Cybersecurity
US court system to boost cyber posture after hack of electronic case management tool
The breach may have revealed the identities of confidential informants involved in criminal cases in several federal district courts, according to Politico.
Cybersecurity
CISA officials commit to supporting top vulnerability cataloging program
Organizations around the world rely on the Common Vulnerabilities and Exposures Program, whose contract with CISA almost expired in April. It serves as the worldwide, de facto standard for vulnerability identification and management.
Cybersecurity
Small defense industrial base firms pose tempting targets for nation-state hackers, NSA official says
Some 80% of the defense industrial base are actually small firms, according to the NSA’s head of DIB security, who has helped over 200 providers identify thousands of vulnerabilities in their systems.
Updated
Cybersecurity
‘High-severity’ Microsoft Exchange vulnerability disclosed on heels of Black Hat talk
Parts of the federal enterprise are likely susceptible to the flaw that allows hackers to hijack on-premises versions of Active Directory. CISA plans to release an emergency directive on Thursday, according to a person familiar with the matter.
Cybersecurity
Federal CISO urges cyber community to start sharing and scaling their solutions
The Trump administration wants to ease regulatory burdens on the cyber industry with a mindset where there is still room for policymaking. It largely begins with the private sector.
Cybersecurity
Former and current officials clash over CISA’s role in US cyber defenses at Black Hat
CISA’s communications chief backed the narrowing of the agency’s scope, while a former NSA leader warned that shrinking the federal cyber workforce risks weakening U.S. defenses.
Cybersecurity
New research shows Iran’s expansive cyber offensive during ‘12-Day War’ with Israel
One state-backed hacking group created conflict-themed websites to lure pro-Israel visitors and siphon their data, according to SecurityScorecard.
Cybersecurity
Foreign adversaries are trying to weaponize open-source software, report finds
Hacking units affiliated with nation-state adversaries are subtly contributing to open-source software tools and working to insert backdoors into publicly available code used by millions worldwide, new research says.
Cybersecurity
Expiring cyber information-sharing law puts US maritime infrastructure at risk, experts warn
A congressional probe last year found Chinese‑made technology embedded in many U.S. ports, raising fears of espionage and sabotage.
Cybersecurity
Government layoffs are making us less safe in cyberspace, experts fear
There’s been a mass exodus of government cyber expertise during the Trump administration.
Cybersecurity
Russian hackers target local internet to spy on embassies in Moscow, Microsoft says
The attack works by rerouting targeted diplomatic devices through a hoax captive portal modeled on the kind commonly used to grant internet access in hotels and airports.
Cybersecurity
CISA to release telecom security report as its director nominee nears confirmation
The 2022 report, which has not been made publicly available, has been used as leverage by Senator Ron Wyden to hold Sean Plankey from being confirmed as director of CISA.
Cybersecurity
Basic cybersecurity lapses are leaving US infrastructure exposed, top experts warn
To make U.S. networks more “toxic” to adversaries, “we need to have an ability for authentication to have some meaning,” former NSA director Gen. Paul Nakasone said.
Cybersecurity
Pentagon not impacted by Microsoft Sharepoint hack, tech chief says
The department has been holding daily calls with Microsoft since the zero-day was discovered, the DOD CIO said at an event Thursday.
Cybersecurity
Trump’s CISA nominee is confident he can get funding to cyber agency where needed
Sean Plankey, a former Energy Department cyber official, tussled with Sen. Richard Blumenthal, D-Conn., over 2020 election security during his confirmation hearing. He also committed to the renewal of a key cyber information-sharing law before it soon expires.
Cybersecurity
DHS impacted in hack of Microsoft SharePoint products, people familiar say
The zero-day vulnerability — which was first disclosed late Saturday — has been exploited by several Chinese state-aligned groups, according to Microsoft.
Cybersecurity
Chinese hackers are exploiting SharePoint vulnerabilities, Microsoft says
The bugs affecting on-premises builds of SharePoint deployments are officially being exploited by at least two major Chinese nation-state hacking units, the company said. Patches have been issued for all affected versions of SharePoint.
Cybersecurity
Operational tech is ‘underprioritized’ in cyberdefense, experts tell Congress
Witnesses' calls for better investment in securing such systems come just two months before a key cybersecurity information-sharing law is set to expire.
Cybersecurity