Content by Dan Gunderman

Severe Apache Log4j Vulnerability Threatens Enterprise Apps

Dan Gunderman  •  December 10, 2021

A zero-day vulnerability detected in the Java logging library Apache Log4j can result in full server takeover and leaves countless applications vulnerable, according to security researchers, who say that the easily exploitable flaw was first detected in the popular game Minecraft.

Cyber Incident Reporting Mandate Excluded From Final NDAA

Dan Gunderman  •  December 8, 2021

Congressional negotiators have scrapped a provision in the must-pass defense spending bill that would have required owners and operators of critical infrastructure to report cybersecurity incidents and ransom payments made to criminal gangs.

Attack Wipes 25 Years' Worth of Data From Local Electric Co.

Dan Gunderman  •  December 7, 2021

An electric cooperative serving two western Colorado counties says a cyberattack first detected Nov. 7 has disabled billing systems and wiped out 20 to 25 years' worth of historic data, leaving the utility operating under limited functionality, according to the company and local reports.

TSA Issues New Cybersecurity Requirements for Rail Sector

Dan Gunderman  •  December 3, 2021

The U.S. Transportation Security Administration has issued new security directives for higher-risk freight railroads, passenger rail, and rail transit that it says will strengthen cybersecurity across the transportation sector in response to growing threats to critical infrastructure.

Senate Considering Several Cyber Measures in Annual NDAA

Dan Gunderman  •  November 29, 2021

Following the holiday recess, U.S. lawmakers are picking up several legislative priorities starting Monday, including progress on the annual defense spending bill, which contains amendments that would require incident reporting for critical infrastructure providers, among other measures.

Regulators: Banks Have 36 Hours to Report Cyber Incidents

Dan Gunderman  •  November 19, 2021

U.S. federal banking regulators have approved a new rule that will require banks to notify regulators no later than 36 hours after the organization determines it has suffered a qualifying "computer-security incident," the nation's top financial agencies announced this week.

CISA Leader: 'We've Not Seen a Change' in Ransomware Attacks

Dan Gunderman  •  November 17, 2021

Several key federal cybersecurity leaders in the U.S. on Wednesday outlined the Biden administration's approach to countering ransomware, which they called a national security issue. The leaders are backing incident reporting legislation and assessing Russia's progress in curbing attacks conducted within its borders.

US, Israel Expand Cyber Partnership, Announce Task Force

Dan Gunderman  •  November 15, 2021

The U.S. and Israel will expand their diplomatic relationship around cybersecurity, announcing a bilateral task force this week that will support cybersecurity and fintech innovation. The news follows recent action by the U.S. Department of Commerce to blacklist Israeli spyware firm NSO Group.

VP Kamala Harris: US Will Join 80-Nation Cybersecurity Pact

Dan Gunderman  •  November 11, 2021

The U.S. has joined an 80-nation agreement that sets collective goals for cyberspace, with a particular focus on internet integrity, electoral security, intellectual property theft, use of malign hacking tools and more. Vice President Kamala Harris confirmed U.S. entry into the multistate pact.

US Treasury Blacklists Cryptocurrency Exchange Chatex

Dan Gunderman  •  November 9, 2021

The U.S. Department of the Treasury has blacklisted cryptocurrency exchange Chatex, along with a network of entities the department says support it, for allegedly facilitating ransomware-related financial transactions. This action effectively bars Americans from doing business with the company.

Infrastructure Bill Features $1.9 Billion in Cyber Funding

Dan Gunderman  •  November 8, 2021

Congress has passed the $1.2 trillion physical infrastructure bill, which will inject $1.9 billion in new cybersecurity funding for the federal government. The bill, long held up in Congress, passed the House on Friday and moves to the desk of President Joe Biden, who plans to sign the measure into law.

US DOJ: Continue to Expect Arrests, Ransom Payment Seizures

Dan Gunderman  •  November 5, 2021

The U.S. deputy attorney general said this week that the nation is ramping up efforts to cripple ransomware operations and other cybercrime through arrests and seizures of ransom payments. The Biden administration has called ransomware a threat to national security and an economic threat.

US Treasury Department Says Stablecoins Must Be Regulated

Dan Gunderman  •  November 2, 2021

A new report from the U.S. Treasury Department urges Congress to "act promptly" to issue legislation that brings additional oversight to stablecoins, or crypto tokens pegged to fiat currencies. Federal officials say regulation should match that of traditional financial institutions - as a way to mitigate investor,...

CISA Begins Program to Identify Critical Infrastructure

Dan Gunderman  •  November 1, 2021

CISA Director Jen Easterly and congressional leader John Katko, R-N.Y., agree that officials must take precautionary steps to identify "systemically important critical infrastructure" to reduce risks of pervasive supply chain cyberattacks.

NRA Reportedly Hit By Russia-Linked Ransomware Attack

Dan Gunderman  •  October 28, 2021

The National Rifle Association has reportedly fallen victim to a ransomware attack at the hands of a Russian cybercriminal gang known as Grief. The group has reportedly posted 13 files to its website after claiming to have hacked the gun rights advocacy group.