Security News

The US has dragged a fancy-pants, Instagram-star, high-fashion-flaunting, alleged Nigerian scammer out of the United Arab Emirates and into Chicago to face charges that he helped launder beaucoup bucks gouged out of businesses in email compromise scams. The DOJ is charging Abbas with allegedly conspiring to launder hundreds of millions of dollars in BEC and other scams that targeted a US law firm's client, a foreign bank and an English Premier League soccer club, among others.

An amended version of America's controversial proposed EARN IT Act has been unanimously approved by the Senate Judiciary Committee - a key step in its journey to becoming law. Concerns over the law being used to force tech companies to introduce encryption backdoors led to an amendment [PDF], put forward by Senator Patrick Leahy, that stated online platforms won't face civil or criminal liability if they are unable to break end-to-end encryption in their own services.

A Nigerian national appeared in federal court in Chicago Friday accused of orchestrating an international cyber fraud scheme that federal prosecutors say defrauded U.S. businesses in six states out of tens of millions of dollars. He appeared in court Friday morning to face a charge of conspiracy to commit wire fraud.

A US Senate panel Thursday approved legislation aimed at combatting online child exploitation as civil liberties activists warned the measure could lead to an array of constitutional and privacy problems. The Judiciary Committee voted to approve a revised version of the Earn It Act which would eliminate "Blanket liability protection" for online platforms which fail to protect against child sexual abuse material.

A report from Comparitech has looked into cyberattacks on educational institutions in the United States, finding that there have been more than 1,300 breaches since 2005 and more than 24 million records lost. California remains a hotspot, according to the report, "Yet Arizona becomes one of the worst-hit states with only slightly fewer people affected in its breaches than California. West Virginia and Georgia also display high numbers of records affected in contrast to the number of breaches with 1.3 million and 1.6 million records impacted, respectively. Other states with high numbers of records exposed or stolen in breaches include Ohio, Massachusetts, and Florida."

China on Wednesday demanded Washington stop "Oppressing Chinese companies" after U.S. regulators declared telecom equipment suppliers Huawei and ZTE to be national security threats. "We once again urge the United States to stop abusing the concept of national security, deliberately discrediting China and unreasonably oppressing Chinese companies," said the spokesman, Zhao Lijian.

Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon. "When Security Assertion Markup Language authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability," Palo Alto Networks explained in an advisory.

South Wales Police and the UK Home Office "Fundamentally disagree" that automated facial recognition software is as intrusive as collecting fingerprints or DNA, a barrister for the force told the Court of Appeal yesterday. Jason Beer QC, representing the South Wales Police also blamed the Information Commissioner's Office for "Dragging" the court into the topic of whether the police force's use of the creepy cameras complied with the Data Protection Act.

John Mauger of U.S. Cyber Command came a day after Defense Department officials briefed reporters on virtual war games that digital combatants from U.S. and allied militaries have been holding to sharpen their abilities to counter online threats with real-world impact. On Wednesday, Cybercom offered reporters a window into what it described as its largest virtual training exercise to date - in this case, a simulated attack on an airfield's control systems and fuel depots.

Prosecutors in the US have upgraded their case against Julian Assange with a second superseding indictment claiming he sought out the services of a notorious hacker who, unbeknownst to the WikiLeaks boss, was secretly working with the Feds. The latest filing does not add any charges, though it includes evidence of Assange asking hackers to steal sensitive and scandalous dirt from government systems for WikiLeaks to disseminate.