Risk

5/2/2017
10:40 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

House Bill to Help Small Businesses Facing Cybersecurity Risks

WASHINGTON – ITI, the global voice of the tech sector, released the following statement from Senior Vice President for Government Affairs Andy Halataei endorsing H.R. 2105, the NIST Small Business Cybersecurity Act of 2017, being considered today by the House Committee on Science, Space, and Technology:

“Cyber-attacks are becoming increasingly sophisticated, and this legislation extends a helping hand for small businesses that often don’t have the resources they need to successfully address challenging cybersecurity risks,” Halataei said. “By coordinating cyber resources and tools offered by federal agencies to help small businesses manage their cybersecurity, entrepreneurs can spend more time focusing on expanding their businesses and helping our economy grow. We thank the House Science, Space, and Technology Committee for acting to approve this legislation and urge Congress to pass it into law."

ITI has been a strong proponent of the NIST Cybersecurity Framework, advocating for cybersecurity policies that are voluntary; adaptable to rapidly emerging threats, technologies, and business models; based on effective risk management; technology-neutral; and leverage public-private partnerships. In March, ITI endorsed similar legislation, the MAIN STREET Cybersecurity Act, passed by the Senate Commerce, Science, and Transportation Committee on April 5th. The NIST Small Business Cybersecurity Act was introduced by Reps. Daniel Webster (R-Fl.), Daniel Lipinski (D-Ill.), Lamar Smith (R-Tex.), Barbara Comstock (R-Va.), Jacky Rosen (D-Nev.), Randy Hultgren (R-Ill.), Stephen Knight (R-Ca.), Darin LaHood (R-Ill.), Roger Marshall (R-Kan.), and Bill Posey (R-Fl.).

About ITI. ITI is the global voice of the tech sector. We advocate for public policies that advance innovation, open markets, and enable the transformational economic, societal, and commercial opportunities our companies are creating. Our membership includes the entire spectrum of technology companies ranging from internet companies to manufacturers of hardware and networking equipment to software developers. Our diverse membership and expert staff allows ITI to provide a broad perspective on the implications and opportunities of policy activities around the world.  Visit www.itic.org to learn more. Follow us on Twitter for the latest ITI news @ITI_TechTweets.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Be a unicorn, not a donkey...
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.