Paras Jha, one of three people responsible for the Mirai Botnet, was ordered on Friday to pay $8.6 million in damages and serve six months of house arrest after pleading guilty to violating the Computer Fraud & Abuse Act (CFAA) in Federal district court in New Jersey. […]

In a letter released Thursday, Sen. Mark Warner, D-Va., called on the Federal Trade Commission (FTC) to investigate the “prevalence of digital advertising fraud and inaction by Google to curb these efforts.” […]

Cybersecurity experts are gearing up to cut an illuminating path through the tangled cybersecurity threats and solutions landscape at Symantec’s Government Symposium on Oct. 30 at the Marriott Marquis in Washington, D.C. […]

The Department of Energy Office of Inspector General released a report on Oct. 19 that found several weaknesses in the cybersecurity program at DoE in fiscal year 2018, including recurring issues in vulnerability management, patching, and formal cybersecurity training policies. […]

The answer to that question is “yes,” according to a white paper released today by New America, a non-partisan think tank. The white paper argues that while the United States has been engaged in cybersecurity for more than a generation, there are still “organizational and human gaps” that leave the country insecure. […]

After some fits and starts, Federal agencies are gaining ground in efforts to better secure their websites and email systems by employing HTTPS encryption, and installing the Domain-based Message Authentication, Reporting and Conformance (DMARC) anti-phishing protocol, among other measures […]

The Department of Homeland Security (DHS) shared details on its Cyber Risk Economics Capability Gaps Research Strategy, which is part of its Cyber Risk Economics (CYRIE) program, in a blog post on Tuesday. […]

Former Department of Defense officials today offered mostly positive reviews of the current administration’s approach to cybersecurity–including the National Cybersecurity Strategy and the DoD Cyber Strategy–while taking note of the risks posed by more offensive-minded leanings featured in those policies. […]

In an effort to halt the spread of election disinformation online, United States Cyber Command (USCYBERCOM) is telling Russian operatives that American operatives have identified who they are and are tracking their efforts. The campaign is the first known overseas cyber operation to protect American elections, according to the New York Times which first reported the story. […]

Yahoo, which is now owned by Verizon, has agreed to pay $50 million in damages, plus about $35 million in legal fees, under a proposed civil settlement covering data breaches in 2013 and 2014 that impacted three billion Yahoo accounts, according to numerous press reports.  […]

Department of Homeland Security Under Secretary Christopher Krebs said today that the biggest change in election security between the 2016 elections and today is the elimination of communication barriers between state and local authorities and the Federal government. […]

Federal cyber pros at Palo Alto Networks’ Federal Ignite conference weighed in today on the cost of cybersecurity and its return on investment, suggesting that government spend may not be properly configured to the risks, threats, and real assets that need to be protected. […]

The National Association of State Chief Information Officers (NASCIO), in partnership with Deloitte, today released its new cybersecurity study which argues CISOs need to launch three “bold initiatives” to ward off advanced cyber threats. […]

Super Micro Computer told customers in an Oct. 18 letter that the gist of a recent Bloomberg Businessweek article–reporting the alleged secret implantation of malicious computer chips in motherboards made by the company and used by numerous U.S. companies and government agencies–is “wrong,” and that “from everything we know and have seen, no malicious hardware chip has been implanted during the manufacturing of our motherboards.” […]

The General Services Administration’s Office of Inspector General said in a report issued Oct. 19 that it wants GSA’s IT Office (GSA IT) to provide a revised corrective action plan to improve the agency’s policies for responding to breaches of personally identifiable information (PII). […]

The Office of the Director of National Intelligence, alongside the Justice Department, Federal Bureau of Investigation, and Department of Homeland Security, released a joint statement today that expresses their concern over election interference and calls identification and prevention of interference a “top priority for the Federal government.” […]

Retired Adm. Mike Rogers, who stepped down earlier this year as head of U.S. Cyber Command and director of the National Security Agency, has joined the board of advisors of Team8, an Israel-based cybersecurity think tank and company-creation platform. […]

Yesterday two academics proposed creating an international organization modeled after the International Committee of the Red Cross (ICRC), that would “provide assistance and relief to vulnerable citizens and enterprises affected by serious cyberattacks.” […]

The Food and Drug Administration (FDA) released new draft guidance for the cybersecurity of medical devices on Wednesday, with a focus on risk management and applying the cybersecurity framework from the National Institute of Standards and Technology (NIST). […]

In a report released today, the International Information System Security Certification Consortium, (ISC)², a nonprofit association of certified cybersecurity professionals, found a global cybersecurity workforce shortage of 2.93 million people as of August 2018. […]

At the request of several Federal agencies, the Intelligence and National Security Alliance (INSA) has created and released a framework for organizations to better share indications and warnings (I&W) of cyberattacks and deconstruct that data into indicators that can be monitored. […]

Christopher Krebs, under secretary for the Department of Homeland Security’s National Protection and Programs Directorate (NPPD), said DHS is not seeing an increased number of cyberattacks on election systems, but “a consistent and persistent level of activity” in that arena. […]

Health insurance provider Anthem has agreed to pay the Department of Health and Human Services’ Office of Civil Rights (OCR) $16 million to settle what HHS called “potential violations” of the Health Insurance Portability and Accountability Act (HIPAA) in connection with an Anthem data breach in late 2014 and early 2015 in which cyber criminals stole data on nearly 79 million individuals including names, Social Security numbers, medical identification numbers, and email addresses, among others.   […]

Following the fifth EU-U.S. Cyber Dialogue last month in Brussels, the United States and the European Union today released a statement reaffirming their “strong partnership in favour of a global, open, stable and secure cyberspace where the rule of law fully applies, where the same rights that individuals have offline are protected online, and where the security, economic growth, prosperity, and integrity of free and democratic societies is promoted and preserved.” […]

A bipartisan group of three senators–Sens. Chris Van Hollen, D-Md., Susan Collins, R-Maine, and Ben Cardin, D-Md.–last week introduced Protect Our Elections Act, which aims “to amend the Help America Vote Act of 2002 to require states to take steps to ensure domestic ownership and control of election service providers.” […]

The Pentagon confirmed on Friday a cyber breach that compromised personal and credit card information of military and civilian personnel. […]

The Department of Homeland Security’s National Cybersecurity & Communications Integration Center (NCCIC) released a new alert yesterday highlighting five publicly available tools frequently observed in cyber incidents worldwide. […]

Later this month government and private sector leaders will gather for a frank discussion about redefining government cybersecurity. The conversation could hardly be more timely: the Federal government is facing seemingly endless challenges, from evolving threats and aging legacy systems to budget constraints and workforce gaps. […]

The recent Department of Homeland Security alert describing ongoing cyberattacks on global managed service providers highlights the need for the U.S. government to take a lead role in protecting internet infrastructure, according to some industry cybersecurity experts. […]

Senators Richard Blumenthal, D-Conn., and Marco Rubio, R-Fla., asked the chief executive officer of Super Micro Computer in an Oct. 9 letter whether the company has ever found evidence of tampering of components or firmware that targeted the company’s products, among other questions stemming from a Bloomberg Businessweek article reporting that chips made by a Chinese firm and allegedly used by numerous U.S. companies and government agencies were engineered to enable backdoor data transmissions to China.  […]