Security News

The US House of Representatives has passed a bill that would prohibit data brokers from selling Americans' data to foreign adversaries with an unusual degree of bipartisan support: It passed without a single opposing vote. The Protecting Americans' Data from Foreign Adversaries Act of 2024 was introduced in the house earlier this month alongside the recently-passed TikTok ban bill and gives the Federal Trade Commission authority to go after any data broker that sells PII to North Korea, Russia, China or Iran, or any company controlled by those countries.

The United States House of Representatives on Wednesday passed the Protecting Americans from Foreign Adversary Controlled Applications Act - a law aimed at forcing TikTok's Chinese parent ByteDance to sell the app's US operations or face the prospect of a ban. The bill names only TikTok as a "Foreign adversary controlled application" and prohibits "Providing services to distribute, maintain, or update" the app - including by offering it for sale in an app store.

The Biden Administration has asked a court, rather than Congress, to renew controversial warrantless surveillance powers used by American intelligence and due to expire within weeks. US Senator Ron Wyden railed at the US Department of Justice's decision to seek a year-long extension of Section 702 of the Foreign Intelligence Surveillance Act, which is set to end in mid-April unless Congress reauthorizes it.

Chinese attackers are preparing to "Wreak havoc" on American infrastructure and "Cause societal chaos" in the US, infosec, and law enforcement bosses told a US House committee on Wednesday. The hearing coincided with the FBI's confirmation that it obtained search warrants and issued a remote kill command to wipe Volt Typhoon's botnet after the Chinese crew infected hundreds of end-of-life routers and attempted to break into American critical infrastructure targets.

Nearly all of the FBI's technical intelligence on malicious "Cyber actors" in the first half of this year was obtained via Section 702 searches, according to FBI Director Christopher Wray. With the controversial FISA amendment set to expire at the end of the year, unless Congress reauthorizes the snooping clause, Wray has been making the rounds and delivering the same message: the FBI "Cannot afford to lose" Section 702.

NSA director General Paul Nakasone told the Privacy and Civil Liberties Oversight Board yesterday that the loss of Section 702 of the Foreign Intelligence Surveillance Act would mean American spies would "Lose critical insights into the most significant threats to our nation" if allowed to lapse on December 31. In his speech, Nakasone said Section 702 is "Irreplaceable," and he provided several stories of the FBI and NSA cooperating using the law to stop terrorist plots and online attacks to justify his claim.

"Ransomware payments in the U.S. have totaled more than $1 billion since 2020. Most notably, this past May, a Russian ransomware attack forced Colonial Pipeline to shut down oil supplies to the eastern United States before the company paid hackers. As disruptive as this hack was, it pales in comparison to what would happen if America's critical financial infrastructure were to be taken offline," he said. "That's why I'm introducing the Ransomware and Financial Stability Act of 2021. This bill will help deter, deny and track down hackers who threaten the financial institutions that make the day-to-day economic activity possible. The legislation will also provide long-overdue clarity for financial institutions that look to Congress for rules of the road as ransomware hacks intensify."

The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind the FBI's decision to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks. "To understand the FBI's decision, the lawmakers are requesting a briefing from the FBI on its legal and policy rationale for withholding the ransomware key, as well as the FBI's overall strategy for addressing, investigating, preventing, and defeating ransomware attacks," the Committee said in a press release on Wednesday.

A senior Chief Information Security Officer advisor at Cisco has penned a commentary on the state of US cybersecurity frameworks, criticizing current government infosec and advocating for more autonomy for CISOs and a better understanding of the task at hand from those creating policies. "After nearly two decades of federal cybersecurity and risk management as practiced under the rubric of the Federal Information Security Management Act of 2002 and the Federal Information Security Modernization Act of 2014, billions of dollars in appropriated federal cybersecurity funding have not appreciably improved the overall situation," wrote Bruce Brody.

announced the keynote line-up for its eleventh annual² Security Congress held in-person in Orlando, Florida and online from October 18-20, 2021. Together, these² Security Congress 2021 keynote speakers tell a story of resilience, opportunity and inspiration in the face of unprecedented global, personal and security disruption.