TIC program in ‘final stage’ before releasing remaining 3.0 guidance fedscoop.com/tic-3-guidance…

.USCYBERCOM Cybersecurity Alert, Cybersecurity and Infrastructure Security Agency and FBI released the Kimsuky Cybersecurity Advisory, a summary of #DPRK malicious cyber acitivity posing as Google, Yahoo mail services, and South Korean reporters, targeting Japan, South Korea, and the United States. us-cert.cisa.gov/ncas/alerts/aa…

us-cert.cisa.gov/ncas/current-a…

Actors are forging SAML authentication to access protected data in the cloud. Microsoft Security Response Center has observed similar techniques and additional TTPs. Visit their blog for more countermeasures: blogs.microsoft.com/on-the-issues/…

CISA updates SolarWinds guidance, tells US govt agencies to update right away zd.net/3o1cxmt via ZDNET & Catalin Cimpanu

🔥 A new side-channel attack (CVE-2021-3011) could let hackers extract your secret 2-factor authentication #encryption keys from #Google Titan, or other FIDO-enabled hardware security keys, and clone them for unauthorized access. Read details — thehackernews.com/2021/01/new-at… #infosec

How the DOD is leading the charge on zero trust - FedScoop fedscoop.com/dod-leading-ch…

TIC-mas is here: CISA issues network security guidance for remote work fedscoop.com/tic-guidance-r…

10-year-old Sudo bug lets Linux users gain root-level access zd.net/3qVYhfW via ZDNET & Catalin Cimpanu

SolarWinds CEO Sudhakar Ramakrishna says evidence is emerging that hackers were lurking in the company’s Office 365 email system for months wsj.com/articles/hacke… via The Wall Street Journal

Proofpoint sues Facebook to get permission to use lookalike domains for phishing tests zd.net/2Z8suMV via ZDNET & Catalin Cimpanu

Multiple zero-day exploits of Microsoft Exchange Server require immediate action. Check for reported IOCs and apply critical patches here: microsoft.com/security/blog/…

DARPA takes step toward 'holy grail of encryption' livescience.com/darpa-holy-gra…

Microsoft has released #security updates for #vulnerabilities found in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019.

Quantum Computing on a Chip: Brace for the Revolution tomshardware.com/news/quantum-c…

Twitch source code and creator payouts part of massive leak theverge.com/2021/10/6/2271…

OMB opts for zero trust goals in lieu of impossible deadline fedscoop.com/omb-goals-zero…

thedrive.com/the-war-zone/4…

As cyber threats become more sophisticated, agencies must make the shift to a #zerotrustarchitecture to protect their systems, data, and users. Read more from our VP of Cyber, Dr. Dr. Matt: gdit.com/perspectives/l…

Great to hear Dr. Matt and the U.S. Army’s Colten O’Malley talk #cyber and #zerotrust strategies this afternoon at the CyberScoop - @cyberscoop.bsky.social #ZeroTrustSummit!