Category: Cybersecurity

September 29, 2023

Federal agencies are racing to release guidance for staff as a looming government shutdown threatens to furlough thousands of employees, disrupt critical services and reduce national cyber operations to skeleton crews. Federal employees are learning whether they will be considered […]

September 26, 2023

The concept of Zero Trust has gained significant traction in recent years, as organizations look to enhance their cybersecurity defenses and safeguard their digital assets. The US government has been at the forefront of promoting this approach, with a series […]

September 25, 2023

A series of attacks targeting a Southeast Asian government has been found to be carried out by distinct threat actors affiliated with Chinese interests, according to Unit 42, the Palo Alto research arm closely studying the attacks. Initially thought to […]

September 13, 2023

The U.S. Cybersecurity and Infrastructure Security Agency is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect them from cyberattacks. The midweek announcement comes as water treatment facilities across the country have suffered from […]

August 21, 2023

Foreign adversaries are waging cyber espionage campaigns against the US space industry, according to a joint warning issued this week by the National Counterintelligence and Security Center (NCSC), FBI, and the Air Force Office of Special Investigations (AFOSI). The two-page […]

August 16, 2023

The Cybersecurity and Infrastructure Security Agency released its first remote monitoring and management software guidance document on Wednesday, part of the agency’s larger Joint Cyber Defense Collaborative initiative. The Remote Monitoring & Management Cyber Defense Plan specifically focuses on the […]

August 16, 2023

Sen. Mark Warner, D-Va., chair of the Senate Select Committee on Intelligence, wants artificial intelligence companies to commit to extending existing voluntary pledges to all of their systems and make more commitments to address high-risk areas like real-time facial recognition. […]

August 11, 2023

The Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently collaborated to produce an important new document, “Identity and Access Management: Recommended Best Practices for Administrators.” Part of the Enduring Security Framework (ESF), it presents a distillation […]

August 8, 2023

Anew report has found that cyberattacks targeting government agencies and the public sector increased at an alarming rate in recent months, as threat actors unleashed a slate of novel malware campaigns that impacted financial institutions, healthcare services and critical infrastructure […]

August 7, 2023

The Colorado Department of Higher Education on Friday reported it was the victim of a data breach following a ransomware attack this past June, and that the personal information of students and teachers dating back to 2004 may have been […]

August 1, 2023

Hacking teams working for the Chinese government are intent on burrowing into the farthest reaches of US infrastructure and establishing permanent presences there if possible. In the past two years, they have scored some wins that could seriously threaten national […]

July 28, 2023

The MOVEit breach has claimed yet another target: Maximus Inc., a US government contractor. Though the company’s internal systems were unaffected, 8 to 11 million people’s personal information may have been compromised. Maximus provides technology services for administering and managing […]

July 26, 2023

The Securities and Exchange Commission adopted rules Wednesday to require public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines. Delays will be permitted if immediate disclosure poses serious national security or public safety […]

July 14, 2023

The White House released its implementation plan for President Biden’s National Cybersecurity Strategy, broadly breaking down how it plans to accomplish more than 65 tasks involving 18 agencies outlined by the sweeping plan announced in March. The National Cybersecurity Strategy […]

July 12, 2023

Microsoft has disclosed that that a cyberattack by a China-based “nation-state actor” managed to access email hosted on Exchange Online and Outlook.com belonging to about 25 organizations, including government agencies. Mitigation of the attack is complete, according to a statement […]

July 5, 2023

As the Biden administration continues to develop US cybersecurity requirements on software and supply chain security, zero trust, and incident reporting, among other initiatives, the projects have one often-unstated overarching goal: Improve the cybersecurity resilience of the nation’s critical infrastructure. […]

June 30, 2023

In 2020, software company SolarWinds was hit with a cyberattack that compromised its Orion supply chain software. The attack impacted thousands of victims. Three years later, the US Securities and Exchange Commission (SEC) is continuing its investigation into the attack. […]

June 28, 2023

Hundreds of internet-connected devices found on federal systems remain vulnerable to critical cybersecurity threats, according to new research, despite a recent directive from the nation’s cyber defense agency requiring their removal from government networks. Researchers with the security firm Censys […]

June 28, 2023

K-12 school districts across the country continue to be targeted by threat actors looking to steal sensitive personal information. Examples of this can be seen in the recent incidents affecting the Pearland Independent School District in Texas and the Tucson […]

June 27, 2023

The Cybersecurity and Infrastructure Security Agency is developing a new resource center for federal agencies to help address compliance issues associated with a wave of recent cyber supply chain risk management — or C-SCRM — and software security mandates. The […]