Ionut Arghire reports that Chinese hackers exploited Fortinet FortiOS SSL-VPN vulnerability when it was still a zero-day. Mandiant tracks the bug as CVE-2022-42475 (CVSS score of 9.8), and described it as “a buffer overflow issue that could be exploited by remote, unauthenticated attackers to execute code or commands via crafted requests.” Read more at Security Week….
Category: Commentaries and Analyses
New Cybersecurity Directives (NIS2 and CER) Enter into Force in EU
Hunton Andrews Kurth writes: On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”) and the Directive on the resilience of critical entities (“CER Directive”) entered into force. The NIS2 Directive repeals the current NIS Directive and creates a more extensive and harmonized set of rules on cybersecurity…
Ph: Comelec, Smartmatic cleared of data privacy violations in 2022 polls
Hana Bordey reports: The National Privacy Commission (NPC) has cleared the Commission on Elections and the Smartmatic Group of Companies of alleged violation of the Data Privacy Act (DPA) over the supposed breach of election data during the 2022 national and local polls. This was announced by Comelec spokesperson Rex Laudiangco in a press statement…
NYS Comptroller releases another school district IT audit
Frankfort-Schuyler Central School District – Information Technology Assets and Network Access (2022M-151) Released December 30, 2022 Background The District serves the Towns of Frankfort and Schuyler in Herkimer County. The District is governed by the Board of Education (Board), which is composed of seven elected members. The Board is responsible for the general management and…
European data protection authorities issue record €2.92 billion in GDPR fines
Michael Hill reports: European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine…
Ransomware Diaries: Volume 1: LockBit
Written by Jon DiMaggio. Conducting a behavioral profile of ransomware attackers will give you a better understanding of who is behind the attacks threatening your organization. Behavioral profiling adds value to defenders who can use it to identify an attacker and negotiators who will know the motivations and beliefs of the human being they are…