Cyber Attacks, Threats, and Vulnerabilities
GoldenSpy Chapter 4: GoldenHelper Malware Embedded in Official Golden Tax Software (Trustwave) Directly preceding GoldenSpy, another malware family was used to covertly access the networks of companies doing business in China. This is the story of GoldenHelper.
Chinese banks require clients to use tax programs laced with backdoors, report says (CyberScoop) A Chinese bank required a company to use a tax software for local tax purposes, but the software quietly deployed a backdoor, Trustwave researchers say.
ESET uncovers chat app malware spying and stealing user's data (Security Brief) The Welcome Chat espionage app belongs to a known Android malware family and shares infrastructure with a previously documented espionage campaign named BadPatch, which also targeted the Middle East.
Welcome Chat as a secure messaging app? Nothing could be further from the truth (WeLiveSecurity) ESET research uncovers a malicious operation that spies on Android users via Welcome Chat, an app posing as a secure chat service available in Google Play.
Link for TikTok being shared on WhatsApp is actually malware; Maharashtra cyber cell issues advisory (The Financial Express) The warning is significant since the Indian TikTok users have been wanting to return to the platform after the app was banned in India by the Centre last month.
Cybercriminals send ransomware to users of out-of-date web browser in APAC (Philippine Information Agency) Outdated or illegitimate software is like open doors for malicious users. The recent discovery by Kaspersky proves this once again. The global cybersecurity company on July 6 unveils a sustained campaign targeting users of Internet Explorer in the Asia Pacific...
New AgeLocker Ransomware uses Googler's utility to encrypt files (BleepingComputer) A new and targeted ransomware named AgeLocker utilizes the 'Age' encryption tool created by a Google employee to encrypt victim's files.
Ransomware, then and now: The change in data theft behavior (Help Net Security) Matt Lock from Varonis takes a look at ransomware then and now, and how threats evolved over the years. Is your organization secure?
New Mirai Variant Targets Vulnerability in Comtrend Routers (SecurityWeek) A newly identified version of the Mirai Internet of Things (IoT) botnet includes an exploit for a vulnerability impacting Comtrend routers
This botnet has surged back into action spreading a new ransomware campaign via phishing emails (ZDNet) There's been a big jump in Phorpiex botnet activity - but it's a trojan malware attack that was the most common malware campaign in June.
Internet Explorer CVE-2019–1367 In the wild Exploitation — prelude (Medium) CVE-2019–1367 background and in-the-wild exploitations
Phone of top Catalan politician 'targeted by government-grade spyware' (the Guardian) Exclusive: Guardian and El País find regional speaker was targeted in ‘possible domestic political espionage’
A hacker is selling details of 142 million MGM hotel guests on the dark web (ZDNet) EXCLUSIVE: The MGM Resorts 2019 data breach is much larger than initially reported.
LiveAuctioneers reports data breach after user records sold online (BleepingComputer) LiveAuctioneers has disclosed a data breach after a well-known data breach broker began selling 3.4 million stolen user records on a hacker forum.
Researchers Say This Router Is Open to Outside Attack by Hackers (Motherboard) Researchers working for a cybersecurity firm found several vulnerabilities within a common router. They shared their findings to the router’s manufacturer six months ago and have yet to hear back.
Blox Tales: Amazon Vishing (Voice Phishing) Attack (Armorblox) Each Blox Tale will take a look at a targeted email attack, outline why it made its way into an inbox, and highlight how Armorblox was able to detect the attack. In this blog, we’ll focus on a vishing (voice phishing) attempt where attackers sent an email resembling an Amazon delivery order.
Blox Tales: Amazon Credential Phishing (Armorblox) Each Blox Tale will take a look at a targeted email attack, outline why it made its way into an inbox, and highlight how Armorblox was able to detect the attack. In this blog, we’ll focus on a credential phishing attempt where attackers sent an email resembling an Amazon delivery order failure.
Westpac customers targeted in email phishing scam (9News) Two phishing scams which ask people to verify their online banking accounts are targeting Westpac customers.
Breached Data Indexer ‘Data Viper’ Hacked (KrebsOnSecurity) Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches…
Breach database company DataViper allegedly hacked with billions of records offered for sale (SiliconANGLE) Breach database company DataViper allegedly hacked with billions of records offered for sale - SiliconANGLE
Over 1,300 phishing kits for sale on hacker forum (BleepingComputer) A member of a hacker forum is looking to make over $30,000 from selling a huge collection of more than 1,300 phishing kits.
