Government


  • Biden Administration Drafting EO to Help U.S. Government Secure Digital Supply Chain

    May 3, 2021

    Biden Administration Drafting EO to Help U.S. Gov’t Secure Digital Supply Chain The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks. A Step Up for Federal Procurement According to NPR, the executive order that’s being drafted will include several initiatives designed to strengthen the ...

  • Ransomware Task Force: Ransomware is now a National Security risk

    April 30, 2021

    Ransomware is a growing international problem and it needs global cooperation in order to prevent attacks and take the fight to the cyber criminals behind the disruptive malware campaigns. A paper by the Institute for Security and Technology’s (IST) Ransomware Task Force (RTF) – a coalition of cybersecurity companies, government agencies, law enforcement organisations, technology firms, ...

  • Multi-Gov Task Force Plans to Take Down the Ransomware Economy

    April 29, 2021

    Ransomware has reached crisis levels across business sectors and across the globe, but a public-private Ransomware Task Force aims to stem the tide of attacks by disrupting the crooks’ business model. The Institute for Security and Technology (IST) put together the coalition, which includes more than 60 members from software companies, government agencies, cybersecurity vendors, financial ...

  • Cyberspies target military organizations with new Nebulae backdoor

    April 28, 2021

    A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. For at least a decade, the hacking group known as Naikon has actively spied on organizations in countries around the South China Sea, including the Philippines, Malaysia, Indonesia, Singapore, and Thailand, for ...

  • Passwordstate password manager hacked in supply chain attack

    April 23, 2021

    Click Studios, the company behind the Passwordstate enterprise password manager, notified customers that attackers compromised the app’s update mechanism to deliver malware in a supply-chain attack after breaching its networks. Passwordstate is an on-premises password management solution used by over 370,000 security and IT professionals at 29,000 companies worldwide, as the company claims. Its customer list includes ...

  • White House: Here’s what we’ve learned from tackling the SolarWinds and Microsoft Exchange Server cyber incidents

    April 21, 2021

    Lessons learned from responses to the SolarWinds and Microsoft Exchange cyber incidents will be used to coordinate action against future cybersecurity and hacking incidents, the White House has said. Both incidents required the United States to react to cyberattacks by nation-state hacking operations affecting thousands of organisations across the country – Russian intelligence compromised SolarWinds in ...

  • NSA: 5 Security Bugs Under Active Nation-State Cyberattack

    April 16, 2021

    The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S. National Security Agency (NSA), which issued an alert Thursday, the advanced persistent threat (APT) group known as APT29 (a.k.a. ...

  • CISA gives federal agencies until Friday to patch Exchange servers

    April 13, 2021

    The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to install newly released Microsoft Exchange security updates by Friday. Today, Microsoft released security updates for four Microsoft Exchange vulnerabilities discovered by the NSA. These Exchange vulnerabilities are capable of remote code execution, with two vulnerabilities not requiring attackers to authenticate first. Read more… Source: Bleeping Computer Related story: ...

  • US adds seven Chinese supercomputing organisations onto Entity List

    April 9, 2021

    In another move aimed at restricting the development of Chinese technology, the US Commerce Department has added seven Chinese supercomputing entities to its Entity List for allegedly supporting China’s military efforts. The newly added entities that are companies include the Shanghai High-Performance Integrated Circuit Design Center, Sunway Microelectronics, Tianjin Phytium Information Technology. The remaining organisations are ...

  • European Commission, other EU orgs recently hit by cyber-attack

    April 6, 2021

    The European Commission and several other European Union organizations were hit by a cyberattack in March, according to a European Commission spokesperson. As revealed by the spokesperson, the “IT security incident” impacted multiple EU institutions, bodies, or agencies’ IT infrastructure. “We are working closely with CERT-EU, the Computer Emergency Response Team for all EU institutions, bodies and ...

  • Exchange Server attacks: Run this Microsoft malware scanner now, CISA tells government agencies

    April 1, 2021

    The Cybersecurity and Infrastructure Security Agency (CISA) has instructed US government agencies with on-premise Exchange systems to run Microsoft malware scanners and report results by April 5. CISA issued supplementary direction to its “ED 21-02” directive; the new request applies to any federal agency that had an Exchange server connected directly or indirectly to the internet ...

  • Australia cyber attacks hit television channel and parliament

    March 28, 2021

    A cyber attack has disrupted Channel Nine’s live broadcasts from Sydney, the TV company has confirmed, at the same time as an attack led to Parliament House’s email system being taken offline. As a result of the attack, the channel’s Sunday morning news programme, Weekend Today, was not aired, nor was its 5pm news show, although ...

  • China takes aim at ‘spying’ Tesla cars, bans military staff use

    March 22, 2021

    Elon Musk has said Tesla would be “shut down” if accusations that the firm’s cars could be used for spying purposes were true. Last week, the Wall Street Journal reported that the Chinese government has restricted the use of Tesla vehicles in military and key, state-owned company settings. Military and government staff are reportedly not permitted to ...

  • SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests

    March 18, 2021

    Cyberattackers involved in worldwide hacking campaigns are using the compromised systems of high-profile victims as playgrounds to test out malicious tool detection rates. On Thursday, Swiss cybersecurity firm Prodaft said that SilverFish (.PDF), an “extremely skilled” threat group, has been responsible for intrusions at over 4,720 private and government organizations including “Fortune 500 companies, ministries, airlines, ...

  • Ryuk ransomware hits 700 Spanish government labor agency offices

    March 10, 2021

    The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain. “Currently, work is being done with the objective of restoring priority services as soon as possible, among which is the portal of the State Public Employment Service and then gradually ...

  • Russia: Majority of governmental agencies’ websites go live after failure

    March 10, 2021

    Websites of the majority of Russian government authorities have recovered after the failure occurred on Wednesday. Websites of the Kremlin, the government, Russian media watchdog, Ministry of Industry and Trade, Ministry of Economic Development, Security Council and Russian Investigative Committee resumed operations. Furthermore, the State Duma and the Ministry of the Interior websites restarted operations earlier. It was ...

  • Hackers access surveillance cameras at Tesla, Cloudflare, banks, more

    March 9, 2021

    Hackers gained access to live surveillance cameras installed at Tesla, Equinox, healthcare clinics, jails, and banks, including the Bank of Utah. In addition to images captured from the cameras, the hacker also shared screenshots of their ability to gain root shell access to the surveillance systems used by Cloudflare and at Telsa HQ. Hacks multiple cameras in ...

  • GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

    March 4, 2021

    In a new report released Thursday, the U.S. Government Accountability Office (GAO) said the Department of Defense fails to communicate clear cybersecurity guidelines to contractors tasked with building systems for its weapons programs. As part of its so called congressional watchdog duties, the GAO found that Defense Department weapons programs are failing to consistently incorporate cybersecurity ...

  • GCHQ: Artificial intelligence is already a vital part of our missions

    February 25, 2021

    The UK’s top intelligence and security body, GCHQ, is betting big on artificial intelligence: the organization has revealed how it wants to use AI to boost national security. In a new paper titled “Pioneering a New National Security,” GCHQ’s analysts went to lengths to explain why AI holds the key to better protection of the nation. ...

  • Chinese hackers cloned attack tool belonging to NSA’s Equation Group

    February 22, 2021

    Chinese threat actors “cloned” and used a Windows zero-day exploit stolen from the NSA’s Equation Group for years before the privilege escalation flaw was patched, researchers say. On Monday, Check Point Research (CPR) said the tool was a “clone” of software developed by the US National Security Agency (NSA)’s Equation Group, identified by FireEye in 2015 ...