Security Leftovers
-
Federal News Network ☛ CISA aims to make executives sign off on security of software sold to government [Ed: Microsoft running the policy making?]
CISA has released a new secure software attestation form, and it will require the attention at the highest levels of a company.
-
Security Week ☛ US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website
Wisconsin teenager Joseph Garrison has admitted in court to launching a credential stuffing attack on a betting website.
-
Security Week ☛ In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit
Noteworthy stories that might have slipped under the radar: top law firm hacked, Chinese bank pays ransom, and PyPI conducts first security audit.
-
OpenSSF (Linux Foundation) ☛ Securing the Software Supply Chain Report Recommends SBOM Consumption Practices for Critical Infrastructure Providers
In an era where cyber threats continue to evolve, securing the software supply chain has become paramount for organizations globally. Recognizing the critical need for a robust framework, the US National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have collaborated to release a cybersecurity technical report titled "Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption."
-
Federal News Network ☛ National Cybersecurity Strategy needs an observability focus
It starts with federal agencies prioritizing observability strategies. Despite its growing popularity, observability is a fresh concept – one that can be difficult to define and see as a path to resilience without first understanding its foundation. The roots of observability can simply be traced down to a collection of logs, metrics and traces by which monitoring systems can more proactively mitigate potential threats.
-
Security Week ☛ Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools
Bug hunters uncover over a dozen exploitable vulnerabilities in tools used to build chatbots and other types of AI/ML models.
-
Silicon Angle ☛ Proton Mail plans to tap blockchain tech for email encryption key verification
Proton AG, a Swiss-based securities services provider best known for its encrypted email product Proton Mail, is planning to roll out a new service that taps into blockchain technology as a way to help verify that users are contacting the people they believe they’re reaching out to.
-
Security Week ☛ Israeli Man Who Made $5M From Hacking Scheme Sentenced to Prison in US
Aviram Azari, an Israeli man who made nearly $5 million from a hacking scheme, has been sentenced to 80 months in prison in the US.