Collaborate Disseminate
When the cybersecurity industry talks about how critical public-private collaboration is to fending off and responding to threats, most of the “public” part of the conversation centers around the federal government, with individual states more recentl… Continue reading Cities Key in War on Ransomware, Neuberger Tells Mayors
Top U.S. national security officials on Tuesday explained some ideal elements to a potential national data breach reporting law, describing the idea as one pathway to stopping massive security incidents like the SolarWinds hack. A national data breach reporting law would need to be clear and concise for companies to follow it, and generally not be a huge burden, said Tonya Ugoretz, deputy assistant director of the FBI. It also might function as an alternative to government surveillance of private sector networks, a controversial idea previously suggested as a means of detecting cyber-espionage. Such a law should be focused on receiving reports about only especially sensitive breaches, such as those which jeopardize national security and critical infrastructure or that compromise U.S. government information, Ugoretz said during a prerecorded segment that aired at the virtual 2021 RSA Conference. However, Ugoretz and Adam Hickey, the deputy assistant attorney general and the Justice […]
The post National security officials outline hopes for national data breach notification law appeared first on CyberScoop.
Continue reading National security officials outline hopes for national data breach notification law
A teenager accused of gaining unauthorized access to school computer systems in order to rig a homecoming queen contest with her mother will stand trial as an adult, and could spend 16 years in prison if convicted. Emily Grover, who turned 18 in April but who was arrested in March, when she was 17, faces four charges alongside her mother, Laura Carroll. Carroll was an assistant principal at Bellview Elementary School, while her daughter attended Tate High School. The pair allegedly schemed to cast hundreds of fraudulent votes in the homecoming contest, an election that Grover ultimately won. A Florida State Department of Law Enforcement investigation concluded that phones and computers from their Pensacola suburb household were used to access student records. “The primary reason for the decision is, she was almost 18 years of age and would age out of the juvenile system in a very short period of […]
The post Florida homecoming queen faces up to 16 years after alleged scheme to hack high school contest appeared first on CyberScoop.
During the entire last two-year session of Congress, lawmakers only signed one bill law that mentioned the word “ransomware.” With the epidemic of digital extortion showing no signs of abating, though, and as ransomware attacks claim ever more victims across all parts of the U.S., evidence is mounting that the next two years could bring a more concerted push for legitlation. “I think it will be a focus because essentially every congressional district has had some kind of ransomware incident, whether public or not,” said Michael Garcia, a senior policy adviser in the national security program at Third Way, a center-left think tank. “Just look at the number of hospitals getting hit, of schools being hit.” In one recent incident, a Mississippi public school system revealed it had paid $300,000 to ransomware attacks, while a U.S. medical company, Universal Health Services, said it lost $67 million as a result of […]
The post Is Congress finally ready to pass meaningful ransomware legislation? appeared first on CyberScoop.
Continue reading Is Congress finally ready to pass meaningful ransomware legislation?
After a surprising lull at the onset of the COVID-19 pandemic, phone scammers are back, and showing signs of overlapping more and more with text messages and cyber elements. Scammers are combining phone calls with tricks to circumvent two-factor authentication, using information they obtain online to make more targeted calls and, in some cases, mimicking the attack methods of hackers, government and industry officials say. Phone scams that merge with other methods are growing more frequent and difficult to contend with, said Connecticut Attorney General William Tong. “I think it’s common and it’s dangerous, particularly the way that they’re able to cloak themselves or convince you that you need to respond to a particular call or email,” he said. Internet technology has helped fuel a record number of robocalls thanks to the advent of voice-over IP, a tool that made mass calling convenient and more affordable. Estimates vary, but most […]
The post Robocalls keep spamming Americans, in part because of their cyber tools appeared first on CyberScoop.
Continue reading Robocalls keep spamming Americans, in part because of their cyber tools
Another top official is exiting the staff of the Election Assistance Commission, the third in recent months for the small agency that plays an outsized role in U.S. election security. Jerome Lovato, the testing and certification director for voting system certification at the EAC, is leaving that position next month, two sources told CyberScoop. And the commission began advertising the opening for the job he holds last week. His departure follows Josh Franklin leaving his job as EAC chief technology officer in December, and in November, Maurice Turner leaving as senior adviser to the executive director of the commission. The exits come at a sensitive time for the commission. The EAC this month voted to approve a long-awaited update to its widely-used voluntary voting system guidelines, nicknamed VVSG 2.0, and a perhaps years-long implementation period will follow. Those guidelines emphasize the value of risk-limiting audits that help verify election results, […]
The post Election Assistance Commission loses another key staffer, Jerome Lovato appeared first on CyberScoop.
Continue reading Election Assistance Commission loses another key staffer, Jerome Lovato
A host of federal government policy failures contributed to the rippling damage of the SolarWinds hack, leaders of cyber firms told a Senate panel on Tuesday, with even lawmakers saying Congress must do more to prevent a repeat. More than two months after the hack became public, the wide-ranging Senate Select Committee on Intelligence hearing committee demonstrated that the U.S. government, the private sector and digital incident responders still are wrestling with the ramifications of an suspected Russian espionage campaign that leveraged the federal contractor SolarWinds. A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed. “It has become clear that there is much more to learn about this incident, its causes, its scope and scale, and where we […]
The post Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries appeared first on CyberScoop.
Continue reading Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries
The Election Assistance Commission on Wednesday voted to adopt the first comprehensive update to its voting system security guidelines in more than 15 years, concluding a lengthy process that ended with a mixed reception from some election security experts. The security community largely greeted the update as a security upgrade to standards that most states rely upon at least partially for their own equipment testing and certification. A significant number of academics, activists and even some in Congress, though, voiced displeasure in particular for how the so-called Voluntary Voting System Guidelines 2.0 would handle wireless connections on voting systems. The update stands to shape the next generation of voting systems that election vendors produce for use around the country during a period of sinking trust in the electoral process. Regardless, the more than five-year drafting process and resulting EAC vote won’t immediately transform election security because states, equipment manufacturers and […]
The post Federal election agency adopts updated voting security standards. Not everyone is happy. appeared first on CyberScoop.
CISA warned already-strained public-sector entities about disturbing spikes in Emotet phishing attacks aimed at municipalities. Continue reading Feds Sound Alarm Over Emotet Attacks on State, Local Govs
Just weeks away from the U.S. presidential election, Twitter says it is taking extra steps to secure high-profile accounts, such as political campaigns and major news outlets, whose compromise could impact voter perceptions. Twitter began rolling out the new security features, such as strong password requirements, on Thursday to the election-related accounts, including secretaries of state overseeing the vote and federal agencies and lawmakers. Accounts will be “strongly encouraged” to use two-factor authentication to prevent hacking, the social media platform said. In the weeks ahead, Twitter said it would implement “more sophisticated detections and alerts” to keep hackers from breaking into accounts. The eleventh-hour move to heighten account security reflects what Twitter executives described as the “unique sensitivities of the election period.” Four years ago, Russian bots and trolls spread disinformation on Twitter in a bid to damage Hillary Clinton’s campaign and boost Donald Trump. This year, U.S. intelligence agencies […]
The post Twitter bolsters security for political accounts as election looms appeared first on CyberScoop.
Continue reading Twitter bolsters security for political accounts as election looms