| Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ... THE BIG STORIES: -- DEMS SOUND ALARM ABOUT 'INCREDIBLE' EAVESDROPPING THREAT: Three top House Democrats on Thursday called on the Federal Communications Commission (FCC), which monitors the nation's airwaves, to crack down on the use of unauthorized eavesdropping devices. The devices can track a user's location data through their mobile phones as well as intercept cellphone calls and messages. The Department of Homeland Security (DHS) recently acknowledged for the first time that foreign actors or other criminals are using unauthorized cell-site simulators, also known as "stingrays," in Washington. The department made the disclosure last week in a letter to Sen. Ron Wyden (D-Ore.) that The Hill obtained on Tuesday. "[I]t appears that these cell-site simulators could be gathering intelligence on unwitting Americans on behalf of foreign governments. If these reports are true, it marks an incredible security vulnerability in the seat of the Federal government," wrote the three Democrats, who serve as ranking members on three separate congressional committees. "The FCC, however, has the ability to take action to protect Americans from this type of foreign government surveillance. As the agency in charge of managing the commercial airwaves, the FCC has the statutory power to stop the illicit use of cell-site simulators," they continued. While DHS in their letter noted that the use of IMSI catchers by foreign governments poses a security risk to the U.S., it said the National Protection and Programs Directorate (NPPD) has not "validated or attributed such activity to specific entities or devices." It remains unclear whether the discovered eavesdropping devices could've also been used by U.S. people to spy on fellow U.S. citizens. Rep. Eliot Engel (D-N.Y.) of the House Foreign Affairs Committee, Rep. Frank Pallone Jr. (D-N.J.) of the House Energy and Commerce Committee and Rep. Bennie Thompson (D-Miss.) of the House Homeland Security Committee all signed onto the letter to FCC Chairman Ajit Pai. To read more from our piece, click here. --ANOTHER BREACH: In the latest in a string of high-profile cyber incidents, hackers breached a third-party company to gain access to credit card information belonging to customers of Sears and Delta Air Lines. Sears said that the breach affected less than 100,000 of its customers and that hackers likely accessed credit card information belonging to customers who made online purchases at Sears and Kmart stores between late September and October of last year. Separately, Delta in a statement said that payment information on a "small subset" of its customers may have been improperly accessed in the same time frame, though the company did not provide an estimate of the number impacted. Delta also emphasized that it "cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised." The breach originated at an online support services company called [24]7.ai, which said late Wednesday that the data security incident impacted online customer information for "a small number" of its client companies. The breach occurred between Sept. 16 and Oct. 12, at which point it was "discovered and contained," the company said. Sears said that it was notified of the breach by [24]7.ai in mid-March, and immediately notified credit card companies to mitigate potential fraud. "We believe the credit card information for certain customers who transacted online between September 27, 2017 and October 12, 2017 may have been compromised. Customers using a Sears-branded credit card were not impacted," Sears said in a statement. "In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible." All three companies said they have been working with law enforcement to investigate the incident. To read more from our piece, click here. --MORE RUSSIA SANCTIONS COMING: The Trump administration is expected to soon unveil new sanctions on Russian oligarchs under a law passed by Congress last year to punish Moscow for interfering in the 2016 presidential election. Reuters reported Wednesday evening that the sanctions could be announced as soon as Thursday--though as of Thursday afternoon, the administration had not announced any new penalties. The sanctions would be levied under the Countering America's Adversaries Through Sanctions Act (CAATSA), passed last year to penalize Russia for election meddling and other destabilizing activities. The new sanctions will reportedly target Russian oligarchs, including those with ties to Russian President Vladimir Putin and the Kremlin. The move would follow the Trump administration's decision last month to unveil sanctions on Russia for cyberattacks and election interference, under pressure from lawmakers. Treasury Secretary Steven Mnuchin has said repeatedly that the Treasury Department would sanction Russian oligarchs under the law. A CONGRESSIONAL UPDATE: ANOTHER ZUCKERBERG HEARING: Facebook founder and CEO Mark Zuckerberg is set to testify in a joint hearing before the Senate Judiciary and Commerce committees on April 10. Zuckerberg is also set to testify with House Energy and Commerce Committee on April 11 to answer questions about the improper gathering of the data of nearly 90 million Facebook users by a British data