Biden's Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security

The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors. The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors. [TechWeb]( Follow Dark Reading: [RSS]( March 03, 2023 LATEST SECURITY NEWS & COMMENTARY [Biden's Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security]( The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors. [What GoDaddy's Years-Long Breach Means for Millions of Clients]( The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do. [Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets]( Access-as-a-service took off in underground markets with more than 775 million credentials for sale and thousands of ads for access-as-a-service. [CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds]( The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language. [Booking.com's OAuth Implementation Allows Full Account Takeover]( Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts. [Hackers Target Young Gamers: How Your Child Can Cause Business Compromise]( It's 10 p.m. Do you know what your children are playing? In the age of remote work, hackers are actively targeting kids, with implications for enterprises. [Everybody Wants Least Privilege, So Why Isn't Anyone Achieving It?]( Overcoming the obstacles of this security principle can mitigate the damages of an attack. [On Shaky Ground: Why Dependencies Will Be Your Downfall]( There's never enough time or staff to scan code repositories. To avoid dependency confusion attacks, use automated CI/CD tools to make fixes in hard-to-manage software dependencies. [BlackLotus Bookit Found Targeting Windows 11]( Sold for around $5,000 in hacking forums, the BlackLotus UEFI bootkit is capable of targeting even updated systems, researchers find. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [The Importance of Recession-Proofing Security Operations]( Make sure cybersecurity is taken seriously and consistently across the board. Educate the ecosystem beyond your own organization to mitigate security risks for everyone. [Without FIDO2, MFA Falls Short]( The open authentication standard addresses existing multifactor authentication security vulnerabilities. [MORE]( EDITORS' CHOICE [Cyberattackers Double Down on Bypassing MFA]( As companies increasingly adopt MFA, cybercriminals are developing a variety of strategies to steal credentials and gain access to high-value accounts anyway. LATEST FROM THE EDGE [Cris Thomas: Space Rogue, From L0pht Hacker to IBM Security Influencer]( Security Pro File: The old-school hacker traces a path from young hardware tinkerer to senior cybersecurity executive. LATEST FROM DR TECHNOLOGY [IBM Contributes Supply Chain Security Tools to OWASP]( License Scanner and SBOM Utility will boost the capabilities of OWASP's CycloneDX Software Bill of Materials standard. WEBINARS - [SecDevOps: The Smart Way to Shift Left]( DevOps has changed the way software is developed, written, and run. But many organizations are still trying to figure out how to build security into application development. In this webinar, experts discuss the integration of security and DevOps - sometimes ... - [Ten Emerging Vulnerabilities Every Enterprise Should Know]( Every day, black hat attackers and white hat researchers are discovering new security vulnerabilities in widely-used systems and applications that might be exploited to compromise your data. Are you aware of the newest - and potentially most impactful - vulnerabilities ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Making Cybersecurity Mesh a Reality]( - [Why Account Security Doesn't Stop at Login]( - [2022 State of OT Cybersecurity Report]( - [IT/OT Convergence Enables Security Operations Synergies]( - [Top Three Considerations To Build, Deploy, and Run Your Application Journey]( - [Attack Surface Management v2.0 by Brad LaPorte]( - [State of Enterprise Cybersecurity: Invest Now, or Pay Big Later]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Axis Security Acquisition Strengthens Aruba's SASE Solutions With Integrated Cloud Security and SD-WAN]( [Octillo Launches Women's Cybersecurity Scholarship in Partnership With the Center for Cyber Safety and Education]( [DoControl's 2023 SaaS Security Threat Landscape Report Finds Enterprises and Mid-Market Organizations Have Exposed Public SaaS Assets]( [Forescout Addresses Modern SecOps Challenges With Launch of Forescout XDR]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)