Policy & Regulation
-
Cyber task force has a long to-do list for next president
The change in leadership presents an opportunity to assess what’s working, where adjustments could be made and areas that are in most need of prioritization, the McCrary Institute said.
By Matt Kapko • Oct. 29, 2024 -
SEC settles charges with 4 firms it says downplayed SolarWinds hack exposure
The agency alleged Unisys, Avaya, Check Point Software and Mimecast misled investors about the extent of their respective cyber risks.
By David Jones • Oct. 22, 2024 -
FCC expands cooperation with states on data security, privacy enforcement
More states are working with the agency to investigate possible violations of consumer privacy and data security laws.
By David Jones • Oct. 22, 2024 -
New legislation aims to tame ‘Wild West’ in healthcare cybersecurity
The proposed bill, introduced last month by Sens. Ron Wyden and Mark Warner, is a good step forward, but hospitals may need more funds to boost their cybersecurity practices, experts say.
By Emily Olsen • Oct. 22, 2024 -
Microsoft confirms partial loss of security log data on multiple platforms
The company previously expanded free access to security logs on several platforms, including Purview, following the 2023 state-linked hack of Exchange Online.
By David Jones • Oct. 18, 2024 -
FBI, CISA seek input on software security, configuration changes
Authorities are seeking public comment on steps the software industry can take to make their products more resistant to malicious threat activity.
By David Jones • Oct. 17, 2024 -
US disables Anonymous Sudan infrastructure linked to DDoS attack spree
Authorities unsealed charges alleging two Sudanese nationals ran the hacktivist group, linked to major attacks against Microsoft and others.
By David Jones • Oct. 17, 2024 -
Majority of global CISOs want to split roles as regulatory burdens grow
Trellix research shows rising cybersecurity demands from the SEC and other government bodies are pushing CISOs even closer to the edge.
By David Jones • Oct. 15, 2024 -
Cyber risk tops C-suite concerns heading into US election
A report by PwC shows American business leaders will continue to focus on data regulation, AI and technology investments regardless of which party prevails in November.
By David Jones • Oct. 10, 2024 -
FTC settles yearslong investigation into Marriott’s ‘security failures’
The settlement caps a pattern of major data breaches at Marriott and its subsidiary Starwood Hotels and Resorts Worldwide over the last decade.
By Matt Kapko • Oct. 10, 2024 -
Deep Dive
CIOs turn to NIST to tackle generative AI’s many risks
Discover's CIO is one of many tech leaders working to limit generative AI missteps by turning to risk management frameworks to get deployment right from the outset.
By Lindsey Wilkinson • Oct. 9, 2024 -
Counter Ransomware Initiative summit emphasizes arduous effort
An international collective of cyber officials continued discussions with the White House on how to counter ransomware attacks, reduce payments and increase response capabilities.
By Matt Kapko • Oct. 7, 2024 -
State CISOs up against a growing threat environment with minimal funding, report finds
A report by Deloitte and NASCIO warns that states do not have the resources necessary to fight state-backed and criminal threat groups.
By David Jones • Oct. 2, 2024 -
Ransomware attacks surge despite international enforcement effort
Progress remains elusive as federal authorities point to ransomware payments inhibiting progress to reduce the volume and impact of attacks.
By Matt Kapko • Oct. 1, 2024 -
FCC reaches $31.5M settlement with T-Mobile over rash of data breaches
The company agreed to a major change in board-level governance and will make a series of upgrades to boost its cyber resilience.
By David Jones • Oct. 1, 2024 -
CISA again raises alarm on hacktivist threat to water utilities
The alert comes just days after an attack against a water treatment facility in Kansas.
By David Jones • Sept. 26, 2024 -
Cyber commission seeks detailed plan to secure high-risk infrastructure
A report said most recommendations from the Cyberspace Solarium Commission are near completion, but also called for greater private-sector collaboration and insurance reforms.
By David Jones • Sept. 25, 2024 -
CrowdStrike’s mea culpa: 5 takeaways from the Capitol Hill testimony
CrowdStrike was quick to apologize after a faulty content update triggered a global IT network outage. An executive detailed internal changes designed to prevent it from happening again.
By Matt Kapko • Sept. 25, 2024 -
CISA catalog falls short on CVEs targeted by Flax Typhoon
A report by VulnCheck highlights the ongoing backlog in identifying active exploitation of CVEs.
By David Jones • Sept. 24, 2024 -
Sponsored by Fortinet
Why it’s key to foster GenAI buy-in for SecOps
Generative AI is now one of the most effective ways to strengthen SecOps. Explore its potential.
Sept. 23, 2024 -
US authorities take down a Mirai-variant botnet tied to DDoS threat
An FBI-led operation to disrupt a China-linked botnet comes months after a similar operation in January linked to Volt Typhoon.
By David Jones • Sept. 19, 2024 -
Suffolk County ransomware attack linked to lack of planning, ignored warnings
A special report blames county officials for ignoring FBI warnings during the 2022 attack and an overall failure of IT and security leadership.
By David Jones • Sept. 18, 2024 -
Key cyber insurance stakeholders urge government to help close $900B in uncovered risk
Marsh McLennan and Zurich Insurance Group issued a white paper urging a public-private partnership to help tackle a growing coverage gap. The White House is working on a plan.
By David Jones • Sept. 6, 2024 -
White House launches cybersecurity hiring sprint to help fill 500,000 job openings
National Cyber Director Harry Coker Jr. unveiled the program as part of an effort to fill a continued gap in cyber, technology and AI positions.
By David Jones • Sept. 5, 2024 -
Prolific RansomHub engaged in attack spree, feds warn
The group has been among the most active threat groups of 2024, and is linked to a tool that can neutralize endpoint security.
By David Jones • Sept. 4, 2024