U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

Senators Press Ad-Auctioneers for Personal Data Sales Info

Senate Finance Committee chair Ron Wyden (D-Oregon) heads a bipartisan group of U.S. senators attempting to understand more about digital advertising auctions and their relationship to personalized ads. The group sent a letter to the largest companies that run these auctions, including AT&T, Index Exchange, Google, Magnite, OpenX Software, PubMatic, Twitter and Verizon Communications. The senators want the names of all foreign clients gaining access to user data through the auctions, citing concerns of national security. Continue reading Senators Press Ad-Auctioneers for Personal Data Sales Info

Cybersecurity: White House Pursues Public-Private Alliances

Russia and China recently ran sophisticated hacks from servers inside the United States, going undetected by the National Security Agency, which is prohibited from conducting surveillance in the U.S., as well as the FBI and Department of Homeland Security. Private computer security firms were the first to raise the alarm on these foreign attacks, and Microsoft reported that its patches are being reverse-engineered by criminal groups to launch ransomware attacks on corporations. The White House is paying attention. Continue reading Cybersecurity: White House Pursues Public-Private Alliances

White House Names Official to Lead Probe of Expansive Hack

In December, suspected Russian hackers compromised SolarWinds Corp., a small software vendor, leveraging it to infiltrate the U.S. departments of Commerce, State and Treasury, as well as numerous private companies. An in-depth investigation revealed that the hack’s scope was larger than first known, with about one-third of those hacked having no direct connection with SolarWinds. Now, the Biden administration has selected White House National Security Council senior official Anne Neuberger to lead the response. Continue reading White House Names Official to Lead Probe of Expansive Hack

Oracle-TikTok Deal Is Under Review by Federal Government

In an effort to avoid a ban in the U.S., popular social video platform TikTok aims to partner with cloud services company Oracle. TikTok parent ByteDance proposed a deal in which Oracle would serve as tech provider in the U.S., although details have not been revealed regarding any potential changes to TikTok’s ownership structure. ByteDance submitted the proposal to the U.S. Treasury Department and Secretary Steve Mnuchin announced plans to review it this week with a particular emphasis on security issues. If approved, the deal could make Oracle a major advertising player that is more relevant to younger audiences. Continue reading Oracle-TikTok Deal Is Under Review by Federal Government

Commission Finds U.S. Is Unprepared for Major Cyberattacks

The Cyberspace Solarium Commission released a report based on a months-long study that showed the U.S. government’s lack of ability to block cyber threats. The Commission lists 75 recommendations for major structural changes, including the creation of Congressional committees dedicated to cybersecurity and a White House-based national cybersecurity director to be confirmed by the Senate. The report is blunt in its assessment that the U.S. government’s current approach to cyberattacks is “fundamentally flawed.” Continue reading Commission Finds U.S. Is Unprepared for Major Cyberattacks

NSA Discovers Windows Vulnerability — and Tells Microsoft

The National Security Agency (NSA) discovered a vulnerability in versions of Windows and, instead of retaining it, reported it to Microsoft, which is now patching the flaw in its handling of certificate and cryptographic messaging functions. The vulnerability could have enabled attackers to use malicious code that would pretend to be legitimate software. Microsoft also warned all current users of Windows 7 Home Basic, Home Premium, Professional or Ultimate to upgrade immediately. Continue reading NSA Discovers Windows Vulnerability — and Tells Microsoft

Chinese, Iranian, Russian Hackers Honing Their Attack Skills

The National Security Agency and security firm FireEye recently detected extensive attacks by Iran on U.S. banks, businesses and government agencies, prompting the Department of Homeland Security to declare an emergency during the government shutdown. The attacks from Iran took place at the same time that China renewed its efforts to steal trade and military secrets, from Boeing, General Electric Aviation and T-Mobile. Meanwhile, Microsoft detected a Russian government operation targeting think tanks critical of Russia. Continue reading Chinese, Iranian, Russian Hackers Honing Their Attack Skills

