Attacks, Threats, and Vulnerabilities
Puerto Rico’s Power Distributor Suffered a Cyberattack Hours Before a Devastating Fire (Wall Street Journal) Luma Energy said a distributed denial-of-service attack targeted its customer portal, as well as its mobile app, shutting out customers trying to access their accounts or report outages.
No Data Breach Of Government’s Email System, Says Centre (NDTV) Media reports that data breaches in some companies have compromised email accounts of the government’s National Informatics Centre are wrong, the centre said today in a statement.
Govt rules out NIC data breach, says email system ‘totally safe & secure’ (The Economic Times) The email system is “totally safe and secure”, government says, dismissing a report claiming that data breaches in firms like Air India, BigBasket and Domino’s had exposed email accounts and passwords of NIC emails to hackers.
Radware Alert: Fancy Lazarus DDoS Extortion Group is Back with New Campaign Focused on Unprotected Assets Across All Industries (GlobeNewswire News Room) Radware Onboards Numerous Customers with Fancy Lazarus Ransom Letters in Recent Weeks…
This new hacking group has a nasty surprise for African, Middle East diplomats (ZDNet) The newly-discovered APT pulls no punches when it comes to cyberespionage.
China backed APT41 behind SITA and Air India cyber attacks (CNBC) The report states, though the Air India attack lasted for just 4 days short of 3 months, it took the threat actors only 24 hours and 5 minutes to spread Cobalt Strike beacons to the other devices in the airline’s network.
How Did the Feds Get the Pipeline Hackers’ Bitcoin? Here’s the Best Theory (Decrypt) A ransomware expert explains how the U.S. likely seized most of the Bitcoin from the Colonial Pipeline attack.
What We Owe To Ransomware Gangs (Forbes) The ransomware “epidemic” we’re experiencing is really just a slow moving, decentralized, cross-sector red teaming exercise that we have outsourced to the mob.
How Hackers Used Slack to Break into EA Games (Motherboard) A representative for the hackers explained to Motherboard how the group stole a wealth of data from the game publishing giant.
Hackers reportedly used EA Games’ Slack to breach network, access source code – CyberScoop (CyberScoop) Hackers who reportedly stole valuable source code from games company Electronic Arts did so by first infiltrating the company’s Slack, a representative for a group claiming credit for the attack told Motherboard.
Fallout of EA source code breach could be severe, cybersecurity experts say (TechRepublic) Potential buyers could be interested in using the source code to game the game to make millions, perhaps sounding EA’s death knell in the process.
CD Projekt Red does an about-face, says ransomware crooks are leaking data (Ars Technica) Data taken in breach disclosed in February likely related to employees and contractors.
Avaddon ransomware shuts down and releases decryption keys (BleepingComputer) The Avaddon ransomware gang has shut down operation and released the decryption keys for their victims to BleepingComputer.com.
Avaddon ransomware operation shuts down and releases decryption keys (The Record by Recorded Future) The criminal group behind the Avaddon ransomware has shut down its operation today and released decryption keys for past victims.
Burgeoning ransomware gang Avaddon appears to shut down, mysteriously (CyberScoop) A ransomware gang has apparently disappeared just as its fortunes were rising. Ransomware experts said Avaddon shut down as of Friday.
Avaddon ransomware group closes shop, sends all 2,934 decryption keys to BleepingComputer (ZDNet) Bleeping Computer worked with Emisoft to create a free decryptor that any Avaddon victim can use.
Volkswagen says a vendor’s security lapse exposed 3.3 million drivers’ details (TechCrunch) The vendor left the cache of data unsecured on the internet over a two-year window.
Volkswagen America Discloses Data Breach Impacting 3.3 Million (SecurityWeek) Volkswagen Group of America discloses a data breach that exposed customer names, email and mailing addresses, and phone numbers, as well as details about purchased vehicles.
Volkswagen hack: 3 million customers have had their information stolen (CNN) Volkswagen and Audi, VW’s luxury brand, have been hit by a data breach that exposed the contact information and, in some cases, personal details, like driver license numbers, of customers in the United States and Canada.
VW says data breach at vendor impacted 3.3 million people in North America (Reuters) Volkswagen AG’s (VOWG_p.DE) U.S. unit said a data breach at a vendor impacted more than 3.3 million customers and prospective buyers in North America.
Volkswagen discloses data breach impacting 3.3 million Audi drivers (The Record by Recorded Future) Volkswagen America said that a data breach at a third-party vendor it was using for sales and marketing purposes exposed the personal details of more than 3.3 million of its customers, most of which were Audi car owners.
Foodservice supplier Edward Don hit by a ransomware attack (BleepingComputer) Foodservice supplier Edward Don has suffered a ransomware attack that has caused the company to shut down portions of the network to prevent the attack’s spread.
Insecure Services: Spoofing Secure Email Notifications (Avanan) Hackers are spoofing emails meant to notify people about secure files.
Ransomware Attacks and Unmanaged Medical Devices (Securolytics) Ransomware is one of the greatest threats to healthcare organizations everywhere. It’s clear that not having a comprehensive plan to protect against ransomware attacks is a significant risk. We covered IoT Ransomware earlier on the blog, including some of the most common causes.
Dealing with cyber criminals: Some NZ businesses ‘feel they have no choice but to pay’ (RNZ) In its first interview since being hit by a ransomware attack a year ago, Fisher and Paykel Appliances warns other businesses it’s a case of “when, not if” they will be targeted.
The hard truth about ransomware: we aren’t prepared, it’s a battle with new rules, and it hasn’t near reached peak impact. (Medium) I’ve talked about ransomware and extortion attacks on organizations for about a decade. I recently spent a year at Microsoft in Threat…
Unknown Attacker Chains Chrome and Windows Zero-Days (Infosecurity Magazine) Kaspersky has branded the threat actor “PuzzleMaker”
SIP protocol abused to trigger XSS attacks via VoIP call monitoring software (The Daily Swig) SIP devices could become unwitting access points for remote attacks on critical systems
Watch out – that Minecraft mod could be dangerous malware (TechRadar) More malware detected posing as Minecraft mods
Hackers can exploit bugs in Samsung pre-installed apps to spy on users (BleepingComputer) Samsung is working on patching multiple vulnerabilities affecting its mobile devices that could be used for spying or to take full control of the system.
The walls have ears (Grimm) Modern business often relies heavily on the Internet and software resources such as Zoom or Skype to support daily operat…
National Security Agency worries about how smart cars are getting (Federal News Network) Both the energy and food industries have been hit in recent weeks with ransomware. But what about cars and trucks?
Steamship Authority Website Running Again After Ransomware Attack Last Week (CBS Local Boston) The Steamship Authority website is back up and running more than a week after it was knocked offline by a ransomware attack.
Hanging up on scammers: how to protect yourself from phishing phone calls (the Guardian) Most Australians receive an alarming robocall at some point, but experts warn fraudsters are becoming far more sophisticated
Ransomware attack hit Teamsters in 2019 — but they refused to pay (NBC News) The FBI advised the union to “just pay” the ransom, according to sources. Union officials chose to rebuild their computer network instead.
Trends
Security experts discover a 1,500%+ increase in attacks against VPN due to remote work (Nuspire) COMMERCE, MI. (June 14, 2020) – Nuspire, a leading managed security services provider (MSSP), today announced the release of its 2021 Q1 Threat Landscape Report. Sourced from its 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures (TTPs) with additional insight from its threat intelligence partner, Recorded Future. “As…
2021 OpsCompass CSPM Report (OpsCompass) The 2021 OpsCompass State of Cloud Security Posture Management Report surveys what cloud professionals think about CSPM, cloud adoption, and security.
LP: 2021 ForgeRock Consumer Identity Breach Report (ForgeRock) The global pandemic spurred a digital revolution. From purchasing goods and services, to visiting their healthcare providers, to working and learning from home, people doubled the amount of time spent online.
