An anonymous reader quotes a report from Ars Technica: Texas is being sued by a Big Tech lobby group over the state's new law that will require app stores to verify users' ages and impose restrictions on users under 18. "The Texas App Store Accountability Act imposes a broad censorship regime on the entire universe of mobile apps," the Computer & Communications Industry Association (CCIA) said yesterday in a lawsuit (PDF). "In a misguided attempt to protect minors, Texas has decided to require proof of age before anyone with a smartphone or tablet can download an app. Anyone under 18 must obtain parental consent for every app and in-app purchase they try to download -- from ebooks to email to entertainment." The CCIA said in a press release that the law violates the First Amendment by imposing "a sweeping age-verification, parental consent, and compelled speech regime on both app stores and app developers." When app stores determine that a user is under 18, "the law prohibits them from downloading virtually all apps and software programs and from making any in-app purchases unless their parent consents and is given control over the minor's account," the CCIA said. "Minors who are unable to link their accounts with a parent's or guardian's, or who do not receive permission, would be prohibited from accessing app store content." The law requires app developers "to 'age-rate' their content into several subcategories and explain their decision in detail," and "notify app stores in writing every time they improve or modify the functions, features, or user experience of their apps," the group said. The lawsuit says the age-rating system relies on a "vague and unworkable set of age categories." "Our Constitution forbids this," the lawsuit said. "None of our laws require businesses to 'card' people before they can enter bookstores and shopping malls. The First Amendment prohibits such oppressive laws as much in cyberspace as it does in the physical world." The lawsuit was filed in US District Court for the Western District of Texas. CCIA members include Apple and Google, which have both said the law would reduce privacy for app users. The companies recently described their plans to comply, saying they would take steps to minimize the privacy risks.

Read more of this story at Slashdot.

More information has come to light on the cyberattack disclosed this week by F5, including on attribution and potential risks.

The post F5 Hack: Attack Linked to China, BIG-IP Flaws Patched, Governments Issue Alerts  appeared first on SecurityWeek.

Army Lt. Gen. William Hartman, the acting leader of U.S. Cyber Command and the NSA, will not be nominated to take the job permanently, sources told Recorded Future News.

In July, DataBreaches reported that Qantas had obtained a preliminary injunction prohibiting the publication of any customer data stolen from it in a cyberattack by “persons unknown.”  Those defendants were served with the injunction via email and online means. Although Qantas did not reveal who signed the ransom note, ShinyHunters and Scattered Spider didn’t hesitate...

Source

Katherine Sutton most recently served as the chief technology adviser to the commander and director of Pentagon operations at U.S. Cyber Command.

The measure from the House Appropriations Committee would extend the life of the 2015 Cybersecurity Information Sharing Act (CISA 2015) and the State and Local Cybersecurity Grant Program — both of which are slated to expire September 30 — until November 21.

The official's call for a renewal came less than three weeks before the 2015 Cybersecurity Information Sharing Act (CISA 2015), which provides incentives for private entities to voluntarily share digital threat intelligence with the federal government, is due to sunset.

Under the bail conditions, Illia Vitiuk must appear when summoned, report any change of residence, avoid contact with certain individuals and surrender his foreign passports to investigators.

King, a leading voice in the Senate on cybersecurity issues, honed in on the thousands of staffers and experts laid off by CISA, saying the agency has lost 30 percent of its staff and most of its seasoned leaders.

“We've admired the problem for too long, and now it's time to do something about it,” National Cyber Director Sean Cairncross said about the cybersecurity threat environment.

A former information security professor with more than 25 years in the Ukrainian armed forces, Oleksandr Potii is blunt about Moscow’s capabilities: “We see that Russia’s technical level is high and its potential is strong. We cannot underestimate them."

The Cybersecurity and Infrastructure Security Agency announced that Nicholas Andersen has taken over as the executive assistant director for cybersecurity.

The governor added that the state is working with local, tribal and federal partners to restore services, and is “using temporary routing and operational workarounds to maintain public access where it is feasible."

Earlier this month court officials publicly acknowledged recent digital attacks “of a sophisticated and persistent nature on its case management system” had prompted them to boost their online defenses.

The Federal Communications Commission announced Monday it has blocked more than 1,200 voice service providers from having access to the country’s phone network for failing to comply with anti-robocall regulations, marking the agency’s largest enforcement action against companies that facilitate illegal automated calls.

