Security News

Cripes, they actually sound serious Public companies that suffer a computer crime likely to cause a "material" hit to an investor will soon face a four-day time limit to disclose the incident,...

Legislation moves slowly, but in 2023 almost all five of the below regulations will take effect, making it a huge year for state data privacy acts. Virginia Consumer Data Protection Act: The second state privacy act, passed in March of 2021 and went into effect on January 1st of 2023.

Seven US artificial intelligence giants - Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI - have publicly committed to "Help move toward safe, secure, and transparent development of AI technology." Test the security of their AI systems before launch Share knowledge about AI risk management best practices among themselves and with the government.

A stolen Microsoft security key may have allowed Beijing-backed spies to break into a lot more than just Outlook and Exchange Online email accounts. Microsoft still, to the best of our knowledge, does not know how this incredibly powerful private signing key was obtained, and has revoked that key.

The US government is warning that threat actors breached the network of a U.S. organization in the critical infrastructure sector after exploiting a zero-day RCE vulnerability currently identified as CVE-2023-3519, a critical-severity issue in NetScaler ADC and Gateway that Citrix patched this week. Because the targeted NetScaler ADC appliance was in a segregated environment on the network, the hackers were not able to move laterally to a domain controller, CISA says.

The Atlantic Council released a detailed commentary on the White House's new "Implementation Plan for the 2023 US National Cybersecurity Strategy." Lots of interesting bits. First, the plan contains a more concrete list of actions than its parent strategy, with useful delineation of lead and supporting agencies, as well as timelines aplenty.

The U.S. government has banned European commercial spyware manufacturers Intellexa and Cytrox, citing risks to U.S. national security and foreign policy interests. Google's Threat Analysis Group linked the Cytrox in May 2022 with multiple zero-day vulnerabilities used to deploy Predator spyware on Android devices.

The US government on Tuesday added commercial spyware makers Intellexa and Cytrox to its Entity List, saying the duo are a possible threat to national security. Adding Intellexa and Cytrox to the Entity List places export restrictions on the software vendors as part of the Biden administration's ongoing crackdown against commercial surveillance technology.

Mil US military addresses were actually directed at. As a result of that one-character typo, medical data, identity documents, maps of military installations, travel itineraries, bookings for high-ranking military leaders, and more have been fired off at.

A Chinese hacking group has breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies, according to Microsoft. "Microsoft investigations determined that Storm-0558 gained access to customer email accounts using Outlook Web Access in Exchange Online and Outlook.com by forging authentication tokens to access user email," Microsoft said in a blog post published late Tuesday evening.