Attacks, Threats, and Vulnerabilities
North Korean hackers posed as Samsung recruiters to target security researchers (The Record by Recorded Future) North Korean state-sponsored hackers posed as Samsung recruiters and sent fake job offers to employees at South Korean security companies that sell anti-malware software, Google said this week in the first edition of its new Threat Horizons report.
ScarCruft surveilling North Korean defectors and human rights activists (Securelist) The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group.
The nuclear consequences of cyber vulnerabilities (European Leadership Network) As cyber-nuclear interactions are likely to increase given trends in the militarisation of the cyber domain and the digitalisation of nuclear weapons systems, Wilfred Wan writes that nuclear-armed states must strengthen the cyber security of their weapons and should elaborate standards across the entirety of their supply chains.
More than 9 million smartphones infected with Cynos malware (The Record by Recorded Future) Chinese smartphone vendor Huawei has temporarily removed 190 Android games from its official AppGallery app store after it received a report from Russian security firm Dr.Web that the apps contained an overly aggressive monetization library that was collecting extensive details from users’ devices.
GoDaddy Says Several Brands Hit by Recent WordPress Hosting Breach (SecurityWeek) GoDaddy says the recent WordPress hosting breach impacts several of its brands, including 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost.
GoDaddy cyber attack yet another ‘wake up call’ to insurance industry – CyberCube (Insurance Times) Cyber insurers need to be on their guard when it comes to single point of failure cyber attacks, recommends cyber analytics firm
Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild (The Hacker News) Hackers are actively exploiting a new zero-day variant of a recently disclosed privilege escalation vulnerability affecting the Windows Installer.
Warning Issued For Millions Of Microsoft Windows 10, Windows 11 Users (Forbes) Microsoft has confirmed a serious new warnings to all Windows users…
Apple Issues Serious New iPhone Warnings (Forbes) Apple is now alerting users about the biggest hack in iPhone history…
Extortion Economy (MIT Technology Review) Ransomware attacks are proliferating across the US, disabling computer systems and harming critical infrastructure — hospitals, city governments, schools, even an oil pipeline. Why is this happening now and can it be stopped? A podcast series by MIT Technology Review and ProPublica. Hosted by Meg Marco, this 5-part podcast series looks at the money, people…
Should You Be Worried About “Killware”? (MUO) Is “Killware” a newer, more dangerous type of cyberattack we should all fear?
Beware of PhoneSpy malware found on 23 apps! (HT Tech) PhoneSpy malware has been found in 23 apps that you may have downloaded. They can cause much harm to you.
Panasonic discloses data breach after network hack (BleepingComputer) Japanese multinational conglomerate Panasonic disclosed a security breach after unknown threat actors gained access to servers on its network this month.
Maritime giant Swire Pacific Offshore suffers data breach following cyber-attack (The Daily Swig) Organization said it suffered ‘unauthorized access’ to systems
Bureau Veritas hit by cyber attack (The Loadstar) Another day, another cyber attack; this time on ship classification society Bureau Veritas, which saw its cybersecurity system impacted. The breach was discovered on Saturday, according to Ship Technology, and has led to the company taking all its servers and data offline while it works on “protective measures”, it said. Earlier this month a cyber intelligence company warned it was an opportune time for attacks on the supply chain sector, and …
Mahan Air Of Iran Hit By Cyber Attack (Simple Flying) Iranian carrier Mahan Air was hit by a cyberattack earlier this week. The airline claims to have prevented any damage to its operations from the attack, with no flights affected. However, there have been reports of issues since the attack took place.
IKEA email systems hit by ongoing cyberattack (BleepingComputer) IKEA is battling an ongoing cyberattack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails.
IKEA’s email system under attack, report (Computing) Reply-chain attacks allow hackers to send malicious emails from genuine accounts
IKEA faces a cyber attack (Aviation Analysis Wing) After the VDL and Mediamarkt, Ikea is now under a cyber attack. That’s what Eric…
FBI: Online shoppers risk losing over $53M to holiday scams (BleepingComputer) The Federal Bureau of Investigation (FBI) warned today that online shoppers risk losing more than $53 million during this year’s holiday season to scams promising bargains and hard-to-find gifts.
