Automakers meet growing data privacy challenges, experts say

A Federal Trade Commission crackdown and lawsuit against GM show automakers are navigating legal risks.

By Michael Brady • Aug. 28, 2024

CISA officials credit Microsoft security log expansion for improved threat visibility

CISA officials say they plan to hold Microsoft accountable to ensure the company lives up to its commitments.

By David Jones • Aug. 27, 2024

SEC settles cyber case with Equiniti Trust as oversight questions linger

The firm, formerly known as American Stock Transfer, will pay $850,000 to settle civil fraud charges involving the theft of $6.6 million in client funds.

By David Jones • Aug. 26, 2024

CISA’s $524M headquarters slated for DHS campus in 2027

Construction for the agency’s centralized facility is expected to break ground in the fall. CISA staffers are currently spread out across five office rentals.

By Matt Kapko • Aug. 23, 2024

US, Australian authorities lead international push to adopt event logging

State-linked and criminal threat groups are using living-off-the-land techniques to hide their hacking activities behind regular security tools.

By David Jones • Aug. 22, 2024

White House details $11M plan to help secure open source

National Cyber Director Harry Coker Jr., speaking at Def Con in Las Vegas, says federal assistance must be bolstered by more ownership among the community.

By David Jones • Aug. 14, 2024

CISA director: Cybersecurity is ‘not an impossible problem’

In Jen Easterly's view, the solution to the industry's pains lies in secure by design. “We got ourselves into this, we have to get ourselves out,” she said during a media briefing at Black Hat.

By Matt Kapko • Aug. 13, 2024

Delta expects $380M revenue hit due to CrowdStrike outage

The company said it canceled 7,000 flights in five days due to the IT outage, according to a Thursday filing with the Securities and Exchange Commission.

By Roberto Torres • Aug. 9, 2024

Progress Software says SEC declines to pursue action related to MOVEit exploitation spree

The decision comes just weeks after a federal court dismissed most of the SEC’s civil fraud case against SolarWinds.

By David Jones • Aug. 8, 2024

Federal watchdog urges EPA to develop comprehensive cyber strategy to protect water systems

The report comes amid a rise in malicious cyberthreats from state-linked and criminal hackers targeting U.S. drinking water and water treatment facilities.

By David Jones • Aug. 6, 2024

CrowdStrike outage renews supply chain concerns, federal officials say

The White House and the U.S. Government Accountability Office are raising questions about the resilience of the software supply chain and memory safety vulnerabilities.

By David Jones • Aug. 2, 2024

SolarWinds legal ruling expected to narrow, but maintain SEC oversight on cyber transparency

The dismissal of most charges in a closely watched civil fraud case will test the ability of federal authorities to regulate risk disclosure.

By David Jones • July 29, 2024

CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds

A report from Parametrix estimates cyber insurance will cover only about 10% to 20% of losses.

By David Jones • July 25, 2024

CrowdStrike, Microsoft scramble to contain fallout from global IT outage

Cybersecurity and IT experts said users are having major difficulties in recovery efforts, despite workarounds and guidance the vendors released.

By David Jones • July 22, 2024

Majority of SEC civil fraud case against SolarWinds dismissed, but core remains

The court ruling related to claims leading up to and immediately following the 2020 Sunburst supply chain hack.

By David Jones • Updated July 18, 2024

CISA calls for elimination of OS command injection vulnerabilities

Threat groups target vulnerabilities in widely used network devices. CISA’s latest advisory urges software makers to eliminate them at the source.

By Matt Kapko • July 11, 2024

MOVEit legal liabilities, expenses pile up for Progress Software

The prospective financial hit from a widely exploited vulnerability in the file-transfer service is growing. Progress confronts lawsuits, regulator scrutiny and government investigations.

By Matt Kapko • July 10, 2024

Critical infrastructure providers seek guardrails on scope, timeline for CIRCIA rules

In a last-minute push, critical infrastructure stakeholders urged federal officials to give more flexibility on the detail required during the first 72 hours of covered cyber incidents.

By David Jones • July 8, 2024

Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation

Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors.

By David Jones • Updated July 8, 2024

Manufacturing cybersecurity at heart of new White House guidance

The increased priority on security comes as more clean energy supply chains face the threat of a cyberattack.

By Kate Magill • June 24, 2024

Microsoft president promises significant culture changes geared towards security

Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.

By David Jones • June 14, 2024

Microsoft will take full ownership for security failures in House testimony

Brad Smith, the company’s vice chair and president, will acknowledge extensive security lapses while outlining steps the company, industry and nation need to move forward.

By David Jones • June 13, 2024

FCC approves $200M K-12 cybersecurity pilot

The three-year program will help schools begin to cover the costs of securing their networks from cyberattacks.

By Anna Merod • Updated June 7, 2024

White House wants to harmonize the breadth of cybersecurity regulations

National Cyber Director Harry Coker Jr. detailed White House strategy to streamline the administrative burden and cost of cyber compliance.

By David Jones • June 5, 2024

NIST has a plan to clear the vulnerability analysis backlog

The Cybersecurity and Infrastructure Security Agency and government contractor Analygence will help clear the National Vulnerability Database backlog.

By Matt Kapko • May 31, 2024