Category Archives: Security News
US House approves cyberthreat sharing bill
The U.S. House of Representatives has voted to approve legislation that would encourage companies to share cyberattack information with each other and with the government, despite concerns that it would put new consumer information in the hands of surveillance agencies.
The House voted 307 to 116 on Wednesday to approve the Protecting Cyber Networks Act (PCNA), which would protect companies that voluntarily share information from customer lawsuits. Several digital rights groups and cybersecurity researchers oppose the bill, saying it requires data shared with civilian agencies, including potentially personal information, to be passed on to the National Security Agency.
House bill slashes research critical to cybersecurity
A U.S. House bill that will set the nation’s basic research agenda for the next two years increases funding for computer science, but at the expense of other areas important to cybersecurity.
The funding bill, sponsored by Rep. Lamar Smith (R-Texas), the chair of the Science, Space and Technology Committee, hikes funding for computer science, but cuts – almost by half – social sciences funding, which includes the study of human behavior. Cybersecurity uses human behavior research because humans are often the weakest security link.
Microsoft kicks off two-month Spartan bug bounty program
Microsoft today launched a short-term bug bounty program for its new Project Spartan browser, saying entries would be accepted until June 22.
The temporary award program is very similar to one Microsoft used in mid-2013 for Internet Explorer 11 (IE11) to bag some bugs before that browser was released with Windows 8.1.
“Securing this platform is a top priority for the browser team,” said Jason Shirk, a security architect with the Microsoft Security Response Center (MSRC), in a blog post.
Qualys devises a virtual patch to protect against vulnerabilities
If you can’t wait for that critical patch to secure your system from some just-discovered bug, IT security firm Qualys may have an answer, through new security software that can secure the trouble spot until the patch arrives.
The feature, called virtual patching, comes with the newly released version 2 of the company’s Web Application Firewall, a set of software for securing Web applications against malicious behavior.
Malware used in White House and State Department hacks possibly linked to Russia
The group of attackers behind cyberintrusions at the White House and the Department of State last year used malware that bears strong similarities to cyberespionage tools suspected to be of Russian origin.
Security researchers from Kaspersky Lab have dubbed the cyberespionage group CozyDuke and said that it has blatantly targeted high-profile victims since the second half of last year. Its toolset includes malware droppers, information-stealing programs and backdoors that have antivirus evasion capabilities and make use of cryptography, the researchers said Tuesday a blog post.
