The cyber safety review board is similar to the FAA’s National Transportation Safety Board, except that they are investigating Cybersecurity crashes (breaches) rather than airplane or container ship crashes. The board is new. It was created by Executive Order 14028 in 2021. They only convene when requested to by the Secretary of Homeland Security and, […]
Continue reading → [DISPLAY_ACURAX_ICONS]DoD Opens Cyber Policy Office As reported earlier, the planned opening of the Office of the Assistant Secretary of Defense for Cyber Policy officially happened on March 20th. Ashley Manning will manage it until the Senate confirms someone else. President Biden announced that his nominee will be Michael Sulmeyer. Whether the Senate confirms him or […]
Continue reading → [DISPLAY_ACURAX_ICONS]Microsoft is often between a rock and a hard place. They would like to be more secure but not at the expense of offending their customers. Here is an example of that. Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased […]
Continue reading → [DISPLAY_ACURAX_ICONS]Post Quantum Crypto Isn’t The Only Problem – Pre Stone Age Crypto is Also a Problem While some folks are worried about what is going to happen to encryption when quantum computing becomes real, other companies are still using antique crypto. Unfortunately, many of the companies who are using antiques are medical devices and higher […]
Continue reading → [DISPLAY_ACURAX_ICONS]As is often the case, humans and process represent the biggest failure window. Microsoft, to its credit, is being public about its own failures and pretty quickly. The Chinese hackers, Storm-0558, obtained a “golden cryptographic key” which allowed them to generate tokens so that they could masquerade as other users. I don’t know why you […]
Continue reading → [DISPLAY_ACURAX_ICONS]Last week it was revealed that VoIP communications company 3CX was compromised and was distributing a malicious version of their desktop software to hundreds of thousands of paying customers. This is not an attack where users go to find sketchy websites and download “free” software that should be paid for. Rather, this is licensed software […]
Continue reading → [DISPLAY_ACURAX_ICONS]