Government information security management
- April 01, 2020
HackerOne has cut ties with Voatz, but the mobile voting vendor disputed reports that it was kicked off the bug bounty platform following controversy with security researchers.
- March 31, 2020
The U.S. Federal Trade Commission warned nine voice over IP companies that 'assisting and facilitating' illegal robocalls related to COVID-19 is against the law.
- March 19, 2020
This week's Risk & Repeat podcast looks at the disruption caused by COVID-19, as well as the sharp increase in cyberthreats designed to exploit the pandemic.
- March 17, 2020
Experts fear that coronavirus-themed threats will escalate to ransomware attacks, and such attacks will disrupt response efforts at hospitals and city, state and local governments.
- March 13, 2020
A ransomware attack shut down Champaign-Urbana's public health website, hindering the city's ability to provide information and updates on the Coronavirus pandemic.
- February 28, 2020
Four panelists discussed the ban on the world's largest telecommunications equipment manufacturer in relation to to supply chain risk.
- February 20, 2020
MIT researchers contested claims that Voatz's voting app used blockchain technology to provide secure voting. Voatz responded, but questions about the company's technology remain.
- February 17, 2020
This week's Risk & Repeat podcast discusses RSA Conference's decision to move ahead with the show after the cancellation of Mobile World Congress over coronavirus concerns.
- February 13, 2020
Security researchers at MIT claim a mobile e-voting app piloted in several state elections is insecure, but the vendor has aggressively pushed back on the findings.
- January 15, 2020
Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA.
- December 16, 2019
The city of New Orleans declared a state of emergency as the government tries to get systems back online following a ransomware attack Friday morning.
- December 12, 2019
The U.S. Department of Defense has developed a five-level certification framework designed to vet the cybersecurity posture of potential contractors in an effort to avoid future risks.
- November 19, 2019
A ransomware attack on Louisiana government systems has been contained, according to Governor John Bel Edwards, and experts are praising the state's response.
- September 26, 2019
The U.S. Air Force is eyeing an expansion of its bug bounty efforts after partnering with Bugcrowd on a three-month pilot program for its cloud platform.
- June 12, 2019
As local and state governments continue to tackle the evolving threat landscape, experts share tips on how to improve security posture and highlight the resources available for help.
- May 31, 2019
State and local governments are experiencing a rise in ransomware attacks. Experts sound off on what's triggering this trend and offer best practices for defense.
- May 23, 2019
Ahead of the 2020 elections, Microsoft unveiled ElectionGuard, an open source SDK designed to provide end-to-end verification of electronic voting machine results.
- May 16, 2019
U.S. businesses are barred from dealing with Huawei following an executive order from the White House and the additions of Huawei and its affiliates to a trade blacklist.
- May 01, 2019
A new DHS directive placed new deadlines on patching critical vulnerabilities for federal agencies and experts are divided on whether the timelines are reasonable and realistic.
- March 15, 2019
The NSA's reverse-engineering tool, Ghidra, was released to the public and despite some initial concerns experts are generally bullish on the prospects for the free software.
- March 06, 2019
At the recent RSA Conference, FBI Director Christopher Wray called for public-private partnerships to fend off cyberadversaries and threats.
- January 17, 2019
In addition to putting government agencies at risk, the shutdown has impacted federal security services and resources that the private sector relies on to keep enterprises safe.
- January 17, 2019
As the shutdown continues, experts believe government cybersecurity will become more vulnerable, and government IT staff could leave for the private sector.
- January 16, 2019
This week's Risk & Repeat podcast looks at the expiration of more than 80 TLS certificates for U.S. government websites amid the ongoing government shutdown.
- January 08, 2019
The National Security Agency plans to release an open source version of its GHIDRA reverse engineering tool during RSA Conference in March, but details about the tool are scarce.
- December 20, 2018
Limited details leave questions surrounding a possible NASA data breach that could have compromised Social Security numbers for current and former employees.
- December 13, 2018
This week's Risk & Repeat podcast looks at the recently disclosed cyberattack on the National Republican Congressional Committee and the questions that remain about it.
- November 16, 2018
News roundup: Three years after the OPM data breach, the agency still hasn't implemented basic security. Plus, seven new Meltdown, Spectre attacks were uncovered, and more.
- November 08, 2018
The Cyber National Mission Force will share unclassified U.S. Cyber Command malware samples to VirusTotal and one expert hopes there will be more action taken to help researchers.
- October 23, 2018
Malicious actors attacked a back-end insurance system and the resulting Healthcare.gov breach exposed an unknown amount of data on 75,000 people.
- October 19, 2018
News roundup: The Facebook hack was the work of spammers, according to The Wall Street Journal. Plus, 35 million voter records are for sale on the dark web, and more.
- October 19, 2018
This week's Risk & Repeat podcast discusses the GAO report on vulnerabilities and weaknesses in modern weapons systems and what they mean for the U.S. military.
- October 16, 2018
The Department of Defense said a Pentagon data breach exposed travel records for approximately 30,000 military and civilian personnel, but the investigation is still in progress.
- October 11, 2018
A U.S. Government Accountability Office report gave failing grades to military weapon systems cybersecurity, but some experts say the report should be a source of encouragement.
- October 09, 2018
The government domain registrar -- DotGov -- began rolling out two-factor authentication for officials managing .gov domains in order to mitigate against DNS hijacking.
- October 05, 2018
News roundup: A Bloomberg report claimed China infiltrated U.S. companies and government agencies through tiny Supermicro chips on motherboards. Plus, a new Telegram flaw and more.
- October 01, 2018
FBI, DHS call on users to mitigate Remote Desktop Protocol vulnerabilities and handle RDP exploits on their own, even as the "going dark" campaign continues unabated.
- September 25, 2018
Microsoft announced that, six months after its introduction, the Cybersecurity Tech Accord has nearly doubled its membership and partnered with the Global Forum on Cyber Expertise.
- September 21, 2018
The new National Cyber Strategy released by the White House details plans for improving cybersecurity and garners positive early reviews from experts for its comprehensiveness.
- September 21, 2018
A State Department data breach involving the agency's unclassified email system may have been due to a lack of multi-factor authentication, according to one expert.
- August 30, 2018
In a letter to DHS and MITRE, Congress said CVE program management has been 'insufficient' and called for the program to receive more consistent funding and additional oversight.
- August 17, 2018
The Vote Hacking Village at Defcon 26 in Las Vegas was an overwhelming jumble of activity -- a mock vote manipulated, children hacking election results websites, machines being disassembled -- and ...
- August 09, 2018
At Black Hat 2018, security researcher Carsten Schuermann unveiled the results of a forensic analysis of eight WinVote voting machines that had been used in Virginia elections.
- July 31, 2018
The deadline for full DMARC implementation in U.S. government-owned domains is less than three months away, and only half of the domains have the correct policy in place.
- July 27, 2018
Senator Ron Wyden wrote a letter to multiple government agencies advocating that the entire U.S. government stop Adobe Flash use on all systems due to security risks.
- June 29, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the risks of the U.S. Cyber Command engaging in offensive cyberattacks against foreign adversaries.
- June 21, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Protecting American Votes and Elections Act of 2018, which requires paper ballots and audits.
- June 20, 2018
The Pentagon reportedly approved the use of offensive cyberattacks by the U.S. Cyber Command, and one expert said enterprises should be ready to handle the 'return fire.'
- June 15, 2018
News roundup: Following a vote by the European Parliament to implement a Kaspersky ban in the EU, Kaspersky announced it would halt ties with the No More Ransom project and Europol.
- June 07, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent federal cybersecurity report, which found the majority of agencies have significant security gaps.
- June 01, 2018
The 'Federal Cybersecurity Risk Determination Report and Action Plan' shows the majority of federal agencies are at risk, and DHS suggests a lack of leadership may be to blame.
- May 30, 2018
The latest semiannual Apple transparency report showed national security requests on the rise and one expert questioned whether Apple could do more to be open about requests.
- May 11, 2018
News roundup: A controversial cybersecurity bill was vetoed by Georgia's governor this week after pressure from Microsoft and Google. Plus, IBM banned USB drives, and more.
- April 20, 2018
The ACLU's Jennifer Granick took government hacking to task at the OURSA Conference this week, calling out mass surveillance techniques and the limited scope of search warrants.
- April 11, 2018
Find out what's happening at the information security industry's biggest event with breaking news and analysis by the SearchSecurity team at the RSA Conference 2018 in San Francisco.
- March 09, 2018
A DHS cybersecurity audit for FISMA compliance by the Office of Inspector General rated the agency below target levels in three of five areas of information security.
- March 08, 2018
Researchers discovered evidence of an NSA tracking program designed to watch nation-state hackers and gather information as attacks were in progress.
- January 09, 2018
Federal agencies opened public comments on a draft botnet security report born from the 2017 White House cybersecurity executive order, and experts are generally favorable.
- January 05, 2018
News roundup: A DHS data breach exposed PII of 250,000 federal employees, as well as investigative data from 2002 to 2014. Plus, a new bill aims to nix paperless voting, and more.
- December 07, 2017
A new initiative plans Army cyber officer hiring over the course of five years, but experts are skeptical it can attract the best candidates away from the private sector.
- December 04, 2017
The former NSA employee reportedly responsible for exposing classified data to Russian government hackers pleaded guilty and faces a maximum of 10 years in prison.
- December 01, 2017
Exposed data included new information on the NSA Ragtime intelligence-gathering program, but it is unclear if the evidence proves Americans were targeted.
- November 30, 2017
Yet another publicly accessible cloud storage bucket exposed government data; this time it was an NSA data leak which included information on an Army intelligence project.
- November 02, 2017
Two senators introduced a bipartisan election security bill called the SAVE Act, which aims to improve voting infrastructure and harden state systems against attack.
- November 01, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent push from law enforcement officials for responsible encryption and what that may mean.
- October 20, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss DEFCON's efforts to improve voting machine security in the wake of hacking threats during the 2016 election.
- October 12, 2017
The first official report on voting machine hacking from DEFCON suggests the need for pen testing, basic security guidelines and cooperation from local and federal governments.
