IFTTT

New White House cyber executive order pushes rules as code

~ Reporter ~ Leave a comment

In an era characterized by escalating cybersecurity threats, rapidly evolving technological landscapes, and heightened regulatory demands, organizations face significant pressure to modernize their Governance, Risk, and Compliance (GRC) practices. The federal government is also pivoting toward automation, with Policy-as-Code (PaC) becoming a foundational element in modern cybersecurity governance and compliance.

A critical driver accelerating this urgency is a recent executive order that explicitly underscores robust cybersecurity frameworks, continuous monitoring, and adaptive compliance strategies. In response, organizations must move toward adopting innovative solutions such as Policy-as-Code methodologies.

Aligning with the cyber EO

In June, the White House issued an executive order that directs the National Institute of Standards and Technology, the Cybersecurity and Infrastructure Security Agency, and the Office of Management and Budget to launch a pilot within one year that expresses federal cyber policy in a machine‑readable format. The same section instructs the Federal Acquisition Regulation Council to revise procurement rules so that by January 2027, agencies may buy only consumer IoT products whose Cyber Trust Mark can be parsed automatically. 

This isn’t just a technical experiment: It’s a blueprint for the future of cyber governance. This is a decisive endorsement of automation-based compliance and signals a governmentwide expectation that policy implementation must be verifiable, scalable, and code-driven.

These deadlines extend beyond federal departments. Any company that sells software, cloud services, or connected devices to the public sector will soon need to prove that its security controls are written and enforced through machine‑readable rules. The fastest and most reliable way to supply that proof is Policy-as-Code. Teams that move early will gain an advantage when the new rules shape purchasing decisions. Teams that wait risk a backlog of manual controls and a shrinking share of government business.

What is Policy-as-Code?

Policy-as-Code refers to the practice of translating governance, risk management, and compliance policies into machine-readable formats by leveraging automation, and creating a more structured, dynamic, and scalable compliance environment. Policy-as-Code removes ambiguity from interpretation and puts security policies on equal footing with infrastructure and application logic. The result is a proactive compliance governance that scales as fast as today’s threats. 

The Risk Management Framework (RMF) has long provided structured guidelines for organizations to categorize, select, implement, assess, authorize, and continuously monitor their information systems. However, traditional RMF processes often rely heavily on manual efforts, making them less responsive and increasingly prone to errors in today’s fast-paced digital environment. 

As of today:

  • Release velocity has accelerated: Development teams merge code many times each day; manual assessment packages cannot keep pace.
  • Architectural complexity has grown: Hybrid clouds, containers, edge devices, and software‑as‑a‑service platforms create connections too dense for spreadsheet mapping.
  • Regulatory concurrency has intensified: Programs must show conformance with FISMA, FedRAMP, CMMC, the Secure Software Development Framework, multiple state privacy laws, and sector‑specific rules at the same time.

Policy-as-Code resolves these gaps because rules run continuously, update quickly, and leave a clear evidence trail. 

Strategic benefits of implementing Policy-as-Code

Organizations adopting Policy-as-Code experience several transformative benefits, positioning themselves advantageously within a highly competitive regulatory environment:

  • Risk reduction: Automated enforcement minimizes risks associated with human error, improving compliance accuracy and reducing vulnerabilities.
  • Audit efficiency: Immutable logs replace screenshots, shared drives, and labor‑intensive walk‑throughs.
  • Operational efficiency: Automating policy enforcement streamlines processes, significantly reducing the administrative burden and enabling teams to focus on strategic tasks rather than routine compliance checks.
  • Regulatory agility: When NIST updates a control catalog, teams change one file and push the update across every environment with a pull request.
  • Enhanced security posture: Real-time monitoring capabilities bolster an organization’s security posture, swiftly identifying and addressing potential threats or breaches.
  • Cost savings: By reducing the manual effort needed for compliance monitoring and enforcement, Policy-as-Code can lead to considerable cost reductions over time.
  • Greater resilience: Codified governance reduces ambiguity and enhances organizational readiness under stress.
Making it Work: practical steps for effective implementation

To effectively adopt Policy-as-Code and maximize its benefits, organizations should consider the following structured approach:

