The National Association of State Chief Information Officers (NASCIO), in partnership with Deloitte, today released its new cybersecurity study which argues CISOs need to launch three “bold initiatives” to ward off advanced cyber threats. […]

Super Micro Computer told customers in an Oct. 18 letter that the gist of a recent Bloomberg Businessweek article–reporting the alleged secret implantation of malicious computer chips in motherboards made by the company and used by numerous U.S. companies and government agencies–is “wrong,” and that “from everything we know and have seen, no malicious hardware chip has been implanted during the manufacturing of our motherboards.” […]

The General Services Administration’s Office of Inspector General said in a report issued Oct. 19 that it wants GSA’s IT Office (GSA IT) to provide a revised corrective action plan to improve the agency’s policies for responding to breaches of personally identifiable information (PII). […]

The Office of the Director of National Intelligence, alongside the Justice Department, Federal Bureau of Investigation, and Department of Homeland Security, released a joint statement today that expresses their concern over election interference and calls identification and prevention of interference a “top priority for the Federal government.” […]

Retired Adm. Mike Rogers, who stepped down earlier this year as head of U.S. Cyber Command and director of the National Security Agency, has joined the board of advisors of Team8, an Israel-based cybersecurity think tank and company-creation platform. […]

Yesterday two academics proposed creating an international organization modeled after the International Committee of the Red Cross (ICRC), that would “provide assistance and relief to vulnerable citizens and enterprises affected by serious cyberattacks.” […]

The Food and Drug Administration (FDA) released new draft guidance for the cybersecurity of medical devices on Wednesday, with a focus on risk management and applying the cybersecurity framework from the National Institute of Standards and Technology (NIST). […]

In a report released today, the International Information System Security Certification Consortium, (ISC)², a nonprofit association of certified cybersecurity professionals, found a global cybersecurity workforce shortage of 2.93 million people as of August 2018. […]

At the request of several Federal agencies, the Intelligence and National Security Alliance (INSA) has created and released a framework for organizations to better share indications and warnings (I&W) of cyberattacks and deconstruct that data into indicators that can be monitored. […]

Christopher Krebs, under secretary for the Department of Homeland Security’s National Protection and Programs Directorate (NPPD), said DHS is not seeing an increased number of cyberattacks on election systems, but “a consistent and persistent level of activity” in that arena. […]

Health insurance provider Anthem has agreed to pay the Department of Health and Human Services’ Office of Civil Rights (OCR) $16 million to settle what HHS called “potential violations” of the Health Insurance Portability and Accountability Act (HIPAA) in connection with an Anthem data breach in late 2014 and early 2015 in which cyber criminals stole data on nearly 79 million individuals including names, Social Security numbers, medical identification numbers, and email addresses, among others.   […]

Following the fifth EU-U.S. Cyber Dialogue last month in Brussels, the United States and the European Union today released a statement reaffirming their “strong partnership in favour of a global, open, stable and secure cyberspace where the rule of law fully applies, where the same rights that individuals have offline are protected online, and where the security, economic growth, prosperity, and integrity of free and democratic societies is promoted and preserved.” […]

A bipartisan group of three senators–Sens. Chris Van Hollen, D-Md., Susan Collins, R-Maine, and Ben Cardin, D-Md.–last week introduced Protect Our Elections Act, which aims “to amend the Help America Vote Act of 2002 to require states to take steps to ensure domestic ownership and control of election service providers.” […]

The Pentagon confirmed on Friday a cyber breach that compromised personal and credit card information of military and civilian personnel. […]

The Department of Homeland Security’s National Cybersecurity & Communications Integration Center (NCCIC) released a new alert yesterday highlighting five publicly available tools frequently observed in cyber incidents worldwide. […]

Later this month government and private sector leaders will gather for a frank discussion about redefining government cybersecurity. The conversation could hardly be more timely: the Federal government is facing seemingly endless challenges, from evolving threats and aging legacy systems to budget constraints and workforce gaps. […]

The recent Department of Homeland Security alert describing ongoing cyberattacks on global managed service providers highlights the need for the U.S. government to take a lead role in protecting internet infrastructure, according to some industry cybersecurity experts. […]

Senators Richard Blumenthal, D-Conn., and Marco Rubio, R-Fla., asked the chief executive officer of Super Micro Computer in an Oct. 9 letter whether the company has ever found evidence of tampering of components or firmware that targeted the company’s products, among other questions stemming from a Bloomberg Businessweek article reporting that chips made by a Chinese firm and allegedly used by numerous U.S. companies and government agencies were engineered to enable backdoor data transmissions to China.  […]

Mike Duffy, acting deputy director for the Department of Homeland Security’s Federal Network Resilience Division, said today that many Federal agencies are expecting to have all of their .gov domains protected from email spoofing campaigns, ahead of an October 16 deadline to do so. […]

Three Senate Democrats asked Federal Trade Commission (FTC) Chairman Joseph Simons in an Oct. 10 letter to open an investigation into Google’s disclosure earlier this week that it discovered and patched in March a vulnerability in its Google+ social media platform that may have exposed profile data on up to 500,000 accounts, but did not inform users of the vulnerability in a timely way. […]

The Department of Justice (DoJ) announced yesterday that Yanjun Xu, a Chinese Ministry of State Security (MSS) operative, was extradited to the United States Tuesday on charges of conspiring and attempting to commit economic espionage and steal trade secrets from U.S. aviation and aerospace companies–including GE Aviation. […]

McAfee and the Center for Strategic and International Studies (CSIS) today released a new report about modernizing Social Security Numbers (SSN) in light of growing privacy and security concerns over using SSNs as a de facto personal identifier. The […]

A Defense Department spokesperson responded late Tuesday to a report from the Government Accountability Office that DoD faces challenges in protecting weapons systems from cyber attacks by saying the agency is “continuously strengthening” its defense cybersecurity posture. […]

The Department of Justice (DoJ) announced today that Romeo Vasile Chita, a Romanian national, was returned to the United States last Friday to face Federal charges of racketeering, wire fraud conspiracy, conspiracy to launder money, and conspiracy to traffic in counterfeit services charges. […]

A new survey from One Identity, a maker of identity and access management (IAM) solutions, finds that 77 percent of IT security professionals polled in the United states, Europe, and elsewhere said it would be “easy” for them to steal sensitive information from their companies if they were to leave those organizations. […]

The Department of Homeland Security’s (DHS) deadline for agencies to adopt Domain-based Message Authentication, Reporting, and Conformance (DMARC) and have policies set to “enforcement” levels is one week away, and new research from Valimail says only half of agencies have deployed the new standards. […]

A new report from a group of Federal government and private sector experts details how “precision agriculture,” or agriculture that uses connected technology to improve efficiency, faces new cybersecurity threats and a low degree of awareness in the industry to combat them. […]

Gov. Jerry Brown on Sept. 28 signed into law S.B. 327, which will ban companies from selling Internet-connected devices with weak or default passwords, such as “Password” or “1234567.” Instead, beginning on Jan. 1, 2020, all devices must have a “preprogrammed password [that] is unique to each device manufactured.” A primary concern with weak pre-programmed passwords is that users don’t change them to strong, unique passwords after purchasing the device. […]

Google announced today plans to shut down its Google+ social media platform in August 2019, and that it patched a vulnerability in the service in March that potentially exposed Google+ user data. […]

Apple told congressional leaders in a letter dated today that a story last week by Bloomberg Businessweek–reporting that chips made by a Chinese firm and used in Apple equipment were engineered to enable backdoor data transmissions to China–is “not true.” […]