US school districts work through ransomware attacks to open. Patch Tuesday notes.

Cyber Attacks, Threats, and Vulnerabilities

Top U.S. federal election protection official says no sign of infrastructure hacks (U.S.) The official leading the effort to protect U.S. elections from foreign hacking said on Tuesday he had seen no signs of infiltration on computer systems used to record and tabulate votes.

CISA Director Lists Nation-State Actors, Cybercriminals, Disinformation as Top COVID Attack Vectors (Meritalk) Assessing the current threat landscape six months into the COVID-19 pandemic, Director of the Cybersecurity and Infrastructure Security Agency Christopher Krebs listed nation-state spies, cybercriminals committing fraud, and the spread of disinformation as top cyberattack vectors.

Will 'Typosquatting' Influence the 2020 Presidential Election? (CPO Magazine) The 2020 presidential election is being targeted by typosquatting, but most of the activity has been focused on stealing personal information rather than trying to sway the vote.

Belarus registers over 2.1 million cyber attacks in the last 31 days — 19% of all threats in Europe (Atlas VPN) As political tensions are growing in Belarus, so are the cyber threats. According to data presented by the Atlas VPN team, Belarus faced 2,125,592 cyber attacks in the last 31 days —that is 68,567 attacks per day on average. Cyber attacks directed at Belarus make up 19.02% of all the cyber threats aimed at Europe, placing Belarus in the number one spot in the continent.

Critical Vulnerabilities Expose MoFi Routers to Remote Attacks (SecurityWeek) A total of 10 vulnerabilities, including critical flaws that can be exploited to remotely hack a device, have been identified in MoFi routers

Chipmaker Tower Semiconductor recovers from mystery cyber-attack (The Daily Swig) Ransomware suspected – but unconfirmed – in debilitating assault

A data fail left banks and councils exposed by a quick Google search (WIRED UK) Details of more than 50,000 letters sent by banks and local authorities were left online for anyone to see

Brussels Workshop Weighs Risks of Satellite Hacking (SIGNAL Magazine) Experts map the dangerous new territory of cyber attacks on spacecraft.

Evilnum Cyberspies Update Arsenal in Recent Attacks (SecurityWeek) The cyberspy group tracked as Evilnum was observed using updated tactics and tools in recent attacks

How Kids’ Videogame Accounts Get Hacked: Advice for Parents (Wall Street Journal) The quarantine-induced surge in gaming last spring, especially among children, has brought with it a surge in fraudsters looking for opportunity.

Hartford schools open Wednesday after first day back postponed by citywide ransomware attack (Hartford Courant) Hartford students will have to wait a little longer to return to school. A computer ransomware attack caused an outage of critical city systems over the weekend, crippling the city’s ability to execute Tuesday’s school reopening, according to Hartford officials.

HPS Opening Postponed: Tuesday Sept 8 | Hartford Public Schools (Hartford Public Schools) Dear Families and Staff, We regret to inform you that we must postpone the opening of schools. There will be no in-person or online learning on Tuesday, September 8. We wanted to provide you with an important update about the impact on our systems.

Start of School in Hartford Delayed by Ransomware Attack (SecurityWeek) One the worst cyberattacks yet against Connecticut’s capital city forced officials to postpone the first day of school Tuesday, disrupting the day for thousands of families as city computer experts rushed to restore systems vital for school operations.

TPS cites cyber attack for online learning problems; Ottawa Hills returns to classroom (The Blade) The first day of classes at Toledo Public School got off to a bad start as technology issues brought to a halt the online instruction that was supposed to ...

Pickens school district says cyberattack caused internet outages district-wide (The Greenville News) A cyber attack caused an internet outage on all School District of Pickens County's devices during a week when most students in the district have eLearning.

CCSD says 'data security incident' on Aug. 27 was ransomware attack (FOX5 Las Vegas) Clark County School District notified parents and students of a "data security incident" Thursday afternoon.

ExamSoft Partner Suffered 440K User Data Breach… ExamSoft Still Says Everything’s Fine (Above the Law) ProctorU's mass data breach is just one more worry for bar examinees.

North Carolina Health System Notifies Patients of Data Breach (Government Technology) Atrium Health has notified patients that their personal information may have been compromised in the cyberattack against its donor management software vendor Blackbaud earlier this year.

