Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com.

NIST workshop provides clues to upcoming software supply chain security guidelines

Cyberwar’s global players—it’s not always Russia or China

Cyberwar’s global players—it’s not always Russia or China

Research reveals that countries such as Belarus, India, and Colombia are responsible for significant cyberattacks.

Pentagon announces version 2.0 of its controversial CMMC program

Pentagon announces version 2.0 of its controversial CMMC program

CMMC 2.0 simplifies the process for SMBs, but critics say the verification process relies too much on self-attestation.

Infrastructure bill includes $1.9 billion for cybersecurity

Infrastructure bill includes $1.9 billion for cybersecurity

Passage of the infrastructure bill includes $1.9 billion for cybersecurity, and more could be on the way with the Build Back Better and other bills working their way through Congress.

CISA releases directive to remediate dangerous vulnerabilities across civilian agencies

CISA releases directive to remediate dangerous vulnerabilities across civilian agencies

While the move is applauded, a short timeframe to address vulnerabilities will be a challenge for security resource-strapped agencies.

Biden’s cybersecurity executive order, a progress report

Biden’s cybersecurity executive order, a progress report

Of the 46 tasks President Biden mandated to protect digital government assets, 19 are now completed, though not all agencies have reported their progress.

How shape-shifting threat actors complicate attack attribution

How shape-shifting threat actors complicate attack attribution

Researchers explain how they identified—or failed to identify—the threat actors behind three high-profile incidents and why attribution is so difficult.

TSA to issue cybersecurity requirements for US rail, aviation sectors

TSA to issue cybersecurity requirements for US rail, aviation sectors

New rules include reporting incidents to CISA and naming cybersecurity leads, but experts and industry representatives cite lack of input.

FCC asks carriers to step up to stop SIM swapping, port-out fraud

FCC asks carriers to step up to stop SIM swapping, port-out fraud

The US federal agency puts pressure on telecom carriers to put better authentication, account protection safeguards in place.

Why today’s cybersecurity threats are more dangerous

Why today’s cybersecurity threats are more dangerous

Greater complexity and interdependence among systems gives attackers more opportunity for widespread, global damage, say government and industry experts.

MITRE ATT&CK, VERIS frameworks integrate for better incident insights

MITRE ATT&CK, VERIS frameworks integrate for better incident insights

The MITRE ATT&CK/VERIS collaboration aims to create a common dictionary for communicating information about security incidents.

US cryptocurrency exchange sanctions over ransomware likely not the last

US cryptocurrency exchange sanctions over ransomware likely not the last

The sanctions are aimed to cut ransomware gangs off from their revenue. Advisory on sanctions risks regarding ransomware payments also updated.

Load More