Trump Signs Executive Order on Social Media | Israeli official confirms attempted cyberattack on water systems | NSA warns Russia's infamous hackers are still active

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

  • President Trump has signed an executive order directing federal regulators to crack down on companies like Twitter and to consider taking away the legal protections that shield them from liability for what gets posted on their platforms. NYT

  • Israel has thwarted a cyberattack on control systems at water facilities, a senior government official said while warning of the dangers of escalating conflicts in cyberspace. The “synchronized and organized attack” on civilian infrastructure was aimed at disrupting the industrial computers that underpin Israeli water facilities. Cyber Scoop

  • The same Russian intelligence unit that leaked Democrats' files in 2016 is engaged in an ongoing email hacking campaign, the National Security Agency announced. The alert describes how the GRU is targeting a vulnerability in unpatched Unix systems, an alternative to the operating systems of Microsoft and Apple. NBC News

ASPI ICPC

(ICPC’s Danielle Cave in the latest edition of Australian Foreign Affairs)


The World

Verifying the Identity of People Behind High-Reach Profiles
Facebook
We want to ensure the content you see on Facebook is authentic and comes from real people, not bots or others trying to conceal their identity. In 2018, we started to verify the identity of people managing Pages with large audiences, and now we’re extending ID verification to some profiles with large audiences in the US. Moving forward, we will verify the identity of people who have a pattern of inauthentic behavior on Facebook and whose posts start to rapidly go viral in the US.

Strong Yet Brittle: The Risks of Digital Authoritarianism
Alliance for Securing Democracy
@KMansted
Authoritarian governments increasingly adopt technology-centric national strategies and methods of internal governance. They control their societies through digital censorship, propaganda, and surveillance, and use these same tools to manipulate foreign societies. Their leaders prioritize the development of cutting-edge technologies in pursuit of government efficiency and military and economic advantage. Some analysts view this turn to “digital authoritarianism” as an approach designed to make authoritarians more durable at home and powerful abroad.

Australia

Australia is painting a big red cyber target on its critical infrastructure
Computer Weekly
Australia’s critical infrastructure is particularly vulnerable to cyber attacks right now because of years of under-investment in cyber security and ageing legacy systems.

Toll says employee information accessed by ransomware attackers
ITWire
Australian logistics and transport firm Toll Group says that a ransomware group that attacked the company recently has accessed files on a corporate server that included employees' information such as names, residential addresses, age or date of birth and payroll information.

China

A Chinese Scholar Outlines Stakes for New 'Personal Information' and 'Data Security' Laws (Translation)
New America
@gwbstr
Two new laws that will govern data privacy, protection, and transfer in China pose tough challenges for their drafters, a key scholar and government adviser on cyberspace policy wrote. The Personal Information Protection Law and the Data Security law, both slated to be submitted for deliberation during the National People’s Congress term ending in 2023, are to take up deeply interrelated issues from sometimes divergent perspectives.

US



Trump Signs Executive Order on Social Media, Claiming to Protect ‘Free Speech’

NYT
@maggieNYT @kateconger
The president and his allies have often accused Twitter and Facebook of bias against conservatives, and had resisted taking action until this week, when Twitter fact-checked his own false statements.

Trump Is a Problem That Twitter Cannot Fix
The Atlantic
@evelyndouek
When a duly elected president is bent on spreading misinformation, tech companies can rein him in only so much. Donald Trump’s tweets pose a special problem for Twitter. Absolutely no one can be surprised that the president is using the platform to tweet false and inflammatory claims in the middle of a global pandemic and the lead-up to an election: This is the president’s signature style.

The NSA has a warning: Russia's most infamous hackers are still active
NBC News
The same Russian intelligence unit that leaked Democrats' files in 2016 is engaged in an ongoing email hacking campaign, the National Security Agency announced. The alert describes how the GRU is targeting a vulnerability in unpatched Unix systems, an alternative to the operating systems of Microsoft and Apple.

Chinese Rival Launches U.S. App to Challenge TikTok
The Information
Kuaishou, the $30 billion startup that’s the second-largest social video app in China, is launching an attack in the U.S. against TikTok. Started in early May, Zynn is an app that allows users to upload, edit and share short videos. In a twist, it’s paying users to watch content and recruit other users, a model that’s proving popular amid Covid-19 lockdowns and rising unemployement in America.

