US Government Cyber Failures

Weyman Holton
Jun 26 · 4 min read

8 Agencies Cited / ISO 27001 / Scamming Paid Search / Tech Headlines

Check out the new FireTV channel for “Your Tech Moment” or add the skill to your Alexa flash briefing. You can find us in many other places too.

Photo by TimSon Foox from Pexels
Listen to this content

Catalin Cimpanu: Report shows failures at eight US agencies in following cyber-security protocols

A new report published by the US Senate yesterday reveals a decade-long string of failures on the part of eight government agencies, who failed to follow basic cyber-security protocols and exposed their networks and US citizens’ most personal data to attackers.

The report was ordered by US Senators Rob Portman (R-OH) and Tom Carper (D-DE), the Chairman and Ranking Member of the US Senate Permanent Subcommittee on Investigations (PSI) on Homeland Security and Governmental Affairs.

The PSI investigators reviewed the past ten years of Inspectors General (IG) reports on compliance with federal information security standards.

The investigation took ten months and analyzed the cyber-security compliance of eight US government agencies: (1) the Department of State; (2) the Department of Transportation; (3) the Department of Housing and Urban Development; (4) the Department of Agriculture; (5) the Department of Health and Human Services; (6) the Department of Education; (7) the Social Security Administration; and (8) the Department of Homeland Security.

Investigators specifically analyzed the activities of the first seven agencies because they were cited in Office of Budget and Management (OBM) reports as having the lowest ratings with regard to cybersecurity practices.

Get the breakdown of just how bad things are from ZDnet.

Paula Fagan: Data security and the legal sector — ISO 27001 for law firms

With the legal sector reporting an increase in targeted attacks in 2018, information security management remains a serious issue for law firms. The confidential information and large volumes of client funds they hold are highly desirable to cyber criminals, so it’s not surprising that 60% of law firms reported that they suffered a security incident last year (PwC Law Firms’ Survey 2018).

With increased levels of cyber attacks, information security must be a priority. While a cyber criminal or terrorist organisation may be held off by firewalls and intrusion detection systems, these systems cannot manage the intricacies of business relationships or global trade. As such, a security regime focused solely on technology will fail.

Read more about how this new standard can help mitigate risk in your practice over at IT Governance Blog.

Phil Muncaster: Recipe for Disaster as Tech Support Scammers Use Paid Search

Tech support gangs have been spotted using paid search to reel in unsuspecting victims looking for food-related content online, according to Malwarebytes.

The security vendor spotted scammers buying ads for Google and Bing which it said are designed to lure older netizens searching for food recipes.

“This scheme has actually been going on for months and has intensified recently, all the while keeping the same modus operandi,” it said. “Although not overly sophisticated, the threat actors behind it have been able to abuse major ad platforms and hosting providers for several months.”

As paid search entries are displayed at the top of search listings, users are more likely to click through. Doing so took them to specially created food blogs built by the scammers, complete with comments on the various articles.

“However, upon closer inspection, we can see that those sites have basically taken content from various web developer sites offering paid or free HTML templates,” said Malwarebytes.

In the right circumstances, the user is redirected to a browlock, or fake warning page, which is common in tech support scams. It checks for browser and OS and displays a relevant message claiming the user’s machine has been blocked because of a virus alert from Microsoft.

Get the rest of the story at Info-Security Magazine.

DSLreports Multichannel, Broadband, And Telecom News Links

Maine governor signs net neutrality law fresnobee.com
Verizon CTO seeing very little churn so far for 5G Home servicer crwireless.com
T-Mobile Downplays 5G Launch in 6 US Cities, Disguised as New Phone News telecompetitor.com
Comcast Enables Robocall Blocking for Xfinity Mobile multichannel.com
Senate introduces SPECTRUM NOW Act to accelerate the repurposing of spectrum for 5G, specifically by freeing up more midband spectrum multichannel.com
Organizations outside the telecom sector are starting to invest in their own 5G networks, with ramifications for operators and vendors alike lightreading.com
Verizon vs. AT&T vs. Sprint: Guess who’s winning at 5G now cnet.com
FCC ruling gives Verizon approval to lock new phones for 60 days phonearena.com
US companies find legal ways around Trump s Huawei blacklist thestar.com.my

Elsewhere:

Second Florida city pays giant ransom to ransomware gang in a week ZDnet.com reports it’s $500,000

San Francisco takes the final steps toward becoming the first U.S. city to ban vaping product sales is the big story over at TechCrunch.


👍

Help me out be thumbing this up or giving it claps or telling people or sharing it on social media please…and for goodness sake SUBSCRIBE. It’s free after all.


Buy it here.

Politics may be married to technology and big media, but sometimes individuals can make a difference.

Get “The Dirty Deeds Playbook” today for just $2.99 on Kindle or for a few dollars more in paperback.

This satirical field manual uses fools & fanatics to sew chaos in American elections. Tools & techniques, observations & deception I’ve seen in the process over these past few years.


Support this news aggregation service by checking out my website at www.yourtechmoment.com today. Links there show all the places you can listen or watch the free podcast.

Also, find out about my other projects, subscribe to my newsletter and alerts, or buy books, advertise and support this project with some merchandise purchases.

Your Tech Moment™

Commentary on technology, telecom & security in our information age

Weyman Holton

Written by

author of “The Dirty Deeds Playbook” out now in paperback and on Amazon Kindle.

Your Tech Moment™

Commentary on technology, telecom & security in our information age

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade