Feds’ spending on facial recognition tech continues unmitigated, despite privacy concerns

The FBI on Dec. 30 signed a deal with Clearview AI for an $18,000 subscription license to the company’s facial recognition technology. While the value of the contract might seem just a drop in the bucket for the agency’s nearly $10 billion budget, the contract was significant in that it cemented the agency’s relationship with the controversial firm. The FBI previously acknowledged using Clearview AI to the Government Accountability Office but did not specify if it had a contract with the company. The FBI didn’t respond to a request for comment, but it isn’t the only federal law enforcement agency to ramp up its procurement of privately-owned facial recognition technologies in recent months. In September, U.S. Immigration and Customs Enforcement spent almost $4 million on facial recognition technology from a company called Trust Stamp, as Business Insider first reported. The same month agency purchased a contract with Clearview AI starting at […]

The post Feds’ spending on facial recognition tech continues unmitigated, despite privacy concerns appeared first on CyberScoop.

Continue reading Feds’ spending on facial recognition tech continues unmitigated, despite privacy concerns

Wyden bill would require digital signatures for sensitive court orders

Miscreants have leveraged counterfeit court documents to authorize wiretaps on romantic interests or dupe Google into removing embarrassing links from search results, among other instances of fraud, in recent years. Sen. Ron Wyden on Wednesday is unveiling bipartisan legislation to counter that kind of forgery by requiring federal, state and tribal courts to use digital signatures — which rely on encryption technology — for orders that authorize surveillance, domain seizures and online content removal. The legislation, first reported by CyberScoop, also directs the National Institute for Standards and Technology to develop standards for court order digital signatures within two years, for federal courts to test out the technology and then for state and tribal courts to adopt it within four years after the rules are finished. The senator said the bill aims to curb opportunities for fraud by forcing the use of digital signatures, which are rapidly surging in popularity. […]

The post Wyden bill would require digital signatures for sensitive court orders appeared first on CyberScoop.

Continue reading Wyden bill would require digital signatures for sensitive court orders

CISA doesn’t know how many US federal agencies use firewalls to fend off malicious traffic

The Department of Homeland Security’s top cybersecurity agency doesn’t know how many agencies are segmenting their networks from unwanted outside traffic, a basic security practice, according to a letter recently sent to the office of Sen. Ron Wyden (D-Ore.) by the agency. The agency provided the answers in response to a February inquiry from Wyden’s office following a heated Senate Intelligence Committee hearing about the breach at the federal contractor SolarWinds. The suspected Russian espionage campaign used a vulnerability in SolarWinds and other software to infiltrate the systems of at least nine federal agencies and about 100 private companies. Wyden questioned why agencies did not have properly configured firewalls defending their servers running the SolarWinds software, Orion. Such a measure would have prevented hackers from implementing the second stage of the SolarWinds attack and using the backdoor they had planted, according to an assessment by SolarWinds. The agency concurred that […]

The post CISA doesn’t know how many US federal agencies use firewalls to fend off malicious traffic appeared first on CyberScoop.

Continue reading CISA doesn’t know how many US federal agencies use firewalls to fend off malicious traffic

Biden signs security-focused executive order meant to accelerate breach reporting, boost software standards

President Joe Biden on Wednesday signed an executive order that will significantly tighten cybersecurity rules for government contractors and set up an incident review board to try to blunt the impact of major hacks. The directive comes as the U.S. government continues to grapple with the fallout from breaches at key software suppliers and the disruption of a national pipeline operator by ransomware. The executive order requires federal contractors to promptly report cyber incidents to agencies, and it establishes a new government entity modeled after the National Transportation Safety Board to review major breaches. It will also require software that the government buys to meet a baseline set of security standards — an effort to make it harder for hackers to tamper with code that ends up on federal networks. “The current market development of build, sell and maybe patch later means we routinely install software with significant vulnerabilities into […]

The post Biden signs security-focused executive order meant to accelerate breach reporting, boost software standards appeared first on CyberScoop.

Continue reading Biden signs security-focused executive order meant to accelerate breach reporting, boost software standards

Online testing firm agrees to security audit after inquiry from senator

A company whose software has been widely used to administer law school entrance exams during the coronavirus pandemic has agreed to an independent audit of the software after a U.S. senator raised cybersecurity concerns about the product. Alabama-based ProctorU’s web-browser extension software has allowed people across the U.S. to take the LSAT exam from home during the pandemic. But Sen. Ron Wyden, D-Ore., worried that that same accessibility, if left unsecured, could give cybercriminals a foothold onto test-takers’ devices. And so, after inquiries from Wyden, ProctorU has hired outside security experts to review its software and the tool it uses for remote troubleshooting, according to the Law School Admissions Council (LSAC), which administers the LSAT. More than 145,000 LSAT exams were administered online from May 2020 to February 2021, and ProctorU appears to be the main contractor for doing so. It’s another case of privacy and security risks emerging in […]

The post Online testing firm agrees to security audit after inquiry from senator appeared first on CyberScoop.

