Responding to a government assessment of recent cyberattacks, Microsoft CEO Satya Nadella issued a company-wide memo prioritizing security. “If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security,” the executive wrote. “In some cases, this will mean prioritizing security above other things we do, such as releasing new features or providing ongoing support for legacy systems,” Nadella added. The escalation sees Microsoft expanding the scope of its Secure Future Initiative based on government recommendations and insights gained from breaches linked to state-sponsored Russian hackers. Continue reading Microsoft Doubles Down on Security Following Cyberattacks

The Department of Homeland Security is harnessing artificial intelligence, according to a memo by Secretary Alejandro Mayorkas explaining the department will use AI to keep Americans safe while implementing safeguards to ensure civil rights, privacy rights and the U.S. Constitution are not violated. The DHS appointed Eric Hysen as chief AI officer, moving him into the role from his previous post as CIO. “DHS must master this technology, applying it effectively and building a world class workforce that can reap the benefits of Al, while meeting the threats posed by adversaries that wield Al,” Mayorkas wrote. Continue reading DHS Moves to ‘Master’ AI While Keeping It Safe, Trustworthy

The White House has issued a warning about hackers attempting to disrupt the energy grid and other industrial control systems with “a Swiss Army knife” of custom-coded malicious software. A joint bulletin issued by the FBI, NSA, DHS and Energy Department cautioned businesses to be on the lookout for “advanced persistent threat actors,” or APTAs, a commonly used way to describe state-backed hackers. Specific reference was made to devices from Japanese electronics firm Omron and the French firm Schneider Electric, suppliers of industrial automation equipment. Continue reading Agencies Warn That Hackers Are Targeting Control Systems

The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

The federal Government Accountability Office (GAO) revealed that, out of 24 U.S. government agencies surveyed, 19 of them are using facial recognition, including the Department of Defense, the Department of Homeland Security (DHS) and numerous other smaller agencies. The GAO report added that as use of facial recognition “continues to expand … members of Congress, academics, and advocacy organizations have highlighted the importance of developing a comprehensive understanding of how it is used by federal agencies.” Continue reading Government Reveals U.S. Agencies Using Facial Recognition

The National Security Agency (NSA) discovered a vulnerability in versions of Windows and, instead of retaining it, reported it to Microsoft, which is now patching the flaw in its handling of certificate and cryptographic messaging functions. The vulnerability could have enabled attackers to use malicious code that would pretend to be legitimate software. Microsoft also warned all current users of Windows 7 Home Basic, Home Premium, Professional or Ultimate to upgrade immediately. Continue reading NSA Discovers Windows Vulnerability — and Tells Microsoft

Amazon is now working on delivering packages inside peoples’ homes and car trunks. The e-commerce giant is on the verge of inking a partnership with Phrame, a manufacturer of a product that fits around a license plate, with a secure box that holds the keys to the car. Users can unlock the box with their smartphone, and remotely grant access to a delivery person. Sources say that Amazon is also working on a smart doorbell device that would give its delivery drivers one-time access to a person’s home. Continue reading Amazon May Soon Deliver Packages Inside Homes and Cars