Cybersecurity
CISA weighs ‘alternative funding sources’ to preserve cyber vulnerability-tracking project
The Common Vulnerabilities and Exposures Program almost lapsed in April, according to MITRE, a key funder.
Cybersecurity
FEMA begins security overhauls following cyber incident and employee firings
The agency recently blocked users from accessing multiple websites and made password changes to an internet security tool in efforts to shore up its cyber posture, people familiar say.
Modernization
Change Healthcare attack delayed EHR testing at Chicago site, VA watchdog says
A joint VA-DOD rollout of a new Oracle Health electronic health record system occurred around the same time that UnitedHealth Group subsidiary Change Healthcare was targeted by a ransomware attack in February 2024.
Artificial Intelligence
Is artificial intelligence a friend, foe or frenemy? NIST wants to find out
The standards agency will be hosting a working session to discuss how AI-empowered attacks can be used to sometimes get around traditional defenses.
Cybersecurity
Salt Typhoon hackers targeted over 80 countries, FBI says
The Chinese campaign appears to have reached into other organizations beyond the telecom industry, including transportation and military infrastructure networks, according to a Wednesday advisory.
Exclusive
Cybersecurity
Report: Russia-based Yandex employee oversees open-source software approved for DOD use
The package is listed inside Platform One’s Iron Bank, a vetted Defense Department software repository, people familiar say.
Cybersecurity
In pitch to hacker community, Trump’s NSC cyber lead says AI key to future of cyberdefense
At DEF CON, Alexei Bulazel said AI-powered tools will give software developers “incredible abilities” to harden networks by adding multilayered checks to the code-scanning process and catching flaws that might otherwise slip through.
Cybersecurity
US court system to boost cyber posture after hack of electronic case management tool
The breach may have revealed the identities of confidential informants involved in criminal cases in several federal district courts, according to Politico.
Cybersecurity
CISA officials commit to supporting top vulnerability cataloging program
Organizations around the world rely on the Common Vulnerabilities and Exposures Program, whose contract with CISA almost expired in April. It serves as the worldwide, de facto standard for vulnerability identification and management.
Updated
Cybersecurity
‘High-severity’ Microsoft Exchange vulnerability disclosed on heels of Black Hat talk
Parts of the federal enterprise are likely susceptible to the flaw that allows hackers to hijack on-premises versions of Active Directory. CISA plans to release an emergency directive on Thursday, according to a person familiar with the matter.
Cybersecurity
New research shows Iran’s expansive cyber offensive during ‘12-Day War’ with Israel
One state-backed hacking group created conflict-themed websites to lure pro-Israel visitors and siphon their data, according to SecurityScorecard.
Cybersecurity
Foreign adversaries are trying to weaponize open-source software, report finds
Hacking units affiliated with nation-state adversaries are subtly contributing to open-source software tools and working to insert backdoors into publicly available code used by millions worldwide, new research says.
People
Senate confirms Sean Cairncross to be national cyber director under Trump
Sean Cairncross, a former RNC official, is the first person to head the Office of the National Cyber Director under Donald Trump.
Cybersecurity
Expiring cyber information-sharing law puts US maritime infrastructure at risk, experts warn
A congressional probe last year found Chinese‑made technology embedded in many U.S. ports, raising fears of espionage and sabotage.
Cybersecurity
Russian hackers target local internet to spy on embassies in Moscow, Microsoft says
The attack works by rerouting targeted diplomatic devices through a hoax captive portal modeled on the kind commonly used to grant internet access in hotels and airports.
Cybersecurity
Pentagon not impacted by Microsoft Sharepoint hack, tech chief says
The department has been holding daily calls with Microsoft since the zero-day was discovered, the DOD CIO said at an event Thursday.
Cybersecurity
Trump’s CISA nominee is confident he can get funding to cyber agency where needed
Sean Plankey, a former Energy Department cyber official, tussled with Sen. Richard Blumenthal, D-Conn., over 2020 election security during his confirmation hearing. He also committed to the renewal of a key cyber information-sharing law before it soon expires.
Cybersecurity
DHS impacted in hack of Microsoft SharePoint products, people familiar say
The zero-day vulnerability — which was first disclosed late Saturday — has been exploited by several Chinese state-aligned groups, according to Microsoft.
Cybersecurity