Cybersecurity Headlines Sturnus captures encrypted chats, PowerSchool schools blamed, SEC security bill
18 snips
Nov 21, 2025 A new Android Trojan called Sturnus is causing chaos by capturing encrypted chat content and hijacking devices. Canadian regulators are pointing fingers at schools for their lackluster security that led to a PowerSchool hack. Meanwhile, cybersecurity takes a front seat as a new bipartisan bill aims to enhance data protection at the SEC. Plus, urgent directives are issued to patch critical vulnerabilities, while guidance on evasion attacks emerges from Germany's BSI. Stay informed and secure!
AI Snips
Chapters
Transcript
Episode notes
Fix Contracts And Rehearse Breach Response
- Include explicit privacy and security provisions in vendor contracts and actively monitor vendor controls.
- Prepare and rehearse breach response plans before incidents occur.
Schools Shared Blame In PowerSchool Breach
- Canadian investigators faulted schools for contract and oversight failures in the PowerSchool breach.
- Poor MFA implementation and weak breach response plans magnified the impact on students and schools.
Legislation Targets SEC Data Practices
- The SEC Data Protection Act of 2025 seeks uniform policies for handling sensitive market participant data.
- It aims to align SEC practices with federal and NIST standards to reduce systemic risk.