A recent Inspector General's report finds that NASA still struggles with implementing an agency-wide cybersecurity policy despite spending approximately $2.3 billion on IT, networking and security technology in 2019. The oversite report offers a series of improvements that NASA should make.
Could your organization withstand an attack by the master hacking operation known as "Fxmsp"? Hollywood loves to portray hackers as having ninja-like skills. But Fxmsp often favored the simplest tools for the job, because they so often worked. Defenders: Take note.
The U.S. Federal Communications Commission has officially designated China's Huawei Technologies and ZTE Corp. as "national security threats," barring American telecommunications firms from using certain federal funds to buy their equipment, such as for building 5G networks.
A bipartisan group of U.S. senators is calling for federal funding for cybersecurity coordinators in every state. Meanwhile, a measure introduced in the House would restore the position of cybersecurity director in the White House.
Palo Alto Networks product alert: All users should immediately patch a "critical" flaw in Pan-OS that can be remotely exploited to bypass authentication and take full control of systems or gain access to networks, U.S. Cyber Command and the Cybersecurity Infrastructure and Security Agency warn.
The University of California San Francisco says it paid a $1.14 million ransom earlier this month to obtain decryptor keys to unlock several servers within its school of medicine that were struck with ransomware.
Japan has been scanning its entire IPv4 address space to find insecure home routers, web cameras and sensors. The results are encouraging, and the country's program could serve as a model for other nations aiming to avoid large-scale IoT security problems.
IoT devices can be made cheaply and quickly. But as a result, they may lack adequate security features. The Atlantic Council is proposing regulations that would require technology retailers to sell devices that meet security standards, which would, in turn, put pressure on IoT component makers.
A massive DDoS attack generating 809 million packets per second was recently directed against a large European bank, according to the security firm Akamai, which describes in a new report the unusual approach the attackers took.
Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren't reaping maximum benefits. "We are addressing problems too far downstream," he says.
Federal agencies will add a layer of security to their websites that use the top-level domain .gov. All the sites eventually will use the HSTS protocol, which ensures that a user's connection to a website is encrypted and can protect against man-in-the middle attacks and cookie hijacking.
Integrating IoT devices into OT systems brings a raft of security concerns. Microsoft's acquisition of CyberX, which offers a specialized IoT/OT security platform, may give some organizations more confidence to tackle what can be a messy business of securing and monitoring IoT controls across a network.