Ireland DPC Fines Meta $275 Million for Data Privacy Breach

Meta Platforms has been fined $275 million for violating European Union privacy rules, the result of a 2021 data leak that led to the online publication of personal information belonging to 500 million Facebook users. The penalty is the latest imposed on Meta by Ireland’s Data Protection Commission, which in September imposed a $400 million penalty on Instagram for mishandling children’s data. In October 2021, the same regulator fined Meta $235 million for violations by its WhatsApp messaging service. In total, Irish authorities have imposed penalties of more than $900 million on Meta in the past two years. Continue reading Ireland DPC Fines Meta $275 Million for Data Privacy Breach

Cybersecurity Labeling System Coming to IoT Devices in 2023

The Biden administration is implementing a cybersecurity labeling program designed to protect consumers using Internet of Things devices from “significant national security risks.” Beginning in the spring of 2023, IoT smart hardware will begin carrying a “label for products that meet U.S. government standards and are tested by vetted and approved entities,” according to the White House. The program will start with high-risk devices like routers and cameras. To jump-start the initiative, the White House hosted an IoT Cybersecurity Summit attended by national security officials, hardware manufacturers and representatives from consumer product associations. Continue reading Cybersecurity Labeling System Coming to IoT Devices in 2023

Senate Group Wants CISA to Protect Open-Source Software

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software

Charges Made by Twitter Whistleblower Could Benefit Musk

A former Twitter security chief may be Elon Musk’s white knight in the billionaire’s effort to get out of his contract to purchase Twitter for $54.20 per share ($44 billion). Peiter Zatko filed a whistleblower disclosure to Congress and federal agencies claiming Twitter not only deceived shareholders and the public by misrepresenting its bot count and security measures, but also alleging “that one or more current employees may be working for a foreign intelligence service,” according to CNN. If true, the allegations would violate a 2011 agreement between Twitter and the Federal Trade Commission. Continue reading Charges Made by Twitter Whistleblower Could Benefit Musk

Password Era Coming to End as Providers Support Passkeys

Weak and repeated passwords are a huge vulnerability when it comes to navigating one’s digital life, and it appears 2022 is the year online companies will make a concerted effort to navigate users away from passwords altogether. At the WWDC 2022 developer conference last week, Apple announced passwordless logins across iPhones, iPads, Macs and Apple TVs. Later this year, iOS 16 and macOS Ventura users will be invited to log into apps and websites using passkeys. Once a passkey is set up for an app or site, it gets stored on the device used to activate it. Tech giants Google and Microsoft are also backing the passkey protocol. Continue reading Password Era Coming to End as Providers Support Passkeys

Agencies Warn That Hackers Are Targeting Control Systems

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

Proposed Antitrust Laws a Privacy Disaster Warns Tim Cook

Antitrust legislation pending in the U.S. and European Union is at odds with consumer privacy initiatives in those territories, Apple CEO Tim Cook told attendees of the IAPP Global Privacy Summit 2022 in Washington, D.C. on Tuesday. Speaking out against proposed “gatekeeper” rules, Cook warned that “when companies decide to leave the App Store because they want to exploit user data, it could put significant pressure on people to engage with alternate app stores — app stores where their privacy and security may not be protected.” Continue reading Proposed Antitrust Laws a Privacy Disaster Warns Tim Cook

Crypto Bridges Creating Vulnerabilities Popular with Hackers

Cryptocurrency bridges, which enable transactions across a wide range of token types, are an increasingly important factor in the world of blockchain. A hack involving approximately $540 million in Ethereum and USDC stablecoin from the Ronin bridge in March was another drop in the $1 billion-plus bucket stolen from bridges. Successful attacks have become more common in recent years and the Ronin heist, among the largest, underscores a bigger problem. Different cryptocurrencies are typically siloed, so a Dogecoin transaction can’t be implemented on the Bitcoin blockchain, but it can by using a bridge. Continue reading Crypto Bridges Creating Vulnerabilities Popular with Hackers

Court Lets Microsoft DCU Seize 42 Chinese Hacker Websites

The Microsoft Digital Crimes Unit has seized 42 websites from China-based hacking group Nickel, in attempt to thwart the group’s intelligence-gathering operations. A Virginia federal court granted Microsoft’s request to take over the U.S.-based websites run by Nickel, also known as APT15. Microsoft had since 2016 been tracking the group’s activities, determining them “highly sophisticated,” with attacks designed to install malware that facilitated surveillance and data theft attacks. Nickel was used to attack organizations in the United States and 28 other countries around the world, DCU says. Continue reading Court Lets Microsoft DCU Seize 42 Chinese Hacker Websites

U.S. to Limit Exporting Surveillance Tech to Certain Countries

The U.S. government has announced its plans to work with other nations to put restrictions on the export of surveillance tools to authoritarian countries such as China. The Biden administration says it would gather allies and start an initiative to regulate the export of surveillance tools. The initiative is planned to be discussed during a virtual gathering, Summit for Democracy, on December 9-10. Representatives from more than 100 democratic nations will be participating. The primary objective of the summit is to crack down on authoritarian governments from using cyber tools to violate fundamental human rights. Continue reading U.S. to Limit Exporting Surveillance Tech to Certain Countries

Biden Administration Orders Agencies to Repair Cyber Flaws

The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws

Alphabet CEO Calls for Government Action in Tech Innovation

Sundar Pichai, CEO of Google and its parent Alphabet, is urging the U.S. government to step up innovation and more actively police cyberthreats. In a year beset with security breaches attributed to Russian and Chinese hackers, Pichai says it’s time to draft a Geneva Convention for technology, outlining international legal standards, safeguards and behavioral norms for the connected age. Pichai also made an appeal for state-sponsored innovation in the face of competition from China, where the Communist Party under President Xi Jinping has outlined plans to advance artificial intelligence and develop a proprietary semiconductor sector. Continue reading Alphabet CEO Calls for Government Action in Tech Innovation

SEC Probe of SolarWinds Attack Concerns Corporate Execs

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

In the security world, “bug bounty” programs are becoming more common, from Facebook to the Department of Defense. Hackers who can reveal the hidden vulnerabilities of a device, system or corporation can reap significant financial rewards. Apple launched its program in 2016 and offers payouts of up to $1 million for the most elusive flaws. The tech giant reportedly spent $3.7 million on such exercises in the 12-month period ending in July 2021, during which time Google shelled out $6.7 million and Microsoft spent $13.6 million. Such programs have become a valuable tool in security maintenance, putting hackers’ inquisitive natures to productive use.  Continue reading Tech Firms Raid Security Flaws with ‘Bug Bounty’ Programs

Facebook Decides to Curtail Political Content in News Feed

All politics may be local, but you can expect less of it to be social. As of August 31, Facebook began reducing political content that appears in its News Feed. The move comes as the social media giant attempts to beat back a barrage of criticism for spreading misinformation through the use of algorithms that appear to reward click-generating controversies over level-headed dialogue. The new content modification is “in response to common feedback from our community,” a Facebook spokesperson said. Continue reading Facebook Decides to Curtail Political Content in News Feed