Cybersecurity and Government - Information Management Today

Government contractor Conduent disclosed a data breach

Security Affairs

APRIL 16, 2025

Due to the complexity of the files, the Company engaged cybersecurity data mining experts to evaluate the exfiltrated data and was recently informed of its nature, scope and validity, confirming that the data sets contained a significant number of individuals personal information associated with our clients’ end-users.”

Data breaches

Data breaches Government Business Services Personal data

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

If you want a digital presence that will be around for the next ten years, scalability, growth, and digitization need to be tempered with a healthy dose of credential-centered cybersecurity. Zero Trust is a comprehensive security framework that fundamentally changes how organizations approach cybersecurity.

B2B

B2B Cybersecurity Risk Access

Cybersecurity in the UK: Government Sees Improvements Slow

Data Breach Today

MARCH 20, 2024

Survey Finds Too Many Under-Engaged Boards, Reactive Attitudes, Low Appetite for AI The pace of cybersecurity improvements has stagnated at many Britain organizations over the past year, driven in part by budget and staffing challenges, according to a new U.K.

Cybersecurity

Cybersecurity Government

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

BlackLock Ransomware Targeted by Cybersecurity Firm

Security Affairs

MARCH 26, 2025

Cybersecurity experts were able to exploit misconfiguration in vulnerable web-app used by ransomware operators to publish victims data – leading to clearnet IP addresses disclosure related to their network infrastructure behind TOR hidden services (hosting them) and additional service information acquired from server-side.

Ransomware

Ransomware Cybersecurity Government IT

Zero Trust Mandate: The Realities, Requirements and Roadmap

Government agencies can no longer ignore or delay their Zero Trust initiatives. and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines. The DHS compliance audit clock is ticking on Zero Trust.

Cybersecurity

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government Authentication Cybersecurity Data breaches

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Security Affairs

DECEMBER 3, 2024

Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 The investigation into the security breach is still ongoing and the company is remediating the incident with the help of external cybersecurity specialists. million year-to-date.

Ransomware

Ransomware Encryption Cybersecurity Access

DOD Failing to Fix Critical Cybersecurity Gaps, Report Says

Data Breach Today

JULY 15, 2024

GAO: Department Lacks Cybersecurity Strategies for Major Business IT Programs The U.S.

Cybersecurity

Cybersecurity Government IT

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” Despite the ban on military and government devices, Ukrainian users rely heavily on Telegram to communicate and receive news on ongoing conflicts. ” continues the announcement.

Military

Military Government Personal data Phishing

Beware of Pixels & Trackers on U.S. Healthcare Websites

This report offers insights for cybersecurity, compliance, and privacy executives at healthcare organizations, as well as for policymakers and auditors.

Cybersecurity

NIST Unveils Second Iteration of Cybersecurity Framework

Data Breach Today

FEBRUARY 26, 2024

New CSF Adds 'Governance' to Core Functions Cybersecurity guidance for the private sector published by the U.S. The revised Cybersecurity Framework focuses on governance and says cybersecurity threats are a major source of enterprise risk.

Cybersecurity

Cybersecurity Government Risk IT

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

Wojtasiak Mark Wojtasiak , VP of Research and Strategy, Vectra AI In the coming year, well see the initial excitement that surrounded AIs potential in cybersecurity start to give way due to a growing sense of disillusionment among security leaders. The SEC Cybersecurity Disclosure Rule highlights transparency in governance.

Compliance

Compliance Cybersecurity Risk Privacy

Are Cybersecurity Performance Measures Realistic?

Data Breach Today

FEBRUARY 5, 2024

Government Watchdog Urges ONCD to Develop Outcome-Oriented Performance Measures A government watchdog urged the White House to establish metrics that would help determine the effectiveness of federal cybersecurity initiatives, but it's a lot easier to recommend developing outcome-oriented performance measures for cybersecurity than it is to actually (..)

Cybersecurity

Cybersecurity Government IT

US government imposed sanctions on six Iranian intel officials

Security Affairs

FEBRUARY 4, 2024

The US government issued sanctions against six Iranian government officials linked to cyberattacks against critical infrastructure organizations. The Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) is an organization within the Iranian government responsible for cybersecurity and cyber warfare.

