drugs and committing robberies have become almost impossible, a chief constable says.
Beware of Sick Behavior Masquerading as Coronavirus (SecurityWeek) Researchers have undertaken a deep dive into the shadowy, cyber world of those whose work involves abusing others online through trickery, extortion, fraud, and theft resulting from COVID-19
The Facebook pages you don't want to like or share (KSDK) The pages use legitimate store names in the title plus the word 'club' and some of the scam pages have thousands of likes and shares
Woman stalked by sandwich server via her COVID-19 contact tracing info (Naked Security) She wanted a sub, not Facebook, Instagram and SMS come-ons from the guy who served her and intercepted her contact-tracing details.
Cyber Insurance Demand Heats Up As COVID-19 Hacks Rise (Law360) More companies are looking to cyber insurance to help manage the fallout from a wave of coronavirus-related cyberattacks, highlighting the need for businesses to pay close attention to internal data security shortcomings and policy limits that could spark coverage fights.
Limited-Time Promotion Allows Security Leaders to Trial LogRhythm Cloud (PRWeb) LogRhythm, the company powering today’s security operations centers (SOCs), today announced its Remote Workforce Visibility offer to help organizations achieve
Darktrace AI protects student data as they learn remotely (BusinessWeekly) Cambridge cyber security world leader Darktrace is cashing in on a lucrative new vertical market as the education sector globally uses its technology to defend millions of students’ data & research as they learn remotely. Darktrace says a record number of educational organisations around the world have done their homework to protect students from being hacked and sabotaged.
Cyber Attacks, Threats, and Vulnerabilities
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report (Register) Outsourcer Interserve holds a number of UK defense contracts, among others
Interserve hit by data breach - 100,000 people get data stolen (SC Magazine) One of the UK government’s “strategic suppliers” is recovering from a cyberattack which took place over the weekend that may have seen the details of up to 100,000 people stolen.
Hackers target the air-gapped networks of the Taiwanese and Philippine military (ZDNet) Third state-sponsored malware strain disclosed this week that can jump the air gap and reach isolated networks.
Russian hacker group using HTTP status codes to control malware implants (ZDNet) New Turla cyber-espionage operation targets diplomatic entities in Europe with new COMpfun malware.
Mikroceen RAT backdoors Asian government networks in new attack wave (ZDNet) The backdoor paved the way for the deployment of other malware including Gh0st RAT.
Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia (WeLiveSecurity) ESET researchers dissect a backdoor deployed in attacks against multiple government agencies aswell as major organizations operating in two critical infrastructure sectors in Central Asia.
UK electricity middleman hit by cyber-attack (ZDNet) Elexon said the incident only impacted its internal IT network, employee laptops, and company email server.
Lights stay on despite cyber-attack on UK's electricity system (the Guardian) Cybersecurity measures keep electricity flowing after IT infrastructure targeted
APT Group Planted Backdoors Targeting High Profile Networks in Central Asia (Avast Threat Labs) Last fall, APT malware intrusions targeting high-profile companies in Central Asia caught our attention. A few months later, we began working together with fellow malware analysts from ESET to analyze samples used by the group to spy on a telecommunications company, a gas company, and a governmental institution in Central Asia. An APT group, which […]
Security incident knocks Archer supercomputer service offline for days (CyberScoop) Britain’s main supercomputing service for academic research has been unavailable since Monday following a security incident that forced administrators to reset user passwords.
()
Port Kembla steelworks hit by BlueScope cyber attack (Australian Financial Review) Just days after Toll Group revealed hackers had stolen its private data, BlueScope has said it is fighting an attack that has infected systems worldwide.
Hackers who stole files from a law firm to stars like Lady Gaga and Drake doubled their ransom to $42 million and threatened to release 'dirty laundry' on Trump (Business Insider) Grubman, Shire, Meiselas and Sacks was recently the target of a hack by a group called REvil, which is attempting to random the information.
Ransomware Gang Demands $42M or it Releases Trump’s ‘Dirty Laundry’ (Cointelegraph) The ransomware gang responsible for stealing almost 1TB of legal secrets from celebrities and entertainers last week is now targeting the President
Blox Tales #5: Credential Theft Using Symantec URL Rewriting (Armorblox) Blox Tales take a look at a targeted email attack, outline why it made its way into an inbox, and highlight how Armorblox was able to detect the attack. In this blog, we’ll focus on an email that hid a zero-day phishing site behind multiple redirects, including one created using Symantec’s Click-time URL Protection tool for URL rewriting.
