Security News

China Telecom's US arm sues in last-ditch bid to retain license
2021-11-16 06:15

The US subsidiary of China Telecom has filed an emergency appeal it hopes will prevent the impending revocation of the company's license to operate in the USA, which the The US Federal Communications Commission terminated in October on grounds the carrier is a national security threat. The FCC terminated China Telecom Americas Corporation's authority to provide telecom services within the USA on October 26, citing the telecom's potential for exploitation, influence and control by the Chinese government and other national security risks, such as the ability to access or disrupt US communication leading to espionage and other harmful activities.

America, when you're done hitting us with the ban hammer, see these on-prem Zoom vulns, says Positive
2021-11-15 20:27

US-sanctioned Positive Technologies has pointed out three vulnerabilities in Zoom that can be exploited to crash or hijack on-prem instances of the videoconferencing system. One of the trio of bugs is an input validation flaw, which can be abused by a malicious Zoom portal administrator to inject and execute arbitrary commands on the machine hosting the software.

US Education Dept urged to boost K-12 schools' ransomware defenses
2021-11-14 15:00

The US Department of Education and Department of Homeland Security were urged this week to more aggressively strengthen cybersecurity protections at K-12 schools across the nation to keep up with a massive wave of attacks. For context on the impact of ransomware on US education institutions throughout 2021, ransomware attacks have disrupted education at roughly 1,000 universities, colleges, and schools since the start of the year, according to Emsisoft threat analyst Brett Callow.

FTC shares ransomware defense tips for small US businesses
2021-11-12 17:14

The US Federal Trade Commission has shared guidance for small businesses on how to secure their networks from ransomware attacks by blocking threat actors' attempts to exploit vulnerabilities using social engineering or exploits targeting technology.The first step businesses are advised to take to fend off such attacks is to ensure their tech teams follow the best practices outlined by CISA in this Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.

There's no Huawei back now: Biden signs law that forbids US buyers acquiring kit on naughty list
2021-11-12 04:26

US President Joe Biden has signed The Secure Equipment Act yesterday, legislation that prevents US regulators from even considering the issuance of new telecom equipment licenses for companies deemed security threats - which means the likes of China's Huawei and ZTE. In October, the legislation was unanimously approved by the US Senate, while the House of Representatives passed it on a 420-4 vote. ZTE Corp and other Chinese tech companies, the bill itself specifies that this includes equipment that is listed in the Secure and Trusted Communications Networks Act of 2019.

Dutch newspaper accuses US spy agencies of orchestrating 2016 Booking.com breach
2021-11-11 20:07

Although the accommodation booking website reportedly asked the Dutch AIVD spy agency for help with the breach after its internal investigation identified "Andrew" as having connections to US spy agencies, it did not notify either its affected customers or data protection authorities in the Netherlands at the time, the newspaper allged. "When we asked for comment about the allegations, a Booking.com spokesperson told us:"With the support of external subject matter experts and following the framework established by the Dutch Data Protection Act, we confirmed that no sensitive or financial information was accessed.

New bill sets ransomware attack response rules for US financial orgs
2021-11-11 13:54

New legislation introduced this week by US lawmakers aims to set ransomware attack response "Rules of road" for US financial institutions. If signed into law, the new bill will require US financial institutions impacted by a ransomware attack to notify the Director of the Treasury Department's Financial Crimes Enforcement Network with details on the attack and any associated ransom demands.

FBI warns of Iranian hackers looking to buy US orgs’ stolen data
2021-11-10 21:30

The Federal Bureau of Investigation warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations. According to the FBI, the threat actor will likely use the leaked data bought from clear and dark web sources to breach the systems of related organizations.

Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws
2021-11-09 21:07

As the US season of giving thanks and turkey carnage approaches, let us reflect upon Microsoft's November Patch Tuesday, which has bestowed 55 CVEs and the promise of continued employment for the IT admins who have to clean up the recurring mess of software. "Historically speaking, 55 patches in November is a relatively low number," mused Zero-Day Initiative's Dustin Childs in a review of the bundle.

Digital driver's licenses: Are they secure enough for us to trust?
2021-11-09 18:01

Digital driver's licenses should work the same way, according to privacy and security experts. Several states are moving forward with digital driver's licenses.