The ransomware epidemic is starting to feel like one continuous incident report and a growing national security concern - not to mention the dormant "ghost in the machine" capabilities that have …
Fortinet Patches Critical RCE Vulnerability in FortiClientLinux
Fortinet has released patches for a dozen vulnerabilities, including a critical remote code execution (RCE) flaw, CVE-2023-45590, affecting FortiClientLinux, which could allow attackers to execute …
Continue Reading about Fortinet Patches Critical RCE Vulnerability in FortiClientLinux
The Water Sector Is Being Threatened. That Should Worry Everyone
In December 2023, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the …
Continue Reading about The Water Sector Is Being Threatened. That Should Worry Everyone
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Major Linux distributions have been impacted by a supply chain attack involving backdoored versions of the XZ Utils data compression library. The code was designed to execute at the end of configure …
Continue Reading about Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Government Agencies are in the Fight Against Chinese Human Targeting and Cyber Espionage. Will it be Enough?
Every year, we make a point of returning to a few social psychology, organizational behavior, and human behavioral psychology factors, namely how your organization should integrate the threat of human …
Are Chinese-Made Ship-to-Shore Cranes at U.S. Ports a Critical Infrastructure Vulnerability?
The 2023 National Defense Authorization Act (NDAA) (made into law in December 2022) included some specific military-related cybersecurity provisions, including a required study of cybersecurity and …
US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities
The US cybersecurity agency CISA and the FBI published an alert on Monday calling for organizations to eliminate SQL injection vulnerabilities in their software products. These flaws represent a class …
Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon
Government agencies within the Five Eyes countries (US, UK, Canada, Australia, and New Zealand) have issued a threat warning for critical infrastructure entities of Volt Typhoon. Volt Typhoon is a …
Continue Reading about Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon
For the Cybersecurity Community: A Call to Action for Memory-safe Strategies and “Better Diagnostics that Measure Cybersecurity Quality”
In late February, "the National Cyber Director (ONCD) released a report calling on the technical community to proactively reduce the attack surface in cyberspace. ONCD makes the case that technology …
White House Budget Proposal Seeks Cybersecurity Funding Boost
The White House has unveiled a $7.3 trillion budget proposal for fiscal year 2025, with a significant focus on increasing cybersecurity spending. The plan allocates $13 billion in cybersecurity …
Continue Reading about White House Budget Proposal Seeks Cybersecurity Funding Boost