The providers were disconnected after violating FCC rules requiring accurate certifications in the agency’s Robocall Mitigation Database, a system designed to track compliance with caller authentication protocols. The action affects approximately half of the 2,411 companies that received compliance warnings in December 2024.

“Robocalls are an all-too-common frustration — and threat — to Americans (sic) households,” FCC Chairman Brendan Carr  said in a release. “The FCC is doing everything in its power to fight back against these malicious and illegal calls. Providers that fail to do their duty when it comes to stopping these calls have no place in our networks. We’re taking action and we will continue to do so.” 

The removal follows a preliminary warning issued to 185 companies, along with further action from attorneys general dubbed “Operation Robocall Roundup,” which among other things, included sending warning letters to 37 voice providers demanding compliance with federal requirements.

The removals center on the STIR/SHAKEN protocol system, a caller authentication framework that requires telecommunications carriers to verify caller identity before routing calls through networks. The system addresses a core challenge in robocall prevention: tracing calls that traverse multiple carrier networks before reaching consumers.

Providers must certify STIR/SHAKEN implementation on all internet protocol-based network portions and submit robocall mitigation plans to maintain database access. Companies removed can only rejoin with express approval from FCC enforcement bureaus.

The FCC has invested approximately $250 million in STIR/SHAKEN implementation since the system’s 2020 launch, but significant gaps remain. The authentication system functions only on modern Voice Over Internet Protocol (VoIP) networks, leaving older telephone infrastructure vulnerable.

The enforcement action reflects the government’s struggle in defeating the scourge of robocalls. Earlier this year, Federal Trade Commission Chair Andrew Ferguson told Congress that his agency received more than 2 million complaints about unwanted calls in fiscal year 2024, with 1.1 million specifically concerning robocalls.

The FTC has also contacted 31 Voice Over Internet Protocol providers believed responsible for more than 450 distinct robocalling campaigns. Ferguson indicated in testimony that earlier communications resulted in behavioral changes and reduced activity from most contacted providers.

During May congressional testimony, Carr described robocalling as “probably the number one issue” raised by consumers, calling the problem “exceptionally frustrating.” He noted that robocallers have demonstrated adaptability to previous mitigation efforts, often shifting tactics when one avenue is blocked.

Recent actions have established significant penalties for non-compliance. Lingo Telecom, a Texas-based provider, received a $1 million fine for authenticating AI-generated robocalls that targeted New Hampshire primary voters with fake Joe Biden messages. The incident prompted new FCC rules in January tightening STIR/SHAKEN reporting requirements.

While the focus of the action is on bad actors inside the U.S., international robcall operations present ongoing challenges. Many illegal calls originate from overseas locations where U.S. agencies lack direct authority, complicating efforts to pursue bad actors at their source.

You can read the full list of blocked providers here. 

The post FCC removes 1,200 voice providers from telephone networks in major robocall crackdown appeared first on CyberScoop.

Sean Cairncross took his post this week as national cyber director at what many agree is a “pivotal” time for the office, giving him a chance to shape its future role in the bureaucracy, tackle difficult policy issues, shore up industry relations and take on key threats.

The former White House official, Republican National Committee leader and head of a federal foreign aid agency became just the third Senate-confirmed national cyber director at an office (ONCD) that’s only four years old. He’s the first person President Donald Trump has assigned to the position after the legislation establishing it became law at the end of his first term.

Two people — House Homeland Security Chairman Andrew Garbarino, R-N.Y., and Adam Meyers, senior vice president of counter adversary operations at CrowdStrike — specifically used the word “pivotal” to describe this moment for Cairncross and his office, while others said as much in other ways.

“It’s a new organization, and with any new organization, you’ve got to build up the muscle memory of how ONCD fits into the interagency process and what it means to set a unified national cybersecurity agenda, the language the director was using in his nomination hearing,” Nicholas Leiserson, a former assistant national cyber director under President Joe Biden who worked on the legislation to create the office as a Hill staffer, told CyberScoop. “We need to make sure that ONCD is the center of the policymaking apparatus. … That is going to be critical to his success.”

Brian Harrell, a former infrastructure protection official at the Deparment of Homeland Security and the Cybersecurity and Infrastructure Security Agency in Trump’s first term, said that with personnel reductions at CISA and change elsewhere, Cairncross has a big opportunity.