Get Ready for Black Friday DDoS Attacks (Reblaze Blog) An article describing the dangers of DDoS attacks that happen around Black Friday, especially for ecommerce sites and applications. Discusses a novel DDoS attack variation observed in 2021 as well as how Reblaze’s DDoS attack protection solution can help you prepare and protect your site from DDoS attacks this Black Friday
Scammed: This single mother responded to a job offer she got via SMS—this is what happened (ABS-CBN News) NPC commissioner Raymund Liboro said a globally organized syndicate could be behind the recent surge in SMS-based phishing scams
Library officials recount actions in wake of cybersecurity incident (The Blade) While the Toledo Lucas County Public Library continues to investigate and recover from the cyberattack that struck its systems the morning of Halloween, …
Lewis & Clark remains offline after cyber attack (Alton Telegraph) GODFREY – Lewis & Clark Community College campuses remain closed following a cyber…
Security Patches, Mitigations, and Software Updates
Microsoft patch fails to fix Installer zero-day affecting every version of Windows (IT PRO) The exploit allows hackers to elevate privileges and create admin accounts
VMware Patches File Read, SSRF Vulnerabilities in vCenter Server (SecurityWeek) VMware has patched arbitrary file read and SSRF vulnerabilities in vCenter Server.
Trends
Cyber-attacks are top concern for Board Directors: McGill (Reinsurance Ne.ws) According to a new report from specialist reinsurance broker McGill and Partners, cyber-attacks are the number one concern for Board Directors. 81% of
CTOs see human error, ransomware and phishing as biggest security threats (Security Brief) Despite the inexorable rise of ransomware in the last couple of years, the biggest security concern in the minds of CTOs remains the potential impact of human error.
45% of organisations prefer not to disclose employee information leaks: Kaspersky report (Business Today) According to the same Kaspersky report, only 44% of businesses offer IT security training to its employees.
Open Data and OSINT as an attack vector (The CyberWire) Democratic governments face a dilemma: on the one hand open data are invaluable to creating a robust, informed civil society; on the other hand, they’re an invaluable source of open source intelligence for hostile intelligence services. It’s an unusually difficult risk management challenge.
Cyberthreat awareness low among remote workers (SC Media) A Unisys study revealed that only 21% of hybrid and remote workers were knowledgeable of advanced online threats even though 61% felt having primary responsibility for their digital security.
South Africa, Kenya and Nigeria see a decrease of ordinary threats, yet experience a massive increase of targeted malware schemes (The Guardian Nigeria News) According to Kaspersky’s (https://Kaspersky.co.za/) latest research on the threat landscape trends, South Africa, Kenya and Nigeria are facing a dramatic change in the threat landscape. While regular, self-propagating malware is decreasing dramatically, as it is no longer effective and cannot fly under security radars, the region will see the growth of new cybercrime models in […]
Cyberstalking study: UK residents most accepting of spyware to track partners’ movements (The Daily Swig) Report from cybersecurity firm Kaspersky reveals worrying attitudes towards spyware usage
Over Half of Brits Have Suffered a Cyber Attack but Almost 2 in 3 Do Not Know How Cyber Insurance Can Protect Them (PR Newswire) A new study from Avast (LSE:AVST), a global leader in digital security and privacy, reveals almost four in ten (37%) UK consumers are not aware…
Most Brazilian remote workers feel responsible for corporate data security (ZDNet) But only a minority of professionals hold employers accountable for the integrity of data, research has found.
Cybercrime Costing the Irish Economy a Whopping €9.6BN (Irish Tech News) New research carried out by Grant Thornton Ireland has revealed the overall cost of cybercrime to the Irish economy in 2020 to be €9.6bn.
Marketplace
Cipherpoint finalises $1 million acquisition of Tassie MSSP VIT Cyber Security (CRN Australia) Expanding its managed security presence into Tasmania.
IoT Security Company Shield-IoT Raises $7.4 Million (SecurityWeek) IoT/IIoT security company Shield-IoT this week announced that it has closed a $7.4 million Series A funding round, which brings the total raised to $11 million.
Estonia-based GScan closes a €500K investment round to improve safety and efficiency in security and cargo scanning (Baltic Times) GScan, a deep tech company that develops cos…
Clearlake Capital to Acquire Global Cybersecurity, Data Intelligence and IT Operations Management Software Leader Quest from Francisco Partners (Yahoo Finance) Investment to Accelerate Growth and Drive Continued SaaS Bookings Momentum in One Identity/OneLogin, the Industry’s Most Comprehensive Unified Identity Cybersecurity Software Platform New Platform Investment to Drive Robust Buy-and-Build Strategy and Support Quest Customers and Partners through Digital Transformation in Cybersecurity, Data Intelligence, and IT Operations SANTA MONICA, Calif. and ALISO VIEJO, Calif., Nov. 29, 2021 (GLOBE NEWSWIRE) — Quest Software (“Quest” or the “Company”), a g
DNV Aims to Bolster Maritime Cyber Defense with Acquisition of Applied Risk (MarineLink) DNV will acquire industrial cyber security specialist Applied Risk, aiming to build the world’s largest industrial cyber security…
RUSSIA : Russia’s Operation Zero enters increasingly political zero-day market (Intelligence Online) As Washington seeks to regulate the sale of vulnerabilities to its advantage, a new Russian player has emerged on the scene: Operation Zero, founded by researcher Sergey Zelenyuk.
Why cyber risk is frustrating for some insurers (Canadian Underwriter) Cyber insurers are taking a “multi-pronged” approach to ensure they can actually make money off the product. More carriers are expanding their offerings to include cyber, more commercial clients are buying cyber coverage and more insurance buyers are aware of…
Cybersecurity No Longer Seen as a Cost Center, But as a Business Enabler: Trend Micro (Tech Times) The company will take a SaaS-first approach in India to address the cybersecurity needs of enterprises.
Controversial Pegasus spyware faces its day of reckoning | John Naughton (the Guardian) The infamous hacking tool is now at the centre of international lawsuits thanks to a courageous research lab
UK Cyber Firm Faces Investors Over Stock Turmoil (SecurityWeek) Darktrace came under investor scrutiny over dramatic share price gyrations since its headline-grabbing London stock market float.
Move Over, GE. The Tech Conglomerates Are the New Leaders of Industry. (Wall Street Journal) As General Electric and other old-school behemoths break up, Amazon, Apple, Alphabet, Microsoft and Meta are taking their place as the do-everything companies of the future.
Why cybersecurity stocks should be part of your investment portfolio (The Economic Times) Companies and governments worldwide are showing a renewed interest in building cyber resilience following several high-profile attacks. This has translated into high demand for next-gen cybersecurity products (software and hardware), which has led to cybersecurity companies reporting strong numbers in 2021.
Researcher Awarded $10,000 for Google Cloud Platform Vulnerability (SecurityWeek) Security researcher David Schütz says he received over $10,000 in bug bounty payouts from Google after reporting a Google Cloud project vulnerability and subsequent bypasses to rolled-out fixes.
Group-IB enhances presence in India by partnering Ingram Micro (Group-IB) Group-IB, one of the global cybersecurity leaders, has signed a distribution agreement with the Indian branch of Ingram Micro, the world’s leading wholesale distributor of technology products and services. As Group-IB’s official distributor in India, Ingram Micro will grant organizations in the country access to Group-IB’s proprietary technologies dedicated to deterring and probing into cyberattacks, and safeguarding against online fraud and intellectual property misuse.
Security vendor Cybots lands in Australia (CRN Australia) Setting up shop in Melbourne.
