Mike Rogers Leaving U.S. Cyber Command
Reports indicate that “National Security Agency Director Mike Rogers has announced plans to retire this spring and has said he expected a successor to be nominated and approved by the U.S. Senate this month…” (Reuters)
Varied Groups Wanting National Data Breach Notification Legislation
In a letter to the House Energy & Commerce Committee, 22 industry groups that include financial services, technology, retail, and telecom said that they want Congress to consider a national data breach notification law. According to the letter, the groups “support federal legislation to protect personal information and, in the event of a data breach that could result in identity theft or other financial harm, ensure consumers are notified in a timely manner.” The letter includes four elements they would like to see such as “a flexible, scalable standard for data protection” and “clear preemption of the existing patchwork of often conflicting and contradictory state laws.”
Hardware Vulnerabilities Meltdown and Spectre Impact Servers and Devices Worldwide
Two serious hardware vulnerabilities—Meltdown and Spectre—were announced in a paper last Wednesday. Affecting Intel microprocessors, the vulnerabilities impact Apple devices, devices using Windows and older versions of Linux, and even reaches across the cloud and IoT devices. These vulnerabilities received a lot of media coverage and we’ve collected some of the best articles here.
Summary of Recent Research Reports
Three recent research reports highlight data about cybersecurity issues affecting public companies, the tangible damage of data breaches, and behavioral biometrics.
NIST Seeking Products and Technical Expertise from Private Sector to Mitigate IoT-based DDoS Attacks
According to Federal News Radio, “NIST is looking for partnerships with the private sector to secure Internet of Things devices. The National Institute of Standards and Technology invited companies to provide products and technical expertise to support and demonstrate security platforms for the Mitigating IoT-Based DDoS Building Block. It wants to start having collaborative events later in January.” NIST says that “Components being sought for inclusion in the project include but are not limited to:
Researchers Note “Multiple Vulnerabilities in the Online Services of (GPS) Location Tracking Devices”
Vangelis Stykas and Michael Gruhn recently published research about significant security vulnerabilities related to location tracking devices. According to SecurityWeek, the researchers “found that over 100 [online services designed for managing location tracking devices] have flaws that can be exploited by malicious actors to gain access to device and personal data. The security holes, dubbed Trackmageddon, can expose information such as current location, location history, device model and type, serial number, and phone number.” While some of these services have been patched, many are not.