Malware

The proposed voluntary program would let companies feature labels on consumer products that clear certain cybersecurity criteria, helping consumers identify and select items that are less prone to cyber attack.

The attack highlights risks around holiday weekend attacks, targeted software supply chains and the growing popularity of data-theft-based extortion. Still, zero-day exploits comprise only a small slice of extortion attacks.

What could have been a digital quagmire for California’s largest school district served as a chance to hone cyber response and gird its more than 250 applications used by some 1.6 million users.

The state auditor’s office’s new program offers local governments quick assessments of their cyber postures, plus advice for improving. This can help governments get ready while on the waitlist for the state’s more in-depth cyber audits.

A nation-state sponsored actor is using living-off-the-land techniques to hide its activity and spy on U.S. targets, and possibly plan communication disruptions, Microsoft said. CISA and Microsoft released details to help potential victims identify and mitigate the threat.

John Petrozzelli takes over after Stephanie Helm stepped down from the director position in January. He brings cybersecurity experience from his time in the Air Force, FBI and private sector.

The challenges of defending water infrastructure are numerous. Many of the systems in California – and nationwide – are still operating with outdated software, poor passwords and other weaknesses that could leave them at risk.

Dallas officials are working to restore services after the city was hit with a ransomware attack earlier this week. The attack affected multiple systems, including police, courts and 311 as well as multiple city websites.

Passwords are both annoying to use and vulnerable to hackers. Fortunately, big tech is moving to support stronger, easier-to-use passkeys.

Attorney General Chris Carr has announced that the Prosecution Division will be participating in a nationwide investigation into suspected users of Genesis Market, a marketplace known to traffic in the stolen credentials.

The ransomware group that claims to have stolen data from the Modesto Police Department's IT network has started making the information available on its website, a threat analyst reported Wednesday on Twitter.

The Denver FBI field office is warning the public not to use the free public USB device chargers found in hotels, shopping centers and airports. The ports are increasingly being used to deliver malware to personal devices.

County officials have acknowledged that 25-35MB of documents containing HIPAA information were stolen by someone who took control of an employee's computer remotely.

The new National Cybersecurity Strategy reiterates the government’s focus on resilient infrastructure and taking the offensive against hackers. But it also brings a fresh approach to the private sector.

The federal joint advisory details indicators of compromise and tactics, techniques and procedures associated with the disruptive ransomware variant, as well as advising on improving cyber defenses.

The new law requires public schools, local and state government and government contractors to report cyber incidents within 72 hours. The state hopes this will give it better insights and enable faster response and mitigations.

Secure government requires a cyber-aware workforce. Doing it well means helping employees stay safe even outside of work, motivating them around the importance of security and fostering a culture where they feel safe reporting incidents.

The strategy says local and state government and other end users shouldn’t have to shoulder so much cyber risk — and will hold software companies more responsible for secure products.