French Teens on Trial for Cyber-bullying

French Teens on Trial for Cyber-bullying

France is trying more than a dozen teenagers in a new court set up in January specifically to hear cases concerning alleged online abuse and discrimination.



If convicted in the landmark two-day trial, the thirteen young people could be given suspended prison sentences of up to three years. 



The defendants are from a range of social and religious backgrounds. Charges levied against them include online harassment, making online death threats, and making online threats of rape. 



Some of the accused teenagers apologized for the comments they sent out into the digital world. Others denied being guilty of any crime. 



One defendant said his intentions when posting online had been to make people laugh and to attract more followers on social media. 



The trial is focused on comments made online two years ago by a then 16-year-old girl who has been identified publicly only by her first name, Mila.



Atheist Mila, who testified to the court, “I don’t like any religion,” used her Instagram and TikTok accounts to criticize Islam and the Quran. In France, freedom of expression is considered a fundamental right and blasphemy is not a crime.



Mila subsequently received more than 100,000 threatening messages, including death threats and rape threats, according to her lawyer, Richard Malka. She was also sent misogynist abuse and received hateful messages about her sexuality. 



The now 18-year-old Mila had to leave two schools over the abuse. She told the court she feels like she’s been “condemned to death” and cannot see a future for herself. 



Out of the thousands of abusive messages and comments, French police tracked down the 13 defendants currently on trial. 



One 22-year-old defendant identified only by his first name, Enzo, apologized to Mila in court for tweeting “you deserve to have your throat slit,” followed by a sexist epithet.



Another, known as Manfred, said he was “pretending to be a stalker to make people laugh” when he threatened to turn Mila into the next Samuel Paty. Paty was a teacher who was beheaded outside Paris in October after showing a class caricatures of the Prophet Muhammad.



“When I posted the tweet, I wasn’t thinking,” testified another defendant, 21-year-old university student Lauren, who tweeted about Mila: “Have her skull crushed, please.”


Source: Infosecurity
French Teens on Trial for Cyber-bullying

Transmit Security Announces $543M Series A Funding Round

The passwordless technology provider says the funding will be used to increase its reach and expand primary business functions.
Source: DarkReading
Transmit Security Announces 3M Series A Funding Round

NIST Publishes Ransomware Guidance

NIST Publishes Ransomware Guidance

The National Institute of Standards and Technology (NIST) has published new draft guidance for organizations concerning ransomware attacks. 



The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to recover from it. 



NIST’s Ransomware Profile can be used by organizations that have already adopted the NIST Cybersecurity Framework and wish to improve their risk postures. It can also help any organization seeking to implement a risk management framework that deals with ransomware threats. 



Included in the Ransomware Profile are steps that can be followed to identify and prioritize opportunities for improving their ransomware resistance. Users will learn how to prevent ransomware attacks and how to manage ransomware risk effectively. 



Basic measures mentioned in the guidance include keeping computers fully patched, using antivirus software, blocking access to known ransomware sites, and only permitting authorized apps to be used. 



Organizations are also advised to ensure scans are automatically conducted on emails and flash drives, to restrict the use of personally owned devices, to limit the use of accounts with administrative privileges, and to avoid the use of personal apps.



Another defensive tactic against ransomware that the guidance advocates is conducting security awareness training to educate employees about the dangers of opening files sent from unknown sources or clicking on links. 



NIST says planning ahead will help organizations that do succumb to ransomware to recover faster. It advises creating an incident recovery plan, implementing a comprehensive backup and restoration strategy, and maintaining an up-to-date list of internal and external ransomware attack contacts.



NIST intends for the new draft guidance to be used in conjunction with the NIST Cybersecurity Framework, other NIST guidance, and guidance issued by the Department of Homeland Security and the Federal Bureau of Investigation.



Those who wish to comment on the new draft Ransomware Profile have until July 9 to send their feedback to the Institute. A revised copy will then be released and a second commentary period held before a final document is published.


Source: Infosecurity
NIST Publishes Ransomware Guidance

Chart: Strength in Numbers

More companies are heeding expert advice to beef up their incident-response teams.
Source: DarkReading
Chart: Strength in Numbers

NSA Funds Development & Release of D3FEND Framework

The framework, now available through MITRE, provides countermeasures to attacks.
Source: DarkReading
NSA Funds Development & Release of D3FEND Framework

SEC Probes SolarWinds Breach Disclosure Failures

SEC Probes SolarWinds Breach Disclosure Failures

The United States Securities and Exchange Commission (SEC) has launched a probe to determine whether some companies failed to disclose that they had been impacted by the 2020 hacking attack that compromised the SolarWinds Orion software supply chain.



The assault on SolarWinds was discovered and disclosed by researchers at FireEye in December. The advanced persistent threat (APT) group behind the attack was able to compromise nine government agencies, critical infrastructure, and hundreds of private-sector organizations.



Last month, SolarWinds CEO Sudhakar Ramakrishna revealed that the attackers may have accessed the company’s system as early as January 2019. The company has said that as many as 18,000 of its customers were affected by the breach. 



The United Kingdom and the US have laid the blame for the hack at the door of Russia’s Foreign Intelligence Service (SVR). Russia has denied any culpability for the attack.



Two people familiar with the SEC investigation told the news source Reuters that letters were sent out last week by the SEC to a number of investment firms and public issuers. In the missives, the Commission asked the entities to voluntarily state whether they had been victimized by the unprecedented SolarWinds hack and kept quiet about it. 



The anonymous sources also said that in addition to probing data breach disclosure failures, the SEC is seeking to determine whether the cybersecurity policies at certain companies were designed to protect customer data. 



A spokesperson for SolarWinds said in a statement: “Our top priority since learning of this unprecedented attack by a foreign government has been working closely with our customers to understand what occurred and remedy any issues.”



The company added that it is “collaborating with government agencies in a transparent way.”



Under United States securities law, companies are required to disclose material information that could affect their share prices, including data on breaches caused by cybersecurity incidents. 



If the entities that receive the SEC’s letters reply by disclosing information about the breaches, they will avoid any enforcement actions linked to internal accounting control failures and historical failures, the sources said. 



They added that the SEC was considering creating new policies regarding the effect of cybersecurity issues on investors and markets.


Source: Infosecurity
SEC Probes SolarWinds Breach Disclosure Failures

Identity Eclipses Malware Detection at RSAC Startup Competition

All 10 finalists in the Innovation Sandbox were focused on identity, rather than security’s mainstay for the last 20 years: Malware detection.
Source: DarkReading
Identity Eclipses Malware Detection at RSAC Startup Competition

Majority of Web Apps in 11 Industries Are Vulnerable All the Time

Serious vulnerabilities exist every day in certain industries, including utilities, public administration, and professional services, according to testing data.
Source: DarkReading
Majority of Web Apps in 11 Industries Are Vulnerable All the Time

CVE-2020-18654

Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the “Title” parameter in the component “/coreframe/app/guestbook/myissue.php”.
Source: NIST
CVE-2020-18654

CVE-2020-22174

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in hmsbook-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.
Source: NIST
CVE-2020-22174