Security Leftovers
-
TechCrunch ☛ 23andMe says hackers accessed ’significant number' of files about users' ancestry | TechCrunch
23andMe revealed new details about its data breach. The company says it's notifying at least 14,000 users, but the actual number is likely far higher.
-
Bleeping Computer ☛ Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
-
EFF ☛ Latest Draft of UN Cybercrime Treaty Is A Big Step Backward
The proposed treaty, originally aimed at combating cybercrime, has morphed into an expansive surveillance treaty, raising the risk of overreach in both national and international investigations. The new draft retains a controversial provision allowing states to compel engineers or employees to undermine security measures, posing a threat to encryption.
This new draft not only disregards but also deepens our concerns, empowering nations to cast a wider net by accessing data stored by companies abroad, potentially in violation of other nations’ privacy laws. It perilously broadens its scope beyond the cybercrimes specifically defined in the Convention, encompassing a long list of non-cybercrimes. This draft retains the concerning issue of expanding the scope of evidence collection and sharing across borders for any serious crime, including those crimes that blatantly violate human rights law. Furthermore, this new version overreaches in investigating and prosecuting crimes beyond those detailed in the treaty; until now such power was limited to only the crimes defined in article 6-16 of the convention.
We are deeply troubled by the blatant disregard of our input, which moves the text further away from consensus. This isn't just an oversight; it's a significant step in the wrong direction.
-
Scoop News Group ☛ Bipartisan House legislation calls for two new federal cybersecurity training programs [Ed: This won't work if they still allow people to deploy proprietary backdoorware such as Windows]
The Federal Cybersecurity Workforce Expansion Act would establish an apprenticeship program at CISA and a VA pilot program to train veterans on cyber work.
-
Security Week ☛ Staples Confirms ‘Cybersecurity Risk’ Disrupting Online Stores
Office supply retail giant confirms security incident disrupted online orders, communications channels and customer service lines.
-
Security Week ☛ Congressmen Ask DOJ to Investigate Water Utility Hack, Warning It Could Happen Anywhere
Members of Congress asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting CISA to warn other water and sewage-treatment utilities that they may be vulnerable.