CISA Order Highlights Persistent Risk at Network Edge

The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances. Continue reading CISA Order Highlights Persistent Risk at Network Edge

Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. While the law has passed, many healthcare organizations remain […]

The post Reporting Healthcare Cyber Incidents Under New CIRCIA Rules appeared first on Security Intelligence.

Continue reading Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

CISA or CVSS: How Today’s Vulnerability Databases Work Together

In the cybersecurity field, large databases of known threats and vulnerabilities have often been an essential resource. These catalogs show you where to focus your efforts. They’re also a good tool for prioritizing patches to increase security and mitigate the risk of disaster. As a result, these databases need to be reliable and up-to-date and […]

The post CISA or CVSS: How Today’s Vulnerability Databases Work Together appeared first on Security Intelligence.

Continue reading CISA or CVSS: How Today’s Vulnerability Databases Work Together

U.S. Cybersecurity Policy Has Changed Since the Colonial Pipeline Attack

More than a year ago, a ransomware attack made the news across the nation. The Colonial Pipeline Company announced on May 7, 2021, that the DarkSide Ransomware-as-a-Service group, based in eastern Europe, had hit it. The FBI has since confirmed DarkSide, which has since shut down, as the threat actors. What’s changed about U.S. cyber […]

The post U.S. Cybersecurity Policy Has Changed Since the Colonial Pipeline Attack appeared first on Security Intelligence.

Continue reading U.S. Cybersecurity Policy Has Changed Since the Colonial Pipeline Attack

Christopher Krebs to Keynote in Live Fireside Chat/Q&A Session at DevOps Connect: DevSecOps at RSA Conference 2021

Former Director of Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to headline free one-day event Boca Raton, FL, April 26, 2021 — MediaOps, the place to tell your story in the most powerful way, today announc… Continue reading Christopher Krebs to Keynote in Live Fireside Chat/Q&A Session at DevOps Connect: DevSecOps at RSA Conference 2021

SolarWinds Hack Could Affect 18K Customers

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems. Continue reading SolarWinds Hack Could Affect 18K Customers

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures. Continue reading U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Feds: K-12 Cyberattacks Dramatically on the Rise

Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said. Continue reading Feds: K-12 Cyberattacks Dramatically on the Rise

Trump Fires Security Chief Christopher Krebs

President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud. Continue reading Trump Fires Security Chief Christopher Krebs

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers. Continue reading Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug