Cyber Security News

What we’re talking about

lockbit extorsion operation
Cyber Security

Lockbit Extorsion Operation Interrupted by Operation Cronos

The Lockbit extorsion operation was taken down by an international law enforcement effort called “Operation Cronos”.  This action included participation of the FBI, the National Crime Agency of the UK (NCA), and Europol among other organizations.  Actions taken include the UK,s National Crime Agency taking control of the ransomware’s site and the arrest of at

Read More »
KV Botnet
Cyber Security

KV Botnet Disrupted by FBI in Infected SOHO Routers

The FBI has disrupted a KV botnet malware infection instigated by Volt Typhoon, a state sponsored threat actor affiliated with the People’s Republic of China (PRC).  The KV botnet was first identified in December of 2023.  It targeted Cisco and NetGear routers that were were no longer supported by manufacturer software updates.  The court-authorized operation, conducted

Read More »
China Targeting U.S. Infrastructure
Cyber Security

China is Targeting U.S. Infrastructure with Cyberattacks

The Washington Post reported that China is targeting U.S. infrastructure with cyberattacks in a continuing effort to increase its ability to disable critical systems.  The Cybersecurity and Infrastructure Security Agency (CISA) first announced these attacks in May of 2023.  CISA identified the source as Volt Typhoon, a state sponsored hacking group affiliated with China. Chinese

Read More »
Common Cybersecurity Weaknesses for CUI
Cyber Security

Common Cybersecurity Weaknesses for CUI Protection

Recent reports from the Department of Defense (DoD) outline common cybersecurity weaknesses for Controlled Unclassified Information (CUI) protection by contractors.  CUI is information that is possessed or created for the U.S. government that, by law, requires dissemination controls and safeguarding.  These required security controls are specified in NIST SP 800-171.  When prospective contractors respond to

Read More »
DHS Cybersecurity Assessment Criteria
Cyber Security

DHS Cybersecurity Assessment Criteria Announced

DHS cybersecurity assessment criteria has been released that will set the bar for businesses seeking contract awards from the agency.  The U.S. Department of Homeland Security has released this information to ensure that appropriate levels of “cyber readiness” are in place by its vendors.  The DHS plan, released by Chief Information Security Officer Kenneth Bible, is

Read More »
Lawsuit Filed Against Penn State
Cyber Security

Lawsuit Filed Against Penn State for Cybersecurity Claims

A lawsuit filed against Penn State University by the U.S. Department of Justice illustrates the challenges the government faces in instituting effective protection of data.  The suit filed under the False Claims Act (FCA) alleges, that the university misrepresented its adherence to required cybersecurity protocols in the handling of Controlled Unclassified Information (CUI) required.   

Read More »
CUI Document Marking Requirements
Cyber Security

CUI Document Marking Requirements and CMMC 2.0

Controlled Unclassified Information (CUI) document marking requirements apply to a wide range of users who access information related to the U.S. government. CUI  is unclassified information that requires safeguards or dissemination controls in accordance with governmental regulations and policies. CUI is categorized into 20 “Organizational Index Groupings” to address sectors such as Defense, Export Control,

Read More »
#stopransomeware guide update released
Cyber Security

#Stopransomware Guide Update Released 2023

The #Stopransomware Guide update was released in May 2023 jointly by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC). Information in this guide was developed by the Joint Ransomware Task Force (JRTF) which is overseen by the Federal Bureau of Investigation (FBI) and CISA. to help organizations

Read More »
CGP Cloud Solutions
Cyber Security

CGP Cloud Solutions Guidance – Technical Data

The government of Canada has specific Controlled Goods Program (CGP) Cloud Solutions requirements for individuals or organizations that possess or transfer controlled goods and associated technical data.  Technical data includes drawings, blueprints, software, or technical documentation that could be used or adapted for military or space end use.  Cloud service providers that provide storage or

Read More »
GoDaddy Multi-Year Security Breach
Cyber Security

GoDaddy Multi-Year Security Breach

Hosting giant, GoDaddy, has disclosed a Multi-Year Security Breach that has compromised customer security and may cause infection of websites.  This is a noteworthy concern as the company acts as a hosting service for 20 million customers worldwide.  The first breach was reported in November of 2019.  Since this time the company has reported two

Read More »
Tabletop Exercises for Cyber Incident
Cyber Security

Tabletop Exercises for Cyber Incident Response

Tabletop Exercises for Cyber Incident Response teams are effective tools for assessing the ability of an organization to protect and preserve sensitive data.  These exercises engage team members to respond to a variety of scenarios.  This provides an evaluation of the Cyber Incident Response Plan’s technologies, processes, and personnel’s ability to maintain confidentiality, integrity, and

Read More »
Cyber Security

Delays in CMMC 2.0 Final Ruling

As 2023 opens it appears that there may be further delays in CMMC 2.0 reaching a final ruling as the Pentagon considers additional revisions of the proposed rule.  These reconsiderations are, as reported on ClearanceJobs, the result of internal politics and concerns on the impact on businesses.  Because the rule is in proposed status, it

Read More »
maintaining a CMMC program
Cyber Security

Maintaining a CMMC Program – Best Practices

Maintaining a CMMC program requires that organizations engage management system principles in their daily cybersecurity programs.  These activities will be essential for Department of Defense (DoD) contractors to remain compliant. Current CMMC Requirements Currently CMMC 2.0 requirements are divided into three levels of compliance: CMMC Level 1 – Foundational is comprised of the 17 practices

Read More »
Huawei and ZTE
Cyber Security

Huawei and ZTE Designated Threats to Security

The Federal Communications Commission (FCC) and Homeland Security Bureau have designated Huawei and ZTE as threats to U.S. national security.  Because both Chinese companies are subject to the Chinese Communist Party, they are required by law to cooperate with China’s intelligence gathering activities.  China has developed an arsenal of cyber capabilities to target U.S. information

Read More »
FBI Concerns about TikTok
Cyber Security

FBI Concerns About TikTok User Data

FBI concerns about TikTok’s use of U.S. citizens’ user data were conveyed to the House Committee on Homeland Security by Director Christopher Wray.  The Chinese owned social media app currently has over one billion monthly users.  Among the FBI’s concerns is that the Chinese government could conduct influence operations with the app or use it

Read More »
IoT Product Labeling Program
Cyber Security

IoT Product Labeling Program for Cybersecurity

In an effort to improve cybersecurity in the United States, the National Institute of Standards and Technology (NIST), Federal Trade Commission (FTC) and other federal government agencies are initiating an Information of Things (IoT) product labeling program for consumer devices.  This action is being taken as part of Executive Order (EO) 14028 to improve the

Read More »