Cybersafety Sentinel August 2023 Week 3
Claudiu’s Top Post
Three decades of positive interaction between security researchers (or bug “finders”) and organizations have shown that public vulnerability disclosure can be a civilized and beneficial way to detect and report technology problems. The protocol just had to be defined. Now that “security.txt” has been standardized, will government agencies and the private sector step up? Read More
US Drafts EV Charging Network Cyber Guidelines
While the Biden administration pushes carmakers to electrify their products to help address the climate crisis, the main U.S. agency for technology and competition is pressing for cybersecurity guidelines for the industry to guard against domestic and international hacking. Read More
US Investigates Microsoft’s Government Email Hack
A U.S. review board tasked with investigating major cybersecurity incidents said it will begin looking at the recent intrusion of U.S. government email systems provided by Microsoft, whose handling of the incident drew ire and scrutiny from federal lawmakers and the wider security community. Read More
Citi Trends Investigated for Employee Data Breach
According to Citi Trends, the data breach took place on or around January 14, 2023 and resulted in the theft of personal information provided by employees and prospective employees, including full names, Social Security numbers, dates of birth, bank and financial account information, routing numbers, and other information shared in connection with employment. Read More
Deadline for $725M Facebook Privacy Settlement Nears
Anyone in the United States who had a Facebook account in the past 16 years has roughly one week left to file for payment in a data privacy settlement case. Facebook’s parent, Meta, in December agreed to pay $725 million to settle a host of privacy-related class action lawsuits alleging, among other things, that Facebook let third parties access its users’ private data and that of their friends without users’ permission. Read More
Zoom’s Data Mining Raises Privacy Concerns
As reported on Aug. 6, Zoom recently attempted to rewrite its Terms of Service with ambiguous language that would permit the extraction of user data for the purpose of training AI. However, after public pushback, Zoom began to rectify that clause the very next day, fully committing to a “no AI training” set of policies by Aug. 11. Read More
