On October 12 last year, Mumbai plunged into darkness as the electric grid supply to the city failed. Trains, stock markets and hospitals battling the pandemic stopped functioning. Just recently, a study by Massachusetts-based Recorded Future, a firm that specialises in studying the use of the internet by states, said that the Mumbai power outage could have been a cyberattack aimed at critical infrastructure and was probably intended as a message from China. It was carried out by the state-sponsored group Red Echo, which has close ties to the Peoples Liberation Army (PLA) and has fronted many of the recent cyberattacks by China. As Recorded Future had no access to Indian power grids and could not study the malicious code, they didnt have a definite answer but they did inform Indian agencies of the discovery of malware in the system.

Indias power minister denied reports that a cyberattack was the cause of the power failure, although Maharashtras power minister informed the state assembly on the same day that the Mumbai Cyber Police investigation had suggested a possible cyberattack with an intent to disrupt power supply. As recently as in February, the Centres nodal agency National Critical Information Infrastructure Protection Centre (NCIIPC) had reported concerted attempts by Red Echo to hack the critical grid network. Another government agency, CERT-In, is reported to have detected the ShadowPad malware in one of the largest supply chain attacks a month after the Mumbai outage. Many of the suspected IP addresses identified by NCIIPC and CERT-In were the same and most have been blocked in time. What remains to be seen is if there is conclusive proof of Chinese involvement in such surreptitious attacks through proxies, although spoofing often saves the actual perpetrator from identification. The Chinese focus in the past was stealing information and not projecting power, but the situation with India might be different.

Critical infrastructure has become increasingly vulnerable to cyberattacks. The power grid ecosystem is a major target of such attempts. Analysing the general techniques used by state-sponsored hacker groups, a trend of multi-stage attacks has been observed. In recent attacks on global power grids, the attacker targeted the enterprise network of the power company and then gradually climbed into the control systems network, which is responsible for managing, generating and distributing power. As many of these critical infrastructures were never designed keeping security in mind and always focused on productivity and reliability, their vulnerability is more evident today. With devices getting more interconnected and dependent on the internet facilitating remote access during a pandemic, the security of cyber-physical systems has, indeed, become a major challenge for utility companies.

For more than a decade, there have been concerns about critical information infrastructure protection (CIIP). In January 2014, the NCIIPC) was notified to be the national nodal agency for CIIP and over these years has been working closely with the various agencies. In January 2019, the government also announced a National Mission on Interdisciplinary Cyber-Physical Systems (NM-ICPS), with a budget of Rs 3,660 crore for the next five years, to strengthen the sector. However, most ministries and departments need better budget allocations for cyber security as well as a more robust infrastructure, processes and audit system. The Industrial Cybersecurity Standards (IEC62443) aimed at providing a flexible framework to address and mitigate current and future security in industrial automation and control systems, launched by the Bureau of Indian Standards (BIS), has to be adopted soon. For the power sector, a strong regulation on the lines of the North American Electric Reliability Critical Infrastructure Protection (NERC) policy could serve as a guide so that the public and private sector utility companies in India harden and secure their operational technology (OT) networks.

Clearly, the incident is a wake-up call for better preparedness in terms of a more robust cyber security ecosystem in place. The new cyber security policy awaiting imminent announcement will hopefully cater to that. So far, India has done well to protect critical networks like the sensitive Aadhaar ecosystem, the income tax department and the core banking systems. The road ahead will be tougher as far as cyber networks are concerned. Only the fittest and most vigilant will survive.

This article first appeared in the print edition on March 10, 2021 under the title Firewalling the grid. Subimal Bhattacharjee is a cybersecurity policy expert; Biprotosh Bhattacharjee is an industrial cybersecurity researcher and leads Global Cyber Defence Centre at LMNTRIX

More:
Can we keep hackers from shorting the grid? - The Indian Express

Securing the U.S. Industrial Base: Economic Security is a Matter of 21st Century National Security. This was the topic of a joint panel discussion by The American Legions Veterans Education & Employment Commission and the National Security Commission March 1 during the Legions annual Washington Conference, held virtually this year due to the pandemic.

