June 17, 2024 at 01:09PM The Francis Scott Key Bridge collapse in Baltimore stirred speculation about a cyberattack, highlighting the vulnerability of physical infrastructure to cyber threats. Despite the focus on physical incidents, silent cyberattacks on critical infrastructure, like the MITRE breach, remain poorly understood. The public’s fear of cyber threats necessitates greater awareness and … Read more
June 4, 2024 at 12:06AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw in Oracle WebLogic Server to the catalog of Known Exploited Vulnerabilities, allowing unauthorized server access and control. A China-based group, 8220 Gang, has used the flaw for crypto-mining botnet attacks. Federal agencies are advised to apply fixes by … Read more
May 30, 2024 at 01:21PM Cloudflare announced the acquisition of BastionZero, a seed-stage startup based in Boston, Mass. The financial terms were not disclosed. BastionZero’s technology offers remote access to infrastructure for backend and cloud engineering teams. The acquisition fits into Cloudflare’s plan to extend its Zero Trust Network Access flows and enhance its VPN … Read more
April 11, 2024 at 06:27PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new version of “Malware Next-Gen,” allowing the public to submit malware samples for analysis. This expands access beyond government agencies and aims to enhance cyber defense efforts. The platform has already identified 200 suspicious files from 1,600 submissions, encouraging … Read more
April 4, 2024 at 08:47AM The Cybersecurity and Infrastructure Security Agency is promoting the Secure by Design initiative, advising companies to intensify their efforts in eliminating SQL injection vulnerabilities. As part of its Secure by Design initiative, the Cybersecurity and Infrastructure Security Agency has urged companies to intensify their efforts to eliminate SQL injection vulnerabilities. … Read more
March 28, 2024 at 06:06AM The US Cybersecurity and Infrastructure Security Agency (CISA) is seeking input on the implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), estimated to impact 316,000 entities. The proposed rules’ costs are estimated at $2.6 billion over 11 years, with reporting requirements and the creation of … Read more
March 19, 2024 at 06:04PM U.S. National Security Advisor Jake Sullivan and EPA Administrator Michael Regan sent a joint letter to governors warning about cyberattacks targeting the country’s water infrastructure. They seek governors’ support in safeguarding water systems against cyber threats and proposed a Water Sector Cybersecurity Task Force. Recent attacks by Iranian and Chinese … Read more
March 12, 2024 at 02:37PM President Joe Biden has proposed a $103 million increase in funding for the Cybersecurity and Infrastructure Security Agency (CISA), as part of the $7.3 trillion spending plan for fiscal year 2025. The plan also allocates $13 billion for improving cybersecurity across government agencies. Additionally, the budget includes cybersecurity funding for … Read more
February 26, 2024 at 05:25PM Summary: CISA, NSA, and FBI warn of U.S. critical infrastructure attacks by “Volt Typhoon,” linked to CCP. Fortress Information Security partners with power companies to mitigate exposure, offering File Integrity Assurance (FIA) for compliance with CIP standards. Research reveals high likelihood of vulnerabilities in software from Russia or China, emphasizing … Read more
February 25, 2024 at 02:48PM The LockBit gang has relaunched its ransomware operation on a new infrastructure and is targeting government sectors after law enforcement disrupted their servers in Operation Cronos. They admitted negligence led to the breach and are now emphasizing increased security measures and decentralization. Their message appears aimed at restoring credibility after … Read more