The chief revenue officer of $9 billion cybersecurity firm Tanium is leaving, the latest in a string of exec departures (Business Insider) Tanium’s chief revenue officer Thomas Stanley is leaving the firm. Other leaders, including its former chief marketing officer, have left this year.
Bitdefender ANZ boss Demetrios Georgiou jumps to Secureworks (CRN Australia) Demetrios Georgiou joins APAC biz as sales director and general manager.
Fokus auf das Neukundengeschäft: G Data ernennt Andy Felbinger zum Head of Sales Deutschland (Funkschau) Ab Dezember übernimmt Andy Felbinger die Leitung des Außen- und Innendienst-Teams beim deutschen Cybersicherheitsspezialisten G Data Cyber Defense. Als Head of Sales Deutschland berichtet er dabei direkt an Cornelia Lehle, welche den gesamten DACH-Vertrieb verantwortet.
Jack Dorsey steps down as Twitter CEO; Parag Agrawal succeeds him (NPR.org) He’ll continue to head Square, the financial payments service. Dorsey has been criticized for leading both companies at once.
Products, Services, and Solutions
A manufacturer’s path to mature cybersecurity (Manufacturing) The partnership between Trace3, Critical Start and Palo Alto is bringing peace of mind to SMC Corporation
ESET teams up with CMS (PCR) CMS Distribution has signed a distribution agreement with ESET. “ESET has chosen CMS Distribution a
Cellebrite’s welcome cooperation with SafeUP highlights ethical complexities (Israel Defense) The Israeli digital forensics company, often in the line of fire by the public and human rights groups, will support an app designed to create a social network of female solidarity, which helps the safety of women in the public sphere in real time.
Check Point CloudGuard Network Security streamlines operational efficiency with as-a-Service solution on AWS (Check Point Software) Check Point is honored and excited to take cloud security innovation to
Are Password Protectors Safe in 2021? List of Every Major Breach to Date (Privacy Australia) We compiled a list of every major security breach to help you decide which password protector is the best one to ensure 100% safety and security.
Technologies, Techniques, and Standards
Biometrics, Smartphones, Surveillance Cameras Pose New Obstacles for U.S. Spies (Wall Street Journal) CIA operatives could once cross borders or traverse foreign cities undetected. Now, they face digital obstacles that are the hallmarks of modern life.
Power grid cyber security recommendations still don’t address key grid cyber vulnerabilities (Control Global) In August 2021, DNV published DNV-RP-0575, “Recommended Practice, Cyber security for power grid protection devices” https://rules.dnv.com/docs/pdf/DNV/RP/2021-08/DNV-RP-0575.pdf . The Recommended Practice is important as it was developed based on the results of a joint research and development project with Fingrid (Finland), Stattnet SF (Norway), and Svenska Kraftnet (Sweden) and used by T&D India following the Chinese cyberattacks.
Cyber insurance could be the key to helping you stay safe online (TechRadar) Many consumers are unaware of the service
Bangladesh Bank to form emergency response team to thwart cyber attack (Business Standard) The Fin-Cert will build a threat intelligence platform and spell out security standards
Centre of excellence to deal with cyber security to come up in Guwahati (ETCIO.com) The Cyber COE is envisaged to provide intelligence services to the Government of India, state governments, Public Sector Undertakings, and corporates ..
AT&T, Verizon to temporarily turn down 5G power to address FAA worries (Light Reading) ‘We will … adopt these precautionary measures to allow for additional time for continued analysis,’ the two companies wrote of their plans to reduce the power of their 5G networks.
AT&T, Verizon propose temporary 5G limits to address FAA concerns (AppleInsider) AT&T and Verizon on Wednesday agreed to limit certain 5G services for six months as federal regulators investigate concerns regarding signal interference with aircraft sensors.
Mitigating cyber threats within 5G cloud infrastructure (Security Magazine) As part of the Enduring Security Framework, the National Security Agency and the Cybersecurity and Infrastructure Security Agency published guidance to mitigate cyber threats within 5G cloud infrastructure.
