The Biden administration is moving forward with a plan to enhance cloud infrastructure security by requiring companies to collect personal information from users, despite intensifying backlash from executives at Amazon and other tech giants. The White House says the proposed cloud security policy — dubbed Know Your Customer (KYC) — is crucial for disrupting hackers […]
The Cybersecurity and Infrastructure Security Agency launched its first-ever national public service campaign to raise awareness of cybersecurity in local communities, including for families and small businesses. The Secure our World campaign is designed to teach people and businesses in local communities how to stay safe online. The campaign includes public service announcements on television, […]
Researchers have discovered the infrastructure linked to a threat group called ShadowSyndicate, believed to have launched attacks using seven distinct ransomware families in the last year. Active since June 2022 or earlier, connections between this group and the developers of Cl0p, Play, Royal, and Cactus ransomware have been highlighted in a study by Group-IB and […]
The US Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance designed to improve the accuracy of risk assessments related to hardware products in the supply chain. The Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management is the work of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) […]
The US Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Football League (NFL), Allegiant Stadium and Super Bowl LVIII partners, has conducted a cybersecurity tabletop exercise this week in preparation for Super Bowl LVIII. The exercise aimed to assess and enhance cybersecurity response capabilities, plans and procedures for the upcoming event. The Super […]
The Cybersecurity and Infrastructure Security Agency is urging the software industry to embrace the use of memory safe programming languages as part of a wider effort to eliminate security vulnerabilities in code. CISA called for the changes alongside a push to embrace secure-by-design practices during the software development stage and to increase the security of […]
The Cybersecurity and Infrastructure Security Agency (CISA) added eight bugs on Monday and another on Tuesday to its list of known exploited vulnerabilities, giving federal civilian agencies three weeks to patch the issues which affect products from MinIO, Samsung, Realtek, Zyxel, Laravel and Owl Labs. Cybersecurity experts focused in on the vulnerabilities affecting Owl Labs, […]
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has announced it is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect these crucial units from hacker attacks.
Since June of this year, the CA/Browser Forum (CABF) — a public key infrastructure (PKI) industry group — made hardware key generation mandatory for even regular code signing certificates. This is an additional effort to address private key protection by making it more difficult to steal private keys and certificates from computers since they cannot […]