Boulder Community Health Foundation grantees potentially affected by data breach (Longmont Times-Call) An attempted ransomware attack on Blackbaud, a global software company, potentially exposed the names and addresses of 71 people who had received grants from the Boulder Community Health Foundation…

University of Missouri Donors Alerted to Data Breach (Government Technology) University officials notified donors that some personal information, as well as wealth holdings and net worth, was accessed in a cyberattack against donor management software vendor Blackbaud in May.

Roughly 163,000 UK HealthCare patients affected by third-party data breach (The Courier-Journal) The security breach from Blackbaud, a software company, happened between February and May, when an unauthorized person accessed data, UK said.

Far-Reaching Third-Party Components Putting OT Networks at Risk (Claroty) Critical vulnerabilities in Wibu-Systems’ CodeMeter digital rights management (DRM) solution, prevalent across the industrial control realm, put machines at risk for denial-of-service and remote code execution attacks.

Siemens SIMATIC S7-300 and S7-400 CPUs (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC S7-300 and S7-400 CPUs Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in credential disclosure.

Siemens Siveillance Video Client (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Siveillance Video Client Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain valid administrator login names and use this information to launch further attacks.

Siemens SIMATIC RTLS Locating Manager (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC RTLS Locating Manager Vulnerabilities: Incorrect Default Permissions, Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a privileged local user to escalate privileges.

Siemens Spectrum Power (CISA) 1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: Spectrum Power Vulnerabilities: Cleartext Storage of Sensitive Information, Exposure of Information Through Directory Listing 2.

Siemens Polarion Subversion Webclient (CISA) 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Polarion Subversion Webclient Vulnerabilities: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS), Cross-site Request Forgery (CSRF) 2.

Siemens License Management Utility (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: License Management Utility Vulnerability: Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local users to escalate privileges.

Siemens Industrial Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: Siemens Industrial Products containing certain processors Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an authenticated user to enable information disclosure via local access.

Wibu-Systems CodeMeter (CISA) 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wibu-Systems AG Equipment: CodeMeter Vulnerabilities: Buffer Access with Incorrect Length Value, Inadequate Encryption Strength, Origin Validation Error, Improper Input Validation, Improper Verification of Cryptographic Signature, Improper Resource Shutdown or Release 2.

Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update C) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Low skill level to exploit Vendor: Siemens Equipment: SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK Vulnerability: Unquoted Search Path or Element 2.

Siemens SIMATIC HMI Products (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC HMI Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authentication Bypass by Primary Weakness 2.

Siemens UMC Stack (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: UMC Stack Vulnerabilities: Unquoted Search Path or Element, Uncontrolled Resource Consumption, Improper Input Validation 2.

Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: RUGGEDCOM, SCALANCE, SIMATIC, SINEMA Vulnerabilities: Uncontrolled Resource Consumption, Improper Input Validation 2.

Siemens SCALANCE & SIMATIC (Update B) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE, SIMATIC Vulnerability: Resource Exhaustion 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-105-07 Siemens SCALANCE & SIMATIC (Update A) that was published August 11, 2020, to the ICS webpage on us-cert.gov.

Siemens SIMATIC PCS 7, SIMATIC WinCC, and SIMATIC NET PC (Update E) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC PCS 7, SIMATIC WinCC, SIMATIC NET PC Vulnerability: Incorrect Calculation of Buffer Size 2.

Siemens PROFINET Devices (Update H) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: PROFINET Devices Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-19-283-02 Siemens PROFINET Devices (Update G) that was published August 11, 2020, to the ICS webpage on us-cert.gov.

Siemens Industrial Products (Update I) (CISA) 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Industrial Products Vulnerabilities: Excessive Data Query Operations in a Large Data Table, Integer Overflow or Wraparound, Uncontrolled Resource Consumption 2.

Threat gardening: What CISOs can learn from 'mystery seeds' (SC Media) The U.S. Department of Agriculture is working with federal and state agencies to investigate the recent instances of seeds being delivered to U.S.

Security Patches, Mitigations, and Software Updates

Zero Day Initiative — The September 2020 Security Update Review (Zero Day Initiative) September is upon us and so are the latest security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details of security patches for this month. Adobe Patches for September 2020 Adobe released three patches addressing 18 uniqu

Microsoft Patch Tuesday, Sept. 2020 Edition (KrebsOnSecurity) Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users.

Microsoft addresses 129 security vulnerabilities in its September 2020 Patch Tuesday update (Computing) Twenty-three are rated as 'Critical', many affect SharePoint

Adobe fixes critical vulnerabilities in InDesign and Framemaker (BleepingComputer) Adobe has released security updates to address twelve critical vulnerabilities that could make it possible for attackers to execute arbitrary code on devices running vulnerable versions of Adobe InDesign, Adobe Framemaker, and Adobe Experience Manager.

Adobe Patches Critical Code Execution Flaws in AEM, FrameMaker, InDesign (SecurityWeek) Adobe has patched several critical code execution vulnerabilities in its AEM, FrameMaker, and InDesign products

Google Announces Confidential GKE Nodes, General Availability of Confidential VMs (SecurityWeek) Google announces an expansion of its Confidential Computing portfolio, with the general availability of Confidential VMs and the addition of Confidential GKE (Google Kubernetes Engine) Nodes

Cyber Trends

Survey: SMBs Increasingly Have to 'Do More with Less' When it Comes To Cybersecurity (Untangle) Remote Work Exasperated by COVID-19 Puts Additional Strains on IT Security Teams SAN JOSE, Calif.– September 8, 2020 – Untangle® Inc., a leader in comprehensive network security for small-to-medium bu

The hidden costs of losing security talent (IFSEC Global | Security and Fire News and Resources) Steve Zurier, Contributing Writer at Dark Reading, explains how one person's exit can set off a chain of costly events.

Businesses Fear Insider-Enabled Data Breaches (Infosecurity Magazine) Over three quarters of businesses fear their organization will suffer a data breach

Almost a Quarter of UK Work Computers Lack Adequate Security Software (Infosecurity Magazine) Research finds UK orgs risk exposing corporate devices to cyber-threats

Why vishing is the new phishing and how to guard against it [Q&A] (BetaNews) We're all familiar with the menace of phishing but, particularly following the recent Twitter attack, other methods of stealing credentials have been on the rise.

Marketplace

Telefónica Acquires Cyber Security Firm iHackLabs (Fast Mode) Telefónica Tech, through its cybersecurity company ElevenPaths, this week announced the acquisition of iHackLabs

Snyk Closes $200M Series D as Valuation Surpasses $2.6B (PR Newswire) Developer-first security company Snyk has secured a $200 million investment, led by Addition, an investment firm founded to support visionary...

Ava completes unified security merger (ITWeb) The merger between Jazz Networks and Vaion positions Ava to deliver unified cyber and physical security solutions to organisations worldwide.

CRA Acquires Security Weekly to Advance Cybersecurity; Doug Manoni Quoted (Executive Gov) CyberRisk Alliance (CRA) has acquired Security Weekly, an authoritative podcast network serving the

CyberRisk Alliance acquires podcast and video company Security Weekly (SC Media) CyberRisk Alliance (CRA), the parent company of SC Media, announced the acquisition of podcast network Security Weekly. Established in 2005 by

KnowBe4 IPO Could Come Late 2020, Value Firm At Over $2B: Report (CRN) Security awareness training vendor KnowBe4 has engaged investment banks to help with preparations for a U.S. initial public offering (IPO), according to Reuters.

Samsung reportedly cutting off chip sales to Huawei (The Verge) New Trump administration sanctions take effect this month.

The Economic Impact Of Coronavirus On Crowdsourced Security Market Bugcrowd, Hackerone, Detectify, Synack.Com, Applause App Quality, Inc - Kewaskum Statesman News Journal (Kewaskum Statesman News Journal) Data Bridge Market Research has recently published the Global research Report Titled: “Crowdso

How one cybersecurity firm keeps its marketing human (Ad Age) Why White Ops avoids buzzwords, technical jargon and the hard sell.

New Research Shows that Breach and Attack Simulation Technology is Key for Managing Cyber Risk in a World of Growing Complexity (PR Newswire) XM Cyber, the multi-award-winning leader in breach and attack simulation (BAS) software, was recognized by Frost & Sullivan for offering a...

ManTech Board of Directors Taps Kevin Phillips as Chair (WashingtonExec) ManTech CEO Kevin Phillips has been elected to serve as the company's chairman of the board of directors, succeeding co-founder George Pedersen as he

New Hire Announcement: Chief Revenue Officer - LiveView Technologies (PR Newswire) LiveView Technologies (LVT) is pleased to announce the appointment of Dave Norton as Chief Revenue Officer. Dave is now responsible for all...

Robert Cardillo makes Aussie connection (Intelligence Online) Robert Cardillo, the former head of the National Geospatial-intelligence Agency...