Maritime Cyber Baseline scheme (Professional Security) Maritime Cyber Baseline scheme. Professional Security magazine online – an essential read for everyone in the security industry.
MPA and Maritime Partners Maintain Cybersecurity Readiness through Inaugural Exercise (Hellenic Shipping News) The Maritime and Port Authority of Singapore (MPA) held an inaugural sector-wide maritime cybersecurity exercise today, codenamed ‘Exercise CyberMaritime 2021’, to put the sector’s coordination on cybersecurity incident management, emergency response plans, and crisis communications to the test. The three-day table-top exercise on 26, 29 and 30 November, will be conducted in a hybrid format …
GlobalPlatform Helps Secure Element Ecosystem Demonstrate Security & Regulatory Compliance (GlobalPlatform) Secure Element Protection Profile helps stakeholders compare products and comply with evolving IoT and cybersecurity regulations
Coalition Against Stalkerware Celebrates Two Years of Work to Keep Technology Safe for All (Electronic Frontier Foundation) In this guest post by the Coalition Against Stalkerware marking its second anniversary, the international alliance takes a look back on its achievements while seeing a lot of challenges ahead.Two years ago, in November 2019, the Coalition Against Stalkerware was founded by 10 organizations. Today,…
DNS Over HTTPS for Cobalt Strike (Black Hills Information Security) Kyle Avery // Introduction Setting up the C2 infrastructure for red team engagements has become more and more of a hassle in recent years. This is a win for the security community because it means that vendors and professionals have learned from previously successful techniques and implemented effective mitigations in their networks. DNS over HTTPS […]
Design and Innovation
Twitter updates iOS app to stop tweets disappearing mid-read (The Verge) It follows an update made on its web version.
Research and Development
Inside Intel’s Secret Warehouse in Costa Rica (Wall Street Journal) The chip maker is stockpiling legacy technology at a facility in Costa Rica for security tests that can be done from anywhere in the world and it plans to expand the facility to house 6,000 pieces of equipment.
Academia
EU needs more cybersecurity graduates, says ENISA (Register) Skills gap needs filling somehow
As U.S. Hunts for Chinese Spies, University Scientists Warn of Backlash (New York Times) A chilling effect has taken hold on American campuses, contributing to an outflow of academic talent that may hurt the United States while benefiting Beijing.
Legislation, Policy, and Regulation
The means to manage cyberspace and the duty of security (Modern Diplomacy) Over and above the ethical concepts regarding the near future, it is also good to focus on the present. Governments are required to protect their national resources and infrastructure against foreign and domestic threats, to safeguard the stability and centrality of human beings and political systems and to ensure modern services for civilians. Suffice it […]
Ukraine leader alleges Russia-backed coup planned next week (Military Times) Ukrainian President Volodymyr Zelenskyy said he received information that a coup was being planned for next Wednesday or Thursday.
Will Russia invade Ukraine? (Military Times) Wednesday, the U.S. Embassy in Kyiv issued an alert to U.S. citizens, warning them of “concerning reports of unusual Russian military activity near Ukraine’s borders and in occupied Crimea.”
All options fraught with risk as Biden confronts Putin over Ukraine (the Guardian) Analysis: Moscow presents Washington with a no-win situation: capitulate on Ukrainian sovereignty or risk all-out war
What’s Russia doing in Ukraine? Its latest military drills provide critical clues. (Atlantic Council) Here’s what the Zapad-2021 joint exercise between Russia and Belarus revealed about the Kremlin’s strategic plans.
Russia Won’t Let Ukraine Go Without a Fight (Foreign Affairs) Moscow threatens war to reverse Kyiv’s pro-western drift.
Inside Wagnergate: Ukraine’s Brazen Sting Operation to Snare Russian Mercenaries (bellingcat) How a daring Ukrainian sting, years in the making, unravelled in spectacular circumstances.
What Russia Really Wants in the Balkans (Foreign Policy) The Kremlin is destabilizing Bosnia and Herzegovina in pursuit of broader strategic goals.
