Hackers take down EU Parliament site in apparent DDoS attack —

Russian hackers have attacked the website of the European Union’s Parliament and managed to take it offline for several hours, writes Sead Fadilpašić. Here is the link:

CGI awarded $17.4M Nuclear Regulatory Commission cybersecurity contract

CGI has been awarded a cybersecurity contract to prepare the Nuclear Regulatory Commission (NRC) for emerging cyber threats under its Global Infrastructure and Development Acquisition (GLINDA) Blanket Purchase Agreement.

OpenSSL warns of critical security vulnerability with upcoming patch — ZDNet

This new hole only affects OpenSSL versions 3.0.0 through 3.0.6. So, older operating systems and devices are likely to avoid these problems, writes Steven Vaughan-Nichols. Here's the link:

Protexxa raises $ 2.95M (Toronto)

Cybersecurity startup Protexxa has raised CAD$4 million (roughly $2.95 million) in seed funding. 

Apple releases security updates for multiple products (Update right now!)

Apple has released security updates to address vulnerabilities in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Big Sur 11.7.1, macOS Monterey 12.6.1, macOS Ventura 13, tvOS 16.1, watchOS 9.1. Find the Apple update links here.

Intel confirms leaked Alder Lake BIOS Source Code is authentic — Bleeping Computer

Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic, raising cybersecurity concerns, writes Lawrence Abrams. Here is the link:

Facebook warns 1 million users whose logins were stolen by scam mobile apps —...

Meta is warning Facebook users about hundreds of apps on Apple and Google’s app stores that were specifically designed to steal login credentials to the social network app, writes Mitchell Clark. Here...

Optus cyber-attack: company opposed changes to privacy laws to give customers more rights over...

Optus has repeatedly opposed a proposed change to privacy laws that would give customers the right to request their data be destroyed, writes Josh Taylor. Here is the link:

Uber blames Lapsus$ hacking group for security breach — The Verge

Uber said that a hacker associated with the Lapsus$ hacking group was to blame for a breach of its internal systems last week, writes Andrew J. Hawkins. Here is the link:

Uber reels from ‘security incident’ in which cloud systems seemingly hijacked — The Register

The food delivery and ride sharing disruptor has admitted that something is up, saying it is investigating the matter with the Feds, writes Simon Sharwood. Here is the link:

NSA releases future quantum-resistant (QR) algorithm requirements

The National Security Agency (NSA) has released the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) Cybersecurity Advisory (CSA).

SandboxAQ acquires Cryptosense

SandboxAQ has acquired Cryptosense, a cybersecurity and encryption analysis software company. 

Axio raises $23M

Cyber risk quantification solutions provider Axio has raised $23 million in a Series B investment round.

T-Mobile to pay $500M for one of the largest data breaches in US history...

T-Mobile has admitted no guilt but has agreed to pay a $500 million settlement (pending a judge’s approval), out of which $350 million will go to the settlement fund, writes Ashley...

January 6 panel examines whether erased Secret Service texts can be revived — The...

The House committee investigating the Capitol attack is examining whether Secret Service text messages from 5 and 6 January 2021 that were erased around the time of an internal review can be reconstructed, writes Hugo Lowell.