2025-07-23
Microsoft said previously known Chinese nation-state operations that it tracks as Linen Typhoon and Violet Typhoon — as well as a third, less-known group — were among those exploiting serious bugs in SharePoint server software https://therecord.media/...
Bloomberg
Source: the US National Nuclear Security Administration was among those breached by a hack of SharePoint; no sensitive information is known to be compromised
The US agency responsible for maintaining and designing the nation's cache of nuclear weapons was among those breached by a hack …
Microsoft said previously known Chinese nation-state operations that it tracks as Linen Typhoon and Violet Typhoon — as well as a third, less-known group — were among those exploiting serious bugs in SharePoint server software https://therecord.media/...
BleepingComputer
Microsoft says it “has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon exploiting” the SharePoint zero-day vulnerabilities
He said not as vulnerable as on-prem SharePoint right now. — #nerdromancewithpits @wylienewmark : back in the day, attribution of widespread exploitation of a vulnerability in a ...
2024-06-03
Ben Wiseman, associate director at @FTC, talks about commercial surveillance, connected cars, and the agency's overall approach to regulating what companies collect and share about people. https://therecord.media/...
The Record
Q&A with FTC Privacy and Identity Protection executive Ben Wiseman on proposed commercial surveillance rules, connected car industry's data practices, and more
Suzanne Smalley / The Record : X: @montezumachavez , @mario_gug , @saalevine , and @therecord_media X: Luis Montezuma / @montezumachavez : RFN: What lessons have you learned from ...
2024-04-12
In previous alerts, the company described such incidents as “state-sponsored,” but according to its updated policy, it will now refer to them as “mercenary spyware attacks.” Common sources of spyware include private companies such as NSO Group and Cytrox.
Reuters
Apple changed “state-sponsored” to “mercenary spyware” in threat notifications, a source says after pressure from India for linking breaches to state actors
2024-03-03
In an exclusive interview with @ClickHereShow, FBI Director Christopher Wray talks about Operation Dying Ember, Volt Typhoon, and how his counterterrorism experience influences the fight against cyberthreats.. https://therecord.media/...
The Record
Q&A with FBI Director Christopher Wray on taking down a GRU botnet, Volt Typhoon, critical infrastructure attacks, lessons from surveilling threat actors, more
The Record : X: @therecord_media and @nprdina X: @therecord_media : In an exclusive interview with @ClickHereShow, FBI Director Christopher Wray talks about Operation Dying Ember,...
2024-02-16
The @FTC on Thursday finalized a rule making it easier for the agency to go after con artists who impersonate businesses and government agencies — and said it would consider expanding the rule to individuals who are victims of such scams https://therecord.media/...
Bloomberg
The FTC proposes new rules that would make companies liable if they “know or have reason to know” their AI tech is being used to harmfully impersonate consumers
The US Federal Trade Commission moved to put new rules into place around impersonation, citing the rising threat …
2024-01-31
New Jersey's governor recently signed a robust data privacy law, overcoming considerable pushback from the tech industry. This makes NJ one of eight states to pass comprehensive privacy legislation in the past year. https://therecord.media/...
The Verge
Q&A with Sen. Brian Schatz on Congress' dysfunction in the tech space, regulating tech firms, the EU's DMA, AI, deepfakes, social media laws for kids, and more
Today, I'm talking with Senator Brian Schatz of Hawaii. He's been in the Senate for a little more than a decade now, and he's seen a lot in that time.
New Jersey's governor recently signed a robust data privacy law, overcoming considerable pushback from the tech industry. This makes NJ one of eight states to pass comprehensive privacy legislation in the past year. https://therecord.media/...
The Record
Legislators and privacy experts detail how the tech industry has sought to water down state privacy regulation in the US; 13 US states now have privacy laws
Suzanne Smalley / The Record :
2023-11-09
Honda, Toyota, Volkswagen, and GM have won a significant case after a federal judge ruled that their use of onboard infotainment systems to record and intercept customers' text messages and call logs does not violate Washington state privacy laws. https://therecord.media/...
The Record
A US judge rules that automakers' use of on-board infotainment systems to record and intercept owners' texts and call logs doesn't violate Washington state law
A federal judge on Tuesday refused to bring back a class action lawsuit alleging four auto manufacturers had violated Washington …
2023-10-04
TorchServe is a popular open-source code package in the PyTorch ecosystem, which is overseen by #Amazon and #Meta. The project is used by hundreds of organizations around the world, including companies like #Walmart, #OpenAI, #Tesla, #Azure, #GoogleCloud and #Intel.
