“TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.Read More Turla APT Plants Novel Backdoor In Wake of Afghan Unrest
Data breaches have reached a fever pitch over the last few years. The rapid frequency of successful attacks coupled with the rising costs to businesses has raised attention at the highest levels of global governments. In the past, breaches were re…Read More Cybersecurity Maturity Model Certification (CMMC) – A Model for Everyone
Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits.Read More Europol Breaks Open Extensive Mafia Cybercrime Ring
A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.Read More Authorities Arrest Another TrickBot Gang Member in South Korea
For the last few years, I’ve been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API. Today, I’m very happy to welcome the Czech Republic’s National Cyber and Information SecurityRead More Welcoming the Czech Republic Government to Have I Been Pwned
Today I’m very happy to welcome the national Turkish CERT to Have I Been Pwned, TR-CERT or USOM, the National Cyber Incident Response Center. They are now the 26th government to have complete and free API level access to query their government domains.
Providing governments withRead More Welcoming the Turkish Government to Have I Been Pwned
Marking the 25th national CERT to have full and free API level access to in HIBP, I’m very happy to welcome CERT-IL in the Israel National Cyber Directorate (INCD) on board. They join many other governments around the world in having access to data impacting their departments amongstRead More Welcoming the Israeli Government to Have I Been Pwned
President Biden signed an executive order Wednesday to modernize the country’s defenses against cyberattacks and give more timely access to information necessary for law enforcement to conduct investigations. […]Read More Biden issues executive order to increase U.S. cybersecurity defenses
NY’s AG: Millions of fake comments – in favor and against – came from a secret broadband-funded campaign or from a 19-year-old’s fake identities.Read More 80% of Net Neutrality Comments to FCC Were Fudged
A large-scale incident earlier this week against Belnet and other ISPs has sent a wave of internet disruption across numerous Belgian government, scientific and educational institutions.Read More Massive DDoS Attack Disrupts Belgium Parliament
The US Defense Department and third-party military contractors are being advised to strengthen the security of their operational technology (OT) in the wake of security breaches, such as the SolarWinds supply chain attack. The guidance comes from the N…Read More NSA offers advice: connecting OT to the rest of the net can lead to “indefensible levels of risk”
‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.Read More Feds Shut Down Fake COVID-19 Vaccine Phishing Website
The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.Read More Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs
The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks. A Step Up for Federal Procurement According to NPR, the executive order that’s being drafted …Read More Biden Administration Drafting EO to Help U.S. Gov’t Secure Digital Supply Chain
Oliver Tavakoli, CTO of Vectra AI, discusses the massive supply-chain hack’s legacy and ramifications for security professionals.Read More Is the SolarWinds Hack Really a Seismic Shift?
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations.Read More Multi-Gov Task Force Plans to Take Down the Ransomware Economy
Information stolen in April 10 ransomware attack was posted on a dark web portal and includes private documents not published as part of public records.Read More DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down
Today I’m very happy to announce the arrival of the 15th government to Have I Been Pwned, Romania. As of now, CERT-RO has access to query all Romanian government domains across HIBP and subscribe them for future notifications when subsequent data breaches affect aliases on those domains.
Romania joins aRead More Welcoming the Romanian Government to Have I Been Pwned
Continuing my efforts to make more breach data available to governments after data breaches impact their domains, I’m very happy to welcome Luxemburg aboard Have I Been Pwned. More specifically, the CERT of the Grand Duchy of Luxemburg (govcert.lu) now has free API level access to query their nationalRead More Welcoming the Luxemburg Government CERT to Have I Been Pwned
Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchan…Read More How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls
Another month, another national government to bring onto Have I Been Pwned. This time it’s the Ukrainian National Cybersecurity Coordination Center who now has access to monitor all their government domains via API domain search, free of charge.
Ukraine is now the 13th government to be onboarded to HIBP’s serviceRead More Welcoming the Ukrainian Government to Have I Been Pwned
Vietnam joins the ranks of governments using spyware to crack down on human-rights defenders.Read More Cyberattacks Launch Against Vietnamese Human-Rights Activists
Millions of COVID-19 test reports were found to be publicly accessible due to flawed online system implementation. […]Read More Over 8 million COVID-19 test results leaked online
The US Federal Reserve suffered a massive IT systems outage today that prevented wire transfers, ACH transactions, and other services from operating. […]Read More Federal Reserve nationwide outage impacts US banking system
The US Federal Reserve suffered a massive IT systems outage today that prevented wire transfers, ACH transactions, and other services from operating. […]Read More Federal Reserve nationwide outage impact US banking system
On Feb 5th, 2021, a hacker gained remote access to a water treatment plant in Oldsmar, Florida, and was able to adjust the amount of sodium hydroxide in the water from 100 parts per million to 11,100. Thanks to the physical fail-safes and alarm systems…Read More U.S. municipalities are the perfect target for cybercriminals in 2021
The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013.Read More Cybercriminal Enterprise ‘Ringleaders’ Stole $55M Via COVID-19 Fraud, Romance Scams
This week a report has revealed details on the two spyware strains leveraged by state-sponsored threat actors during the India-Pakistan conflict.