Hardware Attack Exposes nRF52 Debugger (InfoQ) A hardware bypass enables attackers to restore full debug capabilities in the nRF52 radio chipset, used in many consumer and medical devices. Fault injection re-enables debugging in a way that attacks the silicon, unpatchable in software.
Belfast trust apologise for 'data breach' after sending confidential report about vulnerable pensioner to wrong family (The Irish News) NORTHERN Ireland's biggest health trust has apologised for a
Chinese firm''s smartwatch tracker for the elderly at hacking risk (https://www.outlookindia.com/) Security researchers have disclosed a set of serious security flaws in a smartwatch tracker by Chinese developer 3G Electronics for the elderly and the vulnerable, especially those with dementia or other cognitive impairments.
Recon vulnerability puts thousands of SAP customers at risk (ComputerWeekly) Users of multiple SAP products including S4/HANA should apply the security update as soon as possible to protect their systems
Critical Vulnerability in SAP NetWeaver AS Java (CISA) On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications.
Vulnerability Summary for the Week of July 6, 2020 (CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Social engineering: The human component of cyberattacks (ITProPortal) Why the human in cyberattacks is the most dangerous component.
County network operations disrupted after "sophisticated" cyber attack (CBS46 News Atlanta) Barrow County officials are working to determine the impact of a computer system hack throughout the counties’ computer network.
Security Patches, Mitigations, and Software Updates
SAP patches critical flaw that lets hackers seize control of servers (IT PRO) The rare 10/10 vulnerability on the CVSS scale affects a host of apps including ERP and CRM platforms
It's Patch Tuesday; make sure you pause Windows Updates (Computerworld) Every month we see the same pattern: Microsoft releases a ton of patches, some of them go kablooey, the Chicken Littles cry that you need patch everything right now -- and there are no immediate security problems. Break the habit. Protect your PC. Pause Windows Update.
Google Meet adds zoombombing protection for education customers (ZDNet) Google will block anonymous users from joining Google Meet video conferences organized by G Suite for Education customers.
Asus Zenfone 6 model ZS630KL bags new software update with July Security Patch (GoAndroid) Asus releases a limited number of smartphone models when compared to other major OEMs worldwide. The company launched their latest smartphone Asus 6Z back
Samsung Galaxy S9 and S9+ gets July 2020 security patch (BGR India) Samsung - Check out the latest Samsung Galaxy S9 news, including a new system update that brings the July security patch. Explore at BGR.in
Cyber Trends
Data Health Check 2020 | The results (Databarracks) The Data Health Check is a snapshot of the world of IT, Cyber Security and Resilience.
Foresight review of cyber security for the Industrial IoT (Riviera) Enabling safer more resilient infrastructures
Majority of UAE firms fall victim to public cloud cybersecurity incidents: Sophos (TahawulTech.com) A global survey from next-generation cybersecurity leader Sophos, 75% of organisations from the UAE experienced a public cloud security incident in the last year.
Australian enterprises facing more cyber attacks (ComputerWeekly) The volume of cyber attacks in Australia jumped from 90% in October 2019 and 81% in February 2019, underscoring the worsening threat landscape in the country
Attack volumes, breach levels and security investment all rise in Australia (Security Brief) 94% of 250 high-level executives around Australia surveyed in a report released today from VMware have noticed a surge in attack volume, which has, in turn, prompted increased investment in cyber-defence.
RSA finds two-thirds of phishing attacks directed at Canada (SearchSecurity) RSA Security released its quarterly fraud report for the first quarter of 2020, which found that 66% of phishing attacks were directed at Canada, while 60% of those attacks were hosted on U.S. ISPs and cloud providers.
US Faces Far More Cyberattacks than Any Other Country: Report (Mobile ID World) Specops Software has released a new report that reveals that the United States is the most frequent victim of major cyberattacks
OneLogin Report: Security and the State of the 2020 Elections (Yahoo) Online voting is likely to shape future election cycles, according to a new study from OneLogin, a global leader in identity and access management. Nearly 3 out of 5 respondents (59%) expect online voting will become a reality within five years. Though various demographics differ in their opinions about
Marketplace
Traceable Launches with $20 Million Series A to Secure Cloud-Native Applications using AI and Distributed Tracing (PR Newswire) Traceable, the world's first end-to-end application security monitoring platform, launched from stealth today with $20M in series A funding...
