Security News > 2020

A bipartisan group of U.S. senators has introduced legislation that would require the Department of Homeland Security to appoint cybersecurity leaders in each state to help combat growing cyberthreats against units of local government. The Cybersecurity State Coordinator Act of 2020 aims to strengthen state and local governments' response to cybersecurity incidents in a timely manner as well as ensure that threat intelligence is better shared between the state and federal governments, the backers say.

Apple has published its latest transparency report, which provides details on the number of government requests the tech company received during the first half of 2019. Between January 1 and June 30, 2019, Apple received from governments device-based requests, financial identifier-based requests, and account-based requests.

Though SpyCloud helped bring this particular criminal to justice, these tactics are common in targeted attacks. Targeted attacks are manual, creative, and elusive, making them one of the most difficult aspects of security and risk management.

The New York Times has a long story about Clearview AI, a small company that scrapes identified photos of people from pretty much everywhere, and then uses unstated magical AI technology to identify people in other photos. His tiny company, Clearview AI, devised a groundbreaking facial recognition app.

The National Institute of Standards and Technology last week announced version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks. NIST published a preliminary draft of the Privacy Framework in September 2019, when it requested public feedback.

Password manager LastPass appears to have had a big night out on Friday, to the point where the service needed a lengthy lie down over the weekend. LastPass since three days I can't log-in, getting message "An error has occurred while contacting the LastPass server. Please try again later."

Citrix has started rolling out security patches for the recently revealed Citrix Application Delivery Controller and Citrix Gateway vulnerability. The issue impacts versions 13.0, 12.1, 12.0, 11.1, and 10.5 of both Citrix ADC and Gateway.

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers. The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.

The FBI has seized the domain for WeLeakInfo.com, a site that sold breached data records, after a multinational effort by law enforcement. The FBI and the District of Columbia explained that the site had harvested over 12 billion records from over 10,000 data breaches, including names, email addresses, usernames, phone numbers, and passwords.

So said Shelby Pierson, the election security threats executive for the Office of the Director of National Intelligence, speaking at an Election Assistance Commission event earlier this month. It's probably a good idea for the FBI to warn local and state election officials of hacking attempts, and last week, it announced just that.