Collaborate Disseminate
The Government Accountability Office finds that agencies overseeing key critical infrastructure sectors don’t know whether protections against ransomware have been implemented.
The post GAO: Federal agencies lack insight on ransomware protections for critical infrastructure appeared first on CyberScoop.
A Conti affiliate claimed responsibility and has posted more than 672 GB of data so far.
The post Costa Rican president begins tenure with ransomware national emergency declaration appeared first on CyberScoop.
Continue reading Costa Rican president begins tenure with ransomware national emergency declaration
The incident reporting legislation, long in the works, also comes with nearly $2.6 billion for the agency for fiscal 2022.
The post Major cyber incident reporting requirement, CISA budget hike on precipice of becoming law appeared first on CyberScoop.
Presdent Joe Biden signed a $1 trillion infrastructure bill into law on Monday that includes nearly $2 billion for cybersecurity and related provisions. The biggest piece of digital security funding is a Federal Emergency Management Agency cyber grant program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, that would distribute $1 billion over four years to state and local governments. An additional $21 million would go toward the Office of the National Cyber Director, which has been unable to make key hires since being established earlier this year due to funding shortages. In all, the legislation — known as the Infrastructure Investment and Jobs Act — is “the largest investment in the resilience of physical and natural systems in American history,” the White House boasted, one that “makes our communities safer and our infrastructure more resilient to the impacts of climate change and cyber-attacks.” […]
The post Biden signs infrastructure bill that provides nearly $2 billion for cybersecurity appeared first on CyberScoop.
Continue reading Biden signs infrastructure bill that provides nearly $2 billion for cybersecurity
Shortly after Congress took action on a $1 trillion infrastructure bill, hackers posing as U.S. Transportation Department officials offered fake project bid opportunities to seduce companies into handing over Microsoft credentials, researchers say. The ploy included layers of attempts to disguise the malicious appeals as authentic government solicitations, and even eventually led the would-be victims back to the actual Department of Transportation website, according to a Wednesday blog post from INKY, an email security company. “The basic pitch was, with a trillion dollars of government money flowing through the system, you, dear target, are being invited to bid for some of this bounty,” wrote Roger Kay, vice president of security strategy for the firm. Never mind that the infrastructure legislation hasn’t fully worked its way through Congress yet, nor that few of the phishing campaign’s targets would even be eligible for the infrastructure projects that bill would fund. It’s the […]
The post Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill appeared first on CyberScoop.
If Americans are starting to feel the cascading effects of a recent ransomware incident affecting Colonial Pipeline, they should resist the temptation to buy more gasoline than they need, U.S. officials say. Energy Secretary Jennifer Granholm said Tuesday several states will likely feel effects on their fuel supplies in the coming days as a result of Colonial Pipeline shutting down operations last Friday following a ransomware attack. Colonial Pipeline, which supplies 45% of the East Coast’s transportation fuels, normally supplies 100 million gallons of gas from Texas to New York daily. Secretary Granholm said that after speaking with the CEO of the firm, she expects Colonial Pipeline to restore service by the end of the week. There is not a shortage of gasoline, Granholm said. The issue is that deliveries are held up as a result of the company shuttering some operations after the ransomware incident. “The [supply] crunch is in […]
The post Amid ransomware fallout, Energy Secretary asks Americans to avoid panic buying fuel appeared first on CyberScoop.
Continue reading Amid ransomware fallout, Energy Secretary asks Americans to avoid panic buying fuel
After a ransomware attack hampered one of the largest pipeline operators in the U.S., the Transportation Department on Sunday issued an emergency directive allowing drivers in 17 states and the District of Columbia to work longer hours to transport fuel. The “regional emergency declaration” is meant to alleviate any disruptions to supply following the security incident at Colonial Pipeline, which the company revealed Friday. While the Georgia-based company normally delivers more than 100 million gallons of gas, diesel and other products daily to customers from Texas to New York, according to its website, the ransomware infection forced a temporary halt to its operations. Colonial Pipeline says it transports some 45% of all fuel consumed on the East Coast. The Transportation Department’s declaration means that truckers carrying gasoline, diesel, jet fuel and other refined petroleum products are temporarily exempt from laws restricting the amount of time they are allowed to be […]
The post US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules appeared first on CyberScoop.
A group of Republican senators sent a letter to the Department of Transportation and the Federal Aviation Administration Wednesday asking them to exclude Chinese drones, particularly DJI drones, from future partnerships due to national security concerns. The letter comes days after one of the participants in the FAA’s Unmanned Aircraft System Integration Pilot Program announced it would be working with DJI drones, which the U.S. government has found to contain vulnerabilities that could allow adversaries to steal sensitive data — or to even take control of their systems. “We … urge you to immediately restrict the use of this equipment and technology that has the potential to jeopardize the security of critical information and infrastructure gained through this and other FAA programs,” the Senators write. “American taxpayer dollars should not fund state-controlled or state-owned firms that seek to undermine American national security and economic competitiveness.” The authors of the letter — Sens. Tom […]
The post Republican senators ask DOT, FAA to cease using Chinese drones appeared first on CyberScoop.
Continue reading Republican senators ask DOT, FAA to cease using Chinese drones
Federal agencies are “failing to implement basic cybersecurity standards” needed to protect Americans’ personal data and keep the nation’s secrets safe from hackers, a Senate investigation has concluded. The report, which drew on 10 years’ worth of inspector general reports at eight agencies, paints a picture of persistent neglect of standard network defense measures. It comes more than four years after the breach of the Office of Personnel Management, in which alleged Chinese hackers stole sensitive personal data on 22 million current and former federal employees. Lessons from that sweeping compromise of American security clearances still haven’t been heeded, according to the report from the Senate Committee on Homeland Security and Government Affairs’ Permanent Subcommittee on Investigations. “Despite major data breaches like OPM, the federal government remains unprepared to confront the dynamic cyberthreats of today,” laments the report, which covered the departments of Agriculture, Education, Health and Human Services, Homeland […]
The post Senate investigation finds agencies ‘unprepared’ to protect Americans’ data appeared first on CyberScoop.
Continue reading Senate investigation finds agencies ‘unprepared’ to protect Americans’ data
The Department of Transportation has recently completed a set of thorough security tests on software used in the Transportation Secretary’s office, yielding surprising results about the software’s vulnerabilities. The testing program, which was partly motivated by three cybersecurity incidents at the department in the last year, began with software “we thought was pretty rock-solid,” DOT CIO Vicki Hildebrand said. “[W]e were pretty sure we wouldn’t find vulnerabilities. And we did.” A team of researchers from security-testing company Synack carried out the assessment of the DOT software, which uncovered flaws in commercial products and networked systems. DOT’s security team worked with Synack to promptly fix the vulnerabilities, according to Mark Kuhr, Synack’s co-founder and CTO. Hildebrand, a former executive at Hewlett Packard Enterprise, said she wanted to expand the testing program to other parts of DOT’s vast IT enterprise. “There’s going to be a team approach to whacking these [vulnerabilities] as […]
The post Spurred by security incidents, DOT goes looking for its software flaws appeared first on Cyberscoop.
Continue reading Spurred by security incidents, DOT goes looking for its software flaws