Government

Government Manufacturing Ransomware Cybersecurity

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

Security Affairs

OCTOBER 23, 2024

The charges result from an investigation conducted by the US government into public companies potentially impacted by the supply chain attack on SolarWinds’ Orion software. The four companies agreed to stop future violations, pay penalties, and improve cybersecurity controls without admitting guilt.

Cybersecurity

Cybersecurity Risk Access Government

EU Enhances Cybersecurity Requirements for Agencies

Data Breach Today

JANUARY 10, 2024

Cyber Regulation Requires EU Agencies to Assess Risks and Report Incidents The European Union adopted regulations on cyber hygiene intended to beef up cybersecurity at EU government agencies amid concerns that trading bloc institutions have failed to keep pace with mounting digital threats.

Cybersecurity

Cybersecurity Risk Government

The US Government Has a Microsoft Problem

WIRED Threat Level

APRIL 15, 2024

Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.

Government

Government Cybersecurity IT Security

Exploding Hezbollah Pagers Not Likely a Cybersecurity Attack

Data Breach Today

SEPTEMBER 17, 2024

Cybersecurity Experts Say Operatives Probably Intercepted Physical Supply Chain It doesn't appear to be a cyberattack, security experts said of the hundreds of pagers that blew up Tuesday across Lebanon, an apparent salvo against Hezbollah militants by the Israeli government.

Cybersecurity

Cybersecurity Government Security IT

Australian Law Firm Hack Affected 65 Government Agencies

Data Breach Today

SEPTEMBER 18, 2023

Australian Federal Police, Department of Home Affairs Reportedly Among the Victims An April ransomware attack against one of Australia's largest law firms swept up the data of 65 Australian government agencies, the country's national cybersecurity coordinator said Monday.

Government

Government Ransomware Cybersecurity

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

A leak suggests that Chinese cybersecurity firm TopSec offers censorship-as-a-service services, it provided bespoke monitoring services to a state-owned enterprise facing a corruption scandal. SentinelLABS researchers analyzed a data leak that suggests that the Chinese cybersecurity firm TopSec offers censorship-as-a-service services.

Cybersecurity

Cybersecurity Government Cloud Security

Cybersecurity giant Fortinet discloses a data breach

Security Affairs

SEPTEMBER 12, 2024

Fortinet has been actively contributing to Australia’s cybersecurity landscape, recently submitting recommendations for the 2023–2030 Australian Cyber Security Strategy. It is unclear if the Australian federal government or critical infrastructure was impacted due to the incident.

Data breaches

Data breaches Cybersecurity Cloud Access

DOJ Lawsuit Accuses Georgia Tech of Cybersecurity Failures

Data Breach Today

AUGUST 23, 2024

New Lawsuit Alleges Georgia Tech Submitted 'False' Cybersecurity Score to DOD The Justice Department intervened in a whistleblower lawsuit against the Georgia Institute of Technology and the Georgia Tech Research Corp. for allegedly failing to implement federally required cybersecurity protections while overseeing sensitive government data.

Cybersecurity

Cybersecurity Government

Feds Tackling Information Security in Government Procurement

Data Breach Today

APRIL 1, 2024

GSA Establishes Framework for Security Regulations Covering Federal Acquisitions The federal government aims to streamline its information security and supply chain security procurement policies as part of an effort to better safeguard federal systems.

Information Security

Information Security Government Security Cybersecurity

Report Suggests CISA Should Dominate Federal Cybersecurity

Data Breach Today

OCTOBER 24, 2023

Federal Civilian Agencies 'Are Likely to Resist This Dramatic Change,' Report Says A study of federal government cybersecurity suggests the Department of Homeland Security could play a more prominent role in securing civilian networks, in a report that touts a "more centralized defensive strategy."

Cybersecurity

Cybersecurity Military Government Security

Breach Roundup: US FCC Authorizes IoT Cybersecurity Label

Data Breach Today

MARCH 14, 2024

Also: Catching Up With Spain's Most Dangerous Hacker This week, the FCC OK'd cybersecurity labeling, DarkGate exploited Google, Fortinet patched a bug, cyberattacks hit the French government and employment agencies, Google restricted Gemini AI chatbot and paid bug bounties, Microsoft had Patch Tuesday, Marine Max was attacked, and Alcasec moved on. (..)

Cybersecurity

Cybersecurity IoT Government

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

The government agencies warn that the Russian APT29 group has the capability and intent to exploit more CVEs for initial access, remote code execution, and privilege escalation. “SVR cyber actors have exploited vulnerabilities at a mass scale to target victims worldwide across a variety of sectors” reads the joint advisory.

Data collection

Data collection Authentication Access Cybersecurity

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. Joe Nicastro , Field CTO, Legit Security Nicastro Transparency in cybersecurity remains a complex balancing act.

Cybersecurity

Cybersecurity Risk Government Compliance

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., French law enforcement and cybersecurity firm Sekoia.io European, and Asian entities. A court operation recently removed PlugX infections from U.S. led the international operation against the malware. .”

Government

Government Cybersecurity Access IT

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises.

Government

Government Archiving Phishing Access

EU Pumps €1.3 Billion into Cybersecurity, AI, and Digital Skills to Fortify Europe’s Tech Future

eSecurity Planet

APRIL 3, 2025

billion) bet on Europes digital future, with a strong focus on shoring up cybersecurity defenses, boosting artificial intelligence, and closing the digital skills gap. Cybersecurity gets a major boost A big chunk of the funding45.6 Cybersecurity gets a major boost A big chunk of the funding45.6 billion ($1.4

Cybersecurity

Cybersecurity Artificial Intelligence Government Manufacturing

Pushing the Healthcare Sector to Improve Cybersecurity

Data Breach Today

JANUARY 31, 2024

Getting the health sector to vastly improve the state of its cybersecurity will take much more than the recent issuance of federal guidance outlining cyber performance goals for entities. It will also require new government incentives and mandates, said Steve Cagle, CEO of consultancy Clearwater.

Cybersecurity

Cybersecurity Government IT

Multiple cybersecurity agencies warn of China-linked APT40 ‘s capabilities

Security Affairs

JULY 10, 2024

Multiple cybersecurity agencies released a joint advisory warning about a China-linked group APT40 ‘s capability to rapidly exploit disclosed security flaws. Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. “ In July 2021, the U.S.

Cybersecurity

Cybersecurity Government Phishing IT

Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

Data Breach Today

MAY 20, 2024

TekStream's Johnson and Splunk's Prevost on Tapping Into Student Talent for the SOC The threat landscape has evolved for state and local government entities as well as higher education institutes.

Cybersecurity

Cybersecurity Education Government

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures.

Government

Government Communications Access Passwords

World Wide Work: Landing a Cybersecurity Career Overseas

Data Breach Today

DECEMBER 4, 2024

Tips for Finding and Getting Security Jobs in a Global Market Organizations ranging from multinational corporations to government agencies and international nonprofits require cybersecurity expertise.

Cybersecurity

Cybersecurity Marketing Government Security

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Data breaches

Data breaches Communications Artificial Intelligence Government

UK Government Previews Cybersecurity Legislation

Data Breach Today

APRIL 1, 2025

Government Says Managed Service Providers Need More Regulation The British government pledged to introduce stricter rules surrounding incident reporting and supply chain vulnerability patching through legislation it previewed in July 2024.

Government

Government Cybersecurity Security IT

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. Is it linked to ToddyCat APT? appeared first on Security Affairs.

Government

Government IT Encryption Libraries

‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program

WIRED Threat Level

APRIL 16, 2025

Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it. The CVE Program is the primary way software vulnerabilities are tracked.

Cybersecurity

Cybersecurity Government IT Security

Whistleblower Complaint Exposes DOGE Cybersecurity Failures

Data Breach Today

APRIL 18, 2025

DOGE Staffers Allegedly Violated Federal Cyber Best Practices and Data Privacy Laws A whistleblower complaint made public this week provides the most in-depth look yet at the Department of Government Efficiency's many alleged cybersecurity failures, from violating federal best practices to seemingly ignoring data security laws in an apparent bid to (..)

