Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure
North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure …
Large-scale breaches overshadow decline in number of healthcare data incidents
While H1 2023 saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a …
A closer look at the new TSA oil and gas pipeline regulations
The TSA has announced updates to its Security Directive (SD) to strengthen the operational resilience of oil and natural gas pipeline owners and operators against …
Federal agencies gear up for zero trust executive order deadline
Federal agencies are prepared to meet the zero trust executive order requirements from the Biden Administration with just over a year until the deadline, according to …
Why the “voluntary AI commitments” extracted by the White House are nowhere near enough
Representatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI recently convened at the White House for a meeting with President Biden with the stated …
SEC cybersecurity rules shape the future of incident management
The SEC adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding …
White House launches AI Cyber Challenge to make software more secure
The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the …
What to know about FedRAMP Rev. 5 Baselines
In this Help Net Security video, Kaus Phaltankar, CEO at Caveonix, discusses how the recent approval of the FedRAMP Rev. 5 Baselines is a significant step forward in the cloud …
For TSA’s updated Pipeline Security Directive, consistency and collaboration are key
Late last month, the Transportation Security Administration renewed and updated its security directive aimed at enhancing the cybersecurity of oil and natural gas pipelines. …
US government outlines National Cyber Workforce and Education Strategy
After the release of a National Cybersecurity Strategy and its implementation plan, the Biden-Harris Administration has unveiled the National Cyber Workforce and Education …
National Cyber Strategy Implementation Plan: What you need to know
The Biden-Harris Administration’s recently released National Cybersecurity Strategy calls for two fundamental shifts in how the United States allocates roles, …
SEC adopts new cybersecurity incident disclosure rules for companies
The Securities and Exchange Commission (SEC) today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an …
Featured news
Resources
Don't miss
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)
- RIFT: New open-source tool from Microsoft helps analyze Rust malware
- Are we securing AI like the rest of the cloud?