At the UNESCO Internet Governance Forum, French president Emmanuel Macron issued an initiative to set international Internet procedures for cybersecurity, including revealing tech vulnerabilities. Fifty nations, 90 nonprofits and universities and 130 private corporations and groups have endorsed the “Paris Call for Trust and Security in Cyberspace” — but not the United States. U.S. companies Google, Facebook, IBM, and HP signed on to the agreement, which outlines nine goals but doesn’t bind signatories legally to comply. Continue reading U.S. Does Not Sign France’s Cyberspace Security Agreement

Oregon Democratic Senator Ron Wyden drafted a data privacy bill akin to the recent General Data Protection Regulation (GDPR) legislation in Europe. Dubbed the Consumer Data Protection Act, Wyden’s bill would give users more control over selling and sharing their data, and would give the Federal Trade Commission authority to set privacy and security standards and fine those companies that do not protect consumer data. One provision is a “Do Not Track” feature that would allow people to opt out of being tracked. Continue reading Oregon Senator Proposes a Consumer Data Protection Bill

Apple chief executive Tim Cook is the latest and most prominent executive to call on Bloomberg to retract the claim that its technology supply-chain had been corrupted by Chinese surveillance microchips. According to two Bloomberg reports this month, Chinese spies infiltrated the technology supply chain with a surveillance microchip installed by Silicon Valley-based server company Supermicro. Those tiny chips ended up in the data center hardware of as many as 30 companies, including Amazon and Apple, added the report. Continue reading Apple’s Tim Cook Asks Bloomberg to Retract China Spy Story

As we reported last week, Bloomberg published a story claiming that China had secretly installed microchips on motherboards built by Supermicro that were used in data center servers of companies such as Apple and Amazon. In the first official response from the U.S. government, Homeland Security issued a statement indicating that it has “no reason to doubt” the denials issued by Apple, Amazon and Supermicro in the wake of the report. The Homeland Security statement is similar to comments released by the U.K.’s National Cyber Security Centre. Continue reading Government Backs Apple and Amazon Denials of Spy Chips

The Justice Department’s National Security Division claims that seven hackers suspected of working with Russia’s GRU military intelligence unit were part of a conspiracy to hack multiple organizations including the World Anti-Doping Agency, the Democratic National Committee, a nuclear energy company and several media outlets. The Fancy Bear cyber espionage group, also known as Sofacy or APT28, is accused of launching a disinformation campaign leading up to the 2016 U.S. presidential election, and “hacking to obtain non-public, health information about athletes and others in the files of anti-doping agencies in multiple countries.” Continue reading Justice Department Accuses Russian Spies of Cyberattacks

According to a Bloomberg Businessweek cover story today, Chinese spies infiltrated nearly 30 U.S. companies including Amazon and Apple by embedding tiny chips into servers in the technology supply chain. In 2015, malicious microchips were reportedly embedded in servers bound for U.S. companies, which resulted in compromised software used in numerous hardware devices. While the report cites former government officials and “senior insiders” at Apple, both Amazon and Apple — as well as motherboard manufacturer Supermicro and China’s Ministry of Foreign Affairs — have firmly disputed the findings. Continue reading China Reportedly Used Tiny Chips to Hack U.S. Companies

In its third security breach reported since June, Facebook announced on Friday that hackers had leveraged a security vulnerability in order to attack its computer network and access the personal accounts of about 50 million of its social platform users. In the two other breaches, hackers unblocked individuals that had been previously blocked by Facebook users, and users’ share settings were manipulated without permission. As a result of this latest breach, “the attackers could use the account as if they are the account holder,” according to Guy Rosen, VP product management for Facebook. Continue reading Facebook Reveals Another Attack on its Computer Network

