Tag Archives: CISA

US, UK, Australia Agencies List Common Vulnerabilities in Joint Advisory; CISA’s Eric Goldstein Quoted

Eric Goldstein

Cybersecurity agencies from the U.S., the U.K. and Australia have released a joint advisory detailing the 30 most exploited vulnerabilities in 2020 and 2021. The FBI, one of the agencies, said Wednesday that malicious actors mostly targeted remote work, virtual private networks and cloud-based technologies, with many cyber weaknesses left unpatched

Read More »

U.S. Government, Allies Link Microsoft Exchange Hack to China

Federal Cybersecurity

The U.S. government and allies, including the U.K., European Union and NATO, have attributed the Microsoft Exchange Server (MSS) and other malicious cyber activities to threat actors with ties to China’s ministry of state security. Cyber actors linked to China’s MSS used zero-day vulnerabilities in Exchange Server to perform “cyber espionage operations."

Read More »

Government Website to Serve as One-Stop Hub for Ransomware Resources; DHS Secretary Alejandro Mayorkas Quoted

Alejandro Mayorkas

The departments of Justice (DOJ) and Homeland Security (DHS) have unveiled a new website to serve as a central hub of federal cybersecurity resources to help U.S. companies and public sector organizations protect their networks from ransomware attacks. Attorney General Merrick Garland said DOJ is working to bring all tools to counter ransomware attacks through the Ransomware and Digital Extortion Task Force.

Read More »

Senate Unanimously Approves Jen Easterly as CISA Director; DHS Secretary Alejandro Mayorkas Quoted

Jen Easterly

Jen Easterly, President Joe Biden's nominee for the director position at the Cybersecurity and Infrastructure Security Agency (CISA), was confirmed in a unanimous Senate vote Monday. Homeland Security Secretary Alejandro Mayorkas, a 2021 Wash100 Award winner, described Easterly as a cybersecurity professional with military, civil service and industry experience and noted that they will work together in efforts to address urgent cyber and physical threats to critical U.S. infrastructure.

Read More »

CISA Rolls Out Three Mobile Security Tools; Vincent Sritapan Quoted

Vincent Sritapan

The Cybersecurity and Infrastructure Security Agency's (CISA) shared services program is launching three tools designed to bolster the security of government-issued smartphones and other mobile devices. Vincent Sritapan, who leads CISA's Cybersecurity Quality Services Management Office (QSMO), said their latest tools include shared services for mobile application vetting (MAV).

Read More »

NIST Seeks to Improve Software Supply Chain Security With Two Guidelines

Supply Chain Security

The National Institute of Standard and Technology (NIST) has issued two documents meant to improve the integrity and security of the software supply chain in accordance with an executive order seeking to strengthen U.S. cybersecurity. NIST developed the two documents by hosting virtual workshops and seeking position papers to seek feedback and insights from the public.

Read More »

FBI Works With CISA to Respond to Kesaya Ransomware Attack

Industrial Control System

The FBI has called on organizations to follow Kaseya’s guidance and perform all recommended mitigation measures as it continues to coordinate with the Cybersecurity and Infrastructure Security Agency (CISA) in response to a ransomware attack against managed service providers and their clients involving a vulnerability in Kaseya VSA software.

Read More »

Joint Advisory Sheds Light on Russian Intell Agency’s Brute Force Cyber Campaign

NSA-CISA-FBI-UK NCSC

The FBI, National Security Agency, Cybersecurity and Infrastructure Security Agency and the U.K. government’s national cybersecurity center have issued a joint advisory on a brute force campaign by Russian military intelligence against U.S. and foreign organizations. The brute force capability enables threat actors to gain access to email and other protected data and identify valid account credentials through password guessing and other extensive login attempts.

Read More »

CISA’s Matt Hartman: Government Agencies Commence Zero Trust Planning

Matt Hartman

Matt Hartman, deputy executive assistant director at the Cybersecurity and Infrastructure Security Agency (CISA), said many federal agencies are now developing zero trust implementation plans to align with President Biden's executive order on cybersecurity. "It's important to consider that many of these tasks [in the executive order] are sprints to develop strategies," he said.

Read More »

DHS Taps Professional Engineering Association to Refine PNT Resilience Framework; Kathryn Coulter Mitchell Quoted

Kathyrn Coulter Mitchell

The Department of Homeland Security has assigned the Institute of Electrical and Electronics Engineers a project to develop global industry standards to manage the resilience of positioning, navigation and timing systems. IEEE will work to fine-tune the Resilient PNT Conformance Framework the department's science and technology directorate created with the Cybersecurity and Infrastructure Security Agency's National Risk Management Center and industry stakeholders to address global positioning system vulnerabilities in critical infrastructure, DHS said Wednesday.

Read More »