The U.S. Department of Homeland Security issued a 30-day notice that the Transportation Security Administration (TSA) has submitted an Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and approval. The request seeks to extend the current data collection related to pipeline security incidents, apart from the contact details of designated cybersecurity coordinators and their alternates.
A Proposal for a Zero-Trust-Based Multi-Level Security Model and Its Security Controls
The rapid advancement of technology and increasing data utilisation have underscored the need for new models to manage and secure big data effectively. However, the constraints of isolated network environments and the limitations of existing security frameworks hinder the adoption of cutting-edge technologies such as AI and cloud computing, as well as the safe utilisation of data.
Fashion giant Dior discloses cyberattack, warns of data breach
House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information.
A spokesperson for the firm told BleepingComputer that the incident impacts Dior Fashion and Accessories customers. Currently, cybersecurity experts are investigating the incident to determine its scope.
US House Approves Bill to Assess Security Threats Posed by Foreign-Made Routers
A new bill requiring the US Commerce Department to assess the national security risks associated with routers and modems controlled by adversarial nations is one step closer to becoming law after passing the House of Representatives.
The House passed the Removing Our Unsecure Technologies to Ensure Reliability and Security (ROUTERS) Act on April 28, advancing the legislation after it was cleared by the House Energy and Commerce Committee three weeks earlier.
Building a Zero Trust Federation
Zero trust is a security paradigm whose fundamental philosophy is that every access to a resource must be explicitly verified, without assuming trust based on origin or identity. In a federated environment composed of multiple domains, ensuring zero trust guarantees for accessing shared resources is a challenge, as information on requesters is generated by their originating domain, yet requires explicit verification from the domain owning the resource.
China has stopped exporting rare earths to everyone, not just the U.S., cutting off critical materials for tech, autos, aerospace, and defense
After Trump unveiled his “Liberation Day” tariffs on April 2, China retaliated on April 4 with its own duties as well as export controls on several rare earth minerals and magnets made from them.
So far, those export controls have translated to a halt across the board, cutting off the U.S. and other countries, according to the New York Times.
Zero Trust Privacy Assessment and Guidance
This publication provides guidance on how to use Zero Trust in privacy implementation. It highlights the core principles of privacy and how they can align with a Zero Trust architecture, touching on privacy impact assessments (PIAs) as well.
As the world increasingly digitizes, these recommendations become all the more critical. They aren’t just about protecting privacy. Zero Trust ensures that organizations identify, locate, process, and dispose of such data with the right level of security.
Warning Against Phishing Emails Distributing GuLoader Malware by Impersonating a Famous International Shipping Company
AhnLab SEcurity intelligence Center (ASEC) recently identified the distribution of GuLoader malware via a phishing email by impersonating a famous international shipping company. The phishing email was obtained through the email honeypot operated by ASEC. The mail body instructs users to check their post-paid customs tax and demands them to open the attachment.
Space supply chain gaps: Propulsion, hardened electronics and laser links
Despite ongoing efforts by the Defense Department to bolster the space supply chain, government and commercial satellite programs continue to struggle with shortfalls in several critical areas, including on-orbit propulsion, optical communications terminals and hardened electronics, according to industry and Pentagon officials.
US congressional panel urges Americans to ditch China-made routers
A U.S. congressional committee on Wednesday urged Americans to remove Chinese-made wireless routers from their homes, including those made by TP-Link, calling them a security threat that opened the door for China to hack U.S. critical infrastructure. The House of Representatives Select Committee on China has pushed the Commerce Department to investigate China’s TP-Link Technology Co, which according to research firm IDC is the top seller of WiFi routers internationally by unit volume.