CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks

The Unitronics warning follows an Iran-linked hack of a Pennsylvania water treatment facility.

By David Jones • Updated 21 hours ago

NY reaches $1M breach settlement with First American Title Insurance

The company exposed millions of documents of non-public customer data, through a vulnerability in a proprietary application.

By David Jones • Nov. 28, 2023

Authorities pushing for secure AI development practices

CISA and the U.K.’s cyber agency released the guidelines as part of a global effort to ensure AI is developed using security as a core component. 

By David Jones • Nov. 27, 2023

SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers

Each business stakeholder has a different cyber risk management responsibility. Given the SEC’s coming disclosure rules, it’s even more important to outline who owns what. 

By Chris Tarbell, Dave Franzel and Greg Van Houten • Nov. 27, 2023

CitrixBleed worries mount as nation state, criminal groups launch exploits

LockBit 3.0 affiliates targeted a unit of Boeing and federal authorities have alerted almost 300 organizations they are vulnerable to attack.

By David Jones • Nov. 22, 2023

CISA explains how to apply secure-by-design principles

The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said. 

By Matt Kapko • Nov. 20, 2023

Threat actors behind Las Vegas casino attacks are social-engineering mavens

Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.

By Matt Kapko • Nov. 17, 2023

FCC proposes 3-year cybersecurity pilot for schools, libraries

The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.

By Roger Riddell • Nov. 17, 2023

New York proposes ‘nation-leading’ hospital cybersecurity regulations

The rules, which would require facilities to develop response plans and hire a chief information security officer, aim to safeguard hospitals from growing threats and keep them operating during an attack.

By Emily Olsen • Nov. 13, 2023

As Congress weighs budget priorities, top cyber execs urge CISA funding support

The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.

By David Jones • Nov. 10, 2023

Countries pledge to not pay ransoms, but experts question impact

There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.

By Matt Kapko • Nov. 6, 2023

Microsoft overhauls cyber strategy to finally embrace security by default

The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features. 

By David Jones • Nov. 3, 2023

Non-bank financial institutions must report data security breaches: FTC

The amendment to the FTC’s Safeguards Rule requires non-banking financial institutions to disclose data breaches within 30 days.

By Rajashree Chakravarty • Nov. 2, 2023

For the SEC, the fraud case against SolarWinds is a cybersecurity warning shot

Legal, risk management and cybersecurity experts say companies are now on notice to prioritize internal controls, investor transparency and material disclosure requirements.

By David Jones • Nov. 2, 2023

Global cybersecurity workforce grows, but still confronts shortfall of 4M people

Despite growing to 5.5 million professionals worldwide, a study by ISC2 shows the industry still needs millions of qualified workers to defend against rising digital threats.

By David Jones • Oct. 31, 2023

SEC charges SolarWinds, its CISO with fraud

The company allegedly misled investors regarding its cybersecurity practices and failed to disclose known risks, according to a complaint.

By David Jones • Updated Oct. 31, 2023

CISA targets software identification in push to boost supply chain security

The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.

By David Jones • Oct. 27, 2023

Microsoft extends security log retention following State Department hacks

Government and private sector customers will be able to search cloud data records for malicious threat activity by default.

By David Jones • Oct. 23, 2023

FAIR Institute wants to quantify just how much a cyberattack costs

The risk-management body is trying to create a standard to estimate material cyber attack costs and help stakeholders better understand risk.

By Matt Kapko • Oct. 20, 2023

CISA launches new phase of Secure by Design to push global industry on software security

The agency plans an RFI on secure engineering, while adding guidance on AI security and emphasizing default security that does not require customer configurations.

By David Jones • Oct. 18, 2023

EPA rescinds rule to include cybersecurity in water system audits after legal challenge

The Biden administration said it will continue efforts to reduce cyber risk in critical infrastructure sectors.

By David Jones • Oct. 16, 2023

CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’

Common mistakes including poor credential management, weak MFA and lackluster patching continue to harm large enterprises.

By Matt Kapko • Oct. 16, 2023

Federal agencies press OT/ICS providers on open-source security

The U.S. is scrutinizing the security of critical infrastructure providers, which are becoming more dependent on connected infrastructure.

By David Jones • Oct. 12, 2023

Progress Software’s financial hit from MOVEit cuts deeper

With insurance coverage dwindling, and class-action lawsuits and financial restitution claims piling up, more trouble could be on the way for the software company.

By Matt Kapko • Oct. 11, 2023

CISA pivots focus to China-linked threats against critical infrastructure

The agency now considers China the top nation-state threat, after a heavy emphasis on risks related to the Russia-Ukraine war.

By David Jones • Oct. 5, 2023