Phishing sites reached all-time high in January 2021 (The Record by Recorded Future) The number of active phishing sites hit a record number earlier this year in January, according to an industry report published this week by the Anti-Phishing Working Group (APWG).
DDoS attacks increase 341% amid pandemic (Help Net Security) Cyber attackers targeted industries resulting in a 341% year-over-year increase in DDoS attacks, according to Nexusguard.
Why some cyber criminals are ditching bitcoin for a cryptocurrency called monero (CNBC) Monero is considered more of a privacy token and allows cyber criminals greater freedom from tracking.
Marketplace
As Ransomware Demands Boom, Insurance Companies Keep Paying Out (Wired) While major carriers like AXA have backed away from covering ransoms, don’t expect the industry at large to break the vicious cycle.
Cyber security training platform Immersive Labs closes $75M Series C led by Insight Partners (TechCrunch) Immersive Labs, a platform which teaches cyber security skills corporate employees by using real, up-to-date threat intelligence in a “gamified” way, has closed a $75 million Series C funding round led by new investors Insight Partners alongside Menlo Ventures, Citi Ventures and existing investor G…
Immersive Labs Raises $75m to Accelerate Data Platform for Analyzing and Unlocking Cyber Skills Across Large Organizations (BusinessWire) Immersive Labs, the company empowering organizations to measure and improve cybersecurity skills across technical and non-technical teams, today annou
Honeywell and Cambridge Quantum form joint venture to build a new full-stack quantum business (TechCrunch) Honeywell, which only recently announced its entry into the quantum computing race, and Cambridge Quantum Computing (CQ), which focuses on building software for quantum computers, today announced that they are combining Honeywell’s Quantum Solutions (HQS) business with Cambridge Quantum in th…
Parsons Acquires Government Cybersecurity Consultant BlackHorse (MSSP Alert) Parsons acquires BlackHorse Solutions, a government cybersecurity consulting firm, for a valuation of 11.5x estimated 2022 adjusted EBITDA,
Arctic Wolf Funding: $4B Valuation for MDR Security Startup? (MSSP Alert) Arctic Wolf funding may involve $4 billion valuation for MDR (managed detection & response) & SOCaaS security startup, report says.
Cyber risk in M&A transactions (Smart Business Dealmakers) Jamil Jaffer and Maj Gen USAF (Ret) Brett Williams, of IronNet-Cybersecurity Inc., talk about the threat cyberattacks pose to M&A.
Mergers & Money: Email Security Proves Popular In Dealmaking And The Market (Crunchbase News) Email security can often get lost in the noise of other sexier offerings in the larger cybersecurity sector. However, that is not the case this quarter, where private equity and even the stock market itself has shown it a lot of love.
Huawei opens largest transparency center (The Manila Times) Huawei opened its largest Global Cyber Security and Privacy Protection Transparency Center in Dongguan, China on June 9.Representatives from GSMA, SUSE and the British Standards…
Kyrgyzstan’s intelligence agencies eyeing cooperation with Kaspersky Lab (TASS) The parties try to find the possibility of signing a framework document on cooperation to ensure coordination and raise the effectiveness of measures to counter cybercrime
Darktrace wins Best Security Company at 2021 SC Europe Awards (Cambridge Independent) The Cambridge company’s technology is used by more than 5,000 organisations.
Morphisec appoints Ajit Pillai as regional director for Asia Pacific (InfotechLead) Morphisec, a supplier of endpoint and server security solutions, appointed Ajit Pillai as Regional Director for Asia Pacific to expand
UNITED STATES : Second Front Systems hires Michael Neumann to fast track public-private integration (Intelligence Online) Dual-use technology specialist Second Front Systems has hired a CIA expert just as the Biden administration aims to ramp up coordination between government agencies and private firms in cyberspace.
