CISA

Ransomware response requires better federal, state, local coordination

Federal agencies most involved with cybersecurity should improve communication with each other and with other levels of government, GAO said.

  • By Chris Teale

Latest guidance outlines customer responsibilities for software security

The guide provides recommendations for software supply chain security throughout the product lifecycle, from procurement to deployment.

  • By Kirsten Errick

CISA highlights space, bioeconomy as possible new critical infrastructure sectors

The agency also suggested existing sectors be consolidated and that there is a need for some agencies to exercise greater authority over private-sector entities.

  • By Mariam Baksh

Automation key to vulnerability management, CISA says

By automating vulnerability disclosure, organizations can more easily categorize their exposure and limit impacts.

  • By Susan Miller

No ‘specific or credible’ cyber threats affected integrity of midterms, CISA says

Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.

  • By Edward Graham

Cyber range looks to inspire next generation of talent

The Louisiana-backed range will provide hands-on training for K-12 students nationwide and help fill the cyber workforce pipeline.

  • By Chris Teale

Why you need phishing-resistant MFA

Multifactor authentication can be vulnerable to phishing attacks, fake push alerts, communications protocols weaknesses or SIM swap attacks, according to CISA.

  • By Susan Miller

CISA to focus on water, education and health sectors over the next year

The agency contributed to the release of security requirements for the transportation sector this week and is expected to issue cross-sector performance goals for critical infrastructure companies’ voluntary adoption next week.

  • By Mariam Baksh

CISA plans local events to discuss cyber incident reporting

The effort aims to give officials a greater understanding of cyber threats and the ability to defend U.S. critical infrastructure against cascading impacts when attacks occur.

  • By Mariam Baksh

CISA's cyber info sharing program didn't always deliver, watchdog says

The Cybersecurity and Infrastructure Security Agency did not always provide more than 300 participants of a public-private cyber threat partnership with actionable information to address potential vulnerabilities, according to an oversight report.

  • By Chris Riotta

FTC warns of legal risks of failing on Log4j mitigation

The Federal Trade Commission issued a warning urging companies to take "reasonable steps" to mitigate known software vulnerabilities or face potential legal consequences, recalling the $700 million settlement Equifax paid for a major breach in 2017.

  • By Chris Riotta

DHS scales up bug bounty program

Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.

  • By Chris Riotta

Lawmakers grill Colonial Pipeline CEO over ransomware payment

House lawmakers on Wednesday were keen to ask Colonial Pipeline's chief executive officer what he knew about the ramifications of making a ransom payment and how it might affect the company's finances.

  • By Justin Katz

CISA warns that SolarWinds software may not be only entry point in latest breaches

The security agency's latest alert suggests hackers may have found other entry points into government networks.

  • By Justin Katz
Featured eBooks