Commerce Department – Page 4

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Posted on May 11, 2021 by Tim Starks

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing→

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Posted on May 11, 2021 by Tim Starks

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing→

More Chinese apps attract a ban from a presidential administration on the way out

Posted on January 6, 2021 by Joe Warminsky

President Donald Trump’s latest executive order against Chinese tech companies might not ever take effect, but at a minimum it will force some decisions by the incoming presidential administration. The order bans U.S. transactions with several mobile apps, including Alipay and WeChat Pay, in the interest of protecting the security of U.S. users. The Trump administration made similar moves against TikTok last year, and those efforts are still tied up in court. “The United States has assessed that a number of Chinese connected software applications automatically capture vast swaths of information from millions of users in the United States, including sensitive personally identifiable information and private information,” according to the executive order, which Trump issued Tuesday night. As with TikTok, the assumption is that such data could be readily available to the Chinese government. The catch is that the order takes effect in 45 days — well after the inauguration of President-elect […]

The post More Chinese apps attract a ban from a presidential administration on the way out appeared first on CyberScoop.

Continue reading More Chinese apps attract a ban from a presidential administration on the way out→

Senators press Treasury to speak about breach, planned response to hackers

Posted on December 16, 2020 by Tim Starks

Two key Senate Democrats extensively questioned the U.S. Treasury Department on Tuesday about its reported data breach, a subject it has been less forthcoming about than the other federal agencies swept into the compromise of SolarWinds software. The senators, Sherrod Brown of Ohio and Ron Wyden of Oregon, also want to know whether Treasury plans to sanction the attackers and if it has begun evaluating the overall damage to the economy of the cyber-espionage campaign, which could ripple through the private sector, too. The senators’ letter to Treasury Secretary Steven Mnuchin pushes the department not only to provide information about its own breach, but also to develop a broader response that includes punishments for the hackers responsible. Cybersecurity researchers have tied them to Russia. “These media reports suggest that these attacks were comprehensive and historic and bad actors may have had access to critical U.S. government networks for many months,” […]

The post Senators press Treasury to speak about breach, planned response to hackers appeared first on CyberScoop.

Continue reading Senators press Treasury to speak about breach, planned response to hackers→

SolarWinds hack exposes underbelly of supply-chain attacks

Posted on December 14, 2020 by Shannon Vavra

Hackers of lore are often depicted breaking into prominent targets by typing frantically on keyboards in dark rooms and yelling “I’m in!” when they’ve purportedly breached their victim’s systems. But the sweeping SolarWinds breach, which has reportedly impacted the U.S. Treasury and Commerce departments, shows the reality is much less flashy and can be far more devastating. Details are still emerging about the SolarWinds breach, in which hackers inserted malicious code into software updates for the SolarWinds network management product Orion in order to conduct cyber-espionage against the U.S. federal government and multiple other targets. But the fallout from the attack, which is suspected to be linked with Russian hackers, is still being investigated, and early indications suggest the ramifications — and victims — could be extensive. In many respects, SolarWinds is just another, typical IT provider with government contracts. The company’s website has touted business with numerous U.S. military and civilian […]

The post SolarWinds hack exposes underbelly of supply-chain attacks appeared first on CyberScoop.

Continue reading SolarWinds hack exposes underbelly of supply-chain attacks→

Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers

Posted on December 13, 2020 by Tim Starks

Hackers breached the Commerce Department, and reportedly have infiltrated the Treasury Department and other U.S. agencies, in incidents that government security officials said on Sunday that they were fighting to contain. “We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson said. The spokesperson added that Commerce has asked the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “and the FBI to investigate, and we cannot comment further at this time.” Reuters reported that foreign nation-backed hackers have been monitoring email traffic at the Treasury Department and Commerce Department’s National Telecommunications and Information Administration, and the attackers apparently used similar tools to breach other agencies. “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the White House’s National […]

The post Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers appeared first on CyberScoop.

