Supply Chain Risk Management Capabilities Center
Tuesday, January 7, 2025
Time: 9:00 AM EST – 1:00 PM EST
Location type: Virtual/Online
Format: Webinar
The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer Incident Response Training event, Defend Against Ransomware Attacks Cyber Range Training (IR209). The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners.
Leading U.S. cybersecurity agencies on Tuesday said that Chinese hackers likely still have access to critical telecommunications systems, and published guidance to help engineers and network defenders identify and remove the threat actors. In a call with reporters, senior officials at the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said the agencies have been investigating the incident since late spring, and have uncovered an expansive campaign that some lawmakers are calling the worst telecom hack in the nation’s history.
Dec 3, 2024 1:00 p.m. ET
Type: Webinar
How far have agencies progressed in their zero trust journey, and how have strategies adapted to address emerging security challenges?
The U.S. House Committee on Homeland Security published a new ‘Cyber Threat Snapshot’ examining growing threats posed by malign nation-states and criminal networks to the homeland and American data. Identifying some of the recent notable attacks, the report zeroed in on the Salt Typhoon attack by Chinese hackers, who reportedly infiltrated backdoors in major U.S. internet service providers; and activities by the Volt Typhoon adversaries, who compromised U.S. critical infrastructure for at least five years, targeting the transportation, telecommunications, and energy sectors.
Join us for a panel discussion on advancing cloud security where we’ll explore how agencies are strengthening their cybersecurity posture through advanced monitoring, compliance and automation strategies. Our panel of government and industry experts will delve into the importance of continuous monitoring, security in application development and the move toward continuous authorization.
Nov 18, 2024 1:00 p.m. ET
Type: Webinar
A lot of preparation and planning is underway in response to the new Cybersecurity Maturity Model Certification rule. But CMMC is but one in a growing number of compliance requirements that agencies must implement to drive consistent, secure mission delivery and that government contractors must adhere to.
LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer.
LastPass is a popular password manager that utilizes a LastPass Chrome extension to generate, save, manage, and autofill website passwords.
Join us for a webinar on enterprise cloud adoption in federal agencies, where we’ll explore the factors driving cloud adoption and the challenges agencies face in successfully leveraging cloud technologies.
Key topics include:
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.
“Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers Yehuda Gelb and Elad Rapaport said in a report shared with The Hacker News.
Over 14 million patients have been affected by data breaches caused by malware attacks on US healthcare organizations so far in 2024, according to a new analysis by SonicWall.
Most (91%) of these breaches have leveraged ransomware, with the report highlighting that attackers see the threat of exposing sensitive information held by healthcare organizations as an effective method for extorting ransom payments.