The Biden administration ordered federal agencies to patch roughly 300 cybersecurity vulnerabilities believed to expose government computer systems to potentially damaging intrusions. About 200 of the threats were discovered by cybersecurity experts between 2017 and 2020, while another 90 flaws were found in 2021. All are known to be used by malicious cyber actors, said Cybersecurity and Infrastructure Security Agency director Jen Easterly in a statement accompanying the directive. The agencies have been given two weeks to patch the 2021 threats and six months to fix the older defects. Continue reading Biden Administration Orders Agencies to Repair Cyber Flaws

Sundar Pichai, CEO of Google and its parent Alphabet, is urging the U.S. government to step up innovation and more actively police cyberthreats. In a year beset with security breaches attributed to Russian and Chinese hackers, Pichai says it’s time to draft a Geneva Convention for technology, outlining international legal standards, safeguards and behavioral norms for the connected age. Pichai also made an appeal for state-sponsored innovation in the face of competition from China, where the Communist Party under President Xi Jinping has outlined plans to advance artificial intelligence and develop a proprietary semiconductor sector. Continue reading Alphabet CEO Calls for Government Action in Tech Innovation

Payments flagged by U.S. banks as suspected ransomware in 2021 are on pace to nearly double those of 2020, according to reports filed with the Treasury Department. Almost $600 million in potential ransomware payments have been filed with the federal government from January through June, which is more than 40 percent more than the tally for full-year 2020. Reflecting the fact that governments worldwide describe cybercrime as a critical national security threat, the first International Cybersecurity Challenge is scheduled for Greece in June 2022, where 25 Americans aged 18 to 26 are set to compete. Continue reading U.S. Advances Cybersecurity Steps as Ransomware Doubles

The U.S. Department of Justice has formed the National Cryptocurrency Enforcement Team (NCET) to investigate the use of cryptocurrency for criminal purposes. The new unit will examine cases involving virtual currency exchanges and money laundering. Members will also investigate so-called “mixing and tumbling” services, which involve charging a fee to send cryptocurrency to an address while obscuring the source of funds. The group, which include experts from the offices of U.S. Attorneys, will also work on tracing and recovery of assets lost to fraud, hacking or ransomware extortion. Continue reading Department of Justice Launches a Cryptocurrency Crime Unit

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

China passed the Personal Information Protection Law (PIPL) for data privacy, to take effect November 1 of this year. The law is similar to the European Union’s General Data Protection Regulation (GDPR) and includes a requirement for organizations and individuals to minimize data collection of Chinese citizen’s personal data and obtain prior consent. Unlike the GDPR, however, the Chinese law is not expected to limit state surveillance or access to such data, though it could apply to lower-level government agencies. Continue reading China’s New Data Privacy Law Targets Big Tech Companies

The Cyberspace Administration of China, an agency set up by President Xi Jinping that reports to a leadership group he chairs, increased interagency oversight of companies traded in the United States and elsewhere overseas. The agency also will harden rules related to domestic companies listed on foreign stock exchanges and better coordinate various regulators. That lack of coordination was apparent in DiDi Global’s IPO last month, which was supported by financial regulators but tagged by the country’s cybersecurity regulator. Continue reading China Cyberspace Agency Tightens Rules on Foreign Listings

The Defense Department stated that the contract for the Joint Enterprise Defense Infrastructure (JEDI) project “no longer meets its needs,” canceling a highly contentious $10 billion cloud computing contract awarded to Microsoft. In January, the department warned Congress that it would do so if a federal court agreed to hear whether former President Trump used his influence to award the contract to Microsoft over its rival Amazon. Such a suit, it pointed out, would result in a lengthy court cost and unacceptable delays. Instead, the Pentagon announced a new cloud program. Continue reading Pentagon Cancels JEDI Contract, Reveals New Cloud Initiative

In Hong Kong, the Constitutional and Mainland Affairs Bureau is slated to enact data protection laws against doxing — making personal information public to enable harassment — which was used during the 2019 protests. Facebook, Alphabet’s Google and Twitter privately warned authorities that the new rules could put their staff at risk of criminal prosecutions, and if enacted, they may shut down their services. Punishment would be a fine of up to 1 million Hong Kong dollars (U.S. $128,800) and up to five years in prison. Continue reading Hong Kong Laws Could Drive Out Facebook, Twitter, Google

Software company Kaseya was targeted by a cyberattack starting Friday that has since spread to hundreds of mainly small and medium-size businesses. On Monday, Kaseya chief executive Fred Voccola reported to Anne Neuberger, the deputy national security advisor for cyber and emerging technology, that the attackers demanded a $70 million ransomware payment and that his company wasn’t aware of any breach of critical infrastructure impacting national security. According to experts, the attackers may be members of REvil, a Russian cybercriminal group. Continue reading Massive Ransomware Attack Affects Hundreds of Businesses

Privately-held startup ByteDance, owner of TikTok, reported that its revenue more than doubled to $34.3 billion last year, rising 111 percent from a year ago while gross profit rose 93 percent to $19 billion. As of December 2020, ByteDance — which also runs Douyin, the domestic Chinese version of TikTok, and Jinri Toutiao, a news aggregation app — had about 1.9 billion monthly active users on all its platforms. Due to share-based compensation to workers, the company had a $2.1 billion operating loss last year. Continue reading ByteDance Revenue, Profit Leap in 2020 But No IPO in Sight

President Biden revoked former President Trump’s executive order banning social-networking services TikTok and WeChat — developed by Chinese companies ByteDance and Tencent Holdings, respectively — but didn’t let Chinese companies off the hook. Instead, he replaced the previous order with another that establishes a broader review of the potential security risks found in numerous foreign-controlled apps. Biden officials said the new order would create “clear intelligible criteria” to evaluate those risks. Trump’s executive order was immediately challenged in court, and Biden’s move, said analysts, is intended to withstand such a test. Continue reading Biden Introduces Broader Review of Foreign-Controlled Apps

The FBI is investigating 100 ransomware variants, stated director Christopher Wray, who revealed that many of them trace back to Russian hackers. He noted that the cyberattacks share “a lot of parallels … a lot of importance, and a lot of focus by us on disruption and prevention” with the September 11 terrorist attacks. Most recently, a ransomware attack on Colonial Pipeline cost its operators $4.4 million to regain control and restore services (however, federal authorities recovered $2.3 million in cryptocurrency yesterday). Another attack targeted JBS, the world’s largest meat processing company.  Continue reading FBI Director Raises Alarm Over Ransomware Threats to U.S.

The Facebook and Instagram accounts of Donald Trump will remain indefinitely suspended. Facebook’s independent Oversight Board, launched in October 2020, ruled this morning to uphold the social media giant’s January decision to suspend the accounts of then-President Trump in the wake of the U.S. Capitol insurrection. However, suggesting that an indefinite suspension “was not appropriate,” the Board “insists” that Facebook review the matter within six months, “to determine and justify a proportionate response that is consistent with the rules that are applied to other users of its platform.” Continue reading Facebook Oversight Board Upholds Ban on Trump Accounts

The European Union issued a 108-page policy that establishes rules to govern the use of artificial intelligence, setting limits on its use in everything from bank lending and school enrollment to self-driving cars and hiring decisions. Use of artificial intelligence by law enforcement and court systems, considered “high risk” because of the potential to threaten safety and fundamental rights, is also regulated. Live facial recognition in public spaces would be banned except in cases of national security “and other purposes.” Continue reading EU Releases Its Draft Policy to Regulate Artificial Intelligence