The Hacker News reports: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said,…
Category: Commentaries and Analyses
Russian hackers exploiting Outlook bug to hijack Exchange accounts
Bill Toulas reports: Microsoft’s Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted entities include government, energy, transportation, and other key organizations in the United States, Europe, and the…
Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
Abstract While many statutes recognize that violations of privacy cause harm—and some even provide for private rights of action to enforce privacy rights—scholars have speculated that the judicial doctrine of Article III standing could create a procedural hurdle to remedying privacy harms. This empirical study maps the extent of that hurdle by investigating the data…
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.
Kevin Beaumont writes: How CitrixBleed vulnerablity in Netscale has become the cybersecurity challenge of 2023. Credit union technology firm Trellance owns Ongoing Operations LLC, and provides a platform called Fedcomp — used by double digit number of other credit unions across the United States. This Fedcomp platform was not patched for CitrixBleed, as no Netscaler…
Why we need legislation requiring more transparency in breach notices, Saturday edition (Bluefield University)
Yet another notification letter provides an example of why we need legislation requiring more transparency in disclosures. A DataBreaches.net OpEd. Background: The Bluefield University Breach On May 2, DataBreaches reported a cyberattack involving Bluefield University in Virginia that had first been reported by WVVA. The local media had reported that on May 1, Bluefield had…
The EU’s Cyber Resilience Act Has Now Been Agreed
Mark Young and Aleksander Aleksiev of Covington and Burling write: Yesterday, the European Commission, Council and Parliament announced that they had reached an agreement on the text of the Cyber Resilience Act (“CRA”). As a result, the CRA now looks set to finish its journey through the EU legislative process early next year. As we explained in our…