The Trump administration effectively eliminated the cybersecurity role in the State Department several years ago by eliminating its leader and burying the function in the State Department bureaucracy. Their theory was that the White House National Security function could assume the diplomatic role for cyberspace. Ultimately, that strategy failed and towards the very end of […]
Continue reading → [DISPLAY_ACURAX_ICONS]How Many Times Do I Need to Say – Crypto is Software, Software Has Bugs, Your Money is at Risk Decentralized Finance platform (DeFi) Revest Finance said that it lost $2 million due to a software bug and, oh yeah, (a) the can’t recover the funds, (b) they do not have the money to cover […]
Continue reading → [DISPLAY_ACURAX_ICONS]Cars have huge attack surfaces. And getting bigger every year. One source says the average car has 30-50 computers and luxury cars have a hundred (personally, I think that is low). Add to that 60 to 100 sensors. Some cars have a hundred million lines of code in them. How do you make that 100 […]
Continue reading → [DISPLAY_ACURAX_ICONS]The Digital Markets Act is designed to reign in big companies like Amazon, Facebook and Apple. Alternatively, those companies could choose not to do business in Europe, fearing the requirements could be too expensive or too risky. My guess is that none of the platforms will have the guts to do that, but who knows. […]
Continue reading → [DISPLAY_ACURAX_ICONS]Security folks (like me) have been telling people for years that passwords are just not secure enough anymore. Now we have another reason that is true. Companies have been promoting single sign on as a way around the insecurity of passwords, but now, even that is not secure anymore. Multifactor authentication helps, but even that […]
Continue reading → [DISPLAY_ACURAX_ICONS]Incident and Ransomware Reporting Requirement in Just Passed Spending Bill President Biden signed a bill that requires critical infrastructure operators to report significant cyber incidents to CISA within 72 hours after they reasonably believe an incident has occurred and within 24 hours of making a ransomware payment. The ransomware reporting requirement applies even if it […]
Continue reading → [DISPLAY_ACURAX_ICONS]