| WATCH THIS SPACE: The Biden administration is working to formally attribute the exploitation of vulnerabilities in Microsoft’s Exchange Server application, which left thousands of organizations vulnerable to attack, “in the coming weeks,” a top official said Tuesday. “I think you saw the national security adviser Jake Sullivan say that we will attribute that activity, and along with that of course determine what needs to do as a follow up from that and I think you’ll be seeing further on that in the coming weeks,” Anne Neuberger, the deputy national security advisor for cyber and emerging technology, said during a virtual event hosted by the Silverado Policy Accelerator. Neuberger’s comments came months after Microsoft announced the discovery of new vulnerabilities in its Exchange Server program, and assessed with “high confidence” that a hacking group known as “HAFNIUM,” a Chinese state-sponsored group, was exploiting these vulnerabilities. According to Neuberger, around 140,000 organizations were left vulnerable to attack by HAFNIUM or other hacking groups. Tuesday, the official praised Microsoft for quickly releasing a patch that reduced this number to less than 10 vulnerable groups in a week. Other cyber initiatives move forward: The administration announced in April a 100-day plan to strengthen the cybersecurity of the electricity sector. Neuberger said Tuesday that the effort had been “really successful,” and that electric utility companies representing more than 56 million customers have deployed cybersecurity monitoring technology. Read more about developments here. NEW NEWSLETTER: Facebook rolled out a new newsletter feature called Bulletin. Bulletin will allow creators the ability to author and distribute both free and subscriber-based content via Facebook. The new feature is essentially Facebook's version of the popular newsletter platform Substack and has recruited dozens of writers, across categories like sports, science, health, and finance. Bulletin is accessed on a separate website from Facebook’s platform, but Bulletin articles and podcasts can be found on creator's public pages or within the Facebook News Feed. Read more here. PARLER'S PUSHBACK: Parler and former President Trump were in talks to get Trump on the platform, but they stalled after Parler refused to ban those who criticized the former president, Michael Wolff’s book about Trump’s last days in office says. Trump and Parler had been in discussions even before the Capitol riot about the former president joining the platform, with Parler offering Trump 40 percent of the company’s gross revenues to join, according to the book “Landslide: The Final Days of the Trump Presidency,” The Verge reported. However, Trump reportedly also wanted Parler to be a place where he did not have to deal with his detractors. “They had floated a proposition that Trump, after he left office, become an active member of Parler, moving much of his social-media activity there from Twitter. In return, Trump would receive 40 percent of Parler’s gross revenues and the service would ban anyone who spoke negatively about him,” said an excerpt from the book published in New York Magazine. “Parler was balking only at this last condition.” Read more here. CISA (MIGHT) GET A BOOST: The House Appropriations Committee on Tuesday included almost $400 million more than last year for the Cybersecurity and Infrastructure Security Agency (CISA) in its budget proposal for the upcoming year. The committee proposed the increase in the wake of months of escalating cyberattacks, most notably the SolarWinds hack that compromised nine U.S. federal agencies and 100 private sector groups, and ransomware attacks on Colonial Pipeline and meat producer JBS USA. The committee specifically proposed a budget of $2.42 billion for CISA in fiscal year 2022, just shy of $400 million over CISA’s budget in 2021, and more than $288 million above what the agency requested earlier this year. These funds would go towards issues including critical infrastructure security, emergency communications, risk management, and other cybersecurity-related concerns. Read more about the budget here. NEW FACIAL RECOGNITION REPORT: Six federal agencies used facial recognition software to identify protesters who demonstrated in the wake of George Floyd's death at the hands of Minneapolis Police last year, according to a government watchdog. The Government Accountability Office (GAO) said in a report released Tuesday that the agencies used the technology from May through August 2020 to “support criminal investigations related to civil unrest, riots, or protests.” “All six agencies reported that these searches were on images of individuals suspected of violating the law,” the GAO said. The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), U.S. Capitol Police, the FBI, the U.S. Marshals Service, U.S. Park Police and U.S. Postal Inspection Service reported using the technology. The use of facial recognition came under scrutiny last year over concerns about how state and local law enforcement was using the technology to identify protestors. Facial recognition technology has long been criticized for misidentifying women and minorities at a higher rate. In April, a man sued the city of Detroit for being falsely arrested after his driver’s license photo was mistakenly matched to surveillance footage of a shoplifter. Read more. | 
No comments:
Post a Comment