Top of The Cyber News

Hackers Stole a Border Agency Database of Traveler Photos

US Customs and Border Protection (CBP) has acknowledged that hackers broke into the IT systems of a third party contractor and stole photos of people and images of license plates. CBP uses cameras and video recordings at airports and at land border crossings. CBP said that it learned of the breach in late May; the contractor, who has not been identified, had copied the images to its own network, which was then breached.

Read more in:
: Hackers Stole a Border Agency Database of Traveler Photos

Voting Machine Vendor Urges Mandated Paper Trails

In an Op-Ed piece in Roll Call, Election Systems & Software CEO Tom Burt called on Congress to pass legislation requiring paper trails for all voters. The company said it would no longer sell paperless voting machines “as primary voting devices.” ES&S also asked Congress to require that voting machines be tested by third-party researchers and noted that there us a “need for the establishment of standards for machine penetration testing.”

Read more in:
: The Cybersecurity 202: Even a voting machine company is pushing for election security legislation

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

Microsoft has warned of a spam campaign that uses maliciously-crafted RTF documents. Once the documents have been opened, they infect computers with no additional user interaction. The spam email is being sent in several different European languages. The malicious documents exploit a known vulnerability for which Microsoft released a patch in November 2017.

Read more in:
: Microsoft Warns of Email Attacks Executing Code Using an Old Bug
– Microsoft warns about email spam campaign abusing Office vulnerability

GAO Audit Finds TSA Pipeline Security Plans Need to be Updated

An audit conducted by the US Government Accountability Office (GAO) found that the Transportation Security Administration (TSA) which is responsible for monitoring and securing the country’s oil and gas pipelines, lacks current, adequate plans for responding to security incidents. The TSA’s Pipeline Security and Incident Recovery Protocol Plan, which assigns responsibilities for federal agencies and the private sector in the event of a pipeline security event, was last updated in 2010. A similar plan, an agreement between TSA and the Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA), has not been updated since 2006.

Read more in:
: Current pipeline security plans weak on cybersecurity, coordination

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.