Moderator John Berry, a former U.S. Ambassador to Australia and the current president of The American & Australia Association, started the discussion by asking panelists for their thoughts on what actions can be taken to strengthen national security. In relation to this, he mentioned two executive orders that President Biden signed on buying American products and securing America's supply chain; both executive orders call for a 100-day study and a one-year review for all agencies to build a resilience of U.S. supply chains that will protect the United States from facing shortages of critical products.

Thomas Pickering, former U.S. Ambassador to the United Nations among many other diplomatic appointments, opened as the first panelist to address Berrys question.

R&D (research and development) is at the heart of our technological development, Pickering said. And our technological development is the heart of providing us with the goods and services that are very, very important in our strategic economy. How do we support the war fighter, how do we support our national security objectives, whether its in space, in the air, on the land, or on the sea? These are all valuable and significant imports. We need to stay on top of the development of that part of our economy. It is in that sense very valuable and very important that we have in effect a government-private sector partnership that works there, in many cases informally, but in most cases complementary. Our competition in this area is great; and it is increasing.

And both China and the European Union are also major spenders on the question of research and development. We need to be acutely conscious of that competition. And acutely concerned in my humble view about the necessity to remain on top and stay there in terms of those essential technologies.

Brad Markell, executive director of the AFL-CIO Working for America Institute, added that the United States in many areas still has the best R&D in the world. And our competitive advantage with respect to our defense posture, with respect to our industrial competitiveness can key off of that R&D batteries for grid security and for electric vehicles. We have the best research, we can make sure through the right policies that we create jobs here. We cant make everything here, but I think we need to tighten up quite a bit how were thinking about the make-buy decisions, where we really want to work with our allies, how do we make sure that we have the technology.

Its working with our allies and the private sector that Dr. Joshua Walker, president and CEO of Japan Society, believes is needed to succeed in securing our economic security.

When I look at Asia, its clear that the U.S. and China are on a collision course, Walker said. And heres the bottom line, we cant win this competition with just government its going to take the private sector. When I think about the largest area of competition, its not necessarily in the military domain. Its going to be the internet hacking, its going to be used in a way that our tech companies are going to have to step up.

As we build back stronger and as we think about our economic security, how are we preparing for the next pandemic. This pandemic has made it brutally clear that we cant do this with just one person I believe that we need to bring in our Japanese, our other counterparts across Europe and Asia, if we are going to be able to succeed in securing our economic security.

Walker provided a positive example of working with our allies.

The Japan Society is an American organization that tries to focus on how countries like the U.S. and Japan, that had such a troubled past, can now be allies, Walker said. His grandfathers from both sides of his family fought in World War II and now a story that we cannot forget is how in 75 years my grandfathers could go from mortal enemies of the Japanese to my parents who serve as Southern Baptist missionaries there, to their grandson and son being the president of the Japan Society.

The national security issue behind organized labor is a statistic that Richard Passarelli, Utility Workers Union of America (UWUA) Director of Veterans Affairs, shared during the discussion. He said that between seven and 10 years from now around 50 percent of membership in organized labor across the country will be eligible for retirement. Passarelli said they are working on programs to capture that intrinsic value (that will be lost from those retiring) to be able to pass this on so we can focus on infrastructure, the grid, our cyber security teams that we have.

To help fill the gap that will be faced in organized labor, Passarelli said licensing and credentialing is important to UWUA, getting credit for veterans who are serving in a capacity to date in the military, and transitioning those skillsets directly into what our employer needs are. Another big part is trying to find what those gaps are within the industry so we can work on filling those gaps and work with our partners at the Department of Defense to hone those skills when folks are transitioning out to get veterans employed in these companies.

Strength in the 21st Century

Another question posed by Berry was how the United States remains strong while retaining leadership in the 21st century.

Passarelli said it will be through investing in research and development. He provided the example that California is moving toward no fossil fuel within the next couple of years. Those jobs that we believe will be lost due to fossil fuels going away we believe that research and development in the American people is one of the keys for us trying to change what would be doom and gloom of losing jobs, especially in the organized labor side of the house for renewable energies, into positives by pouring a lot of money, time and effort into research and development on hydro, solar, wind energy projects, he said.

