Cynthia Brumfield

Cynthia Brumfield is a veteran communications and technology analyst who is currently focused on cybersecurity. She runs a cybersecurity news destination site, Metacurity.com, consults with companies through her firm DCT-Associates, and is the author of the book published by Wiley, Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework.

Microsoft's Defending Ukraine report offers fresh details on digital conflict and disinformation

5 years after NotPetya: Lessons learned

5 years after NotPetya: Lessons learned

NotPetya vastly broadened the scope of damage that malware attacks could do and forced CISOs and security researchers to rethink their approach.

U.S. data privacy and security solutions emerging at the federal level

U.S. data privacy and security solutions emerging at the federal level

The American Data Privacy and Protection Act bill faces a tough battle for passage, but the Biden administration is considering actions of its own.

Space-based assets aren’t immune to cyberattacks

Space-based assets aren’t immune to cyberattacks

Russia's attack on Viasat satellites exposed how vulnerable space-based assets are and the potential for spillover damage.

Ransomware attacks are increasing with more dangerous hybrids ahead

Ransomware attacks are increasing with more dangerous hybrids ahead

The re-emergence of REvil and anticipated convergence with business email compromise actors are among reasons why ransomware gangs are still dangerous.

Software supply chain security fixes gain prominence at RSA

Software supply chain security fixes gain prominence at RSA

Attendees are urged to improve asset management, use SBOMs, and collaborate with government cybersecurity agencies to better ensure software integrity.

U.S. cybersecurity congressional outlook for the rest of 2022

U.S. cybersecurity congressional outlook for the rest of 2022

The U.S. federal government has enacted important cybersecurity laws in 2022 and will likely move forward with many of these bills before the year's end.

U.S. government proposals spell out 5G security advancements

U.S. government proposals spell out 5G security advancements

A joint proposal from federal cybersecurity and defense agencies defines a process for ensuring the security of 5G networks.

Remote bricking of Ukrainian tractors raises agriculture security concerns

Remote bricking of Ukrainian tractors raises agriculture security concerns

Modern agriculture depends on internet-connected machinery that is centrally controlled and collects and analyzes massive amounts of data, making it an inviting target for threat actors.

Data protection concerns spike as states get ready to outlaw abortion

Data protection concerns spike as states get ready to outlaw abortion

The use of personal data from brokers, apps, smartphones, and browsers to identify those seeking an abortion raises new data protection and privacy risks.

Five Eyes nations warn MSPs of stepped-up cybersecurity threats

Five Eyes nations warn MSPs of stepped-up cybersecurity threats

The warning likely comes in response to an increase in attacks on managed service providers, through which threat actors can access their clients.

A year later, Biden’s cybersecurity executive order driving positive change

A year later, Biden’s cybersecurity executive order driving positive change

Notable experts say the cybersecurity executive order has improved the nation's security posture, but more work is to be done.

NIST Cybersecurity Framework update comments highlight a gamut of needed changes

NIST Cybersecurity Framework update comments highlight a gamut of needed changes

Better metrics, implementation guidance, and alignment with other frameworks are high on the list of suggested improvements to the NIST CSF.

U.S. White House releases ambitious agenda to mitigate the risks of quantum computing

U.S. White House releases ambitious agenda to mitigate the risks of quantum computing

The Biden administration issued an executive order to ensure U.S. leadership in quantum computing and a memorandum to mitigate its security risks.

Spyware was used against Catalan targets and UK prime minister and Foreign Office

Spyware was used against Catalan targets and UK prime minister and Foreign Office

Researchers at the Citizen Lab says dozens of officials' phones were compromised by spyware sold by NSO Group or Candiru.

Rare and dangerous Incontroller malware targets ICS operations

Rare and dangerous Incontroller malware targets ICS operations

A coalition of U.S. government agencies, security researchers, and companies warn about this new malware that can gain complete access to ICS and SCADA systems.

Ukraine energy facility hit by two waves of cyberattacks from Russia’s Sandworm group

Ukraine energy facility hit by two waves of cyberattacks from Russia’s Sandworm group

Sandworm succeeded in planting a new version of the Industroyer malware to disrupt ICS infrastructure at multiple levels, but was thwarted from doing serious damage.

With AI RMF, NIST addresses artificial intelligence risks

With AI RMF, NIST addresses artificial intelligence risks

The new framework could have wide-ranging implications for the private and public sectors. NIST is seeking comments on the current draft by April 29, 2022.

New threat group underscores mounting concerns over Russian cyber threats

New threat group underscores mounting concerns over Russian cyber threats

Crowdstrike says Ember Bear is likely responsible for the wiper attack against Ukrainian networks and that future Russian cyberattacks might target the West.

U.S. State Department unveils new Bureau of Cyberspace and Digital Policy

U.S. State Department unveils new Bureau of Cyberspace and Digital Policy

The new Bureau could enhance the United States' ability to work effectively with other nations on cybersecurity matters.

Load More