Link Search Menu Expand Document
BSafes Library

Policy and Law

March 6, 2025

U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations Full Text

Abstract The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally.

The Hacker News

February 19, 2025

Estonian Duo Plead Guilty to $577m Crypto Ponzi Scheme Full Text

Abstract Two Estonian nationals are facing up to 20 years behind bars after pleading guilty to running a huge cryptocurrency fraud scheme that netted hundreds of millions of dollars.

Infosecurity Magazine

February 8, 2025

Robocallers Posing as FCC Fraud Prevention Team Call FCC Staff Full Text

Abstract The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules.

Bleeping Computer

February 6, 2025

Canadian Charged With Stealing $65 Million Using DeFi Crypto Exploits Full Text

Abstract The 22-year-old Canadian national allegedly exploited flaws in the automated smart contracts used by the KyberSwap and Indexed Finance decentralized exchange aggregators and operators of digital token liquidity pools on the Ethereum network.

Bleeping Computer

February 6, 2025

California Man Steals $50 Million Using Fake Investment Sites, Gets Seven Years Full Text

Abstract A 59-year-old man from Irvine, California, was sentenced to 87 months in prison for his involvement in an investor fraud ring that stole $50 million between 2012 and October 2020.

Bleeping Computer

January 20, 2025

FCC Enacts Rule Requiring Telecom Operators To Secure Networks Full Text

Abstract The declaratory ruling, which took effect immediately, clarifies that telecom operators are legally obligated to secure networks under Section 105 of the Communications Assistance for Law Enforcement Act.

Cybersecurity Dive

January 8, 2025

Pig Butchering Victim Sues Banks for Allowing Scammers To Open Accounts Full Text

Abstract A California man has sued three banks for alleged “willful blindness” in allowing criminals to open accounts used to steal nearly $1 million from him in a cryptocurrency investment scam.

The Record

January 7, 2025

US Sanctions Prominent Chinese Cyber Company for Role in Flax Typhoon Attacks Full Text

Abstract The Treasury Department said Integrity Technology provided Flax Typhoon actors with infrastructure between the summer of 2022 and fall of 2023 — with the state-backed groups sharing and receiving information from the company.

The Record

January 7, 2025

India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements Full Text

Abstract "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released Sunday.

The Hacker News

December 12, 2024

US Sanctions Chinese Cyber Firm for Compromising ‘Thousands’ of Firewalls in 2020 Full Text

Abstract Sichuan Silence Information Technology Company and one of its employees, Guan Tianfeng, were the targets of the sanctions, and the Justice Department indicted Guan for his role in the attacks.

The Record

December 3, 2024

Russia Sentences Hydra Dark Web Market Leader to Life in Prison Full Text

Abstract Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. Additionally, more than a dozen accomplices have also been convicted.

Bleeping Computer

November 28, 2024

Geico, Travelers Fined $11.3M for Lax Data Security Full Text

Abstract The two auto insurance companies will pay a hefty penalty for what the State of New York says was inadequate security that allowed hackers to compromise the personal data of more than 12,000 state residents.

Dark Reading

November 26, 2024

DeliveryHero Subsidiary Fined $5.2 Million for Tracking Drivers’ Geolocation Full Text

Abstract Italy’s data privacy regulator on Friday announced that it has levied a €5 million ($5.2 million) fine against an Italian GPS-based food delivery service for tracking the geolocation of its drivers, including outside of working hours.

The Record

November 7, 2024

Germany Drafts Law to Protect Researchers Who Find Security Flaws Full Text

Abstract The Federal Ministry of Justice in Germany is working on a law to protect security researchers who discover and report vulnerabilities to vendors, preventing them from facing criminal charges.

Bleeping Computer

November 7, 2024

Nigerian Man Sentenced to Over 26 Years in Real Estate Phishing Scams Full Text

Abstract Nigerian Kolade Ojelade, a resident of the UK, has been sentenced to 26 years in a US prison for conducting phishing scams. He used a "man-in-the-middle" email phishing and spoofing attack to compromise the email accounts of real estate businesses.

Security Affair

October 29, 2024

Four REvil Members Sentenced to More Than Four Years in Prison Full Text

Abstract Artem Zayets and Alexey Malozemov received four-and-a-half and five years, respectively, while Daniil Puzyrevsky and Ruslan Khansvyarov got five-and-a-half and six years in prison each.

The Record

October 17, 2024

Russia’s Case Against REvil Hackers Proceeds as Government Recommends 6.5-Year Sentences Full Text

Abstract The Russian military prosecutor's office is seeking prison terms of up to 6.5 years for four individuals associated with the REvil hacking group, known for ransomware attacks. The group was disbanded in 2021, leading to the arrest of 14 suspects.

The Record

October 17, 2024

US Charges Two Sudanese Nationals With Running ‘Anonymous Sudan’ Hacking Group Full Text

Abstract Two brothers Ahmed Salah Yousif Omer and Alaa Salah Yusuuf Omer were charged with running the hacking group Anonymous Sudan, responsible for launching 35,000 DDoS attacks worldwide, targeting governments, hospitals, and critical infrastructure.

NextGov

September 23, 2024

US DoJ Charged Two Men With Stealing and Laundering $230 Million Worth of Cryptocurrency Full Text

Abstract Two suspects, Malone Lam and Jeandiel Serrano, were arrested by the US Department of Justice for stealing and laundering over $230 million worth of cryptocurrency in Miami.

Security Affairs

September 17, 2024

US Hits Intellexa Spyware Maker With More Sanctions Full Text

Abstract The US has imposed further sanctions on Intellexa, the maker of the Predator spyware, targeting individuals and entities associated with the company due to its opaque corporate structure designed to evade accountability.

The Record

September 11, 2024

DoJ Distributes $18.5 Million to Western Union Fraud Victims Full Text

Abstract The U.S. Department of Justice has distributed $18. 5m to about 3000 victims of fraud facilitated by Western Union. This is part of the second phase of the Western Union Remission program, which aims to fully compensate victims.

Infosecurity Magazine

September 4, 2024

Dutch Privacy Watchdog Fines Clearview AI $34 Million for ‘Illegal’ Database of Faces Full Text

Abstract The Dutch Data Protection Authority (Dutch DPA) fined Clearview AI $34 million for the illegal creation of a facial image database. If Clearview AI does not comply, an additional fine of up to $5.5 million will be imposed.

The Record

September 4, 2024

Complying with PCI DSS Requirements by 2025 Full Text

Abstract The latest version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS) has introduced key changes to address the evolving digital landscape. While some requirements are already in effect, others will come into play by April 2025.

Help Net Security

August 5, 2024

US Sues TikTok for Violating Children Privacy Protection Laws Full Text

Abstract The lawsuit alleges that TikTok collected personal information from children under 13 without parental consent, failed to delete children-created accounts, and misled parents about data collection.

Bleeping Computer

August 2, 2024

CrowdStrike Investors File Class Action Suit Following Global IT Outage Full Text

Abstract The Plymouth County Retirement Association claims the company misrepresented the effectiveness of its software platform and quality control procedures. The lawsuit alleges that CrowdStrike did not adequately test its software.

Cybersecurity Dive

August 1, 2024

US Senate Passes Landmark Bill Protecting Children’s Online Safety and Privacy Full Text

Abstract The Kids Online Safety and Privacy Act (KOPSA) combines two bills to enhance protections for children under 17, prohibiting targeted advertising, requiring consent for data collection, and limiting exposure to harmful content.

The Record

July 26, 2024

Software Maker MCG Health Settles Data Breach Suit for $8.8M Full Text

Abstract MCG Health has agreed to a settlement of $8.8 million for a data breach lawsuit following a hacking incident in 2020. The lawsuit alleges that it took MCG Health two years to discover and report the data theft affecting around 1.1 million people.

Bank Infosecurity

July 22, 2024

Russian Nationals Plead Guilty to Participating in the LockBit Ransomware Group Full Text

Abstract Two Russian nationals, Ruslan Magomedovich Astamirov and Mikhail Vasiliev, pleaded guilty in a federal court in Newark for their roles in the LockBit ransomware operation.

Security Affairs

July 10, 2024 – Phishing

Regional Transport Office Themed Phishing Campaign Targets Android Users In India Full Text

Abstract Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named "VAHAN PARIVAHAN.apk".

Cyble As CISOs Grapple with the C-Suite, Job Satisfaction Takes a Hit Full Text

Abstract Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent.

Cybersecurity Dive

July 3, 2024

Feds Hit Health Entity With $950K Fine in Ransomware Attack Full Text

Abstract The US Department of Health and Human Services has levied a fine of $950,000 from the Heritage Valley Health System in Pennsylvania. It must address potential HIPAA violations after a ransomware attack in 2017.

Bank Infosecurity

July 1, 2024

Police Allege ‘Evil Twin’ In-Flight Wi-Fi Used to Steal Information Full Text

Abstract A man in Australia was charged with operating fake Wi-Fi networks on a commercial flight to steal passengers' email and social media credentials. The investigation began when an airline reported a suspicious Wi-Fi network during a domestic flight.

The Register

June 25, 2024

Four FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree Full Text

Abstract Ta Van Tai, Nguyen Viet Quoc, Nguyen Trang Xuyen, and Nguyen Van Truong are accused of conducting phishing campaigns and supply chain compromises to orchestrate cyberattacks and steal millions of dollars.

The Hacker News

June 24, 2024

Polish Investigators Seize Pegasus Spyware Systems as Part of Probe Into Alleged Abuse Full Text

Abstract Polish prosecutors have seized Pegasus spyware systems from a government agency in Warsaw as part of an investigation into the legality of its use. The devices were secured from the headquarters of the Central Anticorruption Bureau.

The Record

June 18, 2024

Hackers Plead Guilty After Breaching Law Enforcement Portal Full Text

Abstract Two hackers, Sagar Steven Singh and Nicholas Ceraolo, have pleaded guilty to computer intrusion and identity theft. They used a law enforcement officer's stolen password to access a nonpublic portal maintained by a U.S. law enforcement agency.

Bank Info Security

June 17, 2024

Blackbaud Must Pay $6.75 Million, Improve Security After Lying About Scope of 2020 Hack Full Text

Abstract Software company Blackbaud has agreed to pay $6.75 million and make improvements to its data security and breach notification practices following a hack in May 2020. The settlement was announced by California Attorney General Rob Bonta.

The Record

June 10, 2024

Guardian Analytics and Webster Bank Settle $1.4 Million Data Breach Lawsuit Full Text

Abstract Plaintiffs contended that both Guardian Analytics, a provider of data analytics services to financial institutions, and Webster Bank, failed to implement sufficient measures to safeguard sensitive customer information.

The Cyber Express

May 31, 2024

Hospital Allegedly Skirting Ransomware Death Suit Settlement Full Text

Abstract The lawsuit filed by plaintiff Teiranni Kidd against Springhill Memorial Hospital in 2019 and amended in June 2020 alleges that Kidd's daughter, Nicko Silar, suffered birth complications and subsequently died due to the ransomware attack.

Bank Info Security

May 29, 2024

Chinese Nationals Sanctioned for Botnet Used to Steal ‘Billions’ in COVID-19 Relief Funds Full Text

Abstract According to the Treasury, the botnet was especially useful “when carrying out credit card theft” and was used to facilitate tens of thousands of fraudulent applications related to COVID-19 relief funding.

The Record

May 27, 2024

Australian Telecom Watchdog Sues Optus Over 2022 Data Breach Full Text

Abstract The Australian Communications and Media Authority said it has filed proceedings against Optus in a federal court as the company failed to protect sensitive customer data during a data breach in September 2022 that affected close to 10 million people.

Bank Info Security

May 27, 2024 – Government

EU Wants Universities to Work with Intelligence Agencies to Protect Their Research Full Text

Abstract Europe’s leading research universities should work more closely with the continent’s intelligence agencies to help secure their research from being stolen by hostile states, EU member states recommended this week.

The Record

May 20, 2024

Chinese Duo Indicted for Laundering $73m in Pig Butchering Case Full Text

Abstract Two Chinese nationals have been indicted for their alleged involvement in a multimillion-dollar "pig butchering" investment fraud scheme, where they laundered over $73 million through US financial institutions and cryptocurrency wallets.

Infosecurity Magazine

May 20, 2024

US SEC Approves Wall Street Data Breach Reporting Regs Full Text

Abstract The SEC has approved new regulations that require broker-dealers and investment firms to notify their clients within 30 days of detecting a data breach, in an effort to modernize and enhance the protection of consumers' financial data.

Healthcare Infosecurity

May 20, 2024

Judge Denies Class Certification in Blackbaud Hack Lawsuit Full Text

Abstract The judge said the plaintiffs did not show an "administratively feasible" way for the court to determine whether a particular individual is a class member without extensive and individualized fact-finding.

Bank Info Security

May 17, 2024

SEC to Require Financial Firms to Have Data Breach Incident Plans Full Text

Abstract The SEC now requires certain financial institutions to have written policies for detecting, addressing, and notifying customers of data breaches involving their personal information.

The Record

May 14, 2024

Vermont Passes Data Privacy Law Allowing Consumers to Sue Companies Full Text

Abstract Vermont has passed one of the strongest comprehensive data privacy laws in the country, which includes a provision allowing individuals to sue companies for violating their privacy rights.

The Record

May 3, 2024

Cybersecurity Consultant Arrested After Allegedly Extorting IT Firm Full Text

Abstract Vincent Cannady, a former cybersecurity consultant, was arrested for allegedly extorting a publicly traded IT company by threatening to disclose confidential data unless they paid him $1.5 million.

Bleeping Computer

May 3, 2024

REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison Full Text

Abstract Yaroslav Vasinskyi, a 24-year-old Ukrainian national and affiliate of the notorious REvil ransomware-as-a-service (RaaS) group, has been sentenced to 13 years and 7 months in prison by a US court.

Infosecurity Magazine

May 2, 2024

Finnish Psychotherapy Center Cyber-Blackmailer Gets Six Years Full Text

Abstract The district court of Länsi-Uusimaa, Finland, sentenced Aleksanteri Kivimäki, 26, on Tuesday for crimes against the Vastaamo center and those in its care, which included more than 20,000 extortion attempts.

The Register

April 29, 2024

Know-Your-Customer Executive Order Facing Stiff Opposition From Cloud Industry Full Text

Abstract A controversial executive order that would require U.S. cloud companies to closely monitor the identities of their customers will move one step closer to the finish line next week amid opposition from the industry.

The Record

April 24, 2024

US Gov Slaps Visa Restrictions on Spyware Honchos Full Text

Abstract The US State Department is imposing visa restrictions on 13 people involved in the development and sale of commercial spyware, as well as their spouses and children. The State Department can deny these people entrance to the United States.

Dark Reading

April 16, 2024

Top Officials Again Push Back on Ransom Payment Ban Full Text

Abstract Due to multiple reasons, the Institute for Security and Technology’s Ransomware Task Force threw cold water on the need for a ransomware payment ban in a report released Wednesday.

Cybersecurity Dive

April 16, 2024

FTC Bans Online Mental Health Firm From Sharing Certain Data Full Text

Abstract The FTC in its complaint against Cerebral Inc. and the company's former CEO Kyle Robertson, alleges unfair or deceptive practice violations of the FTC Act and the Opioid Act, which pertains to substance use disorder treatment services.

Bank Info Security

April 16, 2024

Law Firm to Pay $8M to Settle Health Data Hack Lawsuit Full Text

Abstract Orrick Herrington & Sutcliffe's proposed agreement with plaintiffs, filed last week in a northern California federal court, settles four proposed consolidated class action lawsuits filed against it in the wake of the March 2023 hacking incident.

Bank Info Security

April 8, 2024

Google Sues Crypto Investment App Makers Over Alleged Massive “Pig Butchering” Scam Full Text

Abstract Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps.

Bit Defender

April 1, 2024

British Nuclear Site Sellafield to be Prosecuted for Cybersecurity Failures Full Text

Abstract The UK's independent nuclear safety regulator has announced that it will be prosecuting the company managing the Sellafield nuclear site over “alleged information technology security offenses during a four year period between 2019 and early 2023.”

The Record

April 1, 2024

KuCoin Charged with AML Violations That Let Cybercriminals Launder Billions Full Text

Abstract In an indictment, the Department of Justice claimed that KuCoin knowingly allowed U.S.-based users to trade on its platform while fulfilling none of its AML obligations, as defined by U.S. laws and regulations.

Bleeping Computer

March 25, 2024

Lawsuit Filed Following Greensboro College Data Breach Full Text

Abstract The data exposed in the Greensboro College data leak encompassed a broad spectrum of personal details, including names, Social Security numbers, student identification numbers, dates of birth, passport numbers, and health information.

The Cyber Expresss

March 20, 2024

Cash-Strapped Women’s Clinic Sues UnitedHealth Over Attack Full Text

Abstract The lawsuit alleges that disruption in claims processing caused by the cyberattack on the company's Change Healthcare unit and ongoing IT outage is threatening to push the clinic and other providers into bankruptcy.

Bank Info Security

March 11, 2024

Bills Targeting Data Brokers and TikTok Approved in House Committee Full Text

Abstract The House Energy and Commerce Committee approved two significant data privacy bills, including one targeting TikTok's Chinese ownership and another blocking data brokers from selling Americans' data to foreign adversaries.

Cyware

March 7, 2024

Feds Get Second Guilty Plea in Prosecution of Nigerian-Led BEC Case Full Text

Abstract Nigerian national Henry Onyedikachi Echefu pleaded guilty to wire fraud and money laundering in connection with a $6 million business email compromise scheme dating back to 2017.

Cyware

March 7, 2024

EU Agrees ‘Cyber Solidarity Act’ to Bolster Incident Response and Recovery Full Text

Abstract The regulations will establish an EU-wide cybersecurity alert system and a cybersecurity emergency mechanism to support preparedness, financial assistance, and a cybersecurity reserve for large-scale incidents.

Cyware

March 4, 2024

U.S. Judge Ordered NSO Group to Hand Over the Pegasus Spyware Code to WhatsApp Full Text

Abstract This decision came after Meta won a legal battle against NSO Group. The lawsuit originated from allegations that NSO Group had conducted malicious attacks against WhatsApp users.

Cyware

March 4, 2024

U.S. Authorities Charged an Iranian National for Long-Running Hacking Campaign Full Text

Abstract Iranian national Alireza Shafie Nasab has been charged by the U.S. DoJ for orchestrating a multi-year hacking campaign targeting U.S. government and defense entities, using techniques like spear phishing and social engineering.

Cyware

February 27, 2024

Russian Hacker Set to Face Trial for the Hack of a Local Power Grid Full Text

Abstract A 49-year-old Russian national has been charged with carrying out a cyberattack on a local power plant, resulting in a widespread blackout in 38 villages in the Vologda region.

Cyware

February 26, 2024

California AG Settles with DoorDash Over Selling Consumer Data Without Notice Full Text

Abstract The settlement includes a $375,000 civil penalty, a review of vendor agreements, and the requirement to provide annual reports on potential sale or sharing of consumer information.

Cyware

February 26, 2024

FTC to Ban Avast From Selling Browsing Data for Advertising Purposes Full Text

Abstract The U.S. Federal Trade Commission (FTC) has ordered Avast to pay $16.5 million and banned the company from selling users' web browsing data or licensing it for advertising purposes.

Cyware

February 23, 2024

Chinese Duo Found Guilty of $3m Apple Fraud Plot Full Text

Abstract Two Chinese nationals, Haotian Sun and Pengfei Xue, have been found guilty of running a fraudulent scheme targeting Apple. They sent thousands of fake iPhones to Apple for repair, hoping to receive genuine replacements.

Cyware

February 19, 2024

Ukrainian Extradited to US Over Alleged Raccoon Stealer Ties Full Text

Abstract Mark Sokolovsky, a Ukrainian national, has been extradited to the United States to face criminal charges related to his involvement in the Raccoon info stealer malware-as-a-service operation.

Cyware

February 16, 2024

To Avoid Bankruptcy, EMR Firm Settles Lawsuit for $4M Full Text

Abstract The settlement includes options for affected individuals such as identity theft monitoring, reimbursement for losses, or a flat fee cash payment, with attorneys seeking about one-third of the settlement fund in fees.

Cyware

February 16, 2024

Zeus, IcedID Malware Gangs Leader Pleads Guilty, Faces 40 Years in Prison Full Text

Abstract Vyacheslav Igorevich Penchukov, a Ukrainian cybercriminal, pleaded guilty to leading the Zeus and IcedID malware groups, involved in stealing millions of dollars and attacking a major hospital with ransomware.

Cyware

February 15, 2024

New Jersey Law Enforcement Officers Sue 118 Data Brokers for Not Removing Personal Information Full Text

Abstract The lawsuits filed against data brokers in New Jersey highlight the need for stronger regulation of data brokers to protect the privacy of law enforcement personnel and all Americans.

Cyware

February 11, 2024

U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators Full Text

Abstract The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called  Warzone RAT . The domains –  www.warzone[.]ws  and three others – were "used to sell computer malware used by cybercriminals to secretly access and steal data from victims' computers," the DoJ  said . Alongside the takedown, the international law enforcement effort has arrested and indicted two individuals in Malta and Nigeria for their involvement in selling and supporting the malware and helping other cybercriminals use the RAT for malicious purposes. The defendants, Daniel Meli (27) and Prince Onyeoziri Odinakachi (31) have been charged with unauthorized damage to protected computers, with the former also accused of "illegally selling and advertising an electronic interception device and participating in a conspiracy to commit several computer intrusion offenses." Meli is alleged to have offered malware se

The Hacker News

February 9, 2024

Google Settles Google+ API Data Leak Lawsuit for $350M Full Text

Abstract The shareholders, led by the state of Rhode Island's retirement system, accused Google of concealing the extent of the data breach and failing to notify users about the API flaw.

Cyware

February 7, 2024

Business, Technology Groups Back SolarWinds Motion to Dismiss SEC Charges Full Text

Abstract The U.S. Chamber of Commerce and the Business Roundtable argue that the SEC has expanded its interpretation of internal accounting controls provisions beyond Congress's original intent.

Cyware

February 05, 2024

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering Full Text

Abstract A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka , who was arrested in Latvia on December 21, 2023, was extradited to the U.S. If convicted, he faces a maximum penalty of 25 years in prison. BTC-e, which had been operating since 2011, was seized by law enforcement authorities in late July 2017 following the arrest of another key member  Alexander Vinnik , in Greece. The exchange is alleged to have received deposits valued at over $4 billion, with Vinnik laundering funds received from the hack of another digital exchange, Mt. Gox, through various online exchanges, including BTC-e. Court documents  allege  that the exchange was a "significant cybercrime and online money laundering entity," allowing its users to trade in bitcoin with high levels of anonymity, thereby building a customer

The Hacker News

February 03, 2024

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks Full Text

Abstract The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The  officials  include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian, who are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). Reza Lashgarian is also the head of the IRGC-CEC and a commander in the IRGC-Qods Force. He is alleged to have been involved in various IRGC cyber and intelligence operations. The Treasury Department  said  it's holding these individuals responsible for carrying out "cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company." In late November 2023, the U.S. Cybersecurity and Infras

The Hacker News

February 2, 2024

Uber Fined Nearly $11 Million by Dutch Data Regulator Full Text

Abstract The regulatory fine resulted from complaints by French Uber drivers and a Paris-based civil society organization, highlighting the significance of user rights and privacy concerns.

Cyware

February 2, 2024

Man Sentenced to Six Years in Prison for Stealing Millions in Cryptocurrency via SIM Swapping Full Text

Abstract A 22-year-old man from the US, Daniel James Junk, has been sentenced to 72 months in federal prison for his involvement in a fraudulent scheme that led to the theft of millions of dollars through SIM swapping.

Cyware

January 31, 2024

The SEC Won’t Let CISOs Be: Understanding New SaaS Cybersecurity Rules Full Text

Abstract The SEC isn't giving SaaS a free pass. Applicable public companies, known as "registrants," are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them.  The new cybersecurity mandates  make no distinction between data exposed in a breach that was stored on-premise, in the cloud, or in SaaS environments. In the SEC's own words: "We do not believe that a reasonable investor would view a significant data breach as immaterial merely because the data are housed on a cloud service." This evolving approach comes as SaaS security shortcomings continually make headlines and tech leaders debate  how the SEC may change cybersecurity  after charging both SolarWinds and its CISO with fraud.  Why SaaS and SaaS-to-SaaS Connection Risks Matter to the SEC — And To Your Organization  The perception and reality of SaaS security are, in many cases, miles apart. SaaS security leader  App

The Hacker News

January 29, 2024

A TrickBot malware developer sentenced to 64 months in prison Full Text

Abstract Vladimir Dunaev was extradited to the US in October 2021 and pleaded guilty to charges related to computer fraud and identity theft. He developed malicious tools that aided in data theft and fraud, resulting in millions of dollars in losses.

Cyware

January 26, 2024

Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree Full Text

Abstract 40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after  Dunaev pleaded guilty  to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud. "Hospitals, schools, and businesses were among the millions of TrickBot victims who suffered tens of millions of dollars in losses," DoJ  said . "While active, TrickBot malware, which acted as an initial intrusion vector into victim computer systems, was used to support various ransomware variants." Originating as a banking trojan in 2016, TrickBot evolved into a Swiss Army knife capable of delivering additional payloads, including ransomware. Following efforts to take down the botnet, it was absorbed into the Conti ransomware operation in 2022. The cybercrime crew's allegiance to

The Hacker News

January 25, 2024

Federal Judge Rejects NSO’s Effort to Dismiss Apple’s Pegasus Lawsuit Full Text

Abstract Apple's lawsuit alleges that NSO Group facilitated hacking into Apple's servers, leading to significant time and expense for Apple in detecting and eradicating Pegasus from users' devices.

Cyware

January 25, 2024

French Regulators Levy $34.7 Million Fine Against Amazon for Surveilling Employees Full Text

Abstract France's data protection authority, CNIL, has fined Amazon €32 million ($34.7 million) for excessive monitoring of employees in its warehouses and for not promptly deleting the data.

Cyware

January 23, 2024

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time Full Text

Abstract Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a $300,000 bond, and in July 2023, he pleaded guilty to the charges. BreachForums was a major cyber crime marketplace that facilitated the trafficking of stolen data since March 2022. Prior to its shutdown exactly a year later, the website boasted of over 340,000 members. Among the stolen items commonly sold on the platform were bank account information, Social Security numbers, personally identifying information (PII), hacking tools, breached databases, and account login information for compromised online accounts with service providers and merchants. BreachForums also advertised servic

The Hacker News

January 13, 2024

Fertility Test Lab Will Pay $1.25M to Settle Breach Lawsuit Full Text

Abstract The settlement includes reimbursement for out-of-pocket losses, credit monitoring, identity theft insurance, and a cash settlement payment for affected individuals, with an additional payment for California residents.

Cyware

January 9, 2024

New York Clinic Must Pay $450K Fine, Spend $1.2M on Security Full Text

Abstract The Refuah Health Center in New York has been fined up to $450,000 and required to invest over $1 million in improving its data security following a ransomware attack in 2021.

Cyware

January 08, 2024

DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud Full Text

Abstract The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace , which is estimated to have facilitated more than $68 million in fraud. In  wrapping up its investigation  into the dark web portal, the agency said the transnational operation was the result of close cooperation with law enforcement authorities from Belgium, Germany, the Netherlands, Ukraine, and Europol. Of the 19 defendants, three have been sentenced to 6.5 years in prison, eight have been awarded jail terms ranging from one year to five years, and one individual has been ordered to serve five years' probation. One among them includes Glib Oleksandr Ivanov-Tolpintsev, a Ukrainian national who was  sentenced to four years in prison  in May 2022 for selling compromised credentials on xDedic and making $82,648 in illegal profits. Dariy Pankov, described by the DoJ as one of the highest sellers by volume, offered credentials of no less than 35,000 ha

The Hacker News

January 03, 2024

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation Full Text

Abstract The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule ( TSR ). In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures, including establishing a process for screening its customers and calling for potential illegal telemarketing. The order, which also imposes a $10 million civil penalty judgment, has been suspended due to XCast's inability to pay. "XCast provided VoIP services that transmitted billions of illegal robocalls to American consumers, including scam calls fraudulently claiming to be from government agencies," the DoJ  said  in a press release. These calls delivered prerecorded marketing messages, most of which were sent to numbers listed on the National Do Not Call Registry. To make matters worse,

The Hacker News

January 02, 2024

Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in ‘Incognito Mode’ Full Text

Abstract Google has agreed to settle a lawsuit  filed in June 2020  that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the "incognito" or "private" mode on web browsers. The  class-action lawsuit  sought at least $5 billion in damages. The settlement terms were not disclosed. The plaintiffs had alleged that Google violated federal wiretap laws and  tracked users' activity  using Google Analytics to collect information when in private mode. They said this allowed the company to collect an "unaccountable trove of information" about users who assumed they had taken adequate steps to protect their privacy online. Google subsequently attempted to get the lawsuit dismissed, pointing out the message it displayed when users turned on Chrome's incognito mode, which  informs users  that their activity might still be visible to websites you visit, employer or school, or their internet service provider. It's w

The Hacker News

December 29, 2023

Google to Settle Class Action Lawsuit Alleging Incognito Mode Does Not Protect User Privacy Full Text

Abstract Google has reached a preliminary settlement in a class-action lawsuit accusing the company of deceiving users about their privacy while using the Incognito mode. The settlement comes after a nearly four-year legal battle.

Cyware

December 24, 2023

British LAPSUS$ Teen Members Sentenced for High-Profile Attacks Full Text

Abstract Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent to get back to cybercrime "as soon as possible," BBC  reported . Kurtaj, who is autistic, was deemed unfit to stand trial. Another LAPSUS$ member, a 17-year-old unnamed minor, was sentenced to an 18-month-long Youth Rehabilitation Order, including a three-month intensive supervision and surveillance requirement. He was found guilty of two counts of fraud, two Computer Misuse Act offenses, and one count of blackmail. Both defendants  were initially arrested in January 2022, and then released under investigation. They were re-arrested in March 2022. While Kurtaj was later granted bail, he continued to attack various companies until he was arrested again in September. The attack sp

The Hacker News

December 23, 2023

Online Platform Carousell Violated Hong Kong Privacy Laws, Watchdog Finds Full Text

Abstract The violation comes after the personal data of over 320,000 local users was discovered being sold on the dark web. Carousell reported the incident last year, attributing it to a loophole exploited by hackers in its system migration process.

Cyware

December 21, 2023

Cyber Risk Strategies in Hot Seat as SEC Rules Go Live Full Text

Abstract Companies are reassessing their incident response plans and determining the materiality of cyber incidents. The SEC aims to improve companies' preparedness to mitigate breaches and attacks.

Cyware

December 18, 2023

Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam Full Text

Abstract Four U.S. nationals have been charged for participating in an illicit scheme that earned them more than $80 million via cryptocurrency investment scams. The defendants – Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, Rosemead, California; and Hailong Zhu, 40, Naperville, Illinois – have been charged with conspiracy to commit money laundering, concealment money laundering, and international money laundering. The U.S. Department of Justice (DoJ), which announced the arrests of both Zhang and Walker in connection with the fraudulent operation, said the quartet opened shell companies and bank accounts to carry out  pig butchering scams , transferring the ill-gotten funds to domestic and international financial entities. If convicted, Zhang and Walker face a maximum penalty of 20 years in prison. Their alleged co-conspirators remain at large. "The overall fraud scheme in the related pig-butchering syndicate involved at least 284

The Hacker News

December 18, 2023

NY Engineer Pleads Guilty to Stealing Millions From Two Crypto Exchanges Full Text

Abstract A former security engineer has pleaded guilty to hacking two decentralized cryptocurrency exchanges, resulting in the theft of over $12 million. The hacker exploited vulnerabilities in the smart contracts of the exchanges.

Cyware

December 12, 2023

Long-Running Clearview AI Class Action Biometric Privacy Case Settles Full Text

Abstract Clearview AI has reached a settlement in a class-action privacy lawsuit, which alleged that the company violated Illinois' Biometric Information Privacy Act (BIPA) by using online images without consent for its facial recognition technology.

Cyware

December 11, 2023

UK Sanctions Nine Linked to Cyber Trafficking in Southeast Asia Full Text

Abstract The United Kingdom has imposed sanctions on individuals and entities involved in Southeast Asia's online scamming industry, targeting both human traffickers and companies connected to scam operations.

Cyware

December 08, 2023

Founder of Bitzlato Cryptocurrency Exchange Pleads Guilty in Money-Laundering Scheme Full Text

Abstract The Russian founder of the now-defunct Bitzlato cryptocurrency exchange has pleaded guilty, nearly 11 months after he was  arrested in Miami  earlier this year. Anatoly Legkodymov (aka Anatolii Legkodymov, Gandalf, and Tolik), according to the U.S. Justice Department, admitted to operating an unlicensed money-transmitting business that enabled other criminal actors to launder their illicit proceeds. He faces up to five years in prison. "Legkodymov operated a cryptocurrency exchange that was open for business to money launderers and other criminals,"  said  Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department's Criminal Division. "He profited from catering to criminals, and now he must pay the price. Transacting in cryptocurrency does not put you beyond the reach of the law." Bitzlato, which served as a safe haven for fraudsters and ransomware crews such as  Conti , is estimated to have received $2.5 billion in cryptocurrency bet

The Hacker News

December 4, 2023

Establishing New Rules for Cyber Warfare Full Text

Abstract The International Committee of the Red Cross (ICRC) has released a set of rules for civilian hackers involved in cyber conflicts. The rules aim to clarify the line between civilians and combatants in cyberspace during times of war.

Cyware

December 02, 2023

Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware Full Text

Abstract A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was  arrested  in South Korea in September 2021 and extradited to the U.S. a month later. "Dunaev developed browser modifications and malicious tools that aided in credential harvesting and data mining from infected computers, facilitated and enhanced the remote access used by TrickBot actors, and created a program code to prevent the TrickBot malware from being detected by legitimate security software," the DoJ  said . "During Dunaev's participation in the scheme, 10 victims in the Northern District of Ohio, including Avon schools and a North Canton real-estate company, were defrauded of more than $3.4 million via ransomware deployed by TrickBot." Dunaev, who pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and ban

The Hacker News

November 30, 2023

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers Full Text

Abstract The U.S. Treasury Department on Wednesday imposed sanctions against  Sinbad , a virtual currency mixer that has been put to use by the North Korea-linked  Lazarus Group  to launder ill-gotten proceeds. "Sinbad has processed millions of dollars' worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists," the department said . "Sinbad is also used by cybercriminals to obfuscate transactions linked to malign activities such as sanctions evasion, drug trafficking, the purchase of child sexual abuse materials, and additional illicit sales on darknet marketplaces." The development builds on prior actions undertaken by governments in Europe and the U.S. to blockade mixers such as  Blender ,  Tornado Cash , and  ChipMixer , all of which have been accused of providing "material support" to the hacking crew by laundering the stolen assets through their services. Sinbad, created by an individual who goes by t

The Hacker News

November 29, 2023

British Afrobeat singer pleads guilty to stealing $6 million in hacks on financial accounts Full Text

Abstract According to the Department of Justice, from 2011 until 2018 Mustapha and his unnamed co-conspirators siphoned funds from financial accounts whose login information they illegally accessed through phishing attacks.

Cyware

November 22, 2023

US Authorities Trace and Return Nearly $9M Stolen by Scammers Full Text

Abstract The US Secret Service and various reporting portals tied the criminals' laundering efforts to multiple wallet addresses. The seized proceeds were returned in the stablecoin Tether.

Cyware

November 20, 2023

Israeli Private Investigator Gets 80-Month Sentence for Global Hack-for-Hire Scheme Full Text

Abstract The investigator's victims included high-profile climate change activists, and their hacked communications were leaked to media outlets to undermine investigations into Exxon's knowledge about climate change risks.

Cyware

November 20, 2023

US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website Full Text

Abstract Along with others, Joseph Garrison stole approximately $600,000 from 1,600 victim accounts by adding a new payment method, depositing $5 into each account, and then withdrawing the funds.

Cyware

November 17, 2023

SEC Aims to Avoid Cyber Disclosure Rule ‘Compliance Burdens’ Full Text

Abstract The rule includes exceptions for cases where public disclosure of a cyber incident could pose significant risks to public safety or national security, allowing companies to work with law enforcement agencies to address secret cybersecurity events.

Cyware

November 15, 2023

Google Suing Cybercriminals Who Delivered Malware via Fake Bard Downloads Full Text

Abstract Google is taking legal action against cybercriminals who used fake websites to deliver malware and gain control of social media accounts through a scam involving its chat-based AI tool, Bard.

Cyware

November 4, 2023

US Sanctions Russian Accused of Laundering Virtual Currency for Ransomware Affiliate Full Text

Abstract The US Treasury Department has sanctioned a Russian woman named Ekaterina Zhdanova for allegedly laundering virtual currency on behalf of Russian elites and cybercriminals, including a Ryuk ransomware affiliate.

Cyware

October 31, 2023

Florida SIM Swapper Sentenced to Prison for Cryptocurrency Theft Full Text

Abstract The perpetrator and his co-conspirators targeted dozens of victims, gaining access to their cryptocurrency accounts by hijacking their phone numbers and initiating password resets.

Cyware

October 27, 2023

US Senator Quizzes 23andMe Over Credential-Stuffing Hack Full Text

Abstract Genetics testing firm 23andMe is facing multiple class action lawsuits and congressional scrutiny following a credential-stuffing hacking incident that exposed sensitive customer data.

Cyware

October 24, 2023

Ex-NSA Employee Pleads Guilty to Leaking Classified Data to Russia Full Text

Abstract A former employee of the U.S. National Security Agency (NSA) has pleaded guilty to charges accusing him of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke, 31, served as an Information Systems Security Designer for the NSA from June 6, 2022, to July 1, 2022, where he had Top Secret clearance to access sensitive documents. The latest development  comes more than a year  after his arrest. "Dalke admitted that between August and September 2022, in order to demonstrate both his 'legitimate access and willingness to share,' he used an encrypted email account to transmit excerpts of three classified documents to an individual he believed to be a Russian agent," the U.S. Department of Justice (DoJ)  said  in a Monday press release. In reality, the purported agent was an online covert employee working for the U.S. Federal Bureau of Investigation (FBI). Dalke is also alleged to have requested $85,000 in exchange for sharing the infor

The Hacker News

October 20, 2023

U.S. DoJ Cracks Down on North Korean IT Scammers Defrauding Global Businesses Full Text

Abstract The U.S. government has  announced  the seizure of 17 website domains used by North Korean information technology (IT) workers as part of an illicit scheme to defraud businesses across the world, evade sanctions, and fund the country's ballistic missile program. The Department of Justice (DoJ) said the U.S. confiscated approximately $1.5 million of the revenue that these IT workers collected from unwitting victims using the deceptive scheme in October 2022 and January 2023. It also called out North Korea for flooding the "global marketplace with ill-intentioned information technology workers." Court documents allege that the dispatched workers primarily live in China and Russia with an aim to deceive companies in the U.S. and elsewhere into hiring them under fake identities, and ultimately generating "millions of dollars a year" in illicit revenues. The development comes amid  continued   warnings  from the U.S. about North Korea's reliance on its army

The Hacker News

October 19, 2023

Former Navy IT Manager Sentenced to Prison for Hacking, Selling PII Full Text

Abstract The IT manager and his wife stole the personally identifiable information of over 9,000 individuals and sold it for $160,000 in Bitcoin, which was later used for criminal activities.

Cyware

October 16, 2023

EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits Full Text

Abstract The US EPA has withdrawn cybersecurity rules for public water systems due to lawsuits filed by states and non-profit water associations, citing concerns about financial burden and cybersecurity vulnerabilities.

Cyware

October 11, 2023

Crunchyroll Resolves Class Action Lawsuit, Offers Compensation for Subscribers Full Text

Abstract The lawsuit alleged that Crunchyroll had disclosed subscribers' personal information to third parties without proper consent. Initially denying the allegations, Crunchyroll ultimately chose to settle to avoid expenses and uncertainties.

Cyware

September 28, 2023

Caesars Entertainment Faces Class Action Lawsuits Following Rewards Database Hack Full Text

Abstract At least four separate plaintiffs allege the company was negligent for allowing their sensitive personal data to be stolen in a social engineering attack by criminal threat groups.

Cyware

September 16, 2023

TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U. Full Text

Abstract The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union's General Data Protection Regulation (GDPR) in relation to its handling of children's data. The investigation, initiated in September 2021,  examined  how the popular short-form video platform processed personal data relating to child users (those between the ages of 13 and 17) between July 31 and December 31, 2020. Some of the major findings include - The content posted by child users was set to public by default, thereby allowing any individual (with or without TikTok) to view the material and exposing them to additional risks A failure to provide transparency information to child users The implementation of dark patterns to steer users towards opting for privacy-intrusive options during the registration process, and when posting videos A weakness in the Family Sharing setting that allowed any non-child user (someone who could not be

The Hacker News

September 15, 2023

Google Agrees to $93 Million Settlement in California’s Location-Privacy Lawsuit Full Text

Abstract Google has agreed to pay $93 million to settle a lawsuit filed by the U.S. state of California over allegations that the company's location-privacy practices misled consumers and violated consumer protection laws. "Our investigation revealed that Google was telling its users one thing – that it would no longer track their location once they opted out – but doing the opposite and continuing to track its users' movements for its own commercial gain," California Attorney General Rob Bonta  said .  The lawsuit is in response to disclosures that the company continued to track users' locations despite stating to the contrary that such information would not be stored if the "Location History" setting was disabled. The complaint filed by California alleged that Google collected location data through other sources and that it deceived users about their ability to opt out of personalized advertisements targeted to their location. With Google making over $220

The Hacker News

September 9, 2023

UK and US Sanction 11 Russians Connected to Notorious Trickbot Group Full Text

Abstract The individuals targeted by the sanctions “include key actors involved in management and procurement for the Trickbot group, which has ties to Russian intelligence services,” according to the U.S. Treasury.

Cyware

September 7, 2023

Australian Official Slams Firms for Data Breach Reporting Delays Full Text

Abstract In the first half of 2023, OAIC received reports of breaches within 30 days after they occurred from 74% of organizations, and just 5% of organizations took longer than four months to report breaches.

Cyware

September 1, 2023 – Breach

Data Breach Could Affect More Than 100,000 in Pima County Full Text

Abstract More than 100,000 Pima County residents could be affected by a nationwide data breach that affected the company that handled COVID-19 case investigations and contact tracing here, officials say.

Cyware

August 30, 2023

FBI Dismantles QakBot Malware, Frees 700,000 Computers, Seizes $8.6 Million Full Text

Abstract A coordinated law enforcement effort codenamed  Operation Duck Hunt  has felled  QakBot , a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware. To that end, the U.S. Justice Department (DoJ)  said  the malware is "being deleted from victim computers, preventing it from doing any more harm," adding it seized more than $8.6 million in cryptocurrency in illicit profits. The cross-border exercise involved the participation of France, Germany, Latvia, Romania, the Netherlands, the U.K., and the U.S., alongside technical assistance from cybersecurity company Zscaler. The dismantling has been hailed as "the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals." No arrests were announced. QakBot, also known as QBot and Pinkslipbot, started its life as a banking trojan in 2007 before morphing into a general-pu

The Hacker News

August 26, 2023

UnitedHealthcare Fined $80K for Six-Month Records Access Delay Full Text

Abstract The HHS' Office for Civil Rights said UnitedHealthcare had agreed to settle a case involving potential HIPAA violations related to allegations that the company took six months to fulfill a health plan member's request to access his PHI.

Cyware

August 25, 2023

Two LAPSUS$ Hackers Convicted in London Court for High-Profile Tech Firm Hacks Full Text

Abstract Two U.K. teenagers have been convicted by a jury in London for being part of the notorious LAPSUS$ transnational gang and for orchestrating a series of brazen, high-profile hacks against major tech firms and demanding a ransom in exchange for not leaking the stolen information. This includes Arion Kurtaj (aka White, Breachbase, WhiteDoxbin, and TeaPotUberHacker), an 18-year-old from Oxford, and an unnamed minor, who began collaborating in July 2021 after having met online, BBC  reported  this week. Both the defendants were initially arrested and released under investigation in January 2022, only to be  re-arrested and charged  by the City of London Police in April 2022. Kurtaj was subsequently granted bail and moved to a hotel in Bicester after he was doxxed in an online cybercrime forum. He, however, continued his hacking spree, targeting companies like  Uber ,  Revolut , and  Rockstar Games , as a result of which he was  arrested again  in September. Another alleged member of the

The Hacker News

August 24, 2023

Lapsus$ member has been convicted of having hacked multiple high-profile companies Full Text

Abstract An 18-year-old member of the Lapsus$ gang has been convicted of having helped hack multiple high-profile companies. A teenage member of the Lapsus$ data extortion group, Arion Kurtaj (18), was convicted by a London jury of having hacked multiple...

Security Affairs

August 24, 2023

Tornado Cash Founders Charged in Billion-Dollar Crypto Laundering Scandal Full Text

Abstract The U.S. Justice Department (DoJ) on Wednesday  unsealed an indictment  against two founders of the now-sanctioned Tornado Cash cryptocurrency mixer service, charging them with laundering more than $1 billion in criminal proceeds. Both the individuals, Roman Storm and Roman Semenov, have been charged with conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money-transmitting business. Storm, 34, is said to have been arrested in the U.S. state of Washington. Semenov, 35, remains at large in Dubai. They are alleged to have "made millions of dollars in profits" from promoting and operating the service. Tornado Cash is estimated to have processed upwards of $7 billion worth of crypto assets over a period of three years. In a related move, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned  Semenov and  eight cryptocurrency addresses  connected to him, days after a U.S. cou

The Hacker News

August 23, 2023

DoJ charged Tornado Cash founders with laundering more than $1 billion Full Text

Abstract The U.S. DoJ charged two men with operating the Tornado Cash service and laundering more than $1 Billion in criminal proceeds. The U.S. Justice Department charged two Tornado Cash founders ROMAN STORM and ROMAN SEMENOV have been charged with one count...

Security Affairs

August 21, 2023

Federally Insured Credit Unions Required to Report Cyber Incidents Within 72 Hours Full Text

Abstract The new policy, National Credit Union Administration (NCUA) announced, comes into effect on September 1, and will cover all incidents that impact information systems or the integrity, confidentiality, or availability of data on those systems.

Cyware

August 18, 2023

Africa Cyber Surge II law enforcement operation has led to the arrest of 14 suspects Full Text

Abstract An international law enforcement operation across 25 African countries has led to the arrest of 14 cybercriminals. A coordinated law enforcement operation conducted by INTERPOL and AFRIPOL across 25 African countries has led to the arrest of 14 suspected...

Security Affairs

August 14, 2023

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users’ Privacy First Full Text

Abstract The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill ( DPDPB ) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto," the Indian government  said . The  long-awaited data protection law  comes months after the Ministry of Electronics and Information Technology (MeitY) released a  draft version  of the bill in November 2022. It has been in the making for over five years, with a first draft released in July 2018. A year before, India's Supreme Court  upheld  privacy as a  fundamental right . The legislative framework, which applies to personal data coll

The Hacker News

August 12, 2023

Police dismantled bulletproof hosting service provider Lolek Hosted Full Text

Abstract A joint operation conducted by European and U.S. law enforcement agencies dismantled the bulletproof hosting service provider Lolek Hosted. Lolek Hosted is a bulletproof hosting service provider used to facilitate the distribution of information-stealing...

Security Affairs

August 11, 2023

India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation Full Text

Abstract Indian lawmakers Wednesday approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights.

Cyware

August 9, 2023

For TSA’s Updated Pipeline Security Directive, Consistency and Collaboration are Key Full Text

Abstract This most recent update does not vacate previously established requirements in the simple pursuit of change. Instead, the new directive pursues incremental change that builds on but does not abandon previous requirements.

Cyware

August 04, 2023

NYC Couple Pleads Guilty to Money Laundering in $3.6 Billion Bitfinex Hack Full Text

Abstract A married couple from New York City has pleaded guilty to money laundering charges in connection with the 2016 hack of cryptocurrency stock exchange Bitfinex, resulting in the theft of about 120,000 bitcoin. The development comes more than a year after Ilya Lichtenstein, 35, and his wife, Heather Morgan, 33, were  arrested in February 2022 , following the seizure of roughly 95,000 of the stolen crypto assets that were held by the defendants. The funds were valued at $3.6 billion at the time. Since then, the U.S. government said it has since seized another approximately $475 million tied to the breach. "Lichtenstein used a number of advanced hacking tools and techniques to gain access to Bitfinex's network," the U.S. Department of Justice (DoJ)  said . "Once inside their systems, Lichtenstein fraudulently authorized more than 2,000 transactions in which 119,754 bitcoin was transferred from Bitfinex to a cryptocurrency wallet in Lichtenstein's control."

The Hacker News

August 2, 2023

Lawsuit Alleges Bytedance’s Capcut App Secretly Reaps Massive Amounts of User Data Full Text

Abstract CapCut and sister company TikTok are owned by the Chinese company ByteDance Ltd., which has long been under scrutiny by American officials concerned with how it collects and leverages American users’ personal data, allegedly including biometric data.

Cyware

August 2, 2023

Cyberattack on Montclair Township Led to $450K Settlement Full Text

Abstract The Garden State Joint Insurance Fund made the deal as law enforcement began investigations into possible criminal charges, Joseph Hartnett, interim township manager, said Thursday.

Cyware

August 1, 2023

Meta Subsidiaries Must Pay $14M Over Misleading Data Collection Disclosure Full Text

Abstract Facebook's subsidiaries, including Onavo, have been ordered to pay $14 million in an Australian court case for undisclosed data collection through a now-discontinued VPN, highlighting the company's privacy issues.

Cyware

July 31, 2023

New Jersey Supreme Court to Hear Merck Insurance Dispute Over NotPetya Attack Full Text

Abstract The New Jersey Supreme Court agreed to review the legal fight between Merck and several of the world’s top insurance providers involving $1.4 billion in claims stemming from the 2017 NotPetya cyberattack.

Cyware

July 27, 2023

GROUP-IB Co-Founder ILYA SACHKOV SENTENCED TO 14 YEARS IN A STRICT PRISON COLONY Full Text

Abstract Ilya Sachkov, former CEO and co-founder of Group-IB was sentenced to 14 years in a high security prison colony according to the Moscow court announcement. As per the announcement from the Moscow court, Ilya Sachkov, the former CEO and co-founder of Group-IB,...

Security Affairs

July 27, 2023

Group-IB CEO Ilya Sachkov sentenced to 14 years in a strict prison colony Full Text

Abstract Ilya Sachkov, CEO and co-founder of Group-IB was sentenced to 14 years in a high security prison colony according to the Moscow court announcement. As per the announcement from the Moscow court, Ilya Sachkov, the CEO and co-founder of Group-IB, has been...

Security Affairs

July 27, 2023

Group-IB Co-Founder Sentenced to 14 Years in Russian Prison for Alleged High Treason Full Text

Abstract A city court in Moscow on Wednesday convicted Group-IB co-founder and CEO Ilya Sachkov of "high treason" and jailed him for 14 years in a "strict regime colony" over accusations of passing information to foreign spies. "The court found Sachkov guilty under Article 275 of the Russian Criminal Code (high treason) sentencing him to 14 years of incarceration in a maximum-security jail, restriction of freedom for one year and a fine of 500,000 rubles (about $5,550)," state news agency TASS  reported . Sachkov, who has been in custody  since September 2021  and denied wrongdoing, had been accused of handing over classified information to foreign intelligence in 2011, which the prosecutors said caused reputational damage to Russia's national interests. The exact nature of the charges is unclear. The 37-year-old is expected to appeal the decision, Bloomberg  said , adding, "Sachkov was alleged to have  given the U.S. government  information regardin

The Hacker News

July 27, 2023

New SEC Rules Require U.S. Companies to Reveal Cyber Attacks Within 4 Days Full Text

Abstract The U.S. Securities and Exchange Commission (SEC) on Wednesday approved new rules that require publicly traded companies to publicize details of a cyber attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer breaches are disclosed. "Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors," SEC chair Gary Gensler  said . "Currently, many public companies provide cybersecurity disclosure to investors. I think companies and investors alike, however, would benefit if this disclosure were made in a more consistent, comparable, and decision-useful way." To that end, the new obligations mandate that companies reveal the incident's nature, scope, and timing, as well as its impact. This disclosure, however, may be delayed by an additional period of up to 60 days should it be determined that giving out such specific

The Hacker News

July 26, 2023

Federal Privacy Bill Would Strip FCC’s Role as Telecom Industry’s Privacy Cop Full Text

Abstract Sweeping federal privacy legislation now under debate in Congress is expected to move oversight of the telecom industry’s privacy practices from the FCC to the FTC, a shift that has long been a priority for telecom companies.

Cyware

July 19, 2023

Legislators say HHS is failing to adequately protect health records from law enforcement Full Text

Abstract Lawmakers are demanding the Department of Health and Human Services (HHS) to prevent law enforcement from accessing reproductive and other health records without a warrant.

Cyware

July 18, 2023

Update: UKG Agrees to Pay Up to $6M in Lawsuit Tied to 2021 Breach Full Text

Abstract The ransomware attack, which impacted multiple UKG customers such as Tesla, PepsiCo, Whole Foods, and New York City’s Metropolitan Transportation Authority, hindered some customers’ ability to process payroll.

Cyware

July 18, 2023

Owner of BreachForums Pleads Guilty to Cybercrime and Child Pornography Charges Full Text

Abstract Conor Brian Fitzpatrick , the owner of the now-defunct BreachForums website, has pleaded guilty to charges related to his operation of the cybercrime forum as well as having child pornography images. The development,  first reported  by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka pompompurin) was  formally charged  in the U.S. with conspiracy to commit access device fraud and possession of child pornography. BreachForums, launched in March 2022, operated as an illegal marketplace that allowed its members to trade hacked or stolen databases, enabling other criminal actors to gain unauthorized access to target systems. It was shut down in March 2023 shortly after  Fitzpatrick's arrest  in New York. As many as 888 databases consisting of 14 billion individual records are estimated to have been found in total. The forum had over 333,000 members prior to its takedown. "The purpose of BreachForums, and Fitzpatrick's intent in operating the f

The Hacker News

July 17, 2023

Pompompurin, the BreachForums owner, pleads guilty to hacking charges and possession of child pornography Full Text

Abstract The owner of the BreachForums Conor Brian Fitzpatrick, aka Pompompurin, pleads guilty to hacking charges. The owner of the BreachForums Conor Brian Fitzpatrick agrees to plead guilty to a three-count criminal information charging the defendant with...

Security Affairs

July 13, 2023

Silk Road Drug Market’s ‘Mentor’ Sentenced to 20 Years in Prison Full Text

Abstract During its operation from 2011 until 2013, Silk Road was used by thousands of drug dealers to distribute narcotics and other illicit goods and services to more than 100,000 buyers and to launder hundreds of millions from those unlawful transactions.

Cyware

July 12, 2023

British Prosecutors Say Teen Lapsus$ Member Was Behind Hacks on Uber, Rockstar Full Text

Abstract A British Crown Court on Tuesday lifted a reporting restriction, allowing the naming of teenager Arion Kurtaj who is accused of hacking Uber, Revolut, and video game developer Rockstar Games in a short period of time last September.

Cyware

July 12, 2023

Two more lawsuits filed against Scranton cardiology group over data breach Full Text

Abstract Cybercriminals attempted to access accounts of a Scranton couple who are among clients whose personal information was exposed in a data breach at a Commonwealth Health cardiology group's practice, according to a proposed class-action lawsuit.

Cyware

July 7, 2023

A man has been charged with a cyber attack on the Discovery Bay water treatment facility Full Text

Abstract A man from Tracy, California, has been charged with a computer attack on the Discovery Bay water treatment facility. Rambler Gallo (53), a man from Tracy (California) has been charged with intentionally causing damage to a computer after he allegedly...

Security Affairs

June 28, 2023

SolarWinds says SEC investigation ‘progressing to charges’ Full Text

Abstract SolarWinds — the technology firm at the center of a December 2020 hack that affected multiple U.S. government agencies — said its executives may soon face charges from the Securities and Exchange Commission (SEC) for its response to the incident.

Cyware

June 27, 2023

Hundreds of devices found violating new CISA federal agency directive Full Text

Abstract Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive.

BleepingComputer

June 26, 2023

Citizen of Croatia charged with running the Monopoly Market drug marketplace Full Text

Abstract Milomir Desnica, a citizen of Croatia and Serbia, has been charged with running the Monopoly Market drug darknet marketplace. Milomir Desnica (33), a citizen of Croatia and Serbia, has been extradited from Austria to the United States to face charges...

Security Affairs

June 25, 2023

Twitter hacker sentenced to five years in prison for cybercrime offenses Full Text

Abstract A U.K. citizen, who was involved in the attack on Twitter in 2020, was sentenced to five years in prison for cybercrime offenses.  Joseph James O'Connor, aka PlugwalkJoe (24), the hacker who was involved in the attacks on Twitter in 2020, was sentenced...

Security Affairs

June 23, 2023

MOVEit Data Breach Victims Sue Progress Software Full Text

Abstract Fallout for Progress Software continues over a massive data breach that appears to have affected hundreds of private and public sector organizations that use its MOVEit file transfer software.

Cyware

June 23, 2023

Data Breach Lawsuit Alleges Mismanagement of 3rd-Party Risk Full Text

Abstract A proposed federal class action lawsuit alleges that patient debt collection software firm Intellihartx was negligent in its handling of third-party risk, contributing to a breach affecting nearly 490,000 individuals.

Cyware

June 16, 2023

Justice Department Charges Russian National for LockBit Ransomware Attacks Full Text

Abstract The 20-year old allegedly participated in a conspiracy to commit wire fraud and intentionally damage protected computers and make ransom demands.

Lawfare

June 12, 2023

Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e Full Text

Abstract The DOJ unsealed charges filed in 2019 against 43-year-old Alexey Bilyuchenko and 29-year-old Aleksandr Verner, accusing the two of stealing 647,000 BTC from Mt. Gox and using it to underpin illicit cryptocurrency exchange BTC-e from 2011 to 2017.

Cyware

June 9, 2023

Russians charged with hacking Mt. Gox exchange and operating BTC-e Full Text

Abstract Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt. Gox in 2011 and money laundering. Russian nationals Alexey Bilyuchenko (43) and Aleksandr Verner (29) have been charged with the hack of the cryptocurrency exchange...

Security Affairs

June 07, 2023

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox Full Text

Abstract Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent. "Our proposed order makes it easier for parents to protect their children's privacy on Xbox, and limits what information Microsoft can collect and retain about kids," FTC's Samuel Levine  said . "This action should also make it abundantly clear that kids' avatars, biometric data, and health information are not exempt from  COPPA ." As part of the proposed settlement, which is pending court approval, Redmond has been ordered to update its account creation process for children to prevent the collection and storage of data, including obtaining parental consent and deleting said information within two weeks if approval is not obtained. The privacy protections also extend to third-par

The Hacker News

June 03, 2023

FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring Full Text

Abstract The U.S. Federal Trade Commission (FTC) has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. This comprises a $25 million penalty for breaching children's privacy laws by retaining their Alexa voice recordings for indefinite time periods and preventing parents from exercising their deletion rights. "Amazon's history of misleading parents, keeping children's recordings indefinitely, and flouting parents' deletion requests violated  COPPA  and sacrificed privacy for profits," FTC's Samuel Levine said. As part of the court order, the retail giant has been mandated to delete the collected information, including inactive child accounts, geolocation data, and voice recordings, and prohibited from gathering such data to train its algorithms. It's also required to disclose to customers its data retention practices. Amazon has also agreed to fork out an additional $5.8 million

The Hacker News

June 1, 2023

Two Visions of Digital Sovereignty Full Text

Abstract EU policymakers may soon finalize cybersecurity standards that could render the new Trans-Atlantic Data Privacy Framework irrelevant.

Lawfare

May 29, 2023

Sports Warehouse Fined $300,000 Over Payment Card Data Theft Full Text

Abstract Investigators found that the retailer was storing nearly 20 years' worth of payment card data on its e-commerce server in plaintext format, protected by only a password, which the attacker guessed.

Cyware

May 27, 2023

German Prosecutors Indict FinFisher Spyware Executives Full Text

Abstract The indictment accuses the four FinFisher executives, identified only with an initial, of evading export controls by selling the FinSpy hacking tool to Turkey's intelligence agency in 2015 through a Bulgarian front company.

Cyware

May 27, 2023

Lender OneMain fined $4.25 million for cybersecurity lapses Full Text

Abstract OneMain Financial Group, which specializes in issuing loans to people with “nonprime” credit histories, will pay a $4.25 million penalty in New York state for cybersecurity lapses found during a government investigation.

Cyware

May 22, 2023

EU Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations Full Text

Abstract Facebook's parent company Meta has been fined a record $1.3 billion by European Union data protection regulators for transferring the personal data of users in the region to the U.S. In a binding decision taken by the European Data Protection Board (EDPB), the social media giant has been ordered to bring its data transfers into compliance with the GDPR and delete unlawfully stored and processed data within six months. Additionally, Meta has been given five months to suspend any future transfer of Facebook users' data to the U.S. Instagram and WhatsApp, which are also owned by the company, are not subject to the order. "The EDPB found that Meta IE's infringement is very serious since it concerns transfers that are systematic, repetitive, and continuous," Andrea Jelinek, EDPB Chair,  said  in a statement. "Facebook has millions of users in Europe, so the volume of personal data transferred is massive. The unprecedented fine is a strong signal to organizati

The Hacker News

May 22, 2023

U.K. Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes Full Text

Abstract A U.K. national responsible for his role as the administrator of the now-defunct  iSpoof  online phone number spoofing service has been sentenced to 13 years and 4 months in prison. Tejay Fletcher, 35, of Western Gateway, London, was awarded the sentence on May 18, 2023. He  pleaded guilty  last month to a number of cyber offenses, including facilitating fraud and possessing and transferring criminal property. iSpoof , which was available as a paid service, allowed fraudsters to mask their phone numbers and masquerade as representatives from banks, tax offices, and other official bodies to defraud victims. The help desk scam purported to warn targets of suspicious activity on their accounts and tricked them into disclosing sensitive financial information or transferring money to accounts under the threat actor's control. According to the U.K. Metropolitan Police, the criminals assumed false identities as representatives of various banks such as Barclays, Santander, HSBC, Lloy

The Hacker News

May 18, 2023

Admin of the darknet carding platform Skynet Market pleads guilty Full Text

Abstract A US national has pleaded guilty to operating the carding site Skynet Market and selling financial information belonging to tens of thousands of US victims. The U.S. national Michael D. Mihalo, aka Dale Michael Mihalo Jr. and ggmccloud1, pleaded guilty...

Security Affairs

May 18, 2023

Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands Full Text

Abstract A U.S. national has pleaded guilty in a Missouri court to operating a darknet carding site and selling financial information belonging to tens of thousands of victims in the country. Michael D. Mihalo , aka Dale Michael Mihalo Jr. and ggmccloud1, has been accused of setting up a carding site called Skynet Market that specialized in the trafficking of credit and debit card data. Mihalo and his associates also peddled their warez on other dark web marketplaces such as AlphaBay Market, Wall Street Market, and Hansa Market between February 22, 2016, and October 1, 2019. "Mihalo assembled and directed the team that helped him sell this stolen financial information on the darknet," the U.S. Department of Justice (DoJ)  said  in a press statement released on May 16, 2023. "Mihalo personally possessed, sent, and received the information associated with 49,084 stolen payment cards with the intent that the payment card information would be trafficked on darknet sites, all i

The Hacker News

May 18, 2023

Lawmakers advance cyber bills aimed at open-source, satellite vulnerabilities Full Text

Abstract The House Homeland Security Committee on Wednesday easily advanced legislation to ensure the federal government and critical infrastructure can tap open-source software securely.

Cyware

May 17, 2023

Skynet Carder Market Founder Pleads Guilty Full Text

Abstract An Illinois man pleaded guilty Monday to eight criminal counts stemming from the three years he spent leading a conspiracy to sell stolen financial information on darknet markets.

Cyware

May 16, 2023

Russian ransomware affiliate charged with attacks on critical infrastructure Full Text

Abstract The U.S. Justice Department has filed charges against a Russian citizen named Mikhail Pavlovich Matveev (also known as Wazawaka or Boriselcin) for involvement in three ransomware operations that targeted victims across the United States.

BleepingComputer

May 15, 2023

Former Ubiquiti employee gets 6 years in jail for stealing confidential data and extorting company Full Text

Abstract A former Ubiquiti employee has been sentenced to six years in jail for the theft of confidential data and extorting company for ransom. NICKOLAS SHARP, a former Ubiquiti employee was sentenced today to six years in prison. In December...

Security Affairs

May 10, 2023

Cybercrime Disruption through Civil Litigation and Equitable Remedies Full Text

Abstract No single tool, legal or technical, is able to fight cybercrime. But civil action litigation, however imperfect, is an effective tool to disrupt cybercrime that is available now.

Lawfare

May 10, 2023

Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison Full Text

Abstract A U.K. national has pleaded guilty in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Joseph James O'Connor, who also went by the online alias PlugwalkJoe , admitted to "his role in cyberstalking and multiple schemes that involve computer hacking, including the July 2020 hack of Twitter," the U.S. Department of Justice (DoJ) said. The 23-year-old individual was extradited from Spain on April 26 after the Spanish National Court, in February,  approved  the DoJ request to hand over O'Connor to face 14 criminal charges in the U.S. The  massive hack , which took on July 15, 2020, involved O'Connor and his co-conspirators seizing control of 130 Twitter accounts, including those belonging to Barack Obama, Bill Gates, and Elon Musk, to perpetrate a cryptocurrency scam that netted them $120,000 in a few hours. The attack was made possible by using social engineering techniques to obtain

The Hacker News

April 28, 2023

Google obtained a temporary court order against CryptBot distributors Full Text

Abstract Google obtained a temporary court order in the U.S. to disrupt the operations of the CryptBot information stealer. Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information...

Security Affairs

April 27, 2023

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers Full Text

Abstract Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called  CryptBot  and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau  said  the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution." CryptBot is estimated to have infected over 670,000 computers in 2022 with the goal of stealing sensitive data such as authentication credentials, social media account logins, and cryptocurrency wallets from users of Google Chrome. The harvested data is then exfiltrated to the threat actors, who then sell the data to other attackers for use in data breach campaigns. CryptBot was  first discovered  in the wild in December 2019. The malware has been traditionally delivered via maliciously modified versions of legitimate and popular software packages such as Goog

The Hacker News

April 17, 2023

US extradites Nigerian charged over $6m email fraud scam Full Text

Abstract They used a technique dubbed Business Email Compromise (BEC). As part of this, it's claimed, the fraudsters broke into people's email accounts, too, and chatted via mobile apps to organize their crimes.

Cyware

April 14, 2023

Enforcement of Cybersecurity Regulations: Part 3 Full Text

Abstract Cybersecurity enforcement will likely require an expansion of government inspections of critical infrastructure.

Lawfare

April 14, 2023

Former TSB chief information officer fined $101,000 over IT meltdown in 2018 Full Text

Abstract UK regulators have imposed an £81,000 (~$101,000) fine on a former TSB information officer over the bank’s IT meltdown in 2018 that left millions of customers locked out of their accounts.

