Flagstar fined $3.5M for ‘misleading’ after 2021 cyberattack

The bank “negligently made” materially misleading statements after a hack that resulted in the theft of 1.5 million customers’ personally identifiable information.

By Gabrielle Saulsbery • Dec. 19, 2024

CISA mobile security advice gets personal in wake of telecom intrusions

The agency’s recommendations are not for the technically inept. Yet the extraordinary measures, including the use of encrypted apps, are applicable to all audiences.

By Matt Kapko • Dec. 19, 2024

Rhode Island officials warn residents as ransomware group threatens social services data leak

The personal data of hundreds of thousands of vulnerable residents is at risk after a threat group attacked a state social services database.

By David Jones • Dec. 18, 2024

CISA orders federal agencies to meet security baselines in Microsoft 365

The mandate to secure cloud environments is responsive to recent cybersecurity incidents, but not one specific threat, agency officials said.

By Matt Kapko • Updated Dec. 18, 2024

Pennsylvania representative pitches bill to double cyber assistance for local water systems

The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.

By David Jones • Dec. 17, 2024

CISA’s pre-ransomware alerts nearly doubled in 2024

The federal agency’s efforts to improve defenses surged in fiscal year 2024. Yet, attacks continue to climb.

By Matt Kapko • Dec. 17, 2024

CISA, ONCD propose updated National Cyber Incident Response Plan

The updated framework is designed to bolster the government’s partnership with private-sector organizations in the wake of an attack.

By Matt Kapko • Dec. 16, 2024

Sen. Wyden wants FCC to tighten security rules on telecom companies

The U.S. senator from Oregon wants the agency to strengthen rules requiring network operators to defend their systems and customers against intrusions.

By Matt Kapko • Dec. 13, 2024

SEC cyber incident reporting rule generates 71 filings in 11 months

Most companies that disclosed cyber incidents to the agency did not describe materiality or other useful information, a BreachRx report found.

By Matt Kapko • Dec. 11, 2024

Trump’s pick to run FCC deeply concerned about Salt Typhoon

The recently uncovered swarm of attacks on U.S. telecom companies, part of a China-sponsored campaign, made FCC Commissioner Brendan Carr want to smash his phone, he said.

By Matt Kapko • Dec. 9, 2024

FCC proposes stronger telecom cyber rules as Salt Typhoon fallout continues

The agency’s proposed rule changes come two months after a China-government sponsored espionage campaign first came to light.

By Matt Kapko • Dec. 6, 2024

UK cyber chief warns country is at an inflection point as digital threats rise

In his first major speech, NCSC CEO Richard Horne said state linked and criminal threat groups are working to undermine the nation’s reliance on technology. 

By David Jones • Dec. 3, 2024

SEC reports drop in enforcement actions for 2024 FY

The securities regulator also reported a record $8.2 billion in monetary remedies for its last fiscal year, driven by Terraform Labs crypto fraud settlement.

By Justin Bachman • Nov. 26, 2024

HHS facing challenges as lead agency for healthcare cybersecurity: GAO

The department hasn’t implemented some policies recommended by the watchdog, which could pose a risk to cybersecurity in the sector as attacks increase, according to the Government Accountability Office.

By Emily Olsen • Nov. 20, 2024

Federal probe finds vulnerabilities across more than 300 US water systems

The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.

By David Jones • Nov. 19, 2024

Easterly to step down from CISA director role on Inauguration Day

CISA confirmed that political appointees of the Biden administration will also depart the agency as the Trump administration takes over.

By David Jones • Nov. 18, 2024

National cyber director calls for streamlined security regulations

Harry Coker Jr. assured critical infrastructure and private sector stakeholders that while standards are necessary, there is a need to harmonize burdensome compliance demands. 

By David Jones • Nov. 14, 2024

US hopes to leverage UN cybercrime treaty toward ransomware fight

The Biden administration decided to back the controversial accord, despite widespread concerns about potential human rights abuses.

By David Jones • Nov. 12, 2024

TSA proposes cyber risk management programs for surface transportation, pipeline operators

The proposed rule would also require the disclosure of cyber incidents to CISA and physical security concerns to TSA.

By David Jones • Nov. 7, 2024

4 tech issues to watch in Trump’s second term

AI, cloud and cybersecurity policies are in the spotlight ahead of the forthcoming Trump administration.

By Roberto Torres • Nov. 7, 2024

USDA, White House launch study to boost cyber resilience of rural water utilities

A yearlong program with the National Rural Water Association will provide technical assistance to water utilities led by Vermont and Oregon officials.

By David Jones • Nov. 4, 2024

SEC cyber rules could survive regardless of election outcome, experts say

As the U.S. presidential election looms, cybersecurity remains a bipartisan focus, experts said during a joint CFO Dive and CIO Dive live event.

By Grace Noto • Nov. 4, 2024

As presidential election looms, disparate approaches to cyber policy come into focus

Government officials and security leaders are hoping the nation’s need for cyber resilience will stand on bipartisan cooperation and transcend partisan politics regardless of the election results. 

By David Jones • Oct. 31, 2024

CISA rolls out international strategic plan to bolster cyber cooperation

The agency is looking to strengthen intel sharing with key cyber partners, raise security standards and ensure a more resilient global supply chain. 

By David Jones • Oct. 30, 2024

Cyber task force has a long to-do list for next president

The change in leadership presents an opportunity to assess what’s working, where adjustments could be made and areas that are in most need of prioritization, the McCrary Institute said.

By Matt Kapko • Oct. 29, 2024