Here are the top five most interesting and/or important cybersecurity stories from this week’s *Cyber Security Headlines*. The 6-minute cyber news podcast is available every weekday on [cisoseries.com](http://cisoseries.com/).
# Capitol breach has ‘staggering’ infosec implications
We know that they sat in Nancy Pelosi’s chair, put their feet on her desk, and rifled through legislators’ files. But what systems and physical files did they steal, alter or destroy? Figuring it out will be a “staggering” task, cybersecurity observers noted. We should assume that “all systems and physical files were compromised, and catalog what of each” was tampered with, noted security reporter Joe Uchill. Every printer. Every copier. Every nook and cranny. Another security reporter, Marc Ambinder, noted that “Every single computer on Capitol Hill is vulnerable to a USB-mounted attack.”
## Trump banned from Facebook & Instagram, maybe indefinitely
Facebook CEO Mark Zuckerberg announced that Donald Trump will be blocked from using Facebook and Instagram “for at least the next two weeks until the peaceful transition of power is complete.” He’s not happy about his platform being used “to incite violent insurrection against a democratically elected government,” he said. Facebook says that “the risks of allowing the President to continue to use our service during this period are simply too great.” The company blocked Trump’s accounts temporarily on Wednesday following his posting of content that incited followers to violence, but now Zuckerberg says the ban is extended “indefinitely.” Twitter has also threatened Trump with a permanent ban.
## Microsoft source code accessed by SolarWinds attackers
As part of its ongoing investigation into the SolarWinds supply chain attack, Microsoft discovered its systems were infiltrated “beyond just the presence of malicious SolarWinds code,” with the attackers able to view source code in a number of repositories. While able to view the code, the attackers did not gain permission to modify any code or systems. The company said it did not see any production systems or customer data accessed, or found any indication its systems were used to attack other organizations.
## Google, Alphabet employees unionize
Dubbed the Alphabet Workers Union, it will be open to employees and contractors. Although its current membership, at 227 people, is less than one-thousandth of Alphabet’s working population, its press release points out that more than half of the people who work at Alphabet companies are contract workers and therefore lack many benefits. Additionally, workers take issue with hefty payout packages to executives accused of harassment, as well as with some of the company’s government contracts, such as the one around military drone targeting.
## US Army launches new bug-bounty program
The Defense Digital Service (DDS) and HackerOne have launched a new bug bounty program that’s meant to dig out vulnerabilities in the US Army’s digital systems. Called Hack the Army 3.0, this will be the 11th bug bounty program from the DDS and HackerOne and the third one that focuses on the US Army. It runs from Jan. 6 until Feb. 17, is by invitation only, and will include cash for military and civilian participants who successfully uncover bugs.