Cyware

April 13, 2023 <br {:=”” .fs-4=”” .fw-700=”” .lh-0=”” }=”” <p=”” style=”font-weight:500; margin:0px” markdown=”1”> Personal email from Dutch Police warns ex-Raidforums users Full Text

Abstract The Dutch Police, in collaboration with international police organizations, has launched an investigation into Raidforums.com, leading to the platform’s shutdown and the seizure of a dataset containing user information.

Cyware

April 11, 2023

Battle could be brewing over new FCC data breach reporting rules Full Text

Abstract An expanded data breach definition and the telcos’ desire to link notifications to “concrete harm” are among the most controversial aspects of the proposed FCC data breach reporting rules.

Cyware

April 10, 2023

Estonian National Charged in U.S. for Acquiring Electronics and Metasploit Pro for Russian Military Full Text

Abstract An Estonian national has been  charged  in the U.S. for purchasing U.S.-made electronics on behalf of the Russian government and military. The 45-year-old individual, Andrey Shevlyakov, was arrested on March 28, 2023, in Tallinn. He has been indicted with 18 counts of conspiracy and other charges. If found guilty, he faces up to 20 years in prison. Court documents allege that Shevlyakov operated front companies that were used to import sensitive electronics from U.S. manufacturers. The goods were then shipped to Russia, bypassing export restrictions. The purchased items included analog-to-digital converters and low-noise pre-scalers and synthesizers that are found in defense systems. Shevlyakov is also accused of attempting to acquire hacking tools like Rapid7 Metasploit Pro, a legitimate penetration testing and adversary simulation software. Although Shevlyakov was placed in Entity List in 2012 by the U.S. government for acting as a procurement agent for Russia, he is said to ha

The Hacker News

April 07, 2023

Microsoft Takes Legal Action to Disrupt Cybercriminals’ Illegal Use of Cobalt Strike Tool Full Text

Abstract Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware. To that end, the tech giant's Digital Crimes Unit (DCU) revealed that it secured a  court order  in the U.S. to "remove illegal, legacy copies of Cobalt Strike so they can no longer be used by cybercriminals." While Cobalt Strike, developed and maintained by Fortra (formerly HelpSystems), is a legitimate post-exploitation tool used for adversary simulation, illegal cracked versions of the software have been weaponized by threat actors over the years. Ransomware groups, in particular, have leveraged Cobalt Strike after obtaining initial access to a target environment to escalate privileges, lateral move across the network, and deploy file-encrypting malware. "The ransomware families associated with or deployed by cracked copies of Cobalt Strike have been link

The Hacker News

April 5, 2023

Notorious Genesis Market cybercrime forum seized in international law enforcement operation Full Text

Abstract The FBI-led effort known as “Operation Cookie Monster” took down a notorious cybercrime marketplace known for selling compromised credentials and biometric data for digital fraudsters to carry out attacks or commit identity theft.

Cyware

April 4, 2023

Britain’s data watchdog fines TikTok $15.9 million for alleged misuse of children’s data Full Text

Abstract The ICO estimated the app allowed up to 1.4 million U.K. children under 13 to use the platform in 2020. The regulator accused TikTok of failing to take the necessary steps to verify user identity and remove children under 13 from the platform.

Cyware

April 03, 2023

Italian Watchdog Bans OpenAI’s ChatGPT Over Data Protection Concerns Full Text

Abstract The Italian data protection watchdog, Garante per la Protezione dei Dati Personali (aka Garante), has imposed a temporary ban of OpenAI's ChatGPT service in the country, citing data protection concerns. To that end, it has ordered the company to stop processing users' data with immediate effect, stating it intends to investigate the company over whether it's unlawfully processing such data in violation of the E.U. General Data Protection Regulation ( GDPR ) laws. "No information is provided to users and data subjects whose data are collected by Open AI," the Garante  noted . "More importantly, there appears to be no legal basis underpinning the massive collection and processing of personal data in order to 'train' the algorithms on which the platform relies." ChatGPT, which is estimated to have reached over 100 million monthly active users since its release late last year,  has not   disclosed   what it used  to train its latest large languag

The Hacker News

March 29, 2023

Enforcement of Cybersecurity Regulations: Part 2 Full Text

Abstract While a valuable part of a cybersecurity program, “third-party audits” are too often not audits and not done by true third parties.

Lawfare

March 28, 2023

Three Lawsuits Filed Against BetterHelp in Wake of FTC Action Full Text

Abstract BetterHelp is facing at least three proposed class action lawsuits after earlier this month settling allegations with the FTC that it violated users' privacy by sharing identifying information with social media platforms including Facebook.

Cyware

March 27, 2023

20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison Full Text

Abstract Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been  formally charged  in the U.S. with conspiracy to commit access device fraud. If proven guilty, Fitzpatrick, who went by the online moniker "pompompurin," faces a maximum penalty of up to five years in prison. He was  arrested  on March 15, 2023. "Cybercrime victimizes and steals financial and personal information from millions of innocent people," said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. "This arrest sends a direct message to cybercriminals: your exploitative and illegal conduct will be discovered, and you will be brought to justice." The development comes days after Baphomet, the individual who had taken over the responsibilities of BreachForums,  shut down the website , citing concerns that law enforcement may have obtained access to its backend. The Department of Justice (DoJ) has since confirmed that it co

The Hacker News

March 24, 2023

Export Control is Not a Magic Bullet for Cyber Mercenaries Full Text

Abstract The U.S. and the EU need to do more to limit the damage to their intelligence and law enforcement capabilities caused by cyber mercenaries.

Lawfare

March 22, 2023

Enforcement of Cybersecurity Regulations: Part 1 Full Text

Abstract As government policy moves toward more binding rules for cybersecurity, how should they be enforced? Self-assessment and self-certification are not likely to suffice.

Lawfare

March 16, 2023

Two Hackers Charged With Accessing Federal Law Enforcement Database Full Text

Abstract The two hackers, belonging to the "ViLE" crime group, allegedly broke into a federal law enforcement database. They also used a compromised Bangladeshi police officer's email to fraudulently request user data from a social media company.

Cyware

March 15, 2023

ISO27001 Updates: Change is afoot Full Text

Abstract The standard hasn't had a significant update since 2013. There were some minor amendments in 2017, but largely these were structural or grammatical updates. In 2022, things have changed dramatically, but also in very subtle ways.

Cyware

March 13, 2023

Building From the 2023 National Cybersecurity Strategy: Reshaping the Terrain of Cyberspace Full Text

Abstract If executed well, the strategy will serve as a strong pivot into a better vision for U.S. policy in cyberspace; if not, much of its promise will lack punch.

Lawfare

March 6, 2023

Where the New National Cybersecurity Strategy Differs From Past Practice Full Text

Abstract Although the strategy builds on cybersecurity efforts from the previous three administrations, it departs from past perspectives and practices and, if fully implemented, has the potential to change the U.S. cybersecurity posture significantly for the better.

Lawfare

March 3, 2023

US Cybersecurity Strategy Shifts Liability Issues to Vendors Full Text

Abstract A new federal strategy to make manufacturers liable for insecure software requires an attainable safe harbor policy and could be a disincentive for them in sharing important vulnerability info with the government, according to industry observers.

Cyware

March 3, 2023

Nigerian Citizen Gets 11-Year US Federal Sentence for Global BEC Scam Full Text

Abstract A leader of an international crime network that attempted to launder more than $25 million in fraudulently obtained funds, including through business email compromise, received a sentence of more than a decade in prison.

Cyware

February 28, 2023

US National Cyber Strategy Pushes Regulation, Aggressive Hack-Back Operations Full Text

Abstract The strategy, created by the Office of the National Cyber Director (ONCD), also gives high-level authorization to law enforcement and intelligence agencies to hack into foreign networks to prevent attacks or to retaliate against APT campaigns.

Cyware

February 27, 2023

The Jurisdiction of the New Data Protection Review Court Full Text

Abstract Biden’s recent executive order may transform how privacy complaints are resolved within the context of U.S. intelligence activities abroad by providing access to an adjudicative system globally.

Lawfare

February 21, 2023

DNA Diagnostic Center fined $400,000 for 2021 data breach Full Text

Abstract The DNA testing company will pay a penalty of $400,000 to the attorneys general of Pennsylvania and Ohio for a data breach in 2021 that affected 2.1 million individuals nationwide, according to a settlement deal with the states’ attorneys general.

Cyware

February 10, 2023

U.K. and U.S. Sanction 7 Russians for TrickBot, Ryuk, and Conti Ransomware Attacks Full Text

Abstract In a first-of-its-kind coordinated action, the U.K. and U.S. governments on Thursday levied sanctions against seven Russian nationals for their affiliation to the TrickBot, Ryuk, and Conti cybercrime operation. The individuals  designated  under sanctions are Vitaly Kovalev (aka Alex Konor, Bentley, or Bergen), Maksim Mikhailov (aka Baget), Valentin Karyagin (aka Globus), Mikhail Iskritskiy (aka Tropa), Dmitry Pleshevskiy (aka Iseldor), Ivan Vakhromeyev (aka Mushroom), and Valery Sedletski (aka Strix). "Current members of the TrickBot group are associated with Russian Intelligence Services," the U.S. Treasury Department  noted . "The TrickBot group's preparations in 2020 aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services." TrickBot, which is attributed to a threat actor named ITG23, Gold Blackburn, and Wizard Spider, emerged in 2016 as a derivative of the Dyre banking trojan and evolved into a  highly

The Hacker News

February 08, 2023

Sydney Man Sentenced for Blackmailing Optus Customers After Data Breach Full Text

Abstract A Sydney man has been  sentenced  to an 18-month Community Correction Order ( CCO ) and 100 hours of community service for attempting to take advantage of the Optus data breach last year to blackmail its customers. The unnamed individual, 19 when  arrested in October 2022  and now 20, used the leaked records stolen from the security lapse to orchestrate an SMS-based extortion scheme. The suspect contacted dozens of victims to threaten that their personal information would be sold to other hackers and "used for fraudulent activity" unless an AU$ 2,000 payment is made to a bank account under their control. The scammer is said to have sent the SMS messages to 92 individuals whose information was part of a  larger cache of 10,200 records  that was briefly published in a criminal forum in September 2022, The Australian Federal Police (AFP), which launched Operation Guardian following the breach, said there is no evidence that any of the affected customers transferred the dem

The Hacker News

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 25, 2023

Australian man given two-year jail sentence for $69K phishing scams Full Text

Abstract Sydney Local Court found the man guilty of obtaining and supplying data with intent to commit a computer offense. It dished out a jail term of 32 months to a man who stole more than AU$100,000 ($69,751) in an SMS phishing scam impacting 450 victims.

Cyware

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 21, 2023

The Irish DPC fined WhatsApp €5.5M for violating GDPR Full Text

Abstract The Irish Data Protection Commission (DPC) fined Meta's WhatsApp €5.5 million for violating data protection laws. The popular messaging app WhatsApp has been fined €5.5m by the Irish Data Protection Commission (DPC) for violating the General Data...

Security Affairs

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 20,2023

WhatsApp Hit with €5.5 Million Fine for Violating Data Protection Laws Full Text

Abstract The Irish Data Protection Commission (DPC) on Thursday imposed fresh fines of €5.5 million against Meta's WhatsApp for violating data protection laws when processing users' personal information. At the heart of the ruling is an update to the messaging platform's Terms of Service that was imposed in the days leading to the enforcement of the General Data Protection Regulation ( GDPR ) in May 2018, requiring that users agree to the revised terms in order to continue using the service or risk losing access. The complaint, filed by privacy non-profit NOYB, alleged that WhatsApp breached the regulation by compelling its users to "consent to the processing of their personal data for service improvement and security" by "making the accessibility of its services conditional on users accepting the updated Terms of Service." "WhatsApp Ireland is not entitled to rely on the contract legal basis for the delivery of service improvement and security," th

The Hacker News

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 19, 2023

Meta Slapped With 5.5 Million Euro Fine for EU Data Breach Full Text

Abstract Social media giant Meta has been fined an additional 5.5 million euros ($5.9 million) for violating EU data protection regulations with its instant messaging platform WhatsApp, Ireland's regulator announced Thursday.

Cyware

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 17, 2023

Hacked evidence and stolen data swamp English courts Full Text

Abstract A multimillion-pound high court case between an authoritarian Gulf emirate and an Iranian-American businessman has revealed how hacked evidence is being used by leading law firms to advance their clients’ claims.

Cyware

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14, 2023

French CNIL fined Tiktok $5.4 Million for violating cookie laws Full Text

Abstract French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l'informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5...

Security Affairs

January 14,2023

TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws Full Text

Abstract Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after  Amazon, Google, Meta , and  Microsoft  since 2020. "Users of 'tiktok[.]com' could not refuse cookies as easily as accepting them and they were not informed in a sufficiently precise way of the objectives of the different cookies," the Commission nationale de l'informatique et des libertés (CNIL)  said  in a statement. The regulator said it conducted several audits between May 2020 and June 2022, finding that the ByteDance-owned company did not offer a straightforward option to refuse all cookies as opposed to just one click for accepting them. The option to "refuse all" cookies was introduced by TikTok in February 2022. "Making the opt-out mechanism more complex is in fact discouraging users from refusing cookies and

The Hacker News

January 12, 2023

Lawsuit accuses Apple of tracking iPhone users who opted out Full Text

Abstract Apple "unlawfully records and uses consumers' personal information and activity," claims a new lawsuit accusing the company of tracking iPhone users' device data even when they've asked for tracking to be switched off.

Cyware

January 10, 2023

Facebook to pay $725 Million Settlement For Security Breach Full Text

Abstract Meta Platforms has agreed to pay $725 million to settle a long-running lawsuit that allowed third parties, including Cambridge Analytica, to access users’ personal information without their consent for political advertising.

Cyware

January 9, 2023

One Small Legislative Step for Cybersecurity Full Text

Abstract Legislation granting the FDA express regulatory authority over the cybersecurity of medical devices points the way to incremental improvements in other sectors and products.

Lawfare

January 8, 2023

Russian and Belarusian men charged with spying for Russian GRU Full Text

Abstract Polish authorities charged Russian and Belarusian individuals with spying for the Russian military intelligence service (GRU). Polish authorities charged Russian and Belarusian individuals, who were arrested in April, with spying for the Russian military...

Security Affairs

January 7, 2023

Software Engineer Charged With ‘Office Space-Inspired’ Fraud Full Text

Abstract More signs truth may be stranger than fiction: Seattle police have charged a software programmer with engineering a fraud scheme inspired by the online heist in the 1999 black comedy film "Office Space."

Cyware

January 5, 2023

Irish Data Protection Commission fined Meta $414 Million Full Text

Abstract The Irish Data Protection Commission (DPC) fined Meta Platforms €390 million over data processing operations for the delivery of its services The Data Protection Commission (DPC) concluded two inquiries into the data processing operations of Meta...

Security Affairs

January 05,2023

Irish Regulators Fine Facebook $414 Million for Forcing Users to Accept Targeted Ads Full Text

Abstract The Irish Data Protection Commission (DPC) has  fined  Meta Platforms €390 million (roughly $414 million) over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fines – a €210 million ($222.5 million) fine over violations of the E.U. General Data Protection Regulation ( GDPR ) related to Facebook, and a €180 million ($191 million) for similar violations in Instagram. The latest enforcement comes in the wake of concerns that the social media company used its Terms of Service to gain users' forced consent to allow targeted advertising based on their online activity. The complaints were filed on May 25, 2018, the date when GDPR came into effect in the region. It also arrives a month after the European Data Protection Board (EDPB), an independent body that oversees the consistent application of GDPR in the E.U.,  announced  that it had reached

The Hacker News

January 4, 2023

Senior Healthcare Firm Pays Breach Settlement to States Full Text

Abstract A nursing and assisted living care firm that delayed reporting a data breach to authorities paid a $200,000 fine to two state attorneys general and pledged to implement a security incident response plan.

Cyware

January 2, 2023

Google will pay $29.5M to settle two lawsuits over its location tracking practices Full Text

Abstract Google will pay $29.5 million to settle two different lawsuits in the US over its deceptive location tracking practices. Google decided to pay $29.5 million to settle two different lawsuits brought by the states of Indiana and Washington, D.C., over...

Security Affairs

December 27, 2022

Facebook (Meta) to settle Cambridge Analytica data leak for $725M Full Text

Abstract Facebook (Meta) has agreed to pay $725 million to settle the class-action lawsuit filed in 2018 over the Cambridge Analytica data leak. Facebook (Meta) has agreed to pay $725 million to settle a class-action lawsuit filed in 2018 over the Cambridge...

Security Affairs

December 25, 2022

Microsoft fined €60 million in France for using advertising cookies without consent Full Text

Abstract France's privacy watchdog fines €60 million Microsoft for using advertising cookies without explicit customer consent. France's privacy watchdog fines €60 million Microsoft's Ireland subsidiary for using advertising cookies without the explicit...

Security Affairs

December 18, 2022

T-Mobile hacker gets 10 years for $25 million phone unlock scheme Full Text

Abstract Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was sentenced to 10 years in prison for a $25 million scheme where he unlocked and unblocked cellphones by hacking into T-Mobile's internal systems.

BleepingComputer

December 16, 2022

Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia Full Text

Abstract An ex Twitter employee has been sentenced to three-and-a-half years in prison for spying on individuals on behalf of Saudi Arabia. On august 2022, the former Twitter employee, Ahmad Abouammo (44), was found guilty of gathering private information...

Security Affairs

December 16, 2022

Woman gets 66 months in prison for role in $3.3 million ID fraud op Full Text

Abstract The Australian Federal Police (AFP) have announced today that a 24-year-old woman from Melbourne, arrested in 2019 for her role in large-scale, cyber-enabled identity theft crimes, was sentenced to five years and six months in prison.

BleepingComputer

December 12, 2022

UK: New rules for apps to boost consumer security and privacy Full Text

Abstract Consumers in the U.K will be better protected from malicious apps which can steal data and money, thanks to new privacy and security rules for app store operators and developers.

Cyware

December 9, 2022

NDAA requires intelligence agencies to study creation of cyber collaboration program Full Text

Abstract Federal agencies in charge of intelligence and cybersecurity will be required by the NDAA bill to study how to build a new cyber information collaboration environment to enable government and industry to better mitigate malicious cyber activity.

Cyware

December 7, 2022

Meta Expected to Face New Fines After EU Privacy Ruling Full Text

Abstract Meta is expected to face another large fine after Europe's data watchdog on Tuesday imposed binding decisions concerning the treatment of personal data by the owner of Facebook, Instagram and WhatsApp.

Cyware

December 6, 2022

Crook sentenced to 18 months for stealing $20M in SIM swapping attack Full Text

Abstract Nicholas Truglia, from Florida, US, was sentenced to 18 months in prison for stealing more than $20 million in a SIM swapping scheme. DoJ announced that Nicholas Truglia (25) was sentenced to 18 months in prison for the theft of over $20 million worth...

Security Affairs

December 03, 2022

SIM swapper gets 18-months for involvement in $22 million crypto heist Full Text

Abstract Florida man Nicholas Truglia was sentenced to 18 months in prison on Thursday for his involvement in a fraud scheme that led to the theft of millions from cryptocurrency investor Michael Terpin.

BleepingComputer

November 30, 2022

Australia Passes Bill to Fine Companies up to $50 Million for Data Breaches Full Text

Abstract The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches. To that end, the maximum fines have been bumped up from the current AU$2.22 million to AU$50 million, 30% of an entity's adjusted turnover in the relevant period, or three times the value of any benefit obtained through the misuse of information, whichever is greater. The turnover period is the time duration from when the contravention occurred to the end of the month when the incident is officially addressed. "Significant privacy breaches in recent months have shown existing safeguards are outdated and inadequate," Attorney-General Mark Dreyfus  said  in a statement. "These reforms make clear to companies that the penalty for a major data breach can no longer be regarded as the cost of doing business." The legislation, called the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, also bestow

The Hacker News

November 30, 2022

Australia will now fine firms up to AU$50 million for data breaches Full Text

Abstract The Australian parliament has approved a bill to amend the country's privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches.

BleepingComputer

November 29, 2022

Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users’ Data Full Text

Abstract Ireland's Data Protection Commission (DPC) has  levied fines  of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an inquiry initiated by the European regulator on April 14, 2021, close on the heels of a leak of a "collated dataset of Facebook personal data that had been made available on the internet." This included the  personal information  associated with 533 million users of the social media platform, such as their phone numbers, dates of birth, locations, email addresses, gender, marital status, account creation date, and other profile details. Meta acknowledged that the information was "old data" that was obtained by malicious actors by taking advantage of a technique called "phone number enumeration" to  scrape users' public profiles . This entailed misusing a t

The Hacker News

November 28, 2022

Meta fined €265M for not protecting Facebook users’ data from scrapers Full Text

Abstract Meta has been fined €265 million ($275.5 million) by the Irish data protection commission (DPC) for a massive 2021 Facebook data leak exposing the information of hundreds of million users worldwide.

BleepingComputer

November 22, 2022

33 Attorneys General Send Letter to FTC on Commercial Surveillance Rules Full Text

Abstract Attorneys general in 33 US states are urging the Federal Trade Commission (FTC) to take into consideration consumer risks as it looks into creating rules to crack down on commercial surveillance.

Security Week

November 21, 2022

Google won a lawsuit against the Glupteba botnet operators Full Text

Abstract Google won a lawsuit filed against two Russian nationals involved in the operations of the Glupteba botnet. This week, Google announced it has won a nearly year-long legal battle against the Glupteba botnet. Glupteba is a highly sophisticated botnet...

Security Affairs

November 18, 2022

US charges BEC suspects with targeting federal health care programs Full Text

Abstract The U.S. Department of Justice (DOJ) has charged ten defendants for their alleged involvement in business email compromise (BEC) schemes targeting numerous victims across the country, including U.S. federal funding programs like Medicare and Medicaid.

BleepingComputer

November 17, 2022

U.S. charges Russian suspects with operating Z-Library e-Book site Full Text

Abstract Anton Napolsky (33) and Valeriia Ermakova (27), two Russian nationals, were charged with intellectual property crimes linked to Z-Library, a pirate online eBook repository.

BleepingComputer

November 15, 2022

Anesthesiology Services Firm Faces 5 Class Action Lawsuits Full Text

Abstract At least five complaints filed in the U.S. District for Southern New York allege that Somnia Inc. was negligent in failing to safeguard personally identifiable information and protected health information.

Bank Info Security

November 15, 2022

Google to Pay a record $391M fine for misleading users about the collection of location data Full Text

Abstract Google is going to pay $391.5 million to settle with 40 states in the U.S. for secretly collecting personal location data. Google has agreed to pay $391.5 million to settle with 40 US states for misleading users about the collection of personal location...

Security Affairs

November 15, 2022

Google to Pay $391 Million Privacy Fine for Secretly Tracking Users’ Location Full Text

Abstract Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, in fact, Google continued to collect their location information," Oregon Attorney General Ellen Rosenblum  said  Monday. "For years Google has prioritized profit over their users' privacy. They have been crafty and deceptive," Rosenblum stated. The investigation was sparked by a  2018 report  from the Associated Press that revealed Google was continuing to track users' locations on Android and iOS even when they turned off "location history" in their account settings, effectively undermining the privacy controls. Rosenblum said the location data gathered by Google is combined with other personal and behavioral information it collects to flesh out deta

The Hacker News

November 11, 2022

Man charged for role in LockBit ransomware operation Full Text

Abstract The U.S. DoJ charged a Russian-Canadian national for his alleged role in LockBit ransomware attacks against organizations worldwide. The U.S. Department of Justice (DoJ) charged Mikhail Vasiliev, a dual Russian and Canadian national, for his alleged...

Security Affairs

November 11, 2022

Russian-Canadian National Charged Over Involvement in LockBit Ransomware Attacks Full Text

Abstract The U.S. Department of Justice (DoJ) has announced charges against a dual Russian and Canadian national for his alleged participation in  LockBit ransomware attacks  across the world. The 33-year-old Ontario resident,  Mikhail Vasiliev , has been taken into custody and is awaiting extradition to the U.S., where is likely to be sentenced for a maximum of five years in prison. Vasiliev has been charged with conspiracy to intentionally damage protected computers and to transmit ransom demands, according to a  criminal complaint  filed in the District of New Jersey. A search of the defendant's home in August and October 2022 by Canadian law enforcement unearthed a file stored on a device containing what's suspected to be a list of "prospective or historical" victims as well as screenshots of communications exchanged with "LockBitSupp" on the Tox messaging platform. Also found were a text file with instructions to deploy LockBit ransomware, the malware'

The Hacker News

November 09, 2022

Couple sentenced to prison for trying to sell nuclear warship secrets Full Text

Abstract A Navy nuclear engineer and his wife were sentenced to over 19 years and more than 21 years in prison for attempting to sell nuclear warship design secrets to what they believed was a foreign power agent. 

BleepingComputer

November 08, 2022

Influencer ‘Hushpuppi’ gets 11 years in prison for cyber fraud Full Text

Abstract An Instagram influencer known as 'Hushpuppi' has been sentenced to 11 years in prison for conspiring to launder tens of millions of USD from business email compromise (BEC) scams and various cyber schemes.

BleepingComputer

November 05, 2022

Microsoft sued for open-source piracy through GitHub Copilot Full Text

Abstract Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of code authors.

BleepingComputer

October 31, 2022

Chegg sued by FTC after suffering four data breaches within 3 years Full Text

Abstract The U.S. Federal Trade Commission (FTC) has sued education technology company Chegg after it exposed the sensitive information of tens of millions of customers and employees in four data breaches suffered since 2017.

BleepingComputer

October 27, 2022

British Hacker Charged for Operating “The Real Deal” Dark Web Marketplace Full Text

Abstract A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called  The Real Deal  that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye , who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy. Kaye was indicted in April 2021, and subsequently consented to his extradition from Cyprus to the U.S. in September 2022. "While living overseas, this defendant allegedly operated an illegal website that made hacking tools and login credentials available for purchase, including those for U.S. government agencies,"  said  U.S. Attorney Ryan K. Buchanan. Court documents show that  The Real Deal , until its shutdown in 2016, functioned as a market for illicit items, including stolen account logins for U.S. government computers, bank accounts, and social media platforms such as Twitter and

The Hacker News

October 26, 2022

U.S. Charges Ukrainian Hacker Over Role in Raccoon Stealer Malware Service Full Text

Abstract A 26-year-old Ukrainian national has been charged in the U.S. for his alleged role in the  Raccoon Stealer  malware-as-a-service (MaaS) operation. Mark Sokolovsky, who was arrested by Dutch law enforcement after leaving Ukraine on March 4, 2022, in what's said to be a Porsche Cayenne, is currently being held in the Netherlands and awaits extradition to the U.S. "Individuals who deployed Raccoon Infostealer to steal data from victims leased access to the malware for approximately $200 per month, paid for by cryptocurrency," the U.S. Department of Justice (DoJ)  said . "These individuals used various ruses, such as email phishing, to install the malware onto the computers of unsuspecting victims." Sokolovsky is said to have gone by various online monikers like Photix, raccoonstealer, and black21jack77777 on online cybercrime forums to advertise the service for sale. Raccoon Stealer, mainly distributed under the guise of cracked software, is known to be one o

The Hacker News

October 26, 2022

US charges Ukrainian man with Raccoon Infostealer operation Full Text

Abstract US authorities charged a Ukrainian man with computer fraud for allegedly infecting millions of computers with Raccoon Infostealer. The US Justice Department charged a Ukrainian, Mark Sokolovsky (26) man with computer fraud for allegedly infecting...

Security Affairs

October 21, 2022

Clearview AI gets third €20 million fine for illegal data collection Full Text

Abstract France's data protection authority (CNIL) has fined Clearview AI with €20 million for illegal collection and processing of biometric data belonging to French citizens.

BleepingComputer

October 20, 2022

Google sued over biometric data collection without consent Full Text

Abstract Texas attorney general Ken Paxton has sued Google for allegedly collecting and using biometric data belonging to millions of Texans without proper consent.

BleepingComputer

October 19, 2022

Brazil arrests suspect believed to be a Lapsus$ gang member Full Text

Abstract Today, the Brazilian Federal Police arrested a Brazilian suspect in the city of Feira de Santana, Bahia, believed to be part of the Lapsus$ extortion gang.

BleepingComputer

October 19, 2022

The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach Full Text

Abstract The Justice Department should issue guidance to clarify the line between covering up a data breach and merely declining to disclose it.

Lawfare

October 14, 2022

Student jailed for hacking female classmates’ email, Snapchat accounts Full Text

Abstract On Thursday, a Puerto Rico judge sentenced a former University of Puerto Rico (UPR) student to 13 months in prison for hacking over a dozen email and Snapchat accounts of female colleagues.

BleepingComputer

October 10, 2022

Biden signs order to implement E.U.-U.S. data privacy framework Full Text

Abstract “U.S. and EU companies large and small across all sectors of the economy rely upon cross-border data flows to participate in the digital economy and expand economic opportunities,” the administration said in a press statement.

NBC News

October 7, 2022

Meta Has Sued Chinese Companies for Stealing One Million WhatsApp Accounts Full Text

Abstract Meta is suing the app developers, two Chinese and one Taiwanese, for orchestrating a massive fraud. The developers lured WhatsApp users to self-compromise their accounts.

I Tech Post

October 06, 2022

Meta sues app dev for stealing over 1 million WhatsApp accounts Full Text

Abstract Meta has sued several Chinese companies doing business as HeyMods, Highlight Mobi, and HeyWhatsApp for developing and allegedly using "unofficial" WhatsApp Android apps to steal over one million WhatsApp accounts starting May 2022.

BleepingComputer

October 06, 2022

Police arrest teen for using leaked Optus data to extort victims Full Text

Abstract The AFP (Australian Federal Police) have arrested a 19-year-old man in Sydney and charged him for allegedly using leaked Optus customer data for extortion.

BleepingComputer

October 06, 2022

Former Uber Security Chief Found Guilty of Data Breach Coverup Full Text

Abstract A U.S. federal court jury has found former Uber Chief Security Officer Joseph Sullivan guilty of not disclosing a 2016 breach of customer and driver records to regulators and attempting to cover up the incident. Sullivan has been convicted on two counts: One for obstructing justice by not reporting the incident and another for misprision. He faces a maximum of five years in prison for the obstruction charge, and a maximum of three years for the latter. "Technology companies in the Northern District of California collect and store vast amounts of data from users," U.S. Attorney Stephanie M. Hinds  said  in a press statement. "We expect those companies to protect that data and to alert customers and appropriate authorities when such data is stolen by hackers. Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught." The 2016 hack of Uber occurred as a result of two hackers ga

The Hacker News

October 05, 2022

Canadian Netwalker Ransomware Affiliate Sentenced to 20 Years in U.S. Prison Full Text

Abstract A former affiliate of the Netwalker ransomware has been sentenced to 20 years in prison in the U.S., a little over three months after the  Canadian national pleaded guilty  to his role in the crimes. Sebastien Vachon-Desjardins, 35, has also been ordered to forfeit $21,500,000 that was illicitly obtained from dozens of victims globally, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Launched in 2019, the Netwalker attacks particularly singled out the healthcare sector during the COVID-19 pandemic, opportunistically taking advantage of the situation to extort money from victims. "The defendant in this case used sophisticated technological means to exploit hundreds of victims in numerous countries at the height of an international health crisis," U.S. Attorney Roger B. Handberg for the Middle District of Florida  said . Vachon-Desjardins, an IT engineer working for the Canadian government

The Hacker News

October 04, 2022

Netwalker ransomware affiliate sentenced to 20 years in prison Full Text

Abstract Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities.

BleepingComputer

October 04, 2022

BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million Full Text

Abstract A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial fraud. Elvis Eghosa Ogiekpolor of Norcross, Georgia, operated a money laundering network that opened at least 50 business bank accounts for illicitly receiving funds from unsuspecting individuals and businesses after falling victim to romance frauds and business email compromise ( BEC ) scams. Ogiekpolor was charged by a federal grand jury in February 2022 with one count of conspiracy to commit money laundering and 15 counts of substantive money laundering. The scheme was operational from October 2018 to August 2020. According to the U.S. Justice Department (DoJ), Ogiekpolor enlisted the help of eight "money mules" to open the phony bank accounts under the names of non-existent companies, which were subsequently used to stash the proceeds from their criminal activities. These included creating fic

The Hacker News

September 27, 2022

Samsung Sued Over Recent Data Breaches Full Text

Abstract Represented by Clarkson Law Firm, two Samsung users have filed a class action lawsuit against the electronics manufacturer over the two data breaches the company suffered in 2022.

Security Week

September 26, 2022

TikTok could face $29 million fine for failing to protect UK children’s privacy Full Text

Abstract The UK Information Commissioner’s Office (ICO) announced on Monday that it had issued TikTok with a “notice of intent” which is a legal document that TikTok is allowed to respond to ahead of a potential fine.

The Record

September 20, 2022

EU Court Rules Against German Data Collection Law Full Text

Abstract Firms Telekom Deutschland and SpaceNet took action in the German courts challenging the law that obliged telecom companies to retain customers' traffic and location data for several weeks.

Security Week

September 20, 2022

China: Cybersecurity law violators to face heavier penalties Full Text

Abstract The Cyberspace Administration of China proposed a set of amendments to the Cybersecurity Law last week that would raise the size of fines for some violations and diversify penalties for infractions committed by operators of critical infrastructure.

