White House launches AI cyber competition to fix software vulnerabilities

In partnership with OpenAI, Anthropic, Google and Microsoft, participants will have access to top AI companies’ technology for designing new cybersecurity solutions.

By Lindsey Wilkinson • Aug. 9, 2023

NIST releases draft overhaul of its core cybersecurity framework

It marks the first major update to federal risk guidance since 2014 and incorporates new issues, including supply chain security and threats to small business.

By David Jones • Aug. 9, 2023

AWS pledges $20M to K-12 cyber training, incident response

The cloud services provider is participating in a broad White House plan to build additional protection to defend schools against ransomware and other threats.

By David Jones • Aug. 7, 2023

White House rolls out millions in funding to combat K-12 cyberattacks

Federal officials are meeting with key administrators and technology providers to address a surge in ransomware and other malicious activity facing K-12 schools.

By David Jones • Aug. 7, 2023

CISA seeks to address visibility, resilience in 3-year strategic plan

The agency outlined a major push to recognize and respond to immediate cyberthreats and make secure development practices a priority.

By David Jones • Aug. 7, 2023

Broad SBOM adoption takes root as businesses watch their supply chains

Research from Sonatype shows major companies are increasingly mandating outside vendors to account for the security of their applications.

By David Jones • Aug. 4, 2023

White House looks to close massive cyber skills gap

The Biden administration is moving to address a yearslong shortage of qualified IT security and technology industry workers.

By David Jones • Aug. 1, 2023

New Jersey Supreme Court to hear Merck insurance dispute over NotPetya attack

The pharmaceutical giant previously won lower court rulings regarding war exclusion language. 

By David Jones • July 28, 2023

TSA revises security directives for oil and gas pipelines to test resilience

The updated requirements come amid heightened threats and security incidents, including the recent attack against Suncor Energy in Canada.

By David Jones • July 27, 2023

SEC votes to overhaul disclosure rules for material cyber events

After a fierce debate, the agency voted to require companies to come clean on material breaches and attacks within four business days of determination.

By David Jones • July 26, 2023

To execute the national cyber strategy, it’s going to take the whole US government

Experts applaud the desired outcomes, but the tasks and responsibilities now assigned to agencies underscore the challenges that lie ahead.

By Matt Kapko • July 25, 2023

New York cyber lead warns of what states face in critical infrastructure defense

Government agencies and the private sector must work collaboratively to combat increasingly sophisticated threat activity, Colin Ahern said.

By David Jones • July 25, 2023

White House secures safety commitments from 7 AI companies

OpenAI, Microsoft and Google are among the companies committing to robust testing and investments in cybersecurity safeguards to defend AI models prior to release.

By Lindsey Wilkinson • July 21, 2023

US government plays catchup on phishing-resistant MFA

Security tools have evolved to include more accessible protocols that meet stringent authentication requirements. The government wants to embrace that.

By Matt Kapko • July 20, 2023

Microsoft offers free security logs amid backlash from State Department hack

Federal officials and rivals blasted the company for charging customers for additional security features.

By David Jones • July 19, 2023

UKG agrees to pay up to $6M in lawsuit tied to 2021 breach

The payroll services provider reached an agreement to settle a class action lawsuit tied to a ransomware attack that targeted its Kronos Private Cloud service.

By Matt Kapko • July 18, 2023

White House unveils consumer labeling program to strengthen IoT security

The voluntary program is designed to protect millions of consumers and remote workers amid increased threat activity against smart home and IoT devices.

By David Jones • July 18, 2023

FCC chair proposes $200M investment to boost K-12 cybersecurity

The funds would go toward a three-year pilot program aimed at enhancing cybersecurity protections for school and library networks.

By Anna Merod • July 14, 2023

Fed ends Capital One breach-related enforcement action

The Office of the Comptroller of the Currency 10 months earlier freed the bank from a separate consent order tied to a former AWS employee’s hack that exposed the data of 106 million customers.

By Dan Ennis • July 13, 2023

White House shares the 69 initiatives slated to shore up national cybersecurity

“If the strategy represents the president’s vision for the future, then this implementation plan is the roadmap to get there,” Acting National Cyber Director Kemba Walden said.

By Matt Kapko • July 13, 2023

Microsoft warns China-linked APT actor hacked US agency, other email accounts

U.S. officials alerted Microsoft about what emerged as a targeted, monthlong hacking campaign.

By David Jones • July 12, 2023

IronNet in NYSE compliance crosshairs after failing to file quarterly earnings on time

Management at the cybersecurity firm has been in talks on a deal to raise additional capital and go private. 

By David Jones • July 6, 2023

White House releases cyber budget priorities for fiscal year 2025

Federal agencies are advised to demonstrate how their spending aligns with the national cybersecurity strategy.

By Matt Kapko • June 29, 2023

SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation

Executives were alerted to possible enforcement action related to the Russia-linked supply chain attack.

By David Jones • June 26, 2023

SEC delays final rule on cyber incident disclosure as industry pushes back

The agency was seeking prompt reporting of material cyber breaches and attacks, but faced a range of concerns from stakeholders.

By David Jones • June 16, 2023