Cybersecurity and Infrastructure Security Agency

Cyber experts applaud the new White House cybersecurity plan

Posted on October 17, 2023 by Jonathan Reed

First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the […]

The post Cyber experts applaud the new White House cybersecurity plan appeared first on Security Intelligence.

Continue reading Cyber experts applaud the new White House cybersecurity plan→

CISA Aims For More Robust Open Source Software Security for Government and Critical Infrastructure

Posted on September 18, 2023 by Megan Crouse

The agency’s roadmap outlines a plan for prioritizing where open source software makes infrastructure potentially vulnerable. Continue reading CISA Aims For More Robust Open Source Software Security for Government and Critical Infrastructure→

CISA Order Highlights Persistent Risk at Network Edge

Posted on June 15, 2023 by BrianKrebs

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances. Continue reading CISA Order Highlights Persistent Risk at Network Edge→

Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

Posted on November 10, 2022 by Jennifer Gregory

Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. While the law has passed, many healthcare organizations remain […]

The post Reporting Healthcare Cyber Incidents Under New CIRCIA Rules appeared first on Security Intelligence.

Continue reading Reporting Healthcare Cyber Incidents Under New CIRCIA Rules→

CISA or CVSS: How Today’s Vulnerability Databases Work Together

Posted on August 22, 2022 by Mark Stone

In the cybersecurity field, large databases of known threats and vulnerabilities have often been an essential resource. These catalogs show you where to focus your efforts. They’re also a good tool for prioritizing patches to increase security and mitigate the risk of disaster. As a result, these databases need to be reliable and up-to-date and […]

The post CISA or CVSS: How Today’s Vulnerability Databases Work Together appeared first on Security Intelligence.

Continue reading CISA or CVSS: How Today’s Vulnerability Databases Work Together→

U.S. Cybersecurity Policy Has Changed Since the Colonial Pipeline Attack

Posted on July 25, 2022 by Mike Elgan

More than a year ago, a ransomware attack made the news across the nation. The Colonial Pipeline Company announced on May 7, 2021, that the DarkSide Ransomware-as-a-Service group, based in eastern Europe, had hit it. The FBI has since confirmed DarkSide, which has since shut down, as the threat actors. What’s changed about U.S. cyber […]

The post U.S. Cybersecurity Policy Has Changed Since the Colonial Pipeline Attack appeared first on Security Intelligence.

Continue reading U.S. Cybersecurity Policy Has Changed Since the Colonial Pipeline Attack→

Christopher Krebs to Keynote in Live Fireside Chat/Q&A Session at DevOps Connect: DevSecOps at RSA Conference 2021

Posted on April 26, 2021 by Security Boulevard

Former Director of Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to headline free one-day event Boca Raton, FL, April 26, 2021 — MediaOps, the place to tell your story in the most powerful way, today announc… Continue reading Christopher Krebs to Keynote in Live Fireside Chat/Q&A Session at DevOps Connect: DevSecOps at RSA Conference 2021→

SolarWinds Hack Could Affect 18K Customers

Posted on December 15, 2020 by BrianKrebs

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems. Continue reading SolarWinds Hack Could Affect 18K Customers→

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Posted on December 14, 2020 by BrianKrebs

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures. Continue reading U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise→

Feds: K-12 Cyberattacks Dramatically on the Rise

Posted on December 11, 2020 by Tara Seals

Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said. Continue reading Feds: K-12 Cyberattacks Dramatically on the Rise→