Investigators probing a massive hack of the U.S. government and businesses say they have found concrete evidence the suspected Russian espionage operation went far beyond the compromise of the small software vendor publicly linked to the attack. From a report: Close to a third of the victims didn’t run the SolarWinds software initially considered the main avenue of attack for the…
Tag: Homeland Security
After the Riot, the US Capitol’s IT Staff Faces ‘a Security Mess’
After Wednesday’s invasion by protesters, America’s Capitol building is now grappling with “the process of securing the offices and digital systems after hundreds of people had unprecedented access to them,” writes Wired. Long-time Slashdot reader SonicSpike shares their report: Rioters could have bugged congressional offices, exfiltrated data from unlocked computers, or installed malware on exposed devices. In the rush to evacuate…
Sealed US Court Records Exposed In SolarWinds Breach
An anonymous reader quotes a report from Krebs On Security: The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The…
Is the US Government’s Cybersecurity Agency Up to the Job?
CNN reports that some critics are now questioning whether America’s Cybersecurity and Infrastructure Security Agency (CISA) is equipped to protect the integrity of government systems from adversaries: Some of the nearly half-dozen government agencies affected by the hack have recently reached out to CISA for help with addressing the known vulnerabilities that were exploited in the attack but were told the…
DHS Is Looking Into Backdoors In Smart TVs By China’s TCL
chicksdaddy shares a report from The Security Ledger: The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company “back door” access to deployed sets, The Security…
How Do US Government Agencies Verify Security Software from Private Contractors?
A recent article at Politico argues that the U.S. government “doesn’t do much to verify the security of software from private contractors. And that’s how suspected Russian hackers got in.” The federal government conducts only cursory security inspections of the software it buys from private companies for a wide range of activities, from managing databases to operating internal chat applications. That…
SolarWinds Hides List of High-Profile Customers After Devastating Hack
SolarWinds has removed a list of high-profile clients from its website in the wake of a massive breach, “suggesting the company may be trying to obscure its clients in an effort to protect them from bad publicity,” reports The Verge. From the report: The list of vulnerable companies is much smaller than SolarWinds’ overall client list, so simply appearing on the…
ACLU Sues DHS Over Purchase of Cellphone Location Data Used To Track Immigrants
The American Civil Liberties Union is suing federal authorities over their alleged use of cellphone location data — particularly in immigration enforcement. From a report: The nonprofit organization today filed a lawsuit against the Department of Homeland Security, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement to force the agencies to release records about purchasing cellphone location data…
Trump Fires Election Security Director Who Corrected Voter Fraud Disinformation
phalse phace shares a report from NPR: Christopher Krebs, the Department of Homeland Security director who had spearheaded a campaign to counter rumors about voter fraud, has been fired, President Trump tweeted on Tuesday. Trump, in two misleading tweets about the security of the U.S. election, said Krebs’ termination was “effective immediately.” The CISA campaign, led by Krebs, was originally intended…
Election Was Most Secure In American History, US Officials Say
“The Nov. 3rd election was the most secure in American history,” state and federal election officials said in a statement Thursday. “There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” Bloomberg reports: The statement acknowledged the “many unfounded claims and opportunities for misinformation about the process of our elections” and…