"Uk court blocks government's attempt to keep Apple encryption case a secret."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 08 April 2025, 1339 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/14/65
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 04.07.25
At a glance.
- UK court blocks government's attempt to keep Apple encryption case secret.
- Port of Seattle says last year's breach affected 90,000 people.
- Verizon Call Filter vulnerability could have exposed millions of customers' call records.
- Florida man pleads guilty to involvement with Scattered Spider.
UK court blocks government's attempt to keep Apple encryption case secret.
The UK Investigatory Powers Tribunal has blocked the British government's effort to keep secret a case involving its request to circumvent Apple's encrypted iCloud services, Bloomberg reports. The court, which hears complaints related to government surveillance, ruled that the government's efforts were a "fundamental interference with the principle of open justice."
The Tribunal's ruling, which also publicly confirmed the existence of the case for the first time, said it would have been "a truly extraordinary step to conduct a hearing entirely in secret without any public revelation of the fact that a hearing was taking place." The court added, "We do not accept that the revelation of the bare details of the case would be damaging to the public interest or prejudicial to national security."
Stolen identity data is the hot commodity for cybercriminals. With the full scope of your users’ digital footprints at risk for exposure, traditional account-centric security is no longer enough to protect your business from cyberattacks. SpyCloud helps security teams correlate and automatically remediate individuals' hidden identity exposures from breaches, malware, and phishing across their many online personas. Eliminate identity-based cyber threats and proactively defend against account takeover, fraud, and ransomware with SpyCloud.
Port of Seattle says last year's breach affected 90,000 people.
The Port of Seattle, the agency that oversees Seattle's seaport and airport, has disclosed that the ransomware attack it sustained in August affected data belonging to approximately 90,000 people, BleepingComputer reports. Around 71,000 of the victims are residents of Washington state. The Port says the breached information included "some combination of names, dates of birth, Social Security numbers (or last four digits of Social Security number), driver’s license or other government identification card numbers, and some medical information."
The agency previously disclosed that the Rhysida ransomware gang posted the stolen data to its leak site after the Port refused to pay the ransom.
Secure Access is crucial for U.S. Public Sector missions, ensuring that only authorized users can access certain systems, networks, or data - are your defenses ready? Cisco's Security Service Edge delivers comprehensive protection for your network and users. Experience the power of zero trust and secure your workforce, wherever they are. Elevate your security strategy by visiting cisco.com/go/sse.
Verizon Call Filter vulnerability could have exposed millions of customers' call records.
A vulnerability in Verizon's Call Filter app could have been used to scrape call records belonging to millions of users, Malwarebytes reports. Security researcher Evan Connelly, who discovered the flaw, explained, "In order to display your recent history of received calls in the Verizon Call Filter app, a network request is made to a server. That request contains various details such as your phone number and the requested time period for call records. The server then responds with a list of calls and timestamps for each."
Connelly found that the server didn't verify that the phone number being requested was tied to the signed-in user, so the user could request data belonging to any other customer. Verizon told SecurityWeek that the issue was fixed by the third-party owner of the application last month.
Join Us at the RSAC 2025 Conference. Join us at RSAC, April 28 - May 1 in San Francisco and gain access to cybersecurity innovators, expert-led sessions, and hands-on workshops. Leave with new strategies, insights, and connections to elevate your cybersecurity journey.
Florida man pleads guilty to involvement with Scattered Spider.
A 20-year-old Florida man named Noah Urban has pleaded guilty to his involvement in the Scattered Spider cybercriminal group, SecurityWeek reports. Urban, who was arrested in January 2024, was accused of launching phishing and SIM swapping attacks that led to the theft of millions of dollars worth of cryptocurrency.
Urban pleaded guilty to conspiracy to commit wire fraud, wire fraud, and aggravated identity theft. As part of the deal, he's agreed to pay $13 million in restitution to fifty-nine victims.
Notes.
Today's issue includes events affecting , and the United Kingdom the United States.
Attacks, Threats, and Vulnerabilities
E-ZPass toll payment texts return in massive phishing wave (BleepingComputer) An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information.
WinRAR flaw bypasses Windows Mark of the Web security alerts (BleepingComputer) A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine.
Litigation, Investigation, and Law Enforcement
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe (KrebsOnSecurity) A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say…
Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges (The Record) A Maryland pharmacist installed spyware on hundreds of computers at a major teaching hospital and recorded videos of staff over the course of a decade, a class-action lawsuit alleges.
For a complete running list of events, please visit the Event Tracker.
Events
40th Space Symposium (Denver and Virtual, Colorado, USA, Apr 7 - 10, 2025) Bringing together leaders from commercial, government and military space from around the world, the Space Symposium provides a forum to discuss, address and plan for future achievements in space. The Space Symposium program delivers exclusive networking and engagement opportunities with influential participants in one convenient and extraordinary venue. Space Symposium luncheons and dinners provide additional contact with influential participants.
Community Event with The Cyber Guild - Book Club (Reston, Virginia, USA, Apr 17, 2025) Join the growing Cyber Guild Community - "where everyone wants to know your name " The Cyber Guild community is a growing network of cyber enthusiasts who are invested in building a sustainable cyber ecosystem.
Protecting CISOs From Increasing Personal Liability Risk-Civil & Criminal Insurance Considerations (Columbia, Mar, USA, Apr 17, 2025) An in-depth discussion of CISO Liability to include the following: · Increasing accountability and claims events and trends facing CISOs · How D&O and Cyber policies differ · How CISOs are covered under one or both policies · Risk Management and best practices to maximize the value of the D&O policy and optimize policy performance in a claims scenario.
RSA Innovation Sandbox 2025 (San Francisco, California, USA, Apr 28, 2025) RSA Conference 2025 marks 20 years for cybersecurity’s top innovation startup competition: RSAC Innovation Sandbox contest. The contest puts the spotlight on cybersecurity’s boldest new innovators while highlighting their potentially game-changing ideas. Hundreds of submissions are reviewed and narrowed down to only 10 finalists. The Top 10 Finalists will take the stage during RSA Conference 2025 and will have three minutes to make their award-winning pitch to a panel of leading industry experts. Since the start of the contest, the Top 10 Finalists have collectively seen over 90 acquisitions and over $16.4 billion in investments.*
RSA Conference 2025 (San Francisco, California, USA, Apr 28 - May 1, 2025) At RSAC 2025, you're not just attending a conference—you're stepping into a vibrant, thriving community of thinkers, innovators, and achievers. Though we come from different corners of the cybersecurity world, we are united by a common mission: to foresee risks, counter threats, and embrace the challenges ahead. Together, we shape the future of security. Together, we shine as one.
Comments
Post a Comment
Please leave a comment about our recent post.