CISA Adds 21 Vulnerabilities to Catalog
Last week, The Cybersecurity and Infrastructure Agency (CISA) alerted federal agencies to 75 new additions to its new Known Exploited Vulnerabilities Catalog. Affected software includes products from Cisco, Microsoft, Adobe and Oracle. A significant number of the bugs are old flaws—some more than a decade old—and have already been highlighted by NIST. The catalog, which was launched in November 2021, is part of an ongoing effort by CISA to increase awareness of vulnerabilities.
Verizon Issues Annual Data Breach Report
In its fifteenth annual Data Breach Investigations Report (DBIR), Verizon highlighted the trends that shaped the past year, noting that ransomware continued its upward trend from years prior—up 13 percent over last year. The report also notes that attacks on supply chains helped to create concern over cyberwarfare between nations, noting that of the 23,896 security incidents analyzed, 4 in 5 breaches can be attributed to organized crime.
Transparency Watchdog Releases AI Guidelines
Mexico’s National Institute for Transparency, Access to Information and Personal Data Protection released “Recommendations for the Processing of Personal Data,” an ethical guide for using AI to process personal data. According to IAPP, “It touches on topics including AI in education, the public and private sectors, cloud computing and privacy by design.”
VPN Providers Leave India Over New Law
At the end of April, the Indian government updated section 70B of the Information Technology (IT) Act, 2000 to add several measures, including a new breach-reporting requirement that gives service providers, intermediaries, data centers, companies and government organizations six hours to report breaches to CERT-IN. Tech companies, including Expressvpn, have argued against the rule, noting that, “Under India’s new VPN rule, which is set to come into effect on June 27, 2022, companies will be required to store users’ real names, IP addresses assigned to them, usage patterns, and other identifying data…so today we have withdrawn our physical VPN servers from India.”
- City of Portland
- EMC National Life Company
- Albany Bank & Trust Co.
- General Motors
- Pegasus Airline
* * * * * * *
To read our coverage on our Polymorphic Encryption explainer and how businesses can utilize this technique for data security, click here.
To read our coverage on the proposed changes to the California Consumer Privacy Act of 2018 (CCPA)—as amended by the California Privacy Rights Act of 2020 (CPRA), click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
Stay tuned for this week’s in-depth discussion on ADCG’s Privacy and Cybersecurity Podcast. Our Podcasts are released every Thursday, here. They can also be enjoyed on Spotify and Apple Podcasts. Don’t forget to subscribe!