Cybersecurity
China is using advanced ‘Brickstorm’ malware against government and IT orgs, US assesses
The malware was detected in the recently disclosed breach of F5, an application delivery and security provider.
Cybersecurity
New bill proposes government-wide processes to attribute, sanction hackers
The measure would permit “robust sanctions against designated actors, including asset blocking, financial restrictions, export controls, procurement prohibitions, visa bans and suspension of assistance.”
Cybersecurity
Senators expect 10-year extension of cyber data-sharing law in future budget package
The Cybersecurity Information Sharing Act of 2015 got a temporary reprieve after the government reopened this month, but it risks lapsing again at the end of January.
Cybersecurity
National cyber strategy coming ‘as quickly as possible,’ official says
“It’s going to be a short statement of intent and policy, and then it will be paired very quickly with action items and deliverables under that,” National Cyber Director Sean Cairncross explained.
Cybersecurity
Dem lawmakers renew calls for release of delayed telecom security report
In a letter to DHS and ODNI, Sens. Ron Wyden of Oregon and Mark Warner of Virginia said the release of a 2022 report detailing cyber vulnerabilities in the U.S. telecommunications sector is “critically important to U.S. national security.”
Cybersecurity
Bill to end shutdown includes temporary cyber info-sharing law extension
The Cybersecurity Information Sharing Act of 2015 expired when the government’s calendar reset without a funding package for FY 2026.
Cybersecurity
CBO systems accessed in ‘security incident’ possibly tied to foreign hackers
The office estimates the cost and economic impact of proposed legislation and helps forecast federal spending, revenues, deficits and debt.
Cybersecurity
AI has leveled the field between cybercriminals and nation-state hackers, FBI official says
The FBI is slower to adopt AI tools due to the sensitive nature of the data that it works with, Brett Leatherman, the FBI Cyber Division head, said.
Cybersecurity
UN cybercrime treaty enables authoritarian regimes, top think tank argues
The agreement is scheduled to be signed in Vietnam next week, but the concept has raised concerns for some time.
Cybersecurity
US cyber policy goals have regressed during Trump 2.0 in ‘unprecedented setback,’ landmark report says
Cuts to various agencies and the politicization of disinfo-tracking work have slowed implementation goals set out five years ago by a congressionally authorized cybersecurity policy group.
Cybersecurity
CISA orders government to patch F5 products after ‘nation-state’ cyber intrusion
“This cyber threat actor presents an imminent threat to federal networks using F5 devices and software,” CISA’s directive says. China-linked hackers previously exploited F5 vulnerabilities.
Cybersecurity
Multiple CISA divisions targeted in shutdown layoffs, people familiar say
CISA units including its Stakeholder Engagement division are believed to have been hit. A DHS spokesperson said that the RIFs are meant to help get CISA “back on mission.”
Ideas
Risks of cyber fraud allegations remain high for companies subject to government requirements
COMMENTARY | Stricter government cybersecurity requirements present elevated risk to companies due to increased enforcement pressure and additional bases for allegations of cybersecurity fraud.
Cybersecurity
Senator makes new attempt to extend cyber info-sharing law by 10 years
Sen. Gary Peters, D-Mich., said he’s spoken directly with Senate Majority Leader John Thune, R-S.D., about renewing the 2015 Cybersecurity Information Sharing Act, which lapsed when the government shut down.
Cybersecurity
Attorneys scramble to advise clients after lapse of key cyber info-sharing law
Organizations may lean on contract arrangements to facilitate data-sharing channels previously enabled by the now-expired regulation, a former U.S. official said.
Exclusive
Cybersecurity
‘Widespread’ breach let hackers steal employee data from FEMA and CBP
A Citrix vulnerability — suspected to have led to firings of multiple FEMA technology staff — enabled the breach, which let hackers pilfer data from FEMA servers connected to states at the southern border.
Cybersecurity
Vital cyber data-sharing law appears likely to expire amid looming government shutdown
Law firms are advising clients to prepare for this possibility, although the extent of information sharing that will cease if the law lapses remains unclear.
Cybersecurity
CISA issues emergency patching directive for Cisco devices on federal networks
An emerging cyber threat group is exploiting vulnerabilities in Cisco devices, both the company and CISA said. The hackers have potential links to China, according to an analysis put out last year.
Cybersecurity
House funding extension tacks on two-month reprieve for key cybersecurity laws
The short-term measure gives lawmakers extra time to iron out differences between House and Senate versions of the renewal.
Cybersecurity