Cybersecurity

This roundup of news from the week covers the recent ransomware payments and recoveries, right-wing extremism in police units, environmental activism, apps that cause suspicion and apps that catch criminals, pandemic updates, workplace shooting motivations, currency wars, and a nun who embezzled and gambled it away.

In a diverse six to three decision, the U.S. Supreme Court rejected the U.S. Department of Justice’s (DOJ’s) interpretation of a major computer fraud law in a victory for security researchers.

Hackers gained access to an email marketing service account used by a U.S. State Department agency to carry out a string of attacks on other agencies, think tanks, consultants, and non-governmental organizations (NGO), Microsoft announced Thursday evening.

While it took nearly seven years for the FBI's Internet Crime Complaint Center tally to reach 1 million, the latest million took just 14 months—from mid-March 2020 to mid-May 2021.

U.S. President Joe Biden signed a long-awaited cybersecurity executive order on Wednesday evening, which instructs the federal government to take a host of actions to improve the nation’s security and resiliency.

Colonial Pipeline, responsible for a major portion of the East Coast's fuel supply, shut down its pipelines over the weekend due to a ransomware attack.

A task force recommended a series of actions to mitigate the threat of ransomware, including requiring cryptocurrencies to adopt anti-money laundering regulatory requirements.

Data from the Washington, D.C., police department ransomware attack has leaked online, adding the Metropolitan Police to the ever-growing list of organizations compromised by hijacked data.

In response to the country’s alleged misconduct linked to the SolarWinds hack and attempts to generate confusion in the United States’ election process, the Biden administration levied new sanctions on Russia.   

The personal information—including phone numbers—of Facebook users exploited in a vulnerability originally uncovered and fixed in 2019 is now freely available.

Up to 150,000 security cameras installed in schools, hospitals, factories, and businesses were compromised, giving outsiders access to video from Tesla factories, prisons, psychiatric hospitals, and more.

While security professionals are continuing to address the fallout from the SolarWinds breach, Microsoft announced this week that it had detected several 0-day exploits being used to attack versions of Microsoft Exchange Server.

The world is at a turning point when it comes to artificial intelligence (AI), and the United States is at risk of falling behind, according to a new report from the National Security Commission on Artificial Intelligence (NSCAI).

CISA released its first international strategy on Thursday in a commitment to work with international partners to address risks and threats to critical infrastructure.

The attack on an Oldsmar, Florida, water utility was unsuccessful; however, it chillingly spotlights a potential vulnerability to critical infrastructure in the United States.

Global law enforcement agencies came together to take down one of the most significant botnets in the world: EMOTET, responsible for distributing the EMOTET malware.

The U.S. Cybersecurity and Infrastructure Security Agency issued an alert this week, warning security practitioners of recent cyberattacks against organizations’ cloud services that exploited poor hygiene practices and phishing tactics.

The recently enacted defense authorization bill and other federal and state laws call for research and begin to codify restrictions on deepfake technology; European countries have not addressed the issue directly.

Philadelphia area hunger relief organization Philabundance was the target of a cyberattack that cost the charity group almost $1 million.

Approximately 115,000 students have been affected by the ransomware-triggered shutdown, and there is no clear timeline for schools to reopen.

If enacted, the IoT Cybersecurity Improvement Act would help consolidate security requirements and considerations for Internet of Things (IoT) devices, including secure development, identity management, patching, and configuration management.

U.S. President Donald Trump announced on Twitter Tuesday that he decided to fire Chris Krebs, the director of CISA, which has led the way for federal cybersecurity initiatives, public–private sector information sharing and partnerships, and election security.

Facebook banned new political ads for the week leading up to the 3 November 2020 U.S. elections.

An artificial intelligence enabled bot created deepfake nude images of more than 100,000 women, some of whom seem to be underage, according to a new report from intelligence firm Sensity.

Six Russian intelligence hackers were charged with the NotPetya attack, as well as several other cyber crimes involving the 2017 French election and the 2018 Olympics.

The ban marks a sharp escalation in Facebook’s battle to curb the movement and its conspiracy theories—which have been identified as a potential domestic terror threat by the FBI.

The year 2020 may permanently shift the way individuals use the Internet. Cybersecurity Awareness Month aims to help people—and security practitioners—take control of their cybersecurity to enhance their overall security posture.

City council members in Portland, Oregon, voted unanimously to enact the strictest ban on facial recognition technology in the United States.

One of the largest public school systems in Connecticut was forced to delay its first day of classes after a ransomware attack affected 200 of the city’s 300 servers.

The U.S. Office of Management and Budget (OMB) released a memo that instructs U.S. federal agencies to create and publish coordinated vulnerability disclosure program (VDP) policies.

Facebook and Twitter reported that the FBI warned them that Russia is again targeting Americans with disinformation, attempting to influence the 2020 U.S. presidential election.

U.S. prosecutors charged the former chief security officer of Uber for his alleged role in an attempted cover up of a data breach of the company in 2016.