Security Flaws in Software-Based PLC Enable Remote Code Execution on Windows Box (Claroty) A US-CERT advisory was issued today for multiple vulnerabilities discovered by Claroty researcher Mashav Sapir. The vulnerabilities affect Opto 22’s SoftPAC Project versions 9.6 and prior.
Opto 22 SoftPAC Project (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Opto 22
Equipment: SoftPAC Project
Vulnerabilities: External Control of File Name or Path, Improper Verification of Cryptographic Signature, Improper Access Control, Uncontrolled Search Path Element, Improper Authorization
2.
Emerson WirelessHART Gateway (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 10.0
ATTENTION: Exploitable remotely/low skill level to exploit
Vendor: Emerson
Equipment: Emerson WirelessHART Gateways (1410, 1420 and 1552WU)
Vulnerability: Improper Access Control
2. RISK EVALUATION
Successful exploitation of this vulnerability could disable the internal gateway firewall.
3S-Smart Software Solutions GmbH CODESYS V3 (Update A) (CISA) 1. EXECUTIVE SUMMARY
CVSS v3 8.8
ATTENTION: Low skill level to exploit
Vendor: 3S-Smart Software Solutions GmbH
Equipment: CODESYS V3
Vulnerability: Insufficiently Protected Credentials
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-19-213-04 3S-Smart Software Solutions GmbH CODESYS V3 that was published August 1, 2019, to the ICS webpage on us-cert.gov.
Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable (The Hacker News) Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol?
Notification About Data Security Incident For Wright County Residents (St. Michael, MN Patch) Additional analysis on the data sets commenced immediately and was completed in March 2020.
San Dieguito School District Hit by Data Breach (NBC 7 San Diego) The San Dieguito Union High School District announced Thursday some if its employees’ personal data may have been accessed during a data breach last summer. The unauthorized access took place between July 1 and July 17 of 2019, according to the SDUHSD. The investigation that followed couldn’t determine the scope of information that was actually accessed within the affected email…
Security Patches, Mitigations, and Software Updates
Cisco and Palo Alto Networks appliances impacted by Kerberos authentication bypass (CSO Online) The shared vulnerability could enable man-in-the-middle attacks, and it could exist on other devices. Patch now.
Palo Alto Networks Patches Many Vulnerabilities in PAN-OS (SecurityWeek) Palo Alto Networks has patched over two dozen vulnerabilities in PAN-OS, including many that have a critical or high severity rating and a few that can be exploited without authentication
Intel Improves Hardware Shield in New 10th Gen Core vPro Processors (SecurityWeek) Intel has unveiled its 10th Gen Core vPro processors, which include an improved version of Hardware Shield with advanced threat detection
Microsoft: Here's how we're killing a class of memory security bugs in Windows 10 (ZDNet) Microsoft details a new Windows 10 security feature that crashed PCs running games that use anti-cheat software.
Windows 10 to get PUA/PUP protection feature (ZDNet) PUA/PUP-blocking option to be added in Windows 10 May 2020 update.
Cyber Trends
All top cyber villains speak Russian, says computer anti-virus guru (TASS) Russia trains the best programmers in the world, and, as a consequence, the world’s best hackers often speak Russian, the founder and CEO of the Russian antivirus software provider Kaspersky Lab said in an interview with TASS
40% of IT security budgets spent on 'compliance burden' as 43% of orgs reported to ICO over GDPR (SC Magazine) 43% or organisations have been reported to the ICO, and this increased IT compliance burden is soaking up IT security budgets with the focus on 3rd party data rather than the company's own assets.
2020 Cyber Report: Compliance Burdens Unsustainable (PR Newswire) Coalfire, a provider of cybersecurity advisory and assessment services, today released the Securealities Compliance Research Report in...
New Study: IT Pros Are More Worried About Corporate Security than Home Security (The Press) Data security is creating fear and trust issues for IT professionals, according to the third-annual Oracle and KPMG Cloud Threat Report 2020.