China Daily

September 15, 2022

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks Full Text

Abstract The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked under the names APT35, Charming Kitten, Nemesis Kitten, Phosphorus, and TunnelVision. "This group has launched extensive campaigns against organizations and officials across the globe, particularly targeting U.S. and Middle Eastern defense, diplomatic, and government personnel, as well as private industries including media, energy, business services, and telecommunications," the Treasury  said . The Nemesis Kitten actor, which is also known as  Cobalt Mirage ,  DEV-0270 , and  UNC2448 , has come under the scanner in recent months for its pattern of ransomware attacks for o

The Hacker News

September 15, 2022

U.S. charges three Iranians for ransomware attacks on women’s shelter, businesses Full Text

Abstract While the criminal charges do not say whether the alleged hackers worked for the Iranian government, a separate U.S. Treasury Department statement said they were affiliated with the Islamic Revolutionary Guard Corps (IRGC).

Reuters

September 13, 2022

Tax fraud ring leader jailed for selling children’s stolen identities Full Text

Abstract The owner of a fraudulent tax preparation business, Ariel Jimenez, was sentenced to 12 years in prison for selling the stolen identities of children on welfare and helping "customers" to falsely claim tax credits, causing tens of millions of dollars in tax loss.

BleepingComputer

September 09, 2022

Coinbase funds lawsuit against Tornado Cash cryptomixer sanctions Full Text

Abstract Coinbase announced on Tuesday that it is funding a lawsuit brought by six people in the U.S. against the Department of Treasury's for the sanctions on the Tornado Cash open-source cryptocurrency mixer platform.

BleepingComputer

September 08, 2022

US recovers $30 million stolen from Axie Infinity by Lazarus hackers Full Text

Abstract With the help of blockchain analysts and FBI agents, the U.S. government seized $30 million worth of cryptocurrency stolen by the North Korean threat group 'Lazarus' from the token-based 'play-to-earn' game Axie Infinity earlier in the year.

BleepingComputer

September 07, 2022

Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards Full Text

Abstract An international law enforcement operation has resulted in the dismantling of  WT1SHOP , an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The seizure was orchestrated by Portuguese authorities, with the U.S. officials taking control of four domains used by the website: "wt1shop[.]net," "wt1store[.]cc," "wt1store[.]com," and "wt1store[.]net." The website peddled over 5.85 million records of personally identifying information (PII), including approximately 25,000 scanned driver's licenses/passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, 21,800 credit cards, the U.S. Justice Department (DoJ)  said . The DoJ also unveiled a criminal complaint against Nicolai Colesnicov, accusing the 36-year-old individual from the Republic of Moldova of running the marketplace. Colesnicov has been charged with conspiracy and with trafficking in un

The Hacker News

September 7, 2022

Instagram faces $402 million fine for alleged mishandling of children’s data Full Text

Abstract Instagram's parent company Meta said that it plans to appeal the decision by the Irish Data Protection Commissioner, which is the second-largest, privacy-based fine on record.

CSO Online

September 1, 2022

‘Extortionist’ cybersecurity firm headed back to court Full Text

Abstract According to LabMD, it declined to hire Tiversa after it could find no evidence of a leak. And in response, the cybersecurity shop retaliated against LabMD, the medical company claimed.

The Register

August 30, 2022

‘Cyclops Blink’ Shows Why the SEC’s Proposed Cybersecurity Disclosure Rule Could Undermine the Nation’s Cybersecurity Full Text

Abstract Well-timed public notification is a critical component of proper incident response. But mandating premature disclosure is irresponsible and would imperil public-private coordination focused on protecting the nation.

Lawfare

August 30, 2022

FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones Full Text

Abstract The U.S. Federal Trade Commission (FTC) on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company  amasses  a "wealth of information" about users by purchasing data from other data brokers to sell to its own clients. "Kochava then sells customized data feeds to its clients to, among other purposes, assist in advertising and analyzing foot traffic at stores or other locations," the FTC  said . "Among other categories, Kochava sells timestamped latitude and longitude coordinates showing the location of mobile devices." The company advertises itself as a "real-time data solutions company" and the "largest independent data marketplace for connected devices." It also claims its  Kochava Collective  data marketplace provides "premium data feeds, audience targeting, and audience

The Hacker News

August 29, 2022

US FTC sued US data broker Kochava for selling sensitive and geolocation data Full Text

Abstract The U.S. FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. The U.S. Federal Trade Commission (FTC) filed a lawsuit against the US-based data broker Kochava for selling...

Security Affairs

August 29, 2022

Cloudflare CDN clients caught in Austrian fight against pirate sites Full Text

Abstract Excessive and indiscriminate blocking is underway in Austria, with internet service providers (ISPs) complying to a court order to block pirate sites causing significant collateral damage.

BleepingComputer

August 29, 2022

US govt sues Kochava for selling sensitive geolocation data Full Text

Abstract The U.S. Federal Trade Commission (FTC) announced today that it filed a lawsuit against Idaho-based location data broker Kochava for selling sensitive and precise geolocation data (in meters) collected from hundreds of millions of mobile devices.

BleepingComputer

August 22, 2022

European Cybersecurity in Context: A Policy-Oriented Comparative Analysis Full Text

Abstract I'm proud to have contributed to the "European Cybersecurity in Context: A Policy-Oriented Comparative Analysis" Worldwide connectivity has unleashed global digitalisation, creating cross-border social networks for communicating and spreading information....

Security Affairs

August 22, 2022

Group-IB CEO will remain in jail – complaint denied Full Text

Abstract On August 18, a Russian judge decided that Ilya Sachkov, founder and CEO of the Russian-led Group-IB, will remain in jail. Ilya Sachkov, founder and CEO of the Russian-led Group-IB will remain in jail following the judge’s decision on August 18th...

Security Affairs

August 12, 2022

FTC Initiates Privacy and Data Security Rule-Making Full Text

Abstract The U.S. Federal Trade Commission today initiated a potentially yearslong attempt to impose new data security and privacy regulations onto the American economy. Agency commissioners voted along party lines to initiate the rule-making process.

Bank Info Security

August 09, 2022

U.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering Full Text

Abstract The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. Tornado Cash, which allows users to move cryptocurrency assets between accounts by obfuscating their origin and destination, is estimated to have been used to launder more than $7.6 billion worth of virtual assets since its creation in 2019, the department said. Thefts, hacks, and fraud account for $1.54 billion of the total assets sent through the mixer, according to blockchain analytics firm  Elliptic . Crypto mixing is akin to shuffling digital currencies through a black box, blending a certain quantity of digital funds in private pools before transferring it to its designated receivers for a fee. The aim is to make transactions anonymous and difficult to trace. "Despite public assurances otherwise, Tornado Cash has repeatedly fa

The Hacker News

August 08, 2022

US sanctions crypto mixer Tornado Cash used by North Korean hackers Full Text

Abstract The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash today, a decentralized cryptocurrency mixer service used to launder more than $7 billion since its creation in 2019.

BleepingComputer

August 5, 2022

India scraps data protection law, promises better successor Full Text

Abstract On Wednesday, telecom minister Ashwini Vaishnaw tweeted that the bill was nixed because the Joint Committee of Parliament (JCP) recommended 81 amendments to the Bill's 99 sections.

The Register

August 3, 2022

Senators introduce bill to ensure resiliency of federal data centers Full Text

Abstract A group of bipartisan senators have introduced legislation to establish baseline cybersecurity requirements and new protections against catastrophic weather-related disasters for federal data centers across the country.

FCW

August 3, 2022

German prosecutors issue warrant for Russian government hacker over energy sector attacks Full Text

Abstract Prosecutors in Germany have issued a warrant for the arrest of Pawel A, a Russian national they accuse of being part of the Berserk Bear hacking group within Russia’s Federal Security Service (FSB), according to German public broadcasters BR and WDR.

The Record

August 2, 2022

Didi Fined $1.2 Billion for Violating Data Security Laws Full Text

Abstract Lawfare’s biweekly roundup of U.S.-China technology policy news.

Lawfare

August 2, 2022

Banking Groups Urge Senators to Reject NDAA Provision as Harmful to Cybersecurity Full Text

Abstract A provision in annual legislation to authorize spending by the Defense Department could endanger the cybersecurity of critical infrastructure, trade associations for the financial sector argued in a letter to key senators.

Nextgov

August 02, 2022

Mobile store owner hacked T-Mobile employees to unlock phones Full Text

Abstract A former owner of a T-Mobile retail store in California has been found guilty of a $25 million scheme where he illegally accessed T-Mobile's internal systems to unlock and unblock cell phones.

BleepingComputer

August 2, 2022

Austria investigates DSIRF firm for allegedly developing Subzero spyware Full Text

Abstract Austria is investigating a report that an Austrian firm DSIRF developed spyware targeting law firms, banks and consultancies. At the end of July, Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers...

Security Affairs

August 1, 2022

Australian man charged with creating and selling the Imminent Monitor spyware Full Text

Abstract An Australian national has been charged for the creation and sale of the Imminent Monitor (IM) spyware, which was also used for criminal purposes. The 24-year-old Australian national Jacob Wayne John Keen has been charged for his alleged role in the development...

Security Affairs

August 1, 2022

With cyber sovereignty at stake, it is high time India brings in uniform cybersecurity law Full Text

Abstract India’s digital transformation cannot be fashioned on the foundations of decades-old legal infrastructure like the Information Technology Act 2000 and the National Cyber Security Policy 2013, among others.

First Post

July 31, 2022

Australia charges dev of Imminent Monitor RAT used by domestic abusers Full Text

Abstract ​An Australian man was charged for developing and selling the Imminent Monitor remote access trojan, used to spy on victims' devices remotely.

BleepingComputer

July 30, 2022

Meta, US hospitals sued for using healthcare data to target ads Full Text

Abstract A class action lawsuit has been filed in the Northern District of California against Meta (Facebook), the UCSF Medical Center, and the Dignity Health Medical Foundation, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising.

BleepingComputer

July 27, 2022

US Credit Unions to Come Under Cyber Incident Reporting Rule Full Text

Abstract U.S. federal credit union regulators plan to impose new cybersecurity incident reporting requirements, including a duty to relay reports of cyber incidents experienced by third-party vendors.

Bank Info Security

July 23, 2022

FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks Full Text

Abstract The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware...

Security Affairs

July 22, 2022

Settlements Reached In 2 Large Healthcare Hack Lawsuits Full Text

Abstract Settlements in class action lawsuits filed in the aftermath of two separate major breaches serve as the latest examples of threats and risks involving email hacks - as well as underlining the threat of litigation in the wake of such incidents.

Bank Info Security

July 20, 2022

FBI recovers $500,000 healthcare orgs paid to Maui ransomware Full Text

Abstract The U.S. Department of Justice has announced the seizure of approximately $500,000 in Bitcoin, paid by American health care providers to the operators of the Maui ransomware strain.

BleepingComputer

July 18, 2022

Russia fines Google $358 million for not removing banned info Full Text

Abstract A court in Moscow has imposed a fine of $358 million (21 billion rubles) on Google LLC for failing to restrict access to information considered prohibited in the country.

BleepingComputer

July 14, 2022

Former CIA Engineer Convicted of Leaking ‘Vault 7’ Hacking Secrets to Wikileaks Full Text

Abstract Joshua Schulte, a former programmer with the U.S. Central Intelligence Agency (CIA), has been found guilty of leaking a trove of classified hacking tools and exploits dubbed  Vault 7  to WikiLeaks. The 33-year-old engineer had been  charged  in June 2018 with unauthorized disclosure of classified information and theft of classified material. Schulte also  faces  a separate trial on charges related to possession of child pornographic photos and videos, for which he was arrested on August 24, 2017. U.S. Attorney Damian Williams  said  in a statement that Schulte was convicted for "one of the most brazen and damaging acts of espionage in American history," adding his actions had a "devastating effect on our intelligence community by providing critical intelligence to those who wish to do us harm." WikiLeaks would go on to release the documents on March 7, 2017,  calling  it the "largest ever publication of confidential documents on the agency." This incl

The Hacker News

July 5, 2022

US DOJ sets new goals for responding to ransomware attacks Full Text

Abstract In a recent document, the DoJ said that it pledges to increase “the percentage of reported ransomware incidents from which cases are opened, added to existing cases, or resolved or investigative actions are conducted within 72 hours to 65%.”

The Record

June 30, 2022

Ex-Canadian Government Employee Pleads Guilty Over NetWalker Ransomware Attacks Full Text

Abstract A former Canadian government employee this week agreed to plead guilty in the U.S. to charges related to his involvement with the NetWalker ransomware syndicate. Sebastien Vachon-Desjardins , who was  extradited to the U.S.  on March 10, 2022, is accused of conspiracy to commit computer fraud and wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer. The 34-year-old IT consultant from Gatineau, Quebec, was initially apprehended in January 2021 following a coordinated  law enforcement operation  to dismantle the dark web infrastructure used by the NetWalker ransomware cybercrime group to publish data siphoned from its victims. The takedown also brought its activities to a standstill. A search warrant executed at Vachon-Desjardins's home in Canada resulted in the seizure of 719 bitcoin, valued at approximately $28.1 million at the time, and $790,000 in Canadian currency. In February 2022, the Ontario Court

The Hacker News

June 27, 2022

Italy Data Protection Authority Warns Websites Against Use of Google Analytics Full Text

Abstract Following the footsteps of  Austria  and  France , the Italian Data Protection Authority has become the latest regulator to find the use of Google Analytics to be non-compliant with E.U. data protection regulations. The Garante per la Protezione dei Dati Personali, in a press release  published  last week, called out a local web publisher for using the widely used analytics tool in a manner that allowed key bits of users' personal data to be illegally transferred to the U.S. without necessary safeguards. This includes interactions of users with the websites, the individual pages visited, IP addresses of the devices used to access the websites, browser specifics, details related to the device's operating system, screen resolution, and the selected language, as well as the date and time of the visits. The Italian supervisory authority (SA) said that it arrived at this conclusion following a "complex fact-finding exercise" it commenced in collaboration with other E.

The Hacker News

June 23, 2022

NSO Group told lawmakers that Pegasus spyware was used by at least 5 European countries Full Text

Abstract The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries. The controversial Israeli surveillance vendor NSO Group told the European Union lawmakers that its Pegasus spyware was used by at least...

Security Affairs

June 23, 2022

MCG Health Faces Lawsuit Over Data Breach Impacting 1.1 Million Individuals Full Text

Abstract On June 10, the company started to inform potentially impacted individuals of a data breach that occurred on March 25, and which might have resulted in their personal information being accessed by a third-party.

Security Week

June 21, 2022

Former Amazon Employee Found Guilty in 2019 Capital One Data Breach Full Text

Abstract A 36-year-old former Amazon employee was convicted of wire fraud and computer intrusions in the U.S. for her role in the theft of personal data of no fewer than 100 million people in the  2019 Capital One breach . Paige Thompson , who operated under the online alias "erratic" and worked for the tech giant till 2016, was found guilty of wire fraud, five counts of unauthorized access to a protected computer, and damaging a protected computer. The seven-day trial saw the jury acquitted her of other charges, including access device fraud and aggravated identity theft. She is scheduled for sentencing on September 15, 2022. Cumulatively, the offenses are punishable by up to 25 years in prison. "Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,"  said  U.S. Attorney Nick Brown. "Far from being an ethical hacker trying to help companies with their computer s

The Hacker News

June 20, 2022

New EU Laws Will Improve Firms’ Cyber Resilience Globally: Moody’s Full Text

Abstract The Digital Operational Resilience Act would force non-EU companies with a significant presence in member states to create subsidiaries that can be regulated under their jurisdiction.

Nextgov

June 16, 2022

iCloud hacker gets 9 years in prison for stealing nude photos Full Text

Abstract A California man who hacked thousands of Apple iCloud accounts was sentenced to 8 years in prison after pleading guilty to conspiracy and computer fraud in October 2021.

BleepingComputer

June 15, 2022

European Security Officials Double Down on Automated Moderation and Client-Side Scanning Full Text

Abstract A proposed regulation would compel firms to deploy systems for the automated detection and removal of content that might foster child abuse, rather than incentivizing and encouraging the development of these systems informally.

Lawfare

June 15, 2022

Canada wants companies to report cyber attacks and hacking incidents Full Text

Abstract The legislation identifies finance, telecommunications, energy and transportation sectors as being vital to national security and public safety, but stops short of naming any companies.

Yahoo Finance

June 9, 2022

India Revamps Rules On Mandatory Incident Reporting and Allied Compliances Full Text

Abstract Considering the wide wording of the Direction, it is likely to be applicable to almost each and every type of business operating within India. The Direction will be effective from June 28, 2022.

The National Law Review

June 3, 2022

Global Law Enforcement Operation Shuts Down FluBot Full Text

Abstract Europol, along with law enforcement agencies from Finland, Austria, Belgium, Ireland, Spain, Sweden, Hungary, the U.S., the Netherlands, and Switzerland, took down FluBot's infrastructure. The Dutch Police claimed to have disconnected 10,000 victims from the FluBot network and stopped over 6.5 mill ... Read More

Cyware Alerts - Hacker News

June 3, 2022

China’s draft cybersecurity rules pose risks for financial firms, lobby group warns Full Text

Abstract China's proposed cybersecurity rules for financial firms could pose risks to the operations of western companies by making their data vulnerable to hacking, among other things, a leading lobby group has said in a letter seen by Reuters.

Reuters

June 01, 2022

FluBot Android Spyware Taken Down in Global Law Enforcement Operation Full Text

Abstract An international law enforcement operation involving 11 countries has culminated in the takedown of a notorious mobile malware threat called  FluBot . "This Android malware has been spreading aggressively through SMS, stealing passwords, online banking details and other sensitive information from infected smartphones across the world," Europol  said  in a statement. The "complex investigation" included authorities from Australia, Belgium, Finland, Hungary, Ireland, Romania, Spain, Sweden, Switzerland, the Netherlands, and the U.S. FluBot , also called Cabassous, emerged in the wild in December 2020, masking its insidious intent behind the veneer of seemingly innocuous package tracking applications such as FedEx, DHL, and Correos.  It primarily spreads via smishing (aka SMS-based phishing) messages that trick unsuspecting recipients into clicking on a link to download the malware-laced apps. Once launched, the app would proceed to request access to Android

The Hacker News

June 01, 2022

FluBot Android malware operation shutdown by law enforcement Full Text

Abstract Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence.

BleepingComputer

May 30, 2022

Three Nigerians arrested for malware-assisted financial crimes Full Text

Abstract Interpol has announced the arrest of three Nigerian men in Lagos, who are suspected of using remote access trojans (RATs) to reroute financial transactions and steal account credentials.

BleepingComputer

May 29, 2022

US man sentenced to 4 years in prison for his role in Infraud scheme Full Text

Abstract A man from New York was sentenced to four years in prison for trading stolen credit card data and assisting the Infraud Organization. John Telusma (aka 'Peterelliot'), a New York man from New York (37), was sentenced this week to four years in prison...

Security Affairs

May 28, 2022

New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme Full Text

Abstract A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. John Telusma, who went by the alias "Peterelliot," pleaded guilty to one count of racketeering conspiracy on October 13, 2021. He joined the gang in August 2011 and remained a member for five-and-a-half years. "Telusma was among the most prolific and active members of the Infraud Organization, purchasing and fraudulently using compromised credit card numbers for his own personal gain," the U.S. Justice Department (DoJ)  said . Infraud, a transnational cybercrime behemoth, operated for more than seven years, advertising its activities under the slogan "In Fraud We Trust," before its online infrastructure was dismantled by U.S. law enforcement authorities in February 2018. The rogue enterprise dabbled in the large-scale acquisition and sale of compromised

The Hacker News

May 26, 2022

Twitter Fined $150 Million for Misusing Users’ Data for Advertising Without Consent Full Text

Abstract Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission (FTC) to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty for "misrepresenting its privacy and security practices," the company has been banned from profiting from the deceptively collected data and ordered to notify all affected users. "Twitter obtained data from users on the pretext of harnessing it for security purposes but then ended up also using the data to target users with ads," FTC Chair Lina M. Khan  said  in a statement. "This practice affected more than 140 million Twitter users, while boosting Twitter's primary source of revenue." According to a  complaint  filed by the U.S. Justice Department, Twitter in May 2013 began enforcing a requirement for users to provide either a phone number or email ad

The Hacker News

May 25, 2022

Interpol arrests alleged leader of the SilverTerrier BEC gang Full Text

Abstract After a year-long investigation that involved Interpol and several cybersecurity companies, the Nigeria Police Force has arrested an individual believed to be in the top ranks of a prominent business email compromise (BEC) group known as SilverTerrier or TMT.

BleepingComputer

May 21, 2022

India to press ahead with strict cybersecurity rules despite industry concerns Full Text

Abstract Despite growing industry concerns, India will not change upcoming cybersecurity rules that force social media, technology companies, and cloud service providers to report data breaches swiftly.

The Indian Express

May 19, 2022

U.S. DOJ will no longer prosecute ethical hackers under CFAA Full Text

Abstract The U.S. Department of Justice (DOJ) has announced a revision of its policy on how federal prosecutors should charge violations of the Computer Fraud and Abuse Act (CFAA), carving out "good-fath" security research from being prosecuted.

BleepingComputer

May 17, 2022

President Biden’s Policy Changes for Offensive Cyber Operations Full Text

Abstract Concerns about changes to the U.S. policy on offensive cyber operations raise an interesting and important question about the balance of power between the White House and the Department of Defense. But this is a poor framing of the problem.

Lawfare

May 17, 2022

Venezuelan cardiologist accused of operating and selling Thanos ransomware Full Text

Abstract The U.S. Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. The U.S. Justice Department accused Moises Luis Zagala Gonzalez, a 55-year-old cardiologist from Venezuela, of operating and selling...

Security Affairs

May 17, 2022

U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware Full Text

Abstract The U.S. Justice Department on Monday accused a 55-year-old cardiologist from Venezuela of being the mastermind behind  Thanos ransomware , charging him with the use and sale of the malicious tool and entering into profit sharing arrangements. Moises Luis Zagala Gonzalez, also known by the monikers Nosophoros, Aesculapius, and Nebuchadnezzar, is alleged to have both developed and marketed the ransomware to other cybercriminals to facilitate the intrusions and get a share of the bitcoin payment. If convicted, Zagala faces up to five years' imprisonment for attempted computer intrusion, and five years' imprisonment for conspiracy to commit computer intrusions.  "The multi-tasking doctor treated patients, created and  named his cyber tool after death , profited from a global ransomware ecosystem in which he sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by malicious

The Hacker News

May 16, 2022

Ukrainian national sentenced to 4 years in prison for selling access to hacked servers Full Text

Abstract A 28-year-old Ukrainian national has been sentenced to four years in prison for selling access to hacked servers. Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old Ukrainian national, has been sentenced to four years in prison for selling access to comprised...

Security Affairs

May 15, 2022

Europe Agrees to Adopt New NIS2 Directive Aimed at Hardening Cybersecurity Full Text

Abstract The European Parliament announced a "provisional agreement" aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called " NIS2 " (short for network and information systems), is expected to replace the  existing legislation  on cybersecurity that was established in July 2016. The revamp sets ground rules, requiring companies in energy, transport, financial markets, health, and digital infrastructure sectors to adhere to risk management measures and reporting obligations. Among the provisions in the new legislation are flagging cybersecurity incidents to authorities within 24 hours, patching software vulnerabilities, and readying risk management measures to secure networks, failing which can incur monetary penalties. "The directive will formally establish the European Cyber Crises Liaison Organization Network, EU-CyCLONe, which will support the coordinated management of larg

The Hacker News

May 14, 2022

Crypto robber who lured victims via Snapchat and stole £34,000 jailed Full Text

Abstract Online crypto scams and ponzi schemes leveraging social media platforms are hardly anything new. But, this gruesome case of a London-based crypto robber transcends the virtual realm and tells a shocking tale of real-life victims from whom the perpetrator successfully stole £34,000.

BleepingComputer

May 12, 2022

Ukrainian imprisoned for selling access to thousands of PCs Full Text

Abstract Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old from Ukraine, was sentenced today to 4 years in prison for stealing thousands of login credentials per week and selling them on a dark web marketplace.

BleepingComputer

May 12, 2022

E.U. Proposes New Rules for Tech Companies to Combat Online Child Sexual Abuse Full Text

Abstract The European Commission on Wednesday proposed new regulation that would require tech companies to scan for child sexual abuse material (CSAM) and grooming behavior, raising worries that it could undermine end-to-end encryption (E2EE). To that end, online service providers, including hosting services and communication apps, are expected to proactively scan their platforms for CSAM as well as report, remove and disable access to such illicit content. While instant messaging services like WhatsApp  already   rely  on hashed versions of known CSAM to automatically block new uploads of images or videos matching them, the new plan requires such platforms to identify and flag new instances of CSAM. "Detection technologies must only be used for the purpose of detecting child sexual abuse," the regulator  said . "Providers will have to deploy technologies that are the least privacy-intrusive in accordance with the state of the art in the industry, and that limit the error rat

The Hacker News

May 11, 2022

US charges hacker for breaching brokerage accounts, securities fraud Full Text

Abstract The U.S. Department of Justice (DoJ) has charged Idris Dayo Mustapha for a range of cybercrime activities that took place between 2011 and 2018, resulting in financial losses estimated to over $5,000,000.

BleepingComputer

May 10, 2022

U.S. Proposes $1 Million Fine on Colonial Pipeline for Safety Violations After Cyberattack Full Text

Abstract The U.S. Department of Transportation's Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed a penalty of nearly $1 million to Colonial Pipeline for violating federal safety regulations, worsening the impact of the ransomware attack last year. The $986,400 penalty is the result of an inspection conducted by the regulator of the pipeline operator's control room management ( CRM ) procedures from January through November 2020. The PHMSA  said  that "a probable failure to adequately plan and prepare for manual shutdown and restart of its pipeline system [...] contributed to the national impacts when the pipeline remained out of service after the May 2021 cyberattack." Colonial Pipeline, operator of the largest U.S. fuel pipeline, was forced to temporarily take its systems offline in the wake of a  DarkSide ransomware attack  in early May 2021, disrupting gas supply and prompting a  regional emergency declaration  across 17 states. The inciden

The Hacker News

May 06, 2022

US sanctions Bitcoin laundering service used by North Korean hackers Full Text

Abstract The US Department of Treasury today sanctioned cryptocurrency mixer Blender.io used last month by the North Korean-backed Lazarus hacking group to launder funds stolen from Axie Infinity's Ronin bridge.

BleepingComputer

May 5, 2022

Federal Court of Australia finds RI Advice failed to manage cybersecurity risks in landmark decision Full Text

Abstract The decision comes after a significant number of cyber incidents affected authorized representatives of RI Advice between June 2014 and May 2020, leading ASIC to file against the company for breach of its license obligations.

ZDNet

April 18, 2022

Call for Papers: Cybersecurity Law and Policy Scholars Conference 2022 Full Text

Abstract The second annual Cybersecurity Law and Policy Scholars Conference (CLPSC) will take place at the University of Minnesota Law School on September 23-24, 2022.

Lawfare

April 14, 2022

Ethereum Developer Jailed 63 Months for Helping North Korea Evade Sanctions Full Text

Abstract A U.S. court has sentenced former Ethereum developer Virgil Griffith to five years and three months in prison and pay a $100,000 fine for conspiring with North Korea to help use cryptocurrencies to circumvent sanctions imposed on the country. "There is no question North Korea poses a national security threat to our nation, and the regime has shown time and again it will stop at nothing to ignore our laws for its own benefit," U.S. Attorney Damian Williams  said  in a statement. The sentencing comes more than six months after Griffith  pleaded guilty  to violating the International Emergency Economic Powers Act ( IEEPA ) by offering technical advice to the hermit kingdom with regards to the use of digital currency to bypass economic restrictions. Griffith was arrested in November 2019. North Korea is known to  rely on   cryptocurrency heists  to get around international sanctions and use it to help fund programs to build weapons of mass destruction. Indeed, the nation-st

The Hacker News

April 12, 2022

Google Sues Scammer for Running ‘Puppy Fraud Scheme’ Website Full Text

Abstract Google on Monday disclosed that it's taking legal action against a nefarious actor who has been spotted operating fraudulent websites to defraud unsuspecting people into buying non-existent puppies. "The actor used a network of fraudulent websites that claimed to sell basset hound puppies — with alluring photos and fake customer testimonials — in order to take advantage of people during the pandemic," Google's CyberCrime Investigation Group manager Albert Shin and senior counsel Mike Trinh  said . The fraudulent scheme involved Nche Noel Ntse of Cameroon using a network of rogue websites, Google Voice phone numbers, and Gmail accounts to trick people into paying thousands of dollars online for "adorable puppies" that never arrived. The purported culprit is also alleged to have run a Google Ads campaign to push the fraudulent websites on top of search results pages as part of what Google characterized as "multiple international non-delivery scams.&

The Hacker News

April 08, 2022

Ukrainian FIN7 Hacker Gets 5-Year Sentence in the United States Full Text

Abstract A 32-year-old Ukrainian national has been  sentenced to five years in prison  in the U.S. for the individual's criminal work as a "high-level hacker" in the financially motivated group FIN7. Denys Iarmak, who worked as a penetration tester for the cartel from November 2016 through November 2018, had been previously arrested in Bangkok, Thailand in November 2019, before being extradited to the U.S. in May 2020. In November 2021, Iarmak had pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. FIN7 has been attributed to a number of attacks that have led to the theft of more than 20 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations in the U.S, costing the victims $1 billion in losses. The criminal gang, also known as Carbanak Group and the Navigator Group, has a track record of hitting restaurant, gambling, and hospitality indu

The Hacker News

April 8, 2022

A Ukrainian man is the third FIN7 member sentenced in the United States Full Text

Abstract A Ukrainian man was sentenced in the US to 5 years in prison for his criminal activity in the cybercrime group FIN7. Denys Iarmak, a Ukrainian national (32), has been sentenced to five years in prison in the U.S. for high-level hacking activity...

Security Affairs

April 08, 2022

Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine Full Text

Abstract Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable victim notifications," Tom Burt, Microsoft's corporate vice president of customer security and trust,  said . APT28, also known by the names Sofacy, Sednit, Pawn Storm, Fancy Bear, Iron Twilight, and Strontium, is a  cyber espionage group  and an advanced persistent threat that's known to be active since 2009, striking media, governments, military, and international non-governmental organizations (NGOs) that often have a security focus. The tech giant noted that the sinkholed infrastructure was used by the threat actor to target Ukrainian institutions as well as gov

The Hacker News

April 07, 2022

FIN7 hacking group ‘pen tester’ sentenced to 5 years in prison Full Text

Abstract Denys Iarmak, a Ukrainian member and a "pen tester for the FIN7 financially-motivated hacking group, was sentenced on Thursday to 5 years in prison for breaching victims' networks and stealing credit card information for roughly two years, between November 2016 and November 2018.

BleepingComputer

April 6, 2022

U.S. Treasury Department sanctions darkweb marketplace Hydra Market Full Text

Abstract The U.S. Treasury Department sanctioned the Hydra Market, the world's largest and longest-running dark web marketplace. The U.S. Treasury Department sanctioned the darkweb marketplace Hydra Market, the same day Germany’s Federal Criminal Police...

Security Affairs

April 6, 2022

Germany police shut down Hydra Market dark web marketplace Full Text

Abstract Germany's Federal Criminal Police Office shut down Hydra Market, the Russian-language darknet marketplace specialized in drug dealing. Germany's Federal Criminal Police Office, the Bundeskriminalamt (BKA), announced they have shut down Hydra, one of the world's...

Security Affairs

April 02, 2022

UK charges two teenagers linked to the Lapsus$ hacking group Full Text

Abstract Two teenagers from the UK charged with helping the Lapsus$ extortion gang have been released on bail after appearing in the Highbury Corner Magistrates Court court on Friday morning.

BleepingComputer

March 30, 2022

New law in reporting cyber breaches seen as overdue first step Full Text

Abstract A new law requiring critical sectors to report cyber breaches is “a good first step” but long overdue, experts said, as it is the first federal-wide mandate of its kind. 

The Hill

March 25, 2022

The 2022 Cyber Incident Reporting Law: Key Issues to Watch Full Text

Abstract The new reporting mandate is designed to encourage compliance with the law and increase the quantity and quality of cyber incident reporting

Lawfare

March 25, 2022

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide Full Text

Abstract The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The [Federal Security Service] conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data," the U.S. government  said , attributing the attacks to an APT actor known as  Energetic Bear . In addition, the Justice Department  charged  four Russian government employees, including three officers of the Russian Federal Security Service and a computer programmer at the Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM), for their roles in carrying out the attacks on oil refineries, nuclear facilities, and energy companies. The four Russian nationals are Pavel Aleksandrovich Akul

The Hacker News

March 25, 2022

US indicted 4 Russian government employees for attacks on critical infrastructure Full Text

Abstract The U.S. has indicted four Russian government employees for their involvement in attacks on entities in critical infrastructure. The U.S. has indicted four Russian government employees for their role in cyberattacks targeting hundreds of companies...

Security Affairs

March 24, 2022

DOJ charges former Russian government empoyees for hacking energy sectors Full Text

Abstract The U.S. Department of Justice indicted four Russian nationals on Thursday alleged to have hacked energy sectors in 135 countries.

The Hill

March 24, 2022

US charges 4 Russian govt employees with critical infrastructure hacks Full Text

Abstract The U.S. has indicted four Russian government employees for their involvement in hacking campaigns targeting hundreds of companies and organizations from the global energy sector between 2012 and 2018.

BleepingComputer

March 18, 2022

What the Newly Signed US Cyber-Incident Law Means for Security Full Text

Abstract The new law requires critical infrastructure companies in the 16 industry sectors identified by the federal government to report to the CISA within 72 hours if they are experiencing a cyberattack and within 24 hours of making a ransomware payment.