BleepingComputer
Oligo Security finds since-patched RCE flaws in open-source AI model-serving tool TorchServe and vulnerable instances at tens of thousands of IP addresses
Oligo has provided a free tool for organizations to check their exposure and both Meta and Amazon have released updates addressing some of the issues.
BleepingComputer
Oligo Security finds since-patched RCE flaws in open-source AI model-serving tool TorchServe and vulnerable instances at tens of thousands of IP addresses
2023-08-02
Known as a ‘Command-and-Control Provider’, Cloudzy allegedly supports malicious actors such as #BlackBasta and Royal ransomware gangs, and state-backed hackers from North Korea, Russia, China, India, Pakistan, and Vietnam.
TechCrunch
Halcyon: Cloudzy, a Wyoming-registered web hosting company likely operating out of Tehran, is acting as a command-and-control provider for state-backed hackers
A little-known cloud company provided web hosting and internet services to more than two dozen different state-sponsored hacking groups …
2023-07-06
Cybersecurity experts warned that hundreds of thousands of devices — many used by government organizations — aren't patched to deal with a critical bug identified last month https://therecord.media/...
The Record
After Fortinet patched a major FortiOS bug on June 12, researchers find that ~336K out of ~490K affected SSL VPN interfaces are still unpatched and open to RCE
many used by government organizations — aren't patched to deal with a critical bug identified last month https://therecord.media/...
2023-03-30
3/3 While the new FDA regulations help protect future devices, concerns remain for existing insecure devices and legacy technologies. https://therecord.media/... https://twitter.com/...
The Record
The FDA says approval for medical devices now requires meeting certain cybersecurity standards issued in the omnibus spending bill signed in December 2022
The Food and Drug Administration affirmed Wednesday that medical device manufacturers must now prove their products meet certain …
2023-03-17
Meta has a new “kill chain” for influence operations on its social media platforms. The Record's @AlexMartin talked with the company's @benimmo and @killchain about the framework and what it means for fighting election interference https://therecord.media/... https://twitter.com/...
The Record
Q&A with two of Meta's leading security experts about its Online Operations Kill Chain, a framework for responding to threat activity like influence operations
Next year will feature some of the most geopolitically significant elections of our times.
Meta is unveiling a new framework for fighting election interference. The Record's @AlexMartin talked with the company's @benimmo and @killchain about the Online Operations Kill Chain and what it means for collaboration against influence operations https://therecord.media/... https://twitter.com/...
The Record
Q&A with two of Meta's leading security experts about its Online Operations Kill Chain, a framework for responding to threat activity like influence operations
Next year will feature some of the most geopolitically significant elections of our times.
2023-02-12
The City of Oakland confirmed reports that its networks had been hit with ransomware after rumors emerged online that several agencies were having issues with systems (@jgreigj) https://therecord.media/...
The Record
The City of Oakland confirms reports of a ransomware attack on its networks but says that 911, financial data, and fire and emergency resources weren't impacted
The City of Oakland confirmed reports that its networks had been hit with ransomware after rumors emerged online that several agencies …
2023-02-11
The City of Oakland confirmed reports that its networks had been hit with ransomware after rumors emerged online that several agencies were having issues with systems (@jgreigj) https://therecord.media/...
The Record
The City of Oakland confirms reports of a ransomware attack on its networks but says 911, financial data, and fire and emergency resources were not impacted
The City of Oakland confirmed reports that its networks had been hit with ransomware after rumors emerged online that several agencies …
2022-12-21
Two Queens men have been arrested and are facing up to 10 years in prison on charges that they conspired with Russian hackers to tamper with JFK airport's taxi queuing software (@jredd66) https://therecord.media/...
The Record
US prosecutors say two men conspired with Russian hackers to tamper with JFK airport's taxi queuing software, allegedly letting drivers cut the line for a fee
James Reddick / The Record :
2022-11-05
In a 114-page security report, Microsoft accused China of abusing its vulnerability disclosure requirements and outlined how state-aligned groups have increasingly exploited vulnerabilities since the rules were implemented (@jgreigj) https://therecord.media/...
The Record
Microsoft accuses China-backed nation state hackers of abusing the country's vulnerability disclosure requirements to discover and develop zero-day exploits
Jonathan Greig / The Record :