Overcoming Distrust in Information Sharing: What More is There to Do?

As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks. Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing […]

The post Overcoming Distrust in Information Sharing: What More is There to Do? appeared first on Security Intelligence.

Continue reading Overcoming Distrust in Information Sharing: What More is There to Do?

Sounding the Alarm on Emergency Alert System Flaws

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System — a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system. Continue reading Sounding the Alarm on Emergency Alert System Flaws

Feds’ spending on facial recognition tech continues unmitigated, despite privacy concerns

The FBI on Dec. 30 signed a deal with Clearview AI for an $18,000 subscription license to the company’s facial recognition technology. While the value of the contract might seem just a drop in the bucket for the agency’s nearly $10 billion budget, the contract was significant in that it cemented the agency’s relationship with the controversial firm. The FBI previously acknowledged using Clearview AI to the Government Accountability Office but did not specify if it had a contract with the company. The FBI didn’t respond to a request for comment, but it isn’t the only federal law enforcement agency to ramp up its procurement of privately-owned facial recognition technologies in recent months. In September, U.S. Immigration and Customs Enforcement spent almost $4 million on facial recognition technology from a company called Trust Stamp, as Business Insider first reported. The same month agency purchased a contract with Clearview AI starting at […]

The post Feds’ spending on facial recognition tech continues unmitigated, despite privacy concerns appeared first on CyberScoop.

Continue reading Feds’ spending on facial recognition tech continues unmitigated, despite privacy concerns

The DHS is inviting hackers to break into its systems, but there are rules of engagement

The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks.

Read more in my article on the Tripwire Sta… Continue reading The DHS is inviting hackers to break into its systems, but there are rules of engagement

FBI Raids Chinese Point-of-Sale Giant PAX Technology

U.S. federal investigators today raided the U.S. offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX’s systems may have been involved in cyberattacks on U.S. and E.U. organizations. Continue reading FBI Raids Chinese Point-of-Sale Giant PAX Technology

SolarWinds hackers targeted Autodesk in latest confirmed fallout from cyber-espionage campaign

The list of victims keeps growing for the suspected Russian hackers who breached a U.S. federal contractor in order to gather intelligence from throughout the federal government. Autodesk, an American software and security company, said in a recent filing to the U.S. Securities and Exchange Commission that hackers had targeted the firm with the Sunburst malicious software. Cozy Bear, a state-sponsored Russian hacking group, relied on Sunburst to carry out an attack against SolarWinds, an IT firm that spies used as a foothold into targets throughout the government and private sector. In a 10-Q filing to the SEC, Autodesk said it discovered that one of its servers had been compromised, and that it had taken steps to remediate the fallout. The California-based firm makes design software and 3D technology tools for American customers in the architecture, engineering and education sectors. It is only the latest publicly listed company to confirm […]

The post SolarWinds hackers targeted Autodesk in latest confirmed fallout from cyber-espionage campaign appeared first on CyberScoop.

Continue reading SolarWinds hackers targeted Autodesk in latest confirmed fallout from cyber-espionage campaign

On the Importance of Protecting U.S. Pipeline Owners and Operators

In the beginning of May, a U.S. pipeline company suffered a ransomware attack. The company decided to respond by halting operations while it investigated the incident. This delayed tens of millions of gallons of fuel from reaching their destination all… Continue reading On the Importance of Protecting U.S. Pipeline Owners and Operators

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing