The FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency have warned organizations about Russian cyber threats amid the ongoing tension at the Russia-Ukraine border. According to a joint advisory released on Tuesday, Russian state-sponsored advanced persistent threat actors use common attacks like spearphishing and vulnerabilities exploitation to gain initial access to […]
The House Oversight and Reform Committee is seeking to reform the Federal Information Security Modernization Act to assign clear roles and responsibilities for federal cybersecurity leadership. The draft reform bill for FISMA was released on Tuesday. Committee Chairwoman Carolyn Maloney said during a hearing that reforming FISMA will ensure that intellectual property, sensitive data, essential […]
The National Institute of Standards and Technology has published updated guidance on the engineering and programming aspects of cybersecurity. In a document titled “Engineering Trustworthy Secure Systems,” NIST outlined engineering-driven ways to develop more defensible and survivable systems. Engineering-based solutions are critical for managing today’s complex systems such as cyber-physical systems and systems-of-systems, NIST said. […]
The Federal Bureau of Investigation has issued a warning about Eastern European cybercriminal group FIN7, which tried to hack U.S. transportation, defense and insurance companies by mailing fake letters. According to an FBI advisory, companies received fake snail mails that were processed by the U.S. Postal Service and courier service company UPS from August to […]
New Jersey-based Pivot Point Security, an information security advisory firm, announced the launch of its Federal Risk and Compliance “FedRisk” practice to help organizations doing business with federal agencies meet their unique and complex cybersecurity attestation and compliance requirements. FedRisk takes a targeted, “data first” approach that empowers clients to define and execute on their […]
U.S. Cyber Command has entered into partnerships with 84 universities across 34 states as part of an effort to expand the U.S. cybersecurity workforce. The Academic Engagement Network program will focus on supporting four lines of effort: future workforce, applied cyber research, applied analytics and strategic issues, CYBERCOM said. David Frederick, CYBERCOM executive director, said […]
Cyber experts from the government and the private sector said zero trust has become the gold standard for cybersecurity and will go a long way to protecting organizations. They cautioned, however, that it is not a “silver bullet” for tackling threats, telling chief information officers that they should not be lulled into complacency, GovernmentCIO reported […]
Democratic and Republican senators want to know more about the roles and responsibilities that the Department of Homeland Security and Department of Transportation have in detecting, preventing and responding to transportation system cyber threats. The lawmakers wrote a letter on Jan. 3 asking how the agencies are handling risk management and assessment, sector coordination, security […]
Cyberattacks have become a significant threat to the maritime critical infrastructure and the U.S. Coast Guard must come to terms with their inevitability. A ranking USCG officer told lawmakers that the maritime critical infrastructure faces “very substantial threats” on a daily basis, adding that the traditional prevention and response framework currently in use may not […]
The Federal Trade Commission warned companies on Tuesday that they could face legal consequences if they fail to remediate the Log4j vulnerability. According to the FTC, technology companies and their vendors should take all necessary steps to mitigate the damage from Log4Shell and avoid potential harm to consumers. The agency pointed out that damages can […]