Comodo Announces Leadership Changes to Accelerate Growth (Yahoo Finance) Cybersecurity Industry Veterans Join Comodo, Bring Customer First Approach for Continued Growth
Checkmarx names Roman Tuma as CRO (Help Net Security) Checkmarx named Roman Tuma as CRO to oversee Checkmarx’s go-to-market strategy and drive demand for developer-centric AST solutions.
Akamai Technologies Announces Dr. Boaz Gelbord as Chief Security Officer (PR Newswire) Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s most trusted solution for protecting and delivering digital experiences, announces Dr….
Products, Services, and Solutions
Netacea | Netacea creates world’s first bot management open-source framework (RealWire) BLADE provides a standard approach to combatting malicious bot attacks across a broad range of industries
Manchester, UK – 14 June 2021 – Netacea, a bot detection and mitigation specialist, unveiled today the world’s first bot management framework
Infoblox unites hybrid DDI and security to power cloud-first strategies (ITP) Infoblox 3.0 harnesses the industry’s leading DDI and DNS security solutions to enable on-premises, virtual, cloud and hybrid deployments
Telos Corporation Expands Market Reach with the Telos CyberProtect Partner Program (StreetInsider.com) DLT Solutions and Presidio Government Solutions among program’s launch partners
Radware and Fujitsu Partner to Improve Network Availability for Spanish Healthcare Organizations Facing Pandemic Challenges (Yahoo Finance) Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, and Fujitsu today announced an expanded partnership to enable increased traffic capacity for two Spanish healthcare organizations necessitated by the use of remote access during the Covid-19 pandemic. To overcome the operational challenges that these customers faced, Fujitsu implemented Radware’s Alteon® application delivery controller (ADC). Alteon no
Security Checks Drive Consulting Biz for Briteskies (IT Jungle) With high-profile ransomware attacks becoming the norm and calls for a federal cybersecurity department gaining steam, there’s a distinct uneasiness when it comes to the security of corporate computer systems. That uptick in awareness is helping to drive business for Briteskies, the Cleveland, Ohio-based IT consultancy that has made IBM i security a cornerstone of
Fortinet Accelerates Network Operations with FortiMonitor and FortiAIOps (Explica) Fortinet announces two new solutions for accelerate AIOps network operations with FortiMonitor and FortiAIOps.
Kaspersky’s VR simulation game allows executives to work as IT security specialists (Security Brief) Kaspersky has created a VR game where executives can work as information security specialists, giving them a better understanding of cybersecurity.
Technologies, Techniques, and Standards
How code obfuscation helps protect application data (Intertrust Technologies) Code obfuscation secures application data by distracting and confusing attackers. Here’s how it works.
Cybercriminals use synonyms to bypass security filters (Kingstonist News) (Kingston, Ontario) Kingston Police have released details on yet another way cybercriminals are gaining access to your inbox: synonyms.
Ransomware Gangs Say This Makes You a Target (SDxCentral) The FBI and ransomware gangs agree on this one point: If you don’t want to be the next Colonial Pipeline or JBS, use strong passwords.
CIOs should focus on using new tools, ‘not just adopting them’ (Silicon Republic) Kudelski Group’s Jason Hicks discusses what cybersecurity challenges CIOs need to think about to ensure a secure digital transformation.
Cyber attack crisis management for law firms (Today’s Conveyancer) Law firms are unfortunately enticing prospects to cyber criminals, due to the high value transactions involved. A robust disaster recovery and business continuity plan are therefore imperative to safeguard against a cyber attack. Lawyer Checker specialise in risk mitigation for the legal sector and sadly know it is a case of when not if an attack may strike.
Secretary Mayorkas, Mayor Garcetti Visit L.A. Cyber Lab (Homeland Security Today) Yesterday, Secretary of Homeland Security Alejandro N. Mayorkas and Mayor of Los Angeles Eric Garcetti visited the Los Angeles Cyber Lab and received a briefing on its operational capabilities. The Cyber Lab is a prime example of how a public-private partnership can shore up our cyber defenses across every level of government as called for by President Biden.