- September 27, 2017
In this week's 'Risk & Repeat' podcast, SearchSecurity editors discuss the U.S. government's Kaspersky ban and how competitors like McAfee are trying to capitalize on it.
- September 21, 2017
The U.S. Securities and Exchange Commission admitted a 2016 breach that was previously undisclosed may have enabled threat actors to engage in illegal stock trades.
- September 15, 2017
News roundup: DHS has banned Kaspersky software from use in government systems. Plus, the commonwealth of Virginia decided to do away with touchscreen voting machines, and more.
- August 25, 2017
News roundup: John McCain, NIAC and others called out the administration for not doing enough on U.S. government cybersecurity. Plus, the Ropemaker exploit alters emails, and more.
- August 23, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors examine claims from intelligence veterans that the DNC hack was an inside job, and not the work of Russian hackers.
- August 18, 2017
Former CIA officer Valerie Plame discusses why America's cyberdefense is lagging behind -- and what the government and private sector should do to reverse the trend.
- August 18, 2017
The U.S. Defense Intelligence Agency wants to isolate, study, customize and re-engineer malware from adversaries to be used as its own offensive cyberweapons.
- August 11, 2017
News roundup: The FBI Next Generation Identification biometrics database is exempt from the Privacy Act. Plus, Salesforce fired two top staffers after DEFCON, and more.
- August 10, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors look back at DEFCON 2017's voting machine hacking and what it could mean for the future of U.S. election security.
- August 04, 2017
News roundup: U.S. Senators introduce a bipartisan bill to standardize IoT device security for government vendors. Plus, Anthem suffers another data breach, and more.
- August 02, 2017
DEFCON attendees were successful in hacking voting machines and now that there is proof the systems are insecure, more work needs to be done to change election laws and practices.
- July 28, 2017
At Black Hat 2017, security researcher Matt Suiche analyzed the Shadow Brokers dumps, postings and behavior to get to the bottom of one of the infosec industry's biggest questions.
- July 21, 2017
News roundup: The Defending Digital Democracy project brings together security experts to tackle election security. Plus, government shake-ups could hit cybersecurity, and more.
- June 23, 2017
The Brutal Kangaroo USB malware leaked from the CIA's Vault 7 could pose a threat to air-gapped computers if hackers reverse-engineer it.
- June 21, 2017
A massive voter database RNC leak underscores the poor cloud security practices in place in the U.S. government and many enterprises.
- June 16, 2017
The latest WikiLeaks release on CIA hacking tools includes the CherryBlossom project, which highlights router security issues, including a lack of firmware signing validation.
- June 14, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss former FBI Director James Comey's testimony on election hacking and election interference from Russia.
- June 08, 2017
The EternalBlue exploit behind the WannaCry ransomware attacks has been successfully ported to an older version of Windows 10, but newer versions of the OS are protected.
- June 07, 2017
A new NSA leak allegedly shows Russian agents engaged in election cyberattacks against local U.S. governments and proves people are still the hardest cybersecurity risk to mitigate.
- June 02, 2017
A new cybersecurity law in China highlights the trend of inconsistent international data privacy laws being enacted around the world.
- May 31, 2017
The prospect of monthly NSA cyberweapons leaks in new Shadow Brokers dump raises questions about the ethics of paying criminals for stolen goods.
- May 24, 2017
Following the worldwide impact of WannaCry, EternalRocks arrived abusing seven NSA cyberweapons but holding back on its malicious intent.
- May 18, 2017
This week's Risk & Repeat podcast looks at President Trump's cybersecurity executive order and how it aims to address federal government and critical infrastructure issues.
- May 17, 2017
The bipartisan PATCH Act aims to codify the Vulnerabilities Equities Process into law in the wake of a global ransomware attack based on a stolen NSA cyberweapon.
- May 16, 2017
Microsoft blames the U.S. government for cyberweapon stockpiling as WannaCry ransomware infections continue to spread, though some experts say Microsoft shares responsibility.
- May 12, 2017
The Trump cyber executive order arrived, with a focus on cyber-risk management and reports. But key details are missing in terms of implementing changes.
- May 02, 2017
The NATO Locked Shields cyberwar games had the U.S. team winning most improved, but experts say the U.S. still needs more practice.
- April 28, 2017
News roundup: A cybersecurity executive order overdue, but 'close and nearby.' Plus, the USPTO says it will stop using HTTPS; a teenage hacker sentenced to prison; and more.
- April 07, 2017
News Roundup: 'Hand-to-hand' combat in State Department hack, APT29 has a stealth backdoor, the creator of the internet backs strong encryption, and more.
- April 06, 2017
The U.S. government says it wants to improve threat intelligence sharing between the public and private sectors, but experts are unsure that is possible in the current climate.
- March 31, 2017
Another set of documents from the Vault 7 CIA cache was released by WikiLeaks, but experts say the allegations of false flag attacks are unfounded and dangerous.
- March 31, 2017
A cyber executive order from the Obama era has been extended by President Trump to allow sanctions placed on cybercriminals who attack the U.S.
- March 30, 2017
FBI Director James Comey clearly laid out his views on strong encryption and urged more conversation, but experts say his arguments fall flat and may even be misleading.