{% text "preview_text" label="Preview Text This will be used as the preview text that displays in some email clients", value="", no_wrapper=True %}


READ IN BROWSER

11/24/2020
linkedin facebook twitter instagram
WorkScoop
A remarkable security bill heads to Trump's desk. Sizing up Alejandro Mayorkas' cyber cred. And new reasons to avoid certain kinds of "smart" doorbells. This is CyberScoop for Tuesday, Nov. 24, 2020.

This IoT legislation actually will have an impact

Congress recently passed an "internet of things" cybersecurity bill that's being hailed as an impressive achievement. The legislation directs the National Institute of Standards and Technology to write IoT cybersecurity guidelines that would-be federal government contractors would have to implement. It also requires that those contractors have a vulnerability disclosure policy. The idea is that the federal government's purchasing power might have a broader impact on all manufacturers. Passing the bill took more than three years. Tim Starks tells the tale of how it came to be.


A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.


Biden’s DHS pick learned cybersecurity by doing

Alejandro Mayorkas, the lawyer whom President-elect Joe Biden tapped to be Homeland Security secretary, was a “quick study” on cybersecurity issues when he was deputy secretary from 2013 to 2016, according to Greg Touhill, a senior DHS official at the time. Mayorkas witnessed U.S. responses to multiple big cybersecurity events while on the job, from the OPM breach to the Russian attempt to undermine the 2016 election. If confirmed by the Senate, he’ll have a big task on his hands. Sean Lyngaas breaks it down.


An unwelcome visitor at the door

Eleven types of wireless-connected “smart” doorbells contained flaws that could allow hackers to tamper with data or physically steal the device, according to a new study. Cybersecurity company NCC Group and the consumer advocacy organization known as Which? found some old flaws and some new ones in the latest example of IoT security gone awry. The vendors are obscure, but their products featured prominently on Amazon and eBay. Sean has the story.


Catholicism is still a hot topic in China

After months of public reporting on a suspected Chinese hacking campaign targeting entities linked with diplomacy between the the Vatican and Beijing, the hackers are still trying their luck. After Recorded Future first called out the hackers affiliated with the group Mustang Panda in July for efforts to conduct espionage against targets involved in negotiations about the operations of the Catholic Church in China, the hackers briefly paused their activity only to resume two weeks later with the same tools. Now the same group is back at it with revised tools as part of a likely effort to evade detection, according to Proofpoint researchers. The latest with Shannon Vavra.


UK leaders send clear message about Huawei ban

Telecom companies eventually could face big penalties if they fail to comply with security requirements aimed at keeping technology from Huawei out of the U.K.'s new 5G networks. Legislation proposed Tuesday by Prime Minister Boris Johnson’s government would levy fines of as much as 100,000 pounds ($134,000) per day if the bill becomes law. It also would set a deadline of 2027 for telecoms to rip out all Huawei gear from their systems. The company dismisses concerns about its alleged connections to the Chinese state and says the U.K. proposal is pure politics. Joe Warminsky has more.


Two Baidu apps found to have steady leaks

Here’s your latest reminder that just because an application is available in an official app marketplace, it doesn’t mean it will protect user data. A pair of Baidu applications on the Google Play Store were recently leaking users’ sensitive data, according to Palo Alto Networks’ Unit 42. Through reverse-engineering, the research team found that both the Baidu Search Box and Baidu Maps applications used a software development kit (SDK) that would collect a device's MAC address, carrier information and international mobile subscriber identity (IMSI) number — the kind of data which, if it were to fall into the wrong hands, could be used to stalk, monitor, or even harass an individual. Shannon has the details.


Tweet Of The Day

Image

Next time, just tell him you're allocating fewer resources to the husband app.


Want more? Catch our events for all things workforce!
{% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} Copyright (c) 2019 WorkScoop, All rights reserved.

{{ site_settings.company_name }}
{{ site_settings.company_street_address_1 }}
{{ site_settings.company_city }} {{ site_settings.company_state }} 20036

Update your email preferences
Unsubscribe {% end_widget_attribute %} {% end_widget_block %} {# {% widget_block rich_text 'unsubscribe' label='Unsubscribe' overridable=true no_wrapper=true %} {% widget_attribute 'html' %} You received this email because you are subscribed to {{ subscription_name }} from {{site_settings.company_name}}. If you prefer not to receive emails from {{site_settings.company_name}} you may unsubscribe or set your email preferences. {% end_widget_attribute %} {% end_widget_block %} #}