FCC’s Carr Renews Call for a National Security Ban on TikTok

Brendan Carr, a commissioner of the Federal Communications Commission, is continuing his efforts to have TikTok banned, telling the Council on Foreign Investment in the U.S. in his strongest language to date that the viral short-form video app is, as a result of consumer adoption, becoming a part of the nation’s critical information infrastructure, and thus presents a national security risk due to Chinese ownership. TikTok is reportedly back in negotiations with the CFIUS, an interagency committee that reviews foreign investment, about a change of ownership that would smooth the path to ongoing U.S. operations. Continue reading FCC’s Carr Renews Call for a National Security Ban on TikTok

Deepfakes Used for Entertainment, Advertising Draw Concern

Celebrity deepfakes springing up on the web, and even in advertising, are raising concerns. The technology is advancing in sophistication and commercial interest. Apple was just granted rights by the U.S. Patent Office to “face image generation with pose and expression control” from reference images. This month, video of President Biden was manipulated into a performance of the viral children’s tune “Baby Shark,” while a digital doppelganger for Elon Musk hawked investment opportunities for real estate startup reAlpha Tech. Tom Cruise, Leonardo DiCaprio and Bruce Willis are also among those artificially misappropriated for promotional use without permission. Continue reading Deepfakes Used for Entertainment, Advertising Draw Concern

Senate Group Wants CISA to Protect Open-Source Software

Senate Homeland Security Committee leaders Gary Peters (D-Michigan) and Rob Portman (R-Ohio) have introduced a bill requiring a risk framework for open-source code. The proposed legislation would require the Cybersecurity and Infrastructure Security Agency to develop the risk evaluation process for open-source software being used by federal agencies and critical infrastructure. The move follows the discovery in December of a vulnerability in the Apache Software Foundation’s popular Log4j Java logging utility. Peters said the Log4j incident presented a serious threat to banks, hospitals, and utility companies, among other national security operations. Continue reading Senate Group Wants CISA to Protect Open-Source Software

States Fight Misinformation on Social Media Before Midterms

As various states undergo primary elections and the nation gears up for midterm elections in the fall, the social network misinformation machines are becoming more active, too. Connecticut is actively addressing the problem with a marketing budget of nearly $2 million to counter unfounded rumors. The state is also creating a new position to monitor the disinformation mill. Salaried at $150,000 per year, the job involves combing fringe sites like Gettr, Rumble and 4chan as well as mainstream social media sites to weed-out falsehoods before they go viral, alerting platforms to remove or flag such posts. Continue reading States Fight Misinformation on Social Media Before Midterms

CES: Members of Congress Discuss Cybersecurity Concerns

Congresswoman Nanette Diaz Barragán (D-California), who serves on the House Committee on Homeland Security and the House Committee on Energy and Commerce, is concerned about the potential harm of cyberattacks in her 44th district, which includes of the Port of Los Angeles. Congressman Jay Obernolte (R-California), among his other assignments, is a member of the Committee of Science, Space and Technology and two caucuses, one on 5G and another on AI.  What they both have in common are concerns about cybersecurity, topics that were addressed during a panel at CES 2022. Continue reading CES: Members of Congress Discuss Cybersecurity Concerns

Chinese Drone Maker DJI Suspected of U.S. Data Harvesting

China’s SZ DJI Technology, a leading global producer of unmanned aerial vehicles, has come under scrutiny as a national security threat. The Shenzhen-based company is suspected of turning unwitting Americans into surveillance operatives by harvesting data about U.S. infrastructure from their drones. Last week, the Biden administration imposed a U.S. investment ban against DJI and seven other companies for enabling China’s military-industrial complex. Although the Treasury Department says human rights violations are behind the ban, reports say the FCC wants DJI’s products completely removed from the U.S. market. Continue reading Chinese Drone Maker DJI Suspected of U.S. Data Harvesting

Biden Administration Orders Agencies to Repair Cyber Flaws

The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws

SEC Probe of SolarWinds Attack Concerns Corporate Execs

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

House Calls for Regulating Use of Facial Recognition Software

The House Judiciary Subcommittee on Crime, Terrorism and Homeland Security has determined that the use of facial recognition software by law enforcement should be regulated. Subcommittee chair Sheila Jackson Lee (D-Texas) and top Republican Andy Biggs (R-Arizona) agreed that there should be “some kind of meaningful regulation and oversight of facial recognition.” Last month, the Government Accountability Office (GAO) reported that federal law enforcement agencies should do more to prevent facial recognition bias and misuse. Continue reading House Calls for Regulating Use of Facial Recognition Software

Massive Ransomware Attack Affects Hundreds of Businesses

Software company Kaseya was targeted by a cyberattack starting Friday that has since spread to hundreds of mainly small and medium-size businesses. On Monday, Kaseya chief executive Fred Voccola reported to Anne Neuberger, the deputy national security advisor for cyber and emerging technology, that the attackers demanded a $70 million ransomware payment and that his company wasn’t aware of any breach of critical infrastructure impacting national security. According to experts, the attackers may be members of REvil, a Russian cybercriminal group. Continue reading Massive Ransomware Attack Affects Hundreds of Businesses

Millions of IoT Devices Open to Attack Due to Security Flaws

Forescout Research Labs and JSOF researchers have discovered nine security flaws in four commonly used TCP/IP stacks that make 100+ million devices vulnerable to attack. The set of flaws, dubbed Name:Wreck, mainly impact Internet of Things (IoT) products and IT management servers. The TCP/IP stacks that integrate network communication protocols to connect devices and the Internet are found in operating systems such as the open-source FreeBSD and Siemens’ Nucleus NET. An attacker could crash a device, take it offline or gain control of it. Continue reading Millions of IoT Devices Open to Attack Due to Security Flaws

Senators Press Ad-Auctioneers for Personal Data Sales Info

Senate Finance Committee chair Ron Wyden (D-Oregon) heads a bipartisan group of U.S. senators attempting to understand more about digital advertising auctions and their relationship to personalized ads. The group sent a letter to the largest companies that run these auctions, including AT&T, Index Exchange, Google, Magnite, OpenX Software, PubMatic, Twitter and Verizon Communications. The senators want the names of all foreign clients gaining access to user data through the auctions, citing concerns of national security. Continue reading Senators Press Ad-Auctioneers for Personal Data Sales Info

Biden to Issue Executive Order Upgrading U.S. Cybersecurity

President Joe Biden is working on a draft executive order to require companies doing business with the federal government to report hacks within a few days. Homeland Security secretary Alejandro Mayorkas stated the order would also require the companies to use data encryption and two-factor authentication and would combat ransomware and improve protection for industrial control systems, transportation and election security. The SolarWinds hack has prompted the government to pay closer attention to cybersecurity. Continue reading Biden to Issue Executive Order Upgrading U.S. Cybersecurity

Cybersecurity: White House Pursues Public-Private Alliances

Russia and China recently ran sophisticated hacks from servers inside the United States, going undetected by the National Security Agency, which is prohibited from conducting surveillance in the U.S., as well as the FBI and Department of Homeland Security. Private computer security firms were the first to raise the alarm on these foreign attacks, and Microsoft reported that its patches are being reverse-engineered by criminal groups to launch ransomware attacks on corporations. The White House is paying attention. Continue reading Cybersecurity: White House Pursues Public-Private Alliances