The Department of Health and Human Services has urged organizations regulated by the Health Insurance Portability and Accountability Act to step up their security for electronic protected health information. In its cybersecurity newsletter, the HHS Office of Civil Rights said that many HIPAA-covered entities underappreciate the impact of their action or inaction on ePHI security. […]
Fortanix, a multi-cloud security company headquartered in Mountain View, California, disclosed that a growing number of federal agencies are turning to its Data Security Manager offering to thwart the increasing number of cybercrime, data breaches and other security challenges posed by nation-state bad actors. The federal government has allocated billions of dollars into cybersecurity to […]
The Cybersecurity and Infrastructure Security Agency and the FBI have issued an alert about Russia-linked cyber actors who targeted a non-governmental organization. In a joint advisory, the agencies said that the hackers accessed the NGO’s network by exploiting a flaw in default multi-factor authentication protocols. The FBI observed the cyber actors exploiting MFA settings as […]
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency warned organizations about possible threats to satellite communication networks. According to a joint advisory, SATCOM network intrusions could pose risks to network providers and their customers. CISA and the FBI are urging network operators and customers to review the measures outlined in the […]
The FBI and the Cybersecurity and Infrastructure Security Agency have warned organizations about the ability of Russian state-sponsored cyber actors to gain network access by exploiting default multifactor authentication protocols. According to a joint cybersecurity advisory, state-sponsored hacking groups would exploit a misconfigured account to set default MFA protocols at a non-government organization and access […]
The Cybersecurity and Infrastructure Security Agency said it has concluded a three-day cyber exercise involving more than 2,000 participants across 200 organizations from the private and public sectors. Cyber Storm VIII saw participants respond to a simulated cybersecurity crisis affecting U.S. critical infrastructure. The exercise was intended to test the cybersecurity community’s preparedness, incident response […]
The National Institute of Standards and Technology has provided guidance on how agencies can evaluate how well they protect controlled unclassified information. According to NIST, controlled unclassified information can directly impact the federal government’s ability to conduct critical missions and functions. NIST’s new Special Publication 800-172A specifically includes steps for assessing the implementation of SP […]
The Cybersecurity and Infrastructure Security Agency wants federal organizations to be more proactive in enforcing multi-factor authentication, an expert from the agency said. Ross Foard, an information technology specialist with CISA’s Continuous Diagnostics and Mitigation program, said that the government is ahead of most industries in the requirement of multi-factor authentication, Nextgov reported. He said […]
Lauren Boas Hayes, senior adviser for technology and innovation at the Cybersecurity and Infrastructure Security Agency, said health care organizations must have better communication and threat sharing capabilities with the agency to improve the sector’s cyber posture. Speaking at the 2022 ViVE event, Boas Hayes said investing in cybersecurity for the health care system is […]
The Senate on Thursday passed a measure designating the Cybersecurity and Infrastructure Security Agency as the mandatory recipient of industry reports about major cyber incidents, while at the same time giving the agency a 22 percent budget increase over its 2021’s appropriation. The allocation of more power and financial resources to CISA was spurred by […]
