Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty

Statement to be submitted by the Electronic Frontier Foundation, accredited under operative paragraph No. 9 of UN General Assembly Resolution 75/282, on behalf of 124 signatories. We, the undersigned, representing a broad spectrum of the global securit… Continue reading Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty

IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks

Brandon Vigliarolo reports: Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. T… Continue reading IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks

Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say

David DiMolfetta reports: Cybersecurity and technology trade groups are urging agencies to rethink a proposed measure that would intensify requirements for federal contractors when they report cybersecurity incidents, arguing they are inconsistent with… Continue reading Proposed contractor cyber reporting rule sets a ‘significantly problematic’ bar, industry groups say

Italy government proposes tougher jail terms for cybercriminals

Reuters reports: Italy’s government is set to propose tougher jail terms for cybercrime and stricter disclosure rules for public bodies that come under attack from hackers, according to a draft law seen by Reuters on Wednesday. The bill, set for … Continue reading Italy government proposes tougher jail terms for cybercriminals

SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit

Skye Witley reports: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its so… Continue reading SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit

Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions

Alexander Boyd , Colin H. Black of Polsinelli PC write: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal informa… Continue reading Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions

Dutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment

Kristof Van Quathem of Covington and Burling writes: In December 2023, the Dutch SA fined a credit card company €150,000 for failure to perform a proper data protection impact assessment (“DPIA”) in accordance with Art. 35 GDPR for its “identification … Continue reading Dutch SA Sanctions Credit Card Company for Failure to Perform Data Protection Impact Assessment

German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?

Over on Infosec.Exchange, Will Palant posted: Yellow Flag @WPalant@infosec.exchange German law is making security research a risky business. Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a softw… Continue reading German security researchers at risk of prosecution for “hacking” because of a plain text hardcoded password?