Security News

In an impeccable instance of horrible timing, the US government's Department of Health and Human Services says it fended off a cyberattack by online scumbags. The attack - presumably not a load of citizens hitting Uncle Sam's web servers looking for information - did not, we're told, have had any serious impact on operations, but with American's desperate for information about the coronavirus pandemic, the attempted takedown came at the worst possible time.

The U.S Department of Health and Human Services was the victim of a cyberattack on Sunday as the federal government attempts to deal with the coronavirus crisis, according to a report from Bloomberg. "The U.S. Health & Human Services fell victim to a Distributed Denial of Service attack yesterday when several endpoints controlled by a nation-state attacked their networks," Stephen Boyce, principal consultant at risk management and digital forensics firm Crypsis Group, said.

Three surveillance powers available to the U.S. government are set to temporarily expire Sunday after a trio of senators opposed a bipartisan House bill that would renew the authorities and impose new restrictions. The three senators, longtime critics of government surveillance, said the House bill would still give the government too much power to surveil Americans.

Despite recent revelations that the process by which the FBI and NSA gain approval for spying on US citizens is open to abuse, the US Congress is again planning to reauthorize the USA Freedom Act that gives those measures their legal foundation. The situation is similar to two years ago, when a group of senators fiercely opposed the reauthorization of another flawed spying program without significant reforms, but were defeated when it was attached to an end-of-year spending bill: something critics characterized as "An end-run around the Constitution."

The US needs a top-level cybersecurity coordinator and a better strategy of "Deterrence" to protect against hackers and other cyber threats, a congressionally mandated commission said Wednesday. The bipartisan panel which included lawmakers and private sector experts made more than 80 recommendations ranging from reforms in the executive and legislative branches to better cooperation with allies to secure cyberspace.

Match Group, the parent company of dating apps such as Tinder, on Tuesday publicly endorsed a US bill others in the tech industry fear will erode online privacy and speech in the name of fighting child abuse. US senators unveiled the bipartisan measure last week, aiming to curb images of child sex abuse by forcing tech platforms to cooperate with law enforcement on encryption or risk losing the legal immunity for what is posted on their websites.

82% of women in cybersecurity jobs agree the industry has a gender bias problem. A significant gender gap exists in cybersecurity, with women occupying less than a quarter of the roles.

The process of constructing a holistic policy-based identity management solution can be difficult and overly complex, especially in the sensitive hospital environment with myriad identities. An integrated identity ecosystem provides a unified view across both cyber and physical security system; improving the overall hospital experience.

UNITED NATIONS - The United States, United Kingdom and Estonia accused Russia's military intelligence Thursday of conducting cyber attacks against the Georgian government and media websites in an attempt "To sow discord and disrupt the lives of ordinary Georgians." Estonian Ambassador Sven Jurgenson read a statement afterward, flanked by UK Ambassador Karen Pierce and acting U.S. deputy ambassador Cherith Norman Chalet, saying the cyber attacks "Are part of Russia's long-running campaign of hostile and destabilizing activity against Georgia and are part of a wider pattern of malign activity."

The updates were pulled, and we are waiting to see if Microsoft re-releases a more comprehensive fix this patch Tuesday. The advisory specifically stated, "The March 10, 2020 and updates in the foreseeable future will not make changes to LDAP signing or LDAP channel binding policies or their registry equivalent on new or existing domain controllers." These features will be included in the March Patch Tuesday updates, so take advantage and enable them.