Here is another short read for you (sorry). For those who read this blog on a regular basis, you know that we talk about supply chain risk a lot. Formally, the government calls it Cybersecurity Supply Chain Risk Management or C-SCRM. Supply chain attacks are very popular because if you pull one off (think SolarWinds), […]
Continue reading → [DISPLAY_ACURAX_ICONS]All software has bugs. But some software has more bugs than others. And some organizations are better at finding and fixing those bugs. Just not those in the public sector. Veracode, the code scanning tool/defect finding tool vendor scans a lot of apps a lot of times. Here is a bit of data that should […]
Continue reading → [DISPLAY_ACURAX_ICONS]Security folks (like me) have been telling people for years that passwords are just not secure enough anymore. Now we have another reason that is true. Companies have been promoting single sign on as a way around the insecurity of passwords, but now, even that is not secure anymore. Multifactor authentication helps, but even that […]
Continue reading → [DISPLAY_ACURAX_ICONS]Incident and Ransomware Reporting Requirement in Just Passed Spending Bill President Biden signed a bill that requires critical infrastructure operators to report significant cyber incidents to CISA within 72 hours after they reasonably believe an incident has occurred and within 24 hours of making a ransomware payment. The ransomware reporting requirement applies even if it […]
Continue reading → [DISPLAY_ACURAX_ICONS]The National Institute of Standards and Technology (NIST) announced the final version of a special publication focusing on helping manufacturers improve the cybersecurity of their industrial control system (ICS) environments. The guide, titled Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector, is a collaboration between NIST and many […]
Continue reading → [DISPLAY_ACURAX_ICONS]Here is an interesting effect of the sanctions against Russia. According to the Russian news outlet Kommersant, which claims to have sources confirming this proposal, the parties estimated they have roughly two months left before running out of available storage space. Russian firms were forced, as a result of sanctions, to turn to domestic cloud providers […]
Continue reading → [DISPLAY_ACURAX_ICONS]