CISA director: Critical infrastructure cyber incident reporting rules almost ready

The Cybersecurity and Infrastructure Security Agency is in the final stages of work on the reporting requirements included in a March 2022 law.

By David Jones • Sept. 8, 2023

Cybersecurity investments boost profitability, resilience: White House

Expenditures on resilience will help companies reduce downtime, Acting National Cyber Director Kemba Walden said at the Billington Cybersecurity Summit.

By David Jones • Sept. 6, 2023

CISA creates voluntary ed tech pledge to boost K-12 cybersecurity

Companies signing the agreement are urged to commit to encouraging the use of multifactor authentication and public vulnerability disclosure.

By Anna Merod • Sept. 6, 2023

SEC cyber disclosure rules put CISO liability under the spotlight

Security executives find themselves in the eye of the needle as governance and incident response come into focus.

By David Jones • Sept. 5, 2023

SEC cyber disclosure rules are taking effect: Here’s what to expect

With enforcement on the horizon, much of the SEC's rules for material disclosures are subject to interpretation.

By Naomi Eide • Aug. 31, 2023

US leads takedown of Qakbot malware, which automated initial infections

The botnet and malware had infected more than 700,000 computers worldwide and was linked to the abuse of OneNote files.

By David Jones • Aug. 30, 2023

Software industry urged to assume risk on open source security

The Open Source Security Foundation called on commercial and non-commercial organizations that use open source software components to adopt better security practices.

By David Jones • Aug. 25, 2023

Government investigation puts spotlight on password insecurity

A team working for the Department of Interior’s inspector general successfully cracked 1 in 5 active user passwords, a ratio that highlights traps in cybersecurity standards, Mike Kosask from LastPass writes.

By Michael Kosak • Aug. 24, 2023

Cyber authorities have a plan to defend remote monitoring tools

Threat actors can turn one point of attack into many by targeting remote management services that lack security controls.

By Matt Kapko • Aug. 18, 2023

SEC cyber rules ignite tension between reputation and security risk

The rules, which take effect Sept. 5, encountered mixed reactions. Some champion board-level cyber accountability. Others say the rules are too big of a lift.

By David Jones • Aug. 15, 2023

Chamber of Commerce urges SEC to delay cyber rule implementation

The SEC has “chosen speed over accuracy” while ignoring important business community concerns in pushing out the new regulations, the U.S. Chamber of Commerce says.

By Alexei Alexis • Aug. 15, 2023

Microsoft, cloud security under the microscope with federal cyber review

The federal Cyber Safety Review Board will examine issues related to the state-linked hack of Microsoft Exchange and larger concerns tied to identity management and authentication.

By David Jones • Aug. 14, 2023

Automotive data privacy under scrutiny in California

The California Privacy Protection Agency’s enforcement division is examining how automakers handle data collected from internet-connected vehicles.

By Michael Brady • Aug. 14, 2023

Why Walden thinks this national cybersecurity strategy will work

The acting national cyber director, armed with more talent at the federal level and an implementation plan, is striving for lasting impact.

By Matt Kapko • Aug. 11, 2023

White House wants input on open source security, memory-safe languages

Federal agencies put out a request for information Thursday, building on Biden administration priorities to help secure open source post-Log4j.

By David Jones • Aug. 11, 2023

3 best practices from the White House K-12 cybersecurity summit

School leaders must take prevention seriously and know who to call when an attack happens, government officials and educators said.

By Kara Arundel • Aug. 11, 2023

New York rolls out statewide cybersecurity strategy

The strategy follows previous steps to enhance local cybersecurity and protect critical infrastructure across the state.

By David Jones • Aug. 10, 2023

White House launches AI cyber competition to fix software vulnerabilities

In partnership with OpenAI, Anthropic, Google and Microsoft, participants will have access to top AI companies’ technology for designing new cybersecurity solutions.

By Lindsey Wilkinson • Aug. 9, 2023

NIST releases draft overhaul of its core cybersecurity framework

It marks the first major update to federal risk guidance since 2014 and incorporates new issues, including supply chain security and threats to small business.

By David Jones • Aug. 9, 2023

AWS pledges $20M to K-12 cyber training, incident response

The cloud services provider is participating in a broad White House plan to build additional protection to defend schools against ransomware and other threats.

By David Jones • Aug. 7, 2023

White House rolls out millions in funding to combat K-12 cyberattacks

Federal officials are meeting with key administrators and technology providers to address a surge in ransomware and other malicious activity facing K-12 schools.

By David Jones • Aug. 7, 2023

CISA seeks to address visibility, resilience in 3-year strategic plan

The agency outlined a major push to recognize and respond to immediate cyberthreats and make secure development practices a priority.

By David Jones • Aug. 7, 2023

Broad SBOM adoption takes root as businesses watch their supply chains

Research from Sonatype shows major companies are increasingly mandating outside vendors to account for the security of their applications.

By David Jones • Aug. 4, 2023

White House looks to close massive cyber skills gap

The Biden administration is moving to address a yearslong shortage of qualified IT security and technology industry workers.

By David Jones • Aug. 1, 2023

New Jersey Supreme Court to hear Merck insurance dispute over NotPetya attack

The pharmaceutical giant previously won lower court rulings regarding war exclusion language. 

By David Jones • July 28, 2023