Tag Archives: CISA

Katie Arrington: CMMC Seeks to Protect Companies Against Negligence

Katie Arrington

Katie Arrington, chief information security officer at the office of the assistant secretary of Defense for Acquisition and Sustainment and a 2020 Wash100 Award recipient, said the Cybersecurity Maturity Model Certification (CMMC) framework does not aim to punish companies for failing to anticipate cyber breaches like the SolarWinds hack but to protect them from negligence. 

Read More »

CISA Establishes Cybersecurity Risk Mitigation Venture

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a venture under its National Risk Management Center that will oversee cyber threat mitigation efforts in support of systems critical to economic and national security. NRMC plans to achieve an initial operating capability for the architecture this year. CISA additionally intends to fund national laboratories in support of other software assurance efforts. 

Read More »

CISA Warns Organizations of Techniques Used by Hackers to Compromise Cloud Services

Cloud Security

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an analysis report in response to cyber attacks on cloud services of various organizations. The agency also found that hackers take advantage of email forwarding rules created by users to gain access to sensitive data. CISA has recommended several measures to help organizations protect cloud environments.

Read More »

NSA Releases Report on 2020 Cybersecurity Initiatives; Anne Neuberger Quoted

Anne Neuberger

The National Security Agency (NSA) has issued its 2020 Cybersecurity Report that details progress on the agency's initiatives focused on integrating threat intelligence, cryptographic knowledge, vulnerability analysis, defensive operations and technical expertise. According to the report, NSA was able to help the Department of Defense (DoD) modernize encryption procedures and mitigate attacks resulting from quantum systems and “adversarial computational advances”.

Read More »

CISA Reports Advanced Persistent Threat in Compromised Cloud Platforms

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has discovered the occurrence of an advanced persistent threat in cloud environments after the event of a system compromise. CISA said Friday that it detected an APT actor that accessed cloud resources via compromised Microsoft 365 applications and additional credentials. Concerned network administrators may view CISA's alert report on the matter for more countermeasures and information regarding the APT threats.

Read More »

Marc Raimondi: SolarWinds Cyber Incident Involves Access to DOJ’s Email Environment

Department of Justice

Marc Raimondi, a spokesman for the Department of Justice (DOJ), said the DOJ’s office of the chief information officer has stopped the method the threat actor uses to access the department’s Microsoft O365 email environment after learning of the malicious activity related to the SolarWinds cyber incident on Dec. 24th. 

Read More »

Cyber Unified Coordination Group Provides Update on SolarWinds Orion Compromise

Cyber Attack

The FBI, Office of the Director of National Intelligence (ODNI), Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued a joint statement on Tuesday through the newly created cyber unified coordination group (UCG) to provide updates on an advanced persistent threat actor allegedly linked to Russia. 

Read More »

Year-End Spending Bill Includes Local Gov’t Cybersecurity Language

Cyber Strategy

The $1.4 trillion spending package approved by President Trump contains a provision that mandates the Department of Homeland of Security (DHS) to help local agencies create online portals and email accounts with the .gov domain. The provision directs the DHS' Cybersecurity and Infrastructure Security Agency (CISA) to develop an outreach strategy and make resources available to assist local governments in the .gov transition process.

Read More »

CISA, HHS Offer Recommendations to Secure Public Health Data, Infrastructure

Cyber Strategy

The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) have recommended measures for public and private sector organizations to protect data and infrastructure across the health care sector from targeted attacks. The two agencies produced infographics about COVID-19 cybersecurity trends in the HPH sector.

Read More »

CISA Warns of New Cyber Threat Impacting SolarWinds’ Orion IT Network Visualization Tool

Cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory on a new advanced persistent threat (APT) that targeted the supply chain involving SolarWinds’ Orion information technology management platform and impacted public and private infrastructure. CISA is additionally investigating other APT incidents that breach Security Assertion Markup Language authentication procedures. 

Read More »