Verizon’s 2022 DBIR. Genealogy of Chaos ransomware. GuLoader in the wild. Fake proofs-of-concept. Hybrid war updates. | #malware | #ransomware


Dateline Moscow, Kyiv, Geneva: Disinformation and dissent.

Ukraine at D+89: Russian disinformation and cyber reconnaissance. (The CyberWire) Russian leaders say all is going according to plan (and that the root cause of the crisis is an Anglo-American plot centuries in preparation), but some signs of internal dissent may be surfacing in Russia. Disinformation efforts continue, and some FSB reconnaissance is detected in Austrian and Estonian networks.

Russia’s invasion of Ukraine: List of key events, day 90 (Al Jazeera) As the Russia-Ukraine war enters its 90th day, we take a look at the main developments.

After 3 months, Russia still bogged down in Ukraine war (AP NEWS) When Russia invaded Ukraine on Feb. 24, it had hoped to overtake the country in a blitz lasting only days or a few weeks. Many Western analysts thought so, too. As the conflict marked its third month Tuesday, however, Moscow appears to be bogged down in what increasingly looks like a war of attrition, with no end in sight and few successes on the battlefield.

Russia consumed by more mysterious fires as huge blazes rage (Newsweek) A fire broke out at an apartment block in the city of Kemerovo, while firefighters are tackling a blaze in the city of Yakutsk.

Why Severodonetsk in eastern Ukraine is key to Russia’s war (Washington Post) The battle for Severodonetsk — one of the last big cities under Ukrainian control in a key eastern province — is emerging as a focal point in Russia’s war.

Too late to evacuate civilians in face of Russian attack, says Luhansk official (the Guardian) Sievierodonetsk under intense bombardment and surrounded on three sides by Russian forces

Powerful American Artillery Enters the Fight in Ukraine (New York Times) The most lethal weapons the West has provided so far to Ukraine are now deployed in combat. Will they make a critical difference for Ukraine’s military in a war that has mostly become an artillery battle?

Ukraine’s Forces Sink Russian River Crossings, Inflicting Heavy Damage (Wall Street Journal) Bridging water in combat is dangerous, complex and demands precise coordination, say veterans. Moscow’s forces have failed repeatedly.

Russia-Ukraine latest news: Putin survived failed assassination attempt at start of war, Ukraine says (The Telegraph) Vladimir Putin survived an assassination attempt at the start of the war in Ukraine, a Ukrainian intelligence chief has revealed.

Assassins tried to kill Putin two months ago (The Telegraph) Ukraine’s head of military intelligence claims ‘representatives of the Caucausus’ were behind the attempt

‘Ashamed’ Russian diplomat resigns over Putin’s ‘aggressive war’ (Washington Post) A diplomat at Russia’s mission to the United Nations in Geneva has resigned over the war in Ukraine, writing that he has never been “so ashamed” of his country, in a rare public rebuke of the war from within the Russian government.

‘They basically got everything wrong’: A Russian diplomat speaks out on the war. (NYTimes) Boris Bondarev, a Russian official who resigned over the war in Ukraine, said his colleagues were focused more on pleasing their superiors than on delivering accurate information to Moscow.

Russian counsellor to UN quits over Ukraine invasion: ‘I have never been so ashamed of my country’ (The Telegraph) In an exclusive interview with The Telegraph, Boris Bondarev says it was his moral duty to take a stand against the Putin regime

Russian officer reveals why he risked it all to quit Putin’s war (CNN) A guilt-ridden Russian officer says he resigned from the military out of shame for the invasion of Ukraine “People around us were dying,” he told CNN. “I didn’t want to feel like I was part of it, but I was a part of it.”

‘F–k the war’: Watch Russian concert-goers chant in protest of invasion of Ukraine (The Telegraph) Any public protest against the war in Russia is fraught with criminal charges

Ukraine destruction: how the Guardian documented Russia’s use of illegal weapons (the Guardian) Cluster bombs, fléchettes and unguided missiles on residential areas: as prosecutors investigate alleged Russian war crimes in Ukraine, our reporters reveal the evidence they discovered on the ground

What are war crimes, and is Russia committing them in Ukraine? (Washington Post) A court in Kyiv on Monday sentenced a Russian soldier to life in prison for killing an unarmed man, accusing 21-year-old Vandi Shishimarin of premeditated murder and violating the “rules and customs of war.”

