Cybersecurity

CISA, FBI issue new guidance on addressing Log4j risks

The Cybersecurity and Infrastructure Security Agency and its partners are providing new ways to identify Log4j risks and mitigate possible exploitation.

What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what’s at stake

Simple to exploit, Log4j is used in cloud services as well as a wide range of programs from software development tools to security tools, which makes it easy for an army of bad actors to attack millions of systems.

Tech woes and fraud top the list of unemployment system issues

A new report from a special Pandemic Response Accountability Committee delves into the issues surrounding UI during COVID-19.

When multifactor authentication for data security isn’t enough

Pre-boot authentication denies an attacker access to even a single data point – a viable option for federal agencies and critical infrastructure organizations securing data at rest.

Kronos ransomware attack impacting government employee paychecks

The cyberattack on the Kronos Private Cloud may last for weeks, affecting payroll and workforce management for many state and local government agencies.

Are we prepared for quantum-based security?

While 90% of federal respondents to a recent survey said they will be ready to defend against quantum-powered attacks expected in the next two years, they may not fully grasp how much work lies ahead, an expert says.

The best way to protect personal biomedical data from hackers could be to treat the problem like a game

By accounting for the value of the shared data, the game-based approach finds strategies that strike the right balance between utility and privacy.

DHS scales up bug bounty program

Department of Homeland Security Secretary Alejandro Mayorkas announced a plan to pay vetted cybersecurity researchers between $500 and $5,000 for identifying cybersecurity vulnerabilities within agency systems.

Virginia legislature hit with ransomware

An attack on Virginia’s legislative branch has shut down computer systems and websites for the state’s legislative agencies and commissions.

State CIOs focusing on cyber, digital services, connectivity in 2022

Cloud services, identity and access management and app modernization led NASCIO’s list of top tech tools.

Keeping UX front and center in ID management

When Boston overhauled its identity management infrastructure, it learned that even a solution built with best-in-class components also requires a seamless user experience.

When the question is paying ransom, the answer isn’t always clear

Robust federal investment and clear operational procedures would help state and local agencies better defend against ransomware, experts said.

Powering up red team operations

Because it takes a red team so much time and subject matter expertise to build a test infrastructure that emulates sophisticated threats and evades detection, the Defense Advanced Research Project Agency wants to automate some of that work.

How a Florida county’s election office solved authentication challenges

The Orange County Elections Office deployed a user-friendly, identity-bound biometrics solution that authenticates staff to ensure the security of voter data and prevent vote tampering and fraud.

Quantum computing is reality, not fiction. Here’s how agencies can prepare

Establishing supply chains -- infrastructure, network and security -- for quantum computing is a formidable and far-reaching task that must start now.

Cloud.gov explores authentication service

The General Services Administration is creating an authentication service for Cloud.gov and other agency customers.

DOD, UMD to launch IC research center

The Applied Research Laboratory for Intelligence and Security will focus on basic and applied research for the security and intelligence communities.