Security News for the Week Ending July 23, 2021
FTC Votes UNANIMOUSLY to Enforce Right to Repair
As companies like John Deere and Apple fight to keep their exceptionally lucrative repair business to themselves, the Federal Trade Commission voted unanimously this week to enforce laws around right to repair. While this won’t eliminate all the barriers to users fixing stuff that they paid thousands to millions of dollars for, it will help. The FTC says it will investigate right to repair practices in light of anti-trust laws and consumer protection laws. This should also be a boost for states that are considering laws allowing consumers to fix their stuff. Credit: Wired
More Troubles in Chip-ville
As the auto industry and others are significantly impacted by a lack of computer chips, Vietnam is closing chip factories in the wake of Covid outbreaks. Samsung, for example, which makes over half of its phones in Vietnam, is reducing its workforce from 7,000 to 3,000 in an attempt to at least keep some production going. This is not going to get better any time soon. Credit: The Register
Serial Swatter Gets 60 Months in Jail
Shane Sonderman was sentenced to 60 months for creating a false distress call to the police, called swatting, that led to his victim dying of a heart attack. Sonderman wanted the victim to turn over his Twitter handle @Tennessee to him. He should have gotten 60 years, in my opinion. Credit: Brian Krebs
Lawmakers Propose Mandatory Incident Reporting Bill For a Few Companies
Getting Congress to anything useful these days is incredibly hard. This bill makes a tiny, little step in the right direction. It would require critical infrastructure operators, federal contractors and agencies and privacy cybersecurity firms to report to the government if their networks were targeted or successfully hacked. Given this group of people are targeted on an hourly basis, I hope the feds have a lot of people to read these reports. They can be fined 0.5 percent of their previous year’s revenue PER DAY for failing to report in a timely manner. Credit: The Record
Saudi Aramco Data Breach Exposes 1 TB of Data – Now for Sale
It seems like Saudi Aramco cannot catch a break. Between malware and ransomware and now a huge data breach, they don’t seem to be able to catch a break. The hackers are offering the data for sale on the dark web at an asking price of $5 million. Some of the stolen data dates back to 1993 (why is this still online?). Data is said to include employee info, project details, administrative communications, network documentation, facilities maps and client info. The hackers say they are currently negotiating with 5 buyers. Exclusive access to the data plus a promise to wipe it will cost around $50 million. NOTE: SAUDI ARAMCO SAYS THIS IS NOT A BREACH OF THEIR NETWORK BUT RATHER A VENDOR BREACH – VENDOR CYBER RISK MANAGEMENT AGAIN. Credit: Bleeping Computer