Hot Topics

government

Cyber readiness and SBOMs

Cyber readiness and SBOMs

| | Federal, government, SBOM, software bill of materials, Webinar
The Advanced Technology Academic Research Center (ATARC) recently hosted the webinar "Unlocking Cyber Readiness with SBOMs," focusing on the essential role of software bills of materials (SBOMs) in enhancing cybersecurity frameworks across ...
Sonatype Blog
Présidente de France Travail, Alexandre Saubot

French Gov. Leaks 43 Million People’s Data — ‘France Travail’ Says Sorry

| | Alexandre Saubot, Cap emploi, CNIL, cyber attacks on governm, devops in government, DevSecOps in Government, digital government, European Governments, france, France Travail, government, Government & Regulatory News, government agencies, Government Authority, SB Blogwatch
La grande cybermalveillance: French government’s employment agency loses control of citizens’ data after biggest breach in Gallic history ...
Security Boulevard
NVD overload: Unveiling a hidden crisis in vulnerability management

NVD overload: Unveiling a hidden crisis in vulnerability management

| | component governance, dependencies, Events and Webinars, government, Vulnerabilities
In a Linkedin Live session yesterday, Ilkka Turunen, Field CTO of Sonatype, and Brian Fox, co-founder and CTO, discussed an ongoing critical yet underreported issue in the National Vulnerability Database (NVD) ...
Sonatype Blog
Secure Software Development Attestation Form: Sonatype helps you comply

Secure Software Development Attestation Form: Sonatype helps you comply

| | CISA best practices, FEATURED, Federal, government, News and Views, secure software supply chain
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) unveiled the final version of the Secure Software Development Attestation Form. This pivotal ...
Sonatype Blog
Figure 1. Attack Types

Insight Into the DDoS Attacks on the French Government

| | Cyber Security, government, Network Security
The attacks are ongoing as of this writing. Here are a few screenshots of data and some insight. I’ll make sure to keep it brief since you have seen this news in ...
A10 Networks Blog: Cyber Security

Emulating the Sabotage-Focused Russian Adversary Sandworm

| | adversary emulation, Energy, government, Media, Media & Entertainment, Resources & Utilities, Russia, Sandworm
AttackIQ has released a new assessment template that emulates the various Post-Compromise Tactics, Techniques, and Procedures (TTPs) associated with the politically motivated Russian adversary Sandworm. The post Emulating the Sabotage-Focused Russian Adversary ...
AttackIQ

Response to CISA Advisory (AA24-057A): SVR Cyber Actors Adapt Tactics for Initial Cloud Access

| | adversary emulation, APT29, CISA Alert, government, Russia, SVR
AttackIQ recommends that customers take the following testing actions in alignment to the recently published CISA Advisory (AA24-057A) which details recent Tactics, Techniques, and Procedures (TTPs) exhibited by the Russian Foreign Intelligence ...
AttackIQ
A demand for real consequences: Sonatype's response to CISA's Secure by Design

A demand for real consequences: Sonatype’s response to CISA’s Secure by Design

| | CISA best practices, Cybersecurity, government, News and Views, Thought Leaders
In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) ...
Sonatype Blog
DoD HQ, “The Pentagon”

DoD Email Breach: Pentagon Tells Victims 12 Months Late

| | Anurag Sen, azure, Azure cloud, Azure Government Cloud, Compliance Automation Platform for FedRAMP, data privacy PII, defense department, Department of Defense, devops in government, DevSecOps in Government, digital government, DoD, email, Federal Government, Federal Government Bids, FedRAMP, fedramp accreditation;, fedramp ato, fedramp certification, fedramp compliance, government, Microsoft Azure, Microsoft Azure Security, Microsoft Exchange, Microsoft Exchange Server, pentagon, pii, PII Leakage, SB Blogwatch, U.S. Department of Defense, United States Department of Defense, US DOD, USDoD, USSOCOM
3TB Email FAIL: Personal info of tens of thousands leaks. Microsoft cloud email server was missing a password ...
Security Boulevard

Dream Job, or Is It?

| | Aerospace, AttackIQ Flex, Defense, Energy, government, Lazarus Group, Operation Dream Job, social engineering
In the summer of 2020, ClearSky, a venture capital and growth equity firm investing in innovative companies in the cybersecurity and sustainable energy sectors, investigated into a campaign dubbed "Dream Job," highly ...
AttackIQ
Load more