Cloud-based code hosting service GitHub wants to make open-source material more secure. The Microsoft service is expanding safety features with two new offerings in beta. Secret scanning alerts are now free for all public repositories while push-notifications for custom secret patterns are also being made available. Open-source code is now incorporated into a whopping 97 percent of applications, according to Synopsys, which says 90 percent of organizations rely on it to varying degrees. Yet the very access that contributes to its popularity also leaves it vulnerable to malicious actors, as emphasized by the SolarWinds, Log4j and other breaches. Continue reading GitHub Is Testing New Security Tools for Open-Source Code

Congresswoman Nanette Diaz Barragán (D-California), who serves on the House Committee on Homeland Security and the House Committee on Energy and Commerce, is concerned about the potential harm of cyberattacks in her 44th district, which includes of the Port of Los Angeles. Congressman Jay Obernolte (R-California), among his other assignments, is a member of the Committee of Science, Space and Technology and two caucuses, one on 5G and another on AI.  What they both have in common are concerns about cybersecurity, topics that were addressed during a panel at CES 2022. Continue reading CES: Members of Congress Discuss Cybersecurity Concerns

The “zero trust” policy envisioned by President Biden in May when he signed an executive order to improve cybersecurity has begun taking shape with the release last week of a draft blueprint by the White House Office of Management and Budget (OMB). While Biden’s order covers the public and private sectors “and ultimately the American people’s security and privacy,” zero trust focuses on identifying and implementing best practices for the federal government’s digital platforms and processes. Deployment will take years of investment and effort. To help jump-start the initiative, some primers have hit the news feeds. Continue reading Government Pursues ‘Zero Trust’ Approach to Cybersecurity

A Securities and Exchange Commission investigation into the 2020 Russian cyberattack of SolarWinds has corporate executives concerned over the possibility that information unearthed in the probe will expose them to liability. Companies suspected of or known to have been downloading compromised software updates from SolarWinds have received letters requesting records of all breaches since October 2019, raising fears that sensitive cyber incidents previously unreported and unrelated to SolarWinds may be revealed, providing the SEC with details that many companies may never have wanted to disclose. Continue reading SEC Probe of SolarWinds Attack Concerns Corporate Execs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, debuted the Joint Cyber Defense Collaborative (JCDC), which will leverage the expertise of Big Tech companies including Amazon, Google and Microsoft. According to CISA director Jen Easterly, the initiative’s aim is first to combat ransomware and cyberattacks on cloud-computing providers and ultimately to improve defense planning and information sharing between the government and private sectors. Continue reading U.S. Cybersecurity Agency Enlists Amazon, Google, Microsoft

Blaming Russia for attacks that interfered in the 2020 U.S. presidential election, President Biden imposed new sanctions on 32 entities and individuals in that country. Although sanctions will make it more difficult to partake in the global economy, the White House did not immediately limit Russia’s ability to borrow money on the global market. Biden noted he “chose to be proportionate” and “is not looking to kick off a cycle of escalation and conflict with Russia.” The FBI has also recently taken strong steps to stop Chinese hacking. Continue reading U.S. Takes Steps Against Russian and Chinese Cyberattacks

President Joe Biden is working on a draft executive order to require companies doing business with the federal government to report hacks within a few days. Homeland Security secretary Alejandro Mayorkas stated the order would also require the companies to use data encryption and two-factor authentication and would combat ransomware and improve protection for industrial control systems, transportation and election security. The SolarWinds hack has prompted the government to pay closer attention to cybersecurity. Continue reading Biden to Issue Executive Order Upgrading U.S. Cybersecurity

Facebook’s Red Team is tasked with spotting vulnerabilities on the platform before hackers do. Many tech companies have similar red teams but, at Facebook, Red Team manage Nat Hirsch and his colleague Vlad Ionescu saw an opportunity to do more after COVID-19 hit. Established last spring and headed by Ionescu, Facebook’s Red Team X both works independently with its internal, original Red Team and looks into weaknesses of third-party products that represent a potential threat to its own platform. Continue reading Facebook’s Red Team X Finds Bugs in Third Party Products

Russia and China recently ran sophisticated hacks from servers inside the United States, going undetected by the National Security Agency, which is prohibited from conducting surveillance in the U.S., as well as the FBI and Department of Homeland Security. Private computer security firms were the first to raise the alarm on these foreign attacks, and Microsoft reported that its patches are being reverse-engineered by criminal groups to launch ransomware attacks on corporations. The White House is paying attention. Continue reading Cybersecurity: White House Pursues Public-Private Alliances

The SolarWinds hack invaded at least nine U.S. government agencies and 100+ corporations. Now, Microsoft is at odds with Dell Technologies and IBM on the best way to secure data. Microsoft president Brad Smith stated that “cloud migration is critical to improving security maturity,” but the other two companies opine that a hybrid cloud and on-premise data storage is preferable. Smith stated that all the breached accounts Microsoft identified involved on-premise systems and that a hybrid system is more vulnerable to attacks. Continue reading After SolarWinds Hack, Big Tech Debates Cloud Data Security

In December, suspected Russian hackers compromised SolarWinds Corp., a small software vendor, leveraging it to infiltrate the U.S. departments of Commerce, State and Treasury, as well as numerous private companies. An in-depth investigation revealed that the hack’s scope was larger than first known, with about one-third of those hacked having no direct connection with SolarWinds. Now, the Biden administration has selected White House National Security Council senior official Anne Neuberger to lead the response. Continue reading White House Names Official to Lead Probe of Expansive Hack