Vulnerability Disclosure Program — learn more about it — The Hacker News

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

China's New Law Requires Researchers to Report All Zero-Day Bugs to Government

China’s New Law Requires Researchers to Report All Zero-Day Bugs to Government

July 17, 2021Ravie Lakshmanan

The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosures regulations that mandate security researchers uncovering critical flaws in computer systems to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The ” Regulations on the Management of Network Product Security Vulnerability ” are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks. “No organization or individual may take advantage of network product security vulnerabilities to engage in activities that endanger network security, and shall not illegally collect, sell or publish information on network product security vulnerabilities,” Article 4 of the regulation states. In addition to banning sales of previously unknown security weaknesses, the new rules also forbid vulnerabilities from being


Want to learn coding, app development, or even guitar? These classes are on sale for $20 in honor of Memorial Day

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.

Whether you’ve been in the market for a career change or you just want to learn a fun new hobby, it can be hard to know where to turn to for classes. 

Luckily, for Memorial Day, these course bundles are majorly marked down. From ASL courses that will help you get your certification, to app design courses that will help you create something of your own, there’s something here for everyone. Plus, all of these guides are taught by highly sought-after professionals who will make learning fun, engaging and easy. Go ahead and give your resume a much-needed refresh with one of the courses below. 

The Complete Stock & Cryptocurrency Investment Toolkit Bundle – $20; originally $1,815

If you’ve been curious about investing in stocks and even cryptocurrency, but you feel like you don’t have the background knowledge to make the jump, this class bundle will help you out. It offers 54.5 hours of classes that will teach you what to look for and how to go about investing. 

The Become a Professional YouTuber Bundle – $20 with coupon; originally $1,600

Here, you’ll learn everything you need to know to create and build a business off of your YouTube channel. From shooting and editing to marketing, this course bundle covers how to maximize your channel to its highest potential.

The Ultimate Amazon FBA & Dropship Master Class Bundle – $20 with coupon; originally $1,292

Learn to set up and run a successful Amazon shop with this class. It offers 40 hours of material that will show you how to set up your Amazon business, source products, dropship to customers, and more.

The Premium Learn to Code 2021 Certification Bundle – $20 with coupon; originally $4,056

Whether you’ve wanted to learn to code for your job or just to boost your resume, the course bundle will help you out. It offers more than 270 hours on widely-used languages such as Python, Java, and JavaScript. You’ll even discover how Python is applied in machine learning.

The All-In-One 2021 Super-Sized Ethical Hacking Bundle – $20 with coupon; originally $3,284

With the increase in data leaks this past decade, internet security is a hotter topic than ever. This is the perfect course for those looking to make a career move into…


Ethical Hacking & Computer Security MSc at Abertay

Lessons Local Utilities Can Learn from the Oldsmar Water Plant Hack

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Anatomy of the Oldsmar Water Plant Attack

The FBI, the Department of Homeland Security, the U.S. Secret Service and the Pinellas County Sheriff’s Office are investigating the attack in Oldsmar, and it is unclear where the attack originated from and what the motivations of the attacker or attackers were.

According to a Massachusetts state advisory describing FBI findings on the attack, on Feb. 5, unidentified malicious actors “obtained unauthorized access, on two separate occasions, approximately five hours apart, to the supervisory control and data acquisition (SCADA) system” used at the plant.

They accessed the SCADA system “via remote access software, TeamViewer, which was installed on one of several computers the water treatment plant personnel used to conduct system status checks and to respond to alarms or any other issues that arose during the water treatment process.”

According to ProPublica, the city had actually stopped using TeamViewer six months earlier, but never disconnected the program.

LEARN MORE: What are the main security vulnerabilities in a smart city?

Alarmingly, according to the advisory, all computers used by personnel at the Oldsmar plant were connected to the SCADA system and used an outdated, 32-bit version of the Windows 7 operating system. Even more worrisome, the Massachusetts advisory states, “computers shared the same password for remote access and appeared to be connected directly to the Internet without any type of firewall protection installed.”

A plant operator noticed the first intrusion, according to ProPublica, but “didn’t think much of it” Pinellas County Sheriff Bob Gualtieri said at a news conference. It wasn’t until after the second intrusion, when the attacker took over a computer and changed the amount of sodium hydroxide in the water from 100 parts per million to 1,100 parts per million, that the plant worker alerted his boss. The worker lowered the levels of sodium hydroxide and the city called the county sheriff’s office three hours later, ProPublica reports.

“This is dangerous stuff,” Gualtieri said, according to The New York Times. “It’s a bad act. It’s a bad actor. It’s not just a little…