Network of hyperlocal Russian Telegram channels spew disinformation in occupied Ukraine (CyberScoop) Research published by a Ukrainian think tank shows a network of at least 88 local Telegram channels.

Brad Smith: Russia’s war in Ukraine started on Feb 23 in cyberspace (GZERO Media) Weeks before Russia invaded Ukraine, Microsoft was already helping the Ukrainians defend their cyberspace against Russian hackers, Microsoft President Brad Smith says in a Global Stage livestream discussion at the World Economic Forum in Davos.

How Microsoft was on ‘frontlines’ of Russia-Ukraine conflict early on (king5.com) Microsoft President Brad Smith explains the Redmond-based company’s role in the early days of the war.

Russian hackers perform reconnaissance against Austria, Estonia (BleepingComputer) In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College.

Volodymyr Zelensky and the Art of the War Story (Wired) Video dispatches from the Ukrainian president skillfully dissolve Putin’s delusions. We would all do well to listen.

Pentagon: Some 20 countries announce new security aid for Ukraine (Ukrinform) A virtual meeting of the Ukraine Defense Contact Group on Monday was very successful as about 20 countries have announced new security assistance packages for Ukraine’s Armed Forces. — Ukrinform.

Biden: Leaders navigating ‘dark hour’ after Ukraine invasion (AP NEWS) President Joe Biden told fellow Indo-Pacific leaders assembled for a four-country summit Tuesday that they were navigating “a dark hour in our shared history” due to Russia’s brutal war on Ukraine and he urged the group to make a greater effort to stop Vladimir Putin’s aggression.

Henry Kissinger: Ukraine must give Russia territory (The Telegraph) Former US Secretary of State warns against the defeat of Putin as Western unity on sanctions frays badly

Nato’s united front is crumbling now that Putin has been humiliated in Ukraine (The Telegraph) Western unity will be sorely tested if the conflict turns into a war of attrition with no side claiming victory

Appeasement is the worst possible policy for both Ukraine and Russia (Atlantic Council) Western advocates of appeasement in Ukraine such as French President Emmanuel Macron fail to appreciate the deep-rooted imperial ambitions underpinning Vladimir Putin’s campign to extinguish Ukrainian independence.

Putin doesn’t care about being called a ‘butcher’ – and a compromise would reward him (The Telegraph) A controversial New York Times opinion article says Kyiv must make the ‘hard decisions’ by figuring out how the war should end

Centuries of Russian oppression have forged Ukraine’s remarkable resilience (Atlantic Council) Centuries of traumatic experience with the horrors of Russian imperialism have shaped today’s Ukraine in ways that may actually contribute to Putin’s defeat and help Ukrainians to build a better future for their country.

War in Ukraine: Is Germany losing its EU leadership role? (Deutsche Welle) Germany has developed a credibility problem since the invasion of Ukraine because of its history as a partner of Russia. This could have an impact on the balance of power in the EU.

AP-NORC poll: Economy grows as priority on Russia response (AP NEWS) Americans are becoming less supportive of punishing Russia for launching its invasion of Ukraine if it comes at the expense of the U.S. economy, a sign of rising anxiety over inflation and other challenges, according to a new poll.

How Does the Davos Elite Deal with War in Ukraine? (Washington Post) When the global elite meets at the Swiss resort of Davos this week, for a spring gathering of the World Economic Forum (WEF), war will have forced its way to the top of the agenda.

