Government News, Articles and Updates

University of Texas MD Anderson Cancer Center was fined $4.3M for data breaches

The center was fined $4.3 million by the Department of Health and Human Services Office Civil Rights (OCR) for a series of breaches which resulted in the loss of 33,000 patient records.

ACLU to deliver petition requesting Amazon stop selling surveillance technology to the government

The American Civil Liberties Union and other advocacy groups are delivering their petition to Amazon's Seattle headquarters today requesting that it stop selling surveillance technology to the government.

Reset 2018: Stuxnet - the prototype for industrial control attacks

The keynote speaker at yesterday's Reset 2018 was Kim Zetter, an investigative journalist and author of an acclaimed book on Stuxnet (Countdown to Zero Day: Stuxnet and the launch of the world's first digital weapon).

Virginia Department of Environmental Quality website hacked

The incident was reported on May 22 after the intrusion was "detected and contained quickly."

U.S. counterspy warns World Cup travelers to leave electronics stateside

American's traveling to Russia for the World Cup games have been advised to leave their personal electronic devices stateside.

European authorities fine Yahoo! And Optical Center

European authorities are already cracking down on firm's improperly securing customer data from before GRPR went into effect.

Cybercrime-fighting dogs to the rescue

In addition to sniffing out drugs, bombs, and other weapons, police are training their canine units to assist in fighting cybercrime by sniffing out hidden electronic devices.

Russia possibly live testing cyberattacks says former GCHQ chief Hannigan

Former GCHQ chief Robert Hannigan told attendees at InfoSec Europe that Russia may well be live testing cyberattacks hinting that even the recent VPNFilter backdoor that affecting 500,000 routers worldwide may have been one such experiment.

DHS documents 'only a matter of time' until airline hack

The statement came from a Department of Energy government research laboratory focusing on the lab's findings around aviation cybersecurity and was included in government internal presentations and risk assessments.

Reports: U.S. must step up efforts to cultivate cyber workforce, as talent shortage persists

Efforts within the U.S. to grow its public- and private-sector cybersecurity workforce and overcome the current talent shortage in this space are in need of "immediate and sustained improvements," according to a newly issued government report.

States gearing up for 2018 elections by requesting Federal cybersecurity funding

The U.S Election Assistance Commission (EAC) announced that 26 states have requested $209,638,865, or 55 percent of the allocated $380 million for Help American Vote Act (HAVA) funds.

State elections systems still hackable, report

Recent data breaches, vulnerable voting machines, inconsistent security practices a complex decentralized election system provide several attack vectors for attackers looking to influence elections.

Europol forms new Dark Web Team to combat online criminal marketplaces

Europol this week announced the formation of a "Dark Web Team" specifically dedicated to investigating and shutting down underground internet marketplaces, with the assistance of law enforcement agencies and operational third-party partners throughout the European Union.

Mobile users ignore shady app permissions at their own risk, warns NY State Cyber Command

Mobile users who download untrustworthy apps on their phone often agree to dangerous permissions requests that give attackers essentially unfettered access to their devices' data and functions -- as demonstrated yesterday by two New York State Cyber Command employees at SC Media's RiskSec NY 2018 conference.

$1.2B worth of crypto stolen since 2017, GDPR could hinder cybercrime research

Cybercriminals managed to steal $1.2 billion in cryptocurrency in reported and unreported theft since 2017 as some researchers fear new data privacy laws may negatively impact cybercrime studies.

Sun Team's RedDawn campaign targets North Korean defectors and journalist

The second campaign from the "Sun Team" hacking group managed to sneak its way into the Google Play Store that actively targeted North Korean defectors.

DHS, DoT team up to secure federal vehicle fleets

The DHS Science and Technology Directorate (S&T) and the DoT's Volpe Center have collaborated to develop a tool to assist fleet managers to achieve this goal by designing telematics to collect and utilize data concerning fuel consumption, emissions, maintenance, idling, speed and location data.

President Trump reverses position on ZTE ban despite security warnings, House committee rebukes

The Trump administration is working to lift sanctions on the Chinese telecommunications giant ZTE despite top intelligence officials' warnings that the company poses a security risk to the U.S.

Man behind Scan4you service convicted

Ruslans Bondars, 37, a of the former USSR who had been residing in Riga, Latvia, Wednesday was convicted of one count of conspiracy to violate the Computer Fraud and Abuse Act, one count of conspiracy to commit wire fraud, and one count of computer intrusion with intent to cause damage and aiding and abetting.

Kaspersky Lab to set up shop in Switzerland amid Kremlin concerns

The firm is moving a number of its core processes from Russia to Switzerland as part of its Global Transparency connections.

Third-party software vulnerability results in Mexican bank heist scoring millions

Mexican authorities are investigating suspect a bank hack that siphoned hundreds of millions of pesos out of at least five banks.

Google assures users it's ready for GDPR

Google announced its plans detailing how it will handle customer data to comply with GDPR requirements after May 25.

NIS Directive comes into force to boost infrastructure cyber-security

The Security of Network Information Systems (NIS) Directive, which aims to ensure that critical infrastructure is protected from cyber-attacks and computer network failure, has come into force today with fines for non-compliance.

Encrypted communications lure cybercriminals from dark web to Telegram app

Cybercriminals are branching out from the dark web and into encrypted messaging apps to conduct their nefarious deeds.

Cryptojacking campaign hits 400 Drupal-based sites, many run by governments and universities

Nearly 400 websites running outdated and vulnerable versions of the Drupal content management system, many affiliated with governments and educational institutions, were recently discovered to be running cryptomining programs without their operators' knowledge.

Cybercrime losses exceed $1.4B in 2017

Two of the top three crimes, non-payment/non-delivery, and personal data breaches were also in the top spot in 2016 while phishing beat out 419/overpayment scams which dropped to fourth place in 2017, affecting only 23,135 victims compared to the 25,716 victims in 2016.

Trump administration looking to rescind cyberwarfare approval process

The Trump administration is reportedly looking to rescind Presidential Policy Directive 20 an important policy memorandum that currently guides the approval process for government-backed cyberattacks

SC Video: GDPR could expose smaller players to a high liability, says NS8's Adam Rogas

NS8's Adam Rogas discusses how GDPR can impact smaller businesses regardless of where they are in the data chain of custody.

Delaware data breach resource site goes live

The state of Delaware launched a website to assist in the compliance of the state's updated data breach laws.

Massachusetts Senate passes data breach bill regulating consumer reporting agencies

By a 38-0 margin, the Massachusetts Senate last week unanimously passed S.2455, a bill that affords consumers enhanced protections in the event of a breach affecting a consumer reporting agency such as Equifax.