Security News
The US subsidiary of China Telecom has filed an emergency appeal it hopes will prevent the impending revocation of the company's license to operate in the USA, which the The US Federal Communications Commission terminated in October on grounds the carrier is a national security threat. The FCC terminated China Telecom Americas Corporation's authority to provide telecom services within the USA on October 26, citing the telecom's potential for exploitation, influence and control by the Chinese government and other national security risks, such as the ability to access or disrupt US communication leading to espionage and other harmful activities.
US-sanctioned Positive Technologies has pointed out three vulnerabilities in Zoom that can be exploited to crash or hijack on-prem instances of the videoconferencing system. One of the trio of bugs is an input validation flaw, which can be abused by a malicious Zoom portal administrator to inject and execute arbitrary commands on the machine hosting the software.
The US Department of Education and Department of Homeland Security were urged this week to more aggressively strengthen cybersecurity protections at K-12 schools across the nation to keep up with a massive wave of attacks. For context on the impact of ransomware on US education institutions throughout 2021, ransomware attacks have disrupted education at roughly 1,000 universities, colleges, and schools since the start of the year, according to Emsisoft threat analyst Brett Callow.
The US Federal Trade Commission has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors' attempts to exploit vulnerabilities using social engineering or exploits targeting technology.The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA in this Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.
US President Joe Biden has signed The Secure Equipment Act yesterday, legislation that prevents US regulators from even considering the issuance of new telecom equipment licenses for companies deemed security threats - which means the likes of China's Huawei and ZTE. In October, the legislation was unanimously approved by the US Senate, while the House of Representatives passed it on a 420-4 vote. ZTE Corp and other Chinese tech companies, the bill itself specifies that this includes equipment that is listed in the Secure and Trusted Communications Networks Act of 2019.
Although the accommodation booking website reportedly asked the Dutch AIVD spy agency for help with the breach after its internal investigation identified "Andrew" as having connections to US spy agencies, it did not notify either its affected customers or data protection authorities in the Netherlands at the time, the newspaper allged. "When we asked for comment about the allegations, a Booking.com spokesperson told us:"With the support of external subject matter experts and following the framework established by the Dutch Data Protection Act, we confirmed that no sensitive or financial information was accessed.
New legislation introduced this week by US lawmakers aims to set ransomware attack response "Rules of road" for US financial institutions. If signed into law, the new bill will require US financial institutions impacted by a ransomware attack to notify the Director of the Treasury Department's Financial Crimes Enforcement Network with details on the attack and any associated ransom demands.
The Federal Bureau of Investigation warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations. According to the FBI, the threat actor will likely use the leaked data bought from clear and dark web sources to breach the systems of related organizations.
As the US season of giving thanks and turkey carnage approaches, let us reflect upon Microsoft's November Patch Tuesday, which has bestowed 55 CVEs and the promise of continued employment for the IT admins who have to clean up the recurring mess of software. "Historically speaking, 55 patches in November is a relatively low number," mused Zero-Day Initiative's Dustin Childs in a review of the bundle.
Digital driver's licenses should work the same way, according to privacy and security experts. Several states are moving forward with digital driver's licenses.