EC President Von Der Leyen Condemns ‘Russia’s Blackmail’ on Food and Fuel (World Economic Forum) Russia is using food supplies as a weapon, she said and called for international action to prevent a global food crisis

Ukraine to get Harpoon anti-ship missiles from Denmark amid Russian Black Sea blockade (Defense News) Denmark will arm Ukraine with with modern Harpoon anti-ship missiles to protect its coasts, Defense Secretary Lloyd Austin said Monday after concluding the latest U.S.-led meeting of international defense chiefs to coordinate military aid for Ukraine.

Britain unlikely to join naval convoy to break Russia’s grain blockade (The Telegraph) In ongoing discussions, there are plans that countries may introduce a ‘coalition of the willing’ to break through Russia’s blockade

World at risk of famine and mass migration as Ukraine war sparks food catastrophe, IMF warns (The Telegraph) ‘Confluence of calamities’ as countries impose restrictions on energy and wheat exports

Ukraine’s Other Front Line (Foreign Policy) Russia has flailed on the battlefield. But the damage inflicted on Ukraine’s economy could prove existential without Western support.

Corruption Could Mean Ukraine Loses a Future Peace (Foreign Policy) Reconstruction partners must be careful not to hand money to oligarchs.

Sanctions Should Punish Putin, Not His Opponents (Foreign Policy) Russian emigres are being stripped of their ability to survive.

Goodbye, Pushkin. Ukrainians target Russian street names, monuments. (Washington Post) Serhii Sternenko says he has executed several daring nighttime missions against Russian targets since armed conflict broke out in 2014 between Ukrainian nationalists and Moscow-backed separatists in eastern Ukraine, including a raid a few months before Russia invaded.

No More Golden Arches: Russia Moves Forward With McDonald’s Rebrand (Forbes) Workers took down McDonald’s signs near Moscow Monday, according to Reuters, a week after the American fast food giant said it planned to fully exit from Russia.

Attacks, Threats, and Vulnerabilities

New RansomHouse group sets up extortion market, adds first victims (BleepingComputer) Yet another data-extortion cybercrime operation has appeared on the darknet named ‘RansomHouse’ where threat actors publish evidence of stolen files and leak data of organizations that refuse to make a ransom payment.

New Nokoyawa Variant Catching Up to Peers with Blatant Code Reuse (Fortinet Blog) FortiGuard Labs discovered a new variant of the Nokoyawa ransomware and observed that it has been evolving by reusing code from publicly available sources. Read our blog to learn more about the beh…

Emotet Botnet Rises Again (BitSight) In November 2021, a new version of the Emotet botnet emerged. Read our analysis to discover how it happen, its targets, and more.

New ransomware forces victims to donate to poor (The Independent) GoodWill attackers appear to be motivated by social justice rather than monetary gain

Fake Windows exploits target infosec community with Cobalt Strike (BleepingComputer) A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor.

Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof of Concept to Deliver Cobalt-Strike Beacon (Cyble) It becomes essential for the Infosec Community members to check the credibility of sources before downloading any proof of concept.

Hackers can hack your online accounts before you even register them (BleepingComputer) Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox.

Spoofed Saudi Purchase Order Drops GuLoader: Part 1 (Fortinet Blog) FortiGuard Labs recently discovered a social engineering email lure with a message delivered to a company in Ukraine. In part I of our blog, we will analyze the phishing email and provide an analys…

Linux Trojan XorDdos Attacks Surge, Targeting Cloud, IoT (Dark Reading) Analysts have seen a massive spike in malicious activity by the XorDdos trojan in the last six months, against Linux cloud and IoT infrastructures .

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices (Microsoft) In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based encryption for its communications.

Yes, Containers Are Terrific, But Watch the Security Risks (The Hacker News) This article discusses how containers contribute to agile development, what security risks they pose.

Elon Musk deep fakes promote new BitVex cryptocurrency scam (BleepingComputer) Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency.

A ‘whale’ of a threat evolves in the financial industry to steal sensitive data (SC Magazine) When cybersecurity experts discuss “whaling,” they are looking at how cybercriminals target high-level executives with an eye to stealing the most privileged information and getting access to the most sensitive data.

Zola user accounts compromised by gift card hackers (TechCrunch) Some users said hackers had depleted funds held in their wedding registry accounts.

