Cybersecurity
Forthcoming executive order seeks to plug holes in federal cyber practices
The eleventh-hour cybersecurity executive action asks agencies to rethink software procurement, supply chains and AI, among other things.
US has ‘a lot of work to do’ on cyber defenses, departing cyber czar says
Outgoing National Cyber Director Harry Coker thinks his office needs more influence over the federal cyber budget but not necessarily more authority on offensive cyber operations.
White House unveils Cyber Trust Mark program for consumer devices
The label is designed to help consumers make more cybersecure choices when they pick products off the shelf.
Exclusive
GAO mulls cost evaluation of nationwide telecom hardware replacement
One major vulnerability exploited by China’s Salt Typhoon hacking unit is a Cisco hardware flaw that can’t be patched and requires physical replacement, according to a person with knowledge of the intrusions.
US sanctions Chinese company that helped facilitate espionage hacks
Integrity Technology Group, known to researchers as Flax Typhoon, contracted with China’s Ministry of State Security to carry out infiltrations into internet of things devices, the FBI previously said.
Lawmakers request briefing from Treasury secretary on Chinese hack
The compromised third-party offering was a commercial remote services tool not listed in the marketplace for FedRAMP, the government’s cloud security compliance framework.
Chinese-sponsored hackers accessed Treasury documents in ‘major incident’
The incident comes in the final days of the Biden presidency and as officials work to root out China-tied hackers from U.S. telecommunications systems.
Major cyber news drops under the buzzer for 2024
A ninth U.S. telecommunications provider fell onto Salt Typhoon’s victim list, and the UN’s controversial cybercrime treaty was adopted.
Hundreds of organizations were notified of potential Salt Typhoon compromise
Some of the exploited vulnerabilities have had fixes available for several years. One provider’s management system was protected with a basic numeric password.
US charges Israeli-Russian national with making software for LockBit ransomware gang
LockBit has made headlines for years, allowing purveyors of its malware to haul away millions of dollars from victims.
Congress approves 2025 NDAA with important cyber provisions
Left out was language that would have helped clarify the scope and reach of a controversial surveillance power that was renewed in April.
CISA orders federal agencies to secure their cloud environments
Federal civilian agencies are compelled by the Binding Operational Directive to adopt specific cloud standards under SCuBA, a government blueprint that helps agencies assess cloud security security guidelines.
Featured eBooks