October 2, 2024 at 11:05AM The U.S. cybersecurity agency CISA has issued a warning about two critical vulnerabilities in Optigo Networks ONS-S8 Aggregation Switch products, used in critical infrastructure worldwide. The flaws allow bypassing of password requirements and could lead to remote code execution. No fixes are available, so users are advised to apply suggested … Read more
June 14, 2024 at 10:27AM Ascension disclosed a ransomware attack compromising the personal and health information of unknown patients. The incident disrupted their electronic health record system, leading to patient diversions and an ongoing investigation. The attack exfiltrated files from seven servers, potentially containing PHI and PII. Ascension is offering free credit monitoring and identity … Read more
April 18, 2024 at 10:45AM Government agencies from the Five Eyes countries have released joint guidance on deploying and operating externally developed artificial intelligence systems. The guidance focuses on protecting data and AI systems, and includes methodologies for securing the deployment environment, protecting the AI system, and ensuring secure operation and maintenance. The document is … Read more
March 20, 2024 at 06:21AM The US government and international partners issued another warning about China’s Volt Typhoon cyber gang targeting critical infrastructure, advising protection measures. They emphasized guidance for non-technical senior leaders, urged cybersecurity best practices, and highlighted the importance of incident response plans and securing the supply chain. The advisory reiterated the gang’s … Read more
February 26, 2024 at 03:01PM The National Institute for Standards and Technology (NIST) released Cybersecurity Framework 2.0 after years of deliberation. This update expands its recommendations beyond critical infrastructure, now including a sixth function, Govern, and addressing supply chain risks. The framework provides guidance, a searchable catalog, and references to aid organizations in cybersecurity risk … Read more
February 4, 2024 at 12:19PM The U.S. government neutralized the China-linked Volt Typhoon botnet hijacking U.S.-based SOHO routers vulnerable due to end-of-life status. The botnet facilitated covert data transfer through compromised routers and VPN hardware, impacting critical infrastructure sectors. Law enforcement efforts aimed to disrupt the botnet’s activities, emphasizing the need for secure-by-design practices in … Read more