The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory to provide information on cyber tools and techniques used by Russian Foreign Intelligence Service actors to compromise government networks, information technology companies and think tanks.

Russia’s SVR actors use password spraying, zero-day vulnerability and WELLNESS malware, among other techniques, to infiltrate networks, the agencies said Monday.

FBI also observed that SVR actors have transitioned from using malware to homing in on cloud-based platforms to gain access to data starting in 2018.

The agencies also suggest best practices that network operators can implement to protect IT systems from the identified techniques, such as mandating the use of an approved multifactor authentication for all users, performing regular audits of mailbox settings and account permissions, monitoring the network for evidence of encoded PowerShell commands and auditing log files to detect attempts to access privileged certificates.

“The FBI and DHS recommend service providers strengthen their user validation and verification systems to prohibit misuse of their services,” the advisory states.

In mid-April, CISA, FBI and the National Security Agency issued an advisory listing five network vulnerabilities used by SVR actors to compromise U.S. and allied government systems. The White House also issued a statement attributing the SolarWinds hack to SVR.

If you're interested in cybersecurity, check out GovCon Wire's Defense Cybersecurity Forum coming up on May 12. Click here to learn more.

The U.S. Army has funded scientists from Duke University and the University of Pennsylvania to study how micro-lasers can accelerate military communications and data transmission.

The photonics research team developed two-dimensional arrays of micro-lasers designed to collectively surpass the power density of a single micro-laser while maintaining the same stability, the Army said Thursday.

“The research results out of UPenn mark a significant step towards creating more efficient and fieldable laser sources.,” said James Joseph, program manager at the Army Research Office.

A two-laser array can produce two super-modes and quadratically increase its power output while maintaining the coherency and stability required to preserve the data in transit.

Light detection and ranging or LiDAR technology allows autonomous systems to optically sense objects. The researchers believe the array holds potential for LiDAR applications. The research team published its findings in the Science peer-reviewed journal.

The Defense Advanced Research Projects Agency (DAPRA) is working on a computer science effort to address the security risks associated with reporting software vulnerabilities. 

DARPA said Thursday that its Securing Information for Encrypted Verification and Evaluation (SIEVE) program will use zero-knowledge proofs (ZKP) to better protect exchanges of vulnerability information.

ZKPs refer to problem statements that analysts may use to mathematically explain software matters. The SIEVE effort aims to produce computer science theory and corresponding software that would simplify cryptography and boost the effectiveness of ZKPs.

A Galois-led team demonstrated ZKP's use in communicating a memory-safety vulnerability found in the Game Boy Advance device. The team combined different protocols and program analyses to evaluate ZKP statements.

Trail of Bits leads a second team to model architecture-level vulnerabilities as ZKP-compatible Boolean circuits.

A Center of Excellence (CoE) supported by the Department of Homeland Security (DHS) has reported about how emerging technologies can address the risks brought by cross-border e-commerce. 

The University of Houston-led Borders, Trade and Immigration (BTI) Institute reported that e-commerce widens the potential for immigrants to violate trade laws and deliver dangerous products, DHS said Friday. The report states that lack of pre-arrival data may delay processing and affect the safety of products in transit. 

This data may include product identifiers and seller profiles. BTI believes emerging technologies can help traders address these risk-inducing data gaps found in cross-border e-commerce.

The CoE has laid out multiple options to reduce these risks. These options include the creation of new authorized economic operator programs specifically designed for the e-commerce landscape.

“With more of the market relying on e-commerce, it is even more critical that we do what we can to protect it from bad actors in this ever-evolving digital marketplace,” said Theophilos Gemelas, program manager at DHS's Science and Technology Directorate.