An anonymous reader quotes a report from NBC News: The U.S. has issued an emergency warning after Microsoft said it caught China hacking into its mail and calendar server program, called Exchange. The perpetrator, Microsoft said in a blog post, is a hacker group that the company has “high confidence” is working for the Chinese government and primarily spies on American…
Tag: CISA
Attackers May Still Be Breaking into US Networks Without SolarWinds, CISA says
On Friday, America’s Cybersecurity and Infrastructure Security Agency revealed that the “threat actor” behind the massive breach of U.S. networks through compromised SolarWinds software also used password guessing and password spraying attacks, according to ZDNet. And they may still be breaching federal networks, reports GCN: “Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML)…
Is the US Government’s Cybersecurity Agency Up to the Job?
CNN reports that some critics are now questioning whether America’s Cybersecurity and Infrastructure Security Agency (CISA) is equipped to protect the integrity of government systems from adversaries: Some of the nearly half-dozen government agencies affected by the hack have recently reached out to CISA for help with addressing the known vulnerabilities that were exploited in the attack but were told the…
CISA Updates SolarWinds Guidance, Tells US Govt Agencies To Update Right Away
The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack. From a report: In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year. Agencies that…
US Cyber Agency Says SolarWinds Hackers Are ‘Impacting’ State, Local Governments
The U.S. cybersecurity agency says that a sprawling cyber espionage campaign made public earlier this month is affecting state and local governments, although it released few additional details. From a report: The hacking campaign, which used U.S. tech company SolarWinds as a springboard to penetrate federal government networks, was “impacting enterprise networks across federal, state, and local governments, as well as…
CISA and FBI Warn of Rise in Ransomware Attacks Targeting K-12 Schools
In a joint security alert published this week, the US Cybersecurity Infrastructure and Security Agency, along with the Federal Bureau of Investigation, warned about increased cyber-attacks targeting the US K-12 educational sector, often leading to ransomware attacks, the theft of data, and the disruption of distance learning services. From a report: “As of December 2020, the FBI, CISA, and MS-ISAC continue…
Patients of a Vermont Hospital Are Left ‘in the Dark’ After a Cyberattack
A wave of damaging attacks on hospitals upended the lives of patients with cancer and other ailments. From a report: At lunchtime on Oct. 28, Colleen Cargill was in the cancer center at the University of Vermont Medical Center, preparing patients for their chemotherapy infusions. A new patient will sometimes be teary and frightened, but the nurses try to make it…
Trump Fires Election Security Director Who Corrected Voter Fraud Disinformation
phalse phace shares a report from NPR: Christopher Krebs, the Department of Homeland Security director who had spearheaded a campaign to counter rumors about voter fraud, has been fired, President Trump tweeted on Tuesday. Trump, in two misleading tweets about the security of the U.S. election, said Krebs’ termination was “effective immediately.” The CISA campaign, led by Krebs, was originally intended…
Election Was Most Secure In American History, US Officials Say
“The Nov. 3rd election was the most secure in American history,” state and federal election officials said in a statement Thursday. “There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” Bloomberg reports: The statement acknowledged the “many unfounded claims and opportunities for misinformation about the process of our elections” and…
CISA Orders Agencies To Set Up Vulnerability Disclosure Programs
Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers to find and fix software bugs — a process that is commonplace in the private sector. From a report: Now, to put an end to the feet-dragging, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is giving agencies…