Energize NATO’s Response to Russia’s Threats Against Ukraine (Defense One) Signal new efforts to thwart a controversial Russian energy pipeline.
Russia Says U.S. Forcing Its Diplomats Out as Tensions Escalate (Bloomberg) 55 Russian diplomatic staff ordered to leave U.S. by mid-2022. U.S. toughened approach after Russia barred its local staff.
Iran’s War Within (Foreign Affairs) Ebrahim Raisi and the triumph of the hard-liners
Israel and Iran Broaden Cyberwar to Attack Civilian Targets (New York Times) Iranians couldn’t buy gas. Israelis found their intimate dating details posted online. The Iran-Israel shadow war is now hitting ordinary citizens.
2 US defense officials say Israel hacked Iran’s gas system last month — NYT (Times of Israel) Cyber assault on Iranian fuel system was followed by hack of Israeli LGBTQ dating site, pointing to new trend of attacks against soft targets, New York Times reports
Israel restricts cyberweapons export list by two-thirds, from 102 to 37 countries (The Record by Recorded Future) The Israeli government has restricted the list of countries to which local security firms are allowed to sell surveillance and offensive hacking tools by almost two-thirds, cutting the official cyber export list from 102 to 37 entries.
Amid NSO scandal, Israel said to ban cyber tech sales to 65 countries (Times of Israel) In potential major blow to industry, Defense Ministry reportedly scales down list of eligible states to just 37, dropping the UAE, Morocco, Saudi Arabia and dozens of others
Israel defense ministry slashes cyber export list, drops Saudi Arabia, UAE (CTECH) The Ministry of Defense has reduced the number of countries approved for export of cyber tools by Israeli companies from 102 to 37
NSO blacklisting: It is time for the US to end its Cold War ways (Al Jazeera) Israel will continue exporting harmful surveillance tech unless Washington stops turning a blind eye.
Under new deal, Israel and Morocco could share intel, hold joint drills — official (Times of Israel) A top Israeli defense official says Jerusalem and Rabat will begin cooperating deeply on security issues following the signing of a memorandum of understanding between the two countries.
Britain and Israel to sign trade and defence deal (the Guardian) Pact covers Iran as well as cybersecurity, despite controversy over use of Israeli firm NSO Group’s Pegasus spyware in UK
Japan, Vietnam Look to Cyber Defense Against China (SecurityWeek) Japan and Vietnam signed a cybersecurity agreement as the two Asian nations step up their military ties amid concerns over China’s growing assertiveness
EU outlines plans for regulating tech giants (CRN Australia) Proposing the Digital Markets Act and the Digital Services Act.
EU lawmakers vote for tougher rules on ad tracking (Computing) The proposals are part of the EU’s ongoing fight to regulate tech giants
EU Pushes to Limit How Tech Companies Target Political Ads (Wall Street Journal) The European Union is proposing a ban on media companies targeting political ads at people based on their religious views or sexual orientation, a new volley in the continent’s expansion of global tech regulation.
Indian Government Submits Bill to Ban Most Cryptocurrencies, Dashing Hopes for Friendlier Measure (CoinDesk) While the bill might be the same as the draft submitted in January, expectations had grown that the government would submit a final version that would be accommodative to crypto.
Possible Huawei ban has telecoms asking Liberals about taxpayer compensation for new equipment (National Post) Both Bell and Telus have previously installed Huawei equipment to serve their existing older-generation networks, and it would have to be removed if the ban is retroactive
Taxpayer funds may be used to remove Huawei equipment if company is banned in Canada (MobileSyrup) Although an announcement has yet to be made, Canada is expected to follow the lead of allies in the Five Eyes intelligence network.
Estonia aligning with Europe against Huawei (Developing Telecoms) Estonia’s parliament The Rigiikogu has approved new legislation that effectively bans the country’s operators from using network equipment from China’s Huawei.
China’s top policymaking body charts plan for science and technology ‘self-sufficiency’ (The Record by Recorded Future) China’s top leadership unveiled a plan for developing homegrown science and technology with an eye toward Chinese “self-sufficiency.”
