Commerce Department – Page 4

SolarWinds hack exposes underbelly of supply-chain attacks

Posted on December 14, 2020 by Shannon Vavra

Hackers of lore are often depicted breaking into prominent targets by typing frantically on keyboards in dark rooms and yelling “I’m in!” when they’ve purportedly breached their victim’s systems. But the sweeping SolarWinds breach, which has reportedly impacted the U.S. Treasury and Commerce departments, shows the reality is much less flashy and can be far more devastating. Details are still emerging about the SolarWinds breach, in which hackers inserted malicious code into software updates for the SolarWinds network management product Orion in order to conduct cyber-espionage against the U.S. federal government and multiple other targets. But the fallout from the attack, which is suspected to be linked with Russian hackers, is still being investigated, and early indications suggest the ramifications — and victims — could be extensive. In many respects, SolarWinds is just another, typical IT provider with government contracts. The company’s website has touted business with numerous U.S. military and civilian […]

The post SolarWinds hack exposes underbelly of supply-chain attacks appeared first on CyberScoop.

Continue reading SolarWinds hack exposes underbelly of supply-chain attacks→

Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers

Posted on December 13, 2020 by Tim Starks

Hackers breached the Commerce Department, and reportedly have infiltrated the Treasury Department and other U.S. agencies, in incidents that government security officials said on Sunday that they were fighting to contain. “We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson said. The spokesperson added that Commerce has asked the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “and the FBI to investigate, and we cannot comment further at this time.” Reuters reported that foreign nation-backed hackers have been monitoring email traffic at the Treasury Department and Commerce Department’s National Telecommunications and Information Administration, and the attackers apparently used similar tools to breach other agencies. “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the White House’s National […]

The post Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers appeared first on CyberScoop.

Continue reading Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers→

TikTok gets extensions on US sale order, ban enforcement

Posted on November 13, 2020 by Tim Starks

The Trump administration is giving Beijing-based ByteDance 15 more days to divest in popular video-sharing app TikTok, the Treasury Department said Friday. The Treasury Department statement is the second executive branch reprieve in as many days for TikTok, which the Trump administration has sought to ban in the United States. The Commerce Department also said Thursday that it wouldn’t start enforcing a TikTok ban as a court battle continues. The Trump administration cited the national security threat posed by the China-based company as a reason for the ban, given the vast amounts of personal information TikTok collects. TikTok has said it doesn’t share data with the Chinese government. Thursday was the date the Commerce Department had set to implement an executive order that would have forbidden U.S. companies from providing internet and content delivery services to TikTok, which would have effectively shut down its ability to operate in the U.S. […]

The post TikTok gets extensions on US sale order, ban enforcement appeared first on CyberScoop.

Continue reading TikTok gets extensions on US sale order, ban enforcement→

TikTok, WeChat survive in US app stores — one with a deal, the other with a judge’s help

Posted on September 21, 2020 by Joe Warminsky

China-based TikTok and WeChat remained in U.S. app stores on Monday, surviving a Trump administration ban that was supposed to take effect at the end of the weekend. TikTok’s reprieve came on Saturday, when President Trump announced that its parent company, ByteDance, would break off the social media app’s U.S. business into a new firm, TikTok Global, with 20 percent ownership by Oracle and Walmart. The good news for users of WeChat, a globally popular messaging app, arrived Sunday when a federal judge in California blocked the ban. Both apps were subject to Commerce Department rules that would have blocked U.S. users from downloading fresh installs or updates, although existing users would have been able to keep current versions on their phones. The announcement said the apps “threaten the national security, foreign policy, and the economy of the U.S.” given their direct windows into the private activities of Americans. The TikTok ban has […]

The post TikTok, WeChat survive in US app stores — one with a deal, the other with a judge’s help appeared first on CyberScoop.

Continue reading TikTok, WeChat survive in US app stores — one with a deal, the other with a judge’s help→

Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say

Posted on September 18, 2020 by Shannon Vavra

Cybersecurity experts and privacy advocates said Friday that TikTok and WeChat users should probably stop using the applications in the coming days, given that the Trump administration’s new ban on them will effectively block users from downloading updates. Updates, of course, provide security fixes and not just new features. In just the last year, TikTok has had to issue multiple patches for vulnerabilities that could allow hackers to capture users’ data without their permission or send them malicious links, for instance. WeChat has also had to address several flaws in the last year. “The order … harms the privacy and security of millions of existing TikTok and WeChat users in the United States by blocking software updates, which can fix vulnerabilities and make the apps more secure,” the Director of the American Civil Liberties Union’s National Security Project, Hina Shamsi, said in a statement. After Sunday, when some of the restrictions are […]

The post Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say appeared first on CyberScoop.

