US, Allies Warn of Memory Unsafety Risks in Open Source Software

June 27, 2024 at 10:04AM Government agencies in the US, Australia, and Canada have drawn attention to memory safety issues in open source software (OSS) code. They stress that the majority of OSS projects use code written in a memory-unsafe language, exposing organizations and users to attacks. The analysis also revealed vulnerabilities in projects written … Read more

HHS Aiding Organizations Hit by Change Healthcare Cyberattack

March 6, 2024 at 09:21AM The US Department of Health and Human Services (HHS) is actively supporting healthcare providers following a ransomware attack on Change Healthcare, ensuring patient care is maintained. HHS is working with various agencies to expedite claims and payments, encourage payers to waive requirements, and provide information on accelerated payment opportunities. The … Read more

CISA: Vendors must secure SOHO routers against Volt Typhoon attacks

January 31, 2024 at 11:15AM CISA and the FBI have issued a warning to small office/home office (SOHO) router manufacturers to enhance security against attacks by Chinese state-backed hacking group Volt Typhoon. The agencies urge eliminating vulnerabilities, automating security updates, and safeguarding against Volt Typhoon activity. This follows ongoing attacks targeting U.S. critical infrastructure organizations … Read more

Microsoft Shares New Guidance in Wake of ‘Midnight Blizzard’ Cyberattack

January 26, 2024 at 03:43PM Microsoft has released new guidance to protect against nation-state attacks like the recent intrusion into its corporate email system by threat group Midnight Blizzard. The attack resulted in compromised accounts and exfiltration of emails and documents. Microsoft advises on protecting against malicious OAuth apps and detecting and mitigating the threat … Read more

In Other News: Ubisoft Hack, NASA Security Guidance, TikTok Requests iPhone Passcode

December 29, 2023 at 08:54AM SecurityWeek weekly roundup provides a concise compilation of cybersecurity stories that may have been overlooked. This week’s stories include a $60 million crypto theft, Android backdoor infection, Microsoft warning of malware distribution, Mint Mobile data breach, and NASA’s space security guidance. Other topics covered are hacking claims, Chrome Safety Check, … Read more

US Government Issues Guidance on SBOM Consumption

November 10, 2023 at 07:00AM The US cybersecurity agency CISA, the NSA, and the ODNI have issued new guidance to help software vendors secure the software supply chain. The guidance focuses on assessing security measures throughout the software lifecycle, managing open source software and software bills of materials, and making recommendations for different phases of … Read more