This week Axios reported that Australia had gone “full tilt” toward a new encryption bill, passing a modified version after the attorney general and his opposition shadow came to an agreement. The bill gives law enforcement the ability to compel tech firms to circumvent encryption in their products to aid law enforcement. Australia is a member of the Five Eyes alliance along with the U.S., U.K., Canada and New Zealand, and the bill is seen by many as a stepping stone toward new encryption laws in other nations.
Back in Washington, officials warned that companies and government officials should prepare for a backlash against U.S. companies and be ready to “truth squad” any charges those companies were spying on behalf of the U.S. government, reported the Washington Post.
Meanwhile, The Hill reported that two lawmakers, Reps. Jim Langevin (D-R.I.) and Glenn Thompson (R-Pa.), who serve as co-chairmen of the Congressional Career and Technical Education Caucus, had introduced bipartisan legislation to promote cybersecurity education. If passed, the bill would create a grant program at the Department of Education to add cybersecurity into career and technical education curriculums.
Following last week’s Marriott breach news, ZDNet reported that Marriott planned to reimburse some guests for new passports. A Marriott spokesperson said the hotel chain is working on a way to reimburse some users for the costs of getting new passports if they’re one of the persons whose data was leaked in last week’s massive breach.
In other breach news, CNN reported that Quora was the latest victim of cyber attack. Late Monday the question and answer website alerted users that hackers gained access to the personal data of as many as 100 million of its users. The breach included usernames, email addresses and encrypted passwords as well as data from social networks like Facebook and Twitter if people chose to link them to their Quora accounts.
SC Magazine reported that researchers at ESET had discovered the DanaBot banking trojan operators had been expanding the malware’s scope and possibly cooperating with another criminal group. In a blog post ESET researchers wrote: “This is the first time we have seen indicators of DanaBot distributing other malware. Until now, DanaBot has been believed to be operated by a single, closed group. The behavior is also new for GootKit, which has been described as a privately held tool, not sold on underground forums, and also operated by a closed group.”
Finally, the TSA this week released a cybersecurity roadmap aimed at helping prioritize cybersecurity measures within the agency and potentially across airports and other systems in the transportation sector. NextGov reports that the roadmap puts the agency on a path to ensure critical cyber and physical dangers to the transportation infrastructure are addressed.
That’s all for this week’s edition of Bug Bytes. Tune in next week for another recap of the week’s cyber security news.