Smash-and-Grab Extortion

July 10, 2024 at 08:09AM The “2024 Attack Intelligence Report” from Rapid7 reveals that zero-day vulnerabilities were widely exploited in 2023 and 2024, leading to mass compromise events. As IoT firmware is predominantly comprised of vulnerable open-source components, patching alone is insufficient. Isolated partitioning at the task level is proposed as a more effective solution … Read more

Practical Guidance For Securing Your Software Supply Chain

June 26, 2024 at 06:57AM Software-producing organizations are facing increasing regulatory and legal pressure to secure their supply chains and protect their software integrity. The software supply chain has become a prime target for attackers, as seen in the Log4j breach. To address these security challenges, organizations should consider various measures, including governing the software … Read more

Process to Verify Software Was Built Securely Begins Today

June 12, 2024 at 03:30PM Starting June 11, US government contractors must submit a Secure Software Development Attestation Form, confirming adherence to secure-by-design principles and scrutiny of software components through software bills of material (SBOMs). Only 20% of respondents are prepared for this federal cybersecurity attestation, with 16% incorporating SBOMs into their software development. Other … Read more

EV Manufacturer BYD Selects Karamba Security to Meet Global Automotive Cybersecurity Regulations

June 5, 2024 at 04:00PM Karamba Security announced that BYD, a major EV manufacturer, has adopted its VCode software to create a Software Bill of Materials (SBOM) for electronic control units, enhance supply-chain security, and meet cybersecurity regulation UN R155. The tool aims to help manufacturers identify and address cybersecurity issues before production and comply … Read more

CISO Corner: NSA Guidelines; a Utility SBOM Case Study; Lava Lamps

March 8, 2024 at 04:58PM CISO Corner is the Dark Reading weekly digest tailored for security operations and leadership. It provides diverse perspectives on cybersecurity strategies, including NSA’s guidelines for zero-trust security, using randomness for encryption, creating software bill of materials for electric substations, CEO support for CISOs, managing open source security, DMARC deployment in … Read more

Southern Company Builds SBOM for Electric Power Substation

March 6, 2024 at 08:03AM Southern Company undertook a project to create a software bill of materials (SBOM) for its Mississippi substation, involving inventorying hardware, software, and firmware, and gathering supply-chain information from 17 vendors. The process included challenges such as limited vendor cooperation and outdated SBOMs upon receipt. The project highlighted the importance of … Read more

Fortress Information Security Deploys Automated Patch Notification and Authenticity Tool

February 26, 2024 at 05:25PM Summary: CISA, NSA, and FBI warn of U.S. critical infrastructure attacks by “Volt Typhoon,” linked to CCP. Fortress Information Security partners with power companies to mitigate exposure, offering File Integrity Assurance (FIA) for compliance with CIP standards. Research reveals high likelihood of vulnerabilities in software from Russia or China, emphasizing … Read more

Eight Vulnerabilities Disclosed in the AI Development Supply Chain

February 16, 2024 at 08:09AM Cybersecurity startup Protect AI disclosed eight vulnerabilities in the open source supply chain used for in-house AI/ML models, including critical and high-severity ones with CVE numbers. Protect AI emphasized the need for an AI/ML BOM to address unique AI risks. Their vulnerability detection methods include a bug bounty program and … Read more

IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks

February 7, 2024 at 07:12PM Proposed changes to US government procurement rules would require IT service organizations to provide full access to their systems in the event of a security incident. These requirements, developed by DoD, GSA, and NASA, have faced criticism from industry respondents who find them burdensome and inconsistent with other reporting rules. … Read more

NRC Issues Recommendations for Better Network, Software Security

January 26, 2024 at 09:38PM The Network Resilience Coalition advocates for improving network security by addressing outdated and improperly configured hardware and software. The NRC comprises major industry players and aligns with government cybersecurity initiatives. It urges IT vendors to adhere to modernized cybersecurity standards and implement secure software development practices. Immediate action and adherence … Read more