CISA

No ‘specific or credible’ cyber threats affected integrity of midterms, CISA says

Despite “a handful” of DDoS attacks targeting state and local election websites and some technical glitches affecting voting equipment, CISA says it saw “no activity” that should undermine faith in the results of the midterm elections.

Cyber range looks to inspire next generation of talent

The Louisiana-backed range will provide hands-on training for K-12 students nationwide and help fill the cyber workforce pipeline.

Why you need phishing-resistant MFA

Multifactor authentication can be vulnerable to phishing attacks, fake push alerts, communications protocols weaknesses or SIM swap attacks, according to CISA.

CISA to focus on water, education and health sectors over the next year

The agency contributed to the release of security requirements for the transportation sector this week and is expected to issue cross-sector performance goals for critical infrastructure companies’ voluntary adoption next week.

CISA plans local events to discuss cyber incident reporting

The effort aims to give officials a greater understanding of cyber threats and the ability to defend U.S. critical infrastructure against cascading impacts when attacks occur.

CISA's cyber info sharing program didn't always deliver, watchdog says

The Cybersecurity and Infrastructure Security Agency did not always provide more than 300 participants of a public-private cyber threat partnership with actionable information to address potential vulnerabilities, according to an oversight report.

FTC warns of legal risks of failing on Log4j mitigation

The Federal Trade Commission issued a warning urging companies to take "reasonable steps" to mitigate known software vulnerabilities or face potential legal consequences, recalling the $700 million settlement Equifax paid for a major breach in 2017.

DHS scales up bug bounty program

Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.

Lawmakers grill Colonial Pipeline CEO over ransomware payment

House lawmakers on Wednesday were keen to ask Colonial Pipeline's chief executive officer what he knew about the ramifications of making a ransom payment and how it might affect the company's finances.

CISA warns that SolarWinds software may not be only entry point in latest breaches

The security agency's latest alert suggests hackers may have found other entry points into government networks.