Overnight Cybersecurity: New Bluetooth vulnerability | State AG to sue Equifax | Senate panel weighs hearing on Russian social media meddling

Overnight Cybersecurity: New Bluetooth vulnerability | State AG to sue Equifax | Senate panel weighs hearing on Russian social media meddling
© Think Stock

Welcome to OVERNIGHT CYBERSECURITY, your daily rundown of the biggest news in the world of hacking and data privacy. We're here to connect the dots as leaders in government, policy and industry try to counter the rise in cyber threats. What lies ahead for Congress, the administration and the latest company under siege? Whether you're a consumer, a techie or a D.C. lifer, we're here to give you ...



--BILLIONS VULNERABLE TO BLUETOOTH BUNGLE:  A newly discovered suite of security vulnerabilities in Bluetooth devices gives attackers the ability to take over any system that has its wireless protocol turned on. The vulnerabilities, discovered by the cybersecurity firm Armis and nicknamed "Blueborne," can allow an attacker to install malware on systems or steal credentials. The attack is especially potent because it doesn't require a user to click on a file or agree to an installation. Since the attacks are wireless, malware taking advantage of Blueborne could spread from device to device. That worst-case scenario would see the malware rapidly overtake all vulnerable systems and spread as users with infected phones move from place to place. Bluetooth is used on phones, computers and other devices. Different devices are affected by different sets of vulnerabilities encapsulated by Blueborne. Google released a patch for Android devices last Tuesday while Linux issued a fix one week later. Current Apple operating systems are not vulnerable to the attack, but older iOS systems are. Microsoft patched the problem in July for supported versions of Windows.

To read the rest of our piece, click here.



--MASSACHUSETTS AG TO SUE: Massachusetts's attorney general said Tuesday that the state would sue credit-reporting firm Equifax over a data breach disclosed last week that affected as many as 143 million Americans.  The office of Attorney General Maura Healey said that an investigation initiated last week revealed that the breach exposed personal information on potentially 3 million Massachusetts residents. "In all of our years investigating data breaches, this may be the most brazen failure to protect consumer data we have ever seen," Healey said in a statement Tuesday afternoon. "My office is acting as quickly as possible to hold Equifax accountable for the risks that millions of consumers now face."

To read the rest of our piece, click here.


--DEMS SEEK ANSWERS FROM EQUIFAX CEO: Democrats on the House Energy and Commerce Committee are demanding answers from the CEO of Equifax about the company's data breach that may affect as many as 143 million people. All 24 minority members of the committee signed a letter to the Equifax executive, Richard Smith, calling on him to come forward with more information about his handling of the crisis. "We are writing with serious concerns about the immense scale of this data breach, and we have a number of questions about whether Equifax took appropriate steps to safeguard the personal information of consumers," the letter reads. "We also have concerns about the amount of time it took for Equifax to notify the public of the breach and about the way Equifax is providing information to consumers."

To read the rest of our piece click here.

TIME FOR NEW REGULATIONS? In an opinion piece on The Hill, University of Houston Professors Chris Bronk and Wm. Arthur Conklin argue it is time for lawmakers to step in: "In Europe, many of the practices which Equifax and other data brokers 'make piles of money' from are simply not allowed. Since 1995, the European Union Data Protection Directive has served to inform EU citizens as to how their personal data are collected, processed, disseminated, and protected. This law was recently updated and will go into effect next year. There is no similar law in the US. We don't even have a uniform data breach notification law. Lawmakers should consider investigating and possibly banning data brokering by the credit bureaus."

To read the rest of our piece, click here.




President TrumpDonald John TrumpTrump renews attacks against Tester over VA nominee on eve of Montana rally Trump submits 2017 federal income tax returns Corker: Trump administration 'clamped down' on Saudi intel, canceled briefing MORE HASN'T SENT PORTRAITS TO HANG AT FEDERAL AGENCIES. Total anarchy.



--FEINSTEIN: DON JUNIOR WILL TESTIFY PUBLICLY 'COME HELL OR HIGH WATER': During an interview with CNN on Monday, Sen. Dianne FeinsteinDianne Emiel FeinsteinThe Hill's Morning Report — Presented by the Coalition for Affordable Prescription Drugs — Pollsters: White college-educated women to decide if Dems capture House Trump, Feinstein feud intensifies over appeals court nominees American Bar Association dropping Kavanaugh review MORE (Calif.) -- the top Democrat on the Senate Judiciary Committee -- was asked if she thinks Donald Trump Jr. will return to the Senate for a hearing to discuss a meeting he took last year with a Russian lawyer who promised damaging information on then-Democratic presidential nominee Hillary ClintonHillary Diane Rodham ClintonMueller's team asking Manafort about Roger Stone: report O'Rourke targets Cruz with several attack ads a day after debate GOP pollster says polls didn't pick up on movement in week before 2016 election MORE. "I do," she said. "Come hell or high water."

