Category Archives: OverSight

New York regulator faults Twitter for lax security measures prior to big account breach

Posted on by

The scammers who hijacked celebrity Twitter accounts to promote cryptocurrency in July did so by posing as a customer support team in a breach that caught Twitter’s security team flat-footed, a New York regulator said in a report Wednesday. The investigation from New York’s Department of Financial Services faulted Twitter for not heightening security measures for telework during the coronavirus pandemic, and called for regulation of social media companies to force better cybersecurity practices. “Social-media platforms have quickly become the leading source of news and information, yet no regulator has adequate oversight of their cybersecurity,” Linda Lacewell, Superintendent of FinancialServices, said in a statement. “The fact that Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer.” According to the report, attackers posed as Twitter’s IT department and phoned Twitter employees to discuss an apparent problem with their virtual provide networking (VPN) connection, a  security technology that […]

The post New York regulator faults Twitter for lax security measures prior to big account breach appeared first on CyberScoop.

Continue reading New York regulator faults Twitter for lax security measures prior to big account breach

FEMA exposed personal data on 2.3 million disaster survivors, violated privacy law, IG finds

Posted on by

The U.S. Federal Emergency Management Agency exposed personally identifiable data about more than 2 million disaster survivors in violation of a federal privacy law, an inspector general’s investigation has found. The negligence leaves the survivors of hurricanes Irma, Harvey, and Maria, as well as the 2017 California wildfires, at increased risk of experiencing identity theft and fraud schemes, the Department of Homeland Security’s inspector general (IG) said in a report published Friday. In “direct violation” of federal requirements, FEMA released the personal data to a contractor administering a disaster relief program that helps survivors find temporary lodging at hotels, the IG said. The report redacted the name of the contractor. “During our ongoing audit of the Federal Emergency Management Agency’s (FEMA) Transitional Sheltering Assistance program, we determined that FEMA violated the Privacy Act of 1974 and Department of Homeland Security policy,” the inspector general said in its report. Details about possible […]

The post FEMA exposed personal data on 2.3 million disaster survivors, violated privacy law, IG finds appeared first on CyberScoop.

Continue reading FEMA exposed personal data on 2.3 million disaster survivors, violated privacy law, IG finds

Foreign VPN apps need a close look from DHS, senators say

Posted on by

The Department of Homeland Security should assess the security threat posed by foreign VPN applications to U.S. government employees, a bipartisan pair of senators says. Some popular VPN apps send a phone’s web-browsing data to servers in countries interested in targeting federal personnel, raising “the risk that user data will be surveilled by those foreign governments,” Sens. Marco Rubio, R-Fla., and Ron Wyden, D-Ore., wrote in a letter to DHS Thursday. VPN providers promise to obfuscate the physical location of a web browser, but users are generally at the mercy of those companies’ decisions to collect and log data. The senators cite government warnings about products made by Chinese telecommunications companies and Russian antivirus vendor Kaspersky Lab as examples of the surveillance that certain foreign technology can enable. (Kaspersky and Chinese companies Huawei and ZTE have denied those allegations.) “If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, […]

The post Foreign VPN apps need a close look from DHS, senators say appeared first on CyberScoop.

Continue reading Foreign VPN apps need a close look from DHS, senators say

Senators ask Trump administration how badly shutdown hurt federal cybersecurity

Posted on by

After former U.S. officials raised concerns that the longest government shutdown in history had weakened federal cybersecurity, lawmakers are asking the Trump administration how bad the damage is. “We are concerned that these circumstances have left our government and citizens vulnerable to cyberattacks,” five Democratic senators wrote in a letter Tuesday to Homeland Security Secretary Kirstjen Nielsen and Gen. Paul Nakasone, head of the National Security Agency and U.S. Cyber Command. The senators – Minnesota’s Amy Klobuchar, Massachusetts’ Ed Markey, New Mexico’s Tom Udall, Nevada’s Catherine Cortez Masto, and New Jersey’s Cory Booker – want to know how agencies are preparing to harden their networks for a future shutdown, citing past experience as a cautionary tale. During the 2013 government shutdown, the senators wrote, Chinese hackers compromised the Federal Election Commission’s computer network, crashing sensitive computer systems that disclose billions of dollars in spending each election cycle. “Shutdowns have severe […]

The post Senators ask Trump administration how badly shutdown hurt federal cybersecurity appeared first on CyberScoop.

Continue reading Senators ask Trump administration how badly shutdown hurt federal cybersecurity

Rep. Langevin: We need a DHS briefing to understand extent of DNS hijacking threat

Posted on by

A key House Democrat wants the Department of Homeland Security to brief lawmakers “as soon as possible” on a new domain name system hacking threat to federal computer networks, and the emergency order the department issued in response. DHS should brief members of the House Homeland Security Committee on the cyberthreat because “we need to understand the scope of this action and how many agencies were actually affected,” Rep. Jim Langevin, D-R.I., said in an interview Wednesday. Langevin was reacting to a rare emergency directive that DHS issued Tuesday ordering civilian agencies to tighten security controls in the face of a suspected Iranian hacking campaign. DHS issued the order out of concern that civilian agencies could be vulnerable to cyberattacks on platforms for managing domain name system (DNS) records, which help ensure that a computer user reaches an intended website. By manipulating DNS records, hackers could direct unwitting users to malicious websites. At least […]

The post Rep. Langevin: We need a DHS briefing to understand extent of DNS hijacking threat appeared first on CyberScoop.

Continue reading Rep. Langevin: We need a DHS briefing to understand extent of DNS hijacking threat

Lawmakers ask DHS to take action on pipeline cybersecurity

Posted on by

The top Democrats on the House and Senate energy committees have urged the Department of Homeland Security to assess cyber and physical protections for natural gas and oil pipelines following an audit that criticized the department’s approach to the issue. “The results of this assessment will help policymakers evaluate the security of our nation’s energy assets,” Sen. Maria Cantwell, D-Wash., and Rep. Frank Pallone, Jr., D-N.J. wrote to Homeland Security Secretary Kirstjen Nielsen on Wednesday. Operators of the nation’s 2.7 million miles of pipelines for oil, natural gas, and other hazardous liquids have grappled with cybersecurity risk as their infrastructure becomes more digitized. Those pipelines are a natural target for nation-state hackers, a Federal Energy Regulatory Commission official said in August, according E&E News. Cantwell and Pallone, Jr., said much more needs to be done to counter the threat. They were reacting to a Government Accountability Office audit that found […]

The post Lawmakers ask DHS to take action on pipeline cybersecurity appeared first on CyberScoop.

Continue reading Lawmakers ask DHS to take action on pipeline cybersecurity

FOIA: DHS Did Not Investigate Hundreds of Civil Rights Abuse Complaints

Posted on by

DHS’s Office of the Inspector General says it has ‘limited resources’ to investigate hundreds of civil liberties and detainee abuse complaints, but one expert said the figures “demand a closer look.” Continue reading FOIA: DHS Did Not Investigate Hundreds of Civil Rights Abuse Complaints