Top Biden cyber official: SolarWinds breach could turn from spying to destruction in a moment Jenna McLaughlin
WASHINGTON President Biden’s top cybersecurity adviser says the “likely Russian” hackers who breached the popular IT monitoring software SolarWinds could use their access to “degrade” or “destroy” networks rather than simply spy on them “in a moment.”
Speaking Wednesday evening during a digital panel discussion hosted by the Council on Foreign Relations, Anne Neuberger, the deputy national security adviser on cyber and emerging technology on the National Security Council, said, “Even if it’s routine espionage,” the action is “still counter to our interests” and requires the U.S. government to find ways to force the perpetrators to reconsider their actions in the future. “How do we change our attackers’ calculus to make them think about those hacks they may be doing?”
In March 2021, the FBI and CISA observed advanced persistent threat (APT) attackers scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379 in FortiOS. They also noticed attackers scanning enumerated devices for CVE-2020-12812 and CVE-2019-5591. Officials believe attackers are attempting to access multiple government, commercial, and technology services networks. The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks, the full advisory states.
APT groups have historically exploited critical vulnerabilities to launch distributed denial-of-service attacks, ransomware campaigns, SQL injection attacks, spear-phishing campaigns, website defacements, and disinformation attacks, officials note.
Lt. Gov. Dan Patrick calls critics of voter integrity bill nest of liars Christian Flores
Replay Video UP NEXT
On Tuesday, Lieutenant Gov. Dan Patrick held a press conference to discuss the Texas Senate s passage of SB 7, which includes sweeping restrictions to voting in the state.
At times, Patrick was very vocally combative, more or less berating Democrats and even members of the media, at times yelling when trying to refute claims SB 7 is voter suppression. I m responding to the lies and misrepresentations about Senate Bill 7. The left, the Democrats, many in the media - some in this room maybe, across the state, across the country in the media - have changed the words, sadly, from voter security to voter suppression or voter restriction, Patrick said. When you suggest we’re trying to suppress the vote, you are - in essence, between the lines - calling us racist, and that will not stand.
The Cybersecurity 202: A massive Facebook breach underscores limits to current data breach notification laws Tonya Riley
with Aaron Schaffer Lawmakers and privacy experts are slamming Facebook for its handling of a leak of more than 500 million users personal information that was posted online for free. The stolen data, first spotted by cybercrime intelligence firm Hudson Rock, stems from a 2019 vulnerability the company fixed at the time, a Facebook spokesperson said. No data from after the vulnerability was fixed is included, the spokesperson added. But the company doesn t appear to have notified users about the attack in 2019 or since the massive data set appeared online free late last month. Facebook declined to answer if it had ever informed affected users of the breach.
Origin
In April 2021, Major League Baseball (MLB) announced that it was moving the upcoming All-Star Game out of Georgia in response to the state’s new restrictive voter law and would instead be hosting the game at Coors Field in Denver, Colorado. Shortly after this news broke, political pundits started posting messages comparing the voter laws in Denver to Georgia’s new voter law.
The National Review, for instance, wrote:
Another funny way of showing your concern for alleged “voting restrictions” is by moving the All-Star Game to a state that in many ways has voting laws at least as stringent as Georgia’s. To vote in Colorado, a person needs photo identification, just as they do at the will-call window at Coors Field.