Brazil’s cybersecurity startup Kryptus closes US$3.7M to scale (Contxto) Kryptus has developed cybersecurity solutions both for civil and military markets. The startup will use the funding to scale outside of its native Brazil.
QinetiQ acquires Naimuri for £25m; says profit hurt by lockdowns (Stock Market Wire) QinetiQ acquires Naimuri for £25m; says profit hurt by lockdowns
QinetiQ Signs "Profound And Positive" Security Deal With US Government (MorningstarUK) QinetiQ Group PLC said Monday it has signed an agreement with the US Defense ...
Devo Awarded $9.5M U.S. Air Force Contract for Next-Generation SIEM Technology (GlobeNewswire) Will serve as central security hub for protection, detection and response across the U.S. Air Force worldwide for enterprise defense
Lord Browne quits as Huawei UK chairman as government ban looms (Sky News) The former BP chief will step down six months early as Huawei faces a government ban, Sky News learns.
Zooming In On Cyber Governance: Top Ten Actions For Boards And Execs (Forbes) A look at the issues Zoom has struggled with in a short 90-day period provides an excellent case study for directors and boards on digital oversight and offers lessons on how to avoid similar pitfalls.
The Misguided Search for Cybersecurity’s Purple Unicorn (Governing) In looking for a new chief information security officer, it's tempting to generate a long list of professional qualifications. But these days, technical expertise isn't what the job is really about.
Overworked and burnt out? Cybersecurity pros under more pressure (TechHQ) CIISec Survey shines a light on issues of workload, stress and diversity amongst IT security professionals 82% of survey respondents say security budgets
Inside America’s Secretive $2 Billion Research Hub Collecting Fingerprints From Facebook, Hacking Smartwatches And Fighting Covid-19 (Forbes) Mitre Corp runs some of the U.S. government's most hush-hush science and tech labs. The cloak-and-dagger R&D shop might just be the most important organization you've never heard of.
TikTok Banned By More U.S. Organizations (Media Post) The DNC, RNC and financial giant Wells Fargo have instructed personnel to stay off TikTok.
Wells Fargo told employees to delete TikTok from work phones (TheHill) Wells Fargo has ordered a group of employees to delete TikTok from their work phones over concerns about the Chinese-owned app's practices when it comes to privacy and security.
DNC issues fresh warning on TikTok, citing data security risks (CyberScoop) The DNC on Friday reiterated a warning to Democratic campaigns, state parties and committees about the security risks of using the video-sharing app TikTok.
Google offers data pledge in bid to win EU okay for Fitbit buy (Reuters) Alphabet Inc's Google has offered not to use health data of fitness tracker company Fitbit to help it target ads in an attempt to address EU antitrust concerns about its proposed $2.1 billion acquisition, the U.S. tech company said late on Monday.
Twitch unbans Trump after two-week suspension for "hateful conduct" (The Verge) Trump was banned in June.
Disinformation Expert and Former CIA Officer Cindy Otis Joins Alethea Group as Vice President of Analysis (The Alethea Group) Alethea Group welcomes Cindy Otis to its leadership team as Vice President of Analysis.
Products, Services, and Solutions
XM Cyber Now Integrated with Microsoft Defender Advanced Threat Protection (ATP) (PR Newswire) XM Cyber, the multi-award-winning leader in breach and attack simulation (BAS) advanced cyber risk analytics and cloud security posture...
Code42 Partners with Cybrary to Educate Security Practitioners about Insider Risks to Data (BusinessWire) Code42 partnered with Cybrary to invest in educating security practitioners on insider threats, which accounts for two-thirds of breaches to data.
Cygilant and LogPoint Partner to Bring Mid-Sized Companies Comprehensive Threat Monitoring and Analysis Capabilities (Cygilant) Cygilant, provider of Cybersecurity-as-a-Service to mid-sized organizations, today announced that it has partnered with LogPoint, the Modern SIEM, and UEBA company.
Leading Indonesian Telco Selects ForgeRock to Modernize Its Identity Infrastructure (GlobeNewswire) XL Axiata undertakes robust digital transformation initiative to streamline customer-facing systems for 55 million subscribers
ESET to Redefine Cysbersecurity Approach (Enterprise Security) ESET is all set to launch their new premium service Health Check, a cybersecurity checkup suite.
Attack Worries Increase as Pandemic Continues (K2io) A new Deloitte survey of executives decision makers found that 69% of these executives expect the number and size of cyber events targeting their organizations to increase in the coming year
Avosec's new security operations centre ensures users have 360-degree cyber security protection (Virtual-Strategy Magazine) London, UK – July 14, 2020 – COVID-19 has brought change to every aspect of life. Businesses are closed, staff are working remotely, and the global economy has slowed significantly. While many
iPhone Hackers Grayshift Sell 'Mobile' GrayKey (Motherboard) Emails and procurement records point to a "mobile" version of the GrayKey.
VPN service lets users pay what they want amid global recession (Atlas VPN) Atlas VPN, a trusted cybersecurity product, already recognized by large media outlets globally, introduces the Pay-What-You-Want feature on July 14 of 202…
Gemini Becomes First Crypto Exchange to Support Hardware Security Keys on Mobile App (Gemini) Gemini customers can now use USB and NFC security keys to securely sign into the Gemini Mobile App.
Digital Defense, Inc. Introduces Frontline Threat Landscape™ (PRWeb) Digital Defense, Inc. today announced the release of Frontline Threat Landscape™, a unique feature within the company’s vulnerability management technology that...
Claroty Researchers Introduce Open-Source Tool for Parsing AccessDB Files (Claroty) The Claroty Research Team is excited to share AccessDB Parser, a new, purpose-built tool we developed to support activities such as testing, automation, fuzzing, and reverse-engineering research, among others.
ContactPath by Watkyn Launches to Reduce the Spread of COVID-19 (WFMZ.com) Watkyn(TM), a team of leading authorities on cloud database application development, today announced the launch of ContactPath(TM). The first of its kind anywhere
Thycotic Secures Privileged Credentials in Kubernetes with Expanded Integration (PR Newswire) Thycotic, a provider of Privileged Access Management (PAM) solutions to more than 10,000 organizations, including 25 of the Fortune 100, today...
Vectra Expands Intelligent Response Capabilities (PR Newswire) Vectra AI, a leader in network threat detection and response (NDR), today announced expanded response capabilities for its flagship product,...
Gartner named IBM a Magic Quadrant Leader (IBM) Gartner named IBM a Leader in the latest Gartner Magic Quadrant for Security Information and Event Management (SIEM). In the report, Gartner placed IBM furthest to the right for "Completeness of Vision."
Technologies, Techniques, and Standards
Backup, security join forces for ransomware protection (SearchDataBackup) Backup vendors are partnering with security vendors to prevent ransomware from accessing backup systems and compromising that last line of defense. Vendors such as Arcserve, Acronis and Druva said it takes both backup and security to defend against cyberthreats.
Valimail Research Finds More Than 1 Million Domains Using Crucial Email Authentication Standard (PR Newswire) Valimail, the leading provider of zero-trust identity-based anti-phishing solutions, today released findings from its Email Fraud Landscape:...
Seven Data Security Tips to Follow When Terminating Remote Employees Who Have Access to Sensitive Data (Chiang Rai Times) Working remotely or from home office has become the norm for many people due to the Covid-19 pandemic. These professionals, however, need to take extra care with online security. IT department’s at large companies often take serious steps to prevent leakage of corporate information. However small businesses and professionals alike need to take precautions when […]
How To Develop Playbooks For Cybersecurity (Forbes) There are a lot of working parts that create and sustain a delicate environment. Multiple departments keep the entire system working like clockwork. Just like in nature, when an object is introduced to the ecosystem. Stopping threats at the gates is crucial to keeping an ecosystem alive and well.
“Invisible Force” graphic novel shows the possible future of cyber warfare (Military Times) A new graphic novel, presented by the Army Cyber Security Institute, uses research to predict ways future cyber attacks.
Invisible Force: Information Warfare and the Future of Conflict (US Army Cyber Institute at West Point) The global adoption of powerful network technologies is creating effects on human cognition which are continuing to challenge, if not erode entirely, the ways in which democratic societies govern and defend their people.
