Calls are growing for an investigation into how commercial Pegasus spyware developed by Israel's NSO Group gets sold to autocratic governments and used to target journalists, lawyers, human rights advocates and others, with some lawmakers saying "the hacking-for-hire industry must be brought under control."
Congress needs to update and expand federal laws to combat the surge in ransomware attacks, federal cybersecurity experts told a Senate committee at a Tuesday hearing.
At a Senate hearing on pipeline cybersecurity, leaders from several federal agencies briefed lawmakers on the roles regulators can play in the aftermath of the Colonial Pipeline attack. Lawmakers urged the agencies to "flatten the bureaucracy" to improve relationships with companies that support pipelines.
Security experts offer an analysis of Gartner's new strategic road map for SASE adoption that emphasizes the need for a detailed migration plan and offer tips for a successful rollout.
As chief security scientist and advisory CISO to security vendor Thycotic, Joseph Carson is well aware of risks employees will take to get their jobs done. He's just authored a new ethical hacker's guide to help enterprises plug their holes - before their adversaries breach them.
Remote management software company Kaseya says it obtained the ability to decrypt all victims of a massive REvil - aka Sodinokibi - attack via its software, without paying a ransom to attackers. But Kaseya has still not revealed how it obtained the decryption key, except to say it was supplied by a third party.
NIST has selected 18 technology companies to demonstrate "zero trust" security architectures as it prepares to draft guidance for use of the model by federal agencies, which the private sector can also follow.
Australia's data regulator has found that Uber interfered with the privacy of 1.2 million of its customers as a result of a 2016 global data breach. Uber says it's made improvements to its systems and its internal security policies.
Good news on the ransomware front: The average ransom paid by a victim dropped by 38% from Q1 to Q2, reaching $136,576, reports ransomware incident response firm Coveware. In addition, fewer victims are paying a ransom simply for a promise from attackers to delete stolen data.
With corporate America beginning to ask employees to come back to their offices in the fall, cybersecurity teams have the huge task of ensuring that the work environment is safe. This is particularly true of IoT devices, as many have been left unprotected for months.
The Department of Health and Human Services is seeking comments on how it can improve its security risk assessment tool, which is designed to help smaller organizations conduct assessments as required under HIPAA. Some critics have said the tool is too difficult to use.
A bipartisan group of senators is pushing a bill that would require CISA to identify and respond to vulnerabilities and threats that target industrial control systems. The House has already passed a similar measure.
U.S. Customs and Border Protection has not always protected its Mobile Passport Control applications, making travelers' personally identifiable information vulnerable to exploitation, according to a new report from the Department of Homeland Security's Office of the Inspector General.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.