Security News

Infosec in brief US senator Ron Wyden thinks it's Microsoft's fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and "Hold Microsoft responsible for its negligent cyber security practices." The Chinese hack of Microsoft's hosted email service, you may recall, occurred because suspected Chinese hackers were able to steal an encryption key used for Microsoft account services.

Cripes, they actually sound serious Public companies that suffer a computer crime likely to cause a "material" hit to an investor will soon face a four-day time limit to disclose the incident,...

Legislation moves slowly, but in 2023 almost all five of the below regulations will take effect, making it a huge year for state data privacy acts. Virginia Consumer Data Protection Act: The second state privacy act, passed in March of 2021 and went into effect on January 1st of 2023.

Seven US artificial intelligence giants - Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI - have publicly committed to "Help move toward safe, secure, and transparent development of AI technology." Test the security of their AI systems before launch Share knowledge about AI risk management best practices among themselves and with the government.

A stolen Microsoft security key may have allowed Beijing-backed spies to break into a lot more than just Outlook and Exchange Online email accounts. Microsoft still, to the best of our knowledge, does not know how this incredibly powerful private signing key was obtained, and has revoked that key.

The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week. Because the targeted NetScaler ADC appliance was in a segregated environment on the network, the hackers were not able to move laterally to a domain controller, CISA says.

The Atlantic Council released a detailed commentary on the White House's new "Implementation Plan for the 2023 US National Cybersecurity Strategy." Lots of interesting bits. First, the plan contains a more concrete list of actions than its parent strategy, with useful delineation of lead and supporting agencies, as well as timelines aplenty.

The U.S. government has banned European commercial spyware manufacturers Intellexa and Cytrox, citing risks to U.S. national security and foreign policy interests. Google's Threat Analysis Group linked the Cytrox in May 2022 with multiple zero-day vulnerabilities used to deploy Predator spyware on Android devices.

The US government on Tuesday added commercial spyware makers Intellexa and Cytrox to its Entity List, saying the duo are a possible threat to national security. Adding Intellexa and Cytrox to the Entity List places export restrictions on the software vendors as part of the Biden administration's ongoing crackdown against commercial surveillance technology.

Mil US military addresses were actually directed at. As a result of that one-character typo, medical data, identity documents, maps of military installations, travel itineraries, bookings for high-ranking military leaders, and more have been fired off at.