BIDEN’S NEW DATA SECURITY ORDER LEAVES INDUSTRY OFFICIALS, PRIVACY ADVOCATES SCRATCHING THEIR HEADS BY DAVID DIMOLFETTA
A new White House directive aims to empower agencies to prevent Americans' sensitive data from being accessed by foreign adversaries, but industry executives express concerns that it could disrupt current data flow mechanisms and privacy advocates argue it doesn't go far enough. The directive aims to block data transactions with countries like China and Russia, citing national security risks. Furthermore, the order contemplates restrictions on data broker transactions and holds individuals liable for selling bulk personal or government data to adversarial nations. The impact on U.S. spy agencies relying on data broker transactions remains unclear.
NSA SHARES ZERO-TRUST GUIDANCE TO LIMIT ADVERSARIES ON THE NETWORK BY IONUT ILASCU
The National Security Agency (NSA) has released new guidance on implementing zero-trust framework principles to help organizations limit adversaries' movement on internal networks. Zero-trust architecture involves strict controls for accessing resources on the network, regardless of their location, to minimize the impact of breaches. The NSA's guidance focuses on the network and environment component, which includes all hardware and software assets, non-person entities, and inter-communication protocols. The guidance outlines maturity levels for data flow mapping, macro and micro-segmentation, and software-defined networking, with the goal of achieving an enterprise architecture that resists, identifies, and responds to threats.
GOOGLE ENGINEER CAUGHT STEALING AI TECH SECRETS FOR CHINESE FIRMS BY BILL TOULAS
Linwei (Leon) Ding, a former Google software engineer, has been indicted by the U.S. Department of Justice for allegedly stealing trade secrets related to Google's artificial intelligence (AI) technologies. The charges state that Ding stole proprietary information about Google's advanced supercomputing data centers and transferred it to two Chinese companies. The stolen trade secrets include details about GPU and TPU chips, software enabling chip communication and task execution, and the Cluster Management System orchestrating thousands of chips into a supercomputer. Despite Google detecting unauthorized data transfer, Ding allegedly lied to investigators and faces a maximum penalty of 10 years in prison and fines.
FBI: CYBERCRIME COST AMERICANS OVER $12.5B IN 2023 BY SIMON HENDERY
The FBI's Internet Crime Complaint Center (IC3) revealed a 22% surge in reported cybercrime costs in the U.S. for 2023 in its annual report, surpassing $12.5 billion. With a record 880,418 complaints, up nearly 10%, investment fraud and business email compromise (BEC) led in losses. Investment fraud complaints totaled over 29,000, with losses at $4.57 billion, notably $3.94 billion in cryptocurrency fraud. BEC attacks incurred $2.9 billion in losses. Ransomware incident reports rose by 18%, costing $59.6 million, with the healthcare/public health sector, critical manufacturing, and government facilities coming in as the three most targeted groups. The figures may underestimate actual losses, as reporting remains incomplete.
ATTACK WRANGLES THOUSANDS OF WEB USERS INTO A PASSWORD-CRACKING BOTNET BY DAN GOODIN
Hackers have repurposed hundreds of compromised WordPress sites into command-and-control servers for password-cracking attacks. The attack, identified by researcher Denis Sinegubko, uses a JavaScript script hosted on 708 infected sites to force visitors' browsers into brute-force attempts on thousands of other WordPress sites. The attackers follow a multi-stage process that includes obtaining URLs, extracting usernames, injecting malicious scripts, brute-forcing credentials through visitors' browsers, and verifying compromised credentials. The attack leverages the unwitting participation of visitors, making it challenging to filter and block such malicious requests. The ongoing campaign highlights the need for user vigilance and potential countermeasures like using browser extensions or ad blockers to block JavaScript on unknown sites.
