TSA to impose cybersecurity mandates on railroad and aviation industries

The Transportation Security Administration will impose new cybersecurity mandates on the railroad and airline industries, including reporting requirements as part of a department effort to force compliance in the wake of high-profile cyberattacks on critical industries, Homeland Security Secretary Alejandro Read More …

FTC warns companies to remediate Log4j security vulnerability

Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe Read More …

What the Rise in Cyber-Recon Means for Your Security Strategy

As we move into 2022, bad actors are ramping up their reconnaissance efforts to ensure more successful and more impactful cyberattacks. And that means more zero-day exploits are on the horizon. When seen through an attack chain such as the Read More …

Albanian Army to establish a unit for cyber defense

The Department of Defense has launched a project in collaboration with US military cyber security partners, creating greater protection against external attacks that may occur in the future. This was announced by the Minister of Defense, Niko Peleshi from Elbasan Read More …

West Virginia State workers to be paid on time despite ransomware attack

West Virginia state workers will be paid on schedule this week, despite a ransomware attack that recently crippled a software provider that helps manage time and leave for more than 35,000 state employees. The State Auditor’s Office reassured employees Monday Read More …

Fulfilling Security Requirements for the Transportation Sector

Protecting our critical infrastructure against the threat of ransomware remains a top priority for both the private sector and the federal government. In fact, a recent survey from Tripwire found that security professionals in both sectors still identify ransomware as Read More …

What to Do About Log4j

Log4j poses some deep challenges to IT. In this article I’ll discuss some tactical measures people are already taking now and over the next week or two, and some strategic guidance for what to do after the immediate crisis abates. Read More …

Readout Of CISA Call With Critical Infrastructure Partners On Log4j Vulnerabilities And The Need For Increased Vigilance This Holiday Season

WASHINGTON – This afternoon, the Cybersecurity and Infrastructure Security Agency (CISA) held a call with critical infrastructure entities from the public and private sectors to emphasize the importance of remaining vigilant against cyber threats over the holiday season, particularly with Read More …

Revisiting the Relevance of the Industrial DMZ (iDMZ)

If you enter the term “Purdue Model” into your favorite search engine, the resulting images will vary considerably. There’s almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level Read More …