Jetpack fixes 8-year-old flaw affecting millions of WordPress sites

October 18, 2024 at 06:34PM A critical security update for the Jetpack WordPress plugin has been released due to a vulnerability that could expose user data. Site administrators are advised to ensure the latest version is installed. Meanwhile, the EU has implemented new reporting rules for cybersecurity incidents, and a free DNS service for UK … Read more

Congress Advances Bill to Add AI to National Vulnerability Database

September 26, 2024 at 02:37PM The House committee advanced a bill allowing the NIST to formalize reporting of AI security vulnerabilities, facing funding concerns. The bipartisan AI Incident Reporting and Security Enhancement Act, now at full Congress, mandates NIST to incorporate AI systems into NVD. There’s concern over funding and clarifying certain terms in the … Read more

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

August 28, 2024 at 08:56AM The FBI, CISA, and the Department of Defense Cyber Crime Center jointly warn network defenders of ongoing cyber exploitation by an Iran-based group targeting U.S. and foreign organizations. The advisory details the threat actors’ tactics, techniques, and procedures, and provides indicators of compromise. Organizations are urged to follow recommended mitigations … Read more

Centralized Cyber-Incident Reporting Can Improve Effectiveness

July 11, 2024 at 10:12AM UnitedHealth CEO Andrew Witty testified about the costly cyberattack on Change Healthcare before the Senate and House. He pledged to address security flaws and backed a centralized cyber-incident reporting system. The existing National Cyber Incident Response Plan, supported by the Biden administration, seeks to streamline reporting and improve coordination. This … Read more

CISA Courts Private Sector to Get Behind CIRCIA Reporting Rules

May 9, 2024 at 08:13PM CISA extends the feedback period for proposed CIRCIA incident reporting by 30 days. Concerns of additional red tape on cybercrime victims arise. CIRCIA law, requiring reporting within specific time frames, is in final stages at CISA. Congress allocated no extra resources for CISA to fulfill its responsibilities. CISA stresses coordinated … Read more

DHS Proposes Critical Infrastructure Reporting Rules

March 27, 2024 at 02:58PM CISA to oversee new cyber incident and ransomware payment reporting requirements. Based on the meeting notes, it is clear that CISA will be responsible for administering the new reporting requirements for cyber incidents and ransomware payments. Full Article

IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks

February 7, 2024 at 07:12PM Proposed changes to US government procurement rules would require IT service organizations to provide full access to their systems in the event of a security incident. These requirements, developed by DoD, GSA, and NASA, have faced criticism from industry respondents who find them burdensome and inconsistent with other reporting rules. … Read more