Cyber Threats
Flaws in public records management tool could let hackers nab sensitive data linked to requests
The GovQA platform, created by IT company Granicus, contained vulnerabilities that could have let cybercriminals retrieve tranches of sensitive files tied to public records requests, a security researcher revealed to Nextgov/FCW.
Agencies must disconnect all exposed Ivanti products by Friday, CISA says
The directive follows a related warning issued last month about cybersecurity flaws in Ivanti systems.
CISA directs agencies to mitigate widespread VPN bugs
Two unpatched flaws in Ivanti's Connect Secure VPN are being exploited by hackers in the wild.
How hackers can 'poison' AI
A new paper from NIST offers a standard taxonomy of cyber attacks dedicated to contaminating the data AI models use to learn.
OMB takes aim at internet of things cybersecurity
The Office of Management and Budget’s recent FISMA guidance notes the importance of the Cybersecurity and Infrastructure Security Agency’s ability to scan agencies for vulnerabilities on an ongoing basis.
Data on active-duty servicemembers is a available for purchase online, report says
A new study from Duke University sheds light on how easy it is to find U.S military personnel online for a price.
ICE’s ‘outdated and overly permissive’ device policy left the agency vulnerable, watchdog warns
A spring audit of agency mobile devices found several banned and outdated applications installed on personnel and contractor smartphones.
SEC sues SolarWinds for allegedly fraudulent cybersecurity statements
The company says it will "vigorously oppose" the lawsuit.
US, Japan warn of China-backed hackers lurking in networking gear
The joint advisory cautioned that a China-backed threat group called BlackTech is exploiting weaknesses in routers to hack government and industrial targets.
CDM policies provide a vital shield against climate-driven cyberattacks, experts say
Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors.
Russian cyber group unleashes new malware campaign on Ukrainian military targets
A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the Ukrainian military.
National intelligence office issues cyber warning for government and commercial satellites
The warning comes just about a month after three teams at the DEF CON 23 convention in Las Vegas managed to successfully hack a government satellite in orbit.
Threat actor targeted DOD contracting website
Malware leveraging flaws in edge routers has been spying on military contracting websites, according to research from Lumen's Black Lotus Labs.
IRS must speed up efforts to resolve IT security weaknesses across the agency, watchdog says
The IRS’s failure to expeditiously resolve weaknesses in its IT systems puts the agency “at risk for exploitation by threat actors,” according to an audit by the Treasury Inspector General for Tax Administration.
Featured eBooks