CyberScoop
Obama says he underestimated the threats posed by disinformation
The former president said the U.S. and other democracies helped disinformation flourish by growing complacent.
CyberScoop
Debate erupts at news the White House may scale back DOD cyber-ops authorities
Cybersecurity and homeland security experts are split on the wisdom of scaling back broad authorities the Department of Defense now has to launch cyber operations.
DataBreaches
Solar Winds can’t dodge investor suit over massive cyberattack
Stephen Paulsen reports: An Austin-based tech company may be liable to investors after it suffered a major security breach that caused its stock price to...
Bleeping Computer
US national emergency extended due to elevated malicious cyber activity
US President Joe Biden today has extended the state of national emergency declared to deal with increasingly prevalent and severe malicious cyber threats to the United States national security, foreign policy, and economy.
CyberScoop
Legislator slams Biden administration for dialing back DOD cyber operation authorities
Cyberspace Solarium Commission Co-Chair Rep. Mike Gallagher asserts that the Biden administration's decision poses a national security threat.
DataBreaches
Spain orders extradition of British alleged hacker to U.S.
AP reports: Spain’s National Court has agreed to the extradition to the U.S. of a British citizen who allegedly took part in computer attacks, including the...
CyberScoop
Former Marine, cyber exec Nate Fick selected as State's inaugural cyber ambassador
Also an author, Fick spoke at the 2008 Democratic National Convention.
SecurityWeek
Biden Administration Names a Director of the New AI Safety Institute
Elizabeth Kelly was named as the director of the newly established safety institute for artificial intelligence (AI).
PCMag
Hacker Compromises SEC's Twitter Account to Promote Bitcoin ETFs
Securities and Exchange Commission Chair Gary Gensler was forced to use his personal Twitter account to say that @SECGov had been compromised and was tweeting false information.
CyberNews
The White House seeks $10.9 billion in cybersecurity funding | CyberNews
President Joe Biden’s $5.8 trillion budget plan for 2023 requests $10.9 billion for civilian cybersecurity funding – an 11% increase from last year’s proposal.
Infosecurity News
Twitter Hacker Admits Guilt in New York Court, Extradited from Spain
O'Connor faces charges of computer intrusion, extortion, stalking, wire fraud and money laundering
CyberScoop
State Department cyber strategy emphasizes proactively hunting for threats
The State Department Bureau of Intelligence and Research released a cybersecurity strategy to create a more proactive culture when it comes to finding and fixing vulnerabilities.
The Record
Bipartisan bill would update federal cybersecurity rules, responsibilities
The leaders of the House Oversight Committee on Tuesday introduced legislation meant to revamp federal cybersecurity rules and clarify roles and responsibilities of top officials.
CyberSecurity Dive
White House takes on cyber workforce gap through 120-day apprenticeship sprint
A cyber workforce and education summit at the White House Tuesday was designed to address the long-standing shortage of qualified and diverse candidates for security operations teams.
CyberScoop
Former Mandiant exec tapped to run CTIIC, ODNI's cyber threat intelligence center
Laura Galante comes to the role after several years of running her own cybersecurity firm. The Ukrainian government was one of her clients.
The Record
Senate committee advances Fick nomination as State Department’s top cyber diplomat
The Senate Foreign Relations Committee on Wednesday advanced President Joe Biden’s pick to be the country’s first cyber ambassador in a bipartisan voice vote.
HACKRead
Dutch Man Deployed Stuxnet via Water Pump to Disable Iran's Nukes
Investigative journalist Huib Modderkolk from Dutch national newspaper De Volkskrant uncovered that 36-year-old Dutch civil engineer Erik van Sabben played a ‘crucial role’ in a 2007 mission supported by the US and Israel. He was instrumental in deploying the advanced Stuxnet virus to sabotage an Iranian nuclear complex.
The Record
Five Eyes intelligence chiefs warn of ‘sharp rise’ in commercial espionage
Speaking on the same stage for the first time, the agency heads presented five principles they wanted businesses to adopt to keep staff and information secure.
SecurityWeek
Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials
CISA's Cait Conley will coordinate with federal, state and local officials responsible for election security ahead of the 2024 presidential election.
Bleeping Computer
Hacker ‘PlugwalkJoe’ pleads guilty to 2020 Twitter breach
Joseph James O'Connor, aka 'PlugwalkJoke,' has pleaded guilty to multiple cybercrime offenses, including SIM swapping attacks, cyberstalking, computer hacking, and hijacking high-profile accounts on Twitter and TikTok.
