What to know about FedRAMP Rev. 5 Baselines 10/08/2023 at 06:31 By Help Net Security In this Help Net Security video, Kaus Phaltankar, CEO at Caveonix, discusses how the recent approval of the FedRAMP Rev. 5 Baselines is a significant step forward in the cloud security and compliance domain. The implications for CSPs and third-party […]
React to this headline:
What to know about FedRAMP Rev. 5 Baselines Read More »
For TSA’s updated Pipeline Security Directive, consistency and collaboration are key 08/08/2023 at 08:03 By Help Net Security Late last month, the Transportation Security Administration renewed and updated its security directive aimed at enhancing the cybersecurity of oil and natural gas pipelines. The reissued guidance, known as Security Directive (SD) Pipeline-2021-02D Pipeline Cybersecurity Mitigation, Actions,
React to this headline:
For TSA’s updated Pipeline Security Directive, consistency and collaboration are key Read More »
US government outlines National Cyber Workforce and Education Strategy 01/08/2023 at 14:03 By Zeljka Zorz After the release of a National Cybersecurity Strategy and its implementation plan, the Biden-Harris Administration has unveiled the National Cyber Workforce and Education Strategy (NCWES), “aimed at addressing both immediate and long-term cyber workforce needs.” The National Cyber Workforce and
React to this headline:
US government outlines National Cyber Workforce and Education Strategy Read More »
National Cyber Strategy Implementation Plan: What you need to know 28/07/2023 at 06:31 By Help Net Security The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace. In this Help Net Security video, Kelly Rozumalski, a Senior VP leading Booz
React to this headline:
National Cyber Strategy Implementation Plan: What you need to know Read More »
SEC adopts new cybersecurity incident disclosure rules for companies 26/07/2023 at 21:01 By Help Net Security The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted
React to this headline:
SEC adopts new cybersecurity incident disclosure rules for companies Read More »
US companies commit to safe, transparent AI development 24/07/2023 at 16:30 By Helga Labus Seven US artificial intelligence (AI) giants – Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI – have publicly committed to “help move toward safe, secure, and transparent development of AI technology.” The commitments “Companies that are developing these emerging technologies have
React to this headline:
US companies commit to safe, transparent AI development Read More »
U.S. Cyber Trust Mark labeling program raises the bar for smart devices’ cybersecurity 19/07/2023 at 13:33 By Help Net Security The Biden-Harris Administration has announced a cybersecurity certification and labeling program to help Americans more easily choose smart devices that are safer and less vulnerable to cyberattacks. The new “U.S. Cyber Trust Mark” program proposed
React to this headline:
U.S. Cyber Trust Mark labeling program raises the bar for smart devices’ cybersecurity Read More »
Chinese hackers forged authentication tokens to breach government emails 12/07/2023 at 13:17 By Zeljka Zorz Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) consumer signing key, the company has revealed on Tuesday. “The threat actor Microsoft links to this incident
React to this headline:
Chinese hackers forged authentication tokens to breach government emails Read More »
A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) 19/06/2023 at 15:09 By Zeljka Zorz Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang exploited CVE-2023-34362 to
React to this headline:
A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) Read More »
How to simplify the process of compliance with U.S. Executive Order 14028 19/06/2023 at 07:03 By Help Net Security In this Help Net Security video, Nick Mistry, SVP and CISO at Lineaje, offers tips to simplify the process of compliance with U.S. Executive Order 14028. A key part of U.S. Executive Order 14028 is for
React to this headline:
How to simplify the process of compliance with U.S. Executive Order 14028 Read More »
PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362) 13/06/2023 at 14:18 By Zeljka Zorz As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. CVE-2023-34362 PoC exploit released Horizon3 security
React to this headline:
PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362) Read More »
Five Eyes agencies detail how Chinese hackers breached US infrastructure 25/05/2023 at 14:16 By Help Net Security The National Security Agency (NSA) and Five Eyes partner agencies have identified indicators of compromise associated with a People’s Republic of China (PRC) state-sponsored cyber actor dubbed Volt Typhoon, which is using living off the land techniques to
React to this headline:
Five Eyes agencies detail how Chinese hackers breached US infrastructure Read More »