Category Archives: Bill Nelson

Senators question vulnerability disclosure process after Spectre and Meltdown stumbles

Posted on by

Shortcomings in the industry-led process for disclosing software and hardware bugs could rear their heads again, U.S. senators said Wednesday at a hearing on the Spectre and Meltdown chip flaws. “While these vulnerabilities seemed to have been patched reasonably well, what about the next one? And we might not know about it until it’s too late,” Florida Democrat Bill Nelson said at the Commerce, Science and Transportation Committee hearing. Lawmakers are pondering what can be done to improve the complex vulnerabilities disclosure process, which involves spreading enough word among vendors to address a bug but not so much as to risk leaking information before patches are ready. “We need to consider additional ways to require the federal government’s equipment suppliers to promptly notify [the Department of Homeland Security] of potential breaches or vulnerabilities that could weaken our federal systems,” Sen. Maggie Hassan, D-N.H., said at the hearing. The worry is always that foreign governments […]

The post Senators question vulnerability disclosure process after Spectre and Meltdown stumbles appeared first on Cyberscoop.

Continue reading Senators question vulnerability disclosure process after Spectre and Meltdown stumbles

Financial Cyber Threat Sharing Group Phished

Posted on by

The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members.

The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected and reported it as suspicious. But the incident is a good reminder to be on your guard, remember that anyone can get phished, and that most phishing attacks succeed by abusing the sense of trust already established between the sender and recipient. Continue reading Financial Cyber Threat Sharing Group Phished

National data breach notification law introduced by Senate Commerce Committee members

Posted on by

Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users. “We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” Sen. Bill Nelson, D-Fla., said in a statement. “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal.  When it comes to doing what’s best for consumers, the choice is clear.” The scope of what kind of data […]

The post National data breach notification law introduced by Senate Commerce Committee members appeared first on Cyberscoop.

Continue reading National data breach notification law introduced by Senate Commerce Committee members

New bill would push for cybersecurity improvements at 911 call centers

Posted on by

Faced with national 911 systems deemed increasingly vulnerable to cyberattack, Sens. Bill Nelson (D-Fla.) and Amy Klobuchar (D-Minn.) will introduce a bill within the next few weeks to federally fund and hasten the national transition to next generation 911 (NG911) systems. A recent draft of the legislation seen by CyberScoop shows the new legislation will set an as-yet-undetermined […]

The post New bill would push for cybersecurity improvements at 911 call centers appeared first on Cyberscoop.

Continue reading New bill would push for cybersecurity improvements at 911 call centers