Cybersecurity
Researchers disclose widespread bootloader vulnerability
New research from Eclypsium details a simple buffer overflow bug that could impact billions of devices using Linux and Windows operating systems.
Cybersecurity
CISA hires cyber risk experts to meet emerging threats
The Department of Homeland Security's cybersecurity and infrastructure arm hires experts to help understand shifting cyber threats in the pandemic.
Cybersecurity
CISA releases emergency directive on wormable DNS flaw
The directive orders civilian federal agencies to immediately begin patching a critical Remote Code Execution flaw in Windows DNS servers.
Cybersecurity
House's DHS funding bill would create public-private cyber center
The legislation would give $2.25 billion to DHS' cyber wing and set up an integrated cybersecurity center with other agencies, state and local governments and private industry.
Cybersecurity
CISA, USCYBERCOM warn of massive vulnerability for popular networking device
A particularly dangerous vulnerability affecting BIG-IP networking devices likely impacts every major sector in the world, including federal agencies.
Cybersecurity
CISA's hit parade of malware aimed at federal agencies
Data compiled from CISA's Intrusion Detection System highlights the three types of malware attacks most commonly targeted at civilian federal agencies.
Cybersecurity
CDC, IRS and other federal sites spoofed in global phishing scams
New research from Proofpoint has identified numerous phishing email campaigns over the past two months, some of which impersonated and spoofed websites from federal agencies, international governments and public health organizations involved in COVID-19 relief.
Cybersecurity
Best practices for agency implementation of CDM
A seasoned practitioner has some advice on how agencies can optimize their implementations of CDM tools, policies and processes.
Cybersecurity
How COVID-19 is changing the game on ransomware
More money is needed to tackle the problem, especially as states deal with an unprecedented economic crisis caused by the pandemic. It's unclear whether Congress will foot the bill.
Cybersecurity
Amid telework boom, CISA reminds agencies of DNS resolution requirements
The memo notes that CISA will begin issuing reports to agencies highlighting DNS traffic anomalies and could issue a follow up directive as new protections come online.
Cybersecurity
Solarium boosters pivot to acknowledge pandemic parallels
Members of the Solarium Commission are retooling their pitch to focus on recommendations that draw parallels to the current coronavirus crisis.
Cybersecurity
CISA tapped as shared services provider for cyber
The Office of Management and Budget formally designated Cybersecurity and Infrastructure Security Agency as the first Quality Service Management Office for shared services.
Cybersecurity
House Dems seek $400 million to help states deal with cyber threats during COVID-19
The request for new funding comes as state and local governments face an spike in ransomware attacks.
Cybersecurity
CISA looks to help secure federal telework
New guidance allows teleworking feds to connect and access agency and cloud resources from their homes while staying in compliance with the Trusted Internet Connection program.
Cybersecurity
CISA to release emergency TIC guidance for telework surge
The guidance will expire at the end of the year and will address capabilities such as email, networking, DNS, intrusion detection and data protection.
Cybersecurity
CISA looks to industry for anti-troll tools
The agency is looking to bolster its technical capabilities to identify foreign propaganda online that targets specific audiences in the U.S.
Cybersecurity
CISA stress tests DHS telework capacity
Not every agency will be ready to flip the switch from F2F to WFH, according to experts and former officials.
Cybersecurity
Ransomware top of mind for DHS cyber chief
The director of the Cybersecurity and Infrastructure Security Agency said the organization has been “a little bit late to the game” recognizing the potential of ransomware to directly touch the lives of citizens, but that’s changing.
Cybersecurity
TIC 3.0 and zero-trust networking
Commentators on the new Trusted Internet Connection policy have noted that "zero-trust" strategies might not be a perfect fit.
Cybersecurity