Continue reading Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say→

Trump administration expands economic restrictions on Huawei

Posted on August 17, 2020 by Shannon Vavra

The U.S. Department of Commerce announced Monday it was taking several steps to further restrict Huawei’s ability to acquire electronic components developed using U.S. technology. As part of its actions, the department is adding 38 Huawei affiliates around the world to the U.S. government’s economic black list, which will make it difficult for Huawei to obtain semiconductors — even those produced outside of the U.S. — without a U.S. stamp of approval. The additional restrictions build on earlier limitations the Trump administration issued in May, when it aimed to reduce Huawei’s ability to purchase semiconductors produced with U.S. technologies. The move to expand the list comes as the Trump administration is becoming increasingly successful in its efforts to marshal U.S. allies to block Huawei’s operations in their countries, over concerns the company could work with the Chinese government on government spying objectives. Huawei has denied it spies on customers at the behest of […]

The post Trump administration expands economic restrictions on Huawei appeared first on CyberScoop.

Continue reading Trump administration expands economic restrictions on Huawei→

UK cyber agency launches review of Huawei presence in 5G networks

Posted on May 26, 2020 by Sean Lyngaas

The United Kingdom’s cybersecurity agency is reviewing the impact that new U.S. sanctions on Chinese telecommunications company Huawei could have on Britain’s deployment of 5G technology. The review by the National Cyber Security Centre is welcome news for U.S. officials who have lobbied their U.K. counterparts to ban Huawei gear out of concerns over espionage. And it’s a potential change of fate for Huawei’s business in the U.K. after officials decided in January to allow the telecom giant’s equipment in up to 35% of the country’s 5G deployments — albeit not in the most sensitive parts of those networks. “Following the U.S. announcement of additional sanctions against Huawei, the NCSC is looking carefully at any impact they could have to the U.K.’s networks,” the NCSC said in a statement to CyberScoop on Tuesday. “The security and resilience of our networks is of paramount importance.” Prime Minister Boris Johnson’s office, according […]

The post UK cyber agency launches review of Huawei presence in 5G networks appeared first on CyberScoop.

Continue reading UK cyber agency launches review of Huawei presence in 5G networks→

US Commerce Department tightens screws on Huawei export controls

Posted on May 15, 2020 by Sean Lyngaas

The U.S. Department of Commerce on Friday said it was tightening regulations to prevent Huawei from using U.S. software to make semiconductors abroad, the latest move by officials to crack down on a Chinese telecommunications giant they deem a national security threat. The new regulations are an effort to “narrowly and strategically target Huawei’s acquisition of semiconductors that are the direct product of certain U.S. software and technology,” the Department of Commerce said in a statement. Huawei has been circumventing previous restrictions on using U.S. technology to make semiconductors, which are key to its smartphone business, Commerce officials alleged. The updated export controls go further in forcing foreign companies that use U.S. chipset technology to get a license before selling that technology to Huawei. A Huawei spokesperson did not immediately respond to a request for comment. The new export controls are one of a series of stringent measures the Trump administration […]

The post US Commerce Department tightens screws on Huawei export controls appeared first on CyberScoop.

Continue reading US Commerce Department tightens screws on Huawei export controls→

Federal agencies recommend U.S. bar China Telecom over cybersecurity concerns

Posted on April 9, 2020 by Shannon Vavra

Several federal agencies recommended Thursday that U.S. regulators block a Chinese state-owned telecommunications firm from providing service to American customers. The Departments of Justice, Defense, and State urged the Federal Communications Commission to take action against China Telecom, a subsidiary of a Chinese state-owned telecommunications company, over cybersecurity and national security concerns, according to a Justice Department statement. The departments said the FCC should revoke China Telecom’s licenses to operate in the U.S. because, as a Beijing-based firm, China Telecom can “provide opportunities for [China] to engage in malicious cyber activity enabling economic espionage and disruption and misrouting of U.S. communications,” the department says. China Telecom has acted as a “common carrier,” meaning it connects domestic and international networks, since 2007. The U.S. government in recent years has warned that Chinese companies may not be able to refuse Beijing’s intelligence requests. This recommendation comes after U.S. intelligence officials have warned for years that the Chinese government could leverage another […]

The post Federal agencies recommend U.S. bar China Telecom over cybersecurity concerns appeared first on CyberScoop.

Continue reading Federal agencies recommend U.S. bar China Telecom over cybersecurity concerns→

Commerce Department proposes rules for implementing Trump’s supply-chain security order

Posted on November 26, 2019 by Sean Lyngaas

The Department of Commerce on Tuesday outlined how it might implement a White House order that gives the department broad leeway to ban foreign parts in U.S. IT and communications supply chains because of security concerns. Secretary of Commerce Wilbur Ross will “adopt a case-by-case” approach to determining what components will be banned, drawing on assessments from the Department of Homeland Security and the Office of the Director of National Intelligence, the department said in a statement. Under the proposal, before making a final decision to exclude a foreign company from U.S. digital supply chains, the Commerce Secretary would notify the company, giving it the opportunity to address security concerns and avoid a ban. The secretary would send an unclassified ruling to the parties explaining the decision and make that public when appropriate. The proposal is a key step toward making a more stringent national policy governing U.S. supply chains a […]

The post Commerce Department proposes rules for implementing Trump’s supply-chain security order appeared first on CyberScoop.

Continue reading Commerce Department proposes rules for implementing Trump’s supply-chain security order→