News Analyses

power plant utilities energy innovation industrial iot american public power association unsplash

New DOE document names China, Russia as threats to US bulk power system

A US Department of Energy RFI seeks information on energy industry's supply chain security practices following executive order to develop industry regulations.

5G light trails

Domestic 5G development at core of US communications security plan

New NTIA document outlines White House 5G security goals, which promote home-grown R&D and call for continuous risk assessment and management.

USA / United States of America stars + stripes and binary code superimposed over The White House

Bipartisan bill could bring back the White House national cyber director role

Cyberspace Solarium Commission leaders introduce the National Cyber Director Act to reintroduce cybersecurity expertise into the White House.

Glowing blue montage of hand keying in password at ATM

Vulnerable drivers can enable crippling attacks against ATMs and POS systems

Newly discovered vulnerabilities could allow more persistent and destructive attacks on popular models of ATM and POS devices.

backdoor / abstract security circuits, locks and data blocks

New Republican bill latest in long line to force encryption backdoors

Here we go again. Senate Republicans push a new bill to mandate "lawful access" to encrypted devices and data. It won't end until law enforcement has better cyber forensics capabilities.

CSO slideshow - Insider Security Breaches - Flag of China, binary code

Data security risks threaten approval of Chinese undersea cable plan

The US government's "Team Telecom" wants to partially deny a proposed undersea cable connection between the US and Hong Kong over surveillance, data theft concerns.

cso information security policy risk management writing policy by metamorworks getty 2400x1600

Revised DOJ compliance guidance offers risk-management lessons for cybersecurity leaders

Prosecutors use this guidance to assess criminal liability in a compliance breach, so it behooves business and security leaders to understand the expectations.

iot security

Critical flaws in embedded TCP/IP library impact millions of IoT devices across industries

The memory corruption flaws exist in a wide range of commercial and consumer devices, and can allow full takeover of them.

Wireless telecommunications tower emanating concentric waves of transmission.

Senate subcommittee blasts FCC and Team Telecom approach to Chinese supply chain threats

A report claims that oversight of Chinese telecoms for security threats to the US communications supply chain is lacking and without adequate authority.

A hacker targets a sitting duck  >  easy target / easy pickings / victim targeting

Enterprise internet attack surface is growing, report shows

Attackers are taking advantage of the COVID-19 crisis to exploit pre-existing and newly introduced vulnerabilities across a wide range of attack points.

Microsoft Windows 7 security patches/updates

Local attackers can use Group Policy flaw to take over enterprise Windows systems

Microsoft issues a patch to fix a flaw that could allow compromised non-privileged user accounts to place malicious DLLs on a system.

USA / United States Capitol Building / Congress / abstract digital infrastructure

New cybersecurity recommendations for US government target IoT, social media

The COVID-19 pandemic spurs the Cyberspace Solarium Commission policy initiative to issue a set of four security recommendations for the federal government in the wake of the crisis.

HTTP prefix sympolizing a web address / URL/ domain being manipulated by a hacker.

Why abandoned domain names are so dangerous

Abandoned domain names are low-hanging fruit for attackers, who can use them to access sensitive email or customer data.

SAP

Install latest SAP Adaptive Server Enterprise patches, experts urge

If left unpatched, these SAP ASE vulnerabilities could give attackers full control of databases and servers.

Patch + update options  >  Pixelized tools + refresh symbol with branching paths

Cloud infrastructure operators should quickly patch VMware Cloud Director flaw

Left unpatched, this command injection flaw could allow attackers to take control of a virtualized cloud infrastructure.

hackathon contest computer competition hacking

Cyber LEAP Act aims for innovations through Cybersecurity Grand Challenges

New bill seeks to set up competitions across the US to spur security breakthroughs.

collaboration / strategy / teamwork / transformation

Rethinking collaboration: 6 vendors offer new paths to remote work

With the need for efficient collaboration tools exploding in recent months, a variety of companies hope to refine how those tools work and what they can do. We look at six now pushing the envelope.

Cloud security threats  >  Lightning strikes a digital landscape via binary clouds.

Use of cloud collaboration tools surges and so do attacks

Some industries have seen increases in cloud-related threat events rise as much as 1,350% since the COVID-19 crisis began.

Aerial view of the United States as a nationwide grid.

Executive order boots “foreign adversaries” from US electric grid over security concerns

White House action implies that China is "creating and exploiting" vulnerabilities in the US power grid. Experts say hardware backdoors have the potential for doing significant damage.

a clock half-submerged in water

Cloud configuration drift leaves organizations open to attack, research finds

Undocumented cloud configuration changes, whether done by attackers or for legitimate business reasons, present a significant security threat.

Load More