Happy holidays, dear readers! This is my final news roundup of 2020. Suffice to say, this year is going out with a bang! I don’t think anyone is sad to bid farewell to this truly unprecedented year. Given the year we’ve had, it’s not surprising that December has been an equally unprecedented month. What started last week with news of a nation-state attack on FireEye has unraveled to reveal what could potentially be a years-long effort to infiltrate the US government. Instead of jingle bells ringing, security alerts have reverberated around the world.
Lithuania was the victim of a carefully coordinated attack in which, “cyber-criminals breached multiple content management systems to gain access to 22 different websites operated by Lithuania’s public sector. The attackers then published articles containing misinformation on the sites.”
The Wall Street Journal reported, “As the probe continues into the massive hack—which cast a nearly invisible net across 18,000 companies and government agencies—security specialists are uncovering new evidence that indicates the operation is part of a broader, previously undetected cyber espionage campaign that may stretch back years.”
Certainly, the SolarWinds news has monopolized headlines this week, keeping security experts literally up all night, but there’s more that’s been happening across the cybersecurity industry. Let’s take a look.
Dec. 18: CPO Magazine reported, “The IoT Cybersecurity Improvement Act of 2020 is now federal law, meaning that US government “smart devices” will be subject to a new and more stringent set of security standards.”
Dec. 17: Microsoft revealed that it was part of the massive nation-state cyberattack believed to be the work of Russian hackers.
Dec. 17: The ousting of Google researcher Timnit Gebru, who led the Ethical Artificial Intelligence team, has raised, “serious concerns [among other employees] around her identity as a Black woman and the concerns she raised around diversity as being the main driver for both the firing and the way it was done and the speed.”
Dec. 16: ZDNet reported, “Singapore law firm Rajah & Tann has formed a joint venture with local cybersecurity vendor Resolvo Systems to offer integrated services to help businesses navigate their reliance on digital data amidst growing cyber threats.”
Dec. 16: The EU announced a new cybersecurity strategy that would include the creation of a Joint Cyber Unit to defend against cross-border cyberattacks.
Dec. 16: According to The Hill, Reps. Thomas Massie of Kentucky and Tulsi Gabbard of Hawaii proposed a bipartisan bill to repeal the Patriot Act. The legislation is, “designed to limit government surveillance of people without warrants and probable cause.”
Dec. 15: In response to accusations that Russian hackers were behind the massive US hack, the Kremlin reportedly denied any involvement.
Dec. 15: “Ireland’s Data Protection Commission (DPC) has issued Twitter with a fine of €450,000 (~$547,000) for failing to promptly declare and properly document a data breach under Europe’s General Data Protection Regulation (GDPR),” TechCrunch reported.
Dec. 14: The personal information of approximately two million members of the Communist Party of China was reportedly leaked, revealing that, “members of China’s ruling party hold prominent positions in some of the world’s biggest companies, including in pharmaceutical giants involved in the development of COVID-19 vaccines like Pfizer and financial institutions such as HSBC.”