(Check out our latest special report on the SolarWinds crisis, which is likely to be our last for a while. And don’t forget to subscribe to Metacurity so that you don’t miss out on our premium offerings in the coming new year!)

A hacked database of hardware wallet manufacturer Ledger’s customers were leaked onto hacker site Raidforums.

The leaked data includes names, physical addresses, and phone numbers of Ledger customers and seemingly originates from a hack of Ledger's e-commerce database in June. (Stephen Graves / Decrypt)

Related: Reddit - cybersecurity, TechNadu, Bitcoin News, Cointelegraph, Bleeping Computer, CryptoSlate, DataBreaches.net, Slashdot, ibtimes.sg : Top News, SiliconANGLE, Bitcoinist.com, Bitcoinist.com, Cyber Kendra, Gizmodo, Techradar, Graham Cluley, Threatpost

Troy Hunt @troyhunt

Holy shit that’s scary. A simple mail merge from the breach data and even though I know that full well, I’d hate to get one of these emails.

Jameson Lopp @lopp

Strap in for scareware. https://t.co/CopJYUR5pO

December 21st 2020

84 Retweets321 Likes

briankrebs @briankrebs

Welp, this will be a nice target list for the crypto phishers.

Ledger @Ledger

Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.

December 21st 2020

35 Retweets119 Likes

The Institute for Security and Technology (IST) will host a new, broad, multisector task force to find ransomware solutions.

The task force will include top cybersecurity firms McAfee, Cybereason, and Rapid7, industry groups, including the Cyber Threat Alliance and the Global Cyber Alliance, and more. (Joe Uchill / SC Magazine)

Related: Business Wire Technology News, StateScoop

Microsoft, Google, Cisco, Dell Technologies-owned VMWare, and the Washington-based Internet Association have joined forces with Facebook in its legal battle against notorious hacking company NSO.

Microsoft and Google filed an amicus brief in the U.S. Court of Appeals for the Ninth Circuit, calling the Israeli firms Israeli firm’s tools “powerful, and dangerous.” (Raphael Satter / Reuters)

Related: TechCrunch, ZDNet, PYMNTS.com, Fortune, The Verge, GeekWire Original, Asia One Digital, Business Standard, NDTV Gadgets360.com

China used the massive data obtained from the Office of Personnel Management hack that started in 2013 to develop data-driven identification of CIA officials.

Many experts believe that China possesses critical intelligence advantages due to the panopticon-like digital penetration of its own networks and other countries’ networks. (Zach Dorfman / Foreign Policy) 

Related: Slashdot

B. Allen-Ebrahimian @BethanyAllenEbr

HUGE scoop from @zachsdorfman: Remember how people speculated that China's hack of the Office of Personnel Management might allow China to identify and track CIA operatives abroad? Well, that's EXACTLY what China did. Read more at @ForeignPolicy: China Used Stolen Data to Expose CIA Operatives in Africa and EuropeThe discovery of U.S. spy networks in China fueled a decadelong global war over data between Beijing and Washington.foreignpolicy.com

December 21st 2020

442 Retweets639 Likes

The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) announced a proposed regulation that would require money service businesses, including cryptocurrency exchanges, to collect identity data about people who transact with their customers using self-hosted cryptocurrency wallets or foreign exchanges.

The move would radically expand the scope of the U.S. government’s financial surveillance. (Marta Belcher and Aaron Mackey / EFF)

Related: Coinbase, Kraken, Coindesk, Compliance Week, The Block

The coronavirus stimulus package passed by Congress on Sunday includes a host of technology provisions, including $1.9 billion for "rip and replace" efforts to remove Huawei and ZTE equipment from U.S. networks.

The FCC ruled earlier this year that telcos, most of whom are small and rural, have to replace their Huawei gear due to its supposed supply chain threat. (David Shepardson / Reuters)

Related: BGR, Neowin, TechCrunch, Lifehacker, Axios

Ransomware disguised as a mobile version of Cyberpunk 2077 was discovered by Kaspersky's malware analyst, Tatyana Shishkova.

A fraudulent website has been made to look like the Google Play Store and offers a mobile version of Cyberpunk 2077. (Keith Mitchell / Tom’s Hardware)

Related: The South African, TechSpot, Inverse, UPROXX, ExtremeTech, Kotaku

Privacy and marketing, security, and data governance solutions firm OneTrust announced a Series C funding round of $300 million.

TCV  led the round, joining existing investors Insight Partners and Coatue. (Ron Miller / TechCrunch)

Related:  Tech.eu, Crunchbase News, Venture Beat, Tech.eu, FinSMEs, PYMNTS.com, Startups News | Tech News, Hypepotamus, SiliconANGLE

Firefox 85 will ship next month with a feature named Network Partitioning as a new form of anti-tracking protection.

The feature is based on "Client-Side Storage Partitioning," a new standard currently being developed by the World Wide Web Consortium's Privacy Community Group. (Catalin Cimpanu / ZDNet)

Related: Spyware news, gHacks, Tech Insider, Slashdot

Three COVID-19 applications used in Indonesia and the Philippines - PeduliLindungi, StaySafe PH, COVID-KAYA - feature vulnerabilities that can give access to sensitive personal data, according to a study by Citizen Lab.

The findings underscore that developers of contact tracing apps, as well as apps generally, should minimize the data that they collect to help safeguard the security and privacy of their users. (Pellaeon Lin, Jeffrey Knockel, Irene Poetranto, Stephanie Tran, Justin Lau, and Adam Senft / Citizen Lab)

Citizen Lab @citizenlab

NEW REPORT: "Unmasked II: An Analysis of Indonesia and the Philippines’ Government-launched COVID-19 Apps" by @citizenlab: citizenlab.ca/2020/12/unmask… by @2Pellaeon, Jeffrey Knockel,, @irenepoet, Stephanie Tran, Justin Lau and @adamsenftUnmasked II: An Analysis of Indonesia and the Philippines’ Government-launched COVID-19 Apps - The Citizen LabAs part of the Citizen Lab’s research into the security and privacy of applications, we report on issues we discovered with three COVID-related applications in Indonesia and the Philippines – PeduliLindungi, StaySafe PH, and COVID-KAYA.citizenlab.ca

December 22nd 2020

25 Retweets40 Likes

Washington technology and engineering company BlueHalo has acquired Base2 LLC and Fortego LLC to add more cyber and signals intelligence capabilities.

The acquisition radically expands BlueHalo’s employee base of highly credentialed cyber and signal intelligence employees. (Nick Wakeman / Washington Technology)

Related: VC Deals – PE Hub,  Infosecurity Magazine, Defense Daily Network

Must-Read of the Day

Elizabeth A. Harris and Nicole Perlroth of the New York Times have this delightful piece on how a phishing scam targets authors, agents, and editors to obtain book manuscripts from both popular and obscure writers for reasons that remain to be seen. Photo by Robert Anasch on Unsplash

Plug, Plug, Plug

Don’t miss my column from CSO yesterday on how to deal with SolarWinds-type threats.

Main photo by Clifford Photography on Unsplash