Weekly News Roundup February 1-5, 2021

As towns and cities across the country and around the world continue to solve for the challenges of remote learning, Microsoft said it has seen a stark increase in the number of Business Email Compromise (BEC) attacks targeting schools. While it’s no surprise that attackers would victimize the most vulnerable, it’s encouraging to see that IBM announced a $3 million grant intended to be used to protect K-12 schools against cyberthreats.

Additionally, comforting is news from TikTok that it will not only continue to remove misinformation when identified but also will prompt new alerts if content contains potentially misleading information. In fact, combating disinformation is a priority for many in both the public and private sectors.

In other news, Reuters reported, “Suspected Chinese hackers exploited a flaw in software made by SolarWinds Corp to help break into U.S. government computers last year, … marking a new twist in a sprawling cybersecurity breach that U.S. lawmakers have labeled a national security emergency.”

Alas, the industry headlines were many, this week. Let’s take a look at some of the top news stories affecting cybersecurity.

Feb. 5: An unauthorized third party reportedly stole source code and customer data from a French cybersecurity company with government agencies among its clients.

Feb. 4: Members of a hacking group known as “OGUsers” were issued a cease and desist letter from Instagram’s parent company Facebook after it discovered the group had been exploiting the site to create usernames with handles of fewer than five letters to be resold in a secondary market, according to Bloomberg.

Feb. 4: President Biden addressed the US Department of State and promised, “the United States rolling over in the face of Russia’s aggressive action … are over,” the Independent reported.

Feb. 4: CyberScoop reported that Chinese diplomats as well as Venezuelan and Pakistani politicians have started to amplify some recent pro-Chinese government tweets from a campaign known as Spamouflage Dragon.

Feb. 4: Canada’s Office of the Privacy Commissioner ruled that the collection of facial-recognition data by New York-based Clearview AI was illegal.

Feb. 3: Joint law enforcement agencies had another successful takedown—this time of “an organized crime group involved in fraud and money laundering,” according to Europol.  

Feb. 2: “The software company SolarWinds unwittingly allowed hackers’ code into thousands of federal computers. A cybersecurity system called in-toto, which the government paid to develop but never required, might have protected against this,” ProPublica reported.

Feb. 2: According to Al Jazeera, Bangladesh purchased Israeli-made spying tools to be added to its arsenal of military intelligence tools despite the fact that trade with Israel is prohibited in Bangladesh.

Feb. 1: “A bipartisan group of senators introduced legislation on Friday aimed at helping domestic violence and stalking victims safely extricate themselves from shared phone plans that could enable their partners to spy on them,” CyberScoop reported.

Feb. 1: After initially denying a compromise, BigNox, an online gaming site in Asia, acknowledged that it had suffered a supply-chain attack that impacted the update mechanism of NoxPlayer, which is part of its product range with more than 150 million global users, We Live Security reported.