NEWS THIS WEEK: Kaspersky ban underway for U.S. agencies; Equifax data breach lawsuits pile up; Europe plans new agency to quell cyber threats

September 15th, 2017

By Byron V. Acohido

The U.S. government moved to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyber espionage activities. Acting Homeland Security Secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government, and its software poses a security risk. The Department of Homeland Security “is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.” Source: The Washington Post

Lawsuits against Equifax start to pile up after massive data breach

Equifax is facing nearly two dozen class-action lawsuits, along with a separate suit from Massachusetts, over the data breach that compromised the personal information—names, addresses, birth dates and Social Security numbers—of more than 143 million people. Sensitive data from about half of the U.S. population has been available to hackers for weeks. Check your status on Equifax’s website: Equifaxsecurity2017.com. Source: PBS

One line in lengthy bill may allow law enforcement to pursue WikiLeaks

A Senate panel may be trying to give federal law enforcement a new tool to go after the anti-secrecy group WikiLeaks and its U.S. collaborators. A one-sentence “Sense of Congress” clause tacked onto the end of an 11,700-word bill approved by the Senate Intelligence Committee is likely to come before the full Senate this month. The clause says that WikiLeaks “resembles a non-state hostile intelligence service” and that the U.S. government “should treat it as such.” Source: The Sacramento Bee

Latest iPhone would use facial recognition, but Apple says privacy preserved

The recently announced iPhone X has an advanced array of cameras for facial recognition, which allows the phone to become unlocked just by looking at it. The cameras can learn a user’s face and note gradual changes. Apple promised that it would not collect the data on faces, and the information would only be kept on the smartphone, not sent to Apple servers. Source: The Washington Post

Exploits would allow hackers into phones, computers

Security company Armis found eight exploits, collectively called BlueBorne, which can allow an attacker access to a phone without touching it. The attack can allow access to computers and phones, as well as other digital devices. The vector allows hackers to identify a device, connect to it via Bluetooth, and control the screen and apps. Source: Tech Crunch

National Intelligence leader warns of consequences of attacks on grid

Several nations around the globe are capable of launching catastrophic cyber attacks but have refrained from doing so because it would be perceived as an act of war, a veteran security expert said. “We have not experienced—yet—a catastrophic attack. But I think everyone … is aware of the ever-growing threat to our national security,” said Dan Coats, director of National Intelligence, adding that attacks on electrical grids and other utilities are a rising concern. Source: South China Morning Post

IT professionals feel they don’t get no respect, survey shows

A study shows that companies are failing to give IT professionals—the people implementing and operating security strategies for most organizations—the training and responsibility they need to take on a more proactive cybersecurity role. The study, from security training company (ISC)2 also reveals that many IT professionals feel their security guidance is being ignored. Only 35 percent agree that their security suggestions are followed. Source: Beta News

Researchers consider possibility of vaccine against cyber attacks

Some cybersecurity experts are working on what they describe as “vaccines” to stop cyber attacks. In the case of the recent Petya ransomware attack, researchers developed a vaccine in the form of a single computer file that would instantly disable one type of virus as soon as it infected a computer, before it could cause any damage. This is different from traditional anti-virus software that tries to spot and remove any malware on a computer, but this could be after it has done its work. Source: TechXplore

European Commission proposes agency to fight cyber threats

The European Commission issued cybersecurity policy proposals that include the designation of a pan-European agency with a mandate to address cyber threats and attacks. The proposal follows European Commission President Jean-Claude Juncker’s State of the European Union speech, in which he backed setting up a “European cyber security agency.” The EU faced 4,000 ransomware attacks per day last year. Source: Info Security

English sports league seeks defense against cyber attacks from Russia

The English Football Association asked FIFA to shield its national team from Russian cyber attacks ahead of the 2018 World Cup in Russia after emails between the football associations reportedly were hacked. The request was made after emails between the FA and FIFA discussing doping were leaked by the Fancy Bears hacking group, which is suspected of ties to the Russian security services. Source: The Moscow Times

Watch out for those sex robots, says professor who warns of hacks

A cybersecurity professor from Deakin University warned that robots could kill their owners if hackers get inside their heads. Cybersecurity lecturer Nick Patterson said that hacking into modern-day robots, including sexbots, would be easy compared with more sophisticated gadgets such as smartphones and computers. “Hackers can hack into a robot or a robotic device and have full control of the connections, arms, legs and other attached tools like, in some cases, knives or welding devices,” he said. Source: Fox News

This article originally appeared on ThirdCertainty.com