August 28, 2024 at 08:56AM The FBI, CISA, and the Department of Defense Cyber Crime Center jointly warn network defenders of ongoing cyber exploitation by an Iran-based group targeting U.S. and foreign organizations. The advisory details the threat actors’ tactics, techniques, and procedures, and provides indicators of compromise. Organizations are urged to follow recommended mitigations … Read more
July 11, 2024 at 10:12AM UnitedHealth CEO Andrew Witty testified about the costly cyberattack on Change Healthcare before the Senate and House. He pledged to address security flaws and backed a centralized cyber-incident reporting system. The existing National Cyber Incident Response Plan, supported by the Biden administration, seeks to streamline reporting and improve coordination. This … Read more
May 9, 2024 at 08:13PM CISA extends the feedback period for proposed CIRCIA incident reporting by 30 days. Concerns of additional red tape on cybercrime victims arise. CIRCIA law, requiring reporting within specific time frames, is in final stages at CISA. Congress allocated no extra resources for CISA to fulfill its responsibilities. CISA stresses coordinated … Read more
March 27, 2024 at 02:58PM CISA to oversee new cyber incident and ransomware payment reporting requirements. Based on the meeting notes, it is clear that CISA will be responsible for administering the new reporting requirements for cyber incidents and ransomware payments. Full Article
February 7, 2024 at 07:12PM Proposed changes to US government procurement rules would require IT service organizations to provide full access to their systems in the event of a security incident. These requirements, developed by DoD, GSA, and NASA, have faced criticism from industry respondents who find them burdensome and inconsistent with other reporting rules. … Read more