Policy & Regulation: Page 2


  • FBI seal displayed on a wall
    Image attribution tooltip
    Chip Somodevilla/Getty Images via Getty Images
    Image attribution tooltip

    Black Basta ransomware is toying with critical infrastructure providers, authorities say

    The threat group has impacted more than 500 targets worldwide and the vast majority of critical infrastructure sectors.  Numerous attacks have exploited vulnerabilities in ConnectWise ScreenConnect.

    By May 13, 2024
  • Microsoft logo at Mobile World Congress.
    Image attribution tooltip
    David Ramos via Getty Images
    Image attribution tooltip

    Congress wants to question Microsoft exec over security defects

    The committee wants to question Brad Smith, Microsoft’s president and vice chair, over the company’s security shortcomings and how it plans to strengthen security measures.

    By May 13, 2024
  • The White House in Washington, D.C.
    Image attribution tooltip
    TriggerPhoto via Getty Images
    Image attribution tooltip

    White House wants to hold the software sector accountable for security

    Federal officials are taking steps toward a long-stated goal of shifting the security burden from technology users to the companies that build it.

    By May 10, 2024
  • CISA Director Jen Easterly speaks at Carnegie Mellon University urging the tech industry to embrace secure-by-design product development.
    Image attribution tooltip
    Permission granted by Carnegie Mellon University
    Image attribution tooltip

    68 tech, security vendors commit to secure-by-design practices

    CISA said companies ranging from Microsoft to Palo Alto Networks signed the voluntary pledge in an effort to boost resiliency and increase transparency around CVEs and cyberattacks.

    By May 9, 2024
  • Cybersecurity professionals walk into the RSA Conference at the Moscone Center in San Francisco on May 6, 2024.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive/Cybersecurity Dive
    Image attribution tooltip

    CISA explains why it doesn’t call out tech vendors by name

    Federal officials rarely criticize tech companies when their mistakes result in attacks. The stinging conclusions CSRB levied at Microsoft are an exception, not the norm.

    By May 9, 2024
  • National Cyber Director Harry Coker speaks in Washington.
    Image attribution tooltip
    Permission granted by Information Technology Industry Council
    Image attribution tooltip

    The US really wants to improve critical infrastructure cyber resilience

    A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year. 

    By May 8, 2024
  • A picture of a stethoscope on top of a notebook with blue charts and investment images overlaid over it.
    Image attribution tooltip
    ipopba via Getty Images
    Image attribution tooltip

    CISA, FBI urge software companies to eliminate directory traversal vulnerabilities

    The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools. 

    By May 7, 2024
  • Industrial Engineer working and control robotics with monitoring system software and icon industry network connection on tablet
    Image attribution tooltip
    ipopba via Getty Images
    Image attribution tooltip
    Sponsored by Indiana University

    How can AI companies navigate a complex regulatory framework? — Compliance Labels

    The rapid unregulated growth in the field of artificial Intelligence has given rise to Large Language Models (LLM’s) such as GPT-4 and Gemini which has contributed to major technical advancements but has also been coupled with legal and ethical issues.

    By Sai Prasad, Security Analyst, CyberProof, MS Cybersecurity Risk Management '22 • May 6, 2024
  • UnitedHealth Group CEO Andrew Witty
    Image attribution tooltip
    Kent Nishimura/Getty Images via Getty Images
    Image attribution tooltip

    Congress grills UnitedHealth CEO over Change cyberattack

    Legislators slammed Andrew Witty over the company’s lack of cybersecurity practices and the impact of the breach, which may have compromised the data of a third of Americans.

    By Emily Olsen • May 2, 2024
  • Matrix background of blurred programming code.
    Image attribution tooltip
    Getty Plus via Getty Images
    Image attribution tooltip

    CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action.

    More than half of CISA's ransomware vulnerability warning pilot alerts were sent to government facilities, healthcare and public health organizations.

    By May 1, 2024
  • Sewage water flowing into river body and polluting the water and environment.
    Image attribution tooltip
    Cinefootage Visuals via Getty Images
    Image attribution tooltip

    Hacktivists exploiting poor cyber hygiene at critical infrastructure providers

    CISA, the FBI and international partner agencies want water, energy, agriculture and other sectors to immediately reset passwords and apply multifactor authentication.

    By May 1, 2024
  • noncompete agreement ban
    Image attribution tooltip
    mphillips007 via Getty Images
    Image attribution tooltip

    FTC broadens health breach notification rule

    Regulators have been pursuing more enforcement actions against health applications sharing consumers’ data. Friday’s final rule should give those actions more heft.

