{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


linkedin facebook twitter instagram
Executives from the largest voting equipment vendors in the country say they will be happy to open up about their security practices....just as soon as it becomes law. Intrusion Truth ties a computer security professor to APT40. And Dixons Carphone skirts a big fine. This is CyberScoop for Friday, January 10.

Voting vendors open to security reporting requirements

The country’s three largest voting equipment vendors told lawmakers Thursday they would support any new federal law requiring them to report data breaches, and detail their incident response and supply chain practices to U.S. authorities. Executives from Dominion Voting Systems, ES&S, and Hart InterCivic all answered in the affirmative when asked by Rep. Zoe Lofgren, D-Calif., if they would support the provisions in the SAFE Act, which passed the House last June but has lingered in the Senate. There are currently no mandatory reporting laws for security incidents at voting equipment vendors. The voting equipment vendors have gradually opened up their security practices to outside scrutiny after election security became a national issue following Russia’s interference in the 2016 election. Watch the testimony.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

More on Intrusion Truth

The anonymous group that published a blog post yesterday alleging Chinese technology companies in the Hainan province were recruiting potential state-sponsored hackers had another update Friday. This time, Intrusion Truth accused an academic, Gu Jian, a computer science specialist at Hainan University, of serving as a point of contact for the tech companies detailed Thursday, and working on the state’s behalf to identify new hacking techniques. Meanwhile, security researchers from Kaspersky and FireEye suggested that the front companies detailed by Intrusion Truth are working on behalf of APT40. That’s a Chinese espionage group suspected in breaches at the U.S. military and elsewhere. Jeff Stone has the story.

A U.K. tech retailer was lucky to be breached when it was

Malicious software lurking inside point-of-sale systems at Dixons Carphone stores from July 2017 through April 2018 collected payment card data of 5.6 million people. Attackers accessed personal information including names, email addresses and details about failed credit checks on some 14 million thanks to weaknesses in the $10.5 billion retailer’s networks. The U.K.’s Information Commissioner’s Office fined the company £500,000 ($653,000) for the incident, the highest penalty authorized under the U.K.’s 1988 Data Protection Act. The incident occurred just before the EU started enforcing the General Data Protection Regulation and, the ICO’s top investigator openly suggested the penalty would have hurt much more if they could use that landmark data protection law. Jeff has the news.

Lots of smoke, no fire

Washington, D.C. officials said Thursday that the city has not detected any increase in network activity from Iran, one week after one of the Islamic Republic’s top generals was killed in a U.S. airstrike, setting off a round of alarms about Iranian cyber capabilities. After coordination with federal, state and local authorities, officials have determined potentially malicious activity from Iran aimed at Washington has not changed in recent days, Chief Technology Officer Lindsey Parker told StateScoop. On average, Parker said, the city’s network receives about 120,000 pings per day from Iranian IP addresses, a figure that has not moved, despite reports of spikes in other places, like Texas and Utah. Benjamin Freed covered it at StateScoop.

Clickless exploits have arrived

Software exploits that don’t require a victim to click to be infected are an emerging frontier in security research. Samuel Gross, a researcher with Google’s Project Zero, on Thursday showed how, armed only with a target’s Apple ID, he could remotely compromise an iPhone within minutes to steal passwords, text messages and emails, then activate the camera and microphone. The attack exploited a vulnerability that Apple patched back in August, but it shows how “small design decisions can have significant security consequences,” Gross said. Clickless exploits are anything but hypothetical: Facebook has sued surveillance vendor NSO Group for allegedly developing and deploying one such exploit on WhatsApp users (a charge NSO Group denies). Sean Lyngaas broke it down.

Tax scammer heads to the slammer

A St. Louis, Mo., man was sentenced to prison for using hacked information to file fraudulent tax return claims, the Department of Justice announced Thursday. The man, Babatunde Olusegun Taiwo, along with a co-conspirator, used information from a data breach at a payroll company that exposed the information of hundreds of individuals in order to file more than 2,000 claims worth more than $12 million in refunds. Taiwo is slated to serve four years, a little less than his co-conspirator, who was previously sentenced to nearly seven years. Read the announcement.

Tweet Of The Day


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}