November 12, 2024 at 07:11PM Jack Teixeira, a former Air National Guard member, was sentenced to 15 years in prison for stealing and sharing classified military secrets on Discord. His actions endangered national security, revealing sensitive information about U.S. operations and allies. Teixeira admitted to wrongdoing and was sentenced as a warning against such betrayals. … Read more
October 22, 2024 at 06:37PM A group of Democratic lawmakers has urged the US Department of Justice to prosecute tax preparation firms for illegally sharing taxpayer data with Meta and Google. They cite a Treasury Department investigation confirming these violations, which may lead to criminal penalties for the companies involved. Legal action status remains uncertain. … Read more
May 29, 2024 at 10:03AM The book “Freakonomics” applies economic principles to social phenomena, emphasizing the impact of incentives on decision-making. The rising number of reported software vulnerabilities (CVEs) raises concerns about the cybersecurity ecosystem and the incentive structure influencing vulnerability reporting. Issues include gaming the system for recognition, lack of accountability in submissions, and … Read more
May 24, 2024 at 09:59AM In October 2023, the SEC filed a landmark lawsuit against SolarWinds Corp. and its CISO, Timothy Brown, over alleged false statements about cybersecurity. CISOs should enhance communication with financial teams, ensure all statements are rigorously reviewed, maintain top-notch security policies, collaborate with assurance providers, and seek legal counsel amidst evolving … Read more
April 18, 2024 at 08:42AM Over 32 years in cybersecurity, managing risks related to service accounts has been a constant challenge. Service accounts should have limited access and perform specific functions. However, managing and securing them is often overlooked. Common gaps in knowledge include lack of visibility and understanding of the necessity and ownership of … Read more
November 28, 2023 at 01:38AM India’s Computer Emergency Response Team (CERT-In) has been granted immunity from Right To Information (RTI) requests. The reasons for the exemption are unknown, but it comes after an embarrassing incident where an RTI request revealed low compliance with CERT-In’s infosec incident reporting requirements. This move has been criticized by the … Read more