The Average American Had Personal Information Stolen at Least 4 Times in 2019 (Interest.com) Over the past decade or so you’ve probably noticed the increasing frequency of major data breaches around the world. There have been at least 200 documented data breaches since 2005, and the number of records exposed is only on the rise as more folks move their lives online. With more people transitioning facets of their …
Marketplace
This Group of CISOs Is Pumping Their Own Money and Advice Into Security Startups (SecurityWeek) Silicon Valley CISO Investments (SVCI) is a syndicate of practicing CISOs that invests its own money and personal expertise into the success of the syndicate's portfolio companies.
WSJ News Exclusive | Taiwan Firm to Build Chip Factory in U.S. (Wall Street Journal) Taiwan Semiconductor Manufacturing, the world’s largest contract manufacturer of silicon chips, said it would spend $12 billion to build a chip factory in Arizona, as U.S. concerns grow about dependence on Asia for the technology.
Thompson Street Capital Partners Announces Acquisition of PKWARE Inc. (BusinessWire) Thompson Street Capital Partners (TSCP), a private equity firm based in St. Louis, announced today that they have acquired PKWARE Inc. (PKWARE), a Mil
Venafi acquires Jetstack, the startup behind the cert-manager Kubernetes certificate controller (TechCrunch) It seems that we are in the middle of a mini acquisition spree for Kubernetes startups, specifically those that can help with Kubernetes security. In the latest development, Venafi, a vendor of certificate and key management for machine-to-machine connections, is acquiring Jetstack, a U.K. startup …
VMware to acquire Kubernetes security startup Octarine and fold it into Carbon Black (TechCrunch) VMware announced today that it intends to buy early-stage Kubernetes security startup Octarine and fold it into Carbon Black, a security company it bought last year for $2.1 billion. The company did not reveal the price of today’s acquisition. According to a blog post announcing the deal, fro…
Army cyberdefense supported under CACI contract (Military Embedded Systems) ARLINGTON COUNTY, Va. CACI International Inc. announced that it has been awarded a five-year, single-award task order, with a ceiling value of more than $465 million, by the U.S. Army Combat Capabilities Development Command’s (CCDC) Command, Control, Computers, Communications, Cyber, Intelligence, Surveillance, and Reconnaissance (C5ISR) center to provide research and development on cryptographic modernization, information security, and tactical network protection.
Zerodium Expects iOS Exploit Prices to Drop as It Announces Surplus (SecurityWeek) Exploit acquisition firm Zerodium says it’s no longer buying certain types of iOS exploits and the company expects iOS exploit prices to drop in the near future
Cybersecurity innovation: Enel, Mastercard announce a new lab in Israel (Smart Energy International) Enel, Mastercard and the Israel Innovation Authority have announced a new cybersecurity innovation lab in Israel to support global startups.
How to find a job in cybersecurity (TechRepublic) In an industry still experiencing a talent shortage despite the pandemic, recruiters and observers offer advice on what job seekers should and should not do.
Security and Enterprise Cloud Veteran Candace Worley Joins Ping Identity as Chief Product Officer (BusinessWire) Ping Identity (NYSE: PING), the Intelligent Identity solution for the enterprise, today announced Candace Worley has joined the company’s leadership t
DWF Appoints Mark Hendry as Director of Data Protection and Cyber Security (Infosecurity Magazine) DWF appoints a new director of data protection and cyber security
Products, Services, and Solutions
Introducing BotSight: A New Tool to Detect Bots on Twitter in Real-Time (Norton LifeLock) Quantifying Disinformation on Twitter, one Tweet at a Time
EmberSec Unveils Virtual CISO Program (EmberSec) Executive-Level Security Expertise that Delivers Cybersecurity Readiness to Meet Corporate Goals
Zero Networks Announces TrustMeter, a Free Tool to Measure Excessive N (PRWeb) Zero Networks, the pioneer in zero trust networking, today announced the release of TrustMeter, a new free tool to help organizations better und
Volterra Radically Simplifies End-to-End Encryption | Volterra (Volterra) Volterra, an innovator in distributed cloud services, today announced the launch of VoltShare to radically simplify the process of securely encrypting confidential data with end-to-end encryption. VoltShare is available as downloadable software (or an API and SDK) that operates locally...
Cisco Adaptive Security Appliance Software Kerberos Authentication Bypass VulnerabilityCi (CiscoTest Application) The Cisco Security portal provides actionable intelligence for security threats and vulnerabilities in Cisco products and services and third-party products.
