Shannon Vavra – Page 33 – WindowsTechs.com

Congressional commission mulls new private sector reporting requirements

Posted on January 7, 2020 by Shannon Vavra

The Cyberspace Solarium Commission, a bipartisan group tasked last year with devising a strategy for defending the U.S. against cyberattacks, is almost ready to reveal its proposals to the world. The commission’s final report, expected to be issued in March or April, may include new reporting requirements for the private sector that would incentivize better security practices, according to the commission’s co-chairs, Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., said during a Council on Foreign Relations summit in Washington, D.C. Tuesday. While the final language is unclear, the report is expected to include a sweeping set of proposals ranging from an overhaul of Congressional oversight on cybersecurity issues to an assessment of the Pentagon’s offensive and defensive readiness. Whether there’s broader appetite outside of the 14-member commission to implement the recommendations, however, remains to be seen. One idea the commission has entertained is convincing insurance companies to offer better rates to clients who follow specific guidelines […]

The post Congressional commission mulls new private sector reporting requirements appeared first on CyberScoop.

Continue reading Congressional commission mulls new private sector reporting requirements→

‘Unprecedented’ sentencing for international GozNym cybercrime network

Posted on December 20, 2019 by Shannon Vavra

Three cybercriminals that helped orchestrate a multi-million dollar theft against U.S. companies by using a banking trojan known as GozNym have been sentenced to prison, the Department of Justice and the Prosecutor’s Office of Georgia announced Friday. The cybercriminals’ operation employed the GozNym malware to target 41,000 computers in all, targeting businesses and financial institutions between 2015 and 2016, including a Washington law firm and a Mississippi casino. Krasimir Nikolov, a Bulgarian man who served as an account takeover specialist in the scheme, which targeted U.S. businesses and their financial institutions, has already served 39 months in prison. He was sentenced by U.S. District Judge Nora Barry Fischer in federal court in Pittsburgh, Pennsylvania on Monday, and will now be transferred to Bulgaria where he will serve out his sentence. Two Georgian men who also participated in the plot, Alexander Konovolov and Marat Kazandjian, have been sentenced to seven and five […]

The post ‘Unprecedented’ sentencing for international GozNym cybercrime network appeared first on CyberScoop.

Continue reading ‘Unprecedented’ sentencing for international GozNym cybercrime network→

Republican senators ask DOT, FAA to cease using Chinese drones

Posted on December 18, 2019 by Shannon Vavra

A group of Republican senators sent a letter to the Department of Transportation and the Federal Aviation Administration Wednesday asking them to exclude Chinese drones, particularly DJI drones, from future partnerships due to national security concerns. The letter comes days after one of the participants in the FAA’s Unmanned Aircraft System Integration Pilot Program announced it would be working with DJI drones, which the U.S. government has found to contain vulnerabilities that could allow adversaries to steal sensitive data — or to even take control of their systems. “We … urge you to immediately restrict the use of this equipment and technology that has the potential to jeopardize the security of critical information and infrastructure gained through this and other FAA programs,” the Senators write. “American taxpayer dollars should not fund state-controlled or state-owned firms that seek to undermine American national security and economic competitiveness.” The authors of the letter — Sens. Tom […]

The post Republican senators ask DOT, FAA to cease using Chinese drones appeared first on CyberScoop.

Continue reading Republican senators ask DOT, FAA to cease using Chinese drones→

Judge rules proceeds from Snowden memoir belong to U.S. government

Posted on December 18, 2019 by Shannon Vavra

A federal judge ruled Tuesday that any money former National Security Agency contractor Edward Snowden makes from his memoir or paid speeches must be given to the U.S. government because he did not receive approvals before the book was published. The judge notes in his decision that Snowden’s nondisclosure agreements with the government were unambiguous and required him to submit any writings for prepublication review. The book, “Permanent Record,” went on sale Sept. 17 from Metropolitan Books. “Snowden’s publication of Permanent Record without prior submission for prepublication review breached the CIA and NSA Secrecy agreement and the attendant fiduciary duties set forth in those agreements,” Judge Liam O’Grady writes. The civil suit against Snowden is the latest effort the U.S. government has undertaken to hold Snowden to account for his unlawful disclosure of classified NSA surveillance programs in 2013. Snowden also faces assorted criminal charges, including alleged violation the Espionage Act, which were […]

The post Judge rules proceeds from Snowden memoir belong to U.S. government appeared first on CyberScoop.

Continue reading Judge rules proceeds from Snowden memoir belong to U.S. government→

Seizure-triggering attack is stark example of how social media can be weaponized

Posted on December 17, 2019 by Shannon Vavra

Followers of the Epilepsy Foundation’s Twitter handle were targeted last month with posts containing strobe light GIFs and videos that could have caused seizures for people with epilepsy, the foundation announced Monday. The videos were sent during National Epilepsy Awareness Month, a period of time when, according to the foundation, the largest number of people with epilepsy were likely to be keeping tabs on the account. For about 3% of people with epilepsy, exposure to flashing lights at certain intensities or certain visual patterns can trigger seizures. “These attacks are no different than a person carrying a strobe light into a convention of people with epilepsy and seizures, with the intention of inducing seizures and thereby causing significant harm to the participants,” said Allison Nichol, director of legal advocacy for the Epilepsy Foundation, in a release. “The fact that these attacks came during National Epilepsy Awareness Month only highlights their reprehensible […]

The post Seizure-triggering attack is stark example of how social media can be weaponized appeared first on CyberScoop.