  • Comprehensive policy mapping and evaluation: Begin by evaluating every policy, regulation and policy applicable to your organization, map all the frameworks (e.g. NIST SP 800-53, ISO/IEC 27002 etc.) applicable to your organization, and assign a unique identifier to each of the mapped control. This mapping forms the foundation for robust automation.
  • Select an open declarative machine-readable language: Choose a well‑supported machine-readable format — like NIST’s Open Security Controls Assessment Language (OSCAL) or Open Policy Agent (OPA) — that integrates with existing infrastructure‑as‑code (IaC), container orchestration, and pipeline tools.
  • Convert prose to machine‑readable schemas: Translate Word and PDF controls into structured formats such as OSCAL.
  • Integration into development pipelines: Evaluate and deploy specialized automation platforms capable of integrating seamlessly into existing DevSecOps workflows and lifecycle. These platforms should offer real-time compliance verification, automated remediation capabilities, and ensure continuous validation of compliance at every stage of the software development process, from initial coding through deployment and operation.
  • Ongoing monitoring and continuous improvement: Implement robust tools for continuous compliance monitoring. Regularly review and update policy logic to accommodate evolving regulatory landscapes and cybersecurity threats.
  • Automate evidence collection: Connect cloud APIs, container scanners, and endpoint telemetry to a central repository so evidence accrues automatically.
  • Training and capacity building: Invest in targeted training programs to equip your teams with the necessary technical and conceptual understanding of Policy-as-Code methodologies and Git workflows, and teach developer teams regulatory vocabulary.
  • Cultural alignment and leadership support: Actively cultivate a culture that values compliance automation and proactive risk management. Secure buy-in and sustained support from senior leadership to ensure smooth adoption and integration.
  • Pilot and iterate: Begin with a high-priority control (e.g., encryption at rest) and run a focused pilot. Measure its effectiveness, gather stakeholder feedback, and iterate. Success here builds momentum.
  • Inform and measure impact: Codified controls should feed into your broader risk dashboards and compliance reporting mechanisms, track policy coverage, mean time to remediation, audit hours saved, and defects prevented. Share results with executive stakeholders.
The road ahead

The future of cybersecurity governance clearly points toward increased automation, dynamic regulatory adaptation, and highly responsive compliance frameworks. Policy-as-Code is not merely a temporary trend but a fundamental shift in how organizations approach GRC. Soon, federal contracts may require delivery of not only human-readable SSPs but also machine-verifiable compliance packages. Audits may involve running scripts instead of reviewing PDFs. And AI-powered governance engines will cross-check deployments against codified policies in real time.

The EO’s emphasis on rules-as-code is just the beginning. The EO also sets timelines for managing AI vulnerabilities and adopting post‑quantum cryptography. Agencies must publish an AI vulnerability dataset by Nov. 1 and must transition to quantum‑resistant encryption by 2030. 

The clock is ticking. Agencies must pilot rules as code by June 2026, and suppliers must attach machine-readable security labels by January 2027. Organizations that translate policy into executable pipelines now will close vulnerabilities faster, cut assessment costs, and enter bid rooms as trusted partners. Those that wait will face manual backlogs, increased expenses, and shrinking market share once the grace period ends. Policy-as-Code is no longer experimental, but an operational and compliance imperative that will distinguish tomorrow’s security-ready organizations from everyone else.

The future of cyber and AI governance won’t be documented; it will be deployed!

Ibrahim Waziri Jr. is a principal security product manager in Microsoft’s Cybersecurity, Cloud, AI & Trust Engineering Team, a cybersecurity fellow at New America, and an adjunct professor of cybersecurity at Marymount University.

The post New White House cyber executive order pushes rules as code appeared first on CyberScoop.

from CyberScoop https://ift.tt/6Wg4Bad
via IFTTT

Experimental Suspicious Domain Feed, (Sun, Jul 13th)

~ Reporter ~ Leave a comment

We have had a "newly registered domain" feed for a few years. This feed pulls data from ICANN's centralized zone data service (https://czds.icann.org) and TLS certificate transparency logs.

The ICANN CZDS is a good start, but it only offers data from top-level domains collaborating with ICANN. Missing are in particular country-level domains. Country-level zone files can be hard to come by, so we use TLS certificate transparency logs as a "cheap" alternative. Pretty much all domain registrars will, by default, create a "parked" website, and with that, they will make a certificate. Even if they do not, any halfway self-respecting phishing site will use TLS and register a certificate with a public certificate authority at one point. The TLS certificate transparency logs also help capture older domains.

