| | | | | |  | | By Tim Starks | With help from Eric Geller, Martin Matishak and Alexandra S. Levine Programming announcement: Our newsletters are evolving. Morning Cybersecurity will continue to publish daily for POLITICO Pro subscribers, but will publish once weekly for other readers starting on July 13. There will be no changes to the policy newsletters available to POLITICO Pro subscribers. To continue to receive Morning Cybersecurity daily, as well as access POLITICO Pro's full suite of policy tools and trackers, get in touch about a Pro subscription. Already a Pro subscriber? Learn more here.
| | | — A leader of the Cyberspace Solarium Commission has filed nearly 20 amendments to the annual defense policy bill in a bid this week to get the panel's recommendations enacted. — A Democratic lawmaker wants to get to the bottom of John Bolton's allegations that the president didn't care about the national security implications of Chinese telecoms in 5G networks, and was using them to aid his reelection chances. — Hackers are increasingly targeting remote access with brute force attacks during the pandemic, a cybersecurity firm found. HAPPY MONDAY and welcome to Morning Cybersecurity! As excited as your MC host was about the prospect of the NBA returning in July, doubt always lingered about whether it could or should happen. Now, they're at the forefront. Send your thoughts, feedback and especially tips to mmatishak@politico.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below. | | | SPACE FOR CYBER? — Cyberspace Solarium Commission Co-chair Angus King (I-Maine) this week will push the Senate to adopt some of the panel's biggest recommendations. The 18 amendments he filed last week to the fiscal 2021 defense authorization bill (S. 4049 ) include modifications that would create a Bureau of Cyber Statistics; designate a set term for the director of CISA; require cybersecurity risk reports from publicly traded companies; authorize the executive branch to declare a state of cyber distress; and propose a "sense of the Senate" that it should establish a "Select Committee of the Senate on Cyber." The Senate defense policy bill already includes some of what the Solarium Commission sought, although it didn't embrace the most prominent commission recommendation to create a Senate-confirmed national cyber director. (King didn't file an amendment on the director proposal; the Armed Services Committee indicated it wanted more information on the recommendation before incorporating it.) The underlying measure — which Armed Services Chair Jim Inhofe (R-Okla.) wants to wrap up before the July 4 break — also contains a bevy of cyber provisions beyond the Solarium recommendations. The House has been teasing out some of the cyber language in its NDAA as well. | | | | Get the free POLITICO news app for the critical updates you need. Breaking news, analysis, videos, and podcasts, right at your fingertips. Download for iOS and Android. | | | WILBUR, CALL YOUR OFFICE — Rep. Raja Krishnamoorthi (D-Ill.) on Friday pressed the Commerce Department for details about allegations by former national security adviser John Bolton that President Donald Trump dismissed national security concerns about Chinese telecom giants ZTE and Huawei. "We are writing today to understand if the president's actions with regards to ZTE and Huawei were based on [reelection] criteria, and were in fact influenced by his 'reelection calculations,' rather than the economic and national security interests" of the United States, Krishnamoorthi, a member of the House Oversight and Intelligence committees, wrote in a letter to Commerce Secretary Wilbur Ross. In his book, Bolton wrote that Trump viewed concerns raised by his advisers about the firms being national security threats as "an opportunity to make personal gestures to" Chinese President Xi Jinping. "In 2018, for example, he reversed penalties that Ross and the Commerce Department had imposed on ZTE," Bolton wrote in his memoir, "The Room Where it Happened." Krishnamoorthi asked Ross to respond by July 6 to a series of questions about the administration's policy decisions regarding each company, including whether Commerce followed up with the White House about potential leniency on Huawei. BRUTE-AL — ESET has seen a big uptick during the pandemic in the daily number of brute force attacks on the Microsoft-developed Remote Desktop Protocol, which allows access to remote computers, it said in a blog post today. In early December, there were about 30,000 daily that ESET detected, but at times during the pandemic the number has risen above 100,000, the company said. From January to May, the U.S., China, Russia, Germany and France sat atop the list of countries with the highest number of internet protocols used for the attacks, ESET found. | | | |  | | | NOT QUITE A JACKPOT, BUT STILL — Not all financial cybercrime happens through phishing emails and wire transfers; ATMs and point-of-sale computers remain potential vectors for in-person manipulation, and in some cases, faulty drivers are to blame. Eclypsium, which has disclosed driver flaws in the past, published a report today examining driver issues in Diebold Nixdorf ATMs. After poking around inside the ATM's computer, "we found that the driver was providing arbitrary access to x86 I/O ports on the system," Eclypsium researchers wrote. Hackers with I/O port access could potentially gain arbitrary PCI access, letting them intercept and modify data moving between internal components. The same vulnerable driver is used for updating the computer's BIOS, making it an entry point for malicious firmware installation. Diebold Nixdorf issued a patch for the flawed driver after working with Eclypsium, and the research firm pointed out that this driver problem exposed "far fewer capabilities" than the others that it has analyzed. Even so, the company described the issue as "just the tip of the iceberg in terms of what malicious drivers are capable of" and said that similar flaws "could have a