    By Rebecca Pifer • April 29, 2024
  • CISA Director Jen Easterly, RSA Conference 2022
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    CISA director pushes for vendor accountability and less emphasis on victims’ errors

    Stakeholders need to address why vendors are delivering products with common vulnerabilities, which account for the majority of attacks, Jen Easterly said.

    By April 25, 2024
  • Cyber security network and privacy Data protection
    Image attribution tooltip
    GamePH via Getty Images
    Image attribution tooltip
    Sponsored by Apiiro

    Preparing for CISA’s Secure Software Development Attestation and PCI compliance updates with ASPM

    With increased expectations and a prime position in the spotlight, AppSec teams need reliable tools that can act as a force multiplier for their AppSec programs.

    April 22, 2024
  • Computer hacker stealing data from a laptop.
    Image attribution tooltip
    BrianAJackson via Getty Images
    Image attribution tooltip

    Fears rise of social engineering campaign as open source community spots another threat

    Federal officials are said to be investigating potential links between the recent XZ Utils campaign and new threat activity against JavaScript project maintainers.

    By April 16, 2024
  • Ransomware virus has encrypted data. Attacker is offering key to unlock encrypted data for money.
    Image attribution tooltip
    vchal via Getty Images
    Image attribution tooltip

    Top officials again push back on ransom payment ban

    In lieu of a ban, the Institute for Security and Technology advises governments to achieve 16 milestones, most of which are already in place or in the works.

    By April 15, 2024
  • Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    CISA to big tech: After XZ Utils, open source needs your support

    The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.

    By April 15, 2024
  • FBI Director Christopher Ray speaking at the annual Boston Conference on Cyber Security
    Image attribution tooltip

    Lee Pellegrini, Boston College

    Image attribution tooltip

    FBI director echoes past warnings, as critical infrastructure hacking threat festers

    Chris Wray says adversaries from China, Russia and Iran are ramping up cyber, espionage and other threat activity against key sectors, including water, energy and telecommunications.

    By April 11, 2024
  • NIST administration building in Gaithersburg, Maryland.
    Image attribution tooltip
    Courtesy of NIST
    Image attribution tooltip

    What’s going on with the National Vulnerability Database?

    CVE overload and a lengthy backlog has meant the federal government’s repository of vulnerability data can’t keep up with today’s threat landscape.

    By April 10, 2024
  • Oil Or Gas Transportation With Blue Gas Or Pipe Line Valves On Soil And Sunrise Background
    Image attribution tooltip
    onurdongel via Getty Images
    Image attribution tooltip

    Industry stakeholders seek 30-day delay for CIRCIA comments deadline

    Industry officials are asking for additional time to comb through hundreds of pages of detailed rules about disclosure of covered cyber incidents and ransom payments.

    By April 8, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard

    Microsoft previously warned that the Russia-linked threat group was expanding malicious activity following the hack of senior company executives, which it disclosed in January.

    By April 5, 2024
  • Aisle of files in an archive.
    Image attribution tooltip
    Nikada / Getty Images via Getty Images
    Image attribution tooltip

    What CISA wants to see in CIRCIA reports

    The most consequential federal critical infrastructure cyber incident regulation will be on the books in 18 months. Here are some of CIRCIA's main asks.

    By April 4, 2024
  • Microsoft logo is seen in the background.
    Image attribution tooltip
    Jeenah Moon via Getty Images
    Image attribution tooltip

    Microsoft Exchange state-linked hack entirely preventable, cyber review board finds

    The technology giant’s corporate culture fell short on security investments and risk management, and needs significant reforms, according to a damning report by the U.S. Cyber Safety Review Board.

    By April 3, 2024
  • The U.S. Securities and Exchange Commission seal hangs on the facade of its building.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    Progress Software continues to cooperate with SEC probe into MOVEit exploitation

    The company said it still cannot quantify the potential impact of multiple government agency inquiries.

    By March 29, 2024
  • Executives are seen speaking during a meeting.
    Image attribution tooltip
    AzmanL via Getty Images
    Image attribution tooltip

    Boards need to brush up on cybersecurity governance, survey finds

    SEC cyber disclosure rules are calling attention to corporate boards’ need to enhance their approach to cybersecurity oversight and compliance.

    By Rosalyn Page • March 29, 2024