Latest Headlines

Latest Headlines

DARPA working to reduce IT vulnerabilities in complex military systems

The massive, monolithic technology platforms upon which U.S. defense systems rely are inflexible, increasingly difficult to manage and hostile to advances in technology, said the director of the Defense Advanced Research Projects Agency. They're also vulnerable to malicious actors,  said  DARPA Director Arati Prabhakar during a Nov. 12 event hosted by the Center for Strategic and International Studies.

Complex, sophisticated malware 'Regin' used for espionage since at least 2008, Symantec says

Cybersecurity company Symantec says it has discovered a highly complex, advanced malware that has been developed and used – likely by a nation state – to systematically spy on governments, individuals and other international targets since at least 2008.

VA fails annual cybersecurity audit for 16th straight year, says it will invest more resources

For the 16th straight year, the Veterans Affairs Department will fail its annual cyberseurity audit, the VA's deputy assistant inspector general said at a recent congressional hearing. Most of the IT security recommendations issued in their reports persist year after year.

NRC must beef up information systems security practices, processes, IG says

The Nuclear Regulatory Commission needs to perform continuous monitoring of its information systems and update its system security plans, according to a recently released internal audit.

NATO launches largest ever cyber attack training exercise

NATO launched its largest ever multinational cyber-defense exercise Nov. 18  –  a three-day training event that includes 670 technical, government and cyber experts operating from dozens of locations from across partner nations, NATO said in a statement. The training will test NATO's ability to defend its networks in the event of a cyber attack, NATO says in the  statement.

USPS delayed breach notification so as not to tip off hackers

The Postal Service didn't notify some 800,000 USPS employees immediately when it was believed their personally identifiable information was compromised because it did not want to jeoprodize the investigation and alert the perpetrators,  said  a USPS officia Nov. 19 before a House Oversight and Government Reform subcommittee. In fact, the investigation is still very much underway, said Randy Miskanic, vice president of secure digital solutions at USPS.

Persistent problems keep USDA from achieving secure, sustainable IT systems

While the security of the Agriculture Department's IT systems continues to improve, they're still vulnerable due to "longstanding weaknesses." The inspector general evaluated the department's overall security program as part of the Federal Information Security Management Act, or FISMA, which establishes baseline security standards for all agencies.

GAO finds holes in VA cyber incident response protocols

It's sometimes unclear whether corrective response to information technology vulnerabilities identified by the Veterans Affairs Department have been effective because the department has done little follow-up on its mitigation techniques, says the Government Accountability Office.

EPA must address deviations, apply patches following IG computer security assessment

The Environmental Protection Agency needs to correct several deficiencies found in its configuration management program, an internal audit found.  

Major privacy groups back FTC in consumer data lawsuit against Wyndham

Several major electronic privacy organizations have filed amicus briefs, supporting the Federal Trade Commission's lawsuit against Wyndham Worldwide Corp. that, the commission alleged, failed to protect consumer information.