China Asks Didi to Delist From U.S. On Security Fears (Bloomberg) Regulators asked Didi brass to devise a plan to go private. Forced delisting will be severest action against China Tech.
Former DefSec Carter Calls for Stronger Retaliation Against Cyberattacks (MeriTalk) Former U.S. Secretary of Defense Ash Carter said cybersecurity risks are a “very serious matter” and called for stronger retaliation from the U.S. government and Department of Defense (DoD) against malicious cyber actors.
US sanctions 28 quantum computing entities in China, Russia, Pakistan, Japan (The Record by Recorded Future) The US Department of Commerce has sanctioned 28 organizations from China, Russia, Pakistan, Japan, and Singapore for helping advance and distribute quantum computing technologies to military and nuclear weapons programs.
US Government Adds Four Entities on the Department of Commerce Bureau of Industry and Security Entity List for Malicious Cyber Activities (Global Compliance News) On November 3, 2021, the Commerce Department’s Bureau of Industry and Security (“BIS”) issued a final rule adding the following four entities to the Department of Commerce Bureau of Industry and Security Entity List: Candiru (Israel), NSO Group (Israel), Computer Security Initiative Consultancy PTE (Singapore), and Positive Technologies (Russia). The addition of the four entities comes after the October 21, 2021 publication of an interim rule by BIS establishing controls on the export, re-export, and in-country transfers of items that may be used for malicious cyber activities and is part of the ongoing effort by the Biden-Harris Administration to combat the use of digital tools for repression.
More Chinese firms added to US trade blacklist (Computing) The action will restrict exports to firms that support Chinese military’s modernisation efforts, US government says
Why Do Governments Reveal Cyber Intrusions? (Lawfare) Germany’s decision to publicly name the Ghostwriter hacking group as the perpetrator targeting its political institutions should not be taken lightly.
Antitrust Tech Bills Gain Bipartisan Momentum in Senate (Wall Street Journal) Support for curbing large technology companies’ market power is widening in the Senate, with lawmakers in both parties endorsing new legal constraints on search engines, e-marketplaces, app stores and other online platforms.
The head of Instagram agrees to testify as Congress probes the app’s effects on young people. (New York Times) This will be the first time Adam Mosseri, a trusted lieutenant to Mark Zuckerberg, will appear before lawmakers under oath.
UK’s surveillance culture may be normalising use of tech for abuse (ComputerWeekly.com) Intense surveillance of public spaces by UK authorities may be playing a part in the normalisation of cyber stalking in intimate relationships.
Govt to introduce new social media laws on ‘defamatory’ comments (CRN Australia) To make social media companies provide details of commenters.
What the SEC Requires From Businesses After a Data Breach (Security Intelligence) Consumers have become wary of data breaches and the decreased safety of their personal information. However, the cost of a data breach is no longer only a matter of money and your company’s good name. There is now a third critical reason to pay attention: the U.S. Securities and Exchange Commission — more commonly referred to as the SEC.
FTC warns health apps to comply with health data-breach rules (American Medical Association) The AMA has pushed for better protection of patients’ data in health apps. Learn how this federal regulatory action moves in that direction.
Litigation, Investigation, and Law Enforcement
Ransomware: key legal issues facing organisations under attack (Lexology) Targets range from small unlisted companies to large organisations and government agencies, often with sophisticated cyber defences and policies. The…
Cyber criminals stopped from stealing tens of millions of dollars as AFP unleashes new cyber punch (Mirage News) The AFP has stopped cyber criminals from stealing $24 million from the superannuation accounts of hard-working Australians and launched several
Govt announces police-led cybercrime coordination centre (CRN Australia) Joint Policing Cybercrime Coordination Centre to open in March 2022.
CIA director warns Russian spies of ‘consequences’ if they are behind ‘Havana Syndrome’ incidents (Washington Post) CIA Director William J. Burns delivered a confidential warning to Russia’s top intelligence services that they will face “consequences” if they are behind the string of mysterious health incidents known as “Havana Syndrome” afflicting U.S. diplomats and spies around the world, according to U.S. officials familiar with the exchange.
