Security News

US officials on Wednesday stepped up warnings about the potential security risks from the fast-growing, Chinese-owned TikTok as a lawmaker unveiled legislation to ban the social media app from government devices. Senator Josh Hawley, who convened the hearing, said he was introducing a bill to ban TikTok from all US government devices, calling it "a major security risk for the American people."

The U.S. Department of Justice's Cybersecurity Unit has released guidelines for organizations that want to gather cyber threat intelligence from dark web forums/markets but, at the same time, want to stay on the right side of the law. The document focuses on "Information security practitioners' cyber threat intelligence-gathering efforts that involve online forums in which computer crimes are discussed and planned and stolen data is bought and sold. It also contemplates situations in which private actors attempt to purchase malware, security vulnerabilities, or their own stolen data-or stolen data belonging to others with the data owners' authorization-in Dark Markets."

It looks like Switchzilla is moving swiftly to clear up the Krook bug discovered by ESET. Just hours after the researchers delivered their findings in a report, Cisco gave its own advisory on the Wi-Fi data snooping flaw. Missing C++ update opens security hole in Ubuntu 16.04.

US lawmakers have passed legislation offering $1 billion to help telecom carriers "Rip and replace" equipment from Chinese tech firms Huawei and ZTE amid national security concerns. To allay concerns over the impact for small telecom carriers, the bill provides funds to subsidize the removal of equipment "That poses a national security risk" for firms with fewer than two million customers, according to the text.

The Federal Communications Commission Friday proposed fines against the nation's four largest wireless carriers for selling real-time mobile phone location data without taking reasonable measures to protect against unauthorized access to that information. In Friday statement, Paj said: "The FCC has long had clear rules on the books requiring all phone companies to protect their customers' personal information. And since 2007, these companies have been on notice that they must take reasonable precautions to safeguard this data and that the FCC will take strong enforcement action if they don't. Today, we do just that. This FCC will not tolerate phone companies putting Americans' privacy at risk."

Mozilla has said it plans to make a privacy technology called DNS-over-HTTPS the default setting for US users of Firefox within weeks. Although not a perfect shield against DNS snooping, DoH makes that a lot harder.

73% of government employees are concerned about impending ransomware threats to cities across the country, and more employees fear of cyberattacks to their community than natural disasters and terrorist attacks, an IBM survey has revealed. Data in the new Harris Poll found ransomware attacks might be even more widespread, with 1 in 6 respondents disclosing their department was impacted by a ransomware attack.

Attackers shouldn't have been able to remove sensitive data like Social Security numbers from military networks, according to cybersecurity experts. Joe Lareau, senior security engineer, Exabeam, said that as political tensions around the globe continue to rise, government agencies have to be vigilant and create modern security systems that can handle a variety of attacks.

British spies are once again stipulating that tech companies break their encryption so life is made easier for state-sponsored eavesdroppers. The head of the domestic spy agency, Sir Andrew Parker, demanded that companies such as Facebook compromise the security of their messaging products so spies could read off the contents of messages at will.

Russia wants to watch Americans "Tear ourselves apart" as the United States heads toward elections, an FBI official warned Monday. Porter spoke at an election security conference on Capitol Hill just days after conflicting accounts emerged of a closed-door briefing intelligence officials had given to House lawmakers on threats from Russia and other nations in the 2020 election.