To read the rest of our piece, click here.

--RUSSIA'S RUSSIAN RESET RESET: Russian President Vladimir Putin proposed a reset of relations with the U.S. in April that would have restored relations to the status quo before Moscow's military interventions in Ukraine and Syria, BuzzFeed News reported Tuesday. The proposal, delivered by a Russian diplomat to the State Department, called for full and immediate normalization of diplomatic, military and intelligence channels, according to the secret document obtained by BuzzFeed. The proposal detailed steps the two nations would make in order to thaw relations. Starting in April, a top Russian cyber official, identified as Andrey Krutskikh, would meet with his U.S. counterpart to discuss "information security," according to the document. A month later, the two countries would hold "special consultations" to discuss ongoing issues, including the Iran nuclear deal, Ukraine, Afghanistan and North Korea. President Trump and Putin would reportedly have their first in-person meeting after the top national security leaders from both Russia and the U.S. met face-to-face, including the heads of U.S. agencies like the Central Intelligence Agency, the Federal Bureau of Investigations and the Pentagon.

To read the rest of our piece, click here.

--BELEAGUERED KASPERSKY LAB MULLS CHANGES TO ITS US GOVERNMENT SALES SUBSIDIARY: Kaspersky, a cybersecurity vendor under fire over recent months for suspected ties to Russian intelligence, is considering changing - or even closing - its Washington-area government sales subsidiary, Reuters reports. The Senate's current defense authorization bill would ban the company's software from federal use, limiting the subsidiary. A Russian news outlet reported the offices might close, while a company representative told Reuters in a statement "Given that U.S. government sales have not been a significant part of the company's activity in North America, Kaspersky Lab is exploring opportunities to better optimize the Washington D.C. office responsible for threat intelligence offerings to U.S. government entities."

--RUSSIA'S 2016 ELECTION INFLUENCE CAMPAIGN INCLUDED ANTI-IMMIGRATION PROTEST: Russia used Facebook to promote protests in the United States, including one anti-immigrant protest during the 2016 presidential campaign, according to The Daily Beast. Facebook confirmed that it "shut down several promoted events as part of the takedown we described last week." A protest in Idaho in August 2016 reportedly focused on Muslim refugees. "Due to the town of Twin Falls, Idaho, becoming a center of refugee resettlement, which led to the huge upsurge of violence towards American citizens, it is crucial to draw society's attention to this problem," the protest's event notice read. "We must stop taking in Muslim refugees! We demand open and thorough investigation of all the cases regarding Muslim refugees! All government officials, who are covering up for these criminals, should be fired!"

To read the rest of our piece, click here.

--...AND LAWMAKERS SUGGEST IT'S TIME FOR A HEARING ON RUSSIAN SOCIAL MEDIA OPS: The Senate Intelligence Committee's top Democrat, Sen. Mark WarnerMark Robert WarnerDems can use subpoena power to reclaim the mantle of populism Is there a difference between good and bad online election targeting? Collusion judgment looms for key Senate panel MORE (Va.), has repeatedly said he would like a hearing on the matter after Facebook revealed last week that a pro-Kremlin organization had bought $100,000 worth of political ads on its platform during the 2016 election cycle. Committee Chairman Sen. Richard BurrRichard Mauze BurrDems can use subpoena power to reclaim the mantle of populism Collusion judgment looms for key Senate panel The National Trails System is celebrating 50 years today — but what about the next 50 years? MORE (R-N.C.), who has been comparatively mum on the subject, told reporters Tuesday that a hearing with Facebook and Twitter officials on Russian interference is "probably more when [than if]."

To read the rest of our piece, click here.



Links from our blog, The Hill, and around the Web.

A White House spokesperson suggested officials look into charges against James Comey. (The Hill)

The Department of Energy is investing $30 million in critical infrastructure cybersecurity. (The Hill)

Edward Snowden has no regrets. (The Hill)

Researchers caught a new security vulnerability being used to infect systems with commercially available espionage software sold to governments across the globe. (FireEye)

The NHTSA released new autonomous car guidelines. (NHTSA)


If you'd like to receive our newsletter in your inbox, please sign up here.