Skip to main content

Friday Five: New Government Guidance, a Crackdown on Vulnerability Management, & Public Charging Station Malware

by Robbie Araiza on Friday April 14, 2023

Contact Us
Free Demo
Chat

CISA has released new guidance for Zero Trust Security and secure-by-design principles for software manufacturers, Russian hackers were linked to attacks against NATO and the EU, and more. Catch up on all the latest stories in this week's Friday Five!

CISA RELEASES UPDATED GUIDANCE FOR ZERO TRUST SECURITY ARCHITECTURES BY CHRIS RIOTTA

The Cybersecurity and Infrastructure Security Agency published updated guidance for its Zero Trust Maturity Model this past Tuesday, which features recommendations CISA received during a public comment period, and incorporates elements of the Office of Management and Budget memo about implementing zero trust security principles from January 2022. According to the latest model, "an optimal zero trust architecture features continuous validation and risk analysis in addition to enterprise-wide identity integration and tailored, as-needed automated access to specific systems and applications." Per CISA, roughly 60% of the 378 public comments they received were accepted for inclusion with the new guidance.

Read more

GOOGLE LAUNCHES NEW CYBERSECURITY INITIATIVES TO STRENGTHEN VULNERABILITY MANAGEMENT BY RAVIE LAKSHMANAN

In a recent announcement made this past Thursday, Google outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. Google is reportedly forming a Hacking Policy Council along with Bugcrowd, HackerOne, Intel, Intigriti, and Luta Security to "ensure new policies and regulations support best practices for vulnerability management and disclosure." Learn more about Google's reasoning behind its latest security push, what it indicates, and more in the full story from The Hacker News.

Read more

CISA AND PARTNERS ISSUE SECURE-BY-DESIGN PRINCIPLES FOR SOFTWARE MANUFACTURERS BY NIHAL KRISHAN

For the first time, the Cybersecurity and Infrastructure Security Agency, FBI, National Security Agency, and cybersecurity authorities of other international allies published joint guidance urging software manufacturers to bake secure-by-design and-default principles into their products. Key principles of the new guidance include: taking ownership of security outcomes of products, embracing “radical transparency” and ensuring that companies have c-suite support to prioritize product security. And more specifically, the new guidance states that a secure configuration should be “the default baseline, in which products automatically enable the most important security controls needed to protect enterprises from malicious cyber actors.”

Read more

RUSSIAN HACKERS LINKED TO WIDESPREAD ATTACKS TARGETING NATO AND EU BY SERGIU GATLAN

Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service (SVR), to widespread attacks targeting NATO and European Union countries, warning that the campaign is still ongoing and in development." The attackers have reportedly targeted diplomatic personnel using spear phishing emails impersonating European countries' embassies with links to malicious websites or attachments designed to deploy malware via ISO, IMG, and ZIP files.

Read more

FBI & FCC WARN ON 'JUICE JACKING' AT PUBLIC CHARGERS, BUT WHAT'S THE RISK? BY NATE NELSON

US government agencies are advising the public to avoid public charging stations for phones and other electronics warning that they may be planted with malware that can infect electronic devices. "Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead," said an announcement from Denver's FBI office. Malware installed through a corrupted USB port can reportedly lock a device or export personal data and passwords directly to the perpetrator.

Learn more

Tags:  Government Malware Cybercrime Zero Trust Vulnerability Management

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.

Get the latest security insights
delivered to your inbox each week.