Okta appoints Alvina Antar as CIO (Information Age) Okta, the independent provider of identity for the enterprise, has announced the appointment of Alvina Antar as its new CIO

Products, Services, and Solutions

Portshift Announces Availability of Cloud-Native Workload Protection P (PRWeb) Portshift, the cybersecurity industry’s leading provider of Kubernetes-native security solutions, today announced that the company's Cloud Workload Pro

Proofpoint Launches People-Centric Enterprise Data Loss Prevention (DLP) and Introduces Nexus People Risk Explorer (Proofpoint) Cybersecurity leader also enhances its CASB and BEC/EAC protection to reduce risk across all key channels

QOMPLX Launches The CMMC Pre-Assessment Solution To Better Prepare Defense Contractors For The Cybersecurity Maturity Model Certification (PR Newswire) QOMPLX™, an intelligent decision platform provider, today announced the release of the CMMC Pre-Assessment, a solution to help prepare defense...

Technologies, Techniques, and Standards

Assessing the cost of a cyber security breach: Draft costing tool (Ipsos MORI) We are developing a tool for the Department for Digital, Culture, Media and Sport to help organisations better understand the full extent of the costs they might incur from cyber security breaches. This is a version of that tool for testing.

VPNs: The Cyber Elephant in the Room (Dark Reading) While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.

The Curious Case of the Baltimore Ransomware Attack: What You Need to Know (Heimdal Security Blog) The Baltimore ransomware attack took place in May 2019 and mitigation efforts lasted more than 2 months. Here's what you can learn from it.

Lessons learned from the Equifax data breach (Security Magazine) Three years later, what are some of the lessons learned about the Equifax data breach, which exposed the personal information of 147 million people?

MS-ISAC adds domain-blocking service for state and local governments (StateScoop) The Center for Internet Security has announced a new service to help block malicious web traffic from harming state and local governments.

Building an Effective SOC Begins a with a Mindset Overhaul (Respond Software) Even with the deepest pockets, there’s still not enough people to pace with the demands of today’s SOC. Learn what it takes to build a cost-effective SOC.

How do I select a remote workforce protection solution for my business? (Help Net Security) To select a remote workforce protection solution for your business, you need to think about a variety of factors. Get guidance from the pros.

Deleting Files Doesn’t Destroy Your Data (ERI) To protect your personal or business information, you delete old files. It’s the steps most people do take and think that’s good enough.

Bring in the experts: It's time to secure your home network (Chattanooga Times Free Press) Not all that long ago, managing your home network's security didn't involve much more than installing an antivirus program on your PC. If only it were still so simple.

Webcast: How to Present: Secrets of a Retired SANS Instructor (Black Hills Information Security) Ok, that was a bit of a dramatic title. But, it works. In this Black Hills Information Security (BHIS) webcast, John covers the tips and tricks on how to effectively present technical topics to large and small groups. This presentation includes, but is not limited to: crotch sniffing dogs, heart attacks, how […]

Design and Innovation

5G security suffering from too many cooks in the kitchen (Light Reading) The Department of Homeland Security's cybersecurity agency said it's going to 'analyze components from 5G vendors,' but the details of the program are unclear at best.

A robot wrote this entire article. Does that scare you, human? | GPT-3 (the Guardian) We asked GPT-3, OpenAI’s powerful new language generator, to write an essay for us from scratch. The assignment? To convince us robots come in peace

Research and Development

Bitglass Secures Patent for the Invention of SAML Relay (Enterprise Security) Bitglass bags fundamental patent for cloud access control for the invention of SAML relay, which enforces transparent, real-time controls on cloud services.

Academia

NSA, NCMF Lay Out Design Plans for Cyber Center for Education and Innovation (SecurityWeek) The NSA and the NCMF last week shared information on the design plans for the proposed Cyber Center for Education and Innovation (CCEI)

Legislation, Policy and Regulation

European Parliament Debates the Impact of Schrems 2 on EU-US Data Transfers (cyber/data/privacy insights) On 3 September 2020, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee) held a debate with the EU Commission, the European Data Protection Board a…

Swiss Pact Doesn't Protect Data Sent To US, Regulator Says (Law360) Companies that want to transfer personal data from Switzerland to the U.S. can no longer rely on a Privacy Shield pact similar to the one recently invalidated by Europe's top court, after Switzerland's data protection regulator on Tuesday declared the deal inadequate.

