government
Cyber readiness and SBOMs
The Advanced Technology Academic Research Center (ATARC) recently hosted the webinar "Unlocking Cyber Readiness with SBOMs," focusing on the essential role of software bills of materials (SBOMs) in enhancing cybersecurity frameworks across ...
French Gov. Leaks 43 Million People’s Data — ‘France Travail’ Says Sorry
La grande cybermalveillance: French government’s employment agency loses control of citizens’ data after biggest breach in Gallic history ...
NVD overload: Unveiling a hidden crisis in vulnerability management
In a Linkedin Live session yesterday, Ilkka Turunen, Field CTO of Sonatype, and Brian Fox, co-founder and CTO, discussed an ongoing critical yet underreported issue in the National Vulnerability Database (NVD) ...
Secure Software Development Attestation Form: Sonatype helps you comply
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) unveiled the final version of the Secure Software Development Attestation Form. This pivotal ...
Insight Into the DDoS Attacks on the French Government
The attacks are ongoing as of this writing. Here are a few screenshots of data and some insight. I’ll make sure to keep it brief since you have seen this news in ...
Emulating the Sabotage-Focused Russian Adversary Sandworm
AttackIQ has released a new assessment template that emulates the various Post-Compromise Tactics, Techniques, and Procedures (TTPs) associated with the politically motivated Russian adversary Sandworm. The post Emulating the Sabotage-Focused Russian Adversary ...
Response to CISA Advisory (AA24-057A): SVR Cyber Actors Adapt Tactics for Initial Cloud Access
AttackIQ recommends that customers take the following testing actions in alignment to the recently published CISA Advisory (AA24-057A) which details recent Tactics, Techniques, and Procedures (TTPs) exhibited by the Russian Foreign Intelligence ...
A demand for real consequences: Sonatype’s response to CISA’s Secure by Design
In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) ...
DoD Email Breach: Pentagon Tells Victims 12 Months Late
3TB Email FAIL: Personal info of tens of thousands leaks. Microsoft cloud email server was missing a password ...
Dream Job, or Is It?
In the summer of 2020, ClearSky, a venture capital and growth equity firm investing in innovative companies in the cybersecurity and sustainable energy sectors, investigated into a campaign dubbed "Dream Job," highly ...