government
French Gov. Leaks 43 Million People’s Data — ‘France Travail’ Says Sorry
Richi Jennings | | Alexandre Saubot, Cap emploi, CNIL, cyber attacks on governm, devops in government, DevSecOps in Government, digital government, European Governments, france, France Travail, government, Government & Regulatory News, government agencies, Government Authority, SB Blogwatch
La grande cybermalveillance: French government’s employment agency loses control of citizens’ data after biggest breach in Gallic history ...
Security Boulevard
NVD overload: Unveiling a hidden crisis in vulnerability management
Aaron Linskens | | component governance, dependencies, Events and Webinars, government, Vulnerabilities
In a Linkedin Live session yesterday, Ilkka Turunen, Field CTO of Sonatype, and Brian Fox, co-founder and CTO, discussed an ongoing critical yet underreported issue in the National Vulnerability Database (NVD) ...
Secure Software Development Attestation Form: Sonatype helps you comply
Ilkka Turunen | | CISA best practices, FEATURED, Federal, government, News and Views, secure software supply chain
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) unveiled the final version of the Secure Software Development Attestation Form. This pivotal ...
Insight Into the DDoS Attacks on the French Government
The attacks are ongoing as of this writing. Here are a few screenshots of data and some insight. I’ll make sure to keep it brief since you have seen this news in ...
Emulating the Sabotage-Focused Russian Adversary Sandworm
Francis Guibernau | | adversary emulation, Energy, government, Media, Media & Entertainment, Resources & Utilities, Russia, Sandworm
AttackIQ has released a new assessment template that emulates the various Post-Compromise Tactics, Techniques, and Procedures (TTPs) associated with the politically motivated Russian adversary Sandworm. The post Emulating the Sabotage-Focused Russian Adversary ...
Response to CISA Advisory (AA24-057A): SVR Cyber Actors Adapt Tactics for Initial Cloud Access
AttackIQ recommends that customers take the following testing actions in alignment to the recently published CISA Advisory (AA24-057A) which details recent Tactics, Techniques, and Procedures (TTPs) exhibited by the Russian Foreign Intelligence ...
A demand for real consequences: Sonatype’s response to CISA’s Secure by Design
In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) ...
DoD Email Breach: Pentagon Tells Victims 12 Months Late
Richi Jennings | | Anurag Sen, azure, Azure cloud, Azure Government Cloud, Compliance Automation Platform for FedRAMP, data privacy PII, defense department, Department of Defense, devops in government, DevSecOps in Government, digital government, DoD, email, Federal Government, Federal Government Bids, FedRAMP, fedramp accreditation;, fedramp ato, fedramp certification, fedramp compliance, government, Microsoft Azure, Microsoft Azure Security, Microsoft Exchange, Microsoft Exchange Server, pentagon, pii, PII Leakage, SB Blogwatch, U.S. Department of Defense, United States Department of Defense, US DOD, USDoD, USSOCOM
3TB Email FAIL: Personal info of tens of thousands leaks. Microsoft cloud email server was missing a password ...
Security Boulevard
Dream Job, or Is It?
Madison Steel | | Aerospace, AttackIQ Flex, Defense, Energy, government, Lazarus Group, Operation Dream Job, social engineering
In the summer of 2020, ClearSky, a venture capital and growth equity firm investing in innovative companies in the cybersecurity and sustainable energy sectors, investigated into a campaign dubbed "Dream Job," highly ...
In the Cyber Jungle, the Mighty Mustang Panda Phishes Tonight
A mischievous threat actor known as Mustang Panda prowls silently through the cyber underbrush, orchestrating sophisticated spear-phishing campaigns. The post In the Cyber Jungle, the Mighty Mustang Panda Phishes Tonight appeared first ...