Beijing floats a plan to protect Chinese companies from American cyber 'bullying' (CyberScoop) If Chinese technology companies are going to lose global market share amid concerns about their ties to the Communist government, Beijing isn’t going to let that happen quietly.

The Coming Tech Cold War With China (Foreign Affairs) Beijing Is Already Countering Washington’s Policy

How to Compete in Cyberspace: An Accompaniment (Lawfare) Gen. Paul Nakasone, the director of the NSA and commander of U.S. Cyber Command, has a new article in Foreign Affairs. Here are some thoughts on it.

Al Qaeda’s Franchise Reboot (Foreign Affairs) An Aging Jihadi Brand Still Inspires the Next Generation

Senate Republicans Push Bill to Weaken Liability Shield for Online Platforms (Wall Street Journal) Three GOP senators introduced legislation that would make social-media platforms more responsible for their online content, an initiative likely to face fierce resistance from Silicon Valley.

Lawmakers cautiously optimistic about creation of national cyber director (Federal News Network) Despite concerns from the White House, leaders of the House Armed Services Committee think they can create the new role.

Deputy Fed CIO Roat: Security Built into Federal Modernization, Workforce Must be Cyber Ready (Meritalk) Deputy Federal CIO Maria Roat asserted at the Billington Cybersecurity Summit that the Federal government is using a DevSecOps approach to integrate security into every aspect of modernization, but she insisted that the workforce must be cyber ready to be entirely secure.

Former NSA Deputy Director Calls for Cyber Education Strategy, Investment (Meritalk) Former National Security Agency (NSA) Deputy Director Chris Inglis knows something about cyber education. Inglis is a professor – currently serving as the Looker Distinguished Visiting Professor of Cyber Studies at the U.S. Naval Academy – and he says the nation needs more coordination and investment in cyber education to meet its needs going forward.

US Voters Told To Be Patient with Presidential Election Results (Voice of America) Officials charged with securing the upcoming U.S. presidential election warn the greatest danger may come from a wave of disinformation unleashed by U.S. adversaries in the hours after polls across the country begin to close. The officials fear that is when the country will be most vulnerable, with many Americans expecting to see a winner declared on Election Day.

Election Security Leaders Focused on Building Public Confidence, Countering Misinformation (Meritalk) With the 2020 General Election a mere eight weeks away, election officials at both the state and Federal level are preparing for the final sprint to Nov. 3.

CMMC Accreditation Board Drops “Diamond” Partner Scheme After Industry Outrage (Oxebridge) The CMMC Accreditation Board (CMMC-AB) has removed language from its official webpage offering “Diamond” membership to those willing to pay $500,000, in what was called by Oxebridge a “Who’s Who” style vanity scheme.

Utility sector wary of new security rules for distributed resources (Utility Dive) Federal regulators are considering stricter security rules for smaller grid resources, but the utility sector says ample protections are in place.

ICSJWG presentation - “Presidential Executive Order 13920 and the OT Maginot Line” (Control Global) Cyber security was initially an IT function. To IT, the primary issue was to protect the Internet Protocol (IP) network. Consequently, all monitoring and protection occurred at the IP networks which inherently contain cyber security and cyber logging.

Litigation, Investigation, and Enforcement

Online voting vendor Voatz urges Supreme Court to limit security research (Ars Technica) Unauthorized security research can “cause harmful effects,” Voatz says in baffling brief.

AT&T Sheds More Claims In Crypto Investor's $24M Hack Suit (Law360) A California federal judge on Tuesday trimmed claims from a cryptocurrency investor's suit accusing AT&T of failing to protect his personal data before a hack that purportedly cost him $24 million, saying the suit didn't allege the telecom giant had acted with malice.

Ex-SEC Staffer Takes Plea In Private Equity Leak Case (Law360) A former U.S. Securities and Exchange Commission staffer accused of improperly accessing information about a pending investigation into a private equity firm before he left to join the company copped Tuesday to a misdemeanor count of stealing government property.

Pa. AG Asked To Investigate Online Bar Exam Security (Law360) More than 50 people waiting to take the Pennsylvania bar exam online in October asked the state attorney general to investigate the security of exam administrator ExamSoft Inc. on Tuesday, saying many applicants saw attempts from third parties to use their personal information soon after they downloaded the company's software.

Abuse survivors seek damages over data breach (BBC News) The Executive Office has confirmed it is in negotiations with victims who had their identities leaked.