Cyber Security News
Adobe Co-Founder And The Innovator Of PDF Files Passes At 82
Dr. John Warnock, co-founder of Adobe and creator of the PDF, passes away at age 82. The reason for death wasn't disclosed.
The Record
Haines names policy veteran as intel community’s new CIO
Director of National Intelligence Avril Haines on Monday announced a longtime cyber policy expert as the clandestine community’s new chief information officer.
ZDNet
CISA: Federal agencies must immediately mitigate Log4J vulnerabilities | ZDNet
CISA had previously given civilian federal agencies until December 24 to apply any patches.
Latest Hacking News
Twitter Hacker Sentenced: A look into the 2020 Twitter Crypto Scam
Twitter hacker sentenced in a landmark ruling, the mastermind behind the infamous 2020 Twitter Crypto Scam. This case has sent shockwaves through the cybersecurity and social media worlds, highlighting the vulnerabilities even within major tech
HACKRead
X Account of Google Cybersecurity Firm Mandiant Hacked in Crypto Scam
The attacker utilized the compromised Mandiant account to promote a cryptocurrency scam by posing as the Phantom crypto wallet and luring users with a fake airdrop.
SecurityWeek
Ex-Security Chief Accuses Twitter of Hiding Major Flaws
Twitter misled users and federal regulators about glaring weaknesses in its ability to protect personal data, the platform's former security chief claimed in whistleblower testimony.
The Record
Court upholds FCC right to ban tech from Chinese-owned telecom companies
The Federal Communications Commission (FCC) acted within its authority when it banned video surveillance products made by two Chinese-owned companies, a federal appeals court said in a Tuesday decision.
The Record
DoD official: Keeping Cyber Command, NSA leadership together will be 'looked at'
A senior Pentagon official on Thursday said the Biden administration will review the joint leadership structure that has long governed U.S. Cyber Command and the National Security Agency.
Bleeping Computer
Bing Chat has a secret ‘Celebrity’ mode to impersonate celebrities
A secret Bing Chat 'Celebrity' mode allows users to instruct the AI to impersonate celebrities, answering questions and talking like the person it imitates.
The Record
Chinese gov’t hackers exploiting new Atlassian vulnerability, Microsoft says
Microsoft warned that nation-state hackers are actively exploiting a recently-patched vulnerability affecting Atlassian's Confluence product.
CyberScoop
Ukraine, looking to fortify itself against Russian attacks, admitted to NATO cyber center - CyberScoop
NATO nations voted unanimously on Friday to admit Ukraine to their Cooperative Cyber Defence Centre of Excellence (CCDCOE), a development which experts said will help Ukraine fight off mounting cyberthreats from Russia. The CCDCOE is a NATO-accredited cyber knowledge hub, research institution and training and exercise facility. “They’re one of the leading if not the leading institution for thinking about cyber warfare,” said James Lewis, director of the strategic technologies program at the Center for Strategic and International Studies, a Washington think tank. Lewis said the decision to include Ukraine in the CCDCOE will have an immediate impact on its ability to fend off Russian cyberattacks. The center is based in Tallinn, Estonia and is a legacy of the Estonian government’s experience as the target of devastating cyberattacks in 2007. Russia denied being the culprit in those attacks — which disabled everything from cash machines to media outlets — but […]
The Hacker News
Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison
23-year-old mastermind behind the Twitter 2020 hack, which compromised 130 high-profile accounts (including those of Bill Gates and Elon Musk).
PCMag
Senator: US Continues to Mine AT&T Phone Records Via Surveillance Program
Senator Ron Wyden says he has 'serious concerns about the legality' of a US surveillance program that's been used to search domestic phone records, often without a warrant.
DarkReading
Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip
Lazarus continues to expand an aggressive, ongoing spy campaign, using fake Coinbase job openings to lure in victims.
SecurityWeek
Peiter 'Mudge' Zatko: The Wild Card in Musk's Clash With Twitter
Former Twitter security chief Peiter "Mudge" Zatko is a wild card in Elon Musk's legal gambit to break a $44 billion deal to buy the social network.
CyberScoop
State to gain more ability to monitor DOD cyber ops under White House agreement
The White House has reached consensus with the State and Defense Departments on how to pare back NSPM-13's precedent-setting delegation of authority to the DOD.
Bleeping Computer
FTC: ISPs collect and monetize far more user data than you’d think
The Federal Trade Commission (FTC) found that six largest internet service providers (ISPs) in the U.S. collect and share customers' personal data without providing them with info on how it's used or meaningful ways to control this process.
DarkReading
Mandiant's X (Twitter) Account Hacked to Promote Crypto Scam
The hours-long breach — since resolved — directed users to a suspicious website as attackers posing as crypto-wallet service Phantom took over the feed of the Google subsidiary.
CyberNews
Mark Zuckerberg trashes Grok in hyperrealistic deepfake
The deepfake of Mark Zuckerberg is just one of several published online by an AI startup bent on making video cameras a thing of the past.
ThreatPost
Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast
It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck.
Security Affairs
Twitter hacker sentenced to five years in prison for cybercrime offenses
A U.K. citizen, who was involved in the attack on Twitter in 2020, was sentenced to five years in prison for cybercrime offenses. Joseph James O’Connor, aka PlugwalkJoe (24), the hacker who was involved in the attacks on Twitter in 2020, was sentenced to five years in prison for cybercrime offenses. On November 2021, the […]
The Record
Experts warn of hacker claiming access to 50 U.S. companies through breached MSP
Experts have raised alarms about a post on a hacker forum by someone claiming to have access to 50 different U.S. companies through an unknown managed service provider.
Cyber Security News
Twitter Engineers Can Tweet as any Account Using 'GodMode' Claims Whistleblower
According to The Washington Post, a new Twitter whistleblower has come forward, confirming the alarming evidence from last year regarding the dismal status of the company's privacy protections.
CyberScoop
The Pentagon may require vendors certify their software is free of known flaws. Experts are split.
The debate is over whether the provision is unrealistic or if it's a game changing move to cut down on software vulnerabilities.
Computerworld
DOJ reverses itself, says good-faith security researchers should be left alone
The US Department of Justice last week reversed its own policy, telling prosecutors not to prosecute anyone who has engaged in “good-faith security research.”
CyberSecurity Dive
Experts warn against ransomware complacency
Despite reports of fewer ransomware-related cyber insurance claims and decelerating premiums in 2022, experts say the threat is still serious and evolving.
CyberScoop
Biden set to approve expansive authorities for Pentagon to carry out cyber operations
The State Department fought hard to win back the cyber authorities that it lost under the Trump administration but did not prevail.
The Record
Review of NSA, Cyber Command leadership structure ends without official recommendation
The Biden administration’s evaluation of the leadership structure ruling U.S. Cyber Command and the National Security Agency finished late last month and did not make a formal recommendation about whether or not to end the long-standing arrangement, three sources familiar with the review told The Record.
SecurityWeek
'Tape or Chewing Gum:' Twitter's Lapses Echo Worldwide
A recent report from Twitter’s former head of security alleges that the social media company has been negligently lax on cybersecurity and privacy
The Hacker News
Does Your Help Desk Know Who's Calling?
Hackers are getting smarter, and vishing attacks are becoming more convincing. Don't let your company be the next victim.
SecurityWeek
US Says It Disrupted a China Cyber Threat, but Warns Hackers Could Still Wreak Havoc for Americans
Chinese government hackers are busy targeting critical infrastructure inside the United States, FBI Director Chris Wray told House lawmakers
CyberScoop
Campaigns and political parties are in the crosshairs of election meddlers
Attacks on elections have become more multifaceted over the past decade, but fears of a hacked election — real or perceived — remain one of the biggest threats.
ZDNet
White House creates board to review cybersecurity incidents, members to start with Log4J | ZDNet
The White House and Department of Homeland Security announced the creation of a 15-person Cyber Safety Review Board.
Naked Security
UK hacker busted in Spain gets 5 years over Twitter hack and more
Not just that infamous Twitter hack, but SIM-swapping, stalking and swatting too…
The Record
White House: U.S. agencies have 90 days to create inventory of all software
The White House told agencies this week that they have 90 days to create a full inventory of the products they use.
CSO
A year later, Biden’s cybersecurity executive order driving positive change
Notable experts say the cybersecurity executive order has improved the nation's security posture, but more work is to be done.
The Record
CISA panel pitches idea of a National Cybersecurity Alert System
Without specifying what such a system would look like or how it would behave, members of the Cybersecurity Advisory Committee said the federal government should work toward "the 24/7 consideration and provisioning of cyber alerts."