China agency tells Tencent their apps have to be approved before they go live or update (The Record by Recorded Future) Chinese regulators have told video game giant Tencent that it will need to submit its apps to the Ministry of Industry and Information Technology, or MIIT, before launching them.
Interpol arrests over 1,000 suspects linked to cyber crime (BleepingComputer) Interpol has coordinated the arrest of 1,003 individuals linked to various cyber-crimes such as romance scams, investment frauds, online money laundering, and illegal online gambling.
12 online fraudsters arrested in global operation against counterfeiters (Europol) From 1 May 2021 until 14 November 2021, Operation In Our Sites took place leading to the arrest of 12 suspects, the seizure of €2.6 million worth of counterfeit goods and cash to the value of €460 468.
A young Argentine was caught in a cocaine-fueled celebrity scandal; 25 years later, Google won’t let her forget (Rest of World) When a ’90s scandal ensnared an Argentine woman in the past, she sued Google for the right to be forgotten.
Two Nigerians Sentenced to Prison in U.S. for Role in BEC Scams (SecurityWeek) Two Nigerian nationals have been sentenced to prison in the United States for their roles in BEC schemes
39 arrested over job, phishing scams involving more than S$20 million (CNA) SINGAPORE: A total of 39 people were arrested over their suspected roles in job and phishing scams involving more than S$20 million, said the police on Sunday (Nov 28).
The 35 men and four women, aged between 16 and 65, were nabbed during an islandwid
Group-IB helps Italian officials take down scammers selling COVID-19 docs via Telegram (The Record by Recorded Future) Just days after the Italian government announced that it would tighten restrictions linked to its COVID-19 health pass, Italian police announced that they had broken up a criminal gang selling hundreds of fake passes and certificates via Telegram.
Pass to nowhere: Group-IB assists Italian law enforcement in identification of fraudsters selling fake Green Passes (Group-IB) Group-IB, one of the global cybersecurity leaders, has assisted Guardia di Finanza (GdF), the Italian law enforcement agency responsible for dealing with financial crime, in the probe into activities of the criminal organization which trafficked fake Green Passes — documents issued for vaccinated Italian citizens and those tested negative or recently recovered from COVID-19 — via Telegram messenger. As a result of the No-Vax Free operation, several suspected administrators of the Telegram channels were searched in Veneto, Liguria, Apulia, and Sicily. The suspects admitted the offence.
Roblox sues banned ‘cybermob leader’ for terrorizing the platform, its developers (Polygon) The banned Roblox user is also a popular and controversial YouTube creator, Ruben Sim
Microsoft targeted in antitrust complaint to EU over OneDrive (POLITICO) German software company says Microsoft ‘pushes’ its file-hosting service OneDrive in Windows.
EU companies issue formal complaint against Microsoft OneDrive Windows integration (ZDNet) Nextcloud and almost 30 other European companies have filed a complaint about Microsoft’s anti-competitive behavior with its OneDrive cloud storage offering.
Italy fines Apple and Google for ‘aggressive’ data practices (TechCrunch) Apple and Google have been fined €10 million apiece by Italy’s competition and market authority (AGCM) which has found they did not provide their users with clear enough information on commercial uses of their data — in violation of the country’s consumer code. The regulator also …
Google agrees to deeper UK oversight of Privacy Sandbox (TechCrunch) As part of an ongoing antitrust investigation into Google’s Privacy Sandbox by the UK’s competition regulator, the adtech giant has agreed to an expanded set of commitments related to oversight of its planned migration away from tracking cookies, the regulator announced today. Google ha…
He Leaked U.S. Missile Secrets. It Turned Into ‘a Dark Comedy of Errors.’ (The Daily Beast) The feds accused James Schweitzer of exacting revenge after he lost his security clearance over medical marijuana. Schweitzer tells a different story.
