Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol. Continue reading Password Era Coming to End as Providers Support Passkeys

As various states undergo primary elections and the nation gears up for midterm elections in the fall, the social network misinformation machines are becoming more active, too. Connecticut is actively addressing the problem with a marketing budget of nearly $2 million to counter unfounded rumors. The state is also creating a new position to monitor the disinformation mill. Salaried at $150,000 per year, the job involves combing fringe sites like Gettr, Rumble and 4chan as well as mainstream social media sites to weed-out falsehoods before they go viral, alerting platforms to remove or flag such posts. Continue reading States Fight Misinformation on Social Media Before Midterms

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

The U.S. government has issued a cybersecurity alert warning of “possible threats” to satellite communication networks and the country’s critical infrastructure. Concerned that recent attacks on European satellite networks could spread to the United States, a joint advisory published last week by the FBI and the Cybersecurity and Infrastructure Security Agency cited CISA’s “Shield’s Up” initiative, which warns that Russia’s invasion of Ukraine could trigger homeland attacks. The alert requests “all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity.” Continue reading CISA and FBI Warn of Possible Attacks on Satellite Networks

Alphabet has agreed to purchase cybersecurity firm Mandiant in a deal valued at nearly $5.4 billion. Mandiant — which services global enterprises, governments and law enforcement agencies — brings expertise that will fortify Alphabet’s Google Cloud with increased security at a time when businesses worldwide are focused on preventing cyberattacks. The deal, which is subject to regulatory approval, is expected to close later this year. The fact that Mandiant complements, rather than expands, Google’s sphere of influence should prove beneficial as Alphabet faces antitrust lawsuits from the Justice Department and U.S. states. Continue reading Google to Spend $5.4 Billion for Cybersecurity Firm Mandiant

On the heels of its first Congressional hearing for product safety, TikTok has announced policy changes aimed at making the short-form video social platform safer and more secure, particularly for minors, LGBTQ and minority users. In October, TikTok vice president and head of public policy Michael Beckerman testified along with executives from Snapchat and YouTube, addressing questions from U.S. senators as to the social media site’s impact on teen eating disorders and fallout from dangerous hoaxes. The policy updates address those concerns and institute new cybersecurity measures intended to protect user data from unauthorized access. Continue reading TikTok Updates Safety for Minors, Expands Security Features

Congresswoman Nanette Diaz Barragán (D-California), who serves on the House Committee on Homeland Security and the House Committee on Energy and Commerce, is concerned about the potential harm of cyberattacks in her 44th district, which includes of the Port of Los Angeles. Congressman Jay Obernolte (R-California), among his other assignments, is a member of the Committee of Science, Space and Technology and two caucuses, one on 5G and another on AI.  What they both have in common are concerns about cybersecurity, topics that were addressed during a panel at CES 2022. Continue reading CES: Members of Congress Discuss Cybersecurity Concerns

During a panel at CES 2022, CTA specialist in government affairs Quentin Scholtz queried panelists from government and technology on their priorities and plans for stepping up effective enforcement against cyberattacks, especially those originating from nation states. Jamie Susskind, tech policy advisor for Senator Marsha Blackburn (R-Tennessee); former U.S. representative Will Hurd (R-Texas); and Samsung Electronics senior manager and counsel of public policy Eric Tamarkin offered complementary priorities on how to act in 2022 and going forward. Continue reading CES: Government, Tech Firms Partner to Curtail Cyberattacks

Human rights are center stage in a Congressional request to the U.S. Treasury Department for sanctions against Israeli spyware firm NSO Group and three additional foreign surveillance companies that allegedly aided authoritarian governments in committing criminal moral abuses. In a letter signed by Senate Finance Committee chairman Ron Wyden (D-Oregon), House Intelligence Committee chairman Adam Schiff (D-California) and 16 other Democratic lawmakers, Treasury was also asked to slap down UAE cybersecurity firm DarkMatter, European bulk surveillance mills Nexa Technologies and Trovicor, and top executives at those firms. Continue reading Lawmakers Urge Treasury Sanctions Against Spyware Firms

The Log4j code vulnerability has the media declaring the Internet in a state of crisis. Log4j is a Java-based logging framework developers use to track user activity within applications on the popular Apache web server. Security experts are rushing to patch the bug, which is being exploited to remotely assume control of vulnerable systems, stealing credentials, installing malware and launching other attacks that permeate consumer devices. Last week, the U.S. Cybersecurity and Infrastructure Security Agency issued a Log4j alert, as did Australia’s CERT emergency response team. Continue reading Major Security Vulnerability Triggers Worldwide Internet Crisis

The U.S. government has announced its plans to work with other nations to put restrictions on the export of surveillance tools to authoritarian countries such as China. The Biden administration says it would gather allies and start an initiative to regulate the export of surveillance tools. The initiative is planned to be discussed during a virtual gathering, Summit for Democracy, on December 9-10. Representatives from more than 100 democratic nations will be participating. The primary objective of the summit is to crack down on authoritarian governments from using cyber tools to violate fundamental human rights. Continue reading U.S. to Limit Exporting Surveillance Tech to Certain Countries

Nvidia is fast-tracking its cybersecurity efforts, emphasizing zero trust through new product integrations designed to protect enterprise customers from attack while supporting artificial intelligence, machine learning and server workloads that scale. Earlier this month Nvidia promoted its full-stack data center security solution: DOCA 1.2 accelerated software, running on BlueField-3 DPUs using the Morpheus AI framework — a configuration that can “secure a data center at every touchpoint,” including users, devices and the data itself, Nvidia founder and CEO Jensen Huang explained at Nvidia’s GTC 2021 event earlier this month. Continue reading Nvidia Introduces a Full-Stack Solution for Zero Trust Security

The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws

Sundar Pichai, CEO of Google and its parent Alphabet, is urging the U.S. government to step up innovation and more actively police cyberthreats. In a year beset with security breaches attributed to Russian and Chinese hackers, Pichai says it’s time to draft a Geneva Convention for technology, outlining international legal standards, safeguards and behavioral norms for the connected age. Pichai also made an appeal for state-sponsored innovation in the face of competition from China, where the Communist Party under President Xi Jinping has outlined plans to advance artificial intelligence and develop a proprietary semiconductor sector. Continue reading Alphabet CEO Calls for Government Action in Tech Innovation

Payments flagged by U.S. banks as suspected ransomware in 2021 are on pace to nearly double those of 2020, according to reports filed with the Treasury Department. Almost $600 million in potential ransomware payments have been filed with the federal government from January through June, which is more than 40 percent more than the tally for full-year 2020. Reflecting the fact that governments worldwide describe cybercrime as a critical national security threat, the first International Cybersecurity Challenge is scheduled for Greece in June 2022, where 25 Americans aged 18 to 26 are set to compete. Continue reading U.S. Advances Cybersecurity Steps as Ransomware Doubles