Tag Archives: virtual private network

House Lawmakers Ask IGs to Include Remote Access Software Vulnerabilities in FY 2021 FISMA Cyber Assessments

IPC Survey on CMMC

The House Oversight and Reform Committee and heads of its subcommittees asked interim and current inspectors general of the U.S. intelligence community, the Department of Defense and eight other federal agencies to assess vulnerabilities related to the use of remote-access software to support telework during the COVID-19 pandemic for inclusion in their fiscal year 2021 cybersecurity evaluation. 

Read More »

CISA Issues Analysis Report on ‘Supernova’ Malware

Cybersecurity and

The Cybersecurity and Infrastructure Security Agency (CISA) has identified a malware dubbed Supernova used by advanced persistent threat actors to compromise an organization’s enterprise network through a Pulse Secure virtual private network device. Hackers use Supernova to conduct reconnaissance and domain mapping and steal credentials and sensitive data.

Read More »

CISA Issues Advisory on Pulse Connect Secure VPN Vulnerabilities

Cybersecurity and

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert stating that a cyber threat actor has compromised a number of government agencies, critical infrastructure and organizations in the private sector since “June 2020 or earlier” using vulnerabilities in Ivanti’s Pulse Connect Secure virtual private network products.

Read More »

NIST Seeks Public Comments on Draft Bring Your Own Device Practice Guide

Telework Policy

The National Institute of Standards and Technology (NIST) has issued a draft special publication that seeks to demonstrate how organizations can use standards-based, commercially available products to help meet their privacy and security needs as they adopt the bring your own device practice. Public comments on the draft practice guide are due May 3rd.

Read More »

Vice Adm. Nancy Norton on DISA’s Cloud-Based Threat Isolation Effort

Vice Adm. Nancy Norton

Vice Adm. Nancy Norton, director of the Defense Information Systems Agency (DISA) and Wash100 awardee, has said the agency is working to “isolate” suspicious activities in a cloud environment to support remote work operations, DOD News reported Thursday. "Our primary goal is to preserve and protect the ability of our workforce to conduct mission central operations that we support on national defense and current worldwide military missions," she said.

Read More »

NOAA’s Chi Kang on SD-WAN, Network Segmentation Benefits

National Oceanic

Chi Kang, deputy director for operations at the National Oceanic and Atmospheric Administration’s (NOAA) cybersecurity division, has said that segmentation and software-defined, wide-area networking (SD-WAN) can support the implementation of zero-trust concepts. Kang said that SD-WAN has the capacity to ensure visibility and control across disparate networks and multiple endpoints.

Read More »

Christopher Krebs: Agencies Shifting to Telework Should Boost Investments in Cyber Tools

Christopher Krebs

Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA) and a 2020 Wash100 awardee, said agencies transitioning to the cloud to support telework should consolidate and increase investments in security tools to better manage cyber threats.

Read More »

Suzette Kent: Agency CIOs, Industry ‘Acting With Urgency’ to Meet IT Demand

suzette-kent-agency-cios-industry-acting-with-urgency-to-meet-it-demand

Suzette Kent, federal chief information officer and a 2020 Wash100 award winner, said agency CIOs, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and industry partners are ramping up efforts to meet the information technology demand among teleworkers and carry out missions amid the COVID-19 pandemic, Federal News Network reported Thursday.

Read More »