CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages

The federal agency’s early warning system notified organizations across multiple critical infrastructure sectors of potential impending attacks.

By Matt Kapko • Jan. 19, 2024

5 cybersecurity trends to watch in 2024

Preventative measures remain woefully unmet, the scourge of ransomware is as bad as its ever been, and a wave of new incident reporting and compliance regulations are taking hold. Buckle up, 2024 is here.

By David Jones , Matt Kapko • Jan. 10, 2024

CISA seeks comment on secure by design principles to boost global software security

The agency issued an RFI seeking industry input on costs, how to incorporate security into higher education and how to reduce recurring security vulnerabilities.

By David Jones • Dec. 21, 2023

Cyber risk strategies in hot seat as SEC rules go live

A new climate of regulatory scrutiny is pushing companies to reassess how they manage cyber governance and mitigation at the highest levels.

By David Jones • Dec. 20, 2023

US leads AlphV ransomware infrastructure takedown

Law enforcement released a decryptor for the prolific threat group and ransomware affiliate service behind some of 2023’s most high-profile attacks.

By Matt Kapko • Dec. 19, 2023

What the SEC weighed in finalizing the cyber disclosure rules

The SEC's head of the corporate finance division said the burden of meeting compliance and fears of tipping off threat groups were carefully considered prior to final recommendations.

By David Jones • Dec. 18, 2023

Senate confirms Harry Coker Jr. as national cyber director

The national security veteran assumes the role at a critical time, tasked with implementing the White House’s national cybersecurity strategy.

By Matt Kapko • Dec. 13, 2023

Check Point Software in SEC settlement talks in connection with SolarWinds probe

The cybersecurity firm provided documents and other information related to the 2020 supply chain hack of the SolarWinds Orion platform.

By David Jones • Dec. 13, 2023

FBI to field SEC cyber incident disclosure delay requests

Publicly-traded companies can request incident disclosure delays, but the bar is high. A filing would have to pose a significant threat to public safety or national security.

By Matt Kapko • Dec. 12, 2023

White House wants to set minimum cyber standards for hospitals, healthcare

The sector has faced a wave of ransomware linked to the critical CitrixBleed vulnerability, which has led to major attacks from LockBit and other threat groups.

By David Jones • Dec. 11, 2023

2 years on, Log4j still haunts the security community

Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions. 

By David Jones • Dec. 8, 2023

CISA performance goals program trims exploited CVEs

Organizations enrolled in the agency’s vulnerability scanning program are showing improved security, but the reduction in exploitable internet-facing services is incremental.

By David Jones • Dec. 6, 2023

Water utility cyberattacks underscore ongoing threat to OT

U.S. officials urged water utilities and industrial sites to employ basic configuration safeguards like securing internet-facing devices and changing default passwords following a series of attacks.

By David Jones • Dec. 5, 2023

CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks

The Unitronics warning follows an Iran-linked hack of a Pennsylvania water treatment facility.

By David Jones • Updated Nov. 29, 2023

NY reaches $1M breach settlement with First American Title Insurance

The company exposed millions of documents of non-public customer data, through a vulnerability in a proprietary application.

By David Jones • Nov. 28, 2023

Authorities pushing for secure AI development practices

CISA and the U.K.’s cyber agency released the guidelines as part of a global effort to ensure AI is developed using security as a core component. 

By David Jones • Nov. 27, 2023

SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers

Each business stakeholder has a different cyber risk management responsibility. Given the SEC’s coming disclosure rules, it’s even more important to outline who owns what. 

By Chris Tarbell, Dave Franzel and Greg Van Houten • Nov. 27, 2023

CitrixBleed worries mount as nation state, criminal groups launch exploits

LockBit 3.0 affiliates targeted a unit of Boeing and federal authorities have alerted almost 300 organizations they are vulnerable to attack.

By David Jones • Nov. 22, 2023

CISA explains how to apply secure-by-design principles

The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said. 

By Matt Kapko • Nov. 20, 2023

Threat actors behind Las Vegas casino attacks are social-engineering mavens

Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.

By Matt Kapko • Nov. 17, 2023

FCC proposes 3-year cybersecurity pilot for schools, libraries

The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.

By Roger Riddell • Nov. 17, 2023

New York proposes ‘nation-leading’ hospital cybersecurity regulations

The rules, which would require facilities to develop response plans and hire a chief information security officer, aim to safeguard hospitals from growing threats and keep them operating during an attack.

By Emily Olsen • Nov. 13, 2023

As Congress weighs budget priorities, top cyber execs urge CISA funding support

The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.

By David Jones • Nov. 10, 2023

Countries pledge to not pay ransoms, but experts question impact

There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.

By Matt Kapko • Nov. 6, 2023

Microsoft overhauls cyber strategy to finally embrace security by default

The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features. 

By David Jones • Nov. 3, 2023