Ravie Lakshmanan reports: The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The “Regulations on the Management of Network Product Security Vulnerability” are expected to…
Author: Dissent
Nl: Leak at Covid testing company made it possible to fake results in CoronaCheck app
NL Times reports: Due to a major leak at the coronavirus testing company Testcoronanu, it was possible for anyone to create their own Covid vaccination or test certificate, RTL Nieuws reported on Sunday. Additionally, private details from about 60 thousand people who took a coronavirus test at this company had been leaked. The company is…
State audits of school district IT reveal why k-12 districts are sitting ducks for threat actors
On July 15, New York State Comptroller Thomas P. DiNapoli released the following school district audits. Clicking on the links will take you to the fuller reports, but even then, some things were so bad, it seems, that findings were told to the districts, but not put in writing in public reports that threat actors…
Ransomware attacks target Virginia Tech, no data believed stolen
Amy Friedenberger reports Virginia Tech was the target of two cyberattacks recently. The most recent attack was part of the Kaseya incident. An earlier attack in May reportedly involved an attempt to encrypt the university’s server. In neither case was there any evidence of data exfiltration. Read more on The Roanoke Times.
Ca: Revelstoke Mountaineer white-hat notification of data security issues causes City of Revelstoke to disable emergency notification system
Aaron Orlando reports: The City of Revelstoke has disabled its emergency notification system after revelstokemountaineer.com notified the city of data security issues with the system. The city’s opt-in emergency alert system sends emails or text messages to subscribers. The system notifies subscribers on a range of city communications, including emergency communications. Read more on revelstokemountaineer.com….
The new minimization technique for breach disclosures?
Remember when “We take your privacy and security very seriously” became de rigueur in breach disclosures? Now there’s other language being frequently added to breach disclosures — language that makes it sound like what the entity is about to tell you is really no huge deal, but if you feel you really need to protect…