Biden Puts $10 Billion for Cybersecurity, IT in Rescue Package
Pentagon puts Xiaomi on the bad list, Classiscam makes its way to Europe, Apple removes controversial list from MacOS, Cisco issues fixes for more than 67 flaws, NSA warns of DoH's downside, more
For you newcomers, welcome to Metacurity. Please consider becoming a premium subscriber to support our work and gain access to our archives and special content. Thank you!
In his sweeping COVID-19 legislative proposal called American Rescue Package, President-elect Joe Biden includes more than $10 billion in funding to boost the nation’s cybersecurity and information technology.
On the heels of the recently revealed massive SolarWinds’ infiltration of American networks by likely Russian threat actors, Biden said that the new investment in IT and cybersecurity is “an urgent national security issue that cannot wait.” (Maggie Miller / The Hill)
Related: Axios, The Sun, Bloomberg Law, FCW
Chinese smartphone and consumer electronics giant Xiaomi was added to a Department of Defense list of companies that support China’s military as perhaps the last Chinese tech target of the Trump Administration.
Unlike Huawei and other Chinese telecom tech giants, accused by the administration of spying on behalf of the Beijing government, Xiaomi has not been placed on the Commerce Department’s entities list, which bars Chinese companies from buying American technology. (Chong Koh Ping / Wall Street Journal)
Related: ZDNet Security, The Next Web, Digital Journal, CNBC Technology, GSMArena.com - Latest articles, Gadgets Now, Pocketnow, TechNode, Guru3D.com, channelnews, iPhone Hacks, MediaNama, Android Central, TechDator, Kr-Asia, Defense.gov
Researchers at Group-IB say that an e-commerce “scam-as-a-service” operation called Classiscam, which has been tested in Russia, is making its way to European countries.
At least 40 active groups are using the scam packages, which entail placing ads for unbelievably low-cost popular products on marketplaces and classified websites and diverting potential buyers via messaging channels such as WhatsApp to fraudulent payment pages. (Phil Muncaster / Infosecurity Magazine)
Related: TechNadu, SecurityWeek, CyberNews, Online Threat Alerts (OTA, Reddit - cybersecurity, Bleeping Computer, ZDNet
Researchers at ESET discovered an ongoing surveillance campaign dubbed Operation Spalax directed against Colombian government offices and private companies in the energy and metallurgical industries.
The attacks, which began in 2020, are similar to those launched by another APT group targeting the country since April 2018. (Ravie Lakshmanan / The Hacker News)
Related: Security Magazine, We Live Security
Apple has removed a controversial feature called ContentFilterExclusionList from the macOS operating system that allowed 53 of Apple's own apps to bypass third-party firewalls, security tools, and VPN apps installed by users for their protection.
The list was included in macOS 11, also known as Big Sur, and was widely panned by security researchers and privacy experts when it was introduced. (Catalin Cimpanu / ZDNet)
Related: Techradar, Techradar, 9to5Mac, The Mac Observer, Reddit - cybersecurity, 9to5Mac, Slashdot
Indian cybersecurity company Quick Heal said it would invest $2 million into Israel-based cybersecurity start-up L7 Defense, which specializes in application program interface (API) security and next-generation web application firewall (NG-WAF).
Quick Heal invested $300,000 in L7 Defense last year. (Abhijit Ahaskar / Mint)
Related:ETTelecom.com, Business Standard, Economic Times, DealStreetAsia
@Metacurity/Top Infosec Journalists / Twitter
Cisco pushed out several patches to address more than 67 vulnerabilities affecting small business routers, including a high-severity flaw in Cisco’s Smart Wi-Fi solution.
Other flaws were found in Cisco’s AnyConnect Secure Mobility Client and Cisco RV110W, RV130, RV130W, and RV215W small business routers. (Lindsey O’Donnell / Threatpost)
Related: SecurityWeek, Security Affairs
The National Security Agency (NSA) issued a warning about the downside of DNS-over-HTTPS (DoH), encrypted DNS protocols that have become popular over the past few years.
The agency says that DoH does not fully prevent threat actors from seeing users’ traffic and that it can be used to bypass many security tools that rely on sniffing classic (plaintext) DNS traffic to detect threats. (Catalin Cimpanu / ZDNet)
Related: Bleeping Computer, NSA
A bug in Amazon-owned video surveillance company Ring’s service exposed the precise locations and home addresses of users who had posted to the Neighbors app.
Neighbors allows users to alert nearby residents to crime and public safety issues anonymously. Ring said it fixed the issue. (Zack Whittaker / TechCrunch)
Cybersecurity Stock Status Report
This past week has been a relatively calm - and flat -week for cybersecurity stocks, according to Metacurity’s stock index. According to our index of the top publicly traded cybersecurity companies, as of yesterday, stocks ticked up to 203.00 (the index started on 10/10/19 at 100), basically up slightly from last Friday’s close of 201.45.
Photo by Louis Velazquez on Unsplash
1 |