Lobbying Groups Actively Discussing Encryption Legislation with Lawmakers
According to CyberScoop, many conversations are currently occurring between legislators and specific private sector lobbying groups about law enforcement-friendly encryption legislation. Law enforcement has long wanted backdoor access to smartphone devices in criminal cases—and it appears that legislators are privately exploring ways that they can accommodate that demand while still placating the private sector. The CyberScoop article says, “The congressional effort is being pioneered by a combination of the Justice Department and leaders of the Senate Judiciary Committee; specifically, Senate Judiciary Chairman Chuck Grassley, R-Iowa, and ranking member Dianne Feinstein, D-Calif. At the Justice Department, Deputy Attorney General Rod Rosenstein has become one of the leading voices regarding a legislative solution.”
Cisco Switch Vulnerabilities Exploited by Nation State and Other Advanced Threat Actors to Attack Critical Infrastructure
Bleeping Computer recently pointed to a blog post by Cisco Talos that reveals nation state and other advanced actors attacking critical infrastructure through Cisco switch vulnerabilities. According to Cisco Talos, “Cisco has recently become aware of specific advanced actors targeting Cisco switches by leveraging a protocol misuse issue in the Cisco Smart Install Client. Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol. Some of these attacks are believed to be associated with nation-state actors, such as those described in U.S. CERT's recent alert.”
Software Company (24)7.ai at Root of Several Recent Major Data Breaches
Last week, a few major companies admitted data breaches related to (24)7.ai—a software company that provides customer experience software such as website chat tools for businesses. Among the companies hit include Best Buy, Delta Air Lines, and Sears. According to Gizmodo, “the breach was the result of a malware attack, and that the unauthorized access involved payment card numbers, CVV numbers, and expiration dates, in addition to customers’ names and addresses. In a statement, [24]7 said the breach occurred on September 27th of last year and was contained roughly two weeks later.”
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week:
Three Major Cybersecurity Acquisitions Last Week
Last Tuesday, aerospace and defense company General Dynamics completed its acquisition of CSRA, a provider of IT solutions for government. According to WTOP, “General Dynamics inherits the company’s cybersecurity and data-analytics business, and its information technology contracts. The deal makes General Dynamics one of the largest federal IT providers.” On Thursday, RSA announced its intent to acquire Fortscale, a pioneer in embedded behavioral analytics. And reported in ZD Net, “VMware said on Wednesday that it's acquiring E8 Security, a user and entity behavior analytics company. E8 Security's platform uses machine learning and AI to help businesses detect cyber threats faster.”