Each day, we capture around 250,000 new domains using this system. But of course, we want to know which domains are used for malicious purposes. However, as the sample below shows, there are a lot of "odd" domain names.

domainname
jgcinversiones.com
h20manager.net
1sbrfreebet.com
stability.now
mdskj.top
internationalone19.com
clistrict196.org
agenteinsider.com
720airpano.com
dhofp.tax
bos228btts.lol
japansocialmarketing.org
mummyandimedia.com
1dyzfd.buzz
oollm.shop
snapztrailk.store
perumice.com
nrnmy.sbs
commaexperts.com
softfragments.com

So I searched for some commonly used criteria to identify "bad" domain names, and found these:

  • A domain name is very short or very long
  • The entropy of the domain name (is it just random characters?)
  • Does it contain a lot of numbers or hyphens?
  • Is it an international domain name, and if so, is it valid? Does it mix different scripts (=languages)?
  • Does it contain keywords like "bank" or "login" that are often used with phishing sites, or brand names like "Apple" or "Google"?

We have now added a score to each domain name that can be used to rank them based on these criteria. You can find a daily report here, and the score was added to our "recentdomain" API feed. This is experimental, and the exact algorithm we use for the score will change over time.

We used to have an "old" supicous domain feed that was mostly based on correlating a few third party feeds, but over time these feeds went away or became commercial and we could no longer use them.

Feedback is very welcome.


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

from SANS Internet Storm Center, InfoCON: green https://ift.tt/xkzRYWm
via IFTTT

Securing Data in the AI Era

~ Reporter ~ Leave a comment

The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help.
As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes for safeguarding sensitive enterprise data have reached unprecedented levels. The Zscaler ThreatLabz

from The Hacker News https://ift.tt/nClGStx
via IFTTT

UK arrests four for cyberattacks on major British retailers

~ Reporter ~ Leave a comment

Three teenagers and a 20-year-old woman were arrested Thursday by the U.K.’s National Crime Agency for their alleged role in cyberattacks on major retailers Marks & Spencer (M&S), Co-op, and Harrods.

The arrests, comprising British and Latvian nationals, followed sustained investigations into attacks that crippled the retailers’ operations. The NCA’s National Cyber Crime Unit detained all four at their homes and seized their electronic devices.

“Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency’s highest priorities,” Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said in a statement. “Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the U.K. and overseas, to ensure those responsible are identified and brought to justice.”

The particular incidents that led to these arrests occurred in April, with attackers crippling the online services of Marks & Spencer, a popular retailer in the U.K. The company’s online sales channels were halted, contactless payments and click-and-collect options were disrupted, and in-store product availability suffered. The attack also resulted in the theft of customer information, including names, email addresses, and postal data. Recovery efforts began in June, with the retailer eventually restoring sections of its online business across the U.K.

Industry experts and law enforcement agencies in several countries have attributed the attacks to a cybercriminal group known as Scattered Spider. The loose-knit collective has infiltrated more than 100 businesses since 2022, hitting organizations in hospitality and gaming, manufacturing, technology and cloud services, telecommunications, retail, manufacturing, food production, insurance and financial services, media, apparel, business process outsourcing, health care, transportation and aviation, according to researchers. 

The group is allegedly also behind cyberattacks on several U.S.-based insurance companies, United Natural Foods, and aviation companies WestJet and Hawaiian Airlines

The group is an offshoot of The Com, a much larger grassroots network of more than 1,000 people responsible for a vast catalog of crimes, including social engineering, crypto theft, phishing, SIM swapping, extortion, sextortion, swatting, kidnapping and murder. 

All four arrested are being held on suspicion of violating the U.K.’s Computer Misuse Act, blackmail, money laundering and participating in the activities of an organized crime group.

The post UK arrests four for cyberattacks on major British retailers appeared first on CyberScoop.

from CyberScoop https://ift.tt/ECAdnsb
via IFTTT

New Amazon EC2 P6e-GB200 UltraServers accelerated by NVIDIA Grace Blackwell GPUs for the highest AI performance

~ Reporter ~ Leave a comment

Today, we’re announcing the general availability of Amazon Elastic Compute Cloud (Amazon EC2) P6e-GB200 UltraServers, accelerated by NVIDIA GB200 NVL72 to offer the highest GPU performance for AI training and inference. Amazon EC2 UltraServers connect multiple EC2 instances using a dedicated, high-bandwidth, and low-latency accelerator interconnect across these instances.

The NVIDIA Grace Blackwell Superchips connect two high-performance NVIDIA Blackwell tensor core GPUs and an NVIDIA Grace CPU based on Arm architecture using the NVIDIA NVLink-C2C interconnect. Each Grace Blackwell Superchip delivers 10 petaflops of FP8 compute (without sparsity) and up to 372 GB HBM3e memory. With the superchip architecture, GPU and CPU are colocated within one compute module, increasing bandwidth between GPU and CPU significantly compared to current generation EC2 P5en instances.