Design and Innovation
Google abandons experiment to show simplified domain URLs in Chrome (The Record by Recorded Future) Google’s experiment to hide parts of a site’s URL in the Chrome address bar (the Omnibox) has failed and has been removed from the browser earlier this week.
Google seeks to break vicious cycle of online slander (Silicon Valley Business Journal) A circle of slander has been lucrative for the websites and associated middlemen — and devastating for victims. Now Google is trying to break the loop.
These creepy fake humans herald a new age in AI (MIT Technology Review) Need more data for deep learning? Synthetic data companies will make it for you.
Facial Verification Won’t Fight Fraud (Wired) Unemployment fraud is a real problem, and biased software only makes it worse. States need privacy-preserving alternatives.
Research and Development
The race is on for quantum-safe cryptography (The Verge) Breaking the code-breaker.
UAE announces first quantum computer to defend against cyberattacks (Khaleej Times) The UAE is also developing the first PQC software library to safeguard confidential data
What Makes Quantum Computing So Hard to Explain? (Wired) Before we can even begin to talk about these computers’ potential applications, we need to understand the fundamental physics behind them.
Academia
Jeff Moulton leaving LSU for Stephenson Technologies Corporation – Baton Rouge Business Report (Baton Rouge Business Report) Jeff Moulton is resigning as executive director of the Stephenson National Center for Security Research and Training in LSU’s Office of Research and Economic Development, a move that becomes effective July 1. Moulton wants to resign from the organization, which he’s led for seven years, in order to focus more exclusively on his other role …
Legislation, Policy, and Regulation
China’s New Power Play: More Control of Tech Companies’ Troves of Data (Wall Street Journal) Beijing is calling on tech giants to share the huge amounts of personal information they collect—and asserting its authority over data held by U.S. companies operating there as well. The efforts are part of Xi Jinping’s push to rein in the country’s increasingly powerful technology sector and use it to his party’s advantage.
5 Things To Watch At The Biden-Putin Summit (NPR.org) The June 16 Geneva summit between President Biden and Russian President Vladimir Putin is a chance for the two leaders to map out how they will manage a difficult relationship. Here’s what to know.
Putin dismisses criticism of hacking and internal crackdowns ahead of Biden summit (NBC News) In an exclusive interview with NBC News, Putin claimed nearly all condemnations of Russia should apply equally to the U.S. and the West.
Biden to Reassure NATO Allies of US Commitment to Mutual Defense Clause (Voice of America) The North Atlantic Treaty Organization (NATO) is set to discuss revising its strategic concept when its leaders, including U.S. President Joe Biden, gather Monday in Brussels. NATO last updated the document outlining its purpose in 2010. The security threats and challenges it faces have changed since then, according to the organization’s secretary-general, Jens Stoltenberg.
FACT SHEET: G7 to Announce Joint Actions on Forced Labor in Global Supply Chains, Anticorruption, and Ransomware (The White House) The United States is rallying the world’s democracies to deliver for our people, meet the world’s biggest challenges, and demonstrate our shared values
Thai SEC Orders Exchanges to Delist Meme Coins, NFTs and Social Tokens – Decrypt (Decrypt) Pisscoin, CumRocket, Dogecoin—none were funny enough to stop Thailand’s Securities and Exchange Commission from banning meme coins.
What’s Up For (Pointed) Discussion At Biden-Putin Summit (NPR) Cyber espionage, regional aggression, a crackdown on opposition politicians: there’s a long list of provocations President Biden has to discuss when he meets Russian President Vladimir Putin.
US-Russian Contention in Cyberspace: Are Rules of the Road Necessary or Possible? (Russia Matters) In recent years, as news of U.S.-Russian tensions in the cyber domain has dominated headlines, some strategic thinkers have pointed to the need for a bilateral cyber “rules of the road” agreement.
