Catch up quick

@ D.C.

✍🏻 The Cybersecurity and Infrastructure Security Agency is asking tech companies to sign a pledge to abide by new secure-by-design principles. (Wired)

🏛 Rep. Andrew Garbarino (R-N.Y.), head of the House Homeland Security cyber subcommittee, is renewing his push to loosen the Securities and Exchange Commission's recent cyber disclosure rules. (Nextgov)

🚨 A top U.S. Cyber Command official warned that other nation-states could try to mimic China's Volt Typhoon hacking campaign against U.S. critical infrastructure. (C4ISRNET)

@ Industry

🧳 LastPass is now an independent company after spinning out of its parent company, GoTo. (The Verge)

🔑 Microsoft is rolling out passkey support for all consumer accounts. (Engadget)

👋🏻 HackerOne CEO Marten Mickos announced his plans to name a successor and leave his post. (HackerOne)

@ Hackers and hacks

⚠️ Dropbox said in a regulatory filing that hackers accessed user data, including phone numbers and hashed passwords, in a recent breach of its Dropbox Sign product. (Wall Street Journal)

🚰 A federal advisory recently warned that pro-Russia hackers are targeting weaknesses in U.S. water systems' cybersecurity. (CNN)

👨🏻‍⚖️ A Ukrainian hacker was sentenced to almost 14 years in a U.S. prison for infecting thousands of companies with the REvil ransomware strain. (The Record)