With EC2 P6e-GB200 UltraServers, you can access up to 72 NVIDIA Blackwell GPUs within one NVLink domain to use 360 petaflops of FP8 compute (without sparsity) and 13.4 TB of total high bandwidth memory (HBM3e). Powered by the AWS Nitro System, P6e-GB200 UltraServers are deployed in EC2 UltraClusters to securely and reliably scale to tens of thousands of GPUs.

EC2 P6e-GB200 UltraServers deliver up to 28.8 Tbps of total Elastic Fabric Adapter (EFAv4) networking. EFA is also coupled with NVIDIA GPUDirect RDMA to enable low-latency GPU-to-GPU communication between servers with operating system bypass.

EC2 P6e-GB200 UltraServers specifications
EC2 P6e-GB200 UltraServers are available in sizes ranging from 36 to 72 GPUs under NVLink. Here are the specs for EC2 P6e-GB200 UltraServers:

UltraServer type GPUs
 GPU
memory (GB)		 vCPUs Instance memory
(GiB)		 Instance storage (TB) Aggregate EFA Network Bandwidth (Gbps) EBS bandwidth (Gbps)
u-p6e-gb200x36 36 6660 1296 8640 202.5 14400 540
u-p6e-gb200x72 72 13320 2592 17280 405 28800 1080

P6e-GB200 UltraServers are ideal for the most compute and memory intensive AI workloads, such as training and inference of frontier models, including mixture of experts models and reasoning models, at the trillion-parameter scale.

You can build agentic and generative AI applications, including question answering, code generation, video and image generation, speech recognition, and more.

P6e-GB200 UltraServers in action
You can use EC2 P6e-GB200 UltraServers in the Dallas Local Zone through EC2 Capacity Blocks for ML. The Dallas Local Zone (us-east-1-dfw-2a) is an extension of the US East (N. Virginia) Region.

To reserve your EC2 Capacity Blocks, choose Capacity Reservations on the Amazon EC2 console. You can select Purchase Capacity Blocks for ML and then choose your total capacity and specify how long you need the EC2 Capacity Block for u-p6e-gb200x36 or u-p6e-gb200x72 UltraServers.

Once Capacity Block is successfully scheduled, it is charged up front and its price doesn’t change after purchase. The payment will be billed to your account within 12 hours after you purchase the EC2 Capacity Blocks. To learn more, visit Capacity Blocks for ML in the Amazon EC2 User Guide.

To run instances within your purchased Capacity Block, you can use AWS Management Console, AWS Command Line Interface (AWS CLI) or AWS SDKs. On the software side, you can start with the AWS Deep Learning AMIs. These images are preconfigured with the frameworks and tools that you probably already know and use: PyTorch, JAX, and a lot more.

You can also integrate EC2 P6e-GB200 UltraServers seamlessly with various AWS managed services. For example:

  • Amazon SageMaker Hyperpod provides managed, resilient infrastructure that automatically handles the provisioning and management of P6e-GB200 UltraServers, replacing faulty instances with preconfigured spare capacity within the same NVLink domain to maintain performance.
  • Amazon Elastic Kubernetes Services (Amazon EKS) allows one managed node group to span across multiple P6e-GB200 UltraServers as nodes, automating their provisioning and lifecycle management within Kubernetes clusters. You can use EKS topology-aware routing for P6e-GB200 UltraServers, enabling optimal placement of tightly coupled components of distributed workloads within a single UltraServer’s NVLink-connected instances.
  • Amazon FSx for Lustre file systems provide data access for P6e-GB200 UltraServers at the hundreds of GB/s of throughput and millions of input/output operations per second (IOPS) required for large-scale HPC and AI workloads. For fast access to large datasets, you can use up to 405 TB of local NVMe SSD storage or virtually unlimited cost-effective storage with Amazon Simple Storage Service (Amazon S3).

Now available
Amazon EC2 P6e-GB200 UltraServers are available today in the Dallas Local Zone (us-east-1-dfw-2a) through EC2 Capacity Blocks for ML. For more information, visit the Amazon EC2 pricing page.

Give Amazon EC2 P6e-GB200 UltraServers a try in the Amazon EC2 console. To learn more, visit the Amazon EC2 P6e instances page and send feedback to AWS re:Post for EC2 or through your usual AWS Support contacts.

