NSA Issues Guidance on Zero Trust Security Model

The National Security Agency published a cybersecurity product, " Embracing a Zero Trust Security Model," on Thursday. This product shows how deploying Zero Trust security principles can better position cybersecurity professionals to secure enterprise networks and sensitive data.

National Security Agency Central Security Service

After Russian Cyberattack, Looking for Answers and Debating Retaliation

Key senators and corporate executives warned at a hearing on Tuesday that the "scope and scale" of the hacking of government agencies and companies, the most sophisticated in history, were still unclear.

Nytimes

Amazon's Lack of Public Disclosure on SolarWinds Hack Angers Lawmakers

As lawmakers and security researchers continue to unravel the SolarWinds hack, some are growing more frustrated with Amazon.com Inc., saying the cloud-computing giant should be more publicly forthcoming about its knowledge of the suspected Russian cyberattack.

WSJ

Exclusive: Hackers Break Into 'Biochemical Systems' At Oxford Uni Lab Studying Covid-19

One of the world's top biology labs, one whose renowned professors have been researching how to counter the Covid-19 pandemic, has been hacked.

Forbes

Celebrating the influence and contributions of Black+ Security & Privacy Googlers

Posted by Royal Hansen, Vice President, Security Black History Month may be coming to a close, but our work to build sustainable equity for Google's Black+ community, and externally is ongoing. Currently, Black Americans make up less than 12% of information security analysts in the U.S.

Google Online Security Blog

CISA LIVE

Event Date: September 16, 2020 | 12:00 p.m. - 3:10 p.m. ETThe 2020 Cybersummit will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7. Each series will have a different theme that focuses on CISA's mission to "Defend Today, Secure Tomorrow," with presentations from targeted leaders across government, academia, and industry.

Cisa

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021 | ZDNet

SolarWinds said it spent more than $3 million on cybersecurity costs in the fourth quarter due to its recent breach and sees security-related expenses of $20 million to $25 million in 2021. The $20 million to $25 million security-related expenses include initiatives to bolster product defense, remediation and consulting fees, and insurance costs.

ZDNet

INVESTIGATION: Giant N.C. spill shows gaps in pipeline safety

HUNTERSVILLE, N.C. - Shannon Miller Ward would like to know how someone loses enough gasoline to fill nearly two Olympic swimming pools without even missing it. Last summer, a crack in the Colonial pipeline, the country's biggest fuel pipeline, leaked at least 1.2 million gallons of gasoline into a small nature preserve here on the edge of the Charlotte suburbs.

Eenews

Microsoft president asks Congress to force private-sector orgs to admit when they've been hacked

The private sector should be legally obliged to disclose any major hacks of their systems, says Microsoft's president and top lawyer Brad Smith.

Theregister

VC giant Sequoia Capital discloses data breach after failed BEC attack

American VC firm Sequoia Capital has disclosed a data breach following what looks like a failed business email compromise (BEC) attack from January. Since its founding in 1972, the venture capital (VC) firm Sequoia has invested in a long list of high-profile companies (e.g., Apple, NVIDIA, Google, Oracle, Yahoo, LinkedIn, YouTube, Paypal, Electronic Arts, and Cisco).

BleepingComputer

Hello from GitHub's new Chief Security Officer - The GitHub Blog

The world runs on software, and a large portion of it, especially the open source software that's part of everything we experience, is built by millions of developers on GitHub every day. GitHub is heavily invested in both the security of the platform and helping developers shift left their security investments in building secure software.

The GitHub Blog

These four new hacking groups are targeting critical infrastructure, warns security company | ZDNet

More hacking groups than ever before are targeting industrial environments as cyber attackers attempt to infiltrate the networks of companies providing vital services, including electric power, water, oil and gas, and manufacturing. Threats include cyber-criminal groups looking to steal information or encrypt systems with ransomware, as well as nation-state-backed hacking operations attempting to determine the potential disruption they could cause with cyberattacks against operational technology (OT).

ZDNet

Biden signs executive order demanding supply chain security review - CyberScoop

President Joe Biden signed an executive order on Wednesday directing federal agencies to conduct a review of supply chain security risks in industries including information technology. While a significant goal of the order is to address shortages of a wide assortment of critical imported components such as electric batteries and pharmaceuticals, it does include a mandated review of the information and communications technology sector.

CyberScoop