Chinese Sponsored OPERATION CUCKOOBEES Active for Many Years Researchers with cybersecurity firm Cybereason briefed the FBI and Justice Department as early as 2019 about Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers (named Winnti or APT41) to steal proprietary information from dozens of global defense, energy, biotech, aerospace and pharmaceutical companies. The companies […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Courts can’t quite figure out how to treat Internet companies. Amazon is an interesting mix. It sells some products itself, it offers other products that are sold and fulfilled by third parties and it does a mix (products sold by third parties but fulfilled by Amazon). I hope Amazon is hiring a lot of lawyers […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Tomorrow is the one-year anniversary of the Colonial Pipeline attack. The government has done more to improve cybersecurity in the last year than it had done in the last 10 years. But there is still a lot more to do. Jury Finds Norton/Lifelock Infringed on Two Columbia University Patents Even in the world of cybersecurity, […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Cars have huge attack surfaces. And getting bigger every year. One source says the average car has 30-50 computers and luxury cars have a hundred (personally, I think that is low). Add to that 60 to 100 sensors. Some cars have a hundred million lines of code in them. How do you make that 100 […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Ukraine Starts Using Clearview Facial Rec to Detect Ruskies Ukraine is using Clearview’s facial recognition tech to identify Russian operatives trying to infiltrate the Ministry of Defense. Clearview has over 2 billion photos scraped from Russia’s social media service VKontakte. They are not sharing with Russia. That likely makes Clearview a high priority hacking target […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Incident and Ransomware Reporting Requirement in Just Passed Spending Bill President Biden signed a bill that requires critical infrastructure operators to report significant cyber incidents to CISA within 72 hours after they reasonably believe an incident has occurred and within 24 hours of making a ransomware payment. The ransomware reporting requirement applies even if it […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
