Software company Kaseya was targeted by a cyberattack starting Friday that has since spread to hundreds of mainly small and medium-size businesses. On Monday, Kaseya chief executive Fred Voccola reported to Anne Neuberger, the deputy national security advisor for cyber and emerging technology, that the attackers demanded a $70 million ransomware payment and that his company wasn’t aware of any breach of critical infrastructure impacting national security. According to experts, the attackers may be members of REvil, a Russian cybercriminal group. Continue reading Massive Ransomware Attack Affects Hundreds of Businesses

Forescout Research Labs and JSOF researchers have discovered nine security flaws in four commonly used TCP/IP stacks that make 100+ million devices vulnerable to attack. The set of flaws, dubbed Name:Wreck, mainly impact Internet of Things (IoT) products and IT management servers. The TCP/IP stacks that integrate network communication protocols to connect devices and the Internet are found in operating systems such as the open-source FreeBSD and Siemens’ Nucleus NET. An attacker could crash a device, take it offline or gain control of it. Continue reading Millions of IoT Devices Open to Attack Due to Security Flaws

Senate Finance Committee chair Ron Wyden (D-Oregon) heads a bipartisan group of U.S. senators attempting to understand more about digital advertising auctions and their relationship to personalized ads. The group sent a letter to the largest companies that run these auctions, including AT&T, Index Exchange, Google, Magnite, OpenX Software, PubMatic, Twitter and Verizon Communications. The senators want the names of all foreign clients gaining access to user data through the auctions, citing concerns of national security. Continue reading Senators Press Ad-Auctioneers for Personal Data Sales Info

President Joe Biden is working on a draft executive order to require companies doing business with the federal government to report hacks within a few days. Homeland Security secretary Alejandro Mayorkas stated the order would also require the companies to use data encryption and two-factor authentication and would combat ransomware and improve protection for industrial control systems, transportation and election security. The SolarWinds hack has prompted the government to pay closer attention to cybersecurity. Continue reading Biden to Issue Executive Order Upgrading U.S. Cybersecurity

Russia and China recently ran sophisticated hacks from servers inside the United States, going undetected by the National Security Agency, which is prohibited from conducting surveillance in the U.S., as well as the FBI and Department of Homeland Security. Private computer security firms were the first to raise the alarm on these foreign attacks, and Microsoft reported that its patches are being reverse-engineered by criminal groups to launch ransomware attacks on corporations. The White House is paying attention. Continue reading Cybersecurity: White House Pursues Public-Private Alliances

The U.S. military, the Internal Revenue Service (IRS), Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA) and Department of Homeland Security (DHS) are reportedly among the agencies that have been buying citizens’ location data from commercial services. Now, a Treasury Department inspector general report has indicated that this practice is illegal without first obtaining a warrant. The agencies in question say they are buying commercially available data from those who have consented to having their data collected. Continue reading Treasury Department May Put an End to Location Data Sales

In December, suspected Russian hackers compromised SolarWinds Corp., a small software vendor, leveraging it to infiltrate the U.S. departments of Commerce, State and Treasury, as well as numerous private companies. An in-depth investigation revealed that the hack’s scope was larger than first known, with about one-third of those hacked having no direct connection with SolarWinds. Now, the Biden administration has selected White House National Security Council senior official Anne Neuberger to lead the response. Continue reading White House Names Official to Lead Probe of Expansive Hack

According to Google Cloud chief executive Thomas Kurian, the coronavirus pandemic has had an impact on the development of new cloud features. “Every week, there’s a new set of dimensions, and we have to adapt, keep people positive, and focus through it,” he said. A new security product that encrypts data while it’s being processed, for example, is aimed at luring businesses in highly regulated industries to adopt cloud services. Another cloud-computing product is Assured Workloads for Government, a new way to secure public sector deals. Continue reading Google Developing New Cloud Services During the Pandemic

The Trump administration wants to revoke licenses used by China Telecom’s U.S. subsidiary to act as a common carrier, connecting domestic and international networks. The U.S. Department of Justice, leading the departments of Defense and Homeland Security, requested that the FCC permanently rescind these licenses. The administration stated that China’s technology interests are a threat to U.S. security. Citing the same concerns, U.S. gave Google permission to open a high-speed Internet link to Taiwan but not Hong Kong. Continue reading U.S. Moves to Hinder China Telecom and Links to Hong Kong

In a rare bipartisan move, Democratic and Republican legislators joined forces to propose the Shop Safe Act, which would make e-commerce companies responsible for counterfeit products from China and other countries sold on their websites. The bill would focus on trademark liability for those fake products that impact consumer health and safety, such as pharmaceuticals and medical products, and would force e-tailers to more closely vet sellers and remove those who repeatedly sell counterfeits. Continue reading Bipartisan Bill Would Make Platforms Liable for Fake Products

The Trump administration is cracking down on counterfeit products sold over the Internet, warning warehouse operators and e-commerce platforms such as Amazon that they will pay fines if they don’t help identify such products. The Department of Homeland Security released a report on the problem, and the White House in concert with U.S. Customs and Border Protection is leading the initiative. The recent trade agreement with China requires that country to curb counterfeiters or risk potential new tariffs. Continue reading White House Cracks Down on Counterfeit Goods Sold Online

A small startup named Clearview AI, led by Hoan Ton-That, created a facial recognition app that may exceed the scope of anything built by the U.S. government or Big Tech companies. Now in the hands of the FBI, the Department of Homeland Security and hundreds of other law enforcement agencies, the app allows the user to take a photo of a person, upload it and search a database of more than three billion images to find public photos of that person with links to where they appeared. Images have been scraped from Facebook, YouTube, Venmo and “millions of other websites.” Continue reading FBI and Law Enforcement Use New Facial Recognition Tool

Cloud Hopper, a massive cybertheft effort allegedly run by China’s intelligence services and operating through cloud services since at least 2016, is much bigger than it was originally believed to be. U.S. prosecutors identified and charged two Chinese nationals, but both remain at large. The original indictment listed 14 unnamed companies and about a dozen cloud providers. The Trump administration escalated the military’s use of cyber weapons, but hasn’t revealed its rules, leading to a bipartisan push for transparency. Continue reading China’s Cloud Hopper Cyberhack Bigger Than First Revealed

Cisco Systems won a temporary injunction against four Chinese companies the company accused of counterfeiting its transceivers. Filed in federal court in the Eastern District of New York, the suit said the fake gear threatened U.S. national security and health systems because they were not secure and would fail more often. The transceivers are used in networks to pass data through corporate data centers, hospitals and military bases. The injunction will force Amazon and Alibaba Group Holding to cease sales of the phony equipment. Continue reading Cisco Wins Injunction Against Four Chinese Counterfeiters

As the 2020 U.S. presidential election nears, government officials met in Silicon Valley with Facebook, Google, Microsoft and Twitter to discuss how to prevent the foreign interference that took place during the 2016 election. The companies’ security teams and representatives from the FBI, Office of the Director of National Intelligence and the Department of Homeland Security attended the daylong meeting at Facebook’s headquarters. The group talked about detecting potential threats and methods of strategic collaboration. Continue reading Tech Firms, U.S. Officials Strategize 2020 Election Security