Risk

5/2/2017
10:40 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

House Bill to Help Small Businesses Facing Cybersecurity Risks

WASHINGTON – ITI, the global voice of the tech sector, released the following statement from Senior Vice President for Government Affairs Andy Halataei endorsing H.R. 2105, the NIST Small Business Cybersecurity Act of 2017, being considered today by the House Committee on Science, Space, and Technology:

“Cyber-attacks are becoming increasingly sophisticated, and this legislation extends a helping hand for small businesses that often don’t have the resources they need to successfully address challenging cybersecurity risks,” Halataei said. “By coordinating cyber resources and tools offered by federal agencies to help small businesses manage their cybersecurity, entrepreneurs can spend more time focusing on expanding their businesses and helping our economy grow. We thank the House Science, Space, and Technology Committee for acting to approve this legislation and urge Congress to pass it into law."

ITI has been a strong proponent of the NIST Cybersecurity Framework, advocating for cybersecurity policies that are voluntary; adaptable to rapidly emerging threats, technologies, and business models; based on effective risk management; technology-neutral; and leverage public-private partnerships. In March, ITI endorsed similar legislation, the MAIN STREET Cybersecurity Act, passed by the Senate Commerce, Science, and Transportation Committee on April 5th. The NIST Small Business Cybersecurity Act was introduced by Reps. Daniel Webster (R-Fl.), Daniel Lipinski (D-Ill.), Lamar Smith (R-Tex.), Barbara Comstock (R-Va.), Jacky Rosen (D-Nev.), Randy Hultgren (R-Ill.), Stephen Knight (R-Ca.), Darin LaHood (R-Ill.), Roger Marshall (R-Kan.), and Bill Posey (R-Fl.).

About ITI. ITI is the global voice of the tech sector. We advocate for public policies that advance innovation, open markets, and enable the transformational economic, societal, and commercial opportunities our companies are creating. Our membership includes the entire spectrum of technology companies ranging from internet companies to manufacturers of hardware and networking equipment to software developers. Our diverse membership and expert staff allows ITI to provide a broad perspective on the implications and opportunities of policy activities around the world.  Visit www.itic.org to learn more. Follow us on Twitter for the latest ITI news @ITI_TechTweets.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.