DHS rule would expand biometric collection to immigrants and some citizens linked to them If you're filing an immigration form - or helping someone who is - the Feds may soon want to look in your eyes, swab your cheek, and scan your face. The US Department of Homeland Security wants …
PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more Infosec in brief Australia’s Signals Directorate (ASD) last Friday warned that attackers are installing an implant named “BADCANDY” on unpatched Cisco IOS XE devices and can detect …
Nations previously exempt from scraping now in the firing line If you thought living in Europe, Canada, or Hong Kong meant you were protected from having LinkedIn scrape your posts to train its AI, think again. You have a week to opt out before the Microsoft subsidiary assumes you're …
PLUS: Judge spanks NSO; Mozilla requires data use disclosures; TARmageddon meets Rust; And more! Infosec In Brief Former basketball star Shaquille O'Neal is 7'1" (215 cm), and therefore uses car customization companies to modify vehicles to fit his frame. But it appears cybercriminals have targeted Shaq’s preferred motor-modder …
Just 250 malicious training documents can poison a 13B parameter model - that's 0.00016% of a whole dataset Poisoning AI models might be way easier than previously thought if an Anthropic study is anything to go on.... [...]
The longer the shutdown, the less likely critical IT overhauls happen, ex federal CISO tells The Register The US government shut down at 1201 ET on October 1, halting non-essential IT modernization and leaving cybersecurity operations to run on skeleton crews.... [...]
Plaintext transmissions, fixed MAC addresses, rotating 'unique' IDs, and more, make abuse easy Tile Bluetooth trackers leak identifying data in plain text, giving stalkers an easy way to track victims despite Life360's security promises, a group of Georgia Tech researchers warns.... [...]
Act passed in 2015 is due to lapse unless a continuing resolution passes - and that's unlikely Barring a last-minute deal, the US federal government would shut down on Wednesday, October 1, and the 2015 Cybersecurity Information Sharing Act would lapse at the same time, threatening what many consider a …
Get ready for a fight over who steers the global standard for vulnerability identification The Cybersecurity and Infrastructure Security Agency (CISA) nearly let the Common Vulnerabilities and Exposures (CVE) program lapse earlier this year, but a new "vision" document it released this week signals that it now wants more …
Now if only someone would remember to apply those rules inside the DoD It's about to get a lot harder for private companies that are lax on cybersecurity to get a contract with the Pentagon, as the Defense Department has finalized a rule requiring contractor compliance with its Cybersecurity …
Auditors find federal cybersecurity workforce data messy, incomplete, and unreliable The US federal government employs tens of thousands of cybersecurity professionals at a cost of billions per year – or at least it thinks it does, as auditors have found the figures are incomplete and unreliable.... [...]
Our drones are OK, but those other drones? The US Department of Homeland Security has revealed plans to spend more than $100 million on systems designed to take out hostile drones.... [...]
'The homeland is no longer secure,' says Defense Counterintelligence and Security Agency leader The Pentagon outfit responsible for preventing foriegn agents from infiltrating defense agencies says the US isn't doing a very good job of preventing state secrets from falling into Chinese hands.... [...]
Fast-glob is widely used in government, security lab says updated A Node.js utility used by thousands of public projects - and more than 30 Department of Defense ones - appears to have a sole maintainer whose online profiles identify him as a Yandex employee living in Russia.... [...]
Fast-glob is widely used in government, security lab says updated A Node.js utility used by thousands of public projects - and more than 30 Department of Defense ones - appears to have a sole maintainer whose online profiles identify him as a Yandex employee living in Russia.... [...]
Remember that cost-cutting group once led by Elon Musk? Federal employees are still dealing with it A Social Security Administration employee has filed a whistleblower complaint alleging that Donald Trump's DOGE cost-cutting unit has put the records of every single American at risk by duplicating an agency database in …
Bill would let US President commission white hat hackers to go after foreign threats, seize assets on the online seas It's been more than 200 years since the United States issued a letter of marque allowing privateers to attack the vessels of foreign nations, but those letters may return …
PLUS: Kryptos solution up for auction; Canadian parliament springs a leak; Fake crypto lawyers; And more Infosec In Brief New York State is suing bank-owned peer-to-peer payment app Zelle, claiming that the banks behind it knew fraud was rampant on the platform but allowed scammers to conduct business with …
The agency offered some tips for operational technology environments, where attacks are rising CISA is urging companies with operational technology environments to set a better cybersecurity posture, and not just by adopting some new best practices and purchasing some new software.... [...]
PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more! Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro's Apex One endpoint security platform is under active exploitation, the company admitted last week, and there's no patch available.... [...]
Illumina allegedly lied about its testing devices meeting government standards Biotech firm Illumina has agreed to cut the US government a check for the eminently affordable amount of $9.8 million to resolve allegations that it has been selling the feds genetic testing systems riddled with security vulnerabilities the …
Neil Smith has been trying to get the railroad industry to listen since 2012, but it took a CISA warning to get there When independent security researcher Neil Smith reported a vulnerability in a comms standard used by trains to the US government in 2012, he most likely didn't …
Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more Infosec In Brief A security researcher looking at samples of stalkerware discovered an SQL vulnerability that allowed him to steal a database of 62,000 user accounts.... [...]
PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers;,O365 allows takeover-free phishing; and more Infosec in Brief Despite warnings not to pay ransomware operators, almost half of those infected by the malware send cash to the crooks who planted it, according to infosec software slinger Sophos …
PLUS: 5.4M healthcare records leak; AI makes Spam harder to spot; Many nasty Linux vulns; and more Infosec in brief A former US Army sergeant has admitted he attempted to sell classified data to China.... [...]