Russia, U.S. and other countries reach new agreement against cyber hacking, even as attacks continue (Washington Post) Russia and the United States — along with 23 other countries — recently reaffirmed that states should not hack each other’s critical infrastructure in peacetime or shelter cyber criminals who conduct attacks on other countries.
The Cybersecurity 202: Russia agrees to cyber rules and violates them at the same time (Washington Post) As President Biden prepares to go toe-to-toe with Vladimir Putin at a summit in Switzerland this week, the United States and its allies are facing a test over whether they will hold Russia accountable for continually violating rules of good behavior in cyberspace.
US, Russia Spar on Cyberattacks Ahead of Biden-Putin Summit (Voice of America) The United States and Russia sparred Sunday about responsibility for debilitating cyberattacks as U.S. President Joe Biden and Russian President Vladimir Putin prepared for their summit in Geneva on Wednesday.
U.S. Secretary of State Antony Blinken told ABC’s “This Week” show, “No responsible country should be in the business of harboring in any way criminal organizations engaged in cyberattacks, including ransomware.”
Blinken said Biden “is going to make that very clear to President Putin.
G7 calls on Russia to crack down on ransomware gangs (The Record by Recorded Future) In light of the recent wave of high-profile ransomware attacks that have caused havoc in the US and Europe, the member states of the G7 group have called on Russia and other countries to crack down on ransomware gangs operating within their borders.
The Sixth GGE and International Law in Cyberspace (Just Security) Top expert analysis of the much-anticipated report that provides consensus views among key States on the application of international law to cyberspace.
Ransomware’s suspected Russian roots point to a long detente between the Kremlin and hackers (Washington Post) The ransomware hackers suspected of targeting Colonial Pipeline and other businesses around the world have a strict set of rules.
Russia expects more active intelligence data exchange with US, says intel chief (TASS) Sergey Naryshkin also point out the fact that Russia’s Foreign Intelligence Service and the CIA have never ceased partnership interaction
Biden-Putin meeting could set stage for new era in arms control (Military Times) The fabric of arms control has been fraying, notably with the abandonment in 2019 — first by Washington, then by Moscow — of the Intermediate-Range Nuclear Forces Treaty.
Pentagon announces $150M in security assistance to Ukraine (TheHill) The United States will allocate another $150 million to Ukraine to help the country bolster its borders against Russia, the Pentagon announced Friday.
Biden sees ‘potential’ progress in Putin’s openness to extraditing cyber criminals (USA TODAY) President Joe Biden sees a chance to improve relations with Russia, including on addressing the cyber crimes linked to Russia-based hackers.
Biden will warn Putin the US will respond ‘forcefully’ if Russia continues its ‘reckless and aggressive actions,’ Blinken says (Business Insider) Tensions between Russia and the US have increased following a wave of cyberattacks that are believed to have originated in Russia.
Lawmakers press Biden to give Putin ultimatum on ransomware gangs (POLITICO) Members of both parties want Biden to use the summit in Geneva to assert a more aggressive approach to Russia-based criminal networks.
Biden Reveals Why He Won’t Hold a Joint Press Conference With Putin (Epoch Times) President Joe Biden revealed on June 13 why he decided to avoid a joint press conference with Russian …
Cyberspace must advance democratic values, not subvert it: PM Modi at G7 Summit (India Today) Prime Minister Narendra Modi on Sunday participated in two sessions on the second day of the G7 Summit- ‘Building Back Together-Open Societies and Economies’ and ‘Building Back Greener: Climate and Nature’.
Italy Sets Up Cybersecurity Agency After Russia Warnings (SecurityWeek) Italy has created a national cybersecurity agency following warnings by Prime Minister Mario Draghi that Europe needed to protect itself from Russian “interference.”
FACT SHEET: NATO Summit: Revitalizing the Transatlantic Alliance (The White House) “The transatlantic alliance is the strong foundation on which our collective security and our shared prosperity are built. The partnership between
NATO leaders to discuss Russian disinformation, China – Merkel (Reuters) Leaders of NATO countries willl discuss topics including the challenges posed by Russia and China at their Brussels summit, German Chancellor Angela Merkel said on Monday, highlighting the need to respond to Moscow’s disinformation campaigns.
