A coding slip up made by social media site Parler offers practical lessons to the broader security community about the reputation fallout and even legal and competitive ramifications that can come with a failure in security protocols. This week, users of Parler learned researcher had archived nearly all the posts
Author: Joe Uchill
The 2020 SolarWinds reality check: As cleanup continues, community considers implications
What might go down as the most consequential story of the year for the cybersecurity community only surfaced in December, despite the alarming realization that the SolarWinds supply chain hacking took place months before. Cybersecurity experts predict years of clean up, both physical and political, from the infiltration attributed to Russia, which
Treasury asks financial sector to watch out for COVID vaccine scams, ransomware
The United States Treasury’s Financial Crime Enforcement Network (FinCEN) asked the financial sector to watch for and report evidence of COVID-19 vaccine fraud, ransomware and other scams. In a notice sent out Monday, FinCEN detailed for banks or other financial services organizations potential issues, asking the sector to be particularly
Does SolarWinds change the rules? The timing may matter
President Elect Joe Biden could shift resources from the offensive cyber operations to the defensive side, devoting significant federal resources to researching and defending critical infrastructure and critical supply chain components like SolarWinds. (Adam Schultz / Biden for President) In the same way that 9/11 led to substantial changes to how
Sacramento turns COVID layoffs into a cyber training opportunity
COVID-19 has caused devastating unemployment. Moody’s estimates it could take until 2024 to recover the 22 million jobs lost. A highly motivated workforce is now stuck at home with no work. The city of Sacramento saw this as an opportunity. There, same as so many other locations across the country, cybersecurity jobs remain unfilled. In fact, the growth in
Amnesia-33 vulnerabilities affect 158 vendors, millions of devices
Thirty-three vulnerabilities in open-source TCP/IP stacks often buried deep in internet-connected devices may cause years of issues for hundreds of manufacturers, and business and home customers alike. Further complicating matters, manufacturers who are affected may not immediately know their devices are at risk. The package of vulnerabilities, discovered by researchers
Potential national cybersecurity director inches towards reality
Incoming president Joe Biden will likely have a new post to fill: national cybersecurity director. The final draft of the National Defense Authorization Act, one of the few true must-pass annual bills, contains a provision calling for a Senate-confirmed position to orchestrate cyber strategy and coordinate incident response. The position would, in theory, serve an important role in cooperative efforts between government and
Home Depot settles with state AGs for 2014 point-of-sale hack
A Home Depot storefront (Mike Mozart from Funny YouTube, USA – Home Depot, CC BY 2.0, via Wikimedia Commons). Home Depot settled with the attorneys general of 45 states and the District of Columbia over a 2014 point-of-sale systems hack, agreeing to pay $17.5 million, states announced Tuesday. The Home Depot
In an unusual move, Mozilla asks for public comment about global browser privacy setting
Browser heavyweight Mozilla is asking for public comments as it continues its international rollout of DNS over HTTPS (DoH) as a simplified browser setting – a rare move for a security feature that launched with minimal incident with a near-complete rollout in United States. “We’re in listening mode. When you
Crypto company offers bounty to hackers that stole $2M – a slap in the face to threat researchers
Akropolis.io, a cryptocurrency loan and investment platform, offered hackers that stole the equivalent of $2 million from the service, $200,000 to return the money. The decision, say experts, sets a bad precedent that might destabilize an important security tool. Over the weekend, Akropolis posted an open letter to the hacker