BeyondTrust says 17 customers impacted by December cyberattack spree

State-linked hackers were linked to a series of attacks that led to the theft of unclassified data from the Treasury Department.

By David Jones • Jan. 24, 2025

Trump rescinds Biden executive order in AI regulatory overhaul

The directive, issued in October 2023, added guardrails for AI developers and bolstered guidance for businesses looking to adopt the technology. 

By Lindsey Wilkinson • Jan. 23, 2025

DHS disbands existing advisory board memberships, raising questions about CSRB

The Cyber Safety Review Board was investigating the hacks of U.S. telecom firms attributed to the Salt Typhoon threat group.

By David Jones • Jan. 22, 2025

FCC enacts rule requiring telecom operators to secure networks

The agency’s declaratory ruling took effect Thursday, but the future outlook of that effort and a separate proposed rule remain uncertain under the incoming administration.

By Matt Kapko • Jan. 17, 2025

CISA clocked Salt Typhoon in federal networks before telecom intrusions

Outgoing CISA Director Jen Easterly didn’t say what agencies were impacted by Salt Typhoon or when, but noted it provided greater visibility into the active campaign.

By Matt Kapko • Jan. 16, 2025

Biden administration rolls out wide-reaching cybersecurity executive order

Released in the administration's final days, the highly-anticipated order follows a series of sophisticated attacks against federal agencies and critical infrastructure providers.

By David Jones • Jan. 16, 2025

CISA pins modest security gains to performance goals program

The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.

By Matt Kapko • Jan. 14, 2025

CISA director reiterates prior calls for C-suites, boards to take cyber risk ownership

Jen Easterly said companies need to consider cybersecurity threats as core risks that need to be fully incorporated into corporate business strategy.

By David Jones • Jan. 10, 2025

4 cybersecurity trends to watch in 2025

Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.

By David Jones , Matt Kapko • Jan. 9, 2025

National cyber director calls for deterrence against China-affiliated cyber threats

Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities.   

By David Jones • Jan. 9, 2025

White House program to certify the security of IoT devices goes live

The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.

By David Jones • Jan. 8, 2025

US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group

A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.

By David Jones • Jan. 6, 2025

SEC cybersecurity enforcement outlook uncertain as Trump 2.0 looms

With issues such as cryptocurrency and climate change facing the next SEC chair, it’s unclear whether rolling back cybersecurity rules will be high on the priority list.

By Alexei Alexis • Jan. 3, 2025

White House says 9th telecom company hit in Salt Typhoon spree

A senior official blamed the intrusions on lax security and said in one case the compromise of a single administrator account led to access of over 100,000 routers.

By Matt Kapko • Dec. 27, 2024

Flagstar fined $3.5M for ‘misleading’ after 2021 cyberattack

The bank “negligently made” materially misleading statements after a hack that resulted in the theft of 1.5 million customers’ personally identifiable information.

By Gabrielle Saulsbery • Dec. 19, 2024

CISA mobile security advice gets personal in wake of telecom intrusions

The agency’s recommendations are not for the technically inept. Yet the extraordinary measures, including the use of encrypted apps, are applicable to all audiences.

By Matt Kapko • Dec. 19, 2024

Rhode Island officials warn residents as ransomware group threatens social services data leak

The personal data of hundreds of thousands of vulnerable residents is at risk after a threat group attacked a state social services database.

By David Jones • Dec. 18, 2024

CISA orders federal agencies to meet security baselines in Microsoft 365

The mandate to secure cloud environments is responsive to recent cybersecurity incidents, but not one specific threat, agency officials said.

By Matt Kapko • Updated Dec. 18, 2024

Pennsylvania representative pitches bill to double cyber assistance for local water systems

The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.

By David Jones • Dec. 17, 2024

CISA’s pre-ransomware alerts nearly doubled in 2024

The federal agency’s efforts to improve defenses surged in fiscal year 2024. Yet, attacks continue to climb.

By Matt Kapko • Dec. 17, 2024

CISA, ONCD propose updated National Cyber Incident Response Plan

The updated framework is designed to bolster the government’s partnership with private-sector organizations in the wake of an attack.

By Matt Kapko • Dec. 16, 2024

Sen. Wyden wants FCC to tighten security rules on telecom companies

The U.S. senator from Oregon wants the agency to strengthen rules requiring network operators to defend their systems and customers against intrusions.

By Matt Kapko • Dec. 13, 2024

SEC cyber incident reporting rule generates 71 filings in 11 months

Most companies that disclosed cyber incidents to the agency did not describe materiality or other useful information, a BreachRx report found.

By Matt Kapko • Dec. 11, 2024

Trump’s pick to run FCC deeply concerned about Salt Typhoon

The recently uncovered swarm of attacks on U.S. telecom companies, part of a China-sponsored campaign, made FCC Commissioner Brendan Carr want to smash his phone, he said.

By Matt Kapko • Dec. 9, 2024

FCC proposes stronger telecom cyber rules as Salt Typhoon fallout continues

The agency’s proposed rule changes come two months after a China-government sponsored espionage campaign first came to light.

By Matt Kapko • Dec. 6, 2024