US warns of North Korean hackers posing as IT freelancers
Companies and other organizations should be careful when employing IT freelancers, lest they end up hiring North Korean hackers. The advice comes from the US Department of …
guidelines
Navigating the waters of maritime cybersecurity
In January 2021, new International Maritime Organization (IMO) guidelines on maritime cyber risk management went into effect. Around the same time, the U.S. government …
Guide: Security measures for IoT product development
The European Union Agency for Cybersecurity (ENISA) released its Guidelines for Securing the IoT, which covers the entire IoT supply chain – hardware, software and services. …
In the era of AI, standards are falling behind
According to a recent study, only a minority of software developers are actually working in a software development company. This means that nowadays literally every company …
FIRST releases updated coordination principles for Multi-Party Vulnerability Coordination and Disclosure
The Forum of Incident Response and Security Teams (FIRST) has released an updated set of coordination principles – Guidelines for Multi-Party Vulnerability Coordination and …
How to gather cyber threat intelligence from dark markets without breaking US law
The U.S. Department of Justice’s Cybersecurity Unit has released guidelines for organizations that want to gather cyber threat intelligence from dark web forums/markets but, …
ENISA publishes procurement guidelines for cybersecurity in hospitals
The EU Agency for Cybersecurity (ENISA) published a cybersecurity procurement guide for hospitals. The hospital is a vast ecosystem comprised of an entire network of devices, …
Guidelines for assessing ISPs’ security measures in the context of net neutrality
According to the EU’s net neutrality regulation, called the Open Internet Regulation, which came into force in 2016, internet providers should treat all internet traffic to …
US DOJ publishes guidelines for setting up a vulnerability disclosure program
Instituting a vulnerability disclosure program (aka bug bounty program) that won’t blow up in the organization’s face can be a daunting task. Some will prefer to …
How to securely deploy medical devices within a healthcare facility
The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever. A surgical …
We have to start thinking about cybersecurity in space
With all the difficulties we’ve been having with securing computer systems on Earth, the cybersecurity of space-related technology is surely the last thing on security …
DHS releases guidelines for CISA-sanctioned cybersecurity information sharing
The US Department of Homeland Security has published guidelines on how the private sector and federal entities can share cyber threat indicators (CTIs) with the US federal …