Disinformation defences (Biz Community) Forensic cybersecurity is a business imperative for content producers says Howard Plaatjes, CEO of AYO Technology Solutions, who notes the potential for 'deepfakes' to be used to suit a myriad of specific agendas, but that crypto identifiers will avert and build reader trust...
How Active Measures Shines Light on Disinformation (The Cipher Brief) Cipher Brief Expert and former Deputy Director of NSA Rick Ledgett reviews the new book Active Measures by Thomas Rid on Disinformation
Researchers Deploy Decryptor For ThiefQuest Ransomware (Latest Hacking News) Decryptor for ThiefQuest or EvilQuest Mac ransomware is now available. Though, further analysis shows the ransomware is more of a data stealer.
Maturing approach as cyber-threat intelligence pays dividends (ITProPortal) In the battle to protect businesses from relentless attempts at theft and disruption by cybercriminals, knowledge is power.
Webcast: What About Ransomware? (Black Hills Information Security) This is a joint webcast between Black Hills Information Security and the Wild West Hackin’ Fest conference. We hate ransomware. Like a lot. This is because we feel this is the future of cyber attacks. If you look at the recent cases and the newish versions that involve extortion, there is nothing to like. Well, […]
Legislation, Policy, and Regulation
Citing National Security, India Bans Dozens of Chinese Apps in Wake of Border Skirmishes (CPO Magazine) Indian government has cited national security as the reason for banning 59 Chinese apps, including popular apps such as TikTok, UC Browser and Clash of Kings.
'It could unravel very quickly' - Beijing's security law is testing Hong Kong's famed resilience (The Global Legal Post) International law firms are likely to stick by Hong Kong despite rule of law concerns - at least for now
EU to Respond to China’s Hong Kong Moves (Wall Street Journal) The European Union and member states will take coordinated action to respond to China’s tightening grip on Hong Kong, including looking at export bans for sensitive technologies, widening visa possibilities for the island’s citizens and reconsidering extradition arrangements.
U.S. Weighs Limited Options to Punish China Over Hong Kong (Wall Street Journal) As U.S. officials consider punishing China over its recent security law in Hong Kong, the city’s status as a global financial center limits the menu of effective levers available to Washington.
Europe divided on Huawei as US pressure to drop company grows (the Guardian) US national security adviser to urge European counterparts to bar Chinese firm from 5G networks
UK will place priority on national security in Huawei decision, minister says (Reuters) Britain will place a "huge priority" on national security when considering Chinese telecoms firm Huawei's role in the country's 5G network, justice minister Robert Buckland said on Monday.
Government could ask mobile carriers not to add any new Huawei equipment to 5G networks from January (Computing) The culture secretary is expected to make a statement on the matter in the House of Commons today
Boris Johnson to bow to rebels' demand for Huawei 5G network ban next year (The Telegraph) PM had faced major Commons defeat after being given ultimatum over Chinese telecoms firm by 60 Tory rebels
U.K. Makes U-Turn on Huawei After U.S. Pressure (Wall Street Journal) The British government said it would bar telecom companies from purchasing new equipment made by China’s Huawei and gave them until 2027 to remove its technology from their 5G networks, a sharp about-face that marks a significant victory for the U.S.
The Cybersecurity 202: U.K. is set to bar Huawei in a major U.S. victory (Washington Post) The United Kingdom is expected to today announce plans to bar Huawei from its 5G telecom networks, marking a major victory for the Trump administration in its years-long war to rein in the Chinese firm.
Removing Huawei Equipment To Take Five Years (Silicon UK) Executives from Vodafone and BT give MPs a blunt assessment of the time needed and the cost to remove Huawei equipment
'It puts Britain in the digital slow lane' - Huawei hits back as Gov bans its tech (CRN) Huawei says the UK risks being bumped to the "digital slow lane" after the government announced it would ban the vendor's tech in the 5G rollout.
Under the new...
Britain Fears Chinese Government Retaliation Over Huawei, 5G Network (Voice of America) Fears are mounting in Britain about possible Chinese government retaliation in the wake of an expected announcement Tuesday blocking Chinese tech giant Huawei from playing any role in the development of Britain’s next generation 5G phone network.
'Cyber-9/11': UK ministers warn of China launching online attack against Britain (WION) Amid the escalating tensions between Beijing and London, UK ministers fear that China is planning a serious cyber-attack targetting Britain, dubbed as "cyber 9/11".