Continue reading Seizure-triggering attack is stark example of how social media can be weaponized→

DNC to Silicon Valley on disinformation: do better

Posted on December 16, 2019 by Shannon Vavra

The Democratic National Committee is calling on companies including Facebook, Twitter, and Google to step up their efforts to protect against disinformation on their platforms in the buildup to the 2020 presidential elections. The DNC’s recommendations, which it issued Monday, range from platforms promoting authoritative news outlets to establishing policies to prevent the automated spread of disinformation. The DNC is also calling on the companies to take a harder line against state-backed media, and to share more details about disinformation campaigns online to try enhancing the research community’s ability to understand political disinformation. “While progress has been made since the 2016 elections, platforms still have much to do to reduce the spread of disinformation and combat malicious activity,” the DNC writes. The recommendations show the Democratic Party, just a little over two months before the Iowa Democratic caucuses, rallying behind the idea that tamping down disinformation can help ensure a political […]

The post DNC to Silicon Valley on disinformation: do better appeared first on CyberScoop.

Continue reading DNC to Silicon Valley on disinformation: do better→

Navy letter shows military worried about unknown vulnerabilities in DJI drones

Posted on December 16, 2019 by Shannon Vavra

The U.S. Navy issued an internal warning in 2017 about vulnerabilities in systems made by Chinese-based drone company DJI that could allow adversaries to siphon data from devices, according to a document obtained through the Freedom of Information Act. “Overall, the system should be considered highly vulnerable in the cyber security realm and employed accordingly,” the document, obtained by the George Washington University’s National Security Archive and shared with CyberScoop, reads. In the warning, the Navy pointed out issues with the way a DJI drone communicates and sends data to a ground station. “While encrypted, open source research indicates numerous techniques available to passively view the video and metadata from the air vehicle as well as assume control over the air vehicle by adversaries,” the warning, dated May 2017, reads. The document has been made public as technology made by Chinese-based companies, which powers much of the internet’s underlying infrastructure, […]

The post Navy letter shows military worried about unknown vulnerabilities in DJI drones appeared first on CyberScoop.

Continue reading Navy letter shows military worried about unknown vulnerabilities in DJI drones→

Facebook intends to implement end-to-end encryption despite DOJ pressure

Posted on December 10, 2019 by Shannon Vavra

Facebook is not giving in to Department of Justice demands on weakening encryption, according to a new letter the company sent to U.S. Attorney General Bill Barr and acting Secretary of Homeland Security Chad Wolf on Monday. “Cybersecurity experts have repeatedly proven that when you weaken any part of an encrypted system, you weaken it for everyone, everywhere,” Will Cathcart, vice president and head of WhatsApp, and Stan Chudnovsky, vice president and head of Facebook Messenger, wrote in the letter, which CyberScoop acquired. “The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm.” The letter comes as tech companies, privacy experts, lawmakers and government agencies continue to debate how law enforcement can track criminals when they are “going dark” by using encrypted commercially available […]

The post Facebook intends to implement end-to-end encryption despite DOJ pressure appeared first on CyberScoop.

Continue reading Facebook intends to implement end-to-end encryption despite DOJ pressure→

RNC, DNC bank on Duo authentication ahead 2020 election

Posted on December 9, 2019 by Shannon Vavra

The Republican National Committee is relying on authentication tools and careful social media behavior in order to avoid a devastating data breach like the kind that derailed its Democratic counterparts in 2016. The RNC, which develops and promotes the party’s platform and currently supports President Donald Trump’s re-election campaign, is banking on Duo Security, which specializes in multi-factor authentication, to keep state-sponsored hackers out of party accounts, according to recent Federal Election Commission filings. Even if a user’s password credentials are stolen, an extra layer of authentication can ensure that only the legitimate account holder could access his or her communications. Since March of this year, the RNC has paid just over $1,000 per month to Duo, according to FEC filings. The RNC started using Duo in 2016, just days before the election. And it’s not just email account access the RNC is trying to protect — the RNC uses multiple layers of authentication to protect other […]

The post RNC, DNC bank on Duo authentication ahead 2020 election appeared first on CyberScoop.

Continue reading RNC, DNC bank on Duo authentication ahead 2020 election→

Huawei sues FCC for icing U.S. business, claiming a lack of evidence

Posted on December 6, 2019 by Shannon Vavra

Huawei is suing the Federal Communications Commission over a measure passed last month that limits the Chinese telecommunication firm’s ability to conduct business in the U.S. The suit, filed in the Fifth Circuit Court of Appeals, which has jurisdiction over Huawei’s headquarters in Texas, involves the FCC’s recent decision to designate Huawei as a security risk. It blocks U.S. firms from using government subsidies to purchase Huawei equipment. The suit alleges the U.S. government flouted Huawei’s due process rights, and represents the $107 billion company’s latest effort against a Trump administration effort to isolate Huawei from the construction of 5G cellular infrastructure. “The FCC claims that Huawei is a security threat, but FCC Chairman Ajit Pai has not provided any evidence,” Song Liuping, Huawei’s chief legal officer said Thursday during a press conference in Shenzhen, China, according to The New York Times. The FCC did not return a request for comment. The suit against the FCC demonstrates how Huawei increasingly […]

The post Huawei sues FCC for icing U.S. business, claiming a lack of evidence appeared first on CyberScoop.

Continue reading Huawei sues FCC for icing U.S. business, claiming a lack of evidence→