Hot Topics

Cybersecurity and Infrastructure Security Agency

What to Know About the CISA Software Bill of Materials Sharing Lifecycle Phases   

| | Application Security, cisa, Cybersecurity and Infrastructure Security Agency, SBOM, software bill of materials, Uncategorized
As Software Bill of Materials (SBOM) adoption efforts mature, a report recently released by the Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to users in selecting suitable SBOM sharing platforms based on ...
Rezilion
CISA Order Highlights Persistent Risk at Network Edge

CISA Order Highlights Persistent Risk at Network Edge

| | Adam Boileau, Barracuda Networks, cisa, CVE-2023-27997, Cybersecurity and Infrastructure Security Agency, Fortinet, Fortra, GoAnywhere, Latest Warnings, Mandiant, MOVEit Transfer, Patrick Gray, Progress Software, risky-business-podcast, The Coming Storm, Time to Patch
The U.S. government agency in charge of improving the nation's cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes ...
Krebs on Security
Christopher Krebs- DevOps Connect - DevSecOps - RSAC - Cybersecurity - RSA Conference 2021 - Department of Homeland Security - DHS

Christopher Krebs to Keynote in Live Fireside Chat/Q&A Session at DevOps Connect: DevSecOps at RSA Conference 2021

| | Christopher Krebs, cisa, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, DevOps Connect, DevOps Connect: DevSecOps, DevSecOps, RSA Conference 2021
Former Director of Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to headline free one-day event Boca Raton, FL, April 26, 2021 — MediaOps, the place to tell your story in ...
Security Boulevard
SolarWinds Hack Could Affect 18K Customers

SolarWinds Hack Could Affect 18K Customers

| | Alan Paller, Andrew Morris, Center for Strategic and International Studies, cisa, Cybersecurity and Infrastructure Security Agency, Data breaches, fireeye, GreyNoise Intelligence, James Lewis, Microsoft, Orion software, SANS Institute, SolarWinds breach, U.S. Securities and Exchange Commission, Vinoth Kumar
The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft ...
Krebs on Security
U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

| | APT29, Cybersecurity and Infrastructure Security Agency, Data breaches, Department of Commerce, FireEye hack, Microsoft, Orion, Reuters, SolarWinds breach, The Coming Storm, U.S. Treasury Department
Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 ...
Krebs on Security
Trump Fires Security Chief Christopher Krebs

Trump Fires Security Chief Christopher Krebs

| | A Little Sunshine, Christopher Krebs, cisa, Cybersecurity and Infrastructure Security Agency, president trump, Rumor Control, Sen. Angus King, Sen. Richard Burr, U.S. Department of Homeland Security, Y2K
President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims ...
Krebs on Security

Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited

| | Apache Struts2, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, Struts2 vulnerability, Vulnerabilities
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) recently released a list of the top 10 most commonly exploited software vulnerabilities across the last four years. Apache Struts ...
Sonatype Blog
U.S. Govt. Makes it Harder to Get .Gov Domains

U.S. Govt. Makes it Harder to Get .Gov Domains

| | .gov, Cybersecurity and Infrastructure Security Agency, John Levine, Other, The Internet for Dummies, U.S. Department of Homeland Security, U.S. General Services Administration
The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity ...
Krebs on Security
It’s Way Too Easy to Get a .gov Domain Name

It’s Way Too Easy to Get a .gov Domain Name

| | cisa, Cybersecurity and Infrastructure Security Agency, DOTGOV Bill, dotgov.gov, exeterri.gov, John Levine, The Coming Storm, town.exeter.ri.us, U.S. Department of Homeland Security, U.S. General Services Administration, Web Fraud 2.0
Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a ...
Krebs on Security
Williams F1 Leverages Dtex User Behavior Intelligence to Manage Insider Threats and Secure IP

11/19/18: Dtex, Insider Threat, Privacy News Blog: Trump Signs CISA Legislation; Defending Against Culture; Surveillance: Freedom’s Killer

| | Act, BRUCE SCHNEIER, cisa, CSO, Cybersecurity, Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency Act of 2018, Dark Reading, Department of Homeland Security, Dtex, Edward Snowden, Federal News Network, Graeme Hackland, H.R. 3359, Harris Poll, Info Security Magazine, insider threat, Jory Heckman, Kacy Zurkus, Negligent Insider, Phishing, Privacy, Roger Grimes, Williams F1 Racing, wired
Happy Thanksgiving! The holiday may equate to a short work week in the US but there is certainly no shortage of news breaking about cybersecurity, privacy and the insider threat. The biggest ...
Dtex Systems

Application Security Check Up