Information Security Laws Investigations and Ethics
- March 11, 2020
Microsoft, BitSight and other partners used legal and technical steps to take control of one of largest botnets in the world that infected more than 9 million systems.
- March 04, 2020
Ransomware payments are insurable, but should they be? Several experts weighed in on the question, and the effect of cyberinsurance, during RSA Conference 2020.
- February 27, 2020
During his RSA Conference keynote, CrowdStrike co-founder Dmitri Alperovitch explains why the U.S. Department of Justice's indictments against Chinese hackers has been effective.
- December 05, 2019
The U.S. Justice Department indicts two alleged members of the Russian threat group behind the Dridex banking Trojan, known as Evil Corp, and offers a $5 million bounty.
- December 04, 2019
NSS Labs dropped its antitrust suit against the Anti-Malware Testing Standards Organization, Symantec and ESET, ending a contentious legal battle in the endpoint security market.
- November 21, 2019
Ohio is building a 'Cyber Reserve,' a civilian cybersecurity force alongside the state's National Guard that will be deployed to help local governments recover from cyberattacks.
- November 14, 2019
InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal data until it implements its own infosec program.
- October 30, 2019
Chris Hylen unexpectedly stepped down as CEO of Imperva in the wake of a data breach involving cloud WAF customer data, though it's unclear if the two events are connected.
- October 04, 2019
This week's Risk & Repeat podcast looks at President Trump's recent comments about CrowdStrike and the DNC 'server' and the misinformation around Russian election interference.
- October 03, 2019
Zendesk disclosed a previously undetected security incident from 2016 in which data for 10,000 customer accounts was accessed, but the disclosure is missing some key details.
- October 01, 2019
German authorities arrested seven in raid of bulletproof hosting company CyberBunker -- which was housed in a former NATO bunker -- for allegedly hosting dark web marketplaces.
- September 27, 2019
The New York attorney general filed a lawsuit against Dunkin' Brands regarding attacks dating back to 2015 and alleges the company failed to respond or notify victims properly.
- September 25, 2019
In a call with the Ukrainian president that is now the focus of an impeachment inquiry, President Trump discussed CrowdStrike and asked for help with finding a 'server.'
- September 10, 2019
One expert showed the crowd at DerbyCon that proper attribution of a cyberattack requires multiple indicators in order to avoid being fooled by a false flag attempt.
- August 29, 2019
The alleged Capital One hacker, Paige Thompson, was charged with additional counts of fraud and abuse for stealing data from more than 30 other organizations.
- August 02, 2019
History from a Slack channel run by the Capital One data breach suspect points to data stolen from more organizations, but no evidence of other attacks has been found yet.
- July 29, 2019
Tim Mackey of Synopsys tries to clear up some of the mystery around how GDPR regulators determine the fines levied on companies for major data breaches or privacy violations.
- July 24, 2019
An investigation revealed the password spraying attack that gave malicious actors access to Citrix systems resulted in only some business documents being stolen.
- July 22, 2019
Under the settlement with the FTC and state attorneys general, Equifax will fork over at least $575 million in civil penalties and provide credit monitoring services to consumers.
- July 16, 2019
Facebook will reportedly be hit with a $5 billion fine by the FTC following an investigation into multiple privacy issues, and experts said other enterprises should take note.
- July 09, 2019
The ICO plans to levy a record GDPR fine of nearly $230 million against British Airways for a security incident that led to 500,000 customers having their data compromised.
- July 03, 2019
D-Link settled a U.S. Federal Trade Commission lawsuit, which alleged the company failed to take basic steps to address security flaws and weaknesses in its products.
- July 02, 2019
President Donald Trump promised to loosen trade restrictions on Huawei, while respecting national security concerns, but the details of the changes are still unclear.
- May 16, 2019
U.S. businesses are barred from dealing with Huawei following an executive order from the White House and the additions of Huawei and its affiliates to a trade blacklist.
- May 15, 2019
To encourage more input from women in cybersecurity in the legislative process, the Executive Women's Forum went to Washington to discuss key issues with Congress.
- May 10, 2019
Cybersecurity giant Symantec is searching for a new CEO once again after Greg Clark unexpectedly resigned from the vendor after three years at the helm.
- April 22, 2019
Marcus 'MalwareTech' Hutchins, known as being an integral player in stopping the WannaCry ransomware outbreak, pleads guilty to conspiring to create and distribute the Kronos banking Trojan.
- February 08, 2019
This week's Risk & Repeat podcast looks at Apple's decision to temporarily revoke Facebook's and Google's enterprise certificates following reports of questionable app activity.
- January 22, 2019
A Democratic National Committee lawsuit regarding Russian cyberattacks in the lead-up to the 2016 election now also claims Russia attacked DNC systems after the 2018 midterms.
- January 11, 2019
News roundup: According to a new report from Politico, Kaspersky Lab aided the NSA in catching alleged data thief Harold Martin. Plus, telecoms are selling customer data, and more.
- December 28, 2018
Apple's latest Transparency Report shows government data requests on the rise around the world, as is Apple's compliance in providing the data being requested by law enforcement.
- December 21, 2018
The Department of Justice indicted two alleged members of the Chinese state-sponsored hacking group APT10, which hacked managed service providers to steal data from enterprises.
- December 12, 2018
An Equifax breach report, based on a government investigation, blamed the incident on multiple security failures and concluded the breach was preventable.
- November 30, 2018
New hacker indictments and U.S.Treasury Department sanctions highlight the disconnect between government action and real world consequences for threat actors.
- November 29, 2018
The FBI indicted two threat actors involved with the SamSam ransomware attacks while the US Treasury sanctioned two others for their role in exchanging Bitcoin earned from attacks.
- November 29, 2018
Dell provided some information about a "potential cybersecurity incident" earlier this month, but it's unclear how the company and customers should be reacting.
- November 28, 2018
The Justice Department indicted eight individuals accused of running major ad fraud campaigns, including the 3ve botnet, which generated millions of dollars in fake ad revenue.
- November 14, 2018
An international cybercrime agreement was signed by 50 nations and 150 companies in Paris, but the U.S., China and Russia were not part of the accord.
- October 12, 2018
The recent Facebook breach affected 20 million fewer accounts than was previously thought. The company now says 29 million accounts had data exposed to attackers.
- October 05, 2018
The U.S., U.K. and other allies accused seven Russian military officers in cybercrimes around the world, and the GRU indictment from the U.S. formally pressed charges.
- October 01, 2018
FBI, DHS call on users to mitigate Remote Desktop Protocol vulnerabilities and handle RDP exploits on their own, even as the "going dark" campaign continues unabated.
- September 21, 2018
News roundup: The Mirai botnet creators will not serve time in prison after they worked with the FBI. Plus, the Department of Defense updated its cyber strategy, and more.
- August 24, 2018
NSA leaker Reality Winner sentenced to 63 months in prison for releasing classified documents detailing an attack by the Russian military against U.S. election systems.
- August 23, 2018
AI bias and the need for data stewardship to prevent issues surrounding the trend of hoarding data are the next big ethical concerns for infosec, according to Laura Norén.
- August 14, 2018
Amanda Rousseau, aka Malware Unicorn, discusses her time in computer forensics investigations with the DoD, as well as the joys of reverse engineering malware encryption by hand.
- August 09, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Disclose.io project and what it could mean for the future of security research and vulnerability disclosure.
- August 03, 2018
News roundup: Disclose.io offers legal bug bounty framework to give researchers safe harbor from legal action for vulnerability disclosures. Plus, Stamos exits Facebook, and more.
- July 31, 2018
New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.
- July 17, 2018
The difference between data privacy protections afforded to European Union residents and people in the U.S. is more sharply highlighted now that the EU's General Data Protection Regulation has ...
