Application Security US, Allies Warn of Memory Unsafety Risks in Open Source Software Most critical open source software contains code written in a memory unsafe language, US, Australian, and Canadian government agencies warn. Ionut ArghireJune 27, 2024
Data Breaches Personal and Chemical Facility Information Potentially Accessed in CISA Hack CISA says CFATS program data was likely accessed after an Ivanti Connect Secure appliance was hacked in January. Ionut ArghireJune 21, 2024
Network Security US, Allies Publish Guidance on Securing Network Access Government agencies in the US, New Zealand, and Canada have published new guidance on improving network security. Ionut ArghireJune 19, 2024
Artificial Intelligence CISA Conducts First AI Cyber Incident Response Exercise The US cybersecurity agency CISA has conducted a tabletop exercise with the private sector focused on AI cyber incident response. Ionut ArghireJune 17, 2024
Cloud Security Google Cites ‘Monoculture’ Risks in Response to CSRB Report on Microsoft Google is invoking the 'monoculture' word in response to a scathing U.S. government report on Microsoft's inadequate cybersecurity practices. Ryan NaraineMay 20, 2024
Management & Strategy Eric Goldstein Leaving CISA for Private Sector Role CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years. SecurityWeek NewsMay 20, 2024
Vulnerabilities CISA Announces CVE Enrichment Project ‘Vulnrichment’ CISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes. Eduard KovacsMay 9, 2024
Vulnerabilities CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure. Ionut ArghireMay 3, 2024
ICS/OT Russian Hackers Target Industrial Systems in North America, Europe Government agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems. Eduard KovacsMay 2, 2024
Artificial Intelligence CISA Rolls Out New Guidelines to Mitigate AI Risks to US Critical Infrastructure New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy. Ryan NaraineApril 29, 2024
Data Breaches US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies." Ryan NaraineApril 11, 2024
Data Breaches Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics... Ryan NaraineApril 11, 2024