Security News

Lawyers for WikiLeaks founder Julian Assange on Monday failed to persuade a British judge to throw out new US allegations against him, as he resumed his fight to avoid extradition to the United States for leaking military secrets. Inside, Assange's lawyers sought to "Excise" new allegations lodged by Washington in recent weeks, saying they had not had time to formulate a proper response.

The United States has revoked visas of more than 1,000 Chinese students and researchers under an order by President Donald Trump that accused some of them of espionage, the State Department said Wednesday. Trump, in a May 29 proclamation as tensions rose with Beijing on multiple fronts, declared that some Chinese nationals officially in the United States for study have stolen intellectual property and helped modernize China's military.

Space systems and their supporting infrastructure, including software, should be developed and operated using risk-based, cybersecurity-informed engineering. Space systems should be developed to continuously monitor, anticipate,and adapt to mitigate evolving malicious cyber activities that could manipulate, deny, degrade, disrupt,destroy, surveil, or eavesdrop on space system operations.

A Swiss federal commissioner announced Tuesday that a U.S.-Swiss program aimed to protect personal information exchanged between the two countries doesn't go far enough, and has downgraded the United States to rank it as a country deemed to have inadequate data protection. Federal Data Protection and Information Commissioner Adrian Lobsiger, in a new policy paper, recommends that Swiss companies or government should disclose personal data to the U.S. only if safeguards are put in place to protect people from prying U.S. authorities.

September sees a bundle of 129 CVE-listed flaws patched by Microsoft. Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says that far and away the most serious is CVE-2020-16875, a memory object error in Exchange Server that allows a poisoned email to execute code with System clearance.

The US Federal Communications Commission says that performing a full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn in total. According to the FCC, the $1.837bn figure is the cost to the carriers themselves as they remove and replace their Huawei and ZTE hardware with gear from other vendors who have been approved by the government.

Voatz, the maker of a blockchain-based mobile election voting app pilloried for poor security earlier this year, has urged the US Supreme Court not to change the 1986 Computer Fraud and Abuse Act, a law that critics say inhibits security research because it's overly broad. The app maker filed an amicus brief [PDF] on Thursday in Van Buren v. United States in support of the US government, which seeks to uphold the 2017 conviction of former Georgia police officer Nathan Van Buren under the CFAA. Van Buren was convicted of violating the CFAA for conducting a computer search for a license plate number. Coincidentally, its app was slammed in February by computer scientists for a variety of security flaws.

It's been a long time coming, and while some might view the decision as a slap for officials that defended the practice, the three-judge panel said the part played by the NSA programme wasn't sufficient to undermine the convictions of four individuals for conspiring to send funds to Somalia in support of a terrorist group. Snowden made public the existence of the NSA data collection programmes in June 2013, and by June 2015 US Congress had passed the USA FREEDOM Act, "Which effectively ended the NSA's bulk telephony metadata collection program," according to the panel.

Facebook on Tuesday said that it caught a budding Russia-linked campaign to fuel political chaos in the US, working off a tip from the FBI in its latest take-down of coordinated inauthentic behavior at the leading social network. The network of 13 Facebook accounts and two pages posing as journalists and targeting left-wing progressives was removed for violating a policy against "Foreign interference" at the platform.

A British citizen has been extradited to the US to face charges he oversaw a series of business email compromise attacks to steal over $2m from unwary accounts departments and individuals. It is said the crew used combinations of stolen personal information, spoofed phone numbers, fake email accounts, and even voice-altering software to contact bank staff and con them into handing over control of accounts by posing as legit customers.