The California State Legislature recently passed a bill called “Information Privacy: Connected Devices” that creates regulations for IoT devices sold in the United States. SB-327, which applies to all devices that connect to the Internet and include an Internet Protocol or Bluetooth address, would require that security audits be conducted on components purchased overseas. The bill is the first of its kind in the U.S. and has been forwarded to Governor Jerry Brown for his signature. While some have criticized the bill for not being specific or thorough enough, it could place pressure on manufacturers to offer better device-level protection against cyberattacks. Continue reading California Passes Security Bill to Regulate Connected Devices

The New Yorker posted a profile of Facebook founder/chief executive Mark Zuckerberg on its website, a week ahead of its September 17 print publication. The article, by New Yorker staff writer Evan Osnos asks if Facebook will “break democracy.” The profile describes Zuckerberg as someone who makes a distinction between feeling an emotion and acting on it through his business. He also states his opposition to government regulations, stressing that breaking Facebook into smaller companies would be a huge mistake. Continue reading Inside The New Yorker Profile on Facebook’s Mark Zuckerberg

Anti-piracy company Irdeto has revealed that P2P piracy is booming and still more popular than streaming in several countries. P2P traffic — mostly of the BitTorrent variety — continues to be a significant source of content for streaming portals hosting pirated content. Irdeto’s report comes at a time when Hollywood has focused its attention on streaming sites and services that distribute pirated content. Irdeto’s research examines web traffic to 962 piracy sites in 19 countries where P2P was the “dominant piracy tool.” Continue reading New Research Underlines the Ongoing Strength of P2P Piracy

Stating that it had detected a political influence campaign potentially targeting the midterm elections, Facebook removed 32 pages and fake accounts that were active around contentious issues across the political spectrum. One was a sequel to last year’s “Unite the Right” rally and another was a campaign to abolish ICE. Facebook was not able to link the pages to Russia, but officials did say that “some of the tools and techniques” were similar to those used by the Kremlin-linked Internet Research Agency (I.R.A.). Continue reading Facebook Deletes Fake Accounts in Windup to Next Elections

IBM now has a patent-pending, machine learning enabled watermarking process that promises to stop intellectual property theft. IBM manager of cognitive cybersecurity intelligence Marc Ph. Stoecklin described how the process embeds unique identifiers into neural networks to create “nearly imperceptible” watermarks. The process, recently highlighted at the ACM Asia Conference on Computer and Communications Security (ASIACCS) 2018 in Korea, might be productized soon, either within IBM or as a product for its clients. Continue reading IBM Creates Machine-Learning Aided Watermarking Process

To help its Amazon Web Services customers keep their data secure, the AWS Automated Reasoning Group is beta-testing two new tools, Zelkova and Tiros, which analyze security configurations, provide automated feedback on various set-ups and help administrators avoid mistakes that could endanger their data. Tiros focuses on checking for “unexpected access from the open Internet,” and Zelkova aids developers in understanding how permissive their setups are compared to existing infrastructure. Continue reading Amazon Web Services Testing Two ‘Provable’ Security Tools

Security solutions provider Quantum Base and England’s Lancaster University have developed a quantum random number generator that could become a major step in combatting cyberattacks. The generator can easily be embedded in electronic devices to provide quantum security for authentication. “We have created a small, low power device that produces pure random numbers,” explains Quantum Base CEO Phillip Speed. “It can be incorporated into any electronic product with little or no incremental cost once volume production is achieved.” Continue reading Team Builds Practical Quantum Random Number Generator

The Wi-Fi Alliance just unveiled WPA3, five months after it was first announced. The nonprofit organization that certifies Wi-Fi networking standards introduced a certification for two versions of WPA3, the successor standard to WPA2: WPA3-Personal and WPA3-Enterprise as well as Wi-Fi Easy Connect, a program that makes it easier to pair Wi-Fi devices without displays. Wi-Fi Alliance vice president of marketing Kevin Robinson dubs WPA3 as “the next generation of security for personal and enterprise networks.” Continue reading Wi-Fi Alliance Finalizes the WPA3 Wireless Security Protocol