DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
Vulnerabilities in enterprise file transfer solutions can lead to elevated risk. Now would be a good time to check your organization’s managed filed transfer service....more
The U.S. Securities and Exchange Commission ("SEC") has charged SolarWinds Corp. (SolarWinds) and the company's chief information security officer ("CISO") with securities fraud and violations of internal controls...more
On October 30, 2023, the US Securities and Exchange Commission ("SEC") announced that it filed charges against SolarWinds Corp. ("SolarWinds" or the "Company") and its Chief Information Security Officer ("CISO") in connection...more
Incident response (IR) has undergone a drastic transformation in the past two decades, adapting to the relentless evolution of the cyber threat landscape. In the early 2000s, as the internet became more deeply ingrained in...more
An information security framework, when done properly, will allow any security leader to more intelligently manage their organization's cyber risk. The framework consists of a number of documents that clearly define the...more
According to the National Security Agency, actors backed by the Chinese government are actively targeting a zero-day vulnerability in two commonly-used Citrix networking devices. The exploit (CVE-2022-27518) affects Citrix...more
“Side-Channel” attacks generally refer to a type of criminal cyber attacker activity that exploits vulnerabilities so that the attacker can collect and analyze “leakage” of data from a device, as a means to identify certain...more
The National Institutes of Science and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain Security Guidance,” in response to directives set forth in President...more
This is the final installment in a series of articles on the core functions of the National Institute of Standards and Technology (NIST) Privacy Framework where we cover the Protect function. As previously published in an...more
In this episode of Wiley Connected, Megan Brown talks with Melissa Vice, the Chief Operations Officer for DoD’s Vulnerability Disclosure Program (VDP) about trends and DoD cyber, including a new Pilot Program for the Defense...more
Earlier this month, it was reported that the National Security Agency (NSA) discovered a serious security flaw in Microsoft Windows 10 cryptographic functionality, CVE-2020-0601.That security flaw could render trust...more
2019 has been a year of pivotal developments for defense contractors in the realm of cybersecurity compliance. The Department of Defense (DoD) issued six guidance memoranda to assist its acquisition personnel in developing...more
Power Company Fined for Contractor Copying Data to its Own Insecure Network - Vendor management continues to be a problem for all industries, but some are scarier than others. The North American Electric Reliability Corp....more
In August 2016, the Federal Trade Commission (“FTC”) addressed the effect of the Cybersecurity Framework (“NIST Framework”) issued by the National Institute of Standards and Technology on FTC enforcement actions under Section...more
Cybersecurity risks to the nation's critical infrastructure (CI) – defined as 16 CI sectors, including transportation and maritime – continue to grow exponentially. The incoming Trump Administration has made it clear that...more
One day in the not too distant future, your organization may be fighting to protect its balance sheet against high-stakes claims in a cyber tort trial. Arrayed against you will be the best of the class action plaintiff’s...more
All organizations, including financial institutions, continue to face significant security threats across their wide ranging IT systems. Such organizations are particularly vulnerable if they cannot track networked devices...more