Security News

54% of businesses now have a defined policy in place to deal with ransomware attacks - whether this means paying a ransom, relying on insurance policies or refusing to pay at all, according to Databarracks. A ransomware policy may differ 21% have a policy to never pay a ransom.

Fugue announced Regula 1.0, an open source policy engine for infrastructure as code security. Available at GitHub, the tool includes support for common IaC tools such as Terraform and AWS CloudFormation, prebuilt libraries with hundreds of policies that validate AWS, Microsoft Azure, and Google Cloud resources, and new developer tooling to support custom rules development and testing with Open Policy Agent.

When you're implementing a password policy for your AD with GDPR compliance in mind it's a good idea to use a 3-rd party tool to help your password policy reach your entire end-user directory. During a password change in Active Directory, this service will block and notify users if the password they have chosen is found in a list of leaked passwords and provides dynamic feedback for password compliance.

The U.S. Cybersecurity and Infrastructure Security Agency today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy platform. Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch agencies identify and address vulnerabilities in critical systems.

48% of organizations don't have a user verification policy in place for incoming calls to IT service desks, according to Specops Software. The survey found that 28% of the companies that actually do have a user verification policy in place are not satisfied with their current policy due to security and usability issues.

The policy change, first spotted by TechCrunch, went into effect on June 2. TikTok users who reside in the European Economic Area, the U.K., Switzerland, and other geographies where the service operates are exempted from the changes.

Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service. Stating that it will not allow the use of GitHub in direct support of unlawful attacks or malware campaigns that cause technical harm, the company said it may take steps to disrupt ongoing attacks that leverage the platform as an exploit or a malware content delivery network.

If you rely on your insurer to pay off crooks after a successful ransomware attack, you wouldn't be the only one. When you're dealing with a ransomware attack, how much do you know about who you're making a payment to? And what's the role of not just the insurer but also, say, the intermediary company that the insurer contracts with to negotiate the payment?

"No one will have their accounts deleted or lose functionality of WhatsApp on May 15 because of this update," the Facebook-owned messaging service said in a statement. The move marked a turnaround from its previous stance earlier this year when the company outlined plans to make the accounts inaccessible completely should users choose not to comply with the data-sharing agreement and opt not to have their WhatsApp account information shared with Facebook.

GitHub wants to update its policies regarding security research, exploits and malware, but the cybersecurity community is not happy with the proposed changes. The community has been asked to provide feedback until June 1 on proposed clarifications regarding exploits and malware hosted on GitHub.