December 3, 2024 at 02:52PM CISA issued guidance to strengthen defenses against the Salt Typhoon Chinese threat group, which compromised major telecoms like AT&T and T-Mobile, accessing sensitive data. The advisory includes hardening practices such as timely device updates, disabling insecure protocols, and enhancing visibility into network activities. Vigilance is emphasized for effective defense. ### … Read more
November 22, 2024 at 12:39PM In June 2017, A.P. Møller – Maersk suffered a severe software attack, attributed to the NotPetya malware from a Ukraine-Russia conflict, causing $10 billion in damages. CISA’s recent Secure by Demand guidance urges buyers to ensure software safety through independent validation and comprehensive analysis, beyond just questionnaires and SBOMs. ### … Read more
November 30, 2023 at 06:06AM The US cybersecurity agency CISA launched Secure by Design (SbD) alerts, encouraging software manufacturers to build products with proactive security measures to mitigate vulnerabilities, particularly in web management interfaces. The new alerts focus on vendor practices that can globally reduce harm, emphasizing the need for default security features, customer security … Read more
November 20, 2023 at 10:09AM The US cybersecurity agency CISA has published a guidance document to help healthcare and public health organizations understand cyber threats and risks in their sector. The document incorporates vulnerability trends and provides recommendations on asset management, identity management, device security, patching, and vulnerability remediation. The agency emphasizes the need for … Read more