Cloud Security, Application security

New Google Workspace guidance unveiled by CISA

In a bid to avert another breach similar to the hack of several U.S. government email accounts by Chinese advanced persistent threat operation Storm-0558 using a compromised Microsoft signing key, the Cybersecurity and Infrastructure Security Agency has introduced new Secure Cloud Business Applications guidance for Google Workspace, CyberScoop reports. "Using our ScubaGear assessment tool, agency practitioners implemented advanced protections and configured cloud environments to better safeguard sensitive information and secure government services against sophisticated threat actors. Though the Microsoft-specific baselines were developed collaboratively with the Federal Chief Information Officers Council to provide necessary security enhancements for most federal cloud business applications, we quickly identified that more was needed," said CISA Associate Director for Capacity Building Michael Duffy. Such guidelines are now available for public comment. Federal agencies have also been sought by CISA to provide input in validating and improving SCuBA project standards and the ScubaGoggles assessment tool.

Related

LockBit-leaked DC city agency data from third party

Washington, D.C.'s Department of Insurance, Securities and Banking has disclosed that 800GB of data claimed to have been stolen by the LockBit ransomware operation was obtained from an attack against third-party software provider Tyler Technologies following the ransomware gang's threats to expose 1GB of the exfiltrated data to coerce the agency into providing the demanded ransom, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.