DomainTools encouraged the 92 percent of U.S. consumers planning to shop on Cyber Monday -- Nov. 27 -- to be aware of phishing and counterfeiting. Forty percent of U.S. consumers have been victims of a phishing attack, even though 91 percent are aware of spoofed websites or phishing emails from trusted brands, the cybersecurity firm said. The amount of cybercrime increased with popularity of Cyber Monday, said CEO Tim Chen. Various techniques are used to trick shoppers into visiting a fake website or clicking on a malicious link, Chen said, which could result in a shopper unintentionally sharing information or downloading ransomware. Some 119,000 unique phishing sites were detected in November 2016, targeting more than 300 brands, said Chen, citing Anti-Phishing Working Group data. The brands most likely to be spoofed this month likely correspond with the most popular online retailers, which according to the survey include Amazon (82 percent), Walmart (36 percent), and Target (20 percent), he said. Tips: be paranoid; first assume links are dangerous; navigate directly to a company's site instead of clicking on links in emails or social media; and examine URLs and email senders for typos. The shopping plan survey was Oct. 5-7 with 1,000 respondents.

U.S. employers posted 285,681 cybersecurity job openings during the 12-month period that ended in September, according to CyberSeek, a career resource developed jointly by CompTIA and labor analytics firm Burning Glass Technologies. Washington, New York and Chicago have the most job openings, the firms reported Tuesday.

The Senate Commerce Committee plans a hearing Wednesday on data breaches, it said. Witnesses are Paulino Barros, Equifax interim CEO; Marissa Mayer, former Yahoo CEO; Karen Zacharia, Verizon chief privacy officer; and Todd Wilkinson, Entrust Datacard Corp. president. The panel will "hear from those in charge, at the time major breaches occurred and during the subsequent response efforts, at two large companies who lost personal consumer data to nefarious actors,” said Chairman John Thune, R-S.D. It starts about 10 a.m. in 106 Dirksen, with the time based on when an earlier committee executive session there ends (see 1711020045). The Stop Enabling Sex Traffickers Act (S-1693) will be marked up at that earlier meeting, which begins at 9:45 a.m.

More than eight in every 10 U.S. consumers say they will be less willing to shop at retailers this holiday season that experienced past data breaches than at those that didn't, said a Thursday survey report from Generali Global Assistance. The supplier of identity theft protection tools canvassed 1,016 adults in early October and found 38 percent were unsure if businesses were doing enough to safeguard their personal information, it said. “Those who plan to shop for the holidays expressed concern about their financial or personal information being compromised due to a data breach,” with 75 percent of those questioned “indicating that they are either very or somewhat concerned about such a breach,” it said. Slightly more than half of those canvassed (57 percent) said they think a data breach of an online merchant “will pose the greatest identity theft threat this holiday season,” while 22 percent view a data breach of a brick-and-mortar point-of-sale system “to be the most acute risk,” it said. Data breaches “weigh much more heavily on holiday shoppers’ minds” than being pickpocketed (11 percent), or having their cars broken into (10 percent) “when it comes to identity theft,” it said.

Facebook in Q3 experienced its first quarter with more than $10 billion in revenue, said CEO Mark Zuckerberg on a Wednesday earnings call. “None of that matters if our services are used in a way that doesn't bring people closer together, or if the foundation of our society is undermined by foreign interference,” he said. “I've expressed how upset I am that the Russians tried to use our tools to sow mistrust. We built these tools to help people connect and to bring us closer together, and they used them to try to undermine our values. What they did is wrong, and we are not going to stand for it.” Facebook “is doing everything we can to help the U.S. government get a complete picture of what happened,” said Zuckerberg. Efforts “sweeping across all our platforms” are aimed at identifying and eradicating fake accounts, it told the Senate Judiciary Committee Tuesday (see 1710310061). Facebook is working with Congress “on legislation to make advertising more transparent,” said Zuckerberg. The company is “moving forward on our own to bring advertising on Facebook to an even higher standard of transparency than ads on TV or other media,” he said. It soon will “start rolling out a tool that lets you see all of the ads a page is running and also an archive" of political ads that "have run in the past,” he said. The platform has 10,000 employees “working on safety and security, and we're planning to double that to 20,000 in the next year to better enforce our community standards and review ads,” he said. “In many places, we're doubling or more our engineering efforts focused on security.” It’s also building new artificial intelligence “to detect bad content and bad actors, just like we've done with terrorist propaganda,” he said. “I am dead serious about this. And the reason I'm talking about this on our earnings call is that I've directed our teams to invest so much in security on top of the other investments we're making that it will significantly impact our profitability going forward, and I wanted our investors to hear that directly from me. I believe this will make our society stronger, and in doing so will be good for all of us over the long term. But I want to be clear about what our priority is. Protecting our community is more important than maximizing our profits.” Facebook shares closed 2.1 percent lower Thursday at $178.92.

At updated IoT standards draft for federal agencies is expected in early 2018 and could impact the tech sector, in ongoing work at the National Institute of Standards and Technology, blogged Wiley Rein attorney Kathleen Scott. NIST launched its IoT cybersecurity program in November 2016. While the work is focused on federal agencies, the tech sector is providing input in developing standards that could ultimately affect the industry, NIST said. NIST held a meeting earlier this month on security approaches for IoT devices to ensure suppliers and vendors are aligned in their security approaches. It's "clear that the debate regarding IoT cyber standards is still nascent and that NIST is still working to define the scope of IoT," Scott said. On Thursday, NIST said its current IoT guidelines draft is 200 pages and could be released for public comment early next year, Scott said.

Tech support scammers settled complaints with the FTC they tricked consumers into believing their computers were infected with viruses and malware, charging hundreds of dollars for unnecessary repairs, the commission announced Thursday. Defendants, which the FTC said used only online advertising to target victims, will be permanently banned from the tech support business.

The House should take up HR-1224 to move forward with the cybersecurity framework developed by the National Institute of Standards and Technology, said House Science Committee Chairman Lamar Smith, R-Texas, at a Wednesday hearing. The NIST Cybersecurity Framework, Assessment, and Auditing Act would require the agency to ensure the framework builds security standards at the beginning of a system's life cycle, builds trustworthy and secure components into systems and applies well-defined security design principles throughout systems. Smith took aim at Kaspersky Lab, calling the company a once-reputable firm creating "significant risk to U.S. security" by enabling the Russian government and global criminal hackers to exploit government software, now banned by the General Services Administration. Kaspersky defended its performance, saying it did a "thorough review" and was aware of only one malware breach. Smith said the committee would continue its investigation into Kaspersky's activities and asked the public to share any information about threats from the company's products.

Harman confirmed Friday it has an update patch in code to address the key reinstallation attacks Wi-Fi security flaw. The patch will be pushed to connected speaker owners in the next over-the-air update, a spokeswoman said.

The Internet Security Alliance will join with Germany's largest cyber networking platform, the Cyber-Security Council of Germany, to create cyber industry-government initiatives focusing on practical solutions, ISA said Friday.