U.S. President Donald Trump issued executive orders late Thursday night that bar transactions by U.S. persons or that involve property subject to U.S. jurisdiction with the parent companies of WeChat and TikTok.

The European Union issued its first sanctions for cyberattacks on Thursday against Chinese, North Korean, and Russian groups linked to recent major hacking incidents.

The Court of Justice of the European Union struck down a major data sharing agreement between the United States and the European Union, but confusion remains about what measures corporations can use to share data across the Atlantic.

The United States has ordered China to close its Houston, Texas, diplomatic consulate within 72 hours—a move made in response to alleged violations of American sovereignty and “massive illegal spying and influence operations” from China, including intellectual property theft.

Several accounts of high profile Americans were taken over on 15 July, directing followers of billionaires and politicians to send cryptocurrency to a Bitcoin wallet.

A new study from Deloitte gives overview of the state of AI adoption and highlights risk and ethical concerns companies face.

A joint task force of European investigators cracked the EncroChat encrypted messaging platform, unlocking a gold mine of leads on criminal activities and plots.

The race to exploit COVID-19 fears for profit continues as fraudsters are rapidly evolving their methods—now posing as COVID-19 contact tracers to steal personal information.

Symantec sent a notice to its customers Thursday night, alerting them to a series of attacks against U.S. companies by threat actors attempting to deploy WastedLocker ransomware on their networks.

Despite a 400 percent rise in COVID-19-related cyberattacks, Americans remain largely unconcerned about cyber crime, according to a new report.

New reporting finds CIA did not take appropriate insider threat precautions, which enabled the massive data leak to Wikileaks in 2017.

IBM announced it will discontinue its general-purpose facial recognition business and opposes the use of the technology to conduct mass surveillance and racial profiling.

Recent social media activity has experts concerned about the potential for disinformation to color the outcome of upcoming elections, including the 2020 presidential election in the United States.

The COVID-19 pandemic has spurred more discussion about the possibility of online voting, but some security experts and officials are voicing security concerns about the risks.

The first Thursday of May is designated World Password Day, arguably more important than before as several organizations in various countries have workers operating remotely in response to the COVID-19 pandemic.

The U.S. Department of Defense CIO released a list of a list of best practices for cybersecurity and protecting an information network while teleworking.

From phishing to malware to ransomware, COVID-19-related attacks seek to take advantage of vulnerabilities.

Researchers note the limited use of artificial intelligence in the U.S. government, as well as opportunities for enhancement.

The United States linked a Russian military unit to the hacking group known as Sandworm which is said to be responsible for some of the most significant cyberattacks around the globe over the past 10 years.

The U.S. Department of Justice charged Huawei and its subsidiaries with racketeering conspiracy and conspiracy to steal trade secrets in an indictment released late Thursday afternoon.

The breach compromised sensitive personal information on more than 145 million Americans.

A security lapse by an app maker led to the exposure of data from all 6.5 million eligible voters in Israel, including full names, addresses, genders, phone numbers, and identity card numbers.

A vital U.S. government agency tasked with aiding state and local election officials to secure election systems “has not yet completed” plans to secure the 2020 U.S. presidential election less than 10 months away, a watchdog report found.

FBI Director Chris Wray tells Congress that Russia is conducting "information warfare" leading into the 2020 U.S. presidential election.

The State of Convergence report shows slow adoption of a converged security function, but business conditions may speed up the timetable.

On Data Privacy Day, here are a collection of resources for security professionals.

Department of Interior, military, other agencies cite security concerns with Chinese-made drones.

A study from the University of Michigan found that voting machines advertised as a secure alternative are still hackable.

The internationalization of far-right threats and tension between the Persian Gulf countries rank as the top two security risks for companies in 2020, according to a new risk forecast.

The U.S. Office of Personnel Management (OPM) has made strides in increasing its cybersecurity, but more work remains to be done almost five years after the agency suffered one of the largest government data breaches in history.

ASIS Foundation study researches the degree to which physical security, cybersecurity, and business continuity have converged into a single department.

Despite writing and releasing the text of a bill, bipartisan work on a federal online privacy law is expected to continue well into 2020.

U.S. intelligence officials confirmed that Russia has been spreading a disinformation campaign about Ukrainian efforts to interfere in the 2016 U.S. presidential election.

U.S. federal officials say that foreign governments are trying to steal ideas, proprietary information, and research from American universities.

A group of U.S. federal agencies released a joint statement Tuesday pledging to work with states and localities to protect the 2020 election.

U.S. superiority in artificial intelligence is endangered, according to a new report from the National Security Commission on Artificial Intelligence.

U.S. Representatives Matt Gaetz and Steve Scalise led a group of lawmakers into a closed hearing on Capitol Hill on Wednesday in a major breach of protocol and security.

As part of National Cybersecurity Awareness month, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and the National Cyber Security Alliance (NCSA)—launched the “Own IT. Secure IT. Protect IT.” campaign.

A new study says employees are to blame for as many as half of all data breaches.

Australian, British, and U.S. officials asked Facebook not to fully encrypt its messaging services to provide greater access to data for law enforcement.