Is
DHS in charge of computer security or just patches?
DHS
Orders Agencies to Patch Critical Vulnerabilities Within 15 Days
The
U.S. Department of Homeland Security (DHS) this week issued a new
Binding Operational Directive (BOD) instructing federal agencies and
departments to act more quickly when it comes to patching serious
vulnerabilities in internet-exposed systems.
Specifically,
BOD
19-02 gives
government organizations 15 days to address critical vulnerabilities
and 30 days for high-severity flaws. The
countdown starts when a vulnerability was initially detected, rather
than when it was first reported to agencies. [Catch
22? Bob]
Internet-exposed
government systems undergo Cyber Hygiene scanning to help agencies
identify vulnerabilities. The recently created Cybersecurity
and Infrastructure Security Agency (CISA) provides
regular reports to agencies, informing them of the detected flaws,
classified based on their CVSSv2 score.
Worth
a try...
Plan
to secure internet of things with new law
Security
vulnerabilities that could be targeted by hackers have been found in
everything from toy
dolls to
internet-connected
ovens in
recent years.
The new laws
would mean such devices would have to come with unique passwords, for
example.
… The
proposed legislation, launched by Digital Minister Margot James,
would also introduce a new labelling system to tell customers how
secure an IOT product is.
Ms
James said it was part of the UK's bid to be a "global leader in
online safety".
Retailers
would eventually be barred from selling products without the labels
although initially the scheme would be voluntary.
To
gain a label and enter the market, IOT devices would have to:
- come with unique passwords by default
- state clearly for how long security updates would be made available
- offer a public point of contact to whom any cyber-security vulnerabilities may be disclosed
With
familiarity (of computer security best practices) comes contempt?
Local
Credit Union Sues Fiserv Over 'Amateurish Security Lapses'
Fiserv,
the leading bank core processor with 37% of the U.S. marketshare in
2018, is being sued by one of its own customers, the Bessemer System
Federal Credit Union.
Court
documents filed in a Mercer County, Pennsylvania court on April 26,
2019 show Bessemer claiming that, "Despite Fiserv's claimed
expertise, Fiserv has misreported Bessemer's account
records and information, while being plagued with security
vulnerabilities that affect the privacy of thousands of Bessemer's
members." It adds, "Bessemer's member information has been
subject to several instances of critical security vulnerabilities
while in Fiserv's custody – each based
on baffling and amateurish security lapses."
For
those of us who watch such things…
Which
CCPA Amendments Made the Cut?
(Related)
California
Assembly’s Privacy Committee Advances CCPA Employee Carve-Out
We
missed you at the seminar, Yasmin.
Utah
and Virginia are making moves on the privacy front.
We’ve
been hearing non-stop about California, and the CCPA but California
isn’t the only state advocating for privacy. If you haven’t
heard, Utah just banned digital searches without a warrant.
… A
Virginia Court recently held that Automated
License Plate Reader (ALPR)
systems
violated Virginia’s Government
Data Collection and Dissemination Practices Act (Data
Act).
Suspicions
confirmed, under oath.
We
Got U.S. Border Officials to Testify Under Oath. Here’s What We
Found Out.
In
September 2017, we, along with the Electronic Frontier Foundation,
sued
the
federal government for its warrantless and suspicionless searches of
phones and laptops at airports and other U.S. ports of entry.
The
government immediately tried to dismiss our case, arguing that the
First and Fourth Amendments do not protect against such searches.
But the court ruled
that
our clients — 10 U.S. citizens and one lawful permanent resident
whose phones and laptops were searched while returning to the United
States — could move forward with their claims.
Since
then, U.S. Customs and Border Protection and U.S. Immigration and
Customs Enforcement have had to turn over documents and evidence
about why and how they conduct warrantless and suspicionless searches
of electronic devices at the border. And their officials have had to
sit down with us to explain — under oath — their policies and
practices governing such warrantless searches.
What
we learned is alarming, and we’re now back in court with this new
evidence asking
the judge to
skip trial altogether and rule for our clients.
The
information
we
uncovered through our lawsuit shows that CBP and ICE are asserting
near-unfettered authority to search and seize travelers’ devices at
the border, for purposes far afield from the enforcement of
immigration and customs laws.
It’s
hard to keep tabs...
NSA
says warrantless searches of Americans’ data rose in 2018
The
data, published
Tuesday by
the Office of the Director of National Intelligence (ODNI), revealed
a 28% rise in the number of targeted search terms used to query
massive databases of collected Americans’ communications.
Some
9,637 warrantless search queries of the contents of Americans’
calls, text messages, emails and other communications were conducted
by the NSA during 2018, up from 7,512 searches on the year prior, the
report said.
The
figures also don’t take into account queries made
by the FBI or the Drug Enforcement Administration,
which also has access to the database, nor do they say exactly how
many Americans had their information collected.
Something to
cheer their lawyers?
Facebook
could have 4.9bn dead users by 2100, study finds
Deceased
may outnumber the living if current growth rates continue, raising
questions about what happens to our data
The
next level: “Pizza in 30 minutes, or it’s free!”
It's Not
Just Amazon: Free One-Day Delivery Is The New Normal
Amazon
may
have scored
points on Wall Street last
week with plans to invest $800 million so its Prime member
subscribers can receive merchandise in one day. But analysts aren’t
concerned the e-commerce giant’s brick-and-mortar competitors like
Walmart
and
Target,
with hefty online businesses themselves, have been caught off guard.
Delivery
is part of today’s heated skirmish for retail turf, and Amazon
simply just made its latest move.
In
response, Walmart, with its stock dipping 3% Friday, issued its own
news in a tweet,
while
taking a jab at Amazon.
“One-day
free shipping…without a membership fee. Now THAT would be
groundbreaking,” the company said, teasing plans to cut its free
two-day shipping (for purchases $35 and up) down to one, while making
a reference to Amazon’s annual $119 Prime membership.
… Target
… already offers free one-day shipping to its no-fee loyalty
REDcard holders. The benefit is for orders of at least $35, which
are placed by 7 p.m. on a weekday.
Interesting
perspective.
Mueller
Report Illustrates Trump’s Authoritarian Rhetorical Tactics
No comments:
Post a Comment