More than half of organizations have been targets of cyberattacks exploiting VPN (virtual private network) security vulnerabilities in the last year, underscoring the growing imperative to move away from traditional perimeter-based defenses and toward more robust zero trust security architecture, according to findings from cloud security provider Zscaler. […]
The Advanced Research Projects Agency for Health (ARPA-H) this week announced the launch of a new cybersecurity effort that will invest more than $50 million to create autonomous tools for IT teams to better defend hospital environments. […]
The Council of the Inspectors General on Integrity and Efficiency (CIGIE) issued its first-ever capstone report this week on trends in Federal agencies’ cybersecurity performance, and revealing that Feds strengthened their information security programs on average from fiscal year (FY) 2020 to FY2023. […]
A top Department of Energy (DoE) official presented a sobering portrait of the nation’s cyber readiness this week, saying that a lack of funding is preventing Federal agencies from fully adhering to the Biden administration’s cybersecurity executive order (EO). […]
The Environmental Protection Agency (EPA) said Monday that recent inspections have revealed that more than 70 percent of water systems looked at since September 2023 are in violation of basic Safe Drinking Water Act requirements – thus causing “critical” cybersecurity vulnerabilities. […]
The U.S. and allied nations wrapped up their Locked Shields 2024 cybersecurity exercise, with the power of collaboration defeating cyberattacks as a major takeaway from this year’s effort. […]
Sen. JD Vance, R-Ohio, is calling on the Cybersecurity and Infrastructure Security Agency (CISA) to provide more details on a People’s Republic of China (PRC) state-sponsored cyber actor – known as Volt Typhoon – which he says poses a national security threat. […]
UnitedHealth Group did not have basic cybersecurity requirements in place that would have protected it against the recent attack on its Change Healthcare subsidiary, according to White House Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger. […]
Cyber diplomats from around the world voiced support for the U.S. State Department’s new international cybersecurity strategy unveiled during the RSA Conference in San Francisco this week. […]
Cybercriminals were emboldened to undertake record-high levels of intrusions in 2023 largely due to a lack of repercussions in response to those efforts, and because they are seeing more success by evolving their attack methods. […]
The Department of Justice (DoJ) said today it has charged the alleged mastermind of the LockBit ransomware group – regarded by U.S. authorities as among the most prolific attackers worldwide since 2022 – with more than two dozen Federal crimes. […]
Secretary of State Antony Blinken on Monday evening unveiled the Biden administration’s new international cybersecurity strategy, which focuses on building out digital solidarity with global partners to protect against adversaries like China. […]
The Federal government’s top intelligence official sounded the alarm last week about a daunting increase in cyberattacks in the last year, with the majority targeted at U.S. entities. […]
NASA’s spacecraft development programs lack mandatory cybersecurity controls for acquisition policies and standards, placing the technology at risk of cyberattacks, the Federal government’s top watchdog said this week. […]
The Pentagon has launched a new fully operational program that allows independent “ethical hackers” to find and analyze vulnerabilities in military contractor networks with the aim of improving the cybersecurity posture of the defense industrial base (DIB). […]
The Government Accountability Office (GAO) is calling on two Federal agencies in charge of overseeing the implementation of President Biden’s 2021 cybersecurity executive order (EO) to fully complete the remaining five requirements tasked to them in the order. […]
While a total ban on ransom payments to hackers remains “the ultimate goal” for cybersecurity experts, critical infrastructure organizations need stronger cybersecurity resilience before that happens, former acting National Cyber Director Kemba Walden told lawmakers on April 16. […]
The head of the Cybersecurity and Infrastructure Security Agency (CISA) said today that the Federal government has a “powerful” ability to mandate security standards for software vendors through its procurement process. […]
A group of industry experts called on Congress this week to enforce minimum cybersecurity standards among healthcare organizations in light of the February ransomware attack on UnitedHealth subsidiary Change Healthcare. […]
As artificial intelligence technologies continue to rapidly evolve, Federal agencies are looking to upskill their AI workforce to keep pace with emerging cybersecurity threats. […]
The former policy lead for the Department of Defense (DoD) under President Barack Obama said Tuesday that while the Biden administration’s National Cybersecurity Strategy (NCS) calls for secure-by-design technology principles, the White House doesn’t actually have the authority to regulate that. […]
Federal Chief Information Security Officer (CISO) Chris DeRusha gave broad credit today to Federal agencies for making marked improvements in cybersecurity over the past few years, and cited the ability of one larger agency – which he did not name – with being able to take particularly quick action in the face of the Ivanti vulnerabilities that the government began warning about in January. […]
The Department of Homeland Security’s (DHS) Cyber Safety Review Board (CSRB) released findings late Tuesday following its independent review of the summer 2023 Microsoft Exchange Online intrusion that attributed the success of the China-based hack to “a cascade of security failures at Microsoft” and an “inadequate” security culture at the company. […]
The Defense Department, General Services Administration, and NASA have issued a final rule amending the Federal Acquisition Regulation (FAR) to add the framework for a new FAR part 40 covering information security and supply chain security. […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) published its long-awaited cyber incident reporting rule today for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), requesting public input on the forthcoming regulations. […]
Sen. Gary Peters, D-Mich., chairman of the Senate Homeland Security and Governmental Affairs Committee, is calling on the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to prioritize cybersecurity efforts in the healthcare sector. […]
The Department of Justice (DoJ) announced today that it has charged seven hackers associated with the People’s Republic of China (PRC) for “malicious” cyberattacks that targeted U.S. government officials, politicians, and companies. […]
Sen. Mark Warner, D-Va. – co-chair of the Senate Cybersecurity Caucus – introduced legislation that would provide financial incentives for healthcare providers to boost their cyber defense by requiring them to meet minimum cybersecurity standards in order to receive accelerated payment in the event of a cyberattack. […]
Following the discovery of a Chinese-based hacking group compromising U.S. critical infrastructure, the White House – in collaboration with the Environmental Protection Agency (EPA) – announced plans this week to form a Water Sector Cybersecurity Task Force. […]
The National Security Agency’s (NSA) Cybersecurity Collaboration Center (CCC) has been “game-changing” for the NSA in terms of gaining unique insights from partners on specific adversaries, according to Morgan Adamski, the chief of the CCC. […]