UKG agrees to pay up to $6M in lawsuit tied to 2021 breach

The payroll services provider reached an agreement to settle a class action lawsuit tied to a ransomware attack that targeted its Kronos Private Cloud service.

By Matt Kapko • July 18, 2023

White House unveils consumer labeling program to strengthen IoT security

The voluntary program is designed to protect millions of consumers and remote workers amid increased threat activity against smart home and IoT devices.

By David Jones • July 18, 2023

FCC chair proposes $200M investment to boost K-12 cybersecurity

The funds would go toward a three-year pilot program aimed at enhancing cybersecurity protections for school and library networks.

By Anna Merod • July 14, 2023

Fed ends Capital One breach-related enforcement action

The Office of the Comptroller of the Currency 10 months earlier freed the bank from a separate consent order tied to a former AWS employee’s hack that exposed the data of 106 million customers.

By Dan Ennis • July 13, 2023

White House shares the 69 initiatives slated to shore up national cybersecurity

“If the strategy represents the president’s vision for the future, then this implementation plan is the roadmap to get there,” Acting National Cyber Director Kemba Walden said.

By Matt Kapko • July 13, 2023

Microsoft warns China-linked APT actor hacked US agency, other email accounts

U.S. officials alerted Microsoft about what emerged as a targeted, monthlong hacking campaign.

By David Jones • July 12, 2023

IronNet in NYSE compliance crosshairs after failing to file quarterly earnings on time

Management at the cybersecurity firm has been in talks on a deal to raise additional capital and go private. 

By David Jones • July 6, 2023

White House releases cyber budget priorities for fiscal year 2025

Federal agencies are advised to demonstrate how their spending aligns with the national cybersecurity strategy.

By Matt Kapko • June 29, 2023

SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation

Executives were alerted to possible enforcement action related to the Russia-linked supply chain attack.

By David Jones • June 26, 2023

SEC delays final rule on cyber incident disclosure as industry pushes back

The agency was seeking prompt reporting of material cyber breaches and attacks, but faced a range of concerns from stakeholders.

By David Jones • June 16, 2023

Cloud services seen as key tool in shifting balance of cyber risk

The acting national cyber director says more oversight may be necessary, but a resilient cloud infrastructure is critical to the national cybersecurity strategy.

By David Jones • June 12, 2023

Existing security policy for critical infrastructure needs major overhaul, commission says

The Cyberspace Solarium Commission 2.0 says the federal relationship with the private sector is based on outdated policy.

By David Jones • June 7, 2023

FTC chair warns that AI businesses must still operate within existing laws

The rapidly expanding technology cannot be used for fraud or discrimination and dominant players must allow the market to remain competitive, Lina Khan said Thursday.

By David Jones • June 2, 2023

CISA updates ransomware guide 3 years after its debut

The #StopRansomware guide, updated in partnership with the FBI, NSA and MS-ISAC, reflects aggressive new techniques used by threat actors, including double extortion.

By David Jones • May 24, 2023

Critical infrastructure security spending to grow 83% by 2027: ABI Research

Analysts forecast cybersecurity spending among critical infrastructure organizations to grow from an estimated $129 billion in 2022 to almost $236 billion by 2027.

By Matt Kapko • May 19, 2023

Why and how to report a ransomware attack

The majority of ransomware attacks go unreported, creating a blind spot that hampers response, recovery efforts and the prevention of future attacks.

By Matt Kapko • May 18, 2023

House hearing details cyber resilience efforts for energy, water and healthcare

Officials from the Department of Health and Human Services, Environmental Protection Agency and the Department of Energy testified how sector agencies are responding to rising threats.

By David Jones • May 17, 2023

Flood of ransom payments continues as officials mull ban

The revived debate over the viability of a ransom payment ban comes down to the cost ransomware is causing organizations globally.

By Matt Kapko • May 11, 2023

CISA director wary of technology industry repeating its mistakes with AI

The multibillion-dollar cybersecurity industry is the result of misaligned incentives, where speed-to-market outranked security, Jen Easterly said. 

By Naomi Eide • May 11, 2023

Walden says cybersecurity strategy mostly well-received

The acting national cyber director says common ground exists in certain areas, but a great deal of work remains.

By David Jones • May 10, 2023

White House considers ban on ransom payments, with caveats

Experts suggest the effort, a reversal from the administration's previous stance, is fraught with complications that could cause unintended consequences.

By Matt Kapko • May 8, 2023

Former Uber CSO avoids prison time for ransomware coverup

Joseph Sullivan was convicted last year after covering up a cyberattack while the ride sharing firm was under a Federal Trade Commission probe.

By David Jones • May 5, 2023

Most open source maintainers still consider themselves hobbyists, despite compensation pledges

A study by Tidelift shows a compensation gap for the key producers of open source applications, raising questions about how to properly secure software supply chains.

By David Jones • May 2, 2023

CISA seeks public comment on software security attestation form

The release is part of a larger effort by the Biden administration to strengthen software security at the development stage.

By David Jones • April 28, 2023

Acting National Cyber Director downplays reports of interagency strife

There’s been no sign of tension between U.S. cybersecurity officials during Kemba Walden’s tenure, at least from her perspective.

By Matt Kapko • April 27, 2023