Senators Call on FCC To Investigate T-Mobile, AT&T, and Sprint Selling Location Data to Bounty Hunters

After Motherboard’s article, Senators Kamala Harris, Mark Warner, and Ron Wyden are coming out against telcos who are selling their customers’ location data. Continue reading Senators Call on FCC To Investigate T-Mobile, AT&T, and Sprint Selling Location Data to Bounty Hunters

Government website encryption needs help from DHS, Sen. Wyden says

The Department of Homeland Security should push federal agencies to implement stronger encryption practices for government websites visited by federal workers and everyday citizens alike, Sen. Ron Wyden says. Despite significant improvements to government website encryption, some metadata is still transmitted insecurely, revealing the domain names of sites visited by users, Wyden, D-Ore., wrote to DHS Undersecretary Chris Krebs. “Hackers can intercept or hijack the unprotected metadata, tricking users into visiting a malicious site or spying on their activities,” the Oct. 24 letter states. When possible, DHS should require federal agencies to encrypt the online queries employees make to domain name system (DNS) servers, Wyden suggested. He also asked DHS to work with General Services Administration to make using an encrypted protocol extension a condition of selling web content delivery services to the government. The government can usher in broad industry adoption of that encrypted extension, known as ESNI, according to Wyden. When cybersecurity […]

The post Government website encryption needs help from DHS, Sen. Wyden says appeared first on Cyberscoop.

Continue reading Government website encryption needs help from DHS, Sen. Wyden says

Wyden: Tech company has told multiple senators of foreign hacking attempts

A major tech company has informed “a number of senators and Senate staff members” that foreign government hackers have targeted their personal email accounts, according to Sen. Ron Wyden. In a Sept. 19 letter to Senate leadership, Wyden, D-Ore., did not name the company or identify the foreign hackers, but he did warn that the publicly reported activity of a Russian government-linked hacking group may be just “the tip of the iceberg” when it comes to advanced cyberthreats to lawmakers. The group, often referred to as Fancy Bear, breached the IT networks of the Democratic National Committee in 2016 as part of a coordinated hack-and-leak operation that the U.S. intelligence community attributed to Moscow. “The November election grows ever closer, Russia continues its attacks on our democracy, and the Senate simply does not have the luxury of further delays” in shoring up its cybersecurity, Wyden wrote to Senate Majority Leader Mitch […]

The post Wyden: Tech company has told multiple senators of foreign hacking attempts appeared first on Cyberscoop.

Continue reading Wyden: Tech company has told multiple senators of foreign hacking attempts

Senators want answers on State Department’s glaring cybersecurity gaps

The State Department must do more to shore up its cybersecurity posture, according to a bipartisan group of senators. The department is woefully behind on hitting various federal cybersecurity benchmarks, and it is weak on basic measures to protect against phishing, hacks and other cyberattacks, wrote Ron Wyden, D-Ore., Cory Gardner, R-Colo., Ed Markey, D-Mass., Rand Paul, R-Ky., and Jeanne Shaheen, D-N.H., in a letter to Secretary Mike Pompeo. The letter cites two recent reports: The department’s inspector general found last year that 33 percent of diplomatic missions failed to conduct even the most basic cyberthreat management practices, like regular reviews and audits. Also, the General Services Administration found that the department has only instituted enhanced access controls on 11 percent of agency devices. The Federal Cybersecurity Enhancement Act requires agencies to enable multi-factor authentication (MFA) for elevated privileged accounts. “We urge you to improve compliance by enabling more secure authentication mechanisms across […]

The post Senators want answers on State Department’s glaring cybersecurity gaps appeared first on Cyberscoop.

