State Department Shamed for Poor Adoption of Multi-Factor Authentication

Senators demand answers after government report finds that only 11 percent of the Department of State’s devices use multi-factor authentication. Five US senators have sent a letter to Secretary of State Mike Pompeo requesting answers why the State Department has not widely deployed basic cyber-security protections, such as multi-factor authentication (MFA). The letter was sent […]

Marriott Hit by Massive Data Breach: 500 Million Starwood Customers Impacted

Marriott International said early Friday that data on roughly 500 million customers staying at Starwood hotel properties had been compromised in a breach that gave unknown attackers access to the Starwood network since 2014. The company said it has not finished identifying duplicate information in the database, but believes it contains information on up to […]

Database Breach Affects 2.6 Million Atrium Health Patients

Atrium Health has reported a massive data breach exposing the PII of more than 2.6 million clients after someone gained access to a database belonging to a third-party vendor. The North Carolina-based healthcare provider stated that AccuDoc Solutions, a vendor providing billing and other services, had informed Atrium on October 1 that an unauthorized person had gained access to […]

Pentagon Fails Its First-Ever Audit, Official Says

The Pentagon has failed what is being called its first-ever comprehensive audit, a senior official said on Thursday, finding U.S. Defense Department accounting discrepancies that could take years to resolve. Results of the inspection – conducted by some 1,200 auditors and examining financial accounting on a wide range of spending including on weapons systems, military […]

Pinpointing Risky Employee Behaviors Enables IT Leaders to Reduce Risk

In the first half of 2018, more than 4.5 billion digital records were compromised in data breaches, according to research from Gemalto’s “2018: Data Privacy and New Regulations Take Center Stage” report. With the value of each lost or stolen record set at roughly $148, the financial and operational impact of data loss has never been […]

Top Australia Defense Firm Reports Serious Cyber Breach

A top Australian defense firm with major US Navy contracts has admitted its personnel files were breached and that it was the subject of an extortion attempt. Austral — which among other things makes small, quick ships for warfare close to shore — said its “data management system” had been infiltrated by an “unknown offender”. […]

Stuxnet is Back, Iran Admits

The infamous malware is back, and it’s “more violent, more advanced and more sophisticated” than ever. A new version of the infamous Stuxnet worm has been used to attack Iranian government networks, according to reports. The famous malware has apparently re-emerged, with Israeli news programme Hadashot stating that Iran “has admitted in the past few […]

10 Critical Security Skills Every IT Team Needs

Focus on hiring talent with the following security skills and your team will be equipped to prevent, protect and mitigate the damage of cybersecurity attacks — and speed recovery efforts.   As hackers become more sophisticated, and attacks more frequent, it’s no longer a matter of if your organization becomes a target, but when. That reality has forced […]

Improving Cybersecurity Culture Requires Clarity, Commitment

Only a third of employees have a sound understanding of their role in their organizations’ security culture.   Okay, so it’s October and that means it’s Cybersecurity Awareness Month.  And, for the past four years, I have maintained that “cybersecurity is everybody’s business.” I maintain this is, in fact, the case. However, it’s clear that, […]

Cyber Command Goes on the Offense to Protect U.S. Election

In the lead up to the mid-term elections next month the U.S. Cyber Command has launched its first ever offensive operation against individual Russians attempting to interfere. Cyber Command The New York Times made the initial report on the operation, and had few details as to what the action included, but indicated the suspected election operatives […]

Another Government System Breached; 75,000 People Affected

The Centers for Medicare & Medicaid Service confirmed a breach. Apple CEO Tim Cook wants Bloomberg to retract the spychip story. A Connecticut city paid a ransom to unlock 23 servers.   On Friday, the Centers for Medicare & Medicaid Service admitted to a breach in which attackers made off with the sensitive and personal information of […]

Hook, Line and Sinker: After Phish Get Caught

Phishing is nearly as old as email, but it is still a major attack vector for cybercriminals. Some of the most prominent cyber incidents of the past few years are the result of phishing attempts. Despite the maturity of this problem, the solutions proposed by the industry during the past decades haven’t been successful. At […]

GAO Report Slams Department of Defense Cybersecurity Practices

Securing the upcoming election against cyberattack or influence is rightfully garnering a great deal of attention, but a recent General Accounting Office (GAO) report indicates the United States is doing a poor job building weapon systems resistant to cyberattack. The report noted that the very aspects that make some of the nation’s most dangerous weapons […]

