CISA Issues Final Vulnerability Disclosure Policy Directive for Federal Agencies

WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 20-01, which requires individual federal civilian executive branch (FCEB) agencies to develop and publish a vulnerability disclosure policy (VDP) for their internet-accessible systems and services, and maintain processes to support their VDP.


Private Intel Firm Buys Location Data to Track People to their 'Doorstep'

Do you work at a location SDK company? Did you used to? Do you know anything else about the sale of location data? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on , or email .


The Merging Of Human And Machine. Two Frontiers Of Emerging Technologies

An amazing aspect of living in The Fourth Industrial Era is that we are at a new inflection point in bringing emerging technologies to life. We are in an era of scientific breakthroughs that will change the way of life as we currently know it.


Get The Interview Early Check-Out Page

Course Series: the infosec interview Learn the secrets of landing infosec interviews based on hundreds of hours of research, interviews with infosec hiring managers, and engagement with the cyber security community.

Battleship Academy

The election security hole everyone ignores

Pollbooks, unlike voting machines, do not undergo federal testing and certification and have no uniform standards governing their design or security. There is also no oversight of the handful of vendors who dominate the industry to ensure they keep their own networks secure. Kremlin-linked hackers attempted to breach the network of at least one U.S.


Microsoft announces deepfake detection tools to combat disinformation

Microsoft has released a set of new tools to help combat deepfakes, which could be used ahead of important events like the upcoming US election to spread false information on the internet. According to the company, its first tool - dubbed 'Video Authenticator' - can analyse an image or video clip to determine whether it has been edited using AI.


CEOs could soon be personally liable for cyberattacks

(Image credit: Image source: Shutterstock/GlebStock) Within four years, the majority of CEOs will be held personally responsible for cyberattacks that lead to injury and other physical damage. This is according to a new report from Gartner, which asserts that liability for cyber-physical security incidents will "pierce the corporate veil to personal liability" for 75 percent of CEOs by 2024.


A history of ransomware: The motives and methods behind these evolving attacks

One day in December 1989, Eddy Willems got a floppy disk that changed his life. His boss gave it to him after finding the label intriguing: "AIDS Version 2.0," a disease that was new and strange at that time. The company, based in Antwerp, Belgium, sold medical insurance among other things, and some AIDS statistics might prove lucrative, the boss thought.

CSO Online

Hackers tricked Apple into approving malicious Adobe Flash Player update * Graham Cluley

A really cool feature of Apple macOS, from the security point of view at least, is that all software distributed via the Mac App Store has to be checked by Apple for malicious content - a process known as "notarizing."

Graham Cluley

Pioneer Kitten APT Sells Corporate Network Access

The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits.