Symfony Station is your source for Symfony, Drupal, PHP, Cybersecurity, and Fediverse news. https://www.symfonystation.com Contact us to let us know what you want to be covered. And while you are there, please sign up for our "newsletter" to get the latest news communiques and original content delivered to your inbox. Thanks for following us on Mastodon. :symfony: :elephpant_purple: :drupalicon: :mastodon: :fediverse: 🇺🇦 #Symfony#PHP#Cybersecurity#Drupal#Fediverse
If an entity decides to ignore contacts or demands from attackers, that's somewhat understandable. But if the threat actors added you to their leak site, maybe you should say something?
I am NOT saying we should bring Sun Tzu quotes back! I AM suggesting we “where is your god now” as much harmful #infosec folk wisdom as we can — fighting fire with fire, if fire was appeal to authority
Chinese state-sponsored hacking outfit Earth Longzhi, a subgroup within #APT41, has launched a new #hacking campaign targeting government, healthcare, tech & manufacturing entities in Taiwan, Thailand, the Philippines, and Fiji.
🔥 Hot off the press! Co-authored blog with esteemed colleague Sambit Misra on #IBMSecurityIntelligence.com about SaaS Security Posture Management: *"Is Your Critical SaaS Data Secure?"*¨
Some of you might have noticed I launched a Ko-Fi page. Some users have expressed wanting to tip/support without using affiliate links (totally understandable) in the past, so I set this up. It also let's me give extras!
Couldn't in my conscious mind use Patreon, despite it's popularity. I still haven't forgiven them for firing their entire #security team. 😱
Cyber insurance is a critical part of a #cybersecurity strategy, but weak cyber defenses can negatively impact policy terms. Our new U.S. partnership with Measured Analytics and Insurance allows customers to combine strong #CyberDefense with secure coverage. Learn more: https://bit.ly/3LplZNH
1Password says a recent incident that caused customers to receive notifications about changed passwords was the result of service disruption and not a security breach.
The company first revealed in an incident report five days ago that the notifications were erroneous and linked to routine database maintenance scheduled on Thursday, April 27th.
Today, 1Password chief technology officer (CTO) Pedro Canahuati provided more details and said the customers' information was unaffected.
To me, this "GovAssure" is just the UK Government putting a branding wrapper around NCSC's CAF, so they can be "seen to be doing something"
Am I just being overly cynical?
Reading the bit in the middle particularly:
"
GovAssure introduces a number of changes in the way government protects itself from cyber threats. These include:
Using NCSC’s Cyber Assessment Framework (CAF) to review the assurance measures all government departments have. The framework includes measures such as setting out indicators of good practice for managing security risk and protecting against a cyber attack and was designed for making critical national services resilient to attack.
Departments will also be assessed by third parties to increase standardisation and validate results.
Centralised cyber security policy and guidance to help government organisations identify best practice.
"
Aren't these things already happening? Are departments currently not being assessed by third parties? Hasn't the NCSC already got "centralised cyber security policy and guidance" all covered off?
Apart from pure branding, what's actually new here?