incident reporting – Experimental News Clipping Site

The Register: UK threatens £100K-a-day fines under new cyber bill

Apr 1, 2025

—

by

Source URL: https://www.theregister.com/2025/04/01/uk_100k_fines_csr/ Source: The Register Title: UK threatens £100K-a-day fines under new cyber bill Feedly Summary: Tech secretary reveals landmark legislation’s full details for first time The UK’s technology secretary revealed the full breadth of the government’s Cyber Security and Resilience (CSR) Bill for the first time this morning, pledging £100,000 ($129,000) daily fines…

The Register: US defense contractor cops to sloppy security, settles after infosec lead blows whistle

Mar 26, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/26/us_defense_contractor/ Source: The Register Title: US defense contractor cops to sloppy security, settles after infosec lead blows whistle Feedly Summary: MORSE to pay — .. .-.. .-.. .. — -. … for failing to meet cyber-grade A US defense contractor will cough up $4.6 million to settle complaints it failed to meet cybersecurity…

Alerts: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066

Mar 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066 Source: Alerts Title: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066 Feedly Summary: A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including,…

The Register: New kids on the ransomware block channel Lockbit to raid Fortinet firewalls

Mar 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/03/14/ransomware_gang_lockbit_ties/ Source: The Register Title: New kids on the ransomware block channel Lockbit to raid Fortinet firewalls Feedly Summary: It’s March already and you haven’t patched? Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January.… AI Summary and Description:…

Hacker News: How to gain code execution on hundreds of millions of people and popular apps

Feb 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://kibty.town/blog/todesktop/ Source: Hacker News Title: How to gain code execution on hundreds of millions of people and popular apps Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a security vulnerability discovered in the “todesk” application bundler, highlighting a significant exploit that allows arbitrary code execution in various applications relying…

CSA: What is Third-Party Risk Management and Why Does It Matter?

Jan 24, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.schellman.com/blog/cybersecurity/what-is-tprm-and-why-does-it-matter Source: CSA Title: What is Third-Party Risk Management and Why Does It Matter? Feedly Summary: AI Summary and Description: Yes Summary: The text emphasizes the growing importance of Third-Party Risk Management (TPRM) in the cybersecurity landscape as organizations increasingly rely on vendors. It outlines key components of TPRM and stresses the necessity…

The Register: Infosec was literally the last item in Trump’s policy plan, yet major changes are likely on his watch

Jan 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/22/trump_cyber_policy/ Source: The Register Title: Infosec was literally the last item in Trump’s policy plan, yet major changes are likely on his watch Feedly Summary: Everyone agrees defense matters. How to do it is up for debate Feature The Trump administration came to office this week without a detailed information security policy, but…

CSA: Enhancing NIS2/DORA Compliance: A Business-Centric Approach

Jan 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.devoteam.com/expert-view/enhancing-nis2-dora-compliance-a-business-centric-approach/ Source: CSA Title: Enhancing NIS2/DORA Compliance: A Business-Centric Approach Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the European Union’s NIS2 Directive and the Digital Operational Resilience Act (DORA), emphasizing their importance in enhancing cybersecurity across various sectors. It introduces the Alert Readiness Framework (ARF) as a practical tool…

The Register: UK floats ransomware payout ban for public sector

Jan 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/14/uk_ransomware_payout_ban/ Source: The Register Title: UK floats ransomware payout ban for public sector Feedly Summary: Stronger proposals may also see private sector applying for a payment ‘license’ A total ban on ransomware payments across the public sector might actually happen after the UK government opened a consultation on how to combat the trend…

Alerts: CISA Adds One Vulnerability to the KEV Catalog

Jan 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.cisa.gov/news-events/alerts/2025/01/08/cisa-adds-one-vulnerability-kev-catalog Source: Alerts Title: CISA Adds One Vulnerability to the KEV Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282 Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the…

Tag: incident reporting