Good day. Researchers at the Atlantic Council, Stanford Internet Observatory and elsewhere who feared violence before the U.S. Capitol riot now warn about additional events being planned online, WSJ Pro's David Uberti reports. 

Other news: Malware in SolarWinds hack linked to Russian surveillance tech; Facebook removes "stop the steal" content; U.S. authorities to assess harm from deepfakes; Joe Biden's Cabinet picks; data breach at substance-abuse clinics; cyber insurers say "not so fast" to ransomware claims. 

Social-media watchdogs detect signs of ongoing extremist threat. The deadly riot at the U.S. Capitol has confirmed the fears of social-media researchers who have been monitoring right-wing extremist groups’ online activity in recent months. Now they’re issuing new warnings about events set for just before Joe Biden's inauguration. 

Some groups that support President Trump are trying to organize gatherings as President-elect Joe Biden prepares to take office, according to researchers’ review of social-media activity. They include proposed protests at 50 state capitals and a potential demonstration at the inauguration.

In a letter Friday to the Federal Bureau of Investigation and Department of Homeland Security, Democratic lawmakers demanded an explanation of how the agencies had evaluated the Capitol rioters’ organization on social media and what the agencies are doing to prevent additional violence.

Social-media experts say online crackdowns push some right-wing extremist groups further underground.

Read the full story.

Malware in SolarWinds hack linked to Russian surveillance tech. The “Sunburst” code used in creating backdoors into corporate and government networks through corrupted software from networking firm SolarWinds Corp. appears related to spying malware that Estonian officials say is used by Russian hackers. Cybersecurity firm Kaspersky Lab, based in Moscow, said Monday the backdoor shares common traits with malware known as “Kazuar,” such as the way both lie dormant for periods to try to evade detection. Russian officials didn’t respond to a request for comment from Reuters. They have consistently denied involvement in the episode. (Reuters) 

Facebook says it is removing all content mentioning ‘stop the steal.’ The action to remove the phrase popular among supporters of President Trump’s unproven claims of election fraud is part of a raft of measures to stem misinformation and incitements to violence on its platform ahead of President-elect Joe Biden’s inauguration. (WSJ) 

U.S. government to assess deepfake tech, harm. The Department of Homeland Security, under the National Defense Authorization Act of 2021, must study deepfake audio and video technology and the potential ill effects of disseminating falsified media. The Pentagon must conduct a similar study focused on fake media about U.S. military members. (CyberScoop) 

Patients at substance-abuse clinic chain notified of data breach. Prestera Center for Mental Health Services Inc., which runs 55 facilities in West Virginia, said in a letter to 3,700 current and former patients that its email system was compromised, exposing sensitive information including names, diagnoses, treatments, medications and, in some cases, addresses and Social Security numbers. The company is putting in multifactor authentication, stronger firewalls and other security improvements, it said.

Cyber insurers get stricter about ransomware claims. Some insurance firms require policyholders to answer more detailed questions about ransomware incidents before deciding whether to pay claims. These include whether multifactor authentication is in use, whether customers segment their networks to stop the spread of malware and details about data back-up practices. (Insurance Business America)

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.