March 22, 2024 at 07:54AM BlueFlag Security, based in Sunnyvale, CA, has exited stealth mode, announcing its founding in 2022 and raising $11.5 million in seed funding. The startup offers an SDLC security and governance platform to protect the software development lifecycle. It emphasizes identity-centric protection, and the funding will further the platform’s development. CEO … Read more
February 27, 2024 at 01:06PM Summary: The cybersecurity landscape for organizations creating their own software is increasingly risky due to various forces. There is a shortage of skilled cybersecurity personnel, a worsening threat landscape, and potential legislative changes. Companies can address this by empowering their developers through secure coding, security training, identifying champions, offering incentives, … Read more
January 22, 2024 at 12:19PM The cybersecurity industry seeks transformational technologies to mitigate cyberattacks. AI and Large Language Models (LLMs) have gained traction, particularly in generative-AI applications, attracting significant investment. Security experts envision AI as a proactive guardian, playing a crucial role in real-time defense systems, insider threat detection, and behavioral analytics. AI’s potential lies … Read more
January 19, 2024 at 10:05AM The Cybersecurity and Infrastructure Agency (CISA) has released a 2023–2024 “CISA Roadmap for Artificial Intelligence” to ensure secure and trustworthy development and use of AI, aligned with the White House Executive Order 14110. The road map focuses on four goals including cyber defense, risk reduction, operational collaboration, and agency unification. … Read more
January 18, 2024 at 06:38AM The concept of “secure by design” is crucial in the face of increasing supply chain attacks, with a shift towards proactive security measures. The Cybersecurity and Infrastructure Security Agency (CISA) is pushing for this in software development practices, emphasizing collective responsibility. It involves building security into software from the ground … Read more
December 18, 2023 at 11:09AM The cybersecurity agency CISA advises manufacturers to cease using default passwords for industrial control systems (ICS) in the water sector due to recent attacks. It recommends implementing safe default behavior, eliminating widely known default passwords, and conducting field tests to ensure secure product usage. Executives are urged to drive security … Read more
December 15, 2023 at 11:49AM In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) for a Healthcare and Public Health (HPH) organization. The RVA included web application, phishing, penetration, database, and wireless assessments. While no significant external vulnerabilities were identified, the internal testing revealed multiple misconfigurations and … Read more
November 30, 2023 at 06:06AM The US cybersecurity agency CISA launched Secure by Design (SbD) alerts, encouraging software manufacturers to build products with proactive security measures to mitigate vulnerabilities, particularly in web management interfaces. The new alerts focus on vendor practices that can globally reduce harm, emphasizing the need for default security features, customer security … Read more
November 20, 2023 at 10:09AM The US cybersecurity agency CISA has published a guidance document to help healthcare and public health organizations understand cyber threats and risks in their sector. The document incorporates vulnerability trends and provides recommendations on asset management, identity management, device security, patching, and vulnerability remediation. The agency emphasizes the need for … Read more
November 15, 2023 at 08:58AM The US cybersecurity agency CISA has published a document outlining its efforts to promote the use of artificial intelligence (AI) in enhancing security and supporting critical infrastructure organizations. The document emphasizes the need to protect AI systems from threats and prevent their malicious use. CISA encourages AI system makers to … Read more