Security Bulletin

The Cloud Safe Task Force aims to unite the US government and cloud service providers, like Amazon, Google, IBM, Microsoft, and Oracle, to provide a "National Cyber Feed": a continuous threat-monitoring tool for federal agencies.

Records of over 100 million AT&T customers' calls and texts affected — “nearly all.”

Today, I noticed some exploit attempts against an older vulnerability in the "Nette Framework", CVE-2020-15227 [1].

Agencies say flaws are preventable and can be addressed with secure-by-design principles.

Even though the new incident reporting rules create pressure, they serve as a forcing function for building a strong security foundation.

Cyber spending requests should consider the recently issued critical infrastructure national security memorandum, according to a memo issued by Office of Management and Budget Director Shalanda Young and National Cyber Director Harry Coker Jr.

Officials at Clay County, Indiana, have submitted a local disaster declaration filing following a ransomware incident earlier this week that resulted in the disruption of its courthouse, corrections, and probation offices.

Information compromised in the incident, including names and other personal data, has not been misused by attackers, said ARRL in a filing with the Office of Maine's Attorney General.

Attackers have only obtained access to an archive of The Daily Signal website dating back to 2022 but not access to any of the think tank's systems, according to Heritage spokesperson Noah Weinrich.

Infiltration of systems enabled attackers to exfiltrate individuals' names, birthdates, Social Security numbers, and other government-issued ID numbers stored between April 14 and May 24.

Assessment of the leaked dataset revealed the compromise of millions of customer service tickets, some of which pertained to senior-ranking U.S. military officials.