UK and US Strengthen Security Cooperation over Emerging Threats (GOV.UK) Prime Minister Boris Johnson and President Joe Biden agreed a number of steps to enhance the world’s strongest bilateral defence and security partnership.
Eighty Years Later, Biden and Johnson Revise the Atlantic Charter for a New Era (New York Times) The original was the work of Churchill and Roosevelt at the dawn of World War II. The new version pledges cooperation against 21st century global challenges and rivalries.
UK promises tougher line on cyber crime (ComputerWeekly.com) Speaking ahead of the G7 Summit, foreign secretary Dominic Raab says the UK is ready to take on cyber criminals and other malicious actors wherever they may be.
Biden Prods UAE to Dump Huawei, Sowing Doubts on Key F-35 Sale (Bloomberg) U.S. still pursuing Trump’s objections to Chinese 5G supplier. Debate continues over conditions for providing fighter jets.
Age of the cyber-attack: US struggles to curb rise of digital destabilization (the Guardian) The ransomware attack that caused long lines for fuel on the east coast was just part of a dramatic change in the scale and nature of foreign-based threats
DOD Leaders Share Their Intelligence Threat Assessments (U.S. DEPARTMENT OF DEFENSE) Defense intelligence leaders addressed the capabilities and gaps of military intelligence during a hearing before the House Armed Services Subcommittee on Intelligence and Special Operations.
Biden’s recent executive order shows the US needs to take cybersecurity more seriously (ZME Science) In May 2021, Colonial Pipeline came under attack. The American oil pipeline from Houston, Texas, suffered a ransomware attack coming from Russian organized crime.
Why the White House is Calling for Web Supply Chain Security (Supply and Demand Chain Executive) The security of the private data of billions of users globally will depend on how quickly and effectively organizations secure their web supply chains.
Cisco Talos: It’s Time to Move Beyond Ransomware ‘Thoughts and Prayers’ (SDxCentral) Cisco Talos Director of Threat Intelligence Matt Olney says we need to move beyond ransomware information sharing, or thoughts and prayers.
Attempted poisoning of Tampa’s water is a signal – we must act (Federal News Network) A cyber attacker attempting to add lethal amounts of lye to the water supply at a treatment plant in Tampa Bay was a warning shot across the bow of our nation’s preparedness.
Water, power systems in US are shockingly vulnerable to cyber attacks (Pennlive) Hackers working for profit and espionage have long threatened American information systems. But in the last six months, they’ve targeted companies running operational networks like the Colonial Pipeline fuel system, with greater persistence. These are the systems where water can be contaminated, a gas line can spring a leak or a substation can explode.
Does congressional grilling of Colonial Pipeline CEO foreshadow additional governmental intervention? (BPR) Over the past few days, members of Congress grilled the CEO of Colonial Pipeline during a hearing regarding last month’s hack that affected 45% of the fuel supply chain in the East Coast of the United States. Part of the questioning focused strictly on the $4.4 million payout that was scored by Russia’s DarkSide Ransomware Gang, the group responsible for the attack.
House lawmakers introduce five bipartisan bills to unwind tech monopolies (The Verge) The bills are the culmination of years of work.
Amid tech war, China’s Huawei unlikely to be out of US’ restricted entities list (ANI News) Beijing [China], June 13 (ANI): The US Innovation and Competition Act that has earmarked USD 54.2 billion towards shoring up America’s competence on a number of technological fronts, has left out China’s Huawei Technologies on a list of restricted entities, banning it from gaining access to US hardware and software.
UK competition regulator gets a say in Google’s plan to remove browser cookies (CNBC) Google will give the U.K.’s Competition and Markets Authority a say in its plans to replace third-party cookies on Chrome.
