SEC Probe of SolarWinds Attack Concerns Corporate Execs

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

House Calls for Regulating Use of Facial Recognition Software

The House Judiciary Subcommittee on Crime, Terrorism and Homeland Security has determined that the use of facial recognition software by law enforcement should be regulated. Subcommittee chair Sheila Jackson Lee (D-Texas) and top Republican Andy Biggs (R-Arizona) agreed that there should be “some kind of meaningful regulation and oversight of facial recognition.” Last month, the Government Accountability Office (GAO) reported that federal law enforcement agencies should do more to prevent facial recognition bias and misuse. Continue reading House Calls for Regulating Use of Facial Recognition Software

Massive Ransomware Attack Affects Hundreds of Businesses

Software company Kaseya was targeted by a cyberattack starting Friday that has since spread to hundreds of mainly small and medium-size businesses. On Monday, Kaseya chief executive Fred Voccola reported to Anne Neuberger, the deputy national security advisor for cyber and emerging technology, that the attackers demanded a $70 million ransomware payment and that his company wasn’t aware of any breach of critical infrastructure impacting national security. According to experts, the attackers may be members of REvil, a Russian cybercriminal group. Continue reading Massive Ransomware Attack Affects Hundreds of Businesses

Millions of IoT Devices Open to Attack Due to Security Flaws

Forescout Research Labs and JSOF researchers have discovered nine security flaws in four commonly used TCP/IP stacks that make 100+ million devices vulnerable to attack. The set of flaws, dubbed Name:Wreck, mainly impact Internet of Things (IoT) products and IT management servers. The TCP/IP stacks that integrate network communication protocols to connect devices and the Internet are found in operating systems such as the open-source FreeBSD and Siemens’ Nucleus NET. An attacker could crash a device, take it offline or gain control of it. Continue reading Millions of IoT Devices Open to Attack Due to Security Flaws

Senators Press Ad-Auctioneers for Personal Data Sales Info

Senate Finance Committee chair Ron Wyden (D-Oregon) heads a bipartisan group of U.S. senators attempting to understand more about digital advertising auctions and their relationship to personalized ads. The group sent a letter to the largest companies that run these auctions, including AT&T, Index Exchange, Google, Magnite, OpenX Software, PubMatic, Twitter and Verizon Communications. The senators want the names of all foreign clients gaining access to user data through the auctions, citing concerns of national security. Continue reading Senators Press Ad-Auctioneers for Personal Data Sales Info

Biden to Issue Executive Order Upgrading U.S. Cybersecurity

President Joe Biden is working on a draft executive order to require companies doing business with the federal government to report hacks within a few days. Homeland Security secretary Alejandro Mayorkas stated the order would also require the companies to use data encryption and two-factor authentication and would combat ransomware and improve protection for industrial control systems, transportation and election security. The SolarWinds hack has prompted the government to pay closer attention to cybersecurity. Continue reading Biden to Issue Executive Order Upgrading U.S. Cybersecurity

Cybersecurity: White House Pursues Public-Private Alliances

Russia and China recently ran sophisticated hacks from servers inside the United States, going undetected by the National Security Agency, which is prohibited from conducting surveillance in the U.S., as well as the FBI and Department of Homeland Security. Private computer security firms were the first to raise the alarm on these foreign attacks, and Microsoft reported that its patches are being reverse-engineered by criminal groups to launch ransomware attacks on corporations. The White House is paying attention. Continue reading Cybersecurity: White House Pursues Public-Private Alliances

Treasury Department May Put an End to Location Data Sales

The U.S. military, the Internal Revenue Service (IRS), Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA) and Department of Homeland Security (DHS) are reportedly among the agencies that have been buying citizens’ location data from commercial services. Now, a Treasury Department inspector general report has indicated that this practice is illegal without first obtaining a warrant. The agencies in question say they are buying commercially available data from those who have consented to having their data collected. Continue reading Treasury Department May Put an End to Location Data Sales

White House Names Official to Lead Probe of Expansive Hack

In December, suspected Russian hackers compromised SolarWinds Corp., a small software vendor, leveraging it to infiltrate the U.S. departments of Commerce, State and Treasury, as well as numerous private companies. An in-depth investigation revealed that the hack’s scope was larger than first known, with about one-third of those hacked having no direct connection with SolarWinds. Now, the Biden administration has selected White House National Security Council senior official Anne Neuberger to lead the response. Continue reading White House Names Official to Lead Probe of Expansive Hack

Google Developing New Cloud Services During the Pandemic

According to Google Cloud chief executive Thomas Kurian, the coronavirus pandemic has had an impact on the development of new cloud features. “Every week, there’s a new set of dimensions, and we have to adapt, keep people positive, and focus through it,” he said. A new security product that encrypts data while it’s being processed, for example, is aimed at luring businesses in highly regulated industries to adopt cloud services. Another cloud-computing product is Assured Workloads for Government, a new way to secure public sector deals. Continue reading Google Developing New Cloud Services During the Pandemic

U.S. Moves to Hinder China Telecom and Links to Hong Kong

The Trump administration wants to revoke licenses used by China Telecom’s U.S. subsidiary to act as a common carrier, connecting domestic and international networks. The U.S. Department of Justice, leading the departments of Defense and Homeland Security, requested that the FCC permanently rescind these licenses. The administration stated that China’s technology interests are a threat to U.S. security. Citing the same concerns, U.S. gave Google permission to open a high-speed Internet link to Taiwan but not Hong Kong. Continue reading U.S. Moves to Hinder China Telecom and Links to Hong Kong

Bipartisan Bill Would Make Platforms Liable for Fake Products

In a rare bipartisan move, Democratic and Republican legislators joined forces to propose the Shop Safe Act, which would make e-commerce companies responsible for counterfeit products from China and other countries sold on their websites. The bill would focus on trademark liability for those fake products that impact consumer health and safety, such as pharmaceuticals and medical products, and would force e-tailers to more closely vet sellers and remove those who repeatedly sell counterfeits. Continue reading Bipartisan Bill Would Make Platforms Liable for Fake Products

White House Cracks Down on Counterfeit Goods Sold Online

The Trump administration is cracking down on counterfeit products sold over the Internet, warning warehouse operators and e-commerce platforms such as Amazon that they will pay fines if they don’t help identify such products. The Department of Homeland Security released a report on the problem, and the White House in concert with U.S. Customs and Border Protection is leading the initiative. The recent trade agreement with China requires that country to curb counterfeiters or risk potential new tariffs. Continue reading White House Cracks Down on Counterfeit Goods Sold Online

FBI and Law Enforcement Use New Facial Recognition Tool

A small startup named Clearview AI, led by Hoan Ton-That, created a facial recognition app that may exceed the scope of anything built by the U.S. government or Big Tech companies. Now in the hands of the FBI, the Department of Homeland Security and hundreds of other law enforcement agencies, the app allows the user to take a photo of a person, upload it and search a database of more than three billion images to find public photos of that person with links to where they appeared. Images have been scraped from Facebook, YouTube, Venmo and “millions of other websites.” Continue reading FBI and Law Enforcement Use New Facial Recognition Tool

Page 1 of 3123