CyberScoop reports that Microsoft has expressed concern about provisions under the United Nations' cybercrime treaty that advance government access to personal data, following the suit of human rights groups that have already criticized portions of the draft.
Aside from enabling potentially increased government surveillance powers, the UN cybercrime treaty also lacks protections for surveillance targets and ethical hackers, according to Microsoft.
"We need to ensure that ethical hackers who use their skills to identify vulnerabilities, simulate cyberattacks, and test system defenses are protected. Key criminalization provisions are too vague and do not include a reference to 'criminal intent,' which would ensure activities like penetration testing remain lawful," said Microsoft Associate General Counsel for Cybersecurity Policy and Protection Amy Hogan-Burney in a LinkedIn post.
However, such concerns for the treaty, which has been backed by both China and Russia, could still be addressed as negotiations continue until Sept. 1, said former U.S. cyber diplomat Chris Painter.
"In particular, the scope issue is critical as Russia and its allies want a very broad scope that risks criminalizing dissent and other things we believe should be protected. There isn't really much of a middle ground here so this threshold issue (as well as others) is critical," said Painter.
The Open Source Security Foundation has unveiled the new Siren threat intelligence sharing list that seeks to facilitate real-time information sharing regarding security flaws impacting open source projects, reports The Register.
CyberScoop reports that escalating cybersecurity threats against the U.S. water infrastructure have prompted the Environmental Protection Agency to commit to bolstering its security-focused inspections and enforcement activities in water utilities nationwide.
Hackread reports that cyberattacks aimed at the ongoing Indian general elections have risen by almost 300% since last year, with the polls being targeted by 16 independent hacktivist operations, including Anonymous Bangladesh and Anon Black Flag.