The malware strains named Hornbill and SunBird have been delivered as fake Android apps (APKs) by the Co…
Speaking at Technicity West, a digital conference that brought together some of the brightest technology leaders in Western Canada on February 9, 2021, Mayor Nenshi reminded his audience just how quickly COVID-19 overturned our world.
The post Calgary …
Quantum computing is the next frontier in computer science. It can bring untold benefits, allowing the development of new materials, tackling pandemics and making the world a greener, safer place. But it also threatens to break the encryption that keeps our data safe from prying eyes. France’s recent announcement to invest €1.8b into Europe’s quantum […]
The post Europe’s Quantum Story is Accelerating, and the World Will be Better for it appeared first on McAfee Blogs.Read More Europe’s Quantum Story is Accelerating, and the World Will be Better for it
The $2.2 million funding will bring high-speed internet to 310 underserved households in the Niagara region.
The post Government funded high-speed internet coming to rural Niagara region first appeared on IT World Canada.
Last month, I discussed the FedRAMP program’s basics and why it’s such a big deal for the federal government. In short, the program protects the data of U.S. citizens in the cloud and promotes the adoption of secure cloud services across the government with a standardized approach. But within the FedRAMP program, there are different authorizations. We’re […]
The post McAfee MVISION for Endpoint is FedRAMP Moderate As Federal Cloud Usage Continues to Rise appeared first on McAfee Blogs.Read More McAfee MVISION for Endpoint is FedRAMP Moderate As Federal Cloud Usage Continues to Rise
Organizations across the country – from the private sector to the federal government – have become more digital, especially following the shift to remote work this year. It’s no surprise that cybercriminals around the world have taken notice. According to a new report by McAfee and the Center for Strategic and International Studies (CSIS), cybercrime is now […]Read More The Hidden Costs of Cybercrime on Government
Government and Private Sector organizations are transforming their businesses by embracing DevOps principles, microservice design patterns, and container technologies across on-premises, cloud, and hybrid environments. Container adoption is becoming mainstream to drive digital transformation and business growth and to accelerate product and feature velocity. Companies have moved quickly to embrace cloud native applications and infrastructure […]
The post Securing Containers with NIST 800-190 and MVISION CNAPP appeared first on McAfee Blogs.Read More Securing Containers with NIST 800-190 and MVISION CNAPP
Today’s U.S. government is in a race to modernize its IT infrastructure to support ever more complicated missions, growing workloads and increasingly distributed teams—and do so facing a constantly evolving threat landscape. To support these efforts, McAfee has pursued and received a Federal Risk and Authorization Management Program (FedRAMP) Authorization designation for McAfee MVISION for […]
The post McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements appeared first on McAfee Blogs.Read More McAfee MVISION Solutions Meet FedRAMP Cloud Security Requirements
Malicious actors are increasingly taking advantage of the burgeoning at-home workforce and expanding use of cloud services to deliver malware and gain access to sensitive data. According to an Analysis Report (AR20-268A) from the Cybersecurity and Infrastructure Security Agency (CISA), this new normal work environment has put federal agencies at risk of falling victim to […]
The post How CASB and EDR Protect Federal Agencies in the Age of Work from Home appeared first on McAfee Blogs.Read More How CASB and EDR Protect Federal Agencies in the Age of Work from Home
Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing […]
The post Data-Centric Security for the Cloud, Zero Trust or Advanced Adaptive Trust? appeared first on McAfee Blogs.Read More Data-Centric Security for the Cloud, Zero Trust or Advanced Adaptive Trust?
If you are someone who works for a cloud service provider in the business of federal contracting, you probably already have a good understanding of FedRAMP. It is also likely that our regular blog readers know the ins and outs of this program. For those who are not involved in these areas, however, this acronym […]Read More FedRAMP – What’s the Big Deal?
In January 2020, McAfee released the results of a survey establishing the extent of the use of .GOV validation and HTTPS encryption among county government websites in 13 states projected to be critical in the 2020 U.S. Presidential Election. The research was a result of my concern that the lack of .GOV and HTTPS among […]
The post US County Election Websites (Still) Fail to Fulfill Basic Security Measures appeared first on McAfee Blogs.Read More US County Election Websites (Still) Fail to Fulfill Basic Security Measures
As Congress prepares to return to Washington in the coming weeks, finalizing the FY2021 National Defense Authorization Act (NDAA) will be a top priority. The massive defense bill features several important cybersecurity provisions, from strengthening CISA and promoting interoperability to creating a National Cyber Director position in the White House and codifying FedRAMP. These are […]
The post NDAA Conference: Opportunity to Improve the Nation’s Cybersecurity Posture appeared first on McAfee Blogs.Read More NDAA Conference: Opportunity to Improve the Nation’s Cybersecurity Posture
In today’s ever expanding IT ecosystem, how do you know whether your data is really secure? It’s a critical question. The numbers tell us so: Over 169 million personal records…Read More Data Security – What You Don’t Know Can Hurt You