October 25, 2024 at 08:46AM CISA, FBI, and ACSC have released guidance aimed at assisting software manufacturers in creating secure deployment processes. This new security guide aims to strengthen the safety and reliability of software applications. The information was shared in a report by SecurityWeek. **Meeting Takeaways:** 1. **Publication of Guidance**: CISA (Cybersecurity and Infrastructure … Read more
July 8, 2024 at 09:29PM The Australian Signals Directorate, in collaboration with several international security agencies, has issued an advisory outlining the threat posed by a People’s Republic of China state-sponsored cyber group, particularly their targeting of Australian networks. The group, known as APT40, has been reported to conduct malicious cyber operations for the PRC … Read more
June 26, 2024 at 01:59PM The Cybersecurity and Infrastructure Security Agency (CISA) has released a report exploring memory flaws in 172 key open-source projects. It reveals that over half of these projects contain memory-unsafe code, emphasizing the importance of memory-safe languages like Rust, Java, and Go. CISA recommends safe coding practices and continuous testing to … Read more
December 19, 2023 at 06:03AM CISA, FBI, and ACSC have issued an advisory on Play ransomware, detailing its tactics, targets, and impact. The ransomware gang uses double-extortion tactics, exploits various vulnerabilities for access, and encrypts victim data. The advisory includes indicators of compromise, mitigation steps, and recommends testing security controls against the threat behaviors outlined … Read more
December 18, 2023 at 10:37AM A joint CSA from the FBI, CISA, and ASD’s ACSC provides IOCs and TTPs of the Play ransomware group impacting businesses in North and South America and Europe. The group employs a double-extortion model, encrypting systems after exfiltrating data. Recommendations include multifactor authentication, offline backups, and system updates to mitigate … Read more