Security News > 2020 > January

Two bills approved this week by the House Homeland Security Committee were drafted to improve the leadership and legal authority of the Cybersecurity and Infrastructure Security Agency. Referred to as the CISA Director Reform Act, the first of the bills would amend the Homeland Security Act of 2002 so that the Director of CISA shall serve a term of five years.

Given the tech industry's poor track record of protecting users data and controlling its environmental impact, regulators around the globe are stepping into the void. The policy issues run the gamut from spectrum sharing to data and privacy to the greening of the telecom industry as a whole.

The U.S. Securities and Exchange Commission (SEC) has published a report detailing cybersecurity and operational resiliency practices that market participants have adopted.

Facebook has agreed to pay $550 million to settle a class action lawsuit alleging the company violated Illinois law in collecting data for a facial recognition tool without users' consent. The settlement - revealed by company executives during a Wednesday earnings call - came after Facebook failed this month in its efforts to get the U.S. Supreme court to throw out the lawsuit.

The U.S. Department of the Interior this week announced that it has temporarily grounded all drone operations, except for emergencies, citing concerns over national security and cybersecurity. The department's order does not specifically mention threats posed by Chinese-made drones, but Gizmodo reports all of the Interior Department's drones are either made in China or are produced with Chinese parts.

ImmuniWeb decided to look into airport cybersecurity after the topic was highlighted during the 2020 World Economic Forum. In its own report, released on January 22, the WEF called for airports to address emerging cybersecurity challenges.

Microsoft on Thursday announced the launch of an Xbox bug bounty program with rewards of up to $20,000 for critical remote code execution vulnerabilities. The company is hoping to receive reports describing XSS, CSRF, IDOR, insecure deserialization, injection, server-side code execution, security misconfigurations, and the use of components with known vulnerabilities.

A threat group linked to Iran has targeted a U.S.-based research company whose services are used by businesses and government organizations, cybersecurity firm Intezer reveals. Specifically, Intezer's security researchers discovered a phishing document masquerading as an employee satisfaction survey tailored to Westat employees.

A recent spate of malicious, botnet-driven emails is using the coronavirus as a theme, according to telemetry from IBM X-Force and Kaspersky. "Previously, Japanese Emotet emails have been focused on corporate style payment notifications and invoices, following a similar strategy as emails targeting European victims," said the firm.