Hackers Drain Wedding Cash From Couples’ Zola Registry Accounts (Vice) “Someone hacked our account and STOLE ALL OUR WEDDING GIFT MONEY!”

Zola confirms cyberattack that reportedly drained hundreds from wedding registry accounts (The Record by Recorded Future) Wedding registry website Zola confirmed that it was hit with a cyberattack over the weekend after dozens of customers took to Reddit and Twitter to complain about their accounts being drained or breached.

Developing: Cyberattack affects Port of London website (Computing) A suspected Iranian group has launched a DDoS attack against the Port of London’s website, which is still down at the time of writing.

Ransomware attack on nonprofit causes data breach of 500,000 students, teachers in Chicago (The Record by Recorded Future) Ohio-based nonprofit Battelle for Kids notified Chicago Public Schools in late April about an incident in December.

KnowBe4 warns users to be vigilant of QR codes and WhatsApp scams (ITWite) QR codes and chat and messaging platform WhatsApp are increasingly being used for phishing and other scams, warns security awareness training and simulated phishing platform KnowBe4. “We’ve seen a spike in smishing (phishing via SMS) attacks over the last 12 months with scammers really leveraging fa…

Cause of cyber attack on city computer systems still undetermined as city, library issue joint statement (Muddy River News) “At this time, we have not determined the root cause of the incident or where the incident originated. Any statements to the contrary made by or to the media are inaccurate.”

Security Patches, Mitigations, and Software Updates

Mozilla Releases Security Products for Multiple Firefox Products (CISA) Mozilla has released security updates to address vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. An attacker could exploit these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-19 and apply the necessary updates.

2021 Data Breach Investigations Report (Verizon Business) Reduce risks with insights from the 2021 Data Breach Investigations Report (DBIR) from Verizon. Read the official report today.

Verizon: Ransomware involving data theft was up sharply last year (Protocol) While ransomware involving data theft used to be relatively rare, 2021 was a turning point for the tactic, the head of Verizon’s threat research team told Protocol.

Employees’ email still drives most of the data loss at organizations (SC Magazine) Nearly two-thirds of IT security professionals in Ponemon-Tessian survey said email remains the riskiest channel for data loss in organizations.

Eighty percent of organisations surveyed have been attacked by ransomware in the past two years (ITWeb) Mimecast research highlights how companies are responding to the scourge of ransomware, how prepared they are for these attacks and how likely they are to pay the ransom.

Devastating cyber attacks expected to hit energy sector (SecurityBrief Australia) Energy executives anticipate life, property, and environment-compromising cyber attacks on the sector within the next two years.

Marketplace

Parsons to Acquire Xator Corporation Acquisition enhances critical infrastructure protection, cUAS, and biometric capabilities (GlobeNewswire News Room) Parsons Corporation (NYSE:PSN) announced today that it has entered into a definitive agreement to…

KKR Leads $200+ Million Growth Investment in Enterprise Identity Protection Leader Semperis (Business Wire) Semperis, a pioneer in identity-driven cyber resilience for enterprises, today announced it has raised over $200M in Series C funding led by KKR.

WSJ News Exclusive | Broadcom Discussing Paying Around $140 a Share for VMware, People Say (Wall Street Journal) The two companies are aiming to announce the cash-and-stock deal on Thursday.

Report: Broadcom may pay $60B for VMware in a deal to be announced Thursday (Silicon Valley Business Journal) Broadcom Inc. is reportedly discussing paying about $60 billion to buy VMware Inc. in a deal the companies are hoping to announce Thursday.

How Broadcom Acquiring VMware Would Shake Up Cybersecurity (Gov Info Security) The tumultuous experience of Symantec under Broadcom’s control presents a cautionary tale for CISOs currently using VMware’s security technology. Symantec saw massive customer and employee attrition following deal close, and the company’s technology doesn’t fare as well in reviews by Gartner.

Former VMware CEO Pat Gelsinger ‘mixed’ on Broadcom’s reported VMware deal (CRN Australia) Says he hopes deal would make a more “compelling, innovative growth story”.

