Cyber Threats
CBO systems accessed in ‘security incident’ possibly tied to foreign hackers
The office estimates the cost and economic impact of proposed legislation and helps forecast federal spending, revenues, deficits and debt.
AI has leveled the field between cybercriminals and nation-state hackers, FBI official says
The FBI is slower to adopt AI tools due to the sensitive nature of the data that it works with, Brett Leatherman, the FBI Cyber Division head, said.
UN cybercrime treaty enables authoritarian regimes, top think tank argues
The agreement is scheduled to be signed in Vietnam next week, but the concept has raised concerns for some time.
US cyber policy goals have regressed during Trump 2.0 in ‘unprecedented setback,’ landmark report says
Cuts to various agencies and the politicization of disinfo-tracking work have slowed implementation goals set out five years ago by a congressionally authorized cybersecurity policy group.
CISA orders government to patch F5 products after ‘nation-state’ cyber intrusion
“This cyber threat actor presents an imminent threat to federal networks using F5 devices and software,” CISA’s directive says. China-linked hackers previously exploited F5 vulnerabilities.
Multiple CISA divisions targeted in shutdown layoffs, people familiar say
CISA units including its Stakeholder Engagement division are believed to have been hit. A DHS spokesperson said that the RIFs are meant to help get CISA “back on mission.”
Risks of cyber fraud allegations remain high for companies subject to government requirements
COMMENTARY | Stricter government cybersecurity requirements present elevated risk to companies due to increased enforcement pressure and additional bases for allegations of cybersecurity fraud.
Senator makes new attempt to extend cyber info-sharing law by 10 years
Sen. Gary Peters, D-Mich., said he’s spoken directly with Senate Majority Leader John Thune, R-S.D., about renewing the 2015 Cybersecurity Information Sharing Act, which lapsed when the government shut down.
Attorneys scramble to advise clients after lapse of key cyber info-sharing law
Organizations may lean on contract arrangements to facilitate data-sharing channels previously enabled by the now-expired regulation, a former U.S. official said.
Exclusive
‘Widespread’ breach let hackers steal employee data from FEMA and CBP
A Citrix vulnerability — suspected to have led to firings of multiple FEMA technology staff — enabled the breach, which let hackers pilfer data from FEMA servers connected to states at the southern border.
Vital cyber data-sharing law appears likely to expire amid looming government shutdown
Law firms are advising clients to prepare for this possibility, although the extent of information sharing that will cease if the law lapses remains unclear.
CISA issues emergency patching directive for Cisco devices on federal networks
An emerging cyber threat group is exploiting vulnerabilities in Cisco devices, both the company and CISA said. The hackers have potential links to China, according to an analysis put out last year.
Featured eBooks
House funding extension tacks on two-month reprieve for key cybersecurity laws
The short-term measure gives lawmakers extra time to iron out differences between House and Senate versions of the renewal.
CISA ready to accept any extension for key cyber info-sharing law, official says
“Give us two years. Give us ten years. Give us 50. Whatever you take, we’ll take it,” CISA’s Nick Andersen said of the soon-to-expire 2015 Cybersecurity Information Sharing Act.
CISA weighs ‘alternative funding sources’ to preserve cyber vulnerability-tracking project
The Common Vulnerabilities and Exposures Program almost lapsed in April, according to MITRE, a key funder.
FEMA begins security overhauls following cyber incident and employee firings
The agency recently blocked users from accessing multiple websites and made password changes to an internet security tool in efforts to shore up its cyber posture, people familiar say.
Change Healthcare attack delayed EHR testing at Chicago site, VA watchdog says
A joint VA-DOD rollout of a new Oracle Health electronic health record system occurred around the same time that UnitedHealth Group subsidiary Change Healthcare was targeted by a ransomware attack in February 2024.
Is artificial intelligence a friend, foe or frenemy? NIST wants to find out
The standards agency will be hosting a working session to discuss how AI-empowered attacks can be used to sometimes get around traditional defenses.
Salt Typhoon hackers targeted over 80 countries, FBI says
The Chinese campaign appears to have reached into other organizations beyond the telecom industry, including transportation and military infrastructure networks, according to a Wednesday advisory.
Exclusive
Report: Russia-based Yandex employee oversees open-source software approved for DOD use
The package is listed inside Platform One’s Iron Bank, a vetted Defense Department software repository, people familiar say.
