Collaborate Disseminate
The Forum of Incident Response and Security Teams (FIRST) has released an updated set of coordination principles – Guidelines for Multi-Party Vulnerability Coordination and Disclosure version 1.1. Stakeholder roles and communication paths The purpose T… Continue reading FIRST releases updated coordination principles for Multi-Party Vulnerability Coordination and Disclosure
The U.S. Department of Justice’s Cybersecurity Unit has released guidelines for organizations that want to gather cyber threat intelligence from dark web forums/markets but, at the same time, want to stay on the right side of the (U.S. federal criminal… Continue reading How to gather cyber threat intelligence from dark markets without breaking US law
The EU Agency for Cybersecurity (ENISA) published a cybersecurity procurement guide for hospitals. The hospital is a vast ecosystem comprised of an entire network of devices, equipment and systems that often require connection to external systems, maki… Continue reading ENISA publishes procurement guidelines for cybersecurity in hospitals
The platform can’t keep us from driving while blindfolded, but at least it can remove videos that glorify our more brainless moments. Continue reading YouTube bans dangerous and harmful pranks and challenges
According to the EU’s net neutrality regulation, called the Open Internet Regulation, which came into force in 2016, internet providers should treat all internet traffic to and from their customers equally. Security measures, like blocking traffic on c… Continue reading Guidelines for assessing ISPs’ security measures in the context of net neutrality
Twitter’s updated guidelines had users worried their adult content would be affected. Continue reading Porn Is Still Allowed On Twitter
Instituting a vulnerability disclosure program (aka bug bounty program) that won’t blow up in the organization’s face can be a daunting task. Some will prefer to enlist outside experts to advise them on how to do it, and others will want to rely on their own IT or security department. For the latter, here’s some good news: the US Department of Justice has just released a guidance document for adopting a vulnerability disclosure program for … More → Continue reading US DOJ publishes guidelines for setting up a vulnerability disclosure program
The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever. A surgical robot, pacemaker, or other life critical device being rendered non-functional would give a whole new, and wholly undesirable, meaning to denial of service. Malware like MEDJACK has been used to infect medical devices and use them as staging grounds to attack medical records systems. IoT ransomware is on the rise … More → Continue reading How to securely deploy medical devices within a healthcare facility
With all the difficulties we’ve been having with securing computer systems on Earth, the cybersecurity of space-related technology is surely the last thing on security experts’ minds. But it shouldn’t be, say David Livingstone and Patricia Lewis, two fellows of the international security department at UK-based think-tank Chatham House. “Because so much of human activity is now dependent on space-based assets and infrastructure, most countries’ critical infrastructure is potentially vulnerable to cyberattacks in that domain. … More → Continue reading We have to start thinking about cybersecurity in space
Comparing the company’s public statements about its Trending news module to its internal guidelines. Continue reading Is Facebook Lying?