Category Archives: senate

Senators introduce bill to counter bad cybersecurity practices in credit reporting industry

Posted on by

Two Democratic senators introduced a bill Wednesday that would provide new regulatory powers for the Federal Trade Commission so that it can punish companies like Equifax and others in the credit reporting industry for poor cybersecurity practices. The “Data Breach Prevention and Compensation Act” by Sens. Elizabeth Warren, D-Mass., and Mark Warner, D-Va., contains plans for the creation of a “Cybersecurity Office” within the FTC to be led by a career supervisor who will be able to enforce financial penalties on rule breakers. This supervisor would need to maintain relations with the credit reporting industry as the FTC proposes future cybersecurity standards and other related regulations. The move comes in the wake of the massive data breach at Equifax in 2017, which caused the private records of more than 145 million Americans to be compromised by hackers. A subsequent investigation into the incident by the FBI showed that an outdated piece […]

The post Senators introduce bill to counter bad cybersecurity practices in credit reporting industry appeared first on Cyberscoop.

Continue reading Senators introduce bill to counter bad cybersecurity practices in credit reporting industry

Trump signed the NDAA today. Here’s what it means for cybersecurity.

Posted on by

President Donald Trump signed the $700 billion National Defense Authorization Act (NDAA) on Tuesday, a law that sets policies and budget guidelines for the U.S. military for fiscal 2018, including its various cybersecurity-focused initiatives. The mammoth piece of annual legislation often includes brand-new projects and policy provisions. This year’s NDAA advances several important cybersecurity efforts while also establishing new rules and programs related to information security. Here’s a closer look at some key cybersecurity provisions: The ban on Kaspersky Lab software becomes official (SEC. 1634) While the Homeland Security Department has already taken concrete steps to push Kaspersky Lab products out of the federal government, Sec. 1634 makes the ban official across the Defense Department and sets a deadline of October 2018 for total removal. The ban specifically mentions any and all products owned by Kaspersky Lab, including both services and software produced by subsidiaries. Trump will define what “cyberwar” means (SEC. 1633) The […]

The post Trump signed the NDAA today. Here’s what it means for cybersecurity. appeared first on Cyberscoop.

Continue reading Trump signed the NDAA today. Here’s what it means for cybersecurity.

Lawmakers demand answers from Uber after massive data breach

Posted on by

Five U.S. senators sent letters to Uber Monday, pressing the company’s leadership for information on a data breach affecting millions of its consumers and the subsequent attempt to cover up the incident. The breach — which took place in October 2016 — provided hackers with the names and driver’s license numbers of roughly 600,000 drivers as well as the personal phone numbers and email addresses of 57 million riders. Instead of disclosing the breach, Uber paid a fee of $100,000 to the hackers, asking them to delete the stolen data. A letter co-authored by Sens. John Thune, R-S.D., Orrin Hatch, R-Utah, Jerry Moran, R-Kansas, and Bill Cassidy, R-La., presented a series of questions to Uber’s CEO, Dara Khosrowshahi, regarding the company’s past conduct and its plans to protect user data in the future. “Our goal is to understand what steps Uber has taken to investigate what occurred, restore and maintain the […]

The post Lawmakers demand answers from Uber after massive data breach appeared first on Cyberscoop.

Continue reading Lawmakers demand answers from Uber after massive data breach

Signal Testing New Private Contact Discovery Service

Posted on by

Signal is testing out a new private contact discovery service that will let the app determine if a user has Signal contacts in their address book, but forbid its servers from accessing the users’ address book. Continue reading Signal Testing New Private Contact Discovery Service

Senator calls for review of energy infrastructure cybersecurity policy

Posted on by

The top Democrat on the Senate Energy and Natural Resources Committee is calling on two government agencies to review current policies that guide how America’s power grids and pipelines defend against cyberattacks. The request comes in the form of two letters demanding a review of U.S. energy infrastructure by the Government Accountability Office and Transportation Security Administration from Maria Cantwell, D-Wash., the ranking member of the Senate Energy and Natural Resources Committee. The GAO is the investigative office of Congress, and the TSA has oversight over pipelines in addition to its core transportation responsibilities. The requests come amid reports that Russian hackers have organized phishing email campaigns targeted at U.S. energy providers within the private sector, including at least one nuclear plant. “There have been multiple attacks on all of our grids,” said Ret. Brig. Gen. Stephen Cheney, who leads the nonpartisan American Security Project, during a committee hearing Tuesday. “And if we just put our heads in […]

The post Senator calls for review of energy infrastructure cybersecurity policy appeared first on Cyberscoop.

Continue reading Senator calls for review of energy infrastructure cybersecurity policy

Comey: Russians Targeted ‘Hundreds’ of Entities in Election Hacking

Posted on by

Former FBI director James Comey’s testimony is a solid reminder that the Russian hacking campaign went far beyond the Democratic National Committee and John Podesta. Continue reading Comey: Russians Targeted ‘Hundreds’ of Entities in Election Hacking