Re: For this to be announced as a CISA bulletin implies some importance
"One also wonders how many of these incidents are not being publicized. We know banks/etc. don't like to publish the fact that their security is lax and has been breached. Same for industrial/corporations/governments."
That would depend on the home-ground country . Here in Europe the GDPR laws oblige the companies to admit to breaches very quickly or alternatively pay a "potentially" high price later.. ( We've not really seen any major fines getting handed out other than to the usual targets of Google/Microsoft). And of those fines that have been given out we do not even know of they have been paid...
In the states, and especially when dealing with government facilities, I am not sure how that would work. ( This is with the presumption that it is a Governmental facility)..
I also sincerely hope that these facilities are also not relying in DotNet or any other form of MS Library DLL for the actual hardware side of things, now that would be truly frightening.
Biting the hand that feeds IT
