NIST Updates Cybersecurity Guidance for Supply Chain Risk Management

The publication’s revisions form part of NIST’s response to an executive order regarding cybersecurity. A vulnerable spot in global commerce is the supply chain: It enables technology developers and vendors to create and deliver innovative products but can leave businesses, their finished wares, and ultimately their consumers open to cyberattacks. A new update to the National Institute of Standards and …

12-Month DIB-VDP Pilot Concludes

The Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP) Pilot reaches the one-year mark and its conclusion at the end of April. The 12-month pilot, launched in April 2021, was enacted to promote cybersecurity hygiene and reduce the attack surface of voluntary DIB participants by discovering and remediating vulnerabilities on publicly accessible assets. The pilot was established collaboratively by the DoD Cyber …

Analysis Shows Inherent Challenges of the Semiconductor Industry

While the semiconductor supply chain is essential to our way of life, its safety is far from guaranteed. Nearly 60% of the global semiconductor industry is based in Taiwan, presenting a potential global crisis if tensions between Taiwan and China continue to grow, according to a new analysis from Interos.  Given Russia’s war in Ukraine, there is concern that China may act …

ETSI Releases First Report on the Role of Hardware in the Security of AI

ETSI recently released a Group Report, ETSI GR SAI 006, outlining the role of hardware in the security of artificial intelligence (AI). AI hardware provides the platform that supports and accelerates AI-related operations. Aside from general security requirements, the hardware used in artificial intelligence and machine learning (AI/ML) applications features additional security requirements to protect hardware in AI/ML specific use …

Quantum leap for privacy: PureVPN brings power of Quantum-Resistant Encryption Keys to the masses

Quantum computers will be able to override traditional encryption protocols, rendering them obsolete and not fit for purpose in the future. In collaboration with Quantinuum, PureVPN is taking the first steps to combatting the threat posed by quantum computers to users. Virtual Private Network PureVPN is introducing a quantum-resistant feature on its OpenVPN protocol, providing its 3 million users more security and …

Gartner Forecasts Worldwide Semiconductor Revenue to Grow 13.6% in 2022

Component Supply Constraints Expected to Gradually Ease Through 2022 Global semiconductor revenue is projected to total $676 billion in 2022, an increase of 13.6% from 2021, according to Gartner, Inc. “The semiconductor average selling price (ASP) hike from the chip shortage continues to be a key driver for growth in the global semiconductor market in 2022, but overall semiconductor component …

Gartner Forecasts Worldwide IT Spending to Reach $4.4 Trillion in 2022

Rates of Inflation, Geopolitical Disruption and Talent Shortages Not Expected to Slow IT Investments Worldwide IT spending is projected to total $4.4 trillion in 2022, an increase of 4% from 2021, according to the latest forecast by Gartner, Inc. “This year is proving to be one of the nosiest years on record for CIOs,” said John-David Lovelock, distinguished research vice …

SentinelOne Leads MITRE Engenuity ATT&CK with 100% Prevention, Detection, and Highest Scores

Singularity XDR Leads For Third Consecutive Year Delivering Superior Visibility and Automation SentinelOne, an autonomous cybersecurity platform company, released its results from the fourth round of MITRE Engenuity ATT&CK evaluations. SentinelOne is the only vendor to score highest among analytic detections for three consecutive years. Out of the 30 vendors evaluated, SentinelOne’s Singularity XDR achieved 100% prevention, 100% detection, the …

New TCG guidance simplifies creating cyber resilient devices

The prevention of cyber attacks throughout a device’s lifetime has been made easier today, as the Trusted Computing Group (TCG) released its specification: Cyber Resilient Module and Building Block Requirements. With society becoming increasingly connected, technology must have the ability to protect itself, respond to attacks, and recover. Achieving this will result in huge savings of time, resources, and cost. …

cr8escape: New Vulnerability in CRI-O Container Engine Discovered by CrowdStrike (CVE-2022-0811)

Kubernetes and CRI-O release patch for vulnerability today; CrowdStrike customers protected CrowdStrike cloud security researchers discovered a new vulnerability (dubbed “cr8escape” and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O. CrowdStrike disclosed the vulnerability to Kubernetes, which worked with CRI-O to issue a patch that was released today. It is recommended that CRI-O users patch immediately. CrowdStrike customers are …

Over half of London councils do not have cyber insurance

17 London borough councils (52 percent) report that despite news of increased ransomware attacks, they do not have a cyber insurance policy in place A Freedom of Information (FoI) request by ProLion has revealed that 17 (52 percent) of London’s borough councils do not have a cyber insurance policy in place to provide support in the event they suffer a …

Google to Acquire Mandiant

Acquisition to bring Google speed and scale to Mandiant’s unparalleled intelligence and expertise – at a time when security has never been more important Mandiant, Inc.  today announced that it has entered into a definitive agreement to be acquired by Google LLC for $23.00 per share in an all-cash transaction valued at approximately $5.4 billion, inclusive of Mandiant’s net cash. …

Important Detection and Remediation Actions for Cyclops Blink State-Sponsored Botnet

Working closely with the FBI, CISA, DOJ, and UK NCSC1, WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number of WatchGuard firewall appliances. WatchGuard customers and partners can eliminate the potential threat posed by malicious activity from the botnet by immediately enacting WatchGuard’s 4-Step Cyclops Blink Diagnosis and …

Falcon XDR: Why You Must Start With EDR to Get XDR

Bringing Clarity to XDR Market Confusion Since we founded CrowdStrike, one of the things I’m proudest of is our collective ability to work with customers to lead the industry forward. Leadership is more than just being the loudest voice or making wild marketing claims. It’s about listening and working with customers to help them solve their hardest problems to achieve …

8 Reasons Why EDR is Not Enough

EDR tools have been gaining momentum and have been a white-hot cyber solution for a number years. But they’re only one part of the equation. Today’s advanced threats can evade EDR detection, allowing bad actors to enter your environment and execute attacks. And EDR does not protect against many unknown and zero-day threats. Download this eBook to learn: Why the …

ETSI releases a Report on Coordinated Vulnerability Disclosure

ETSI has released on 27 January a Guide to Coordinated Vulnerability Disclosure. The Technical Report ETSI TR 103 838 will help companies and organizations of all sizes to implement a vulnerability disclosure process and fix vulnerability issues before they’re publicly disclosed. As of early 2022 only about 20% of ICT and IoT companies have a publicly identifiable dedicated means to notify …

Gartner Predicts Privacy Lawsuit Claims Related to Biometric Information and Cyber-Physical Systems Will Exceed $8 Billion By 2025

Analysts to Discuss Current and Future State of the Privacy Landscape at the Gartner Security & Risk Management Summit 2022, 12-14 September in London  By 2025, privacy lawsuits and claims related to biometric information processing and cyber-physical systems will have resulted in over $8 billion in fines and settlements, according to Gartner, Inc. “Autonomous vehicles, drones that capture video, smart buildings …