The Cybersecurity and Infrastructure Security Agency (CISA) has proposed a cyber incident reporting structure covering 16 critical sectors. The rule, although sector-based, would require entire entities, not just specific facilities or functions, to report any significant cyber incidents or ransom payments. This broad approach would assist the agency in performing extensive threat and trend analysis. Entities would have 60 days from April 4 to give written comments on the proposed rule.
GitGuardian Researchers Find Thousands of Leaked Secrets in PyPI (Python Package Index) Packages
GitGuardian’s research reveals growing unauthorised access problems in Python’s PyPI project due to hardcoded ‘secrets’ such as API keys and passwords. Over 450,000 projects including