Cybersecurity

Cybersecurity Data Privacy Government Privacy

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Security Affairs

AUGUST 29, 2023

China-linked threat actors breached government organizations worldwide with attacks exploiting Barracuda ESG zero-day. Almost one out of three affected organizations were government agencies, a circumstance that suggests that the attacks were carried out as part of a cyber espionage campaign. reads the report published by Mandiant.

Government

Government Access Security Cybersecurity

How State Governments Can Regulate AI and Protect Privacy

Data Breach Today

NOVEMBER 16, 2023

In this episode of "Cybersecurity Insights," Hedderman discusses privacy, third-party vendor risk, and lawyers' use of AI. Regulating AI is "like regulating Jell-O," said Massachusetts risk counsel Jenny Hedderman, but states are looking at regulating "areas of harm" rather than AI as a whole.

Privacy

Privacy Government Risk Cybersecurity

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

According to the indictment, Ptitsyn facilitated the worldwide use of a dangerous ransomware strain to target corporations and various organizations, including government agencies, healthcare facilities, educational institutions, and critical infrastructure. Barron for the District of Maryland.

Ransomware

Ransomware Education Sales Government

Victims Must Disclose Ransom Payments Under Australian Law

Data Breach Today

NOVEMBER 26, 2024

New Law Calls for Better Reporting, Securing Devices and Critical Infrastructure The Australian government's proposed cybersecurity legislation passed both houses of the Parliament on Monday, formalizing the government's strategy to boost ransomware payment reporting, mandate basic cybersecurity standards for connected devices and enhance critical (..)

Ransomware

Ransomware Cybersecurity Government Security

Government contractor Conduent disclosed a data breach

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Webinars

Trending Sources

Cybersecurity in the UK: Government Sees Improvements Slow

Webinars

BlackLock Ransomware Targeted by Cybersecurity Firm

Zero Trust Mandate: The Realities, Requirements and Roadmap

U.S. CISA: hackers breached a state government organization

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

DOD Failing to Fix Critical Cybersecurity Gaps, Report Says

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Beware of Pixels & Trackers on U.S. Healthcare Websites

NIST Unveils Second Iteration of Cybersecurity Framework

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Are Cybersecurity Performance Measures Realistic?

US government imposed sanctions on six Iranian intel officials

SEC fined 4 companies for misleading disclosures about the impact of the SolarWinds attack

EU Enhances Cybersecurity Requirements for Agencies

The US Government Has a Microsoft Problem

Exploding Hezbollah Pagers Not Likely a Cybersecurity Attack

Australian Law Firm Hack Affected 65 Government Agencies

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Cybersecurity giant Fortinet discloses a data breach

DOJ Lawsuit Accuses Georgia Tech of Cybersecurity Failures

Feds Tackling Information Security in Government Procurement

Report Suggests CISA Should Dominate Federal Cybersecurity

Breach Roundup: US FCC Authorizes IoT Cybersecurity Label

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

FBI deleted China-linked PlugX malware from over 4,200 US computers

Awaken Likho APT group targets Russian government with a new implant

EU Pumps €1.3 Billion into Cybersecurity, AI, and Digital Skills to Fortify Europe’s Tech Future

Pushing the Healthcare Sector to Improve Cybersecurity

Multiple cybersecurity agencies warn of China-linked APT40 ‘s capabilities

Cybersecurity workforce development: A Public/Private Partnership that enhances cybersecurity while giving hands-on SOC experience to students

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

World Wide Work: Landing a Cybersecurity Career Overseas

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

UK Government Previews Cybersecurity Legislation

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program

Whistleblower Complaint Exposes DOGE Cybersecurity Failures

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

How State Governments Can Regulate AI and Protect Privacy

Russian Phobos ransomware operator faces cybercrime charges

Victims Must Disclose Ransom Payments Under Australian Law

Stay Connected