devastating impact" on financial terminals such as ATMs. "Given that many of the drivers in these devices have not been closely analyzed," the researchers wrote, "they are likely to contain undiscovered vulnerabilities." TWO GREAT TASTES — The Cyber Threat Alliance and Center for Internet Security (which runs the Multi-State and Election Infrastructure information sharing and analysis centers) have struck an agreement to cooperate on threat intel, coordinate during emergencies and collaborate on exercises. Under the deal, the two organizations will coordinate on threat info in areas of mutual interest when relevant and appropriate, they announced today. Both organizations are on a bit of a collaboration spree. | | | | TOMORROW AT 1 p.m. EDT - A POLITICO TOWN HALL: AMERICA AT A TIPPING POINT: The killing of George Floyd sparked demonstrations against police brutality and racial injustice around the world. One month later, join POLITICO Live for a town hall to reflect on the past and reckon with what is next to come. Featured guests include Julián Castro, former secretary of HUD and Democratic presidential candidate; Vanita Gupta, president and chief executive of the Leadership Conference on Civil and Human Rights; Rashad Robinson, civil rights leader and president of Color of Change; and Rep. Karen Bass (D-Calif.), chair of the Congressional Black Caucus. Additional guests TBA. REGISTER HERE. | | | | | | | | NOT A SHINING DAY FOR RUSSIAN CYBERCRIMINALS — A U.S. judge on Friday sentenced Russian national Aleksei Burkov to nine years in prison for operating a website that sold payment card numbers and another website for cybercriminals to advertise stolen goods. Authorities estimate that Burkov's "Cardplanet" resulted in more than $20 million fraudulent purchases using U.S. credit cards. Burkov, who pleaded guilty, faced up to 15 years in prison and will receive credit for time served. Friday also brought the announcement that another Russian national, Sergey Medvedev, pleaded guilty for his role in a cybercrime organization that authorities said was responsible for more than $568 million in losses. SENATE LETTER ON FOREIGN INTERFERENCE — From our friends at Morning Tech: More than a dozen Democratic senators are calling on the federal agencies tasked with fighting foreign interference and disinformation to ramp up their efforts. In a letter Friday to the leaders of the FBI, DoD, DHS and others, the senators urged them "to take additional measures to fight influence campaigns aimed at disenfranchising voters, especially voters of color, ahead of the 2020 election," they wrote, warning of the unprecedented ways the novel coronavirus has complicated voting procedures and the new disinformation threats that presents. "As our country grapples with systemic racism and inequality, we cannot allow foreign adversaries to further divide our country and undermine our democracy." Oh, and by the way, we're only about four months out from the election. The senators urge the agencies to be fully transparent during this final stretch about meddling efforts by foreign adversaries, including quickly communicating interference attempts and election-related disinformation activities to the American public, political candidates, members of Congress, researchers and civil society organizations. They also ask National Intelligence Director John Ratcliffe and Defense Secretary Mark Esper to "implement a social media information sharing and analysis center (ISAC) to detect and counter information warfare campaigns across social media platforms." TWEET OF THE WEEKEND — The sweeter side of… botnets? RECENTLY ON PRO CYBERSECURITY — Canadian Prime Minister Justin Trudeau said he never talked with his former U.S. ambassador, David McNaughton, about Palantir , which McNaughton joined last year and whose interactions with senior government officials are now the subject of an ethics investigation. … Workplace coronavirus tracking tech is raising privacy fears. … A manager's amendment to the House infrastructure bill (H.R. 2) would ban TSA employees from using TikTok on government computers. | | | | WINNERS PLAY THE LONG GAME : With so much going on in the present, it is more important than ever to look ahead to how society will thrive in the future. "The Long Game" is a newsletter designed for executives, investors and policymakers leading that conversation. Engage with the sharpest minds on our biggest challenges, from pandemics to environmental justice, climate change to renewable energy, inequality and the future of work. Subscribe today for a nuanced look at these issues and possible solutions. Subscribe today. | | | | | | | | — Texas Tribune: The U.S. Supreme Court turned back an effort by Texas Democrats to expand vote-by-mail. — Trend Micro: Local government services are being targeted by Magecart skimming attacks. — Lawfare: Is it a good idea for the European Union to levy sanctions against Russia over the Bundestag hack? — The U.S. Chess Federation became a vessel for hackers. — ZDNet: Indirect dependencies are largely to blame for security vulnerabilities in open-source projects. — ZDNet: " Adobe, Mastercard, Visa warn online store owners of Magento 1.x EOL." — Krebs on Security: DOJ charged two men over the Satori internet of things botnet, and another got sentenced. — Proofpoint: Email-based ransomware attacks are on the rise, with a twist.
That's all for today. Stay in touch with the whole team: Eric Geller (egeller@politico.com, @ericgeller); Bob King (bking@politico.com, @bkingdc); Martin Matishak (mmatishak@politico.com, @martinmatishak); Tim Starks (tstarks@politico.com, @timstarks); and Heidi Vogt (hvogt@politico.com, @heidivogt). | | | | Follow us on Twitter | | | | Follow us | | | | |
اللباس التقليدي الحضرمي للرجال مرحبا بكم في سلسلة اللباس التقليدي الحضرمي .. لنتعرف معا على تراثنا ...وربما أن بعض هذه الملابس لم تعد مس...
شغل الشاعر سعيد فرج باحريز رحمه الله الناس في المكلا وحضرموت عموماً باشعاره التي كانت لها مدلولات عميقة وثاقبة ومعانٍ بليغة وحكيم...
