As part of CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) in the just passed omnibus spending bill, CISA is required to stand up a Ransomware Task Force. Jen Easterly, head of CISA, having just won the battle that requires companies to report breaches and ransomware payments to her rather than the FBI (which pissed […]
Continue reading → [DISPLAY_ACURAX_ICONS]Flaw in uClibc Allows DNS Poisoning Attacks A flaw in all versions of the popular C standard libraries uClibc and uClibc-ng can allow for DNS poisoning attacks against target devices. The library is likely used in milliosn of Internet of Things devices that will never be patched and will always be vulnerable. This is where […]
Continue reading → [DISPLAY_ACURAX_ICONS]CIOs have always had to worry about the challenges of preserving evidence, but now we have a whole new class of challenges. The so called Duty to Preserve comes into play when one party learns about the possibility of litigation. This happens, many times, before any lawsuit is actually filed. Once a party has reasonable […]
Continue reading → [DISPLAY_ACURAX_ICONS]Chinese Sponsored OPERATION CUCKOOBEES Active for Many Years Researchers with cybersecurity firm Cybereason briefed the FBI and Justice Department as early as 2019 about Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers (named Winnti or APT41) to steal proprietary information from dozens of global defense, energy, biotech, aerospace and pharmaceutical companies. The companies […]
Continue reading → [DISPLAY_ACURAX_ICONS]Courts can’t quite figure out how to treat Internet companies. Amazon is an interesting mix. It sells some products itself, it offers other products that are sold and fulfilled by third parties and it does a mix (products sold by third parties but fulfilled by Amazon). I hope Amazon is hiring a lot of lawyers […]
Continue reading → [DISPLAY_ACURAX_ICONS]Tomorrow is the one-year anniversary of the Colonial Pipeline attack. The government has done more to improve cybersecurity in the last year than it had done in the last 10 years. But there is still a lot more to do. Jury Finds Norton/Lifelock Infringed on Two Columbia University Patents Even in the world of cybersecurity, […]
Continue reading → [DISPLAY_ACURAX_ICONS]