Infosec in brief US Congress nearly killed a reauthorization of FISA Section 702 last week over concerns that it would continue to allow warrantless surveillance of Americans, but an amendment to require a warrant failed to pass.
Section 702 of the Foreign Intelligence Surveillance Act has long been contentious for its provisions which indirectly allow surveillance of US citizens without a warrant.
That's why a group of Republican holdouts joined Democrats in the House this week to block a floor vote on the bill to reauthorize the measure.
The sticking point was that FISA Section 702 only technically authorizes the US to spy on foreigners overseas considered a threat, but if those foreigners communicate with US citizens, then those citizens' electronic communications can also be used for intelligence gathering.
After an amendment was proposed Friday morning, the holdouts fell in line - sending the Section 702 renewal bill to the House floor for a full vote.
The full bill to reauthorize Section 702 surveillance - which was rushed through the House to prevent it from lapsing on April 19 - later passed the House with bipartisan support despite all the clamoring to end warrantless surveillance.
Dutch chipmaker Nexperia admitted Friday that its IT systems were attacked in March, but offered few details as to the extent of the attack.
CVSS 9.8 - Multiple CVEs: Juniper Networks has patched Junos OS versions prior to 23.4R1-S1, 23.4R2 and Junos OS Evolved to resolve multiple vulnerabilities in its cURL implementation.
CVSS 9.8 - Multiple CVEs: Juniper Networks has resolved a number of vulnerabilities in Junos cRPD versions prior to 23.4R1, several of which are critical.
CVSS 9.8 - Multiple CVEs: Juniper Networks has resolved a number of issues in its Cloud Native Router versions prior to 23.4, several of which are critical.
CVSS 9.8 - Multiple CVEs: Siemens Scalance W1750D access points contain several vulnerabilities allowing for classic buffer overflow.
CVSS 9.4 - A single CVE for FortiClientLinux version 7.0 and 7.2 that would expose a user visiting a malicious website to an improper control of generation of code attack.
CVSS 8.8 - Multiple CVEs: Siemens TeleControl Server Basic V3 contains a bunch of vulnerabilities related to inadequate encryption.
CVSS 8.7 - CVE-2024-2424: Rockwell Automation 5015-AENFTXDT ethernet adapters contain an input validation vulnerability that could be used to crash devices.
CVSS 8.6 - CVE-2024-3313: SUBNET's PowerSYSTEM Server and Substation Server 2021 contain vulnerabilities in third-party components that could allow DoS, RCE, and privilege escalation.
CVSS 8.2 - Multiple CVEs: Siemens RUGGEDCOM APE1808 application hosting platform contains a number of vulnerabilities that can allow various issues.
The US Cybersecurity and Infrastructure Security Agency released an update to its malware analysis system this week that allows anyone to submit malware samples or fishy files for analysis.
While anyone can submit content for analysis, CISA said only authorized and registered users will receive analytics in return - so no checking your home-brewed malware to see if it's tough to detect.
Malware Next-Gen can be accessed on the web from CISA's website.
On Friday CISA also issued an attack alert about data analytics biz Sisense, and admins have been scrambling over the weekend to reconfigure their systems.
This Cyber News was published on go.theregister.com. Publication date: Mon, 15 Apr 2024 02:28:03 +0000