Security News

Some states have enacted privacy laws, and the federal government has enacted industry-specific laws - HIPAA, Gramm-Leach-Bliley Act and FCRA - but there is no single, homogeneous enforceable set of data privacy guidelines that all US companies are required to follow. With the emergence of stronger privacy laws abroad, the absence of national data privacy regulation in the US is making it harder for US companies to compete for global partners.

Director of National Intelligence John Ratcliffe announced that the US Space Force is the ninth Department of Defense component to join the US Intelligence Community. "Today, we took action to elevate space intelligence missions, tradecraft, and collaboration to ensure the success of the Space Force, the Intelligence Community, and ultimately our National Security," Chief of Space Operations Gen. John W. Raymond said.

The SolarWinds hack exposed sealed US court documents - which could have a serious effect on Western sanctions against state-backed hackers. Infosec journalist Brian Krebs reported a US Courts Administrative Office statement about the impact of the Russian-backed SolarWinds hack, quoting an anonymous source as saying that the agency was "Hit hard".

The Administrative Office of the U.S. Courts is investigating a potential compromise of the federal courts' case management and electronic case files system which stores millions of highly sensitive and confidential judiciary records. US Judiciary is also working on immediately adding extra safeguards and security procedures to protect the highly sensitive court documents filed with the courts.

The United States has pinned the blame on Russia for a devastating cyberattack campaign that has hit government agencies and corporations across the country. In a joint statement, the agencies said that the work "Indicates that an Advanced Persistent Threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks." Further, the group said it believes the incident was designed as an intelligence gathering effort, which means a surveillance operation aimed at finding confidential and sensitive information.

The US Department of Justice said that the attackers behind the SolarWinds supply chain attack have gained access to roughly 3% of the department's Office 365 email inboxes. The Justice Department currently employs over 115,000 people [1, 2] which translates to around 3450 potentially breached mailboxes.

President Donald Trump has signed an executive order banning transactions with eight Chinese apps including Alipay and WeChat Pay in an escalation of a trade war that has been unfolding through most of his term. The orders follow two others Trump signed in August banning dealings with the popular video app TikTok as well as the main WeChat messaging app.

Top national security agencies confirmed Tuesday that Russia was likely responsible for a massive hack of U.S. government departments and corporations, rejecting President Donald Trump's claim that China might be to blame. The agencies made clear the Russian operation was "Ongoing" and indicated the hunt for threats was not over.

The Cyber Unified Coordination Group said today that a Russian-backed Advanced Persistent Threat group is likely behind the SolarWinds hack. The UCG was established by the National Security Council after the SolarWinds supply chain attack to help the intelligence agencies better coordinate the government's response efforts surrounding this ongoing espionage campaign.

A U.S.-funded center in Cyprus will help train officials from countries in the eastern Mediterranean region and the Middle East on the latest techniques in border, customs, maritime and cyber security, the acting head of the U.S. Department of Homeland Security said on Monday. Chad Wolf said the $5 million Cyprus Center for Land, Open-Seas, and Port Security will incorporate a mobile facility to instruct officials on how to best protect their key infrastructure and take part in cross-border cyber investigations.