Walker said the question is how do we turn technology into an asset for us. How do we address the issues that matter to the American people, how do we make sure we have good jobs. How do we make sure those jobs continue to take place in America if those jobs are being transformed by technology to equip our workforce. We have to make sure that everybody is trained to be able to compete in a world in which a lot of other countries have gotten ahead start on us.

Energy Security and Cyber Security

The ability to remain strong ties in with maintaining our energy security, and possible cyber-attacks on our grid or health-care system.

Markell took on the energy security topic. "The energy independence that we have achieved over the past 12 years is itself due to an R&D and tech investment made by the government," he said. "We need to figure out how to use that fossil resource that we have that is less polluting, in a way that leads to hydrogen, leads to carbon capture. And in the end, energy is a big strategic deal. We have to secure our energy supply and our energy future as we reduce our emissions. Because if we dont reduce our emissions, than we all have serious problems the military has done an outstanding job with laying out what the potential threat is from climate change in terms of our security posture.

For cyber-security, Passarelli said its working with utility employers and encouraging them to utilize military veterans. We believe we have the brightest military folks that are transitioning out to date that will make a major impact on grid security.

Passarelli said UWUA is also working with veteran-owned businesses focused on cyber security. But a problem that we are running into is that while supply chains for utility companies across the country are prevalent, our veterans that are trying to get into those supply chains to bid for some of that work have a lot of obstacles in front of them. UWUA is working on this obstacle by creating education components for veteran and service-disabled veteran-owned businesses on how to get access to the supply chain in bidding for some of those contracts.

Security of the United States

Berry concluded the panel discussion with thoughts from the panelists on what is the best base for the security of the United States.

A strong economy, a strong technical advantage, and understanding our position of leadership in the world, Markell said. We are going to have to pay a lot of attention to really understanding where the competition is, where the technology is, and how were investing investment in R&D, economic strength is the key to the whole thing.

Walker added that we are an immigrant nation that embraces that greatness, not just on behalf of ourselves but for that next generation to come. I really do think that we have to find ways of making ourselves stronger together, while remaining true to our core. I believe you cant do that without having a strong economy, you cant do that without leading in innovation we need to invest in ourselves, we need to really look and find that inner strength."

Originally posted here:
A discussion on the security of the United States - The American Legion

BOSTON (SHNS) The states cybersecurity chief warned municipal leaders of a high-risk threat to a common email system over the weekend as federal officials urge businesses and governments to protect themselves against what the White House said is a significant vulnerability that could have far-reaching impacts.

Secretary of Technology Services and Security Curt Wood sent an alert to local leaders Saturday to make sure cities and towns in Massachusetts that use an on-site Microsoft Exchange serverwere awarethat state-sponsored hackers from China have been able to infiltrate the servers to steal emails, address books and other information.

You should take immediate and appropriate action to protect your environment, Wood wrote, directing local leaders toa bulletinpublished by the Multi-State Information Sharing and Analysis Center and anemergency directivefrom the U.S. Cybersecurity and Infrastructure Security Agency.

White House spokeswoman Jen Psaki said Friday the Microsoft breach is an active threat and that the Biden administration is concerned that there are a large number of victims. Independent cybersecurity journalist Brian Krebsreported Fridaythat the hack had affected [a]t least 30,000 organizations across the United States including a significant number of small businesses, towns, cities and local governments.

The Executive Office of Technology Services and Security was not able to provide updated information Monday morning, and the Massachusetts Municipal Association was not immediately available to discuss the potential impact on cities and towns in Massachusetts.

Microsofts Threat Intelligence Center said the group behind the hack is HAFNIUM, a state-sponsored cyber unit that the company said primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.

Cybersecurity has been a point of increasing emphasis for state and municipal officials in recent years because of the widespread shift to doing business over the internet and incidents in which cybercriminals have sought to extort cities and towns by inappropriately gaining access to municipal files, like the 2019 ransomware attack onNew Bedford.

Gov. Charlie Baker pushed information technology and cybersecurity closer to the forefront of state government in recent years by creating the Cabinet-level Executive Office of Technology Services and Security in 2017 and pushing for the creation of the MassCyberCenter in 2018 to bolster the states cybersecurity readiness and to promote the cybersecurity economy.

Last fall, as hospitals were shoring up their cyberdefenses to protect themselves against a wave of ransomware attacks on health care facilities, Baker highlighted ransomware attacks in which hackers gain access to important information and hold it ransom from the rightful owners as a persistent threat to municipalities. The MassCyberCenter works with communities to provide assistance in developing or reviewing cyber incident response plans.

Cybercrime is also a threat to individuals. Review site Safety.com said last year that Massachusetts ranked 10th among states in terms of the financial impact of cyber incidents. Using data from the 2019 FBI Internet Crime Report, the site found that Massachusetts residents lost almost $84.2 million to cybercriminals in 2019 and that the average loss of $12,966 per victim was the fourth highest in the nation.

Late last year, Wood and EOTSS dealt with theSolarWinds hack, which federal officials said posed a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations. Wood said at the time that there were no signs that state government systems had been compromised.

In 2019, Wood told lawmakers that the states computer network is probed more than half a billion times each and every day by entities outside the United States looking for a weak spot in the states cyber protections that could allow bad actors to infiltrate the states information technology infrastructure.

Every day, we have attacks. Just to give you a frame of reference, we have implemented new technology in the state where we are kind of able to analyze everything that comes into the state network and I will say as of today on a daily basis we receive about 525 million probes a day from foreign soil, Wood said in September 2019. Theyre pinging our network, theyre scanning our commonwealth network trying to find a vulnerability.

Follow this link:
Cities, towns warned of potential server infiltration - WWLP.com

By the CyberWire staff

Representatives from SolarWinds, Microsoft, FireEye, and CrowdStrike testified before the US Senate Select Committee on Intelligenceregarding the Solorigate cyberespionage campaign. According to the Wall Street Journal, SolarWinds CEO Sudhakar Ramakrishna emphasized that the compromise of the company's Orion product was only one aspect of a wide-ranging campaign, and said SolarWinds is still investigating how the attackers gained initial access to its servers.

Microsoft president Brad Smith said there should be an investigation into other companies that may have been used as initial access vectors, stating, "There may be other brand-name players that may have been penetrated that not have been as forthcomingleaving policy makers and potentially customers in the dark."

CrowdStrike CEO George Kurtz blamed Microsoft's "antiquated" architecture for the failed attack against CrowdStrike. Seeking Alpha quotes Kurtz as saying, "The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network. Should Microsoft address the authentication architecture limitations around Active Directory and Azure Active Directory, or shift to a different methodology entirely, a considerable threat vector would be completely eliminated from one of the worlds most widely used authentication platforms."

FireEye CEO Kevin Mandia said most of the victims targeted in the campaign "were government, consulting, technology, and telecommunications entities in North America."

Amazon was invited to the hearing but declined to attend, stating that it wasn't affected by the hack, according to Business Insider. Amazon Web Services' vice president of public policy Shannon Kellogg stated in a letter, "AWS does not use the SolarWinds Orion software and our services were not compromised in any way, which is why we did not provide formal testimony on the panel yesterday. However, we look forward to continuing our ongoing engagement with you and your committee on cyber security issues. When we learned of SolarWinds, we immediately investigated, ensured we werent affected, and provided mitigation measures to help our customers who were. We promptly shared what we learned with the FBI. Weve also provided detailed briefings to government officials, including Members of Congress and, specifically, to your committee."

Senator Susan Collins (Republican of Maine) said the Committee should "should look at next steps" if Amazon declines to participate in the future.

Are you interested in the security of space and communications?

If so, take a look at the Cosmic AES Signals & Space, where aerospace meets outer space. This monthly briefing on the cyber security of the space and SIGINT sectors covers technology, policy, market news and more. Our new issue comes out on Monday, March 1, 2021.

Cloud solutions provider Accellion has sustained a data breach that's affected dozens of the company's clients, including Kroger, Singtel, Reserve Bank of New Zealand, theAustralian Securities and Investments Commission (ASIC), the Office of the Washington State Auditor, and the University of Colorado. BleepingComputer reports that the breach was carried out by the Clop ransomware gang and the FIN11 threat actor, but the attackers didn't deploy their ransomware and instead simply threatened to release the stolen data. The attackers exploited zero-day vulnerabilities in Accellion's legacy File Transfer Appliance (FTA) product, which have since been patched. The vulnerabilities involved are tracked as CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, and CVE-2021-27104. Accellion stated, "Out of approximately 300 total FTA clients, fewer than 100 were victims of the attack. Within this group, fewer than 25 appear to have suffered significant data theft."

FireEye's Mandiant unit investigated the attack and says the attackers, which Mandiant tracks as UNC2546, installed a web shell dubbed "DEWMODE" to exfiltrate the data. FireEye states, "Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellions legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations that had been impacted by UNC2546 in the prior month began receiving extortion emails from actors threatening to publish stolen data on the CL0P^_- LEAKS" .onion website. Some of the published victim data appears to have been stolen using the DEWMODE web shell."

The company adds, "We are currently tracking the exploitation of the zero-day Accellion FTA vulnerabilities and data theft from companies running the legacy FTA product as UNC2546, and the subsequent extortion activity as UNC2582. We have identified overlaps between UNC2582, UNC2546, and prior FIN11 operations, and we will continue to evaluate the relationships between these clusters of activity."

Canadian jet manufacturer Bombardier disclosed on Tuesday that it was affected by the breach, stating, "Forensic analysis revealed that personal and other confidential information relating to employees, customers and suppliers was compromised. Approximately 130 employees located in Costa Rica were impacted. Bombardier has been proactively contacting customers and other external stakeholders whose data was potentially compromised." ZDNet says some of the company's data has been posted, including "design documents for various Bombardier airplanes and plane parts."

Ajoint advisoryfrom authorities in Australia, New Zealand, Singapore, the UK, and the US outlines the risks of the Accellion FTA compromise and recommends risk mitigation measures. The advisory states, "This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the United Kingdom, and the United States. Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors."

The alert, which is hosted on CISA's site, recommends that FTA users temporarily block internet access to and from any systems that host the software, check for evidence of malicious activity and especially for the indicators of compromise included in the alert, consider auditing FTA user accounts for unauthorized changes, reset security tokens on the system and upgrade to the latest version of the Accellion product.

For more, see the CyberWire ProPrivacy Briefing.

Oh, and did we mention that we have great deals on CyberWire Pro for your entire enterprise too?

From front-line staff to the Board room, making your entire staff more situationally aware makes them more prepared to tackle their roles. Be the office hero and keep your staff informed with CyberWire Pro for your enterprise. Find out more.

Researchers at Red Canary, with help from Malwarebytes and VMware Carbon Black,uncovereda malware downloader dubbed "Silver Sparrow" that's designed to run on Apple's new M1 chips.Accordingto Malwarebytes, the malware has been detected on just under 40,000 Macs, although its purpose is unclear since it currently lacks a payload. The researchers also aren't sure how the malware is delivered. Red Canary's researchers say they "suspect that malicious search engine results direct victims to download the PKGs based on network connections from a victims browser shortly before download. In this case we cant be certain because we dont have the visibility to determine exactly what caused the download."

Red Canary concludes, "[T]he ultimate goal of this malware is a mystery. We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution....Finally, the purpose of the Mach-O binary included inside the PKG files is also a mystery. Based on the data from script execution, the binary would only run if a victim intentionally sought it out and launched it. The messages we observed of 'Hello, World!' or 'You did it!' could indicate the threat is under development in a proof-of-concept stage or that the adversary just needed an application bundle to make the package look legitimate."

AppleInsiderreportsthat Apple has revoked the developer certificates used by Silver Sparrow's author, which will prevent new infections.

For more, see the CyberWire ProResearch Briefing.

Want to get your message to leaders in cyber?

Security leaders across the globe trust the CyberWire and depend on us every day to deliver the news and analysis they need to do their jobs. Thats also why so many top security companies and hot startups trust us to help get the word out about their brand and fill their sales funnels. We have lots of great sponsorship opportunities that can help you get the word out too. Learn more at thecyberwire.com/sponsorship.

SecurityWeekreportsthat Twitter has taken down three sets of coordinated, inauthentic accounts that separately pushed narratives in the service of Iranian, Armenian, and Russian interest. Twittercharacterizedthe takedowns as "disclosing networks of state-linked information operations."

The Iranian influence operation was principally interested in issues surrounding the US Presidential election. Based on tips Twitter began receiving from the US FBI in October, the platform "suspended a total of 238 accounts operating from Iran for various violations of our platform manipulation policies.As previously stated,the accounts had low engagement and did not make an impact on the public conversation. Today, were adding these accounts to the archive to empower independent research and analysis."

Thirty-five accounts linked to the government of Armenia were also suspended. Those had a more narrowly regional interest, and pretended to represent political figures and government officials in neighboring Azerbaijan. Some of them also misrepresented themselves as Azerbaijan news agencies. These, too, Twitter took down for violation of itsplatform manipulation policy. (As a bonus, these bogus accounts also "engaged in spammy activity to gain followers and further amplify this narrative" unfavorable to Armenia's rival, Azerbaijan.)

Finally, Twitter took down two distinct networks run by Russian operators. Sixty-nine fake accounts were "reliably tied to Russian state actors." This crew had two interests: boosting the Russian government and undermining confidence in NATO. The second takedown addressed thirty-one accounts from two distinct networks that were assessed as being run by the Internet Research Agency, a notorious troll farm based in St. Petersburg.

For more, see the CyberWire ProDisinformation Briefing.

Students and members of the military, don't be left out of CyberWire Pro! We've got you!

Due to your student or military status (active or reserve military status), you are able to subscribe to CyberWire Pro or CyberWire Pro+ at a significant discount. That means you can unlock access to our focus briefings, exclusive podcasts, quarterly analyst calls, premium articles and much more. To learn more, visithereand click on the Contact Us button in the Academic or Government & Military box.

Sunnyvale, California-based email security firmProofpointwillacquireColorado-headquartered data protection companyInteliSecurefor $62.5 million in cash, with the acquisition expected to close in March 2021. Proofpoint stated, "The acquisition of InteliSecure will add approximately 150 employees to Proofpoints growing global team and will boost Proofpoints ability to support its robust channel partner ecosystems service delivery and increase partners competitiveness by providing processes and experience from working with multiple vendors."

Texas-based cloud identity management companySailPointhasacquiredIntello, an SaaS management startup headquartered in New York City. Intello's CEO and co-founder Barak Kaufman stated, "As part of the SailPoint crew, well help to build the future of identity security, combining Intellos SaaS discovery and insights with SailPoints leading identity security platform."

French IT consulting companyAtoshasacquiredNetherlands-based managed security services providerMotiv ICT Security. Atos stated, "This move reinforces Atoss position as the 3rd worldwide Managed Security Services provider1 by strengthening the Groups local capabilities and bringing its recent investment in the Managed Detection and Response (MDR) platform, AIsaac, to Dutch customers. In addition, Motivs sovereign Security Operations Center (SOC), independently certified at the highest levels of maturity, further expands Atoss extensive network of global SOCs, a pivotal component of the Atos Prescriptive Security approach."

Irish MSP security companyKaseyahasacquiredDallas, Texas-based MDR and SOC providerRocketCyber. Kaseya stated, "RocketCyber will continue to operate as an independent business within Kaseya, led by Banzhof in Dallas, Texas. Kaseyas state-of-the-art SOCs will be located in Dallas, TX, Miami, FL and Dublin, Ireland. Additional integrations across the IT Complete suite are in development between RocketCyber and ID Agent Dark Web ID, IT Glue, Graphus and RapidFire Tools."

More business news can be found in the CyberWire ProBusiness Briefing.

