HHS' Office for Civil Rights in new "frequently asked questions" guidance issued Friday night said it has not yet received breach reports from Change Healthcare, UHG, or any other affected covered entities pertaining to the incident.

The guidance offers a wide range of best practices, including that organizations adopt a zero trust mindset, actively monitor the AI model’s behavior, and require the primary developer of the AI system to provide a threat model for their system.

The guidance document details the latest tactics employed in foreign malign influence operations to shape U.S. policies, decisions, and discourse and could be used to target America’s election infrastructure.

Britain's National Cyber Security Center is warning that criminals and nation-state hacking groups, confronted with well-managed corporate cybersecurity defenses, have turned their sights to individual personal devices and accounts.

After suffering a data breach, organizations in the United Kingdom that work closely and transparently with regulators and cybersecurity officials will be treated with greater leniency if their case results in penalties and a fine.

Parameterized queries are a better option for a secure-by-design approach compared to input sanitization techniques because the latter can be bypassed and are difficult to enforce at scale.

The joint advisory from the CISA, the FBI, and the MS-ISAC, highlighted three main types of DDoS attacks public sector entities must be prepared for, including Volume-based attacks, Protocol-based attacks, and Application layer-based attacks.

The NCSC released guidance for operational technology (OT) organizations on migrating their SCADA systems to the cloud. This guidance aims to help organizations assess the benefits and risks of cloud-hosted SCADA to make informed decisions.

The NSA and CISA have issued five joint bulletins outlining best practices for securing cloud environments, covering identity and access management, key management, encryption, data security, and mitigating risks from managed service providers.

Organizations need to gradually advance through specific maturity levels in various components of the zero-trust architecture to effectively build a resilient security environment.