27-01-202129-01-2021

Security daily (28-01-2021)

Verified episode 3: In conversation with Noopur Davis from Comcast

2020 emphasized the value of staying connected with our customers. On that front, I’m proud to bring you the third episode of our new video series, Verified. The series showcases conversations with security leaders discussing trends and lessons learned in cybersecurity, privacy, and the cloud. In episode three, I’m talking to Noopur Davis, Executive Vice […] (AWS Security Blog)

Watchdog suggests State Department should have used 'evidence' to explain new cyber bureau

Government auditors concluded in a withering, deadpan report Thursday that the State Department should have used “data and evidence to justify its proposal” to establish a new cyber-focused bureau. Just before the Trump administration wound down, the State Department said it would create a Bureau of Cyberspace Security and Emerging Technologies, drawing fire from the chairman of the House Foreign Affairs Committee, Rep. Gregory Meeks, D-N.Y., who said he agreed that State needed a cyber bureau but that its last-minute proposal was “ill-suited” for the job. The Government Accountability Office reviewed the Jan. 7 proposal, and found that State “has not demonstrated that it used data and evidence to support its proposal, particularly for the bureau’s focus and organizational placement.” “Without developing evidence to support its proposal for the new bureau, State lacks needed assurance that the proposal will effectively set priorities and allocate appropriate resources for the bureau to […] The post Watchdog suggests State Department should have used 'evidence' to explain new cyber bureau appeared first on CyberScoop. (CyberScoop)

The NSA has a new interim cybersecurity director

Dave Luber is serving as the National Security Agency’s cybersecurity director in an interim manner as the agency transitions in new leadership in the Biden administration, CyberScoop has learned. The Biden administration this month tapped the most recent director, Anne Neuberger, to join the White House National Security Council. And while the NSA Cybersecurity Directorate recently selected Rob Joyce, the NSA’s top intelligence liaison in the U.K., to take on the role as NSA cybersecurity director, he has not yet taken up the reins. Luber, a longtime NSA and Cyber Command employee, previously served as the executive director of Cyber Command, the Department of Defense’s offensive and defensive cyber-operations arm. In that role, as the third-in-command and highest-ranking civilian post at Cyber Command, Luber led approximately 12,000 personnel, including those who work to defend Pentagon networks from intruders and those who run military cyber-operations in support of the U.S. military’s […] The post The NSA has a new interim cybersecurity director appeared first on CyberScoop. (CyberScoop)

ProtonMail, Tutanota among authors of letter urging EU to reconsider encryption rules

Encrypted service providers are urging lawmakers to back away from a controversial plan that critics say would undercut effective data protection measures. ProtonMail, Threema, Tresorit and Tutanota — all European companies that offer some form of encrypted services — issued a joint statement this week declaring that a resolution the European Council adopted on Dec. 14 is ill-advised. That measure calls for “security through encryption and security despite encryption,” which technologists have interpreted as a threat to end-to-end encryption. In recent months governments around the world, including the U.S., U.K., Australia, New Zealand, Canada, India and Japan, have been reigniting conversations about law enforcement officials’ interest in bypassing encryption, as they have sporadically done for years. In a letter that will be sent to council members on Thursday, the authors write that the council’s stated goal of endorsing encryption, and the council’s argument that law enforcement authorities must rely on […] The post ProtonMail, Tutanota among authors of letter urging EU to reconsider encryption rules appeared first on CyberScoop. (CyberScoop)

Cybersecurity tips for university students

An informal survey of 15 students suggested that most were unconcerned about cybersecurity. Don't be one of them! (Naked Security)

S3 Ep17: Facemasks, hidden ads and paranormal hacking [Podcast]

Latest podcast - listen now! And don't forget to leave us a review if you like us... (Naked Security)

$2.3 Million Settlement Reached With Citrix Over Data Breach

(News ≈ Packet Storm)

TikTok Vulnerability Left Users' Private Information Exposed

(News ≈ Packet Storm)

2019 Stack Overflow Hack Guided By Advice On Stack Overflow

(News ≈ Packet Storm)

New Social Media Site Pillowfort Is Riddled With Basic Bugs

(News ≈ Packet Storm)

Rocke Group’s Malware Now Has Worm Capabilities

The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics. (Threatpost)

Utah Ponders Making Online ‘Catfishing’ a Crime

Pretending to be someone else online could become a criminal offense, setting a precedent for other states to follow. (Threatpost)

LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages

A phishing kit has been found running on at least 700 domains - and mimicking services via false SharePoint, OneDrive and Office 365 login portals. (Threatpost)

Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball

A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack. (Threatpost)

27-01-202129-01-2021

/security-daily/ 29-01-2021 23:44:23