Continue reading Online testing firm agrees to security audit after inquiry from senator

Verkada breach spotlights ongoing concerns over surveillance firms’ security

Even for Elisa Costante, who studies vulnerabilities in surveillance devices for a living, the breach at the security-camera startup Verkada was startling.  A group of hackers earlier this month claimed to have access to some 150,000 live-camera feeds that Verkada maintains in schools, prisons and hospitals. The incident provided outsiders with an entry into live video feeds at companies including Tesla, and enabled hackers to access archived video from Verkada subscribers. “It really opens the eyes on what can happen” when an attacker exploits access to a web of insecure surveillance devices, said Costante, a senior director at security vendor Forescout Technologies. The U.S. Department of Justice on Thursday announced an indictment against Tillie Kottman, one of the people who claimed responsibility for the incident, for alleged computer and wire fraud, and aggravated identity theft. The charges don’t mention the Verkada breach, and accuses Kottmann, who lives in Switzerland, and others […]

The post Verkada breach spotlights ongoing concerns over surveillance firms’ security appeared first on CyberScoop.

Continue reading Verkada breach spotlights ongoing concerns over surveillance firms’ security

After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach of software made by Juniper Networks, a major provider of firewall devices for the federal government. Juniper revealed its incident in December 2015, saying that hackers had slipped unauthorized code into the firm’s software that could allow access to firewalls and the ability to decrypt virtual private network connections. Despite repeated inquiries from Capitol Hill— and concern in the Pentagon about the potential exposure of its contractors to the hack — there has been no public U.S. government assessment of who carried out the hack, and what data was accessed. Lawmakers are […]

The post After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case appeared first on CyberScoop.

Continue reading After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

CISA tells agencies to consider ad blockers to fend off ‘malvertising’

The U.S. Cybersecurity and Infrastructure Security Agency urged federal agencies on Thursday to deploy ad-blocking software and standardize web browser usage across their workforces in order to fend off advertisements implanted with malware. “With many agencies greatly expanding telework options, agencies should increase attention on securing federal endpoints, including associated web browsing capabilities,” the Department of Homeland Security’s cyber arm said in a guide for agencies. With the alert, CISA joins the National Security Agency, which in 2018 likewise urged agencies to adopt ad blockers in response to the threat from “malvertising” that can spread malware. However, CISA cautioned that ad blockers aren’t a cure-all for the issue of malicious adversiting which in recent months has plagued TikTok and a slew of industries during the coronavirus. “Some browser extensions are known to accept payment from advertisers to ensure their ads are allowlisted from blocking,” the agency said, citing concerns that […]

The post CISA tells agencies to consider ad blockers to fend off ‘malvertising’ appeared first on CyberScoop.

Continue reading CISA tells agencies to consider ad blockers to fend off ‘malvertising’

Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts

The fallout from a sweeping hacking campaign by suspected Russian operatives continued Monday as Sen. Ron Wyden said that the hackers had breached “dozens of email accounts” of officials at the Treasury Department. The hackers “broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials,” Wyden said after Treasury officials briefed the Senate Finance Committee, where the Oregon Democrat serves as ranking member. “Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen.” Multiple federal agencies, including the departments of Commerce and Homeland Security, are investigating breaches in the apparent espionage campaign, which has used tampered software made by federal contractor SolarWinds, but also has other vectors for breaking into systems. The breach at Treasury began in July, and the full extent of it is still unknown, Wyden said in a statement. “Microsoft notified the agency […]

The post Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts appeared first on CyberScoop.

Continue reading Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts

Senators press Treasury to speak about breach, planned response to hackers

Two key Senate Democrats extensively questioned the U.S. Treasury Department on Tuesday about its reported data breach, a subject it has been less forthcoming about than the other federal agencies swept into the compromise of SolarWinds software. The senators, Sherrod Brown of Ohio and Ron Wyden of Oregon, also want to know whether Treasury plans to sanction the attackers and if it has begun evaluating the overall damage to the economy of the cyber-espionage campaign, which could ripple through the private sector, too. The senators’ letter to Treasury Secretary Steven Mnuchin pushes the department not only to provide information about its own breach, but also to develop a broader response that includes punishments for the hackers responsible. Cybersecurity researchers have tied them to Russia. “These media reports suggest that these attacks were comprehensive and historic and bad actors may have had access to critical U.S. government networks for many months,” […]

The post Senators press Treasury to speak about breach, planned response to hackers appeared first on CyberScoop.

Continue reading Senators press Treasury to speak about breach, planned response to hackers