Channy

from AWS News Blog https://ift.tt/g2J6bkL
via IFTTT

Introducing AWS Builder Center: A new home for the AWS builder community

~ Reporter ~ Leave a comment

We really love builders at AWS. We’re constantly thinking of new ways to help technical communities thrive and create spaces like AWS Developer Center and community.aws where people can connect and share their knowledge and experiences.

Today, we’re announcing AWS Builder Center, a new home for builders to access all builder resources, engage with the AWS community, and provide feedback or product suggestions to AWS product teams. This new experience also integrates the previous AWS Developer Center and community.aws.

There are a variety of exciting features so let us discover some of them.

Your voice matters: Introducing Wishlist
One of the most exciting new features, in my opinion, is Wishlist. You can now submit your wishes for new features or improvements you’d like to see in AWS services. Others can discover and vote on these wishes while also creating their own.

You can influence product roadmap collectively as a community and help us shape the future of AWS services. You can share ideas, suggestions, feature proposals, or challenges while operating AWS services, with the ability for the AWS community to upvote ideas and highlight the most sought-after improvements. Our internal teams will keep an eye on these and bring the most popular wishes to the attention of our service teams, making your voice an integral part of our product development process.

Connect people in the AWS community
On the Connect page, you’ll find many opportunities to connect directly with AWS Heroes and AWS Community Builders. You can explore and join AWS User Groups and AWS Cloud Clubs near your cities around the world.

On top of that, you can bookmark this page as your centralized hub for finding upcoming community events, making it easy to find opportunities to learn and network in your local area and meet like-minded builders who share your interests.

Speaking of following people, AWS Builder Center makes it really straightforward to connect and engage with others, serving as the central hub for the AWS technical community. It brings together all the different ways that you can connect with fellow builders. For example, the Who to Follow section introduces you to AWS Heroes, Community Builders, and active community members who are sharing their knowledge and expertise in your areas of interest.

Explore our AWS hands-on resources
On the Build page, you’ll discover ways to get familiar with AWS with hands-on experience such as interactive learning resources designed for every skill level such as AWS Tutorials and AWS Workshops. You can explore generative AI and agentic AI services playground and find the AWS Free Tier to try out AWS services free of charge up to specified limits for each service.

Choose the Toolbox page and discover the latest tools, programming language resources, and Open Source projects for AWS. The Toolbox has everything you need to get your project scaffolded and up and running.

To improve the build experience for builders, we plan to expand Builder Center’s built-in offerings such as creating dedicated groups and forums for collaborating on a particular topic, run workshops for hands-on labs, and various service playgrounds where builders can freely experiment with AWS services.

Supporting your builder journey
The new Learn section serves as your gateway to skill development, bringing together everything you need to expand your AWS expertise. Here, you can explore learning and training resources, workshops, gamified experiences, and more to make your journey of building on AWS both educational and engaging.

Choose the Topics page, where you can explore and discover more content. You can explore content by topics and tags. There is a featured and trending topics section that helps you to stay connected with what’s capturing the community’s attention right now.

Built-in localization for your spoken language
AWS Builder Center breaks down language barriers with comprehensive localization support. All content published in the Builder Center is automatically available in 16 languages, and user-generated content, such as posts, comments, or wishes, can be machine-translated on demand using Translate. So, you can collaborate with builders worldwide, sharing knowledge and experiences across language boundaries.

By default, all content will be displayed in based on the language that your browser is set to. But, you can override this by visiting the settings page and choosing the language that you want AWS Builder Center to use by default.

Sign up and build your profile now
AWS Builder Center gives you a more personalized and comprehensive way to showcase your AWS journey. Your unique profile comes with a custom URL and shareable QR code, making it straightforward to connect with others and share your presence in the AWS community.

All your posts, wishes, and meaningful interactions are organized within a centralized view so you can easily check them. In the Manage profile page, you can customize your profile, add specific interests and areas of expertise, helping you connect with builders who share your passions. Profile management is seamless: it synchronizes across all AWS services using AWS Builder ID, ensuring your identity remains consistent wherever you engage with AWS offerings.

Visit builder.aws.com, sign up with AWS Builder ID, and claim your unique alias to access all features, including content creation, Wishlist, and community engagement tools.

AWS Builder Center was designed to help you connect, learn, and build with fellow AWS builders, so enjoy your journey together!

ChannyMatheus Guimaraes | @codingmatheus

from AWS News Blog https://ift.tt/ePaToBs
via IFTTT