|
|
|
|
|
|
|
|
|
|
Cyber Daily: Robinhood Expects $30 Million Penalty | Biden Officials Link China to Microsoft Hack
|
|
|
|
|
|
|
|
Hello. Mobile investing firm Robinhood anticipates paying $30 million as part of a settlement with New York financial regulators. That’s much larger than the $10 million the company initially anticipated, WSJ Pro’s David Uberti reports.
Other news: Hackers linked to the Chinese government attacked Microsoft, the U.S. and dozens of other nations charge; real-estate industry faces disruption as tech vendor Cloudstar grapples with ransomware; Saudi Aramaco data leak; scammers target Florida condo collapse victims; cancer patients’ data breached; and more.
|
|
|
|
|
Sponsored by Netscout
|
|
A New Kind of Adversary
Without the right protection, yours could be next. See how NETSCOUT visibility can detect and help mitigate these complex threats.
Learn How Today
|
|
|
|
|
|
|
|
|
|
|
|
|
Robinhood Markets Inc. says crypto unit Robinhood Crypto LLC expects to pay $30 million in a proposed deal to end an investigation by financial regulators. PHOTO: JAKUB PORZYCKI/ZUMA PRESS
|
|
|
|
|
|
Triple initial estimate: Mobile-investing firm Robinhood Markets said in revised paperwork for a public listing that its crypto unit, Robinhood Crypto LLC, anticipates a $30 million fine in a cyber and money-laundering probe. The payout would be part of a proposed deal to end an investigation by financial regulators into allegedly lax security procedures.
Menlo Park, Calif.-based Robinhood first disclosed the investigation earlier this month when it filed paperwork to go public. The company told investors at the time that a proposed settlement with the New York Department of Financial Services would require Robinhood’s crypto brokerage to engage a monitor and pay a fine of at least $10 million.
Read the full story.
|
|
|
|
|
|
|
|
|
|
Cybersecurity experts had been pressing the Biden administration to respond to China’s alleged involvement in the Microsoft email hack. PHOTO: LEAH MILLIS/REUTERS
|
|
|
|
|
|
Biden administration blames hackers tied to China for Microsoft cyberattack spree. The U.S. government has high confidence that hackers tied to China’s Ministry of State Security, or MSS, carried out the unusually indiscriminate hack of Microsoft Exchange Server software that emerged in March. Four Chinese nationals were indicted over a range of separate hacking intrusions dating back a decade that allegedly stole corporate and research secrets from firms and universities around the world. Three of the nationals were described as MSS officers, while a fourth was said to be employed at a Chinese front company that aided the hacking.
Attributing the Microsoft hack to China was part of a broader global censure Monday of Beijing’s cyberattacks by the U.S., the EU, the U.K., Canada, Australia, New Zealand, Japan and NATO, a 30-nation alliance. China has historically denied U.S. hacking allegations. A spokesman for the Chinese Embassy in Washington didn’t immediately respond to a request for comment. (WSJ)
|
|
|
|
|
PHOTO: CHARLES KRUPA/ASSOCIATED PRESS
|
|
|
|
|
Services down at tech vendor to financial industry. Jacksonville, Fla.-based Cloudstar said some of its systems are inaccessible after a weekend ransomware attack. Although "we are working around the clock, we do not have a definitive restoration timeline,” the company said in a notice at its website. Mail and some support services are functioning, Cloudstar said.
|
|
|
-
Many real-estate title firms use tech from Cloudstar, which runs six data centers in the U.S. The outage means some consumers might be unable to close mortgage loans, according to The Title Report.
|
|
|
|
|
PHOTO: HAMAD I MOHAMMED/REUTERS
|
|
|
|
|
Saudi Aramco data for sale. Hackers are offering employee details, project information and other data allegedly belonging to Saudi Arabian Oil Co. The company acknowledged breaches at third-party contractors and said the leaked data doesn’t impact its operations. (Bleeping Computer)
|
|
|
|
Happening Tuesday: A subcommittee of the House Committee on Energy and Commerce plans to discuss ransomware threats with executives from Microsoft, Dragos, FireEye and others. Tune in here Tuesday, July 20 at 10:30 a.m. ET.
Lawmakers 'conflate' and 'misunderstand.' The Information Technology Industry Council, a lobby group, issued guidance for Congress as it considers whether to compel businesses to disclose cyber incidents. “The proposals introduced to date often conflate multiple issues and misunderstand the goals and the applicability of security incident reporting,” ITIC said in a paper pubished Monday. “Carefully crafted” incident reporting can be helpful to government and the private sector, the group said. Among its recommendations:
-
Specific thresholds for mandated disclosure, such as severe incidents that cause actual disruptions or losses.
-
At least 72 hours after discovery to report the incident.
-
Companies shouldn't be required to report incidents at their business partners.
-
Confidentiality for information revealed, including against regulatory use and exempting the information from requests under the Freedom of Information Act.
|
|
|
|
|
75,349
|
|
Number of customers affected by a ransomware incident in March at CNA Financial Corp. The insurer is said to have paid $40 million to the attackers. CNA has declined to discuss any ransom payment.
|
|
|
|
|
|
|
|
|
|
|
|
PHOTO: ANNA MONEYMAKER
/GETTY IMAGES
|
|
|
|
|
Scammers leverage Florida condo collapse. Families of people who died in the ruins of the Champlain Towers South in Surfside, Fla., are seeing attempts by fraudsters to steal their deceased relatives’ identities, according to Surfside Mayor Charles Burkett. Officials urged families to monitor accounts of their loved ones. (Threat Post)
|
|
|
|
|
|
|
|
|
|
|
|
|
