At a White House summit, President Joe Biden asked leaders of Apple, Google, JPMorgan Chase and other major companies to step up their response to cybersecurity threats. The administration, which estimated that about half a million cybersecurity jobs remain unfilled, said it would assist in developing new guidelines for secure technology and assess the security of existing technology. Google, Microsoft, and insurance companies Travelers and Coalition have already signed on to the initiative. Microsoft plans to invest $20 billion over the next five years to integrate cybersecurity into its products and Google revealed its own $10 billion commitment. Continue reading White House Cybersecurity Summit Brings Leaders Together

Post-pandemic, companies now must decide whether to allow their employees to continue to work remotely or require them to come to the office. Although staff did work at home for about one-and-a-half years without too many problems, it’s not clear if that scenario will transfer to a post-COVID world. The lockdown was an unusual circumstance, and bosses and workers were forced to be flexible. Now, some say a hybrid work environment is likely to be two-tiered, with on-site workers getting more access, networking opportunities, promotions and pay raises.

Continue reading Weighing the Challenges of a Post-COVID Hybrid Workplace

The Federal Trade Commission (FTC), under the new leadership of chairperson Lina Khan, voted unanimously to enforce Right to Repair legislation. The vote will ensure that U.S. consumers will be able to repair their own electronic and automotive devices. The FTC published a report in May excoriating manufacturers for not adhering to the Right to Repair rules, one of them the Magnuson-Moss Warranty Act. The Right to Repair movement has been led by the U.S. Public Interest Research Group and iFixit, among others. Continue reading The FTC Votes Unanimously to Support Right to Repair Laws

The Cyberspace Administration of China, an agency set up by President Xi Jinping that reports to a leadership group he chairs, increased interagency oversight of companies traded in the United States and elsewhere overseas. The agency also will harden rules related to domestic companies listed on foreign stock exchanges and better coordinate various regulators. That lack of coordination was apparent in DiDi Global’s IPO last month, which was supported by financial regulators but tagged by the country’s cybersecurity regulator. Continue reading China Cyberspace Agency Tightens Rules on Foreign Listings

Beijing-based ByteDance, parent company of social video app TikTok, which was valued at $180 billion in December, indefinitely put plans on hold for a public offering. The company had been considering an IPO in the United States or Hong Kong but its founder and CEO Zhang Yiming changed his mind after meeting with China’s cyberspace and security regulators who reportedly told him to focus on data-security risks and other issues. Another reason for holding off is that the company did not have a chief financial officer at the time. Continue reading ByteDance Pauses its IPO After Meeting with Chinese Officials

New York City just opened its Cyber Critical Services and Infrastructure (CCSI) Project, a real-time operational center to protect the metropolitan area against cyberattacks. Located in lower Manhattan, the center shares intelligence with 282 partners, including the New York Police Department (NYPD), Amazon, International Business Machines (IBM), the Federal Reserve Bank and several New York healthcare systems. The anti-cybercriminal effort started two years ago but has been entirely virtual until now. Continue reading New York Is First City to Open a Cyberattack Defense Center

The U.S. Commerce Department’s Commercial Law Development Program (CLDP) is leading a program to encourage nations to avoid gear from Chinese companies Huawei and ZTE in building their own 5G networks. The workshops on how to do so, combined with a handbook and some financial incentives, are aimed at legislators in Central and Eastern Europe as well as developing countries around the world. The handbook will include case studies of how the United Kingdom, for example, deployed 5G without Chinese equipment. Continue reading U.S. Offers Incentives for Countries to Avoid China’s 5G Gear

The FBI is investigating 100 ransomware variants, stated director Christopher Wray, who revealed that many of them trace back to Russian hackers. He noted that the cyberattacks share “a lot of parallels … a lot of importance, and a lot of focus by us on disruption and prevention” with the September 11 terrorist attacks. Most recently, a ransomware attack on Colonial Pipeline cost its operators $4.4 million to regain control and restore services (however, federal authorities recovered $2.3 million in cryptocurrency yesterday). Another attack targeted JBS, the world’s largest meat processing company.  Continue reading FBI Director Raises Alarm Over Ransomware Threats to U.S.

Forescout Research Labs and JSOF researchers have discovered nine security flaws in four commonly used TCP/IP stacks that make 100+ million devices vulnerable to attack. The set of flaws, dubbed Name:Wreck, mainly impact Internet of Things (IoT) products and IT management servers. The TCP/IP stacks that integrate network communication protocols to connect devices and the Internet are found in operating systems such as the open-source FreeBSD and Siemens’ Nucleus NET. An attacker could crash a device, take it offline or gain control of it. Continue reading Millions of IoT Devices Open to Attack Due to Security Flaws

MIT Technology Review Insights and cybersecurity firm Darktrace published a survey of 300+ worldwide C-level executives, directors and managers that reveals 96 percent are adopting “defensive AI” against AI-driven attacks. Of this cohort, 55 percent said traditional security solutions aren’t able to anticipate such AI-driven attacks. Defensive AI is comprised of self-learning algorithms that recognize normal user, device and system patterns and can spot anomalies. Gartner reported that global spending on IT will reach $4.1 trillion this year. Continue reading C-Suite Trends: Spending on Defensive AI, IT to Rise in 2021

President Joe Biden is working on a draft executive order to require companies doing business with the federal government to report hacks within a few days. Homeland Security secretary Alejandro Mayorkas stated the order would also require the companies to use data encryption and two-factor authentication and would combat ransomware and improve protection for industrial control systems, transportation and election security. The SolarWinds hack has prompted the government to pay closer attention to cybersecurity. Continue reading Biden to Issue Executive Order Upgrading U.S. Cybersecurity

University of Toronto’s cybersecurity group The Citizen Lab just released a report with the finding that TikTok’s underlying code does not pose a threat to U.S. national security. Former president Donald Trump and leaders in other countries accused ByteDance’s TikTok of spying for China but The Citizen Lab, which reports on censorship and surveillance by Chinese social media apps, found no evidence of “overtly malicious behavior.” However, they added that there could be undiscovered security issues. Continue reading New Report Finds TikTok Does Not Pose a U.S. Security Risk

Facebook’s Red Team is tasked with spotting vulnerabilities on the platform before hackers do. Many tech companies have similar red teams but, at Facebook, Red Team manage Nat Hirsch and his colleague Vlad Ionescu saw an opportunity to do more after COVID-19 hit. Established last spring and headed by Ionescu, Facebook’s Red Team X both works independently with its internal, original Red Team and looks into weaknesses of third-party products that represent a potential threat to its own platform. Continue reading Facebook’s Red Team X Finds Bugs in Third Party Products

Russia and China recently ran sophisticated hacks from servers inside the United States, going undetected by the National Security Agency, which is prohibited from conducting surveillance in the U.S., as well as the FBI and Department of Homeland Security. Private computer security firms were the first to raise the alarm on these foreign attacks, and Microsoft reported that its patches are being reverse-engineered by criminal groups to launch ransomware attacks on corporations. The White House is paying attention. Continue reading Cybersecurity: White House Pursues Public-Private Alliances

The SolarWinds hack invaded at least nine U.S. government agencies and 100+ corporations. Now, Microsoft is at odds with Dell Technologies and IBM on the best way to secure data. Microsoft president Brad Smith stated that “cloud migration is critical to improving security maturity,” but the other two companies opine that a hybrid cloud and on-premise data storage is preferable. Smith stated that all the breached accounts Microsoft identified involved on-premise systems and that a hybrid system is more vulnerable to attacks. Continue reading After SolarWinds Hack, Big Tech Debates Cloud Data Security