Tag: bills | SpinSafe

Ransomware, economic accelerator and patent box bills lapse

April 12, 2022/in Internet Security

Legislation introducing a ransomware penalties regime, a $1.6 billion economic accelerator and the long-awaited patent box are among the bills which have now lapsed after failing to be passed before the announcement of the May federal election.

A number of tech-focused bills remained in Parliament upon Prime Minister Scott Morrison calling the election for 21 May over the weekend, meaning they have lapsed and will have to be introduced by the new government.

These include the federal government’s ransomware bill, which would have introduced tougher penalties for ransomware criminals and mandatory incident reporting for larger businesses subject to an attack.

These reforms were announced in mid-October, but the bill never made it past the lower house.

Legislation launching the $1.6 billion Australian Economic Accelerator, announced as part of the commercialisation package in February, has also lapsed. The accelerator will issue grants to support arrangements to increase industry-led study and post-graduate research, and to assist universities to undertake research.

The accelerator will function as a three stage program aiming to transform early-stage research into viable businesses.

The Coalition also failed to pass legislation launching a patent box after first announcing the scheme in last year’s May budget. The patent box would have initially only applied to the medical technology and biotech industries, offering tax breaks on IP commercialised in Australia.

While this legislation has now lapsed, the government did announce a series of updates to the scheme in this year’s budget, including to expand it to the agricultural and low-emissions technology industries.

The government had also been attempting to cap the amount the Medical Research Future Fund can disburse each year, but legislation facilitating this has now lapsed.

Under the Coalition’s plan, the fund would be limited to disbursing $650 million annually from 2022-23, down from the $1.2 billion withdrawn in 2020-21.

This plan had been slammed by the Opposition, which said it would “undermine medical research”.

A bill which would allow business communication documents to be signed or…

Source…

House Passes Cyber Literacy, Mobile Security, 6G Study Bills – MeriTalk

December 2, 2021/in Mobile Security

The House of Representatives on Dec. 1 approved a pair of cybersecurity bills, along with a bill that would create a task force to study the future of 6G wireless technologies.

All three bills passed by large bipartisan margins on motions to suspend the rules for their passage.

The cybersecurity bills would look to boost the nation’s cybersecurity literacy, and get more information on the current cybersecurity of mobile networks.

The trio of bills all made their way to full House passage, after being approved by the House Energy and Commerce Committee in July.

Cyber Literacy and Mobile Network Visibility

The House passed the American Cybersecurity Literacy Act and the Understanding Cybersecurity of Mobile Networks Act by margins of 408-17 and 404-19, respectively, signaling broad support for the pair of bills.

The American Cybersecurity Literacy Act would establish a national cybersecurity literacy campaign to help citizens understand how to mitigate cyber risks by teaching them how to identify phishing attempts, the benefits of changing passwords, using multi-factor authentication, and more.

Meanwhile, the Understanding Cybersecurity of Mobile Networks Act directs the Assistant Secretary of Commerce for Communications and Information to submit a report to Congress on the current cybersecurity of mobile networks and any vulnerabilities.

“Offensive cyber operations conducted by America’s adversaries and cyber criminals are growing more prevalent and more sophisticated by the day,” Rep. Adam Kinzinger, D-Ill., sponsor of the American Cybersecurity Literacy Act and original co-sponsor for the Understanding Cybersecurity of Mobile Networks Act, said in a release.

“More must be done to push back, and I’m pleased to see two of my bipartisan cybersecurity bills pass the House with overwhelming support today,” Rep. Kinzinger added. “Taken together, these bills will strengthen our cyber posture by educating the public about best practices to keep them more secure, and by identifying vulnerabilities in our mobile telecommunications networks and infrastructure.”

FUTURE Networks Act

The Future Uses of Technology Upholding Reliable and Enhanced (FUTURE) Networks Act would…

Source…

We’ll drop SBOMs on UK.gov to solve Telecoms Security Bill’s technical demands, beams Cisco • The Register

August 10, 2021/in Internet Security

Britain’s Telecoms Security Bill will be accompanied by a detailed code of practice containing 70 specific security requirements for telcos and their suppliers to meet, The Register can reveal.

The Telecom Security Bill (TSB), which is near the end of its journey through Parliament, has been rather unpopular with some ISPs who have previously complained about the high cost of compliance.

Introduced as part of 2019-20’s “ban Huawei immediately” panic, the bill includes provision for £100k-a-day fines.

Now El Reg can reveal more about the detailed requirements due to be imposed on the industry, thanks to Cisco publishing a detailed paper [PDF] explaining how it already complies with UK.gov and National Cyber Security Centre requirements. That paper is a response to a document called the Vendor Annex, an NCSC-authored technical bolt-on to the main bill.

“We expect that the way it will work is there will be some expectation that the operators will be obliged to do much more scrutiny when they go through their procurement exercises with telco vendors,” Cisco’s UK&I national cybersecurity advisor, Mark Jackson, told The Register.

Jackson added that many of the requirements in the bill and the Vendor Annex could be satisfied through provision of a software bill of materials (SBOM), though that specific term isn’t mentioned. SBOMs as a security management concept have come in for some criticism recently because they could create the illusion that picking (for example) one specific software library and saying “job done, it’s secure” doesn’t set the expectation that the library will need updating in future.

This kind of problem was endemic in Huawei’s mobile network equipment firmware, as NCSC’s Huawei examination cell revealed in 2019. The Chinese firm was, among other things, using “70 full copies of 4 different OpenSSL versions” which contained 10 “publicly disclosed” vulns, some “dating back to 2006”.

Referring to the…

Source…

Scammers are using fake antivirus bills to hack your computer

April 10, 2021/in Computer Security

Email security firm Vade Secure uncovered an ongoing tech-support scam that uses fake antivirus invoices to trick users into enabling remote access to their computers.

The news is the latest in a surge in the number of tech-support scams that begin by circulating fake invoices for well-known security software, with Malwarebytes sharing details about one such incidient recently.

This new scam targets users with fake antivirus renewal invoices from popular vendors such as McAfee, Norton, and Microsoft, luring victims into handing over their personal details.

TechRadar needs you!

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Push into panic

As usual the emails are designed to catch the attention of the potential victims by threatening to auto-charge their cards for the software renewals unless they call to cancel the subscription.

When they do, the scamsters will sweet talk them into installing various remote access software to allow the threat actors to take over the victim’s computer to install malware or for other nefarious purposes.

Vade caught on to the new scam due to its sheer volume. Speaking with BleepingComputer, Vade’s Regional SOC Manager Nicolas Joffre shared that the company has filtered over a million emails of this new scam since it started targeting its customers in March.

BleepingComputer engaged with one of the scammers by pretending to have received one of the renewal invoices. They were walked through downloading AnyDesk remote access software and instructed to configure it for unattended access.

The scammers then transferred a disguised batch script to scare them into thinking their computer was infected, while they collected personal information and continued to install additional software, such as TeamViewer in the background.

Joffre believes that the personal information is hawked to other threat actors, while the remote access software will help enlist the device into the threat actor’s spam botnet.

Via: BleepingComputer

Source…

Tag Archive for: bills