The Open Security Controls Assessment Language (OSCAL) is a project led by the National Institute of Standards and Technology (NIST) that allows security professionals to express control-related information in machine-readable formats. Expressing compliance information in this way allows security practitioners to use automated tools to support data analysis, while …
The IRS relaunched its Identity Protection Personal Identification Number (IP PIN) program this week and all US taxpayers are encouraged to enroll for added security against identity theft and fraudulent returns. [...]
Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. [...]
U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers earlier this year. [...]
The U.S. Cybersecurity & Infrastructure Security Agency is warning about last-minute influence operations conducted by Iranian and Russian actors to undermine the public trust in the integrity and fairness of the upcoming presidential election. [...]
An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. [...]
The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. [...]
German law enforcement seized 47 cryptocurrency exchange services hosted in the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs. [...]
Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering. [...]
The City of Columbus, Ohio, has filed a lawsuit against security researcher David Leroy Ross, aka Connor Goodwolf, accusing him of illegally downloading and disseminating data stolen from the City's IT network and leaked by the Rhysida ransomware gang. [...]
A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. [...]
The SEC concludes its investigation into Progress Software's handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people. [...]
Privacy-focused search engine DuckDuckGo has been blocked in Indonesia by its government after citizens reportedly complained about pornographic and online gambling content in its search results. [...]
CISA and the FBI said today that Distributed Denial of Service (DDoS) attacks targeting election infrastructure will, at most, hinder public access to information but will have no impact on the integrity or security of the 2024 U.S. general election processes. [...]
Today, the Biden administration has announced an upcoming ban of Kaspersky antivirus software and the pushing of software updates to US companies and consumers, giving customers until September 29, 2024, to find alternative security software. [...]
The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. [...]
Poland says a state-backed threat group linked to Russia's military intelligence service (GRU) has been targeting Polish government institutions throughout the week. [...]
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. [...]
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. [...]
PornHub has now added Texas to its blocklist, preventing users in the state from accessing its site in protest of age verification laws. [...]
We’re excited to announce that Amazon Web Services (AWS) has completed the annual Dubai Electronic Security Centre (DESC) certification audit to operate as a Tier 1 cloud service provider (CSP) for the AWS Middle East (UAE) Region. This alignment with DESC requirements demonstrates our continuous commitment to adhere …
Amazon Web Services (AWS) is excited to announce that AWS Wickr has achieved Federal Risk and Authorization Management Program (FedRAMP) authorization at the High impact level from the FedRAMP Joint Authorization Board (JAB). FedRAMP is a U.S. government–wide program that promotes the adoption of secure cloud services …
The U.S. Department of Justice (DoJ) has unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities. [...]
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. [...]