In 2018, theEconomic Growth, Regulatory Relief, and Consumer Protection Actwas signed into law, enabling those undergoing background investigations to keep a credit report security freeze in place without any impact to completion of the investigation. At the time, the Office of Personnel Management (OPM) provided guidance to all Federal agencies

Posted by Keishi Hattori, Sergei Glazunov, Bartek Nowierski on behalf of the MiraclePtr team Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome. If you need a refresher, you can read our previous blog post detailing MiraclePtr and its objectives. More platforms We are ...

There were only two Defense Office of Hearing and Appeals (DOHA) cases involving the Allegiance guideline this year. This one involved a DoD contractor who had shown a more than passing interest into the anti-establishment conspiracy theorist group called QAnon, and militia extremists who call themselves Three-Percenters (III%). He was

Every once in a while, I run across an appeals case that makes me shake my head and wonder why on earth they tried applying for a job that required a security clearance. This particular one takes the cake. The applicant was initially denied clearance eligibility by the DoD based

Posted by Ivan Lozano and Roger Piqueras Jover Androids defense-in-depth strategy applies not only to the Android OS running on the Application Processor (AP) but also the firmware that runs on devices. We particularly prioritize hardening the cellular baseband given its unique combination of running in an elevated privilege and parsing untrusted...

To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that Cure53 conducted earlier this … Read more The post Mozilla VPN Security Audit 2023 appeared first on Mozilla Security Blog.

Elie Bursztein, Cybersecurity & AI Research Director, and Marina Zhang, Software EngineerSystems such as Gmail, YouTube and Google Play rely on text classification models to identify harmful content including phishing attacks, inappropriate comments, and scams. These types of texts are harder for machine learning models to classify because bad ...

Royal Hansen, Vice President of Privacy, Safety and Security Engineering, GoogleNearly half of third-parties fail to meet two or more of the Minimum Viable Secure Product controls. Why is this a problem? Because "98% of organizations have a relationship with at least one third-party that has experienced a breach in the last 2 years."In this post, w...

Yesterday, the House took up H Res 869, the proposed rule for the consideration of HR 5893 [removed from paywall], the Commerce, Justice, Science, and Related Agencies Appropriations Act, 2024. After 55 minutes of debate (starting at 09:25 EST), the resolution failed by a vote of 198 to 225, with 19 Republicans voting with Democrats to defeat the r...

Yesterday, the OMBs Office of Information and Regulatory Affairs (OIRA) announced that it had approved an information collection request (ICR) renewal from CISA for Chemical Security Assessment Tool (CSAT). The 60-day ICR notice was published on December 12th, 2022 and the 30-day ICR notice was published on April 20th, 2023. Nothing of specific int...

Yesterday, the House took up HR 6363, the Further Continuing Appropriations and Other Extensions Act, 2024. After about 36 minutes of debate (starting at about 4:02 EST), the bill was passed by a bipartisan vote of 336 to 95 with 93 Republicans voting Nay. The bill now goes to the Senate where it is expected (after potential procedural delays) to p...

Yesterday, OMBs Office of Information and Regulatory Affairs announced that it had received a final rule from the EPA on Fees for the Administration of the Toxic Substances Control Act (TSCA). The EPA is required to periodically (every three years) update the fees it charges for the administration of the TSCA program. This would be the first adjust...

Trumps incendiary vermin remarks prompt backlash. TheHill.com article. Pull quote: The Trump campaign rejected comparisons between Trump and old dictators, with spokesperson Steven Cheung saying in a statement that those who try to make that ridiculous assertion are clearly snowflakes grasping for anything because they are suffering from Trump Dera...

Today I read a press release from the Alliance for Chemical Distribution (formerly the National Association of Chemical Distributors) on the OSHA Worker Walkaround Representative Designation Process notice of proposed rulemaking (NPRM) that was published on August 30th, 2023. The comment period closed on Monday. Not surprisingly, ACD (and probably ...

Yesterday, Rep Granger (R,TX) introduced HR 6363, the Further Continuing Appropriations and Other Extensions Act, 2024. Colloquially known as a Ladder CR, the bill continues current funding for some programs (of the Federal Government through January 19th, 2024 and through February 2nd, 2024. It also includes a section that extends the termination ...

Yesterday, with both the House and Senate in Session, there were 42 bills introduced. Two of those bills may receive additional coverage in this blog: HR 6363 Further Continuing Appropriations and Other Extensions Act, 2024 Granger, Kay [Rep.-R-TX-12] HR 6372 To amend the National Quantum Initiative Act to require the Secretary of Energy to cond...

