Category: cybersecurity

Auto Added by WPeMatico

Attacks on Managed Service Providers Expected to Increase

Posted on By infossl
advanced persistent threats, cybersecurity, infrastructure, national security policy, Security technology, Uncategorized

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the Russian SVR, and a blueprint … Read More “Attacks on Managed Service Providers Expected to Increase” »

Corporate Involvement in International Cybersecurity Treaties

Posted on By infossl
cybersecurity, national security policy, Security technology, Uncategorized

The Paris Call for Trust and Stability in Cyberspace is an initiative launched by French President Emmanuel Macron during the 2018 UNESCO’s Internet Governance Forum. It’s an attempt by the world’s governments to come together and create a set of international norms and standards for a reliable, trustworthy, safe, and secure Internet. It’s not an … Read More “Corporate Involvement in International Cybersecurity Treaties” »

US Critical Infrastructure Companies Will Have to Report When They Are Hacked

Posted on By infossl
cyberattack, cyberespionage, cybersecurity, defense, espionage, hacking, infrastructure, laws, ransomware, Security technology, Uncategorized

This will be law soon: Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress. […] The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President … Read More “US Critical Infrastructure Companies Will Have to Report When They Are Hacked” »

Details of an NSA Hacking Operation

Posted on By infossl
cybersecurity, doxing, hacking, nsa, russia, Security technology, Uncategorized

Pangu Lab in China just published a report of a hacking operation by the Equation Group (aka the NSA). It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers (aka some Russian group). …the scope of victims exceeded 287 targets in 45 countries, including … Read More “Details of an NSA Hacking Operation” »

Insurance Coverage for NotPetya Losses

Posted on By infossl
cyberattack, cybersecurity, economics of security, insurance, russia, Security technology, ukraine, Uncategorized

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck’s insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge “did the right thing for the wrong reasons..” Powered by WPeMatico

A New Cybersecurity “Social Contract”

Posted on By infossl
cybersecurity, national security policy, public interest, Security technology, Uncategorized

The US National Cyber Director Chris Inglis wrote an essay outlining a new social contract for the cyber age: The United States needs a new social contract for the digital age — one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations for each. Such a shift … Read More “A New Cybersecurity “Social Contract”” »

Me on App Store Monopolies and Security

Posted on By infossl
apple, cybersecurity, laws, monoculture, privacy, Security technology, Uncategorized

There are two bills working their way through Congress that would force companies like Apple to allow competitive app stores. Apple hates this, since it would break its monopoly, and it’s making a variety of security arguments to bolster its argument. I have written a rebuttal: I would like to address some of the unfounded … Read More “Me on App Store Monopolies and Security” »

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Posted on By infossl
child pornography, children, crypto wars, cybersecurity, encryption, marketing, privacy, propaganda, Security technology, Uncategorized

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Presumably they’ll lean heavily on the “think of the children!” rhetoric we’re seeing in this current wave of the crypto wars. The technical eavesdropping mechanisms have shifted to client-side scanning, which won’t actually help … Read More “UK Government to Launch PR Campaign Undermining End-to-End Encryption” »

Google Shuts Down Glupteba Botnet, Sues Operators

Posted on By infossl
bitcoin, blockchain, botnets, cybersecurity, google, Security technology, Uncategorized

Google took steps to shut down the Glupteba botnet, at least for now. (The botnet uses the bitcoin blockchain as a backup command-and-control mechanism, making it hard to get rid of it permanently.) So Google is also suing the botnet’s operators. It’s an interesting strategy. Let’s see if it’s successful. Powered by WPeMatico