Cybersecurity
PIV security frays under the crush of telework
Adversaries are adapting to the shifting identity authentication gaps on federal and commercial networks created by the remote work environment, according to federal security experts.
Cybersecurity
CISA orders agencies to patch dire Window flaw
The Cybersecurity and Infrastructure Security Agency alerted federal agencies of an authentication flaw in Microsoft server software in need of an immediate fix.
Cybersecurity
Shared services poised for adoption
Quality Service Management Offices shared service offerings move closer to reality for federal agencies.
Cybersecurity
CISA, White House release vulnerability disclosure policies
The Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency have released a memorandum and Binding Operational Directive guiding federal agencies on how to set up their vulnerability research and disclosure programs.
Cybersecurity
CISA bug bounty directive awaits White House blessing
A draft policy from the Cybersecurity and Information Security Agency instructing agencies to create vulnerability disclosure programs to allow third-party bug hunters to flag security vulnerabilities in federal systems is all-but-completed, sources say.
Cybersecurity
Voice phishing attacks on the rise, CISA, FBI warn
An industry alert warns of an increasingly sophisticated social engineering campaign since July that is targeting VPNs and teleworkers.
Cybersecurity
CISA infrastructure chief Brian Harrell resigns
The assistant director, charged with helping to protect critical infrastructure from physical and cyber threats, will be returning to the private sector, the agency confirmed.
Cybersecurity
With the clock ticking, a House committee looks to election security
Election readiness, the cybersecurity fallout from COVID-induced telework and network monitoring and will be key areas of focus for House Homeland Security Democrats this year.
Cybersecurity
GAO: DHS acting secretary, top deputy were appointed illegally
Top acting officials at DHS were appointed without regard for laws in place governing agency succession, according to a Government Accountability Office legal opinion.
Digital Government
CISA's 'next frontier' around cyber data analytics
An official said the agency wants to spend the next five years quantifying the unquantifiable around collective cyber risk.
Cybersecurity
CISA chief wants younger, more experienced hackers in federal government
Professional experience and credentials don't have the same importance in cybersecurity, where teenagers can hack governments and multi-billion-dollar corporations.
Cybersecurity
CISA updates internet connection policies
Many of the changes to the core Trusted Internet Connection policies were in response to public feedback seeking new tech and additional architectural and security concepts.
Cybersecurity
NSA and CISA push guidance for BootHole fix
Federal agencies are moving to put out custom guidance for dealing with a widespread bootloader bug that can be complicated to patch due to software and firmware interdependencies.
Cybersecurity
Researchers disclose widespread bootloader vulnerability
New research from Eclypsium details a simple buffer overflow bug that could impact billions of devices using Linux and Windows operating systems.
Cybersecurity
CISA hires cyber risk experts to meet emerging threats
The Department of Homeland Security's cybersecurity and infrastructure arm hires experts to help understand shifting cyber threats in the pandemic.
Cybersecurity
CISA releases emergency directive on wormable DNS flaw
The directive orders civilian federal agencies to immediately begin patching a critical Remote Code Execution flaw in Windows DNS servers.
Cybersecurity
House's DHS funding bill would create public-private cyber center
The legislation would give $2.25 billion to DHS' cyber wing and set up an integrated cybersecurity center with other agencies, state and local governments and private industry.
Cybersecurity
CISA, USCYBERCOM warn of massive vulnerability for popular networking device
A particularly dangerous vulnerability affecting BIG-IP networking devices likely impacts every major sector in the world, including federal agencies.
Cybersecurity
CISA's hit parade of malware aimed at federal agencies
Data compiled from CISA's Intrusion Detection System highlights the three types of malware attacks most commonly targeted at civilian federal agencies.
Cybersecurity