Dark Reading

March 15, 2022

FTC to fine CafePress for cover up of massive data breach Full Text

Abstract The U.S. Federal Trade Commission (FTC) wants to slap the former owner of the CafePress custom t-shirt and merchandise site with a $500,000 fine for failing to secure its users' data and attempting to cover up a significant data breach impacting millions.

BleepingComputer

March 12, 2022

VPN provider bans BitTorrent after getting sued by film studios Full Text

Abstract "No logs" VPN provider TorGuard has reached a legal settlement with over two dozen movie studios that sued the company for encouraging piracy and copyright infringement. In the settlement, TorGuard has agreed to block BitTorrent traffic for its users.

BleepingComputer

March 12, 2022

Hacked US Companies to Face New Reporting Requirements Full Text

Abstract The rules are part of a broader effort by the Biden administration and Congress to shore up the nation’s cyber defenses after a series of high-profile digital espionage campaigns and disruptive ransomware attacks.

Security Week

March 10, 2022

REvil ransomware member extradited to U.S. to stand trial for Kaseya attack Full Text

Abstract The U.S. Department of Justice announced that alleged REvil ransomware affiliate, Yaroslav Vasinskyi, was extradited to the United States last week to stand trial for the Kaseya cyberattack.

BleepingComputer

March 03, 2022

U.S. Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security Full Text

Abstract The U.S. Senate unanimously  passed  the " Strengthening American Cybersecurity Act " on Tuesday in an attempt to bolster the cybersecurity of critical infrastructure owners in the country. The new  bipartisan legislation , among other things, stipulates entities that experience a cyber incident to report the attacks within 72 hours to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in addition to alerting the agency about ransomware payments within 24 hours. Furthermore, affected organizations are required to preserve relevant data and promptly share updates "to a previously submitted covered cyber incident report if substantial new or different information becomes available or if the covered entity makes a ransom payment after submitting a covered cyber incident report." The Strengthening American Cybersecurity Act of 2022 combines three different bills: the Cyber Incident Reporting Act ( CIRA ), the Federal Information Security Management A

The Hacker News

March 2, 2022

Security leaders want legal action for failing to patch for Log4j Full Text

Abstract The most commonly experienced impact of Log4j was the need for IT and security teams to work over the holidays to assess risk and make critical changes to protect infrastructure and data,

Help Net Security

February 23, 2022

Nigerian hacker pleads guilty to stealing payroll deposits Full Text

Abstract A Nigerian national named Charles Onus has pled guilty in the District Court of the Southern District of New York to hacking into a payroll company's user accounts and stealing payroll deposits.

BleepingComputer

February 18, 2022

FCC proposes $45 million fine for health insurance robocaller Full Text

Abstract The US Federal Communications Commission (FCC) today proposed the largest-ever fine against a robocaller for Telephone Consumer Protection Act violations.

BleepingComputer

February 16, 2022

Missouri prosecutor declines to file charges over ‘hacker’ allegation against reporter Full Text

Abstract Missouri’s public prosecutor has decided not to file charges against a journalist accused of illegal hacking over his disclosure of security vulnerabilities in a state government-run website.

The Daily Swig

February 10, 2022

France Rules That Using Google Analytics Violates GDPR Data Protection Law Full Text

Abstract French data protection regulators on Thursday found the use of Google Analytics a breach of the European Union's General Data Protection Regulation (GDPR) laws in the country, almost a month after a  similar decision  was reached in Austria. To that end, the National Commission on Informatics and Liberty (CNIL) ruled that the transatlantic movement of Google Analytics data to the U.S. is not "sufficiently regulated" citing a violation of  Articles 44 et seq.  of the data protection decree, which govern the transfers of personal data to third countries or international entities. Specifically the independent administrative regulatory body highlighted the lack of equivalent privacy protections and the risk that "American intelligence services would access personal data transferred to the United States if the transfers were not properly regulated." "[A]lthough Google has adopted additional measures to regulate data transfers in the context of the Google An

The Hacker News

February 09, 2022

Meta and Chime sue Nigerians behind Facebook, Instagram phishing Full Text

Abstract Meta (formerly known as Facebook) has filed a joint lawsuit with Chime, a financial technology and digital banking company, against two Nigerian individuals who allegedly used Instagram and Facebook accounts to impersonate Chime and target its users in phishing attacks.

BleepingComputer

February 9, 2022

Chinese telecom Hytera charged for allegedly recruiting Motorola employees to steal trade secrets Full Text

Abstract The DoJ said that Hytera Communications Corp "recruited and hired Motorola Solutions employees and directed them to take proprietary and trade secret information from Motorola without authorization."

ZDNet

February 8, 2022

Justice Department Charges Individuals for Attempting to Launder Billions in Stolen Bitcoin Full Text

Abstract On Feb. 8, the Department of Justice released a criminal complaint against two individuals for an alleged conspiracy to launder billions of dollars in cryptocurrency. The Justice Department charged Ilya Lichtenstein and Heather Morgan with conspiring to commit money laundering and conspiring to defraud the United States.

Lawfare

February 08, 2022

NetWalker ransomware affiliate sentenced to 80 months in prison Full Text

Abstract Sebastien Vachon-Desjardins, a Canadian man charged by the US for his involvement in NetWalker ransomware attacks, was sentenced to 6 years and 8 months in prison after pleading guilty before an Ontario judge to multiple offenses linked to attacks on 17 Canadian victims.

BleepingComputer

February 7, 2022

When Platforms Do the State’s Bidding, Who Is Accountable? Not the Government, Says Israel’s Supreme Court Full Text

Abstract The Adalah ruling highlights an unresolved tension between widely held goals for restricting online content and the constitutionally permissible means available to achieve them.

Lawfare

February 04, 2022

U.S. Authorities Charge 6 Indian Call Centers Scamming Thousands of Americans Full Text

Abstract A number of India-based call centers and their directors have been indicted for their alleged role in placing tens of millions of scam calls aimed at defrauding thousands of American consumers. The indictment charged Manu Chawla, Sushil Sachdeva, Nitin Kumar Wadwani, Swarndeep Singh, Dinesh Manohar Sachdev, Gaje Singh Rathore, Sanket Modi, Rajiv Solanki and their respective call centers for conspiring with previously indicted VoIP provider E Sampark and its director, Guarav Gupta, to forward the calls to U.S. citizens. "Criminal India-based call centers defraud U.S. residents, including the elderly, by misleading victims over the telephone utilizing scams such as Social Security and IRS impersonation as well as loan fraud," the U.S. Justice Department  said  in a release. According to the  November 2020 indictment  issued against E Sampark and Gupta, the calls from India-based phone scammers led to reported losses of over $20 million from May 2015 to June 2020, with the c

The Hacker News

February 01, 2022

Telco fined €9 million for hiding cyberattack impact from customers Full Text

Abstract The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures.

BleepingComputer

January 31, 2022

German Court Rules Websites Embedding Google Fonts Violates GDPR Full Text

Abstract A regional court in the German city of Munich has ordered a website operator to pay €100 in damages for transferring a user's personal data — i.e., IP address — to Google via the search giant's Fonts library without the individual's consent. The unauthorized disclosure of the plaintiff's IP address by the unnamed website to Google constitutes a contravention of the user's privacy rights, the court said, adding the website operator could theoretically combine the gathered information with other third-party data to identify the "persons behind the IP address." The violation amounts to the "plaintiff's loss of control over a personal data to Google," the ruling read . Google Fonts is a  font embedding service  library from Google, allowing developers to add fonts to their Android apps and websites simply by referencing a stylesheet. As of January 2022, Google Fonts is a repository for 1,358 font families. Under the European Union's Ge

The Hacker News

January 31, 2022

DeepDotWeb admin sentenced to 97 months in prison for money laundering scheme Full Text

Abstract The administrator of the DeepDotWeb (DDW) has received a sentence of 97 months in prison for money laundering. Tal Prihar (37), an Israeli national who operated DeepDotWeb (DDW), was sentenced to 97 months in prison and was ordered to forfeit $8,414,173....

Security Affairs

January 27, 2022

DeepDotWeb admin imprisoned for advertising illegal dark web markets Full Text

Abstract An Israeli citizen who operated DeepDotWeb (DDW), a news site and review site for dark web sites, has received a sentence of 97 months in prison for money laundering and was ordered to forfeit $8,414,173.

BleepingComputer

January 24, 2022

Tor Project appeals Russian court’s decision to block access to Tor Full Text

Abstract US-based Tor Project and Russian digital-rights protection org RosKomSvoboda are appealing a Russian court's decision to block access to public Tor nodes and the project's website.

BleepingComputer

January 22, 2022

US Treasury Department sanctions 4 Ukrainian officials for working with Russian intelligence Full Text

Abstract The U.S. Treasury Department announced sanctions against four current and former Ukrainian government officials for collaborating with Russia. The U.S. Treasury Department this week announced sanctions against four current and former Ukrainian government...

Security Affairs

January 21, 2022

U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine Full Text

Abstract The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted influence campaign to destabilize the nation, while also accusing Russia's national security authority, the Federal Security Service (FSB), of recruiting Ukrainians in key positions to create instability. Two of the officials, Taras Kozak and Oleh Voloshyn, are alleged to have worked to amplify false narratives and undermine confidence in the Ukrainian government, while Vladimir Sivkovich, former Deputy Secretary of the Ukrainian National Security and Defense Council, attempted to build support for Ukraine to officially cede Crimea to Russia. "Russia has directed its intelligence services to

The Hacker News

January 18, 2022

Law enforcement shutdown the VPN service VPNLab used by many cybercriminal gangs Full Text

Abstract Europol this week announced the shutdown of VPNLab, a VPN service that is very popular in the cybercrime ecosystem. An international operation conducted by law enforcement bodies from 10 countries took down VPNLab.net, a VPN service provider that...

Security Affairs

January 15, 2022

Russia charges 8 suspected REvil ransomware gang members Full Text

Abstract Eight members of the REvil ransomware operation that have been detained by Russian officers are currently facing criminal charges for their illegal activity.

BleepingComputer

January 14, 2022

U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images Full Text

Abstract A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is said to have purchased an arsenal of cyber crime tools in 2019, including crypters and remote administration tools (RATs), which can be used as a backdoor to steal personal information and conduct surveillance through microphones and cameras, catching the attention of the U.K. National Crime Agency (NCA). The cyber voyeur's modus operandi involved catfishing potential targets by using fake profiles on different messaging apps such as Skype, leveraging the online encounters to send rogue links hosting the malware through the chats. "Davies was infecting his victims' phones or computers with malicious software by disguising it with the crypters so their antivirus protection would not detect it,&qu

The Hacker News

January 12, 2022

UK jails man for spying on teenagers, stealing photos using RATs Full Text

Abstract A Nottingham man was imprisoned this week for more than two years after hacking the computers and phones of dozens of victims, some of them underage, and spying on them using remote access trojans (RATs). 

BleepingComputer

January 6, 2022

Activision Files Unusual Lawsuit over Call of Duty Cheat Codes Full Text

Abstract Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages.

Threatpost

January 6, 2022

France hits Google, Facebook with fines over ‘Cookies’ management Full Text

Abstract The French data privacy and protection authority hit Google and Facebook with 210 million euros ($237 million) in fines. France’s National Commission on Informatics and Liberty (CNIL), the French data privacy and protection authority, hit Facebook...

Security Affairs

December 30, 2021

K-12 Cybersecurity Act Signed Into Law Full Text

Abstract Present Joe Biden signed the K-12 Cybersecurity Act into law, which lays out four objectives with the goal of strengthening the cybersecurity of the United States’ K-12 educational institutions.

Security Intelligence

December 22, 2021

Rideshare account hacker faces up to 22 years in prison Full Text

Abstract A man pleaded guilty to fraudulently opening rideshare and delivery service accounts using stolen identity information sold on dark web marketplaces.

BleepingComputer

December 21, 2021

US returns $154 Million in bitcoins stolen by Sony employee Full Text

Abstract The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack.

BleepingComputer

December 20, 2021

Meta Sues Hackers Behind Facebook, WhatsApp and Instagram Phishing Attacks Full Text

Abstract Facebook's parent company Meta Platforms on Monday said it has filed a federal lawsuit in the U.S. state of California against bad actors who operated more than 39,000 phishing websites that impersonated its digital properties to mislead unsuspecting users into divulging their login credentials. The social engineering scheme involved the creation of rogue webpages that masqueraded as the login pages of Facebook, Messenger, Instagram, and WhatsApp, on which victims were prompted to enter their usernames and passwords that were then harvested by the defendants. The tech giant is also seeking $500,000 from the anonymous actors. The attacks were carried out using a relay service, Ngrok , that redirected internet traffic to the phishing websites in a manner that concealed the true location of the fraudulent infrastructure. Meta said the volume of these phishing attacks ramped up in volume since March 2021 and that it worked with the relay service to suspend thousands of URLs to the

The Hacker News

December 20, 2021

Justice Department indicts Russian hacker for allegedly participating in trading scheme Full Text

Abstract A Russian national was indicted and extradited to the United States this week for allegedly hacking into the networks of U.S. groups involved in stock market trading to profit from insider information, the Justice Department announced Monday. 

The Hill

December 13, 2021

Germany Jails Operators of ‘Cyberbunker’ Darknet Hub Full Text

Abstract They are said to have hosted, or provided the internet architecture for, illegal websites tha peddled stolen data and forged documents, and from which large-scale cyberattacks were carried out.

Security Week

December 12, 2021

Russian nation sentenced to 48 months in prison for helping Kelihos Botnet to evade detection Full Text

Abstract A United States court has sentenced to four years in prison for the Russian citizen Oleg Koshkin for his role in Kelihos Botnet development. Oleg Koshkin (41) has been sentenced to 48 months in prison for one count of conspiracy to commit computer...

Security Affairs

December 10, 2021

DOJ gives Russian national two-year sentence for work shielding Kelihos malware and other ransomware Full Text

Abstract The DoJ sentenced Oleg Koshkin to two years in prison for his work in helping to "conceal" the Kelihos malware and other ransomware from antivirus software. He was facing up to 15 years in prison.

ZDNet

December 07, 2021

Google disrupts massive Glupteba botnet, sues Russian operators Full Text

Abstract Google announced today that it has taken action to disrupt the Glupteba botnet that now controls more than 1 million Windows PCs around the world, growing by thousands of new infected devices each day.

BleepingComputer

December 01, 2021

Russian Man Gets 60 Months Jail for Providing Bulletproof Hosting to Cyber Criminals Full Text

Abstract A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. 34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other criminal clientele for distributing a wide range of malware and attempted to cause millions of dollars in losses to U.S. victims.  Skvortsov is pending sentencing and faces a maximum penalty of 20 years in prison. Bulletproof hosting operations are similar to regular web hosting, but are a lot more lenient about what can be hosted on their servers. They are known for providing secure hosting for malicious content and activity and assuring anonymity to threat actors. Grichishkin, in May,  pleaded guilty  to conspiracy to engage in a racketeer-influenced corrupt organization (RICO). Acting as th

The Hacker News

December 01, 2021

Former Ubiquiti dev charged for trying to extort his employer Full Text

Abstract Nickolas Sharp, a former employee of networking device maker Ubiquiti, was arrested and charged today with data theft and attempting to extort his employer while posing as a whistleblower and an anonymous hacker.

BleepingComputer

November 30, 2021

Members of hacking group sentenced for stealing millions in cryptocurrency Full Text

Abstract The Justice Department on Tuesday announced the sentencing of the last member of an international hacking group indicted for allegedly stealing millions in cryptocurrency as part of a “SIM hijacking” effort.

The Hill

November 29, 2021

Lawmakers take aim at ‘Grinches’ using bots to target consumers during holidays Full Text

Abstract A group of congressional Democrats rolled out legislation Monday to stop "Grinches" from stealing Christmas by using bots to corner the market on popular toys and other products during the holiday season. 

The Hill

November 28, 2021

French court indicted Nexa Technologies for complicity in acts of torture Full Text

Abstract Nexa Technologies was indicted for complicity in acts of torture, the French firm is accused of having sold surveillance equipment to the Egypt. Nexa Technologies offers a range of solutions for homeland security, including surveillance solutions....

Security Affairs

November 27, 2021

Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition Full Text

Abstract Italy's antitrust regulator, Autorità Garante della Concorrenza e del Mercato (AGCM), has fined Apple and Google €10 million each their "aggressive" data practices. Italy's antitrust regulator, Autorità Garante della Concorrenza e del Mercato...

Security Affairs

November 26, 2021

Italy’s Antitrust Regulator Fines Google and Apple for “Aggressive” Data Practices Full Text

Abstract Italy's antitrust regulator has fined both Apple and Google €10 million each for what it calls are "aggressive" data practices and for not providing consumers with clear information on commercial uses of their personal data during the account creation phase. The Autorità Garante della Concorrenza e del Mercato (AGCM)  said  "Google and Apple did not provide clear and immediate information on the acquisition and use of user data for commercial purposes," adding the tech companies chose to emphasize the data collection as only necessary to improve their own services and personalize user experience without offering any indication that the data could be transferred and used for other reasons. The concerns have to do with how the companies omit relevant information when creating an account and using their services, details which the authority said are critical to making an informed decision as to whether or not to give permission for utilizing their data for comme

The Hacker News

November 24, 2021

Recovering ransom payments could become routine for law enforcement Full Text

Abstract While the U.S. government is working to make the crypto space more transparent, the Secret Service has the same technical capabilities to pursue and seize cryptocurrencies.

Cybersecurity Dive

November 23, 2021

Apple Sues Israel’s NSO Group for Spying on iPhone Users With Pegasus Spyware Full Text

Abstract Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court holding it accountable for illegally targeting users with its Pegasus surveillance tool, marking yet another setback for the Israeli spyware vendor. The Cupertino-based tech giant painted NSO Group as "notorious hackers — amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse." In addition, the lawsuit seeks to permanently prevent the infamous hacker-for-hire company from breaking into any Apple software, services or devices. The iPhone maker, separately, also revealed its plans to  notify targets  of state-sponsored spyware attacks and has committed $10 million, as well as any monetary damages won as part of the lawsuit, to cybersurveillance research groups and advocates. To that end, the company intends to display a "Threat Notification" after the targeted users sign into appleid.apple[

The Hacker News

November 23, 2021

Apple sues spyware-maker NSO Group, notifies iOS exploit targets Full Text

Abstract Apple has filed a lawsuit against Pegasus spyware-maker NSO Group and its parent company for the targeting and spying of Apple users with surveillance tech.

BleepingComputer

November 19, 2021

Lawmakers increasingly anxious about US efforts against Russian hackers Full Text

Abstract Five months after President Biden met with Russian President Vladimir PutinVladimir Vladimirovich PutinHillicon Valley — Presented by Ericsson — House passes Biden plan with 0M for cyber Ukrainian defense minister says he's asked Pentagon for military assistance Belarus and Russia must resolve the migrant crisis on their own MORE and urged him to take a stand against ransomware attacks emanating from his country, lawmakers are beginning to chafe at what they view as a lack of results from the administration's efforts to confront Russia.

The Hill

November 19, 2021

U.S. Charged 2 Iranian Hackers for Threatening Voters During 2020 Presidential Election Full Text

Abstract The U.S. government on Thursday  unsealed  an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one state election website. The two defendants in question — Seyyed Mohammad Hosein Musa Kazemi , 24, and Sajjad Kazemi , 27 — have been  charged  with conspiracy to commit computer fraud and abuse, intimidate voters, and transmit interstate threats, voter intimidation, transmission of interstate threats, with Kazemi additionally charged with unauthorized computer intrusion. Both the individuals are  currently at large . The influence campaign's goal was to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans, the Department of Justice (DoJ) said in a statement, characterizing the two individuals as "experienced Iran-based computer hackers&qu

The Hacker News

November 18, 2021

DOJ charges two Iranians with interference in 2020 election Full Text

Abstract The Department of Justice (DOJ) on Thursday indicted two Iranian nationals for interfering in the 2020 U.S. presidential election, alleging they used wide-ranging cyber and disinformation efforts in an attempt to sow doubt in the election process.

The Hill

November 18, 2021

US indicts Iranian hackers for Proud Boys voter intimidation emails Full Text

Abstract The U.S. Department of State is offering a $10 million reward for information about the activities of two Iranian nationals charged for cyber activity intended to "intimidate and influence" American voters during the 2020 U.S. presidential campaign.

BleepingComputer

November 13, 2021

Surveillance firm pays $1 million fine after ‘spy van’ scandal Full Text

Abstract The Office of the Commissioner for Personal Data Protection in Cyprus has collected a $1 million fine from intelligence company WiSpear for gathering mobile data from various individuals arriving at the airport in Larnaca.

BleepingComputer

November 11, 2021

DoJ sentenced to 10 years Russian ‘King of Fraud’ behind the fraud scheme 3ve Full Text

Abstract The US DoJ sentenced a Russian man for operating a large-scale digital advertising fraud scheme called Methbot ('3ve'). The US DoJ sentenced the Russian nation Aleksandr Zhukov, aka the 'King of Fraud,' for operating a large-scale digital advertising...

Security Affairs

November 11, 2021

Russian ‘King of Fraud’ sentenced to 10 years for Methbot scheme Full Text

Abstract The U.S. Department of Justice (DOJ) sentenced a Russian man for operating a large-scale digital advertising fraud scheme called 'Methbot' ('3ve') that stole at least $7 million from American companies.

BleepingComputer

November 10, 2021

Law Enforcement Busts REvil Full Text

Abstract While ransomware attacks are relentless, recent crackdowns by law enforcement have forced some big players to close shop, even if temporarily. 

Cyware Alerts - Hacker News

November 9, 2021

Ukrainian REvil affiliate charged with Ransomware Attack on Kaseya Full Text

Abstract The US DoJ has charged a REvil ransomware affiliate that is suspected to have orchestrated the attack on Kaseya MSP platform in July. The US Department of Justice has charged a REvil ransomware affiliate for orchestrating the ransomware attacks...

Security Affairs

November 08, 2021

U.S. Charges Ukrainian Hacker for Kaseya Attack; Seizes $6 Million from REvil Gang Full Text

Abstract The U.S. government on Monday charged a Ukrainian suspect, arrested in Poland last month, with deploying REvil ransomware to target multiple businesses and government entities in the country, including perpetrating the attack against software company Kaseya, marking the latest action to crack down on the cybercrime group and curb further attacks. According to unsealed court documents, 22-year-old Yaroslav Vasinskyi is  alleged  to have been part of the ransomware operation at least since March 2019 and deployed about 2,500 attacks against businesses worldwide. Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22) was apprehended at the Polish border on October 8 after an international arrest warrant was issued at the behest of U.S. authorities. In another major development, the Justice Department disclosed the seizure of $6.1 million in alleged ransomware payments received by Russian national Yevgeniy Polyanin, who is currently at large and has

The Hacker News

November 08, 2021

Justice Department seizes $6 million as part of crackdown on hackers linked to Kaseya attack Full Text

Abstract The Justice Department on Monday announced that it had seized more than $6 million in ransomware victim payments as part of a sweeping effort by the Biden administration to go after and crack down on hackers involved in ransomware attacks against U.S. companies. 

The Hill

November 04, 2021

State Dept. offering $10 million reward to bring Colonial Pipeline hackers to justice Full Text

Abstract The State Department on Thursday announced a $10 million reward for anyone who can provide information on leaders of the cyber criminal group that launched a ransomware attack on Colonial Pipeline in May, which temporarily crippled gas supply for several states. 

The Hill

November 4, 2021

U.K. man implicated in Twitter hacking charged in NY with cryptocurrency theft Full Text

Abstract A U.K. man previously charged in the United States with involvement in the hacking of politicians’ and celebrities’ Twitter accounts was charged on Wednesday over a separate scheme resulting in the theft of $784,000 of cryptocurrency.

Reuters

November 03, 2021

US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware Full Text

Abstract The U.S. Commerce Department on Wednesday added four companies, including Israel-based spyware companies NSO Group and Candiru , to a list of entities engaging in "malicious cyber activities." The agency said the two companies were added to the list based on evidence that "these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers." "These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists, and activists outside of their sovereign borders to silence dissent," the Commerce Department  said . Two other firms on the list include Singapore-based Computer Security Initiative Consultancy PTE. LTD . and Russia's Positive Technologies , the latter of which was already  sanctioned  by the U.S. Depa

The Hacker News

October 30, 2021

Police Arrest Suspected Ransomware Hackers Behind 1,800 Attacks Worldwide Full Text

Abstract 12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting in the seizure of cash worth $52,000, five luxury vehicles, and a number of electronic devices that the agencies said are being examined to uncover new forensic evidence of their malicious activities and pursue new investigative leads. The suspects have been primarily linked to LockerGoga, MegaCortex, and Dharma ransomware, in addition to being in charge of  laundering the ransom payments  by funneling the ill-gotten Bitcoin proceeds through mixing services and cashing them out. "The targeted suspects all had different roles in these professional, highly organised criminal organisations," Europol  said

The Hacker News

October 30, 2021

Police sting targets suspects behind 1,800 attacks that ‘wreaked havoc across the world’ Full Text

Abstract Twelve people have been targeted by an international law enforcement operation for involvement in over 1,800 ransomware attacks on critical infrastructure and large organizations around the world.

ZDNet

October 29, 2021

DOJ: Pirated sports streamer hacked accounts, extorted MLB Full Text

Abstract The U.S. Attorney's Office for the Southern District of New York has charged a man for illegally streaming MLB, NBA, NFL, and NHL games via the web and hacking into sports leagues' customer accounts.

BleepingComputer

October 26, 2021

Kansas Man pleads guilty to hacking the Post Rock Rural Water District Full Text

Abstract Kansas man Wyatt Travnichek admitted in court to tampering with the computer systems at the Post Rock Rural Water District. Kansas man Wyatt A. Travnichek pleaded guilty to tampering with the computer system at a drinking water treatment facility...

Security Affairs

October 21, 2021

Administrators of bulletproof hosting sentenced to prison in the US Full Text

Abstract The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof...

Security Affairs

October 21, 2021

US judge sentences duo for roles in running bulletproof hosting service Full Text

Abstract The duo were accused of providing online hosting services that are known as bulletproof -- a popular option for cybercriminals who need a host that will turn a blind eye to criminal activity.

ZDNet

October 21, 2021

Nine arrested for impersonating bank clerks to steal from the elderly Full Text

Abstract The Dutch Police have arrested nine people for targeting and stealing money from the elderly by impersonating bank employees.

BleepingComputer

October 19, 2021

Man gets 7 years in prison for hacking 65K health care employees Full Text

Abstract Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seven years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC).

BleepingComputer

October 06, 2021

TSA to issue regulations to secure rail, aviation groups against cyber threats Full Text

Abstract The Transportation Security Administration (TSA) will soon issue regulations to further secure rail transit and airline companies against cyber threats, Homeland Security Secretary Alejandro Mayorkas announced Wednesday.

The Hill

October 06, 2021

Ransom Disclosure Act would give victims 48 hours to report payments Full Text

Abstract Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, as required by a new legislation proposal titled the 'Ransom Disclosure Act'.

BleepingComputer

October 4, 2021

Fraudster jailed for stealing US military health records, millions in benefits Full Text

Abstract Between July 2014 and September 2015, the 40-year-old stole the personal identifying information (PII) of over 3,300 individuals, including "at least eight general officers, as well as numerous disabled veterans," said the DoJ.

ZDNet

September 30, 2021

Cybersecurity Firm Group-IB’s CEO Arrested Over Treason Charges in Russia Full Text

Abstract Russian authorities on Wednesday  arrested  and detained Ilya Sachkov , the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28. The Russian company, which is headquartered in Singapore, confirmed the development but noted the "reason for the search was not yet clear,"  adding  "The decentralized infrastructure of Group-IB allows us to keep our customer's data safe, maintain business operations and work without interruption across our offices in Russia and around the world." Group IB said the raids at its Moscow office had commenced on Tuesday, with law enforcement authorities leaving that same evening. Kremlin Spokesman Dmitry Peskov said the government was aware of the arrest but that it had no additional details about the case, Russian state news agency TASS  reported . The cybersecurity company  relocated  to Singapore in late 2018 as part of its attempts to distan

The Hacker News

September 29, 2021

House passes legislation to strengthen federal cybersecurity workforce Full Text

Abstract The House on Wednesday passed bipartisan legislation aimed at strengthening the federal cybersecurity workforce, an issue that has garnered support following a year of massive information security incidents. 

The Hill

September 29, 2021

Group-IB CEO was put under arrest on treason charges Full Text

Abstract Russian media reported that the police made searches in the Moscow office of security firm Group-IB apparently linked to an investigation into a criminal case. The police made searches in the Moscow office of the threat intelligence firm Group-IB,...

Security Affairs

September 28, 2021

Lawmakers look to include cyber incident reporting measure in annual defense spending bill Full Text

Abstract Bipartisan legislation intended to require certain organizations to report cybersecurity incidents to the federal government could be included as part of the must-pass annual defense legislation, Senate Intelligence Committee Chairman Mark Warner (D-Va.) said Tuesday.

The Hill

September 21, 2021

US Sanctions Cryptocurrency Exchange SUEX for Aiding Ransomware Gangs Full Text

Abstract The U.S. Treasury Department on Tuesday imposed sanctions on Russian cryptocurrency exchange Suex for helping facilitate and launder transactions from at least eight ransomware variants as part of the government's efforts to crack down on a surge in ransomware incidents and make it difficult for bad actors to profit from such attacks using digital currencies. "Virtual currency exchanges such as SUEX are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity," the department  said  in a press release. "Analysis of known SUEX transactions shows that over 40% of SUEX's known transaction history is associated with illicit actors. SUEX is being designated pursuant to  Executive Order 13694 , as amended, for providing material support to the threat posed by criminal ransomware actors." According to blockchain analytics firm  Chainalysis , SUEX is legally registered in the Czech Republic and operates out of office

The Hacker News

September 20, 2021

Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme Full Text

Abstract A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking scheme against the telecom giant AT&T. The Pakistani national Muhammad Fahd (35) was sentenced to 12 years of prison in the United States for his primary...

Security Affairs

September 15, 2021

Former U.S. intel operatives to pay $1.6M for hacking for foreign govt Full Text

Abstract The U.S. government has entered a Deferred Prosecution Agreement (DPA) with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government.

BleepingComputer

September 14, 2021

Former U.S. operatives agree to $1.68M settlement over mercenary hacking charges Full Text

Abstract Three former U.S. intelligence and military personnel agreed to pay more than $1.68 million to settle federal charges over their alleged work as mercenary hackers for the United Arab Emirates (UAE). 

The Hill

September 14, 2021

Romance, BEC Scams Lands Soldier in Jail for 46 Months Full Text

Abstract A former Army Reservist pleaded guilty to scamming the elderly with catfishing and stealing from veterans.

Threatpost

September 10, 2021

International money launderer sentenced to more than 11 years Full Text

Abstract A Canadian man, who helped North Korean threat actors to launder stolen funds, plead guilty to laundering tens of millions of dollars stolen in bank fraud schemes. A Canadian man who conspired to launder tens of millions of dollars stolen bank fraud...

Security Affairs

September 08, 2021

Ukrainian extradited for selling 2,000 stolen logins per week Full Text

Abstract The US Department of Justice has indicted a Ukrainian man for using a malware botnet to brute force computer logon credentials and then selling them on a criminal remote access marketplace.

BleepingComputer

September 08, 2021

Ukrainian extradited to US for allegedly selling computer credentials: DOJ Full Text

Abstract The Department of Justice (DOJ) announced Wednesday that a Ukrainian hacker was extradited to the U.S. for allegedly selling computer passwords on the dark web.

The Hill

September 07, 2021

Bipartisan House group introduces legislation to set term limit for key cyber leader Full Text

Abstract A group of bipartisan House lawmakers rolled out legislation this week to put in place a term limit for the director of the Cybersecurity and Infrastructure Security Agency (CISA) in the wake of escalating cybersecurity incidents and turmoil in agency leadership last year.

The Hill

September 5, 2021

WhatsApp fined €225M over GDPR issues Full Text

Abstract The Irish Data Protection Commission has fined WhatsApp €225 million over data sharing transparency for European Union users' data with Facebook. The Irish Data Protection Commission has fined WhatsApp €225 million for the lack of transparency...

Security Affairs

September 02, 2021

WhatsApp to appeal $266 million fine for violating EU privacy laws Full Text

Abstract Ireland's Data Privacy Commissioner (DPC) has hit Facebook-owned messaging platform WhatsApp with a €225 million ($266 million) administrative fine for violating the EU's GDPR privacy regulation after failing to inform users and non-users on what it does with their data.

BleepingComputer

September 01, 2021

FTC Bans Stalkerware App SpyFone; Orders Company to Erase Secretly Stolen Data Full Text

Abstract The U.S. Federal Trade Commission on Wednesday banned a stalkerware app company called SpyFone from the surveillance business over concerns that it stealthily harvested and shared data on people's physical movements, phone use, and online activities that were then used by stalkers and domestic abusers to monitor potential targets. "SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information,"  said  Samuel Levine, acting director of the FTC's Bureau of Consumer Protection, in a statement. "The stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company's slipshod security. This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security." Calling out the app developers for its lack of basic security practices, the agency has also ordered SpyFone to delete the illegally harvested information and notify devic

The Hacker News

September 01, 2021

FTC bans stalkerware maker Spyfone from surveillance business Full Text

Abstract FTC has banned stalkerware maker Spyfone and CEO Scott Zuckerman from the surveillance business after failing to protect customers' devices from hackers and sharing info on their location and activity.

BleepingComputer

September 01, 2021

FTC bans ‘stalkerware’ company from operating in surveillance industry Full Text

Abstract The Federal Trade Commission (FTC) on Wednesday banned the operation of an app alleged to be used as “stalkerware” and the company’s CEO from the surveillance industry following allegations that the company had collected and shared data to enable stalking.