Continue reading Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers→

TikTok gets extensions on US sale order, ban enforcement

Posted on November 13, 2020 by Tim Starks

The Trump administration is giving Beijing-based ByteDance 15 more days to divest in popular video-sharing app TikTok, the Treasury Department said Friday. The Treasury Department statement is the second executive branch reprieve in as many days for TikTok, which the Trump administration has sought to ban in the United States. The Commerce Department also said Thursday that it wouldn’t start enforcing a TikTok ban as a court battle continues. The Trump administration cited the national security threat posed by the China-based company as a reason for the ban, given the vast amounts of personal information TikTok collects. TikTok has said it doesn’t share data with the Chinese government. Thursday was the date the Commerce Department had set to implement an executive order that would have forbidden U.S. companies from providing internet and content delivery services to TikTok, which would have effectively shut down its ability to operate in the U.S. […]

The post TikTok gets extensions on US sale order, ban enforcement appeared first on CyberScoop.

Continue reading TikTok gets extensions on US sale order, ban enforcement→

TikTok, WeChat survive in US app stores — one with a deal, the other with a judge’s help

Posted on September 21, 2020 by Joe Warminsky

China-based TikTok and WeChat remained in U.S. app stores on Monday, surviving a Trump administration ban that was supposed to take effect at the end of the weekend. TikTok’s reprieve came on Saturday, when President Trump announced that its parent company, ByteDance, would break off the social media app’s U.S. business into a new firm, TikTok Global, with 20 percent ownership by Oracle and Walmart. The good news for users of WeChat, a globally popular messaging app, arrived Sunday when a federal judge in California blocked the ban. Both apps were subject to Commerce Department rules that would have blocked U.S. users from downloading fresh installs or updates, although existing users would have been able to keep current versions on their phones. The announcement said the apps “threaten the national security, foreign policy, and the economy of the U.S.” given their direct windows into the private activities of Americans. The TikTok ban has […]

The post TikTok, WeChat survive in US app stores — one with a deal, the other with a judge’s help appeared first on CyberScoop.

Continue reading TikTok, WeChat survive in US app stores — one with a deal, the other with a judge’s help→

Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say

Posted on September 18, 2020 by Shannon Vavra

Cybersecurity experts and privacy advocates said Friday that TikTok and WeChat users should probably stop using the applications in the coming days, given that the Trump administration’s new ban on them will effectively block users from downloading updates. Updates, of course, provide security fixes and not just new features. In just the last year, TikTok has had to issue multiple patches for vulnerabilities that could allow hackers to capture users’ data without their permission or send them malicious links, for instance. WeChat has also had to address several flaws in the last year. “The order … harms the privacy and security of millions of existing TikTok and WeChat users in the United States by blocking software updates, which can fix vulnerabilities and make the apps more secure,” the Director of the American Civil Liberties Union’s National Security Project, Hina Shamsi, said in a statement. After Sunday, when some of the restrictions are […]

The post Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say appeared first on CyberScoop.

Continue reading Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say→

Trump administration expands economic restrictions on Huawei

Posted on August 17, 2020 by Shannon Vavra

The U.S. Department of Commerce announced Monday it was taking several steps to further restrict Huawei’s ability to acquire electronic components developed using U.S. technology. As part of its actions, the department is adding 38 Huawei affiliates around the world to the U.S. government’s economic black list, which will make it difficult for Huawei to obtain semiconductors — even those produced outside of the U.S. — without a U.S. stamp of approval. The additional restrictions build on earlier limitations the Trump administration issued in May, when it aimed to reduce Huawei’s ability to purchase semiconductors produced with U.S. technologies. The move to expand the list comes as the Trump administration is becoming increasingly successful in its efforts to marshal U.S. allies to block Huawei’s operations in their countries, over concerns the company could work with the Chinese government on government spying objectives. Huawei has denied it spies on customers at the behest of […]

The post Trump administration expands economic restrictions on Huawei appeared first on CyberScoop.

Continue reading Trump administration expands economic restrictions on Huawei→