Chipmaker Broadcom’s deal history under chief Hock Tan (CRN Australia) Amid reports of potential VMware takeover.

Red Access Emerges from Stealth with $6M Round to Secure Every Web Session Across any Browser, App and Device (GlobeNewswire News Room) The first SaaS-based, agentless security platform offers frictionless solution to browsing-based cyber threats…

Xerox Ventures Invests in LimaCharlie (Xerox Ventures) Xerox Ventures announces investment in cybersecurity infrastructure company LimaCharlie, delivering on its investment strategy, focused in part on startups increasing the use of intelligent applications and managed services to create more empowered businesses.

Tech Layoffs: US Startups And Tech Companies With Job Cuts In 2022 (Crunchbase News) Tech layoffs in 2022 have included cuts at Netflix, Better, Fast, and other U.S. tech companies. We track all the notable tech and startup layoffs of 2022.

Having a security angle is a priority for MSPs (ComputerWeekly) Research released to mark the latest MSP Day underlines the need for managed service players to be able to provide the data protection that customers are crying out for

4 Cybersecurity Stocks You Can Buy and Hold for the Next Decade (The Motley Fool) Palo Alto, CrowdStrike, SentinelOne, and Tenable are great long-term plays in the booming cybersecurity sector.

5 Oversold Cybersecurity Stocks to Buy Now (InvestorPlace) Cybersecurity spending is expected to grow making these oversold cybersecurity stocks look like more of a bargain than you may have thought.

Charlie Bell, a former Amazon cloud executive, is reorganizing Microsoft’s cybersecurity team after eight months after joining the company. (Puget Sound Business Journal) Charlie Bell, a former Amazon cloud executive, is reorganizing Microsoft’s cybersecurity team after eight months after joining the company.

DirectDefense hires Jared Ballou as VP of Business Development (Help Net Security) DirectDefense announced that it has appointed Jared Ballou as Vice President of Business Development to support the company’s growth.

OneSpan appoints Michael Klieman as CPO (Help Net Security) OneSpan announced that Michael Klieman has joined the company as Chief Product Officer to lead product strategy and innovation

Binary Defense Names Acclaimed Cybersecurity Expert and Business Leade (PRWeb) Binary Defense, a leading Managed Detection and Response (MDR) software developer and managed security services provider, today announced that well-known cybersecur

Splunk and Crowdstrike Executive Chris Hill Joins Horizon3.ai to Lead Federal Strategy (Business Wire) Splunk and Crowdstrike Executive Chris Hill Joins Horizon3.ai to Lead Federal Strategy; Drives Public Sector Growth

Christofer Hoff joins LastPass as Chief Secure Technology Officer (Security Magazine) As Chief Secure Technology Officer, Christofer Hoff will be responsible for the company’s technological innovation and security infrastructure.  

Okta names Phil Goldie as ANZ boss (CRN Australia) Phil Goldie hired from Microsoft.

Cybersecurity veterans join BlueVoyant’s strategic development group (ETCIO.com) Visionary leaders Malcolm Harkins, Chief Security and Trust Officer with Epiphany Systems, and Myrna Soto, Founder and CEO of Apogee Executive Advisor..

DNSFilter Appoints Colin Britton as Chief Operating Officer and Dave Raphael as Chief Product Officer (Business Wire) DNSFilter today announced the appointment of Colin Britton as Chief Operating Officer and Dave Raphael as Chief Product Officer. The executive appoint

Agora, Inc. Deepens Leadership Bench Amid Record Company Growth (PR Newswire) Agora, Inc. (NASDAQ: API) (“Agora”), a pioneer and leading platform for real-time engagement APIs, today announced the promotion of key…

PKWARE Promotes Matt Zomboracz to Chief Financial Officer (PKWARE) PKWARE, a global leader in automated data security, today announced the promotion of Matt Zomboracz to chief financial officer.

Products, Services, and Solutions

Tanium Unveils Free Comprehensive Risk Assessment (Business Wire) Tanium, the industry’s only provider of converged endpoint management (XEM), announced today a new comprehensive, no-cost, five-day risk assessment th

GitLab 15 Provides Replacement for Do-It-Yourself DevOps with The One DevOps Platform (GitLab) Latest Iteration Expands Comprehensive DevOps Platform to Drive Digital Innovation

Zero Trust Prometheus (NetFoundry) NetFoundry celebrated Prometheus Day by releasing the first zero trust Prometheus branch, building zero trust

Star Atlas Launches Initiative to Establish Web3 Security Framework (PR Newswire) Star Atlas, a next-gen metaverse with triple-A game design and Unreal Engine 5 graphics built on the Solana blockchain, today announced an…

MEDIAVAX FEATURED IN FORRESTER REPORT “FUNDING TRUTH IN THE MISINFORMATION AGE” (PR Newswire) MediaVax, an artificial intelligence (AI) company specializing in tracking harmful information online, was featured in a report by global…

Blue Turtle takes wrapper off AI-driven SOC offering at ITWeb Security Summit (ITWeb) Blue Turtle will showcase its vendors and its AI-driven approach to the SOC from 31 May to 2 June at the Sandton Convention Centre.

Forescout Launches Forescout Frontline to Help Organizations Tackle Ransomware and Real Time Threats (Yahoo Finance) Forescout Technologies, the leader in automated cybersecurity, today announced the launch of Forescout Frontline, a new threat hunting service utilizing a team of highly-trained cybersecurity analysts to support cybersecurity teams by proactively identifying risks, enabling accelerated incident response, and maturing security posture. Forescout is offering this complimentary service for organizations that lack the internal resources and visibility to defend themse

Arcanna.ai and MNEMO Partner to Drive Security Operations Efficiency for End Users (PR Newswire) Arcanna.ai, an AI-Assisted Cybersecurity solution provider, today announced its partnership with MNEMO, an Ibercoamerican managed security…

Technologies, Techniques, and Standards

Strategic Corruption: The cybercrime & corruption connection (Thomson Reuters Institute) How can US firms stay proactive in their risk and compliance obligations amid the increasing interplay between global cybercrime and strategic corruption?

Industry Highlights NIST Cybersecurity Framework’s Value as NIST Weighs a Potential Update (JD Supra) Public comments in an ongoing cybersecurity proceeding at the National Institute of Standards and Technology (NIST) highlight the utility of a…

A whole new alert fatigue plagues the infosec community (SC Magazine) The recent situation in Ukraine, combined with ongoing challenges tied to remote work post pandemic and a surge in cybercrime, have resulted in an onslaught of alerts from government agencies and others. But do they help or hurt manage the day to day?

8 Reasons Password Managers Are Not as Safe as You Think (MUO) Are password managers safe to use? They have plenty of benefits, but password managers still have their problems. Here’s what you need to know.

Op-ed: To mitigate the threat of cyberattacks, city must invest in 5G (Crain’s New York Business) The technology’s faster speeds, more efficient monitoring and stronger security standards could stop the next hack from happening

Why the Employee Experience Is Cyber Resilience (Dark Reading) A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.

Colonial Pipeline Ransomware Attack: Lessons for Technologists (Dice Insights) A year ago, a ransomware attack that targeted Colonial Pipeline led to gas shortages in the parts of the U.S. There are good lessons here.

After the Okta Breach, Diversify Your Sources of Truth (Dark Reading) What subsequent protections do you have in place when your first line of defense goes down?

Enable Prometheus to Scrape Anything from Anywhere (Ziti) This is part one of a three-part article. This article provides the necessary background and rationale of the series. The next article will be a detailed explanation of the actual steps necessary to implement the solution. In the final article, we will explore what we have just created and understand what was just created

Academia

Online classes resume after cyber attack at Kalamazoo Valley Community College (mlive) KVCC previously announced it was the victim of a “security incident” on May 16.

