The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department's networks as part of its experimental bug bounty program launched on American Independence Day. The weeklong bug bounty challenge called "Hack U.S." ran from July Fourth to July 11.
The Department of Treasury and the Cybersecurity and Infrastructure Security Agency are soliciting comments on whether risks to critical infrastructure from a catastrophic cyberattack - and the concurrent potential for ruinous financial exposure by insurers - should lead to a new federal approach.
Public water systems in the United States will continue connecting control systems to the internet despite the risks, members of the House Homeland Security Committee heard today. Water systems need network connectivity for remote repairs, said an official with the National Rural Water Association.
CISA is months behind a deadline set by President Biden in 2021 to provide voluntary guidance on OT security controls for critical infrastructure firms, but the agency announced at a House subcommittee hearing its plans for public-private information sharing and grants to smaller organizations.
A Texas nonprofit, safety net medical center is still struggling to fully bring its communications and other systems back online two weeks after a ransomware attack in which cybercriminals have demanded a ransom in the "tens of millions of dollars.
The U.S. government accused Iran of turning a blind eye to ransomware hackers after indicting three men affiliated with the Islamic Revolutionary Guard Corps. Authorities say their attacks affected critical infrastructure including healthcare centers, transportation services and utility providers.
Albania cut diplomatic ties with Iran following a July cyberattack that disrupted the country's online governmental services portal. Prime Minister Edi Rama today said he gave Iranian diplomats 24 hours to depart the country after establishing Iranian responsibility for the cyberattack.
In the latest "Proof of Concept," VP and CISO Nicole Darden Ford shares findings from Rockwell Automation's new survey report on cybersecurity preparedness in critical infrastructure, OT security gaps, the state of critical infrastructure, and insights into preparedness and best practices.
A recent survey sponsored by Rockwell Automation finds that critical infrastructure organizations miss basic protections for operational technology, with 80% failing to conduct frequent asset inventory audits, 63% lacking real-time threat monitoring and 42% needing effective patch management.
Post-pandemic, in the new era of hybrid work, Mastercard CSO Ron Green says the unintentional insider threat is one of his top concerns for member institutions and their customers. He shares insight on threats, partnerships and how the public and private sectors can address workforce development.
The role and impact of criminal hackers and volunteer hacktivists in the Russia-Ukraine war has been vastly overestimated, a team of cybersecurity researchers report, based not just on charting distributed denial-of-service attacks and defacements but also on interviews with participants.
Retired U.S. General Gregory Touhill (Director of the Software Engineering Institute’s CERT Division) and former Rockwell Automation CISO Dawn Cappelli sat down for a interview with ISMG’s Tom Field, SVP of Editorial, to discuss the 2022 Rockwell Automation research report on cybersecurity preparedness in Critical...
Ragnar Locker ransomware group released 361 gigabytes of what appears to be confidential data belonging to Greek national natural gas operator DESFA. The threat group says the alleged victim did not negotiate with it. The company confirmed a cyberattack and said it would not pay the ransom.
As the Russia-Ukraine war continues, Ukrainian government cybersecurity official Victor Zhora says that the country's computer emergency response team has tracked more than 1,600 online attacks and that defensively, "wipers continue to be the biggest challenge."
The Cl0p ransomware group has been attempting to extort Thames Water, a public utility in England. Just one problem: the group attacked an entirely different water provider. Through ineptitude or outright lying, this isn't the first time that a ransomware group has claimed the wrong victim.