DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
The “Bad Likert Judge” jailbreaking technique boasts a high attack success rate by using a three-step approach which employs the target LLM’s own understanding of harmful content to bypass the target LLM’s safety guardrails....more
The fintech revolution has reshaped the financial world, creating new opportunities to borrow, save, transact, and invest like never before. With no signs of slowing, fintech revenues are projected to grow sixfold from $245...more
The consequences of a cyberattack can be catastrophic, as we saw in the previous blog of this series. Cybersecurity is a business-wide responsibility that demands a proactive strategy extending far beyond technical solutions...more
It has now been more than six months since Congress allowed the statutory authority for the Chemical Facility Anti-Terrorism Standards (CFATS) program (6 CFR Part 27) to expire on July 28, 2023. EPA recently advised all...more
In one of the most clear-eyed and sobering assessments of the cyberthreat China poses to our nation’s critical infrastructure, the country’s foremost cybersecurity leaders recently testified that the Chinese Communist Party...more
The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory on October 11, 2023, urging companies (particularly those in the critical...more
Attackers are always refining the tools they use to improve the chances they can break through your defenses. Even small gaps can become a leverage point....more
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell...more
Businesses can breathe a little easier now that one of the world’s top five ransomware networks, the Hive, has been infiltrated and disbanded by the FBI....more
Medical device cybersecurity continues to create buzz, as the FBI issues a Private Industry Notification to health care providers outlining cybersecurity risks for medical devices. This follows FDA’s released Draft Guidance...more
Cyber risk management has significantly escalated in importance, during the last couple of years, as a result of companies overcoming the operational challenges of the pandemic, transitioning to hybrid working, preparing for...more
CYBERSECURITY - Cyber-Attack Disrupts Public Services in Fremont County, Colorado - Government offices and public services in Fremont County, Colorado, have been disrupted since August 17, 2022, due to a “cybersecurity...more
The FDA has been continuing to work on protecting medical devices from the threats of cybersecurity. In April of this year, the Agency released the latest draft guidance addressing cybersecurity in the medical device...more
“Most of America’s critical infrastructure is owned and operated by the private sector and critical infrastructure owners, and operators must accelerate efforts to lock their digital doors.” — President Joe Biden, March 2022 ...more
The National Institutes of Science and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain Security Guidance,” in response to directives set forth in President...more
On April 8, 2022, FDA issued new, long-awaited draft guidance “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions” (Draft Cybersecurity Guidance). 1 This draft guidance...more
Although we are receiving frequent alerts from CISA and the FBI about the potential for increased cyber threats coming out of Russia, China continues its cyber threat activity through APT41, which has been linked to China’s...more
This week the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued a “SHIELDS UP” advisory. While it does not identify specific threats in the advisory, CISA states that the “Russian...more
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued another warning to “every organization” in the U.S. about cybersecurity risks during the ongoing escalation of tension between the U.S. and Russia over...more
It was a crazy weekend for cyberattacks. People seem surprised, but those of us in the industry aren’t surprised one bit. It is very logical and foreseeable that hackers are leveraging attacks that have maximum disruption on...more
A widely reported flaw in popular software known as Log4j poses a severe cybersecurity threat to organizations around the globe, with hundreds of millions of devices at risk. Over the past week, government agencies,...more
On December 6, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) updated a previously issued Alert entitled APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine...more
Researchers at Mandiant have recently reported that a new ransomware group calling itself Sabbath appears to be the rebranded group Arcane and “picked up their pace” in November....more
Cybercriminals exploited remote work during the COVID-19 pandemic. In 2020, the FBI’s Internet Crime Complaint Center (IC3) saw a record 70% increase in the number of reported internet scams and losses exceeding $4.2...more
The Cybersecurity & Infrastructure Security Agency (CISA) issued the Cybersecurity Incident & Vulnerability Response Playbooks: Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability...more