October 17, 2024 at 12:08PM CISA and the FBI are seeking public feedback on new guidance addressing poor software security practices. The initiative aims to enhance security measures and raise awareness of risky behaviors in software development. **Meeting Takeaways:** 1. **Request for Public Comment**: CISA (Cybersecurity and Infrastructure Security Agency) and the FBI are soliciting … Read more
October 2, 2024 at 09:54AM New guidance has been released by the US and its allies, offering advice on establishing and preserving a secure operational technology (OT) environment. This information was shared on SecurityWeek. It looks like the meeting notes are about the release of new guidance for securing operational technology environments by the US … Read more
June 27, 2024 at 10:04AM Government agencies in the US, Australia, and Canada have drawn attention to memory safety issues in open source software (OSS) code. They stress that the majority of OSS projects use code written in a memory-unsafe language, exposing organizations and users to attacks. The analysis also revealed vulnerabilities in projects written … Read more
March 6, 2024 at 09:21AM The US Department of Health and Human Services (HHS) is actively supporting healthcare providers following a ransomware attack on Change Healthcare, ensuring patient care is maintained. HHS is working with various agencies to expedite claims and payments, encourage payers to waive requirements, and provide information on accelerated payment opportunities. The … Read more
January 31, 2024 at 11:15AM CISA and the FBI have issued a warning to small office/home office (SOHO) router manufacturers to enhance security against attacks by Chinese state-backed hacking group Volt Typhoon. The agencies urge eliminating vulnerabilities, automating security updates, and safeguarding against Volt Typhoon activity. This follows ongoing attacks targeting U.S. critical infrastructure organizations … Read more
January 26, 2024 at 03:43PM Microsoft has released new guidance to protect against nation-state attacks like the recent intrusion into its corporate email system by threat group Midnight Blizzard. The attack resulted in compromised accounts and exfiltration of emails and documents. Microsoft advises on protecting against malicious OAuth apps and detecting and mitigating the threat … Read more
December 29, 2023 at 08:54AM SecurityWeek weekly roundup provides a concise compilation of cybersecurity stories that may have been overlooked. This week’s stories include a $60 million crypto theft, Android backdoor infection, Microsoft warning of malware distribution, Mint Mobile data breach, and NASA’s space security guidance. Other topics covered are hacking claims, Chrome Safety Check, … Read more
November 10, 2023 at 07:00AM The US cybersecurity agency CISA, the NSA, and the ODNI have issued new guidance to help software vendors secure the software supply chain. The guidance focuses on assessing security measures throughout the software lifecycle, managing open source software and software bills of materials, and making recommendations for different phases of … Read more