Bill Toulas reports: Microsoft’s Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted entities include government, energy, transportation, and other key organizations in the United States, Europe, and the…
Category: Commentaries and Analyses
Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
Abstract While many statutes recognize that violations of privacy cause harm—and some even provide for private rights of action to enforce privacy rights—scholars have speculated that the judicial doctrine of Article III standing could create a procedural hurdle to remedying privacy harms. This empirical study maps the extent of that hurdle by investigating the data…
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.
Kevin Beaumont writes: How CitrixBleed vulnerablity in Netscale has become the cybersecurity challenge of 2023. Credit union technology firm Trellance owns Ongoing Operations LLC, and provides a platform called Fedcomp — used by double digit number of other credit unions across the United States. This Fedcomp platform was not patched for CitrixBleed, as no Netscaler…
Why we need legislation requiring more transparency in breach notices, Saturday edition (Bluefield University)
Yet another notification letter provides an example of why we need legislation requiring more transparency in disclosures. A DataBreaches.net OpEd. Background: The Bluefield University Breach On May 2, DataBreaches reported a cyberattack involving Bluefield University in Virginia that had first been reported by WVVA. The local media had reported that on May 1, Bluefield had…
The EU’s Cyber Resilience Act Has Now Been Agreed
Mark Young and Aleksander Aleksiev of Covington and Burling write: Yesterday, the European Commission, Council and Parliament announced that they had reached an agreement on the text of the Cyber Resilience Act (“CRA”). As a result, the CRA now looks set to finish its journey through the EU legislative process early next year. As we explained in our…
NYS Comptroller Audit: North Tonawanda City School District – Information Technology (2023M-102)
NYS Comptroller Thomas DiNapoli recently released an audit of the North Tonawanda City School District. Summary: Issued Date: November 03, 2023< [Read complete report – pdf] Audit Objective Determine whether North Tonawanda City School District (District) officials properly secured user account access to the network and managed user account permissions in financial and student information…