The Hill

September 1, 2021

SEC announces sanctions against entities over email account hacking Full Text

Abstract The U.S. Securities and Exchange Commission (SEC) announced sanctions against several organizations over email account hacking. The U.S. Securities and Exchange Commission (SEC) announced sanctions against eight entities belonging to three companies...

Security Affairs

August 30, 2021

Parents of teens who stole $1 million in Bitcoin sued by alleged victim Full Text

Abstract According to court documents obtained by Brian Krebs, Andrew Schober lost 16.4552 BTC in 2018 after his PC was infected with malware, allegedly the creation of two teenagers in the United Kingdom.

ZDNet

August 27, 2021

Justice Department establishes program to train prosecutors to handle cyber cases Full Text

Abstract Deputy Attorney General Lisa Monaco on Friday announced the establishment of a fellowship program at the Justice Department to help train future prosecutors and attorneys in how to handle cases involving cybersecurity concerns.

The Hill

August 26, 2021

Man Sues Parents of Teens Who Hijacked Nearly $1M in Bitcoin Full Text

Abstract Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin.

Threatpost

August 20, 2021

Social account thief goes to prison for stealing, trading nude photos Full Text

Abstract A New York man received a three year sentence in federal prison for hacking social media accounts of dozens of female college students and stealing nude photos and videos of them.

BleepingComputer

August 18, 2021

Bitcoin mixer owner pleads guilty to laundering over $300 million Full Text

Abstract Larry Dean Harmon, the owner of a dark web cryptocurrency laundering service known as Helix, pleaded guilty today of laundering over $300 million worth of bitcoins between 2014 and 2017.

BleepingComputer

August 18, 2021

US Banking Groups Object to Breach Notification Bill Provisions Full Text

Abstract Three banking trade groups wrote to the U.S. Senate Intelligence Committee recommending that the Cyber Incident Notification Act of 2021 be amended to include a 72-hour notification requirement.

Gov Info Security

August 17, 2021

Pharmacist faces 120 years in prison for selling vaccination cards on eBay Full Text

Abstract An Illinois pharmacist arrested today faces 120 years in prison for allegedly selling dozens of authentic COVID-19 vaccination record cards issued by the Center for Disease Control and Prevention (CDC).

BleepingComputer

August 17, 2021

Binance Ordered to Freeze Attackers’ Accounts Full Text

Abstract The London High Court has ordered the cryptocurrency exchange Binance to attempt to identify and freeze accounts belonging to the attackers who allegedly stole about $2.6 million from Fetch.ai.

Cuinfosecurity

August 16, 2021

SIM swap scammer pleads guilty to Instagram account hijacks, crypto theft Full Text

Abstract Declan Harrington, a Massachusetts man charged two years ago for his alleged involvement in a series of SIM swapping attacks, pleaded guilty to stealing cryptocurrency from multiple victims and hijacking the Instagram account of others. 

BleepingComputer

August 14, 2021

London court orders Binance to trace cryptocurrency hackers Full Text

Abstract London's High Court has ordered Binance, one of the world's largest cryptocurrency exchanges, to identify hackers and freeze their accounts after one user said it was the victim of a $2.6 million hack.

Reuters

August 11, 2021

Lawmakers raise concerns over federal division of cybersecurity responsibilities Full Text

Abstract The bipartisan leaders of the House Homeland Security Committee on Wednesday raised concerns about the division of responsibilities among key federal cybersecurity officials, noting that without clarification, the situation could “stunt” the response to cybersecurity challenges. 

The Hill

August 3, 2021

Regulations against ransomware payment not ideal solution Full Text

Abstract Paying the ransoms not only encourages threat actors to engage in future ransomware attacks, but also provides funds for these groups to act against nations, governments, and foreign policy interests.

ZDNet

July 21, 2021

Kelihos botmaster Peter Levashov gets time served Full Text

Abstract A US federal judge sentenced Russian hacker Peter Levashov to 33 months, time served, and three years of supervised release for his role in operating the Kelihos botnet. The creator of the Kelihos Botnet, Peter Yuryevich Levashov (40), was sentenced...

Security Affairs

July 19, 2021

US DoJ indicts four members of China-linked APT40 cyberespionage group Full Text

Abstract US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S. Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope, TEMP.Jumper,...

Security Affairs

July 17, 2021

China’s New Law Requires Researchers to Report All Zero-Day Bugs to Government Full Text

Abstract The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The " Regulations on the Management of Network Product Security Vulnerability " are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks. "No organization or individual may take advantage of network product security vulnerabilities to engage in activities that endanger network security, and shall not illegally collect, sell or publish information on network product security vulnerabilities," Article 4 of the regulation states. In addition to banning sales of previously unknown security weaknesses, the new rules also forbid vulnerabilities from being

The Hacker News

July 15, 2021

Ohio Introduces Data Privacy Legislation Full Text

Abstract On July 13, Ohio Lieutenant Governor John Husted announced the introduction of the Ohio Personal Privacy Act, a comprehensive privacy framework following in the footsteps of several other states.

The National Law Review

July 14, 2021

New Law Will Help Chinese Government Stockpile Zero-Days Full Text

Abstract Starting September 1, 2021, the Chinese government will require that any Chinese citizen who finds a zero-day vulnerability must pass the details to the Chinese government.

Security Week

July 8, 2021

Proposed law seeks to boost federal cyber workforce through apprenticeships, training Full Text

Abstract Pundits and cyber experts alike praise bill, which would empower CISA and the Department of Veterans Affairs to establish and operate the workforce development programs.

SCMagazine

July 8, 2021

Trump Sues Facebook, Google and Twitter Full Text

Abstract Former US president takes legal action against companies over alleged illegal censorship

Infosecurity Magazine

July 8, 2021

U.K.’s Online Safety Bill: Not That Safe, After All? Full Text

Abstract The U.K. government's long-awaited Online Safety Bill was published on May 12. What does it say?

Lawfare

July 08, 2021

Cyber Command lawyer calls for military operations against hackers Full Text

Abstract The top lawyer for U.S. Cyber Command is calling for the United States to push back against transnational criminal hackers with military cyber operations.

The Hill

July 7, 2021

US Could Appeal Assange Extradition Refusal Full Text

Abstract UK court grants United States permission to appeal decision not to extradite WikiLeaks founder Julian Assange

Infosecurity Magazine

July 5, 2021

How U.S. cyber policy changed after SolarWinds Full Text

Abstract The Biden Administration imposed sanctions on Russia, ordered new cybersecurity standards for federal contracts with software companies, and chose the nation's first National Cyber Director.

CBS News

July 01, 2021

Facebook Sues 4 Vietnamese for Hacking Accounts and $36 Million Ad Fraud Full Text

Abstract Facebook on Tuesday revealed it filed two separate legal actions against perpetrators who abused its ad platform to run deceptive advertisements in violation of the company's  Terms  and  Advertising Policies .  "In the first case, the defendants are a California marketing company and its agents responsible for a  bait-and-switch  advertising scheme on Facebook," the social media giant's Director of Platform Enforcement and Litigation, Jessica Romero,  said . "In the second case, the defendants are a group of individuals located in Vietnam who got users to self-compromise their Facebook accounts and ran millions of dollars of unauthorized ads." As part of the fraudulent activity, the marketing company, N&J USA Incorporated, promoted the sale of merchandise such as clothing, watches, and toys through misleading ads that, when clicked, redirected users to other e-commerce websites to complete the purchase, only to either receive nothing or get deliver

The Hacker News

June 30, 2021

Facebook sues hackers who hijacked advertising agencies’ accounts Full Text

Abstract Facebook has filed lawsuits against two groups of suspects who took over advertising agency employees' accounts and abused its ad platform to run unauthorized or deceptive ads.

BleepingComputer

June 30, 2021

Russian-based DoubleVPN seized by law enforcement Full Text

Abstract Law enforcement seized the servers and customer logs for DoubleVPN, a double-encryption service widely used by threat actors for malicious purposes. Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that...

Security Affairs

June 29, 2021

DoubleVPN servers, logs, and account info seized by law enforcement Full Text

Abstract ​Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities.

BleepingComputer

June 25, 2021

FIN7 ‘Pen Tester’ Headed to Jail Amid $1B in Payment-Card Losses Full Text

Abstract One of the Carbanak cybergang’s highest-level hackers is destined to serve seven years while making $2.5 million in restitution payments.

Threatpost

June 25, 2021

Clop gang members recently arrested laundered over $500M in payments Full Text

Abstract The Clop ransomware members that were recently arrested laundered over $500M in ransomware payments for several malicious actors. The members of the Clop ransomware gang that were recently arrested in Ukraine laundered over $500M for several cybercrime...

Security Affairs

June 25, 2021

FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards Full Text

Abstract A Ukrainian national and a mid-​level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov , 33, was arrested in Spain on June 28, 2018, and subsequently extradited to the U.S. the following year on June 1, 2019. In June 2020, Kolpakov pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. The Western District of Washington also ordered Kolpakov to pay $2.5 million in restitution. The defendant, who was involved with the group from April 2016 until his arrest, managed other hackers who were tasked with breaching the point-of-sale systems of companies, both in the U.S. and elsewhere, to deploy malware capable of stealing financial information. FIN7 , also called Anunak, Carbanak Group , and the Navigator Group,

The Hacker News

June 24, 2021

Linguist Jailed for Sharing US Defense Secrets Full Text

Abstract Defense Department employee who passed secrets to Hizballah is sentenced to 23 years in prison

Infosecurity Magazine

June 24, 2021

House lawmakers introduce bill to increase American awareness of cyber threats Full Text

Abstract A group of bipartisan House lawmakers on Thursday introduced legislation to step up cybersecurity literacy and increase awareness among the American public amid a spike in cyber threats against critical infrastructure. 

The Hill

June 24, 2021

Nuisance Call Company Fined £130,000 After Eight-Month Blitz Full Text

Abstract East Sussex-based firm made nearly one million unwanted calls

Infosecurity Magazine

June 23, 2021

Mr. Double’s Operator Jailed Full Text

Abstract Prison for Texan behind website that published stories describing the torture and murder of children

Infosecurity Magazine

June 23, 2021

Spanish court approves extradition of John McAfee to US Full Text

Abstract Spain’s National Court approved the extradition of anti-virus software pioneer John McAfee for tax evasion charges.

The Hill

June 23, 2021

Scammer sends over 25,000 phishing texts in a day, arrested Full Text

Abstract The police has arrested an individual last week for sending fraudulent text messages to thousands of people to obtain banking details and defraud them.

BleepingComputer

June 23, 2021

Lawsuits filed on behalf of Scripps Health patients in cyber attack Full Text

Abstract A pair of lawsuits have been filed on behalf of former and current Scripps Health patients who allege their personal information may have been compromised during the recent ransomware attack.

10 News

June 22, 2021

French Teens on Trial for Cyber-bullying Full Text

Abstract Landmark Parisian trial could mean prison for teens convicted of online abuse

Infosecurity Magazine

June 21, 2021

Info-sharing pact will help electric companies comply with DOE’s 100-day plan Full Text

Abstract E-ISAC’s members will benefit from the analysis of pooled threat data, says CEO Manny Cancel.

SCMagazine

June 18, 2021

Lawmakers rally around cyber legislation following string of attacks Full Text

Abstract Lawmakers on Capitol Hill are scrambling to introduce legislation to address a devastating spike in ransomware and other cyberattacks on critical organizations such as Colonial Pipeline and JBS USA.

The Hill

June 18, 2021

New Jersey Councilor Charged with Cyber-harassment Full Text

Abstract Cape May councilman charged with stalking and cyber-harassing former girlfriend

Infosecurity Magazine

June 17, 2021

Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet Full Text

Abstract Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting...

Security Affairs

June 16, 2021

US Convicts Russian Malware-masker Full Text

Abstract Federal jury convicts operator of crypting service used to conceal Kelihos malware

Infosecurity Magazine

June 16, 2021

Law enforcement raids ransomware group that counted US universities among its targets Full Text

Abstract One of the group’s most notable incidents took place earlier this year when they attempted to extort major companies like Shell, Qualys, Jones Day, Flagstar and others who utilized the Accellion file transfer system.

SCMagazine

June 16, 2021

Ukrainian police say hackers who targeted US firms with ransomware have been uncovered Full Text

Abstract Ukrainian police have identified a group of six hackers who engaged in ransomware targeting the servers of companies from South Korea and the U.S. 

The Hill

June 15, 2021

TSA working on additional pipeline security regulations following Colonial Pipeline hack Full Text

Abstract The Transportation Security Administration (TSA) is working on an additional cybersecurity directive for pipeline companies in the wake of the ransomware attack on Colonial Pipeline.

The Hill

June 15, 2021

“Homeless Hacker” Arrested Full Text

Abstract Alleged Santa Cruz County DDoS attacker arrested in Mexico after years on the run

Infosecurity Magazine

June 15, 2021

Marketplace Selling Stolen Credentials Is Dismantled Full Text

Abstract International operation takes down virtual Slilpp store selling over 80 million allegedly stolen credentials

Infosecurity Magazine

June 13, 2021

Interpol shuts down thousands of fake online pharmacies Full Text

Abstract The Interpol (International Criminal Police Organisation) has taken down thousands of online marketplaces that posed as pharmacies and pushed dangerous fake and illicit drugs and medicine.

BleepingComputer

June 11, 2021

Security company exec and founder charged with facilitating cyber attack on Georgia hospital Full Text

Abstract Organizations often look to cybersecurity companies to protect them, but the Department of Justice and prosecutors in Georgia are pursuing criminal charges against a executive of a security company for aiding an alleged cyberattack on a Georgia medical center in 2018.

SCMagazine

June 11, 2021

COO Charged in Georgia Hospital Cyber-attack Full Text

Abstract Federal grand jury indicts security startup COO over 2018 attack on Gwinnett Medical Center

Infosecurity Magazine

June 11, 2021

Police Grab Slilpp, Biggest Stolen-Logins Market Full Text

Abstract There were more than 80 million login credentials for sale, used to inflict over $200 million in losses in the U.S. alone.

Threatpost

June 11, 2021

Network security firm COO charged with medical center cyberattack Full Text

Abstract The former chief operating officer of Securolytics, a network security company providing services for the health care industry, was charged with allegedly conducting a cyberattack on Georgia-based Gwinnett Medical Center (GMC).

BleepingComputer

June 11, 2021

DoJ announced to have shut down Slilpp marketplace in international operation Full Text

Abstract The US Department of Justice seized the servers and domains of the popular cybercrime marketplace SlilPP. The US Department of Justice announced to have seized the infrastructure of SlilPP, a popular marketplace used by cybercriminals to buy and sell...

Security Affairs

June 11, 2021

China’s New “Anti-Sanctions” Law Means Headache for Foreign Firms Full Text

Abstract Beijing could seize assets or ban entities from doing business there

Infosecurity Magazine

June 10, 2021

U.S. Authorities Shut Down Slilpp—Largest Marketplace for Stolen Logins Full Text

Abstract The U.S. Department of Justice (DoJ) Thursday said it disrupted and took down the infrastructure of an underground marketplace known as " Slilpp " that specialized in trading stolen login credentials as part of an international law enforcement operation. Over a dozen individuals have been charged or arrested in connection with the illegal marketplace. The cyber crackdown, which involved the joint efforts of the U.S., Germany, the Netherlands, and Romania, also commandeered a set of servers hosting its infrastructure as well as the multiple domains the group operated. Operational since 2012, Slilpp was an marketplace for allegedly stolen online account login credentials belonging to 1,400 companies worldwide, offering for sale more than 80 million plundered usernames and passwords for bank accounts, online payment accounts, mobile phone accounts, retailer accounts, and other online accounts, which were abused to conduct unauthorized transactions, such as wire transfers, fr

The Hacker News

June 10, 2021

IT Administrator Sentenced for Sabotaging Employer Full Text

Abstract Terminated employee who deleted former employer's file server is placed in lockdown

Infosecurity Magazine

June 10, 2021

Slilpp, the largest stolen logins market, seized by law enforcement Full Text

Abstract The US Justice Department has announced today that a multinational operation took down Slillpp, the largest online marketplace of stolen login credentials.

BleepingComputer

June 10, 2021

Arrest Made Over Multi-million-dollar BEC Scam Full Text

Abstract Texas cops arrest man who allegedly defrauded businesses and individuals out of $2.2m

Infosecurity Magazine

June 9, 2021

The Supreme Court Reins In the CFAA in Van Buren Full Text

Abstract The Supreme Court handed down its first major decision construing the Computer Fraud and Abuse Act last week. The decision is a major victory for those of us who favor a narrow reading of the CFAA.  It doesn't answer everything. But it answers a lot.

Lawfare

June 9, 2021

Pennsylvanian Charged over Trump Impersonation Fraud Full Text

Abstract Man allegedly posed as Trump family members on social media to fraudulently obtain financial donations

Infosecurity Magazine

June 9, 2021

Police Access Encrypted Devices in Major Global Crime Bust Full Text

Abstract Over 800 suspected criminals have been arrested after being tricked into using a messaging app owned by the FBI

Infosecurity Magazine

June 8, 2021

TrickBot Coder Faces Decades in Prison Full Text

Abstract A Latvian malware developer known as “Max” has been arraigned on 19 counts related to fraud, identity theft, information theft and money laundering.

Threatpost

June 8, 2021

MoviePass Operators Settle Data Security Allegations Full Text

Abstract Operators of defunct app settle alleged fraud and data security failures with FTC

Infosecurity Magazine

June 8, 2021

‘An0m’ Encrypted-Chat Sting Leads to Arrest of 800 Full Text

Abstract The FBI and Australian law enforcement set up the encrypted chat service and ran it for over 3 years, seizing weapons, drugs and over $48m in cash.

Threatpost

June 8, 2021

Trojan Shield, the biggest ever police operation against encrypted communications Full Text

Abstract Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The US Federal Bureau of Investigation (FBI), the Dutch National Police (Politie), and the Swedish...

Security Affairs

June 08, 2021

U.S. Recovers $2.3 Million Ransom Paid to Colonial Pipeline Hackers Full Text

Abstract In a major blow, the U.S. Department of Justice on Monday said it has recovered 63.7 bitcoins (currently valued at $2.3 million) paid by Colonial Pipeline to the DarkSide ransomware extortionists on May 8, pursuant to a seizure warrant that was authorized by the Northern District of California. The  ransomware attack  also hobbled the pipeline company's fuel supply, prompting the government to issue an  emergency declaration , even as the company shelled out a ransom amount of approximately  75 bitcoins  ($4.4 million as of May 8) to regain access to its systems. A week after the highly publicized incident, the ransomware-as-a-service syndicate disbanded with a May 14 farewell message to affiliates, stating that its internet servers and cryptocurrency stash were  seized  by unknown law enforcement entities. While DarkSide's announcement was perceived as an exit scam, the latest move from DoJ confirms earlier speculations of law enforcement involvement. Stating that "

The Hacker News

June 8, 2021

French Antitrust Regulator Slaps $268 Million Fine on Google Full Text

Abstract The tech giant has been fined for favoring its own Google Ad Manager technologies

Infosecurity Magazine

June 8, 2021

FBI and Australian police ran an encrypted chat platform to catch criminal gangs Full Text

Abstract The FBI and Australian Federal Police ran an encrypted chat platform and intercepted secret messages between criminal gang members from all over the world for more than three years.

The Record

June 7, 2021

Feds recover $2.3 million from Colonial Pipeline ransom Full Text

Abstract The announcement is compelling, as the public and private sector alike struggle to manage the response to a recent surge of ransomware attacks. More frequent recovery of funds after a ransom payment could shift the risk dynamic associated with these attacks for the business community, while also removing the financial incentive for attackers.

SCMagazine

June 07, 2021

Latvian Woman Charged for Her Role in Creating Trickbot Banking Malware Full Text

Abstract The U.S. Department of Justice (DoJ) on Friday charged a Latvian woman for her alleged role as a programmer in a cybercrime gang that helped develop TrickBot malware. The woman in question, Alla Witte , aka Max, 55, who resided in Paramaribo, Suriname, was arrested in Miami, Florida on February 6. Witte has been charged with 19 counts, including conspiracy to commit computer fraud and aggravated identity theft, wire and bank fraud affecting a financial institution, and money laundering. According to heavily redacted court documents released by the DoJ, Witte and 16 other unnamed cohorts have been accused of running a transnational criminal organization to develop and deploy a digital suite of malware tools with an aim to target businesses and individuals worldwide for theft and ransom. Since its origin as a banking Trojan in late 2015,  TrickBot  has evolved into a " crimeware-as-a-service " capable of pilfering valuable personal and financial information and even droppi

The Hacker News

June 7, 2021

Latvian Woman Charged with Developing Malware for Trickbot Full Text

Abstract The indictment claimed that Alla Witte helped to develop code related to the control, deployment and payments of ransomware

Infosecurity Magazine

June 5, 2021

US arrested Latvian woman who developed part of Trickbot malware Full Text

Abstract The US Department of Justice (DOJ) announced the arrest of a Latvian woman for her alleged role in the development of the Trickbot malware. The US Department of Justice (DOJ) announced the arrest of Alla Witte (aka Max), a Latvian woman that was charged...

Security Affairs

June 5, 2021

DoJ: Investigations into ransomware attacks must have similar priority as terrorism Full Text

Abstract The U.S. Department of Justice was to assign investigation on ransomware attacks the same priority as terrorism in the wake of the Colonial Pipeline hack. The U.S. Department of Justice plans to equate investigations into ransomware attacks with investigations...

Security Affairs

June 04, 2021

US charges Latvian for helping develop the Trickbot malware Full Text

Abstract The US Department of Justice announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization.

BleepingComputer

June 4, 2021

Supreme Court Limits Scope of Controversial Hacking Law Full Text

Abstract Judges rule that Georgia police officer did not violate CFAA when he accessed law-enforcement data in exchange for bribe money, a ruling that takes heat off ethical hackers.

Threatpost

June 03, 2021

US Supreme Court restricts broad scope of CFAA law Full Text

Abstract Today, the US Supreme Court restricted the scope of the federal Computer Fraud and Abuse Act after overturning the conviction of a Georgia police officer who searched a police database for money.

BleepingComputer

June 03, 2021

Justice Dept. to give ransomware attacks same priority as terrorism Full Text

Abstract The Justice Department announced this week that it will begin elevating ransomware investigations to a similar level of priority as terrorist attacks.

The Hill

June 2, 2021

Sextortion Lands Inmate in Federal Prison Full Text

Abstract South Carolina inmate sentenced over deadly sextortion scheme targeting military members

Infosecurity Magazine

June 2, 2021

Teen Crashes Florida School District’s Network Full Text

Abstract High school hacker facing felony charges after knocking 145 schools offline

Infosecurity Magazine

June 1, 2021

SolarWinds lawsuit claims private equity owners ‘sacrificed cybersecurity to boost short-term profits’ Full Text

Abstract The class action lawsuit and its claims highlight the role that top-down, short-term business strategies from investors, particularly in the private equity space, play in the cybersecurity investments that companies make.

SCMagazine

June 01, 2021

US Seizes Domains Used by SolarWinds Hackers in Cyber Espionage Attacks Full Text

Abstract Days after  Microsoft ,  Secureworks , and  Volexity  shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice (DoJ) Tuesday said it intervened to take control of two command-and-control (C2) and malware distribution domains used in the campaign. The court-authorized domain seizure 1m took place on May 28, the DoJ said, adding the action was aimed at disrupting the threat actors' follow-on exploitation of victims as well as block their ability to compromise new systems. The department, however, cautioned that the adversary might have deployed additional backdoor accesses in the interim period between when the initial compromises occurred, and the seizures took place last week. "[The] action is a continued demonstration of the Department's commitment to proactively disrupt hacking activity prior to the conclusion of a criminal investigation,"  said  Assistant Attorney

The Hacker News

June 01, 2021

DOJ seizes domains used to launch malicious emails posing as USAID Full Text

Abstract The Department of Justice (DOJ) on Tuesday announced that the U.S. has obtained court orders to seize control of two online domains used by suspected Russian hackers to send malicious emails to organizations posing as the U.S. Agency for International Development (USAID). 

The Hill

June 1, 2021

Rhode Islander Charged with Phishing Political Candidates Full Text

Abstract Woman allegedly spoofed Microsoft in attempt to steal political candidates’ credentials

Infosecurity Magazine

June 1, 2021

US Convicts “King of Fraud” Full Text

Abstract Cyber-criminal who scammed US companies out of millions is convicted by federal jury

Infosecurity Magazine

June 1, 2021

Brazil approves stricter legislation to tackle online crime Full Text

Abstract The law also relates to theft through fraud via an electronic device, with or without the violation of security mechanisms in place, or through use of malicious software, or by any other means.

ZDNet

June 1, 2021

Interpol Seizes $83 Million Headed for Online Scammers Full Text

Abstract APAC’s six-month HAECHI-I operation branded a success

Infosecurity Magazine

May 31, 2021

Fighting, screaming as alleged ATM scammer known as ‘The Shark’ is arrested in Mexico Full Text

Abstract Law enforcement authorities in Mexico arrested the alleged head of a financial fraud operation that used infected ATMs to steal more than $1 billion from tourists in recent years.

Cyberscoop

May 28, 2021

US Jails Telemarketing Fraudster Full Text

Abstract Federal prison for fraudster who tricked Americans into thinking their computers were under attack

Infosecurity Magazine

May 28, 2021

Khanna, Mace introduce bill to strengthen federal cyber workforce following major hacks Full Text

Abstract Reps. Ro Khanna (D-Calif.) and Nancy MaceNancy MaceGOP leaders face new calls to boot Greene House Republican offers flowchart for Marjorie Taylor Greene Joe Cunningham to enter race for South Carolina governor MORE (R-S.C.) on Friday introduced legislation to strengthen the federal workforce in the wake of a year of escalating cyber threats and attacks. 

The Hill

May 27, 2021

Hacker Who Targeted Cops Gets Jail Time Full Text

Abstract New Hampshire hacker behind bars after targeting Auburn Police Department

Infosecurity Magazine

May 27, 2021

French authorities seize their third dark web marketplace Full Text

Abstract French authorities have dismantled their third dark web marketplace over the last four years after they seized control of “Le Monde Parallèle” (The Parallel World) last week.

The Record

May 26, 2021

French police seized dark web marketplace Le Monde Parallèle Full Text

Abstract Last week, French authorities have seized the dark web marketplace Le Monde Parallèle, it is another success of national police in the fight against cybercrime. French authorities seized the dark web marketplace Le Monde Parallèle, the operation...

Security Affairs

May 26, 2021

Europe’s Top Human Rights Court Rules UK Mass Surveillance Illegal Full Text

Abstract Case could pave way for challenges to Snooper’s Charter

Infosecurity Magazine

May 26, 2021

WhatsApp Sues Indian Government Over New Privacy Threatening Internet Law Full Text

Abstract WhatsApp on Wednesday fired a legal salvo against the Indian government to block new regulations that would require messaging apps to trace the "first originator" of messages shared on the platform, thus effectively breaking encryption protections. "Requiring messaging apps to 'trace' chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people's right to privacy," a WhatsApp spokesperson told The Hacker News via email. "We have consistently joined civil society and experts around the world in opposing requirements that would violate the privacy of our users." With over 450 million active users, India is WhatsApp's biggest market by users.  The lawsuit, filed by the Facebook-owned messaging service in the Delhi High Court, seeks to bar new internet rules that come into force effective May 26. Called the Intermediary Guide

The Hacker News

May 25, 2021

GDPR Anniversary: Security Leaders More Concerned About Litigation Than Fines Full Text

Abstract 90% of security leaders are concerned about data breach litigation because of GDPR

Infosecurity Magazine

May 24, 2021

American Express Fined for Sending Millions of Spam Messages Full Text

Abstract British regulators ruled that Amex sent 4 million nuisance emails to opted-out customers.

Threatpost

May 24, 2021

‘Dearthy Star’ pleads guilty to selling info of 65K health care employees Full Text

Abstract Justin Sean Johnson, a 30-year-old from Detroit, Michigan, has pleaded guilty to stealing the personally identifiable information (PII) of 65,000 employees of health care provider and insurer University of Pittsburgh Medical Center (UPMC) and selling it on the dark web.

BleepingComputer

May 24, 2021

Amex Fined After Sending Over Four Million Spam Emails Full Text

Abstract ICO claims customers did not consent to receiving marketing messages

Infosecurity Magazine

May 24, 2021

Irish court issues injunction against Conti hackers to stop health service data exposure, sale Full Text

Abstract The injunction would make it illegal for information stolen during the ransomware attack against the Health Service Executive (HSE) from being shared, processed, sold, or otherwise published online.

ZDNet

May 23, 2021

Pipeline shutdown shows need for tougher cybersecurity laws Full Text

Abstract The Colonial Pipeline incident revealed just how easy it was to bring a massive part of American infrastructure to a halt with a hack that, by cybersecurity standards, was about as sophisticated as a pickpocketing.

Boston Globe

May 23, 2021

Amex fined £90,000 for sending 4 million spam emails in a year Full Text

Abstract The UK data regulator has fined American Express (Amex) £90,000 for sending over 4 million spam emails to customers within one year.

BleepingComputer

May 21, 2021

Telemarketing Fraudster Jailed for Ten Years Full Text

Abstract Scammer partnered with Peruvian call centers to extort $3.5m from Spanish-speaking US residents

Infosecurity Magazine

May 20, 2021

Irish High Court issues injunction to prevent HSE data leak Full Text

Abstract The High Court of Ireland has issued an injunction against the Conti Ransomware gang, demanding that stolen HSE data be returned and not sold or published.

BleepingComputer

May 20, 2021

Nigeria Suspends Official Charged with Defrauding US Full Text

Abstract Governor’s aide suspended following arrest over unemployment benefits fraud

Infosecurity Magazine

May 20, 2021

Privacy Concerns On Cookies Storing Personal Information Full Text

Abstract Which are privacy concerns on the way organizations collect personal information through the use of cookies? Data is constantly being tracked, stored and processed right under our noses, and it is quite frightening to know just how much data a company...

Security Affairs

May 20, 2021

Russian citizen Anton Bogdanov sentenced to 5 years for cyber tax fraud scheme Full Text

Abstract Russian hacker Anton Bogdanov was sentenced to 5 years' imprisonment for attempting to steal $1.5 million in tax refunds by hacking into tax preparation firms. The Russian citizen Anton Bogdanov (35), aka Kusok, was sentenced by a US Chief District...

Security Affairs

May 19, 2021

US introduces bills to secure critical infrastructure from cyber attacks Full Text

Abstract The US House Committee on Homeland Security has passed five bipartisan bills on Monday to bolster defense capabilities against cyber attacks targeting US organizations and critical infrastructure.

BleepingComputer

May 19, 2021

Regulator Fines QR Code Provider Which Spammed Customers Full Text

Abstract St Albans company sent 84,000 nuisance emails

Infosecurity Magazine

May 18, 2021

Legislation to secure critical systems against cyberattacks moves forward in the House Full Text

Abstract Multiple bills meant to secure critical infrastructure against cyber threats were approved by the House Homeland Security Committee on Tuesday afternoon, just a week after a ransomware attack on the Colonial Pipeline caused fuel shortages across the nation. 

The Hill

May 18, 2021

European Council extends sanctions against foreign threat actors Full Text

Abstract European Council extended for one year the sanctions against foreign threat actors that threaten the European Union and its member states. The European Council announced that it will extend for one year the framework for sanctions against threat actors...

Security Affairs

May 18, 2021

Oregonian Indicted Over International Streaming Fraud Full Text

Abstract AccountBot suspect allegedly stole and resold millions of customers’ login credentials

Infosecurity Magazine

May 18, 2021

2 Bills Introduced in Wake of Colonial Pipeline Attack Full Text

Abstract The ransomware attack on Colonial Pipeline Co. earlier this month has prompted lawmakers to introduce measures designed to address cybersecurity shortcomings in the nation's critical infrastructure.

Gov Info Security

May 17, 2021

Deputy US Marshal Allegedly Framed Ex as Cyber-stalker Full Text

Abstract Cyber-stalking and perjury charges for deputy US marshal accused of framing his former girlfriend

Infosecurity Magazine

May 17, 2021

Brazilian gang defrauds Uber, Lyft, DoorDash using GPS spoofing and stolen IDs Full Text

Abstract US authorities have charged a gang of Brazilian nationals for a scheme that defrauded the customers of services like Uber, Lyft, DoorDash, and two other unidentified food delivery services.

The Record

May 15, 2021

European police dismantle major online investment fraud ring that causes €30 Million in losses Full Text

Abstract A joint operation of European law enforcement agencies and coordinated by Europol dismantled a criminal ring involved in investment fraud. A joint investigation of European law enforcement agencies supported by Europol and Eurojust dismantled...

Security Affairs

May 14, 2021

Lawmakers roll out legislation to defend pipelines against cyber threats Full Text

Abstract A bipartisan group of more than a dozen House lawmakers have reintroduced legislation to defend pipelines against cyberattacks, with the bill coming on the heels of the devastating ransomware attack that forced the shutdown of Colonial Pipeline.

The Hill

May 14, 2021

US Sentences Cyber-Stalker Who Sent Sex Workers to Family’s Home Full Text

Abstract Hawaiian widower placed under 3-year supervision for cyber-stalking a Utah family

Infosecurity Magazine

May 14, 2021

Lawmakers introduce bill to protect critical infrastructure against cyberattacks Full Text

Abstract Rep. Elissa Slotkin (D-Mich.) and other bipartisan House lawmakers on Friday introduced legislation designed to protect critical systems against cyberattacks, a week after a ransomware attack on the Colonial Pipeline significantly disrupted the fuel supply for portions of the country.

The Hill

May 10, 2021

Four Confess to ‘Bulletproof Hosting’ Full Text

Abstract Conspirators plead guilty to providing ‘bulletproof hosting’ services to cyber-criminals attacking the US

Infosecurity Magazine

May 09, 2021

Four Plead Guilty to Aiding Cyber Criminals with Bulletproof Hosting Full Text

Abstract Four Eastern European nationals face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to providing bulletproof hosting services between 2008 and 2015, which were used by cybercriminals to distribute malware to financial entities across the U.S. The individuals, Aleksandr Grichishkin, 34, and Andrei Skvortsov, 34, of Russia; Aleksandr Skorodumov, 33, of Lithuania; and Pavel Stassi, 30, of Estonia, have been accused of renting their wares to cybercriminal clients, who used the infrastructure to disseminate malware such as Zeus, SpyEye, Citadel, and the Blackhole Exploit Kit that were capable of co-opting victim machines into a botnet, and stealing sensitive information. The deployment of malware caused or attempted to cause millions of dollars in losses to U.S. victims, the U.S. Department of Justice (DoJ) said in a statement on Friday. "A key service provided by the defendants was helping their clients to evade detection by

The Hacker News

May 7, 2021

Lawsuit Filed Over Contact Tracing Data Breach Full Text

Abstract State of Pennsylvania and Insight Global accused of cybersecurity failures after PHI exposed

Infosecurity Magazine

May 7, 2021

Israel’s Version of Moving Fast and Breaking Things: The New Cybersecurity Bill Full Text

Abstract If a new law is passed by government committee and the Knesset, it will redefine cybersecurity governance in Israel.

Lawfare

May 6, 2021

“Unusually Unhinged” Cyber-stalker Jailed for 10 Years Full Text

Abstract Man stalked ex-wife and kids from New Mexico to Oregon despite protective order

Infosecurity Magazine

May 5, 2021

IP or just generic tech? Palo Alto argues Centripetal patent claims are overly broad Full Text

Abstract The company claims a lawsuit filed against them by Centripetal Networks involve basic network security techniques and should be dismissed.

SCMagazine

April 30, 2021

Gaetz, House Republicans introduce bill to defund Postal Service covert operations program Full Text

Abstract Rep. Matt Gaetz (R-Fla.) and a group of other House Republicans on Friday introduced legislation to end funding for an arm of the U.S. Postal Service that carries out online surveillance. 

The Hill

April 30, 2021

Software Company Self-Reports Illegal Exports Full Text

Abstract SAP fined $8m after admitting it exported US-made patches and upgrades to Iran for seven years

Infosecurity Magazine

April 30, 2021

US prosecutors fine German software company for violating sanctions against Iran Full Text

Abstract Federal prosecutors have imposed a fine on a German software company for violating suctions against Iran.

The Hill

April 30, 2021

Senators introduce bill to increase US technology competitiveness against China Full Text

Abstract Sens. Catherine Cortez Masto (D-Nev.) and Rob PortmanRobert (Rob) Jones PortmanThe Hill's Morning Report - Biden to country: 'Turning peril into possibility' Moderate Republicans leery of Biden's renewed call for unity Biden makes case for sweeping change MORE (R-Ohio) on Friday introduced a bill to improve U.S. competitiveness against China and other nations by strengthening the nation’s ability to set standards around emerging technologies. 

The Hill

April 29, 2021

Boston Nanny Arrested After Cyber-Tip Full Text

Abstract Police trace shared child sexual abuse material back to well-established nanny and babysitter

Infosecurity Magazine

April 28, 2021

DOJ building the guardrails for Microsoft Exchange-type malware takedowns Full Text

Abstract Demers said the department would evaluate the Exchange operation to try to generalize future standards, and that such infiltration of private systems would not be a “tool of first resort.”

SCMagazine

April 28, 2021

US Arrests Alleged Crypto Mixer Full Text

Abstract Man suspected of laundering around $336m in Bitcoin via a crypto-mixing service is arrested

Infosecurity Magazine

April 28, 2021

GitHub disables Google FloC user tracking on its website Full Text

Abstract GitHub has announced rolling out a mysterious HTTP header on all GitHub Pages sites to block Google FLoC tracking.

BleepingComputer

April 27, 2021

Kik Tip Leads to Kindergarten Teacher’s Arrest Full Text

Abstract Cyber-tip about child sexual abuse material sharing leads to arrest of Indiana teacher

Infosecurity Magazine

April 27, 2021

Senate Intelligence panel working on legislation around mandatory cyber breach notification Full Text

Abstract The Senate Intelligence Committee is working on a bill to create some form of limited data breach mandatory reporting for the private sector, with the goal of preventing future major foreign cyberattacks on critical organizations. 

The Hill

April 27, 2021

Australian man sentenced for running stolen subscription credential service Full Text

Abstract An investigation into stolen subscription service credentials by the Australian Federal Police (AFP) has resulted in a two years and two months' sentence for a man from Sydney.

ZDNet

April 26, 2021

Nintendo Sues Bowser Full Text

Abstract Gaming giant files lawsuit against alleged leader of video game piracy group

Infosecurity Magazine

April 23, 2021

Californian Charged with Cyberstalking Teenage Boys Full Text

Abstract Brentwood woman allegedly bombarded three boys with abusive messages for years

Infosecurity Magazine

April 23, 2021

Senators introduce legislation to protect critical infrastructure against attack Full Text

Abstract Sens. Maggie Hassan (D-N.H.) and Ben SasseBen SasseSenate GOP keeps symbolic earmark ban On The Money: Senate GOP faces post-Trump spending brawl | Senate confirms SEC chief Gensler to full five-year term | Left-leaning group raises concerns about SALT cap repeal Senate GOP faces post-Trump spending brawl MORE (R-Neb.) on Friday introduced legislation intended to protect critical infrastructure from cyberattacks and other national security threats. 

The Hill

April 22, 2021

Google Ordered to Provide Info on Alleged Cyber-bullies Full Text

Abstract Canadian court orders tech giant to reveal who is behind blog dishing out alleged online harassment

Infosecurity Magazine

April 20, 2021

House passes legislation to elevate cybersecurity at the State Department Full Text

Abstract The House on Tuesday approved bipartisan legislation aimed at elevating cybersecurity at the State Department through prioritizing and reorganizing a key department on the heels of multiple major foreign cyberattacks against the United States. 

The Hill

April 19, 2021

US Charges Nigerian with Elder Fraud Full Text

Abstract Maryland resident accused of conning seniors out of nearly half a million dollars over social media

Infosecurity Magazine

April 19, 2021

FIN7 Sysadmin Gets 10 Years Behind Bars Full Text

Abstract Carbanak manager was recruited via Combi Security front company

Infosecurity Magazine

April 19, 2021

ICO Issued Over £42 Million in Fines Last Year Full Text

Abstract Question marks remain over regulator’s ability to collect

Infosecurity Magazine

April 18, 2021

A member of the FIN7 group was sentenced to 10 years in prison Full Text

Abstract Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially motivated group FIN7, aka Carbanak. The Ukrainian national Fedir Hladyr (35), aka “das” or “AronaXus,” was sentenced to 10 years...

Security Affairs

April 18, 2021

US sanctions cryptocurrency addresses linked to Russian cyberactivities Full Text

Abstract The US government sanctioned this week twenty-eight cryptocurrency addresses allegedly associated with entities or individuals linked to Russian cyberattacks or election interference.

BleepingComputer

April 17, 2021

SysAdmin of Billion-Dollar Hacking Group Gets 10-Year Sentence Full Text

Abstract A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr , a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, in addition to aggregating the stolen information, supervising other members of the group, and maintaining the server infrastructure that FIN7 used to attack and control victims' machines. The development comes after Hladyr pleaded guilty to conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking in September 2019. He was arrested in Dresden, Germany, in 2018 and extradited to the U.S. city of Seattle. Hladyr has also been ordered to pay $2.5 million in restitution. "This criminal organization had more than 70 people organized into business units and teams. Some were hackers, others developed the malwa

The Hacker News

April 17, 2021

High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison Full Text

Abstract A high-level manager of cybercrime group FIN7, also known as the Carbanak Group and the Navigator Group, has been sentenced to ten years in prison, the Department of Justice reports.

Dark Reading

April 16, 2021

Bank Groups Object to Proposed Breach Notification Regulation Full Text

Abstract The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies.

Gov Info Security

April 15, 2021

US Imprisons “Sadistic” Sextortionist Full Text

Abstract Cyberstalker who threatened to kill teenage victim if they didn’t have sex with him gets custodial sentence

Infosecurity Magazine

April 15, 2021

Arrest Made Over California City Data Breach Full Text

Abstract One Huntington Park financial official arrested and others placed on leave following data breach

Infosecurity Magazine

April 15, 2021

Republican lawmakers reintroduce bill to ban TikTok on federal devices Full Text

Abstract Sen. Josh Hawley (R-Mo.) led a group of Senate Republicans on Thursday in reintroducing legislation to ban the use of social media app TikTok on federal government devices, citing potential national security concerns. 

The Hill

April 15, 2021

Europe’s Data Protection Guardians Green Light EU-UK Data Flows Full Text

Abstract EDPB recommends accepting Commission’s adequacy decisions

Infosecurity Magazine

April 15, 2021

Man Gets 10 Years for Multimillion-Dollar Medicare Fraud Scheme Full Text

Abstract Complex conspiracy involved doctors, labs and telemarketing firm

Infosecurity Magazine

April 14, 2021

Lawsuit Filed After Facial Recognition Tech Leads to Wrongful Arrest Full Text

Abstract American sues Detroit officials over wrongful arrest linked to facial recognition technology

Infosecurity Magazine

April 12, 2021

Texas Man Charged With Intent of Planning to Kill 70% of the Internet Full Text

Abstract A Texas man is charged with intent to attack Data Centers on April 8 2021. This man has planned to blow up...

Cyber Security News

April 12, 2021

Man Arrested After Failed AWS Bomb Plot Full Text

Abstract Individual allegedly wanted to “kill off 70% of the internet”

Infosecurity Magazine

April 9, 2021

DOJ: Creep Coach Finagles Nude Athlete Photos Full Text

Abstract Allegedly perv college coach charged with cyberstalking and extorting nudes from his female athletes.

Threatpost

April 09, 2021

FBI arrests man for plan to kill 70% of Internet in AWS bomb attack Full Text

Abstract The FBI arrested a Texas man on Thursday for allegedly planning to "kill of about 70% of the internet" in a bomb attack targeting an Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia.

BleepingComputer

April 9, 2021

US Jails Cyber-stalker Who Targeted Attack Survivor Full Text

Abstract Florida man who cyberstalked survivor of murder attempt is sent to prison

Infosecurity Magazine

April 8, 2021

College Track Coach Accused of Cyberstalking Full Text

Abstract Athletics coach arrested on suspicion of tricking female athletes into sending him nudes

Infosecurity Magazine

April 08, 2021

NIST and HIPAA: Is There a Password Connection? Full Text

Abstract When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one's unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA? We'll discuss each compliance measure and its importance in this article. What is NIST compliance? Defined by the National Institute of Standards and Technology, NIST compliance aims to harden federal systems against cyber-attacks. While the agency is non-regulatory, it  is  part of the U.S. Department of Commerce, which has plenty of influence over government agencies and their contractors. For example, NIST guidelines help agencies  satisfy the requirements of the Federal Information Security Management Act  (FISMA). NIST is instrumental in creating Federal Information Proce

The Hacker News

April 8, 2021

Italian Arrested After Allegedly Paying Hitman to Murder Ex-Girlfriend Full Text

Abstract Europol officers analyzed crypto-transactions to trace individual

Infosecurity Magazine

April 8, 2021

Man arrested after hired a hitman on the dark web Full Text

Abstract A joint operation of Europol and the Italian Postal and Communication Police resulted in the arrest of an Italian national who hired a hitman on the dark web. Europol and the Italian Postal and Communication Police (Polizia Postale e delle Comunicazioni)...

Security Affairs

April 7, 2021

Chemical Weapon Shopping Sends Dark Web User to Prison Full Text

Abstract Broken-hearted American locked up for 12 years for trying to buy chemical weapon on dark web

Infosecurity Magazine

April 06, 2021

Facebook data leak now under EU data regulator investigation Full Text

Abstract Ireland's Data Protection Commission (DPC) is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users.

BleepingComputer

April 6, 2021

Admin of DeepDotWeb (DDW) Pleads Guilty for Connecting Internet users with Darknet Marketplaces Full Text

Abstract Recently, the administrator of DeepDotWeb, Tal Parihar has pleaded guilty, as he received kickbacks for connecting all the customers like the buyers...

Cyber Security News

April 3, 2021

22-year-old Charged for Hacking into Public Watering Systems Full Text

Abstract A 22-year-old man, Wyatt A. Travnichek from the U.S. state of Kansas has been accused on charges that he unauthorizedly accessed a...

Cyber Security News

April 2, 2021

Intelligence Analyst Fed Secrets to Reporter Full Text

Abstract Former intelligence analyst pleads guilty to disclosing classified information to journalist

Infosecurity Magazine

April 2, 2021

Troll Fined $81 After Victim Kills Herself Full Text

Abstract Cyber-bully who asked wrestler “when will you die?” fined after victim takes her own life

Infosecurity Magazine

April 2, 2021

Dutch watchdog fines Booking.com $560k after it kept customer data thefts quiet for more than 3 weeks Full Text

Abstract The Netherlands Data Protection Authority has fined Booking.com $560,000 for notifying it too late that criminals had accessed the data of 4,109 people who booked a hotel room via the website.

The Register

April 2, 2021

Man indicted for tampering with public water system in Kansas Full Text

Abstract The United States Department of Justice (DoJ) charged a Kansas man, for accessing and tampering with a public water system. The United States Department of Justice charged Wyatt A. Travnichek (22), of Ellsworth County, Kansas, for accessing and tampering...

Security Affairs

April 01, 2021

DeepDotWeb Admin Pleads Guilty to Money Laundering Charges Full Text

Abstract The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb ( DDW ), a "news" website that "served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar , 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan , 34, of Israel, starting October 2013, in return for which they received kickbacks from the operators of the marketplaces in the form of virtual currency amounting to 8,155 bitcoins (worth $8.4 million at the time of the transactions). In an attempt to conceal the illicit payments, Prihar is said to have transferred the money to other bitcoin accounts and to bank accounts under his control in the name of shell companies. "Tal Prihar served as a broker for illegal Darknet marketplaces — helping such marketplaces find customers for fentanyl, firearms, and other dangerous

The Hacker News

April 1, 2021

DeepDotWeb Administrator Admits Darknet Conspiracy Full Text

Abstract Website owner made over $8m advertising illegal online marketplaces

Infosecurity Magazine

April 1, 2021

DeepDotWeb admin pleads guilty to money laundering conspiracy Full Text

Abstract One of the administrators for the DeepDotWeb dark web portal pleads guilty to receiving kickbacks from the operators of the marketplaces. One of the administrators for the DeepDotWeb dark web portal, Tal Prihar (37), pleads guilty to receiving kickbacks...

Security Affairs

April 01, 2021

22-Year-Old Charged With Hacking Water System and Endangering Lives Full Text

Abstract A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access, according to the Department of Justice (DoJ). "By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,"  said  Lance Ehrig, Special Agent in Charge of the Environmental Protection Agency (EPA) Criminal Investigation Division in Kansas. "EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today's indictment sends a clear message that individuals who intentionall

The Hacker News

April 1, 2021

Booking.com Fined $558,000 for Late Breach Notification Full Text

Abstract Dutch regulator brands 2018 incident a “serious violation”

Infosecurity Magazine

March 31, 2021

Pair accused of turning photos into vids to crack tax dept facial recognition system in China Full Text

Abstract According to Xinhua, the suspects tricked the State Taxation Administration platform’s identity verification system by manipulating photos with a widely available app that turns photos into videos.

The Register

March 30, 2021

Palo Alto Networks latest security giant accused of patent infringement Full Text

Abstract Centripetal claims Palo Alto executives used a series of meetings and technical demonstrations to gain insight into the company’s network security innovations, before incorporating them into a wide range of Palo Alto products. The situation highlights the potential risks for both parties if early stage partnership discussions are not handled with care.

SCMagazine

March 30, 2021

Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website Full Text

Abstract A class-action suit in Florida accuses the tech giant of unlawfully intercepting communications by using session-replay software to capture the interaction of people visiting the corporate homepage Intel.com.

Threatpost

March 30, 2021

US charges close to 500 individuals for COVID-19 fraud, criminal activity Full Text

Abstract In an update published last week, the DoJ said that 474 defendants to date have been publicly charged "with criminal offenses based on fraud schemes connected to the COVID-19 pandemic."

ZDNet

March 29, 2021

Judge denies Cisco new trial, upholds judgement in patent infringement suit Full Text

Abstract A district judge summarily dimissed the company’s request for a new trial, writing that the “most compelling evidence [for infringement] originated in Cisco’s own technical documents introduced at trial by Centripetal.”

SCMagazine

March 29, 2021

US Imprisons BEC Scammer Full Text

Abstract Texas resident scammed schools, senior citizens, and charity supporting families of the terminally ill

Infosecurity Magazine

March 26, 2021

NGA Picks Four States for Academy on Cybersecurity Policy Full Text

Abstract Kansas, Missouri, Montana, and Washington to work with National Governors Association

Infosecurity Magazine

March 24, 2021

Drug Maker to Pay $50m for Destroying Data Full Text

Abstract Cancer drug manufacturer admits erasing and concealing records ahead of FDA inspection

Infosecurity Magazine

March 24, 2021

Lawmakers reintroduce legislation to secure internet-connected devices Full Text

Abstract Sen. Ed Markey (D-Mass.) and Rep. Ted LieuTed W. LieuOVERNIGHT ENERGY: Supreme Court declines to hear challenge to Obama marine monument designation | Interior reverses course on tribal ownership of portion of Missouri river | White House climate adviser meets with oil and gas companies Anger over anti-Asian violence, rhetoric rips through Capitol Lawmakers condemn anti-Asian rhetoric at hearing following shootings MORE (D-Calif.) on Wednesday again rolled out legislation intended to help secure internet-connected devices and increase consumer confidence in them. 

The Hill

March 23, 2021

Fired IT Contractor Jailed for Retaliatory Cyber-Attack Full Text

Abstract Prison for IT pro who hacked company server and deleted over 1,200 Microsoft user accounts

Infosecurity Magazine

March 23, 2021

UPMC and Charles Hilton Sued Over PHI Breach Full Text

Abstract Medical center and law firm facing class action after 36,000-record breach

Infosecurity Magazine

March 22, 2021

US Sentences Russian, North Macedonian in Cyber Fraud Case Full Text

Abstract Sergey Medvedev, 33, of Russia and Marko Leopard, 31, of North Macedonia, were sentenced to ten and five years respectively, according to a U.S. Justice Department statement.

Security Week

March 21, 2021

Swiss expert Till Kottmann indicted for conspiracy, wire fraud, and aggravated identity theft Full Text

Abstract Department of Justice announced that Swiss hacker Till Kottmann, 21, has been indicted for conspiracy, wire fraud, and aggravated identity theft. A group of US hackers recently claimed to have gained access to footage from 150,000 security cameras...

Security Affairs

March 19, 2021

US Indicts Software Engineer Full Text

Abstract Swiss man indicted for allegedly stealing and publishing sensitive government and corporate data

Infosecurity Magazine

March 19, 2021

Justice Department indicts hacker connected to massive surveillance camera breach Full Text

Abstract The Justice Department brought charges this week against a Swiss individual allegedly responsible for hacking into dozens of companies over the course of several years, most recently allegedly carrying out a breach that exposed massive amounts of surveillance data. 

The Hill

March 19, 2021

Russian pleads guilty to Tesla hacking and extortion attempt Full Text

Abstract Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla's Nevada Gigafactory.

BleepingComputer

March 19, 2021

Russian Man Pleads Guilty in Tesla Extortion Plot Full Text

Abstract Individual tried to recruit insider to deploy malware at Nevada facility

Infosecurity Magazine

March 19, 2021

Swiss hacker charged for leaking proprietary source code Full Text

Abstract Swiss national Till Kottmann, 21, has been charged for conspiracy, wire fraud and aggravated identity theft, the U.S. Department of Justice announced.

BleepingComputer

March 18, 2021

Mom Charged in Deepfake Cheerleading Plot Full Text

Abstract Mom allegedly used deepfake tech in attempt to oust daughter’s cheerleading rivals from squad

Infosecurity Magazine

March 18, 2021

Security Consultant Indicted on Cyberstalking Charges Full Text

Abstract Seattle cybersecurity professional accused of cyberstalking multiple victims

Infosecurity Magazine

March 18, 2021

The 17-year-old Twitter Hacker who is the “mastermind” Behind a High-Profile Attack Pleads Guilty Full Text

Abstract Graham Ivan Clark, 17, of Tampa, was arrested on 30 felony charges. Authorities say he was the "mastermind" of a July 15...

Cyber Security News

March 17, 2021

Lawmakers press federal agencies on scope of SolarWinds attack Full Text

Abstract The bipartisan leaders of a House panel on Wednesday drilled multiple agencies for updates on the SolarWinds hack, a mass cyber campaign that compromised at least nine federal agencies and 100 private sector groups.

The Hill

March 17, 2021

US subpoenas multiple Chinese communications providers in security review Full Text

Abstract The Commerce Department announced Wednesday that it subpoenaed several Chinese communications firms as the government reviews possible national security risks following alarming cyberattacks. 

The Hill

March 17, 2021

Teen Behind Twitter Bit-Con Breach Cuts Plea Deal Full Text

Abstract The ‘young mastermind’ of the Twitter hack will serve three years in juvenile detention. 

Threatpost

March 17, 2021

SEC Charges Man Over Cannabis Firm Pump-and-Dump Full Text

Abstract Individual allegedly amplified false statements via Twitter

Infosecurity Magazine

March 17, 2021

18-Year-Old Hacker Gets 3 Years in Prison for Massive Twitter ‘Bitcoin Scam’ Hack Full Text

Abstract A Florida teen accused of masterminding the hacks of several high-profile Twitter accounts last summer as part of a widespread cryptocurrency scam pled guilty to fraud charges in exchange for a three-year prison sentence. Graham Ivan Clark, 18, will also serve an additional three years on probation. The development comes after the U.S. Department of Justice (DoJ)  charged  Mason Sheppard (aka Chaewon), Nima Fazeli (aka Rolex), and Clark (then a juvenile) with conspiracy to commit wire fraud and money laundering. Specifically, 30 felony charges were filed against Clark, including one count of organized fraud, 17 counts of communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information, and one count of access to computer or electronic device without authority. On July 15, 2020, Twitter  suffered  one of the biggest security lapses in its history after the attackers managed to hi

The Hacker News

March 16, 2021

Teen responsible for major Twitter hack to serve three years in prison Full Text

Abstract A teenager responsible for masterminding a massive bitcoin scam last year that involved hacking Twitter accounts for various politicians and other high-profile figures has been sentenced to three years in prison.

The Hill

March 16, 2021

Teen hacker agrees to 3 years in prison for Twitter Bitcoin scam Full Text

Abstract A Florida teenager has pleaded guilty to fraud charges after coordinating the hack of high-profile Twitter accounts to run a cryptocurrency scam that collected roughly $120,000 worth of bitcoins.

BleepingComputer

March 16, 2021

Mom & Daughter Duo Hack Homecoming Crown Full Text

Abstract A Florida high-school student faces jail time for rigging her school’s Homecoming Queen election.

Threatpost

March 16, 2021

Spanish Data Protection Agency Issues Highest Ever Fine Full Text

Abstract AEPD fines Vodafone Spain a record-breaking $9.72m for failing to protect data

Infosecurity Magazine

March 16, 2021

Google to Face Lawsuit Over Tracking Users in ‘Incognito’ Mode Full Text

Abstract A judge in the US has directed Google to face a class-action lawsuit seeking $5 billion, that claimed the tech giant is...

Cyber Security News

March 15, 2021

Swiss authorities raid home of hacker potentially responsible for breaching surveillance cameras Full Text

Abstract Swiss law enforcement raided the home of a hacker potentially responsible for breaching around 150,000 surveillance cameras, exposing sensitive footage from homes, hospitals, and prisons. 

The Hill

March 15, 2021

US DoJ indicted the CEO of Sky Global encrypted chat platform Full Text

Abstract The CEO of the encrypted communications firm Sky Global has been indicted in the US on charges of facilitating international drug trafficking The head of the Canada-based company Sky Global that provides encrypted communications, Jean-Francois Eap,...

Security Affairs

March 15, 2021

Judge Upholds Privacy Lawsuit Against Google Full Text

Abstract Google will face allegations that it collected data of private browsing mode users

Infosecurity Magazine

March 15, 2021

US Indicts Head of Alleged Crime Chat Comms Service Full Text

Abstract The indictments were presented Friday against Jean-Francois Eap, the head of Sky Global, and Thomas Herdman, a former high-level distributor of Sky Global devices, the department said Friday.

Security Week

March 15, 2021

CEO of Encrypted Chat Platform Indicted for Aiding Organised Criminals Full Text

Abstract The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement. Eap (also known as "888888") and Thomas Herdman, a former high-level distributor of Sky Global devices, have been charged with a conspiracy to violate the federal Racketeer Influenced and Corrupt Organizations Act (RICO), according to warrants issued for their arrests. "The indictment alleges that Sky Global generated hundreds of millions of dollars providing a service that allowed criminal networks around the world to hide their international drug trafficking activity from law enforcement," Acting U.S. Attorney Randy Grossman  said  in the announcement. "This groundbreaking investigation should send a serious message to companies who think they can aid criminals in their unlawful ac

The Hacker News

March 15, 2021

Encrypted Comms CEO Indicted in Drug Trafficking Conspiracy Full Text

Abstract Arrest warrant issued for Sky Global boss Jean-Francois Eap

Infosecurity Magazine

March 13, 2021

CEO of Sky Global encrypted chat platform indicted by US Full Text

Abstract The US Department of Justice has indicted the CEO of encrypted messaging company Sky Global, and an associate for allegedly aiding criminal enterprises avoid detection by law enforcement.

BleepingComputer

March 12, 2021

SolarWinds lawsuits merge as stockholders begin documenting financial losses Full Text

Abstract A judge approved the merger of three class action lawsuits against SolarWinds as shareholders detail tens of thousands of dollars in stock losses they claim resulted from the hack.

SCMagazine

March 12, 2021

As legislators work toward law requiring companies to alert feds to breaches, key hurdles emerge Full Text

Abstract Experts say the idea has merit – if only legislators can balance the promise with the potential liability and burden placed upon industry.

SCMagazine

March 12, 2021

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms   Full Text

Abstract Sky ECC claims that cops cracked a fake version of the app being passed off by disgruntled reseller.

Threatpost

March 12, 2021

Encrypted Comms Firm Denies Police Cracked User Messages Full Text

Abstract Europol had claimed police accessed hundreds of millions of chats

Infosecurity Magazine

March 10, 2021

EU Privacy Law and U.S. Surveillance: Solving the Problem of Transatlantic Data Transfers Full Text

Abstract Most current approaches to resolving the EU-U.S. conflict fall short. It’s time for a hybrid approach.

Lawfare

March 10, 2021

Romance Fraudster Who Conned Jenifer Lewis Jailed Full Text

Abstract US imprisons Santa Monica man who impersonated Navy SEAL to con women

Infosecurity Magazine

March 10, 2021

Europol ‘unlocks’ encrypted Sky ECC chat service to make arrests Full Text

Abstract European law enforcement authorities have made a large number of arrests after a joint operation involving the monitoring of organized crime communication channels over the Sky ECC encrypted chat.

BleepingComputer

March 10, 2021

Lawmakers Urge FTC to Enforce Health Breach Notification Rule Full Text

Abstract The FTC's Health Breach Notification Rule, which is part of the American Recovery and Reinvestment Act of 2009, addresses privacy issues related to personal health records, the lawmakers write.

Gov Info Security

March 9, 2021

Arkansas Bill Addresses “Unfair” Social Media Censorship Full Text

Abstract Social media sites could be liable for damages if content is removed for “dubious or pretextual” reasons

Infosecurity Magazine

March 08, 2021

Lawmakers introduce legislation to allow Americans to take foreign hackers to court Full Text

Abstract A group of bipartisan House lawmakers on Monday introduced legislation that would allow Americans to hold foreign governments and their employees accountable in court for malicious cyber activity. 

The Hill

March 8, 2021

Virginia Passes New Data Protection Law Full Text

Abstract Virginia Consumer Data Protection Act signed into law

Infosecurity Magazine

March 8, 2021

McAfee Faces Decades Behind Bars After Fraud Indictment Full Text

Abstract AV pioneer accused of pump-and-dump and ICO scams

Infosecurity Magazine

March 8, 2021

FTC Busts $110m Charity Fraud Operation Full Text

Abstract Illegal calls harassed 67 million consumers

Infosecurity Magazine

March 05, 2021

US indicts John McAfee for cryptocurrency fraud, money laundering Full Text

Abstract US federal prosecutors have charged John McAfee, founder of cybersecurity firm McAfee, and his executive advisor Jimmy Gale Watson Jr for cryptocurrency fraud and money laundering.

BleepingComputer

March 05, 2021

John McAfee indicted by US officials for alleged cryptocurrency scheme Full Text

Abstract The Justice Department announced Friday that John McAfee, the founder of anti-virus software company McAfee, has been indicted on alleged fraud and money laundering charges tied to a cryptocurrency investment scheme.

The Hill

March 04, 2021

House-passed election bill takes aim at foreign interference Full Text

Abstract A sweeping elections bill passed by the House on Wednesday night would boost cybersecurity measures and focus on countering foreign interference efforts like the kind that affected the 2016 and 2018 elections.

The Hill

March 2, 2021

Satanic Temple Loses Cyber-squatting Lawsuit Full Text

Abstract Judge dismisses Temple’s claims that former members who wiped its Facebook pages were cyber-squatting

Infosecurity Magazine

March 2, 2021

Gamer Sues Microsoft Over Cyberbullying Full Text

Abstract Court case tests corporate responsibility for censoring harassment in gaming community

Infosecurity Magazine

March 2, 2021

DoJ Steps Up Investigation into NSO Group – Report Full Text

Abstract Lawyers probe WhatsApp for more technical details

Infosecurity Magazine

March 1, 2021

United Airlines to Pay $49m to Settle False Data Claim Full Text

Abstract Airline accused of defrauding USPS with false automated delivery scan data

Infosecurity Magazine

March 1, 2021

Florida Police Arrest 12 Alleged Online Predators Full Text

Abstract Sting operation nets a dozen alleged sexual predators who targeted children online

Infosecurity Magazine

March 1, 2021

Facebook Photo-tagging Lawsuit Settled for $650m Full Text

Abstract Judge approves $650m settlement of privacy lawsuit brought against social network

Infosecurity Magazine

March 1, 2021

ByteDance agreed to pay $92M in US privacy Settlement for TikTok data collection Full Text

Abstract ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users for illegal data collection. ByteDance, the company behind TikTok, agreed to pay $92 million in a settlement to U.S. users. The settlement has yet to be approved...

Security Affairs

March 1, 2021

Berlin Resident Jailed for NHS Bomb Threats Full Text

Abstract Italian also threatened MPs and Black Lives Matters protesters

Infosecurity Magazine

February 28, 2021

EU leaders aim at boosting defense and security, including cybersecurity Full Text

Abstract During a video conference of the members of the European Council, EU leaders agreed on a new strategy aimed at boosting defense and security.  During the recent video conference of the members of the European Council (25-26 February 2021),...

Security Affairs

February 26, 2021

At House SolarWinds hearing, bipartisan lawmakers announce breach disclosure bill Full Text

Abstract Continuing a discussion kicked off earlier this week in the Senate, House lawmakers confirmed that legislation is in the works, pushing for answers on the balance between liability protection and the duty to protect consumers.

SCMagazine

February 26, 2021

Lawmakers line up behind potential cyber breach notification legislation Full Text

Abstract House lawmakers on both sides of the aisle expressed strong support Friday for legislation to put in place national breach notification requirements in the wake of a massive foreign cyber espionage attack.

The Hill

February 26, 2021

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit Full Text

Abstract The settlement, if approved, would lay to rest claims that the video sharing app, owned by ByteDance, wrongfully collected the private and biometric data of users including teenagers and minors.

ZDNet

February 25, 2021

6 Alabamans Charged in $7m Virtual Schools Fraud Full Text

Abstract School officials accused of falsifying enrollment figures to get more state funding

Infosecurity Magazine

February 24, 2021

Former Power Company Boss to Admit Wire Fraud Full Text

Abstract SCANA Corporation’s ex-CEO to plead guilty to charges linked to Nukegate scandal

Infosecurity Magazine

February 23, 2021

Louisiana College Cyber-Thief Sentenced Full Text

Abstract US imprisons college comptroller who faked refunds to steal over a quarter of a million dollars

Infosecurity Magazine

February 19, 2021

US Arrests Six Alleged Cyber-Scam Money Launderers Full Text

Abstract Charges brought against alleged members of $50m fraud and money-laundering ring

Infosecurity Magazine

February 19, 2021

Three North Korean Hackers Indicted in Global Cybercrime Scheme Full Text

Abstract On Feb. 17, the Department of Justice released a newly unsealed indictment that charges three North Korean cyber operatives in connection with an alleged scheme to steal currency and commit cyberattacks on banks and businesses around the world.

Lawfare

February 19, 2021

Draft Adequacy Decision Paves the Way for EU-UK Data Flows to Continue Freely Full Text

Abstract The UK urges the approval process to be quickly concluded

Infosecurity Magazine

February 19, 2021

U.S. Charges 3 North Koreans With Hacking and Stealing Millions of Dollars Full Text

Abstract The Justice Department unsealed charges against three intelligence officers, revealing more details about incursions on Sony Pictures and the National Health Service in Britain, and other attacks.

New York Times

February 18, 2021

US Jails Celebrated Nigerian Entrepreneur for Cyber-Fraud Full Text

Abstract Ten years for man behind $11m cyber-fraud targeting Caterpillar’s British export sales office

Infosecurity Magazine

February 18, 2021

Two More Lazarus Group Members Indicted for North Korean Attacks Full Text

Abstract Sony Pictures, WannaCry and string of heists blamed on agents

Infosecurity Magazine

February 17, 2021

U.S. Charges 3 North Korean Hackers Over $1.3 Billion Cryptocurrency Heist Full Text

Abstract The U.S. Department of Justice (DoJ) on Wednesday  indicted  three suspected North Korean hackers for allegedly conspiring to steal and extort over $1.3 billion in cash and cryptocurrencies from financial institutions and businesses. The three defendants — Jon Chang Hyok, 31; Kim Il, 27; and Park Jin Hyok, 36 — are said to be members of the Reconnaissance General Bureau, a military intelligence division of North Korea, also known as the  Lazarus group ,  Hidden Cobra , or Advanced Persistent Threat 38 (APT 38). Accusing them of creating and deploying multiple malicious cryptocurrency applications, developing and fraudulently marketing a blockchain platform, the indictment expands on the  2018 charges brought against Park , one of the alleged nation-state hackers previously charged in connection with the 2014 cyberattack on Sony Pictures Entertainment. A Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes "North Korea's operatives, using keyboards rather than g

The Hacker News

February 17, 2021

US indicts North Korean hackers for stealing $1.3 billion Full Text

Abstract The U.S. Department of Justice has charged three North Koreans for stealing $1.3 billion in money and cryptocurrency in attacks on banks, the entertainment industry, cryptocurrency companies, and more.

BleepingComputer

February 17, 2021

Three North Korean hackers charged for financial and revenge-motivated hacks Full Text

Abstract The crimes include the 2014 hack against Sony, the WannaCry attacks, cryptocurrency fraud and ATM cash out schemes that targeted at least $1.3 billion.

SCMagazine

February 17, 2021

DOJ charges North Korean hackers with stealing $1.3 billion in cryptocurrency Full Text

Abstract The Justice Department (DOJ) announced charges Wednesday against three North Korean individuals for allegedly stealing $1.3 billion in cash and cryptocurrency from U.S. groups and conducting a series of cyberattacks, including the 2014 Sony Pictures hack. 

The Hill

February 17, 2021

Dutch police post ‘friendly’ warnings on hacking forums Full Text

Abstract Dutch police have posted "friendly" messages on two of today's largest hacking forums warning cyber-criminals that "hosting criminal infrastructure in the Netherlands is a lost cause."

ZDNet

February 17, 2021

The Cyberlaw Podcast: “This Is How They Tell Me the World Ends” Full Text

Abstract Our interview this week is with Nicole Perlroth, The New York Times reporter and

Lawfare

February 17, 2021

Dutch Police post “say no to cybercrime” warnings on hacker forums Full Text

Abstract The Dutch Police have begun posting warnings on Russian and English-speaking hacker forums not to commit cybercrime as law enforcement is watching their activity.

BleepingComputer

February 17, 2021

Italian watchdog fines Facebook 7 million euros Full Text

Abstract Italy’s competition watchdog fined Facebook ~$8.5 million for not complying with a request by the regulator to correct improper commercial practices in the group’s treatment of user data.

Cyber News

February 16, 2021

Police Target Irish Family in €4m Money Laundering Probe Full Text

Abstract Gang’s criminal proceeds seized in raids

Infosecurity Magazine

February 15, 2021

French and Ukrainian police arrested Egregor ransomware affiliates/partners in Ukraine Full Text

Abstract An international operation conducted in Ukraine and France lead to the arrest of criminals believed to be affiliated with the Egregor RaaS. Some affiliated with the Egregor RaaS, not the main ransomware gang, have been arrested as a result of a joint...

Security Affairs

February 15, 2021

Duo Charged with Multimillion-Dollar Dark Web Drugs Scheme Full Text

Abstract Two men from Texas alleged to have sold fake Adderall online

Infosecurity Magazine

February 13, 2021

Court documents show FBI could use a tool to access private Signal messages on iPhones Full Text

Abstract Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may...

Security Affairs

February 12, 2021

Three Charged Over Fraudulent Vaccine Website Full Text

Abstract Baltimore County trio indicted over spoofed Moderna website selling fake coronavirus vaccines

Infosecurity Magazine

February 12, 2021

US Jails Money Mule Kingpin Full Text

Abstract Man who laundered millions of dollars stolen by Eastern European computer hackers is sent to prison

Infosecurity Magazine

February 11, 2021

Lawmakers introduce bipartisan bill to allow for increased use of internet-connected devices Full Text

Abstract Reps. Suzan DelBene (D-Wash.) and John KatkoJohn Michael KatkoHillicon Valley: Krebs is back on Capitol Hill | Cybersecurity as 'preeminent threat' | News on data privacy and voter security Krebs, other officials urge Congress to take strong action to tamp down cyber threats Katko calls for bipartisanship on cyber issues as threats intensify MORE (R-N.Y.) on Thursday introduced legislation intended to allow for growth of the number of internet-connected devices and the expansion of spectrum to meet the expected increased demand. 

The Hill

February 11, 2021

10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities Full Text

Abstract Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated  year-long investigation  was jointly conducted by law enforcement authorities from the U.K., U.S., Belgium, Malta, and Canada. "The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sport stars, musicians and their families," Europol  said  in a statement. "The criminals are believed to have stolen from them over $100 million in cryptocurrencies after illegally gaining access to their phones." The eight suspects, aged 18 to 26, are said to be part of a larger ring, two members of which were nabbed previously in Malta and Belgium. The latest arrests were made in England and Scotland. The sweep comes almost a year afte

The Hacker News

February 11, 2021

UK Cops Arrest Eight in US Celeb SIM Swap Case Full Text

Abstract Group allegedly stole funds and hijacked social media accounts

Infosecurity Magazine

February 11, 2021

Law enforcement arrested 8 people that targeted celebrities with SIM swapping attacks Full Text

Abstract A total of eight criminals have been arrested on 9 February as a result of an international police operation into a series of SIM swapping attacks.  Eight men were arrested in England and Scotland as part of a year-long international investigation...

Security Affairs

February 11, 2021

Europol: 10 held for alleged $100m cryptocurrency theft from celebs, others Full Text

Abstract “The attacks orchestrated by this criminal gang targeted thousands of victims throughout 2020, including famous internet influencers, sports stars, musicians, and their families,” the agency said.

Cyber News

February 9, 2021

Cyber Command Major Imprisoned for Sex Crime Full Text

Abstract US Army major gets lengthy sentence for producing child sexual abuse material

Infosecurity Magazine

February 9, 2021

Attorney-General of Australia asked to update ‘personal information’ definition in Privacy Act Full Text

Abstract The Attorney-General's Department is currently in the midst of reviewing the Australia Privacy Act 1988. Since October, it has been calling for all interested parties to provide their two cents.

ZDNet

February 9, 2021

HIPAA’s new ‘Safe Harbor’ rules promote security at healthcare firms under seige Full Text

Abstract The US Health Insurance Portability and Accountability Act — HIPAA — has undergone some massive changes in the past few years to minimize the burden of healthcare entities.

Last Watchdog

February 8, 2021

Paralegal’s Pal Admits Outing Witnesses Full Text

Abstract Iowan pleads guilty to accessing sensitive, non-public information and releasing it on Facebook

Infosecurity Magazine

February 8, 2021

What Is the Point of These Nation-State Indictments? Full Text

Abstract Nation-state indictments may not be dramatic, but they are foundational.

Lawfare

February 8, 2021

Europol Breaks $14m Card Fraud Ring Full Text

Abstract Operation Secreto results in 105 arrests across the continent

Infosecurity Magazine

February 8, 2021

Crypto Fund Founder Pleads Guilty to $100m Fraud Scheme Full Text

Abstract Virgil Sigma and VQR investors left high and dry

Infosecurity Magazine

February 3, 2021

Prison for International Credit Card Fraud Kingpin Full Text

Abstract Ireland imprisons two members of multi-million-dollar cybercrime gang

Infosecurity Magazine

February 3, 2021

Tulsa Mayor’s Cyber-stalker Jailed Full Text

Abstract US jails Virginian who repeatedly threatened Tulsa’s mayor in a bid to stop a political rally from taking place

Infosecurity Magazine

February 3, 2021

Fertility App Sued Over Non-Consensual Data Sharing Full Text

Abstract Premom developer accused of sharing sensitive data with Chinese firms without user consent

Infosecurity Magazine

February 3, 2021

Law Enforcement Takes Down ValidCC Dark Web Payment Card Marketplace Full Text

Abstract ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week.

Krebs on Security

February 2, 2021

Medical Researcher Jailed for Selling Secrets to China Full Text

Abstract Ohio resident who conspired with husband to steal hospital’s secrets is imprisoned

Infosecurity Magazine

February 2, 2021

Man Charged in $11m Crypto Scheme that Featured Steven Seagal Full Text

Abstract Actor drawn in to promote scam ICO

Infosecurity Magazine

February 1, 2021

Greek Police to Introduce Live Facial Recognition Full Text

Abstract Live facial recognition and fingerprint ID tech to be issued to Greek police this summer

Infosecurity Magazine

February 1, 2021

Michigan Computer Science Professor Charged with Sex Crime Full Text

Abstract University of Michigan professor placed on leave after being charged with sexual abuse of minor

Infosecurity Magazine

January 29, 2021

Cyber-Cop Charged with Forgery and Bigamy Full Text

Abstract Nevada Cop who headed cybercrimes unit is arrested on seven felony counts

Infosecurity Magazine

January 29, 2021

66% of Workers Risk Breaching GDPR by Printing Work-Related Docs at Home Full Text

Abstract 20% of home workers admit to printing confidential employee info including payroll, addresses and medical information

Infosecurity Magazine

January 28, 2021

Social Media Influencer Charged with Election Interference Full Text

Abstract US charges influencer over online disinformation campaign that tricked Twitter users into thinking they had voted

Infosecurity Magazine

January 28, 2021

International Law Enforcement Takedown of NetWalker and Emotet Full Text

Abstract Law enforcement’s battle against cybercrime is off to a fast start in 2021, with two major developments occurring earlier this week. Both are a result of separate collaborative efforts between U.S. law enforcement agencies and various European authorities.

Lawfare

January 28, 2021

Lawmakers introduce legislation to massively expand mail-in voting Full Text

Abstract Sen. Ron Wyden (D-Ore.) and Rep. Earl BlumenauerEarl BlumenauerInauguration parties lose the glitz and glamour in 2021 Four things Democrats should do in Biden's first 100 days House Republican wants restrictions on masks with messages MORE (D-Ore.) on Thursday introduced legislation to allow all registered voters to have the option to vote from home.

The Hill

January 28, 2021

Utah Ponders Making Online ‘Catfishing’ a Crime Full Text

Abstract Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow.

Threatpost

January 28, 2021

Utah tests the waters in turning online catfishing into a criminal act Full Text

Abstract Titled, "Online Impersonation Prohibition," House Bill 239 introduced by Rep. Karianne Lisonbee proposes legal consequences for people that "use the name or persona of an individual" without consent.

ZDNet

January 28, 2021

Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware Full Text

Abstract U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. "We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims,"  said  Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department's Criminal Division. "Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today's multi-faceted operation." In connection with the takedown, a Canadian national named Sebastien Vachon-Desjardins from the city of Gatineau was charged in the U.S. state of Florida for extorting $27.6 million in cryptocurrency from ransom payments. Separately, the

The Hacker News

January 28, 2021

European Authorities Disrupt Emotet — World’s Most Dangerous Malware Full Text

Abstract Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet , a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade. The coordinated takedown of the botnet on Tuesday — dubbed " Operation Ladybird " — is the result of a joint effort between authorities in the Netherlands, Germany, the U.S., the U.K., France, Lithuania, Canada, and Ukraine to take control of servers used to run and control the malware network. "The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale," Europol  said . "What made Emotet so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomware, onto a victim's computer." More Than a Malware  Since its first identification in 2014,  Emotet  has evolved from its initial roots as a cre

The Hacker News

January 27, 2021

Law enforcement announced global action against NetWalker Ransomware Full Text

Abstract A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators. Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware...

Security Affairs

January 27, 2021

Emotet Botnet dismantled in a joint international operation Full Text

Abstract A global operation of law enforcement has dismantled the infrastructure of the infamous Emotet botnet. A global operation of law enforcement, lead by Europol, has dismantled the infrastructure of the infamous Emotet botnet. The Emotet banking trojan has...

Security Affairs

January 27, 2021

US charges NetWalker ransomware affiliate, seizes ransom payments Full Text

Abstract The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks.

BleepingComputer

January 27, 2021

International authorities disrupt ‘world’s most dangerous malware’ Full Text

Abstract A team of international law enforcement and judicial groups on Wednesday announced they had disrupted infrastructure used by cyber criminals to spread what authorities described as the “world’s most dangerous malware” and attack organizations around the world.  

The Hill

January 27, 2021

Emotet Disrupted Through Global Action Full Text

Abstract Botnet taken down after seven years of wreaking havoc on the world’s networks

Infosecurity Magazine

January 27, 2021

Europol: Emotet malware will uninstall itself on March 25th Full Text

Abstract Law enforcement has started to distribute an Emotet module to infected devices that will uninstall the malware on March 25th, 2021.

BleepingComputer

January 27, 2021

Law enforcement strikes back at Emotet, one of the world’s most popular ransomware loaders Full Text

Abstract The voluntary, collaborative posture taken by different private and public stakeholders is what sets this takedown apart from others.

SCMagazine

January 27, 2021

Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline Full Text

Abstract Hundreds of servers and 1 million Emotet infections have been dismantled globally, while authorities have taken NetWalker’s Dark Web leaks site offline and charged a suspect.

Threatpost

January 27, 2021

Netwalker ransomware dark web sites seized by law enforcement Full Text

Abstract The dark web websites associated with the Netwalker ransomware operation have been seized by law enforcement from the USA and Bulgaria.

BleepingComputer

January 27, 2021

Grindr Faces $11.7m Data Privacy Fine Full Text

Abstract Norway plans to fine dating app over alleged illegal disclosure of user data to advertisers

Infosecurity Magazine

January 27, 2021

Coordination Action by Europol and Eurojust Disrupts Emotet Botnet Infrastructure Full Text

Abstract Emotet, which is distributed through an automated process, is said to be one of the biggest players in the cybercrime world as other malware operators like TrickBot and Ryuk have benefited from it.

Cyber News

January 27, 2021

Emotet botnet disrupted after global takedown operation Full Text

Abstract The infrastructure of today's most dangerous botnet built by cybercriminals using the Emotet malware was taken down following an international coordinated action coordinated by Europol and Eurojust.

BleepingComputer

January 27, 2021

Grindr faces $11.7 million fine in Norway for breach of data privacy Full Text

Abstract Norway's Data Protection Authority said on Tuesday it plans to fine dating app Grindr about $11.7 million for what the regulator said was illegal disclosure of user data to advertising firms.

The Times Of India

January 25, 2021

Mr. Double Website Operator Convicted Full Text

Abstract Jury convicts Texan accused of operating website that sold child sexual abuse material

Infosecurity Magazine

January 23, 2021

ADT employee pleads guilty for accessing cameras installed by the company Full Text

Abstract A former ADT employee pleads guilty for accessing the cameras he installed at the home of the company's customers in the Dallas area. Telesforo Aviles (35) is a former ADT employee that pleaded for accessing the cameras he installed at the home of the company's...

Security Affairs

January 22, 2021

House lawmakers reintroduce bipartisan bill to weed out foreign disinformation on social media Full Text

Abstract Reps. Abigail Spanberger (D-Va.) and John KatkoJohn Michael KatkoRep. John Katko: Why I became the first Republican lawmaker to support impeachment NY Republican says cybersecurity will be a high priority for Homeland Security panel Upton becomes first member of Congress to vote to impeach two presidents MORE (R-N.Y.) on Friday reintroduced legislation intended to cut down on foreign disinformation and propaganda spread on social media, in particular following a spike in the content after the presidential election and during the COVID-19 pandemic. 

The Hill

January 21, 2021

France Arrests 14 Over Online Child Sexual Abuse Full Text

Abstract Europol and French police arrest 14 on suspicion of participating in online child sexual abuse

Infosecurity Magazine

January 20, 2021

Last-minute Trump order adds new security regulation to cloud providers Full Text

Abstract An eleventh-hour executive order will require infrastructure-as-a-service providers to log the identity of foreign clients. The executive order will stand, unless specifically repealed by new President Joe Biden.

SCMagazine

January 20, 2021

Kentucky Senior Arrested for Identity Theft Full Text

Abstract US police arrest two women in cybercrime case involving stolen identities

Infosecurity Magazine

January 20, 2021

Trump Pardons Google Trade Secret Thief Full Text

Abstract Former Waymo exec who passed Google trade secret to Uber pardoned by outgoing US president

Infosecurity Magazine

January 19, 2021

GDPR Fines Surge 39% Over Past Year Despite #COVID19 Full Text

Abstract Over $190m in financial penalties imposed across EU

Infosecurity Magazine

January 18, 2021

No US Trial for Irish Hacker Full Text

Abstract United States withdraws extradition request for Dubliner who stole $2m in Bitcoin

Infosecurity Magazine

January 18, 2021

Health Insurer Fined $5.1m Over Data Breach Full Text

Abstract Excellus Health Plan agrees to pay $5.1m to settle HIPAA violation case

Infosecurity Magazine

January 18, 2021

German laptop retailer fined €10.4m under GDPR for video-monitoring employees Full Text

Abstract German data regulator LfD announced a €10.4M fine under GDPR against the online laptop and electronic goods retailer NBB for video-monitoring employees. The State Commissioner for Data Protection (LfD) Lower Saxony announced a €10.4 million fine...

Security Affairs

January 17, 2021

Authorities Take Down the Worlds Largest Illegal Dark web Market Place Full Text

Abstract DarkMarket is one of the world's largest illegal market on the web, and recently, this market has been shut down by many...

Cyber Security News

January 15, 2021

Facebook sues two Chrome extension devs for scraping user data Full Text

Abstract All extensions were developed by a software company named "Oink and Stuff," specialized in creating Android apps and browser extensions for Chrome, Firefox, Opera, and Microsoft Edge.

ZDNet

January 15, 2021

Facebook Sues Devs of Alleged Data-Scraping Chrome Extensions Full Text

Abstract Portuguese duo said to have designed code to covertly harvest user info

Infosecurity Magazine

January 14, 2021

Facebook: Malicious Chrome Extension Developers Scraped Profile Data Full Text

Abstract Facebook has sued two Chrome devs for scraping user profile data – including names, user IDs and more.

Threatpost

January 14, 2021

Facebook sues makers of malicious Chrome extensions for scraping data Full Text

Abstract Facebook has taken legal action against the makers of malicious Chrome extensions used for scraping user-profiles and other information from Facebook's website and from users' systems without authorization.

BleepingComputer

January 14, 2021

Florida Ethics Officer Charged with Cyberstalking Full Text

Abstract Judge bars former Tallahassee city ethics officer from internet-connected devices after her arrest for cyberstalking.

Threatpost

January 14, 2021

Hy-Vee Data Breach Settlement Proposed Full Text

Abstract Victims of months-long Hy-Vee data breach could receive $225 each under proposed settlement

Infosecurity Magazine

January 13, 2021

Former Florida Official Charged with Cyberstalking Full Text

Abstract Tallahassee’s first ethics officer arrested for allegedly stalking former city auditor

Infosecurity Magazine

January 13, 2021

Bitcoin Exchange Owner Jailed for Money Laundering Full Text

Abstract US imprisons RG Coins owner for role in international multimillion-dollar online fraud scheme

Infosecurity Magazine

January 12, 2021

Police took down DarkMarket, the world’s largest darknet marketplace Full Text

Abstract The world's largest black marketplace on the dark web, DarkMarket, has been taken offline by law enforcement in an international operation.  DarkMarket, the world's largest black marketplace on the dark web, has been taken offline as a result of an international...

Security Affairs

January 12, 2021

World’s Largest Illegal Dark Web Marketplace Taken Down Full Text

Abstract International law enforcement operation takes DarkMarket offline

Infosecurity Magazine

January 12, 2021

Europol Reveals Dismantling of ‘Largest’ Underground Marketplace Full Text

Abstract Europol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace’s infrastructure, including more than 20 servers.

Threatpost

January 11, 2021

Russian hacker Andrei Tyurin sentenced to 12 years in prison Full Text

Abstract A U.S. court on Thursday sentenced the Russian hacker Andrei Tyurin to 12 years in prison for his role in an international hacking campaign. A U.S. court sentenced this week Andrei Tyurin (37) to 12 years in prison for carrying out an international...

Security Affairs

January 11, 2021

High Court Rules Against Government Bulk Hacking Full Text

Abstract Use of general warrants to target large numbers is illegal

Infosecurity Magazine

January 8, 2021

JPMorgan Chase Hacker Gets 12 Years Full Text

Abstract US locks up Russian who hacked major financial institutions to steal data

Infosecurity Magazine

January 6, 2021

‘Ghosts of legislations past’: Policy predictions for 2021 Full Text

Abstract If 2020 brought deadlines tied to various privacy and data protection policies, then 2021 means compliance – with less leniency for companies that fall short of regulations.

SCMagazine

January 6, 2021

British Airways Plans £3bn Breach Settlement Full Text

Abstract British Airways to start £3bn settlement discussions over data breaches affecting 500,000 customers

Infosecurity Magazine

January 06, 2021

Trump bans China-linked apps for collecting Americans’ data Full Text

Abstract United States President Donald Trump has signed an executive order banning eight Chinese apps considered to be a threat to US national security, economy, and foreign policy.

BleepingComputer

January 5, 2021

UK Jails Cyber-Voyeur Full Text

Abstract Former civil servant jailed for hacking and cyber-exploitation of hundreds of women and girls

Infosecurity Magazine

January 4, 2021

SolarWinds, top executives hit with class action lawsuit over Orion software breach Full Text

Abstract Stockholders who purchased company shares in 2020 are suing the IT management software company for materially misleading investors about their security practices.

SCMagazine

January 4, 2021

UK Rejects Assange Extradition Request Full Text

Abstract British court rules WikiLeaks founder should not be extradited to the United States

Infosecurity Magazine

January 4, 2021

British Court rejects the US’s request to extradite Julian Assange Full Text

Abstract A British court has rejected the request of the US government to extradite Wikileaks founder Julian Assange to the country. WikiLeaks founder Julian Assange should not be extradited to the US to stand trial, the Westminster Magistrates' Court has rejected...

Security Affairs

January 04, 2021

British Court Rejects U.S. Request to Extradite WikiLeaks’ Julian Assange Full Text

Abstract A British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates' Court today, Judge Vanessa Baraitser denied the extradition on the grounds that Assange is a suicide risk and extradition to the U.S. prison system would be oppressive. "I find that the mental condition of Mr. Assange is such that it would be oppressive to extradite him to the United States of America," judge Baraitser  said  in a 132-page ruling. The U.S. government is expected to appeal the decision. The case against Assange centers on WikiLeaks' publication of hundreds of thousands of leaked documents about the Afghanistan and Iraq wars, as well as diplomatic cables, in 2010 and 2011. The documents include "approximately 90,000 Afghanistan war-related significant activity reports, 400,0

The Hacker News

January 3, 2021

NCA arrested 21 customers of the WeLeakInfo service Full Text

Abstract NCA arrested 21 people in the UK as part of an operation targeting customers of WeLeakInfo service that advertised stolen personal credentials. 21 people have been arrested in the UK as part of an operation against customers of the WeLeakInfo[.]com...

Security Affairs

January 2, 2021

Ticketmaster will pay $10 Million fine over hacking a competitor Full Text

Abstract Ticketmaster agreed to pay a $10 million fine for hacking into the computer system of the startup rival CrowdSurge. The news is disturbing, Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems...

Security Affairs

January 02, 2021

Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company Full Text

Abstract Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to "cut [the company] off at the knees." A subsidiary of Live Nation, the California-based ticket sales and distribution company used the stolen information to gain an advantage over CrowdSurge — which merged with Songkick in 2015 and later acquired by Warner Music Group (WMG) in 2017 — by hiring a former employee to break into its tools and gain insight into the firm's operations. "Ticketmaster employees repeatedly – and illegally – accessed a competitor's computers without authorization using stolen passwords to unlawfully collect business intelligence,"  said  Acting U.S. Attorney Seth DuCharme. "Further, Ticketmaster's employees brazenly held a division-wide 'summit' at which the stolen passwords were used to access the victim company's computers, as if th

The Hacker News

January 1, 2021

Ticketmaster pays $10M fine to settle charges of using stolen passwords to spy on rival company Full Text

Abstract One of the biggest brands in the music and events business, Ticketmaster, has agreed to pay a $10 million fine for “computer intrusion and fraud offenses” after employees used stolen credentials to spy on a competitor.

Cyberscoop

December 31, 2020

Ticketmaster fined $10 million in corporate espionage scheme Full Text

Abstract Ticketmaster tried to steal both a client and design ideas from a competitor by logging into the back-end system with a former employer’s login credentials.

SCMagazine

December 31, 2020

Ticketmaster fined $10 million for breaking into rival’s systems Full Text

Abstract Ticketmaster, a Live Nation subsidiary and a leading ticket distribution and sales company, was fined $10 million for illegally accessing the systems of competitor CrowdSurge using the credentials of one of its former employees.

BleepingComputer

December 30, 2020

Israel, Cyberattacks and International Law Full Text

Abstract In response to a series of cyberattacks, Israel seems to be increasingly turning toward international law to guide its approach to hostile activities in cyberspace.

Lawfare

December 29, 2020

Lawsuit Claims Flawed Facial Recognition Led to Man’s Wrongful Arrest Full Text

Abstract Black man sues police, saying he was falsely ID’d by facial recognition, joining other Black Americans falling victim to the technology’s racial bias.

Threatpost

December 29, 2020

Brazilians mostly unaware of data protection regulations Full Text

Abstract The survey carried out by Brazilian credit intelligence company Boa Vista with over 500 consumers between August and September 2020 suggests that over 70% of those polled do not know what the GDPR is.

ZDNet

December 28, 2020

Data questions remain as UK exits EU Full Text

Abstract For U.S. firms, whose home nation already has different privacy laws state by state, a new U.K. regime might be one more for the pile.

SCMagazine

December 24, 2020

Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data Full Text

Abstract Sabre Corp. will make a $2.4 million payout and shore up its cybersecurity policies under an agreement with 27 state attorneys general who investigated a breach of its hotel-booking technology.

Cyberscoop

December 24, 2020

New Lawsuit Takes Aim at Ring After Smart Doorbell Hijacking Full Text

Abstract Incidents led to murder and sexual assault threats for users

Infosecurity Magazine

December 24, 2020

Lawmakers want more transparency on SolarWinds breach from State, VA Full Text

Abstract Two Democratic senators are calling on the departments of State and Veterans Affairs to brief lawmakers on how their agencies have been impacted by the SolarWinds breach.

Cyberscoop

December 23, 2020

US Teen Accused of Deadly Cyber-stalking Campaign Full Text

Abstract New Yorker accused of cyber-stalking a woman and soliciting others to rape, murder, and decapitate her

Infosecurity Magazine

December 23, 2020

Google Faces its 3rd Major Antitrust Lawsuit for Using Monopolistic Powers to Control Pricing Full Text

Abstract Recently Google faced the 3rd antitrust lawsuit, and it's one of the major lawsuits for using Monopolistic powers to control different pricing....

Cyber Security News

December 23, 2020

Google Faces its 3rd Major Antitrust Lawsuit for Using Monopolistic Powers to Control Pricing Full Text

Abstract Recently Google faced the 3rd antitrust lawsuit, and it's one of the major lawsuits for using Monopolistic powers to control different pricing....

Cyber Security News

December 23, 2020

Law enforcement take down three bulletproof VPN providers Full Text

Abstract The three services were active at insorg.org [2014 snapshot], safe-inet.com [2013 snapshot], and safe-inet.net before the domains were seized and replaced with law enforcement banners on Monday.

ZDNet

December 22, 2020

Safe-Inet, Insorg VPN services shut down by law enforcement Full Text

Abstract Law enforcement agencies around the world in a coordinated effort took down and seized the infrastructure supporting Safe-Inet and Insorg VPN and proxy services known for catering cybercriminal activity.

BleepingComputer

December 22, 2020

Shabang Banged to Rights Full Text

Abstract Silk Road lies send computer programmer “Shabang” to prison

Infosecurity Magazine

December 22, 2020

The New IOT Security Act Shows the Limits of Congressional Policymaking for Cybersecurity Full Text

Abstract The new legislation is largely a ratification of measures already underway or completed.

Lawfare

December 22, 2020

European Commission Proposes Bold Steps on Cybersecurity Full Text

Abstract NIS 2 seeks to promote voluntary cyberthreat information sharing by directing Member States to ensure that covered entities can share cyberthreat information among themselves to improve cybersecurity.

Palo Alto Networks

December 22, 2020

Tech Giants Support Facebook in Case Against Spyware Maker Full Text

Abstract Israeli firm NSO Group is claiming sovereign immunity

Infosecurity Magazine

December 22, 2020

Microsoft, Google, Cisco, Dell join legal battle against hacking company NSO Full Text

Abstract The tech giants on Monday joined Facebook’s legal battle against hacking company NSO, filing an amicus brief in federal court that warned that the Israeli firm’s tools were “powerful, and dangerous.”

Reuters

December 21, 2020

Why Schrems II Might Not Be a Problem for EU-U.S. Data Transfers Full Text

Abstract Nearly all U.S. companies should have no difficulty showing that U.S. surveillance authorities at issue will not interfere with their ability to comply with standard contractual clauses.

Lawfare

December 21, 2020

New US Bill Will Punish Foreign Firms’ IP Theft Full Text

Abstract Chinese companies should be prepared for more sanctions

Infosecurity Magazine

December 21, 2020

US Indicts Former Zoom China Liaison for Doing PRC’s Bidding Full Text

Abstract Employee accused of disrupting meetings to commemorate Tiananmen Square massacre

Infosecurity Magazine

December 20, 2020

Krebs: US should be ‘cautious’ about escalating cyber war with Russia Full Text

Abstract Former Cybersecurity and Infrastructure Security Agency (CISA) chief Christopher Krebs in an interview on Sunday poured cold water on lawmakers' calls for retaliation in response to a cyber intrusion at numerous government agencies believed to be carried out by Russia.

The Hill

December 20, 2020

Lawfare Live: U.S. Cyber Strategy and the SolarWinds Breach Full Text

Abstract This Tuesday, Dec. 22, at 12pm EST, Robert Chesney, Lawfare founding editor and Charles I. Francis Professor in Law at the University of Texas School of Law, and Lawfare executive editor Susan Hennessey will join Lawfare chief operating officer David Priess to answer questions about the cyber breach of SolarWinds, its effects on several government agencies and the infiltration’s domestic and international ramifications.

Lawfare

December 19, 2020

U.S. banking regulators propose requiring banks to immediately flag computer breaches Full Text

Abstract The new proposal from U.S. banking regulators would direct banks to notify their primary regulator as soon as possible after a breach is discovered that could impair services or the organization itself.

Reuters

December 18, 2020

Russia’s Hack Wasn’t Cyberwar. That Complicates US Strategy Full Text

Abstract Because states routinely spy on one another—friends and foes alike—there are a very limited number of credible punishments states can use to threaten others into not spying.

Wired

December 18, 2020

Will the US Move to a Federal Privacy Law in 2021? Full Text

Abstract Experts discuss impact of CPRA and other recent events on privacy rules in the US

Infosecurity Magazine

December 18, 2020

The SolarWinds Breach Is a Failure of U.S. Cyber Strategy Full Text

Abstract The breach underscores the importance of integrating defend forward into a broader national cybersecurity strategy.

Lawfare

December 17, 2020

Police Vouch for Hacker Who Guessed Trump’s Twitter Password Full Text

Abstract No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trump’s Twitter account by guessing his password, “MAGA2020!” last October.

Threatpost

December 17, 2020

Indian Police Bust Illegal Call Center Full Text

Abstract Delhi police cybercrime unit arrests 54 over illegal call center targeting foreign nationals

Infosecurity Magazine

December 16, 2020

Additional CCPA Regulations Proposed by California AG Full Text

Abstract The recommended changes build off of updates proposed back in October regarding consumer opt-out requests. Those interested in submitting a comment for the proposed regulations have until December 28.

Digital Guardian

December 16, 2020

EU Digital Services and Digital Markets Acts aim at setting new rules for tech giants Full Text

Abstract The European Union is going to unveil two laws, the Digital Services and Digital Markets Acts, that will impose new rules for tech giants. The European Union is set to unveil two laws, the Digital Services and Digital Markets Acts, that aim at defining...

Security Affairs

December 15, 2020

Twitter Fined Half a Million Dollars for Privacy Violation Full Text

Abstract Violating EU data protection rules has costly repercussions for social media giant

Infosecurity Magazine

December 13, 2020

FTC Filed a Lawsuit Against Facebook for Illegal Monopolization Full Text

Abstract The Attorney General Letitia James of the Federal Trade Commission recently declared a new antitrust lawsuit upon Facebook. This lawsuit clearly justifies...

Cyber Security News

December 9, 2020

Lawyer up: Following a breach, companies often call outside counsel first Full Text

Abstract BakerHostetler assisted in about 1,600 cases tied to cyber breaches this year — about 60 percent more than 2019.

SCMagazine

Table of contents