Cybersecurity

Cyber criminals increasingly relying on ransomware-as-a-service, report says

A new report reveals threat actors are using the same ransomware as in previous years – but relying on new malware-free intrusion methods and ransomware-as-a-service offerings to evade popular mitigation techniques.

Maritime cybersecurity is front and center in Coast Guard reauthorization bill

A new Coast Guard reauthorization bill would provide some of the first cybersecurity protections and data management requirements for the U.S. Marine Transportation System in federal law.

Sharing secrets has been ‘effective’ against Russia, but the tactic has limits, CIA chief says

It’s just one of the new areas for a spy agency grappling with tech-driven changes.

CISA seeks public input on cybersecurity incident reporting rules

The nation’s cyber defense agency will embark on a cross-country listening tour to better understand what key stakeholders are hoping to see in new mandatory cyber incident reporting requirements featured in the recently-passed Cyber Incident Reporting for Critical Infrastructure Act of 2022.

Commerce revises export rules to boost U.S. standards development on critical tech

The original rule—which banned certain entities from receiving U.S. exports—endangered U.S. participation in international standards bodies where such entities are present, opponents said.

How NSA plans to shield high-impact systems against quantum threats

The National Security Agency started the clock on a long-planned transition to quantum-resistant algorithms in key national security systems.

Iranian hacker group posed as journalists to hunt dissidents

Group spent weeks trying to fool specific targets with intricate appeals—including U.S campaign staff.

White House attributes attack on Albania’s critical infrastructure to Iran 

A statement from the National Security Council noted the potential for deviations from international norms to escalate conflict and promised accountability.

CISA teases strategy to protect critical infrastructure

The Cybersecurity and Infrastructure Security Agency will soon release a sweeping plan to bolster cybersecurity protections for the nation's critical infrastructure industries.

Election officials have been largely successful in deterring cyber threats, CISA official says

The head of CISA’s National Risk Management Center pointed to public-private partnerships and enhanced resource sharing activities as key to defending against outside threats to voting systems.

National Cyber Director’s office elevates key personnel

Nick Leiserson helped develop legislation that created the cyber director’s office. A year after its establishment, he’s moving to a position where he can use it to shape policy.

CFPB warns firms on poor cyber hygiene

The agency says that bad password and data management and other practices can expose companies to legal consequences.

Housing agency didn't complete cyber orders from DHS, report says

The agency said that some of its websites failed to comply with binding operational directives from the Department of Homeland Security.

NSA, CISA and ODNI release new software supply chain guidelines for developers

An interagency, public-private working group “strongly encouraged” software developers to begin implementing a suite of best practices aimed at further securing the software development lifecycle.

DHS watchdog digs into uneven cyber awareness training, outdated policies

Some DHS policies and procedures aren’t up-to-date with the latest cybersecurity standards, a new report from the Office of the Inspector General at DHS says. The department, however, says that it’s taking action to mature their training program.

FTC sues location data collector, alleging lax security

The Federal Trade Commission is going after data broker Kochava over its practice of selling “sensitive geolocation data.”

CISA warns critical infrastructure to prepare for mass post-quantum systems migration

Quantum computing is the latest frontier in technological innovation, and its hacking potential has regulators advising companies to begin to safeguard their networks.