Swimlane Launches Analyst Hub (Yahoo) The launch of the Swimlane Analyst Hub aggregates open-source and developer tools and content for security analysts.
BlackBerry Government Mobility Suite Achieves FedRAMP Authorization (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced that its BlackBerry® Government Mobility Suite has achieved Federal Risk and...
Edison announces partnership with ZecOps to improve email security on iOS (MobileSyrup) In an effort to improve email security on iOS, Edison is partnering with ZecOps to monitor its app for vulnerabilities.
Technologies, Techniques, and Standards
X-Force IRIS Overcomes Broken Decryption Mechanism in Jest Ransomware (Security Intelligence) IBM X-Force Incident Response and Intelligence Services (IRIS) recently helped a company fend off a ransomware attack by building a custom decryptor for a strain of ransomware known as "Jest."
Machine Learning Can’t Protect You From Fileless Attacks (Morphisec) Machine learning algorithms are great for decision-making; they're less so when it comes to protecting the organization against fileless attacks.
How Unconventional Professional Backgrounds Can Strengthen a Cybersecurity Team (Dark Reading) Getting over the cybersecurity skills gap takes creativity, flexibility, and a willingness to go off-script when it comes to picking out candidates.
What your DevOps team needs to know: 4 lessons from exploited vulnerabilities (TechBeacon) Here are four lessons from major breaches on how to catch the next seemingly small software bug, before it snowballs into a massive breach.
Design and Innovation
Choosing the right commercial tech for government (Defense News) How can the U.S. government best evaluate commercial tech for the federal market, and avoid reinventing the wheel?
Perspective | Facebook has a huge truth problem. A high-priced ‘oversight board’ won’t fix it. (Washington Post) The company’s global for-profit web of viral lies requires serious regulation, not a committee.
Why Is Facebook So Afraid of Checking Facts? (Wired) The biggest social network in the world has the wrong idea for how to fight Covid-19 conspiracies.
Research and Development
Senators introduce bill to create more cyber grand challenges (Fifth Domain) The grand challenges stem from the 2018 Cybersecurity Moonshot report.
Academia
Educational organizations use cloud apps to share sensitive data outside of IT control (Help Net Security) Many educational organizations use cloud apps and are at risk of data security incidents during the period of working from home and virtual learning.
I Criticized My University’s Ties to the Chinese Government. Now I Face Expulsion. (Foreign Policy) Australian institutions’ financial ties to China mean ditching values.
Two USF-based Centers Team Up to Tackle K-12 Cybersecurity Education across Florida (Tampa Bay Newswire) Two state centers based at the University of South Florida have announced an ambitious partnership to help Florida public schools provide classes on cybersecurity skills to their K-12 students. The Florida Center for Instructional Technology (FCIT) and Cyber Florida: The Florida Center for Cybersecurity will develop and implement curricula and…
Cybrary Scholars Program Recipients Announced (Cybrary) Cybersecurity Professionals Impacted By COVID-19 Awarded Learning Resources and Mentorship to Further Career Development
Legislation, Policy, and Regulation
Merkel Is ‘Outraged’ by Russian Hack but Struggling to Respond (New York Times) Patience with President Vladimir Putin is running thin in Berlin. But Germany needs Russia’s help on several geopolitical fronts from Syria to Ukraine.
Moscow Says No Proof Russian Hackers Spied on Merkel (The Moscow Times) "Five years have passed. Not a single concrete fact has been provided," Foreign Minister Lavrov said.
()
US increases military pressure on China as tensions rise over pandemic (CNN) The US is upping military pressure on China amid increased tensions over the South China Sea and accusing Beijing of seeking to leverage the coronavirus pandemic to extend its sphere of influence in the region.
Exclusive: U.S. moves to cut Huawei off from global chip suppliers (Reuters) The Trump administration on Friday moved to block shipments of semiconductors to Huawei Technologies from global chipmakers, in an action that could ramp up tensions with China.
US maintains ban on Chinese tech firms as Huawei, ZTE make 5G leaps (ComputerWeekly) White House extends executive order that effectively bans US companies from using comms equipment made by firms posing a national security risk, while Huawei and ZTE reveal new 5G advances.
Commerce Addresses Huawei’s Efforts to Undermine Entity List, Restricts Products Designed and Produced with U.S. Technologies (U.S. Department of Commerce) The Bureau of Industry and Security (BIS) today announced plans to protect U.S. national security by restricting Huawei’s ability to use U.S. technology and software to design and manufacture its semiconductors abroad. This announcement cuts off Huawei’s efforts to undermine U.S. export controls.
