Cybersecurity

Decade-old cyber advice from GAO remains unimplemented, watchdog says

Reliance on legacy IT systems creates challenges for agencies looking to make use of the suggestions.

Artificial Intelligence

Feds beware: New studies demonstrate key AI shortcomings

Recent studies have started to show that there are serious downsides when it comes to such programs’ ability to produce secure code.

Cybersecurity

Space assets are in foreign adversaries' cyber crosshairs, DOD official says

The easiest targets are ground assets like operation centers and launch facilities, said Mieke Eoyang.

Cybersecurity

Thwarted cyberattack targeted Library of Congress in tandem with October British Library breach

Multifactor authentication prevented hackers from accessing the U.S. institution’s systems in the October campaign, documents show.

Cybersecurity

Russian hackers breached, sabotaged Texas water treatment plant, cyber firm says

If confirmed by U.S. officials, it would add Moscow to the list of American adversaries that have infiltrated water infrastructure in the past year.

Cybersecurity

Hackers tried to breach, disable widely used open-source Java tools, groups warn

The alert comes just after a possible nation state entity attempted to hijack an open-source Linux tool last month.

Cybersecurity

US accuses Chinese hackers of 14-year campaign targeting government officials

The coordinated charges include sanctions on Chinese government-affiliated hackers and an up to $10 million reward for information about the defendants.

Exclusive Cybersecurity

Flaws in public records management tool could let hackers nab sensitive data linked to requests

The GovQA platform, created by IT company Granicus, contained vulnerabilities that could have let cybercriminals retrieve tranches of sensitive files tied to public records requests, a security researcher revealed to Nextgov/FCW.

Cybersecurity

Agencies must disconnect all exposed Ivanti products by Friday, CISA says

The directive follows a related warning issued last month about cybersecurity flaws in Ivanti systems.

Cybersecurity

CISA directs agencies to mitigate widespread VPN bugs

Two unpatched flaws in Ivanti's Connect Secure VPN are being exploited by hackers in the wild.

Artificial Intelligence

How hackers can 'poison' AI

A new paper from NIST offers a standard taxonomy of cyber attacks dedicated to contaminating the data AI models use to learn.

Cybersecurity

OMB takes aim at internet of things cybersecurity

The Office of Management and Budget’s recent FISMA guidance notes the importance of the Cybersecurity and Infrastructure Security Agency’s ability to scan agencies for vulnerabilities on an ongoing basis.

Cybersecurity

Data on active-duty servicemembers is a available for purchase online, report says

A new study from Duke University sheds light on how easy it is to find U.S military personnel online for a price.

Cybersecurity

ICE’s ‘outdated and overly permissive’ device policy left the agency vulnerable, watchdog warns

A spring audit of agency mobile devices found several banned and outdated applications installed on personnel and contractor smartphones.

Cybersecurity

US, Japan warn of China-backed hackers lurking in networking gear

The joint advisory cautioned that a China-backed threat group called BlackTech is exploiting weaknesses in routers to hack government and industrial targets.

Cybersecurity

CDM policies provide a vital shield against climate-driven cyberattacks, experts say

Cybercriminals are increasingly leveraging extreme weather events to launch attacks on critical infrastructure sectors.

Cybersecurity

Russian cyber group unleashes new malware campaign on Ukrainian military targets

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the Ukrainian military.

Cybersecurity

National intelligence office issues cyber warning for government and commercial satellites

The warning comes just about a month after three teams at the DEF CON 23 convention in Las Vegas managed to successfully hack a government satellite in orbit.