“ONCD must be seen as the air traffic controller on all things cyber moving forward,” he said via email. “Given the agency rebuild happening at CISA, and new leadership at FBI and NSA cyber, now is the time to build influence and patch struggling relationships. Add to this, a private sector that is unsure where to turn to during a crisis … Sean must be seen as a convener and facilitator to get the President the right information to make key decisions.”

On the policy front, Leiserson, now senior vice president for policy at the Institute for Security and Technology, said Cairncross has a great opportunity to work through the thicket of federal cybersecurity regulations and disentangle them in a harmonization effort that began under Biden and has bipartisan support. Some seasoned staffers who worked on the issue then remain in the federal government, Leiserson said.

Garbarino also brought up harmonization in a written statement as an issue he wants to see Cairncross address, along with leading the charge renewing the 2015 threat data sharing law known as the Cybersecurity Information Sharing Act, set to expire next month. Jason Oxman, president of the Information Technology Industry Council, said in a press release congratulating Cairncross that renewal of that law was “essential to help ONCD achieve its cybersecurity mission.”

USTelecom President and CEO Jonathan Spalter said enhancing the government’s relationship with the private sector, a subject Cairncross brought up in his confirmation hearing, was also vital. Dave DeWalt, CEO of NightDragon, a venture capital and advisory firm, said of Cairncross in a statement to CyberScoop: “I know that under his leadership, public-private partnership will continue to strengthen and secure our future.”

Those policy challenges, as well as the challenges of strengthening the national cyber director’s standing within the federal government and fortifying the public-private partnership, go hand-in-hand with the threats Cairncross will have to confront.

“The mission of the Office of the National Cyber Director has never been more critical: advancing a unified, strategic, and forward-leaning approach to the cyber threats facing our increasingly digital society,” Frank Cilluffo, director of the McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University and a former member of the Cyberspace Solarium Commission that recommended that Congress create the office, said in a written statement.

Leiserson said threats like the Chinese hackers known as Salt Typhoon penetrating telecommunications networks surely would be at the forefront of Cairncross’s concerns — a threat Cairncross brought up at his confirmation hearing. Harrell mentioned the looming possibility of a Chinese attack on Taiwan.

Oxman raised the threats to U.S. critical infrastructure and the supply chain. CrowdStrike’s Meyers, in a statement to CyberScoop, said the pivotal moment of Cairncross’s confirmation comes as “threat actors weaponize AI and the threat landscape continues to evolve at machine speed.”

Cairncross comes into the job with far less cybersecurity experience than many who have held federal cyber leadership posts. And he comes in with other potential disadvantages, too. At his nomination hearing, Sen. Elissa Slotkin, D-Mich., pointed to deep budget cuts at CISA, telling Cairncross that “you will oversee the single biggest cut in federal cybersecurity dollars.”

But Leiserson said it was encouraging that Trump’s fiscal 2026 budget proposal would keep funding for the Office of the National Cyber Director pretty level.

There are other reasons to be optimistic about the view from federal leaders on the office, too, some pointed out. Cilluffo noted that the 59-35 vote for Cairncross in the Senate suggested some bipartisan support. Leiserson observed that Cairncross was one of the few nominees to escape the nominee backlog in the Senate before lawmakers went on recess.

As for his relative lack of cyber experience, Cairncross has talked about surrounding himself with the right people, Leiserson said.

“You want the unicorns who are incredibly politically astute and who have very deep cyber knowledge,” he said. “These people are hard to come by. We’ve had real cyber experts on the job. Now we’ve got someone who … is going to have an easy time navigating the West Wing. That is a skill set that is vital for running a White House organization, and shouldn’t be discounted.”

The post New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats appeared first on CyberScoop.

The Click Here podcast talked with DEF CON and Black Hat founder Jeff Moss ahead of this year's events in Las Vegas.

The Senate voted 59-35 to place Republican Party insider Sean Cairncross atop the Office of the National Cyber Director, which plays a pivotal role in dictating policy and bolstering U.S. cybersecurity efforts.

Prime Minister Donald Tusk said the suspects were allegedly recruited to conduct attacks aimed at destabilizing the country.

HISTORY By Ed Tittel Back in the early 1980s, standardized networking technology was still years off. During that period, I had to learn and work with AppleTalk, NetBEUI/NetBIOS, DECnet, IBM/SNA, IPX/SPX, OSI and — of course — TCP/IP. At one point, I could give you reasons why one might — or might not — choose […]