- June 21, 2018
The DOJ has officially charged the accused CIA leaker, Joshua Schulte, with theft of government property and gathering national defense information in the Vault 7 case.
- June 21, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Protecting American Votes and Elections Act of 2018, which requires paper ballots and audits.
- June 13, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Google's new principles for artificial intelligence and how they may impact the use of AI for cybersecurity.
- June 08, 2018
The U.S. government added four new charges against Marcus Hutchins in the MalwareTech indictment, but questions have surfaced about the legal standing of the new charges.
- May 31, 2018
One of four Yahoo hackers was sentenced to five years in prison for his role in the massive 2014 breach, which included accessing millions of sensitive email accounts.
- May 24, 2018
New malware, dubbed 'VPNFilter' by Cisco Talos, infects 500,000 devices and triggers action from Justice Department, which seized and sinkholed the botnet's domain.
- May 16, 2018
The U.S. government has identified a man already in custody on unrelated charges as the suspect in the Vault 7 leak, but it is unclear how much evidence supports the case.
- April 20, 2018
Following its controversial lawsuit against an Ars Technica security reporter, Keeper Security has teamed with Bugcrowd on a formal vulnerability disclosure program.
- April 20, 2018
A panel of experts at the RSA Conference all expressed support for the idea of hacking back against threat actors, but each offered caveats in hopes of minimizing collateral damage.
- April 19, 2018
Speaking at RSA Conference 2018, Bruce Schneier slammed U.S. lawmakers and Facebook in discussions on internet security regulations and technology policy.
- April 11, 2018
Find out what's happening at the information security industry's biggest event with breaking news and analysis by the SearchSecurity team at the RSA Conference 2018 in San Francisco.
- April 06, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the OIG report's findings on the FBI's effort to unlock the iPhone of one of the San Bernardino terrorists.
- March 30, 2018
A new government report claims poor communication was to blame for the FBI's court case being filed against Apple despite a San Bernardino iPhone unlock method being almost ready at the time.
- March 23, 2018
Privacy advocates criticize Congress for passing the CLOUD Act as part of the omnibus spending bill, while big tech companies have expressed support for the controversial legislation.
- March 21, 2018
CEO Pavel Durov continued to assert that Telegram encryption keys will not be shared with the FSB, despite the Russian Supreme Court denying the company's appeal.
- March 16, 2018
News roundup: A CIO has been charged with insider trading after the Equifax data breach. Plus, Trump blocked Broadcom's acquisition of Qualcomm, and more.
- March 06, 2018
The massive Equifax data breach affected even more people. The startling total is now 147.9 million U.S. consumers who had their information stolen by hackers.
- March 02, 2018
News roundup: Cellebrite claims it can unlock Apple devices, according to a Forbes report. Plus, iCloud encryption keys will now be stored in China, and more.
- February 22, 2018
The U.S. Securities and Exchange Commission introduced new SEC cybersecurity disclosure rules to prevent insider trading related to data breaches and other security incidents.
- February 22, 2018
With the EU's General Data Protection Regulation looming, Qualys' Darron Gibbard discusses GDPR data breach notifications, and more with the EU's new privacy law.
- February 08, 2018
The U.S. Department of Justice announced the shutdown of the Infraud Organization, which authorities claim is responsible for global cyberfraud losses in excess of $530 million.
- January 26, 2018
Sen. Ron Wyden challenged the FBI encryption argument and asked the FBI director to be transparent about claims that lawful access could be provided securely.
- January 23, 2018
Security researchers found 14 vulnerabilities in Gemalto Sentinel hardware tokens, which could allow dangerous ICS attacks, including full-system takeover.
- January 19, 2018
The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors.
- January 16, 2018
The CIA reportedly concluded that Russia's foreign intelligence agency created and was responsible for the NotPetya attacks against Ukraine in June.
- January 09, 2018
Federal agencies opened public comments on a draft botnet security report born from the 2017 White House cybersecurity executive order, and experts are generally favorable.
