state government – Page 2 – WindowsTechs.com

Is Congress finally ready to pass meaningful ransomware legislation?

Posted on March 9, 2021 by Tim Starks

During the entire last two-year session of Congress, lawmakers only signed one bill law that mentioned the word “ransomware.” With the epidemic of digital extortion showing no signs of abating, though, and as ransomware attacks claim ever more victims across all parts of the U.S., evidence is mounting that the next two years could bring a more concerted push for legitlation. “I think it will be a focus because essentially every congressional district has had some kind of ransomware incident, whether public or not,” said Michael Garcia, a senior policy adviser in the national security program at Third Way, a center-left think tank. “Just look at the number of hospitals getting hit, of schools being hit.” In one recent incident, a Mississippi public school system revealed it had paid $300,000 to ransomware attacks, while a U.S. medical company, Universal Health Services, said it lost $67 million as a result of […]

The post Is Congress finally ready to pass meaningful ransomware legislation? appeared first on CyberScoop.

Continue reading Is Congress finally ready to pass meaningful ransomware legislation?→

Robocalls keep spamming Americans, in part because of their cyber tools

Posted on March 1, 2021 by Tim Starks

After a surprising lull at the onset of the COVID-19 pandemic, phone scammers are back, and showing signs of overlapping more and more with text messages and cyber elements. Scammers are combining phone calls with tricks to circumvent two-factor authentication, using information they obtain online to make more targeted calls and, in some cases, mimicking the attack methods of hackers, government and industry officials say. Phone scams that merge with other methods are growing more frequent and difficult to contend with, said Connecticut Attorney General William Tong. “I think it’s common and it’s dangerous, particularly the way that they’re able to cloak themselves or convince you that you need to respond to a particular call or email,” he said. Internet technology has helped fuel a record number of robocalls thanks to the advent of voice-over IP, a tool that made mass calling convenient and more affordable. Estimates vary, but most […]

The post Robocalls keep spamming Americans, in part because of their cyber tools appeared first on CyberScoop.

Continue reading Robocalls keep spamming Americans, in part because of their cyber tools→

Election Assistance Commission loses another key staffer, Jerome Lovato

Posted on February 24, 2021 by Tim Starks

Another top official is exiting the staff of the Election Assistance Commission, the third in recent months for the small agency that plays an outsized role in U.S. election security. Jerome Lovato, the testing and certification director for voting system certification at the EAC, is leaving that position next month, two sources told CyberScoop. And the commission began advertising the opening for the job he holds last week. His departure follows Josh Franklin leaving his job as EAC chief technology officer in December, and in November, Maurice Turner leaving as senior adviser to the executive director of the commission. The exits come at a sensitive time for the commission. The EAC this month voted to approve a long-awaited update to its widely-used voluntary voting system guidelines, nicknamed VVSG 2.0, and a perhaps years-long implementation period will follow. Those guidelines emphasize the value of risk-limiting audits that help verify election results, […]

The post Election Assistance Commission loses another key staffer, Jerome Lovato appeared first on CyberScoop.

Continue reading Election Assistance Commission loses another key staffer, Jerome Lovato→

Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries

Posted on February 23, 2021 by Tim Starks

A host of federal government policy failures contributed to the rippling damage of the SolarWinds hack, leaders of cyber firms told a Senate panel on Tuesday, with even lawmakers saying Congress must do more to prevent a repeat. More than two months after the hack became public, the wide-ranging Senate Select Committee on Intelligence hearing committee demonstrated that the U.S. government, the private sector and digital incident responders still are wrestling with the ramifications of an suspected Russian espionage campaign that leveraged the federal contractor SolarWinds. A number of big questions remain: SolarWinds still hasn’t determined how the hackers originally got into its systems, nobody has fully settled debates on whether the incident amount to espionage, or something worse, and suspicions abound that more victims remain unrevealed. “It has become clear that there is much more to learn about this incident, its causes, its scope and scale, and where we […]

The post Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries appeared first on CyberScoop.

Continue reading Senate hearing on SolarWinds hack lays bare US shortcomings, remaining mysteries→

Federal election agency adopts updated voting security standards. Not everyone is happy.

Posted on February 10, 2021 by Tim Starks

The Election Assistance Commission on Wednesday voted to adopt the first comprehensive update to its voting system security guidelines in more than 15 years, concluding a lengthy process that ended with a mixed reception from some election security experts. The security community largely greeted the update as a security upgrade to standards that most states rely upon at least partially for their own equipment testing and certification. A significant number of academics, activists and even some in Congress, though, voiced displeasure in particular for how the so-called Voluntary Voting System Guidelines 2.0 would handle wireless connections on voting systems. The update stands to shape the next generation of voting systems that election vendors produce for use around the country during a period of sinking trust in the electoral process. Regardless, the more than five-year drafting process and resulting EAC vote won’t immediately transform election security because states, equipment manufacturers and […]

The post Federal election agency adopts updated voting security standards. Not everyone is happy. appeared first on CyberScoop.

Continue reading Federal election agency adopts updated voting security standards. Not everyone is happy.→

Feds Sound Alarm Over Emotet Attacks on State, Local Govs

Posted on October 7, 2020 by Becky Bracken

CISA warned already-strained public-sector entities about disturbing spikes in Emotet phishing attacks aimed at municipalities. Continue reading Feds Sound Alarm Over Emotet Attacks on State, Local Govs→

Twitter bolsters security for political accounts as election looms

Posted on September 18, 2020 by Sean Lyngaas

Just weeks away from the U.S. presidential election, Twitter says it is taking extra steps to secure high-profile accounts, such as political campaigns and major news outlets, whose compromise could impact voter perceptions. Twitter began rolling out the new security features, such as strong password requirements, on Thursday to the election-related accounts, including secretaries of state overseeing the vote and federal agencies and lawmakers. Accounts will be “strongly encouraged” to use two-factor authentication to prevent hacking, the social media platform said. In the weeks ahead, Twitter said it would implement “more sophisticated detections and alerts” to keep hackers from breaking into accounts. The eleventh-hour move to heighten account security reflects what Twitter executives described as the “unique sensitivities of the election period.” Four years ago, Russian bots and trolls spread disinformation on Twitter in a bid to damage Hillary Clinton’s campaign and boost Donald Trump. This year, U.S. intelligence agencies […]

The post Twitter bolsters security for political accounts as election looms appeared first on CyberScoop.

Continue reading Twitter bolsters security for political accounts as election looms→

Improving cybersecurity visibility and state and local government agencies

Posted on April 24, 2018 by CyberScoop Staff

A significant portion of state and local government technology officials in a new survey say they are under-equipped, under-staffed and under-resourced in addressing cybersecurity concerns. Four in 10 state and local IT leaders say they lack the tools they need to identify and report cybersecurity vulnerabilities in their networks, according to a study conducted by CyberScoop and StateScoop, and underwritten by Tenable. For 38 percent of respondents, this shortcoming is further exacerbated by the need for security intelligence tools that prioritize vulnerability risks. Combined, these technology gaps make it harder for security personnel to optimize their time and effectiveness. Nearly half of respondents (46 percent) said that access to more skilled and knowledgeable information security professionals would improve the ability to spot security vulnerabilities — more than any other potential enabler. Officials also said a lack of understanding about technologies and risks, and difficulty understanding security metrics, are the biggest […]

The post Improving cybersecurity visibility and state and local government agencies appeared first on Cyberscoop.

Continue reading Improving cybersecurity visibility and state and local government agencies→

Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies

Posted on October 11, 2017 by Chris Bing

A Eastern European hacking group hijacked U.S. state government servers to dispense malware through phishing emails that were designed to appear like they had come from the Securities and Exchange Commission, according to research by Cisco’s Talos team and an analysis by other cybersecurity experts familiar with the activity. The technical findings connect a known advanced persistent threat (APT) group, codenamed FIN7 by U.S. cybersecurity firm FireEye, to a sophisticated intrusion technique that was detected in a recent wave of spoofed emails that mimicked the SEC’s domain. The messages carried malware-laden Microsoft Word documents mentioning financial disclosure information from the EDGAR system. FIN7 is believed to represent a eastern European criminal enterprise that speaks Russian and operates internationally. Emails tied to this campaign were “highly targeted” and only sent to a small, select group of U.S. businesses in several different industry sectors, including finance, insurance and information technology, said Craig Williams, a senior […]

The post Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies appeared first on Cyberscoop.

Continue reading Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies→