Cybersecurity

Third-party contractor software exploited in attack on HHS data

An official with the Department of Health and Human Services said attackers gained access to data by exploiting a major vulnerability found in the popular MOVEit file transfer service.

  • By Chris Riotta

Critical cyber threats persist on federal networks despite recent directives

Hundreds of devices on federal networks remain in apparent violation of a recent Binding Operational Directive from the Cybersecurity and Infrastructure Security Agency, according to a new report. 

  • By Chris Riotta

White House unveils fiscal 2025 cybersecurity investment priorities

The administration is urging agencies to align their fiscal 2025 budget requests with recent guidance that prioritizes strengthening federal networks and systems against cyber intrusions.

  • By Chris Riotta

CISA to launch new cyber supply chain resource hub

The new resource center will allow federal agencies and industry stakeholders to get their hands on practical tools to help meet new cyber supply chain risk management.

  • By Chris Riotta

Congress needs ‘private sector buy-in’ to address cyber workforce shortage

Organizations are working to educate and train the next generation of professionals to fill critical cybersecurity vacancies, but private sector firms need to change their hiring practices to integrate this pool of talent into the workforce. 

  • By Edward Graham

US ‘can’t PSA our way out’ of cyber vulnerability, CISA director says

Speaking during a Cybersecurity Advisory Committee meeting, CISA Director Jen Easterly noted that corporate responsibility for cyber must stand “as a matter of good governance.”

  • By Alexandra Kelley

NIST wants to help prevent a major cyberattack on the water sector

The National Institute of Standards and Technology aims to provide a practical guide to address unique cyber challenges impacting America’s complex water systems.

  • By Chris Riotta

Justice Department launches new unit to combat cyber threats

The National Security Cyber Section will work to "increase the scale and speed of disruption campaigns and prosecutions” against cybercriminals, an official said this week.

  • By Chris Riotta

Vacant White House cyber post draws concern amid global software breach

In the aftermath of a global cyberattack exposing personal data on millions of Americans, calls are growing for the White House to fill the top slot at the Office of the National Cyber Director.

  • By Chris Riotta

No 'systemic risk' to government networks from latest breach, CISA says

The nation’s cyber defense agency confirmed it was providing assistance to several federal agencies that have been impacted in an apparent global cyberattack.

  • By Chris Riotta

Lawmakers suggest ‘radical transparency’ as key to shoring up US cyber posture

The lessons of Ukraine argue for increased openness about public and private sector cyber attacks, two congressmen said on Monday.

  • By Frank Konkel

CISA's new directive targets devices that can be configured over public internet 

The nation’s cyber defense agency is requiring all federal civilian agencies to remove such devices from their networks. 

  • By Chris Riotta

Spy agencies acquire commercial data with little coordination and few controls

The purchase of sensitive commercial data that is potentially traceable to individual Americans could be subject to new restrictions, according to a newly declassified report from the Office of the Director of National Intelligence.

  • By Adam Mazmanian

New bill would give CISA greater cyber outreach responsibilities

The Cybersecurity Awareness Act would direct the agency to launch a new public-private campaign promoting cyber best practices across small businesses and underserved communities. 

  • By Chris Riotta
Featured eBooks

Industry calls for clarity after White House extends software security form deadline

Software vendors praised a decision from the Office of Management and Budget to extend a deadline for agencies to collect self-attestation forms, though questions remain about what comes next.

  • By Chris Riotta

Interior faces 'disturbing' cyber risks due to cracked passwords and vulnerable assets

Recent reports reveal the Department of Interior is not enforcing multifactor authentication for its high-value assets and has a range of other significant cybersecurity risks.

  • By Chris Riotta

White House cyber strategy can help mitigate AI dangers, official says

Acting National Cyber Director Kemba Walden noted that the underpinnings of the National Cyber Strategy can offer guardrails for emerging AI systems. 

  • By Alexandra Kelley

Ransomware gang exploits critical vulnerability in popular file transfer software

A cybersecurity advisory issued Wednesday said that a major ransomware group had successfully exploited a previously unknown vulnerability in Progress Software’s MOVEit software.

  • By Chris Riotta

Public sector apps face widespread security challenges, report reveals

A new study found alarming security vulnerabilities across the vast majority of public applications over the last year.

  • By Chris Riotta

Lawmakers want to expand USDA's Circuit Rider program to cover cyber

A new bill would allow small water utilities to obtain funds for cybersecurity consults. 

  • By Adam Mazmanian

Experts call for overhaul of 'outdated' critical infrastructure cyber policy

A new report analyzes the federal government’s approach to infrastructure cybersecurity as a key strategy document is getting a rewrite.

  • By Alexandra Kelley