Policy & Regulation: Page 9
-
Kevin Dietsch / Staff via Getty Images
Senate confirms Harry Coker Jr. as national cyber director
The national security veteran assumes the role at a critical time, tasked with implementing the White House’s national cybersecurity strategy.
By Matt Kapko • Dec. 13, 2023 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
Check Point Software in SEC settlement talks in connection with SolarWinds probe
The cybersecurity firm provided documents and other information related to the 2020 supply chain hack of the SolarWinds Orion platform.
By David Jones • Dec. 13, 2023 -
Mark Wilson/Newsmakers via Getty Images
FBI to field SEC cyber incident disclosure delay requests
Publicly-traded companies can request incident disclosure delays, but the bar is high. A filing would have to pose a significant threat to public safety or national security.
By Matt Kapko • Dec. 12, 2023 -
Courtesy of Billington CyberSecurity Summit
White House wants to set minimum cyber standards for hospitals, healthcare
The sector has faced a wave of ransomware linked to the critical CitrixBleed vulnerability, which has led to major attacks from LockBit and other threat groups.
By David Jones • Dec. 11, 2023 -
da-kuk via Getty Images
2 years on, Log4j still haunts the security community
Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions.
By David Jones • Dec. 8, 2023 -
Matt Kapko/Cybersecurity Dive
CISA performance goals program trims exploited CVEs
Organizations enrolled in the agency’s vulnerability scanning program are showing improved security, but the reduction in exploitable internet-facing services is incremental.
By David Jones • Dec. 6, 2023 -
(2008). Retrieved from Environmental Protection Agency.
Water utility cyberattacks underscore ongoing threat to OT
U.S. officials urged water utilities and industrial sites to employ basic configuration safeguards like securing internet-facing devices and changing default passwords following a series of attacks.
By David Jones • Dec. 5, 2023 -
Retrieved from Pixabay.
CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks
The Unitronics warning follows an Iran-linked hack of a Pennsylvania water treatment facility.
By David Jones • Updated Nov. 29, 2023 -
GOCMEN via Getty Images
NY reaches $1M breach settlement with First American Title Insurance
The company exposed millions of documents of non-public customer data, through a vulnerability in a proprietary application.
By David Jones • Nov. 28, 2023 -
Center for Strategic and International Studies
Authorities pushing for secure AI development practices
CISA and the U.K.’s cyber agency released the guidelines as part of a global effort to ensure AI is developed using security as a core component.
By David Jones • Nov. 27, 2023 -
Getty Images via Getty Images
SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers
Each business stakeholder has a different cyber risk management responsibility. Given the SEC’s coming disclosure rules, it’s even more important to outline who owns what.
By Chris Tarbell, Dave Franzel and Greg Van Houten • Nov. 27, 2023 -
Justin Sullivan/Getty Images via Getty Images
CitrixBleed worries mount as nation state, criminal groups launch exploits
LockBit 3.0 affiliates targeted a unit of Boeing and federal authorities have alerted almost 300 organizations they are vulnerable to attack.
By David Jones • Nov. 22, 2023 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA explains how to apply secure-by-design principles
The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said.
By Matt Kapko • Nov. 20, 2023 -
Matt Cardy / Getty Images Europe via Getty Images
Threat actors behind Las Vegas casino attacks are social-engineering mavens
Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.
By Matt Kapko • Nov. 17, 2023 -
JuSun via Getty Images
FCC proposes 3-year cybersecurity pilot for schools, libraries
The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.
By Roger Riddell • Nov. 17, 2023 -
Courtesy of Darren McGee/ Office of Governor Kathy Hochul
New York proposes ‘nation-leading’ hospital cybersecurity regulations
The rules, which would require facilities to develop response plans and hire a chief information security officer, aim to safeguard hospitals from growing threats and keep them operating during an attack.
By Emily Olsen • Nov. 13, 2023 -
Center for Strategic and International Studies
As Congress weighs budget priorities, top cyber execs urge CISA funding support
The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.
By David Jones • Nov. 10, 2023 -
Nick van Bree via Getty Images
Countries pledge to not pay ransoms, but experts question impact
There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.
By Matt Kapko • Nov. 6, 2023 -
Stephen Brashear via Getty Images
Microsoft overhauls cyber strategy to finally embrace security by default
The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features.
By David Jones • Nov. 3, 2023 -
Carol Highsmith. (2005). "The Apex Building" [Photo]. Retrieved from Wikimedia Commons.
Non-bank financial institutions must report data security breaches: FTC
The amendment to the FTC’s Safeguards Rule requires non-banking financial institutions to disclose data breaches within 30 days.
By Rajashree Chakravarty • Nov. 2, 2023 -
Kevin Dietsch/Getty Images via Getty Images
For the SEC, the fraud case against SolarWinds is a cybersecurity warning shot
Legal, risk management and cybersecurity experts say companies are now on notice to prioritize internal controls, investor transparency and material disclosure requirements.
By David Jones • Nov. 2, 2023 -
Kobus Louw via Getty Images
Global cybersecurity workforce grows, but still confronts shortfall of 4M people
Despite growing to 5.5 million professionals worldwide, a study by ISC2 shows the industry still needs millions of qualified workers to defend against rising digital threats.
By David Jones • Oct. 31, 2023 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
SEC charges SolarWinds, its CISO with fraud
The company allegedly misled investors regarding its cybersecurity practices and failed to disclose known risks, according to a complaint.
By David Jones • Updated Oct. 31, 2023 -
gorodenkoff via Getty Images
CISA targets software identification in push to boost supply chain security
The plan is part of a wider effort to boost software security using vulnerability management and SBOMs.
By David Jones • Oct. 27, 2023 -
jeenah Moon via Getty Images
Microsoft extends security log retention following State Department hacks
Government and private sector customers will be able to search cloud data records for malicious threat activity by default.
By David Jones • Oct. 23, 2023
Previous