Nearly All New U.S. Weapons Systems Have ‘Critical’ Cybersecurity Problems, Auditors Say

Almost all of the U.S. military’s newly developed weapons systems suffer from “mission-critical cyber vulnerabilities,” a review of government security audits conducted from 2012 to 2017 found, suggesting military agencies have rushed to computerize new weapons systems without prioritizing cybersecurity. The findings were released Tuesday in a report from the Government Accountability Office. The report drew on […]

Without Handcuffs: Creating A Culture of Compliance

Over the years, I have met with hundreds of security teams. One of the most common complaints, that comes up in meetings with companies of all sizes and across all industries, is that security teams feel helpless to enforce the policies they put in place. Multiple security officers have described it as feeling like “cops […]

October is National Cybersecurity Awareness Month

Connected devices are essential to our professional and personal lives, and criminals have gravitated to these platforms as well. Many common crimes—like theft, fraud, harassment, and abuse—are now carried out online, using new technologies and tactics. Others, like cyber intrusions and attacks on critical infrastructure, have emerged as our dependence on connected systems revealed new […]

JVP, SOSA Partner With City of New York on Cybersecurity Initiative

Called Cyber NYC, the new initiative will receive a $30 million investment from the city of New York and intends to raise an additional sum of up to $70 million from private investors New York City Economic Development Corporation (NYCEDC) announced a new cybersecurity initiative Tuesday, naming Israeli venture capital firm Jerusalem Venture Partners (JVP) […]

White House Touts Release of National Cyber Strategy

Eager to demonstrate a commitment to cybersecurity amidst criticisms over vulnerable election infrastructure, the White House yesterday unveiled its National Cyber Strategy. The plan is divided four “pillars” of strategy: protecting the homeland by fighting cybercrime and fortifying defenses, promoting American prosperity by adding cyber jobs and defending intellectual property, preserving peace through strength by enforcing global […]

State Department Email Breach Leaks Employee PII

The State Department was hit with an email breach which exposed the personal information of some of its employees. The agency sent a notice dated Sept. 7 which described the incident as “activity of concern … affecting less than 1% of employee inboxes” adding the breach did not affect the agency’s classified email server, according […]

Cybersecurity Could Make or Break Defense Contractors’ Chances of Future Awards

Cost, schedule, and performance, the three pillars of defense procurement, may soon be accompanied by a fourth pillar: cybersecurity. As the nature of warfare evolves away from pure kinetic capabilities to the asymmetric, cyber realm, the Department of Defense (“DoD”) has had to grapple with the reality that its defense contractors are prime targets for […]

The Export Control Reform Act and Possible New Controls on Emerging and Foundational Technologies

Key Points ECRA became law on August 13, 2018. It is the permanent statutory authority for the EAR, which is administered by the U.S. Department of Commerce’s BIS. The new law codifies long-standing BIS policies and does not require changes to the EAR, such as to its country-specific licensing requirements. However, as part of the […]

Hiring US Citizens Only for ITAR Compliance Can Violate the Immigration and Nationality Act

The Department of Justice (DOJ), Civil Rights Division, announced on August 29, 2018, its civil settlement with the international law firm, Clifford Chance US LLP, for violations of the Immigration and Nationality Act (INA), 8 U.S.C. 1324b, attributable to Clifford Chance’s overly restrictive interpretation of who can work on projects involving data controlled by the International Traffic […]

Mergers, Acquisitions And Investments Involving U.S. Companies With Chinese & Other Foreign Parties

The United States has enacted laws that expand U.S. government screening of certain transactions involving foreign companies and governments as well as regulation of the transfer and use of sensitive U.S. goods and technologies in the United States and abroad. The impetus for this new legislation is the changed national security landscape resulting from the […]

Meet the man who might have brought on the age of ‘downloadable guns’

During the summer of 2012, Cody Wilson hung around J&J, a car-repair shop run by two “goofy” guys in their late 20s. The Austin warehouse was crowded with engine blocks, car parts and Pelican boxes that never seemed to have been opened, but the 24-year-old came as he pleased, with access to shop machinery. He […]

U.S. Commerce Department says export controls to align with security review legislation

The U.S. Commerce Department said on Friday it has begun a review of export controls that will be aligned with new legislation to strengthen national security reviews of foreign acquisitions of American firms, rather than China-specific curbs. In a statement to Reuters, the department said the review would establish changes to the controls “based on […]