President Joe Biden is asking Congress to boost CISA's budget by $110 million in 2021 to allow the agency to address a range of cybersecurity issues following several high-profile incidents that have happened in the past six months.
Months after the December cyberattack on Accellion's File Transfer Appliance, the identities of more healthcare sector entities that were affected continue to come to light. The latest victims to be revealed include four health plans.
The Government Accountability Office is urging the U.S. government to respond more rapidly to cybersecurity issues, especially in the wake of the SolarWinds supply chain attack that led to the breach of nine federal departments as well as about 100 companies.
The zero-day attacks against Accellion's File Transfer Appliance show that a number of big-name firms continued to use the legacy technology - even though more secure, cloud-based options were available. Evidently, many CISOs didn't see a compelling reason to move on. Of course, now they do.
An attacker added a backdoor to the source code for PHP, an open-source, server-side scripting language used by more than 75% of the world's websites. Core PHP project members say the backdoor was quickly removed.
The SolarWinds supply chain attack demonstrates that Russian intelligence services have learned from previous operations and adjusted their tactics, says Dmitri Alperovitch, the former CTO of security firm CrowdStrike, which investigated Russian interference in the 2016 election.
Attackers are exploiting a critical remote code vulnerability in F5 Networks' BIG-IP server network traffic security management platform, for which the company released patches on March 10. The vulnerability is considered highly critical.
Four editors at Information Security Media Group - Tom Field, Anna Delaney, Mathew Schwartz and Tony Morbin - review this week’s most important cybersecurity developments, from nation-state threats and supply chain risk, to combating ransomware and adopting a zero trust strategy.
U.S. intelligence agency reports conclude that Russia and Iran tried to interfere in the 2020 presidential election via disinformation campaigns, but found "no indication that any foreign actor attempted to alter any technical aspect of the voting process," including voting results.
Hacking incidents - including ransomware attacks, phishing scams and episodes involving vendors - are still the dominant culprits in major health data breaches being reported to federal regulators so far this year. Why?
Russian hackers apparently weren't the only ones targeting SolarWinds customers. An attack last year by the Spiral hacking group, believed to be based in China, against one organization used malware that targeted a vulnerability in SolarWinds' Orion software, according to the Secureworks Counter Threat Unit.
This edition of the ISMG Security Report features an analysis of key takeaways from the breaches tied to flaws in the Accellion File Transfer appliance. Also featured: Equifax CISO Jamil Farshchi on transforming supply chain security, plus an analysis of how "work from anywhere" is affecting cybersecurity.