Federal Government Takes Additional Steps to Block Huawei

The U.S. government is reportedly pushing for foreign allies to stop using hardware from China-based Huawei Technologies Co. According to people familiar with the initiative, the government is aiming to convince wireless and Internet service providers to avoid telecom equipment that comes from Huawei in an effort to increase security. Washington officials are particularly concerned about countries that host military bases. The U.S. and Australia already have bans in place to curb the risk of cyberattacks. Huawei is the world’s largest telecommunications provider. Continue reading Federal Government Takes Additional Steps to Block Huawei

Oregon Senator Proposes a Consumer Data Protection Bill

Oregon Democratic Senator Ron Wyden drafted a data privacy bill akin to the recent General Data Protection Regulation (GDPR) legislation in Europe. Dubbed the Consumer Data Protection Act, Wyden’s bill would give users more control over selling and sharing their data, and would give the Federal Trade Commission authority to set privacy and security standards and fine those companies that do not protect consumer data. One provision is a “Do Not Track” feature that would allow people to opt out of being tracked. Continue reading Oregon Senator Proposes a Consumer Data Protection Bill

Facebook Offers More Hack Details, Exposes Web Scraping

Facebook downgraded the number of users hacked two weeks ago to 30 million, revealing that the personal information stolen was more substantial for 14 million of the those hacked, including gender, religion, telephone number, email addresses and computing devices used to connect to Facebook. Hackers also captured the last 15 people or things the user had searched for on Facebook and the last 10 physical locations he had checked into. Another 15 million profiles were scraped for names and contact information. Continue reading Facebook Offers More Hack Details, Exposes Web Scraping

New Uber CEO Faces the Impact of Undisclosed Data Breach

Uber Technologies acknowledged that one year ago it paid hackers $100,000 to hide a data breach that impacted 47 million accounts. The company fired then-chief security officer Joe Sullivan and deputy Craig Clark for both the breach itself and concealing it. The hackers got the names, emails and phone numbers of millions of riders as well as 600,000 drivers’ license numbers, although apparently Social Security numbers and credit card numbers were not accessed. Uber says it will inform those impacted by the breach in “coming days.” Continue reading New Uber CEO Faces the Impact of Undisclosed Data Breach

Security Update: 3 Billion Yahoo Accounts Hit in 2013 Attack

Yahoo announced yesterday that all 3 billion of its user accounts were affected by a previously disclosed August 2013 cyberattack, originally reported by the company as affecting 1 billion accounts. Yahoo had earlier reported that a separate 2014 attack affected 500 million accounts. Last year we learned that, “digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack,” according to The New York Times. “The intruders also obtained the security questions and backup email addresses used to reset lost passwords.” Continue reading Security Update: 3 Billion Yahoo Accounts Hit in 2013 Attack

Extortion Hacking On the Rise, But Does Not Always Pay Off

Cyberattacks are on the rise, with major corporations, media companies, the healthcare industry and even the federal government becoming targets of hacking. Recent incidents involved media content as hackers threatened early releases of movies and streaming series if the property owners failed to pay ransoms. Hackers called the Shadow Brokers told the NSA they would release secret espionage tools unless the agency pays up. Security experts suggest that this type of extortion has had mixed results thus far. Continue reading Extortion Hacking On the Rise, But Does Not Always Pay Off

WhatsApp Updates Privacy Policy, Shares Data with Facebook

When Facebook bought the popular free messaging service WhatsApp, it promised it wouldn’t change the privacy policies. Now the company has done just that, and organizations including the Electronic Privacy Information Center (EPIC) and the Center for Digital Democracy are not happy. Facebook has stated it will now connect users’ phone numbers with Facebook’s systems, offering “better friend suggestions” and more relevant ads. The new approach will help Facebook finally monetize WhatsApp. Continue reading WhatsApp Updates Privacy Policy, Shares Data with Facebook

Page 1 of 41234