firm during the 2016 presidential campaign. The second hearing was announced late Wednesday. What Congress wants to know: Lawmakers have questioned why Facebook let third parties collect data on its users without their express consent and why Facebook didn't take stronger action to ensure that Cambridge Analytica deleted the improperly collected user data. The scope of the problem: It was previously estimated that the British research firm hired by the Trump campaign had improperly harvested data from about 50 million Facebook users, but new estimates on Wednesday revealed that about 87 million users had data taken. Facebook also said Wednesday that "most" of the platform's users have likely had their public profiles scraped by malicious actors that exploit its search and account discovery feature--an issue the company said it is working to address. To read the rest of our piece, click here. A REPORT IN FOCUS: New research from security company Digital Shadows says that 1.5 billion files have been exposed on the web as a result of misconfigured servers and cloud and file sharing services. More than 12,000 terabytes of data has been exposed as a result of misconfigured Amazon S3 buckets, websites, NAS drives, FTP servers, and other services--an amount over four thousand times larger than the "Panama Papers" leak, the report issued Thursday notes. The United States is the country with the most impacted files, numbering 239,607,590. The files include highly sensitive information--from credit card details to medical data to information on intellectual property. The company conducted the research over a three-month period beginning in January. "While we often hyper-focus on responding to adversaries conducting intrusions into our environments and silently exfiltrating our data, we aren't focusing on our external digital footprints and the data that is already publicly-available via misconfigured cloud storage, file exchange protocols, and file sharing services," the report says. To read more from the report, click here. A LIGHTER CLICK: New tech services are helping drivers fight parking tickets. (Recode) WHO'S IN THE SPOTLIGHT: AMAZON: The Trump administration is considering whether to award Amazon a multibillion-dollar defense contract even as President Trump takes public shots at the company. Over the past week, Trump has repeatedly derided Amazon on Twitter, with reports suggesting the president is aiming to damage the e-commerce giant and its owner, Jeff Bezos. The company's stock has tumbled as a result. "I have stated my concerns with Amazon long before the Election. Unlike others, they pay little or no taxes to state & local governments, use our Postal System as their Delivery Boy (causing tremendous loss to the U.S.), and are putting many thousands of retailers out of business!" Trump tweeted last week. Even as the president hammers Amazon, federal defense officials are widely seen as likely to award the company a multibillion-dollar cloud computing contract early next month. The Department of Defense (DOD) is finalizing the details of the contract during a public comment period, but has signaled that it will ask a single source to develop a new department-wide cloud computing system. Amazon's rivals and critics say that the Pentagon is likely to award the Seattle-based company the contract and argue that the process has been biased toward the company. The DOD rejects those allegations, saying that no company has received special treatment. "We want the best solution for the department. We have no favorites," Timothy Van Name, the deputy director of the Defense Digital Service, said in March. It's not clear how much attention Trump has given to the Pentagon contract, but he appears to at least be aware of it. Bloomberg reported Wednesday that Safra Catz, the co-chief executive of Oracle, complained to Trump about the bidding process during a private dinner Tuesday evening. Oracle is also competing for the deal. Trump did not suggest to Catz that he would intervene, according to Bloomberg. During a White House press briefing on Wednesday, White House press secretary Sarah Huckabee Sanders said Trump noted that Defense Department contracting is done independently of the White House. "The president is not involved in the process. The DOD runs a competitive bidding process," she said. To read more from our piece, click here. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Microsoft rolls out new ransomware protections. (The Hill) Kremlin labels Facebook's removal of Russian media accounts a hostile move. (The Hill) OP-ED: Overwhelmed by data, it's time for Congress to have a digital support team. (The Hill) The cyberattack that impacted at least four natural gas pipeline companies is now targeting the utility industry. (Bloomberg) New report details high-risk areas that can cause an organization's data to become exposed. (Varonis) Federal CIO Suzette Kent wants to 'turbo boost' the IT modernization plan. (FedScoop) Estonia's president is pushing for more government action on cybersecurity. (Wall Street Journal) Trend Micro is out with a new report on cyber threats to the healthcare sector. (Trend Micro) If you'd like to receive our newsletter in your inbox, please sign up here. | 
沒有留言:
張貼留言