Security News

The US Supreme Court has quashed spyware maker NSO Group's argument that it cannot be held legally responsible for using WhatsApp technology to deploy its Pegasus snoop-ware on users' phones. Previously, the US Solicitor General filed an amicus brief [PDF] advising the Supreme Court not to hear the spyware developer's case, noting "NSO plainly is not entitled to immunity here."

In Brief The Federal Communications Commission plans to overhaul its security reporting rules for the telecom industry to, among other things, eliminate a mandatory seven-day wait for informing customers of stolen data and expand the definition of what constitutes an incident. In a unanimous 4-0 vote, the FCC published a notice of proposed rulemaking that Chairwoman Jessica Rosenworcel said is sorely overdue, as the current rules are more than 15 years old.

Remember quantum computing, and the quantum computers that make it possible? Quantum computing enthusiasts claim the performance improvements will be so dramatic that encryption keys that could once comfortably have held out against even the richest and most antagonistic governments in the world for decades.

The US government's New Year's resolution for 2023: no more TikTok at work. In an email to members and staff Tuesday, the Committee on House Administration banned the use of TikTok from House-managed mobile devices.

US regulators want to fine the operators of a claimed massive robocall operation almost $300 million that made more than 5 billion pre-recorded calls over three months early last year. Those five billion calls went to more than 500 million phone numbers between January and March 2021 in what the Federal Communications Commission called the largest robocall operation it has ever investigated.

The NASA Office of Inspector General has published its annual audit of the aerospace agency's infosec capabilities and practices, which earned an overall rating of "Not Effective." We could go on, but you get the idea: NASA infosec isn't great.

The United States Department of Commerce has added 36 Chinese companies or subsidiaries to its list of companies that cannot import certain US technologies without a license, citing national security, foreign policy interests, and the possibility that some might help already banned companies to evade restrictions. YMTC is already listed on the Department's Unverified List and is therefore unable to procure some US wafer fab equipment and other US-made technologies.

The US Department of Justice unsealed a 16-count indictment today accusing five Russians, an American citizen, and a lawful permanent US resident of smuggling export-controlled electronics and military ammunition out of the United States for the Russian government. Alexey Brayman, the lawful permanent US resident; and Vadim Yermolenko, the US citizen, were both apprehended in the United States.

The signature of a US Executive Order by President Biden on 7 October 2022, along with the regulations issued by US Attorney General Merrick Garland, agreed that access to personal data from Europe by US intelligence agencies would be limited to what is necessary and proportionate to protect national security. Under the Cloud Act, US law enforcement authorities can request personal data from US-based technology companies, regardless of the data's location, and this has been one of the key reasons data sharing with America is viewed as potentially not complying with EU privacy rules.

According to Cisco Talos, TrueBot malware now collects Active Directory information, which means it targets businesses with larger IT resources. In addition to targeting larger organizations, the malware is experimenting with new delivery methods: Netwrix Auditor bundled with the Raspberry Robin malware.