Security News

US mobile carriers know a lot about where their customers are located, and according to letters sent to the Federal Communications Commission, they routinely store such data for years, willingly hand it over to law enforcement if served a proper subpoena, and say users can't opt out. News that cellular carriers are storing sensitive location data isn't surprising given previous actions taken against AT&T, Verizon, T-Mobile US and Sprint by the FCC in 2020 for selling location data to third parties.

To find out how current CISOs landed in that role, their aspirations, the compensation they receive, and which risks they face and responsibilities they shoulder, analysts with international executive search firm Heidrick & Struggles have asked 327 CISOs to participate in their 2022 Global CISO Survey. Who reports to CISOs and to whom do the CISOs report?

The U.S. Federal Trade Commission announced today that it filed a lawsuit against Idaho-based data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices. The company provides access to consumers' location data through a data feed its clients can access via online data marketplaces after paying for a $25,000 subscription.

TikTok has joined Twitter in publishing new US midterm misinformation rules, with considerable crossover in scope and style. Eric Han, TikTok's head of US safety, shared in a blog post that the social video platform is taking a variety of steps to provide access to authoritative information and counter election misinformation.

Conti is the name of a well-known ransomware gang - more precisely, what's known as a ransomware-as-a-service gang, where the ransomware code, and the blackmail demands, and the receipt of extortion payments from desperate victims are handled by a core group. About two years ago, the REvil ransomware gang put up a cool $1,000,000 as front money in an underground hacker-recruiting forum, trying to entice new affiliates to join their cybercriminal capers.

The US government is putting a face on a claimed member of the infamous Conti ransomware group as part of a $10 million reward for information about five of the gang's crew. "The reward notice included the aliases of the alleged attackers -"Tramp," "Dandis," "Professor,"Reshaev," and "Target" - and came with a photo of a man and a message underneath it that said, "Is this the Conti associate known as 'Target'?".

The U.S. State Department announced a $10 million reward today for information on five high-ranking Conti ransomware members, including showing the face of one of the members for the first time. Today, for the first time, the State Department revealed the face of a known Conti ransomware operator known as 'Target,' offering rewards of up to $10 million for information on him and four other members known as 'Tramp,' 'Dandis,' 'Professor,' and 'Reshaev.

Password security is only as strong as the password itself. Let's look at the Zola breach and why it emphasizes the need for organizations to bolster their password security and protect against various types of password attacks.

It's time to reorganize the US government and create a new agency focused solely on on digital risk management services, according to former CISA director Chris Krebs. Or, if that's too ambitious for Uncle Sam, Krebs proposed to at least pull CISA out of the Department of Homeland Security and make it a sub-cabinet agency that's allowed to operate independently.

With the world's largest collection of security folk gathering in Las Vegas for Black hat there are encouraging signs that the US government might actually be getting smarter about hiring. Katie Moussouris, founder of Luta Security, knows a thing or six about recruiting new security talent and was invited to the White House last month to help advise on policy.