serisec

Category: CISA

  • Smashing Security podcast #469: What your Oura ring won’t tell you

    Smashing Security podcast #469: What your Oura ring won’t tell you CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted – and…

  • Lawmakers Demand Answers as CISA Tries to Contain Data Leak

    Lawmakers Demand Answers as CISA Tries to Contain Data Leak Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account.…

  • Urgent warnings from UK and US cyber agencies after Polish energy grid attack

    Urgent warnings from UK and US cyber agencies after Polish energy grid attack A coordinated cyberattack that targeted Poland’s energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic. Read more in my article on the Fortra blog. Graham Cluley…

  • Smashing Security podcast #453: The Epstein Files didn’t hide this hacker very well

    Smashing Security podcast #453: The Epstein Files didn’t hide this hacker very well Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about – especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting. Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we…

  • Sophos’ Secure by Design 2025 Progress

    Sophos’ Secure by Design 2025 Progress One year on, we are pleased to share progress on our secure-by-design commitments. Ross McKerchar Go to sophos

  • Microsoft Fix Targets Attacks on SharePoint Zero-Day

    Microsoft Fix Targets Attacks on SharePoint Zero-Day On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint flaw to breach U.S. federal and state agencies, universities, and…

  • CISA refutes claims it has been ordered to stop monitoring Russian cyber threats

    CISA refutes claims it has been ordered to stop monitoring Russian cyber threats It’s been a confusing few days in the world of American cybersecurity… Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

  • Stop targeting Russian hackers, Trump administration orders US Cyber Command

    Stop targeting Russian hackers, Trump administration orders US Cyber Command The Trump administration has told US cyber command and CISA to stop following or reporting on Russian cyber threats. Yes, Russia! That country everyone used to agree was home to lots of ransomware gangs and hackers. Hmmm… Read more in my article on the Hot…