Monday, March 29, 2021

What I'm Reading 3/29/2021

 Security Affairs -  US Gov Executive Order would oblige to disclose security breach impacting gov users -

The executive order is expected to be released the next week and will also require federal agencies to enhance their security posture through the implementation of measures such as multi-factor authentication and data encryption. The order seems to be part of the response of the US government to the recently disclosed SolarWinds supply chain attack.

 Security Affairs - 62,000 Microsoft Exchange Servers potentially left unpatched, weeks after software bugs were first uncovered

On March 2, Microsoft detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server. Microsoft attributed the campaign to the China-linked threat actor group Hafnium. However, vulnerabilities are being exploited by threat actors beyond Hafnium.

Al Jazeera - Stranded ship in Suez Canal re-floated -

The giant container ship that blocked the Suez Canal for almost a week was fully floated on Monday and traffic in the waterway would resume, the canal authority said in a statement.

 CSO - States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks -

Against the backdrop of this heightened federal-level focus, a number of states have quietly moved forward with their own liability exemption measures that seek to boost best cybersecurity practices. These states have enacted laws that incentivize the adoption of robust and thorough industry-leading cybersecurity frameworks and recommendations such as the National Institute of Standards and Technology’s [NIST] Cybersecurity Framework or the Center for Internet Security’s (CIS) Critical Security Controls by making them requirements for obtaining liability protections.

 


 

No comments: