A profile of and an interview with CISA Director Jen Easterly, as the agency ramps up efforts to protect the US elections from cyberattacks and misinformation
Max Ufberg / Fast Company :
Microsoft outlines security principles and goals tied to executive compensation packages, following a scathing US Cyber Safety Review Board report in April 2024
expanding Microsoft's Secure Future Initiative Tom Krazit / Runtime : Microsoft wants to be judged on security Nick Heer / Pixel Envy : Microsoft Says It Is Prioritizing Security A...
Microsoft outlines security principles and goals tied to executive compensation packages, following a scathing US Cyber Safety Review Board report in April 2024
expanding Microsoft's Secure Future Initiative Tom Warren / The Verge : Read Satya Nadella's Microsoft memo on putting security first Tom Krazit / Runtime : Microsoft wants to be j...
The US Cyber Safety Review Board faults Microsoft for a “cascade of avoidable errors” that led to the 2023 Chinese hack of top US government officials' emails
The independent Cyber Safety Review Board's forthcoming report knocks the tech giant for shoddy cybersecurity practices …
US, UK, Australia, Canada, and New Zealand advisory: China-backed hacking group Volt Typhoon has had access to some major US infrastructure for over five years
Sam Sabin / Axios :
The FBI and US DOJ disrupt Volt Typhoon, a uniquely dangerous Chinese hacking operation to hijack hundreds of Cisco and Netgear routers at end-of-life status
The FBI and US DOJ disrupt Volt Typhoon, a uniquely dangerous Chinese hacking operation to hijack hundreds of Cisco and Netgear routers at end-of-life status
CISA launches a pilot program to warn critical infrastructure owners with “internet-accessible vulnerabilities commonly associated with known ransomware actors”
Edward Graham / Nextgov :
CISA Director Jen Easterly and Executive Assistant Director Eric Goldstein say incentives for developing and selling tech should not eclipse customer safety
> - Secure products not just security products - Security built in not bolted on - Raise everyone's baseline by reducing the [total] cost of control @CISAJen https://www.foreignaff...
The Los Angeles Unified School District, the second largest in the US with 600,000+ students, says a ransomware attack over the weekend disrupted its operations
their speed, clarity & focus on partnership is commendable. Great example of how to keep stakeholders informed, including potential impacts & what to expect next: https://achieve.l...
Apple, Google, and Microsoft plan to offer the FIDO Alliance's passwordless tech on websites and apps, using fingerprint readers, face scanners, and smartphones
a perfect time to think about passkeys. https://www.apple.com/... @can : some dreams come true https://twitter.com/... @k8em0 : This is a true game changer in security https://twit...
Ukrainian officials say they stopped an attack on an energy facility with help from ESET and Microsoft, and identified a new variant of the Industroyer malware
Ukrainian officials said they stopped an attack on an energy facility with the help of researchers from ESET and Microsoft.
The White House again warns that Russia may expand cyberattacks against the US, citing “evolving intelligence that the Russian Government is exploring options”
This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience.
The White House again warns that Russia may expand cyberattacks against the US, citing “evolving intelligence that the Russian Government is exploring options”
This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience.
Symantec details China-linked backdoor Daxin, a Windows kernel driver that can hijack TCP connections to stealthily connect with command-and-control servers
Security researchers have discovered Daxin, a China-linked stealthy backdoor specifically designed for deployment in hardened corporate networks …
CISA, FBI, and NSA say Russian state-sponsored hackers targeted US defense contractors for at least two years, acquiring export-controlled technology and more
Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks … National Security Agency/Central Security Service : NSA, FBI, CISA Release Advisory on Protecting ...
White House forms the Cyber Safety Review Board, loosely modeled on NTSB, to investigate major national cybersecurity failures, starting with the Log4j bug
The US Department of Homeland Security launches “Hack DHS”, a bug bounty program that pays hackers between $500 and $5,000 per flaw found in its systems
The Homeland Security Department has launched a bug bounty program that will allow hackers to report vulnerabilities … Source: Department of Homeland … .
Researchers spot waves of attacks targeting unpatched Apache servers with the Log4j bug, exfiltrating data, spreading botnets, installing crypto miners, more
Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers.
How the role of open-source maintainers could be professionalized, as the maintainer who fixed the Log4j zero-day says he works on the project in his spare time
Open Source software runs the Internet, and by extension the economy. This is an undisputed fact about reality in 2021.