The alert says that water operators are employing poor security standards that have allowed the hackers to breach their networks, including the use of default passwords that are included when the water system management tools are first installed.

The Cybersecurity and Infrastructure Security Agency is targeting a September 30 deadline to give federal agencies a list of example software products deemed critical for the federal government’s cyber posture.

A measure led by two House Republicans would enable the Environmental Protection Agency to certify a governing body to develop and recommend cybersecurity requirements for water treatment and wastewater systems.

The Cybersecurity and Infrastructure Security Agency issued an alert Friday warning of a previously unnoticed backdoor in a widely used Linux tool that compresses and encrypts files shared between parties.

The State Department alert said that cybercriminals are attempting to use “phishing, email account takeovers, and social engineering” to veer employee payroll deposits into their own bank accounts.

President Joe Biden on Thursday nominated Michael Sulmeyer to be assistant secretary of defense for cyber policy at the Pentagon, the first individual to hold the position.

The Office of Personnel Management proposed a legislative proposal to give federal agencies new authority and flexibility in how they hire and pay cybersecurity workers to members of Congress, but so far no member has stepped up to sponsor the bill.

A hotly debated flashpoint in the cybersecurity community is getting renewed attention as healthcare stakeholders work to rebound from a major ransomware attack that’s roiled the U.S. health insurance market over the past month.

The GovQA platform, used by state and local governments for public records requests, had vulnerabilities that could have allowed hackers to access sensitive personal information, edit requests, and download unsecured files.

Firmware connects the hardware and software of a device, but efforts to protect it have been absent in many of the government’s recent cybersecurity initiatives, according to a new report by the Foundation for Defense of Democracies.