Department of Commerce Issues Expected Final 90-Day Extension of Temporary General License Authorizations (U.S. Department of Commerce) The U.S. Department of Commerce announced today it is extending the terms of the existing Temporary General License (TGL) authorizations for Huawei Technologies Co. Ltd. and its non-U.S. affiliates (Huawei) on the Entity List for 90 days. The terms and duration of any future general licenses will be announced prior to the expiration of this 90-day time period.
U.S. Secretary of Commerce Wilbur Ross Praises Plans by Taiwan Semiconductor Manufacturing Company (TSMC) to Build Semiconductor Facility in Arizona (U.S. Department of Commerce) U.S. Secretary of Commerce Wilbur Ross praised today’s announcement by Taiwan Semiconductor Manufacturing Company (TSMC) of plans to invest approximately $12 billion to construct a new 5-nanometer semiconductor production facility in Arizona. This manufacturing facility will be one of only two of its kind globally capable of producing the world’s most advanced semiconductors.
Proposed changes to Singapore's data protection law seek stiffer penalties for info leaks (The Straits Times) In case of a data breach, organisations may soon be slapped with fines of up to 10 per cent of their annual gross turnover, or $1 million, whichever is higher, if proposed amendments go through.. Read more at straitstimes.com.
Joint Cyber Task Force, MDNG Assists Howard County During COVID-19 (DVIDS) Cyberspace experts in Maryland National Guard are expanding their efforts with IT professionals statewide to address cyber threats seeking to exploit the COVID-19 pandemic.
Trump's acting intel chief taps career officer as top deputy ahead of expected departure (CNN) Acting Director of National Intelligence Richard Grenell has tapped a career intelligence officer to serve as his top deputy, a notably uncontroversial pick that comes as Grenell's three-month tenure, which started with fears about how he would reshape the intelligence community's coordinating body, nears an end pending the confirmation of President Donald Trump's pick for the permanent job, Rep. John Ratcliffe.
32 senators to urge FCC to reverse Ligado decision (C4ISRNET) A bipartisan group of 30 senators are expected to send the Federal Communications Commission a letter urging it to reverse course on its decision to allow Ligado to deploy a nationwide mobile broadband network, saying it may disrupt GPS signals.
Texas regulators tamp down authority of proposed cybersecurity monitor as PUC nears vote (Utility Dive) State lawmakers "never suggested there was any intention to create a new investigatory entity with oversight authority over monitored utilities," Oncor Electric told regulators earlier this year.
Austin, Texas, names new cybersecurity chief (StateScoop) Erp, a cybersecurity consultant and former Texas Health and Human Services Commission CISO, will join the city as its top IT security official on June 1.
Litigation, Investigation, and Law Enforcement
NSO Group pitched proto-Pegasus to San Diego Police; investigation against buyers of Pegasus in Ghana, Mexico (MediaNama) Three former high-ranking officials in Ghana were sentenced to prison for "clandestinely" purchasing Pegasus. Products were pitched to San Diego Police in 2016.
Ghana jails 3 ex-government officials for spyware deal with Israel’s NSO Group (Times of Israel) Reported ruling by high court in Accra is apparently the first time officials overseas have been imprisoned for dealing with controversial Israeli surveillance firm
TikTok Targeted by Advocacy Groups Over Children’s Privacy (Wall Street Journal) Consumer-advocacy groups filed a complaint against TikTok with the Federal Trade Commission alleging the social-media video powerhouse collected children’s personal data in violation of a 2019 settlement agreement.
Sen. Richard Burr stepping aside as Intelligence Committee chair amid FBI investigation of senators’ stock sales (Washington Post) The execution of a search warrant against a sitting member of Congress is a significant step for the FBI and Justice Department to take in the insider trading investigation.
Q&A: What is ‘unmasking,’ who does it and why (Washington Post) Three Republican senators have released the names of Obama administration officials who requested the disclosure of a name that turned out to be Michael Flynn.
How a Flynn theory became central to the Trump reelection campaign (Washington Post) The president’s government appointees and allies in Congress are using their powers to generate a political storm aimed at engulfing Biden, the presumptive Democratic nominee, and Obama, his popular former boss.