Cybersecurity

Think twice before scanning that QR code, FBI warns

The FBI is warning that cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.

ID verification, analytics can help agencies fight fraud

Combining an automated verification system and data analytics for prevention and detection helps create a powerful tool for government IT professionals facing a flood of fraud.

Maryland Health Department hit with ransomware

For more than two weeks, COVID surveillance data wasn't released publicly, and many day-to-day operational services are still unavailable.

Top Public Sector Cybersecurity Threat No Longer is Employees

Hackers pose the greatest cyber risks for states and localities, followed by careless workers and foreign governments, according to an annual IT report.

NIST Updates Cybersecurity Engineering Guidelines

Amid constant cybersecurity threats, NIST added more insight for engineers and programmers on how to mitigate system vulnerabilities.

The metaverse offers a future full of potential – for terrorists and extremists, too

The rise of the metaverse will open new vulnerabilities and give people with malicious intent novel opportunities to exploit them.

Cities in Texas hit by QR-code phishing scam

Austin, Houston and San Antonio have been affected by a phishing scam designed to get users to pay for parking using fraudulent QR codes pasted on public meters.

FTC warns of legal risks of failing on Log4j mitigation

The Federal Trade Commission issued a warning urging companies to take "reasonable steps" to mitigate known software vulnerabilities or face potential legal consequences, recalling the $700 million settlement Equifax paid for a major breach in 2017.

Maintaining zero trust over time: Why set-it and forget-it won’t work

Zero trust requires continuous revalidation of trustworthiness -- of the devices, services and identities connecting into an enterprise environment, as well as the systems to which they are connecting.

Avoid being held captive by ransomware with secure, reliable backups

After a ransomware attack, tiered recovery time objectives and a thorough, practiced plan can help agencies minimize downtime.

Feds Step Up Cybersecurity Support for State Governments

Forty-two advisers have been appointed or are in the process, with eight states still needing federal-level coordinators.

Cyber vulnerabilities could impact municipal finance

Municipal bond credit analysts consider governments unprepared for cyberattacks, a recent survey says.

Ohio adopts single sign-on for unemployment claims

The OH|ID gives users a trusted identity they can use for unemployment benefits, while offering state agencies enterprise-level identity proofing services.

5 best practices for strengthening your software supply chain with DevSecOps

Because every application is mission critical, strengthening DevSecOps processes provides needed transparency into an agency’s full portfolio of applications.

CISA, FBI issue new guidance on addressing Log4j risks

The Cybersecurity and Infrastructure Security Agency and its partners are providing new ways to identify Log4j risks and mitigate possible exploitation.

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake

Simple to exploit, Log4j is used in cloud services as well as a wide range of programs from software development tools to security tools, which makes it easy for an army of bad actors to attack millions of systems.