Facebook has disclosed that as many as 100 app developers retained data from user groups on the platform. While the social media giant had changed settings to ensure developers could only see basic information, it recently became aware that some developers maintained access to names and images after the change went into effect. [node:read-more:link]
A data breach last December at The Desjardins Group, a Quebec-based financial services company, is turning out to be worse than previously reported. The number of members of the cooperative affected originally was reported at 2.9 million in June but Desjardins President and CEO Guy Cormier disclosed Nov. 1 that the breach affected 4.2 million members. [node:read-more:link]
A suspected state-sponsored cyberattack shut down more than 2,000 websites in Georgia, including court sites containing case materials and personal data, as well as the former Soviet satellite’s national TV station. Sources say Georgian government websites are poorly protected and vulnerable. [node:read-more:link]
Three weeks into the 2020 U.S. fiscal year, with Congress trying to finalize the budget, the White House is locking down cybersecurity priorities within broad reform of information technologies. Federal Chief Information Officer Suzette Kent says there is strong interest in identity management strategies, enhanced security measures for public services, and automated network monitoring for government agencies’ cyber operations. [node:read-more:link]
Microsoft Corp. has secured a $10-billion Department of Defense contract for the Joint Enterprise Defense Infrastructure (JEDI) cloud data storage program. Amazon Web Services, sole host for the U.S. intelligence community’s cloud storage for six years, had been considered the front-runner in the often litigious bidding process. [node:read-more:link]
The U.S. Department of Defense Department is close to finalizing a new Cybersecurity Maturity Model Certification framework for assessing suppliers’ protection of sensitive data. After extensive feedback since the first draft was released six weeks ago, Ellen Lord, undersecretary for acquisition and sustainment, says the next iteration should be published in the first week of November, setting the stage for a final version in January after further comment. [node:read-more:link]
Improvements in artificial intelligence technologies means that government procurement agencies need to renew how they approach industry, according to the World Economic Forum. It says in a discussion paper that traditional processes might not be suitable due to new and unique risks to manage and the possibility of unintended consequences. [node:read-more:link]
The U.S. needs to refresh and expand its counterintelligence efforts in the face of a growing wave of cyberattacks, says Christopher Costa, a former senior director for counterterrorism at the National Security Council. [node:read-more:link]
The Federal Bureau of Investigation has warned the U.S. telecom sector that companies could be vulnerable to attacks which bypass multi-factor authentication to gain access to accounts. It cites several examples, including the use of stolen credentials to bypass banks’ two-factor authentication protocols. “When reaching the secondary page where the customer would normally need to enter a PIN and answer a security question, the attacker entered a manipulated string into the Web URL setting the computer as one recognized on the account,” the FBI says. [node:read-more:link]
Even as governments introduce legislation and regulations to restrict private-sector use of data gathered through mobile apps, they have exempted political parties from any restrictions, which raises questions about how the data they collect is analyzed, used and possibly shared. Some experts are wondering why there’s not more scrutiny of parties. [node:read-more:link]
Privacy rules on Facebook and other social media sites are frustrating a scientific study of social media’s influence in democracies. It apparently is at a point where the study’s financial backers are considering dropping out. [node:read-more:link]
In an effort to reduced subscribers’ stress over data breaches, Google has developed a “password checkup” feature which checks automatically for compromised passwords. It lets users know whether their information has been exposed at other social meia services or whether a password is considered vulnerable. [node:read-more:link]
Congress is being urged by legislators from both political parties to purge the U.S. telecom infrastructure of equipment manufactured by any foreign company the government considers a threat to national security. The proposed $1 billion cost of compensating small and rural service providers for replacing alternate equipment would be covered through the newly-proposed Secure & Trusted Communications Networks Act. [node:read-more:link]
The Department of Defense is being forced to revamp various databases in response to protect personal data on millions of active military personnel and veterans which allegedly have been exposed to identity thieves. The president of Vietnam Veterans of America, which has filed suit against the DoD, says “monetizing our service members by sharing their personal information for profit while compromising their identities is despicable and damaging to our national defense.” [node:read-more:link]
The Center for Strategic & International Studies, a Washington think-tank, is predicting a 1.8-million shortfall in cybersecurity positions by 2022. While acknowledging efforts by key agencies, universities and technical schools to fill the growing gap, the center says more effort is needed. [node:read-more:link]