Yangyang Cheng @yangyang_cheng
What tragic irony it is to see this bill (
cotton.senate.gov/?p=press_relea…) proposed today, seeking to ban Chinese students & researchers from STEM fields to protect "American ingenuity." As I write👇,"Scientists are human beings with agency: They are not for any state to claim or gain...

Yangyang Cheng @yangyang_cheng

The corn thief went to jail, but not before a multi-year FBI investigation with surveillance planes & a FISA warrant: Was justice served? In my May column @supchinanews, I write about @MaraHvistendahl's fascinating new book, "The Scientist and the Spy": https://t.co/EoYTinsFSL

A.C.L.U. Accuses Clearview AI of Privacy ‘Nightmare Scenario’
NYT
@daveyalba
The facial recognition start-up violated the privacy of Illinois residents by collecting their images without their consent, the civil liberties group says in a new lawsuit.

Europe

North Asia

Fortune 500 company NTT discloses security breach
ZDNet
@campuscodi
Nippon Telegraph & Telephone (NTT), the 64th biggest company in the world, according to the Fortune 500 list, has disclosed today a security breach.

South Asia

India makes source code of contact-tracing app public
Reuters
@sankalp_sp
India said on Tuesday it was making public the source code of its coronavirus contact-tracing app Aarogya Setu for Google’s Android smartphones, a move digital rights activists said will boost the security of users.

Massive shift to digital space increases the need for Cyber Security experts
Times of India
The transition to online space and the remote working demand of employees have amplified the vulnerability of hacking.

Middle East

Israeli official confirms attempted cyberattack on water systems
Cyber Scoop
@snlyngaas
Israel last month thwarted a cyberattack on control systems at water facilities, a senior government official said Thursday while warning of the dangers of escalating conflicts in cyberspace. The “synchronized and organized attack” on civilian infrastructure was aimed at disrupting the industrial computers that underpin Israeli water facilities, said Yigal Unna, head of Israel’s National Cyber Directorate, in the most extensive public comments from an Israeli official yet on the incident.

Misc

Trading Standards squad targets anti-5G USB stick
BBC
@BBCRoryCJ
The rollout of the new 5G mobile networks began in the UK only last summer and has not yet reached outside urban areas. Trading Standards officers are seeking to halt sales of a device that has been claimed to offer protection against the supposed dangers of 5G via use of quantum technology. across the country there is already a cottage industry offering protection against the supposed negative health effects, even though they have been dismissed by regulators and mainstream scientists.

5GBioShield USB key

(A device that has been claimed to offer protection against the supposed dangers of 5G via use of quantum technology. Cyber-security experts say the £339 5GBioShield appears to no more than a basic USB drive.)

Microsoft warns of PonyFinal ransomware attacks
HFS
@gcluley
Malware experts at Microsoft have warned businesses to be on their guard against hackers plotting to plant the PonyFinal ransomware on compromised IT systems. Attacks incorporating the Java-based PonyFinal ransomware have been seen in the wild since the beginning of April, with reports coming in from India, Iran, and the United States.

War rhetoric surrounds COVID surveillance
C4ISNET
@jshermcyber
Deployments of technology to help tackle the coronavirus are taking hold around the world, from London to Moscow, from Singapore to Seoul, from New Delhi to Beijing. Governments and companies, separately and cooperatively, are offering digital approaches to unprecedented times. Yet the design, use, and post-pandemic sunsetting of these technologies aren’t the only critical points of discussion.

YouTube Is Full Of Scams Promising Free OnlyFans Content
Vice
@samleecole
Instructional videos for gaining access to "OnlyFans Premium" content are spreading on YouTube. There are pages and pages of scam videos on YouTube, advertising access to OnlyFans content for free if you follow a few steps to "unlock" or "hack" so-called "premium" accounts.

Research

New 2019 Annual Report From AP CERT
AP CERT
The Asia Pacific Computer Emergency Response Team (APCERT) is a coalition of Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs) within Asia Pacific.