Policy & Regulation: Page 4
-
"U.S. Securities and Exchange Commission headquarters in Washington, D.C., near Union Station" by AgnosticPreachersKid is licensed under CC BY 3.0
SEC clarifies intent of cybersecurity breach disclosure rules after initial filings
The rules require notification of “material” breaches, but some early filers have reported incidents that appear to fall short of the regulatory threshold.
By Alexei Alexis • May 29, 2024 -
Courtesy of NIST
Critical CVEs are going under-analyzed as NIST falls behind
NIST has analyzed less than 1 in 10 vulnerabilities added to the National Vulnerability Database since mid-February, according to VulnCheck research.
By Matt Kapko • May 28, 2024 -
Mario Tama via Getty Images
HHS agency launches program to automate cybersecurity at hospitals
The program will invest more than $50 million to create a software suite that can automatically find potential vulnerabilities that hackers could exploit and deploy fixes.
By Emily Olsen • May 24, 2024 -
Drew Angerer via Getty Images
SEC fines NYSE’s parent $10M for failing to report cyberattack
The settlement sheds light on the costs of cyberattacks that can include penalties for non-compliance with timely disclosure requirements after the events occur.
By Maura Webber Sadovi • May 24, 2024 -
Permission granted by McCrary Institute
White House seeks critical cyber assistance for water utilities, healthcare
The DOJ will also work to deter teens from joining criminal hackers like Lapsus$.
By David Jones • May 23, 2024 -
Philipp Tur/Getty Images Plus via Getty Images
Cyberattacks are good for security vendors, and business is booming
More secure technology could stem the tide of cyberattacks, but digital threats are ever present.
By Matt Kapko • May 23, 2024 -
Jeenah Moon via Getty Images
Microsoft president set to testify before Congress on ‘security shortcomings’
After the tech giant asked for more time, Brad Smith will now testify before the House Committee on Homeland Security on June 13.
By Matt Kapko • May 22, 2024 -
Alex Wong / Staff via Getty Images
Providers urge HHS to clarify Change data breach reporting requirements
More than 50 provider groups are asking the federal government to publicly state that UnitedHealth should handle data breach reporting stemming from the cyberattack on its subsidiary.
By Emily Olsen • May 22, 2024 -
lnzyx for iStock via Getty Images
EPA to ramp up enforcement as most water utilities lack cyber safeguards
The agency may consider taking civil and criminal penalties against utilities following months of attacks against drinking and wastewater treatment facilities.
By David Jones • May 21, 2024 -
Chip Somodevilla via Getty Images
SEC requires financial firms to disclose data breaches within 30 days
The regulatory agency’s rule change comes less than a year after it required publicly traded companies to disclose material security incidents within four business days.
By Matt Kapko • May 20, 2024 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA senior official Goldstein to leave agency in June
The executive assistant director for cybersecurity at CISA often served as the voice of the agency and helped steer its secure-by-design efforts.
By Matt Kapko • May 16, 2024 -
Wirestock via Getty Images
Unsafe software development practices persist, despite CISA’s push
The industry isn’t making sufficient progress in cleaning up code despite recurring efforts from the agency to eliminate entire classes of vulnerabilities.
By Matt Kapko • May 15, 2024 -
Permission granted by Matthew Horwood
National Cyber Director echoes past warnings: Nation-state cyber threats are mounting
State-linked actors with ties to China and Russia are growing more sophisticated in their efforts to disrupt critical infrastructure, Harry Coker Jr. said during a CyberUK conference keynote.
By David Jones • May 15, 2024 -
Stock Photo via Getty Images
How a CISA proposal could impact K-12 cyber incident reporting
Overall, the nonprofit K12 Security Information Exchange backed the requirement for schools, but it asked for clarification on how the sector should report cyber incidents students initiate.
By Anna Merod • May 14, 2024 -
Chip Somodevilla/Getty Images via Getty Images
Black Basta ransomware is toying with critical infrastructure providers, authorities say
The threat group has impacted more than 500 targets worldwide and the vast majority of critical infrastructure sectors. Numerous attacks have exploited vulnerabilities in ConnectWise ScreenConnect.
By David Jones • May 13, 2024 -
David Ramos via Getty Images
Congress wants to question Microsoft exec over security defects
The committee wants to question Brad Smith, Microsoft’s president and vice chair, over the company’s security shortcomings and how it plans to strengthen security measures.
By Matt Kapko • May 13, 2024 -
TriggerPhoto via Getty Images
White House wants to hold the software sector accountable for security
Federal officials are taking steps toward a long-stated goal of shifting the security burden from technology users to the companies that build it.
By David Jones • May 10, 2024 -
Permission granted by Carnegie Mellon University
68 tech, security vendors commit to secure-by-design practices
CISA said companies ranging from Microsoft to Palo Alto Networks signed the voluntary pledge in an effort to boost resiliency and increase transparency around CVEs and cyberattacks.
By David Jones • May 9, 2024 -
Matt Kapko/Cybersecurity Dive/Cybersecurity Dive
CISA explains why it doesn’t call out tech vendors by name
Federal officials rarely criticize tech companies when their mistakes result in attacks. The stinging conclusions CSRB levied at Microsoft are an exception, not the norm.
By Matt Kapko • May 9, 2024 -
Permission granted by Information Technology Industry Council
The US really wants to improve critical infrastructure cyber resilience
A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year.
By David Jones • May 8, 2024 -
ipopba via Getty Images
CISA, FBI urge software companies to eliminate directory traversal vulnerabilities
The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools.
By David Jones • May 7, 2024 -
ipopba via Getty Images
Sponsored by Indiana UniversityHow can AI companies navigate a complex regulatory framework? — Compliance Labels
The rapid unregulated growth in the field of artificial Intelligence has given rise to Large Language Models (LLM’s) such as GPT-4 and Gemini which has contributed to major technical advancements but has also been coupled with legal and ethical issues.
By Sai Prasad, Security Analyst, CyberProof, MS Cybersecurity Risk Management '22 • May 6, 2024 -
Kent Nishimura/Getty Images via Getty Images
Congress grills UnitedHealth CEO over Change cyberattack
Legislators slammed Andrew Witty over the company’s lack of cybersecurity practices and the impact of the breach, which may have compromised the data of a third of Americans.
By Emily Olsen • May 2, 2024 -
Getty Plus via Getty Images
CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action.
More than half of CISA's ransomware vulnerability warning pilot alerts were sent to government facilities, healthcare and public health organizations.
By Matt Kapko • May 1, 2024 -
Cinefootage Visuals via Getty Images
Hacktivists exploiting poor cyber hygiene at critical infrastructure providers
CISA, the FBI and international partner agencies want water, energy, agriculture and other sectors to immediately reset passwords and apply multifactor authentication.
By David Jones • May 1, 2024
Previous