Glavy nominated as top IT officer for US Marine Corps (FedScoop) If confirmed by the Senate, Maj. Gen. Matthew Glavy will become the next Marine Corps’ equivalent of a uniformed CIO.
Healey Calls for Increased Cyber Security Measures (CapeCod.com) Attorney General Maura Healey has called for business and government leaders to increase measures to ensure cyber security in the public and private sectors. This comes as multiple organiza…
Meet the man in charge of protecting S.C. from a cyber attack (WRDW) A top South Carolina cybersecurity official says the state’s intelligence and information sharing program is “one of the most robust” in the country.
Litigation, Investigation, and Law Enforcement
European Privacy Ruling Could Mean More Scrutiny of Companies (Wall Street Journal) Europe’s top court is set to rule on whether national regulators can reach across borders.
Where Next With Hacking Back Against Cyber Crime? (GovTech) After the recent ransomware attacks against Colonial Pipeline, JBS and others, there are new calls for the U.S. to hack back against cybercrimminals and hold nation-states responsible. So what now?
Ahmadinejad Claims Israel Infiltrated Iranian Intelligence (Iran International) Iran former president Mahmoud Ahmadinejad has claimed that Iran’s intelligence and security agencies have been penetrated by Israeli agents who have sabotaged facilites.
COO Charged in Georgia Hospital Cyber-attack (Infosecurity Magazine) Federal grand jury indicts security startup COO over 2018 attack on Gwinnett Medical Center
Securolytics COO charged in Georgia hospital cyber attack (SearchSecurity) Vikas Singla, COO of Atlanta-based IoT vendor Securolytics, was charged for his alleged role in a 2018 Georgia hospital cyber attack.
Security firm CEO accused of hacking Georgia hospital system for cash, feds say (Miami Herald) The CEO of a network security firm accused of hacking a Georgia hospital’s computer system did it for “his own person gain,” federal authorities say.
Network security firm COO charged with medical center cyberattack (BleepingComputer) The former chief operating officer of Securolytics, a network security company providing services for the health care industry, was charged with allegedly conducting a cyberattack on Georgia-based Gwinnett Medical Center (GMC).
Chief Operating Officer of network security company charged with cyberattack on Gwinnett Medical Center (Department of Justice, US Attorney’s Office for the Northern District of Georgia) Vikas Singla has been arraigned on charges arising out of a cyberattack conducted on Gwinnett Medical Center in 2018. Singla was indicted by a federal grand jury on June 8, 2021.
Hunting Leaks, Trump Officials Focused on Democrats in Congress (New York Times) The Justice Department seized records from Apple for metadata of House Intelligence Committee members, their aides and family members.
Apple says it didn’t know Trump’s DOJ was asking for Democrats’ data when it complied with subpoena (CNBC) Apple on Friday said it didn’t know former President Donald Trump’s Department of Justice was subpoenaed data on Democrats when it complied with the request
In Leak Investigation, Tech Giants Are Caught Between Courts and Customers (New York Times) Apple, under fire for turning over the data of two lawmakers to the Trump Justice Dept., said it did so unknowingly, while Google fought a request for New York Times data because it related to a corporate client.
2 firms fined S$43,000 in total over personal data breaches affecting Mindef, SAF personnel (TODAYonline) The HMI Institute of Health Sciences and ST Logistics have been fined S$35,000 and S$8,000 respectively, after two separate malware incidents in 2019 led to the breach of personal data of thousands of personnel from the Ministry of Defence (Mindef) and the Singapore Armed Forces (SAF).
MPs and civil servants use self-deleting chat for routine communications, government admits (Computing) Politicians and advisors can turn off history when using Google Workspace messaging, threatening transparency and accountability
Canada Privacy Watchdog Slams Police Use of Facial Recognition Tool (SecurityWeek) Federal police broke Canada’s privacy laws by using a US company’s controversial facial recognition software in hundreds of searches.
The FBI’s Anom Stunt Rattles the Encryption Debate (Wired) The agency spent years running a secure phone network for criminals. So much for “going dark.”