Lincoln College Closure Is Just Another Ransomware Milestone (Governing) The predominantly Black college in Illinois announced they were closing their doors as a result of COVID-19 and cyber attack disruptions. Who’s next?

Legislation, Policy, and Regulation

Japan-U.S. Joint Leaders’ Statement: Strengthening the Free and Open International Order (The White House) Today, Japan and the United States affirm a partnership that is stronger and deeper than at any time in its history. Guided by our shared values; anchored

The Era of Borderless Data Is Ending (New York Times) Nations are accelerating efforts to control data produced within their perimeters, disrupting the flow of what has become a kind of digital currency.

How GDPR Is Failing (Wired) The world-leading data law changed how companies work. But four years on, there’s a lag on cleaning up Big Tech.

Steep costs, troubling questions roil DOD cybersecurity program rollout (Medium) About 80,000 companies that sell to the U.S. military will need to pass a cybersecurity audit before they can bid for business under rules…

CISA Signals Cyber Incident Reporting Requirements (JD Supra) In March 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requiring critical infrastructure to…

How Far Have We Come Against Ransomware in the Past Year? (GovTech) One year after the Colonial Pipeline hack — and the IST Ransomware Task Force’s report — attacks remain frequent. But the government is making strides and recognizing the issue as a national security matter.

Use of Cryptocurrency in Ransomware Attacks, Available Data, and National Security Concerns (US Senate Committee on Homeland Security and Gevernmental Affairs) Ransomware is a dangerous form of cyber-attack where threat actors prevent access to computer systems or threaten to release data unless a ransom is paid. It has the power to bankrupt businesses and cripple critical infrastructure – posing a grave threat to our national and economic security. The use of cryptocurrencies has further enabled ransomware attacks, particularly because cryptocurrency is decentralized and distributed and illicit actors can take steps to obscure transactions and make them more difficult to track.

FTC Blog: “The FTC Act Creates a De Facto Breach Disclosure Requirement” (The National Law Review) On May 20, 2022, the Federal Trade Commission’s Team CTO and the Division of Privacy and Identity Protection published a blog post entitled, “Security Beyond Prevention: The Importance of

US Army Seeks to Grow ‘Cyber Warrior Force’ (The Defense Post) As cyber attacks increase, the US Army is looking to increase its force of “cyber warriors” to guard against these threats.

Litigation, Investigation, and Law Enforcement

Colombia investigating attacks against media and journalists (Colombia News | Colombia Reports) Colombia’s prosecution opened investigations into an alleged cyber attack against a corporate television network and an alleged threat against media personalities. Attack on media In a press release, Caracol said…

Data Breach Notifications Under GDPR (JD Supra) Data privacy officers (DPOs) and compliance officers are the first responders in the event of a data breach. Like all emergency workers, they must…

Clearview AI face-matching service fined a lot less than expected (Naked Security) The fine has finally gone through… but it’s less than 45% of what was originally proposed.

UK data authority fines Clearview AI more than £7.5m, orders UK data deleted (The Record by Recorded Future) Privacy backlash continues against facial recognition company.

The walls are closing in on Clearview AI (MIT Technology Review) The controversial face recognition company was just fined $10m for scraping UK faces from the web. That might not be the end of it.

DC attorney general sues Mark Zuckerberg over Cambridge Analytica data breach (ABC News) The Cambridge Analytica leak allegedly exposed 87 million people’s data.

Facebook, Zuckerberg sued by DC attorney general over Cambridge Analytica scandal (The Record by Recorded Future) Washington DC’s Attorney General filed a lawsuit against Facebook and founder Mark Zuckerberg on Monday for a variety of data privacy law violations related to the actions of Cambridge Analytica during the 2016 US presidential election.

Google Can’t Ditch Wash. AG’s Location Data Privacy Suit (Law360) A Seattle federal judge has refused to ax the Washington attorney general’s lawsuit accusing Google of secretly tracking users’ locations, finding that the tech giant had “fair notice” that its data-gathering practices could subject it to liability under the state’s consumer protection law. 



Original Source link

Leave a Reply

Your email address will not be published.

− two = five