19 Aug 2019

Trump Administration Moves To Reauthorize NSA’s Controversial Spying Program

Privacy advocates are sounding the alarm over a move by the Trump administration to reauthorize a highly controversial National Security Agency (NSA) program for collecting domestic calls and text messages. The program was established in 2001 under the Patriot Act to collect metadata on electric communications that could in theory

Read More
14 Aug 2019

Energy Department Never Blacklists Risky Nuclear Tech Vendors, GAO Says

Even though the US Secretary of Energy has the authority to ban nuclear tech vendors that “present a significant supply chain risk,” the Energy Department has not blacklisted a single risky vendor since it was granted this authority by Congress in 2013. An audit by the Government Accountability Office (GAO)

Read More
14 Aug 2019

Federal Ban on Chinese Telecom Equipment Takes Effect

The United States officially prohibited federal agencies from purchasing telecommunications and surveillance equipment manufactured by Huawei and four other Chinese companies on Tuesday. The ban, which realizes various provisions of the 2019 National Defense Administration Act, was introduced out of security concerns over the potential of cyber espionage by Chinese

Read More
01 Aug 2019

Cisco to pay $8.6 million for selling vulnerable software to US government

After a former Cisco contractor informed Cisco about a number of serious security flaws in its video surveillance software in 2008, the company failed to address the issues for years but simply continued to sell the vulnerable solution to US government agencies and other customers across the globe. The flaws

Read More
31 Jul 2019

State and local governments urged to beef up ransomware defense

State and local governments need to bolster their cybersecurity defenses in order to weather the ransomware storm that is currently sweeping across the United States, four government organizations warned in a joint statement[pdf] released earlier this week. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the National

Read More
30 Jul 2019

LAPD Data Breach Exposes Personal Info of Roughly 2.5K Officers

A recent data breach at the Los Angeles Police Department (LAPD) impacts around 2,500 LAPD officers as well as about 17,500 police officer applicants. The exposed data likely includes names, email addresses, passwords, and birth dates. The LAPD and the City of Los Angeles are investigating the breach, which was discovered

Read More
30 Jul 2019

Ransomware infection takes some police car laptops offline in Georgia

The Georgia Department of Public Safety (DPS) is the latest addition to the already disturbingly long list of US government entities that have fallen victim to a ransomware attack in the past year. The DPS network was infected with ransomware on 26 July, forcing the agency to take all IT

Read More
29 Jul 2019

New York updates its breach notification law in response to Equifax, GDPR

From March 2020, New York state legislation will require organizations to notify people whose email address was compromised in a data breach together with authentication credentials (password and/or security questions and answers) “in the most expedient time possible and without unreasonable delay,” which in practice means within 30 days. The

Read More
26 Jul 2019

Ransomware Attacks Prompt Louisiana to Declare State of Emergency

A recent string of ransomware attacks on school districts in Louisiana has prompted Governor John Edwards to declare a state of emergency over the cyber threat. Under the declaration, local governments can request assistance from cybersecurity experts from various state agencies. According to a statement by Edwards’ office, ransomware attacks

Read More
26 Jul 2019

Johannesburg Ransomware Attack Leaves Residents in the Dark

A Thursday incident in Johannesburg, South Africa that left some residents without power serves as a grave reminder of the destructive potential of ransomware. City Power, a local pay-as-you-go power provider owned by the city, had its network infected with file-encrypting malware that rendered many of its services unavailable. Johannesburg

Read More