Invasion of Privacy, Anomaly or New Ethical Abnormal Norm?
Recent events threw into stark relief companies’ abilities to invade your privacy with a few lines of code—and outcomes that raise our eyebrows. Tim Hortons Tracked Users 24×7 In the case of Tim Hortons of Canada, the company ran afoul of the Canadian privacy authorities at both the national and ... Read More
Change is Coming to the SEC’s Proposed Infosec Rules
The Security and Exchange Commission (SEC)’s proposed changes could have a substantive impact on how companies describe and project their cybersecurity readiness. This SEC Fact Sheet tells us that the proposed rules are to “enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by public companies.” ... Read More
US Disrupted Russian GRU’s Hydra and Sandworm
The United States has been largely mum on its offensive capabilities when it comes to cybersecurity operations. But recently, the Director of the National Security Agency and Cyber Command, General Nakasone, referenced such capabilities and described how his operational elements were engaged in assisting Ukraine in their cybersecurity defense before ... Read More
Former GE Engineer Convicted of Economic Espionage
On April 1, 2022, the Department of Justice (DoJ) announced the conviction of Xiaoqing Zheng of conspiracy to commit economic espionage following a four-week jury trial. Zheng will be sentenced on August 2, 2022, and faces up to 15 years in prison and a fine of up to $5 million ... Read More
US and EC Forge Trans-Atlantic Data Privacy Framework
On March 25, the White House and the European Commission announced they had agreed to a new Trans-Atlantic Data Privacy Framework which addresses the EU Court of Justice’s concerns. The United States has committed to reform the manner in which it conducts U.S. signals intelligence activities to ensure privacy safeguards ... Read More
Qualcomm: ‘We’d Like Our IP Back, Please’
It was the third week of January 2022 and the offer letter was signed and accepted; Guarav Kathuria was on his way out the door to start the next chapter in his career and closing out his 12-plus years at Qualcomm. Nothing to see here—this scenario happens to thousands of ... Read More
Lichtenstein and Morgan: The Stolen Virtual Currency Laundry
If you’ve been scratching your head while you read about the money laundering escapades of Ilya Lichtenstein and his wife Heather Morgan, let me assure you that you are not alone. The Department of Justice told us that this duo created a “labyrinth of cryptocurrency transactions” in their attempts to ... Read More
Russian Threat Actors Targeting Infrastructure
In January 2022, BlackBerry’s researchers published findings about the Prometheus traffic direction system (TDS) efforts to target U.S. infrastructure through their crimeware-as-a-service (CaaS) offering. The Prometheus effort was originally identified by the Russian entity Group-IB in August 2021. The BlackBerry report goes on to note that “Prometheus can be considered ... Read More
China’s MY2022 App Could Do More Than Trace COVID-19 Exposure
Researchers at The Citizen Lab at the University of Toronto dug into the MY2022 COVID-19 exposure tracing application mandated for use by attendees and participants in the Beijing Winter Olympic Games—and what they found wasn’t pretty. The app is required to be used by any member of the press, athlete ... Read More
Teachable Moment: An Insider Threat on Your Team
No manager or executive wants to receive a phone call informing them that a team member has engaged in suspicious activities that require a security investigation. But that’s just what happened to Code42’s vice president of portfolio strategy and product marketing, Mark Wojtasiak. Code42’s internal instance of its insider risk ... Read More