Cybersecurity
CISA officials commit to supporting top vulnerability cataloging program
Organizations around the world rely on the Common Vulnerabilities and Exposures Program, whose contract with CISA almost expired in April. It serves as the worldwide, de facto standard for vulnerability identification and management.
Cybersecurity
Small defense industrial base firms pose tempting targets for nation-state hackers, NSA official says
Some 80% of the defense industrial base are actually small firms, according to the NSA’s head of DIB security, who has helped over 200 providers identify thousands of vulnerabilities in their systems.
Updated
Cybersecurity
‘High-severity’ Microsoft Exchange vulnerability disclosed on heels of Black Hat talk
Parts of the federal enterprise are likely susceptible to the flaw that allows hackers to hijack on-premises versions of Active Directory. CISA plans to release an emergency directive on Thursday, according to a person familiar with the matter.
Cybersecurity
Federal CISO urges cyber community to start sharing and scaling their solutions
The Trump administration wants to ease regulatory burdens on the cyber industry with a mindset where there is still room for policymaking. It largely begins with the private sector.
Cybersecurity
Former and current officials clash over CISA’s role in US cyber defenses at Black Hat
CISA’s communications chief backed the narrowing of the agency’s scope, while a former NSA leader warned that shrinking the federal cyber workforce risks weakening U.S. defenses.
Cybersecurity
New research shows Iran’s expansive cyber offensive during ‘12-Day War’ with Israel
One state-backed hacking group created conflict-themed websites to lure pro-Israel visitors and siphon their data, according to SecurityScorecard.
Cybersecurity
Foreign adversaries are trying to weaponize open-source software, report finds
Hacking units affiliated with nation-state adversaries are subtly contributing to open-source software tools and working to insert backdoors into publicly available code used by millions worldwide, new research says.
People
Senate confirms Sean Cairncross to be national cyber director under Trump
Sean Cairncross, a former RNC official, is the first person to head the Office of the National Cyber Director under Donald Trump.
Cybersecurity
Expiring cyber information-sharing law puts US maritime infrastructure at risk, experts warn
A congressional probe last year found Chinese‑made technology embedded in many U.S. ports, raising fears of espionage and sabotage.
Cybersecurity
Russian hackers target local internet to spy on embassies in Moscow, Microsoft says
The attack works by rerouting targeted diplomatic devices through a hoax captive portal modeled on the kind commonly used to grant internet access in hotels and airports.
People
Army rescinds West Point role for ex‑CISA director after pressure from Laura Loomer
Jen Easterly was one of the top cybersecurity officials that served in the Biden administration and is a West Point alumna.
People
Senate panel advances CISA director nominee to full Senate floor vote
Sean Plankey may still have to contend with a hold from Senator Ron Wyden over objections to the cyber defense agency not releasing a 2022 report on telecommunications industry vulnerabilities. The agency said it plans to release it.
People
NSA general counsel removed as Laura Loomer cites involvement
The firing of April Falcon Doss is the latest NSA departure fueled by the far-right activist, who previously took credit for the firing of the spy agency’s director.
Cybersecurity
CISA to release telecom security report as its director nominee nears confirmation
The 2022 report, which has not been made publicly available, has been used as leverage by Senator Ron Wyden to hold Sean Plankey from being confirmed as director of CISA.
Cybersecurity
Basic cybersecurity lapses are leaving US infrastructure exposed, top experts warn
To make U.S. networks more “toxic” to adversaries, “we need to have an ability for authentication to have some meaning,” former NSA director Gen. Paul Nakasone said.
Cybersecurity
Trump’s CISA nominee is confident he can get funding to cyber agency where needed
Sean Plankey, a former Energy Department cyber official, tussled with Sen. Richard Blumenthal, D-Conn., over 2020 election security during his confirmation hearing. He also committed to the renewal of a key cyber information-sharing law before it soon expires.
Cybersecurity
DHS impacted in hack of Microsoft SharePoint products, people familiar say
The zero-day vulnerability — which was first disclosed late Saturday — has been exploited by several Chinese state-aligned groups, according to Microsoft.
Cybersecurity
Chinese hackers are exploiting SharePoint vulnerabilities, Microsoft says
The bugs affecting on-premises builds of SharePoint deployments are officially being exploited by at least two major Chinese nation-state hacking units, the company said. Patches have been issued for all affected versions of SharePoint.
Cybersecurity