How Ukraine, With No Warships, Is Thwarting Russias Navy. NYTimes.com article (free). Pull quote: Despite having no warships of its own, Ukraine has over the course of the war shifted the balance of power in the naval conflict. Its use of unmanned maritime drones and growing arsenal of long-range anti-ship missiles along with critical surveillance...

It would be safe to say that most, if not all, government workers know that using drugs is not copasetic or in line with the Drug-Free Federal Workplace policy. This applies to all tiers of investigations, not just security clearance applicants. When I find Defense Office of Hearing and Appeals

This post marks the 1000th blog post here for this year, kind of a magic number for bloggers. That, combined with the 585 blog posts over on my Substack site, CFSN Detailed Analysis, makes this, hands-down, my most prolific year as a writer to date. A lot of that is due to the contentious nature of the House in the 118th Congress, they have provide...

Senate Leaders Plan to Prolong NSA Surveillance Using a Must-Pass Bill. Wired.com article. Pull quote: Extending the program by attaching it to another bill that Congress cant avoid is a risky political maneuver that will cause significant unrest among a majority of House lawmakers and a number of senators who are working to reform the 702 program....

This week the Congressional Research Service (CRS) published a report on Armed Drones: Evolution as a Counterterrorism Tool. This is a brief review of the evolution of the policy issues surrounding the use of armed drones as a counter-terrorism weapon. Missing from this is any discussion about how the successes that the US has had with drones as w...

This week we have 23 vendor disclosures from Broadcom (15), Fuji Electric, GE Gas Power, GE Grid Solutions (4), and Hitachi (2). Advisories Broadcom Advisory #1 - Broadcom published an advisory that discusses an unquoted search path or element vulnerability in their Fabric OS. Broadcom Advisory #2 - Broadcom published an advisory that describes ...

Terrorist who tried to attack Jewish school in Indianapolis charged with 3 felonies. Fox59.com article. Pull quote: In reality, however, the building targetted by Almaghtheh was used by the Israelite School of Universal and Practical Knowledge a sect of Black Hebrew Israelites labeled by the Anti-Defamation League as extreme and antisemitic and cl...

Yesterday, the House continued consideration of HR 4664, the Financial Services and General Government Appropriations Act, 2024. The last four amendments listed in Part B of H Rept 118-269 were considered and three were adopted. The House recessed for the Veterans Day weekend without taking a vote on the amended bill. TheHill.com is reporting that...

Last month, Rep Aderholt (R,AL) introduced HR 5894, the Departments of Labor, Health and Human Services, and Education, and Related Agencies Appropriations Act, 2024. There is no report from the House Appropriations Committee on this legislation, instead the Committee staff has published an explanatory materials document, reflecting the fact that t...

Yesterday, the House began consideration of HR 4664, the Financial Services and General Government Appropriations Act, 2024. There were 65 amendments considered yesterday, with one of those being an en bloc amendment for the consideration 22 non-controversial amendments listed in Part B of H Rept 118-269. Fifty-one of the offered amendments were ag...

Lucy continues to surprise astronomers with its first flyby. ArsTechnica.com article. Pull quote: A few days ago, the Daily Telescope reported that the Lucy spacecraft had found not one but two asteroids during its flyby of the small main-belt asteroid Dinkinesh. It turns out that was not the whole story. Subsequent data downlinked from the spacecr...

Posted by Nataliya Stanetsky, Android Security and Privacy Team The App Defense Alliance (ADA), an industry-leading collaboration launched by Google in 2019 dedicated to ensuring the safety of the app ecosystem, is taking a major step forward. We are proud to announce that the App Defense Alliance is moving under the umbrella of the Linux Foundat...

Yesterday, the House continued consideration of HR 4820, the Transportation, Housing and Urban Development, and Related Agencies (THUD) Appropriations Act, 2024. Thirty-three amendments were considered and 21 of those were adopted. None of the amendments were of specific interest here. Of the five amendments initially considered on Monday, but held...

Senate eyes huge maxi-bus to address year-end spending crunch. TheHill.com article. Pull quote: At least if there is a decision made by the leaders to put all nine of the remaining bills together, at least theyre bills that have gone through committee, [have] been vetted, will be subject to amendment, are not drafted by just a few people behind clo...

Today, CISAs NCCIC-ICS published a control system security advisory or product from GE Grid Solutions. Advisories GE Advisory - This advisory describes an uncontrolled search path vulnerability in the GE MiCOM S1 Agile engineering tool suite. For more information about this advisory and its related GE disclosures, see my article at CFSN Detai...

Yesterday, the House began consideration of HR 4820, the Transportation, Housing and Urban Development, and Related Agencies (THUD) Appropriations Act, 2024. Eleven amendments were considered and four were adopted. One of the adopted amendments was an en bloc amendment that included 24 non-controversial amendments. Five of the amendments considered...