An Arkansas man was sentenced Friday to 33 months in federal prison for aiding and abetting computer intrusions by developing and selling his NanoCore RAT and Net Seal malware to individuals who then used it to conduct such intrusions as surreptitiously activating webcams, DOJ said. It said U.S. District Judge Liam O'Grady of Alexandria, Virginia, also ordered that Taylor Huddleston, 27, of Hot Springs, serve two years of supervised release after his prison sentence. DOJ said Huddleston pleaded guilty in July.

The Information Technology Industry Council and USTelecom said Friday they're creating the Council to Secure the Digital Economy (CSDE) to find solutions to cybersecurity threats to the tech and telecom sectors, including data breaches. Akamai, AT&T, Intel, Samsung and Verizon are among the group's founding members. CSDE membership “reflects a shared commitment across the leadership of the global information and communications technology sector to pursue security mitigation as intensely as digital innovation,” said USTelecom President Jonathan Spalter in a news release. The group “is committed to building a more resilient ecosystem for consumers, businesses, and the public through improved cybersecurity, trust, accountability, and engagement with government,” said ITI CEO Dean Garfield in the release. “This is exactly the type of industry collaboration needed to help frame the important issues through a shared digital economy lens,” said Chris Krebs, Department of Homeland Security senior official performing the duties of the undersecretary-National Protection and Programs Directorate, in the news release.

More than half of U.S. connected car drivers said they wouldn’t buy a self-driving car, researcher Solace reported Thursday. Two-thirds believe they drive more safely in connected cars, but 40 percent wouldn’t trust their cars to brake for them. Forty-six percent of drivers ages 18-25 wouldn’t trust their car to automatically react to driving conditions vs. a third of drivers 65 or older. Safety and navigation are the most trusted and valued features, with 49 percent of drivers most likely to rely on safety sensors -- such as lane departure alerts -- in a connected car, 35 percent on navigational prompts. Forty-eight percent weren't aware their vehicle could store personal data such as social security numbers and birthdays. The online survey occurred Jan. 17-19 with 1,500 drivers.

The SEC adopted interpretive guidance to help companies prepare disclosures about cybersecurity risks and incidents, the agency said Wednesday. Chairman Jay Clayton said the guidance highlights federal securities laws' disclosure requirements and the importance of policies and procedures for disclosure controls. He said the aim of the guidance is "clearer and more robust disclosure by companies" about cybersecurity risks, giving investors more complete information. The commission said it's not suggesting companies must make detailed disclosures such as specific technical information about their systems or potential system vulnerabilities, but they should disclose incidents and risks material to investors, including financial, legal or reputational consequences. The agency said companies might need to disclose previous or ongoing incidents to put risk discussions in context.

Companies are increasingly relying on artificial intelligence and automated security systems, as the majority of cybersecurity attacks result in more than $500,000 in damages, Cisco reported Wednesday. Cisco surveyed 3,600 chief information security officers, and found more than half reported cybersecurity attacks that cost organizations more than $500,000 in damages. Thirty-nine percent of respondents rely on automation, 34 percent on machine learning, and 32 percent are “highly reliant” on AI. The extent of system breaches expanded, with respondents claiming 32 percent of breaches affected more than half their systems. That compares with 15 percent reported for 2016.

Social media platforms like Facebook and Twitter should be required to use open application programming interfaces, so third parties can monitor impacts of social media algorithms, former FCC Chairman Tom Wheeler wrote in The New York Times. Wheeler cited the recent indictment that special counsel Robert Mueller filed against 13 Russians tied to the Internet Research Agency, a Kremlin-led troll farm that allegedly spread misinformation and vitriolic, political content through social media during the 2016 election. Although that editorial content reached millions, the group was able to hide its algorithms for targeting users behind social media platforms. He noted Uber uses the open API of Google Maps to retrieve information about passenger pickup points and destinations. Wheeler said the proposal would open only the results of a company’s algorithms, not the algorithms themselves. Wheeler repeatedly has pitched open algorithms (see 1711010013). The Computer and Communications Industry Association and Internet Association didn't comment Wednesday.

U.S.-based web application attacks increased 31 percent in Q4 from the year-ago quarter, and perpetrators continue to focus on industries with high-value data, Akamai reported Tuesday. The report showed the retail industry was the hardest hit from web application threats, with 38 percent of attacks. Media and entertainment had 18 percent, technology 11, the public sector had 4.4 percent. Senior Editor Martin McKeay said attackers increasingly seek more direct ways for financial gain, such as ransomware. Worldwide web application attacks increased 10 percent, with a 10 percent increase in SQLi attacks globally. “Of the 17 billion login requests tracked through the Akamai platform in November and December, almost half (43 percent) were used for credential abuse,” the report said.

Many web hosting companies that cater to small businesses don't offer proper access to email authentication and anti-phishing technologies, putting small businesses at risk of facilitating phishing, FTC staff reported. Staff surveyed 11 web-hosting companies. Two used domain-based message authentication, a technology to reject phony emails with domain-authentication discrepancies, and three provide a way for configuring that. Small businesses should “pay close attention to the security features offered by web hosts so that they can choose a host that will protect their websites and email accounts with SSL/TLS and email authentication technologies.” The agency didn't identify the companies.

DOJ established a Cyber-Digital Task Force to focus on “detecting, deterring and disrupting malicious cyber activity.” According to a memo from Attorney General Jeff Sessions, it will be chaired by a senior department official appointed by the deputy AG. It would deliver an initial report on the department’s current cyber-related activities and a series of recommendations by June 30.

Without proper balance, the EU’s General Data Privacy Regulation could allow bad actors even more freedom for spreading false information and fostering illicit markets, wrote American Enterprise Institute's Shane Tews in a blog post this week. The GDPR (see 1802070001), which is to take effect in May, is meant to be a uniform set of data privacy and protection laws across the EU. One of the challenges of the new law is its impact on ICANN's WHOIS database, which law enforcement uses to investigate digital crimes, and companies use to protect trademarks. Under the new law, WHOIS data such as names and contact details might be identified as private, protected data requiring individual consent to be distributed. Tews said that could mean “a lot less information on who is contractually responsible for a domain,” allowing perpetrators to better hide their identities. ICANN is reviewing how to adapt to the new EU law. Tews said the larger challenge is keeping a free flow of internet traffic that allows accurate, trusted content, which requires identity verification for who's distributing the content. “Online actors who know how to be deceptive in their ways can weave through online networks to protect themselves. It would be a shame if the well-intended GDPR became one of their tools of the trade,” she wrote.