TSA makes changes to new cyber requirements after industry feedback

The Transportation Security Administration is softening the deadlines on new cybersecurity requirements for major passenger and freight rail operators, as the agency’s leader said it learned from efforts earlier this year to begin regulating the cybersecurity of the pipeline sector. Read More …

Step Towards Foresight on Emerging Cybersecurity Challenges

ENISA kicks off a new area of work in line with its Strategy objective “Foresight on Emerging and Future Cybersecurity Challenges”. As a key element of ENISA’s strategy, foresight increases knowledge and understanding of emerging and future challenges, thus providing Read More …

Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure

Security researchers have checked the web’s public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities. Certificate Authorities, or CAs, vouch for the digital certificates we use to establish trust online. You can be Read More …

EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms

New research into the security posture of Europe’s top pharmaceutical giants has revealed concerning levels of vulnerabilities and weak spots in web applications. On Thursday, Outpost24 published new research that claims the top 10 pharmaceutical countries in the region are Read More …

Discovering the Exploitable Security Gaps in Remote Work Spaces

Working and living areas are getting smarter every year as owners adopt new technology and continuously upgrade old devices to fit into modernized spaces. This has enabled many professionals to work or run their business virtually from home. International conferences Read More …

CISA Binding Operational Directive 22-01 – Reducing the Significant Risk of Known Exploited Vulnerabilities

A binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems. Section 3553(b)(2) of title 44, U.S. Code, authorizes the Secretary of the Department of Homeland Security Read More …

Ransomware has proliferated because it’s ‘largely uncontested’, says GCHQ boss

If you’ve wondered why ransomware has proliferated in recent years, it’s because until recently it has remained unchallenged, according to Sir Jeremy Fleming, director of British signals intelligence agency GCHQ. “We’ve seen twice as many [ransomware] attacks this year as Read More …

CISA: Critical RCE Vulnerability in Discourse

Discourse—an open source discussion platform—has released a security advisory to address a critical remote code execution (RCE) vulnerability (CVE-2021-41163) in Discourse versions 2.7.8 and earlier. CISA urges developers to update to patched versions 2.7.9 or later or apply the necessary Read More …

Joint CISA, FBI and NSA Cybersecurity Advisory – BlackMatter Ransomware

This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware. Since July 2021, BlackMatter ransomware has targeted multiple Read More …