Security heads warn that these state-sponsored attacks, in a worst-case scenario could bring down computer networks, causing phone and power blackouts and choking businesses, government, and hospitals, reports Mail Online.
China to Impose Retaliatory Sanctions on GOP Senators Over Xinjiang Penalties (Wall Street Journal) China’s Foreign Ministry said it planned to impose corresponding sanctions on several senior GOP figures in retaliation for sanctions the Trump administration imposed last week on senior Chinese officials accused of carrying out human-rights abuses in the Xinjiang region.
US declares 'most' of China's maritime claims in South China Sea illegal (CNN) US Secretary of State Mike Pompeo on Monday announced a formal rejection of "most" of China's maritime claims in the South China Sea, the latest in the escalation between Washington and Beijing.
Deadline looms for contractors to ditch banned Chinese equipment (FCW) A broad federal prohibition on contractors that use gear from a host of Chinese tech makers goes into effect in mid-August.
Why military agencies must establish cybersecurity readiness now through Comply-to-Connect (C4ISRNET) Katherine Gronberg argues readiness means forces can instantaneously know whether and how malicious cyber activity may have deceived, or even destroyed, systems
To Secure the Election: Tame the Russian Bear in Cyberspace (Council on Foreign Relations) As the U.S. presidential election approaches, U.S. Cyber Command will have to consider tougher measures to impose costs that change Russia's behavior in cyberspace.
Trump taking responsibility for Russia cyber attack could backfire (New Statesman Tech) President Trump has laid claim to a 2018 cyber attack on Russia’s Internet Research Agency (IRA) – framing it as evidence that he’s responded to Russia’s provocations in an interview...
Our cybersecurity isn't just under attack from foreign states. There are holes in the government's approach (The Conversation) Legislation expected to be put to Parliament later this year may very well fall short due to COVID-19's budget impacts. But until we strengthen our cyber defences, we're all at risk.
House Republican introduces legislation to strengthen federal cybersecurity (TheHill) Rep. John Katko (R-N.Y.) on Monday introduced three pieces of legislation designed to improve cybersecurity at the national level, particularly within the Department of Homeland Security (DHS).
DoD gets new top uniformed cyber adviser (C4ISRNET) The Pentagon has named a new senior military adviser for cyber policy to the undersecretary of defense for policy as well as the deputy principal cyber adviser to the defense secretary.
Michael Kratsios, White House CTO, named to top Pentagon tech job (Defense News) Kratsios comes from a Silicon Valley background.
Litigation, Investigation, and Law Enforcement
Israel Court Rejects Amnesty Petition Against Spyware Firm NSO (SecurityWeek) An Israeli court Monday rejected a bid by rights group Amnesty International to revoke the export license of spyware firm NSO Group over hacking allegations
Court rejects bid to revoke notorious spyware firm NSO Group’s export licence (Amnesty International) An Israeli court has rejected an attempt which sought to force Israel’s Ministry of Defence to revoke the security export license of notorius spyware company NSO Group.
FireEye Mandiant Forensic Report Deemed Not Privileged, Judge Rules (MSSP Alert) The Judge’s opinion in this case underscores the importance of establishing engagements with incident response providers, such as forensic investigators, with careful consideration towards establishing and protecting appropriate privileges.
Paytm Criticises Telecom Giants For Inaction In Handling Phishing (Inc42 Media) Digital payments giant Paytm has criticised telecom companies and the Telecom Regulatory Authority of India (TRAI) for their inaction in handling rising phishing cases in India.
CFAA will harm security researchers, EFF tells SCOTUS (SC Media) The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court to rein in the scope of the Computer Fraud and Abuse Act (CFAA) by holding that
Plaintiff gets mixed results in data breach case (Chicago Daily Law Bulletin) In a data breach case where Noreen Perdue sued Hy–Vee Inc. on behalf of a class of Illinois residents whose payment cards were hacked when they used point-of-sale devices at Hy–Vee’s gas pumps, coffee shops and restaurants, U.S. District Judge Michael M. Mihm concluded that the Moorman doctrine knocked out Perdue’s negligence claim — because her damages were economic losses. But she alleged valid claims based on an implied contract and the Illinois Consumer Fraud and Deceptive Business Practices Act. Perdue v. Hy–Vee, No. 19-1330 (April 20, 2020).