Lawmakers in the Senate and House have introduced legislation designed to improve and enhance the nation's electrical grid and respond to concerns that the country's power system is prone to cyberthreats.
A patch has been issued for a serious vulnerability that affects PHP Composer - a tool used to manage and install software dependencies in the PHP ecosystem. Security researchers at SonarSource say the flaw could put millions of websites at risk.
The Biden administration will prioritize cybersecurity in its $1 billion IT modernization grant program for federal agencies, which will be overseen by the General Services Administration and the Office of Management and Budget.
Ivanti, parent company of Pulse Secure, published a permanent fix Monday for a zero-day vulnerability in Pulse Connect Secure VPN products that has been exploited to target U.S. government agencies, critical infrastructure providers and other companies over the last several weeks.
Recent incidents involving inadvertent exposure of patient data on GitHub, a software development platform, point to the need to ensure that data loss prevention tools are implemented, all available security controls are leveraged and employees are made aware of the risks involved.
CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.
Four editors at Information Security Media Group discuss timely issues, including how the zero-day attacks against Accellion File Transfer Appliance users have rewritten the rules of the cyber extortion game and former federal CISO Gregory Touhill taking on an important new role.
A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.
A bipartisan group of lawmakers has introduced a legislative proposal that would create a program, similar to the National Guard, to deploy those with tech and security skills during significant cyberthreats, such as the recent SolarWinds and Microsoft Exchange attacks.
He’s been an Air Force general, a CEO and the first federal CISO. Now Gregory Touhill is taking charge as director of the Carnegie Mellon University Software Engineering Institute's CERT Division. And he’s bringing all his past experience to bear in a new effort to forge partnerships and protections.
The U.S. Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology have released a report providing insights on how to enhance supply chain security in the wake of the SolarWinds attack.
The FBI has shared 4.3 million email addresses stolen by the Emotet malware with the Have I Been Pwned breach notification site. The entry of those addresses into the site increases the chance that those infected with Emotet can take remediation actions, such as changing passwords.