UK’s NCSC’s new CEO has flagged business risk of under-investment
Dr Horne has a "wealth of experience working with major companies and organisations" says GCHQ Anne Keast-Butler
Cybersecurity
A collection of 530 issues
As NVD flatlines, cybersecurity professionals call for urgent action
Consortium plans “doomed” as rumours swirl over vulnerability database program borkage.
PAN-OS vuln mitigation howler: “Disabling telemetry” no help
POCs for CVSS 10 bug are out of the bag, tens of thousands are exposed, and telemetry mitigation didn't work.
XZ Redux? Social engineering attacks on OSS intercepted
"These emails implored OpenJS to take action to update one of its popular JavaScript projects to ‘address any critical vulnerabilities'"
Sisense breach: CISO posts guidance amid frantic community action
"They have direct access to JDBC connections, to SSH, and to SaaS platforms... This is a worst case scenario"
Could Chrome be a real security weapon for defenders? A new $6/user proposition has potential...
From vanilla data breach risks to insider threats, Chrome Enterprise Premium's capabilities look worth exploring...
AWS took 6 months to fix Security Token Service bug - IAM policy simulator inadequate, says Stedi
"No system is infallible. Sometimes, it is AWS..."
Microsoft’s “top notch” China hack post-mortem was "troubling" speculation
"The loss of a signing key is a serious problem, but the loss of a signing key through unknown means is far more significant... Microsoft’s customers did not have essential facts needed to make their own risk assessments."
Microsoft roasted over “cascade of security failures” – authentication system utterly broken
"A corporate culture that deprioritized both enterprise security investments and rigorous risk management."
“Bring memes”: Dave Luber takes over as NSA Director of Cybersecurity from Rob Joyce
As well as coming under immediate pressure on social media chatterati to be immediately amusing and bring his meme A-game, Luber faces other challenges too...