Continue reading Senators want answers on State Department’s glaring cybersecurity gaps

T-Mobile breach exposes data on 2 million customers

Hackers have breached T-Mobile servers, exposing personal information on roughly 2 million customers, the mobile carrier has confirmed. Affected customers’ names, phone numbers, billing zip codes, email addresses, account numbers and account types may have been accessed, T-Mobile said. However, financial data, such as credit card or social security numbers, were not exposed. “On August 20, our cybersecurity team discovered and shut down an unauthorized access to certain information, including yours, and we promptly reported it to authorities,” T-Mobile said in a statement. “This was quickly discovered by our security team and shut down very fast,” a T-Mobile spokesperson told CyberScoop. “There’s no additional threat.” Asked who was responsible for the breach, the spokesperson said “it was an international group” of hackers who accessed the company’s servers through an API. “It was a small percentage of our 77 million customers that was affected (about 3 percent),” the spokesperson said. Mobile carriers […]

The post T-Mobile breach exposes data on 2 million customers appeared first on Cyberscoop.

Continue reading T-Mobile breach exposes data on 2 million customers

Senator asks DHS what it’s learning from key email-security measure

Sen. Ron Wyden has asked the Department of Homeland Security how it is turning the implementation of an important email security protocol at federal civilian agencies into “actionable cyber intelligence” to guard against hackers. In a Aug. 2 letter, Wyden, D-Ore., asks the department how it is analyzing reports that civilian agencies are required to send DHS about attempts by hackers and spammers to spoof federal email accounts. The senator also wants to know if there are agencies that aren’t sending those reports. “[R]equiring agencies to transmit email impersonation threat data to DHS is only the first step,” states Wyden’s letter to Chris Krebs, DHS’s undersecretary of the National Protection and Programs Directorate. “DHS must then collate and analyze those reports in order to understand the scope of the threat and to determine how best to protect federal agencies from impersonation.” The anti-phishing email protocol, known as Domain-based Message, Authentication, Reporting […]

The post Senator asks DHS what it’s learning from key email-security measure appeared first on Cyberscoop.

Continue reading Senator asks DHS what it’s learning from key email-security measure

Wyden asks federal agencies to ditch Adobe Flash

Sen. Ron Wyden has called on federal agencies to stop using Adobe Flash, multimedia software that has consistently proven vulnerable over the years. Adobe will stop providing security updates for Flash in 2020, and Wyden, D-Ore., wants agencies charged with issuing federal cybersecurity guidance to get Flash off government systems before then. “At that point, Flash’s existing cybersecurity risks will only be compounded,” Wyden wrote in a July 25 letter to the heads of the Department of Homeland Security, National Security Agency, and National Institute of Standards and Technology. “The federal government has too often failed to promptly transition away from software that has been decommissioned.” The missive asks DHS, NIST, and the NSA to work together to produce a policy, effective within 60 days of its issuance, that bans the use of new Flash-based content on federal websites. For Wyden, agencies should not just refrain from deploying Flash but also […]

The post Wyden asks federal agencies to ditch Adobe Flash appeared first on Cyberscoop.

Continue reading Wyden asks federal agencies to ditch Adobe Flash

Pentagon lays out plan to secure websites in response to lawmaker inquiry

The Department of Defense says it has a plan to make sure that all of its public-facing websites are configured in a way that doesn’t put the security of their visitors at risk. In a letter responding to a lawmaker dated July 20, DOD Chief Information Officer Dana Deasy wrote that the department plans by the end of 2018 to fix issues with trust certificates and encryption that are present across many websites affiliated with it. Certain issues will take longer, he said, will at least have a definitive plan by the end of the year. “The Department is working hard to ensure DoD inspires trust among citizens and partners in its digital interactions across our missions, business, and entitlements roles,” Deasy wrote. Deasy laid out the plan in response to a May letter from Sen. Ron Wyden, D-Ore., that raised questions about the issue of insecure websites. Wyden initially […]

The post Pentagon lays out plan to secure websites in response to lawmaker inquiry appeared first on Cyberscoop.

Continue reading Pentagon lays out plan to secure websites in response to lawmaker inquiry