From Security Weekly WikiJump to navigationJump to search
#[https://www.fifthdomain.com/civilian/dhs/2019/12/27/dhs-wants-more-input-on-how-to-share-vulnerabilities/ DHS wants more input on how to share vulnerabilities] DHS has extended the comment time on their draft vulnerability disclosure program to 1/10/20. Mandating a bug-bounty program can have interesting impacts and side-effects.
#[https://www.vice.com/en_uk/article/g5xxzy/researcher-releases-data-on-100000-phishing-attempts-to-teach-you-how-to-not-get-hacked Researcher Releases Data on 100,000 Phishing Attempts to Teach You How to Not Get Hacked] Claudio Guarnieri, who works at Amnesty International, published the dataset to help other researchers track hackers, and to help cybersecurity educators use them as real-world examples.
engadget.com/2019/12/ 17/sec-charges-it-administrator- over-insider-trading -ring/ SEC charges IT administrator over $7 million insider trading ring] Palo Alto Networks IT Administrator Janardhan Nellore and four friends engaged in insider trading after leveraging their IT administrator credentials and contacts to access financial data and make trades. While all face SEC fraud charges, one team member also faces federal criminal charges.
#[https://www.reuters.com/article/us-usa-tiktok-navy/u-s-navy-bans-tiktok-from-government-issued-mobile-devices-idUSKBN1YO2HU U.S. Navy bans TikTok from government-issued mobile devices] United States Navy banned the social media app TikTok from government-issued mobile devices, saying the popular short video app represented a “cybersecurity threat.” and the[http://www.koreatimes.co.kr/www/tech/2019/12/133_281109.html Korea Communications Commission (KCC) announced] it was investigating the Chinese-developed TikTok video app after finding that the app was sending users' personally identifiable information (PII) to the Chinese government.
#[https://techcrunch.com/2019/12/31/traced-act-signed-into-law-putting-robocallers-on-notice/ TRACED Act signed into law, putting robocallers on notice] Has good requirements, such as adoption of the STIR/SHAKEN framework, but may not truly cut down on calls.