The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory on May 11 – along with Federal law enforcement partners and international allies – that warns of an increase in malicious cyber activity targeting managed service providers (MSPs). […]

Cybersecurity services provider CrowdStrike said today it has identified a sophisticated post-exploitation framework that was first detected in 2021 and that has been observed in multiple victim environments in geographically distinct locations – with intrusions spanning technology, academic, and government sectors. […]

One year ago, the Colonial Pipeline ransomware attack set off a chain reaction of cyber initiatives that would forever impact the private and public sectors. […]

The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for supply chain risk management to help organizations protect themselves in acquiring and using technology products and services. […]

Rep. Elissa Slotkin, D-Mich., said today that in a world free of constraints she would want companies to need cybersecurity hygiene certifications in order to deal with the Federal government. […]

The National Institute of Standards and Technology (NIST) is seeking feedback on a draft special publication about its 5G technologies cybersecurity guidance. […]

The Library of Congress is planning to create a Cloud Management Office (CMO) within its Office of the Chief Information Officer (OCIO), according to the agency’s justification for its fiscal year (FY) 2023 budget request. […]

Reps. Tom Malinowski, D-N.J., and Andrew Garbarino, R-N.Y., on April 28 introduced companion legislation to a Senate bill offered earlier this year that would task Federal agencies with helping the commercial satellite sector improve the security of their networks. […]

The Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to six Russian hackers responsible for the 2017 NotPetya malware infection. […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with Federal and international partners, released a list of frequently exploited common vulnerabilities and exposures (CVEs), including the top 15 most exploited CVEs of 2021. […]

New legislation introduced in the House on April 21 aims to increase U.S. expertise in energy infrastructure cybersecurity by authorizing Department of Energy (DoE) grants to expand education and training opportunities that are “the convergence of cybersecurity and energy infrastructure.” […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory April 20, along with Federal law enforcement partners and international allies, that the agency says lays out the “most comprehensive view” of the cyber threat Russia poses to critical infrastructure owners since Russia invaded Ukraine in February. […]

The volume of phishing-based cyberattacks rose by 29 percent in 2021 over prior-year levels and was driven in part by an increase in phishing-as-a-service schemes, according to new research from cloud security services provider Zscaler and its ThreatLabz research operation. […]

The Department of Education was one of three agencies to receive funding from the General Service Administration’s (GSA) Technology Modernization Fund (TMF) for Zero Trust services, and the agency’s chief information officer Steven Hernandez said the agency is prioritizing the control pillar of the zero trust architecture with the funds. […]

The U.S. Army’s new Risk Management Framework (RMF) 2.0 has proved to be a “big game-changer,” not just in terms of managing risk, but also in building a strong cybersecurity community within the agency, an Army official said today. […]

The modernization of identity, credential, and access management (ICAM) has long been critical to improving Federal agency cybersecurity, and is only becoming more urgent due to President Biden’s cybersecurity executive order (EO) and associated policy directives requiring agencies to move to zero trust security architectures, government officials said on April 19 at a virtual event organized by FedInsider. […]

The National Institute of Standards and Technology (NIST) is working to apply its Cybersecurity Framework to the ground-based segments of space operations, an April 18 NIST report says. […]

As the Russian invasion of Ukraine continues through its second month with no let-up in sight, Federal cybersecurity and law enforcement officials are warning that they still see indications of potential Russian cyberattacks on United States critical infrastructure, and are reiterating their “Shields Up” warning to meet those potential threats. […]

With state and local governments (SLGs) becoming more tempting targets for cyberattacks every day, Federal and SLG experts are increasingly urging the importance of communication between the public and private sector in order to achieve a unified and stronger American cybersecurity posture. […]

Longtime Navy veteran Tracy L. Hines was promoted from captain to Rear Adm. (lower half) and assigned to be the Navy Cyber Security Division Director in Navy’s Washington, D.C., Office of Naval Operations, DoD announced April 6. […]

When implementing zero trust security architectures, an official from the Department of Health and Human Services (HHS) said today that the real change is not a technology change, but instead a “cultural change” within the organization. […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Energy (DoE), and National Security Agency (NSA), is warning that advanced persistent threat (APT) actors are seeking to gain full access to industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, CISA warned in a cybersecurity advisory April 13. […]

The long road to implementing zero trust security architectures may be driven by top-down policy directives and prioritizing technology pillars, but the art and science of communication and collaboration are showing up as vital inputs into organizing Federal agency technologists and network users to move toward the government’s zero trust goals. […]

Protecting healthcare data is essential, but cybersecurity experts say it is one of the hardest industries to protect due to its larger attack surface – and the fact that lives are at risk. […]

Microsoft Corp. said it has disrupted cyberattacks from a group linked to the GRU – Russia’s foreign military unit – that were targeting Ukrainian entities and media organizations, as well as government institutions and foreign policy think tanks in the United States, according to an April 7 company blog. […]

Senior Federal and industry cybersecurity leaders agreed that the Office of Management and Budget’s (OMB) August 2021 memorandum M-21-31 to implement new event logging and share threat information has proven to be a significant step in bolstering cybersecurity across Federal civilian agencies. […]

The Senate has confirmed Laurie Locascio, President Biden’s nominee to be the next undersecretary of Standards and Technology at the Department of Commerce, through an April 7 voice vote. The title typically comes with the dual role of Director of the National Institute of Standards and Technology. […]

Do you know someone who works hard to drive innovation and ensure our nation’s cybersecurity? MeriTalk wants you to submit nominations for our Cyber Defenders Awards, to honor those individuals who have made significant contributions across cyber programs in Federal IT. […]

The Department of Justice (DoJ) and FBI said this week they worked together to disrupt a botnet comprised of thousands of infected network hardware devices and controlled by the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). […]

With at least a half-million cybersecurity positions unfilled in the United States, Federal experts and educators said closing the gap on the shortage of cybersecurity professionals begins with cyber education efforts, particularly at the K-12 level. […]