- December 20, 2017
The White House's WannaCry attribution included the broad strokes, experts say, but the case avoided some key pieces of information, such as the role of the NSA in the attacks.
- December 19, 2017
The White House officially said North Korea was behind the WannaCry attacks, and it credited Facebook and Microsoft for work in attribution. But it left questions unanswered.
- December 14, 2017
The Department of Justice announced guilty pleas from the three Mirai creators and operators behind the massive worldwide botnet DDoS attacks in 2016.
- December 04, 2017
The former NSA employee reportedly responsible for exposing classified data to Russian government hackers pleaded guilty and faces a maximum of 10 years in prison.
- December 01, 2017
Democratic senators have proposed data breach legislation that could lead to jail time for some executives who conceal breaches and fail to disclose them to consumers.
- December 01, 2017
Exposed data included new information on the NSA Ragtime intelligence-gathering program, but it is unclear if the evidence proves Americans were targeted.
- December 01, 2017
One of the Yahoo data breach hackers pleaded guilty to his involvement in the attack. Plus, the FBI failed to notify U.S. officials that they were targets of Fancy Bear, and more.
- November 30, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Uber data breach, which was concealed by company officials, and the ethics of data breach disclosure.
- November 21, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the new charter for the Vulnerabilities Equities Process and what it means for the infosec community.
- November 20, 2017
A security researcher at UpGuard found exposed data in Amazon Web Services' cloud storage buckets. And once again, the data belongs to the Department of Defense.
- November 17, 2017
An anonymous security researcher has once again earned the top Google bug bounty prize in the Chrome Reward Program for a Chrome OS exploit chain.
- November 16, 2017
Experts are still unsure about the Vulnerabilities Equities Process, but admit the new VEP Charter could be a good step toward improving federal vulnerability review.
- November 15, 2017
The White House wants a more open Vulnerabilities Equities Process and has unveiled a new VEP Charter in order to promote transparency in bug reviews.
- November 10, 2017
News roundup: Following the massive Equifax breach, the CEO said he doesn't know if customer data is encrypted or not. Plus, flaws were found in IEEE's P1735 standard, and more.
- November 09, 2017
New court documents indicate an FBI hacking operation may have crossed international borders and infected systems in Russia, China and Iran.
- November 02, 2017
Two senators introduced a bipartisan election security bill called the SAVE Act, which aims to improve voting infrastructure and harden state systems against attack.
- October 31, 2017
"Three may keep a Secret, if two of them are dead." So wrote Benjamin Franklin, in Poor Richard's Almanack, in 1735. Franklin knew a thing or two about secrets, as well as about cryptography, given ...
- October 27, 2017
A security researcher reportedly disclosed a number of Equifax security issues to the company months before the major data breach, and none of the problems were fixed.
- October 25, 2017
A Kaspersky transparency initiative and a full code review of its products are on the way, and a new Kaspersky statement explained how NSA cyberweapons were uploaded to its servers.
- October 13, 2017
News roundup: The DOJ calls for 'responsible encryption' to comply with court orders. Plus, there's more bad cybersecurity news for banks, and Accenture data in AWS gets exposed.
- October 07, 2017
An NSA contractor became the target of a cyberattack after storing agency spying software on a personal device, and this NSA breach has caused a rise in fears regarding Russia.
- October 05, 2017
The Equifax breach impact expanded and the company's former CEO answered questions in a congressional hearing, but experts were not satisfied by the answers.
- September 29, 2017
One expert is concerned about the large increase of government data requests received by Apple and the effects this surveillance activity has on user privacy.
- August 29, 2017
The specter of Kaspersky-Russian ties has reportedly led to an FBI campaign urging private organizations to drop Kaspersky Lab products; experts urge the FBI to share more evidence.
- August 25, 2017
The FBI arrested Chinese national Yu Pingan for alleged involvement with cyberattacks using the Sakula malware, the same malware reportedly used in the OPM breach.