ron wyden – Page 5 – WindowsTechs.com

Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach

Posted on October 24, 2019 by Jeff Stone

Sens. Elizabeth Warren and Ron Wyden are asking federal regulators to investigate whether Amazon’s cloud computing unit made any mistakes that could have led to a breach at Capital One involving the data of more than 100 million people. Warren, D-Mass., and Wyden, D-Ore., want the Federal Trade Commission to probe whether Amazon Web Services failed to account for a hacking technique known as a “server side request forgery.” Capital One is one of the few major financial companies — if not the only one — to rely on AWS and its public cloud to protect its information, portraying the decision as a move to modernize its business. “Amazon knew, or should have known, that AWS was vulnerable to SSRF attacks,” the senators wrote in the letter, sent Thursday. “Although Amazon’s competitors addressed the threat of SSRF attacks several years ago, Amazon continues to sell defective cloud computing services to business, government agencies and to the general […]

The post Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach appeared first on CyberScoop.

Continue reading Sens. Warren, Wyden want to know if Amazon shares some blame for the Capital One breach→

Mind your own business! CEOs who misuse data could end up in jail

Posted on October 21, 2019 by Danny Bradbury

US CEOs who lie about misusing consumers’ data could face up to 20 years in prison under a new piece of legislation proposed last week. Continue reading Mind your own business! CEOs who misuse data could end up in jail→

Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson

Posted on August 16, 2019 by Jeff Stone

If the alleged Capital One hacker also took information from dozens of other companies, as investigators suspect, then Amazon Web Services isn’t aware of it, according to the cloud computing giant. The company outlined its findings in a letter to Sen. Ron Wyden, D-Ore., who had sought more detail on how a reported misconfiguration in Capital One’s AWS server would have made it possible for a single individual to steal information about more than 100 million people. The letter said AWS is not aware of any breaches at other “noteworthy” customers, cautioning that there “may have been small numbers of these that haven’t been escalated to us.” This follows court filings indicating government investigators are probing whether the accused hacker, Paige Thompson, also took data from more than 30 other companies, along with Capital One. Wyden asked whether any vulnerabilities in the AWS cloud service — which serves millions of customers – contributed to the […]

The post Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson appeared first on CyberScoop.

Continue reading Amazon Web Services finds no ‘significant issues’ at other companies allegedly breached by Paige Thompson→

NIST is preparing guidance on how to share .zip files in a more secure way

Posted on August 1, 2019 by Shannon Vavra

Do you ever wonder if the files you’re sending over the internet are safe from hackers’ prying eyes? The search for how to share files in a more secure way could soon be over. The U.S. National Institute of Standards and Technology is now preparing to instruct the public, as well as government agencies, on the best ways to protect .zip files sent over the internet, according to a letter obtained by CyberScoop. While there’s no timeline for when the final advice could be made public, NIST says its motivation is to produce “easy-to-understand guidance” on how to compress many files into a single place while protecting all of that data with strong encryption. James Schufedier, director of the Congressional and Legislative Office at NIST, explained more in a July 22 letter to Sen. Ron Wyden, D-Ore. “The need to improve practices for securing sensitive data that is shared over the Internet is one of […]

The post NIST is preparing guidance on how to share .zip files in a more secure way appeared first on CyberScoop.

Continue reading NIST is preparing guidance on how to share .zip files in a more secure way→

FEC approves anti-spearphishing service for campaigns at low cost

Posted on July 12, 2019 by Shannon Vavra

The Federal Election Commission approved a request Thursday from an anti-spearphishing company, deeming it permissible for the security vendor to provide its services to campaigns and political parties at a discount without violating campaign laws. The FEC expressed trepidation last month over whether it could approve the request from a company, Area 1 Security, to provide low or no cost services to campaigns. A debate stemmed from FEC concerns that a security firm, by offering a markdown on normally expensive services to campaigns, could inappropriately curry favor with lawmakers. This decision is one in a series of approvals the FEC has issued in recent months as it recognizes the serious threat foreign adversaries pose to U.S. elections. “Area 1 has cleared the way for candidates to arm themselves with the best technology available to protect against a repeat of the disastrous cyber-intrusions in prior election cycles,” Dan Petalas, outside counsel for Area 1, told CyberScoop. Area 1 now has […]

The post FEC approves anti-spearphishing service for campaigns at low cost appeared first on CyberScoop.

