Supply Chain Risk Management Capabilities Center
Are you ready to accelerate zero trust at your agency?
“You have to be able to scale across hundreds of teams, thousands of workloads,” says AWS Principal Technologist Sean Phuphanich, when discussing how to make a zero trust architecture the foundation for modernization. “That’s really where a lot of the stumbling blocks come into play because then you’re dealing with a lot of different teams, different environments, different tools.”
Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company’s operations worldwide in September 2023.
Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, HVAC systems, and fire safety equipment for buildings. The company employs over 100,000 people through its corporate operations and subsidiaries across 150 countries, reporting sales of $27.4 billion in 2024.
The U.S. Department of Homeland Security issued a 30-day notice that the Transportation Security Administration (TSA) has submitted an Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and approval. The request seeks to extend the current data collection related to pipeline security incidents, apart from the contact details of designated cybersecurity coordinators and their alternates.
The rapid advancement of technology and increasing data utilisation have underscored the need for new models to manage and secure big data effectively. However, the constraints of isolated network environments and the limitations of existing security frameworks hinder the adoption of cutting-edge technologies such as AI and cloud computing, as well as the safe utilisation of data.
House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information.
A spokesperson for the firm told BleepingComputer that the incident impacts Dior Fashion and Accessories customers. Currently, cybersecurity experts are investigating the incident to determine its scope.
A new bill requiring the US Commerce Department to assess the national security risks associated with routers and modems controlled by adversarial nations is one step closer to becoming law after passing the House of Representatives.
The House passed the Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act on April 28, advancing the legislation after it was cleared by the House Energy and Commerce Committee three weeks earlier.
Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource.
After Trump unveiled his “Liberation Day” tariffs on April 2, China retaliated on April 4 with its own duties as well as export controls on several rare earth minerals and magnets made from them.
So far, those export controls have translated to a halt across the board, cutting off the U.S. and other countries, according to the New York Times.
This publication provides guidance on how to use Zero Trust in privacy implementation. It highlights the core principles of privacy and how they can align with a Zero Trust architecture, touching on privacy impact assessments (PIAs) as well.
As the world increasingly digitizes, these recommendations become all the more critical. They aren’t just about protecting privacy. Zero Trust ensures that organizations identify, locate, process, and dispose of such data with the right level of security.
AhnLab SEcurity intelligence Center (ASEC) recently identified the distribution of GuLoader malware via a phishing email by impersonating a famous international shipping company. The phishing email was obtained through the email honeypot operated by ASEC. The mail body instructs users to check their post-paid customs tax and demands them to open the attachment.