CSO
CISA launches incident, ransomware reporting rulemaking RFI
The U.S. Cybersecurity and Infrastructure Security Agency seeks input on a common set of cybersecurity incident reporting regulations.
The Cyber Express
Decoding Hackers in 2023: The Year’s Most Disruptive Cybercriminals and Cybercrime Syndicates
The year 2023 witnessed a surge in high-profile cyberattacks, leaving organizations shattered and the world in chaos. This digital turmoil
The Record
New review will examine NSA and Cyber Command’s ‘dual hat’ structure
Former Joint Chiefs of Staff chairman Joseph F. Dunford Jr. has been tapped by the Biden administration to guide a review of the leadership arrangement governing U.S. Cyber Command and the National Security Agency, an examination that could trigger lasting ramifications for the country’s digital and intelligence operations.
CyberScoop
DHS plans to overhaul disinformation efforts to 'increase trust with the public'
Disinformation scholars worry that a formal government apparatus to label and quash disinformation could be manipulated by partisan politics.
CyberScoop
Commerce lacks intelligence resources to keep U.S. tech from fueling Chinese cyberthreat, experts warn
The Bureau of Industry and Security has come under fire for approving the vast majority of technology export licenses to China.
CSO
NIST seeks information on updating its Cybersecurity Framework
Security community welcomes the update, but a U.S. GAO report cites slow adoption among government.
The Record
Tech industry leaders and White House clash over plan for improved cloud security
A presidential advisory panel produced a report criticizing the Biden administration's push for Know Your Customer rules for cloud computing providers. The White House is sticking with the plan.
The Record
Why experts have hope in the federal privacy bill – even if it doesn't pass
The American Data Privacy and Protection Act has bipartisan support that could transcend this year.
CyberScoop
Ex-CISA chief Krebs advocates for standalone cyber agency. Experts say that's impractical.
Former cybersecurity officials said CISA would be less effective if it lost the clout that it gets from being housed inside DHS.
The Record
An inside look at how CISA is building an agency for elite cybersecurity talent
An interview with Kiersten Todt, Chief of Staff at the Cybersecurity and Infrastructure Security Agency.
Computerworld
The fax is still king in healthcare — and it’s not going away anytime soon
Fax machines and servers may be old tech, but they're trusted. And, until someone comes up with a more secure and prolific method for transmitting patient information and prescription requests, the aging systems aren't going anywhere.
Ars Technica
The mystery of China’s sudden warnings about US hackers
China has recently begun saber-rattling about American cyberespionage.
The Record
Ransomware experts laud Hive takedown but question impact without arrests
Ransomware experts lauded the DOJ's takedown of Hive but questioned how effective it will be without corresponding arrests.
The Record
Meta lawsuit against the FTC could put a leash on the agency's regulatory powers
Meta and the FTC are locked in a battle over the consumer protection agency's use of an internal administrative court. What's at stake, former high-ranking officials say, is the FTC's ability to continue to protect Americans from privacy violations, fraud and more.
SecurityWeek
Whistleblowers: Should CISOs Consider Them a Friend or Foe?
Are whistleblowers a danger to corporate brand image, and an insider threat? Or can they be used to strengthen cybersecurity and compliance?
ThreatPost
5 Cybersecurity Trends to Watch in 2022
Here’s what cybersecurity watchers want infosec pros to know heading into 2022.
The Record
With car privacy concerns rising, automakers may be on road to regulation
Even if consumers don’t sync their phones to the infotainment system, the myriad sensors and geolocation capabilities in connected vehicles reveal a great deal, including to police who can warrantlessly extract it.
The Record
Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles'
Participants in high-profile wargames "react in very unusual ways to cyber operations," the Hoover Institution's Jacquelyn Schneider tells the Click Here podcast team.
The Record
In touch with Reality Winner
Reality Winner used to go to work everyday in something called a SCIF, or Sensitive Compartmented Information Facility. The routine was always the same: she would check her phone at the door, swipe a badge, slide through a metal detector, and settle into an area that was built specifically so sound could neither come in nor go out.
DataBreaches
The Secret IRS Files: Trove of Never-Before-Seen Records Reveal How the Wealthiest Avoid Income Tax
This story was originally published by ProPublica and is reproduced with permission. While many are focused on the societal implications, remember that this...