Continue reading FEC approves anti-spearphishing service for campaigns at low cost→

How secure is that .zip file? One senator is urging NIST to weigh in

Posted on June 19, 2019 by Shannon Vavra

Federal workers and the public in general might be mistaken about the security of .zip files, Sen. Ron Wyden says, and he’s asking the National Institute of Standards and Technology to issue guidance on the best way to send sensitive files over the internet. “Many people incorrectly believe password-protected .zip files can protect sensitive data. Indeed, many password-protected .zip files can be easily broken with off-the-shelf hacking tools,” the Oregon Democrat writes in a letter obtained by CyberScoop. “This is because many of the software programs that create .zip files use weak encryption algorithms by default.” Part of Wyden’s concerns stem from the fact that although there are two common types of encryption options available for .zip files, people may be using the weaker option without realizing it. Those files are more vulnerable to password crackers, Wyden says, such as Advanced Archive Password Recovery. “Given the ongoing threat of cyber attacks by foreign state actors […]

The post How secure is that .zip file? One senator is urging NIST to weigh in appeared first on CyberScoop.

Continue reading How secure is that .zip file? One senator is urging NIST to weigh in→

Senator asks Department of Justice if it can keep a lid on its software exploits

Posted on June 7, 2019 by Sean Lyngaas

In recent years, Department of Justice agencies have quietly acquired and deployed hacking tools in support of their law enforcement mission. A handful of high-profile cases have brought greater scrutiny to those efforts, most notably in 2016 when the FBI used a contractor to crack the San Bernardino shooter’s iPhone. Now, a senator is asking Attorney General William Barr for a more thorough accounting of what law enforcement agencies are doing to protect these software exploits from foreign intelligence agencies and other adversaries. “Just as the American people expect the government to protect its nuclear, chemical, and biological weapons, so too do Americans expect that the government will protect its cyber arsenal from theft by hackers and foreign spies,” Sen. Ron Wyden, D-Ore., wrote to Barr in a letter dated June 5. In particular, the department has invested heavily in tools to break encrypted communications, as top law enforcement officials have lamented the […]

The post Senator asks Department of Justice if it can keep a lid on its software exploits appeared first on CyberScoop.

Continue reading Senator asks Department of Justice if it can keep a lid on its software exploits→

Lawmakers want data on the number of times Senate computers have been hacked

Posted on March 13, 2019 by Sean Lyngaas

The Senate should have an annual tally of when its computers and smartphones have been breached in order to better inform congressional cybersecurity policy, a pair of bipartisan senators says in a letter sent Wednesday to the Senate Sergeant at Arms. Describing Congress as a perennial target for hackers, Sens. Tom Cotton, R-Arkansas, and Ron Wyden, D-Oregon, have asked the Senate Sergeant at Arms (SAA) to be transparent in providing lawmakers with information about the scale of successful hacks of Senate devices, including smartphones. They want annual reports sent to each senator with aggregate data on compromises of computers and other breaches of sensitive Senate data. The senators also asked the SAA to notify the Senate leadership, along with members of the rules and intelligence committees, within five days of breaches to Senate computers being discovered. Right now, lawmakers appear to be in the dark on the issue. “We believe […]

The post Lawmakers want data on the number of times Senate computers have been hacked appeared first on CyberScoop.

Continue reading Lawmakers want data on the number of times Senate computers have been hacked→

Foreign VPN apps need a close look from DHS, senators say

Posted on February 7, 2019 by Sean Lyngaas

The Department of Homeland Security should assess the security threat posed by foreign VPN applications to U.S. government employees, a bipartisan pair of senators says. Some popular VPN apps send a phone’s web-browsing data to servers in countries interested in targeting federal personnel, raising “the risk that user data will be surveilled by those foreign governments,” Sens. Marco Rubio, R-Fla., and Ron Wyden, D-Ore., wrote in a letter to DHS Thursday. VPN providers promise to obfuscate the physical location of a web browser, but users are generally at the mercy of those companies’ decisions to collect and log data. The senators cite government warnings about products made by Chinese telecommunications companies and Russian antivirus vendor Kaspersky Lab as examples of the surveillance that certain foreign technology can enable. (Kaspersky and Chinese companies Huawei and ZTE have denied those allegations.) “If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, […]

The post Foreign VPN apps need a close look from DHS, senators say appeared first on CyberScoop.

Continue reading Foreign VPN apps need a close look from DHS, senators say→

Senator Wyden Hammers T-Mobile For Empty Promises on Sale of Cell Phone Location Data

Posted on January 18, 2019 by Karl Bode

The Senator expressed “disappointment” and “disbelief” at CEO John Legere’s unfulfilled promise to end the sale of geolocation data to “shady middlemen.” Continue reading Senator Wyden Hammers T-Mobile For Empty Promises on Sale of Cell Phone Location Data→