Open-source web browser Brave has patched a privacy bug that was exposing users' browser histories, The Hacker Newsreports. The flaw impacted Braves privacy feature "Privacy Window with Tor," which, by relaying the user request through a network of Tor nodes, was intended to allow users to visit .onion websites without sharing the IP addresses. However, a vulnerability in the browser's CNAME ad blocker was revealing the addresses of the .onion sites to the user's ISP or DNS provider.

The US Justice Department has indicted a Serbian man, Kristijan Krstic, for allegedly running cryptocurrency scams via phony online investment platforms called "Start Options" and "B2G," stating, "In truth, the money sent by investors in Start Options and B2G allegedly was never invested and instead was laundered internationally to a Phillippines-based financial account and digital-currency wallet, and diverted to a U.S.-based promoter of the fraud. Subsequently, as alleged, the promoter transferred to Krstic approximately $7 million in investor funds from B2G and Start Options, and Krstic thereafter stopped responding to all communications and absconded with those investors funds."

A 66-year-old Missouri man has been charged a second time for Internet stalking. The US Attorneys Office for the Western District of Texas states, "Todays indictment charges [Mark Joseph] Uhlenbrock with one count of internet stalking the same victim again.The indictment alleges that from May 2020 to September 2020, Uhlenbrock used the internet to cause substantial emotional distress to a person.The conduct in this indictment occurred while Uhlenbrock was still on supervised release for his first conviction of internet stalking."

US convenience store company Wawa reached a preliminary settlement of $12 million in a class-action lawsuit over its 2019 payment card breach, Law360 reports. The proposed settlement states, "(a) Class members who did not suffer attempted or actual fraud on their payment card are eligible to receive a $5 Wawa gift card; (b) Class members who can provide reasonable proof of an actual or attempted fraudulent charge on their card after a Wawa transaction are eligible to receive a $15 Wawa gift card; and (c) Class members who can provide reasonable documentary proof of money they lost or spent out-of-pocket in connection with an actual or attempted fraudulent transaction on their payment card are eligible to reimbursement of those costs up to $500."

The Wall Street Journal reports that TikTok's corporate parent has reached a settlement in a class action suit alleging misuse of children's and teenagers' personal data. In a settlement filed in the US District Court for the Northern District of Illinois, ByteDance has agreed to pay $95 million to establish a victims' compensation fund in response to class action suits alleging that the company's TikTok social media platform violated user privacy. The Journal quotes a TikTok representative as saying, "While we disagree with the assertions, rather than go through lengthy litigation, we'd like to focus our efforts on building a safe and joyful experience for the TikTok community."

The Consumer Data Protection Act (CDPA) was passed by the Virginia house of representatives and senate last week and is expected to soon be signed into law by the governor, making it the second comprehensive privacy regulation in the US,AdExchanger reports. More stringent than the California Consumer Protection Act (CCPA), the CDPA is an opt-in law and requires clear consumer consent much like the EUs General Data Protection Regulation (GDPR).

Facebook has reversed its decision to block news content for Australian users, the BBC reports. Campbell Brown, Facebook's vice president of global news partnerships, stated, "Going forward, the government has clarified we will retain the ability to decide if news appears on Facebook so that we won't automatically be subject to forced negotiation. We have come to an agreement that will allow us to support the publishers we choose to, including small and local publishers."

The US Department of Homeland SecuritysummarizedSecretary Mayorkas" cybersecurity agenda and upcoming cyber projects, which include international outreach, domestic speaking engagements, raising FEMA grants baseline cybersecurity spend, elevating CISAs "Reduce the Risk of Ransomware" initiative, and promoting the Secret Services ransomware response capabilities. Public-private partnership, workforce development, and infrastructure renovation are additional priorities.

US President Biden signed anExecutive Orderdirecting a comprehensive review of the resilience of American supply chains. The order includes, but isn't limited to, software supply chains.

For more, see the CyberWire ProPolicy Briefing.

See the original post here:
Tech executives testify in Solorigate hearing. Accellion breach updates. Silver Sparrow targets Macs. - The CyberWire