Indonesia’s private data protection bill cleared another hurdle and could be voted into law this week. As Bloomberg reports: Data operators could face up to five years in jail and a maximum fine of 5 billion rupiah ($337,000) for leaking or misusing private information, according to Indonesia’s new data privacy bill set to be passed…
Author: Dissent
“Proactive cyber defense” to be introduced to critical infrastructure
The following is a machine translation of a Yomiuri news story: The government is considering introducing an “active cyber defense” system to detect signs of an attack and identify the source of the attack in order to strengthen defense against cyber attacks on critical infrastructure such as communications and electricity. Adjustments will be made in…
A packed end to the UK’s cyber summer: Government moves forward with telecoms cybersecurity proposals and consults on a Cyber Duty to Protect
Mark Young and Paul Maynard of Covington and Burling write: UKG) proposals for new, sector-specific cybersecurity rules continue to take shape. Following the announcement of a Product Security and Telecommunications Infrastructure Bill and a consultation on the security of apps and app stores in the Queen’s Speech (which we briefly discuss here), the UKG issued a…
Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities
FBI Private Industry Notification PIN 20220912-001 TLP: WHITE Summary The FBI has identified an increasing number of vulnerabilities posed by unpatched medical devices that run on outdated software and devices that lack adequate security features. Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity….
Lorenz ransomware breaches corporate network via phone systems
Sergiu Gatlan reports: The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks…
Vasile Mereacre testifies against former Uber security chief in criminal trial
Maria Dinzeo reports: When hackers Vasile Mereacre and Brandon Glover teamed up in 2016 and began scouring Github for exploitable security flaws, they weren’t looking to hack any one company specifically. But Uber’s lax security quickly made the ride-hail giant the pair’s top target. Testifying Monday in the former Uber security head Joe Sullivan’s criminal obstruction…